From 0f18c97b0cc751f947ca93f32b760d10b06fb17a Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Mon, 9 Jun 2025 09:43:37 -0500 Subject: [PATCH] idk man --- hosts/deck/configuration.nix | 11 + hosts/nas/apps/traefik/default.nix | 2 +- hosts/nas/nix-serve.nix | 398 ++++++++++++++++++++--------- hosts/pi5/sops.nix | 3 +- share/home/vscode.nix | 2 +- 5 files changed, 295 insertions(+), 121 deletions(-) diff --git a/hosts/deck/configuration.nix b/hosts/deck/configuration.nix index 528d424..9b39307 100755 --- a/hosts/deck/configuration.nix +++ b/hosts/deck/configuration.nix @@ -22,7 +22,18 @@ trusted-public-keys = [ "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc=" ]; + builders-use-substitutes = true; }; + distributedBuilds = true; + buildMachines = [ + { + hostName = "jalle-nas.local"; + system = "x86_64-linux"; + maxJobs = 10; + sshUser = "admin"; + supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; + } + ]; }; # Define a user account. Don't forget to set a password with ‘passwd’. diff --git a/hosts/nas/apps/traefik/default.nix b/hosts/nas/apps/traefik/default.nix index 9888ca8..3c58f62 100755 --- a/hosts/nas/apps/traefik/default.nix +++ b/hosts/nas/apps/traefik/default.nix @@ -372,7 +372,7 @@ in entryPoints = [ "websecure" ]; rule = "Host(`cache.${domain}`)"; service = "cache"; - middlewares = [ "crowdsec" "whitelist-geoblock" "authentik" ]; + middlewares = [ "crowdsec" "whitelist-geoblock" ]; priority = 10; tls.certResolver = "letsencrypt"; }; diff --git a/hosts/nas/nix-serve.nix b/hosts/nas/nix-serve.nix index a36898f..813d5d5 100755 --- a/hosts/nas/nix-serve.nix +++ b/hosts/nas/nix-serve.nix @@ -14,126 +14,288 @@ in }; # Improved systemd service with better error handling - systemd.services.nix-rebuild-cache = { - enable = true; - description = "Rebuild all NixOS configurations for cache"; - serviceConfig = { - Type = "oneshot"; - User = "admin"; - Group = "jallen-nas"; - WorkingDirectory = "/etc/nixos"; - StandardOutput = "journal+console"; - StandardError = "journal+console"; - Restart = "no"; - # Increase timeout for large builds - TimeoutStartSec = "2h"; + systemd = { + services = { + nix-rebuild-cache-desktop = { + enable = true; + description = "Rebuild desktop NixOS configurations for cache"; + serviceConfig = { + Type = "oneshot"; + User = "admin"; + Group = "jallen-nas"; + WorkingDirectory = "/etc/nixos"; + StandardOutput = "journal+console"; + StandardError = "journal+console"; + Restart = "no"; + # Increase timeout for large builds + TimeoutStartSec = "2h"; + }; + path = with pkgs; [ + nix + git + uutils-coreutils + gnugrep + gnused + openssh + ]; + script = '' + #!/usr/bin/env bash + + # Pull latest changes if in a git repo + if [ -d .git ]; then + git pull || echo "Warning: Could not pull latest changes" + fi + + echo "Starting build of matt-nixos at $(date)" + if nix flake update desktop-nixpkgs desktop-chaotic desktop-home-manager desktop-impermanence desktop-lanzaboote desktop-nixos-hardware desktop-sops-nix desktop-steam-rom-manager nixpkgs-unstable nixpkgs-stable nix-darwin; then + echo "matt-nixos flake updated successfully at $(date)" + else + echo "matt-nixos failed to build at $(date)" + fi + if nix build .