chore: cleanups (#40)

* feat: add overlays

* Auto lint/format

* feat: fix dns01 firewall ports

* chore: new keys for dns01

* fix: dupe key

* chore: fix cfdyn

* feat: add dns02

* fix: more server minimalism

* fix: might fix deploy-rs build issues.

* chore: fix dns02 addition

---------

Co-authored-by: Truxnell <9149206+truxnell@users.noreply.github.com>
Co-authored-by: truxnell <truxnell@users.noreply.github.com>
This commit is contained in:
Truxnell 2024-03-30 17:58:53 +11:00 committed by GitHub
parent a4a8b05bb8
commit c6b99f5baf
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 16 additions and 83 deletions

75
.github/settings.yaml vendored
View file

@ -1,75 +0,0 @@
# These settings are synced to GitHub by https://probot.github.io/apps/settings/
repository:
# See https://docs.github.com/en/rest/reference/repos#update-a-repository for all available settings.
# The name of the repository. Changing this will rename the repository
name: nix-config
# A short description of the repository that will show up on GitHub
description: My nix & nixos home setup
# A URL with more information about the repository
# homepage: https://example.github.io/
# A comma-separated list of topics to set on the repository
topics: nix, nixos
# Either `true` to make the repository private, or `false` to make it public.
private: false
# Either `true` to enable issues for this repository, `false` to disable them.
has_issues: true
# Either `true` to enable projects for this repository, or `false` to disable them.
# If projects are disabled for the organization, passing `true` will cause an API error.
has_projects: false
# Either `true` to enable the wiki for this repository, `false` to disable it.
has_wiki: false
# Either `true` to enable downloads for this repository, `false` to disable them.
has_downloads: false
# Updates the default branch for this repository.
default_branch: main
# Either `true` to allow squash-merging pull requests, or `false` to prevent
# squash-merging.
allow_squash_merge: true
# Either `true` to allow merging pull requests with a merge commit, or `false`
# to prevent merging pull requests with merge commits.
allow_merge_commit: false
# Either `true` to allow rebase-merging pull requests, or `false` to prevent
# rebase-merging.
allow_rebase_merge: true
# Either `true` to enable automatic deletion of branches on merge, or `false` to disable
delete_branch_on_merge: true
# Either `true` to enable automated security fixes, or `false` to disable
# automated security fixes.
enable_automated_security_fixes: false
# Either `true` to enable vulnerability alerts, or `false` to disable
# vulnerability alerts.
enable_vulnerability_alerts: true
# Labels: define labels for Issues and Pull Requests
# labels:
# - name: bug
# color: CC0000
# description: An issue with the system 🐛.
# - name: feature
# # If including a `#`, make sure to wrap it with quotes!
# color: '#336699'
# description: New functionality.
# - name: Help Wanted
# # Provide a new name to rename an existing label
# new_name: first-timers-only
# TODO branch protection once nailed down.

View file

@ -23,7 +23,8 @@ jobs:
target: rickenbacker
- os: ubuntu-latest
target: dns01
- os: ubuntu-latest
target: dns02
steps:
- name: Create nix mount point
if: contains(matrix.os, 'ubuntu')
@ -62,12 +63,12 @@ jobs:
run: nix-collect-garbage
- name: Fetch old system profile
run: nix build github:truxnell/nix-config#top.${{ matrix.target }} -v --dry-run --log-format raw --profile ./profile
run: nix build github:truxnell/nix-config#top.${{ matrix.target }} -v --log-format raw --profile ./profile
- name: Add new system to profile
run: |
set -o pipefail
nix build .#top.${{ matrix.target }} --dry-run --profile ./profile --show-trace --fallback -v --log-format raw > >(tee stdout.log) 2> >(tee /tmp/nix-build-err.log >&2)
nix build .#top.${{ matrix.target }} --profile ./profile --show-trace --fallback -v --log-format raw > >(tee stdout.log) 2> >(tee /tmp/nix-build-err.log >&2)
- name: Output build failure
if: failure()

View file

@ -57,10 +57,9 @@ TBC
### Adding new node
- Add to #top in flake
- Ensure secrets are grabbed from note and all sops re-encrypte with task sops:re-encrypt
- Add to relevant github action workflows
- Add to settings.yaml for PR checks
- Add to .github/settings.yaml for PR checks
## Applying configuration changes on a local machine can be done as follows:

View file

@ -213,7 +213,7 @@
# deploy-rs: This is highly advised, and will prevent many possible mistakes
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib;
# Convenience output that aggregates the outputs for home, nixos, and darwin configurations.
# Convenience output that aggregates the outputs for home, nixos.
# Also used in ci to build targets generally.
top =
let

View file

@ -14,16 +14,20 @@ with lib;
grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
generic-extlinux-compatible.enable = true;
timeout = 2;
};
};
nixpkgs.hostPlatform.system = "aarch64-linux";
nixpkgs.buildPlatform.system = "x86_64-linux";
console.enable = false;
mySystem.system.packages = with pkgs; [
libraspberrypi
raspberrypi-eeprom
];
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

View file

@ -31,6 +31,10 @@ with lib;
};
programs.command-not-found.enable = mkDefault false;
sound.enable = false;
hardware.pulseaudio.enable = false;
services.udisks2.enable = mkDefault false;
# xdg = {
# autostart.enable = mkDefault false;