diff --git a/flake.lock b/flake.lock index d78c983..30a310b 100644 --- a/flake.lock +++ b/flake.lock @@ -213,6 +213,27 @@ "type": "github" } }, + "home-manager-porcupine": { + "inputs": { + "nixpkgs": [ + "nixpkgs-porcupine" + ] + }, + "locked": { + "lastModified": 1643735249, + "narHash": "sha256-hwX+qvF9fipwItm3V6M3mL3L0Iis+PY2DfXqnhPi+uQ=", + "owner": "LavaDesu", + "repo": "home-manager", + "rev": "ea795dd7acc9ce6069a786f6088a296f8e64c280", + "type": "github" + }, + "original": { + "owner": "LavaDesu", + "ref": "backport/gpg-agent", + "repo": "home-manager", + "type": "github" + } + }, "linux-tkg": { "flake": false, "locked": { @@ -310,6 +331,21 @@ "type": "github" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1641965797, + "narHash": "sha256-AfxfIzAZbt9aAzpVBn0Bwhd/M4Wix7G91kEjm9H6FPo=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "87a35a0d58f546dc23f37b4f6af575d0e4be6a7a", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1637579689, @@ -325,6 +361,22 @@ "type": "github" } }, + "nixpkgs-porcupine": { + "locked": { + "lastModified": 1643503720, + "narHash": "sha256-tJic20ufuRnG8V+fTCd3YU6xl1ImxNspoEkXHct0AG4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0f316e4d72daed659233817ffe52bf08e081b5de", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-21.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1641392867, @@ -500,11 +552,14 @@ "fast-syntax-highlighting": "fast-syntax-highlighting", "fix-user-popouts": "fix-user-popouts", "home-manager": "home-manager", + "home-manager-porcupine": "home-manager-porcupine", "linux-tkg": "linux-tkg", "multitask": "multitask", "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", + "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", + "nixpkgs-porcupine": "nixpkgs-porcupine", "no-double-back-pc": "no-double-back-pc", "nvim-treesitter": "nvim-treesitter", "packwiz": "packwiz", diff --git a/flake.nix b/flake.nix index 5fb7c75..f5221e9 100644 --- a/flake.nix +++ b/flake.nix @@ -1,12 +1,16 @@ { inputs = { nixpkgs.url = "github:NixOS/nixpkgs"; + nixpkgs-porcupine.url = "github:NixOS/nixpkgs/nixos-21.11"; home-manager.url = "github:nix-community/home-manager"; + home-manager-porcupine.url = "github:LavaDesu/home-manager/backport/gpg-agent"; neovim-nightly.url = "github:nix-community/neovim-nightly-overlay"; + nixos-hardware.url = "github:NixOS/nixos-hardware"; agenix.url = "github:ryantm/agenix"; agenix.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; + home-manager-porcupine.inputs.nixpkgs.follows = "nixpkgs-porcupine"; neovim-nightly.inputs.nixpkgs.follows = "nixpkgs"; nix-gaming.url = "github:fufexan/nix-gaming"; @@ -53,7 +57,7 @@ zelk = { url = "github:schnensch0/zelk"; flake = false; }; }; - outputs = { self, agenix, nixpkgs, ... } @ inputs: + outputs = { self, agenix, nixpkgs, nixpkgs-porcupine, ... } @ inputs: let overlays = (import ./overlays) ++ [inputs.neovim-nightly.overlay] @@ -82,6 +86,8 @@ nixosConfigurations."blossom" = mkSystem nixpkgs "blossom" "x86_64-linux" true; nixosConfigurations."fondue" = mkSystem