From 033d8f162ee4797d66f9360eddd1ab1d9a8dd22f Mon Sep 17 00:00:00 2001 From: Jimbo Date: Fri, 18 Oct 2024 15:44:38 -0400 Subject: [PATCH] Add Chromebook to the roster without secrets --- hosts/lacros/system/boot/default.nix | 13 ++++ hosts/lacros/system/default.nix | 1 + hosts/lacros/system/hardware/default.nix | 96 +++++++++++------------- variables/secrets/default.nix | 65 ---------------- 4 files changed, 56 insertions(+), 119 deletions(-) create mode 100644 hosts/lacros/system/boot/default.nix delete mode 100644 variables/secrets/default.nix diff --git a/hosts/lacros/system/boot/default.nix b/hosts/lacros/system/boot/default.nix new file mode 100644 index 0000000..c327671 --- /dev/null +++ b/hosts/lacros/system/boot/default.nix @@ -0,0 +1,13 @@ +{ ... }: +{ + boot.initrd = { + systemd.enable = true; + luks.devices = { + crypt-mmc = { + device = "/dev/disk/by-uuid/5906e176-7ad3-41e5-bc45-ae65664eb10c"; + preLVM = true; + allowDiscards = true; + }; + }; + }; +} diff --git a/hosts/lacros/system/default.nix b/hosts/lacros/system/default.nix index 2e8ad70..8ceb231 100644 --- a/hosts/lacros/system/default.nix +++ b/hosts/lacros/system/default.nix @@ -2,6 +2,7 @@ { imports = [ ./hardware + ./boot # Apps and programs ../../../modules/system diff --git a/hosts/lacros/system/hardware/default.nix b/hosts/lacros/system/hardware/default.nix index 021d994..8b8c889 100644 --- a/hosts/lacros/system/hardware/default.nix +++ b/hosts/lacros/system/hardware/default.nix @@ -1,78 +1,66 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. { config, lib, pkgs, modulesPath, ... }: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot = { - initrd = { - availableKernelModules = [ - "xhci_pci" - "usb_storage" - "sd_mod" - "sdhci_pci" - ]; - kernelModules = [ - "dm-snapshot" - "kvm-intel" - ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "sdhci_pci" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; - # Encryption and TPM - systemd.enable = true; - luks.devices = { - crypt-mmc = { - device = "/dev/disk/by-uuid/5906e176-7ad3-41e5-bc45-ae65664eb10c"; - preLVM = true; - allowDiscards = true; - }; - }; + fileSystems."/" = + { device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad"; + fsType = "btrfs"; + options = [ "subvol=@" ]; }; - }; - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad"; + fileSystems."/nix" = + { device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad"; fsType = "btrfs"; - options = [ "subvol=@" "noatime" "nodiratime" "discard" ]; + options = [ "subvol=@nix" ]; }; - "/home" = { - device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad"; + + fileSystems."/var" = + { device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad"; fsType = "btrfs"; - options = [ "subvol=@home" "noatime" "nodiratime" "discard" ]; + options = [ "subvol=@var" ]; }; - "/var" = { - device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad"; + + fileSystems."