lol

README.md

@@ -39,8 +39,6 @@ My main PC. Mostly unused because of power constraints
 
 ## phoenix
 
-`phoenix ssh-ed25519 AAAAC3Nza C1lZDI1NTE5AAAAIJTqExIIZuW9yvK7mgveNK8KDGKaRswrjj/nwVDwUdeL`
-
 My old laptop.
 
 ## stuff
@@ -49,17 +47,8 @@ Another person's laptop.
 
 ### enry
 
-`enry ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCPPE7U87PZ4+BQrdJtPuD/ibf9ubyPAqcRJe6Lpc2D`
-
 This is my Raspberry Pi 3B+ inside my electrical cabinet.
 
 ### new-new-phoenix
 
-```
-SHA256:hV3Kumt4I9Bt0/IAX3D9Y1kN93COAQFNSsAdiv9mpIg new-new-phoenix
-
-SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw tasia@new-new-phoenix
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILLyDLtqUhEQwIsPx0XgQ9OJb2+XxL+2ra4goNJEgwf0 tasia@new-new-phoenix
-```
-
 New laptop. Main driver. TODO: give it a name.

common/full-install.nix

@@ -14,6 +14,31 @@
   };
 
   environment.systemPackages = with pkgs; [
-    #
+    bat
+
+    nextdns
+
+    # need to test
+    helix
+    holehe
+    smartmontools
+    cheat
+    lazygit
+    ripgrep
+    jq
+    yq
+    neofetch
+    tldr
+    dust
+    powertop
+    fzf
+    atuin
+    zellij
+    eza
+    lapce
+    gotty
+    gping
+    yazi
+    vulnix # once im on stable
   ];
 }

common/hardware/btrfs.nix

@@ -2,6 +2,6 @@
   services.btrfs.autoScrub = {
     enable = true;
     interval = "weekly";
-    fileSystems = lb.mkDefault ["/"];
+    fileSystems = lib.mkDefault ["/"];
   };
 }

common/hardware/latest-kernel.nix

@@ -0,0 +1,5 @@
+{pkgs, ...}: {
+  boot = {
+    kernelPackages = pkgs.linuxPackages_latest;
+  };
+}

common/hardware/nvidia-gpu-offload.nix

@@ -0,0 +1,8 @@
+{
+  hardware.nvidia.prime = {
+    offload = {
+      enable = true;
+      enableOffloadCmd = true;
+    };
+  };
+}

common/packages/sshd.nix

@@ -4,7 +4,7 @@
   # https://cyber.gouv.fr/en/publications/openssh-secure-use-recommendations
   services.openssh = {
     enable = true;
-    banner = "hello world";
+    # banner = "hello world";
 
     allowSFTP = false;
 

common/tasia-packages.nix

@@ -1,7 +1,6 @@
 {pkgs, ...}: {
   environment.systemPackages = with pkgs; [
     bitwarden
-    nextdns
     # android-tools
     gocryptfs
     #endless-sky
@@ -32,28 +31,6 @@
     openssl
 
     # qgis
-    helix
-    holehe
-    smartmontools
-    cheat
-    lazygit
-    ripgrep
-    jq
-    yq
-    neofetch
-    tldr
-    bat
-    dust
-    powertop
-    fzf
-    atuin
-    zellij
-    eza
-    lapce
-    gotty
-    gping
-    yazi
-    vulnix # once im on stable
 
     tildefriends
   ];

crypto/ssh-keys.nix

@@ -0,0 +1,18 @@
+rec {
+  new-new-phoenix = {
+    # host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFXu/iFf6yhi6A0f6Lvp+wyltMHq1YgxZan5OdCKP9gE root@new-new-phoenix";
+    # host-sha = "SHA256:hV3Kumt4I9Bt0/IAX3D9Y1kN93COAQFNSsAdiv9mpIg root@new-new-phoenix";
+    tasia = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILLyDLtqUhEQwIsPx0XgQ9OJb2+XxL+2ra4goNJEgwf0 tasia@new-new-phoenix";
+    # tasia-sha = "SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw tasia@new-new-phoenix";
+  };
+
+  phoenix = {
+    host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJTqExIIZuW9yvK7mgveNK8KDGKaRswrjj/nwVDwUdeL root@phoenix"; # host or user ?
+    user = "null";
+  };
+
+  enry = {
+    host = "enry ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCPPE7U87PZ4+BQrdJtPuD/ibf9ubyPAqcRJe6Lpc2D"; # same
+    user = "null";
+  };
+}

