From e80a85c4907a91e02f2ca0095b06ce2dd547395c Mon Sep 17 00:00:00 2001 From: John Lancaster <32917998+jsl12@users.noreply.github.com> Date: Wed, 18 Dec 2024 00:52:36 -0600 Subject: [PATCH] big refactor --- .gitignore | 3 +- appdaemon/flake.lock | 301 ------------------ appdaemon/flake.nix | 78 ----- configuration.nix | 68 +--- flake.lock | 283 ++++++++++++++-- flake.nix | 108 ++++++- git.nix => home-manager/git.nix | 0 home-manager/home.nix | 27 ++ nixos/default.nix | 6 + nixos/docker/default.nix | 7 + portainer.nix => nixos/docker/portainer.nix | 0 watchtower.nix => nixos/docker/watchtower.nix | 0 nixos/services/default.nix | 7 + promtail.nix => nixos/services/promtail.nix | 0 telegraf.nix => nixos/services/telegraf.nix | 0 secrets/authorized_keys | 3 + secrets/secrets.yaml | 14 +- 17 files changed, 422 insertions(+), 483 deletions(-) delete mode 100644 appdaemon/flake.lock delete mode 100644 appdaemon/flake.nix rename git.nix => home-manager/git.nix (100%) create mode 100644 home-manager/home.nix create mode 100644 nixos/default.nix create mode 100644 nixos/docker/default.nix rename portainer.nix => nixos/docker/portainer.nix (100%) rename watchtower.nix => nixos/docker/watchtower.nix (100%) create mode 100644 nixos/services/default.nix rename promtail.nix => nixos/services/promtail.nix (100%) rename telegraf.nix => nixos/services/telegraf.nix (100%) create mode 100644 secrets/authorized_keys diff --git a/.gitignore b/.gitignore index d7cd119..44660b3 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ -git.nix +# git.nix *.env +.devenv diff --git a/appdaemon/flake.lock b/appdaemon/flake.lock deleted file mode 100644 index 426fd85..0000000 --- a/appdaemon/flake.lock +++ /dev/null @@ -1,301 +0,0 @@ -{ - "nodes": { - "cachix": { - "inputs": { - "devenv": [ - "devenv" - ], - "flake-compat": [ - "devenv" - ], - "git-hooks": [ - "devenv" - ], - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1728672398, - "narHash": "sha256-KxuGSoVUFnQLB2ZcYODW7AVPAh9JqRlD5BrfsC/Q4qs=", - "owner": "cachix", - "repo": "cachix", - "rev": "aac51f698309fd0f381149214b7eee213c66ef0a", - "type": "github" - }, - "original": { - "owner": "cachix", - "ref": "latest", - "repo": "cachix", - "type": "github" - } - }, - "devenv": { - "inputs": { - "cachix": "cachix", - "flake-compat": "flake-compat", - "git-hooks": "git-hooks", - "nix": "nix", - "nixpkgs": "nixpkgs_3" - }, - "locked": { - "lastModified": 1733323168, - "narHash": "sha256-d5DwB4MZvlaQpN6OQ4SLYxb5jA4UH5EtV5t5WOtjLPU=", - "owner": "cachix", - "repo": "devenv", - "rev": "efa9010b8b1cfd5dd3c7ed1e172a470c3b84a064", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "devenv", - "type": "github" - } - }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "devenv", - "nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1712014858, - "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "git-hooks": { - "inputs": { - "flake-compat": [ - "devenv" - ], - "gitignore": "gitignore", - "nixpkgs": [ - "devenv", - "nixpkgs" - ], - "nixpkgs-stable": [ - "devenv" - ] - }, - "locked": { - "lastModified": 1730302582, - "narHash": "sha256-W1MIJpADXQCgosJZT8qBYLRuZls2KSiKdpnTVdKBuvU=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "af8a16fe5c264f5e9e18bcee2859b40a656876cf", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "devenv", - "git-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, - "libgit2": { - "flake": false, - "locked": { - "lastModified": 