add mobi and it works
This commit is contained in:
parent
9964d154d4
commit
f771aa24bf
23 changed files with 278 additions and 146 deletions
56
flake.lock
56
flake.lock
|
@ -3,7 +3,7 @@
|
||||||
"barcode-reader": {
|
"barcode-reader": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-utils": "flake-utils_3",
|
"flake-utils": "flake-utils_3",
|
||||||
"nixpkgs": "nixpkgs_2"
|
"nixpkgs": "nixpkgs"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1636602745,
|
"lastModified": 1636602745,
|
||||||
|
@ -38,16 +38,18 @@
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-compat": "flake-compat",
|
"flake-compat": "flake-compat",
|
||||||
"nix-eval-jobs": "nix-eval-jobs",
|
"nix-eval-jobs": "nix-eval-jobs",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
"stable": "stable",
|
"stable": "stable",
|
||||||
"utils": "utils"
|
"utils": "utils"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1661669123,
|
"lastModified": 1663742427,
|
||||||
"narHash": "sha256-nXslD8Sbs6G9/MN7HOr+YrBCCmUdS/MpEuxJGlWeSgM=",
|
"narHash": "sha256-1gcXLVbZRVbRfNo6bHemNxdnEBgs6W0QPw675/uso3w=",
|
||||||
"owner": "zhaofengli",
|
"owner": "zhaofengli",
|
||||||
"repo": "colmena",
|
"repo": "colmena",
|
||||||
"rev": "e7356e2c5cbc19be6e04d284c943b24bbde81a9b",
|
"rev": "a8e6b999cfec9fadc2ca81994da44182e73be7eb",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -546,16 +548,15 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1660485612,
|
"lastModified": 1636416043,
|
||||||
"narHash": "sha256-sSLW1KaB1adKTJn9+Ja3h3AaS7QCZyhUKiSUStcLg80=",
|
"narHash": "sha256-Esz9X97OeAsNoJUVuqlCu2LDWcyLE24huUonhOY3JGw=",
|
||||||
"owner": "NixOS",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "6512b21eabb4d52e87ea2edcf31a288e67b2e4f8",
|
"rev": "db6044d5debaff0749420c3553d1b89fc6c5c5f8",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "NixOS",
|
"owner": "nixos",
|
||||||
"ref": "nixos-unstable",
|
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
@ -615,21 +616,6 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
|
||||||
"lastModified": 1636416043,
|
|
||||||
"narHash": "sha256-Esz9X97OeAsNoJUVuqlCu2LDWcyLE24huUonhOY3JGw=",
|
|
||||||
"owner": "nixos",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "db6044d5debaff0749420c3553d1b89fc6c5c5f8",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nixos",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs_3": {
|
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1661700591,
|
"lastModified": 1661700591,
|
||||||
"narHash": "sha256-NZa+z+TJC+Hk+87+LKkjFFmBn4GyMVEPcWFXFU+aTkU=",
|
"narHash": "sha256-NZa+z+TJC+Hk+87+LKkjFFmBn4GyMVEPcWFXFU+aTkU=",
|
||||||
|
@ -645,7 +631,7 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_4": {
|
"nixpkgs_3": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1632855891,
|
"lastModified": 1632855891,
|
||||||
"narHash": "sha256-crW76mt9/kbUBiKy/KiSnsQ9JEYgD3StDuYAMVkTbM0=",
|
"narHash": "sha256-crW76mt9/kbUBiKy/KiSnsQ9JEYgD3StDuYAMVkTbM0=",
|
||||||
|
@ -659,7 +645,7 @@
|
||||||
"type": "indirect"
|
