cschmatzler/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

up

Browse Source 
Signed-off-by: Christoph Schmatzler <christoph@schmatzler.com>
This commit is contained in:
Christoph Schmatzler
2025-08-23 16:37:54 +00:00
parent acd58a2f53
commit 3d127819ea
16 changed files with 252 additions and 633 deletions
Download Patch File Download Diff File Expand all files Collapse all files

230
apps/aarch64-darwin/apply
View File

@@ -1,231 +1,25 @@
#!/usr/bin/env bash
set -euo pipefail
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
BLUE='\033[0;34m'
NC='\033[0m'
# Determine the operating system
export OS=$(uname)
# Primary network interface
if [[ "$OS" != "Darwin" ]]; then
export PRIMARY_IFACE=$(ip -o -4 route show to default | awk '{print $5}')
echo -e "${GREEN}Found primary network interface $PRIMARY_IFACE${NC}"
fi
# Custom print function
_print() {
if [[ "$OS" == "Darwin" ]]; then
echo -e "$1"
else
echo "$1"
fi
print_info() {
echo -e "${BLUE} ${NC} $1"
}
# Custom prompt function
_prompt() {
local message="$1"
local variable="$2"
_print "$message"
read -r $variable
print_success() {
echo -e "${GREEN}✓${NC} $1"
}
insert_secrets_output() {
local pattern="outputs = { self, darwin, nix-homebrew, homebrew-bundle, homebrew-core, homebrew-cask, home-manager, nixpkgs, agenix } @inputs:"
local insert_text="secrets "
HOSTNAME="${1:-$(scutil --get LocalHostName 2>/dev/null || hostname -s)}"
awk -v pat="$pattern" -v insert="$insert_text" '
$0 ~ pat {
sub(/} @inputs:/, ", " insert "} @inputs:"); # Replace the closing brace with the insert text followed by the brace
gsub(/ ,/, ","); # Correct any spaces before commas
print
next
}
{ print }
' flake.nix > flake.nix.tmp
print_info "Applying configuration for $HOSTNAME"
mv flake.nix.tmp flake.nix
}
nix run nix-darwin -- switch --flake ".#$HOSTNAME" "${@:2}"
insert_secrets_input() {
# Define file path
FILE_PATH="flake.nix"
# Backup the original file
cp "$FILE_PATH" "${FILE_PATH}.bak"
# Temporary file for the text to insert
TEMP_FILE="temp_insert.txt"
# Write the formatted text to the temporary file
cat > "$TEMP_FILE" << 'EOF'
secrets = {
url = "git+ssh://git@github.com/%GITHUB_USER%/%GITHUB_SECRETS_REPO%.git";
flake = false;
};
EOF
# Check if the 'secrets' block already exists
if grep -q 'url = "git+ssh://git@github.com/%GITHUB_USER%/%GITHUB_SECRETS_REPO%.git"' "$FILE_PATH"; then
echo "The 'secrets' block already exists in the file."
rm "$TEMP_FILE"
rm "${FILE_PATH}.bak"
exit 0
fi
# Find the start and end line numbers of the 'disko' block
START_LINE=$(grep -n 'disko = {' "$FILE_PATH" | head -n 1 | cut -d: -f1)
END_LINE=$(tail -n +$START_LINE "$FILE_PATH" | grep -n '};' | head -n 1 | cut -d: -f1)
END_LINE=$((START_LINE + END_LINE - 1))
# Create a new file with the insertion
{
sed -n "1,${END_LINE}p" "$FILE_PATH"
cat "$TEMP_FILE"
sed -n "$((END_LINE + 1)),\$p" "$FILE_PATH"
} > "${FILE_PATH}.new"
# Replace the original file with the new file
mv "${FILE_PATH}.new" "$FILE_PATH"
# Clean up the temporary files
rm "$TEMP_FILE"
rm "${FILE_PATH}.bak"
}
# Fetch username from the system
export USERNAME=$(whoami)
# If the username is 'nixos' or 'root', ask the user for their username
if [[ "$USERNAME" == "nixos" ]] || [[ "$USERNAME" == "root" ]]; then
_prompt "${YELLOW}You're running as $USERNAME. Please enter your desired username: ${NC}" USERNAME
fi
# Check if git is available
if command -v git >/dev/null 2>&1; then
# Fetch email and name from git config
export GIT_EMAIL=$(git config --get user.email)
export GIT_NAME=$(git config --get user.name)
else
