Move the public keys out of secrets

This commit is contained in:
Jimbo 2024-10-15 22:41:19 -04:00
parent df1532ece0
commit 00ab80d1b8
14 changed files with 45 additions and 28 deletions

View file

@ -31,7 +31,7 @@
let
mkNixos = modules: nixpkgs.lib.nixosSystem {
inherit modules;
specialArgs = { inherit nixpkgs unstable hardware lanzaboote mailserver minecraft; };
specialArgs = { inherit nixpkgs unstable hardware lanzaboote agenix mailserver minecraft; };
};
mkHome = modules: pkgs: home-manager.lib.homeManagerConfiguration {
@ -51,7 +51,6 @@
"jimbo@firefly" = mkHome [ ./hosts/firefly/home ] nixpkgs.legacyPackages.x86_64-linux;
"jimbo@cyberspark" = mkHome [ ./hosts/cyberspark/home ] nixpkgs.legacyPackages.x86_64-linux;
"jimbo@shuttleworth" = mkHome [ ./hosts/shuttleworth/home ] nixpkgs.legacyPackages.aarch64-linux;
"jimbo@guest" = mkHome [ ./hosts/guest/home ] nixpkgs.legacyPackages.x86_64-linux;
};
};
}

View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKC8Uqxb09V3msBgDv6lD/nETMYr/X0OgtpDo8ldcMK

View file

@ -3,6 +3,7 @@
imports = [
./hardware
# Apps and programs
../../../modules/system
../../../modules/system/accounts
../../../modules/system/devices/filesystems
@ -15,9 +16,11 @@
../../../modules/system/services/common
../../../modules/system/services/server
# Misc
../../../overlays
../../../variables
# Imports
mailserver.nixosModule
];

View file

@ -12,8 +12,10 @@
../../../modules/home/utils
# Misc
nur.nixosModules.nur
../../../overlays
../../../variables
# Imports
nur.nixosModules.nur
];
}

View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC2lMkUd+BbXITE5LTg94hEzmA6UKsIIbaf5YOjGoLzl

View file

@ -1,4 +1,4 @@
{ lanzaboote, ... }:
{ agenix, lanzaboote, ... }:
{
imports = [
./hardware
@ -13,11 +13,14 @@
../../../variables
# Devices and hardware
lanzaboote.nixosModules.lanzaboote
../../../modules/system/devices
../../../modules/system/devices/boot/lanzaboote
../../../modules/system/devices/video/nvidia
../../../modules/system/devices/networking/firewall/pc
# Imports
agenix.nixosModules.default
lanzaboote.nixosModules.lanzaboote
];
networking.hostName = "firefly";

View file

@ -24,7 +24,7 @@ in {
];
boot = {
kernelPackages = pkgs.unstable.linuxPackages_latest;
kernelPackages = pkgs.unstable.linuxPackages_zen;
blacklistedKernelModules = [
"pcspkr"
];

View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK+L723mCLy9/9UAXwkY3+06Oq22dOj+lDnA0lMLbrsR

View file

@ -5,7 +5,13 @@
description = "Jimbo";
hashedPassword = config.secrets.jimboAccPass;
isNormalUser = true;
openssh.authorizedKeys.keys = config.secrets.jimKeys;
openssh.authorizedKeys.keys = [
(builtins.readFile ../../../../../hosts/firefly/id_ed25519.pub)
(builtins.readFile ../../../../../hosts/cyberspark/id_ed25519.pub)
(builtins.readFile ../../../../../hosts/shuttleworth/id_ed25519.pub)
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 pixel9"
];
extraGroups = [
"wheel"
"audio"

View file

@ -2,7 +2,24 @@
{
services = {
# Configure greetd for "auto" login (single user only)
greetd = {
greetd = let
startSway = pkgs.writeScript "startsway" ''
if lspci -k | grep "Kernel driver in use: nvidia" &> /dev/null; then
export LIBVA_DRIVER_NAME=nvidia
export GBM_BACKEND=nvidia-drm
export __GLX_VENDOR_LIBRARY_NAME=nvidia
export WLR_NO_HARDWARE_CURSORS=1
else
:
fi
export WLR_RENDERER=vulkan
export XDG_CURRENT_DESKTOP=sway
export QT_QPA_PLATFORM="wayland;xcb"
sway --unsupported-gpu
'';
in {
enable = true;
restart = true;
settings = {
@ -11,22 +28,7 @@
switch = true;
};
default_session = {
command = ''
if lspci -k | grep "Kernel driver in use: nvidia" &> /dev/null; then
export LIBVA_DRIVER_NAME=nvidia
export GBM_BACKEND=nvidia-drm
export __GLX_VENDOR_LIBRARY_NAME=nvidia
export WLR_NO_HARDWARE_CURSORS=1
else
:
fi
export WLR_RENDERER=vulkan
export XDG_CURRENT_DESKTOP=sway
export QT_QPA_PLATFORM="wayland;xcb"
sway --unsupported-gpu
'';
command = "${startSway}";
user = "jimbo";
};
};

View file

@ -4,7 +4,7 @@
hardware.nvidia = {
modesetting.enable = true;
nvidiaSettings = false;
package = config.boot.kernelPackages.nvidiaPackages.beta;
package = config.boot.kernelPackages.nvidiaPackages.latest;
open = false;
};
}

View file

@ -10,8 +10,6 @@
./servers/uberbeta
];
nixpkgs.overlays = [ minecraft.overlay ];
services.minecraft-servers = {
enable = true;
eula = true;

View file

@ -1,8 +1,9 @@
{ unstable, ... }:
{ unstable, minecraft, ... }:
{
nixpkgs.overlays = [
(import ./unstable { inherit unstable; })
(final: _prev: import ./packages { pkgs = final; })
(import ./mpv)
minecraft.overlay
];
}

Binary file not shown.