chore: cleanups (#40)
* feat: add overlays * Auto lint/format * feat: fix dns01 firewall ports * chore: new keys for dns01 * fix: dupe key * chore: fix cfdyn * feat: add dns02 * fix: more server minimalism * fix: might fix deploy-rs build issues. * chore: fix dns02 addition --------- Co-authored-by: Truxnell <9149206+truxnell@users.noreply.github.com> Co-authored-by: truxnell <truxnell@users.noreply.github.com>
This commit is contained in:
parent
a4a8b05bb8
commit
c6b99f5baf
6 changed files with 16 additions and 83 deletions
75
.github/settings.yaml
vendored
75
.github/settings.yaml
vendored
|
@ -1,75 +0,0 @@
|
|||
# These settings are synced to GitHub by https://probot.github.io/apps/settings/
|
||||
|
||||
repository:
|
||||
# See https://docs.github.com/en/rest/reference/repos#update-a-repository for all available settings.
|
||||
|
||||
# The name of the repository. Changing this will rename the repository
|
||||
name: nix-config
|
||||
|
||||
# A short description of the repository that will show up on GitHub
|
||||
description: My nix & nixos home setup
|
||||
|
||||
# A URL with more information about the repository
|
||||
# homepage: https://example.github.io/
|
||||
|
||||
# A comma-separated list of topics to set on the repository
|
||||
topics: nix, nixos
|
||||
|
||||
# Either `true` to make the repository private, or `false` to make it public.
|
||||
private: false
|
||||
|
||||
# Either `true` to enable issues for this repository, `false` to disable them.
|
||||
has_issues: true
|
||||
|
||||
# Either `true` to enable projects for this repository, or `false` to disable them.
|
||||
# If projects are disabled for the organization, passing `true` will cause an API error.
|
||||
has_projects: false
|
||||
|
||||
# Either `true` to enable the wiki for this repository, `false` to disable it.
|
||||
has_wiki: false
|
||||
|
||||
# Either `true` to enable downloads for this repository, `false` to disable them.
|
||||
has_downloads: false
|
||||
|
||||
# Updates the default branch for this repository.
|
||||
default_branch: main
|
||||
|
||||
# Either `true` to allow squash-merging pull requests, or `false` to prevent
|
||||
# squash-merging.
|
||||
allow_squash_merge: true
|
||||
|
||||
# Either `true` to allow merging pull requests with a merge commit, or `false`
|
||||
# to prevent merging pull requests with merge commits.
|
||||
allow_merge_commit: false
|
||||
|
||||
# Either `true` to allow rebase-merging pull requests, or `false` to prevent
|
||||
# rebase-merging.
|
||||
allow_rebase_merge: true
|
||||
|
||||
# Either `true` to enable automatic deletion of branches on merge, or `false` to disable
|
||||
delete_branch_on_merge: true
|
||||
|
||||
# Either `true` to enable automated security fixes, or `false` to disable
|
||||
# automated security fixes.
|
||||
enable_automated_security_fixes: false
|
||||
|
||||
# Either `true` to enable vulnerability alerts, or `false` to disable
|
||||
# vulnerability alerts.
|
||||
enable_vulnerability_alerts: true
|
||||
|
||||
# Labels: define labels for Issues and Pull Requests
|
||||
# labels:
|
||||
# - name: bug
|
||||
# color: CC0000
|
||||
# description: An issue with the system 🐛.
|
||||
|
||||
# - name: feature
|
||||
# # If including a `#`, make sure to wrap it with quotes!
|
||||
# color: '#336699'
|
||||
# description: New functionality.
|
||||
|
||||
# - name: Help Wanted
|
||||
# # Provide a new name to rename an existing label
|
||||
# new_name: first-timers-only
|
||||
|
||||
# TODO branch protection once nailed down.
|
7
.github/workflows/diff-pr.yaml
vendored
7
.github/workflows/diff-pr.yaml
vendored
|
@ -23,7 +23,8 @@ jobs:
|
|||
target: rickenbacker
|
||||
- os: ubuntu-latest
|
||||
target: dns01
|
||||
|
||||
- os: ubuntu-latest
|
||||
target: dns02
|
||||
steps:
|
||||
- name: Create nix mount point
|
||||
if: contains(matrix.os, 'ubuntu')
|
||||
|
@ -62,12 +63,12 @@ jobs:
|
|||
run: nix-collect-garbage
|
||||
|
||||
- name: Fetch old system profile
|
||||
run: nix build github:truxnell/nix-config#top.${{ matrix.target }} -v --dry-run --log-format raw --profile ./profile
|
||||
run: nix build github:truxnell/nix-config#top.${{ matrix.target }} -v --log-format raw --profile ./profile
|
||||
|
||||
- name: Add new system to profile
|
||||
run: |
|
||||
set -o pipefail
|
||||
nix build .#top.${{ matrix.target }} --dry-run --profile ./profile --show-trace --fallback -v --log-format raw > >(tee stdout.log) 2> >(tee /tmp/nix-build-err.log >&2)
|
||||
nix build .#top.${{ matrix.target }} --profile ./profile --show-trace --fallback -v --log-format raw > >(tee stdout.log) 2> >(tee /tmp/nix-build-err.log >&2)
|
||||
|
||||
- name: Output build failure
|
||||
if: failure()
|
||||
|
|
|
@ -57,10 +57,9 @@ TBC
|
|||
|
||||
### Adding new node
|
||||
|
||||
- Add to #top in flake
|
||||
- Ensure secrets are grabbed from note and all sops re-encrypte with task sops:re-encrypt
|
||||
- Add to relevant github action workflows
|
||||
- Add to settings.yaml for PR checks
|
||||
- Add to .github/settings.yaml for PR checks
|
||||
|
||||
## Applying configuration changes on a local machine can be done as follows:
|
||||
|
||||
|
|
|
@ -213,7 +213,7 @@
|
|||
# deploy-rs: This is highly advised, and will prevent many possible mistakes
|
||||
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib;
|
||||
|
||||
# Convenience output that aggregates the outputs for home, nixos, and darwin configurations.
|
||||
# Convenience output that aggregates the outputs for home, nixos.
|
||||
# Also used in ci to build targets generally.
|
||||
top =
|
||||
let
|
||||
|
|
|
@ -14,16 +14,20 @@ with lib;
|
|||
grub.enable = false;
|
||||
# Enables the generation of /boot/extlinux/extlinux.conf
|
||||
generic-extlinux-compatible.enable = true;
|
||||
timeout = 2;
|
||||
};
|
||||
};
|
||||
|
||||
nixpkgs.hostPlatform.system = "aarch64-linux";
|
||||
nixpkgs.buildPlatform.system = "x86_64-linux";
|
||||
|
||||
console.enable = false;
|
||||
|
||||
mySystem.system.packages = with pkgs; [
|
||||
libraspberrypi
|
||||
raspberrypi-eeprom
|
||||
];
|
||||
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -31,6 +31,10 @@ with lib;
|
|||
};
|
||||
programs.command-not-found.enable = mkDefault false;
|
||||
|
||||
sound.enable = false;
|
||||
hardware.pulseaudio.enable = false;
|
||||
|
||||
|
||||
services.udisks2.enable = mkDefault false;
|
||||
# xdg = {
|
||||
# autostart.enable = mkDefault false;
|
||||
|
|
Reference in a new issue