From bb394d63a65053e328aa85cfeb84b78a595e485d Mon Sep 17 00:00:00 2001 From: Emelie Graven Date: Sat, 18 Dec 2021 09:48:12 +0100 Subject: [PATCH] Restructure folders --- .../pubkeys/despondos_host_ed25519_key.pub | 0 .../common/services/nginx.nix | 0 .../config => config}/common/services/ssh.nix | 0 .../hosts/grondahl/configuration.nix | 0 .../grondahl/data/secrets/acme_anarkafem_dev | Bin .../hosts/grondahl/data/secrets/email_noreply | Bin .../hosts/grondahl/data/secrets/restic_pass | Bin .../hosts/grondahl/data/secrets/secrets.nix | Bin .../hosts/grondahl/data/secrets/ssh_key | Bin .../hosts/grondahl/data/secrets/ssh_key.pub | Bin .../data/secrets/synapse_macaroon_secret | Bin .../synapse_registration_shared_secret | Bin .../grondahl/data/secrets/turn_shared_secret | Bin .../hosts/grondahl/hardware-configuration.nix | 0 .../hosts/grondahl/services/acme.nix | 0 .../hosts/grondahl/services/coturn.nix | 0 .../hosts/grondahl/services/nginx.nix | 0 .../hosts/grondahl/services/postgres.nix | 0 .../hosts/grondahl/services/restic.nix | 0 .../hosts/grondahl/services/synapse.nix | 0 .../hosts/mail/configuration.nix | 0 .../data/secrets/mail_noreply_anarkafem_dev | Bin .../hosts/mail/data/secrets/secrets.nix | Bin .../hosts/mail/data/secrets/ssh_key | Bin .../hosts/mail/data/secrets/ssh_key.pub | Bin .../hosts/mail/hardware-configuration.nix | 0 .../hosts/mail/services/acme.nix | 0 .../hosts/mail/services/mail.nix | 0 .../hosts/mail/services/restic.nix | 0 .../hosts/rudiger/configuration.nix | 0 .../hosts/rudiger/data/secrets/nc_admin_pass | Bin .../hosts/rudiger/data/secrets/redis_pass | Bin .../hosts/rudiger/data/secrets/restic_pass | Bin .../hosts/rudiger/data/secrets/secrets.nix | Bin .../hosts/rudiger/data/secrets/ssh_key | Bin .../hosts/rudiger/data/secrets/ssh_key.pub | Bin .../hosts/rudiger/hardware-configuration.nix | 0 .../hosts/rudiger/services/acme.nix | 0 .../hosts/rudiger/services/nextcloud.nix | 0 .../hosts/rudiger/services/nginx.nix | 0 .../hosts/rudiger/services/postgres.nix | 0 .../hosts/rudiger/services/redis.nix | 0 .../hosts/rudiger/services/restic.nix | 0 .../hosts/wind/configuration.nix | 0 .../wind/data/secrets/acme_graven_dev.env | Bin .../wind/data/secrets/acme_graven_se.env | Bin .../hosts/wind/data/secrets/restic_pass | Bin .../hosts/wind/data/secrets/secrets.nix | Bin .../hosts/wind/data/secrets/ssh_key | Bin .../hosts/wind/data/secrets/ssh_key.pub | Bin .../wind/data/secrets/synapse_macaroon_secret | Bin .../synapse_registration_shared_secret | Bin .../hosts/wind/data/secrets/ttrss_email_pass | Bin .../wind/data/secrets/turn_shared_secret | Bin .../hosts/wind/data/secrets/vaultwarden_env | Bin .../hosts/wind/data/secrets/wg_key | Bin .../hosts/wind/hardware-configuration.nix | 0 .../hosts/wind/services/acme.nix | 0 .../hosts/wind/services/coturn.nix | 0 .../hosts/wind/services/gitea.nix | 0 .../hosts/wind/services/nginx.nix | 0 .../hosts/wind/services/postgres.nix | 0 .../hosts/wind/services/restic.nix | 0 .../hosts/wind/services/synapse.nix | 0 .../hosts/wind/services/ttrss.nix | 0 .../hosts/wind/services/vaultwarden.nix | 0 .../hosts/wind/services/wireguard.nix | 0 {stable/config => config}/sources/default.nix | 0 .../sources/nix/sources.json | 0 .../config => config}/sources/nix/sources.nix | 0 {unstable/deploy => deploy}/default.nix | 7 + stable/deploy/default.nix | 24 --- stable/result | 1 - .../pubkeys/despondos_host_ed25519_key.pub | 1 - unstable/config/common/services/nginx.nix | 46 ----- unstable/config/common/services/ssh.nix | 24 --- unstable/config/sources/default.nix | 11 -- unstable/config/sources/nix/sources.json | 50 ----- unstable/config/sources/nix/sources.nix | 174 ------------------ 79 files changed, 7 insertions(+), 331 deletions(-) rename {stable/config => config}/common/data/pubkeys/despondos_host_ed25519_key.pub (100%) rename {stable/config => config}/common/services/nginx.nix (100%) rename {stable/config => config}/common/services/ssh.nix (100%) rename {unstable/config => config}/hosts/grondahl/configuration.nix (100%) rename {unstable/config => config}/hosts/grondahl/data/secrets/acme_anarkafem_dev (100%) rename {unstable/config => config}/hosts/grondahl/data/secrets/email_noreply (100%) rename {unstable/config => config}/hosts/grondahl/data/secrets/restic_pass (100%) rename {unstable/config => config}/hosts/grondahl/data/secrets/secrets.nix (100%) rename {unstable/config => config}/hosts/grondahl/data/secrets/ssh_key (100%) rename {unstable/config => config}/hosts/grondahl/data/secrets/ssh_key.pub (100%) rename {unstable/config => config}/hosts/grondahl/data/secrets/synapse_macaroon_secret (100%) rename {unstable/config => config}/hosts/grondahl/data/secrets/synapse_registration_shared_secret (100%) rename {unstable/config => config}/hosts/grondahl/data/secrets/turn_shared_secret (100%) rename {unstable/config => config}/hosts/grondahl/hardware-configuration.nix (100%) rename {unstable/config => config}/hosts/grondahl/services/acme.nix (100%) rename {unstable/config => config}/hosts/grondahl/services/coturn.nix (100%) rename {unstable/config => config}/hosts/grondahl/services/nginx.nix (100%) rename {unstable/config => config}/hosts/grondahl/services/postgres.nix (100%) rename {unstable/config => config}/hosts/grondahl/services/restic.nix (100%) rename {unstable/config => config}/hosts/grondahl/services/synapse.nix (100%) rename {stable/config => config}/hosts/mail/configuration.nix (100%) rename {stable/config => config}/hosts/mail/data/secrets/mail_noreply_anarkafem_dev (100%) rename {stable/config => config}/hosts/mail/data/secrets/secrets.nix (100%) rename {stable/config => config}/hosts/mail/data/secrets/ssh_key (100%) rename {stable/config => config}/hosts/mail/data/secrets/ssh_key.pub (100%) rename {stable/config => config}/hosts/mail/hardware-configuration.nix (100%) rename {stable/config => config}/hosts/mail/services/acme.nix (100%) rename {stable/config => config}/hosts/mail/services/mail.nix (100%) rename {stable/config => config}/hosts/mail/services/restic.nix (100%) rename {unstable/config => config}/hosts/rudiger/configuration.nix (100%) rename {unstable/config => config}/hosts/rudiger/data/secrets/nc_admin_pass (100%) rename {unstable/config => config}/hosts/rudiger/data/secrets/redis_pass (100%) rename {unstable/config => config}/hosts/rudiger/data/secrets/restic_pass (100%) rename {unstable/config => config}/hosts/rudiger/data/secrets/secrets.nix (100%) rename {unstable/config => config}/hosts/rudiger/data/secrets/ssh_key (100%) rename {unstable/config => config}/hosts/rudiger/data/secrets/ssh_key.pub (100%) rename {unstable/config => config}/hosts/rudiger/hardware-configuration.nix (100%) rename {unstable/config => config}/hosts/rudiger/services/acme.nix (100%) rename {unstable/config => config}/hosts/rudiger/services/nextcloud.nix (100%) rename {unstable/config => config}/hosts/rudiger/services/nginx.nix (100%) rename {unstable/config => config}/hosts/rudiger/services/postgres.nix (100%) rename {unstable/config => config}/hosts/rudiger/services/redis.nix (100%) rename {unstable/config => config}/hosts/rudiger/services/restic.nix (100%) rename {unstable/config => config}/hosts/wind/configuration.nix (100%) rename {unstable/config => config}/hosts/wind/data/secrets/acme_graven_dev.env (100%) rename {unstable/config => config}/hosts/wind/data/secrets/acme_graven_se.env (100%) rename {unstable/config => config}/hosts/wind/data/secrets/restic_pass (100%) rename {unstable/config => config}/hosts/wind/data/secrets/secrets.nix (100%) rename {unstable/config => config}/hosts/wind/data/secrets/ssh_key (100%) rename {unstable/config => config}/hosts/wind/data/secrets/ssh_key.pub (100%) rename {unstable/config => config}/hosts/wind/data/secrets/synapse_macaroon_secret (100%) rename {unstable/config => config}/hosts/wind/data/secrets/synapse_registration_shared_secret (100%) rename {unstable/config => config}/hosts/wind/data/secrets/ttrss_email_pass (100%) rename {unstable/config => config}/hosts/wind/data/secrets/turn_shared_secret (100%) rename {unstable/config => config}/hosts/wind/data/secrets/vaultwarden_env (100%) rename {unstable/config => config}/hosts/wind/data/secrets/wg_key (100%) rename {unstable/config => config}/hosts/wind/hardware-configuration.nix (100%) rename {unstable/config => config}/hosts/wind/services/acme.nix (100%) rename {unstable/config => config}/hosts/wind/services/coturn.nix (100%) rename {unstable/config => config}/hosts/wind/services/gitea.nix (100%) rename {unstable/config => config}/hosts/wind/services/nginx.nix (100%) rename {unstable/config => config}/hosts/wind/services/postgres.nix (100%) rename {unstable/config => config}/hosts/wind/services/restic.nix (100%) rename {unstable/config => config}/hosts/wind/services/synapse.nix (100%) rename {unstable/config => config}/hosts/wind/services/ttrss.nix (100%) rename {unstable/config => config}/hosts/wind/services/vaultwarden.nix (100%) rename {unstable/config => config}/hosts/wind/services/wireguard.nix (100%) rename {stable/config => config}/sources/default.nix (100%) rename {stable/config => config}/sources/nix/sources.json (100%) rename {stable/config => config}/sources/nix/sources.nix (100%) rename {unstable/deploy => deploy}/default.nix (81%) delete mode 100644 stable/deploy/default.nix delete mode 120000 stable/result delete mode 100644 unstable/config/common/data/pubkeys/despondos_host_ed25519_key.pub delete mode 100644 unstable/config/common/services/nginx.nix delete mode 100644 unstable/config/common/services/ssh.nix delete mode 100644 unstable/config/sources/default.nix delete mode 100644 unstable/config/sources/nix/sources.json delete mode 100644 unstable/config/sources/nix/sources.nix diff --git a/stable/config/common/data/pubkeys/despondos_host_ed25519_key.pub b/config/common/data/pubkeys/despondos_host_ed25519_key.pub similarity index 100% rename from stable/config/common/data/pubkeys/despondos_host_ed25519_key.pub