From 8bfbb6095612e37e343c64f6b55c88bed1ba4c2b Mon Sep 17 00:00:00 2001
From: Ingolf Wagner <contact@ingolf-wagner.de>
Date: Fri, 24 Jan 2020 23:19:48 +1300
Subject: [PATCH] mobi: create mobi system on usb stick

---
 assets/tinc/mobi_host_file                | 14 ++++++
 configs/mobi/configuration.nix            | 33 +++++++++++++
 configs/mobi/hardware-configuration.nix   | 59 +++++++++++++++++++++++
 configs/mobi/tinc.nix                     | 14 ++++++
 configs/sterni/hardware-configuration.nix |  2 +-
 shell.nix                                 | 19 +++-----
 system/all/tinc.nix                       |  5 ++
 7 files changed, 132 insertions(+), 14 deletions(-)
 create mode 100644 assets/tinc/mobi_host_file
 create mode 100644 configs/mobi/configuration.nix
 create mode 100644 configs/mobi/hardware-configuration.nix
 create mode 100644 configs/mobi/tinc.nix

diff --git a/assets/tinc/mobi_host_file b/assets/tinc/mobi_host_file
new file mode 100644
index 0000000..ac1792b
--- /dev/null
+++ b/assets/tinc/mobi_host_file
@@ -0,0 +1,14 @@
+Ed25519PublicKey = 94CccmfAuNtQzopd5NiVYjTjZvSgabMh66BI/iyVmnJ
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEA8m9cBRv+9K8ywH19CZKDidwmzEa+2j3rkFjek+uPLVCHX5FlVQv+
+flX5fY06DuaPzWKf4MoXHxmVa9T/WOcKZJUmhSJC2AVorhuPihOx0FNrQr69bamy
+x03fiH0pHmDXumNdGMUcNf+06Zu2Nr9yze8rE1B97zb0RPBf+XC1uHw4E4PrWC/F
+swibj9U45bp07wFvJrkAsngw4c6+TFERW6TK5DPKDQs7KfgdsqFGLvg2cY5phwC1
+08HBC7eTf2xG6paaS7gEbhDMQ/K47Lbhbv2srnYfaBw5iyc8f29ZwEuNfE4V15B3
+foz/kGAhceTuBKNCVvKvqSIL2yEsibFVyl7zlgGp3EKWuR5ETQAspJViGILwiyq6
+iRYQ1AxxyroqS146CUAB8/68w0PwroKt8lXMEtx58S7/OAW0KnXGxwqSfocH+iE4
+qry9pPuSs7RR6lXBB0nvSfTbaZDMUXtiyV24+pyZgl5Q31kDgUWgFpzGRBc/CTO2
+h8OmUcvEyLxh3bruu0SQGXa35G1Igsumuh/uLifgHB/odLYY00PhEdpp52BswgXe
+yz88nfXMOyvm7ROEyA7r2qruM1kEHDSQ8IRuxhd8YebyI7k6mYVE8CR5T89QfVl3
+mrNk+f6Q/cpFiNBxr7+UBCiHix3/GDAD4NEgvu5nfqinTA34FuscTS8CAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/configs/mobi/configuration.nix b/configs/mobi/configuration.nix
new file mode 100644
index 0000000..2572445
--- /dev/null
+++ b/configs/mobi/configuration.nix
@@ -0,0 +1,33 @@
+{ config, pkgs, lib, ... }: {
+
+  imports = [
+
+    <system/desktop>
+    ./hardware-configuration.nix
+
+    ./tinc.nix
+
+  ];
+
+  system.custom.wifi.interfaces = [ ];
+
+  networking.hostName = "mobi";
+
+  security.wrappers = {
+    pmount.source = "${pkgs.pmount}/bin/pmount";
+    pumount.source = "${pkgs.pmount}/bin/pumount";
+  };
+
+  # fonts
+  # -----
+  programs.custom.urxvt.fontSize = 12;
+  programs.custom.xterm.fontSize = 12;
+  system.custom.fonts.dpi = 100;
+
+  configuration.desktop = {
+    width = 1366;
+    height = 768;
+  };
+
+}
+
diff --git a/configs/mobi/hardware-configuration.nix b/configs/mobi/hardware-configuration.nix
new file mode 100644
index 0000000..9c4b32a
--- /dev/null
+++ b/configs/mobi/hardware-configuration.nix
@@ -0,0 +1,59 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
+
+  boot.initrd.availableKernelModules =
+    [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  # efi boot loader configuration using grub
+  boot.loader.efi.canTouchEfiVariables = false;
+  boot.loader.grub = {
+    device = "nodev";
+    efiInstallAsRemovable = true;
+    efiSupport = true;
+    enable = true;
+    version = 2;
+  };
+
+  fileSystems."/share/" = {
+    device = "/dev/ram1";
+    fsType = "tmpfs";
+  };
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+
+  # NTFS support
+  # ------------
+  environment.systemPackages = [ pkgs.ntfs3g ];
+
+  # lvm volume group
+  # ----------------
+  boot.initrd.luks.devices = [{
+    name = "secure_vg";
+    device = "/dev/disk/by-uuid/e138095f-c703-4dea-bb1c-bf888b8e1b81";
+    preLVM = true;
+  }];
+
+  # root
+  # ----
+  fileSystems."/" = {
+    options = [ "noatime" "nodiratime" "discard" ];
+    device = "/dev/secure_vg/root";
+    fsType = "ext4";
+  };
+
+  # boot
+  # ----
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/064D-3144";
+    fsType = "vfat";
+  };
+
+}
diff --git a/configs/mobi/tinc.nix b/configs/mobi/tinc.nix
new file mode 100644
index 0000000..111c720
--- /dev/null
+++ b/configs/mobi/tinc.nix
@@ -0,0 +1,14 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+  module.cluster.services.tinc = {
+    "private" = {
+      enable = true;
+      openPort = true;
+      connectTo = [ "sputnik" ];
+    };
+  };
+
+}
diff --git a/configs/sterni/hardware-configuration.nix b/configs/sterni/hardware-configuration.nix
index e9be582..f295c83 100644
--- a/configs/sterni/hardware-configuration.nix
+++ b/configs/sterni/hardware-configuration.nix
@@ -13,7 +13,7 @@
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
 