"type": "indirect"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_5": {
|
"nixpkgs_4": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1661353537,
|
"lastModified": 1661353537,
|
||||||
"narHash": "sha256-1E2IGPajOsrkR49mM5h55OtYnU0dGyre6gl60NXKITE=",
|
"narHash": "sha256-1E2IGPajOsrkR49mM5h55OtYnU0dGyre6gl60NXKITE=",
|
||||||
|
@ -774,7 +760,7 @@
|
||||||
"polygon-art": {
|
"polygon-art": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-utils": "flake-utils_6",
|
"flake-utils": "flake-utils_6",
|
||||||
"nixpkgs": "nixpkgs_4"
|
"nixpkgs": "nixpkgs_3"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1632864714,
|
"lastModified": 1632864714,
|
||||||
|
@ -833,7 +819,7 @@
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager",
|
||||||
"home-manager-utils": "home-manager-utils",
|
"home-manager-utils": "home-manager-utils",
|
||||||
"krops": "krops",
|
"krops": "krops",
|
||||||
"nixpkgs": "nixpkgs_3",
|
"nixpkgs": "nixpkgs_2",
|
||||||
"nixpkgs-fmt": "nixpkgs-fmt",
|
"nixpkgs-fmt": "nixpkgs-fmt",
|
||||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||||
"polygon-art": "polygon-art",
|
"polygon-art": "polygon-art",
|
||||||
|
@ -878,11 +864,11 @@
|
||||||
"secrets": {
|
"secrets": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1663688404,
|
"lastModified": 1663876023,
|
||||||
"narHash": "sha256-eGKtvyakb/6jncb5oQXa0c6usLvQ8DMDjr5LtBbpdzY=",
|
"narHash": "sha256-esUjNxIvrKZXukSbZbre4l5nS++Iqhc19LGHcizHEk4=",
|
||||||
"ref": "main",
|
"ref": "main",
|
||||||
"rev": "43bc5b41992e585f8b02a18c66b478fd165ed817",
|
"rev": "6b43a1b2f4ba34f684614d15f54e68d88eea2612",
|
||||||
"revCount": 36,
|
"revCount": 38,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "ssh://gitea@git.ingolf-wagner.de/palo/nixos-secrets.git"
|
"url": "ssh://gitea@git.ingolf-wagner.de/palo/nixos-secrets.git"
|
||||||
},
|
},
|
||||||
|
@ -910,7 +896,7 @@
|
||||||
},
|
},
|
||||||
"sops-nix": {
|
"sops-nix": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": "nixpkgs_5",
|
"nixpkgs": "nixpkgs_4",
|
||||||
"nixpkgs-22_05": "nixpkgs-22_05"
|
"nixpkgs-22_05": "nixpkgs-22_05"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
|
|
25
flake.nix
25
flake.nix
|
@ -14,7 +14,10 @@
|
||||||
};
|
};
|
||||||
# colmena
|
# colmena
|
||||||
# -------
|
# -------
|
||||||
colmena.url = "github:zhaofengli/colmena";
|
colmena = {
|
||||||
|
url = "github:zhaofengli/colmena";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||||
polygon-art = {
|
polygon-art = {
|
||||||
url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
|
url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
|
||||||
|
@ -157,7 +160,7 @@
|
||||||
sterni = { name, nodes, pkgs, ... }: {
|
sterni = { name, nodes, pkgs, ... }: {
|
||||||
deployment.allowLocalDeployment = true;
|
deployment.allowLocalDeployment = true;
|
||||||
deployment.targetHost = "${name}.private";
|
deployment.targetHost = "${name}.private";
|
||||||
deployment.tags = [ "desktop" "online" ];
|
deployment.tags = [ "desktop" "online" "private" ];
|
||||||
imports = [
|
imports = [
|
||||||
grocy-scanner.nixosModule
