yaseen is dead, long live cave johnson

2025-01-24 11:31:28 +01:00 · 2025-01-24 11:31:28 +01:00 · b1b72c7ad1
parent 308ebe941e
commit b1b72c7ad1
16 changed files with 49 additions and 52 deletions
--- a/README.md
+++ b/README.md
@ -70,6 +70,6 @@ Another person's laptop.

 This is my Raspberry Pi 3B+ inside my electrical cabinet.

-### yaseen
+### cave

 New laptop. Main driver.
--- a/common/programs/ssh.nix
+++ b/common/programs/ssh.nix
@ -5,7 +5,7 @@ in {
    knownHosts = {
      "enry".publicKey = sshKeys.host.enry;
      "phoenix".publicKey = sshKeys.host.phoenix;
-      "yaseen".publicKey = sshKeys.host.yaseen;
+      "cave".publicKey = sshKeys.host.cave;
    };
  };
 }
--- a/common/services/usbguard.nix
+++ b/common/services/usbguard.nix
@ -9,13 +9,6 @@
    IPCAllowedGroups = ["wheel"];

    rules = ''
-      # yaseen
-      allow id 1d6b:0002 serial "0000:00:14.0" name "xHCI Host Controller"
-      allow id 1d6b:0003 serial "0000:00:14.0" name "xHCI Host Controller"
-      allow id 0bda:0129 serial "20100201396000000" name "USB2.0-CRW"
-      allow id 048d:ce00 serial "" name "ITE Device(8291)"
-      allow id 8087:0025 serial "" name ""
-
      # USB Drives
      allow id 0951:1666 serial "D067E5161936F420A61181ED" name "DataTraveler 3.0" # ISO USB
      allow id 346d:5678 serial "FC081FF86A47A" name "Disk 20" # TAILS USB
--- a/crypto/secrets.nix
+++ b/crypto/secrets.nix
@ -2,14 +2,14 @@ let
  sshKeys = import ./ssh-keys.nix;
 in {
  "wifi.age".publicKeys = [
-    sshKeys.host.yaseen
-    sshKeys.tasia.yaseen
+    sshKeys.host.cave
+    sshKeys.tasia.cave
  ];
  "nm-secrets.age".publicKeys = [
-    sshKeys.tasia.yaseen
+    sshKeys.tasia.cave
    sshKeys.host.enry
    sshKeys.host.phoenix
    sshKeys.host.stuff
-    sshKeys.host.yaseen
+    sshKeys.host.cave
  ];
 }
--- a/crypto/ssh-keys.nix
+++ b/crypto/ssh-keys.nix
@ -10,7 +10,7 @@ rec {
  };

  tasia = {
-    yaseen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILLyDLtqUhEQwIsPx0XgQ9OJb2+XxL+2ra4goNJEgwf0 tasia@yaseen";
+    cave = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILLyDLtqUhEQwIsPx0XgQ9OJb2+XxL+2ra4goNJEgwf0 tasia@cave";
    yubi-primary = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDZTEBwdL/Ey7++/Cq15+nSyeKmBHMuRu44fDJ7L2T51AAAABHNzaDo= Primary Key";
    yubi-spare = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGjHm14dQiyZz70knJjwCZ6yrgkl72LE2w2jCsBNlrlHAAAABHNzaDo= Spare Key";
  };
@ -19,6 +19,6 @@ rec {
    enry = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCPPE7U87PZ4+BQrdJtPuD/ibf9ubyPAqcRJe6Lpc2D"; # host or user ?
    phoenix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN4Guf38dhoseOjx30w/Tk4Snp2ltJuk/gvpoyRWKUtt";
    stuff = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFwMDyMq2eQ5IckD4sUIMN5+O73hkyajz61I3XYbp5vt";
-    yaseen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFXu/iFf6yhi6A0f6Lvp+wyltMHq1YgxZan5OdCKP9gE";
+    cave = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFXu/iFf6yhi6A0f6Lvp+wyltMHq1YgxZan5OdCKP9gE";
  };
 }
--- a/flake.nix
+++ b/flake.nix
@ -124,11 +124,11 @@
        ];
      };

-      yaseen = stable.lib.nixosSystem {
+      cave = stable.lib.nixosSystem {
        system = "x86_64-linux";
        specialArgs = {inherit inputs outputs;};
        modules = [
-          ./hosts/yaseen/configuration.nix
+          ./hosts/cave/configuration.nix
        ];
      };

--- a/hosts/yaseen/configuration.nix
+++ b/hosts/yaseen/configuration.nix
@ -27,7 +27,7 @@ in {
    ../../common/hardware/btrfs.nix

    # Software components
-    ../../common/components/de/sddm.nix
+    # ../../common/components/de/sddm.nix
    ../../common/components/de/plasma6.nix
    # ../../common/components/de/hyprland.nix

@ -69,7 +69,7 @@ in {
  #};

  networking = {
-    hostName = "yaseen";
+    hostName = "cave";

    firewall = {
      allowedTCPPorts = [
@ -89,7 +89,7 @@ in {
  };

  users.users.tasia.openssh.authorizedKeys.keys = [
-    sshKeys.tasia.yaseen
+    sshKeys.tasia.cave
  ];

