From fb466c3d5b896cbf0f0472502e808272ddf69dd9 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Mon, 7 Feb 2022 19:13:27 +0100 Subject: [PATCH] update sternchen --- nixos/configs/robi/hetzner.nix | 2 ++ nixos/configs/robi/tinc.nix | 8 ++++++++ nixos/configs/sternchen/configuration.nix | 16 +++++++++++++--- nixos/configs/sternchen/packages.nix | 2 ++ nixos/configs/sternchen/tinc.nix | 14 ++++---------- nixos/configs/sterni/packages.nix | 2 ++ nixos/configs/sterni/tinc.nix | 2 +- nixos/system/all/tinc.nix | 6 ++++++ 8 files changed, 38 insertions(+), 14 deletions(-) diff --git a/nixos/configs/robi/hetzner.nix b/nixos/configs/robi/hetzner.nix index a57c447..72a45c0 100644 --- a/nixos/configs/robi/hetzner.nix +++ b/nixos/configs/robi/hetzner.nix @@ -90,6 +90,8 @@ in services.openssh.permitRootLogin = "prohibit-password"; services.openssh.passwordAuthentication = false; + environment.systemPackages = [ pkgs.mosh ]; + users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw==" ]; diff --git a/nixos/configs/robi/tinc.nix b/nixos/configs/robi/tinc.nix index 141df53..2f88b40 100644 --- a/nixos/configs/robi/tinc.nix +++ b/nixos/configs/robi/tinc.nix @@ -8,9 +8,17 @@ openPort = true; connectTo = [ ]; }; + "secret" = { + enable = true; + openPort = true; + connectTo = [ ]; + }; }; #sops.secrets.tinc_retiolum_ed25519_key = { }; #sops.secrets.tinc_retiolum_rsa_key = { }; + users.users."tinc.secret".group = "tinc.secret"; + users.groups."tinc.secret" = { }; + } diff --git a/nixos/configs/sternchen/configuration.nix b/nixos/configs/sternchen/configuration.nix index f23fc1f..1ed87c3 100644 --- a/nixos/configs/sternchen/configuration.nix +++ b/nixos/configs/sternchen/configuration.nix @@ -22,8 +22,18 @@ system.custom.wifi.interfaces = [ "wlp3s0" ]; security.wrappers = { - pmount.source = "${pkgs.pmount}/bin/pmount"; - pumount.source = "${pkgs.pmount}/bin/pumount"; + pmount = { + source = "${pkgs.pmount}/bin/pmount"; + setuid = true; + owner = "root"; + group = "root"; + }; + pumount = { + source = "${pkgs.pmount}/bin/pumount"; + setuid = true; + owner = "root"; + group = "root"; + }; }; programs.custom.steam.enable = false; @@ -60,7 +70,7 @@ vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; }; - services.xserver.displayManager.defaultSession = "plasma5"; + services.xserver.displayManager.defaultSession = "plasma"; services.xserver.desktopManager.pantheon.enable = false; services.xserver.desktopManager.xfce.enable = false; diff --git a/nixos/configs/sternchen/packages.nix b/nixos/configs/sternchen/packages.nix index 5695d97..7a0010e 100644 --- a/nixos/configs/sternchen/packages.nix +++ b/nixos/configs/sternchen/packages.nix @@ -22,6 +22,8 @@ gnome3.gnome-control-center pdfarranger + ganttproject-bin + # graphic #krita gthumb diff --git a/nixos/configs/sternchen/tinc.nix b/nixos/configs/sternchen/tinc.nix index d006f26..fd45db0 100644 --- a/nixos/configs/sternchen/tinc.nix +++ b/nixos/configs/sternchen/tinc.nix @@ -5,20 +5,14 @@ with lib; { module.cluster.services.tinc = { - #"private" = { - # enable = true; - # openPort = true; - # connectTo = [ "sputnik" ]; - #}; - #"retiolum" = { - # enable = true; - # openPort = true; - #}; "secret" = { enable = true; openPort = true; - connectTo = [ "sputnik" ]; + connectTo = [ "sputnik" "robi" ]; }; }; + users.users."tinc.secret".group = "tinc.secret"; + users.groups."tinc.secret" = { }; + } diff --git a/nixos/configs/sterni/packages.nix b/nixos/configs/sterni/packages.nix index 3293923..cd272b3 100644 --- a/nixos/configs/sterni/packages.nix +++ b/nixos/configs/sterni/packages.nix @@ -17,6 +17,8 @@ in environment.systemPackages = with pkgs; [ + ganttproject-bin + (nextcloudSync "InstantUpload") (nextcloudSync "Pictures") (nextcloudSync "Unterlagen") diff --git a/nixos/configs/sterni/tinc.nix b/nixos/configs/sterni/tinc.nix index 9c97b1d..6e78491 100644 --- a/nixos/configs/sterni/tinc.nix +++ b/nixos/configs/sterni/tinc.nix @@ -17,7 +17,7 @@ with lib; "secret" = { enable = true; openPort = true; - connectTo = [ "sputnik" ]; + connectTo = [ "sputnik" "robi" ]; }; }; diff --git a/nixos/system/all/tinc.nix b/nixos/system/all/tinc.nix index 057922b..117a2c2 100644 --- a/nixos/system/all/tinc.nix +++ b/nixos/system/all/tinc.nix @@ -16,6 +16,7 @@ in users.users."tinc.private".group = "tinc.private"; users.groups."tinc.private" = { }; + users.users."tinc.private".isSystemUser = lib.mkDefault true; # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" @@ -82,6 +83,11 @@ in tincIp = "10.123.42.122"; publicKey = lib.fileContents ../../assets/tinc/sputnik_host_file; }; + robi = { + realAddress = [ "144.76.13.147" ]; + tincIp = "10.123.42.123"; + publicKey = lib.fileContents ../../assets/tinc/robi_host_file; + }; }; }; # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"