From add25d866dba39d997502ecd6df66141ca89dd39 Mon Sep 17 00:00:00 2001 From: xinyangli Date: Wed, 15 Nov 2023 07:50:26 +0000 Subject: [PATCH 1/2] bump version --- flake.lock | 58 ++++++++++++++++-------------- flake.nix | 3 +- home/xin/common/default.nix | 3 -- machines/calcite/configuration.nix | 1 - machines/clash.nix | 34 ------------------ machines/raspite/configuration.nix | 4 +-- 6 files changed, 33 insertions(+), 70 deletions(-) delete mode 100644 machines/clash.nix diff --git a/flake.lock b/flake.lock index 44f32e4..801872b 100644 --- a/flake.lock +++ b/flake.lock @@ -181,11 +181,11 @@ ] }, "locked": { - "lastModified": 1694469544, - "narHash": "sha256-eqZng5dZnAUyb7xXyFk5z871GY/++KVv3Gyld5mVh20=", + "lastModified": 1699783872, + "narHash": "sha256-4zTwLT2LL45Nmo6iwKB3ls3hWodVP9DiSWxki/oewWE=", "owner": "nix-community", "repo": "home-manager", - "rev": "5171f5ef654425e09d9c2100f856d887da595437", + "rev": "280721186ab75a76537713ec310306f0eba3e407", "type": "github" }, "original": { @@ -201,11 +201,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1694481387, - "narHash": "sha256-1v5DT/8PmFl9UJHRq6BeMcDTSqXIYjVBilcVFt+vRN0=", + "lastModified": 1700011274, + "narHash": "sha256-NtZqLNEjgaCGowT2+HEeOoZsXqVSAZMA/vk2t0jikN0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "3901c1225944eda6c85f09a57c338f87f06748d2", + "rev": "a8c236477b4251ba739463de7e863a07b124fdd3", "type": "github" }, "original": { @@ -237,11 +237,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1694432324, - "narHash": "sha256-bo3Gv6Cp40vAXDBPi2XiDejzp/kyz65wZg4AnEWxAcY=", + "lastModified": 1699997707, + "narHash": "sha256-ugb+1TGoOqqiy3axyEZpfF6T4DQUGjfWZ3Htry1EfvI=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "ca41b8a227dd235b1b308217f116c7e6e84ad779", + "rev": "5689f3ebf899f644a1aabe8774d4f37eb2f6c2f9", "type": "github" }, "original": { @@ -269,11 +269,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1694426803, - "narHash": "sha256-osusXQo0zkEqs502SNMffsKp1O9evpDM54A37MuyT2Q=", + "lastModified": 1699596684, + "narHash": "sha256-XSXP8zjBZJBVvpNb2WmY0eW8O2ce+sVyj1T0/iBRIvg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9a74ffb2ca1fc91c6ccc48bd3f8cbc1501bf7b8a", + "rev": "da4024d0ead5d7820f6bd15147d3fe2a0c0cec73", "type": "github" }, "original": { @@ -285,11 +285,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1693675694, - "narHash": "sha256-2pIOyQwGyy2FtFAUIb8YeKVmOCcPOTVphbAvmshudLE=", + "lastModified": 1699756042, + "narHash": "sha256-bHHjQQBsEPOxLL+klYU2lYshDnnWY12SewzQ7n5ab2M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5601118d39ca9105f8e7b39d4c221d3388c0419d", + "rev": "9502d0245983bb233da8083b55d60d96fd3c29ff", "type": "github" }, "original": { @@ -301,23 +301,27 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1694538145, - "narHash": "sha256-/+X6c5mT4Yce7L21Dw+UynDomPQQya2WRaMAO7aotGY=", - "path": "/home/xin/nixpkgs", - "type": "path" + "lastModified": 1699781429, + "narHash": "sha256-UYefjidASiLORAjIvVsUHG6WBtRhM67kTjEY4XfZOFs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "e44462d6021bfe23dfb24b775cc7c390844f773d", + "type": "github" }, "original": { - "path": "/home/xin/nixpkgs", - "type": "path" + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" } }, "nur": { "locked": { - "lastModified": 1694533535, - "narHash": "sha256-De7zRSSjw/UQmPxqUB5+acgE0kx9v7+w5mndk1M9clQ=", + "lastModified": 1700012630, + "narHash": "sha256-m+FOsAtH3He/QoiPqJ/MuF9aw0P/+47vZ3H24pB9MaI=", "owner": "nix-community", "repo": "NUR", - "rev": "140724f176a3a6d4b193b6da8eb7659d13f2fa9a", + "rev": "89fdcae74a069abd30b4d26ed043853b338ba88c", "type": "github" }, "original": { @@ -392,11 +396,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1694495315, - "narHash": "sha256-sZEYXs9T1NVHZSSbMqBEtEm2PGa7dEDcx0ttQkArORc=", + "lastModified": 