diff --git a/flake.nix b/flake.nix index 3f946ee..ca8fc51 100644 --- a/flake.nix +++ b/flake.nix @@ -188,7 +188,7 @@ emacs-overlay.overlay inputs.nix-alien.overlays.default inputs.nix-ld-rs.overlays.default - agenix-rekey.overlays.default + # agenix-rekey.overlays.default devshell.overlays.default ]; config = { @@ -229,8 +229,8 @@ chaotic.nixosModules.default envfs.nixosModules.envfs stylix.nixosModules.stylix - agenix.nixosModules.default - agenix-rekey.nixosModules.default + # agenix.nixosModules.default + # agenix-rekey.nixosModules.default ]; args = { inherit self inputs system; diff --git a/secrets/rekeyed/nixos-fw16/1e80b286118d1a05182b8b59ae075c09-tristand_passwd_hash.age b/secrets/rekeyed/nixos-fw16/1e80b286118d1a05182b8b59ae075c09-tristand_passwd_hash.age new file mode 100644 index 0000000..3c76fa0 Binary files /dev/null and b/secrets/rekeyed/nixos-fw16/1e80b286118d1a05182b8b59ae075c09-tristand_passwd_hash.age differ diff --git a/secrets/rekeyed/nixos-fw16/259fceb88a8ac9aa592e2bd7ad37050f-oeko-smb.age b/secrets/rekeyed/nixos-fw16/259fceb88a8ac9aa592e2bd7ad37050f-oeko-smb.age new file mode 100644 index 0000000..32ceb3d --- /dev/null +++ b/secrets/rekeyed/nixos-fw16/259fceb88a8ac9aa592e2bd7ad37050f-oeko-smb.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 nA0mnQ WtsuBNNRDJ2qBqqfKPYBjsG5J8RA1FLG22V4rcpmIAs ++b/BJpaLA/TCIMwRg0c7eO8UqIa+KPgpaOTmpVeW60k +-> m-grease +RCMzLSoDYLRPgxDe1bS2EOXDAD19QYDO3UI/0tzYNOGvcEMnHw +--- WBgm8Vf3dtFoPsTbBIoS73fD824cOm5COYSz66dcvYQ +6{; + Jm <Z7"y \ No newline at end of file diff --git a/secrets/rekeyed/nixos-fw16/3f7ba2027615b520a68df8c74eba9558-tester_passwd_hash.age b/secrets/rekeyed/nixos-fw16/3f7ba2027615b520a68df8c74eba9558-tester_passwd_hash.age deleted file mode 100644 index ecbaa2c..0000000 Binary files a/secrets/rekeyed/nixos-fw16/3f7ba2027615b520a68df8c74eba9558-tester_passwd_hash.age and /dev/null differ diff --git a/secrets/rekeyed/nixos-fw16/9632fb41a7c8b72726e87096a9ec145a-tester_passwd_hash.age b/secrets/rekeyed/nixos-fw16/9632fb41a7c8b72726e87096a9ec145a-tester_passwd_hash.age new file mode 100644 index 0000000..625ad59 Binary files /dev/null and b/secrets/rekeyed/nixos-fw16/9632fb41a7c8b72726e87096a9ec145a-tester_passwd_hash.age differ diff --git a/secrets/rekeyed/nixos-fw16/d4ebce9353c576be067a9832580d7899-tristand_passwd_hash.age b/secrets/rekeyed/nixos-fw16/d4ebce9353c576be067a9832580d7899-tristand_passwd_hash.age deleted file mode 100644 index afe3bb6..0000000 --- a/secrets/rekeyed/nixos-fw16/d4ebce9353c576be067a9832580d7899-tristand_passwd_hash.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 MqgTQA kHKU7lp3SvhVlgDk8qBbQU+nrV8O84CLtR32ZGATDw4 -1E9KyKzKwio7ltF1H36tSLWSao0TPNNlbwJAwxhw3CI --> +&-grease -y1YrcXJ8+mGdSTrJywOZM/E8jbHPSX9rARC6uKOHgESGkH1NWsINbEk0/1fYHi62 -6Y+k9Ig9oX7taekoNCU ---- lgK5w16T9LaMc6yoWW+h+zVNyuKuoEoeJi8p7lura1Q -X -&bZ[IC>ԘОWp? [-]) HY(u/ݰɖ^摨@9xVG.n 9RrxzJfw KzbqZ֩fF =P \ No newline at end of file diff --git a/secrets/rekeyed/nixos-fw16/d9071a3e62472d160241e0d2497a3b57-oeko-smb.age b/secrets/rekeyed/nixos-fw16/d9071a3e62472d160241e0d2497a3b57-oeko-smb.age deleted file mode 100644 index 9c97c4f..0000000 --- a/secrets/rekeyed/nixos-fw16/d9071a3e62472d160241e0d2497a3b57-oeko-smb.age +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 