palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

working on orbi and stuff

Browse source
This commit is contained in:
Ingolf Wagner 2024-03-02 12:57:01 +01:00
parent be0b4541f2
commit 049d9206d6
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
10 changed files with 61 additions and 59 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
nixos/components/network/sshd/known-hosts-bootup.nix
View file

@ -12,7 +12,6 @@ let
onionId = fileContents "${private_assets}/onion_id_chungus"; onionId = fileContents "${private_assets}/onion_id_chungus";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJpPfGAiARWgZbID+2IIT9dbo/PqgG/pkFsBaBUKGiu"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJpPfGAiARWgZbID+2IIT9dbo/PqgG/pkFsBaBUKGiu";
}; };
}; };
in in
@ -63,8 +62,28 @@ in
'') '')
computers; computers;
unlockInit = mapAttrsToList
(name:
{ public_ip, ... }:
pkgs.writers.writeDashBin "unlock-boot-${name}" ''
${pkgs.openssh}/bin/ssh root@${public_ip} -p 2222 '
echo -n "enter password : "
read password
while [[ $(systemd-tty-ask-password-agent --list) -ne 0 ]]
do
systemd-tty-ask-password-agent --list
echo "$password" | systemd-tty-ask-password-agent --query
done
'
'')
{
orbi = {
public_ip = "95.216.66.212";
};
};
in in
sshTor ++ passwordTor; sshTor ++ passwordTor ++ unlockInit;
}; };
} }

3
nixos/components/terminal/git.nix
View file

@ -19,9 +19,6 @@ with lib;
gitAndTools.gitSVN gitAndTools.gitSVN
gitAndTools.git2cl gitAndTools.git2cl
# merge tools
meld
# activate using : # activate using :
# git config --global core.pager "diff-so-fancy | less --tabs=4 -RFX" # git config --global core.pager "diff-so-fancy | less --tabs=4 -RFX"
gitAndTools.diff-so-fancy gitAndTools.diff-so-fancy

2
nixos/homes/palo/doom.d/init.el
View file

@ -146,7 +146,7 @@
;;nim ; python + lisp at the speed of c ;;nim ; python + lisp at the speed of c
nix ; I hereby declare "nix geht mehr!" nix ; I hereby declare "nix geht mehr!"
;;ocaml ; an objective camel ;;ocaml ; an objective camel
org ; organize your plain life in plain text (org +roam2) ; organize your plain life in plain text
;;php ; perl's insecure younger brother ;;php ; perl's insecure younger brother
;;plantuml ; diagrams for confusing people more ;;plantuml ; diagrams for confusing people more
;;purescript ; javascript, but functional ;;purescript ; javascript, but functional

1
nixos/homes/palo/doom.d/packages.el
View file

@ -1 +0,0 @@
(package! scad-mode)

4
nixos/homes/palo/packages/development.nix
View file

@ -97,6 +97,8 @@ with lib;
}; };
})) }))
mermaid-cli
]; ];
}) })
{ {
@ -158,8 +160,6 @@ with lib;
nixpkgs-fmt nixpkgs-fmt
treefmt treefmt
mermaid-cli
] ++ (map pandocScript (lib.cartesianProductOfSets { ] ++ (map pandocScript (lib.cartesianProductOfSets {
inputFormat = [ "man" "markdown" "mediawiki" "asciidoc" ]; inputFormat = [ "man" "markdown" "mediawiki" "asciidoc" ];
outputFormat = [ "mediawiki" "docbook5" "html5" "man" "jira" "markdown" ]; outputFormat = [ "mediawiki" "docbook5" "html5" "man" "jira" "markdown" ];

5
nixos/homes/palo/packages/nextcloud.nix
View file

@ -29,6 +29,9 @@ let
''; '';
in in
{ {
config = mkIf (config.gui.enable) {
home.packages = [ home.packages = [
(nextcloudSync "InstantUpload") (nextcloudSync "InstantUpload")
@ -54,4 +57,6 @@ in
schulden = "borrow"; schulden = "borrow";
}; };
};
} }

4
nixos/homes/palo/stylix.nix
View file

@ -1,6 +1,8 @@
{ pkgs, ... }: { pkgs, config, ... }:
{ {
stylix.targets.swaylock.enable = config.gui.enable;
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml"; stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
stylix.fonts = { stylix.fonts = {