\#nixosConfigurations.matt-nixos.config.system.build.toplevel --no-link; then + echo "matt-nixos built successfully at $(date)" + git add . + git commit -m "Desktop Updates $(date)" + else + echo "matt-nixos failed to build at $(date)" + git reset --hard + fi + ''; + }; + nix-rebuild-cache-steamdeck = { + enable = true; + description = "Rebuild steamdeck NixOS configurations for cache"; + serviceConfig = { + Type = "oneshot"; + User = "admin"; + Group = "jallen-nas"; + WorkingDirectory = "/etc/nixos"; + StandardOutput = "journal+console"; + StandardError = "journal+console"; + Restart = "no"; + # Increase timeout for large builds + TimeoutStartSec = "2h"; + }; + path = with pkgs; [ + nix + git + uutils-coreutils + gnugrep + gnused + openssh + ]; + script = '' + #!/usr/bin/env bash + + # Pull latest changes if in a git repo + if [ -d .git ]; then + git pull || echo "Warning: Could not pull latest changes" + fi + + echo "Starting build of steamdeck at $(date)" + if nix flake update steamdeck-nixpkgs steamdeck-chaotic steamdeck-home-manager steamdeck-impermanence steamdeck-jovian steamdeck-lanzaboote steamdeck-nixos-hardware steamdeck-sops-nix steamdeck-steam-rom-manager; then + echo "steamdeck flake updated successfully at $(date)" + else + echo "steamdeck flake failed to update at $(date)" + git reset --hard + fi + if nix build .\#nixosConfigurations.steamdeck.config.system.build.toplevel --no-link; then + echo "steamdeck built successfully at $(date)" + git add . + git commit -m "Steamdeck Updates $(date)" + else + echo "steamdeck failed to build at $(date)" + git reset --hard + fi + ''; + }; + nix-rebuild-cache-pi4 = { + enable = true; + description = "Rebuild pi4 NixOS configurations for cache"; + serviceConfig = { + Type = "oneshot"; + User = "admin"; + Group = "jallen-nas"; + WorkingDirectory = "/etc/nixos"; + StandardOutput = "journal+console"; + StandardError = "journal+console"; + Restart = "no"; + # Increase timeout for large builds + TimeoutStartSec = "2h"; + }; + path = with pkgs; [ + nix + git + uutils-coreutils + gnugrep + gnused + openssh + ]; + script = '' + #!/usr/bin/env bash + + # Pull latest changes if in a git repo + if [ -d .git ]; then + git pull || echo "Warning: Could not pull latest changes" + fi + + echo "Starting build of pi4 at $(date)" + if nix flake update pi4-nixpkgs pi4-home-manager pi4-impermanence pi4-sops-nix pi4-nixos-hardware pi4-nixos-raspberrypi pi4-disko; then + echo "pi4 flake updated successfully at $(date)" + else + echo "pif flake failed to update at $(date)" + fi + if nix build .\#nixosConfigurations.pi4.config.system.build.toplevel --no-link --impure; then + echo "pi4 built successfully at $(date)" + git add . + git commit -m "Pi4 Updates $(date)" + else + echo "pi4 failed to build at $(date)" + git reset --hard + fi + ''; + }; + nix-rebuild-cache-pi5 = { + enable = true; + description = "Rebuild pi5 NixOS configurations for cache"; + serviceConfig = { + Type = "oneshot"; + User = "admin"; + Group = "jallen-nas"; + WorkingDirectory = "/etc/nixos"; + StandardOutput = "journal+console"; + StandardError = "journal+console"; + Restart = "no"; + # Increase timeout for large builds + TimeoutStartSec = "2h"; + }; + path = with pkgs; [ + nix + git + uutils-coreutils + gnugrep + gnused + openssh + ]; + script = '' + #!/usr/bin/env bash + + # Pull latest changes if in a git repo + if [ -d .git ]; then + git pull || echo "Warning: Could not pull latest changes" + fi + + echo "Starting build of pi5 at $(date)" + if nix flake update pi5-nixpkgs pi5-home-manager pi5-impermanence pi5-nixos-hardware pi5-sops-nix nixos-raspberrypi; then + echo "pi5 flake updated successfully at $(date)" + else + echo "pi5 flake failed to update at $(date)" + fi + if nix build .