From fa41b2eb5e6d8374331e5a30f4a5aa3b6e95b4e1 Mon Sep 17 00:00:00 2001 From: Tasia Iso Date: Tue, 6 Aug 2024 18:44:43 +0200 Subject: [PATCH] update --- common/components/packages-base.nix | 1 + crypto/ssh-keys.nix | 8 +- crypto/wifi.age | Bin 0 -> 540 bytes flake.lock | 114 ++++++++++++++++--- flake.nix | 14 +-- home/tasia/home.nix | 1 - hosts/new-phoenix/configuration.nix | 57 ---------- hosts/new-phoenix/hardware-configuration.nix | 55 --------- hosts/phoenix/configuration.nix | 29 ++--- hosts/stuff/configuration.nix | 2 +- hosts/yaseen/configuration.nix | 6 +- secrets.nix | 5 + 12 files changed, 129 insertions(+), 163 deletions(-) create mode 100644 crypto/wifi.age delete mode 100644 hosts/new-phoenix/configuration.nix delete mode 100644 hosts/new-phoenix/hardware-configuration.nix create mode 100644 secrets.nix diff --git a/common/components/packages-base.nix b/common/components/packages-base.nix index 62f9b85..7ed90dd 100644 --- a/common/components/packages-base.nix +++ b/common/components/packages-base.nix @@ -20,5 +20,6 @@ ffmpeg usbutils bat + dust ]; } diff --git a/crypto/ssh-keys.nix b/crypto/ssh-keys.nix index 738b3de..d67b393 100644 --- a/crypto/ssh-keys.nix +++ b/crypto/ssh-keys.nix @@ -9,9 +9,9 @@ rec { }; host = { - enry = "enry ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCPPE7U87PZ4+BQrdJtPuD/ibf9ubyPAqcRJe6Lpc2D"; # host or user ? - phoenix = "phoenix ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN4Guf38dhoseOjx30w/Tk4Snp2ltJuk/gvpoyRWKUtt"; - stuff = "stuff ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFwMDyMq2eQ5IckD4sUIMN5+O73hkyajz61I3XYbp5vt"; - yaseen = "yaseen ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFXu/iFf6yhi6A0f6Lvp+wyltMHq1YgxZan5OdCKP9gE"; + enry = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCPPE7U87PZ4+BQrdJtPuD/ibf9ubyPAqcRJe6Lpc2D"; # host or user ? + phoenix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN4Guf38dhoseOjx30w/Tk4Snp2ltJuk/gvpoyRWKUtt"; + stuff = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFwMDyMq2eQ5IckD4sUIMN5+O73hkyajz61I3XYbp5vt"; + yaseen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFXu/iFf6yhi6A0f6Lvp+wyltMHq1YgxZan5OdCKP9gE"; }; } diff --git a/crypto/wifi.age b/crypto/wifi.age new file mode 100644 index 0000000000000000000000000000000000000000..bc6fc8fdf2302741060e1c933dd901a0a00931a7 GIT binary patch literal 540 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU72s8FBO;-pr3C{E? z(+;c%^9uHL4yv-KN>6jK@C_{uOz{rRch1NtO!M`!u*eIj$mhz4%C$`OGBmTWw5YNS zwFt@xt_X4p33l=>NHPux@((q0t1wUUN-~KI4n()jJ2NONG*BTsG{_^-GCRWECo&+! z!pAMrsWcgAXN3<&TtKqTpvz!wp`u1slnADZ1c#`k-WCn#BC)bCBI~+Mt zcjCC|;qQASw!U92#kYbXl~G!3{%>`WD#e<4D(P~|-tW!v4B0x(nCs*H-rrms%}$=Q zNej7?>YNcjsetk0!}yN)MX7b!@e^nM-eP`?x#`!_N6XL8epI;ppzrah{7Fm~XJ0Qc bwBI~wlkfke?|%PH+ESKtP2%|ZCdUH+;Mdud literal 0 HcmV?d00001 diff --git a/flake.lock b/flake.lock index 8c95b7a..59db6b9 100644 --- a/flake.lock +++ b/flake.lock @@ -1,24 +1,51 @@ { "nodes": { - "flake-utils": { + "agenix": { "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": [ + "stable" + ], "systems": "systems" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "lastModified": 1722339003, + "narHash": "sha256-ZeS51uJI30ehNkcZ4uKqT4ZDARPyqrHADSKAwv5vVCU=", + "owner": "ryantm", + "repo": "agenix", + "rev": "3f1dae074a12feb7327b4bf43cbac0d124488bb7", "type": "github" }, "original": { - "owner": "numtide", - "repo": "flake-utils", + "owner": "ryantm", + "repo": "agenix", "type": "github" } }, - "flake-utils_2": { + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "flake-utils": { "inputs": { "systems": "systems_2" }, @@ -36,7 +63,46 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { "inputs": { "nixpkgs": [ "stable" @@ -59,11 +125,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1722087241, - "narHash": "sha256-2ShmEaFi0kJVOEEu5gmlykN5dwjWYWYUJmlRTvZQRpU=", + "lastModified": 