|
grocy-scanner.nixosModule
|
||||||
];
|
];
|
||||||
|
@ -186,7 +189,7 @@
|
||||||
|
|
||||||
pepe = { name, nodes, pkgs, ... }: {
|
pepe = { name, nodes, pkgs, ... }: {
|
||||||
deployment.targetHost = "${name}.private";
|
deployment.targetHost = "${name}.private";
|
||||||
deployment.tags = [ "server" "online" ];
|
deployment.tags = [ "server" "online" "private" ];
|
||||||
imports = [
|
imports = [
|
||||||
grocy-scanner.nixosModule
|
grocy-scanner.nixosModule
|
||||||
];
|
];
|
||||||
|
@ -194,10 +197,22 @@
|
||||||
|
|
||||||
robi = { name, nodes, pkgs, ... }: {
|
robi = { name, nodes, pkgs, ... }: {
|
||||||
deployment.targetHost = "${name}";
|
deployment.targetHost = "${name}";
|
||||||
deployment.tags = [ "server" "online" ];
|
deployment.tags = [ "server" "online" "private" ];
|
||||||
imports = [ ];
|
imports = [ ];
|
||||||
};
|
};
|
||||||
|
mobi = { name, nodes, pkgs, ... }: {
|
||||||
|
deployment.targetHost = "${name}.private";
|
||||||
|
deployment.tags = [ "desktop" "usb" "private" ];
|
||||||
|
imports = [
|
||||||
|
grocy-scanner.nixosModule
|
||||||
|
];
|
||||||
|
home-manager.users.mainUser = {
|
||||||
|
imports = [
|
||||||
|
doom-emacs-nix.hmModule
|
||||||
|
home-manager-utils.hmModule
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -97,16 +97,19 @@
|
||||||
config =
|
config =
|
||||||
let
|
let
|
||||||
torDirectory = "/var/lib/tor";
|
torDirectory = "/var/lib/tor";
|
||||||
hiddenServiceDir = torDirectory + "/liveos";
|
hiddenServiceDir = torDirectory + "/onion/hidden-ssh";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
services.tor = {
|
services.tor = {
|
||||||
enable = true;
|
enable = true;
|
||||||
client.enable = true;
|
client.enable = true;
|
||||||
extraConfig = ''
|
relay.onionServices.hidden-ssh = {
|
||||||
HiddenServiceDir ${hiddenServiceDir}
|
version = 3;
|
||||||
HiddenServicePort 22 127.0.0.1:22
|
map = [{
|
||||||
'';
|
port = 22;
|
||||||
|
target.port = 22;
|
||||||
|
}];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
systemd.services.hidden-ssh-announce = {
|
systemd.services.hidden-ssh-announce = {
|
||||||
description = "irc announce hidden ssh";
|
description = "irc announce hidden ssh";
|
||||||
|
|
|
@ -1,14 +1,14 @@
|
||||||
Ed25519PublicKey = 94CccmfAuNtQzopd5NiVYjTjZvSgabMh66BI/iyVmnJ
|
Ed25519PublicKey = X5sp3YYevVNUrzYvi+HZ2iW5WbO0bIb58jR4jZFH6MB
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
MIICCgKCAgEA8m9cBRv+9K8ywH19CZKDidwmzEa+2j3rkFjek+uPLVCHX5FlVQv+
|
MIICCgKCAgEAxubIDrvtrZ6fKPkuwQ+sK6YlToTfVtg3HCTOR7iDf47arkuG3dTb
|
||||||
flX5fY06DuaPzWKf4MoXHxmVa9T/WOcKZJUmhSJC2AVorhuPihOx0FNrQr69bamy
|
BgnkbB/8+KzztaYLQoLnGFugxKKtMGBvMGCo6YLtxrjuaz3aDmhpmGCJh80r80/i
|
||||||
x03fiH0pHmDXumNdGMUcNf+06Zu2Nr9yze8rE1B97zb0RPBf+XC1uHw4E4PrWC/F
|
8WWg1CAkboKHmaiFpS/LBxAWQUGP+YJSoTLuDwtd794wX9MxLh4x5uGRp4rCj9+4
|
||||||
swibj9U45bp07wFvJrkAsngw4c6+TFERW6TK5DPKDQs7KfgdsqFGLvg2cY5phwC1
|
DdGemLZkZz6Je+cBkf8qrw1Dr8CPiJk47a7bZhyKVnQ3PyvrGOjFolfcI22xp8j3
|
||||||
08HBC7eTf2xG6paaS7gEbhDMQ/K47Lbhbv2srnYfaBw5iyc8f29ZwEuNfE4V15B3
|
