update sternchen

2022-02-07 19:13:27 +01:00 · 2022-02-07 19:13:27 +01:00 · fb466c3d5b
commit fb466c3d5b
parent a5bab6cae2
8 changed files with 38 additions and 14 deletions
--- a/nixos/configs/robi/hetzner.nix
+++ b/nixos/configs/robi/hetzner.nix
@ -90,6 +90,8 @@ in
  services.openssh.permitRootLogin = "prohibit-password";
  services.openssh.passwordAuthentication = false;
  environment.systemPackages = [ pkgs.mosh ];
  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw=="
  ];
--- a/nixos/configs/robi/tinc.nix
+++ b/nixos/configs/robi/tinc.nix
@ -8,9 +8,17 @@
      openPort = true;
      connectTo = [ ];
    };
    "secret" = {
      enable = true;
      openPort = true;
      connectTo = [ ];
    };
  };
  #sops.secrets.tinc_retiolum_ed25519_key = { };
  #sops.secrets.tinc_retiolum_rsa_key = { };
  users.users."tinc.secret".group = "tinc.secret";
  users.groups."tinc.secret" = { };
 }
--- a/nixos/configs/sternchen/configuration.nix
+++ b/nixos/configs/sternchen/configuration.nix
@ -22,8 +22,18 @@
  system.custom.wifi.interfaces = [ "wlp3s0" ];
  security.wrappers = {
-    pmount.source = "${pkgs.pmount}/bin/pmount";
+    pmount = {
-    pumount.source = "${pkgs.pmount}/bin/pumount";
+      source = "${pkgs.pmount}/bin/pmount";
      setuid = true;
      owner = "root";
      group = "root";
    };
    pumount = {
      source = "${pkgs.pmount}/bin/pumount";
      setuid = true;
      owner = "root";
      group = "root";
    };
  };
  programs.custom.steam.enable = false;
@ -60,7 +70,7 @@
    vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
  };
-  services.xserver.displayManager.defaultSession = "plasma5";
+  services.xserver.displayManager.defaultSession = "plasma";
  services.xserver.desktopManager.pantheon.enable = false;
  services.xserver.desktopManager.xfce.enable = false;
--- a/nixos/configs/sternchen/packages.nix
+++ b/nixos/configs/sternchen/packages.nix
@ -22,6 +22,8 @@
    gnome3.gnome-control-center
    pdfarranger
    ganttproject-bin
    # graphic
    #krita
    gthumb
--- a/nixos/configs/sternchen/tinc.nix
+++ b/nixos/configs/sternchen/tinc.nix
@ -5,20 +5,14 @@ with lib;
 {
  module.cluster.services.tinc = {
    #"private" = {
    #  enable = true;
    #  openPort = true;
    #  connectTo = [ "sputnik" ];
    #};
    #"retiolum" = {
    #  enable = true;
    #  openPort = true;
    #};
    "secret" = {
      enable = true;
      openPort = true;
-      connectTo = [ "sputnik" ];
+      connectTo = [ "sputnik" "robi" ];
    };
  };
  users.users."tinc.secret".group = "tinc.secret";
  users.groups."tinc.secret" = { };
 }
--- a/nixos/configs/sterni/packages.nix
+++ b/nixos/configs/sterni/packages.nix
@ -17,6 +17,8 @@ in
  environment.systemPackages = with pkgs; [
    ganttproject-bin
    (nextcloudSync "InstantUpload")
    (nextcloudSync "Pictures")
    (nextcloudSync "Unterlagen")
--- a/nixos/configs/sterni/tinc.nix
+++ b/nixos/configs/sterni/tinc.nix
@ -17,7 +17,7 @@ with lib;
    "secret" = {
      enable = true;
      openPort = true;
-      connectTo = [ "sputnik" ];
+      connectTo = [ "sputnik" "robi" ];
    };
  };
--- a/nixos/system/all/tinc.nix
+++ b/nixos/system/all/tinc.nix
@ -16,6 +16,7 @@ in
  users.users."tinc.private".group = "tinc.private";
  users.groups."tinc.private" = { };
  users.users."tinc.private".isSystemUser = lib.mkDefault true;
  # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
@ -82,6 +83,11 @@ in
          tincIp = "10.123.42.122";
          publicKey = lib.fileContents ../../assets/tinc/sputnik_host_file;
        };
        robi = {
          realAddress = [ "144.76.13.147" ];
          tincIp = "10.123.42.123";
          publicKey = lib.fileContents ../../assets/tinc/robi_host_file;
        };
      };
    };
    # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"