rename to config/common/data/pubkeys/despondos_host_ed25519_key.pub diff --git a/stable/config/common/services/nginx.nix b/config/common/services/nginx.nix similarity index 100% rename from stable/config/common/services/nginx.nix rename to config/common/services/nginx.nix diff --git a/stable/config/common/services/ssh.nix b/config/common/services/ssh.nix similarity index 100% rename from stable/config/common/services/ssh.nix rename to config/common/services/ssh.nix diff --git a/unstable/config/hosts/grondahl/configuration.nix b/config/hosts/grondahl/configuration.nix similarity index 100% rename from unstable/config/hosts/grondahl/configuration.nix rename to config/hosts/grondahl/configuration.nix diff --git a/unstable/config/hosts/grondahl/data/secrets/acme_anarkafem_dev b/config/hosts/grondahl/data/secrets/acme_anarkafem_dev similarity index 100% rename from unstable/config/hosts/grondahl/data/secrets/acme_anarkafem_dev rename to config/hosts/grondahl/data/secrets/acme_anarkafem_dev diff --git a/unstable/config/hosts/grondahl/data/secrets/email_noreply b/config/hosts/grondahl/data/secrets/email_noreply similarity index 100% rename from unstable/config/hosts/grondahl/data/secrets/email_noreply rename to config/hosts/grondahl/data/secrets/email_noreply diff --git a/unstable/config/hosts/grondahl/data/secrets/restic_pass b/config/hosts/grondahl/data/secrets/restic_pass similarity index 100% rename from unstable/config/hosts/grondahl/data/secrets/restic_pass rename to config/hosts/grondahl/data/secrets/restic_pass diff --git a/unstable/config/hosts/grondahl/data/secrets/secrets.nix b/config/hosts/grondahl/data/secrets/secrets.nix similarity index 100% rename from unstable/config/hosts/grondahl/data/secrets/secrets.nix rename to config/hosts/grondahl/data/secrets/secrets.nix diff --git a/unstable/config/hosts/grondahl/data/secrets/ssh_key b/config/hosts/grondahl/data/secrets/ssh_key similarity index 100% rename from unstable/config/hosts/grondahl/data/secrets/ssh_key rename to config/hosts/grondahl/data/secrets/ssh_key diff --git a/unstable/config/hosts/grondahl/data/secrets/ssh_key.pub b/config/hosts/grondahl/data/secrets/ssh_key.pub similarity index 100% rename from unstable/config/hosts/grondahl/data/secrets/ssh_key.pub rename to config/hosts/grondahl/data/secrets/ssh_key.pub diff --git a/unstable/config/hosts/grondahl/data/secrets/synapse_macaroon_secret b/config/hosts/grondahl/data/secrets/synapse_macaroon_secret similarity index 100% rename from unstable/config/hosts/grondahl/data/secrets/synapse_macaroon_secret rename to config/hosts/grondahl/data/secrets/synapse_macaroon_secret diff --git a/unstable/config/hosts/grondahl/data/secrets/synapse_registration_shared_secret b/config/hosts/grondahl/data/secrets/synapse_registration_shared_secret similarity index 100% rename from unstable/config/hosts/grondahl/data/secrets/synapse_registration_shared_secret rename to config/hosts/grondahl/data/secrets/synapse_registration_shared_secret diff --git a/unstable/config/hosts/grondahl/data/secrets/turn_shared_secret b/config/hosts/grondahl/data/secrets/turn_shared_secret similarity index 100% rename from unstable/config/hosts/grondahl/data/secrets/turn_shared_secret rename to config/hosts/grondahl/data/secrets/turn_shared_secret diff --git a/unstable/config/hosts/grondahl/hardware-configuration.nix b/config/hosts/grondahl/hardware-configuration.nix similarity index 100% rename from unstable/config/hosts/grondahl/hardware-configuration.nix rename to config/hosts/grondahl/hardware-configuration.nix diff --git a/unstable/config/hosts/grondahl/services/acme.nix b/config/hosts/grondahl/services/acme.nix similarity index 100% rename from unstable/config/hosts/grondahl/services/acme.nix rename to config/hosts/grondahl/services/acme.nix diff --git a/unstable/config/hosts/grondahl/services/coturn.nix b/config/hosts/grondahl/services/coturn.nix similarity index 100% rename from unstable/config/hosts/grondahl/services/coturn.nix rename to config/hosts/grondahl/services/coturn.nix diff --git a/unstable/config/hosts/grondahl/services/nginx.nix b/config/hosts/grondahl/services/nginx.nix similarity index 100% rename from unstable/config/hosts/grondahl/services/nginx.nix rename to config/hosts/grondahl/services/nginx.nix diff --git a/unstable/config/hosts/grondahl/services/postgres.nix b/config/hosts/grondahl/services/postgres.nix similarity index 100% rename from unstable/config/hosts/grondahl/services/postgres.nix rename to config/hosts/grondahl/services/postgres.nix diff --git a/unstable/config/hosts/grondahl/services/restic.nix b/config/hosts/grondahl/services/restic.nix similarity index 100% rename from unstable/config/hosts/grondahl/services/restic.nix rename to config/hosts/grondahl/services/restic.nix diff --git a/unstable/config/hosts/grondahl/services/synapse.nix b/config/hosts/grondahl/services/synapse.nix similarity index 100% rename from unstable/config/hosts/grondahl/services/synapse.nix rename