hosts/enry/configuration.nix

@@ -2,7 +2,9 @@
   pkgs,
   lib,
   ...
-}: {
+}: let
+  sshKeys = import ../../crypto/ssh-keys.nix;
+in {
   imports = [
     ./hardware-configuration.nix
     ../../common/default.nix
@@ -23,8 +25,8 @@
     extraGroups = ["networkmanager" "wheel" "dialout"];
     initialPassword = "correcthorsebatterystaple";
     openssh.authorizedKeys.keys = [
-      "SHA256:RrcbPCE9BPVLAEhERm81NwXA28OKpn9U6irR2vG7K5I user@phoenix"
+      sshKeys.phoenix.tasia
-      "SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw tasia@new-new-phoenix"
+      sshKeys.new-new-phoenix.tasia
     ];
   };
 

hosts/new-new-phoenix/configuration.nix

@@ -2,7 +2,9 @@
   pkgs,
   lib,
   ...
-}: {
+}: let
+  sshKeys = import ../../crypto/ssh-keys.nix;
+in {
   imports = [
     ./hardware-configuration.nix
     ../../common/default.nix
@@ -11,9 +13,12 @@
 
     ../../common/locales/en.nix
     ../../common/locales/fr-keymap.nix
-    ../../common/hardware/intelcpu.nix
+    ../../common/hardware/intel-cpu.nix
-    ../../common/hardware/nvidiagpu.nix
+    ../../common/hardware/nvidia-gpu.nix
+    ../../common/hardware/nvidia-gpu-offload.nix
     ../../common/hardware/ssd.nix
+    ../../common/hardware/btrfs.nix
+    ../../common/hardware/latest-kernel.nix
 
     ../../common/de/plasma6.nix
     # ../../common/de/hyprland.nix
@@ -26,20 +31,11 @@
     # ../../modules/nixos/vedirect-reader.nix
   ];
 
-  boot = {
+  # boot.kernelModules = [ "fuse" "kvm-intel" "coretemp" ];
-    kernelPackages = pkgs.linuxPackages_latest;
-    # boot.kernelModules = [ "fuse" "kvm-intel" "coretemp" ];
-  };
 
   hardware.nvidia.prime = {
-    # Make sure to use the correct Bus ID values for your system!
     intelBusId = "PCI:1:0:0";
     nvidiaBusId = "PCI:0:2:0";
-
-    offload = {
-      enable = true;
-      enableOffloadCmd = true;
-    };
   };
 
   networking = {
@@ -64,15 +60,11 @@
     extraGroups = ["networkmanager" "wheel" "syncthing"];
     initialPassword = "correcthorsebatterystaple";
     openssh.authorizedKeys.keys = [
-      "SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw tasia@new-new-phoenix" # self
+      sshKeys.new-new-phoenix.tasia
     ];
   };
 
-  services.btrfs.autoScrub = {
+  services.btrfs.autoScrub.fileSystems = ["/"];
-    enable = true;
-    interval = "weekly";
-    fileSystems = ["/"];
-  };
 
   # services.vedirect-reader.enable = true;
 

hosts/new-phoenix/configuration.nix

@@ -2,14 +2,16 @@
   pkgs,
   lib,
   ...
-}: {
+}:  let
+  sshKeys = import ../../crypto/ssh-keys.nix;
+in {
   imports = [
     ./hardware-configuration.nix
     ../../common/default.nix
 
     ../../common/locales/en.nix
     ../../common/locales/fr-keymap.nix
-    ../../common/hardware/intelcpu.nix
+    ../../common/hardware/intel-cpu.nix
     ../../common/hardware/ssd.nix
     ../../common/hardware/btrfs.nix
 
@@ -20,7 +22,6 @@
   networking = {
     hostName = "phoenix";
 
-    firewall.enable = true;
     firewall.allowedTCPPorts = [
       12345 # tildefriends
       13378 # audiobookshelf
@@ -36,11 +37,11 @@
     extraGroups = ["networkmanager" "wheel" "syncthing"];
     initialPassword = "correcthorsebatterystaple";
     openssh.authorizedKeys.keys = [
-      "SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw tasia@new-new-phoenix"
+      sshKeys.new-new-phoenix.tasia
     ];
   };
 