-  # Use the systemd-boot EFI boot loader.
+  # Use the systemd-boot EFI boot loader, not grub
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
diff --git a/shell.nix b/shell.nix
index 2c45f35..b4ec764 100644
--- a/shell.nix
+++ b/shell.nix
@@ -1,5 +1,8 @@
 let
 
+  # host used to install stuff. (can be an onion id if you use torify)
+  installHost = "localhost";
+
   #ops = import ../plops ;
   ops = import ((import <nixpkgs> { }).fetchgit {
     url = "https://github.com/mrVanDalo/plops.git";
@@ -131,14 +134,6 @@ let
       switch
     ];
 
-  serverPushSecrets = name:
-    { host ? (hostPattern name), user ? "root" }:
-    with ops;
-    jobs "push-${name}" "${user}@${host}" [
-      (populateTmpfs (source.keys name))
-      (populate (source.secrets name))
-    ];
-
   desktopDeployment = name:
     { host ? (hostPattern name), target ? "/var/src/", user ? "root"
     , commandPrefix ? "deploy", enableSwitch ? true }:
@@ -172,20 +167,18 @@ let
     let
       serverList = [ "workhorse" "sputnik" "porani" ];
       deployments = flip map serverList (name: serverDeployment name { });
-      secretPushes = flip map serverList (name: serverPushSecrets name { });
       cleanup = flip map serverList (name: cleanupNix name);
-    in deployments ++ secretPushes ++ cleanup;
+    in deployments ++ cleanup;
 
   desktops = with lib;
     let
-      desktopList = [ "pepe" "workout" "sterni" ];
+      desktopList = [ "pepe" "workout" "sterni" "mobi" ];
       deployments = flip map desktopList (name: desktopDeployment name { });
       cleanup = flip map desktopList (name: cleanupNix name);
       install = flip map desktopList (name:
         desktopDeployment name {
           commandPrefix = "install";
-          host =
-            "wz7tdziakduqtmqbbt65ttmmj2q23jkjdyeyg2vfwe52vbvsp6tjimqd.onion";
+          host = installHost;
           target = "/mnt/var/src";
           enableSwitch = false;
         });
diff --git a/system/all/tinc.nix b/system/all/tinc.nix
index eaeb3f2..f0eadfd 100644
--- a/system/all/tinc.nix
+++ b/system/all/tinc.nix
@@ -43,6 +43,7 @@ in {
         };
       };
     };
+    # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
     "private" = {
       networkSubnet = "10.23.42.0/24";
       extraConfig = ''
@@ -64,6 +65,10 @@ in {
           # publicKey  = lib.fileContents <assets/tinc/sterni_host_file>;
           publicKey = lib.fileContents <assets/tinc/workout_host_file>;
         };
+        mobi = {
+          tincIp = "10.23.42.23";
+          publicKey = lib.fileContents <assets/tinc/mobi_host_file>;
+        };
         porani = {
           tincIp = "10.23.42.31";
           publicKey = lib.fileContents <assets/tinc/porani_host_file>;