/.snapshots" = + { device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad"; fsType = "btrfs"; - options = [ "subvol=@var" "noatime" "nodiratime" "discard" ]; + options = [ "subvol=@snapshots" ]; }; - "/nix" = { - device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad"; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad"; fsType = "btrfs"; - options = [ "subvol=@nix" "noatime" "nodiratime" "discard" ]; + options = [ "subvol=@home" ]; }; - "/.snapshots" = { - device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad"; - fsType = "btrfs"; - options = [ "subvol=@snapshots" "noatime" "nodiratime" "discard" ]; - }; - "/boot" = { - device = "/dev/disk/by-uuid/1C76-1006"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/1C76-1006"; fsType = "vfat"; options = [ "fmask=0022" "dmask=0022" ]; }; - "/home/jimbo/JimboNFS" = { - device = "${config.ips.wgSpan}.1:/export/JimboNFS"; - fsType = "nfs4"; - options = ["x-systemd.automount" "_netdev" "nofail" "noauto"]; - }; - }; - swapDevices = [ - { device = "/dev/disk/by-uuid/54a9cc22-4a2c-4e04-a968-313c34481489"; } - ]; + swapDevices = + [ { device = "/dev/disk/by-uuid/54a9cc22-4a2c-4e04-a968-313c34481489"; } + ]; + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wg0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/variables/secrets/default.nix b/variables/secrets/default.nix deleted file mode 100644 index 8b87e6c..0000000 --- a/variables/secrets/default.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ lib, config, ... }: -{ - options.secrets = lib.mkOption { - type = lib.types.attrs; - default = {}; - }; - - config.secrets = { - # Define domains - jimDomain = "jimbosfiles.com"; - - # User passwords, generated with 'mkpasswd -m sha-512' - jimboAccPass = "$6$gYpE.pG/zPXgin06$2kydjDfd0K62Dhf9P0PFvJhRNz6xIC/bHYaf/XYqyKcLyZNzPQpy8uy9tCRcSYlj1wwBhzVtTRyItwajOHCEj0"; - - # Cloudflare API key - flareApiKey = "ICUi1Zj0e_boCkeUJbXP9dJusv_qX_zhKWQGPcFe"; - - # Wireguard keys, generated with the wg command - wgServerPriv = "WHxxi53Yp8NRZhT+BQnvC62BckOeG1x2SOvkWlm0tGo="; - wgServerPub = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8="; - wgClientPriv = "MK9j0eYlgv+MZ9sSYO6C3lfqScpLPwcBqEckJ7o7tU4="; - wgClientPub = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0="; - wgPixel9Pub = "dPCtjm67adMZCnyL1O2L+uUOk0RbjA9T/tht1r+qcE4="; - wgOraclePub = "ZCKlYHl7uKjDRsvIDH9hLgiMCpxKG8Jn70gjwmtdqRk="; - - # Icecast, plaintext - castAdminPass = "Gw9P8tW$omeq#reZA$b^jDy9VN"; - castSourcePass = "KkFDeM0SHIL*s6!d4x*a4b#bcq"; - - # Photoprism, plaintext - prismAdminPass = "gr3SkIqSBjDmypyxU!Zj9*CJ4X"; - - # Matrix secrets - matrixSecret = "bea7db528a95d8225c5fe6bf92614816fe9d31496b510dff78b1608cfb36f82a"; - discordBotID = "1277874425810915430"; - discordBotToken = "MTI3Nzg3NDQyNTgxMDkxNTQzMA.GvnfmN.wmNGJs7_lpkoz-XHkIEPhMh47MfsRZmbfFVOT8"; - - # Pixelfed secret, must be 32 characters long - pixelfedKey = ''APP_KEY=W9qein6055k9GdvwGbdJ6WxQ71Lr51cQ''; - - # Transmission credentials, plaintext - transmissionCredFile = '' - { - "rpc-username": "jimbo", - "rpc-password": "w%QbIEZhoi4jh*j*PKaZLkKk96" - } - ''; - - # Email cleartext passwords - noreplyPassword = "5mpEp3P^n6A%r3fznJA5"; - - # Email account hashes, generated with 'mkpasswd -m bcrypt' - noreplyMailHash = "$2b$05$7VibcFKXy5Ff9sUMh3KWBeSXkInXNeaADa71Md/swt5RCk5s7UnM2"; - jimboMailHash = "$2a$12$vHeFInRpfp.lpfR/k8ptNecs3ztKjkRTr9hae0DP8yEN1ZHKM2sxe"; - lunaMailHash = "$2y$10$ksBfmuuojCWnzFqpBDoE/OoGZyqfP.Luo2il7wWcqHemHgqhpQdi6"; - freecornMailHash = "$2b$05$7EF0TV39XzTYPIdWOoMnlegX8qLkcHxUytkvAt5sRDQE1oquAFTqm"; - tinyMailHash = "$2a$12$beq/ZO3hRz5mmGe9Cvvx8u/sNJcjVHlQQ5axv8IBmdJav60n7fuK6"; - - # IPs - jimIP1 = "99.247.177.43"; - jimIP2 = "184.144.76.19"; - lunaIP = "71.87.124.226"; - cornIP = "24.66.98.13"; - }; -}