Move the public keys out of secrets
This commit is contained in:
parent
df1532ece0
commit
00ab80d1b8
|
@ -31,7 +31,7 @@
|
|||
let
|
||||
mkNixos = modules: nixpkgs.lib.nixosSystem {
|
||||
inherit modules;
|
||||
specialArgs = { inherit nixpkgs unstable hardware lanzaboote mailserver minecraft; };
|
||||
specialArgs = { inherit nixpkgs unstable hardware lanzaboote agenix mailserver minecraft; };
|
||||
};
|
||||
|
||||
mkHome = modules: pkgs: home-manager.lib.homeManagerConfiguration {
|
||||
|
@ -51,7 +51,6 @@
|
|||
"jimbo@firefly" = mkHome [ ./hosts/firefly/home ] nixpkgs.legacyPackages.x86_64-linux;
|
||||
"jimbo@cyberspark" = mkHome [ ./hosts/cyberspark/home ] nixpkgs.legacyPackages.x86_64-linux;
|
||||
"jimbo@shuttleworth" = mkHome [ ./hosts/shuttleworth/home ] nixpkgs.legacyPackages.aarch64-linux;
|
||||
"jimbo@guest" = mkHome [ ./hosts/guest/home ] nixpkgs.legacyPackages.x86_64-linux;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
1
hosts/cyberspark/id_ed25519.pub
Normal file
1
hosts/cyberspark/id_ed25519.pub
Normal file
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKC8Uqxb09V3msBgDv6lD/nETMYr/X0OgtpDo8ldcMK
|
|
@ -3,6 +3,7 @@
|
|||
imports = [
|
||||
./hardware
|
||||
|
||||
# Apps and programs
|
||||
../../../modules/system
|
||||
../../../modules/system/accounts
|
||||
../../../modules/system/devices/filesystems
|
||||
|
@ -15,9 +16,11 @@
|
|||
../../../modules/system/services/common
|
||||
../../../modules/system/services/server
|
||||
|
||||
# Misc
|
||||
../../../overlays
|
||||
../../../variables
|
||||
|
||||
# Imports
|
||||
mailserver.nixosModule
|
||||
];
|
||||
|
||||
|
|
|
@ -12,8 +12,10 @@
|
|||
../../../modules/home/utils
|
||||
|
||||
# Misc
|
||||
nur.nixosModules.nur
|
||||
../../../overlays
|
||||
../../../variables
|
||||
|
||||
# Imports
|
||||
nur.nixosModules.nur
|
||||
];
|
||||
}
|
||||
|
|
1
hosts/firefly/id_ed25519.pub
Normal file
1
hosts/firefly/id_ed25519.pub
Normal file
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC2lMkUd+BbXITE5LTg94hEzmA6UKsIIbaf5YOjGoLzl
|
|
@ -1,4 +1,4 @@
|
|||
{ lanzaboote, ... }:
|
||||
{ agenix, lanzaboote, ... }:
|
||||
{
|
||||
imports = [
|
||||
./hardware
|
||||
|
@ -13,11 +13,14 @@
|
|||
../../../variables
|
||||
|
||||
# Devices and hardware
|
||||
lanzaboote.nixosModules.lanzaboote
|
||||
../../../modules/system/devices
|
||||
../../../modules/system/devices/boot/lanzaboote
|
||||
../../../modules/system/devices/video/nvidia
|
||||
../../../modules/system/devices/networking/firewall/pc
|
||||
|
||||
# Imports
|
||||
agenix.nixosModules.default
|
||||
lanzaboote.nixosModules.lanzaboote
|
||||
];
|
||||
|
||||
networking.hostName = "firefly";
|
||||
|
|
|
@ -24,7 +24,7 @@ in {
|
|||
];
|
||||
|
||||
boot = {
|
||||
kernelPackages = pkgs.unstable.linuxPackages_latest;
|
||||
kernelPackages = pkgs.unstable.linuxPackages_zen;
|
||||
blacklistedKernelModules = [
|
||||
"pcspkr"
|
||||
];
|
||||
|
|
1
hosts/shuttleworth/id_ed25519.pub
Normal file
1
hosts/shuttleworth/id_ed25519.pub
Normal file
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK+L723mCLy9/9UAXwkY3+06Oq22dOj+lDnA0lMLbrsR
|
|
@ -5,7 +5,13 @@
|
|||
description = "Jimbo";
|
||||
hashedPassword = config.secrets.jimboAccPass;
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = config.secrets.jimKeys;
|
||||
openssh.authorizedKeys.keys = [
|
||||
(builtins.readFile ../../../../../hosts/firefly/id_ed25519.pub)
|
||||
(builtins.readFile ../../../../../hosts/cyberspark/id_ed25519.pub)
|
||||
(builtins.readFile ../../../../../hosts/shuttleworth/id_ed25519.pub)
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 pixel9"
|
||||
];
|
||||
|
||||
extraGroups = [
|
||||
"wheel"
|
||||
"audio"
|
||||
|
|
|
@ -2,7 +2,24 @@
|
|||
{
|
||||
services = {
|
||||
# Configure greetd for "auto" login (single user only)
|
||||
greetd = {
|
||||
greetd = let
|
||||
startSway = pkgs.writeScript "startsway" ''
|
||||
if lspci -k | grep "Kernel driver in use: nvidia" &> /dev/null; then
|
||||
export LIBVA_DRIVER_NAME=nvidia
|
||||
export GBM_BACKEND=nvidia-drm
|
||||
export __GLX_VENDOR_LIBRARY_NAME=nvidia
|
||||
export WLR_NO_HARDWARE_CURSORS=1
|
||||
else
|
||||
:
|
||||
fi
|
||||
|
||||
export WLR_RENDERER=vulkan
|
||||
export XDG_CURRENT_DESKTOP=sway
|
||||
export QT_QPA_PLATFORM="wayland;xcb"
|
||||
|
||||
sway --unsupported-gpu
|
||||
'';
|
||||
in {
|
||||
enable = true;
|
||||
restart = true;
|
||||
settings = {
|
||||
|
@ -11,22 +28,7 @@
|
|||
switch = true;
|
||||
};
|
||||
default_session = {
|
||||
command = ''
|
||||
if lspci -k | grep "Kernel driver in use: nvidia" &> /dev/null; then
|
||||
export LIBVA_DRIVER_NAME=nvidia
|
||||
export GBM_BACKEND=nvidia-drm
|
||||
export __GLX_VENDOR_LIBRARY_NAME=nvidia
|
||||
export WLR_NO_HARDWARE_CURSORS=1
|
||||
else
|
||||
:
|
||||
fi
|
||||
|
||||
export WLR_RENDERER=vulkan
|
||||
export XDG_CURRENT_DESKTOP=sway
|
||||
export QT_QPA_PLATFORM="wayland;xcb"
|
||||
|
||||
sway --unsupported-gpu
|
||||
'';
|
||||
command = "${startSway}";
|
||||
user = "jimbo";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
hardware.nvidia = {
|
||||
modesetting.enable = true;
|
||||
nvidiaSettings = false;
|
||||
package = config.boot.kernelPackages.nvidiaPackages.beta;
|
||||
package = config.boot.kernelPackages.nvidiaPackages.latest;
|
||||
open = false;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -10,8 +10,6 @@
|
|||
./servers/uberbeta
|
||||
];
|
||||
|
||||
nixpkgs.overlays = [ minecraft.overlay ];
|
||||
|
||||
services.minecraft-servers = {
|
||||
enable = true;
|
||||
eula = true;
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
{ unstable, ... }:
|
||||
{ unstable, minecraft, ... }:
|
||||
{
|
||||
nixpkgs.overlays = [
|
||||
(import ./unstable { inherit unstable; })
|
||||
(final: _prev: import ./packages { pkgs = final; })
|
||||
(import ./mpv)
|
||||
minecraft.overlay
|
||||
];
|
||||
}
|
||||
|
|
Binary file not shown.
Loading…
Reference in a new issue