site-config: dedupe cross-host values, fix stale dark-reader urls, drop desktop 1g hugepages
new site-config.nix holds values previously duplicated across hosts:
domain, old_domain, contact_email, timezone, binary_cache (url + pubkey),
dns_servers, lan (cidr + gateway), hosts.{muffin,yarn} (ip/alias/ssh_host_key),
ssh_keys.{laptop,desktop,ci_deploy}.
threaded through specialArgs on all three hosts + home-manager extraSpecialArgs +
homeConfigurations.primary + serverLib. service-configs.nix now takes
{ site_config } as a function arg and drops its https namespace; per-service
domains (gitea/matrix/ntfy/mollysocket/livekit/firefox-sync/grafana) are
derived from site_config.domain. ~15 service files and 6 vm tests migrated.
breakage fixes rolled in:
- home/progs/zen/dark-reader.nix: 5 stale *.gardling.com entries in
disabledFor rewritten to *.sigkill.computer (caddy 301s the old names so
these never fired and the new sigkill urls were getting dark-reader applied)
- modules/desktop-common.nix: drop unused hugepagesz=1G/hugepages=3
kernelParams (no consumer on mreow or yarn; xmrig on muffin still reserves
its own via services/monero/xmrig.nix)
verification: muffin toplevel is bit-identical to pre-refactor baseline.
mreow/yarn toplevels differ only in boot.json kernelParams + darkreader
storage.js (nix-diff verified). deployGuardTest and fail2banVaultwardenTest
(latter exercises site_config.domain via bitwarden.nix) pass.
This commit is contained in:
16
flake.nix
16
flake.nix
@@ -180,17 +180,20 @@
|
||||
targetPlatform = system;
|
||||
buildPlatform = builtins.currentSystem;
|
||||
};
|
||||
serviceConfigs = import ./hosts/muffin/service-configs.nix;
|
||||
siteConfig = import ./site-config.nix;
|
||||
serviceConfigs = import ./hosts/muffin/service-configs.nix { site_config = siteConfig; };
|
||||
serverLib = import ./lib {
|
||||
inherit inputs;
|
||||
lib = nixpkgs-stable.lib;
|
||||
pkgs = serverPkgs;
|
||||
service_configs = serviceConfigs;
|
||||
site_config = siteConfig;
|
||||
};
|
||||
testSuite = import ./tests/tests.nix {
|
||||
pkgs = serverPkgs;
|
||||
lib = serverLib;
|
||||
inherit inputs;
|
||||
site_config = siteConfig;
|
||||
config = self.nixosConfigurations.muffin.config;
|
||||
};
|
||||
|
||||
@@ -203,6 +206,7 @@
|
||||
specialArgs = {
|
||||
inherit inputs username hostname;
|
||||
niri-package = niriPackage;
|
||||
site_config = siteConfig;
|
||||
};
|
||||
modules = [
|
||||
home-manager.nixosModules.home-manager
|
||||
@@ -222,6 +226,7 @@
|
||||
niri-package = niriPackage;
|
||||
homeDirectory = "/home/${username}";
|
||||
stateVersion = config.system.stateVersion;
|
||||
site_config = siteConfig;
|
||||
};
|
||||
home-manager.users.${username} = import ./hosts/${hostname}/home.nix;
|
||||
}
|
||||
@@ -241,6 +246,7 @@
|
||||
hostname = "muffin";
|
||||
eth_interface = "enp4s0";
|
||||
service_configs = serviceConfigs;
|
||||
site_config = siteConfig;
|
||||
lib = serverLib;
|
||||
};
|
||||
modules = [
|
||||
@@ -349,6 +355,9 @@
|
||||
(
|
||||
{ ... }:
|
||||
{
|
||||
home-manager.extraSpecialArgs = {
|
||||
site_config = siteConfig;
|
||||
};
|
||||
home-manager.users.${username} = import ./hosts/muffin/home.nix;
|
||||
}
|
||||
)
|
||||
@@ -376,6 +385,9 @@
|
||||
# Ships the shared terminal profile (fish, helix, modern CLI, git).
|
||||
homeConfigurations.primary = home-manager.lib.homeManagerConfiguration {
|
||||
pkgs = desktopPkgs;
|
||||
extraSpecialArgs = {
|
||||
site_config = siteConfig;
|
||||
};
|
||||
modules = [
|
||||
./home/profiles/terminal.nix
|
||||
{
|
||||
@@ -389,7 +401,7 @@
|
||||
};
|
||||
|
||||
deploy.nodes.muffin = {
|
||||
hostname = "server-public";
|
||||
hostname = siteConfig.hosts.muffin.alias;
|
||||
profiles.system = {
|
||||
sshUser = "root";
|
||||
user = "root";
|
||||
|
||||
Reference in New Issue
Block a user