From 45a4de7b78d094e031fe2664eb72abbfbf31fa71 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Sun, 17 Dec 2023 19:17:59 +0100 Subject: [PATCH] play around with cherry --- nixos/components/default.nix | 3 +- nixos/components/gui/browser.nix | 13 +++++ nixos/components/yubikey.nix | 66 +++++++++++++++++++++++++ nixos/machines/cherry/configuration.nix | 33 +++---------- nixos/machines/cherry/disko-config.nix | 9 +++- nixos/system/desktop/default.nix | 23 +-------- nixos/system/desktop/yubikey.nix | 55 --------------------- 7 files changed, 96 insertions(+), 106 deletions(-) create mode 100644 nixos/components/yubikey.nix delete mode 100644 nixos/system/desktop/yubikey.nix diff --git a/nixos/components/default.nix b/nixos/components/default.nix index 8c75e65..c665d18 100644 --- a/nixos/components/default.nix +++ b/nixos/components/default.nix @@ -4,7 +4,8 @@ ./mainUser.nix ./media ./network - ./terminal ./nixos + ./terminal + ./yubikey.nix ]; } diff --git a/nixos/components/gui/browser.nix b/nixos/components/gui/browser.nix index 6abc481..d6a84b8 100644 --- a/nixos/components/gui/browser.nix +++ b/nixos/components/gui/browser.nix @@ -5,6 +5,19 @@ let in { config = lib.mkIf config.components.gui.enable { + + # overwrite use zram on small RAM systems + fileSystems."/share" = lib.mkDefault { + device = "tmpfs"; + fsType = "tmpfs"; + }; + + # overwrite use zram on small RAM systems + fileSystems."${homeFolder}" = lib.mkDefault { + device = "tmpfs"; + fsType = "tmpfs"; + }; + programs.custom.browser = { enable = lib.mkDefault true; configList = { diff --git a/nixos/components/yubikey.nix b/nixos/components/yubikey.nix new file mode 100644 index 0000000..5f61ed8 --- /dev/null +++ b/nixos/components/yubikey.nix @@ -0,0 +1,66 @@ +# References: +# * https://github.com/drduh/YubiKey-Guide +# * https://nixos.wiki/wiki/Yubikey +{ config, pkgs, lib, ... }: +with lib; +{ + + options.components.yubikey.enable = lib.mkOption { + type = lib.types.bool; + default = true; + }; + + # todo move this tho home manager + config = mkIf config.components.yubikey.enable { + + services.pcscd.enable = true; + services.udev.packages = [ + + pkgs.yubikey-personalization + + # additional services, but I just want gpg + # pkgs.libu2f-host + + ]; + + environment.systemPackages = [ + + # for `gpg --export $keyid | hokey lint` to check keys + #pkgs.haskellPackages.hopenpgp-tools + + # for otp keys (but I use pass otp) + # pkgs.yubioath-desktop + + (pkgs.writers.writeDashBin "gpg-reset-yubikey-id" '' + echo "reset gpg to make new key available" + set -x + set -e + ${pkgs.psmisc}/bin/killall gpg-agent + rm -r ~/.gnupg/private-keys-v1.d/ + ${pkgs.gnupg}/bin/gpg --card-status + echo "now the new key should work" + '') + + ]; + + ## managed by home-manager now + #environment.shellInit = '' + # export GPG_TTY="$(tty)" + # gpg-connect-agent /bye + # export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh" + #''; + #programs = { + # ssh.startAgent = false; + # gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + #}; + + ## managed by home-manager now + #security.pam.u2f.enable = true; + #security.pam.u2f.authFile = toString config.sops.secrets.yubikey_u2fAuthFile.path; + #sops.secrets.yubikey_u2fAuthFile = { }; + + }; +} diff --git a/nixos/machines/cherry/configuration.nix b/nixos/machines/cherry/configuration.nix index 1dddec1..427c6a3 100644 --- a/nixos/machines/cherry/configuration.nix +++ b/nixos/machines/cherry/configuration.nix @@ -3,9 +3,13 @@ imports = [ - ../../components - ../../system/desktop + # last system packages that need to be migrated to components + ../../system/all/borg-jobs.nix + ../../system/all/syncthing.nix ../../system/server/netdata.nix + ../../modules + + ../../components ./disko-config.nix ./hardware-configuration.nix @@ -20,9 +24,6 @@ ]; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!) sops.secrets.pushover_user_key = { }; sops.secrets.pushover_api_key = { }; @@ -109,17 +110,8 @@ }; }; - programs.custom.steam.enable = true; services.printing.enable = true; - # fonts - # ----- - programs.custom.urxvt.fontSize = 16; - programs.custom.urxvt.fontType = "vector"; - programs.custom.xterm.fontSize = 16; - # todo : add xterm fontType - # programs.custom.xterm.fontType = "vector"; - virtualisation = { docker.enable = true; podman.enable = true; @@ -130,19 +122,6 @@ }; }; - #services.xserver.desktopManager.gnome.enable = true; - #services.xserver.displayManager.lightdm.enable = false; - #services.xserver.displayManager.sddm.enable = true; - - custom.samba-share = { - enable = false; - folders = { - share = "/home/share"; - video = "/home/video-material"; - }; - }; - - # for congress and streaming hardware.opengl = { enable = true; diff --git a/nixos/machines/cherry/disko-config.nix b/nixos/machines/cherry/disko-config.nix index 0c64ed0..5b1f2b4 100644 --- a/nixos/machines/cherry/disko-config.nix +++ b/nixos/machines/cherry/disko-config.nix @@ -3,17 +3,24 @@ { config, lib, ... }: { + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!) + + # ZFS stuff + # --------- boot.supportedFilesystems = [ "zfs" ]; # head -c4 /dev/urandom | od -A none -t x4 networking.hostId = "59e38471"; services.zfs.autoSnapshot.enable = true; - # ZFS already has its own scheduler. Without this my(@Artturin) computer froze for a second when i nix build something. # copied from : https://github.com/numtide/srvos/blob/main/nixos/common/zfs.nix services.udev.extraRules = lib.optionalString (config.boot.zfs.enabled) '' ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ENV{ID_FS_TYPE}=="zfs_member", ATTR{../queue/scheduler}="none" ''; + # disko configuration + # ------------------- disko.devices = { disk = { root = { diff --git a/nixos/system/desktop/default.nix b/nixos/system/desktop/default.nix index bd708d3..0abc6f2 100644 --- a/nixos/system/desktop/default.nix +++ b/nixos/system/desktop/default.nix @@ -4,7 +4,7 @@ ../all #./packages.nix - ./yubikey.nix + #./yubikey.nix ]; #components.network.sshd.onlyTincAccess = lib.mkDefault true; @@ -34,27 +34,6 @@ services.urxvtd.enable = true; - #system.custom.bluetooth.enable = true; - - # temperature / power consumption - # https://linrunner.de/en/tlp/docs/tlp-linux-advanced-power-management.html - # todo fix this - #services.tlp.enable = false; - #services.thermald.enable = false; - # fucks up usb mouse - #powerManagement.powertop.enable = true; - - # overwrite use zram on small RAM systems - fileSystems."/share" = lib.mkDefault { - device = "tmpfs"; - fsType = "tmpfs"; - }; - - # overwrite use zram on small RAM systems - fileSystems."/browsers" = lib.mkDefault { - device = "tmpfs"; - fsType = "tmpfs"; - }; } diff --git a/nixos/system/desktop/yubikey.nix b/nixos/system/desktop/yubikey.nix deleted file mode 100644 index c8eb06d..0000000 --- a/nixos/system/desktop/yubikey.nix +++ /dev/null @@ -1,55 +0,0 @@ -# References: -# * https://github.com/drduh/YubiKey-Guide -# * https://nixos.wiki/wiki/Yubikey -{ config, pkgs, ... }: { - - services.pcscd.enable = true; - services.udev.packages = [ - - pkgs.yubikey-personalization - - # additional services, but I just want gpg - # pkgs.libu2f-host - - ]; - - environment.systemPackages = [ - - # for `gpg --export $keyid | hokey lint` to check keys - #pkgs.haskellPackages.hopenpgp-tools - - # for otp keys (but I use pass otp) - # pkgs.yubioath-desktop - - (pkgs.writers.writeDashBin "gpg-reset-yubikey-id" '' - echo "reset gpg to make new key available" - set -x - set -e - ${pkgs.psmisc}/bin/killall gpg-agent - rm -r ~/.gnupg/private-keys-v1.d/ - ${pkgs.gnupg}/bin/gpg --card-status - echo "now the new key should work" - '') - - ]; - - ## managed by home-manager now - #environment.shellInit = '' - # export GPG_TTY="$(tty)" - # gpg-connect-agent /bye - # export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh" - #''; - #programs = { - # ssh.startAgent = false; - # gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - #}; - - ## managed by home-manager now - #security.pam.u2f.enable = true; - #security.pam.u2f.authFile = toString config.sops.secrets.yubikey_u2fAuthFile.path; - #sops.secrets.yubikey_u2fAuthFile = { }; - -}