Add Chromebook to the roster without secrets

2024-10-18 15:44:38 -04:00 · 2024-10-18 15:44:38 -04:00 · 033d8f162e
parent 95155e9e93
commit 033d8f162e
4 changed files with 56 additions and 119 deletions
--- a/hosts/lacros/system/boot/default.nix
+++ b/hosts/lacros/system/boot/default.nix
@ -0,0 +1,13 @@
+{ ... }:
+{
+  boot.initrd = {
+    systemd.enable = true;
+    luks.devices = {
+      crypt-mmc = {
+        device = "/dev/disk/by-uuid/5906e176-7ad3-41e5-bc45-ae65664eb10c";
+        preLVM = true;
+        allowDiscards = true;
+      };
+    };
+  };
+}
--- a/hosts/lacros/system/default.nix
+++ b/hosts/lacros/system/default.nix
@ -2,6 +2,7 @@
 {
  imports = [
    ./hardware
+    ./boot

    # Apps and programs
    ../../../modules/system
--- a/hosts/lacros/system/hardware/default.nix
+++ b/hosts/lacros/system/hardware/default.nix
@ -1,78 +1,66 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:

 {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];

-  boot = {
-    initrd = {
-      availableKernelModules = [
-        "xhci_pci"
-        "usb_storage"
-        "sd_mod"
-        "sdhci_pci"
-      ];
-      kernelModules = [
-        "dm-snapshot"
-        "kvm-intel"
-      ];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];

-      # Encryption and TPM
-      systemd.enable = true;
-      luks.devices = {
-        crypt-mmc = {
-          device = "/dev/disk/by-uuid/5906e176-7ad3-41e5-bc45-ae65664eb10c";
-          preLVM = true;
-          allowDiscards = true;
-        };
-      };
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
+      fsType = "btrfs";
+      options = [ "subvol=@" ];
    };
-  };

-  fileSystems = {
-    "/" = {
-      device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
+  fileSystems."/nix" =
+    { device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
      fsType = "btrfs";
-      options = [ "subvol=@" "noatime" "nodiratime" "discard" ];
+      options = [ "subvol=@nix" ];
    };
-    "/home" = {
-      device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
+
+  fileSystems."/var" =
+    { device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
      fsType = "btrfs";
-      options = [ "subvol=@home" "noatime" "nodiratime" "discard" ];
+      options = [ "subvol=@var" ];
    };
-    "/var" = {
-      device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
+
+  fileSystems."/.snapshots" =
+    { device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
      fsType = "btrfs";
-      options = [ "subvol=@var" "noatime" "nodiratime" "discard" ];
+      options = [ "subvol=@snapshots" ];
    };
-    "/nix" = {
-      device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
      fsType = "btrfs";
-      options = [ "subvol=@nix" "noatime" "nodiratime" "discard" ];
+      options = [ "subvol=@home" ];
    };
-    "/.snapshots" = {
-      device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
-      fsType = "btrfs";
-      options = [ "subvol=@snapshots" "noatime" "nodiratime" "discard" ];
-    };
-    "/boot" = {
-      device = "/dev/disk/by-uuid/1C76-1006";
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/1C76-1006";
      fsType = "vfat";
      options = [ "fmask=0022" "dmask=0022" ];
    };
-    "/home/jimbo/JimboNFS" = {
-      device = "${config.ips.wgSpan}.1:/export/JimboNFS";
-      fsType = "nfs4";
-      options = ["x-systemd.automount" "_netdev" "nofail" "noauto"];
-    };
-  };

-  swapDevices = [
-    { device = "/dev/disk/by-uuid/54a9cc22-4a2c-4e04-a968-313c34481489"; }
-  ];
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/54a9cc22-4a2c-4e04-a968-313c34481489"; }
+    ];