  virtualisation.docker.enable = true;
@ -247,7 +247,7 @@ services.udev.packages = [ pkgs.rtl-sdr ];
  #   system-binfmt-x86_64-enable = false; # enables emulation of x86_64 binaries, default is false
  #   repo-path = "/var/lib/thymis/repository"; # directory where the controller will store the repository holding the project
  #   database-url = "sqlite:////var/lib/thymis/thymis.sqlite"; # URL of the database
-  #   base-url = "https://yaseen/"; # base URL of the controller, how it will be accessed from the outside
+  #   base-url = "https://cave/"; # base URL of the controller, how it will be accessed from the outside
  #   auth-basic = true; # whether to enable authentication using a basic username/password
  #   auth-basic-username = "admin"; # username for basic authentication
  #   auth-basic-password-file = "/var/lib/thymis/auth-basic-password"; # file containing the password for basic authentication
@ -261,7 +261,7 @@ services.udev.packages = [ pkgs.rtl-sdr ];
  # services.nginx = {
  #   enable = true;
  #   virtualHosts."thymis" = {
-  #     serverName = "yaseen";
+  #     serverName = "cave";
  #     enableACME = true;
  #     forceSSL = true;
  #   };
--- a/hosts/yaseen/hardware-configuration.nix
+++ b/hosts/yaseen/hardware-configuration.nix
@ -12,9 +12,9 @@
    (modulesPath + "/installer/scan/not-detected.nix")
  ];

-  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "rtsx_usb_sdmmc"];
+  boot.initrd.availableKernelModules = ["nvme" "ehci_pci" "xhci_pci" "sdhci_pci"];
  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-intel"];
+  boot.kernelModules = ["kvm-amd"];
  boot.extraModulePackages = [];

  fileSystems."/" = {
@ -25,18 +25,18 @@

  boot.initrd.luks.devices."luks-ab9bf3d3-8c4f-415b-944e-a8e8d355d11c".device = "/dev/disk/by-uuid/ab9bf3d3-8c4f-415b-944e-a8e8d355d11c";

-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/E290-4D47";
-    fsType = "vfat";
-    options = ["fmask=0022" "dmask=0022"];
-  };
-
  fileSystems."/home" = {
    device = "/dev/disk/by-uuid/cee0ceca-3ea6-43d8-a483-00882f9ae6bb";
    fsType = "btrfs";
    options = ["subvol=@home"];
  };

+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/E290-4D47";
+    fsType = "vfat";
+    options = ["fmask=0022" "dmask=0022"];
+  };
+
  swapDevices = [];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@ -44,11 +44,13 @@
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.br-818d880dda82.useDHCP = lib.mkDefault true;
+  # networking.interfaces.br-b968380dbba7.useDHCP = lib.mkDefault true;
  # networking.interfaces.docker0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp2s0f0.useDHCP = lib.mkDefault true;
  # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/yaseen/yubikey.nix
+++ b/hosts/yaseen/yubikey.nix
--- a/hosts/enry/configuration.nix
+++ b/hosts/enry/configuration.nix
@ -41,7 +41,7 @@ in {
    extraGroups = ["networkmanager" "wheel" "dialout"];
    initialPassword = "correcthorsebatterystaple";
    openssh.authorizedKeys.keys = [
-      sshKeys.tasia.yaseen
+      sshKeys.tasia.cave
    ];
  };

--- a/hosts/phoenix/configuration.nix
+++ b/hosts/phoenix/configuration.nix
@ -39,7 +39,7 @@ in {
  };

  users.users.user.openssh.authorizedKeys.keys = [
-    sshKeys.tasia.yaseen
+    sshKeys.tasia.cave
  ];

  services.btrfs.autoScrub.fileSystems = lib.mkForce ["/" "/data"];
--- a/hosts/stuff/configuration.nix
+++ b/hosts/stuff/configuration.nix
@ -33,7 +33,7 @@ in {
  networking.hostName = "stuff";

  users.users.user.openssh.authorizedKeys.keys = [
-    sshKeys.tasia.yaseen
+    sshKeys.tasia.cave
  ];

  nix.settings.trusted-users = ["root" "@wheel"]; # TODO
--- a/hosts/theseus/configuration.nix
+++ b/hosts/theseus/configuration.nix
@ -35,7 +35,7 @@ in {
  };

  users.users.user.openssh.authorizedKeys.keys = [
-    sshKeys.tasia.yaseen
+    sshKeys.tasia.cave
  ];

  services.btrfs.autoScrub.fileSystems = lib.mkForce ["/" "/data"];
--- a/hosts/vulpecula-vps/configuration.nix
+++ b/hosts/vulpecula-vps/configuration.nix
@ -49,7 +49,7 @@ in {
    extraGroups = ["networkmanager" "wheel" "dialout"];
    initialPassword = "correcthorsebatterystaple";
    openssh.authorizedKeys.keys = [
-      sshKeys.tasia.yaseen
+      sshKeys.tasia.cave
    ];
  };

@ -81,6 +81,6 @@ in {
  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = true;
  networking.domain = "";
-  # users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILLyDLtqUhEQwIsPx0XgQ9OJb2+XxL+2ra4goNJEgwf0 tasia@yaseen'' ];
+  # users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILLyDLtqUhEQwIsPx0XgQ9OJb2+XxL+2ra4goNJEgwf0 tasia@cave'' ];
  system.stateVersion = "24.05";
 }
--- a/hosts/vulpecula-vps/wallabag.nix
+++ b/hosts/vulpecula-vps/wallabag.nix
@ -4,4 +4,6 @@
    enableACME = true;
    locations."/".proxyPass = "http://localhost:62106";
  };
+
+  # wallabag is managed through docker.
 }
--- a/hosts/vulpecula/configuration.nix
+++ b/hosts/vulpecula/configuration.nix
@ -45,7 +45,7 @@ in {
    extraGroups = ["networkmanager" "wheel"];
    initialPassword = "correcthorsebatterystaple";
    openssh.authorizedKeys.keys = [
-      sshKeys.tasia.yaseen
+      sshKeys.tasia.cave
      sshKeys.tasia.yubi-primary
      sshKeys.tasia.yubi-spare
    ];