_print "${RED}Git is not available on this system.${NC}"
fi
# If git email is not found or git is not available, ask the user
if [[ -z "$GIT_EMAIL" ]]; then
_prompt "${YELLOW}Please enter your email: ${NC}" GIT_EMAIL
fi
# If git name is not found or git is not available, ask the user
if [[ -z "$GIT_NAME" ]]; then
_prompt "${YELLOW}Please enter your name: ${NC}" GIT_NAME
fi
_prompt "${YELLOW}Please enter your Github username: ${NC}" GITHUB_USER
_prompt "${YELLOW}Please enter your Github secrets repository name: ${NC}" GITHUB_SECRETS_REPO
export GITHUB_USER
export GITHUB_SECRETS_REPO
select_boot_disk() {
local disks
local _boot_disk
_print "${YELLOW}Available disks:${NC}"
disks=$(lsblk -nd --output NAME,SIZE | grep -v loop)
echo "$disks"
# Warning message for data deletion
_print "${RED}WARNING: All data on the chosen disk will be erased during the installation!${NC}"
_prompt "${YELLOW}Please enter the name of your boot disk (e.g., sda, nvme0n1). Do not include the full path ("/dev/"): ${NC}" _boot_disk
# Confirmation for disk selection to prevent accidental data loss
_print "${YELLOW}You have selected $_boot_disk as the boot disk. This will delete everything on this disk. Are you sure? (Y/N): ${NC}"
read -r confirmation
if [[ "$confirmation" =~ ^[Yy]$ ]]; then
export BOOT_DISK=$_boot_disk
else
_print "${RED}Disk selection cancelled by the user. Please run the script again to select the correct disk.${NC}"
exit 1
fi
}
# Set hostname and find primary disk if this is NixOS
if [[ "$OS" != "Darwin" ]]; then
_prompt "${YELLOW}Please enter a hostname for the system: ${NC}" HOST_NAME
export HOST_NAME
select_boot_disk
fi
# Confirmation step
confirm_details() {
_print "${GREEN}Username: $USERNAME"
_print "Email: $GIT_EMAIL"
_print "Name: $GIT_NAME${NC}"
if([[ "$OS" != "Darwin" ]]); then
_print "${GREEN}Primary interface: $PRIMARY_IFACE"
_print "Boot disk: $BOOT_DISK"
_print "Hostname: $HOST_NAME${NC}"
fi
_print "${GREEN}Secrets repository: $GITHUB_USER/$GITHUB_SECRETS_REPO${NC}"
_prompt "${YELLOW}Is this correct? yes/no: ${NC}" choice
case "$choice" in
[Nn] | [Nn][Oo] )
_print "${RED}Exiting script.${NC}"
exit 1
;;
[Yy] | [Yy][Ee][Ss] )
_print "${GREEN}Continuing...${NC}"
;;
* )
_print "${RED}Invalid option. Exiting script.${NC}"
exit 1
;;
esac
}
# Call the confirmation function
confirm_details
# Function to replace tokens in each file
replace_tokens() {
local file="$1"
if [[ $(basename $1) != "apply" ]]; then
if [[ "$OS" == "Darwin" ]]; then
# macOS
LC_ALL=C LANG=C sed -i '' -e "s/%USER%/$USERNAME/g" "$file"
LC_ALL=C LANG=C sed -i '' -e "s/%EMAIL%/$GIT_EMAIL/g" "$file"
LC_ALL=C LANG=C sed -i '' -e "s/%NAME%/$GIT_NAME/g" "$file"
LC_ALL=C LANG=C sed -i '' -e "s/%GITHUB_USER%/$GITHUB_USER/g" "$file"
LC_ALL=C LANG=C sed -i '' -e "s/%GITHUB_SECRETS_REPO%/$GITHUB_SECRETS_REPO/g" "$file"
else
# Linux or other
sed -i -e "s/%USER%/$USERNAME/g" "$file"
sed -i -e "s/%EMAIL%/$GIT_EMAIL/g" "$file"
sed -i -e "s/%NAME%/$GIT_NAME/g" "$file"
sed -i -e "s/%INTERFACE%/$PRIMARY_IFACE/g" "$file"
sed -i -e "s/%DISK%/$BOOT_DISK/g" "$file"
sed -i -e "s/%HOST%/$HOST_NAME/g" "$file"
sed -i -e "s/%GITHUB_USER%/$GITHUB_USER/g" "$file"
sed -i -e "s/%GITHUB_SECRETS_REPO%/$GITHUB_SECRETS_REPO/g" "$file"
fi
fi
}
# Insert secrets repo into flake
insert_secrets_input
insert_secrets_output
# Traverse directories and call replace_tokens on each Nix file
export -f replace_tokens
find . -type f -exec bash -c 'replace_tokens "$0"' {} \;
echo "$USERNAME" > /tmp/username.txt
_print "${GREEN}User $USERNAME information applied.${NC}"
print_success "Configuration applied successfully"

