From 42148a24890b36db9e500c2a3bfa9695be4daee3 Mon Sep 17 00:00:00 2001 From: Tasia Iso Date: Mon, 29 Apr 2024 14:31:33 +0200 Subject: [PATCH] mhm yaseen --- README.md | 4 +- common/programs/ssh.nix | 2 +- common/services/sshd.nix | 11 +- common/services/usbguard.nix | 2 +- crypto/ssh-keys.nix | 4 +- dotfiles/btop.conf | 248 ++++++++++++++++++ flake.nix | 4 +- home/tasia/home.nix | 34 ++- hosts/enry/configuration.nix | 2 +- hosts/new-phoenix/configuration.nix | 2 +- hosts/phoenix/configuration.nix | 2 +- hosts/stuff/configuration.nix | 2 +- hosts/theseus/configuration.nix | 2 +- .../configuration.nix | 14 +- .../hardware-configuration.nix | 0 15 files changed, 294 insertions(+), 39 deletions(-) create mode 100644 dotfiles/btop.conf rename hosts/{new-new-phoenix => yaseen}/configuration.nix (87%) rename hosts/{new-new-phoenix => yaseen}/hardware-configuration.nix (100%) diff --git a/README.md b/README.md index 36790ba..dc71d99 100644 --- a/README.md +++ b/README.md @@ -73,6 +73,6 @@ Another person's laptop. This is my Raspberry Pi 3B+ inside my electrical cabinet. -### new-new-phoenix +### yaseen -New laptop. Main driver. TODO: give it a name. +New laptop. Main driver. diff --git a/common/programs/ssh.nix b/common/programs/ssh.nix index 70dc9f2..0a95655 100644 --- a/common/programs/ssh.nix +++ b/common/programs/ssh.nix @@ -5,7 +5,7 @@ in { knownHosts = { "enry".publicKey = sshKeys.host.enry; "phoenix".publicKey = sshKeys.host.phoenix; - "new-new-phoenix".publicKey = sshKeys.host.new-new-phoenix; + "yaseen".publicKey = sshKeys.host.yaseen; }; }; } diff --git a/common/services/sshd.nix b/common/services/sshd.nix index 956a72c..e06e6da 100644 --- a/common/services/sshd.nix +++ b/common/services/sshd.nix @@ -68,10 +68,19 @@ ''; }; - # CLI tool + # CLI tools environment.systemPackages = with pkgs; [ google-authenticator + ssh-audit ]; + + # Check whether this is actually doing anything + services.fail2ban = { + enable = true; + ignoreIP = [ + # + ]; + }; } # ssh R6: StrictHostKeyChecking ask diff --git a/common/services/usbguard.nix b/common/services/usbguard.nix index 2ba7f19..4eca369 100644 --- a/common/services/usbguard.nix +++ b/common/services/usbguard.nix @@ -9,7 +9,7 @@ IPCAllowedGroups = ["wheel"]; rules = '' - # new-new-phoenix + # yaseen allow id 1d6b:0002 serial "0000:00:14.0" name "xHCI Host Controller" allow id 1d6b:0003 serial "0000:00:14.0" name "xHCI Host Controller" allow id 0bda:0129 serial "20100201396000000" name "USB2.0-CRW" diff --git a/crypto/ssh-keys.nix b/crypto/ssh-keys.nix index a0a4522..ed01108 100644 --- a/crypto/ssh-keys.nix +++ b/crypto/ssh-keys.nix @@ -5,12 +5,12 @@ rec { }; tasia = { - new-new-phoenix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILLyDLtqUhEQwIsPx0XgQ9OJb2+XxL+2ra4goNJEgwf0 tasia@new-new-phoenix"; + yaseen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILLyDLtqUhEQwIsPx0XgQ9OJb2+XxL+2ra4goNJEgwf0 tasia@yaseen"; }; host = { enry = "enry ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCPPE7U87PZ4+BQrdJtPuD/ibf9ubyPAqcRJe6Lpc2D"; # same phoenix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJTqExIIZuW9yvK7mgveNK8KDGKaRswrjj/nwVDwUdeL root@phoenix"; # host or user ? - new-new-phoenix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFXu/iFf6yhi6A0f6Lvp+wyltMHq1YgxZan5OdCKP9gE root@new-new-phoenix"; + yaseen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFXu/iFf6yhi6A0f6Lvp+wyltMHq1YgxZan5OdCKP9gE root@yaseen"; }; } diff --git a/dotfiles/btop.conf b/dotfiles/btop.conf new file mode 100644 index 0000000..1fc3759 --- /dev/null +++ b/dotfiles/btop.conf @@ -0,0 +1,248 @@ +#? Config file for btop v. 