mhm yaseen

README.md

@@ -73,6 +73,6 @@ Another person's laptop.
 
 This is my Raspberry Pi 3B+ inside my electrical cabinet.
 
-### new-new-phoenix
+### yaseen
 
-New laptop. Main driver. TODO: give it a name.
+New laptop. Main driver.

common/programs/ssh.nix

@@ -5,7 +5,7 @@ in {
     knownHosts = {
       "enry".publicKey = sshKeys.host.enry;
       "phoenix".publicKey = sshKeys.host.phoenix;
-      "new-new-phoenix".publicKey = sshKeys.host.new-new-phoenix;
+      "yaseen".publicKey = sshKeys.host.yaseen;
     };
   };
 }

common/services/sshd.nix

@@ -68,10 +68,19 @@
     '';
   };
 
-  # CLI tool
+  # CLI tools
   environment.systemPackages = with pkgs; [
     google-authenticator
+    ssh-audit
   ];
+
+  # Check whether this is actually doing anything
+  services.fail2ban = {
+    enable = true;
+    ignoreIP = [
+      #
+    ];
+  };
 }
 # ssh R6: StrictHostKeyChecking ask
 

common/services/usbguard.nix

@@ -9,7 +9,7 @@
     IPCAllowedGroups = ["wheel"];
 
     rules = ''
-      # new-new-phoenix
+      # yaseen
       allow id 1d6b:0002 serial "0000:00:14.0" name "xHCI Host Controller"
       allow id 1d6b:0003 serial "0000:00:14.0" name "xHCI Host Controller"
       allow id 0bda:0129 serial "20100201396000000" name "USB2.0-CRW"

crypto/ssh-keys.nix

@@ -5,12 +5,12 @@ rec {
   };
 
   tasia = {
-    new-new-phoenix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILLyDLtqUhEQwIsPx0XgQ9OJb2+XxL+2ra4goNJEgwf0 tasia@new-new-phoenix";
+    yaseen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILLyDLtqUhEQwIsPx0XgQ9OJb2+XxL+2ra4goNJEgwf0 tasia@yaseen";
   };
 
   host = {
     enry = "enry ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCPPE7U87PZ4+BQrdJtPuD/ibf9ubyPAqcRJe6Lpc2D"; # same
     phoenix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJTqExIIZuW9yvK7mgveNK8KDGKaRswrjj/nwVDwUdeL root@phoenix"; # host or user ?
-    new-new-phoenix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFXu/iFf6yhi6A0f6Lvp+wyltMHq1YgxZan5OdCKP9gE root@new-new-phoenix";
+    yaseen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFXu/iFf6yhi6A0f6Lvp+wyltMHq1YgxZan5OdCKP9gE root@yaseen";
   };
 }