7y55DIMWhVsm6EWFK4/pzAqi9JdRd7xy8c9WRIcAHJDlSdf+ERbIjUDJC8fgMlNl
|
||||||
foz/kGAhceTuBKNCVvKvqSIL2yEsibFVyl7zlgGp3EKWuR5ETQAspJViGILwiyq6
|
UII0SqLnBscIbqz2dMuoldeqg9S1fOiTekReLJqpLmAIn+iwpT8KW5QaESu2eh6M
|
||||||
iRYQ1AxxyroqS146CUAB8/68w0PwroKt8lXMEtx58S7/OAW0KnXGxwqSfocH+iE4
|
Ok0sJ8A+aphuZ+FDd2FUmWQiENnPzFGYQ/SuNAA7hR5plSCbjpodulNQFY93I8y3
|
||||||
qry9pPuSs7RR6lXBB0nvSfTbaZDMUXtiyV24+pyZgl5Q31kDgUWgFpzGRBc/CTO2
|
vRru6rm/ac+7SehWPBgHGl12UJluvHn32Q85bJ2vdtn9ONgcOdjSLA58nzfc1hv/
|
||||||
h8OmUcvEyLxh3bruu0SQGXa35G1Igsumuh/uLifgHB/odLYY00PhEdpp52BswgXe
|
OA5MzIJTvDJqwjZew8A/pyz6kxrGBqnXCzzt46tvj0yZ/VhIgL3qDTR/wzRV3N14
|
||||||
yz88nfXMOyvm7ROEyA7r2qruM1kEHDSQ8IRuxhd8YebyI7k6mYVE8CR5T89QfVl3
|
3Z7TToIQKBPSYNxxCEHXxVQb8oWdGzeE7X52iFeYKhxj+ikZxkoXhCgIRYrDBQ0k
|
||||||
mrNk+f6Q/cpFiNBxr7+UBCiHix3/GDAD4NEgvu5nfqinTA34FuscTS8CAwEAAQ==
|
lnpJU+fbeFddZ4bAdqPxVT+perK33Wzgp9s4+KLh8ldpcRm8S29sNIcCAwEAAQ==
|
||||||
-----END RSA PUBLIC KEY-----
|
-----END RSA PUBLIC KEY-----
|
||||||
|
|
|
@ -2,19 +2,26 @@
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
|
|
||||||
<system/desktop>
|
../../system/desktop
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
./tinc.nix
|
./tinc.nix
|
||||||
|
./syncthing.nix
|
||||||
|
|
||||||
];
|
];
|
||||||
|
|
||||||
system.custom.wifi.interfaces = [ ];
|
|
||||||
|
|
||||||
networking.hostName = "mobi";
|
|
||||||
|
|
||||||
security.wrappers = {
|
security.wrappers = {
|
||||||
pmount.source = "${pkgs.pmount}/bin/pmount";
|
pmount = {
|
||||||
pumount.source = "${pkgs.pmount}/bin/pumount";
|
source = "${pkgs.pmount}/bin/pmount";
|
||||||
|
setuid = true;
|
||||||
|
owner = "root";
|
||||||
|
group = "root";
|
||||||
|
};
|
||||||
|
pumount = {
|
||||||
|
source = "${pkgs.pmount}/bin/pumount";
|
||||||
|
setuid = true;
|
||||||
|
owner = "root";
|
||||||
|
group = "root";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# fonts
|
# fonts
|
||||||
|
@ -28,5 +35,46 @@
|
||||||
height = 768;
|
height = 768;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# grub configuraton
|
||||||
|
# -----------------
|
||||||
|
boot.loader.grub.enable = true;
|
||||||
|
boot.loader.grub.efiSupport = true;
|
||||||
|
boot.loader.grub.device = "/dev/sda";
|
||||||
|
boot.loader.grub.efiInstallAsRemovable = true;
|
||||||
|
boot.tmpOnTmpfs = true;
|
||||||
|
|
||||||
|
networking.networkmanager.enable = true;
|
||||||
|
networking.hostName = "mobi";
|
||||||
|
|
||||||
|
# Set your time zone.
|
||||||
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
vim
|
||||||
|
wget
|
||||||
|
htop
|
||||||
|
silver-searcher
|
||||||
|
];
|
||||||
|
|
||||||
|
environment.extraInit = ''
|
||||||
|
# use vi shortcuts
|
||||||
|
# ----------------
|
||||||
|
set -o vi
|
||||||
|
EDITOR=vim
|
||||||
|
'';
|
||||||
|
|
||||||
|
services.openssh.enable = true;
|
||||||
|
desktop.ssh.onlyTinc = false;
|
||||||
|
|
||||||
|
users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw== contact@ingolf-wagner.de" ];
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "22.05"; # Did you read the comment?