30
apps/aarch64-darwin/build
View File

@@ -1,19 +1,29 @@
#!/bin/sh -e
#!/usr/bin/env bash
GREEN='\033[1;32m'
set -euo pipefail
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
RED='\033[1;31m'
BLUE='\033[0;34m'
NC='\033[0m'
SYSTEM_TYPE="aarch64-darwin"
FLAKE_SYSTEM="darwinConfigurations.${SYSTEM_TYPE}.system"
print_info() {
echo -e "${BLUE} ${NC} $1"
}
export NIXPKGS_ALLOW_UNFREE=1
print_success() {
echo -e "${GREEN}✓${NC} $1"
}
echo "${YELLOW}Starting build...${NC}"
nix --extra-experimental-features 'nix-command flakes' build .#$FLAKE_SYSTEM $@
HOSTNAME="${1:-$(scutil --get LocalHostName 2>/dev/null || hostname -s)}"
echo "${YELLOW}Cleaning up...${NC}"
print_info "Building configuration for $HOSTNAME"
nix build ".#darwinConfigurations.$HOSTNAME.system" --show-trace "${@:2}"
if [[ -L ./result ]]; then
unlink ./result
fi
echo "${GREEN}Switch to new generation complete!${NC}"
print_success "Build completed successfully"

48
apps/aarch64-darwin/build-switch
View File

@@ -1,37 +1,35 @@
#!/bin/sh -e
#!/usr/bin/env bash
GREEN='\033[1;32m'
set -euo pipefail
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
RED='\033[1;31m'
BLUE='\033[0;34m'
NC='\033[0m'
if [ $# -gt 0 ]; then
MACHINE_NAME="$1"
shift
else
MACHINE_NAME=$(hostname | cut -d'.' -f1)
fi
print_info() {
echo -e "${BLUE} ${NC} $1"
}
if [ ! -d "hosts/darwin/$MACHINE_NAME" ]; then
echo "${RED}Error: Machine configuration '$MACHINE_NAME' not found in hosts/darwin/${NC}"
echo "${YELLOW}Available machines:${NC}"
ls -1 hosts/darwin/ | grep -v "default.nix\|shared.nix" || echo " No machine configurations found"
echo ""
echo "${YELLOW}Usage: $0 [machine-name] [additional-nix-args]${NC}"
echo " If no machine name is provided, uses current hostname: $(hostname | cut -d'.' -f1)"
exit 1
fi
print_success() {
echo -e "${GREEN}✓${NC} $1"
}
FLAKE_SYSTEM="darwinConfigurations.${MACHINE_NAME}.system"
HOSTNAME="${1:-$(scutil --get LocalHostName 2>/dev/null || hostname -s)}"
print_info "Building and switching configuration for $HOSTNAME"
echo "${YELLOW}Building configuration for machine: ${MACHINE_NAME}${NC}"
nix --extra-experimental-features 'nix-command flakes' build .#$FLAKE_SYSTEM "$@"
# Build
print_info "Building configuration..."
nix build ".#darwinConfigurations.$HOSTNAME.system" --show-trace "${@:2}"
echo "${YELLOW}Switching to new generation...${NC}"
sudo ./result/sw/bin/darwin-rebuild switch --flake .#${MACHINE_NAME}
# Switch
print_info "Switching to new configuration..."
./result/sw/bin/darwin-rebuild switch --flake ".#$HOSTNAME" "${@:2}"
echo "${YELLOW}Cleaning up...${NC}"
if [[ -L ./result ]]; then
unlink ./result
fi
echo "${GREEN}Switch to new generation complete for ${MACHINE_NAME}!${NC}"
print_success "Build and switch completed successfully"

