Move the public keys out of secrets

This commit is contained in:
Jimbo 2024-10-15 22:41:19 -04:00
parent df1532ece0
commit 00ab80d1b8
14 changed files with 45 additions and 28 deletions

View file

@ -31,7 +31,7 @@
let let
mkNixos = modules: nixpkgs.lib.nixosSystem { mkNixos = modules: nixpkgs.lib.nixosSystem {
inherit modules; inherit modules;
specialArgs = { inherit nixpkgs unstable hardware lanzaboote mailserver minecraft; }; specialArgs = { inherit nixpkgs unstable hardware lanzaboote agenix mailserver minecraft; };
}; };
mkHome = modules: pkgs: home-manager.lib.homeManagerConfiguration { mkHome = modules: pkgs: home-manager.lib.homeManagerConfiguration {
@ -51,7 +51,6 @@
"jimbo@firefly" = mkHome [ ./hosts/firefly/home ] nixpkgs.legacyPackages.x86_64-linux; "jimbo@firefly" = mkHome [ ./hosts/firefly/home ] nixpkgs.legacyPackages.x86_64-linux;
"jimbo@cyberspark" = mkHome [ ./hosts/cyberspark/home ] nixpkgs.legacyPackages.x86_64-linux; "jimbo@cyberspark" = mkHome [ ./hosts/cyberspark/home ] nixpkgs.legacyPackages.x86_64-linux;
"jimbo@shuttleworth" = mkHome [ ./hosts/shuttleworth/home ] nixpkgs.legacyPackages.aarch64-linux; "jimbo@shuttleworth" = mkHome [ ./hosts/shuttleworth/home ] nixpkgs.legacyPackages.aarch64-linux;
"jimbo@guest" = mkHome [ ./hosts/guest/home ] nixpkgs.legacyPackages.x86_64-linux;
}; };
}; };
} }

View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKC8Uqxb09V3msBgDv6lD/nETMYr/X0OgtpDo8ldcMK

View file

@ -3,6 +3,7 @@
imports = [ imports = [
./hardware ./hardware
# Apps and programs
../../../modules/system ../../../modules/system
../../../modules/system/accounts ../../../modules/system/accounts
../../../modules/system/devices/filesystems ../../../modules/system/devices/filesystems
@ -15,9 +16,11 @@
../../../modules/system/services/common ../../../modules/system/services/common
../../../modules/system/services/server ../../../modules/system/services/server
# Misc
../../../overlays ../../../overlays
../../../variables ../../../variables
# Imports
mailserver.nixosModule mailserver.nixosModule
]; ];

View file

@ -12,8 +12,10 @@
../../../modules/home/utils ../../../modules/home/utils
# Misc # Misc
nur.nixosModules.nur
../../../overlays ../../../overlays
../../../variables ../../../variables
# Imports
nur.nixosModules.nur
]; ];
} }

View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC2lMkUd+BbXITE5LTg94hEzmA6UKsIIbaf5YOjGoLzl

View file

@ -1,4 +1,4 @@
{ lanzaboote, ... }: { agenix, lanzaboote, ... }:
{ {
imports = [ imports = [
./hardware ./hardware
@ -13,11 +13,14 @@
../../../variables ../../../variables
# Devices and hardware # Devices and hardware
lanzaboote.nixosModules.lanzaboote
../../../modules/system/devices ../../../modules/system/devices
../../../modules/system/devices/boot/lanzaboote ../../../modules/system/devices/boot/lanzaboote
../../../modules/system/devices/video/nvidia ../../../modules/system/devices/video/nvidia
../../../modules/system/devices/networking/firewall/pc ../../../modules/system/devices/networking/firewall/pc
# Imports
agenix.nixosModules.default
lanzaboote.nixosModules.lanzaboote
]; ];
networking.hostName = "firefly"; networking.hostName = "firefly";