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,58 +1,47 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
|
imports =
|
||||||
|
[
|
||||||
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
boot.initrd.availableKernelModules =
|
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ];
|
||||||
[ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
|
|
||||||
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
# efi boot loader configuration using grub
|
fileSystems."/" =
|
||||||
boot.loader.efi.canTouchEfiVariables = false;
|
{
|
||||||
boot.loader.grub = {
|
device = "/dev/disk/by-uuid/978cfc56-b47d-4d94-adae-18a4209519a5";
|
||||||
device = "nodev";
|
|
||||||
efiInstallAsRemovable = true;
|
|
||||||
efiSupport = true;
|
|
||||||
enable = true;
|
|
||||||
version = 2;
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/share/" = {
|
|
||||||
device = "/dev/ram1";
|
|
||||||
fsType = "tmpfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
# NTFS support
|
|
||||||
# ------------
|
|
||||||
environment.systemPackages = [ pkgs.ntfs3g ];
|
|
||||||
|
|
||||||
# lvm volume group
|
|
||||||
# ----------------
|
|
||||||
boot.initrd.luks.devices = {
|
|
||||||
mobi = {
|
|
||||||
device = "/dev/disk/by-uuid/e138095f-c703-4dea-bb1c-bf888b8e1b81";
|
|
||||||
preLVM = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# root
|
|
||||||
# ----
|
|
||||||
fileSystems."/" = {
|
|
||||||
options = [ "noatime" "nodiratime" "discard" ];
|
|
||||||
device = "/dev/mobi/root";
|
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
|
||||||
# boot
|
boot.initrd.luks.devices."root-enc".device = "/dev/disk/by-uuid/cf30f4a6-578e-418a-9d18-d32fbf992b0c";
|
||||||
# ----
|
|
||||||
fileSystems."/boot" = {
|
fileSystems."/boot" =
|
||||||
device = "/dev/disk/by-uuid/064D-3144";
|
{
|
||||||
|
device = "/dev/disk/by-uuid/AEE5-221F";
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
swapDevices = [ ];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.enp0s25.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.tinc.private.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.tinc.retiolum.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.tinc.secret.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.virbr0.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
}
|
}
|
||||||
|
|
42
nixos/machines/mobi/syncthing.nix
Normal file
42
nixos/machines/mobi/syncthing.nix
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
{ config, pkgs, lib, ... }: {
|
||||||
|
|
||||||
|
#sops.secrets.syncthing_cert = { };
|
||||||
|
#sops.secrets.syncthing_key = { };
|
||||||
|
|
||||||
|
services.syncthing = {
|
||||||
|
enable = true;
|
||||||
|
openDefaultPorts = false;
|
||||||
|
user = "palo";
|
||||||
|
dataDir = "/home/palo/.syncthing";
|
||||||
|
configDir = "/home/palo/.syncthing";
|
||||||
|
#cert = toString config.sops.secrets.syncthing_cert.path;
|
||||||
|
#key = toString config.sops.secrets.syncthing_key.path;
|
||||||
|
overrideFolders = true;
|
||||||
|
folders = {
|
||||||
|
|
||||||
|
# on encrypted drive
|
||||||
|
# ------------------
|
||||||
|
private = {
|
||||||
|
enable = true;
|
||||||
|
path = "/home/palo/private";
|
||||||
|
};
|
||||||
|
desktop = {
|
||||||
|
enable = true;
|
||||||
|
path = "/home/palo/desktop";
|
||||||
|
};
|
||||||
|
finance = {
|
||||||
|
enable = true;
|
||||||
|
path = "/home/palo/finance";
|
||||||
|
};
|
||||||
|
password-store = {
|
||||||
|
enable = true;
|
||||||
|
path = "/home/palo/.password-store";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
system.permown."/home/palo/music-library" = {
|
||||||
|
owner = "palo";
|
||||||
|
group = "users";
|
||||||
|
};
|
||||||
|
}
|
|
@ -8,7 +8,7 @@
|
||||||
authorizedKeys = [
|
authorizedKeys = [
|
||||||
# todo rename
|
# todo rename
|