33
apps/aarch64-darwin/check-keys
View File

@@ -1,33 +0,0 @@
#!/usr/bin/env bash
set -e
RED='\033[0;31m'
GREEN='\033[0;32m'
NC='\033[0m'
username=${USER}
export SSH_DIR=/Users/${username}/.ssh
lint_keys() {
if [[ -f "${SSH_DIR}/id_ed25519" && -f "${SSH_DIR}/id_ed25519.pub" && -f "${SSH_DIR}/id_ed25519_agenix" && -f "${SSH_DIR}/id_ed25519_agenix.pub" ]]; then
echo -e "${GREEN}All SSH keys are present.${NC}"
else
echo -e "${RED}Some SSH keys are missing.${NC}"
if [[ ! -f "${SSH_DIR}/id_ed25519" ]]; then
echo -e "${RED}Missing: id_ed25519${NC}"
fi
if [[ ! -f "${SSH_DIR}/id_ed25519.pub" ]]; then
echo -e "${RED}Missing: id_ed25519.pub${NC}"
fi
if [[ ! -f "${SSH_DIR}/id_ed25519_agenix" ]]; then
echo -e "${RED}Missing: id_ed25519_agenix${NC}"
fi
if [[ ! -f "${SSH_DIR}/id_ed25519_agenix.pub" ]]; then
echo -e "${RED}Missing: id_ed25519_agenix.pub${NC}"
fi
echo -e "${GREEN}Run the createKeys command to generate the missing keys.${NC}"
exit 1
fi
}
lint_keys

68
apps/aarch64-darwin/copy-keys
View File

@@ -1,68 +0,0 @@
#!/usr/bin/env bash
set -e
RED='\033[0;31m'
GREEN='\033[0;32m'
NC='\033[0m'
username=${USER}
export SSH_DIR=/Users/${username}/.ssh
handle_no_usb() {
echo -e ${RED}No USB drive found or mounted.${NC}"
echo -e ${GREEN}If you have not yet set up your keys, run the script to generate new SSH keys.${NC}"
exit 1
}
mount_usb() {
MOUNT_PATH=""
for dev in $(diskutil list | grep -o 'disk[0-9]'); do
MOUNT_PATH="$(diskutil info /dev/${dev} | grep \"Mount Point\" | awk -F: '{print $2}' | xargs)"
if [ -n "${MOUNT_PATH}" ]; then
echo -e "${GREEN}USB drive found at ${MOUNT_PATH}.${NC}"
break
fi
done
if [ -z "${MOUNT_PATH}" ]; then
echo -e "${RED}No USB drive found.${NC}"
fi
}
copy_keys() {
if [ -n "${MOUNT_PATH}" ]; then
cp "${MOUNT_PATH}/id_ed25519_agenix.pub" ${SSH_DIR}
cp "${MOUNT_PATH}/id_ed25519_agenix" ${SSH_DIR}
chmod 600 ${SSH_DIR}/id_ed25519_{agenix,agenix.pub}
else
echo -e "${RED}No USB drive found. Aborting.${NC}"
exit 1
fi
}
setup_ssh_directory() {
mkdir -p ${SSH_DIR}
}
set_keys() {
cp ${MOUNT_PATH}/id_ed25519_github.pub ${SSH_DIR}/id_ed25519.pub
cp ${MOUNT_PATH}/id_ed25519_github ${SSH_DIR}/id_ed25519
chmod 600 ${SSH_DIR}/id_ed25519
chmod 644 ${SSH_DIR}/id_ed25519.pub
}
change_ownership() {
chown ${username}:staff ${SSH_DIR}/id_ed25519{,.pub}
chown ${username}:staff ${SSH_DIR}/id_ed25519_{agenix,agenix.pub}
}
setup_ssh_directory
mount_usb
if [ -z "${MOUNT_PATH}" ]; then
handle_no_usb
else
copy_keys
set_keys
change_ownership
fi

