root/the_prg_server_configuration_old
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Build machine config change and fixes, improve the dry running, move about the some configs when using builtin hardware-configuration.nix, and fix some syntax issues.

Browse source
This commit is contained in:
Root User 2026-02-12 17:37:54 +01:00
parent c7d4fc7e47
commit 3ac51c3662
Signed by: root
GPG key ID: 087F0A95E5766D72
4 changed files with 31 additions and 59 deletions
Download patch file Download diff file Expand all files Collapse all files

27
copy_pasta.zsh
View file

@ -1,3 +1,4 @@
#!/usr/bin/env zsh
export NIX_CONFIG="experimental-features = nix-command flakes" export NIX_CONFIG="experimental-features = nix-command flakes"
@ -5,13 +6,23 @@ echo "=== nix --version ==="
nix --version nix --version
echo echo
echo "=== nix flake show ===" configs=(
nix flake show . "nixos-local-wireguard-server"
echo "nixos-blank"
"nixos-songsheet"
"nixos-database"
"nixos-forgejo"
"nixos-teamspeak"
"nixos-traefik"
"nixos-build-machine"
)
echo "=== nix eval (raw toplevel) ===" if [[ -n "$1" ]]; then
nix eval --raw .#nixosConfigurations.nixos-local-wireguard-server.config.system.build.toplevel || true configs=("$1")
echo fi
echo "=== nix build --dry-run ===" for config in "${configs[@]}"; do
nix build --dry-run .#nixosConfigurations.nixos-local-wireguard-server.config.system.build.toplevel || true echo "=== Dry-run: $config ==="
nix build --dry-run ".#nixosConfigurations.${config}.config.system.build.toplevel" || true
echo
done

2
nix-system-configs/modules/secrets-config/sops-build-machine.nix
View file

@ -28,7 +28,7 @@
# Export individual WireGuard keys from the SOPS YAML as text secrets so they # Export individual WireGuard keys from the SOPS YAML as text secrets so they
# are available both as strings and as files (.path) # are available both as strings and as files (.path)
sops.secrets.":" = { sops.secrets."runner_token" = {
format = "yaml"; format = "yaml";
sopsFile = ../../secrets/build_machine/secrets.yaml; sopsFile = ../../secrets/build_machine/secrets.yaml;
owner = "root"; owner = "root";

57
nix-system-configs/modules/system/build_machine.nix
View file

@ -42,21 +42,6 @@
local.userDescription = "NixOS Build Machine"; local.userDescription = "NixOS Build Machine";
local.address = "10.1.1.3"; local.address = "10.1.1.3";
# Add Lix instead of Nix
nixpkgs.overlays = [
(final: prev: {
inherit
(prev.lixPackageSets.stable)
nixpkgs-review
nix-eval-jobs
nix-fast-build
colmena
;
})
];
nix.package = pkgs.lixPackageSets.stable.lix;
# Enable Rsync # Enable Rsync
services.rsync.enable = true; services.rsync.enable = true;
@ -124,35 +109,6 @@
# Enable Tailscale # Enable Tailscale
services.tailscale.enable = true; services.tailscale.enable = true;
networking.hostName = local.hostname; # Define your hostname.
# Enable networking
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Europe/Copenhagen";
# Select internationalisation properties.
i18n.defaultLocale = "en_AU.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_AU.UTF-8";
LC_IDENTIFICATION = "en_AU.UTF-8";
LC_MEASUREMENT = "en_AU.UTF-8";
LC_MONETARY = "en_AU.UTF-8";
LC_NAME = "en_AU.UTF-8";
LC_NUMERIC = "en_AU.UTF-8";
LC_PAPER = "en_AU.UTF-8";
LC_TELEPHONE = "en_AU.UTF-8";
LC_TIME = "en_AU.UTF-8";
};
# Configure keymap in X11
services.xserver.xkb = {
layout = "au";
variant = "";
};
# Define a user account. Don't forget to set a password with passwd. # Define a user account. Don't forget to set a password with passwd.
users.users.nixosbm = { users.users.nixosbm = {
isNormalUser = true; isNormalUser = true;
@ -168,9 +124,6 @@
home = "/home/nixremote"; home = "/home/nixremote";
createHome = true; createHome = true;
# Lock the user account (no login shell)
shell = pkgs.shadow;
# SSH key for remote builds # SSH key for remote builds
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
# Add the public key from your client machines here # Add the public key from your client machines here
@ -203,10 +156,18 @@
# Enable the OpenSSH daemon. # Enable the OpenSSH daemon.
services.openssh.enable = true; services.openssh.enable = true;
# Enable Podman for Gitea Actions Runner
virtualisation.podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
# Network configuration for the build machine on the Proxmox bridge # Network configuration for the build machine on the Proxmox bridge
networking.interfaces.ens18.ipv4.addresses = [ networking.interfaces.ens18.ipv4.addresses = [
{ {
address = local.address; address = config.local.address;
#dns = "10.1.1.2"; #dns = "10.1.1.2";
prefixLength = 24; prefixLength = 24;
} }

4
nix-system-configs/modules/system/database.nix
View file

@ -35,8 +35,8 @@
../lix-default.nix ../lix-default.nix
../secrets-config/sops-database.nix ../secrets-config/sops-database.nix
../system_scripts/gcloud_backup.nix ../system_scripts/gcloud_backup.nix
./hardware-configuration.nix ## TODO: Make this more elegant and less risky for unexpected errors happening.
]; ] ++ lib.optional (builtins.pathExists ./hardware-configuration.nix) ./hardware-configuration.nix;
config = { config = {
local.hostname = "nixosdd"; local.hostname = "nixosdd";