1
nixos/machines/orbi/configuration.nix
View file

@ -76,4 +76,5 @@
# head -c4 /dev/urandom | od -A none -t x4 # head -c4 /dev/urandom | od -A none -t x4
networking.hostId = "5bb982a6"; networking.hostId = "5bb982a6";
} }

37
nixos/machines/orbi/hardware-configuration/default.nix
View file

@ -7,6 +7,7 @@ let
# apt install -y lshw # apt install -y lshw
# lshw -C network | grep -Poh 'driver=[[:alnum:]]+' # lshw -C network | grep -Poh 'driver=[[:alnum:]]+'
networkInterfaceModule = "e1000e"; networkInterfaceModule = "e1000e";
# ip addr # ip addr
networkInterface = "enp0s31f6"; networkInterface = "enp0s31f6";
@ -26,12 +27,16 @@ let
in in
{ {
system.stateVersion = "23.11";
imports = [ imports = [
./disko-config.nix ./disko-config.nix
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
environment.systemPackages = [
pkgs.mosh
];
# Use GRUB2 as the boot loader. # Use GRUB2 as the boot loader.
# We don't use systemd-boot because Hetzner uses BIOS legacy boot. # We don't use systemd-boot because Hetzner uses BIOS legacy boot.
@ -39,29 +44,12 @@ in
enable = true; enable = true;
efiSupport = false; # we created a ef02 partition because uefi is not supported on hetzner online machines. efiSupport = false; # we created a ef02 partition because uefi is not supported on hetzner online machines.
}; };
#boot.loader.grub.mirroredBoots = [
# { path = "/boot_sda"; devices = [ "/dev/sda" ]; }
# { path = "/boot_sdb"; devices = [ "/dev/sdb" ]; }
#];
# Network configuration (Hetzner uses static IP assignments, and we don't use DHCP here)
#networking.useDHCP = false;
#networking.interfaces.${networkInterface} = {
# ipv4 = { addresses = [{ address = ipv4.address; prefixLength = ipv4.prefixLength; }]; };
# ipv6 = { addresses = [{ address = ipv6.address; prefixLength = ipv6.prefixLength; }]; };
#};
#networking.defaultGateway = ipv4.gateway;
#networking.defaultGateway6 = { address = ipv6.gateway; interface = networkInterface; };
#networking.nameservers = [ "8.8.8.8" "1.1.1.1" ];
# Initial empty root password for easy login: # Initial empty root password for easy login:
users.users.root.initialHashedPassword = ""; users.users.root.initialHashedPassword = "";
services.openssh.settings.PermitRootLogin = "prohibit-password"; services.openssh.settings.PermitRootLogin = "prohibit-password";
services.openssh.settings.PasswordAuthentication = false; services.openssh.settings.PasswordAuthentication = false;
environment.systemPackages = [ pkgs.mosh ];
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw==" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw=="
]; ];
@ -69,7 +57,6 @@ in
services.openssh.enable = true; services.openssh.enable = true;
services.sshguard.enable = true; services.sshguard.enable = true;
system.stateVersion = "23.11";
# enable ssh on init # enable ssh on init
# ------------------ # ------------------
@ -112,12 +99,10 @@ in
boot.initrd.systemd.network.networks."10-uplink" = config.systemd.network.networks."10-uplink"; boot.initrd.systemd.network.networks."10-uplink" = config.systemd.network.networks."10-uplink";
boot.initrd.systemd.enable = true; boot.initrd.systemd.enable = true;
# root shell if not booting (usefull for debugging), but hijacks luks unlock # root shell if not booting (usefull for debugging)
#boot.initrd.systemd.emergencyAccess = true; boot.initrd.systemd.emergencyAccess = false;
# playing around with stuff
# boot.initrd.luks.reusePassphrases = true;
} }

6
nixos/machines/orbi/hardware-configuration/disko-config.nix
View file

@ -7,12 +7,6 @@ let
disks = [ "sda" "sdb" ]; disks = [ "sda" "sdb" ];
in in
{ {
# ZFS already has its own scheduler. Without this my(@Artturin) computer froze for a second when i nix build something.
# copied from : https://github.com/numtide/srvos/blob/main/nixos/common/zfs.nix
services.udev.extraRules = lib.optionalString (config.boot.zfs.enabled) ''
ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ENV{ID_FS_TYPE}=="zfs_member", ATTR{../queue/scheduler}="none"
'';
disko.devices = { disko.devices = {
disk = disk =