merging manual updates.

2024-07-13 02:25:36 -05:00 · 2024-07-13 02:25:36 -05:00 · e788ffac1b
parent 6a8c45a1af
commit e788ffac1b
6 changed files with 44 additions and 4 deletions
--- a/.envrc
+++ b/.envrc
@ -1 +1,2 @@
-export SOPS_AGE_KEY_FILE="$(expand_path ./age.key)"
+export SOPS_AGE_KEY_FILE="$(expand_path ./age.key)"
+use nix
--- a/.gitignore
+++ b/.gitignore
@ -3,4 +3,5 @@
 result
 result-*
 .decrypted~secrets.yaml
-age.key
+age.key
+.direnv
--- a/nixos/common.nix
+++ b/nixos/common.nix
@ -61,6 +61,8 @@
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIATyScd8ZRhV7uZmrQNSAbRTs9N/Dbx+Y8tGEDny30sA jahanson@Anduril"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO/W445gX2IINRbE6crIMwgN6Ks8LTzAXR86pS9xp335 Sting"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBROTzSefJGJeCNUgNLbE5l4sHHg2fHUO4sCwqvP+zAd Gollum"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDJtqzSFK3MN12Lo3Y4DnzJV5NiygIPkR+gun5oEb2q jahanson@legion-new"
  ];

  # Set up users
@ -76,6 +78,7 @@
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETR70eQJiXaJuB+qpI1z+jFOPbEZoQNRcq4VXkojWfU"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAanHn3AWxWfHv51wgDmJwhQrJgsGd+LomJJZ5kXFTP3 jahanson@durincore"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIATyScd8ZRhV7uZmrQNSAbRTs9N/Dbx+Y8tGEDny30sA jahanson@Anduril"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDJtqzSFK3MN12Lo3Y4DnzJV5NiygIPkR+gun5oEb2q jahanson@legion-new"
    ];
  }; 

--- a/nixos/gandalf/configuration.nix
+++ b/nixos/gandalf/configuration.nix
@ -163,7 +163,12 @@ in
  };

  # NFS
-  services.nfs.server.enable = true;
+  services.nfs.server = {
+    enable = true;
+    statdPort = 4000;
+    lockdPort = 4001;
+    mountdPort = 4002;
+  };

  # SMB
  services.samba-wsdd = {
--- a/nixos/telperion/configuration.nix
+++ b/nixos/telperion/configuration.nix
@ -114,7 +114,7 @@
  };

  # haproxy for load balancing talos and kubernetes api.
-    services.haproxy = {
+  services.haproxy = {
    enable = true;
    config = ''
      global
--- a/shell.nix
+++ b/shell.nix
@ -0,0 +1,30 @@
+# Shell for bootstrapping flake-enabled nix and home-manager
+{ pkgs ? let
+    # If pkgs is not defined, instantiate nixpkgs from locked commit
+    lock = (builtins.fromJSON (builtins.readFile ./flake.lock)).nodes.nixpkgs.locked;
+    nixpkgs = fetchTarball {
+      url = "https://github.com/nixos/nixpkgs/archive/${lock.rev}.tar.gz";
+      sha256 = lock.narHash;
+    };
+    system = builtins.currentSystem;
+    overlays = [ ]; # Explicit blank overlay to avoid interference
+  in
+  import nixpkgs { inherit system overlays; }
+, ...
+}:
+pkgs.mkShell {
+  # Enable experimental features without having to specify the argument
+  NIX_CONFIG = "experimental-features = nix-command flakes";
+
+  nativeBuildInputs = with pkgs; [
+    nix
+    home-manager
+    git
+    nil
+    nixpkgs-fmt
+    go-task
+    sops
+    pre-commit
+    gitleaks
+  ];
+}