make config deployable

2025-03-21 18:07:04 -04:00 · 2025-03-21 18:07:04 -04:00 · defeb65b68
commit defeb65b68
parent 5e0dc780ad
3 changed files with 18 additions and 20 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -53,13 +53,6 @@
    };
  };

-  # https://github.com/viperML/nh
-  programs.nh = {
-    enable = true;
-    clean.enable = true;
-    clean.extraArgs = "--keep-since 4d --keep 3";
-  };
-
  boot = {
    # 6.12 LTS until 2027
    kernelPackages = pkgs.linuxPackages_6_12;
@ -105,9 +98,9 @@
  services.openssh = {
    enable = true;
    settings = {
-      AllowUsers = [ username ];
+      AllowUsers = [ username "root" ];
      PasswordAuthentication = false;
-      PermitRootLogin = "no";
+      PermitRootLogin = "yes"; # for deploying configs
    };
  };

@ -139,12 +132,13 @@

    borgbackup
    smartmontools
-
    nil

    ripgrep

    intel-gpu-tools
+    iotop
+    iftop

    tmux

@ -289,7 +283,7 @@
      service_configs.torrent_group
    ];

-    hashedPasswordFile = "${./secrets/hashedPass}";
+    hashedPasswordFile = builtins.toString ./secrets/hashedPass;

    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4jL6gYOunUlUtPvGdML0cpbKSsPNqQ1jit4E7U1RyH" # laptop
@ -297,6 +291,8 @@
    ];
  };

+  users.users.root.openssh.authorizedKeys.keys = config.users.users.${username}.openssh.authorizedKeys.keys;
+
  # https://nixos.wiki/wiki/Fish#Setting_fish_as_your_shell
  programs.fish.enable = true;
  programs.bash = {
--- a/deploy.sh
+++ b/deploy.sh
@ -0,0 +1,2 @@
+#!/bin/sh
+nixos-rebuild switch --flake .#muffin --target-host root@server --build-host root@server --verbose
--- a/flake.lock
+++ b/flake.lock
@ -183,11 +183,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1742262784,
-        "narHash": "sha256-a/Knvms22n1Co7TR5uXW+gvpIZcmNWxzm7oUM+Unyok=",
+        "lastModified": 1742522051,
+        "narHash": "sha256-uDlj+5J7eTuFkDaNl9cYf++gJdEW23Z4zSuDcNANIQc=",
        "owner": "Infinidoge",
        "repo": "nix-minecraft",
-        "rev": "b72f0bc3698833e2d079fce2edf5bda04d411287",
+        "rev": "57464e795fd31ceef845d7ce454d3b83e80e283e",
        "type": "github"
      },
      "original": {
@ -198,11 +198,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1742217307,
-        "narHash": "sha256-3fwpN7KN226ghLlpO9TR0/WpgQOmOj1e8bieUxpIYSk=",
+        "lastModified": 1742376361,
+        "narHash": "sha256-VFMgJkp/COvkt5dnkZB4D2szVdmF6DGm5ZdVvTUy61c=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "4f4d97d7b7be387286cc9c988760a7ebaa5be1f1",
+        "rev": "daaae13dff0ecc692509a1332ff9003d9952d7a9",
        "type": "github"
      },
      "original": {
@ -214,11 +214,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1742268799,
-        "narHash": "sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic=",
+        "lastModified": 1742562948,
+        "narHash": "sha256-QUnzAW7CW0sCkFN1Kez/8UVq8EbBGNKOfHZHIZON0XQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "da044451c6a70518db5b730fe277b70f494188f1",
+        "rev": "e7a04ccc42104e0554f0a2325930fe98db9a5325",
        "type": "github"
      },
      "original": {