46
apps/aarch64-darwin/create-keys
View File

@@ -1,46 +0,0 @@
#!/usr/bin/env bash
set -e
RED='\033[0;31m'
GREEN='\033[0;32m'
NC='\033[0m'
username=${USER}
export SSH_DIR=/Users/${username}/.ssh
setup_ssh_directory() {
mkdir -p ${SSH_DIR}
}
prompt_for_key_generation() {
local key_name=$1
if [[ -f "${SSH_DIR}/${key_name}" ]]; then
echo -e "${RED}Existing SSH key found for ${key_name}.${NC}"
cat "${SSH_DIR}/${key_name}.pub"
read -p "Do you want to replace it? (y/n) " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
return 0 # Indicate key should be replaced
else
return 1 # Indicate key should be kept
fi
fi
return 0 # Indicate no key exists, so it should be created
}
generate_key() {
local key_name=$1
if prompt_for_key_generation "$key_name"; then
ssh-keygen -t ed25519 -f "${SSH_DIR}/${key_name}" -N ""
chown ${username}:staff "${SSH_DIR}/${key_name}"{,.pub}
else
echo -e "${GREEN}Kept existing ${key_name}.${NC}"
fi
}
setup_ssh_directory
generate_key "id_ed25519"
generate_key "id_ed25519_agenix"
echo -e "${GREEN}SSH key setup complete.${NC}"
echo -e "${GREEN}Remember to add the necessary keys to Github or other services as required.${NC}"

43
apps/aarch64-darwin/rollback
View File

@@ -1,24 +1,41 @@
#!/bin/sh -e
#!/usr/bin/env bash
GREEN='\033[1;32m'
set -euo pipefail
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
RED='\033[1;31m'
BLUE='\033[0;34m'
NC='\033[0m'
FLAKE="macos"
print_info() {
echo -e "${BLUE} ${NC} $1"
}
echo "${YELLOW}Available generations:${NC}"
/run/current-system/sw/bin/darwin-rebuild --list-generations
print_success() {
echo -e "${GREEN}✓${NC} $1"
}
echo "${YELLOW}Enter the generation number for rollback:${NC}"
read GEN_NUM
print_error() {
echo -e "${RED}✗${NC} $1"
}
if [ -z "$GEN_NUM" ]; then
echo "${RED}No generation number entered. Aborting rollback.${NC}"
print_warning() {
echo -e "${YELLOW}⚠${NC} $1"
}
print_info "Available generations:"
darwin-rebuild --list-generations
echo -n "Enter generation number to rollback to: "
read -r GEN_NUM
if [[ -z "$GEN_NUM" ]]; then
print_error "No generation number provided"
exit 1
fi
echo "${YELLOW}Rolling back to generation $GEN_NUM...${NC}"
/run/current-system/sw/bin/darwin-rebuild switch --flake .#$FLAKE --switch-generation $GEN_NUM
print_warning "Rolling back to generation $GEN_NUM..."
darwin-rebuild switch --switch-generation "$GEN_NUM"
echo "${GREEN}Rollback to generation $GEN_NUM complete!${NC}"
print_success "Rollback to generation $GEN_NUM complete"

