palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update sternchen

Browse source
This commit is contained in:
Ingolf Wagner 2022-02-07 19:13:27 +01:00
parent a5bab6cae2
commit fb466c3d5b
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
8 changed files with 38 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nixos/configs/robi/hetzner.nix
View file

@ -90,6 +90,8 @@ in
services.openssh.permitRootLogin = "prohibit-password";
services.openssh.passwordAuthentication = false;
environment.systemPackages = [ pkgs.mosh ];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw=="
];

8
nixos/configs/robi/tinc.nix
View file

@ -8,9 +8,17 @@
openPort = true;
connectTo = [ ];
};
"secret" = {
enable = true;
openPort = true;
connectTo = [ ];
};
};
#sops.secrets.tinc_retiolum_ed25519_key = { };
#sops.secrets.tinc_retiolum_rsa_key = { };
users.users."tinc.secret".group = "tinc.secret";
users.groups."tinc.secret" = { };
}

16
nixos/configs/sternchen/configuration.nix
View file

@ -22,8 +22,18 @@
system.custom.wifi.interfaces = [ "wlp3s0" ];
security.wrappers = {
pmount.source = "${pkgs.pmount}/bin/pmount";
pumount.source = "${pkgs.pmount}/bin/pumount";
pmount = {
source = "${pkgs.pmount}/bin/pmount";
setuid = true;
owner = "root";
group = "root";
};
pumount = {
source = "${pkgs.pmount}/bin/pumount";
setuid = true;
owner = "root";
group = "root";
};
};
programs.custom.steam.enable = false;
@ -60,7 +70,7 @@
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
services.xserver.displayManager.defaultSession = "plasma5";
services.xserver.displayManager.defaultSession = "plasma";
services.xserver.desktopManager.pantheon.enable = false;
services.xserver.desktopManager.xfce.enable = false;

2
nixos/configs/sternchen/packages.nix
View file

@ -22,6 +22,8 @@
gnome3.gnome-control-center
pdfarranger
ganttproject-bin
# graphic
#krita
gthumb

14
nixos/configs/sternchen/tinc.nix
View file

@ -5,20 +5,14 @@ with lib;
{
module.cluster.services.tinc = {
#"private" = {
# enable = true;
# openPort = true;
# connectTo = [ "sputnik" ];
#};
#"retiolum" = {
# enable = true;
# openPort = true;
#};
"secret" = {
enable = true;
openPort = true;
connectTo = [ "sputnik" ];
connectTo = [ "sputnik" "robi" ];
};
};
users.users."tinc.secret".group = "tinc.secret";
users.groups."tinc.secret" = { };
}

2
nixos/configs/sterni/packages.nix
View file

@ -17,6 +17,8 @@ in
environment.systemPackages = with pkgs; [
ganttproject-bin
(nextcloudSync "InstantUpload")
(nextcloudSync "Pictures")
(nextcloudSync "Unterlagen")

2
nixos/configs/sterni/tinc.nix
View file

@ -17,7 +17,7 @@ with lib;
"secret" = {
enable = true;
openPort = true;
connectTo = [ "sputnik" ];
connectTo = [ "sputnik" "robi" ];
};
};

6
nixos/system/all/tinc.nix
View file

@ -16,6 +16,7 @@ in
users.users."tinc.private".group = "tinc.private";
users.groups."tinc.private" = { };
users.users."tinc.private".isSystemUser = lib.mkDefault true;
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
@ -82,6 +83,11 @@ in
tincIp = "10.123.42.122";
publicKey = lib.fileContents ../../assets/tinc/sputnik_host_file;
};
robi = {
realAddress = [ "144.76.13.147" ];
tincIp = "10.123.42.123";
publicKey = lib.fileContents ../../assets/tinc/robi_host_file;
};
};
};
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"