depot - monorepo for the virus lounge

Age	Commit message (Collapse)	Author	Files	Lines
2020-03-01	Manually require dependencies for <nixpkgs>, <briefcase>	William Carroll	1	-2/+8
	When I build socrates using `sudo nixos-rebuild [...] switch`, my `nixos-config` (i.e. <briefcase/nixos/socrates/default.nix>) is a simple Nix anonymous function. Typically readTree populates my pkgs, briefcase, depot function parameters with <nixpkgs>, <briefcase>, <depot>, but `nixos-rebuild` is unaware of `readTree`. For now I'm manually importing these dependencies, and I'm leaving a TODO to reconsider switching to the `{ pkgs, briefcase, ... }` style when I better understand NixOS.
2020-03-01	Removing unused parameters in installer.nix	William Carroll	1	-1/+1
	I'm neither using config nor pkgs, so I'm deleteing them.
2020-03-01	Nest configuration beneath socrates directory	William Carroll	3	-10/+5
	Create a socrates directory to store configuration for socrates.
2020-02-23	Expose depot and briefcase to rebuild script	William Carroll	1	-0/+2
	At the moment, I don't think nixos-rebuild is reading $NIX_PATH, which appropriately sets the paths for depot and briefcase. I'm going to explicitly expose these values in the rebuild script for now.
2020-02-23	Define monzo-token-server as a root systemd service	William Carroll	1	-4/+10
	After I considered the security implications of calling `systemctl --user cat monzo-token-server`, I realized that monzo-token-server should be a root service instead of a user service. This service unit now also explicitly depends on briefcase.monzo_ynab.tokens, which is a big improvement.
2020-02-23	Consume updated kv module	William Carroll	1	-0/+1
	Exposing store_path to the tokens module to support the newly updated kv module, which requires an explicit storePath parameter.
2020-02-23	Change systemd unit type: oneshot -> simple	William Carroll	1	-1/+1
	"oneshot", according to `man systemd.service`, "will consider the unit up after the main process exits". Since I designed token-server to run continuously, it will not intentionally exit; therefore, systemd awaits its exit, which never comes. "simple", on the other hand, does what I want.
2020-02-23	Expose secrets to Monzo / YNAB service	William Carroll	1	-3/+12
	Here is my first attempt to manage secrets when I deploy onto a NixOS machine. Background: When I develop, I use direnv, which reads an .envrc file in which I define my secrets. My secrets are read from `pass` using a pattern like this... ```shell secret_value="$(pass show path/to/secret)" ``` ...Thus far, I've found this pattern convenient. `pass show` invokes GPG, which asks me for a password to authenticate. This means that when I cd into a directory with an .envrc file using this pattern, I may be prompted by GPG for a password. When I'm not, it's because gpg-agent is still caching my password. This works for development, but I currently do not know how to use direnv for deployments. Here is what I'm using until I find a more convenient solution: - Store the secrets in /etc/secrets on socrates. Ensure that the /etc/secrets directory and its contents are only readable by root. - Use systemd's Environment and NixOS's builtins.readFile to read the files in /etc/secrets when I can `sudo nixos-rebuild`. Ideally I could call a function like `builtins.readFromPasswordStore` within configuration.nix. This would allow me to skip the step where I run... ```shell > ssh socrates > pass show finance/monzo/client-id \| sudo tee /etc/secrets/monzo-client-id > pass show finance/monzo/client-secret \| sudo tee /etc/secrets/monzo-client-secret > # etc ``` ...I don't know how to manage secrets using NixOS, but at least this is one answer.
2020-02-22	Incorporate NixOS configuration	William Carroll	4	-20/+165
	TL;DR: - Move /etc/nixos/configuration.nix -> //nixos/configuration.nix - Move /etc/nixos/hardware-configuration.nix -> //nixos/harware.nix - Document installer.nix - Create rebuild.nix wrapper around `sudo nixos-rebuild switch` Previously I sketched ideas for the configuration.nix for socrates -- also known as flattop -- the inexpensive Acer laptop residing in my flat and stored that configuration.nix file in briefcase. Now, however, I have successfully installed NixOS onto socrates. By default NixOS saves the configuration.nix and hardware-configuration.nix files to /etc/nixos/. I'm moving both of these files into briefcase. Because the command `nixos-rebuild` looks for the NixOS configuration file in /etc/nixos, I wrote rebuild.nix, which creates a program to call `nixos-rebuild` with the new location of my configuration.nix.
2020-02-20	Support installer.nix	William Carroll	1	-0/+11
	The command... nix-build -A config.system.build.isoImage -I nixos-config=installer.nix nixos ...creates an .iso file in the ./result directory. You can then copy this onto a USB and use it a custom installer... cp ./result/iso/*-linux.iso /dev/sda I needed an installer that used a version of the Linux kernel higher than the one distributed on NixOS's website: 4.19.? -> 5.4.20+. My Acer laptop needed a version of the kernel that supported its network controller: Intel 3168NGW. TODO(wpcarro): Pin the nixpkgs git commit SHA inside of installer.nix.
2020-02-20	Support basic nixos/configuration.nix	William Carroll	1	-0/+35
	I'm attempting to configure an old Acer laptop that I bought at a used electronics store in Shepherd's Bush (~100GBP) as my server. I'd like to install NixOS on it. The configuration.nix herein defines a starting point for the configuration for that machine. It isn't currently working. Troubleshooting and solutions forthcoming...