||||||
(lib.fileContents ../../assets/ssh/borg_access.pub)
|
(lib.fileContents ../../assets/ssh/borg_access.pub)
|
||||||
(lib.fileContents ../../assets/ssh/card_rsa.pub)
|
(lib.fileContents ../../assets/ssh/palo_rsa.pub)
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -43,6 +43,10 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
path = "/home/syncthing/private";
|
path = "/home/syncthing/private";
|
||||||
};
|
};
|
||||||
|
password-store = {
|
||||||
|
enable = true;
|
||||||
|
path = "/home/syncthing/password-store";
|
||||||
|
};
|
||||||
desktop = {
|
desktop = {
|
||||||
enable = true;
|
enable = true;
|
||||||
path = "/home/syncthing/desktop";
|
path = "/home/syncthing/desktop";
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
allowSubRepos = true;
|
allowSubRepos = true;
|
||||||
authorizedKeys = [
|
authorizedKeys = [
|
||||||
(lib.fileContents ../../assets/ssh/borg_access.pub)
|
(lib.fileContents ../../assets/ssh/borg_access.pub)
|
||||||
(lib.fileContents ../../assets/ssh/card_rsa.pub)
|
(lib.fileContents ../../assets/ssh/palo_rsa.pub)
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -53,27 +53,28 @@ in
|
||||||
alias = pkgs.writeText "key" (lib.fileContents ../../assets/pgp.key);
|
alias = pkgs.writeText "key" (lib.fileContents ../../assets/pgp.key);
|
||||||
};
|
};
|
||||||
"= /palo_rsa.pub" = {
|
"= /palo_rsa.pub" = {
|
||||||
alias = pkgs.writeText "key" (lib.fileContents ../../assets/ssh/card_rsa.pub);
|
alias = pkgs.writeText "key" (lib.fileContents ../../assets/ssh/palo_rsa.pub);
|
||||||
};
|
};
|
||||||
} // error.locations;
|
} // error.locations;
|
||||||
};
|
};
|
||||||
|
|
||||||
"stable-diffusion.ingolf-wagner.de" = {
|
# "stable-diffusion.ingolf-wagner.de" = {
|
||||||
forceSSL = true;
|
# forceSSL = true;
|
||||||
enableACME = true;
|
# enableACME = true;
|
||||||
extraConfig = error.extraConfig;
|
# extraConfig = error.extraConfig;
|
||||||
root = "/srv/www/stable-diffusion";
|
# root = "/srv/www/stable-diffusion";
|
||||||
locations = {
|
# locations = {
|
||||||
"/model-v1-4.ckpt" = {
|
# "/model-v1-4.ckpt" = {
|
||||||
basicAuthFile = "${private_assets}/stable-diffusion-htpasswd";
|
|
||||||
tryFiles = "/stable-diffusion-v-1-4-original/sd-v1-4.ckpt =404";
|
|
||||||
};
|
|
||||||
#"/model-v1-3.ckpt" = {
|
|
||||||
# basicAuthFile = "${private_assets}/stable-diffusion-htpasswd";
|
# basicAuthFile = "${private_assets}/stable-diffusion-htpasswd";
|
||||||
# tryFiles = "stable-diffusion-v-1-3-original/sd-v1-3.ckpt";
|
# tryFiles = "/stable-diffusion-v-1-4-original/sd-v1-4.ckpt =404";
|
||||||
#};
|
# };
|
||||||
} // error.locations;
|
# #"/model-v1-3.ckpt" = {
|
||||||
};
|
# # basicAuthFile = "${private_assets}/stable-diffusion-htpasswd";
|
||||||
|
# # tryFiles = "stable-diffusion-v-1-3-original/sd-v1-3.ckpt";
|
||||||
|
# #};
|
||||||
|
# } // error.locations;
|
||||||
|
# };
|
||||||
|
|
||||||
"travel.ingolf-wagner.de" = {
|
"travel.ingolf-wagner.de" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
|
|
@ -12,11 +12,14 @@
|
||||||
#./wifi-access-point.nix
|
#./wifi-access-point.nix
|
||||||
#./wireshark.nix
|
#./wireshark.nix
|
||||||
./scanner.nix
|
./scanner.nix
|
||||||
|
./qemu.nix
|
||||||
|
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
||||||
services.nginx.enable = true;
|
services.nginx.enable = true;
|
||||||
|
|
||||||
|
|
||||||
#sops.defaultSopsFile = ../../secrets/sterni.yaml;
|
#sops.defaultSopsFile = ../../secrets/sterni.yaml;
|
||||||
networking.hostName = "sterni";
|
networking.hostName = "sterni";
|
||||||
|
|
||||||
|
|
17
nixos/machines/sterni/qemu.nix
Normal file
17
nixos/machines/sterni/qemu.nix
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
|
||||||
|
virtualisation.libvirtd.enable = true;
|
||||||
|
#virtualisation.libvirtd.allowedBridges = ["virbr0"];
