chore: cleanups (#40)

* feat: add overlays

* Auto lint/format

* feat: fix dns01 firewall ports

* chore: new keys for dns01

* fix: dupe key

* chore: fix cfdyn

* feat: add dns02

* fix: more server minimalism

* fix: might fix deploy-rs build issues.

* chore: fix dns02 addition

---------

Co-authored-by: Truxnell <9149206+truxnell@users.noreply.github.com>
Co-authored-by: truxnell <truxnell@users.noreply.github.com>

.github/settings.yaml

@@ -1,75 +0,0 @@
-# These settings are synced to GitHub by https://probot.github.io/apps/settings/
-
-repository:
-  # See https://docs.github.com/en/rest/reference/repos#update-a-repository for all available settings.
-
-  # The name of the repository. Changing this will rename the repository
-  name: nix-config
-
-  # A short description of the repository that will show up on GitHub
-  description: My nix & nixos home setup
-
-  # A URL with more information about the repository
-  # homepage: https://example.github.io/
-
-  # A comma-separated list of topics to set on the repository
-  topics: nix, nixos
-
-  # Either `true` to make the repository private, or `false` to make it public.
-  private: false
-
-  # Either `true` to enable issues for this repository, `false` to disable them.
-  has_issues: true
-
-  # Either `true` to enable projects for this repository, or `false` to disable them.
-  # If projects are disabled for the organization, passing `true` will cause an API error.
-  has_projects: false
-
-  # Either `true` to enable the wiki for this repository, `false` to disable it.
-  has_wiki: false
-
-  # Either `true` to enable downloads for this repository, `false` to disable them.
-  has_downloads: false
-
-  # Updates the default branch for this repository.
-  default_branch: main
-
-  # Either `true` to allow squash-merging pull requests, or `false` to prevent
-  # squash-merging.
-  allow_squash_merge: true
-
-  # Either `true` to allow merging pull requests with a merge commit, or `false`
-  # to prevent merging pull requests with merge commits.
-  allow_merge_commit: false
-
-  # Either `true` to allow rebase-merging pull requests, or `false` to prevent
-  # rebase-merging.
-  allow_rebase_merge: true
-
-  # Either `true` to enable automatic deletion of branches on merge, or `false` to disable
-  delete_branch_on_merge: true
-
-  # Either `true` to enable automated security fixes, or `false` to disable
-  # automated security fixes.
-  enable_automated_security_fixes: false
-
-  # Either `true` to enable vulnerability alerts, or `false` to disable
-  # vulnerability alerts.
-  enable_vulnerability_alerts: true
-
-# Labels: define labels for Issues and Pull Requests
-# labels:
-#   - name: bug
-#     color: CC0000
-#     description: An issue with the system 🐛.
-
-#   - name: feature
-#     # If including a `#`, make sure to wrap it with quotes!
-#     color: '#336699'
-#     description: New functionality.
-
-#   - name: Help Wanted
-#     # Provide a new name to rename an existing label
-#     new_name: first-timers-only
-
-# TODO branch protection once nailed down.

.github/workflows/diff-pr.yaml

@@ -23,7 +23,8 @@ jobs:
             target: rickenbacker
           - os: ubuntu-latest
             target: dns01
-
+          - os: ubuntu-latest
+            target: dns02
     steps:
       - name: Create nix mount point
         if: contains(matrix.os, 'ubuntu')
@@ -62,12 +63,12 @@ jobs:
         run: nix-collect-garbage
 
       - name: Fetch old system profile
-        run: nix build github:truxnell/nix-config#top.${{ matrix.target }} -v --dry-run --log-format raw --profile ./profile
+        run: nix build github:truxnell/nix-config#top.${{ matrix.target }} -v  --log-format raw --profile ./profile
 
       - name: Add new system to profile
         run: |
           set -o pipefail
-          nix build .#top.${{ matrix.target }} --dry-run --profile ./profile --show-trace --fallback -v --log-format raw > >(tee stdout.log) 2> >(tee /tmp/nix-build-err.log >&2)
+          nix build .#top.${{ matrix.target }}  --profile ./profile --show-trace --fallback -v --log-format raw > >(tee stdout.log) 2> >(tee /tmp/nix-build-err.log >&2)
 
       - name: Output build failure
         if: failure()

README.md

@@ -57,10 +57,9 @@ TBC
 
 ### Adding new node
 
-- Add to #top in flake
 - Ensure secrets are grabbed from note and all sops re-encrypte with task sops:re-encrypt
 - Add to relevant github action workflows
-- Add to settings.yaml for PR checks
+- Add to .github/settings.yaml for PR checks
 
 ## Applying configuration changes on a local machine can be done as follows:
 

flake.nix

@@ -213,7 +213,7 @@
       # deploy-rs: This is highly advised, and will prevent many possible mistakes
       checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib;
 
-      # Convenience output that aggregates the outputs for home, nixos, and darwin configurations.
+      # Convenience output that aggregates the outputs for home, nixos.
       # Also used in ci to build targets generally.
       top =
         let

nixos/profiles/hw-rpi4.nix

@@ -14,16 +14,20 @@ with lib;
       grub.enable = false;
       # Enables the generation of /boot/extlinux/extlinux.conf
       generic-extlinux-compatible.enable = true;
+      timeout = 2;
     };
   };
 
+  nixpkgs.hostPlatform.system = "aarch64-linux";
+  nixpkgs.buildPlatform.system = "x86_64-linux";
+
   console.enable = false;
+
   mySystem.system.packages = with pkgs; [
     libraspberrypi
     raspberrypi-eeprom
   ];
 
 
-  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
-
 }
+

nixos/profiles/role-server.nix

@@ -31,6 +31,10 @@ with lib;
     };
     programs.command-not-found.enable = mkDefault false;
 
+    sound.enable = false;
+    hardware.pulseaudio.enable = false;
+
+
     services.udisks2.enable = mkDefault false;
     # xdg = {
     #   autostart.enable = mkDefault false;