176
apps/x86_64-linux/apply
View File

@@ -1,169 +1,29 @@
#!/usr/bin/env bash
set -euo pipefail
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
BLUE='\033[0;34m'
NC='\033[0m'
# Determine the operating system
export OS=$(uname)
print_info() {
echo -e "${BLUE} ${NC} $1"
}
# Primary network interface
if [[ "$OS" != "Darwin" ]]; then
export PRIMARY_IFACE=$(ip -o -4 route show to default | awk '{print $5}')
echo -e "${GREEN}Found primary network interface $PRIMARY_IFACE${NC}"
fi
print_success() {
echo -e "${GREEN}✓${NC} $1"
}
# Custom print function
_print() {
if [[ "$OS" == "Darwin" ]]; then
echo -e "$1"
HOSTNAME="${1:-tahani}"
print_info "Applying configuration for $HOSTNAME"
if [[ "$EUID" -ne 0 ]]; then
sudo nixos-rebuild switch --flake ".#$HOSTNAME" "${@:2}"
else
echo "$1"
fi
}
# Custom prompt function
_prompt() {
local message="$1"
local variable="$2"
_print "$message"
read -r $variable
}
# Fetch username from the system
export USERNAME=$(whoami)
# If the username is 'nixos' or 'root', ask the user for their username
if [[ "$USERNAME" == "nixos" ]] || [[ "$USERNAME" == "root" ]]; then
_prompt "${YELLOW}You're running as $USERNAME. Please enter your desired username: ${NC}" USERNAME
nixos-rebuild switch --flake ".#$HOSTNAME" "${@:2}"
fi
# Check if git is available
if command -v git >/dev/null 2>&1; then
# Fetch email and name from git config
export GIT_EMAIL=$(git config --get user.email)
export GIT_NAME=$(git config --get user.name)
else
_print "${RED}Git is not available on this system.${NC}"
fi
# If git email is not found or git is not available, ask the user
if [[ -z "$GIT_EMAIL" ]]; then
_prompt "${YELLOW}Please enter your email: ${NC}" GIT_EMAIL
fi
# If git name is not found or git is not available, ask the user
if [[ -z "$GIT_NAME" ]]; then
_prompt "${YELLOW}Please enter your name: ${NC}" GIT_NAME
fi
if [[ -z "$GITHUB_USER" ]]; then
_prompt "${YELLOW}Please enter your Github username: ${NC}" GITHUB_USER
fi
if [[ -z "$GITHUB_SECRETS_REPO" ]]; then
_prompt "${YELLOW}Please enter your Github secrets repository name: ${NC}" GITHUB_SECRETS_REPO
fi
export GITHUB_USER
export GITHUB_SECRETS_REPO
select_boot_disk() {
local disks
local _boot_disk
_print "${YELLOW}Available disks:${NC}"
disks=$(lsblk -nd --output NAME,SIZE | grep -v loop)
echo "$disks"
# Warning message for data deletion
_print "${RED}WARNING: All data on the chosen disk will be erased during the installation!${NC}"
_prompt "${YELLOW}Please enter the name of your boot disk (e.g., sda, nvme0n1). Do not include the full path ("/dev/"): ${NC}" _boot_disk
# Confirmation for disk selection to prevent accidental data loss
_print "${YELLOW}You have selected $_boot_disk as the boot disk. This will delete everything on this disk. Are you sure? (Y/N): ${NC}"
read -r confirmation
if [[ "$confirmation" =~ ^[Yy]$ ]]; then
export BOOT_DISK=$_boot_disk
else
_print "${RED}Disk selection cancelled by the user. Please run the script again to select the correct disk.${NC}"
exit 1
fi
}
# Set hostname and find primary disk if this is NixOS
if [[ "$OS" != "Darwin" ]]; then
_prompt "${YELLOW}Please enter a hostname for the system: ${NC}" HOST_NAME
export HOST_NAME
select_boot_disk
fi
# Confirmation step
confirm_details() {
_print "${GREEN}Username: $USERNAME"
_print "Email: $GIT_EMAIL"
_print "Name: $GIT_NAME${NC}"
if([[ "$OS" != "Darwin" ]]); then
_print "${GREEN}Primary interface: $PRIMARY_IFACE"
_print "Boot disk: $BOOT_DISK"
_print "Hostname: $HOST_NAME${NC}"
fi
_print "${GREEN}Secrets repository: $GITHUB_USER/$GITHUB_SECRETS_REPO${NC}"
_prompt "${YELLOW}Is this correct? yes/no: ${NC}" choice
case "$choice" in
[Nn] | [Nn][Oo] )
_print "${RED}Exiting script.${NC}"
exit 1
;;
[Yy] | [Yy][Ee][Ss] )
_print "${GREEN}Continuing...${NC}"
;;
* )
_print "${RED}Invalid option. Exiting script.${NC}"
exit 1
;;
esac
}
# Call the confirmation function
confirm_details
# Function to replace tokens in each file
replace_tokens() {
local file="$1"
if [[ $(basename $1) != "apply" ]]; then
if [[ "$OS" == "Darwin" ]]; then
# macOS
LC_ALL=C LANG=C sed -i '' -e "s/%USER%/$USERNAME/g" "$file"
LC_ALL=C LANG=C sed -i '' -e "s/%EMAIL%/$GIT_EMAIL/g" "$file"
LC_ALL=C LANG=C sed -i '' -e "s/%NAME%/$GIT_NAME/g" "$file"
LC_ALL=C LANG=C sed -i '' -e "s/%GITHUB_USER%/$GITHUB_USER/g" "$file"
LC_ALL=C LANG=C sed -i '' -e "s/%GITHUB_SECRETS_REPO%/$GITHUB_SECRETS_REPO/g" "$file"
else
# Linux or other
sed -i -e "s/%USER%/$USERNAME/g" "$file"
sed -i -e "s/%EMAIL%/$GIT_EMAIL/g" "$file"
sed -i -e "s/%NAME%/$GIT_NAME/g" "$file"
sed -i -e "s/%INTERFACE%/$PRIMARY_IFACE/g" "$file"
sed -i -e "s/%DISK%/$BOOT_DISK/g" "$file"
sed -i -e "s/%HOST%/$HOST_NAME/g" "$file"
sed -i -e "s/%GITHUB_USER%/$GITHUB_USER/g" "$file"
sed -i -e "s/%GITHUB_SECRETS_REPO%/$GITHUB_SECRETS_REPO/g" "$file"
fi
fi
}
# Traverse directories and call replace_tokens on each Nix file
export -f replace_tokens
find . -type f -exec bash -c 'replace_tokens "$0"' {} \;
echo "$USERNAME" > /tmp/username.txt
_print "${GREEN}User $USERNAME information applied.${NC}"
print_success "Configuration applied successfully"

