diff --git a/README.md b/README.md index 3bb7653..36790ba 100644 --- a/README.md +++ b/README.md @@ -12,20 +12,38 @@ this is outdated - `base.nix`: The minimum configuration that a machine needs - `full-install.nix`: if this machine has a DE or is going to be used by a human - `tasia-packages.nix`: Collection of additional packages +- `common`: SSH keys, secrets, ... +- `dotfiles`: all my dotfiles +- `home`: user-specific settings. - `hosts`: Machine-specific configurations - `modules/nixos`: Custom NixOS modules - `overlays`: Custom NixOS overlays - `pkgs`: Custom NixOS packages +- `stuff`: Random stuff that doesn't belong anywhere else ## Memo Update channels: `nix flake update` -Build a configuration: `# nixos-rebuild switch --flake .#phoenix` +Build a configuration: `sudo ixos-rebuild switch --flake .#$(cat /etc/hostname)` Build enry and upload a generation: TODO -### git +### To do on a new machine + +- Install NixOS + +- Clone this repo `git clone https://gitea.com/tasiaiso/nixos-config.git && cd nixos-onfig` + +- `export HOSTNAME= && mkdir hosts/$HOSTNAME && cd hosts/$HOSTNAME && touch configuration.nix` + +- Fill out `configuration.nix` + +- `sudo nixos-generate-config --show-hardware-config > hosts/$HOSTNAME/hardare-configuration.nix` + +- `sudo nixos-rebuild switch --flake .#$HOSTNAME` + +#### git generate an ssh key: `ssh-keygen -t ed25519` @@ -33,6 +51,10 @@ add to ssh-agent: `ssh-add .ssh/id_ed25519` add to git: `git config --global user.signingkey ~/.ssh/id_ed25519` +#### google-authenticator + +- `google-authenticator -td -r 5 -R 60 -w 2` + # Hosts ## theseus diff --git a/common/services/auditd.nix b/common/services/auditd.nix index 33f5626..ea13c73 100644 --- a/common/services/auditd.nix +++ b/common/services/auditd.nix @@ -1,6 +1,6 @@ { - # security.auditd.enable = true; - # security.audit.enable = true; + security.auditd.enable = true; + security.audit.enable = true; # security.audit.rules = [ # "-a exit,always -F arch=b64 -S execve" # ]; diff --git a/common/services/usbguard.nix b/common/services/usbguard.nix index baaa327..2ba7f19 100644 --- a/common/services/usbguard.nix +++ b/common/services/usbguard.nix @@ -27,6 +27,7 @@ # Peripherals allow id 046d:c08b serial "178D316C3832" name "G502 HERO Gaming Mouse" allow id 18d1:4ee1 serial "28051FDH200ATC" name "Pixel 7" + allow id 2717:ff40 serial "52bb384f0512" name "Redmi 10 2022" ''; }; } diff --git a/dotfiles/.shellrc b/dotfiles/.shellrc index 3733729..4870987 100644 --- a/dotfiles/.shellrc +++ b/dotfiles/.shellrc @@ -6,5 +6,5 @@ if [[ -n $SSH_CONNECTION ]] ; then -H "Priority: urgent" \ -H "Tags: urgent" \ -d "$(cat /etc/hostname ): ssh session ($SSH_CONNECTION)" \ - ntfy.sh/tasiaiso_alerts &> /dev/null + ntfy.sh/tasiaiso_alerts &> /dev/null # Please don't make me learn how to manage secrets fi diff --git a/home/tasia/home.nix b/home/tasia/home.nix index 1bc9956..ade0dc3 100644 --- a/home/tasia/home.nix +++ b/home/tasia/home.nix @@ -23,42 +23,46 @@ home.packages = with pkgs; [ bitwarden - # android-tools gocryptfs - #endless-sky - #gnucash - # obs-studio - # kdenlive rustc cargo nodejs rpi-imager - # wireshark - # appimage-run - #ssb-patchwork simplex-chat-desktop - #android-studio - #swig picard kleopatra qbittorrent tor-browser protonvpn-gui - # radicle-cli - # opensnitch-ui + protonvpn-cli yarn nodePackages.node-gyp nodePackages.node-pre-gyp - # superTuxKart openssl home-manager - # qgis - atool httpie cowsay stress + lazygit + + wireguard-tools + + # android-tools + #endless-sky + #gnucash + # obs-studio + # kdenlive + # wireshark + # appimage-run + #ssb-patchwork + #android-studio + #swig + # radicle-cli + # opensnitch-ui + # superTuxKart + # qgis ]; # The state version is required and should stay at the version you diff --git a/hosts/new-new-phoenix/configuration.nix b/hosts/new-new-phoenix/configuration.nix index 89866f3..97c98c3 100644 --- a/hosts/new-new-phoenix/configuration.nix +++ b/hosts/new-new-phoenix/configuration.nix @@ -45,9 +45,11 @@ in { networking = { hostName = "new-new-phoenix"; + # firewall.enable = lib.mkForce false; firewall = { allowedTCPPorts = [ 8080 # ? + 8008 # ssb 12345 # tildefriends 13378 # audiobookshelf ]; @@ -91,6 +93,12 @@ in { # inputs.nixos-conf-editor.packages.${system}.nixos-conf-editor # inputs.nix-software-center.packages.${system}.nix-software-center ]; + virtualisation.virtualbox.host.enable = true; + users.extraGroups.vboxusers.members = ["tasia"]; + + services.openvpn.servers = { + ch = {config = ''config /home/tasia/Downloads/ch.protonvpn.udp.ovpn '';}; + }; services.blueman.enable = true; diff --git a/pkgs/tildefriends/default.nix b/pkgs/tildefriends/default.nix index a2bec1e..95b1f01 100644 --- a/pkgs/tildefriends/default.nix +++ b/pkgs/tildefriends/default.nix @@ -8,14 +8,15 @@ }: stdenv.mkDerivation rec { pname = "tildefriends"; - version = "0.0.17"; + version = "0.0.18"; src = fetchFromGitea { domain = "dev.tildefriends.net"; owner = "cory"; repo = "tildefriends"; rev = "v${version}"; - hash = "sha256-Wc9MvafA2rPmjnRvmMB3qmRyDQNhF688weKItHw3E8I="; + hash = "sha256-+uthA1w8CmZfW+WOK9wYGl2fUl/k10ufOc8W+Pwa9iQ="; + fetchSubmodules = true; }; nativeBuildInputs = [