1697646580, - "narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=", - "owner": "libgit2", - "repo": "libgit2", - "rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5", - "type": "github" - }, - "original": { - "owner": "libgit2", - "repo": "libgit2", - "type": "github" - } - }, - "nix": { - "inputs": { - "flake-compat": [ - "devenv" - ], - "flake-parts": "flake-parts", - "libgit2": "libgit2", - "nixpkgs": "nixpkgs_2", - "nixpkgs-23-11": [ - "devenv" - ], - "nixpkgs-regression": [ - "devenv" - ], - "pre-commit-hooks": [ - "devenv" - ] - }, - "locked": { - "lastModified": 1727438425, - "narHash": "sha256-X8ES7I1cfNhR9oKp06F6ir4Np70WGZU5sfCOuNBEwMg=", - "owner": "domenkozar", - "repo": "nix", - "rev": "f6c5ae4c1b2e411e6b1e6a8181cc84363d6a7546", - "type": "github" - }, - "original": { - "owner": "domenkozar", - "ref": "devenv-2.24", - "repo": "nix", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1730531603, - "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-python": { - "inputs": { - "flake-compat": "flake-compat_2", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733319315, - "narHash": "sha256-cFQBdRmtIZFVjr2P6NkaCOp7dddF93BC0CXBwFZFaN0=", - "owner": "cachix", - "repo": "nixpkgs-python", - "rev": "01263eeb28c09f143d59cd6b0b7c4cc8478efd48", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "nixpkgs-python", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1717432640, - "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "88269ab3044128b7c2f4c7d68448b2fb50456870", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1716977621, - "narHash": "sha256-Q1UQzYcMJH4RscmpTkjlgqQDX5yi1tZL0O345Ri6vXQ=", - "owner": "cachix", - "repo": "devenv-nixpkgs", - "rev": "4267e705586473d3e5c8d50299e71503f16a6fb6", - "type": "github" - }, - "original": { - "owner": "cachix", - "ref": "rolling", - "repo": "devenv-nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1733212471, - "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "root": { - "inputs": { - "devenv": "devenv", - "nixpkgs": "nixpkgs_4", - "nixpkgs-python": "nixpkgs-python" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/appdaemon/flake.nix b/appdaemon/flake.nix deleted file mode 100644 index 0c40e4a..0000000 --- a/appdaemon/flake.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - devenv.url = "github:cachix/devenv"; - nixpkgs-python = { - url = "github:cachix/nixpkgs-python"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - }; - - nixConfig = { - extra-trusted-public-keys = "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="; - extra-substituters = "https://devenv.cachix.org"; - }; - - outputs = { self, nixpkgs, devenv, ... } @ inputs: - let - system = "x86_64-linux"; - pkgs = nixpkgs.legacyPackages.${system}; - adPath = "/usr/src/app"; - in - { - packages.${system} = { - devenv-up = self.devShells.${system}.default.config.procfileScript; - devenv-test = self.devShells.${system}.default.config.test; - }; - - devShells.${system}.default = devenv.lib.mkShell { - inherit inputs pkgs; - modules = [ - ({ pkgs, config, ... }: { - # This is your devenv configuration - - pre-commit.hooks = { - end-of-file-fixer.enable = true; - trim-trailing-whitespace.enable = true; - }; - - languages.python = { - enable = true; - version = "3.12.7"; - uv = { - enable = true; - sync = { - enable = true; - allExtras = true; - arguments = [ "-U" ]; - }; - }; - }; - - packages = with pkgs; [ - git - (writeShellScriptBin "full-build" '' - cd ${adPath} - ${pkgs.uv}/bin/uv build --wheel - docker build -t acockburn/appdaemon:local-dev ${adPath} - '') - ]; - - enterShell = '' - alias appdaemon="${pkgs.uv}/bin/uv run --frozen python -m appdaemon" - alias ad="appdaemon" - - export PS1="\[\e[0;34m\](AppDaemon)\[\e[0m\] ''${PS1-}" - - export VIRTUAL_ENV=$UV_PROJECT_ENVIRONMENT - - echo -e "URL: \e[34m$(${pkgs.git}/bin/git config --get remote.origin.url)\e[0m" - echo -e "Branch: \e[32m$(${pkgs.git}/bin/git rev-parse --abbrev-ref HEAD)\e[0m" - echo -e "Hash: \e[33m$(${pkgs.git}/bin/git rev-parse --short HEAD)\e[0m" - echo "AppDaemon v$(${pkgs.uv}/bin/uv pip show appdaemon | awk '/^Version:/ {print $2}') development shell started" - ''; - }) - ]; - }; - }; -} \ No newline at end of file diff --git a/configuration.nix b/configuration.nix index 640de1e..195cb7f 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,39 +1,32 @@ -{ pkgs, lib, userSettings, systemSettings, ... }: +{ inputs, pkgs, lib, userSettings, systemSettings, ... }: let - stateVersion = "24.05"; - adHome = "/srv/appdaemon"; - adNixPath = "${adHome}/ad-nix"; - adPath = "/usr/src/app"; - adRepo = "https://github.com/jsl12/appdaemon"; - adBranch = "hass"; + stateVersion = systemSettings.stateVersion; + # adHome = "/srv/appdaemon"; + # adNixPath = "${adHome}/ad-nix"; + # adPath = "/usr/src/app"; in { imports = [ - ./telegraf.nix - ./promtail.nix - ./portainer.nix - ./watchtower.nix + (import ./home-manager/home.nix {inherit systemSettings userSettings;}) + ./nixos ]; + system.stateVersion = stateVersion; + time.timeZone = "${systemSettings.timeZone}"; + nix.settings.trusted-users = [ "root" "@wheel" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; sops.defaultSopsFile = ./secrets/secrets.yaml; sops.defaultSopsFormat = "yaml"; - sops.age.keyFile = "${adHome}/.config/sops/age/keys.txt"; + sops.age.keyFile = "${userSettings.adHome}/.config/sops/age/keys.txt"; environment.systemPackages = with pkgs; [ (pkgs.writeShellScriptBin "nrbs" "sudo nixos-rebuild switch") (pkgs.writeShellScriptBin "nrbsu" "sudo nix-channel --update && sudo nixos-rebuild switch") - (pkgs.writeShellScriptBin "nfs" "sudo nixos-rebuild switch --flake ${adNixPath} --impure") - (pkgs.writeShellScriptBin "ads" "cd ${adPath} && nix develop --no-pure-eval ${adNixPath}/appdaemon") - (pkgs.writeShellScriptBin "ad-clone" '' - if [ ! -d ${adPath} ]; then - sudo git clone -b ${adBranch} ${adRepo} ${adPath} - sudo chown -R appdaemon:users $(dirname ${adPath}) - else - echo "${adPath} already exists" - fi + (pkgs.writeShellScriptBin "nfs" '' + sudo nixos-rebuild switch --flake $(readlink -f /etc/nixos)#${systemSettings.hostName} '') + (pkgs.writeShellScriptBin "ads" "nix develop --no-pure-eval $(readlink -f /etc/nixos)") bash git eza @@ -41,8 +34,6 @@ in sops ]; - time.timeZone = "${systemSettings.timeZone}"; - virtualisation.docker.enable = true; virtualisation.oci-containers.backend = "docker"; @@ -57,35 +48,4 @@ in chown 1000:100 /conf fi ''; - - security.sudo-rs = { - enable = true; - execWheelOnly = false; - wheelNeedsPassword = false; - }; - - users.users.appdaemon = { - isNormalUser = true; - home = "${adHome}"; - extraGroups = [ "wheel" "docker" ]; - openssh.authorizedKeys.keyFiles = [ "/root/.ssh/authorized_keys" ]; - }; - - home-manager = { - useGlobalPkgs = true; - users.appdaemon = { pkgs, ... }: { - home.stateVersion = stateVersion; - systemd.user.startServices = "sd-switch"; - imports = [ (import ./git.nix {inherit userSettings;}) ]; - programs = { - ssh.enable = true; - git.extraConfig.safe.directory = "${adNixPath}"; - bash = { - enable = true; - profileExtra = "cd ${adNixPath}"; - }; - }; - }; - }; - system.stateVersion = stateVersion; } diff --git a/flake.lock b/flake.lock index cbb32d5..9b2f226 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,111 @@ { "nodes": { + "cachix": { + "inputs": { + "devenv": [ + "devenv" + ], + "flake-compat": [ + "devenv" + ], + "git-hooks": [ + "devenv" + ], + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1728672398, + "narHash": "sha256-KxuGSoVUFnQLB2ZcYODW7AVPAh9JqRlD5BrfsC/Q4qs=", + "owner": "cachix", + "repo": "cachix", + "rev": "aac51f698309fd0f381149214b7eee213c66ef0a", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "latest", + "repo": "cachix", + "type": "github" + } + }, + "devenv": { + "inputs": { + "cachix": "cachix", + "flake-compat": "flake-compat", + "git-hooks": "git-hooks", + "nix": "nix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1734441494, + "narHash": "sha256-/SZXjdKlo6NgVR+/RT0eYCUUJLcQndy7lIl2Bc0qjlY=", + "owner": "cachix", + "repo": "devenv", + "rev": "bdc1a2cefdda8f89e31b1a0f3771786ba9e5d052", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "devenv", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "devenv", + "nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1712014858, + "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -18,6 +124,56 @@ "type": "github" } }, + "git-hooks": { + "inputs": { + "flake-compat": [ + "devenv" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "devenv", + "nixpkgs" + ], + "nixpkgs-stable": [ + "devenv" + ] + }, + "locked": { + "lastModified": 1730302582, + "narHash": "sha256-W1MIJpADXQCgosJZT8qBYLRuZls2KSiKdpnTVdKBuvU=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "af8a16fe5c264f5e9e18bcee2859b40a656876cf", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "devenv", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -38,7 +194,109 @@ "type": "github" } }, + "libgit2": { + "flake": false, + "locked": { + "lastModified": 1697646580, + "narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=", + "owner": "libgit2", + "repo": "libgit2", + "rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5", + "type": "github" + }, + "original": { + "owner": "libgit2", + "repo": "libgit2", + "type": "github" + } + }, + "nix": { + "inputs": { + "flake-compat": [ + "devenv" + ], + "flake-parts": "flake-parts", + "libgit2": "libgit2", + "nixpkgs": "nixpkgs_2", + "nixpkgs-23-11": [ + "devenv" + ], + "nixpkgs-regression": [ + "devenv" + ], + "pre-commit-hooks": [ + "devenv" + ] + }, + "locked": { + "lastModified": 1727438425, + "narHash": "sha256-X8ES7I1cfNhR9oKp06F6ir4Np70WGZU5sfCOuNBEwMg=", + "owner": "domenkozar", + "repo": "nix", + "rev": "f6c5ae4c1b2e411e6b1e6a8181cc84363d6a7546", + "type": "github" + }, + "original": { + "owner": "domenkozar", + "ref": "devenv-2.24", + "repo": "nix", + "type": "github" + } + }, "nixpkgs": { + "locked": { + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-python": { + "inputs": { + "flake-compat": "flake-compat_2", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733319315, + "narHash": "sha256-cFQBdRmtIZFVjr2P6NkaCOp7dddF93BC0CXBwFZFaN0=", + "owner": "cachix", + "repo": "nixpkgs-python", + "rev": "01263eeb28c09f143d59cd6b0b7c4cc8478efd48", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "nixpkgs-python", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1717432640, + "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "88269ab3044128b7c2f4c7d68448b2fb50456870", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1734119587, "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=", @@ -54,23 +312,7 @@ "type": "github" } }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1734083684, - "narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { + "nixpkgs_4": { "locked": { "lastModified": 1682134069, "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=", @@ -86,9 +328,10 @@ }, "root": { "inputs": { + "devenv": "devenv", "home-manager": "home-manager", - "nixpkgs": "nixpkgs", - "nixpkgs-stable": "nixpkgs-stable", + "nixpkgs": "nixpkgs_3", + "nixpkgs-python": "nixpkgs-python", "sops-nix": "sops-nix", "vscode-server": "vscode-server" } @@ -131,7 +374,7 @@ "vscode-server": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1729422940, diff --git a/flake.nix b/flake.nix index bbebb2f..e07ac7b 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,6 @@ { inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11"; home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; @@ -11,6 +10,19 @@ url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + nixpkgs-python = { + url = "github:cachix/nixpkgs-python"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + devenv = { + url = "github:cachix/devenv"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + nixConfig = { + extra-trusted-public-keys = "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="; + extra-substituters = "https://devenv.cachix.org"; }; outputs = { self, ... }@args: @@ -19,17 +31,21 @@ nixosSystem = args.nixpkgs.lib.nixosSystem; userSettings = { - username = "panoptes"; + userName = "appdaemon"; gitUserName = "John Lancaster"; gitUserEmail = "32917998+jsl12@users.noreply.github.com"; + adRepo = "https://github.com/jsl12/appdaemon"; + adBranch = "hass"; + adHome = "/srv/appdaemon"; }; systemSettings = { hostName = "ad-nix"; - stateVersion = "24.11"; + stateVersion = "24.05"; system = "x86_64-linux"; timeZone = "America/Chicago"; locale = "en_US.UTF-8"; + pythonVersion = "3.12.7"; }; pkgs = args.nixpkgs.legacyPackages.${systemSettings.system}; @@ -38,30 +54,88 @@ { nixosConfigurations.${systemSettings.hostName} = nixosSystem { system = systemSettings.system; - specialArgs = { + specialArgs = + let + inputs = args; + in + { + inherit inputs; inherit systemSettings; inherit userSettings; }; modules = [ (args.nixpkgs + "/nixos/modules/virtualisation/proxmox-lxc.nix") - ./configuration.nix args.home-manager.nixosModules.default args.vscode-server.nixosModules.default args.sops-nix.nixosModules.sops - ({ ... }: { services.vscode-server.enable = true; }) + ./configuration.nix ]; }; - # homeConfigurations = { - # useGlobalPkgs = true; - # ${userSettings.username} = args.home-manager.lib.homeManagerConfiguration { - # inherit pkgs; - # extraSpecialArgs = { - # inherit systemSettings; - # inherit userSettings; - # }; - # modules = [ ./home.nix ]; - # }; - # }; + packages.${systemSettings.system} = { + devenv-up = self.devShells.${systemSettings.system}.default.config.procfileScript; + devenv-test = self.devShells.${systemSettings.system}.default.config.test; + }; + + devShells.