diff options
| -rw-r--r-- | nix-conf/flake.nix | 1 | ||||
| -rw-r--r-- | nix-conf/lib/extra-builtins.nix | 3 | ||||
| -rw-r--r-- | nix-conf/machines/djmuk2/configuration.nix | 54 | ||||
| -rw-r--r-- | nix-conf/nix-plugins.patch | 21 |
4 files changed, 69 insertions, 10 deletions
diff --git a/nix-conf/flake.nix b/nix-conf/flake.nix index 640e3ca..cda6d79 100644 --- a/nix-conf/flake.nix +++ b/nix-conf/flake.nix @@ -87,6 +87,7 @@ modules = [ ({ config, pkgs, ... }: { nixpkgs.overlays = [ linux-arm-overlay-unstable ]; nix.settings.experimental-features = "nix-command flakes"; }) ./machines/djmuk2/configuration.nix + sops-nix.nixosModules.sops ]; }; diff --git a/nix-conf/lib/extra-builtins.nix b/nix-conf/lib/extra-builtins.nix index 4fb5d03..84696c6 100644 --- a/nix-conf/lib/extra-builtins.nix +++ b/nix-conf/lib/extra-builtins.nix @@ -1,5 +1,4 @@ -# https://github.com/Mic92/sops-nix/issues/624#issuecomment-2382291036 { exec, ... }: { - readSops = name: exec [ "sops" "-d" name ]; + hello = exec ["echo" "\"hello\""]; } diff --git a/nix-conf/machines/djmuk2/configuration.nix b/nix-conf/machines/djmuk2/configuration.nix index 19ab838..bbe93cf 100644 --- a/nix-conf/machines/djmuk2/configuration.nix +++ b/nix-conf/machines/djmuk2/configuration.nix @@ -1,6 +1,22 @@ { config, pkgs, ... }: let - secrets = builtins.extraBuiltins.readSops secrets.yaml; + #secrets = builtins.extraBuiltins.readSops secrets.yaml; + #plugs = (pkgs.nix-plugins.override { nix = pkgs.nixVersions.nix_2_24; }).overrideAttrs (o: { + # buildInputs = [pkgs.nixVersions.nix_2_24 pkgs.boost]; + # patches = (o.patches or []) ++ [../../nix-plugins.patch]; + #}); + plugs = pkgs.nix-plugins.overrideAttrs (o: { + #nix = pkgs.nixVersions.nix_2_24; + #buildInputs = [pkgs.nixVersions.nix_2_24 pkgs.boost]; + buildInputs = [pkgs.nixVersions.latest pkgs.boost]; + patches = (o.patches or []) ++ [ + ../../nix-plugins.patch + (pkgs.fetchpatch { + url = "https://raw.githubusercontent.com/chayleaf/dotfiles/2f8865c3f5880dfc24bdd9d7ccf7e1b3880ba680/pkgs/nix-plugins-fix.patch"; + hash = "sha256-IHNlIhYfnwFfwD/FxPXxbcvOqnsH5/XjA3fOyuoGj5c="; + }) + ]; + }); in { imports = [ ./hardware-configuration.nix ]; @@ -14,6 +30,15 @@ in allowedTCPPorts = [ 113 ]; }; + + sops = { + defaultSopsFile = builtins.path { + path = ./secrets.yaml; + name = "djmuk2-secrets.yaml"; + }; + }; + + services.openssh = { enable = true; settings = { @@ -40,7 +65,10 @@ in # SOPS_AGE_KEY=$(doas ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key) sops -d --extract '["openiscsi_name"]' machines/djmuk2/secrets.yaml | doas tee /root/.config/secrets/openiscsi_name # TODO: comments services.openiscsi.enable = true; - services.openiscsi.name = secrets.openiscsi_name; + #services.openiscsi.name = (builtins.extraBuiltins.sopsFromYAML config.sops.defaultSopsFile).openiscsi_name; + #services.openiscsi.name = secrets.openiscsi_name; + services.openiscsi.name = "iqn.2015-12.com.oracleiaas:b729d5b6-d6b0-46cd-be60-820ec3023a16"; + #services.openiscsi.name = builtins.readFile /home/djm/dotfiles/machines/djmuk2/openiscsi_name; #services.openiscsi.enableAutoLoginOut = true; users.users.djm = { @@ -84,18 +112,28 @@ in #procmail git wget + #plugs + plugs ]; nix.settings.trusted-users = [ "root" "djm" ]; - nix = { - settings = { - plugin-files = "${pkgs.nix-plugins}/lib/nix/plugins"; - extra-builtins-file = [ ../libs/extra-builtins.nix ]; - }; - }; + #plugin-files = ${(pkgs.nix-plugins.override { nix = pkgs.nixVersions.nix_2_18; }).overrideAttrs (o: { + # buildInputs = [pkgs.nixVersions.nix_2_18 pkgs.boost]; + # patches = (o.patches or []) ++ [../../nix-plugins.patch]; + #})}/lib/nix/plugins + nix.extraOptions = '' + plugin-files = ${plugs}/lib/nix/plugins + extra-builtins-file = [ ../../lib/extra-builtins.nix ]; +''; + #nix = { + # settings = { + # plugin-files = "${pkgs.nix-plugins}/lib/nix/plugins"; + # extra-builtins-file = [ ../../lib/extra-builtins.nix ]; + # }; + #}; nix.optimise.automatic = true; nix.optimise.dates = [ "03:00" ]; diff --git a/nix-conf/nix-plugins.patch b/nix-conf/nix-plugins.patch new file mode 100644 index 0000000..a51f729 --- /dev/null +++ b/nix-conf/nix-plugins.patch @@ -0,0 +1,21 @@ +diff --git a/extra-builtins.cc b/extra-builtins.cc +index 3a0f90e..bb10f8b 100644 +--- a/extra-builtins.cc ++++ b/extra-builtins.cc +@@ -1,10 +1,10 @@ +-#include <config.h> +-#include <primops.hh> +-#include <globals.hh> +-#include <config-global.hh> +-#include <eval-settings.hh> +-#include <common-eval-args.hh> +-#include <filtering-source-accessor.hh> ++#include <nix/cmd/common-eval-args.hh> ++#include <nix/expr/eval-settings.hh> ++#include <nix/expr/primops.hh> ++#include <nix/fetchers/filtering-source-accessor.hh> ++#include <nix/store/globals.hh> ++#include <nix/util/configuration.hh> ++#include <nix/util/config-global.hh> + + #include "nix-plugins-config.h" |