\#nixosConfigurations.pi5.config.system.build.toplevel --no-link; then + echo "pi5 built successfully at $(date)" + git add . + git commit -m "Pi5 Updates $(date)" + else + echo "pi5 failed to build at $(date)" + git reset --hard + fi + ''; + }; + nix-rebuild-cache-nas = { + enable = true; + description = "Rebuild nas NixOS configurations for cache"; + serviceConfig = { + Type = "oneshot"; + User = "admin"; + Group = "jallen-nas"; + WorkingDirectory = "/etc/nixos"; + StandardOutput = "journal+console"; + StandardError = "journal+console"; + Restart = "no"; + # Increase timeout for large builds + TimeoutStartSec = "2h"; + }; + path = with pkgs; [ + nix + git + uutils-coreutils + gnugrep + gnused + openssh + ]; + script = '' + #!/usr/bin/env bash + + # Pull latest changes if in a git repo + if [ -d .git ]; then + git pull || echo "Warning: Could not pull latest changes" + fi + + echo "Starting build of jallen-nas at $(date)" + if nix flake update nas-nixpkgs nas-authentik-nix nas-cosmic nas-crowdsec nas-home-manager nas-impermanence nas-lanzaboote nas-nixos-hardware nas-sops-nix; then + echo "jallen-nas flake updated successfully at $(date)" + else + echo "jallen-nas flake failed to update at $(date)" + fi + export NIXPKGS_ALLOW_UNFREE=1 + if nix build .\#nixosConfigurations.jallen-nas.config.system.build.toplevel --no-link --impure; then + echo "jallen-nas built successfully at $(date)" + git add . + git commit -m "Jallen-NAS Updates $(date)" + else + echo "jallen-nas failed to build at $(date)" + git reset --hard + fi + ''; + }; }; - path = with pkgs; [ - nix - git - uutils-coreutils - gnugrep - gnused - openssh -# nix-build-mail - ]; - script = '' - #!/usr/bin/env bash - - # Pull latest changes if in a git repo - if [ -d .git ]; then - git pull || echo "Warning: Could not pull latest changes" - fi - - echo "Starting build of matt-nixos at $(date)" - if nix flake update desktop-nixpkgs desktop-chaotic desktop-home-manager desktop-impermanence desktop-lanzaboote desktop-nixos-hardware desktop-sops-nix desktop-steam-rom-manager nixpkgs-unstable nixpkgs-stable nix-darwin; then - echo "matt-nixos flake updated successfully at $(date)" - else - echo "matt-nixos failed to build at $(date)" - fi - if nix build .\#nixosConfigurations.matt-nixos.config.system.build.toplevel --no-link; then - echo "matt-nixos built successfully at $(date)" - git add . - git commit -m "Desktop Updates $(date)" - else - echo "matt-nixos failed to build at $(date)" - git reset --hard - fi - - echo "Starting build of steamdeck at $(date)" - if nix flake update steamdeck-nixpkgs steamdeck-chaotic steamdeck-home-manager steamdeck-impermanence steamdeck-jovian steamdeck-lanzaboote steamdeck-nixos-hardware steamdeck-sops-nix steamdeck-steam-rom-manager; then - echo "steamdeck flake updated successfully at $(date)" - else - echo "steamdeck flake failed to update at $(date)" - git reset --hard - fi - if nix build .\#nixosConfigurations.steamdeck.config.system.build.toplevel --no-link; then - echo "steamdeck built successfully at $(date)" - git add . - git commit -m "Steamdeck Updates $(date)" - else - echo "steamdeck failed to build at $(date)" - git reset --hard - fi - - echo "Starting build of pi4 at $(date)" - if nix flake update pi4-nixpkgs pi4-home-manager pi4-impermanence pi4-sops-nix pi4-nixos-hardware pi4-nixos-raspberrypi pi4-disko; then - echo "pi4 flake updated successfully at $(date)" - else - echo "pif flake failed to update at $(date)" - fi - if nix build .\#nixosConfigurations.pi4.config.system.build.toplevel --no-link --impure; then - echo "pi4 built successfully at $(date)" - git add . - git commit -m "Pi4 Updates $(date)" - else - echo "pi4 failed to build at $(date)" - git reset --hard - fi - - echo "Starting build of pi5 at $(date)" - if nix flake update pi5-nixpkgs pi5-home-manager pi5-impermanence pi5-nixos-hardware pi5-sops-nix nixos-raspberrypi; then - echo "pi5 flake updated successfully at $(date)" - else - echo "pi5 flake failed to update at $(date)" - fi - if nix build .