${systemSettings.system}.default = + let + inputs = args; + in + args.devenv.lib.mkShell { + inherit inputs pkgs; + modules = [ + ({ pkgs, config, ... }: { + # This is your devenv configuration + + pre-commit.hooks = { + end-of-file-fixer.enable = true; + trim-trailing-whitespace.enable = true; + }; + + languages.python = { + enable = true; + version = systemSettings.pythonVersion; + uv = { + enable = true; + sync = { + enable = true; + allExtras = true; + arguments = [ "-U" ]; + }; + }; + }; + + packages = with pkgs; [ + git + # (writeShellScriptBin "full-build" '' + # cd ${adPath} + # ${pkgs.uv}/bin/uv build --wheel + # docker build -t acockburn/appdaemon:local-dev ${adPath} + # '') + # (pkgs.python312.withPackages (python-pkgs: with python-pkgs; [ + # pip + # setuptools + # wheel + # ipykernel + # rich + # ])) + ]; + + enterShell = '' + alias appdaemon="${pkgs.uv}/bin/uv run --frozen python -m appdaemon" + alias ad="appdaemon" + + export PS1="\[\e[0;34m\](AppDaemon)\[\e[0m\] ''${PS1-}" + + export VIRTUAL_ENV=$UV_PROJECT_ENVIRONMENT + + echo -e "URL: \e[34m$(${pkgs.git}/bin/git config --get remote.origin.url)\e[0m" + echo -e "Branch: \e[32m$(${pkgs.git}/bin/git rev-parse --abbrev-ref HEAD)\e[0m" + echo -e "Hash: \e[33m$(${pkgs.git}/bin/git rev-parse --short HEAD)\e[0m" + echo "AppDaemon v$(${pkgs.uv}/bin/uv pip show appdaemon | awk '/^Version:/ {print $2}') development shell started" + ''; + }) + ]; + }; }; } \ No newline at end of file diff --git a/git.nix b/home-manager/git.nix similarity index 100% rename from git.nix rename to home-manager/git.nix diff --git a/home-manager/home.nix b/home-manager/home.nix new file mode 100644 index 0000000..eb6f740 --- /dev/null +++ b/home-manager/home.nix @@ -0,0 +1,27 @@ +{ systemSettings, userSettings, ... }: +{ + security.sudo-rs = { + enable = true; + execWheelOnly = false; + wheelNeedsPassword = false; + }; + + users.users.${userSettings.userName} = { + isNormalUser = true; + extraGroups = [ "wheel" "docker" ]; + openssh.authorizedKeys.keyFiles = [ ../secrets/authorized_keys ]; + }; + + home-manager = { + useGlobalPkgs = true; + users.${userSettings.userName} = { ... }: { + home.stateVersion = systemSettings.stateVersion; + systemd.user.startServices = "sd-switch"; # helps with handling systemd services when switching + imports = [ (import ./git.nix {inherit userSettings;}) ]; + programs = { + ssh.enable = true; + bash.enable = true; + }; + }; + }; +} diff --git a/nixos/default.nix b/nixos/default.nix new file mode 100644 index 0000000..6cab0e2 --- /dev/null +++ b/nixos/default.nix @@ -0,0 +1,6 @@ +{ ... }: +{ + imports = [ + ./docker + ]; +} \ No newline at end of file diff --git a/nixos/docker/default.nix b/nixos/docker/default.nix new file mode 100644 index 0000000..a157aa1 --- /dev/null +++ b/nixos/docker/default.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + imports = [ + ./portainer.nix + ./watchtower.nix + ]; +} \ No newline at end of file diff --git a/portainer.nix b/nixos/docker/portainer.nix similarity index 100% rename from portainer.nix rename to nixos/docker/portainer.nix diff --git a/watchtower.nix b/nixos/docker/watchtower.nix similarity index 100% rename from watchtower.nix rename to nixos/docker/watchtower.nix diff --git a/nixos/services/default.nix b/nixos/services/default.nix new file mode 100644 index 0000000..00be9b1 --- /dev/null +++ b/nixos/services/default.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + imports = [ + ./promtail.nix + ./telegraf.nix + ]; +} \ No newline at end of file diff --git a/promtail.nix b/nixos/services/promtail.nix similarity index 100% rename from promtail.nix rename to nixos/services/promtail.nix diff --git a/telegraf.nix b/nixos/services/telegraf.nix similarity index 100% rename from telegraf.nix rename to nixos/services/telegraf.nix diff --git a/secrets/authorized_keys b/secrets/authorized_keys new file mode 100644 index 0000000..f79b391 --- /dev/null +++ b/secrets/authorized_keys @@ -0,0 +1,3 