working on orbi and stuff

2024-03-02 12:57:01 +01:00 · 2024-03-02 12:57:01 +01:00 · 049d9206d6
commit 049d9206d6
parent be0b4541f2
10 changed files with 61 additions and 59 deletions
--- a/nixos/components/network/sshd/known-hosts-bootup.nix
+++ b/nixos/components/network/sshd/known-hosts-bootup.nix
@ -12,7 +12,6 @@ let
      onionId = fileContents "${private_assets}/onion_id_chungus";
      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJpPfGAiARWgZbID+2IIT9dbo/PqgG/pkFsBaBUKGiu";
    };
-
  };

 in
@ -63,8 +62,28 @@ in
            '')
          computers;

+        unlockInit = mapAttrsToList
+          (name:
+            { public_ip, ... }:
+            pkgs.writers.writeDashBin "unlock-boot-${name}" ''
+              ${pkgs.openssh}/bin/ssh root@${public_ip} -p 2222 '
+              echo -n "enter password : "
+              read password
+              while [[ $(systemd-tty-ask-password-agent --list) -ne 0 ]]
+              do
+                systemd-tty-ask-password-agent --list
+                echo "$password" | systemd-tty-ask-password-agent --query
+              done
+              '
+            '')
+          {
+            orbi = {
+              public_ip = "95.216.66.212";
+            };
+          };
+
      in
-      sshTor ++ passwordTor;
+      sshTor ++ passwordTor ++ unlockInit;

  };
 }
--- a/nixos/components/terminal/git.nix
+++ b/nixos/components/terminal/git.nix
@ -19,9 +19,6 @@ with lib;
      gitAndTools.gitSVN
      gitAndTools.git2cl

-      # merge tools
-      meld
-
      # activate using :
      # git config --global core.pager "diff-so-fancy | less --tabs=4 -RFX"
      gitAndTools.diff-so-fancy
--- a/nixos/homes/palo/doom.d/init.el
+++ b/nixos/homes/palo/doom.d/init.el
@ -146,7 +146,7 @@
       ;;nim               ; python + lisp at the speed of c
       nix                 ; I hereby declare "nix geht mehr!"
       ;;ocaml             ; an objective camel
-       org               ; organize your plain life in plain text
+       (org +roam2)        ; organize your plain life in plain text
       ;;php               ; perl's insecure younger brother
       ;;plantuml          ; diagrams for confusing people more
       ;;purescript        ; javascript, but functional
--- a/nixos/homes/palo/doom.d/packages.el
+++ b/nixos/homes/palo/doom.d/packages.el
@ -1 +0,0 @@
-(package! scad-mode)
--- a/nixos/homes/palo/packages/development.nix
+++ b/nixos/homes/palo/packages/development.nix
@ -97,6 +97,8 @@ with lib;
            };
          }))

+          mermaid-cli
+
        ];
    })
    {
@ -158,8 +160,6 @@ with lib;
          nixpkgs-fmt
          treefmt

-          mermaid-cli
-
        ] ++ (map pandocScript (lib.cartesianProductOfSets {
          inputFormat = [ "man" "markdown" "mediawiki" "asciidoc" ];
          outputFormat = [ "mediawiki" "docbook5" "html5" "man" "jira" "markdown" ];
--- a/nixos/homes/palo/packages/nextcloud.nix
+++ b/nixos/homes/palo/packages/nextcloud.nix
@ -29,6 +29,9 @@ let
    '';
 in
 {
+
+  config = mkIf (config.gui.enable) {
+
    home.packages = [

      (nextcloudSync "InstantUpload")
@ -54,4 +57,6 @@ in
      schulden = "borrow";
    };

+  };
+
 }
--- a/nixos/homes/palo/stylix.nix
+++ b/nixos/homes/palo/stylix.nix
@ -1,6 +1,8 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 {

