From 6e433cff6feb222fa12ed6b137a871900a820e05 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christopher=20M=C3=BChl?= Date: Thu, 7 Aug 2025 10:19:25 +0200 Subject: [PATCH] Make deployment work again on cobalt --- Justfile | 8 ++- .../christopher@cobalt/default.nix | 2 - modules/common/services/shutdown.nix | 42 -------------- modules/common/services/ssh.nix | 9 --- modules/nixos/services/default.nix | 5 ++ modules/nixos/services/shutdown.nix | 58 +++++++++++++++++++ systems/x86_64-linux/cobalt/default.nix | 5 +- 7 files changed, 71 insertions(+), 58 deletions(-) delete mode 100644 modules/common/services/shutdown.nix delete mode 100644 modules/common/services/ssh.nix create mode 100644 modules/nixos/services/default.nix create mode 100644 modules/nixos/services/shutdown.nix diff --git a/Justfile b/Justfile index 9f1330f..80bfd95 100644 --- a/Justfile +++ b/Justfile @@ -1,6 +1,5 @@ set shell := ["bash", "-c"] editor := env('EDITOR') -rebuild := if os() == "linux" { "nixos-rebuild" } else { "darwin-rebuild" } default: @just --list --justfile {{justfile()}} @@ -10,7 +9,12 @@ default: # Runs `nixos-rebuild` or `darwin-rebuild` depending on the OS [group('nix')] deploy: - sudo {{rebuild}} switch --flake . + {{if os() == "linux" { \ + "nixos-rebuild switch --flake . --sudo" \ + } else { \ + "sudo darwin-rebuild switch --flake ." \ + } \ + }} europium: nixos-rebuild switch --flake .#europium --target-host europium --build-host europium --use-remote-sudo diff --git a/homes/x86_64-linux/christopher@cobalt/default.nix b/homes/x86_64-linux/christopher@cobalt/default.nix index 14115d8..2d3345c 100644 --- a/homes/x86_64-linux/christopher@cobalt/default.nix +++ b/homes/x86_64-linux/christopher@cobalt/default.nix @@ -12,9 +12,7 @@ ./misc/gaming.nix ./misc/onedrive.nix ./misc/everything.nix # TODO: Determine if we really always want all these programs or they should be composable - ./global/terminal ./global/current-packages.nix - ./editors/helix ./editors/jetbrains ] ++ (import ./config.nix all); diff --git a/modules/common/services/shutdown.nix b/modules/common/services/shutdown.nix deleted file mode 100644 index 76760f6..0000000 --- a/modules/common/services/shutdown.nix +++ /dev/null @@ -1,42 +0,0 @@ -{pkgs, ...}: let - # The command to run in order to shut down the computer - command = "${pkgs.systemd}/bin/systemctl poweroff -i"; - - # Write this command into a shell script - bin = pkgs.writeShellScriptBin "shutdown" command; -in { - users.users.hass = { - isNormalUser = true; - home = "/home/hass"; - description = "HomeAssistant automations"; - extraGroups = []; - openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzLKowPwiQtAIgrY1wSvdolcDkbXokWrda//EEzQfR5 root@homeassistant"]; - }; - - # Create a symlink to the shell script we created to the absolute path - # /etc/shutdown-script - environment.etc.shutdown-script.source = "${bin}/bin/shutdown"; - - security.sudo.extraRules = [ - { - users = ["hass"]; - commands = [ - { - # Allow the 'hass' user to run the shutdown script - command = "/etc/shutdown-script"; - options = ["NOPASSWD"]; - } - ]; - } - ]; - - # Allow the 'hass' user to log in, but not via password authentication. - # The authorized key is specified above. - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - AllowUsers = ["hass"]; - }; - }; -} diff --git a/modules/common/services/ssh.nix b/modules/common/services/ssh.nix deleted file mode 100644 index eef589e..0000000 --- a/modules/common/services/ssh.nix +++ /dev/null @@ -1,9 +0,0 @@ -{pkgs, ...}: { - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - AllowUsers = ["christopher"]; - }; - }; -} diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix new file mode 100644 index 0000000..b87ca06 --- /dev/null +++ b/modules/nixos/services/default.nix @@ -0,0 +1,5 @@ +{...}: { + imports = [ + ./shutdown.nix + ]; +} diff --git a/modules/nixos/services/shutdown.nix b/modules/nixos/services/shutdown.nix new file mode 100644 index 0000000..a52a742 --- /dev/null +++ b/modules/nixos/services/shutdown.nix @@ -0,0 +1,58 @@ +{ + pkgs, + config, + lib, + ... +}: +with lib; let + # The command to run in order to shut down the computer + command = "${pkgs.systemd}/bin/systemctl poweroff -i"; + + # Write this command into a shell script + bin = pkgs.writeShellScriptBin "shutdown" command; + + cfg = config.services.homeassistant-shutdown; +in { + options.services = { + homeassistant-shutdown = { + enable = mkEnableOption "HomeAssistant shutdown service"; + }; + }; + + config = mkIf cfg.enable { + users.users.hass = { + isNormalUser = true; + home = "/home/hass"; + description = "HomeAssistant automations"; + extraGroups = []; + openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzLKowPwiQtAIgrY1wSvdolcDkbXokWrda//EEzQfR5 root@homeassistant"]; + }; + + # Create a symlink to the shell script we created to the absolute path + # /etc/shutdown-script + environment.etc.shutdown-script.source = "${bin}/bin/shutdown"; + + security.sudo.extraRules = [ + { + users = ["hass"]; + commands = [ + { + # Allow the 'hass' user to run the shutdown script + command = "/etc/shutdown-script"; + options = ["NOPASSWD"]; + } + ]; + } + ]; + + # Allow the 'hass' user to log in, but not via password authentication. + # The authorized key is specified above. + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + AllowUsers = ["hass"]; + }; + }; + }; +} diff --git a/systems/x86_64-linux/cobalt/default.nix b/systems/x86_64-linux/cobalt/default.nix index db69257..2721140 100644 --- a/systems/x86_64-linux/cobalt/default.nix +++ b/systems/x86_64-linux/cobalt/default.nix @@ -19,9 +19,6 @@ with lib._elements; { ./beszel-agent.nix ./wayland.nix - - # TODO: Add config settings like "services.shutdown.enable = true;" - "${inputs.self}/modules/nixos/common/services/shutdown.nix" ]; elements = { @@ -95,6 +92,8 @@ with lib._elements; { # Bluetooth manager blueman.enable = true; + homeassistant-shutdown.enable = true; + pulseaudio.enable = true; pulseaudio.support32Bit = true; pipewire.enable = lib.mkForce false;