chore: cleanups (#40)

* feat: add overlays * Auto lint/format * feat: fix dns01 firewall ports * chore: new keys for dns01 * fix: dupe key * chore: fix cfdyn * feat: add dns02 * fix: more server minimalism * fix: might fix deploy-rs build issues. * chore: fix dns02 addition --------- Co-authored-by: Truxnell <9149206+truxnell@users.noreply.github.com> Co-authored-by: truxnell <truxnell@users.noreply.github.com>
2024-03-30 17:58:53 +11:00 · 2024-03-30 17:58:53 +11:00 · c6b99f5baf
commit c6b99f5baf
parent a4a8b05bb8
6 changed files with 16 additions and 83 deletions
--- a/.github/settings.yaml
+++ b/.github/settings.yaml
@ -1,75 +0,0 @@
 # These settings are synced to GitHub by https://probot.github.io/apps/settings/
 repository:
  # See https://docs.github.com/en/rest/reference/repos#update-a-repository for all available settings.
  # The name of the repository. Changing this will rename the repository
  name: nix-config
  # A short description of the repository that will show up on GitHub
  description: My nix & nixos home setup
  # A URL with more information about the repository
  # homepage: https://example.github.io/
  # A comma-separated list of topics to set on the repository
  topics: nix, nixos
  # Either `true` to make the repository private, or `false` to make it public.
  private: false
  # Either `true` to enable issues for this repository, `false` to disable them.
  has_issues: true
  # Either `true` to enable projects for this repository, or `false` to disable them.
  # If projects are disabled for the organization, passing `true` will cause an API error.
  has_projects: false
  # Either `true` to enable the wiki for this repository, `false` to disable it.
  has_wiki: false
  # Either `true` to enable downloads for this repository, `false` to disable them.
  has_downloads: false
  # Updates the default branch for this repository.
  default_branch: main
  # Either `true` to allow squash-merging pull requests, or `false` to prevent
  # squash-merging.
  allow_squash_merge: true
  # Either `true` to allow merging pull requests with a merge commit, or `false`
  # to prevent merging pull requests with merge commits.
  allow_merge_commit: false
  # Either `true` to allow rebase-merging pull requests, or `false` to prevent
  # rebase-merging.
  allow_rebase_merge: true
  # Either `true` to enable automatic deletion of branches on merge, or `false` to disable
  delete_branch_on_merge: true
  # Either `true` to enable automated security fixes, or `false` to disable
  # automated security fixes.
  enable_automated_security_fixes: false
  # Either `true` to enable vulnerability alerts, or `false` to disable
  # vulnerability alerts.
  enable_vulnerability_alerts: true
 # Labels: define labels for Issues and Pull Requests
 # labels:
 #   - name: bug
 #     color: CC0000
 #     description: An issue with the system 🐛.
 #   - name: feature
 #     # If including a `#`, make sure to wrap it with quotes!
 #     color: '#336699'
 #     description: New functionality.
 #   - name: Help Wanted
 #     # Provide a new name to rename an existing label
 #     new_name: first-timers-only
 # TODO branch protection once nailed down.
--- a/.github/workflows/diff-pr.yaml
+++ b/.github/workflows/diff-pr.yaml
@ -23,7 +23,8 @@ jobs:
            target: rickenbacker
          - os: ubuntu-latest
            target: dns01
-
+          - os: ubuntu-latest
            target: dns02
    steps:
      - name: Create nix mount point
        if: contains(matrix.os, 'ubuntu')
@ -62,12 +63,12 @@ jobs:
        run: nix-collect-garbage
      - name: Fetch old system profile
-        run: nix build github:truxnell/nix-config#top.${{ matrix.target }} -v --dry-run --log-format raw --profile ./profile
+        run: nix build github:truxnell/nix-config#top.${{ matrix.target }} -v  --log-format raw --profile ./profile
      - name: Add new system to profile
        run: |
          set -o pipefail
-          nix build .#top.${{ matrix.target }} --dry-run --profile ./profile --show-trace --fallback -v --log-format raw > >(tee stdout.log) 2> >(tee /tmp/nix-build-err.log >&2)
+          nix build .#top.${{ matrix.target }}  --profile ./profile --show-trace --fallback -v --log-format raw > >(tee stdout.log) 2> >(tee /tmp/nix-build-err.log >&2)
      - name: Output build failure
        if: failure()
--- a/README.md
+++ b/README.md
@ -57,10 +57,9 @@ TBC
 ### Adding new node
 - Add to #top in flake
 - Ensure secrets are grabbed from note and all sops re-encrypte with task sops:re-encrypt
 - Add to relevant github action workflows
- Add to settings.yaml for PR checks
+- Add to .github/settings.yaml for PR checks
 ## Applying configuration changes on a local machine can be done as follows:
--- a/flake.nix
+++ b/flake.nix
@ -213,7 +213,7 @@
      # deploy-rs: This is highly advised, and will prevent many possible mistakes
      checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib;
-      # Convenience output that aggregates the outputs for home, nixos, and darwin configurations.
+      # Convenience output that aggregates the outputs for home, nixos.
      # Also used in ci to build targets generally.
      top =
        let
--- a/nixos/profiles/hw-rpi4.nix
+++ b/nixos/profiles/hw-rpi4.nix
@ -14,16 +14,20 @@ with lib;
      grub.enable = false;
      # Enables the generation of /boot/extlinux/extlinux.conf
      generic-extlinux-compatible.enable = true;
      timeout = 2;
    };
  };
  nixpkgs.hostPlatform.system = "aarch64-linux";
  nixpkgs.buildPlatform.system = "x86_64-linux";
  console.enable = false;
  mySystem.system.packages = with pkgs; [
    libraspberrypi
    raspberrypi-eeprom
  ];
  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
 }
--- a/nixos/profiles/role-server.nix
+++ b/nixos/profiles/role-server.nix
@ -31,6 +31,10 @@ with lib;
    };
    programs.command-not-found.enable = mkDefault false;
    sound.enable = false;
    hardware.pulseaudio.enable = false;
    services.udisks2.enable = mkDefault false;
    # xdg = {
    #   autostart.enable = mkDefault false;