+  stylix.targets.swaylock.enable = config.gui.enable;
+
  stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";

  stylix.fonts = {
--- a/nixos/machines/orbi/configuration.nix
+++ b/nixos/machines/orbi/configuration.nix
@ -76,4 +76,5 @@
  # head -c4 /dev/urandom | od -A none -t x4
  networking.hostId = "5bb982a6";

+
 }
--- a/nixos/machines/orbi/hardware-configuration/default.nix
+++ b/nixos/machines/orbi/hardware-configuration/default.nix
@ -7,6 +7,7 @@ let
  # apt install -y lshw
  # lshw -C network | grep -Poh 'driver=[[:alnum:]]+'
  networkInterfaceModule = "e1000e";
+
  # ip addr
  networkInterface = "enp0s31f6";

@ -26,12 +27,16 @@ let
 in

 {
+  system.stateVersion = "23.11";

  imports = [
    ./disko-config.nix
    ./hardware-configuration.nix
  ];

+  environment.systemPackages = [
+    pkgs.mosh
+  ];

  # Use GRUB2 as the boot loader.
  # We don't use systemd-boot because Hetzner uses BIOS legacy boot.
@ -39,29 +44,12 @@ in
    enable = true;
    efiSupport = false; # we created a ef02 partition because uefi is not supported on hetzner online machines.
  };
-  #boot.loader.grub.mirroredBoots = [
-  #  { path = "/boot_sda"; devices = [ "/dev/sda" ]; }
-  #  { path = "/boot_sdb"; devices = [ "/dev/sdb" ]; }
-  #];
-
-
-  # Network configuration (Hetzner uses static IP assignments, and we don't use DHCP here)
-  #networking.useDHCP = false;
-  #networking.interfaces.${networkInterface} = {
-  #  ipv4 = { addresses = [{ address = ipv4.address; prefixLength = ipv4.prefixLength; }]; };
-  #  ipv6 = { addresses = [{ address = ipv6.address; prefixLength = ipv6.prefixLength; }]; };
-  #};
-  #networking.defaultGateway = ipv4.gateway;
-  #networking.defaultGateway6 = { address = ipv6.gateway; interface = networkInterface; };
-  #networking.nameservers = [ "8.8.8.8" "1.1.1.1" ];

  # Initial empty root password for easy login:
  users.users.root.initialHashedPassword = "";
  services.openssh.settings.PermitRootLogin = "prohibit-password";
  services.openssh.settings.PasswordAuthentication = false;

-  environment.systemPackages = [ pkgs.mosh ];
-
  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw=="
  ];
@ -69,7 +57,6 @@ in
  services.openssh.enable = true;
  services.sshguard.enable = true;

-  system.stateVersion = "23.11";

  # enable ssh on init
  # ------------------
@ -112,12 +99,10 @@ in
  boot.initrd.systemd.network.networks."10-uplink" = config.systemd.network.networks."10-uplink";
  boot.initrd.systemd.enable = true;

-  # root shell if not booting (usefull for debugging), but hijacks luks unlock
-  #boot.initrd.systemd.emergencyAccess  = true;
+  # root shell if not booting (usefull for debugging)
+  boot.initrd.systemd.emergencyAccess = false;
+
+  # playing around with stuff
+  # boot.initrd.luks.reusePassphrases = true;
+
 }
-
-
-
-
-
-
--- a/nixos/machines/orbi/hardware-configuration/disko-config.nix
+++ b/nixos/machines/orbi/hardware-configuration/disko-config.nix
@ -7,12 +7,6 @@ let
  disks = [ "sda" "sdb" ];
 in
 {
-  # ZFS already has its own scheduler. Without this my(@Artturin) computer froze for a second when i nix build something.
-  # copied from : https://github.com/numtide/srvos/blob/main/nixos/common/zfs.nix
-
-  services.udev.extraRules = lib.optionalString (config.boot.zfs.enabled) ''
-    ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ENV{ID_FS_TYPE}=="zfs_member", ATTR{../queue/scheduler}="none"
-  '';

  disko.devices = {
    disk =