diff --git a/flake.lock b/flake.lock index b38e475..3f8112b 100755 --- a/flake.lock +++ b/flake.lock @@ -15,26 +15,6 @@ "type": "github" } }, - "deploy-rs": { - "inputs": { - "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs", - "utils": "utils" - }, - "locked": { - "lastModified": 1749105467, - "narHash": "sha256-hXh76y/wDl15almBcqvjryB50B0BaiXJKk20f314RoE=", - "owner": "serokell", - "repo": "deploy-rs", - "rev": "6bc76b872374845ba9d645a2f012b764fecd765f", - "type": "github" - }, - "original": { - "owner": "serokell", - "repo": "deploy-rs", - "type": "github" - } - }, "feishin-0_17_0": { "locked": { "lastModified": 1751534869, @@ -52,22 +32,6 @@ } }, "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { "flake": false, "locked": { "lastModified": 1747046372, @@ -127,7 +91,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_2" + "systems": "systems" }, "locked": { "lastModified": 1731533236, @@ -212,9 +176,9 @@ "lanzaboote": { "inputs": { "crane": "crane", - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat", "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "pre-commit-hooks-nix": "pre-commit-hooks-nix", "rust-overlay": "rust-overlay" }, @@ -248,22 +212,6 @@ } }, "nixpkgs": { - "locked": { - "lastModified": 1743014863, - "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { "locked": { "lastModified": 1751203939, "narHash": "sha256-omYD+H5LlSihz2DRfv90I8Oeo7JNEwvcHPHX+6nMIM4=", @@ -279,7 +227,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_2": { "locked": { "lastModified": 1751741127, "narHash": "sha256-t75Shs76NgxjZSgvvZZ9qOmz5zuBE8buUaYD28BMTxg=", @@ -295,7 +243,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1751786137, "narHash": "sha256-lIlUKVGCGsh0Q2EA7/6xRtKUZjaQ/ur8uUyY+MynHXQ=", @@ -311,7 +259,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { "lastModified": 1744868846, "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", @@ -330,9 +278,9 @@ "nixvim": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_3", "nuschtosSearch": "nuschtosSearch", - "systems": "systems_3" + "systems": "systems_2" }, "locked": { "lastModified": 1752099138, @@ -399,12 +347,11 @@ }, "root": { "inputs": { - "deploy-rs": "deploy-rs", "feishin-0_17_0": "feishin-0_17_0", "fluffychat-2_0_0": "fluffychat-2_0_0", "lanzaboote": "lanzaboote", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "nixvim": "nixvim", "secrets": "secrets", "sops-nix": "sops-nix" @@ -450,7 +397,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1751606940, @@ -495,39 +442,6 @@ "repo": "default", "type": "github" } - }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 107aea0..a9adae3 100755 --- a/flake.nix +++ b/flake.nix @@ -3,7 +3,6 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; # Stable nixpkgs. - deploy-rs.url = "github:serokell/deploy-rs"; lanzaboote.url = "github:nix-community/lanzaboote"; # Secure boot. nixos-hardware.url = "github:NixOS/nixos-hardware"; # Hardware specific config. sops-nix.url = "github:Mic92/sops-nix"; # Secrets management. @@ -47,10 +46,10 @@ ]; }) - # (mkHost "docker" { - # suite = "vm"; - # user = "docker"; - # }) + (mkHost "docker" { + suite = "vm"; + user = "docker"; + }) (mkHost "minecraft" { suite = "vm"; diff --git a/helpers.nix b/helpers.nix index 6808817..991c633 100644 --- a/helpers.nix +++ b/helpers.nix @@ -1,7 +1,6 @@ inputs: with inputs; -with inputs.nixpkgs.lib; let -in { +with inputs.nixpkgs.lib; { mergeHosts = lists.foldl' ( a: b: attrsets.recursiveUpdate a b ) {}; @@ -54,14 +53,5 @@ in { ++ (filesystem.listFilesRecursive ./modules) ++ extraModules; }; - - deploy.nodes.${hostname} = { - hostname = "${hostname}.local"; - profiles.system = { - user = "root"; - sshUser = user; - path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${hostname}; - }; - }; }; } diff --git a/hosts/laptop/muskduck.nix b/hosts/laptop/muskduck.nix index b34de12..511a951 100644 --- a/hosts/laptop/muskduck.nix +++ b/hosts/laptop/muskduck.nix @@ -25,6 +25,4 @@ }; hardware.cpu.intel.updateMicrocode = true; - - boot.binfmt.emulatedSystems = ["aarch64-linux"]; } diff --git a/suites/common.nix b/suites/common.nix index ccc900d..c5ee193 100644 --- a/suites/common.nix +++ b/suites/common.nix @@ -16,9 +16,6 @@ with lib; { "flakes" ]; - # Add @wheel to trusted-users for remote deployments. - nix.settings.trusted-users = ["root" "@wheel"]; - # Set $NIX_PATH to flake input. nix.nixPath = ["nixpkgs=${nixpkgs}"]; @@ -63,12 +60,6 @@ with lib; { "wheel" "networkmanager" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETPyuxUVEmYyEW6PVC6BXqkhULHd/RvMm8fMbYhjTMV fern@muskduck" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzW4epTmK01kGVXcuAXUNJQPltnogf4uab9FA5m8S3n fern@pardalote" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBEJYq1fMxVOzCMfE/td6DtWS8nUk76U9seYD3Z9RYAz u0_a399@fairywren" - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMoJvPcUJDVVzO4dHROCFNlgJdDZSP5xyPx2s40zcx5QAAAABHNzaDo= YubiKey5NFC" - ]; }; # Use fish shell @@ -132,9 +123,6 @@ with lib; { ''; }; - # https://discourse.nixos.org/t/slow-build-at-building-man-cache/52365/2 - documentation.man.generateCaches = false; - # Install some packages. programs = { git.enable = true; @@ -297,17 +285,9 @@ with lib; { yazi ]; - # Enable SSH server. - services.openssh.enable = true; - # Enable avahi hostname resolution. services.avahi = { enable = true; nssmdns4 = true; - publish = { - enable = true; - addresses = true; - domain = true; - }; }; } diff --git a/suites/server.nix b/suites/server.nix index 762cc11..1f6af57 100644 --- a/suites/server.nix +++ b/suites/server.nix @@ -10,7 +10,19 @@ with lib; { # Enable all terminfo (for ghostty). environment.enableAllTerminfo = true; + # Enable SSH server. + services.openssh.enable = true; + + users.users.${user} = { + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETPyuxUVEmYyEW6PVC6BXqkhULHd/RvMm8fMbYhjTMV fern@muskduck" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzW4epTmK01kGVXcuAXUNJQPltnogf4uab9FA5m8S3n fern@pardalote" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBEJYq1fMxVOzCMfE/td6DtWS8nUk76U9seYD3Z9RYAz u0_a399@fairywren" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMoJvPcUJDVVzO4dHROCFNlgJdDZSP5xyPx2s40zcx5QAAAABHNzaDo= YubiKey5NFC" + ]; + extraGroups = mkIf (user == "docker") ["docker"]; + }; + # Enable docker. virtualisation.docker.enable = mkIf (user == "docker") true; - users.users.${user}.extraGroups = mkIf (user == "docker") ["docker"]; }