30
apps/x86_64-linux/build
View File

@@ -1,15 +1,29 @@
#!/bin/sh -e
#!/usr/bin/env bash
GREEN='\033[1;32m'
set -euo pipefail
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
RED='\033[1;31m'
BLUE='\033[0;34m'
NC='\033[0m'
HOSTNAME="tahani"
print_info() {
echo -e "${BLUE} ${NC} $1"
}
export NIXPKGS_ALLOW_UNFREE=1
print_success() {
echo -e "${GREEN}✓${NC} $1"
}
echo "${YELLOW}Starting build...${NC}"
nix --extra-experimental-features 'nix-command flakes' build --print-out-paths '.#nixosConfigurations."tahani".config.system.build.toplevel' --no-link $@
HOSTNAME="${1:-tahani}"
echo "${GREEN}Build complete!${NC}"
print_info "Building configuration for $HOSTNAME"
nix build ".#nixosConfigurations.$HOSTNAME.config.system.build.toplevel" --show-trace "${@:2}"
if [[ -L ./result ]]; then
unlink ./result
fi
print_success "Build completed successfully"

45
apps/x86_64-linux/build-switch
View File

@@ -1,17 +1,44 @@
#!/bin/sh -e
#!/usr/bin/env bash
VERSION=1.0
set -euo pipefail
GREEN='\033[1;32m'
RED='\033[1;31m'
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
HOSTNAME="tahani"
print_info() {
echo -e "${BLUE} ${NC} $1"
}
echo -e "${YELLOW}Starting...${NC}"
print_success() {
echo -e "${GREEN}✓${NC} $1"
}
# We pass SSH from user to root so root can download secrets from our private Github
sudo SSH_AUTH_SOCK=$SSH_AUTH_SOCK /run/current-system/sw/bin/nixos-rebuild switch --flake .#$HOSTNAME $@
print_error() {
echo -e "${RED}✗${NC} $1"
}
echo -e "${GREEN}Switch to new generation complete!${NC}"
HOSTNAME="${1:-tahani}"
print_info "Building and switching configuration for $HOSTNAME"
# Build
print_info "Building configuration..."
if ! nix build ".#nixosConfigurations.$HOSTNAME.config.system.build.toplevel" --no-link "${@:2}"; then
print_error "Build failed"
exit 1
fi
print_success "Build completed"
# Switch - note this requires sudo permissions
print_info "Switching to new configuration (requires sudo)..."
if [[ "$EUID" -ne 0 ]]; then
sudo nixos-rebuild switch --flake ".#$HOSTNAME" "${@:2}"
else
nixos-rebuild switch --flake ".#$HOSTNAME" "${@:2}"
fi
print_success "Build and switch completed successfully"