1699951338, + "narHash": "sha256-1GeczM7XfgHcYGYiYNcdwSFu3E62vmh4d7mffWZvyzE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "ea208e55f8742fdcc0986b256bdfa8986f5e4415", + "rev": "0e3a94167dcd10a47b89141f35b2ff9e04b34c46", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index a6be7dc..d84f120 100644 --- a/flake.nix +++ b/flake.nix @@ -1,8 +1,7 @@ { inputs = { # Pin nixpkgs to a specific commit - # nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - nixpkgs.url = "path:/home/xin/nixpkgs"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-23.05"; home-manager = { diff --git a/home/xin/common/default.nix b/home/xin/common/default.nix index da76694..088d6a6 100644 --- a/home/xin/common/default.nix +++ b/home/xin/common/default.nix @@ -9,8 +9,6 @@ nix.settings = { experimental-features = [ "nix-command" "flakes" ]; auto-optimise-store = true; - substituters = "https://cache.nixos.org https://mirrors.ustc.edu.cn/nix-channels/store https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store https://cache.nixos.org/ https://cuda-maintainers.cachix.org"; - trusted-public-keys = "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="; }; @@ -28,7 +26,6 @@ tealdeer neofetch rclone - clash inetutils ]; diff --git a/machines/calcite/configuration.nix b/machines/calcite/configuration.nix index a5d45f8..ffc1a28 100644 --- a/machines/calcite/configuration.nix +++ b/machines/calcite/configuration.nix @@ -7,7 +7,6 @@ ./hardware-configuration.nix ./network.nix ../sops.nix - ../clash.nix ]; # Bootloader. diff --git a/machines/clash.nix b/machines/clash.nix deleted file mode 100644 index e6c76ca..0000000 --- a/machines/clash.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - sops = { - secrets.clash_subscription_link = { - owner = "xin"; - }; - }; - - systemd.timers."clash-config-update" = { - wantedBy = [ "timers.target" ]; - timerConfig = { - OnUnitActiveSec = "1d"; - Unit = "clash-config-update.service"; - }; - }; - - systemd.services."clash-config-update" = { - script = '' - ${pkgs.curl}/bin/curl $(${pkgs.coreutils}/bin/cat ${config.sops.secrets.clash_subscription_link.path}) > /tmp/config.yaml && mv /tmp/config.yaml /home/xin/.config/clash/ - ''; - serviceConfig = { - Type = "oneshot"; - User= "xin"; - }; - }; - - systemd.services.clash = { - enable = true; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig.ExecStart = "${pkgs.clash}/bin/clash -d /home/xin/.config/clash"; - }; - -} diff --git a/machines/raspite/configuration.nix b/machines/raspite/configuration.nix index b178e9e..72b7978 100644 --- a/machines/raspite/configuration.nix +++ b/machines/raspite/configuration.nix @@ -10,13 +10,11 @@ ]; imports = [ - ../clash.nix ../sops.nix ]; environment.systemPackages = with pkgs; [ git - clash ]; # Use mirror for binary cache @@ -59,4 +57,4 @@ hashedPassword = "$y$j9T$KEOMZBlXtudOYWq/elAdI.$Vd3X8rjEplbuRBeZPp.8/gpL3zthpBNjhBR47wFc8D4"; }; -} \ No newline at end of file +} From 56e67018d618ad69b6be95380c9dde4136d827da Mon Sep 17 00:00:00 2001 From: xinyangli Date: Wed, 15 Nov 2023 08:10:35 +0000 Subject: [PATCH 2/2] massicot: passwordless sudo for user xin --- machines/massicot/default.nix | 6 ++++++ machines/massicot/services.nix | 3 +-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/machines/massicot/default.nix b/machines/massicot/default.nix index 8dd59d5..c502312 100644 --- a/machines/massicot/default.nix +++ b/machines/massicot/default.nix @@ -45,5 +45,11 @@ ]; hashedPassword = "$y$j9T$JOJn97hZndiDamUmmT.iq.$ue7gNZz/b14ur8GhyutOCvFjsv.3rcsHmk7m.WRk6u7"; }; + + security.sudo.extraRules = [ + { users = [ "xin" ]; + commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; + } + ]; } diff --git a/machines/massicot/services.nix b/machines/massicot/services.nix index 3fee0e6..6574466 100644 --- a/machines/massicot/services.nix +++ b/machines/massicot/services.nix @@ -52,9 +52,8 @@ in }; }; - services.gitea = { + services.forgejo = { enable = true; - package = pkgs.forgejo; settings = { service.DISABLE_REGISTRATION = true; server = {