From ae7e9e75a9a8d2ab41ab8842573668a64f2735f1 Mon Sep 17 00:00:00 2001 From: Pablo Ovelleiro Corral Date: Mon, 13 Jan 2025 21:37:01 +0100 Subject: [PATCH 1/3] minor fixes --- docs/site/manual/migration-guide.md | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/docs/site/manual/migration-guide.md b/docs/site/manual/migration-guide.md index 8be75f6df..cdc24b362 100644 --- a/docs/site/manual/migration-guide.md +++ b/docs/site/manual/migration-guide.md @@ -17,14 +17,12 @@ you have a working setup, you can easily transfer your Nix configurations over. We assume you are already using NixOS flakes to manage your configuration. If not, migrate to a flake-based setup following the official [NixOS -documentation](https://nix.dev/manual/nix/2.25/command-ref/new-cli/nix3-flake.html) +documentation](https://nix.dev/manual/nix/2.25/command-ref/new-cli/nix3-flake.html). The snippet below shows a common Nix flake. For this example we will assume you have have two hosts: **berlin** and **cologne**. ```nix { - description = "My NixOS systems"; - inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; outputs = { self, nixpkgs, ... }: { @@ -32,7 +30,7 @@ have have two hosts: **berlin** and **cologne**. nixosConfigurations = { berlin = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; # TODO should we use nixpkgs.hostPlatform here too? + system = "x86_64-linux"; modules = [./machines/berlin/configuration.nix]; }; @@ -78,8 +76,6 @@ For the provide flake example, your flake should now look like this: ```nix { - description = "My NixOS systems"; - inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; outputs = { self, nixpkgs, ... }: From 819e66c2dae10fa0fe270e42043c832a258d66ef Mon Sep 17 00:00:00 2001 From: Johannes Kirschbauer Date: Tue, 14 Jan 2025 12:50:48 +0100 Subject: [PATCH 2/3] Docs: change navigation to use sidebar sections only --- docs/mkdocs.yml | 3 +-- docs/site/static/extra.css | 8 ++++++++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index 8f05bd52c..c6c74118d 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -152,8 +152,7 @@ theme: name: material features: - navigation.instant - - navigation.tabs - - navigation.tabs.sticky + - navigation.sections - navigation.footer - content.code.annotate - content.code.copy diff --git a/docs/site/static/extra.css b/docs/site/static/extra.css index 4f9ad1297..64ed3e46b 100644 --- a/docs/site/static/extra.css +++ b/docs/site/static/extra.css @@ -15,3 +15,11 @@ .md-header img { filter: invert(100%) brightness(100%); } + +.md-nav__title { + color: black; +} + +.md-nav__item.md-nav__item--section label span { + color: black; +} From 41ceb40d1383d54fe350a1d87156a09130ae9ece Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 10 Jan 2025 15:18:07 +0100 Subject: [PATCH 3/3] matrix-synapse: migrate to vars --- checks/matrix-synapse/default.nix | 8 +++++--- clanModules/matrix-synapse/default.nix | 24 +++++++++++++----------- nixosModules/clanCore/vars/default.nix | 3 +-- nixosModules/clanCore/vars/secret/vm.nix | 13 +++++++++++++ 4 files changed, 32 insertions(+), 16 deletions(-) create mode 100644 nixosModules/clanCore/vars/secret/vm.nix diff --git a/checks/matrix-synapse/default.nix b/checks/matrix-synapse/default.nix index 5a28efe3b..fb8ee4da1 100644 --- a/checks/matrix-synapse/default.nix +++ b/checks/matrix-synapse/default.nix @@ -31,6 +31,8 @@ clan.matrix-synapse.users.someuser = { }; clan.core.facts.secretStore = "vm"; + clan.core.vars.settings.secretStore = "vm"; + clan.core.vars.settings.publicStore = "in_repo"; # because we use systemd-tmpfiles to copy the secrets, we need to a separate systemd-tmpfiles call to provision them. boot.postBootCommands = "${config.systemd.package}/bin/systemd-tmpfiles --create /etc/tmpfiles.d/00-vmsecrets.conf"; @@ -41,21 +43,21 @@ d.mode = "0700"; z.mode = "0700"; }; - "/etc/secrets/synapse-registration_shared_secret" = { + "/etc/secrets/matrix-synapse/synapse-registration_shared_secret" = { f.argument = "supersecret"; z = { mode = "0400"; user = "root"; }; }; - "/etc/secrets/matrix-password-admin" = { + "/etc/secrets/matrix-password-admin/matrix-password-admin" = { f.argument = "matrix-password1"; z = { mode = "0400"; user = "root"; }; }; - "/etc/secrets/matrix-password-someuser" = { + "/etc/secrets/matrix-password-someuser/matrix-password-someuser" = { f.argument = "matrix-password2"; z = { mode = "0400"; diff --git a/clanModules/matrix-synapse/default.nix b/clanModules/matrix-synapse/default.nix index f20f88424..a29b413f6 100644 --- a/clanModules/matrix-synapse/default.nix +++ b/clanModules/matrix-synapse/default.nix @@ -116,26 +116,28 @@ in }; clan.postgresql.databases.matrix-synapse.restore.stopOnRestore = [ "matrix-synapse" ]; - clan.core.facts.services = + clan.core.vars.generators = { "matrix-synapse" = { - secret."synapse-registration_shared_secret" = { }; - generator.path = with pkgs; [ + files."synapse-registration_shared_secret" = { }; + runtimeInputs = with pkgs; [ coreutils pwgen ]; - generator.script = '' - echo -n "$(pwgen -s 32 1)" > "$secrets"/synapse-registration_shared_secret + migrateFact = "matrix-synapse"; + script = '' + echo -n "$(pwgen -s 32 1)" > "$out"/synapse-registration_shared_secret ''; }; } // lib.mapAttrs' ( name: user: lib.nameValuePair "matrix-password-${user.name}" { - secret."matrix-password-${user.name}" = { }; - generator.path = with pkgs; [ xkcdpass ]; - generator.script = '' - xkcdpass -n 4 -d - > "$secrets"/${lib.escapeShellArg "matrix-password-${user.name}"} + files."matrix-password-${user.name}" = { }; + migrateFact = "matrix-password-${user.name}"; + runtimeInputs = with pkgs; [ xkcdpass ]; + script = '' + xkcdpass -n 4 -d - > "$out"/${lib.escapeShellArg "matrix-password-${user.name}"} ''; } ) cfg.users; @@ -152,7 +154,7 @@ in + lib.concatMapStringsSep "\n" (user: '' # only create user if it doesn't exist /run/current-system/sw/bin/matrix-synapse-register_new_matrix_user --exists-ok --password-file ${ - config.clan.core.facts.services."matrix-password-${user.name}".secret."matrix-password-${user.name}".path + config.clan.core.vars.generators."matrix-password-${user.name}".files."matrix-password-${user.name}".path } --user "${user.name}" ${if user.admin then "--admin" else "--no-admin"} '') (lib.attrValues cfg.users); in @@ -161,7 +163,7 @@ in serviceConfig.ExecStartPre = lib.mkBefore [ "+${pkgs.coreutils}/bin/install -o matrix-synapse -g matrix-synapse ${ lib.escapeShellArg - config.clan.core.facts.services.matrix-synapse.secret."synapse-registration_shared_secret".path + config.clan.core.vars.generators.matrix-synapse.files."synapse-registration_shared_secret".path } /run/synapse-registration-shared-secret" ]; serviceConfig.ExecStartPost = [ diff --git a/nixosModules/clanCore/vars/default.nix b/nixosModules/clanCore/vars/default.nix index 92c29d893..1fe121aa6 100644 --- a/nixosModules/clanCore/vars/default.nix +++ b/nixosModules/clanCore/vars/default.nix @@ -16,10 +16,9 @@ in { imports = [ ./public/in_repo.nix - # ./public/vm.nix ./secret/password-store.nix ./secret/sops - # ./secret/vm.nix + ./secret/vm.nix ]; options.clan.core.vars = lib.mkOption { description = '' diff --git a/nixosModules/clanCore/vars/secret/vm.nix b/nixosModules/clanCore/vars/secret/vm.nix new file mode 100644 index 000000000..fcd6e82b4 --- /dev/null +++ b/nixosModules/clanCore/vars/secret/vm.nix @@ -0,0 +1,13 @@ +{ + config, + lib, + ... +}: +{ + config.clan.core.vars.settings = lib.mkIf (config.clan.core.vars.settings.secretStore == "vm") { + fileModule = file: { + path = "/etc/secrets/${file.config.generatorName}/${file.config.name}"; + }; + secretModule = "clan_cli.vars.secret_modules.vm"; + }; +}