to config/hosts/grondahl/services/synapse.nix diff --git a/stable/config/hosts/mail/configuration.nix b/config/hosts/mail/configuration.nix similarity index 100% rename from stable/config/hosts/mail/configuration.nix rename to config/hosts/mail/configuration.nix diff --git a/stable/config/hosts/mail/data/secrets/mail_noreply_anarkafem_dev b/config/hosts/mail/data/secrets/mail_noreply_anarkafem_dev similarity index 100% rename from stable/config/hosts/mail/data/secrets/mail_noreply_anarkafem_dev rename to config/hosts/mail/data/secrets/mail_noreply_anarkafem_dev diff --git a/stable/config/hosts/mail/data/secrets/secrets.nix b/config/hosts/mail/data/secrets/secrets.nix similarity index 100% rename from stable/config/hosts/mail/data/secrets/secrets.nix rename to config/hosts/mail/data/secrets/secrets.nix diff --git a/stable/config/hosts/mail/data/secrets/ssh_key b/config/hosts/mail/data/secrets/ssh_key similarity index 100% rename from stable/config/hosts/mail/data/secrets/ssh_key rename to config/hosts/mail/data/secrets/ssh_key diff --git a/stable/config/hosts/mail/data/secrets/ssh_key.pub b/config/hosts/mail/data/secrets/ssh_key.pub similarity index 100% rename from stable/config/hosts/mail/data/secrets/ssh_key.pub rename to config/hosts/mail/data/secrets/ssh_key.pub diff --git a/stable/config/hosts/mail/hardware-configuration.nix b/config/hosts/mail/hardware-configuration.nix similarity index 100% rename from stable/config/hosts/mail/hardware-configuration.nix rename to config/hosts/mail/hardware-configuration.nix diff --git a/stable/config/hosts/mail/services/acme.nix b/config/hosts/mail/services/acme.nix similarity index 100% rename from stable/config/hosts/mail/services/acme.nix rename to config/hosts/mail/services/acme.nix diff --git a/stable/config/hosts/mail/services/mail.nix b/config/hosts/mail/services/mail.nix similarity index 100% rename from stable/config/hosts/mail/services/mail.nix rename to config/hosts/mail/services/mail.nix diff --git a/stable/config/hosts/mail/services/restic.nix b/config/hosts/mail/services/restic.nix similarity index 100% rename from stable/config/hosts/mail/services/restic.nix rename to config/hosts/mail/services/restic.nix diff --git a/unstable/config/hosts/rudiger/configuration.nix b/config/hosts/rudiger/configuration.nix similarity index 100% rename from unstable/config/hosts/rudiger/configuration.nix rename to config/hosts/rudiger/configuration.nix diff --git a/unstable/config/hosts/rudiger/data/secrets/nc_admin_pass b/config/hosts/rudiger/data/secrets/nc_admin_pass similarity index 100% rename from unstable/config/hosts/rudiger/data/secrets/nc_admin_pass rename to config/hosts/rudiger/data/secrets/nc_admin_pass diff --git a/unstable/config/hosts/rudiger/data/secrets/redis_pass b/config/hosts/rudiger/data/secrets/redis_pass similarity index 100% rename from unstable/config/hosts/rudiger/data/secrets/redis_pass rename to config/hosts/rudiger/data/secrets/redis_pass diff --git a/unstable/config/hosts/rudiger/data/secrets/restic_pass b/config/hosts/rudiger/data/secrets/restic_pass similarity index 100% rename from unstable/config/hosts/rudiger/data/secrets/restic_pass rename to config/hosts/rudiger/data/secrets/restic_pass diff --git a/unstable/config/hosts/rudiger/data/secrets/secrets.nix b/config/hosts/rudiger/data/secrets/secrets.nix similarity index 100% rename from unstable/config/hosts/rudiger/data/secrets/secrets.nix rename to config/hosts/rudiger/data/secrets/secrets.nix diff --git a/unstable/config/hosts/rudiger/data/secrets/ssh_key b/config/hosts/rudiger/data/secrets/ssh_key similarity index 100% rename from unstable/config/hosts/rudiger/data/secrets/ssh_key rename to config/hosts/rudiger/data/secrets/ssh_key diff --git a/unstable/config/hosts/rudiger/data/secrets/ssh_key.pub b/config/hosts/rudiger/data/secrets/ssh_key.pub similarity index 100% rename from unstable/config/hosts/rudiger/data/secrets/ssh_key.pub rename to config/hosts/rudiger/data/secrets/ssh_key.pub diff --git a/unstable/config/hosts/rudiger/hardware-configuration.nix b/config/hosts/rudiger/hardware-configuration.nix similarity index 100% rename from unstable/config/hosts/rudiger/hardware-configuration.nix rename to config/hosts/rudiger/hardware-configuration.nix diff --git a/unstable/config/hosts/rudiger/services/acme.nix b/config/hosts/rudiger/services/acme.nix similarity index 100% rename from unstable/config/hosts/rudiger/services/acme.nix rename to config/hosts/rudiger/services/acme.nix diff --git a/unstable/config/hosts/rudiger/services/nextcloud.nix b/config/hosts/rudiger/services/nextcloud.nix similarity index 100% rename from unstable/config/hosts/rudiger/services/nextcloud.nix rename to config/hosts/rudiger/services/nextcloud.nix diff --git a/unstable/config/hosts/rudiger/services/nginx.nix b/config/hosts/rudiger/services/nginx.nix similarity index 100% rename from unstable/config/hosts/rudiger/services/nginx.nix rename to config/hosts/rudiger/services/nginx.nix