dotfiles/btop.conf

@@ -0,0 +1,248 @@
+#? Config file for btop v. 1.3.2
+
+#* Name of a btop++/bpytop/bashtop formatted ".theme" file, "Default" and "TTY" for builtin themes.
+#* Themes should be placed in "../share/btop/themes" relative to binary or "$HOME/.config/btop/themes"
+color_theme = "Default"
+
+#* If the theme set background should be shown, set to False if you want terminal background transparency.
+theme_background = True
+
+#* Sets if 24-bit truecolor should be used, will convert 24-bit colors to 256 color (6x6x6 color cube) if false.
+truecolor = True
+
+#* Set to true to force tty mode regardless if a real tty has been detected or not.
+#* Will force 16-color mode and TTY theme, set all graph symbols to "tty" and swap out other non tty friendly symbols.
+force_tty = False
+
+#* Define presets for the layout of the boxes. Preset 0 is always all boxes shown with default settings. Max 9 presets.
+#* Format: "box_name:P:G,box_name:P:G" P=(0 or 1) for alternate positions, G=graph symbol to use for box.
+#* Use whitespace " " as separator between different presets.
+#* Example: "cpu:0:default,mem:0:tty,proc:1:default cpu:0:braille,proc:0:tty"
+presets = "cpu:1:default,proc:0:default cpu:0:default,mem:0:default,net:0:default cpu:0:block,net:0:tty"
+
+#* Set to True to enable "h,j,k,l,g,G" keys for directional control in lists.
+#* Conflicting keys for h:"help" and k:"kill" is accessible while holding shift.
+vim_keys = False
+
+#* Rounded corners on boxes, is ignored if TTY mode is ON.
+rounded_corners = True
+
+#* Default symbols to use for graph creation, "braille", "block" or "tty".
+#* "braille" offers the highest resolution but might not be included in all fonts.
+#* "block" has half the resolution of braille but uses more common characters.
+#* "tty" uses only 3 different symbols but will work with most fonts and should work in a real TTY.
+#* Note that "tty" only has half the horizontal resolution of the other two, so will show a shorter historical view.
+graph_symbol = "block"
+
+# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
+graph_symbol_cpu = "default"
+
+# Graph symbol to use for graphs in gpu box, "default", "braille", "block" or "tty".
+graph_symbol_gpu = "default"
+
+# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
+graph_symbol_mem = "default"
+
+# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
+graph_symbol_net = "default"
+
+# Graph symbol to use for graphs in cpu box, "default", "braille", "block" or "tty".
+graph_symbol_proc = "default"
+
+#* Manually set which boxes to show. Available values are "cpu mem net proc" and "gpu0" through "gpu5", separate values with whitespace.
+shown_boxes = "cpu mem net proc"
+
+#* Update time in milliseconds, recommended 2000 ms or above for better sample times for graphs.
+update_ms = 1000
+
+#* Processes sorting, "pid" "program" "arguments" "threads" "user" "memory" "cpu lazy" "cpu direct",
+#* "cpu lazy" sorts top process over time (easier to follow), "cpu direct" updates top process directly.
+proc_sorting = "cpu direct"
+
+#* Reverse sorting order, True or False.
+proc_reversed = False
+
+#* Show processes as a tree.
+proc_tree = False
+
+#* Use the cpu graph colors in the process list.
+proc_colors = True
+
+#* Use a darkening gradient in the process list.
+proc_gradient = True
+
+#* If process cpu usage should be of the core it's running on or usage of the total available cpu power.
+proc_per_core = True
+
+#* Show process memory as bytes instead of percent.
+proc_mem_bytes = True
+
+#* Show cpu graph for each process.
+proc_cpu_graphs = True
+
+#* Use /proc/[pid]/smaps for memory information in the process info box (very slow but more accurate)
+proc_info_smaps = False
+
+#* Show proc box on left side of screen instead of right.
+proc_left = False
+
+#* (Linux) Filter processes tied to the Linux kernel(similar behavior to htop).
+proc_filter_kernel = False
+
+#* In tree-view, always accumulate child process resources in the parent process.
+proc_aggregate = False
+
+#* Sets the CPU stat shown in upper half of the CPU graph, "total" is always available.
+#* Select from a list of detected attributes from the options menu.
+cpu_graph_upper = "Auto"
+
+#* Sets the CPU stat shown in lower half of the CPU graph, "total" is always available.
+#* Select from a list of detected attributes from the options menu.
+cpu_graph_lower = "Auto"
+
+#* If gpu info should be shown in the cpu box. Available values = "Auto", "On" and "Off".
+show_gpu_info = "Auto"
+
+#* Toggles if the lower CPU graph should be inverted.
+cpu_invert_lower = False
+
+#* Set to True to completely disable the lower CPU graph.
+cpu_single_graph = True
+
+#* Show cpu box at bottom of screen instead of top.
+cpu_bottom = False
+
