fediversity/fediversity
13
2
Fork 6
Code Issues 124 Pull requests 22 Projects 1 Activity Actions

Factorise other configuration options #22

Manually merged
Niols merged 6 commits from factorise-other-config into main 2024-11-21 12:08:16 +01:00
Conversation 0 Commits 6 Files changed 11 +36 -183
Niols commented 2024-11-20 17:44:52 +01:00
Owner
Copy link

This PR builds on top of #21; it factorises the other options that are in common between all configurations.

This PR builds on top of #21; it factorises the other options that are in common between all configurations.
fricklerhandwerk approved these changes 2024-11-20 23:21:04 +01:00
infra/common/default.nix Outdated
@ -7,0 +16,4 @@
system.stateVersion = "24.05"; # do not change
nixpkgs.hostPlatform = mkDefault "x86_64-linux";
## REVIEW: Do we actually need this?
fricklerhandwerk commented 2024-11-20 23:06:05 +01:00
Owner
Copy link

yes because then you can ditch passwords entirely. you already have authorization when getting logged in over SSH, why would you type random strings into your keyboard again?

yes because then you can ditch passwords entirely. you already *have* authorization when getting logged in over SSH, why would you type random strings into your keyboard *again*?
Niols commented 2024-11-21 12:05:23 +01:00
Author
Owner
Copy link

I was wondering what security specialists thought about this. @koen said on Matrix that they very much dislike direct root SSH, but they were fine with password-less sudo, so let's keep this option then.

I was wondering what security specialists thought about this. @koen said on Matrix that they very much dislike direct `root` SSH, but they were fine with password-less sudo, so let's keep this option then.
Niols marked this conversation as resolved
infra/common/default.nix Outdated
@ -7,0 +21,4 @@
nix.settings.trusted-users = [ "@wheel" ];
environment.systemPackages = with pkgs; [
fricklerhandwerk commented 2024-11-20 23:12:25 +01:00
Owner
Copy link

my rant won't fix it, so this is not a change request, but for the record: everyone should just bring their own tools to the server via ssh, there's technically no need to clutter the config with some random preferences that will never age well.

there's a thing called sshrc that demonstrates the principle, but these days with Nix you can have your exact favorite environment, defined locally on each remote login via SSH. to my surprise, no one seems to have thought it through to write the handful lines of bash and Nix required for that, but in my humble opinion this is how it should be done.

my rant won't fix it, so this is not a change request, but for the record: everyone should just bring their own tools to the server via ssh, there's *technically* no need to clutter the config with some random preferences that will never age well. there's a thing called [sshrc](https://github.com/danrabinowitz/sshrc/blob/master/sshrc) that demonstrates the principle, but these days with Nix you can have *your exact favorite environment, defined locally* on each remote login via SSH. to my surprise, no one seems to have thought it through to write the handful lines of bash and Nix required for that, but in my humble opinion this is how it should be done.
👍 1
Niols commented 2024-11-21 12:12:06 +01:00
Author
Owner
Copy link

I very much agree with all this, and I was not happy copying these packages, but I decided that it was easier to just refactor, and to discuss this later. I have started keeping track of this discussion in Fediversity/Fediversity#25.

I very much agree with all this, and I was not happy copying these packages, but I decided that it was easier to just refactor, and to discuss this later. I have started keeping track of this discussion in https://git.fediversity.eu/Fediversity/Fediversity/issues/25.
👍 2
infra/vm02187/hardware-configuration.nix Outdated
@ -1,5 +1,3 @@
{ lib, ... }:
fricklerhandwerk commented 2024-11-20 23:07:36 +01:00
Owner
Copy link

I recommend keeping

{ ... }:

so it's clear at first glance that it's a module.

I recommend keeping ```nix { ... }: ``` so it's clear at first glance that it's a module.
👍 1
Niols marked this conversation as resolved
Niols changed target branch from factorise-hardware-config to main 2024-11-21 11:58:53 +01:00
Niols force-pushed factorise-other-config from 37b1cc01c4 to fca563a987 2024-11-21 12:07:17 +01:00 Compare
Niols manually merged commit d2638845d0 into main 2024-11-21 12:08:16 +01:00
Sign in to join this conversation.
Reviewers
No reviewers
fricklerhandwerk
Labels
Clear labels   
api service

features that may relate more to a (to be created) API service

  
blocked

   
bug

Anything that doesn't work as advertised

  
component: fediversity panel

   
component: nixops4

   
documentation

   
estimation high: >3d

   
estimation low: <2h

   
estimation mid: <8h

   
productisation

features out-scoped with the decoupling of the productisation effort

  
project-management

Project management related tasks

  
question

   
role: application developer

   
role: application operator

   
role: hosting provider

   
role: maintainer

   
security

   
technical debt

   
testing

   
type unclear

   
type: key result

   
type: objective

   
type: task

   
type: user story

   
user experience
No labels
api service
blocked
bug
component: fediversity panel
component: nixops4
documentation
estimation high: >3d
estimation low: <2h
estimation mid: <8h
productisation
project-management
question
role: application developer
role: application operator
role: hosting provider
role: maintainer
security
technical debt
testing
type unclear
type: key result
type: objective
type: task
type: user story
user experience
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: fediversity/fediversity#22
No description provided.
Delete branch "factorise-other-config"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?