\#nixosConfigurations.pi5.config.system.build.toplevel --no-link; then - echo "pi5 built successfully at $(date)" - git add . - git commit -m "Pi5 Updates $(date)" - else - echo "pi5 failed to build at $(date)" - git reset --hard - fi - - echo "Starting build of jallen-nas at $(date)" - if nix flake update nas-nixpkgs nas-authentik-nix nas-cosmic nas-crowdsec nas-home-manager nas-impermanence nas-lanzaboote nas-nixos-hardware nas-sops-nix; then - echo "jallen-nas flake updated successfully at $(date)" - else - echo "jallen-nas flake failed to update at $(date)" - fi - export NIXPKGS_ALLOW_UNFREE=1 - if nix build .\#nixosConfigurations.jallen-nas.config.system.build.toplevel --no-link --impure; then - echo "jallen-nas built successfully at $(date)" - git add . - git commit -m "Jallen-NAS Updates $(date)" - else - echo "jallen-nas failed to build at $(date)" - git reset --hard - fi - ''; - # onSuccess = [ "git push" ]; - # Send an email on failure - # onFailure = [ "nix-build-mail" ]; - }; - systemd.timers.nix-rebuild-cache = { - description = "Timer for rebuilding NixOS configurations cache"; - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = "weekly"; # Or your preferred schedule - Persistent = true; - RandomizedDelaySec = "1h"; # Spread load + timers = { + nix-rebuild-cache-desktop = { + description = "Timer for rebuilding desktop NixOS configurations cache"; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "weekly"; + Persistent = true; + RandomizedDelaySec = "24h"; + }; + }; + nix-rebuild-cache-steamdeck = { + description = "Timer for rebuilding steamdeck NixOS configurations cache"; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "weekly"; + Persistent = true; + RandomizedDelaySec = "24h"; + }; + }; + nix-rebuild-cache-pi4 = { + description = "Timer for rebuilding pi4 NixOS configurations cache"; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "weekly"; + Persistent = true; + RandomizedDelaySec = "24h"; + }; + }; + nix-rebuild-cache-pi5 = { + description = "Timer for rebuilding pi5 NixOS configurations cache"; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "weekly"; + Persistent = true; + RandomizedDelaySec = "24h"; + }; + }; + nix-rebuild-cache-nas = { + description = "Timer for rebuilding nas NixOS configurations cache"; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "weekly"; + Persistent = true; + RandomizedDelaySec = "24h"; + }; + }; }; }; diff --git a/hosts/pi5/sops.nix b/hosts/pi5/sops.nix index 56fc940..16dc0f6 100755 --- a/hosts/pi5/sops.nix +++ b/hosts/pi5/sops.nix @@ -5,7 +5,8 @@ in { sops = { defaultSopsFile = ../../secrets/pi5-secrets.yaml; - age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + # age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + age.keyFile = "/home/matt/.config/sops/age/keys.txt"; # ------------------------------ # Secrets diff --git a/share/home/vscode.nix b/share/home/vscode.nix index 72dcf09..8558f07 100644 --- a/share/home/vscode.nix +++ b/share/home/vscode.nix @@ -17,7 +17,7 @@ vscode-extensions.ms-python.debugpy vscode-extensions.ms-python.pylint vscode-extensions.ms-python.python - vscode-extensions.ms-python.vscode-pylance + # vscode-extensions.ms-python.vscode-pylance vscode-extensions.redhat.vscode-xml vscode-extensions.redhat.vscode-yaml vscode-extensions.yy0931.vscode-sqlite3-editor