51
apps/x86_64-linux/rollback Normal file
View File

@@ -0,0 +1,51 @@
#!/usr/bin/env bash
set -euo pipefail
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
print_info() {
echo -e "${BLUE} ${NC} $1"
}
print_success() {
echo -e "${GREEN}✓${NC} $1"
}
print_error() {
echo -e "${RED}✗${NC} $1"
}
print_warning() {
echo -e "${YELLOW}⚠${NC} $1"
}
print_info "Available system generations:"
if [[ "$EUID" -ne 0 ]]; then
sudo nix-env --profile /nix/var/nix/profiles/system --list-generations
else
nix-env --profile /nix/var/nix/profiles/system --list-generations
fi
echo -n "Enter generation number to rollback to: "
read -r GEN_NUM
if [[ -z "$GEN_NUM" ]]; then
print_error "No generation number provided"
exit 1
fi
print_warning "Rolling back to generation $GEN_NUM..."
if [[ "$EUID" -ne 0 ]]; then
sudo nix-env --profile /nix/var/nix/profiles/system --switch-generation "$GEN_NUM" && \
sudo /nix/var/nix/profiles/system/bin/switch-to-configuration switch
else
nix-env --profile /nix/var/nix/profiles/system --switch-generation "$GEN_NUM" && \
/nix/var/nix/profiles/system/bin/switch-to-configuration switch
fi
print_success "Rollback to generation $GEN_NUM complete"

3
flake.nix
View File

@@ -119,9 +119,6 @@
"apply"
"build"
"build-switch"
"copy-keys"
"create-keys"
"check-keys"
"rollback"
];
in {

23
hosts/darwin/chidi/default.nix
View File

@@ -7,6 +7,7 @@
}: {
imports = [
../shared.nix
../../../modules/postgresql.nix
];
networking.hostName = "chidi";
@@ -18,28 +19,6 @@
services.postgresql = {
enable = true;
package = pkgs.postgresql_17;
enableTCPIP = true;
port = 5432;
ensureDatabases = ["postgres"];
ensureUsers = [
{
name = "postgres";
ensureDBOwnership = true;
}
{
name = "cschmatzler";
ensureClauses = {
superuser = true;
createdb = true;
};
}
];
authentication = pkgs.lib.mkForce ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
'';
};
services.syncthing.settings.folders = {

16
hosts/nixos/tahani/default.nix
View File

@@ -67,23 +67,7 @@
services.postgresql = {
enable = true;
package = pkgs.postgresql_17;
extensions = [pkgs.postgresql17Packages.timescaledb];
enableTCPIP = true;
ensureDatabases = ["postgres"];
ensureUsers = [
{
name = "postgres";
ensureDBOwnership = true;
}
{
name = "cschmatzler";
ensureClauses = {
superuser = true;
createdb = true;
};
}
];
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 trust

1
modules/nixos/default.nix
View File

@@ -8,6 +8,7 @@
}: {
imports = [
../core.nix
../postgresql.nix
./firewall.nix
./ssh.nix
./adguard.nix

34
modules/postgresql.nix Normal file
View File

@@ -0,0 +1,34 @@
{
config,
lib,
pkgs,
user,
...
}: {
config = lib.mkIf config.services.postgresql.enable {
services.postgresql = {
package = pkgs.postgresql_17;
enableTCPIP = true;
settings.port = 5432;
ensureDatabases = ["postgres"];
ensureUsers = [
{
name = "postgres";
ensureDBOwnership = true;
}
{
name = user;
ensureClauses = {
superuser = true;
createdb = true;
};
}
];
authentication = ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
'';
};
};
}