cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

try harmonia instead of attic

Browse source
This commit is contained in:
cy 2025-01-05 18:21:20 -05:00
parent d893b06a82
commit f72e9c511d
12 changed files with 67 additions and 155 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.sops.yaml
View file

@ -98,3 +98,8 @@ creation_rules:
- age: - age:
- *chunk - *chunk
- *cy - *cy
- path_regex: secrets/services/harmonia.yaml
key_groups:
- age:
- *chunk
- *cy

129
flake.lock generated
View file

@ -1,52 +1,6 @@
{ {
"nodes": { "nodes": {
"attic": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1731270564,
"narHash": "sha256-6KMC/NH/VWP5Eb+hA56hz0urel3jP6Y6cF2PX6xaTkk=",
"owner": "zhaofengli",
"repo": "attic",
"rev": "47752427561f1c34debb16728a210d378f0ece36",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"repo": "attic",
"type": "github"
}
},
"crane": { "crane": {
"inputs": {
"nixpkgs": [
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722960479,
"narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=",
"owner": "ipetkov",
"repo": "crane",
"rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"crane_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"lanzaboote", "lanzaboote",
@ -104,44 +58,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": {
"nixpkgs-lib": [
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"lanzaboote", "lanzaboote",
@ -224,9 +141,9 @@
}, },
"lanzaboote": { "lanzaboote": {
"inputs": { "inputs": {
"crane": "crane_2", "crane": "crane",
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat",
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
@ -249,27 +166,6 @@
"type": "github" "type": "github"
} }
}, },
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729742964,
"narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1735834308, "lastModified": 1735834308,
@ -319,22 +215,6 @@
} }
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": {
"lastModified": 1724316499,
"narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": { "locked": {
"lastModified": 1710695816, "lastModified": 1710695816,
"narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
@ -361,7 +241,7 @@
"lanzaboote", "lanzaboote",
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-stable": "nixpkgs-stable_2" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1717664902, "lastModified": 1717664902,
@ -379,7 +259,6 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"attic": "attic",
"disko": "disko", "disko": "disko",
"home-manager": "home-manager", "home-manager": "home-manager",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",

13
flake.nix
View file

@ -23,10 +23,6 @@
url = "github:nix-community/lanzaboote/v0.4.1"; url = "github:nix-community/lanzaboote/v0.4.1";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
attic = {
url = "github:zhaofengli/attic";
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs-borg.url = "github:cything/nixpkgs/borg"; # unmerged PR nixpkgs-borg.url = "github:cything/nixpkgs/borg"; # unmerged PR
nixpkgs-btrbk.url = "github:cything/nixpkgs/btrbk"; # unmerged PR nixpkgs-btrbk.url = "github:cything/nixpkgs/btrbk"; # unmerged PR
@ -34,10 +30,13 @@
nixConfig = { nixConfig = {
extra-substituters = [ extra-substituters = [
"https://cache.cything.io/central" # "https://cache.cything.io/"
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
]; ];
extra-trusted-public-keys = [ extra-trusted-public-keys = [
"central:cuiJMi+5BFUGeBPNMNWiKO6dlVTOHbHizFY+t7UW12w=" "cache.cything.io:4NhyCpZuroY7+JP18m1wkAgJGb6WL0jrtx2Bgrvdtow="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
]; ];
builders-use-substitutes = true; builders-use-substitutes = true;
}; };
@ -135,12 +134,10 @@
modules = [ modules = [
{ {
nixpkgs = { inherit pkgs; }; nixpkgs = { inherit pkgs; };
disabledModules = [ "services/networking/atticd.nix" ];
} }
./hosts/chunk ./hosts/chunk
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
./modules ./modules
inputs.attic.nixosModules.atticd
]; ];
}; };

1
home/yt/chunk.nix
View file

@ -17,6 +17,5 @@
home.packages = with pkgs; [ home.packages = with pkgs; [
foot.terminfo foot.terminfo
attic-server
]; ];
} }

1
home/yt/common.nix
View file

@ -18,7 +18,6 @@
man-pages-posix man-pages-posix
man man
man-db man-db
attic-client
bottom bottom
btop btop
]; ];

2
hosts/chunk/Caddyfile
View file

@ -63,5 +63,5 @@ element.cything.io {
cache.cything.io { cache.cything.io {
import common import common
reverse_proxy localhost:8090 reverse_proxy localhost:5000
} }

6
hosts/chunk/default.nix
View file

@ -24,7 +24,7 @@
./conduwuit.nix ./conduwuit.nix
./immich.nix ./immich.nix
./element.nix ./element.nix
./attic.nix ./harmonia.nix
]; ];
sops.age.keyFile = "/root/.config/sops/age/keys.txt"; sops.age.keyFile = "/root/.config/sops/age/keys.txt";
@ -82,8 +82,8 @@
"rsyncnet/id_ed25519" = { "rsyncnet/id_ed25519" = {
sopsFile = ../../secrets/de3911/chunk.yaml; sopsFile = ../../secrets/de3911/chunk.yaml;
}; };
"attic/env" = { "harmonia/key" = {
sopsFile = ../../secrets/services/attic.yaml; sopsFile = ../../secrets/services/harmonia.yaml;
}; };
}; };

9
hosts/chunk/harmonia.nix Normal file
View file

@ -0,0 +1,9 @@
{ config, ... }: {
services.harmonia = {
enable = true;
signKeyPaths = [ config.sops.secrets."harmonia/key".path ];
settings = {
real_nix_store = "/mnt/harmonia";
};
};
}

7
hosts/chunk/postgres.nix
View file

@ -10,13 +10,6 @@
enableTCPIP = true; enableTCPIP = true;
ensureDatabases = [ ensureDatabases = [
"hedgedoc" "hedgedoc"
"atticd"
];
ensureUsers = [
{
name = "atticd";
ensureDBOwnership = true;
}
]; ];
}; };
services.postgresqlBackup = { services.postgresqlBackup = {

14
hosts/chunk/rclone.nix
View file

@ -22,20 +22,20 @@
}; };
}; };
systemd.services.attic-mount = { systemd.services.harmonia-mount = {
enable = true; enable = true;
description = "Mount the attic data remote"; description = "Mount the harmonia data remote";
requires = [ "network-online.target" ]; requires = [ "network-online.target" ];
after = [ "network-online.target" ]; after = [ "network-online.target" ];
requiredBy = [ "atticd.service" ]; requiredBy = [ "harmonia.service" ];
before = [ "atticd.service" ]; before = [ "harmonia.service" ];
serviceConfig = { serviceConfig = {
Type = "notify"; Type = "notify";
ExecStartPre = "/usr/bin/env mkdir -p /mnt/attic"; ExecStartPre = "/usr/bin/env mkdir -p /mnt/harmonia";
ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ ExecStart = "${lib.getExe pkgs.rclone} mount --config ${
config.sops.secrets."rclone/config".path config.sops.secrets."rclone/config".path
} --cache-dir /var/cache/rclone --transfers=32 --allow-other rsyncnet:attic /mnt/attic "; } --cache-dir /var/cache/rclone --transfers=32 --allow-other rsyncnet:harmonia /mnt/harmonia ";
ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/photos"; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/harmonia";
}; };
}; };
programs.fuse.userAllowOther = true; programs.fuse.userAllowOther = true;

4
hosts/common.nix
View file

@ -6,8 +6,8 @@
auto-optimise-store = true; auto-optimise-store = true;
flake-registry = ""; flake-registry = "";
trusted-users = [ "root" "@wheel" ]; trusted-users = [ "root" "@wheel" ];
trusted-public-keys = [ "central:cuiJMi+5BFUGeBPNMNWiKO6dlVTOHbHizFY+t7UW12w=" ]; trusted-public-keys = [ "cache.cything.io:4NhyCpZuroY7+JP18m1wkAgJGb6WL0jrtx2Bgrvdtow=" ];
substituters = [ "https://cache.cything.io/central" ]; substituters = [ "https://cache.cything.io/" ];
}; };
channel.enable = false; channel.enable = false;
optimise = { optimise = {

31
secrets/services/harmonia.yaml Normal file
View file

@ -0,0 +1,31 @@
harmonia:
key: ENC[AES256_GCM,data:dNyjPTLXrCASX2Fm/qhhZC5Plo1bNuF3HuDfiIWJTf3gjB3vekgtu1/QQ6z6Fh/V964vtSs9H5vAU3gNN0vcuFE7T7RafNDVYWBJzFhv9iBgB87bVpmQkzywC+jCDFKiMATNoRwyh6Gj,iv:xaDl6ihUkrYNNPy1Eyw/cdahkVSHJ7r/taGyo0BREG4=,tag:hZlWZ/7sC7EIKP0TSCkO4A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhcm5VWkVMcUs3UTVCZWtN
dVR5WTFwUUo5WmV2UkJJQWZ4MlY4cDlmOW1RCnNFb01GRlZNVDBYcm43ak9VN2lB
eTc5K2pna3lkQ09OckVPVGx1QUhOcHMKLS0tIG9JemxVVEdlR3dXWkpkWjNIYUla
SW43RDVOOVM1MkhlZC9wbE9mdk82ZU0KTloZlP16doAkgDx3aiDAd/7zrpImJNiJ
hgaffc+04c0w5FGSfWFkel+xFXtBcJ3zLfezDF6FfeUzezyWo35blA==
-----END AGE ENCRYPTED FILE-----
- recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzbFJkTWxEZUozd1R2Zk83
VWtzZnl2OExyZzMyNnBpa29IbVpFSEpRNEZjClRid0tRc3B2c2tFWFhYV2cxNDhu
R2tRS0ZLMy9tVU1XcGdtZGZWOEdwWVkKLS0tIFlxNzJsY01FSkgrbndQRXFxa21E
WWxJR09hWWpDalNKL28wazlxUnpUUGcKt3CtF9hRl+FYglm/mjMMhtR1w8Ivb04k
eYpjKTTuujIru/6i7gS1bGw3QBSqgdCuaBMYHYmVsSzh1IH6sZgiHw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-05T22:50:01Z"
mac: ENC[AES256_GCM,data:paV6ipnt6BIEAf1/fOpvvSxrFNOU8yGseIsMac4beymoeQvIpqyq9R0KH1gLBIyHf2QUA1NANgXF9IKhakskA8/HXaMkPkRFXFxdPT4ah9Ml4yp13I/mEafXtdzbru7tu5NrPDwYjfiym9fMpNcDbb7A/mB2zv2mld+s+qVxyp8=,iv:s6I1m9HnyQsZbyKaJoNKQZs9DvuQ6fKiJPEf7niIVWM=,tag:n6Wx/MfBi+vOzM0u//vAzg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2