+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wg0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
+
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/variables/secrets/default.nix
+++ b/variables/secrets/default.nix
@ -1,65 +0,0 @@
-{ lib, config, ... }:
-{
-  options.secrets = lib.mkOption {
-    type = lib.types.attrs;
-    default = {};
-  };
-
-  config.secrets = {
-    # Define domains
-    jimDomain = "jimbosfiles.com";
-
-    # User passwords, generated with 'mkpasswd -m sha-512'
-    jimboAccPass = "$6$gYpE.pG/zPXgin06$2kydjDfd0K62Dhf9P0PFvJhRNz6xIC/bHYaf/XYqyKcLyZNzPQpy8uy9tCRcSYlj1wwBhzVtTRyItwajOHCEj0";
-
-    # Cloudflare API key
-    flareApiKey = "ICUi1Zj0e_boCkeUJbXP9dJusv_qX_zhKWQGPcFe";
-
-    # Wireguard keys, generated with the wg command
-    wgServerPriv = "WHxxi53Yp8NRZhT+BQnvC62BckOeG1x2SOvkWlm0tGo=";
-    wgServerPub = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
-    wgClientPriv = "MK9j0eYlgv+MZ9sSYO6C3lfqScpLPwcBqEckJ7o7tU4=";
-    wgClientPub = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0=";
-    wgPixel9Pub = "dPCtjm67adMZCnyL1O2L+uUOk0RbjA9T/tht1r+qcE4=";
-    wgOraclePub = "ZCKlYHl7uKjDRsvIDH9hLgiMCpxKG8Jn70gjwmtdqRk=";
-
-    # Icecast, plaintext
-    castAdminPass = "Gw9P8tW$omeq#reZA$b^jDy9VN";
-    castSourcePass = "KkFDeM0SHIL*s6!d4x*a4b#bcq";
-
-    # Photoprism, plaintext
-    prismAdminPass = "gr3SkIqSBjDmypyxU!Zj9*CJ4X";
-
-    # Matrix secrets
-    matrixSecret = "bea7db528a95d8225c5fe6bf92614816fe9d31496b510dff78b1608cfb36f82a";
-    discordBotID = "1277874425810915430";
-    discordBotToken = "MTI3Nzg3NDQyNTgxMDkxNTQzMA.GvnfmN.wmNGJs7_lpkoz-XHkIEPhMh47MfsRZmbfFVOT8";
-
-    # Pixelfed secret, must be 32 characters long
-    pixelfedKey = ''APP_KEY=W9qein6055k9GdvwGbdJ6WxQ71Lr51cQ'';
-
-    # Transmission credentials, plaintext
-    transmissionCredFile = ''
-      {
-        "rpc-username": "jimbo",
-        "rpc-password": "w%QbIEZhoi4jh*j*PKaZLkKk96"
-      }
-    '';
-
-    # Email cleartext passwords
-    noreplyPassword = "5mpEp3P^n6A%r3fznJA5";
-
-    # Email account hashes, generated with 'mkpasswd -m bcrypt'
-    noreplyMailHash = "$2b$05$7VibcFKXy5Ff9sUMh3KWBeSXkInXNeaADa71Md/swt5RCk5s7UnM2";
-    jimboMailHash = "$2a$12$vHeFInRpfp.lpfR/k8ptNecs3ztKjkRTr9hae0DP8yEN1ZHKM2sxe";
-    lunaMailHash = "$2y$10$ksBfmuuojCWnzFqpBDoE/OoGZyqfP.Luo2il7wWcqHemHgqhpQdi6";
-    freecornMailHash = "$2b$05$7EF0TV39XzTYPIdWOoMnlegX8qLkcHxUytkvAt5sRDQE1oquAFTqm";
-    tinyMailHash = "$2a$12$beq/ZO3hRz5mmGe9Cvvx8u/sNJcjVHlQQ5axv8IBmdJav60n7fuK6";
-
-    # IPs
-    jimIP1 = "99.247.177.43";
-    jimIP2 = "184.144.76.19";
-    lunaIP = "71.87.124.226";
-    cornIP = "24.66.98.13";
-  };
-}