From 36b60817839d410aa1e82d9368cc3ce300e56e03 Mon Sep 17 00:00:00 2001 From: zuckerberg <5-zuckerberg@users.noreply.git.neet.dev> Date: Mon, 22 Feb 2021 23:57:05 -0500 Subject: [PATCH] combine config --- {reg => common}/common.nix | 0 {reg => common}/efi.nix | 0 {neet.dev => common}/flakes.nix | 0 {reg => common}/luks.nix | 0 {reg => common/pc}/audio.nix | 1 + {reg => common/pc}/chromium.nix | 0 {reg => common/pc}/de.nix | 0 {reg => common/pc}/kde.nix | 0 {reg => common/pc}/pithos.nix | 0 {reg => common/pc}/torbrowser.nix | 0 {reg => common/pc}/touchpad.nix | 0 {reg => common/pc}/vscodium.nix | 0 {reg => common/pc}/xfce.nix | 0 {reg => common/pc}/yubikey.nix | 0 {neet.dev => common/server}/gitlab.nix | 0 {neet.dev => common/server}/mumble.nix | 0 {neet.dev => common/server}/nsd.nix | 0 {neet.dev => common/server}/thelounge.nix | 0 {neet.dev => common/server}/video-stream.nix | 0 {neet.dev => common/server}/zerobin.nix | 0 neet.dev/configuration.nix | 103 +++---------------- reg/configuration.nix | 10 +- reg/flakes.nix | 10 -- 23 files changed, 18 insertions(+), 106 deletions(-) rename {reg => common}/common.nix (100%) rename {reg => common}/efi.nix (100%) rename {neet.dev => common}/flakes.nix (100%) rename {reg => common}/luks.nix (100%) rename {reg => common/pc}/audio.nix (87%) rename {reg => common/pc}/chromium.nix (100%) rename {reg => common/pc}/de.nix (100%) rename {reg => common/pc}/kde.nix (100%) rename {reg => common/pc}/pithos.nix (100%) rename {reg => common/pc}/torbrowser.nix (100%) rename {reg => common/pc}/touchpad.nix (100%) rename {reg => common/pc}/vscodium.nix (100%) rename {reg => common/pc}/xfce.nix (100%) rename {reg => common/pc}/yubikey.nix (100%) rename {neet.dev => common/server}/gitlab.nix (100%) rename {neet.dev => common/server}/mumble.nix (100%) rename {neet.dev => common/server}/nsd.nix (100%) rename {neet.dev => common/server}/thelounge.nix (100%) rename {neet.dev => common/server}/video-stream.nix (100%) rename {neet.dev => common/server}/zerobin.nix (100%) delete mode 100644 reg/flakes.nix diff --git a/reg/common.nix b/common/common.nix similarity index 100% rename from reg/common.nix rename to common/common.nix diff --git a/reg/efi.nix b/common/efi.nix similarity index 100% rename from reg/efi.nix rename to common/efi.nix diff --git a/neet.dev/flakes.nix b/common/flakes.nix similarity index 100% rename from neet.dev/flakes.nix rename to common/flakes.nix diff --git a/reg/luks.nix b/common/luks.nix similarity index 100% rename from reg/luks.nix rename to common/luks.nix diff --git a/reg/audio.nix b/common/pc/audio.nix similarity index 87% rename from reg/audio.nix rename to common/pc/audio.nix index 6e6f541..f38d6bc 100644 --- a/reg/audio.nix +++ b/common/pc/audio.nix @@ -10,6 +10,7 @@ package = pkgs.pulseaudioFull; # bt headset support extraConfig = " load-module module-switch-on-connect + load-module module-switch-on-connect ignore_virtual=no "; }; hardware.bluetooth.enable = true; diff --git a/reg/chromium.nix b/common/pc/chromium.nix similarity index 100% rename from reg/chromium.nix rename to common/pc/chromium.nix diff --git a/reg/de.nix b/common/pc/de.nix similarity index 100% rename from reg/de.nix rename to common/pc/de.nix diff --git a/reg/kde.nix b/common/pc/kde.nix similarity index 100% rename from reg/kde.nix rename to common/pc/kde.nix diff --git a/reg/pithos.nix b/common/pc/pithos.nix similarity index 100% rename from reg/pithos.nix rename to common/pc/pithos.nix diff --git a/reg/torbrowser.nix b/common/pc/torbrowser.nix similarity index 100% rename from reg/torbrowser.nix rename to common/pc/torbrowser.nix diff --git a/reg/touchpad.nix b/common/pc/touchpad.nix similarity index 100% rename from reg/touchpad.nix rename to common/pc/touchpad.nix diff --git a/reg/vscodium.nix b/common/pc/vscodium.nix similarity index 100% rename from reg/vscodium.nix rename to common/pc/vscodium.nix diff --git a/reg/xfce.nix b/common/pc/xfce.nix similarity index 100% rename from reg/xfce.nix rename to common/pc/xfce.nix diff --git a/reg/yubikey.nix b/common/pc/yubikey.nix similarity index 100% rename from reg/yubikey.nix rename to common/pc/yubikey.nix diff --git a/neet.dev/gitlab.nix b/common/server/gitlab.nix similarity index 100% rename from neet.dev/gitlab.nix rename to common/server/gitlab.nix diff --git a/neet.dev/mumble.nix b/common/server/mumble.nix similarity index 100% rename from neet.dev/mumble.nix rename to common/server/mumble.nix diff --git a/neet.dev/nsd.nix b/common/server/nsd.nix similarity index 100% rename from neet.dev/nsd.nix rename to common/server/nsd.nix diff --git a/neet.dev/thelounge.nix b/common/server/thelounge.nix similarity index 100% rename from neet.dev/thelounge.nix rename to common/server/thelounge.nix diff --git a/neet.dev/video-stream.nix b/common/server/video-stream.nix similarity index 100% rename from neet.dev/video-stream.nix rename to common/server/video-stream.nix diff --git a/neet.dev/zerobin.nix b/common/server/zerobin.nix similarity index 100% rename from neet.dev/zerobin.nix rename to common/server/zerobin.nix diff --git a/neet.dev/configuration.nix b/neet.dev/configuration.nix index 24ba4ab..a7881ef 100644 --- a/neet.dev/configuration.nix +++ b/neet.dev/configuration.nix @@ -1,16 +1,16 @@ { config, pkgs, lib, ... }: { - imports = - [ - ./flakes.nix - ./hardware-configuration.nix -# ./nsd.nix - ./thelounge.nix - ./mumble.nix - ./gitlab.nix - ./video-stream.nix - ]; + imports =[ + ./hardware-configuration.nix + ../common/common.nix + ../common/luks.nix +# ../common/server/nsd.nix + ../common/server/thelounge.nix + ../common/server/mumble.nix + ../common/server/gitlab.nix + ../common/server/video-stream.nix + ]; # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; @@ -20,31 +20,9 @@ networking.hostName = "neetdev"; networking.wireless.enable = false; - # Set your time zone. - time.timeZone = "America/New_York"; - networking.useDHCP = true; # just in case... (todo ensure false doesn't fuck up initrd) networking.interfaces.eno1.useDHCP = true; - i18n.defaultLocale = "en_US.UTF-8"; - - users.users.googlebot = { - isNormalUser = true; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVR/R3ZOsv7TZbICGBCHdjh1NDT8SnswUyINeJOC7QG" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0dcqL/FhHmv+a1iz3f9LJ48xubO7MZHy35rW9SZOYM" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO0VFnn3+Mh0nWeN92jov81qNE9fpzTAHYBphNoY7HUx" - ]; - }; - - environment.systemPackages = with pkgs; [ - wget kakoune - ]; - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - security.acme.acceptTerms = true; security.acme.email = "letsencrypt+5@tar.ninja"; security.acme.certs = { @@ -65,69 +43,12 @@ }; # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ 22 53 80 443 4444 ]; - networking.firewall.allowedUDPPorts = [ 53 80 443 4444 ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedUDPPorts = [ 80 443 ]; # LUKS boot.initrd.luks.devices.enc-pv.device = "/dev/disk/by-uuid/06f6b0bf-fe79-4b89-a549-b464c2b162a1"; - # Unlock LUKS disk over ssh - boot.initrd.network.enable = true; - boot.initrd.kernelModules = [ "e1000" "e1000e" "virtio_pci" ]; - boot.initrd.network.ssh = { - enable = true; - port = 22; - hostKeys = [ - "/secret/ssh_host_rsa_key" - "/secret/ssh_host_ed25519_key" - ]; - authorizedKeys = config.users.users.googlebot.openssh.authorizedKeys.keys; - }; - - # TODO is this needed? - boot.initrd.postDeviceCommands = '' - echo 'waiting for root device to be opened...' - mkfifo /crypt-ramfs/passphrase - echo /crypt-ramfs/passphrase >> /dev/null - ''; - - # Make machine accessable over tor for boot unlock - boot.initrd.secrets = { - "/etc/tor/onion/bootup" = /secret/onion; - }; - boot.initrd.extraUtilsCommands = '' - copy_bin_and_libs ${pkgs.tor}/bin/tor - copy_bin_and_libs ${pkgs.haveged}/bin/haveged - ''; - # start tor during boot process - boot.initrd.network.postCommands = let - torRc = (pkgs.writeText "tor.rc" '' - DataDirectory /etc/tor - SOCKSPort 127.0.0.1:9050 IsolateDestAddr - SOCKSPort 127.0.0.1:9063 - HiddenServiceDir /etc/tor/onion/bootup - HiddenServicePort 22 127.0.0.1:22 - ''); - in '' - # Add nice prompt for giving LUKS passphrase over ssh - echo 'read -s -p "Unlock Passphrase: " passphrase && echo $passphrase > /crypt-ramfs/passphrase && exit' >> /root/.profile - - echo "tor: preparing onion folder" - # have to do this otherwise tor does not want to start - chmod -R 700 /etc/tor - - echo "make sure localhost is up" - ip a a 127.0.0.1/8 dev lo - ip link set lo up - - echo "haveged: starting haveged" - haveged -F & - - echo "tor: starting tor" - tor -f ${torRc} --verify-config - tor -f ${torRc} & - ''; - system.stateVersion = "20.09"; } diff --git a/reg/configuration.nix b/reg/configuration.nix index c349c22..d717630 100644 --- a/reg/configuration.nix +++ b/reg/configuration.nix @@ -3,11 +3,11 @@ { imports = [ ./hardware-configuration.nix - ./efi.nix - ./common.nix - ./luks.nix - ./touchpad.nix - ./de.nix + ../common/common.nix + ../common/efi.nix + ../common/luks.nix + ../common/pc/de.nix + ../common/pc/touchpad.nix ]; networking.hostName = "reg"; diff --git a/reg/flakes.nix b/reg/flakes.nix deleted file mode 100644 index aa60c1e..0000000 --- a/reg/flakes.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, ... }: - -{ - nix = { - package = pkgs.nixFlakes; - extraOptions = '' - experimental-features = nix-command flakes - ''; - }; -}