diff options
-rw-r--r-- | flake.lock | 374 | ||||
-rw-r--r-- | flake.nix | 8 | ||||
-rw-r--r-- | home/profiles/workstation.nix | 2 | ||||
-rw-r--r-- | hosts/tahoe/secrets/secrets.nix | 2 | ||||
-rw-r--r-- | modules/services/default.nix | 1 | ||||
-rw-r--r-- | modules/services/sendsms/default.nix | 72 | ||||
-rw-r--r-- | nix/mkHomeManagerConfiguration.nix | 1 | ||||
-rw-r--r-- | nix/mkSystem.nix | 1 |
8 files changed, 2 insertions, 459 deletions
diff --git a/flake.lock b/flake.lock index f7d8b68..568d419 100644 --- a/flake.lock +++ b/flake.lock @@ -22,54 +22,6 @@ "type": "github" } }, - "crane": { - "inputs": { - "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_3", - "nixpkgs": [ - "sendsms", - "nixpkgs" - ], - "rust-overlay": "rust-overlay" - }, - "locked": { - "lastModified": 1668047118, - "narHash": "sha256-F4xP7dAU6ca+hYa3qF0CtnwfQJT3YH4qEh/IxO+p9t0=", - "owner": "ipetkov", - "repo": "crane", - "rev": "074825a9e8d6446564e2ae6949ac3feb79aa7397", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, - "crane_2": { - "inputs": { - "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_5", - "nixpkgs": [ - "x509-tools", - "nixpkgs" - ], - "rust-overlay": "rust-overlay_3" - }, - "locked": { - "lastModified": 1667522439, - "narHash": "sha256-1tDYoumL5337T4BkC87iRXbAfeyeeOXa5WAbeP/ENqQ=", - "owner": "ipetkov", - "repo": "crane", - "rev": "b70e77d2e2d480a3a0bce3ecd2d981679588b23f", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, "darwin": { "inputs": { "nixpkgs": [ @@ -128,38 +80,6 @@ "type": "github" } }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1650374568, - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_3": { - "flake": false, - "locked": { - "lastModified": 1650374568, - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems" @@ -196,66 +116,6 @@ "type": "github" } }, - "flake-utils_3": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_4": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_5": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_6": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "futils": { "inputs": { "systems": "systems_2" @@ -437,36 +297,6 @@ "type": "github" } }, - "nixpkgs_4": { - "locked": { - "lastModified": 1668563542, - "narHash": "sha256-FrMNezX3v4qLkCg+j1e3Ei/FXOSQP4Chq4OOdttIEns=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ce89321950381ec845e56c6a6d1340abe5cd7a65", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { - "locked": { - "lastModified": 1667877958, - "narHash": "sha256-InhzugdvWBvvR5/6hVDRngkSOeqjcw0SI9brZtY5y+g=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "1d29ae3a66395506fd85655a8d74279ad4f9098f", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "type": "github" - } - }, "nur": { "locked": { "lastModified": 1690591356, @@ -511,56 +341,6 @@ "type": "github" } }, - "pre-commit-hooks_2": { - "inputs": { - "flake-utils": [ - "sendsms", - "flake-utils" - ], - "nixpkgs": [ - "sendsms", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1667992213, - "narHash": "sha256-8Ens8ozllvlaFMCZBxg6S7oUyynYx2v7yleC5M0jJsE=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "ebcbfe09d2bd6d15f68de3a0ebb1e4dcb5cd324b", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, - "pre-commit-hooks_3": { - "inputs": { - "flake-utils": [ - "x509-tools", - "flake-utils" - ], - "nixpkgs": [ - "x509-tools", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1667760143, - "narHash": "sha256-+X5CyeNEKp41bY/I1AJgW/fn69q5cLJ1bgiaMMCKB3M=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "06f48d63d473516ce5b8abe70d15be96a0147fcd", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, "root": { "inputs": { "agenix": "agenix", @@ -572,9 +352,7 @@ "nixpkgs": "nixpkgs_3", "nur": "nur", "pre-commit-hooks": "pre-commit-hooks", - "rust": "rust", - "sendsms": "sendsms", - "x509-tools": "x509-tools" + "rust": "rust" } }, "rust": { @@ -598,133 +376,6 @@ "type": "github" } }, - "rust-overlay": { - "inputs": { - "flake-utils": [ - "sendsms", - "crane", - "flake-utils" - ], - "nixpkgs": [ - "sendsms", - "crane", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1667487142, - "narHash": "sha256-bVuzLs1ZVggJAbJmEDVO9G6p8BH3HRaolK70KXvnWnU=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "cf668f737ac986c0a89e83b6b2e3c5ddbd8cf33b", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "rust-overlay_2": { - "inputs": { - "flake-utils": [ - "sendsms", - "flake-utils" - ], - "nixpkgs": [ - "sendsms", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1668479979, - "narHash": "sha256-UI+JUCBaMpn+5Y1hSePmndbYX5zu0+bavlfzrhPrGEk=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "2342f70f7257046effc031333c4cfdea66c91d82", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "rust-overlay_3": { - "inputs": { - "flake-utils": [ - "x509-tools", - "crane", - "flake-utils" - ], - "nixpkgs": [ - "x509-tools", - "crane", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1667487142, - "narHash": "sha256-bVuzLs1ZVggJAbJmEDVO9G6p8BH3HRaolK70KXvnWnU=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "cf668f737ac986c0a89e83b6b2e3c5ddbd8cf33b", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "rust-overlay_4": { - "inputs": { - "flake-utils": [ - "x509-tools", - "flake-utils" - ], - "nixpkgs": [ - "x509-tools", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1667875464, - "narHash": "sha256-0rO2Pzn//ANT3AphpEUantCbm86XcmKNEKhM73LFr04=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "9235990723630e1a55e1ed6bca5954e4e31cfbd7", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "sendsms": { - "inputs": { - "crane": "crane", - "flake-utils": "flake-utils_4", - "nixpkgs": "nixpkgs_4", - "pre-commit-hooks": "pre-commit-hooks_2", - "rust-overlay": "rust-overlay_2" - }, - "locked": { - "lastModified": 1680229401, - "narHash": "sha256-/WMoPZRMYHXUDgDLLI14BwyYpZZ/OpElI8swe0kNjy8=", - "ref": "main", - "rev": "6ca08e1840d85d504987b38fef57474635dc8db2", - "revCount": 7, - "type": "git", - "url": "https://git.fcuny.net/sendsms" - }, - "original": { - "ref": "main", - "type": "git", - "url": "https://git.fcuny.net/sendsms" - } - }, "systems": { "locked": { "lastModified": 1681028828, @@ -769,29 +420,6 @@ "repo": "default", "type": "github" } - }, - "x509-tools": { - "inputs": { - "crane": "crane_2", - "flake-utils": "flake-utils_6", - "nixpkgs": "nixpkgs_5", - "pre-commit-hooks": "pre-commit-hooks_3", - "rust-overlay": "rust-overlay_4" - }, - "locked": { - "lastModified": 1668381652, - "narHash": "sha256-xdrF/ZOpq3lAxJgVtNapMSkTpDFB63V0ILJGrMQaEWI=", - "ref": "main", - "rev": "aed3af92f4e82124aa410feb352ff027b932b93c", - "revCount": 28, - "type": "git", - "url": "https://git.fcuny.net/fcuny/x509-info" - }, - "original": { - "ref": "main", - "type": "git", - "url": "https://git.fcuny.net/fcuny/x509-info" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 2ae5d62..9ede1aa 100644 --- a/flake.nix +++ b/flake.nix @@ -42,10 +42,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - x509-tools = { - url = "git+https://git.fcuny.net/fcuny/x509-info?ref=main"; - }; - pre-commit-hooks = { type = "github"; owner = "cachix"; @@ -57,10 +53,6 @@ nixpkgs-stable.follows = "nixpkgs"; }; }; - - sendsms = { - url = "git+https://git.fcuny.net/sendsms?ref=main"; - }; }; # Output config, or config for NixOS system diff --git a/home/profiles/workstation.nix b/home/profiles/workstation.nix index f036f31..7fa76aa 100644 --- a/home/profiles/workstation.nix +++ b/home/profiles/workstation.nix @@ -66,7 +66,7 @@ in restic-nas # tools from external repositories - x509-info + # x509-info # gh-ssh-keys # masked-emails ]; diff --git a/hosts/tahoe/secrets/secrets.nix b/hosts/tahoe/secrets/secrets.nix index 0560a57..d8283fe 100644 --- a/hosts/tahoe/secrets/secrets.nix +++ b/hosts/tahoe/secrets/secrets.nix @@ -35,6 +35,4 @@ in "restic/repo-systems.age".publicKeys = all; "rsync.net/ssh-key.age".publicKeys = all; - - "sendsms/config.age".publicKeys = all; } diff --git a/modules/services/default.nix b/modules/services/default.nix index 77cf853..1aeeff1 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -4,6 +4,5 @@ imports = [ ./backup ./monitoring - ./sendsms ]; } diff --git a/modules/services/sendsms/default.nix b/modules/services/sendsms/default.nix deleted file mode 100644 index dde77ca..0000000 --- a/modules/services/sendsms/default.nix +++ /dev/null @@ -1,72 +0,0 @@ -# send SMS based on actions -{ pkgs, config, lib, ... }: -let - cfg = config.my.services.sendsms; - secrets = config.age.secrets; -in -{ - options.my.services.sendsms = { - enable = lib.mkEnableOption "send SMS when the host reboots"; - }; - - config = lib.mkIf cfg.enable { - systemd.services.sendsms-reboot = { - description = "Send an SMS when the host has booted"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - path = [ pkgs.sendsms ]; - restartIfChanged = false; - - unitConfig = { - # If the gate file exists, it means we've already send the - # message, nothing to do - ConditionPathExists = "!/run/sendsms/reboot"; - }; - - serviceConfig = { - Type = "oneshot"; - ExecStart = "${pkgs.sendsms}/bin/sendsms --config ${secrets."sendsms/config".path} reboot"; - - # Write a gate file so we don't send a message multiple times - ExecStartPost = "${pkgs.coreutils}/bin/touch /run/sendsms/reboot"; - - Restart = "on-failure"; - - # Runtime directory and mode - RuntimeDirectory = "sendsms"; - RuntimeDirectoryMode = "0755"; - RuntimeDirectoryPreserve = "yes"; - - # Access write directories - UMask = "0027"; - - # Capabilities - CapabilityBoundingSet = ""; - - # Security - NoNewPrivileges = true; - - # Sandboxing - ProtectSystem = "strict"; - ProtectHome = true; - PrivateTmp = true; - PrivateUsers = true; - ProtectHostname = true; - ProtectClock = true; - ProtectKernelTunables = true; - ProtectKernelModules = true; - ProtectKernelLogs = true; - ProtectControlGroups = true; - LockPersonality = true; - MemoryDenyWriteExecute = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - PrivateMounts = true; - - # System Call Filtering - SystemCallArchitectures = "native"; - SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @setuid @swap"; - }; - }; - }; -} diff --git a/nix/mkHomeManagerConfiguration.nix b/nix/mkHomeManagerConfiguration.nix index 61913c3..38bc19f 100644 --- a/nix/mkHomeManagerConfiguration.nix +++ b/nix/mkHomeManagerConfiguration.nix @@ -36,7 +36,6 @@ inputs.home-manager.lib.homeManagerConfiguration { inputs.nur.overlay inputs.naersk.overlay inputs.rust.overlays.default - inputs.x509-tools.overlay (final: prev: { tools = import "${self}/tools" { pkgs = prev; inherit naersk; }; diff --git a/nix/mkSystem.nix b/nix/mkSystem.nix index d2e7ebf..bf141da 100644 --- a/nix/mkSystem.nix +++ b/nix/mkSystem.nix @@ -18,7 +18,6 @@ inputs.nixpkgs.lib.nixosSystem { overlays = [ inputs.nur.overlay inputs.rust.overlays.default - inputs.sendsms.overlay (final: prev: { tools = import "${self}/tools" { pkgs = prev; inherit naersk; }; |