|
||||||
|
virtualisation.libvirtd.onShutdown = "shutdown";
|
||||||
|
|
||||||
|
environment.systemPackages = [
|
||||||
|
pkgs.qemu_kvm
|
||||||
|
pkgs.virt-manager
|
||||||
|
];
|
||||||
|
|
||||||
|
users.users.mainUser.extraGroups = [ "libvirtd" ];
|
||||||
|
|
||||||
|
|
||||||
|
}
|
|
@ -16,6 +16,10 @@
|
||||||
|
|
||||||
# on encrypted drive
|
# on encrypted drive
|
||||||
# ------------------
|
# ------------------
|
||||||
|
password-store = {
|
||||||
|
enable = true;
|
||||||
|
path = "/home/palo/.password-store";
|
||||||
|
};
|
||||||
private = {
|
private = {
|
||||||
enable = true;
|
enable = true;
|
||||||
path = "/home/palo/private";
|
path = "/home/palo/private";
|
||||||
|
|
|
@ -104,7 +104,7 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.pulseaudioFull;
|
package = pkgs.pulseaudioFull;
|
||||||
# all in audio group can do audio
|
# all in audio group can do audio
|
||||||
systemWide = true;
|
systemWide = false;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
# automatically switch to newly-connected devices
|
# automatically switch to newly-connected devices
|
||||||
load-module module-switch-on-connect
|
load-module module-switch-on-connect
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
"borg-${command}-on-${host}-for-${repository}" ''
|
"borg-${command}-on-${host}-for-${repository}" ''
|
||||||
${pkgs.borgbackup}/bin/borg \
|
${pkgs.borgbackup}/bin/borg \
|
||||||
${command} \
|
${command} \
|
||||||
--rsh='ssh -i ~/.ssh/card_rsa.pub' borg@${host}.private:${repository}/. \
|
--rsh='ssh -i ~/.ssh/palo_rsa.pub' borg@${host}.private:${repository}/. \
|
||||||
"$@"
|
"$@"
|
||||||
'';
|
'';
|
||||||
hosts = [ "pepe" "robi" ];
|
hosts = [ "pepe" "robi" ];
|
||||||
|
|
|
@ -36,7 +36,7 @@
|
||||||
config.module.cluster.services.tinc.private.hosts.sterni.tincIp
|
config.module.cluster.services.tinc.private.hosts.sterni.tincIp
|
||||||
config.module.cluster.services.tinc.secret.hosts.sterni.tincIp
|
config.module.cluster.services.tinc.secret.hosts.sterni.tincIp
|
||||||
];
|
];
|
||||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyHmHJy2Va45p9mn+Hj3DyaY5yxnQIKvXeACHjzgSKt";
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht";
|
||||||
};
|
};
|
||||||
"pepe.private" = {
|
"pepe.private" = {
|
||||||
hostNames = [
|
hostNames = [
|
||||||
|
@ -51,7 +51,7 @@
|
||||||
"mobi.private"
|
"mobi.private"
|
||||||
config.module.cluster.services.tinc.private.hosts.mobi.tincIp
|
config.module.cluster.services.tinc.private.hosts.mobi.tincIp
|
||||||
];
|
];
|
||||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGhBtcipW9rV6hHS2hv5tl5hd8vW8dnuFfFwnAs2u0kS";
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE3G7TwCoxcVfwhGL0913RtacEeokqKtufhzzkCxpPxk";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,7 +11,7 @@ with lib;
|
||||||
tools.enable = true;
|
tools.enable = true;
|
||||||
sshd = {
|
sshd = {
|
||||||
enable = true;
|
enable = true;
|
||||||
rootKeyFiles = [ (toString ../../assets/ssh/card_rsa.pub) ];
|
rootKeyFiles = [ (toString ../../assets/ssh/palo_rsa.pub) ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -25,11 +25,11 @@ with lib; {
|
||||||
// (device "workhorse" "AFSAKB6-JLH4QAS-DSRMPI3-6PVCIHF-IIAVLPC-STPNO3Y-YRDU5NW-QD445QI")
|
// (device "workhorse" "AFSAKB6-JLH4QAS-DSRMPI3-6PVCIHF-IIAVLPC-STPNO3Y-YRDU5NW-QD445QI")
|
||||||
// (device "pepe" "SZLXFW3-VTAC7UB-V2Z7CHE-3VZAYPL-6D72AK6-OCDMPZP-G4FPY5P-FL6ZVAG")
|
// (device "pepe" "SZLXFW3-VTAC7UB-V2Z7CHE-3VZAYPL-6D72AK6-OCDMPZP-G4FPY5P-FL6ZVAG")
|
||||||
// (device "sterni" "ZFNNKPD-ZSOAYJQ-VROXXDB-5MD3UTJ-GDCNTSQ-G5POVV3-UZG5HFT-CCAU3AD")
|
// (device "sterni" "ZFNNKPD-ZSOAYJQ-VROXXDB-5MD3UTJ-GDCNTSQ-G5POVV3-UZG5HFT-CCAU3AD")
|
||||||
|
// (device "mobi" "NGI7UN6-MR2YPYI-L7DGN3I-JFZU2N3-RJBJV6K-2VZVQSJ-PWLZYOK-PXZYRAF")
