diff options
| author | Kj Tsanaktsidis <kjtsanaktsidis@groq.com> | 2025-09-07 16:32:01 +1000 |
|---|---|---|
| committer | Kj Tsanaktsidis <kjtsanaktsidis@groq.com> | 2025-09-07 16:32:01 +1000 |
| commit | 21aac7678f85c81505fc0c7171f46eaa9ccfd2df (patch) | |
| tree | cbcfd2627c8be52f6676188e5425b2af19e44013 | |
| parent | 6ad580f49e7412eb428b45b4fa03039f17fb5c8e (diff) | |
sort of works now
| -rw-r--r-- | flake.nix | 20 | ||||
| -rw-r--r-- | kj-laptop01/configuration.nix | 35 | ||||
| -rwxr-xr-x[-rw-r--r--] | nixos-update.rb | 37 |
3 files changed, 59 insertions, 33 deletions
@@ -45,18 +45,25 @@ system: nixpkgs-stable.legacyPackages.${system}.nixfmt-tree ); - apps = nixpkgs-stable.lib.genAttrs systems (system: + apps = nixpkgs-stable.lib.genAttrs systems ( + system: let pkgs = nixpkgs-stable.legacyPackages.${system}; + ruby = pkgs.ruby.withPackages (ps: [ + pkgs.rubyPackages.tty-command + ]); - nixos-update = pkgs.writers.writeRubyBin "nixos-update" { - libraries = [ pkgs.rubyPackages.tty-command ]; + nixos-update = pkgs.writeShellApplication { + name = "nixos-update"; runtimeInputs = [ pkgs.sops pkgs.nixos-anywhere - pkgs.nixos-rebuild + pkgs.nixos-rebuild-ng ]; - } (builtins.readFile ./nixos-update.rb); + text = '' + exec "${ruby}/bin/ruby" "${./nixos-update.rb}" "$@" + ''; + }; in { @@ -64,6 +71,7 @@ type = "app"; program = "${nixos-update}/bin/nixos-update"; }; - }); + } + ); }; } diff --git a/kj-laptop01/configuration.nix b/kj-laptop01/configuration.nix index ae4c54d..d491da7 100644 --- a/kj-laptop01/configuration.nix +++ b/kj-laptop01/configuration.nix @@ -10,12 +10,6 @@ imports = [ ./disk-config.nix ]; - boot.loader.systemd-boot.enable = true; - system.stateVersion = "25.05"; - networking.hostName = "kj-laptop01"; - networking.networkmanager.enable = true; - - sops = { defaultSopsFile = ./secrets.yaml; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; @@ -31,16 +25,22 @@ }; }; + boot.loader.systemd-boot.enable = true; + system.stateVersion = "25.05"; + security.sudo.enable = true; users.mutableUsers = false; - users.groups.kjtsanaktsidis = {}; + users.groups.kjtsanaktsidis = { }; users.users = { kjtsanaktsidis = { createHome = true; isNormalUser = true; description = "KJ Tsanaktsidis"; group = "kjtsanaktsidis"; - extraGroups = [ "wheel" "networkmanager" ]; + extraGroups = [ + "wheel" + "networkmanager" + ]; hashedPasswordFile = config.sops.secrets.kj_hashed_password.path; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAC/BtvW1c1RbBI8eeGo7oOH2y9byBaxWVDHsErgaE+s kjtsanaktsidis@KJMacbookGroq.local" @@ -48,6 +48,25 @@ }; }; + # Enable systemd-resolved for DNS + services.resolved = { + enable = true; + llmnr = "true"; + extraConfig = '' + MulticastDNS=yes + ''; + }; + networking.hostName = "kj-laptop01"; + networking.nameservers = [ "127.0.0.53" ]; + networking.networkmanager = { + enable = true; + dns = "systemd-resolved"; + # Enable mDNS on NetworkManager connections + connectionConfig = { + "connection.mdns" = "2"; # 2 = yes (resolve & register) + }; + }; + services.openssh = { enable = true; hostKeys = [ diff --git a/nixos-update.rb b/nixos-update.rb index b6f3607..2640835 100644..100755 --- a/nixos-update.rb +++ b/nixos-update.rb @@ -9,9 +9,7 @@ require 'optparse' class NixOSUpdater def initialize - @options = parse_options - @system_flake = ARGV[0] - @target_host = ARGV[1] + parse_options! validate_args! @@ -19,7 +17,7 @@ class NixOSUpdater end def run - if @options[:install] + if @install perform_install else perform_update @@ -28,14 +26,14 @@ class NixOSUpdater private - def parse_options + def parse_options! options = {} OptionParser.new do |opts| opts.banner = 'Usage: nixos-update.rb [--install] --system-def <def> --target <target>' opts.on('--install', 'Perform initial installation with nixos-anywhere') do - options[:install] = true + @install = true end opts.on('-h', '--help', 'Show this help message') do @@ -43,15 +41,15 @@ class NixOSUpdater exit end - opts.on('--system-def', 'what system configuration to install') do |defn| + opts.on('--system-def=DEFN', 'what system configuration to install') do |defn| @system_def = defn end - opts.on('--target', 'what user@host to install to') do |target| + opts.on('--target=TARGET', 'what user@host to install to') do |target| @target = target end - opts.on('--build-on', 'what user@host to build on') do |build_on| + opts.on('--build-on=BUILD_ON', 'what user@host to build on') do |build_on| @build_on = build_on end end.parse! @@ -67,11 +65,13 @@ class NixOSUpdater @target = "#{Etc.getlogin}@#{@system_def}" if @target.nil? @build_on = @target if @build_on.nil? && RUBY_PLATFORM !~ /linux/ + + puts "TARGET: #{@target} BUILD_ON #{@build_on} DEF #{@system_def}" end def decrypt_secrets cmd = TTY::Command.new(printer: :null) - result = cmd.run(sops_exe, 'decrypt', '--output-type', 'json', "#{@system_flake}/secrets.yaml") + result = cmd.run(sops_exe, 'decrypt', '--output-type', 'json', "#{@system_def}/secrets.yaml") JSON.parse(result.out) end @@ -89,7 +89,7 @@ class NixOSUpdater 'nixos-anywhere', '--disk-encryption-keys', "#{dir}/luks_passphrase", "#{dir}/luks_passphrase", '--extra-files', "#{dir}/copy_dir", - '--flake', ".##{@system_flake}" + '--flake', ".##{@system_def}" ] cmd_args << '--build-on-remote' if RUBY_PLATFORM !~ /linux/ @@ -102,23 +102,22 @@ class NixOSUpdater end def perform_update - puts "### Updating #{@system_flake} configuration on #{@target_host} ###" + puts "### Updating #{@system_def} configuration on #{@target} ###" cmd_args = [ 'nixos-rebuild-ng', 'switch', - '--flake', ".##{@system_flake}", - '--sudo', '--ask-sudo-passowrd' + '--flake', ".##{@system_def}", + '--sudo', '--ask-sudo-password' ] - if @target_host - cmd_args << '--target-host' << @target_host - cmd_args << '--use-remote-sudo' + if @target + cmd_args << '--target-host' << @target end - cmd_args << '--build-on' << @build_on if @build_on + cmd_args << '--build-host' << @build_on if @build_on - cmd = TTY::Command.new + cmd = TTY::Command.new(printer: :quiet, pty: true) cmd.run(*cmd_args) end end |