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIaHS9CLiDc6T1tja0fBwwv5qc6iwuckWN6w8MNo5yiR8LPWyrfueowNJkL4HMqu6OEuggtdybGw1Do4sW5o+toHCyWfZf3khI1l15opPXuVpD4CWED+SpJiZ0wBgRaCaWhfxLI+s4JOhjOO2OjiClPX3HfxIHyTpRiR78lOMcIieHSnzrAV2MatYKf6lL2ckOsIPwxo/OVM+1ljjX+HLq9IxGUCpWOnF4nF1rq3gKL2JUh2KsrgrzE3NB7EFuqKm8F0tF2rG3JjSvlwox0h06drKD02lpZWXPOBRlcyFDpNXymmc2bpG0S2Bbj5g+pqNBB0jO0h3kzWvYYqrtU/ElObg1cXhyi0PFOhhptlbhbK0Ao8B+pAbSZ661nMT3jpRWLVbnJrRFnXXdjX08r5eseQ3k4CFpv+g64n7yg3IMo9f8gA9P/hOexR+qu5AQ1Ad/tvkp6pPXnR/zsUnbe4p2A9MaNJm4E1zxbs5VGlXynNikXwDL+spkrnjwdfUULTk= john@JOHN-PC +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFn5ilhqaeDsOWSk7y29se2NvxGm8djlfL3RGLokj0q6 john@john-p14s +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHh9SBuxU2dOJHnpGZAE4cwe0fXcTBBAx+JmRsmIX+Tk8zooeM32vbNxxSXiZNpBGH5wzHNb534dWexGGG3sOaONmcL7SCoPIvaAdnIn5VsiznerLrzppSbx3Qn8eyF97WAGCcOcIUNmTIDDx1m6zG762WQnoaUEy0Ul5IR7ET5GQxP3p5Qwx8yqfixKDwarvV421sUIxYt9gee31jS9jcI3MFd6EL57hWle95Z8BGpR/Q7sXDBTZQWMZauh5NPwLMZS7k3bHgxXZ7WNOw/J/yts1ckBbvIFJSRNnMuWD0oGnDTL6aivGi+Eiswp0fpKzYGzquB3/wr3VU4G1JcMM5 JuiceSSH \ No newline at end of file diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 166f6f5..3e64802 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,14 +1,4 @@ -hello: ENC[AES256_GCM,data:NZlG+HRn4A+N84Cesba5rxqxEmhXFpGFv5g/LrIxUnFF69wMXhqK5mDHQ2ZIhg==,iv:YTwRm3ZlAX8LD/1OJJkPUvCjZlbN2TqXbXIcZ3DE+/A=,tag:UOgKZJ1wbNI/mRaXR8xugw==,type:str] -example_key: ENC[AES256_GCM,data:KaQoqEs4agPDp9hI4A==,iv:KWbMvC/Ktnu7M6YIXGMMS8BOvlXDD+7Jr4wTc4vB8aQ=,tag:83NQ42Ohq4Gt0bk9NG0nkQ==,type:str] telegraf_influx_token: ENC[AES256_GCM,data:XHT7lvRrw9MeC0Jxe2EYTTa/iB5QLVTzp9TDJaljssRR+kGdK3va1u14NX5b6jFrHnAXLiMdMQ5UTdbsnYH43TnRkY29mcVHxwaQv+rbCgEIKOAYFeIw0g==,iv:uzBYXWYRDH6bHZ3pubWh5Qn/2dN2Rz+sjEmrqpKhA4o=,tag:wemgU05aTl9S1rwt+fVQug==,type:str] -#ENC[AES256_GCM,data:elDbVD1GEFak71Lfz0m4Mg==,iv:WpDWGBJvHtujHl1JMjCXMF+9IIHBLxnjdgJiPlPhl/g=,tag:aCc458Ljc3o7baElkfuhFQ==,type:comment] -example_array: - - ENC[AES256_GCM,data:20u0gnNpsgWohIv8ibQ=,iv:7RMJvEY9bwQKO95b/CM5mHwZGeiCRtQMSd01Lye0h/E=,tag:xxCbM8x/ykevvwINsUUK/Q==,type:str] - - ENC[AES256_GCM,data:dHCk/rralLgfxQAtXYs=,iv:ceCXVfD7iRJvklgpnoRbAMWUlCDZccYhWF1KEXmcoiw=,tag:uxv4vDMSwrWbObi5BXEZuA==,type:str] -example_number: ENC[AES256_GCM,data:hLeRQrKMhCDt0Q==,iv:zEtWhqedCtOvjvJZa1Gupb6kSowQgaonCQpOrq/r0SE=,tag:5GNb2qxiD4LetM3yah2fKg==,type:float] -example_booleans: - - ENC[AES256_GCM,data:u8WpJg==,iv:JeleHpPCfuehakS3jGFL9zPCYXEZxMPYdEP5wJK9Jaw=,tag:MCADWSWRidGxLZraCI7GRQ==,type:bool] - - ENC[AES256_GCM,data:czMA+n4=,iv:O3p7ONcVzuTcOT2eQ5CeycOk352pTej95ouxuaffPDI=,tag:JikG1qmJJo+Mom7mQL0fPQ==,type:bool] sops: kms: [] gcp_kms: [] @@ -24,8 +14,8 @@ sops: dmR2a2QvZVRPc3ZFc1EvVWZqMTdQcncKTc4D3riTbEcv3eeREFMIZYQk7aDvDZEt xBCoMNVjYaLIy9ljNfLGKh0J/wed0MC6wBIfABuH6eanEvV4ob+xnw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-17T06:10:44Z" - mac: ENC[AES256_GCM,data:fMFAvBWUoZ0Mfw5IP2Tt4fD6eO/mbuPICIH5WKjSu0a0U6OU+D+9vy8Rip5FFanf5QpPcE0w4sh7P5Rv4vfi3X/3H1sUZ3lkp7XiQc1bZx4+76Q3s1jpTr8HDo5G8Wl3yQItdzQzAT6gC9yPbL3CYANl6Cik6ueV+564rq6dpqA=,iv:piYkRFlFUTTNSMDfWDMYQGq8Stt8HXKvoKfBToPEzNU=,tag:WjVydfnpneY+Im8pDOKWsA==,type:str] + lastmodified: "2024-12-18T02:36:09Z" + mac: ENC[AES256_GCM,data:lXFJxFQJy9qNu2dVo+UBIfDNAeZ4U2n5c085qYmAShJrY2OiX0+Dv6n4kLg1ohgPni0VG6tAayPghHkStQPT7chFZwlAlvRol1kELWDukygWgPfZqvooDlPlH3ews16TtEM/B/cTOYFZA3X82nJgjcoEFjUHasWg2Ryic5mWe0I=,iv:ys1nRfNV6gawPjPfjfJfLGSSSsiauNEJVMMTAzcoGf4=,tag:UowQI9F59EzDEyTROACI0A==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2