From 3616248c20dfb111abc85740b621d5eacbab838b Mon Sep 17 00:00:00 2001 From: Madeleine Sydney Date: Fri, 24 Jan 2025 18:09:37 -0700 Subject: [PATCH] fix: Git-annex fixes --- flake.lock | 8 ++++---- flake.nix | 2 +- hosts/deertopia/configuration.nix | 13 ++++++++---- modules/nixos/git-annex.nix | 30 ++++++++++++++++++++++++---- modules/nixos/hosts.nix | 1 + public-keys/crumble-at-fruitbook.pub | 1 + public-keys/lain-at-deertopia.pub | 1 + users/lain/default.nix | 7 +++++++ 8 files changed, 50 insertions(+), 13 deletions(-) create mode 100644 public-keys/crumble-at-fruitbook.pub create mode 100644 public-keys/lain-at-deertopia.pub diff --git a/flake.lock b/flake.lock index b0f5aec..f0ddc7a 100755 --- a/flake.lock +++ b/flake.lock @@ -385,13 +385,13 @@ "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1736880634, - "narHash": "sha256-uFPSHfiWP3tGACvTjrGvWaR6m9w2O2D74yK2GujTFfw=", - "path": "/persist/dots/scripts/sydnix", + "lastModified": 1737768735, + "narHash": "sha256-/jvbkavgRukfbtKA4nKcsZbsqfcGcZxYbG7HN8vFFeE=", + "path": "/persist/dots/scripts/sydnix-cli", "type": "path" }, "original": { - "path": "/persist/dots/scripts/sydnix", + "path": "/persist/dots/scripts/sydnix-cli", "type": "path" } }, diff --git a/flake.nix b/flake.nix index 46afdd4..98a4c64 100755 --- a/flake.nix +++ b/flake.nix @@ -16,7 +16,7 @@ sops-nix.url = "github:Mic92/sops-nix"; - sydnix-cli.url = "path:///persist/dots/scripts/sydnix"; + sydnix-cli.url = "path:///persist/dots/scripts/sydnix-cli"; }; outputs = { nixpkgs, ... }@inputs: diff --git a/hosts/deertopia/configuration.nix b/hosts/deertopia/configuration.nix index f98416c..ead93b9 100755 --- a/hosts/deertopia/configuration.nix +++ b/hosts/deertopia/configuration.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, disko, /* sydnix-cli, */ ... }: +{ config, pkgs, lib, disko, sydnix-cli, ... }: { imports = [ ./hardware-configuration.nix @@ -40,12 +40,17 @@ enable = true; user.name = "annex"; user.email = "annex@deertopia.net"; - keyFiles = [ ../../public-keys/crumb-at-guix-rebound.pub ]; + keyFiles = [ + ../../public-keys/crumb-at-guix-rebound.pub + ../../public-keys/crumble-at-fruitbook.pub + ../../public-keys/lain-at-deertopia.pub + ]; repos = { "/persist/deertopia.net/dav/org" = { managed = true; remotes = { - "guix-rebound" = "crumb@guix-rebound:/tmp/org"; + "guix-rebound" = "crumb@guix-rebound:org"; + # "fruitbook" = "crumble@fruitbook:org"; }; }; }; @@ -93,7 +98,7 @@ neovim git sshfs - # sydnix-cli.packages.x86_64-linux.default + sydnix-cli.packages.x86_64-linux.default ]; services.openssh = { diff --git a/modules/nixos/git-annex.nix b/modules/nixos/git-annex.nix index 98ddfa4..fa2ae55 100644 --- a/modules/nixos/git-annex.nix +++ b/modules/nixos/git-annex.nix @@ -78,7 +78,8 @@ in { # The user that users log in as to access managed repos. users.groups.annex = {}; users.users.annex = { - isSystemUser = true; + # Necessary to enable cloning over SSH. + isNormalUser = true; group = "annex"; home = "/var/sydnix/annex"; createHome = true; @@ -92,9 +93,25 @@ in { name = ${cfg.user.name} [init] defaultBranch = main + [core] + symlinks = true ''; in '' - ln -sf "${gitconfig-file}" ~/.gitconfig + set -e + + annexHome="${config.users.users.annex.home}" + ln -sf "${gitconfig-file}" "$annexHome/.gitconfig" + + # Symlink repos into annex's home for easy access. This is particularly nice for cloning: + # git clone annex@deertopia.net:org + # instead of + # git clone annex@deertopia.net:/persist/deertopia.net/org + # Less assumptions about the host's file system! + ${lib.strings.toShellVar "repos" (builtins.attrNames cfg.repos)} + for repoPath in ''${!repos[@]}; do + target="$annexHome/$(basename "$repoPath")" + ln -sf "$repoPath" "$target" + done ''; systemd.services = @@ -103,13 +120,18 @@ in { pkgs.writeScript "git-annex-init-if-necessary" '' #!/usr/bin/env bash set -e + [ -e .git ] || git init [ -e .git/annex ] || git annex init + # Symlink repo into user `annex` for easy access. + ln -sf "$(pwd)" "$HOME/" + ${lib.strings.toShellVar "remotes" repo.remotes} for remoteName in ''${!remotes[@]}; do - git remote get-url "$remoteName" - if [ $? -eq 0 ]; then + err=0 + git remote get-url "$remoteName" || err=$? + if [ $err -eq 0 ]; then git remote set-url "$remoteName" "''${remotes["$remoteName"]}" else git remote add "$remoteName" "''${remotes["$remoteName"]}" diff --git a/modules/nixos/hosts.nix b/modules/nixos/hosts.nix index cf7a8b0..3fd961d 100755 --- a/modules/nixos/hosts.nix +++ b/modules/nixos/hosts.nix @@ -6,6 +6,7 @@ "100.95.131.43" = [ "whitepc" ]; "192.168.68.66" = [ "guix-rebound" ]; "192.168.68.79" = [ "deertopia" ]; + "192.168.68.55" = [ "fruitbook" ]; }; }; } diff --git a/public-keys/crumble-at-fruitbook.pub b/public-keys/crumble-at-fruitbook.pub new file mode 100644 index 0000000..45d61aa --- /dev/null +++ b/public-keys/crumble-at-fruitbook.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFP/OfX8RIifDj2GHziEPIQGkviWIDH0LjVQWwIRzQsv crumb@duck.com diff --git a/public-keys/lain-at-deertopia.pub b/public-keys/lain-at-deertopia.pub new file mode 100644 index 0000000..42f8344 --- /dev/null +++ b/public-keys/lain-at-deertopia.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKOl+/eFzGrNtp4zKCmDiO4kGhDcb2cwl/Grh8VBYBT3 lain@deertopia diff --git a/users/lain/default.nix b/users/lain/default.nix index ebca2bd..b4addd5 100755 --- a/users/lain/default.nix +++ b/users/lain/default.nix @@ -9,6 +9,7 @@ openssh.authorizedKeys.keyFiles = [ ../../public-keys/crumb-at-guix-rebound.pub + ../../public-keys/crumble-at-fruitbook.pub ]; }; @@ -17,6 +18,12 @@ ]; sydnix = { + impermanence = { + enable = true; + directories = [ + ".ssh" + ]; + }; }; # Don't touch!