The Blue Update #1

Merged
Jimbo merged 101 commits from Refactor into main 2024-10-25 21:26:22 -04:00
4 changed files with 56 additions and 119 deletions
Showing only changes of commit 033d8f162e - Show all commits

View file

@ -0,0 +1,13 @@
{ ... }:
{
boot.initrd = {
systemd.enable = true;
luks.devices = {
crypt-mmc = {
device = "/dev/disk/by-uuid/5906e176-7ad3-41e5-bc45-ae65664eb10c";
preLVM = true;
allowDiscards = true;
};
};
};
}

View file

@ -2,6 +2,7 @@
{ {
imports = [ imports = [
./hardware ./hardware
./boot
# Apps and programs # Apps and programs
../../../modules/system ../../../modules/system

View file

@ -1,78 +1,66 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
{ {
imports = [ imports =
(modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot = { boot.initrd.availableKernelModules = [ "xhci_pci" "sdhci_pci" ];
initrd = { boot.initrd.kernelModules = [ "dm-snapshot" ];
availableKernelModules = [ boot.kernelModules = [ "kvm-intel" ];
"xhci_pci" boot.extraModulePackages = [ ];
"usb_storage"
"sd_mod"
"sdhci_pci"
];
kernelModules = [
"dm-snapshot"
"kvm-intel"
];
# Encryption and TPM fileSystems."/" =
systemd.enable = true; { device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
luks.devices = { fsType = "btrfs";
crypt-mmc = { options = [ "subvol=@" ];
device = "/dev/disk/by-uuid/5906e176-7ad3-41e5-bc45-ae65664eb10c";
preLVM = true;
allowDiscards = true;
};
};
};
}; };
fileSystems = { fileSystems."/nix" =
"/" = { { device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@" "noatime" "nodiratime" "discard" ]; options = [ "subvol=@nix" ];
}; };
"/home" = {
device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad"; fileSystems."/var" =
{ device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@home" "noatime" "nodiratime" "discard" ]; options = [ "subvol=@var" ];
}; };
"/var" = {
device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad"; fileSystems."/.snapshots" =
{ device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@var" "noatime" "nodiratime" "discard" ]; options = [ "subvol=@snapshots" ];
}; };
"/nix" = {
device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad"; fileSystems."/home" =
{ device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@nix" "noatime" "nodiratime" "discard" ]; options = [ "subvol=@home" ];
}; };
"/.snapshots" = {
device = "/dev/disk/by-uuid/e8c9c5a8-4df0-4100-8de6-f08a1a774fad"; fileSystems."/boot" =
fsType = "btrfs"; { device = "/dev/disk/by-uuid/1C76-1006";
options = [ "subvol=@snapshots" "noatime" "nodiratime" "discard" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/1C76-1006";
fsType = "vfat"; fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ]; options = [ "fmask=0022" "dmask=0022" ];
}; };
"/home/jimbo/JimboNFS" = {
device = "${config.ips.wgSpan}.1:/export/JimboNFS";
fsType = "nfs4";
options = ["x-systemd.automount" "_netdev" "nofail" "noauto"];
};
};
swapDevices = [ swapDevices =
{ device = "/dev/disk/by-uuid/54a9cc22-4a2c-4e04-a968-313c34481489"; } [ { device = "/dev/disk/by-uuid/54a9cc22-4a2c-4e04-a968-313c34481489"; }
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.wg0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

View file

@ -1,65 +0,0 @@
{ lib, config, ... }:
{
options.secrets = lib.mkOption {
type = lib.types.attrs;
default = {};
};
config.secrets = {
# Define domains
jimDomain = "jimbosfiles.com";
# User passwords, generated with 'mkpasswd -m sha-512'
jimboAccPass = "$6$gYpE.pG/zPXgin06$2kydjDfd0K62Dhf9P0PFvJhRNz6xIC/bHYaf/XYqyKcLyZNzPQpy8uy9tCRcSYlj1wwBhzVtTRyItwajOHCEj0";
# Cloudflare API key
flareApiKey = "ICUi1Zj0e_boCkeUJbXP9dJusv_qX_zhKWQGPcFe";
# Wireguard keys, generated with the wg command
wgServerPriv = "WHxxi53Yp8NRZhT+BQnvC62BckOeG1x2SOvkWlm0tGo=";
wgServerPub = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
wgClientPriv = "MK9j0eYlgv+MZ9sSYO6C3lfqScpLPwcBqEckJ7o7tU4=";
wgClientPub = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0=";
wgPixel9Pub = "dPCtjm67adMZCnyL1O2L+uUOk0RbjA9T/tht1r+qcE4=";
wgOraclePub = "ZCKlYHl7uKjDRsvIDH9hLgiMCpxKG8Jn70gjwmtdqRk=";
# Icecast, plaintext
castAdminPass = "Gw9P8tW$omeq#reZA$b^jDy9VN";
castSourcePass = "KkFDeM0SHIL*s6!d4x*a4b#bcq";
# Photoprism, plaintext
prismAdminPass = "gr3SkIqSBjDmypyxU!Zj9*CJ4X";
# Matrix secrets
matrixSecret = "bea7db528a95d8225c5fe6bf92614816fe9d31496b510dff78b1608cfb36f82a";
discordBotID = "1277874425810915430";
discordBotToken = "MTI3Nzg3NDQyNTgxMDkxNTQzMA.GvnfmN.wmNGJs7_lpkoz-XHkIEPhMh47MfsRZmbfFVOT8";
# Pixelfed secret, must be 32 characters long
pixelfedKey = ''APP_KEY=W9qein6055k9GdvwGbdJ6WxQ71Lr51cQ'';
# Transmission credentials, plaintext
transmissionCredFile = ''
{
"rpc-username": "jimbo",
"rpc-password": "w%QbIEZhoi4jh*j*PKaZLkKk96"
}
'';
# Email cleartext passwords
noreplyPassword = "5mpEp3P^n6A%r3fznJA5";
# Email account hashes, generated with 'mkpasswd -m bcrypt'
noreplyMailHash = "$2b$05$7VibcFKXy5Ff9sUMh3KWBeSXkInXNeaADa71Md/swt5RCk5s7UnM2";
jimboMailHash = "$2a$12$vHeFInRpfp.lpfR/k8ptNecs3ztKjkRTr9hae0DP8yEN1ZHKM2sxe";
lunaMailHash = "$2y$10$ksBfmuuojCWnzFqpBDoE/OoGZyqfP.Luo2il7wWcqHemHgqhpQdi6";
freecornMailHash = "$2b$05$7EF0TV39XzTYPIdWOoMnlegX8qLkcHxUytkvAt5sRDQE1oquAFTqm";
tinyMailHash = "$2a$12$beq/ZO3hRz5mmGe9Cvvx8u/sNJcjVHlQQ5axv8IBmdJav60n7fuK6";
# IPs
jimIP1 = "99.247.177.43";
jimIP2 = "184.144.76.19";
lunaIP = "71.87.124.226";
cornIP = "24.66.98.13";
};
}