From b6137d45432425d1c4e066f31e68474d6d76a0fd Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Fri, 9 May 2025 15:18:30 -0500 Subject: [PATCH] idk moving stuff --- hosts/default.nix | 5 ++ hosts/pi5/configuration.nix | 96 ++----------------------------------- hosts/pi5/home.nix | 17 ++++++- hosts/pi5/sops.nix | 25 ++++++++++ 4 files changed, 49 insertions(+), 94 deletions(-) diff --git a/hosts/default.nix b/hosts/default.nix index b0ba1d9..96ca891 100755 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -145,6 +145,11 @@ in enableSSHSupport = lib.mkDefault true; }; command-not-found.enable = lib.mkForce false; + nix-index = { + enable = true; + enableBashIntegration = false; + enableZshIntegration = true; + }; }; environment.systemPackages = with pkgs; [ diff --git a/hosts/pi5/configuration.nix b/hosts/pi5/configuration.nix index 692d169..fab4a74 100755 --- a/hosts/pi5/configuration.nix +++ b/hosts/pi5/configuration.nix @@ -5,12 +5,7 @@ { config, lib, pkgs, ... }: let user = "matt"; - password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06"; - SSID = "Joey's Jungle 5G"; - wifiSecrets = "kR8v&3Qd"; #config.sops.secrets."wifi".path; - interface = "wlan0"; - timezone = "America/Chicago"; - hostname = "pi5"; + password = config.sops.secrets."jallen-nas/admin_password".path; kernelBundle = pkgs.linuxAndFirmware.v6_6_31; in { @@ -22,40 +17,21 @@ in ./sops.nix ../default.nix ]; - networking.networkmanager.enable = true; - programs.zsh.enable = true; # Enable nix flakes and nix-command tools nix = { settings = { substituters = [ - # "https://cache.mjallen.dev" "https://nixos-raspberrypi.cachix.org" - "https://nix-community.cachix.org" - "https://cache.nixos.org/" ]; trusted-public-keys = [ - # "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc=" "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; - warn-dirty = lib.mkForce false; - experimental-features = lib.mkForce [ - "nix-command" - "flakes" - ]; - trusted-users = lib.mkDefault [ - "root" - "@wheel" - user ]; }; }; # Configure nixpkgs nixpkgs = { - # Enable non free - config.allowUnfree = lib.mkForce true; overlays = lib.mkAfter [ (self: super: { # This is used in (modulesPath + "/hardware/all-firmware.nix") when at least @@ -76,29 +52,6 @@ in cfg.bootloader config.boot.kernelPackages.kernel.version ]; - - - # Hardware configs - hardware = { - # Bluetooth - bluetooth.enable = lib.mkDefault true; - - # Enable all firmware - enableAllFirmware = lib.mkForce true; - }; - - services.xserver = { - enable = false; - desktopManager = { - budgie.enable = false; - }; - displayManager = { - lightdm.enable = false; - }; - }; - - # Set your time zone. - time.timeZone = timezone; systemd.services.btattach = { before = [ "bluetooth.service" ]; @@ -110,61 +63,20 @@ in }; environment.systemPackages = with pkgs; [ - btop - sops - vscode - vim + git libraspberrypi raspberrypi-eeprom raspberrypifw raspberrypiWirelessFirmware raspberrypi-armstubs - htop - git + vim ]; - services.openssh.enable = true; - programs.command-not-found.enable = lib.mkForce false; - programs.nix-index = { - enable = true; - enableBashIntegration = false; - enableZshIntegration = true; - }; - - security = { - rtkit.enable = lib.mkDefault true; - - # configure sudo - sudo.enable = lib.mkDefault false; - sudo-rs = { - enable = lib.mkDefault true; - extraRules = [ - { - commands = [ - { - command = "${pkgs.systemd}/bin/systemctl suspend"; - options = [ "NOPASSWD" ]; - } - { - command = "${pkgs.systemd}/bin/reboot"; - options = [ "NOPASSWD" ]; - } - { - command = "${pkgs.systemd}/bin/poweroff"; - options = [ "NOPASSWD" ]; - } - ]; - groups = [ "wheel" ]; - } - ]; - }; - }; - users = { mutableUsers = false; users."${user}" = { isNormalUser = true; - initialHashedPassword = password; + hashedPasswordFile = password; extraGroups = [ "wheel" "docker" diff --git a/hosts/pi5/home.nix b/hosts/pi5/home.nix index 823d166..02abd57 100755 --- a/hosts/pi5/home.nix +++ b/hosts/pi5/home.nix @@ -4,9 +4,10 @@ let ll = "ls -alh"; update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.18"; update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.18"; - update-flake = "sudo nix flake update ~/nix-config"; + update-flake = "nix flake update desktop-nixpkgs desktop-chaotic desktop-home-manager desktop-impermanence desktop-lanzaboote desktop-nixos-hardware desktop-sops-nix desktop-steam-rom-manager --flake /etc/nixos"; update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.18 --build-host admin@10.0.1.18 --flake ~/nix-config#jallen-nas"; nas-ssh = "kitten ssh admin@10.0.1.18"; + ducks = "du -cksh * | sort -hr | head -n 15"; }; gitAliases = { @@ -21,7 +22,6 @@ let }; in { - home.username = "matt"; home.homeDirectory = "/home/matt"; home.stateVersion = "23.11"; @@ -89,4 +89,17 @@ in aliases = gitAliases; }; }; + + home.packages = with pkgs; [ + age + btop + fastfetch + firefox + home-manager + lm_sensors + mission-center + sops + tree + vscode + ]; } diff --git a/hosts/pi5/sops.nix b/hosts/pi5/sops.nix index 9ef696c..873ca65 100755 --- a/hosts/pi5/sops.nix +++ b/hosts/pi5/sops.nix @@ -1,4 +1,7 @@ { ... }: +let + user = "matt"; +in { sops = { defaultSopsFile = ../../secrets/secrets.yaml; @@ -6,6 +9,28 @@ secrets = { "wifi" = { }; + "desktop/matt_password" = { + neededForUsers = true; + mode = "0600"; + owner = config.users.users."${user}".name; + group = config.users.users."${user}".group; + }; + + # ------------------------------ + # SSH keys + # ------------------------------ + "ssh-keys-public/pi5" = { + mode = "0644"; + owner = config.users.users."${user}".name; + group = config.users.users."${user}".group; + restartUnits = [ "sshd.service" ]; + }; + "ssh-keys-private/pi5" = { + mode = "0600"; + owner = config.users.users."${user}".name; + group = config.users.users."${user}".group; + restartUnits = [ "sshd.service" ]; + }; }; }; }