Add Chromebook to the roster without secrets
This commit is contained in:
parent
95155e9e93
commit
033d8f162e
13
hosts/lacros/system/boot/default.nix
Normal file
13
hosts/lacros/system/boot/default.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
{ ... }:
|
||||
{
|
||||
boot.initrd = {
|
||||
systemd.enable = true;
|
||||
luks.devices = {
|
||||
crypt-mmc = {
|
||||
device = "/dev/disk/by-uuid/5906e176-7ad3-41e5-bc45-ae65664eb10c";
|
||||
preLVM = true;
|
||||
allowDiscards = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -2,6 +2,7 @@
|
|||
{
|
||||
imports = [
|
||||
./hardware
|
||||
./boot
|
||||
|
||||
# Apps and programs
|
||||
../../../modules/system
|
||||
|
|
|
@ -1,78 +1,66 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot = {
|
||||
initrd = {
|
||||
availableKernelModules = [
|
||||
"xhci_pci"
|
||||
"usb_storage"
|
||||
"sd_mod"
|
||||
"sdhci_pci"
|
||||
];
|
||||
kernelModules = [
|
||||
"dm-snapshot"
|
||||
"kvm-intel"
|
||||
];
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "sdhci_pci" ];
|
||||
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
# Encryption and TPM
|
||||
systemd.enable = true;
|
||||
luks.devices = {
|
||||
crypt-mmc = {
|
||||
device = "/dev/disk/by-uuid/5906e176-7ad3-41e5-bc45-ae65664eb10c";
|
||||
preLVM = true;
|
||||
allowDiscards = true;
|
||||
};
|
||||
};
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@" ];
|
||||
};
|
||||
};
|
||||
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
|
||||
fileSystems."/nix" =
|
||||
{ device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@" "noatime" "nodiratime" "discard" ];
|
||||
options = [ "subvol=@nix" ];
|
||||
};
|
||||
"/home" = {
|
||||
device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
|
||||
|
||||
fileSystems."/var" =
|
||||
{ device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@home" "noatime" "nodiratime" "discard" ];
|
||||
options = [ "subvol=@var" ];
|
||||
};
|
||||
"/var" = {
|
||||
device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
|
||||
|
||||
fileSystems."/.snapshots" =
|
||||
{ device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@var" "noatime" "nodiratime" "discard" ];
|
||||
options = [ "subvol=@snapshots" ];
|
||||
};
|
||||
"/nix" = {
|
||||
device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
|
||||
|
||||
fileSystems."/home" =
|
||||
{ device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@nix" "noatime" "nodiratime" "discard" ];
|
||||
options = [ "subvol=@home" ];
|
||||
};
|
||||
"/.snapshots" = {
|
||||
device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@snapshots" "noatime" "nodiratime" "discard" ];
|
||||
};
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-uuid/1C76-1006";
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/1C76-1006";
|
||||
fsType = "vfat";
|
||||
options = [ "fmask=0022" "dmask=0022" ];
|
||||
};
|
||||
"/home/jimbo/JimboNFS" = {
|
||||
device = "${config.ips.wgSpan}.1:/export/JimboNFS";
|
||||
fsType = "nfs4";
|
||||
options = ["x-systemd.automount" "_netdev" "nofail" "noauto"];
|
||||
};
|
||||
};
|
||||
|
||||
swapDevices = [
|
||||
{ device = "/dev/disk/by-uuid/54a9cc22-4a2c-4e04-a968-313c34481489"; }
|
||||
];
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/54a9cc22-4a2c-4e04-a968-313c34481489"; }
|
||||
];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wg0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
||||
|
|
|
@ -1,65 +0,0 @@
|
|||
{ lib, config, ... }:
|
||||
{
|
||||
options.secrets = lib.mkOption {
|
||||
type = lib.types.attrs;
|
||||
default = {};
|
||||
};
|
||||
|
||||
config.secrets = {
|
||||
# Define domains
|
||||
jimDomain = "jimbosfiles.com";
|
||||
|
||||
# User passwords, generated with 'mkpasswd -m sha-512'
|
||||
jimboAccPass = "$6$gYpE.pG/zPXgin06$2kydjDfd0K62Dhf9P0PFvJhRNz6xIC/bHYaf/XYqyKcLyZNzPQpy8uy9tCRcSYlj1wwBhzVtTRyItwajOHCEj0";
|
||||
|
||||
# Cloudflare API key
|
||||
flareApiKey = "ICUi1Zj0e_boCkeUJbXP9dJusv_qX_zhKWQGPcFe";
|
||||
|
||||
# Wireguard keys, generated with the wg command
|
||||
wgServerPriv = "WHxxi53Yp8NRZhT+BQnvC62BckOeG1x2SOvkWlm0tGo=";
|
||||
wgServerPub = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
|
||||
wgClientPriv = "MK9j0eYlgv+MZ9sSYO6C3lfqScpLPwcBqEckJ7o7tU4=";
|
||||
wgClientPub = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0=";
|
||||
wgPixel9Pub = "dPCtjm67adMZCnyL1O2L+uUOk0RbjA9T/tht1r+qcE4=";
|
||||
wgOraclePub = "ZCKlYHl7uKjDRsvIDH9hLgiMCpxKG8Jn70gjwmtdqRk=";
|
||||
|
||||
# Icecast, plaintext
|
||||
castAdminPass = "Gw9P8tW$omeq#reZA$b^jDy9VN";
|
||||
castSourcePass = "KkFDeM0SHIL*s6!d4x*a4b#bcq";
|
||||
|
||||
# Photoprism, plaintext
|
||||
prismAdminPass = "gr3SkIqSBjDmypyxU!Zj9*CJ4X";
|
||||
|
||||
# Matrix secrets
|
||||
matrixSecret = "bea7db528a95d8225c5fe6bf92614816fe9d31496b510dff78b1608cfb36f82a";
|
||||
discordBotID = "1277874425810915430";
|
||||
discordBotToken = "MTI3Nzg3NDQyNTgxMDkxNTQzMA.GvnfmN.wmNGJs7_lpkoz-XHkIEPhMh47MfsRZmbfFVOT8";
|
||||
|
||||
# Pixelfed secret, must be 32 characters long
|
||||
pixelfedKey = ''APP_KEY=W9qein6055k9GdvwGbdJ6WxQ71Lr51cQ'';
|
||||
|
||||
# Transmission credentials, plaintext
|
||||
transmissionCredFile = ''
|
||||
{
|
||||
"rpc-username": "jimbo",
|
||||
"rpc-password": "w%QbIEZhoi4jh*j*PKaZLkKk96"
|
||||
}
|
||||
'';
|
||||
|
||||
# Email cleartext passwords
|
||||
noreplyPassword = "5mpEp3P^n6A%r3fznJA5";
|
||||
|
||||
# Email account hashes, generated with 'mkpasswd -m bcrypt'
|
||||
noreplyMailHash = "$2b$05$7VibcFKXy5Ff9sUMh3KWBeSXkInXNeaADa71Md/swt5RCk5s7UnM2";
|
||||
jimboMailHash = "$2a$12$vHeFInRpfp.lpfR/k8ptNecs3ztKjkRTr9hae0DP8yEN1ZHKM2sxe";
|
||||
lunaMailHash = "$2y$10$ksBfmuuojCWnzFqpBDoE/OoGZyqfP.Luo2il7wWcqHemHgqhpQdi6";
|
||||
freecornMailHash = "$2b$05$7EF0TV39XzTYPIdWOoMnlegX8qLkcHxUytkvAt5sRDQE1oquAFTqm";
|
||||
tinyMailHash = "$2a$12$beq/ZO3hRz5mmGe9Cvvx8u/sNJcjVHlQQ5axv8IBmdJav60n7fuK6";
|
||||
|
||||
# IPs
|
||||
jimIP1 = "99.247.177.43";
|
||||
jimIP2 = "184.144.76.19";
|
||||
lunaIP = "71.87.124.226";
|
||||
cornIP = "24.66.98.13";
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue