hectic-lab/util.nix
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

some fixes

Browse Source
This commit is contained in:
yukkop
2025-10-23 11:28:56 +00:00
parent dd0d823e36
commit b400acd18e
6 changed files with 170 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

155
flake.lock generated
View File

@@ -75,6 +75,28 @@
"type": "github" "type": "github"
} }
}, },
"disko_2": {
"inputs": {
"nixpkgs": [
"nixos-anywhere",
"nixpkgs"
]
},
"locked": {
"lastModified": 1749200714,
"narHash": "sha256-W8KiJIrVwmf43JOPbbTu5lzq+cmdtRqaNbOsZigjioY=",
"owner": "nix-community",
"repo": "disko",
"rev": "17d08c65c241b1d65b3ddf79e3fac1ddc870b0f6",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "disko",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@@ -108,6 +130,27 @@
} }
}, },
"flake-parts": { "flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nixos-anywhere",
"nixpkgs"
]
},
"locked": {
"lastModified": 1748821116,
"narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"nixvim", "nixvim",
@@ -493,6 +536,53 @@
"type": "github" "type": "github"
} }
}, },
"nix-vm-test": {
"inputs": {
"nixpkgs": [
"nixos-anywhere",
"nixpkgs"
]
},
"locked": {
"lastModified": 1748765518,
"narHash": "sha256-vftOR+7zwnMWl5UpG32GL1VBeNGTDZZT0hv+2uNuBGw=",
"owner": "Mic92",
"repo": "nix-vm-test",
"rev": "d6642fbaf42fc98883d84bab66cd0ec720d9dd0c",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "nix-vm-test",
"type": "github"
}
},
"nixos-anywhere": {
"inputs": {
"disko": "disko_2",
"flake-parts": "flake-parts",
"nix-vm-test": "nix-vm-test",
"nixos-images": "nixos-images",
"nixos-stable": "nixos-stable",
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1760107790,
"narHash": "sha256-7zuh0xtYZnfyibIRCiK4KthXNZIV/9pa7wSjNJUV3Qk=",
"owner": "nix-community",
"repo": "nixos-anywhere",
"rev": "25d23ef77d2c54ad1c08caafee022834265804dc",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-anywhere",
"type": "github"
}
},
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1760106635, "lastModified": 1760106635,
@@ -508,6 +598,47 @@
"type": "github" "type": "github"
} }
}, },
"nixos-images": {
"inputs": {
"nixos-stable": [
"nixos-anywhere",
"nixos-stable"
],
"nixos-unstable": [
"nixos-anywhere",
"nixpkgs"
]
},
"locked": {
"lastModified": 1749086071,
"narHash": "sha256-4+fY7i+q78F3t6APz0cMC4kRxsyCb+UTyfhbckkCd7Q=",
"owner": "nix-community",
"repo": "nixos-images",
"rev": "aa38dbbdf0e955baef7e03dfc4265ae3fdac4808",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-images",
"type": "github"
}
},
"nixos-stable": {
"locked": {
"lastModified": 1749086602,
"narHash": "sha256-DJcgJMekoxVesl9kKjfLPix2Nbr42i7cpEHJiTnBUwU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4792576cb003c994bd7cc1edada3129def20b27d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1760423683, "lastModified": 1760423683,
@@ -526,7 +657,7 @@
}, },
"nixvim": { "nixvim": {
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": "flake-parts_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
@@ -601,6 +732,7 @@
"home-manager": "home-manager", "home-manager": "home-manager",
"hyprland": "hyprland", "hyprland": "hyprland",
"impermanence": "impermanence", "impermanence": "impermanence",
"nixos-anywhere": "nixos-anywhere",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixvim": "nixvim", "nixvim": "nixvim",
@@ -687,6 +819,27 @@
"type": "github" "type": "github"
} }
}, },
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixos-anywhere",
"nixpkgs"
]
},
"locked": {
"lastModified": 1749194973,
"narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"utils": { "utils": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems"

6
flake.nix
View File

@@ -36,6 +36,10 @@
url = "github:NixOS/nixos-hardware"; url = "github:NixOS/nixos-hardware";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixos-anywhere = {
url = "github:nix-community/nixos-anywhere";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = { outputs = {
@@ -64,7 +68,7 @@
system, system,
pkgs, pkgs,
}: { }: {
packages.${system} = import ./package { inherit system self pkgs; }; packages.${system} = import ./package { inherit system self pkgs inputs; };
devShells.${system} = import ./devshell { inherit system self pkgs; }; devShells.${system} = import ./devshell { inherit system self pkgs; };
legacyPackages.${system} = import ./legacy { legacyPackages.${system} = import ./legacy {
inherit system self; inherit system self;

1
nixos/module/hectic/hardware/hetzner-cloud.nix
View File

@@ -62,6 +62,7 @@ in {
"xen_blkfront" "xen_blkfront"
] ++ (if pkgs.system != "aarch64-linux" then [ "vmw_pvscsi" ] else []); ] ++ (if pkgs.system != "aarch64-linux" then [ "vmw_pvscsi" ] else []);
networking.useDHCP = lib.mkDefault true;
systemd.network.enable = true; systemd.network.enable = true;
systemd.network.networks."30-wan" = { systemd.network.networks."30-wan" = {
matchConfig.Name = "ens3"; matchConfig.Name = "ens3";

4
package/default.nix
View File

@@ -1,4 +1,4 @@
{ self, system, pkgs }: let { self, system, pkgs, inputs }: let
rust = { rust = {
nativeBuildInputs = [ nativeBuildInputs = [
pkgs.pkgsBuildHost.rust-bin.stable."1.81.0".default pkgs.pkgsBuildHost.rust-bin.stable."1.81.0".default
@@ -239,7 +239,7 @@ in {
support-bot = pkgs.callPackage ./support-bot {}; support-bot = pkgs.callPackage ./support-bot {};
nix-derivation-hash = pkgs.callPackage ./nix-derivation-hash {}; nix-derivation-hash = pkgs.callPackage ./nix-derivation-hash {};
"sentinèlla" = pkgs.callPackage (./. + "/sentinèlla") {}; "sentinèlla" = pkgs.callPackage (./. + "/sentinèlla") {};
deploy = pkgs.callPackage ./deploy {}; deploy = pkgs.callPackage ./deploy { inherit inputs; };
shellplot = pkgs.callPackage ./shellplot {}; shellplot = pkgs.callPackage ./shellplot {};
sops = pkgs.callPackage ./sops.nix {}; sops = pkgs.callPackage ./sops.nix {};
onlinepubs2man = pkgs.callPackage ./onlinepubs2man {}; onlinepubs2man = pkgs.callPackage ./onlinepubs2man {};

7
package/deploy/default.nix
View File

@@ -1,4 +1,4 @@
{ symlinkJoin, writeTextFile, socat, dash, hectic, curl, gawk, jq }: { inputs, symlinkJoin, dash, hectic, ssh-to-age, system }:
let let
shell = "${dash}/bin/dash"; shell = "${dash}/bin/dash";
bashOptions = [ bashOptions = [
@@ -9,7 +9,10 @@ let
deploy = hectic.writeShellApplication { deploy = hectic.writeShellApplication {
inherit shell bashOptions; inherit shell bashOptions;
name = "deploy"; name = "deploy";
runtimeInputs = []; runtimeInputs = [
ssh-to-age
inputs.nixos-anywhere.packages.${system}.nixos-anywhere
];
text = builtins.readFile ./deploy.sh; text = builtins.readFile ./deploy.sh;
}; };

6
package/deploy/deploy.sh
View File

@@ -57,7 +57,7 @@ if ! [ ${target_host+x} ]; then
exit 1 exit 1
fi fi
if ssh "$target_host" 'cat /etc/os-release 2>/dev/null || echo "no /etc/os-release"' \ if ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null "$target_host" 'cat /etc/os-release 2>/dev/null || echo "no /etc/os-release"' \
| grep -q '^NAME=NixOS$' | grep -q '^NAME=NixOS$'
then then
is_target_host_nixos=1 is_target_host_nixos=1
@@ -79,9 +79,9 @@ if [ "$server_init" -eq 1 ]; then
fi fi
# shellcheck disable=SC2068 # shellcheck disable=SC2068
nix run nixos-anywhere -- $@ # --flake .#x86_64-linux --target-host proxydoe nixos-anywhere -- $@ # --flake .#x86_64-linux --target-host proxydoe
server_public_age_key=$(ssh "$target_host" cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age) server_public_age_key=$(ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null "$target_host" cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age)
# shellcheck disable=SC2016 # shellcheck disable=SC2016
printf 'server'"'"'s public age key is `%s` use it in sops file and run regular deploys' "$server_public_age_key" printf 'server'"'"'s public age key is `%s` use it in sops file and run regular deploys' "$server_public_age_key"