diff --git a/unstable/config/hosts/rudiger/services/postgres.nix b/config/hosts/rudiger/services/postgres.nix similarity index 100% rename from unstable/config/hosts/rudiger/services/postgres.nix rename to config/hosts/rudiger/services/postgres.nix diff --git a/unstable/config/hosts/rudiger/services/redis.nix b/config/hosts/rudiger/services/redis.nix similarity index 100% rename from unstable/config/hosts/rudiger/services/redis.nix rename to config/hosts/rudiger/services/redis.nix diff --git a/unstable/config/hosts/rudiger/services/restic.nix b/config/hosts/rudiger/services/restic.nix similarity index 100% rename from unstable/config/hosts/rudiger/services/restic.nix rename to config/hosts/rudiger/services/restic.nix diff --git a/unstable/config/hosts/wind/configuration.nix b/config/hosts/wind/configuration.nix similarity index 100% rename from unstable/config/hosts/wind/configuration.nix rename to config/hosts/wind/configuration.nix diff --git a/unstable/config/hosts/wind/data/secrets/acme_graven_dev.env b/config/hosts/wind/data/secrets/acme_graven_dev.env similarity index 100% rename from unstable/config/hosts/wind/data/secrets/acme_graven_dev.env rename to config/hosts/wind/data/secrets/acme_graven_dev.env diff --git a/unstable/config/hosts/wind/data/secrets/acme_graven_se.env b/config/hosts/wind/data/secrets/acme_graven_se.env similarity index 100% rename from unstable/config/hosts/wind/data/secrets/acme_graven_se.env rename to config/hosts/wind/data/secrets/acme_graven_se.env diff --git a/unstable/config/hosts/wind/data/secrets/restic_pass b/config/hosts/wind/data/secrets/restic_pass similarity index 100% rename from unstable/config/hosts/wind/data/secrets/restic_pass rename to config/hosts/wind/data/secrets/restic_pass diff --git a/unstable/config/hosts/wind/data/secrets/secrets.nix b/config/hosts/wind/data/secrets/secrets.nix similarity index 100% rename from unstable/config/hosts/wind/data/secrets/secrets.nix rename to config/hosts/wind/data/secrets/secrets.nix diff --git a/unstable/config/hosts/wind/data/secrets/ssh_key b/config/hosts/wind/data/secrets/ssh_key similarity index 100% rename from unstable/config/hosts/wind/data/secrets/ssh_key rename to config/hosts/wind/data/secrets/ssh_key diff --git a/unstable/config/hosts/wind/data/secrets/ssh_key.pub b/config/hosts/wind/data/secrets/ssh_key.pub similarity index 100% rename from unstable/config/hosts/wind/data/secrets/ssh_key.pub rename to config/hosts/wind/data/secrets/ssh_key.pub diff --git a/unstable/config/hosts/wind/data/secrets/synapse_macaroon_secret b/config/hosts/wind/data/secrets/synapse_macaroon_secret similarity index 100% rename from unstable/config/hosts/wind/data/secrets/synapse_macaroon_secret rename to config/hosts/wind/data/secrets/synapse_macaroon_secret diff --git a/unstable/config/hosts/wind/data/secrets/synapse_registration_shared_secret b/config/hosts/wind/data/secrets/synapse_registration_shared_secret similarity index 100% rename from unstable/config/hosts/wind/data/secrets/synapse_registration_shared_secret rename to config/hosts/wind/data/secrets/synapse_registration_shared_secret diff --git a/unstable/config/hosts/wind/data/secrets/ttrss_email_pass b/config/hosts/wind/data/secrets/ttrss_email_pass similarity index 100% rename from unstable/config/hosts/wind/data/secrets/ttrss_email_pass rename to config/hosts/wind/data/secrets/ttrss_email_pass diff --git a/unstable/config/hosts/wind/data/secrets/turn_shared_secret b/config/hosts/wind/data/secrets/turn_shared_secret similarity index 100% rename from unstable/config/hosts/wind/data/secrets/turn_shared_secret rename to config/hosts/wind/data/secrets/turn_shared_secret diff --git a/unstable/config/hosts/wind/data/secrets/vaultwarden_env b/config/hosts/wind/data/secrets/vaultwarden_env similarity index 100% rename from unstable/config/hosts/wind/data/secrets/vaultwarden_env rename to config/hosts/wind/data/secrets/vaultwarden_env diff --git a/unstable/config/hosts/wind/data/secrets/wg_key b/config/hosts/wind/data/secrets/wg_key similarity index 100% rename from unstable/config/hosts/wind/data/secrets/wg_key rename to config/hosts/wind/data/secrets/wg_key diff --git a/unstable/config/hosts/wind/hardware-configuration.nix b/config/hosts/wind/hardware-configuration.nix similarity index 100% rename from unstable/config/hosts/wind/hardware-configuration.nix rename to config/hosts/wind/hardware-configuration.nix diff --git a/unstable/config/hosts/wind/services/acme.nix b/config/hosts/wind/services/acme.nix similarity index 100% rename from unstable/config/hosts/wind/services/acme.nix rename to config/hosts/wind/services/acme.nix diff --git a/unstable/config/hosts/wind/services/coturn.nix b/config/hosts/wind/services/coturn.nix similarity index 100% rename from unstable/config/hosts/wind/services/coturn.nix rename to config/hosts/wind/services/coturn.nix diff --git a/unstable/config/hosts/wind/services/gitea.nix b/config/hosts/wind/services/gitea.nix similarity index 100% rename from unstable/config/hosts/wind/services/gitea.nix rename to config/hosts/wind/services/gitea.nix diff --git a/unstable/config/hosts/wind/services/nginx.nix b/config/hosts/wind/services/nginx.nix similarity index 100% rename from unstable/config/hosts/wind/services/nginx.nix rename to config/hosts/wind/services/nginx.nix diff --git a/unstable/config/hosts/wind/services/postgres.nix b/config/hosts/wind/services/postgres.nix similarity index 100% rename from unstable/config/hosts/wind/services/postgres.nix rename to config/hosts/wind/services/postgres.nix diff --git a/unstable/config/hosts/wind/services/restic.nix b/config/hosts/wind/services/restic.nix similarity index 100% rename from unstable/config/hosts/wind/services/restic.nix rename to config/hosts/wind/services/restic.nix diff --git a/unstable/config/hosts/wind/services/synapse.nix b/config/hosts/wind/services/synapse.nix similarity index 100% rename from unstable/config/hosts/wind/services/synapse.nix rename to config/hosts/wind/services/synapse.nix diff --git a/unstable/config/hosts/wind/services/ttrss.nix b/config/hosts/wind/services/ttrss.nix similarity index 100% rename from unstable/config/hosts/wind/services/ttrss.nix rename to config/hosts/wind/services/ttrss.nix diff --git a/unstable/config/hosts/wind/services/vaultwarden.nix b/config/hosts/wind/services/vaultwarden.nix similarity index 100% rename from unstable/config/hosts/wind/services/vaultwarden.nix rename to config/hosts/wind/services/vaultwarden.nix diff --git a/unstable/config/hosts/wind/services/wireguard.nix b/config/hosts/wind/services/wireguard.nix similarity index 100% rename from unstable/config/hosts/wind/services/wireguard.nix rename to config/hosts/wind/services/wireguard.nix diff --git a/stable/config/sources/default.nix b/config/sources/default.nix similarity index 100% rename from stable/config/sources/default.nix rename to config/sources/default.nix diff --git a/stable/config/sources/nix/sources.json b/config/sources/nix/sources.json similarity index 100% rename from stable/config/sources/nix/sources.json rename to config/sources/nix/sources.json diff --git a/stable/config/sources/nix/sources.nix b/config/sources/nix/sources.nix similarity index 100% rename from stable/config/sources/nix/sources.nix rename to config/sources/nix/sources.nix diff --git a/unstable/deploy/default.nix b/deploy/default.nix similarity index 81% rename from unstable/deploy/default.nix rename to deploy/default.nix index ee07e2e..c91bbbd 100644 --- a/unstable/deploy/default.nix +++ b/deploy/default.nix @@ -33,6 +33,13 @@ in import "${sources.nixus}" {} ({ config, ... }: { successTimeout = 300; ignoreFailingSystemdUnits = true; }; + mail = { lib, config, ... }: { + host = "emelie@mail.graven.dev"; + configuration = ../config/hosts/mail/configuration.nix; + switchTimeout = 300; + successTimeout = 300; + #ignoreFailingSystemdUnits = true; + }; }; }) diff --git a/stable/deploy/default.nix b/stable/deploy/default.nix deleted file mode 100644 index 0373339..0000000 --- a/stable/deploy/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -let - sources = import ../config/sources; -in import "${sources.nixus}" {} ({ config, ... }: { - - defaults = { name, ... }: { - configuration = { lib, ... }: { - networking.hostName = lib.mkDefault name; - }; - - # use our nixpkgs from niv - nixpkgs = sources.nixpkgs; - }; - - nodes = { - mail = { lib, config, ... }: { - host = "emelie@mail.graven.dev"; - configuration = ../config/hosts/mail/configuration.nix; - switchTimeout = 300; - successTimeout = 300; - #ignoreFailingSystemdUnits = true; - }; - }; -}) - diff --git a/stable/result b/stable/result deleted file mode 120000 index fc926f2..0000000 --- a/stable/result +++ /dev/null @@ -1 +0,0 @@ -/nix/store/i50n7iakdlfmy4s7d90djnz30q4qskh5-deploy \ No newline at end of file diff --git a/unstable/config/common/data/pubkeys/despondos_host_ed25519_key.pub b/unstable/config/common/data/pubkeys/despondos_host_ed25519_key.pub deleted file mode 100644 index 6367ffa..0000000 --- a/unstable/config/common/data/pubkeys/despondos_host_ed25519_key.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH+ZQk80BU/OdQfV990yrkFwvsLVbVZ2Itof/qwxjTn7 diff --git a/unstable/config/common/services/nginx.nix b/unstable/config/common/services/nginx.nix deleted file mode 100644 index 4c1478d..0000000 --- a/unstable/config/common/services/nginx.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ ... }: -{ - services.nginx = { - enable = true; - - # Use recommended settings - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - # 100 MB max upload - clientMaxBodySize = "100m"; - - # Only allow PFS-enabled ciphers with AES256 - sslCiphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; - - commonHttpConfig = '' - # Add HSTS header with preloading to HTTPS requests. - # Adding this header to HTTP requests is discouraged - map $scheme $hsts_header { - https "max-age=31536000; includeSubdomains; preload"; - } - add_header Strict-Transport-Security $hsts_header; - - # Enable CSP for your services. - #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; - - # Minimize information leaked to other domains - add_header 'Referrer-Policy' 'same-origin'; - - # Disable embedding as a frame - add_header X-Frame-Options DENY; - - # Prevent injection of code in other mime types (XSS Attacks) - add_header X-Content-Type-Options nosniff; - - # Enable XSS protection of the browser. - # May be unnecessary when CSP is configured properly (see above) - add_header X-XSS-Protection "1; mode=block"; - - # This might create errors - proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; - ''; - }; -} diff --git a/unstable/config/common/services/ssh.nix b/unstable/config/common/services/ssh.nix deleted file mode 100644 index 2a918d9..0000000 --- a/unstable/config/common/services/ssh.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ ... }: -{ - services.openssh = { - enable = true; - permitRootLogin = "no"; - passwordAuthentication = false; - challengeResponseAuthentication = false; - hostKeys = [ { "path" = "/etc/ssh/ssh_host_ed25519_key"; "type" = "ed25519"; } ]; - kexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ]; - macs = [ "hmac-sha2-512-etm@openssh.com" "hmac-sha2-512-etm@openssh.com" "umac-128-etm@openssh.com" ]; - }; - - programs.ssh.knownHosts = { - despondos = { - hostNames = [ "despondos.nao.sh" ]; - publicKeyFile = ../data/pubkeys/despondos_host_ed25519_key.pub; - }; - }; - - services.sshguard = { - enable = true; - blocktime = 300; - }; -} diff --git a/unstable/config/sources/default.nix b/unstable/config/sources/default.nix deleted file mode 100644 index ccd3ba8..0000000 --- a/unstable/config/sources/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -let - sources = import ./nix/sources.nix; - - # just use standard pkgs from sources - # so that we have our applyPattches function - pkgs = import sources.nixpkgs {}; - -in { - nixus = sources.nixus; -} // sources - diff --git a/unstable/config/sources/nix/sources.json b/unstable/config/sources/nix/sources.json deleted file mode 100644 index 3f85426..0000000 --- a/unstable/config/sources/nix/sources.json +++ /dev/null @@ -1,50 +0,0 @@ -{ - "niv": { - "branch": "master", - "description": "Easy dependency management for Nix projects", - "homepage": "https://github.com/nmattia/niv", - "owner": "nmattia", - "repo": "niv", - "rev": "5830a4dd348d77e39a0f3c4c762ff2663b602d4c", - "sha256": "1d3lsrqvci4qz2hwjrcnd8h5vfkg8aypq3sjd4g3izbc8frwz5sm", - "type": "tarball", - "url": "https://github.com/nmattia/niv/archive/5830a4dd348d77e39a0f3c4c762ff2663b602d4c.tar.gz", - "url_template": "https://github.com///archive/.tar.gz" - }, - "nixos-hardware": { - "branch": "master", - "description": "A collection of NixOS modules covering hardware quirks.", - "homepage": "", - "owner": "NixOS", - "repo": "nixos-hardware", - "rev": "4c9f07277bd4bc29a051ff2a0ca58c6403e3881a", - "sha256": "0kz99f42173dh6sa7vw31vr4w348whmbv5n8yfylcjk6widhsslj", - "type": "tarball", - "url": "https://github.com/NixOS/nixos-hardware/archive/4c9f07277bd4bc29a051ff2a0ca58c6403e3881a.tar.gz", - "url_template": "https://github.com///archive/.tar.gz" - }, - "nixpkgs": { - "branch": "21.11", - "description": "Nix Packages collection", - "homepage": "", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "a7ecde854aee5c4c7cd6177f54a99d2c1ff28a31", - "sha256": "162dywda2dvfj1248afxc45kcrg83appjd0nmdb541hl7rnncf02", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/a7ecde854aee5c4c7cd6177f54a99d2c1ff28a31.tar.gz", - "url_template": "https://github.com///archive/.tar.gz" - }, - "nixus": { - "branch": "master", - "description": null, - "homepage": "", - "owner": "Infinisil", - "repo": "nixus", - "rev": "851b6b7480815afd0032fd15ebcf23e80e1d7e57", - "sha256": "1vr39sa7gldwkkhcq70ki878zgnj9z4gvwg85asi2mai0x47f3lb", - "type": "tarball", - "url": "https://github.com/Infinisil/nixus/archive/851b6b7480815afd0032fd15ebcf23e80e1d7e57.tar.gz", - "url_template": "https://github.com///archive/.tar.gz" - } -} diff --git a/unstable/config/sources/nix/sources.nix b/unstable/config/sources/nix/sources.nix deleted file mode 100644 index 1938409..0000000 --- a/unstable/config/sources/nix/sources.nix +++ /dev/null @@ -1,174 +0,0 @@ -# This file has been generated by Niv. - -let - - # - # The fetchers. fetch_ fetches specs of type . - # - - fetch_file = pkgs: name: spec: - let - name' = sanitizeName name + "-src"; - in - if spec.builtin or true then - builtins_fetchurl { inherit (spec) url sha256; name = name'; } - else - pkgs.fetchurl { inherit (spec) url sha256; name = name'; }; - - fetch_tarball = pkgs: name: spec: - let - name' = sanitizeName name + "-src"; - in - if spec.builtin or true then - builtins_fetchTarball { name = name'; inherit (spec) url sha256; } - else - pkgs.fetchzip { name = name'; inherit (spec) url sha256; }; - - fetch_git = name: spec: - let - ref = - if spec ? ref then spec.ref else - if spec ? branch then "refs/heads/${spec.branch}" else - if spec ? tag then "refs/tags/${spec.tag}" else - abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!"; - in - builtins.fetchGit { url = spec.repo; inherit (spec) rev; inherit ref; }; - - fetch_local = spec: spec.path; - - fetch_builtin-tarball = name: throw - ''[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`. - $ niv modify ${name} -a type=tarball -a builtin=true''; - - fetch_builtin-url = name: throw - ''[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`. - $ niv modify ${name} -a type=file -a builtin=true''; - - # - # Various helpers - # - - # https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695 - sanitizeName = name: - ( - concatMapStrings (s: if builtins.isList s then "-" else s) - ( - builtins.split "[^[:alnum:]+._?=-]+" - ((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name) - ) - ); - - # The set of packages used when specs are fetched using non-builtins. - mkPkgs = sources: system: - let - sourcesNixpkgs = - import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) { inherit system; }; - hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath; - hasThisAsNixpkgsPath = == ./.; - in - if builtins.hasAttr "nixpkgs" sources - then sourcesNixpkgs - else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then - import {} - else - abort - '' - Please specify either (through -I or NIX_PATH=nixpkgs=...) or - add a package called "nixpkgs" to your sources.json. - ''; - - # The actual fetching function. - fetch = pkgs: name: spec: - - if ! builtins.hasAttr "type" spec then - abort "ERROR: niv spec ${name} does not have a 'type' attribute" - else if spec.type == "file" then fetch_file pkgs name spec - else if spec.type == "tarball" then fetch_tarball pkgs name spec - else if spec.type == "git" then fetch_git name spec - else if spec.type == "local" then fetch_local spec - else if spec.type == "builtin-tarball" then fetch_builtin-tarball name - else if spec.type == "builtin-url" then fetch_builtin-url name - else - abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}"; - - # If the environment variable NIV_OVERRIDE_${name} is set, then use - # the path directly as opposed to the fetched source. - replace = name: drv: - let - saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name; - ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}"; - in - if ersatz == "" then drv else - # this turns the string into an actual Nix path (for both absolute and - # relative paths) - if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}"; - - # Ports of functions for older nix versions - - # a Nix version of mapAttrs if the built-in doesn't exist - mapAttrs = builtins.mapAttrs or ( - f: set: with builtins; - listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set)) - ); - - # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295 - range = first: last: if first > last then [] else builtins.genList (n: first + n) (last - first + 1); - - # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257 - stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1)); - - # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269 - stringAsChars = f: s: concatStrings (map f (stringToCharacters s)); - concatMapStrings = f: list: concatStrings (map f list); - concatStrings = builtins.concatStringsSep ""; - - # https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331 - optionalAttrs = cond: as: if cond then as else {}; - - # fetchTarball version that is compatible between all the versions of Nix - builtins_fetchTarball = { url, name ? null, sha256 }@attrs: - let - inherit (builtins) lessThan nixVersion fetchTarball; - in - if lessThan nixVersion "1.12" then - fetchTarball ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; })) - else - fetchTarball attrs; - - # fetchurl version that is compatible between all the versions of Nix - builtins_fetchurl = { url, name ? null, sha256 }@attrs: - let - inherit (builtins) lessThan nixVersion fetchurl; - in - if lessThan nixVersion "1.12" then - fetchurl ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; })) - else - fetchurl attrs; - - # Create the final "sources" from the config - mkSources = config: - mapAttrs ( - name: spec: - if builtins.hasAttr "outPath" spec - then abort - "The values in sources.json should not have an 'outPath' attribute" - else - spec // { outPath = replace name (fetch config.pkgs name spec); } - ) config.sources; - - # The "config" used by the fetchers - mkConfig = - { sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null - , sources ? if isNull sourcesFile then {} else builtins.fromJSON (builtins.readFile sourcesFile) - , system ? builtins.currentSystem - , pkgs ? mkPkgs sources system - }: rec { - # The sources, i.e. the attribute set of spec name to spec - inherit sources; - - # The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers - inherit pkgs; - }; - -in -mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); }