-  services.btrfs.autoScrub.fileSystems = ["/" "/data"];
+  services.btrfs.autoScrub.fileSystems = lib.mkForce ["/" "/data"];
 
   virtualisation.docker.enable = true;
 

hosts/phoenix/configuration.nix

@@ -2,7 +2,9 @@
   pkgs,
   lib,
   ...
-}: {
+}:  let
+  sshKeys = import ../../crypto/ssh-keys.nix;
+in {
   imports = [
     ./hardware-configuration.nix
     ../../common/default.nix
@@ -11,10 +13,11 @@
 
     ../../common/locales/en.nix
     ../../common/locales/fr-keymap.nix
-    ../../common/hardware/intelcpu.nix
+    ../../common/hardware/intel-cpu.nix
-    ../../common/hardware/amdgpu.nix
+    ../../common/hardware/amd-gpu.nix
     ../../common/hardware/ssd.nix
     ../../common/hardware/btrfs.nix
+    ../../common/hardware/latest-kernel.nix
 
     ../../common/de/plasma6.nix
 
@@ -26,11 +29,6 @@
     ../../modules/nixos/vedirect-reader.nix
   ];
 
-  boot = {
-    kernelPackages = pkgs.linuxPackages_latest;
-    # boot.kernelModules = [ "fuse" "kvm-intel" "coretemp" ];
-  };
-
   networking = {
     hostName = "phoenix";
 
@@ -53,7 +51,7 @@
     extraGroups = ["networkmanager" "wheel" "syncthing"];
     initialPassword = "correcthorsebatterystaple";
     openssh.authorizedKeys.keys = [
-      "SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw tasia@new-new-phoenix"
+      sshKeys.new-new-phoenix.tasia
     ];
   };
 

hosts/stuff/configuration.nix

@@ -1,11 +1,13 @@
-{pkgs, ...}: {
+{pkgs, ...}: let
+  sshKeys = import ../../crypto/ssh-keys.nix;
+in  {
   imports = [
     ./hardware-configuration.nix
     ../../common/default.nix
 
     ../../common/locales/fr.nix
     ../../common/locales/fr-keymap.nix
-    ../../common/hardware/intelcpu.nix
+    ../../common/hardware/intel-cpu.nix
     ../../common/hardware/ssd.nix
     ../../common/hardware/btrfs.nix
 
@@ -13,23 +15,20 @@
 
     ../../common/packages/syncthing.nix
     ../../common/packages/sshd.nix
-    # ../../common/packages/adguardhome.nix
   ];
 
+  networking.hostName = "stuff";
+
   users.users.user = {
     isNormalUser = true;
     description = "User";
     extraGroups = ["networkmanager" "wheel" "syncthing"];
     initialPassword = "correcthorsebatterystaple";
     openssh.authorizedKeys.keys = [
-      "SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw tasia@new-new-phoenix"
+      sshKeys.new-new-phoenix.tasia
     ];
   };
 
-  networking = {
-    hostName = "stuff";
-  };
-
   environment.systemPackages = with pkgs; [
     # Additional system packages here
   ];

hosts/theseus/configuration.nix

@@ -2,7 +2,9 @@
   pkgs,
   lib,
   ...
-}: {
+}:  let
+  sshKeys = import ../../crypto/ssh-keys.nix;
+in {
   imports = [
     ./hardware-configuration.nix
     ../../common/default.nix
@@ -11,13 +13,14 @@
 
     ../../common/locales/en.nix
     ../../common/locales/en-keymap.nix
-    ../../common/hardware/intelcpu.nix
+    ../../common/hardware/intel-cpu.nix
-    ../../common/hardware/nvidiagpu.nix
+    ../../common/hardware/nvidia-gpu.nix
     ../../common/hardware/ssd.nix
     ../../common/hardware/btrfs.nix
+    ../../common/hardware/latest-kernel.nix
 
     ../../common/de/plasma6.nix
-    ../../common/de/hyprland.nix
+    # ../../common/de/hyprland.nix
 
     ../../common/tasia-packages.nix
     ../../common/packages/syncthing.nix
@@ -26,10 +29,6 @@
     ../../common/packages/sshd.nix
   ];
 
-  boot = {
-    kernelPackages = pkgs.linuxPackages_latest;
-  };
-
   networking = {
     hostName = "theseus";
   };
@@ -40,7 +39,7 @@
     extraGroups = ["networkmanager" "wheel" "syncthing"];
     initialPassword = "correcthorsebatterystaple";
     openssh.authorizedKeys.keys = [
-      "SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw tasia@new-new-phoenix"
+      sshKeys.new-new-phoenix.tasia
     ];
   };