|
||||||
// {
|
// {
|
||||||
bumba = {
|
bumba = {
|
||||||
name = "windows-bumba";
|
name = "windows-bumba";
|
||||||
id = "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ";
|
id = "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ";
|
||||||
#addresses = [ "dynamic" ];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
// {
|
// {
|
||||||
|
@ -47,7 +47,16 @@ with lib; {
|
||||||
private = {
|
private = {
|
||||||
enable = lib.mkDefault false;
|
enable = lib.mkDefault false;
|
||||||
watch = lib.mkDefault false;
|
watch = lib.mkDefault false;
|
||||||
devices = [ "pepe" "sterni" ];
|
devices = [ "pepe" "sterni" "mobi" ];
|
||||||
|
versioning = {
|
||||||
|
type = "simple";
|
||||||
|
params.keep = "10";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
password-store = {
|
||||||
|
enable = lib.mkDefault false;
|
||||||
|
watch = lib.mkDefault false;
|
||||||
|
devices = [ "pepe" "sterni" "mobi" ];
|
||||||
versioning = {
|
versioning = {
|
||||||
type = "simple";
|
type = "simple";
|
||||||
params.keep = "10";
|
params.keep = "10";
|
||||||
|
@ -56,12 +65,12 @@ with lib; {
|
||||||
desktop = {
|
desktop = {
|
||||||
enable = lib.mkDefault false;
|
enable = lib.mkDefault false;
|
||||||
watch = lib.mkDefault false;
|
watch = lib.mkDefault false;
|
||||||
devices = [ "pepe" "sterni" ];
|
devices = [ "pepe" "sterni" "mobi" ];
|
||||||
};
|
};
|
||||||
finance = {
|
finance = {
|
||||||
enable = lib.mkDefault false;
|
enable = lib.mkDefault false;
|
||||||
watch = lib.mkDefault false;
|
watch = lib.mkDefault false;
|
||||||
devices = [ "pepe" "sterni" ];
|
devices = [ "pepe" "sterni" "mobi" ];
|
||||||
versioning = {
|
versioning = {
|
||||||
type = "simple";
|
type = "simple";
|
||||||
params.keep = "10";
|
params.keep = "10";
|
||||||
|
|
|
@ -84,13 +84,13 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
home.git-pull = {
|
home.git-pull = {
|
||||||
enable = mkDefault true;
|
enable = mkDefault false;
|
||||||
repositories = [
|
repositories = [
|
||||||
# krebs
|
# krebs
|
||||||
{
|
#{
|
||||||
source = "git@github.com:krebs/stockholm.git";
|
# source = "git@github.com:krebs/stockholm.git";
|
||||||
target = "~/dev/krebs/stockholm";
|
# target = "~/dev/krebs/stockholm";
|
||||||
}
|
#}
|
||||||
{
|
{
|
||||||
source = "git@github.com:krebs/rc3-map.git";
|
source = "git@github.com:krebs/rc3-map.git";
|
||||||
target = "~/dev/krebs/rc3-map";
|
target = "~/dev/krebs/rc3-map";
|
||||||
|
|
|
@ -5,7 +5,7 @@ with lib; {
|
||||||
programs.ssh.enable = true;
|
programs.ssh.enable = true;
|
||||||
programs.ssh.matchBlocks = {
|
programs.ssh.matchBlocks = {
|
||||||
"*" = {
|
"*" = {
|
||||||
identityFile = "~/.ssh/card_rsa.pub";
|
identityFile = "~/.ssh/palo_rsa.pub";
|
||||||
identitiesOnly = true;
|
identitiesOnly = true;
|
||||||
};
|
};
|
||||||
"lassul.us" = {
|
"lassul.us" = {
|
||||||
|
|
|
@ -1,6 +1,17 @@
|
||||||
{ config, ... }: {
|
{ config, lib, ... }:
|
||||||
# make sure ssh is only available trough the tinc
|
with lib;
|
||||||
|
let cfg = config.desktop.ssh.onlyTinc;
|
||||||
|
in {
|
||||||
|
options.desktop.ssh.onlyTinc = mkOption {
|
||||||
|
type = with types; bool;
|
||||||
|
default = true;
|
||||||
|
description = ''
|
||||||
|
make sure ssh is only available trough the tinc
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
config = mkIf cfg {
|
||||||
networking.firewall.extraCommands = ''
|
networking.firewall.extraCommands = ''
|
||||||
iptables --table nat --append PREROUTING ! --in-interface tinc.+ --protocol tcp --match tcp --dport 22 --jump REDIRECT --to-ports 0
|
iptables --table nat --append PREROUTING ! --in-interface tinc.+ --protocol tcp --match tcp --dport 22 --jump REDIRECT --to-ports 0
|
||||||
'';
|
'';
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue