Compare commits

...

3 commits

9 changed files with 105 additions and 114 deletions

View file

@ -25,7 +25,7 @@
};
};
imports = [
../../modules/hostopts.nix
../../modules/nixos/hostopts.nix
../../modules/home-manager
];
}

View file

@ -19,7 +19,6 @@
yazi.enableNushellIntegration = true;
zoxide.enableNushellIntegration = true;
starship.enableNushellIntegration = true;
eza.enableNushellIntegration = true;
carapace = {
enable = true;
enableNushellIntegration = true;

View file

@ -61,7 +61,7 @@ in {
else defaultPasswordHash;
imports = [
../../modules/hostopts.nix
../../modules/nixos
];
home-manager.useGlobalPkgs = true;

View file

@ -96,7 +96,6 @@
rockhole = import ./hosts/rockhole64 {inherit inputs configLib;};
cirrus = import ./hosts/cirrus {inherit inputs configLib;};
cirrostratus = import ./hosts/cirrostratus {inherit inputs configLib;};
remotepi-karp = import ./hosts/remotepi-karp {inherit inputs configLib;};
};
# Standalone home-manager configuration entrypoint

View file

@ -16,11 +16,12 @@ inputs.nixpkgs.lib.nixosSystem {
../../configs/nixos/common.nix
../../configs/nixos/tailscale.nix
../../configs/nixos/sshd.nix
# ../../configs/nixos/secrets.nix
../../configs/nixos/secrets.nix
({
config,
pkgs,
configLib,
lib,
...
}: {
host = {
@ -42,6 +43,18 @@ inputs.nixpkgs.lib.nixosSystem {
};
};
services.duckdns = lib.mkIf (lib.hasAttrByPath ["sops" "secrets" "duckdns-token"] config) {
enable = true;
domains = ["venberg"];
tokenFile = config.sops.secrets.duckdns-token.path;
};
sops = lib.mkIf (inputs ? nix-secrets) {
secrets = {
duckdns-token.sopsFile = "${inputs.nix-secrets}/duckdns.yaml";
};
};
home-manager.users.${config.host.user} = {
inputs,
osConfig,
@ -50,6 +63,7 @@ inputs.nixpkgs.lib.nixosSystem {
}: {
host = osConfig.host;
user = {
nvim.enable-lsp = false;
git = {
profile = {
name = config.host.fullName;
@ -59,7 +73,7 @@ inputs.nixpkgs.lib.nixosSystem {
};
};
imports = [
../../roles/home-manager/minimal-terminal.nix
../../roles/home-manager/terminal.nix
../../configs/home-manager/common.nix
inputs.nixvim.homeManagerModules.nixvim
];

View file

@ -1,108 +0,0 @@
{
inputs,
configLib,
...
}:
inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
specialArgs = {inherit inputs configLib;};
modules = [
inputs.home-manager.nixosModules.home-manager
inputs.disko.nixosModules.disko
inputs.nixos-hardware.nixosModules.raspberry-pi-3
../../configs/nixos/common.nix
../../configs/nixos/sshd.nix
# ../../configs/nixos/secrets.nix
../../configs/nixos/tailscale.nix
({
config,
pkgs,
lib,
configLib,
modulesPath,
...
}: {
hardware.enableRedistributableFirmware = true;
host = {
user = "gabe";
fullName = "Gabe Venberg";
};
networking.hostName = "remotepi-karp"; # Define your hostname.
networking.hostId = "8efd3e13";
networking.useNetworkd = true;
systemd.network = {
enable = true;
networks."eth0" = {
name = "eth0";
DHCP = "yes";
# address = ["10.10.10.31/24"];
# gateway = ["10.10.10.1"];
# dns = ["1.1.1.1"];
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
options = ["noatime"];
};
};
time.timeZone = "America/Chicago";
# home-manager.sharedModules = [
# inputs.sops-nix.homeManagerModules.sops
# ];
home-manager.users.${config.host.user} = {
inputs,
osConfig,
lib,
...
}: {
host = osConfig.host;
user = {
git = {
profile = {
name = config.host.fullName;
email = "gabevenberg@gmail.com";
};
workProfile.enable = false;
};
};
imports = [
../../roles/home-manager/minimal-terminal.nix
../../configs/home-manager/common.nix
inputs.nixvim.homeManagerModules.nixvim
# ../../configs/home-manager/secrets.nix
];
# sops = lib.mkIf (inputs ? nix-secrets) {
# secrets = {
# };
# };
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
boot.supportedFilesystems.zfs = lib.mkForce false;
boot.kernelParams = [
"console=ttyS1,115200n8"
];
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.05"; # Did you read the comment?
})
];
}

View file

@ -0,0 +1,6 @@
{
imports = [
./duckdns.nix
./hostopts.nix
];
}

81
modules/nixos/duckdns.nix Normal file
View file

@ -0,0 +1,81 @@
{
inputs,
config,
pkgs,
lib,
...
}: let
cfg = config.services.duckdns;
urlFile = pkgs.writeText "curlurl" "url=https://www.duckdns.org/update?domains=@domains_placeholder@&token=@token_placeholder@&ip=";
in {
# partially taken from https://github.com/NixOS/nixpkgs/pull/294489
options = {
services.duckdns = {
enable = lib.mkEnableOption "Enable duckdns updating";
tokenFile = lib.mkOption {
default = null;
type = lib.types.path;
description = ''
The path to a file containing the token
used to authenticate with DuckDNS.
'';
};
domains = lib.mkOption {
type = lib.types.nullOr (lib.types.listOf lib.types.str);
example = ["examplehost"];
description = lib.mdDoc ''
The record(s) to update in DuckDNS
(without the .duckdns.org prefix)
'';
};
domainsFile = lib.mkOption {
default = null;
type = lib.types.nullOr lib.types.path;
description = ''
The path to a file containing a
newline-separated list of DuckDNS
domain(s) to be updated
'';
};
};
};
config = lib.mkIf cfg.enable {
assertions = [
{
assertion = cfg.domains != null || cfg.domainsFile != null;
message = "services.duckdns.domains or services.duckdns.domainsFile has to be defined";
}
];
systemd.services.duckdns = {
description = "DuckDNS Dynamic DNS Client";
after = ["network.target"];
wantedBy = ["multi-user.target"];
# every 5 minutes
startAt = "*:00/5:00";
serviceConfig = {
Type = "simple";
DynamicUser = true;
RuntimeDirectory = "duckdns-update";
RuntimeDirectoryMode = "700";
};
script = ''
install --mode 600 ${urlFile} $RUNTIME_DIRECTORY/curlurl
# replace the token
${pkgs.replace-secret}/bin/replace-secret @token_placeholder@ ${cfg.tokenFile} $RUNTIME_DIRECTORY/curlurl
# initalise the replacement file for the domains from the domains file if it exists, otherwise make it empty.
install --mode 600 ${
if (cfg.domainsFile != null)
then cfg.domainsFile
else "/dev/null"
} $RUNTIME_DIRECTORY/domains
# these are already in the nix store, so doesnt matter if they leak via cmdline.
echo '${lib.strings.concatStringsSep "\n" cfg.domains}' >> $RUNTIME_DIRECTORY/domains
${pkgs.gnused}/bin/sed -zi 's/\n/,/g' $RUNTIME_DIRECTORY/domains
${pkgs.replace-secret}/bin/replace-secret @domains_placeholder@ $RUNTIME_DIRECTORY/domains $RUNTIME_DIRECTORY/curlurl
${pkgs.curl}/bin/curl --no-progress-meter --insecure --config $RUNTIME_DIRECTORY/curlurl | ${pkgs.gnugrep}/bin/grep -v "KO"
'';
};
};
}