1722651103, + "narHash": "sha256-IRiJA0NVAoyaZeKZluwfb2DoTpBAj+FLI0KfybBeDU0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8c50662509100d53229d4be607f1a3a31157fa12", + "rev": "a633d89c6dc9a2a8aae11813a62d7c58b2c0cc51", "type": "github" }, "original": { @@ -107,7 +173,8 @@ }, "root": { "inputs": { - "home-manager": "home-manager", + "agenix": "agenix", + "home-manager": "home-manager_2", "nixpkgs": "nixpkgs", "stable": "stable", "tildefriends": "tildefriends", @@ -116,11 +183,11 @@ }, "stable": { "locked": { - "lastModified": 1722087241, - "narHash": "sha256-2ShmEaFi0kJVOEEu5gmlykN5dwjWYWYUJmlRTvZQRpU=", + "lastModified": 1722651103, + "narHash": "sha256-IRiJA0NVAoyaZeKZluwfb2DoTpBAj+FLI0KfybBeDU0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8c50662509100d53229d4be607f1a3a31157fa12", + "rev": "a633d89c6dc9a2a8aae11813a62d7c58b2c0cc51", "type": "github" }, "original": { @@ -160,6 +227,21 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tildefriends": { "inputs": { "flake-utils": "flake-utils", diff --git a/flake.nix b/flake.nix index e061f83..d17dca5 100644 --- a/flake.nix +++ b/flake.nix @@ -22,6 +22,11 @@ # nixos-conf-editor.url = "github:snowfallorg/nixos-conf-editor"; # nix-software-center.url = "github:snowfallorg/nix-software-center"; + + agenix = { + url = "github:ryantm/agenix"; + inputs.nixpkgs.follows = "stable"; + }; }; outputs = { @@ -35,6 +40,7 @@ # nixos-conf-editor, # nix-software-center, tildefriends, + agenix, ... } @ inputs: let inherit (self) outputs; @@ -76,14 +82,6 @@ ]; }; - new-phoenix = stable.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = {inherit inputs outputs;}; - modules = [ - ./hosts/new-phoenix/configuration.nix - ]; - }; - theseus = stable.lib.nixosSystem { system = "x86_64-linux"; specialArgs = {inherit inputs outputs;}; diff --git a/home/tasia/home.nix b/home/tasia/home.nix index 3312d4a..177dcbc 100644 --- a/home/tasia/home.nix +++ b/home/tasia/home.nix @@ -31,7 +31,6 @@ ".config/btop/btop.conf".source = ../../dotfiles/btop.conf; # ".gitconfig".source = ../../dotfiles/.gitconfig; - ".librewolf/librewolf.overrides.cfg".source = ../../dotfiles/librewolf.overrides.cfg; }; diff --git a/hosts/new-phoenix/configuration.nix b/hosts/new-phoenix/configuration.nix deleted file mode 100644 index fd46b8e..0000000 --- a/hosts/new-phoenix/configuration.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ - pkgs, - lib, - ... -}: let - sshKeys = import ../../crypto/ssh-keys.nix; -in { - imports = [ - ./hardware-configuration.nix - ../../common/base.nix - - ../../common/locales/en.nix - ../../common/locales/fr-keymap.nix - - ../../common/hardware/intel-cpu.nix - ../../common/hardware/ssd.nix - ../../common/hardware/btrfs.nix - - ../../common/services/syncthing.nix - - ../../home/tasia-but-old-username/home.nix - ]; - - networking = { - hostName = "phoenix"; - - firewall.allowedTCPPorts = [ - 8384 # syncthing web UI - 12345 # tildefriends - 13378 # audiobookshelf - ]; - firewall.allowedUDPPorts = [ - 12345 # tildefriends - ]; - }; - - users.users.user.openssh.authorizedKeys.keys = [ - sshKeys.tasia.yaseen - ]; - - services.btrfs.autoScrub.fileSystems = lib.mkForce ["/" "/data"]; - - virtualisation.docker.enable = true; - - services.syncthing = { - dataDir = lib.mkForce "/home/user"; - configDir = lib.mkForce "/data/sync/configuration/"; - guiAddress = "0.0.0.0:8384"; - }; - - environment.systemPackages = with pkgs; [ - # - ]; - - # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - system.stateVersion = "23.05"; -} diff --git a/hosts/new-phoenix/hardware-configuration.nix b/hosts/new-phoenix/hardware-configuration.nix deleted file mode 100644 index b6dc63b..0000000 --- a/hosts/new-phoenix/hardware-configuration.