From 0441714c65432c7b797ba14d1ab7620998c8b18d Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Sat, 1 Apr 2023 12:15:22 +0200 Subject: [PATCH] Initial commit Signed-off-by: Christoph Heiss --- .editorconfig | 18 ++++++++++ .git-crypt/.gitattributes | 4 +++ ...561D6430B28D6BDCBC9CEB73D5E7FDEE3DE49A.gpg | Bin 0 -> 725 bytes .gitignore | 3 ++ LICENSE | 24 ++++++++++++++ Makefile | 31 ++++++++++++++++++ README.md | 18 ++++++++++ secrets/.gitattributes | 2 ++ 8 files changed, 100 insertions(+) create mode 100644 .editorconfig create mode 100644 .git-crypt/.gitattributes create mode 100644 .git-crypt/keys/default/0/9C561D6430B28D6BDCBC9CEB73D5E7FDEE3DE49A.gpg create mode 100644 .gitignore create mode 100644 LICENSE create mode 100644 Makefile create mode 100644 README.md create mode 100644 secrets/.gitattributes diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..5975bfa --- /dev/null +++ b/.editorconfig @@ -0,0 +1,18 @@ +root = true + +[*] +end_of_line = lf +insert_final_newline = true +charset = utf-8 +indent_style = space +indent_size = 4 +trim_trailing_whitespace = true + +[*.nix] +indent_size = 2 + +[*.md] +trim_trailing_whitespace = false + +[Makefile] +indent_style = tab diff --git a/.git-crypt/.gitattributes b/.git-crypt/.gitattributes new file mode 100644 index 0000000..665b10e --- /dev/null +++ b/.git-crypt/.gitattributes @@ -0,0 +1,4 @@ +# Do not edit this file. To specify the files to encrypt, create your own +# .gitattributes file in the directory where your files are. +* !filter !diff +*.gpg binary diff --git a/.git-crypt/keys/default/0/9C561D6430B28D6BDCBC9CEB73D5E7FDEE3DE49A.gpg b/.git-crypt/keys/default/0/9C561D6430B28D6BDCBC9CEB73D5E7FDEE3DE49A.gpg new file mode 100644 index 0000000000000000000000000000000000000000..133756887be776256c8f896522a519e68adb6eb8 GIT binary patch literal 725 zcmV;`0xJE50t^EU+dRu|_P8sNR&LC<~BW=}L36!1uYlBptgB>e#FYbhY|u;eXEO0lkd)%~iqL zn9F40oj)BqWw47HEfONyiw-0AJ5HfaQ(V>%y)lpnEX1M^hm-_N`3Ld&kA}BOTcaFgdW(oZ4*sP9!hm1&IYXO*zY$?{_MEAwa6T zSKYncro(tPeW))^n0Pt&v-Kzmv6tV_9#8Z#T19cGi81Dq|A$sprhO2?=>y0iFLYBi zKl_Y+`bG8M{NPpt;$U9o$jSc)e=OC*YpKMPgR+1wB~n?< zDr2B;Btqs6B8leF3iHyy0|B}pR19%T8qhPRkC(cYF>!;>bI9<_{wf*k!u3{^mS+fN z+&~>-U}1{%&fEx$d9wbkk(jA!0WnW;a(~@|Z|62&>bjz6hKc1TuoOZl?6WPZH@yTw zci={~*-9>($ec8@il{EUL=}c5hpOlnXb!cC$M`A9O@=qy{m>Wos9Sl#l3pmCeg6N_ z;nr`Oc+&`TXGgI=qGJe287u}3-*Dt|lEE^2zryTk3Y H%2S!7jQ4QD literal 0 HcmV?d00001 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2a23e46 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +result +*.qcow2 +*.tar.xz diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..fdddb29 --- /dev/null +++ b/LICENSE @@ -0,0 +1,24 @@ +This is free and unencumbered software released into the public domain. + +Anyone is free to copy, modify, publish, use, compile, sell, or +distribute this software, either in source code form or as a compiled +binary, for any purpose, commercial or non-commercial, and by any +means. + +In jurisdictions that recognize copyright laws, the author or authors +of this software dedicate any and all copyright interest in the +software to the public domain. We make this dedication for the benefit +of the public at large and to the detriment of our heirs and +successors. We intend this dedication to be an overt act of +relinquishment in perpetuity of all present and future rights to this +software under copyright law. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + +For more information, please refer to diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..0dd5dfd --- /dev/null +++ b/Makefile @@ -0,0 +1,31 @@ +export MAKEFLAGS := + +MORPH := nix run nixpkgs\#morph -- + +.PHONY: format + +all: + @echo "no default action, use one of 'format', 'build', 'deploy' or 'upload-secrets'" 2>&1 + @exit 1 + +format: + nix-shell -p nixfmt --run "find . -type f -name '*.nix' -exec nixfmt {} +" + +upload-secrets-all: + $(MORPH) upload-secrets --passwd ./default.nix + +build: + @if [ -z $(M) ]; then echo 'no machine specified using M=' 2>&1; exit 1; fi + $(MORPH) build --on $(M) ./default.nix + +deploy: + @if [ -z $(M) ]; then echo 'no machine specified using M=' 2>&1; exit 1; fi + $(MORPH) deploy --passwd --on $(M) ./default.nix switch + +deploy-full: + @if [ -z $(M) ]; then echo 'no machine specified using M=' 2>&1; exit 1; fi + $(MORPH) deploy --passwd --upload-secrets --on $(M) ./default.nix switch + +upload-secrets: + @if [ -z $(M) ]; then echo 'no machine specified using M=' 2>&1; exit 1; fi + $(MORPH) upload-secrets --passwd --on $(M) ./default.nix diff --git a/README.md b/README.md new file mode 100644 index 0000000..73f70a1 --- /dev/null +++ b/README.md @@ -0,0 +1,18 @@ +# nixOS configuration + +## Structure + +* `common`: Contains configuration that should be applied on every machine. + +* `extra`: Non-Nix files, e.g. configuration files for other applications. + +* `machines`: Host-specific configuration. + +* `pkgs`: Custom packages. + +* `secrets`: Secrects encrypted using [git-crypt](https://github.com/AGWA/git-crypt). + +* `services`: Configuration for bigger service deployments, e.g. nginx. + +* `system`: Configurations describing "classes" of machines, like servers or desktops. + diff --git a/secrets/.gitattributes b/secrets/.gitattributes new file mode 100644 index 0000000..5ccf582 --- /dev/null +++ b/secrets/.gitattributes @@ -0,0 +1,2 @@ +* filter=git-crypt diff=git-crypt +.gitattributes !filter !diff