+#* Shows the system uptime in the CPU box.
+show_uptime = True
+
+#* Show cpu temperature.
+check_temp = True
+
+#* Which sensor to use for cpu temperature, use options menu to select from list of available sensors.
+cpu_sensor = "Auto"
+
+#* Show temperatures for cpu cores also if check_temp is True and sensors has been found.
+show_coretemp = True
+
+#* Set a custom mapping between core and coretemp, can be needed on certain cpus to get correct temperature for correct core.
+#* Use lm-sensors or similar to see which cores are reporting temperatures on your machine.
+#* Format "x:y" x=core with wrong temp, y=core with correct temp, use space as separator between multiple entries.
+#* Example: "4:0 5:1 6:3"
+cpu_core_map = ""
+
+#* Which temperature scale to use, available values: "celsius", "fahrenheit", "kelvin" and "rankine".
+temp_scale = "celsius"
+
+#* Use base 10 for bits/bytes sizes, KB = 1000 instead of KiB = 1024.
+base_10_sizes = False
+
+#* Show CPU frequency.
+show_cpu_freq = True
+
+#* Draw a clock at top of screen, formatting according to strftime, empty string to disable.
+#* Special formatting: /host = hostname | /user = username | /uptime = system uptime
+clock_format = "%X"
+
+#* Update main ui in background when menus are showing, set this to false if the menus is flickering too much for comfort.
+background_update = True
+
+#* Custom cpu model name, empty string to disable.
+custom_cpu_name = ""
+
+#* Optional filter for shown disks, should be full path of a mountpoint, separate multiple values with whitespace " ".
+#* Begin line with "exclude=" to change to exclude filter, otherwise defaults to "most include" filter. Example: disks_filter="exclude=/boot /home/user".
+disks_filter = "exclude=/boot /home"
+
+#* Show graphs instead of meters for memory values.
+mem_graphs = False
+
+#* Show mem box below net box instead of above.
+mem_below_net = False
+
+#* Count ZFS ARC in cached and available memory.
+zfs_arc_cached = True
+
+#* If swap memory should be shown in memory box.
+show_swap = True
+
+#* Show swap as a disk, ignores show_swap value above, inserts itself after first disk.
+swap_disk = True
+
+#* If mem box should be split to also show disks info.
+show_disks = True
+
+#* Filter out non physical disks. Set this to False to include network disks, RAM disks and similar.
+only_physical = True
+
+#* Read disks list from /etc/fstab. This also disables only_physical.
+use_fstab = True
+
+#* Setting this to True will hide all datasets, and only show ZFS pools. (IO stats will be calculated per-pool)
+zfs_hide_datasets = False
+
+#* Set to true to show available disk space for privileged users.
+disk_free_priv = False
+
+#* Toggles if io activity % (disk busy time) should be shown in regular disk usage view.
+show_io_stat = True
+
+#* Toggles io mode for disks, showing big graphs for disk read/write speeds.
+io_mode = True
+
+#* Set to True to show combined read/write io graphs in io mode.
+io_graph_combined = True
+
+#* Set the top speed for the io graphs in MiB/s (100 by default), use format "mountpoint:speed" separate disks with whitespace " ".
+#* Example: "/mnt/media:100 /:20 /boot:1".
+io_graph_speeds = ""
+
+#* Set fixed values for network graphs in Mebibits. Is only used if net_auto is also set to False.
+net_download = 100
+
+net_upload = 100
+
+#* Use network graphs auto rescaling mode, ignores any values set above and rescales down to 10 Kibibytes at the lowest.
+net_auto = True
+
+#* Sync the auto scaling for download and upload to whichever currently has the highest scale.
+net_sync = True
+
+#* Starts with the Network Interface specified here.
+net_iface = ""
+
+#* Show battery stats in top right if battery is present.
+show_battery = True
+
+#* Which battery to use if multiple are present. "Auto" for auto detection.
+selected_battery = "Auto"
+
+#* Show power stats of battery next to charge indicator.
+show_battery_watts = True
+
+#* Set loglevel for "~/.config/btop/btop.log" levels are: "ERROR" "WARNING" "INFO" "DEBUG".
+#* The level set includes all lower levels, i.e. "DEBUG" will show all logging info.
+log_level = "WARNING"
+
+#* Measure PCIe throughput on NVIDIA cards, may impact performance on certain cards.
+nvml_measure_pcie_speeds = True
+
+#* Horizontally mirror the GPU graph.
+gpu_mirror_graph = True
+
+#* Custom gpu0 model name, empty string to disable.
+custom_gpu_name0 = ""
+
+#* Custom gpu1 model name, empty string to disable.
+custom_gpu_name1 = ""
+
+#* Custom gpu2 model name, empty string to disable.
+custom_gpu_name2 = ""
+
+#* Custom gpu3 model name, empty string to disable.
+custom_gpu_name3 = ""
+
+#* Custom gpu4 model name, empty string to disable.
+custom_gpu_name4 = ""
+
+#* Custom gpu5 model name, empty string to disable.
+custom_gpu_name5 = ""

flake.nix

@@ -96,11 +96,11 @@
         ];
       };
 
-      new-new-phoenix = unstable.lib.nixosSystem {
+      yaseen = unstable.lib.nixosSystem {
         system = "aarch64-linux";
         specialArgs = {inherit inputs outputs;};
         modules = [
-          ./hosts/new-new-phoenix/configuration.nix
+          ./hosts/yaseen/configuration.nix
         ];
       };
     };

home/tasia/home.nix

@@ -8,6 +8,7 @@
       "syncthing"
       "tss"
       "dialout"
+      "vboxusers"
     ];
     initialPassword = "password123";
   };
@@ -16,29 +17,37 @@
     home.file = {
       ".zshrc".source = ../../dotfiles/.shellrc;
       ".bashrc".source = ../../dotfiles/.shellrc;
+      ".config/btop/btop.conf".source = ../../dotfiles/btop.conf;
       # ".gitconfig".source = ../../dotfiles/.gitconfig;
 
       ".librewolf/librewolf.overrides.cfg".source = ../../dotfiles/librewolf.overrides.cfg;
     };
 
     home.packages = with pkgs; [
-      bitwarden
-      gocryptfs
+      # Development
       rustc
       cargo
       nodejs
-      rpi-imager
+      yarn
+      nodePackages.node-gyp
+      nodePackages.node-pre-gyp
+      openssl
+
+      # Dektop apps
+      bitwarden
       simplex-chat-desktop
       picard
       kleopatra
       qbittorrent
       tor-browser
+      ssb-patchwork
+
+      # System utilities
+      gocryptfs
+      sirikali
+      rpi-imager
       protonvpn-gui
       protonvpn-cli
-      yarn
-      nodePackages.node-gyp
-      nodePackages.node-pre-gyp
-      openssl
       home-manager
 
       atool
@@ -47,8 +56,6 @@
       stress
       lazygit
 
-      wireguard-tools
-
       # android-tools
       # endless-sky
       # gnucash
@@ -56,7 +63,6 @@
       # kdenlive
       # wireshark
       # appimage-run
-      #ssb-patchwork
       # android-studio
       # swig
       # radicle-cli

hosts/enry/configuration.nix

@@ -25,7 +25,7 @@ in {
     initialPassword = "correcthorsebatterystaple";
     openssh.authorizedKeys.keys = [
       sshKeys.tasia.phoenix
-      sshKeys.tasia.new-new-phoenix
+      sshKeys.tasia.yaseen
     ];
   };
 

hosts/new-phoenix/configuration.nix

@@ -36,7 +36,7 @@ in {
   };
 
   users.users.user.openssh.authorizedKeys.keys = [
-    sshKeys.tasia.new-new-phoenix
+    sshKeys.tasia.yaseen
   ];
 
   services.btrfs.autoScrub.fileSystems = lib.mkForce ["/" "/data"];

hosts/phoenix/configuration.nix

@@ -48,7 +48,7 @@ in {
   };
 
   users.users.user.openssh.authorizedKeys.keys = [
-    sshKeys.tasia.new-new-phoenix
+    sshKeys.tasia.yaseen
   ];
 
   services.btrfs.autoScrub.fileSystems = lib.mkForce ["/" "/data"];

hosts/stuff/configuration.nix

@@ -22,7 +22,7 @@ in {
   networking.hostName = "stuff";
 
   users.users.user.openssh.authorizedKeys.keys = [
-    sshKeys.tasia.new-new-phoenix
+    sshKeys.tasia.yaseen
   ];
 
   environment.systemPackages = with pkgs; [

hosts/theseus/configuration.nix

@@ -35,7 +35,7 @@ in {
   };
 
   users.users.user.openssh.authorizedKeys.keys = [
-    sshKeys.tasia.new-new-phoenix
+    sshKeys.tasia.yaseen
   ];
 
   services.btrfs.autoScrub.fileSystems = lb.mkForce ["/" "/data"];

hosts/yaseen/configuration.nix

@@ -43,7 +43,7 @@ in {
   ];
 
   networking = {
-    hostName = "new-new-phoenix";
+    hostName = "yaseen";
 
     # firewall.enable = lib.mkForce false;
     firewall = {
@@ -66,13 +66,9 @@ in {
   };
 
   users.users.tasia.openssh.authorizedKeys.keys = [
-    sshKeys.tasia.new-new-phoenix
+    sshKeys.tasia.yaseen
   ];
 
-  services.btrfs.autoScrub.fileSystems = ["/"];
-
-  # services.vedirect-reader.enable = true;
-
   virtualisation.docker.enable = true;
   # services.flatpak.enable = false;
 
@@ -93,12 +89,8 @@ in {
     # inputs.nixos-conf-editor.packages.${system}.nixos-conf-editor
     # inputs.nix-software-center.packages.${system}.nix-software-center
   ];
-  virtualisation.virtualbox.host.enable = true;
-  users.extraGroups.vboxusers.members = ["tasia"];
 
-  services.openvpn.servers = {
-    ch = {config = ''config /home/tasia/Downloads/ch.protonvpn.udp.ovpn '';};
-  };
+  virtualisation.virtualbox.host.enable = true;
 
   services.blueman.enable = true;