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ - config, - lib, - pkgs, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "sd_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = []; - boot.extraModulePackages = []; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/469da268-3ac1-4591-9209-26c89afb2e59"; - fsType = "btrfs"; - options = ["subvol=@"]; - }; - - boot.initrd.luks.devices."luks-06613ddd-abd6-409e-9a33-889cb9d15d11".device = "/dev/disk/by-uuid/06613ddd-abd6-409e-9a33-889cb9d15d11"; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/E398-A9BF"; - fsType = "vfat"; - }; - - fileSystems."/data" = { - device = "/dev/disk/by-uuid/648ae2f4-bd2e-4315-b12f-72733f92d2e0"; - fsType = "btrfs"; - }; - - boot.initrd.luks.devices."539c1a57-e6d0-4ff0-927a-8f0d4aa4c9c7".device = "/dev/disk/by-uuid/539c1a57-e6d0-4ff0-927a-8f0d4aa4c9c7"; - - fileSystems."/home" = { - device = "/dev/disk/by-uuid/469da268-3ac1-4591-9209-26c89afb2e59"; - fsType = "btrfs"; - options = ["subvol=@home"]; - }; - - swapDevices = []; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/phoenix/configuration.nix b/hosts/phoenix/configuration.nix index b6433f9..e1c5864 100644 --- a/hosts/phoenix/configuration.nix +++ b/hosts/phoenix/configuration.nix @@ -8,22 +8,14 @@ in { imports = [ ./hardware-configuration.nix ../../common/base.nix - ../../common/full-install.nix ../../common/locales/en.nix ../../common/locales/fr-keymap.nix ../../common/hardware/intel-cpu.nix - ../../common/hardware/amd-gpu.nix ../../common/hardware/ssd.nix ../../common/hardware/btrfs.nix - ../../common/hardware/latest-kernel.nix - ../../common/components/de/sddm.nix - ../../common/components/de/plasma6.nix - - ../../common/programs/steam.nix - ../../common/services/adguardhome.nix ../../common/services/syncthing.nix ../../home/tasia-but-old-username/home.nix @@ -32,17 +24,14 @@ in { networking = { hostName = "phoenix"; - firewall = { - enable = true; - allowedTCPPorts = [ - 8080 # ? - 12345 # tildefriends - 13378 # audiobookshelf - ]; - allowedUDPPorts = [ - 8080 # ? - ]; - }; + firewall.allowedTCPPorts = [ + 8384 # syncthing web UI + # 12345 # tildefriends + # 13378 # audiobookshelf + ]; + firewall.allowedUDPPorts = [ + 12345 # tildefriends + ]; }; users.users.user.openssh.authorizedKeys.keys = [ @@ -54,11 +43,11 @@ in { # services.vedirect-reader.enable = true; virtualisation.docker.enable = true; - services.flatpak.enable = false; services.syncthing = { dataDir = lib.mkForce "/home/user"; configDir = lib.mkForce "/data/sync/configuration/"; + guiAddress = "0.0.0.0:8384"; }; environment.systemPackages = with pkgs; [ diff --git a/hosts/stuff/configuration.nix b/hosts/stuff/configuration.nix index ef097af..cc9caef 100644 --- a/hosts/stuff/configuration.nix +++ b/hosts/stuff/configuration.nix @@ -44,7 +44,7 @@ in { enableKwallet = true; }; - services.printing.drivers = [ pkgs.cnijfilter2 ]; + services.printing.drivers = [pkgs.cnijfilter2]; environment.systemPackages = with pkgs; [ # Additional system packages here diff --git a/hosts/yaseen/configuration.nix b/hosts/yaseen/configuration.nix index 3cfb4a4..01dc701 100644 --- a/hosts/yaseen/configuration.nix +++ b/hosts/yaseen/configuration.nix @@ -48,6 +48,7 @@ in { # Personal modules # ../../modules/nixos/tildefriends.nix + inputs.agenix.nixosModules.default ]; # RGB Keyboard backight @@ -111,6 +112,9 @@ in { logseq nix-tree android-studio + lutris + + inputs.agenix.packages.x86_64-linux.default ]; fonts.packages = with pkgs; [ @@ -162,7 +166,7 @@ in { ]; }; - services.printing.drivers = [ pkgs.cnijfilter2 ]; + services.printing.drivers = [pkgs.cnijfilter2]; services.ollama = { enable = true; diff --git a/secrets.nix b/secrets.nix new file mode 100644 index 0000000..08f6bfd --- /dev/null +++ b/secrets.nix @@ -0,0 +1,5 @@ +let + sshKeys = import ./crypto/ssh-keys.nix; +in { + "crypto/wifi.age".publicKeys = [sshKeys.host.yaseen sshKeys.tasia.yaseen]; +}