View file

@ -24,7 +24,7 @@ in {
]; ];
boot = { boot = {
kernelPackages = pkgs.unstable.linuxPackages_latest; kernelPackages = pkgs.unstable.linuxPackages_zen;
blacklistedKernelModules = [ blacklistedKernelModules = [
"pcspkr" "pcspkr"
]; ];

View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK+L723mCLy9/9UAXwkY3+06Oq22dOj+lDnA0lMLbrsR

View file

@ -5,7 +5,13 @@
description = "Jimbo"; description = "Jimbo";
hashedPassword = config.secrets.jimboAccPass; hashedPassword = config.secrets.jimboAccPass;
isNormalUser = true; isNormalUser = true;
openssh.authorizedKeys.keys = config.secrets.jimKeys; openssh.authorizedKeys.keys = [
(builtins.readFile ../../../../../hosts/firefly/id_ed25519.pub)
(builtins.readFile ../../../../../hosts/cyberspark/id_ed25519.pub)
(builtins.readFile ../../../../../hosts/shuttleworth/id_ed25519.pub)
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 pixel9"
];
extraGroups = [ extraGroups = [
"wheel" "wheel"
"audio" "audio"

View file

@ -2,7 +2,24 @@
{ {
services = { services = {
# Configure greetd for "auto" login (single user only) # Configure greetd for "auto" login (single user only)
greetd = { greetd = let
startSway = pkgs.writeScript "startsway" ''
if lspci -k | grep "Kernel driver in use: nvidia" &> /dev/null; then
export LIBVA_DRIVER_NAME=nvidia
export GBM_BACKEND=nvidia-drm
export __GLX_VENDOR_LIBRARY_NAME=nvidia
export WLR_NO_HARDWARE_CURSORS=1
else
:
fi
export WLR_RENDERER=vulkan
export XDG_CURRENT_DESKTOP=sway
export QT_QPA_PLATFORM="wayland;xcb"
sway --unsupported-gpu
'';
in {
enable = true; enable = true;
restart = true; restart = true;
settings = { settings = {
@ -11,22 +28,7 @@
switch = true; switch = true;
}; };
default_session = { default_session = {
command = '' command = "${startSway}";
if lspci -k | grep "Kernel driver in use: nvidia" &> /dev/null; then
export LIBVA_DRIVER_NAME=nvidia
export GBM_BACKEND=nvidia-drm
export __GLX_VENDOR_LIBRARY_NAME=nvidia
export WLR_NO_HARDWARE_CURSORS=1
else
:
fi
export WLR_RENDERER=vulkan
export XDG_CURRENT_DESKTOP=sway
export QT_QPA_PLATFORM="wayland;xcb"
sway --unsupported-gpu
'';
user = "jimbo"; user = "jimbo";
}; };
}; };

View file

@ -4,7 +4,7 @@
hardware.nvidia = { hardware.nvidia = {
modesetting.enable = true; modesetting.enable = true;
nvidiaSettings = false; nvidiaSettings = false;
package = config.boot.kernelPackages.nvidiaPackages.beta; package = config.boot.kernelPackages.nvidiaPackages.latest;
open = false; open = false;
}; };
} }

View file

@ -10,8 +10,6 @@
./servers/uberbeta ./servers/uberbeta
]; ];
nixpkgs.overlays = [ minecraft.overlay ];
services.minecraft-servers = { services.minecraft-servers = {
enable = true; enable = true;
eula = true; eula = true;

View file

@ -1,8 +1,9 @@
{ unstable, ... }: { unstable, minecraft, ... }:
{ {
nixpkgs.overlays = [ nixpkgs.overlays = [
(import ./unstable { inherit unstable; }) (import ./unstable { inherit unstable; })
(final: _prev: import ./packages { pkgs = final; }) (final: _prev: import ./packages { pkgs = final; })
(import ./mpv) (import ./mpv)
minecraft.overlay
]; ];
} }

Binary file not shown.