1.3.2 + +#* Name of a btop++/bpytop/bashtop formatted ".theme" file, "Default" and "TTY" for builtin themes. +#* Themes should be placed in "../share/btop/themes" relative to binary or "$HOME/.config/btop/themes" +color_theme = "Default" + +#* If the theme set background should be shown, set to False if you want terminal background transparency. +theme_background = True + +#* Sets if 24-bit truecolor should be used, will convert 24-bit colors to 256 color (6x6x6 color cube) if false. +truecolor = True + +#* Set to true to force tty mode regardless if a real tty has been detected or not. +#* Will force 16-color mode and TTY theme, set all graph symbols to "tty" and swap out other non tty friendly symbols. +force_tty = False + +#* Define presets for the layout of the boxes. Preset 0 is always all boxes shown with default settings. Max 9 presets. +#* Format: "box_name:P:G,box_name:P:G" P=(0 or 1) for alternate positions, G=graph symbol to use for box. +#* Use whitespace " " as separator between different presets. +#* Example: "cpu:0:default,mem:0:tty,proc:1:default cpu:0:braille,proc:0:tty" +presets = "cpu:1:default,proc:0:default cpu:0:default,mem:0:default,net:0:default cpu:0:block,net:0:tty" + +#* Set to True to enable "h,j,k,l,g,G" keys for directional control in lists. +#* Conflicting keys for h:"help" and k:"kill" is accessible while holding shift. +vim_keys = False + +#* Rounded corners on boxes, is ignored if TTY mode is ON. +rounded_corners = True + +#* Default symbols to use for graph creation, "braille", "block" or "tty". +#* "braille" offers the highest resolution but might not be included in all fonts. +#* "block" has half the resolution of braille but uses more common characters. +#* "tty" uses only 3 different symbols but will work with most fonts and should work in a real TTY. +#* Note that "tty" only has half the horizontal resolution of the other two, so will show a shorter historical view. +graph_symbol = "block" + +# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty". +graph_symbol_cpu = "default" + +# Graph symbol to use for graphs in gpu box, "default", "braille", "block" or "tty". +graph_symbol_gpu = "default" + +# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty". +graph_symbol_mem = "default" + +# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty". +graph_symbol_net = "default" + +# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty". +graph_symbol_proc = "default" + +#* Manually set which boxes to show. Available values are "cpu mem net proc" and "gpu0" through "gpu5", separate values with whitespace. +shown_boxes = "cpu mem net proc" + +#* Update time in milliseconds, recommended 2000 ms or above for better sample times for graphs. +update_ms = 1000 + +#* Processes sorting, "pid" "program" "arguments" "threads" "user" "memory" "cpu lazy" "cpu direct", +#* "cpu lazy" sorts top process over time (easier to follow), "cpu direct" updates top process directly. +proc_sorting = "cpu direct" + +#* Reverse sorting order, True or False. +proc_reversed = False + +#* Show processes as a tree. +proc_tree = False + +#* Use the cpu graph colors in the process list. +proc_colors = True + +#* Use a darkening gradient in the process list. +proc_gradient = True + +#* If process cpu usage should be of the core it's running on or usage of the total available cpu power. +proc_per_core = True + +#* Show process memory as bytes instead of percent. +proc_mem_bytes = True + +#* Show cpu graph for each process. +proc_cpu_graphs = True + +#* Use /proc/[pid]/smaps for memory information in the process info box (very slow but more accurate) +proc_info_smaps = False + +#* Show proc box on left side of screen instead of right. +proc_left = False + +#* (Linux) Filter processes tied to the Linux kernel(similar behavior to htop). +proc_filter_kernel = False + +#* In tree-view, always accumulate child process resources in the parent process. +proc_aggregate = False + +#* Sets the CPU stat shown in upper half of the CPU graph, "total" is always available. +#* Select from a list of detected attributes from the options menu. +cpu_graph_upper = "Auto" + +#* Sets the CPU stat shown in lower half of the CPU graph, "total" is always available. +#* Select from a list of detected attributes from the options menu. +cpu_graph_lower = "Auto" + +#* If gpu info should be shown in the cpu box. Available values = "Auto", "On" and "Off". +show_gpu_info = "Auto" + +#* Toggles if the lower CPU graph should be inverted. +cpu_invert_lower = False + +#* Set to True to completely disable the lower CPU graph. +cpu_single_graph = True + +#* Show cpu box at bottom of screen instead of top. +cpu_bottom = False + +#* Shows the system uptime in the CPU box. +show_uptime = True + +#* Show cpu temperature. +check_temp = True + +#* Which sensor to use for cpu temperature, use options menu to select from list of available sensors. +cpu_sensor = "Auto" + +#* Show temperatures for cpu cores also if check_temp is True and sensors has been found. +show_coretemp = True + +#* Set a custom mapping between core and coretemp, can be needed on certain cpus to get correct temperature for correct core. +#* Use lm-sensors or similar to see which cores are reporting temperatures on your machine. +#* Format "x:y" x=core with wrong temp, y=core with correct temp, use space as separator between multiple entries. +#* Example: "4:0 5:1 6:3" +cpu_core_map = "" + +#* Which temperature scale to use, available values: "celsius", "fahrenheit", "kelvin" and "rankine". +temp_scale = "celsius" + +#* Use base 10 for bits/bytes sizes, KB = 1000 instead of KiB = 1024. +base_10_sizes = False + +#* Show CPU frequency. +show_cpu_freq = True + +#* Draw a clock at top of screen, formatting according to strftime, empty string to disable. +#* Special formatting: /host = hostname | /user = username | /uptime = system uptime +clock_format = "%X" + +#* Update main ui in background when menus are showing, set this to false if the menus is flickering too much for comfort. +background_update = True + +#* Custom cpu model name, empty string to disable. +custom_cpu_name = "" + +#* Optional filter for shown disks, should be full path of a mountpoint, separate multiple values with whitespace " ". +#* Begin line with "exclude=" to change to exclude filter, otherwise defaults to "most include" filter. Example: disks_filter="exclude=/boot /home/user". +disks_filter = "exclude=/boot /home" + +#* Show graphs instead of meters for memory values. +mem_graphs = False + +#* Show mem box below net box instead of above. +mem_below_net = False + +#* Count ZFS ARC in cached and available memory. +zfs_arc_cached = True + +#* If swap memory should be shown in memory box. +show_swap = True + +#* Show swap as a disk, ignores show_swap value above, inserts itself after first disk. +swap_disk = True + +#* If mem box should be split to also show disks info. +show_disks = True + +#* Filter out non physical disks. Set this to False to include network disks, RAM disks and similar. +only_physical = True + +#* Read disks list from /etc/fstab. This also disables only_physical. +use_fstab = True + +#* Setting this to True will hide all datasets, and only show ZFS pools. (IO stats will be calculated per-pool) +zfs_hide_datasets = False + +#* Set to true to show available disk space for privileged users. +disk_free_priv = False + +#* Toggles if io activity % (disk busy time) should be shown in regular disk usage view. +show_io_stat = True + +#* Toggles io mode for disks, showing big graphs for disk read/write speeds. +io_mode = True + +#* Set to True to show combined read/write io graphs in io mode. +io_graph_combined = True + +#* Set the top speed for the io graphs in MiB/s (100 by default), use format "mountpoint:speed" separate disks with whitespace " ". +#* Example: "/mnt/media:100 /:20 /boot:1". +io_graph_speeds = "" + +#* Set fixed values for network graphs in Mebibits. Is only used if net_auto is also set to False. +net_download = 100 + +net_upload = 100 + +#* Use network graphs auto rescaling mode, ignores any values set above and rescales down to 10 Kibibytes at the lowest. +net_auto = True + +#* Sync the auto scaling for download and upload to whichever currently has the highest scale. +net_sync = True + +#* Starts with the Network Interface specified here. +net_iface = "" + +#* Show battery stats in top right if battery is present. +show_battery = True + +#* Which battery to use if multiple are present. "Auto" for auto detection. +selected_battery = "Auto" + +#* Show power stats of battery next to charge indicator. +show_battery_watts = True + +#* Set loglevel for "~/.config/btop/btop.log" levels are: "ERROR" "WARNING" "INFO" "DEBUG". +#* The level set includes all lower levels, i.e. "DEBUG" will show all logging info. +log_level = "WARNING" + +#* Measure PCIe throughput on NVIDIA cards, may impact performance on certain cards. +nvml_measure_pcie_speeds = True + +#* Horizontally mirror the GPU graph. +gpu_mirror_graph = True + +#* Custom gpu0 model name, empty string to disable. +custom_gpu_name0 = "" + +#* Custom gpu1 model name, empty string to disable. +custom_gpu_name1 = "" + +#* Custom gpu2 model name, empty string to disable. +custom_gpu_name2 = "" + +#* Custom gpu3 model name, empty string to disable. +custom_gpu_name3 = "" + +#* Custom gpu4 model name, empty string to disable. +custom_gpu_name4 = "" + +#* Custom gpu5 model name, empty string to disable. +custom_gpu_name5 = "" diff --git a/flake.nix b/flake.nix index 5dc3cd8..f4802aa 100644 --- a/flake.nix +++ b/flake.nix @@ -96,11 +96,11 @@ ]; }; - new-new-phoenix = unstable.lib.nixosSystem { + yaseen = unstable.lib.nixosSystem { system = "aarch64-linux"; specialArgs = {inherit inputs outputs;}; modules = [ - ./hosts/new-new-phoenix/configuration.nix + ./hosts/yaseen/configuration.nix ]; }; }; diff --git a/home/tasia/home.nix b/home/tasia/home.nix index ade0dc3..befd3d7 100644 --- a/home/tasia/home.nix +++ b/home/tasia/home.nix @@ -8,6 +8,7 @@ "syncthing" "tss" "dialout" + "vboxusers" ]; initialPassword = "password123"; }; @@ -16,29 +17,37 @@ home.file = { ".zshrc".source = ../../dotfiles/.shellrc; ".bashrc".source = ../../dotfiles/.shellrc; + ".config/btop/btop.conf".source = ../../dotfiles/btop.conf; # ".gitconfig".source = ../../dotfiles/.gitconfig; ".librewolf/librewolf.overrides.cfg".source = ../../dotfiles/librewolf.overrides.cfg; }; home.packages = with pkgs; [ - bitwarden - gocryptfs + # Development rustc cargo nodejs - rpi-imager + yarn + nodePackages.node-gyp + nodePackages.node-pre-gyp + openssl + + # Dektop apps + bitwarden simplex-chat-desktop picard kleopatra qbittorrent tor-browser + ssb-patchwork + + # System utilities + gocryptfs + sirikali + rpi-imager protonvpn-gui protonvpn-cli - yarn - nodePackages.node-gyp - nodePackages.node-pre-gyp - openssl home-manager atool @@ -47,18 +56,15 @@ stress lazygit - wireguard-tools - # android-tools - #endless-sky - #gnucash + # endless-sky + # gnucash # obs-studio # kdenlive # wireshark # appimage-run - #ssb-patchwork - #android-studio - #swig + # android-studio + # swig # radicle-cli # opensnitch-ui # superTuxKart diff --git a/hosts/enry/configuration.nix b/hosts/enry/configuration.nix index d5efb61..6b2b5dc 100644 --- a/hosts/enry/configuration.nix +++ b/hosts/enry/configuration.nix @@ -25,7 +25,7 @@ in { initialPassword = "correcthorsebatterystaple"; openssh.authorizedKeys.keys = [ sshKeys.tasia.phoenix - sshKeys.tasia.new-new-phoenix + sshKeys.tasia.yaseen ]; }; diff --git a/hosts/new-phoenix/configuration.nix b/hosts/new-phoenix/configuration.nix index 9f9e0ec..82a7186 100644 --- a/hosts/new-phoenix/configuration.nix +++ b/hosts/new-phoenix/configuration.nix @@ -36,7 +36,7 @@ in { }; users.users.user.openssh.authorizedKeys.keys = [ - sshKeys.tasia.new-new-phoenix + sshKeys.tasia.yaseen ]; services.btrfs.autoScrub.fileSystems = lib.mkForce ["/" "/data"]; diff --git a/hosts/phoenix/configuration.nix b/hosts/phoenix/configuration.nix index 168cd63..1f1e9ee 100644 --- a/hosts/phoenix/configuration.nix +++ b/hosts/phoenix/configuration.nix @@ -48,7 +48,7 @@ in { }; users.users.user.openssh.authorizedKeys.keys = [ - sshKeys.tasia.new-new-phoenix + sshKeys.tasia.yaseen ]; services.btrfs.autoScrub.fileSystems = lib.mkForce ["/" "/data"]; diff --git a/hosts/stuff/configuration.nix b/hosts/stuff/configuration.nix index 690900c..578012e 100644 --- a/hosts/stuff/configuration.nix +++ b/hosts/stuff/configuration.nix @@ -22,7 +22,7 @@ in { networking.hostName = "stuff"; users.users.user.openssh.authorizedKeys.keys = [ - sshKeys.tasia.new-new-phoenix + sshKeys.tasia.yaseen ]; environment.systemPackages = with pkgs; [ diff --git a/hosts/theseus/configuration.nix b/hosts/theseus/configuration.nix index c7b344d..f7a6410 100644 --- a/hosts/theseus/configuration.nix +++ b/hosts/theseus/configuration.nix @@ -35,7 +35,7 @@ in { }; users.users.user.openssh.authorizedKeys.keys = [ - sshKeys.tasia.new-new-phoenix + sshKeys.tasia.yaseen ]; services.btrfs.autoScrub.fileSystems = lb.mkForce ["/" "/data"]; diff --git a/hosts/new-new-phoenix/configuration.nix b/hosts/yaseen/configuration.nix similarity index 87% rename from hosts/new-new-phoenix/configuration.nix rename to hosts/yaseen/configuration.nix index 97c98c3..05ffd42 100644 --- a/hosts/new-new-phoenix/configuration.nix +++ b/hosts/yaseen/configuration.nix @@ -43,7 +43,7 @@ in { ]; networking = { - hostName = "new-new-phoenix"; + hostName = "yaseen"; # firewall.enable = lib.mkForce false; firewall = { @@ -66,13 +66,9 @@ in { }; users.users.tasia.openssh.authorizedKeys.keys = [ - sshKeys.tasia.new-new-phoenix + sshKeys.tasia.yaseen ]; - services.btrfs.autoScrub.fileSystems = ["/"]; - - # services.vedirect-reader.enable = true; - virtualisation.docker.enable = true; # services.flatpak.enable = false; @@ -93,12 +89,8 @@ in { # inputs.nixos-conf-editor.packages.${system}.nixos-conf-editor # inputs.nix-software-center.packages.${system}.nix-software-center ]; - virtualisation.virtualbox.host.enable = true; - users.extraGroups.vboxusers.members = ["tasia"]; - services.openvpn.servers = { - ch = {config = ''config /home/tasia/Downloads/ch.protonvpn.udp.ovpn '';}; - }; + virtualisation.virtualbox.host.enable = true; services.blueman.enable = true; diff --git a/hosts/new-new-phoenix/hardware-configuration.nix b/hosts/yaseen/hardware-configuration.nix similarity index 100% rename from hosts/new-new-phoenix/hardware-configuration.nix rename to hosts/yaseen/hardware-configuration.nix