MqgTQA 7y3on/Y6P89gncEtSzn6dak659D+C0jT0Lo711yQaQ0 -bsILI8jRG8MFJ2xSowtYyNYHPbcZmS+OFBbTrn7vNgo --> a-grease /3 -faRjVzpKpTOBeDIZVd+uK9AGzVH7LYbIH3QiTZMHE+zE21fI6yjGEQyIE2jsVhTq -q/PxcbNtJ9fZ2JCU43lGX7DveIYT7Z84vX955I3BkIppgQ4 ---- dNDrqjg89dlNEf3ZkyW0fU7OyETfVPtRAw7JcRJxQ1o -Cد DXo؂?9uiݔsrީwyB~umȹ3DMb2tj`zDX \ No newline at end of file diff --git a/systems/nixos-fw16/default.nix b/systems/nixos-fw16/default.nix index 7204ee9..1be6bfa 100644 --- a/systems/nixos-fw16/default.nix +++ b/systems/nixos-fw16/default.nix @@ -10,24 +10,24 @@ (modulesPath + "/installer/scan/not-detected.nix") inputs.nixos-hardware.nixosModules.common-hidpi inputs.nixos-hardware.nixosModules.framework-16-7040-amd - ../../os-mods/age - ../../os-mods/net_disks/oeko.nix + # ../../os-mods/age + # ../../os-mods/net_disks/oeko.nix ../../os-mods/amdgpu ../../os-mods/cachix ../../os-mods/common ../../os-mods/desktop ../../os-mods/desktop/audio.nix - ../../os-mods/desktop/gaming.nix - ../../os-mods/desktop/printing.nix - ../../os-mods/netdata/client.nix - ../../os-mods/network + # ../../os-mods/desktop/gaming.nix + # ../../os-mods/desktop/printing.nix + # ../../os-mods/netdata/client.nix + # ../../os-mods/network ../../os-mods/ryzenapu - ../../os-mods/virt + # ../../os-mods/virt ../../users ./disks.nix ]; - age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRFEtmoq36QmvAwv/xIVdvaf+B9Scbm5cUFFkP/c1nS root@nixos-f16"; + # age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRFEtmoq36QmvAwv/xIVdvaf+B9Scbm5cUFFkP/c1nS root@nixos-f16"; nix.settings.builders-use-substitutes = true; nix.distributedBuilds = true; nix.buildMachines = [ ]; @@ -127,17 +127,17 @@ }; }; - specialisation = { - linux-latest.configuration = { - boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; - }; - linux-zen.configuration = { - boot.kernelPackages = lib.mkForce pkgs.linuxPackages_zen; - }; - linux-cachyos.configuration = { - boot.kernelPackages = lib.mkForce pkgs.linuxPackages_cachyos; - }; - }; + # specialisation = { + # linux-latest.configuration = { + # boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; + # }; + # linux-zen.configuration = { + # boot.kernelPackages = lib.mkForce pkgs.linuxPackages_zen; + # }; + # linux-cachyos.configuration = { + # boot.kernelPackages = lib.mkForce pkgs.linuxPackages_cachyos; + # }; + # }; boot = { # kernelPackages = pkgs.linuxPackages_latest; # bootstrap # kernelPackages = pkgs.linuxPackages_zen; # bootstrap @@ -165,7 +165,8 @@ loader = { timeout = 0; systemd-boot = { - enable = false; # due to lanzaboote + # enable = false; # due to lanzaboote + enable = true; # bootstrap configurationLimit = 12; memtest86.enable = true; @@ -175,7 +176,7 @@ }; lanzaboote = { - enable = true; + # enable = true; configurationLimit = 12; # pkiBundle = "/etc/secureboot"; pkiBundle = "/var/lib/sbctl"; diff --git a/systems/nixos-fw16/disks.nix b/systems/nixos-fw16/disks.nix index 37fd754..ce4e4fb 100644 --- a/systems/nixos-fw16/disks.nix +++ b/systems/nixos-fw16/disks.nix @@ -16,8 +16,8 @@ config = { boot = { - supportedFilesystems = [ "bcachefs" "vfat" ]; - initrd.supportedFilesystems = [ "bcachefs" "vfat" ]; + supportedFilesystems = [ "btrfs" "vfat" ]; + initrd.supportedFilesystems = [ "btrfs" "vfat" ]; initrd.luks.devices = lib.attrsets.mergeAttrsList ( @@ -38,45 +38,32 @@ ); }; - fileSystems = - let - automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; - perm_opts = "uid=1001,gid=100"; - smb_opts = [ - "vers=3,credentials=/home/tristand/.smb-secrets" - perm_opts - automount_opts + fileSystems = { + "/" = { + device = "/dev/mapper/crypt_ssd_4t_data"; + # device = "UUID=f89215ba-3313-42d3-8f68-051ad2453870"; + fsType = "btrfs"; + options = [ + "rw" + "autodefrag" + "compress=zstd" + "discard=async" + "relatime" + "space_cache=v2" + "ssd" ]; - sshfs_opts = [ - "allow_other,_netdev,reconnect,ServerAliveInterval=15,IdentityFile=/var/secrets/id_ed25519" - perm_opts - automount_opts - ]; - in - { - "/" = { - device = "/dev/mapper/crypt_ssd_4t_data"; - # device = "UUID=f89215ba-3313-42d3-8f68-051ad2453870"; - fsType = "bcachefs"; - options = [ "relatime" ]; - }; - - "/boot" = { - device = "/dev/disk/by-uuid/05A2-6A8A"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - # "/mnt/media_v2" = { - # device = "root@23.88.68.113:/media_v2"; - # fsType = "sshfs"; - # options = sshfs_opts; - # }; }; + "/boot" = { + device = "/dev/disk/by-uuid/05A2-6A8A"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + }; + swapDevices = [ - { device = "/dev/disk/by-uuid/a8f478f0-ad5e-47ae-8e18-63060f7e5706"; } - { device = "/dev/disk/by-uuid/59987b2a-c5c5-4547-95ad-f0d1dcdf8458"; } + # { device = "/dev/disk/by-uuid/a8f478f0-ad5e-47ae-8e18-63060f7e5706"; } + # { device = "/dev/disk/by-uuid/59987b2a-c5c5-4547-95ad-f0d1dcdf8458"; } ]; system.fsPackages = [ pkgs.sshfs ]; diff --git a/users/admin-thin.nix b/users/admin-thin.nix index ffe08c4..f8b8e6c 100644 --- a/users/admin-thin.nix +++ b/users/admin-thin.nix @@ -8,9 +8,9 @@ imports = [ ../home-mods/audio ../home-mods/common - ../home-mods/firefox + ../home-mods/firefox/zen-browser.nix # ../home-mods/plasma - ../home-mods/shell + # ../home-mods/shell ]; config.home = { diff --git a/users/default.nix b/users/default.nix index a485648..c0d91b8 100644 --- a/users/default.nix +++ b/users/default.nix @@ -13,7 +13,8 @@ extraGroups = [ "audio" "corectrl" "docker" "networkmanager" "i2c" "wheel" "libvirtd" "qemu-libvirtd" "input" ]; shell = pkgs.fish; home = "/home/tester"; - hashedPasswordFile = config.age.secrets.tester_passwd_hash.path; + # hashedPasswordFile = config.age.secrets.tester_passwd_hash.path; + initialPassword = "384249Nv"; }; tristand = { isNormalUser = true; @@ -21,7 +22,8 @@ extraGroups = [ "audio" "corectrl" "dialout" "docker" "networkmanager" "i2c" "wheel" "libvirtd" "qemu-libvirtd" "input" ]; shell = pkgs.fish; home = "/home/tristand"; - hashedPasswordFile = config.age.secrets.tristand_passwd_hash.path; + # hashedPasswordFile = config.age.secrets.tristand_passwd_hash.path; + initialPassword = "384249Nv"; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4xz3EgIRiRb/gmnCSq17kHd4MLilf05zYOFZrwOIrA tristand@nixos-fw16" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDS/4JFRaAPoUaDiwDRbbNoaJqsBzaE+DEdaQH9OezM root@nixos-fw16" @@ -51,7 +53,7 @@ home-manager = { useUserPackages = true; useGlobalPkgs = true; - users.tristand = import ./admin-fat.nix { + users.tristand = import ./admin-thin.nix { username = "tristand"; inherit pkgs config inputs system lib;