nixpkgs "fondue" "x86_64-linux" false; + nixosConfigurations."caramel" = mkSystem nixpkgs-porcupine "caramel" "aarch64-linux" false; + # TODO: currently broken # devShells.x86_64-linux = pkgs.callPackage ./shells { inherit inputs; }; }; diff --git a/hosts/caramel/default.nix b/hosts/caramel/default.nix new file mode 100644 index 0000000..74d41ab --- /dev/null +++ b/hosts/caramel/default.nix @@ -0,0 +1,26 @@ +{ config, inputs, modules, overlays, pkgs, ... }: { + networking.hostName = "caramel"; + system.stateVersion = "21.11"; + time.timeZone = "Asia/Phnom_Penh"; + + age.secrets = { + passwd.file = ../../secrets/passwd.age; + wpa_conf.file = ../../secrets/wpa_conf.age; + }; + imports = with modules.system; [ + inputs.home-manager-porcupine.nixosModule + + base + home-manager + input + nix + security + + ./filesystem.nix + ./kernel.nix + ./networking.nix + ./packages.nix + + ../../users/hana + ]; +} diff --git a/hosts/caramel/filesystem.nix b/hosts/caramel/filesystem.nix new file mode 100644 index 0000000..47aa793 --- /dev/null +++ b/hosts/caramel/filesystem.nix @@ -0,0 +1,28 @@ +{ config, ... }: +let + bind = src: { + depends = [ "/nix" ]; + device = src; + fsType = "none"; + neededForBoot = true; + options = [ "bind" ]; + }; +in { + fileSystems = { + "/" = { + device = "rootfs"; + fsType = "tmpfs"; + options = [ "defaults" "size=2G" "mode=755" ]; + }; + + "/nix" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + options = [ "defaults" "noatime" ]; + }; + + "/var/persist" = bind "/nix/persist"; + "/var/log/journal" = bind "/nix/persist/journal"; + "/boot" = bind "/nix/persist/boot"; + }; +} diff --git a/hosts/caramel/kernel.nix b/hosts/caramel/kernel.nix new file mode 100644 index 0000000..e621ed3 --- /dev/null +++ b/hosts/caramel/kernel.nix @@ -0,0 +1,11 @@ +{ config, inputs, pkgs, ... }: { + imports = [ + inputs.nixos-hardware.nixosModules.raspberry-pi-4 + ]; + hardware.raspberry-pi."4".fkms-3d.enable = true; + + boot.kernel.sysctl = { + "kernel.core_pattern" = "|/bin/false"; + "kernel.sysrq" = 1; + }; +} diff --git a/hosts/caramel/networking.nix b/hosts/caramel/networking.nix new file mode 100644 index 0000000..d8b396c --- /dev/null +++ b/hosts/caramel/networking.nix @@ -0,0 +1,28 @@ +{ config, ... }: { + environment.etc."wpa_supplicant.conf".source = config.age.secrets.wpa_conf.path; + networking = { + wireless = { + enable = true; + interfaces = [ "wlan0" ]; + }; + + useDHCP = false; + interfaces.wlan0.useDHCP = false; + + interfaces.wlan0.ipv4.addresses = [{ + address = "192.168.100.15"; + prefixLength = 24; + }]; + defaultGateway = "192.168.100.1"; + nameservers = [ "8.8.8.8" ]; + + extraHosts = '' + 192.168.100.10 strawberry + 192.168.100.11 peach + 192.168.100.12 butterfly + 192.168.100.13 winter + 192.168.100.13 blossom + 192.168.100.14 apricot + ''; + }; +} diff --git a/hosts/caramel/packages.nix b/hosts/caramel/packages.nix new file mode 100644 index 0000000..cfb2a3a --- /dev/null +++ b/hosts/caramel/packages.nix @@ -0,0 +1,12 @@ +{ pkgs, ... }: { + environment.systemPackages = with pkgs; [ + git + htop + jq + neovim + rsync + sshfs + wget + ]; + environment.variables.EDITOR = "nvim"; +} diff --git a/secrets.nix b/secrets.nix index 9f51f7f..a29dfad 100644 --- a/secrets.nix +++ b/secrets.nix @@ -1,14 +1,15 @@ let apricot = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGGS0M4BOLiVUM/qdUpcg9Y4aTeyDfyQl89uhXwFORjn"; blossom = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5wfPCcpkNR3ubr7cBV0UwVCDo/sMmV0aI/JOJTIxQj"; + caramel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPFJT1XYyjDZFHYT/8RdxAReKkeU8QfpLrmMjEeW/80"; fondue = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIkKZYsYWnI+MgecBjOwf7aL5jtiT0ymCDme3pzucTei"; rin-apricot = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINxzygMMJ/hmPRUeQu/eMmEhAKfFSFIEVstDIerPzxgZ"; rin-blossom = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15"; rin-fondue = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbPamP5bovUsrBNYnjOk4SN2TaQZAVlJ+4JldK2cL5M"; in { - "secrets/passwd.age".publicKeys = [ apricot fondue blossom rin-apricot rin-fondue rin-blossom ]; - "secrets/wpa_conf.age".publicKeys = [ apricot blossom rin-apricot rin-blossom ]; + "secrets/passwd.age".publicKeys = [ apricot caramel fondue blossom rin-apricot rin-fondue rin-blossom ]; + "secrets/wpa_conf.age".publicKeys = [ apricot caramel blossom rin-apricot rin-blossom ]; "secrets/wg_apricot.age".publicKeys = [ apricot rin-apricot rin-blossom ]; "secrets/wg_fondue.age".publicKeys = [ fondue rin-fondue rin-blossom ]; diff --git a/secrets/passwd.age b/secrets/passwd.age index 9a53299..58306fd 100644 Binary files a/secrets/passwd.age and b/secrets/passwd.age differ diff --git a/secrets/wg_apricot.age b/secrets/wg_apricot.age index 202f38d..39ddfdc 100644 --- a/secrets/wg_apricot.age +++ b/secrets/wg_apricot.age @@ -1,12 +1,12 @@ age-encryption.org/v1 --> ssh-ed25519 U9FXlg YbiJfSTq1/k1WYQCtN/S5kEQZxXzJD0vK8wY7LzDy30 -bjKK+gKkrs6+wXj3SM21S/t6PJNpOfi8/f2FzoxuSes --> ssh-ed25519 pumkzw V6sDMLLmFVJfczK9+KqD4yuwoT/uIWYZuYo/8mNBiiA -Jmf+H4gFJjx5/6FPFR5+2XJNmOf8X1mZ7h5UTojTWS0 --> ssh-ed25519 l9dSQg ubkdn+xI446eViRqmPXj9TSyKfUp1aefb7IIB30ftHc -XjmIQgGxNTA48Aswen93VK9WjAfqfMAU1EBDTMwr6+M --> $O-grease o1.b\ ssh-ed25519 U9FXlg H7n5IC6XGcAY9tC8lRFEolb9KD/goej4Dlug5AxkBDU +3asR+ee3SZ3NOmLOcv2FNHVfX/YmxU9V/wYiyl8dmXM +-> ssh-ed25519 pumkzw kpBvxdtF3dSm67XAu/hEKYylCP131PueSJCQaSLV+ls +MoftJyimviq9t74Jb8WnZj9vimzeXzLXSmf2LPG8qaE +-> ssh-ed25519 l9dSQg 3pbs05PKX0IEDJa4hcLi6JOVxRwfNYn2ZIM+KtbJ2ww +ab2FQXyW0iEgR2CNNimEye3yeclhaQEJ6bK+1Nxhtzk +-> T-grease +B9RPVaCLtAcnepxeFChMUqEgXQ +--- eB7HKAkFMS1Za08uhuDbHIDThRwLicbadCILSEDebY0 + %aaw\ꍆ +759dȅG~zT2z<#1ު VgU}Ѧ jIRw \ No newline at end of file diff --git a/secrets/wg_blossom.age b/secrets/wg_blossom.age index ec7b9d0..2d41e3d 100644 --- a/secrets/wg_blossom.age +++ b/secrets/wg_blossom.age @@ -1,9 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 U9FXlg FMswMl915t4poFFGb2xPz4g/blQtdH9FagTte61d/R8 -AXHuHH4ShWsMgub48/qbsq/NeK/viI/bCSS1++pomGU --> ssh-ed25519 CUCjXQ XdF7iwyHqvjdM/nzsqwqaSHMyyA5PfKk/v3CrzkcyE4 -tcQI27NojK1cOwWBmcKXIj35ZAXHzVkxrnmUjVlB/Jc --> +gVY-grease ?w,;$2a 8ID6J] 0-9@5Bwt DRDl) -PQ ---- Jx/j4/ICbGtU8KY6fwOcC4XcHl9bSR2cUuicod/oV0o -z7 .AO? ֺw#aߔ e4+L'C1P3D{[>/Gí_[ WJ \ No newline at end of file +-> ssh-ed25519 U9FXlg aEmRkLTbk+LlxGIheQpHuW1DOP+dL9fJEKeqMorIeVs +T0f+AZVjcx9pEmqNESmFug61WHs6qqMjV4exKxHl+Ag +-> ssh-ed25519 CUCjXQ 4u8pj84nEA2CuUCYg1ISjllbt99uPhD34TbsRj1KdhY +hu23nGobEw3cBoyJxkcdKUkaY/37D8sD5htyYnCZG0I +-> L.~Rob(-grease ?5j+u9 +eg1GiLMCsxHS78B/KIUUtA/XHr8BCo1dNh23Y3BZ0Sm6dIsNOWwuZy4sldAK3OgB +G+bJC4ZTujaqLGZOkX71q989+VVellR8nj9kAuk3weTqVJ6/kIUHMks0Fw +--- xGTF6ckdRW+rkqfBE/iRFd8A+QBvSm/0sYP0HVN6C+0 +$WqPOK^ fe^bę$@٤flp\S(Z4Ih8|PGn \ No newline at end of file diff --git a/secrets/wg_fondue.age b/secrets/wg_fondue.age index 21534dd..d05cfa5 100644 --- a/secrets/wg_fondue.age +++ b/secrets/wg_fondue.age @@ -1,12 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 U9FXlg 3/QnM8zAovLFAWtuBhFgR/dkqF1XkXpc/0aC7YM/l3s -/bRy+x1ARoUO/jLdSwAfTvwkuE6rLoY6ar7S1S8QcE4 --> ssh-ed25519 W08TTA FLhhvGFWIm6JlYpDAHV39Io7hnj86f8Bm6S5OmhTwVs -f6O+ZTHvvpT+iq7HTw3JfOEk+4CHCc3gaGC7UbHRecU --> ssh-ed25519 1f0c9Q 5tWjB31aCfV865BgJjrYulhQf4NOXTph3vUoPyovCSY -3BKpoGQxv2WfwJEzMxhuls+OtttGadlbjDAmrMxWnHQ --> ^-grease U1#S>aw Q!xFss -BEHdYGI8rrokXkOAYmBRn3shh1Hp7k3eW+UQ+pgETav4Ew ---- oIeMw9AThaYLfWbJCU+LKHt6yqUZCXGji2gyYRYu2tQ -Lx=z:Z -yi`k ugXWʵ$caR :)X}J^HkXre \ No newline at end of file +-> ssh-ed25519 U9FXlg M9BW61KBJzo4jYfzq70S1KRgLQExA4KWuWiCzTAjCEc +Mqwm/8q86aLovIBuIayOzu1rtmgH6viqotHm8rkqEkA +-> ssh-ed25519 W08TTA WrZ+qMCzm79TWscjDb+gynJBjNwa+VdGnFuSMLO28k0 +Wzkspgej88pCwGsRRNCgOITwUuePWM4WG9GWcmqhxmk +-> ssh-ed25519 1f0c9Q q2+Z/b8tDrJplAVCo6VBZORyCnnWWzZpZMYjorUQzy4 +6goHWYtA9JG8TsuD4n33D8Yxp/t/Ofm4jTb5Rccfjaw +-> `zC$>r-grease +OPO5Jn6gQCoPXbqgtt/9WwvGWjnhUSpnExAEKVrALl7jyOVB5VSUx4bV7SQ0eHhr +--- uBikPvGu6FHxckPcxDWQDbQmUi03Q0kIgtjFJ5kHzfA +.?Mtɳ&~eV39^o Ԧ<O5?X^g!p^ R냋?k#C4 \ No newline at end of file diff --git a/secrets/wpa_conf.age b/secrets/wpa_conf.age index 1253113..a88dd5e 100644 --- a/secrets/wpa_conf.age +++ b/secrets/wpa_conf.age @@ -1,14 +1,16 @@ age-encryption.org/v1 --> ssh-ed25519 U9FXlg E0hhgFA/zsRWQJlrPEcoa3EB5+PsCAqCR1zCnezkFjU -C17s+kvncsFSdYG4MPG/mBuBwyjQihI0psdBG5TZRkU --> ssh-ed25519 pumkzw 6lB6ssEW3qI/urBGKNiVvwn2mwNlqjAoteHjzWhSdic -5H9O9ogZSo5MZxvotcVpH2iTsSl82RoA1mEOqfPJhs8 --> ssh-ed25519 CUCjXQ M1pJrjSYKt79yozkZg5QnWoVXm/Ycux2CjK9KZ2c3Gg -kIZU/NI0lZK7VqP6LXeBCm1I1QvwPUcrrqRhouE1qXY --> ssh-ed25519 l9dSQg kdr5ycMPLZHm3gnQXlRGePkmnWMAtQCVL/eeqQNZW3M -so1UTAIF4xYYC8BGseA+cY7yz49xeqROBoCrnyaa5fQ --> at-grease pZp\ \ -wFowXoNmbvDQFM/9r4Ju5rPlrj4nP8k4NEtKbUOZovebox75dWododrjol14pk7x -2YgYznE9r6HsyqN/6wXroQ ---- m1BL/gjAKZlbd2fLwT46xse7I9SzL5hgBIxnoIZmMu4 -oLZ80œ";㫇g("5FNja6`GSf.hY笪K9J=0܆.]qGonp˕3o> SyRpͦz.KFFep \ No newline at end of file +-> ssh-ed25519 U9FXlg Pc64mHi61/6bcZu/G650D/hw92BDAlBj7CFQ5LAU33c +YoNenOF6pRsP5AitHsrq9H9LyTIQMi1fdOgcG483qIg +-> ssh-ed25519 pumkzw p20ZTbqnpetyCGd96SngDc4Oso9VEP2ubhAujG69hwg +TDhON74NDj2tUxc9XKe65poZlR3fdNaG4hEKjken1/4 +-> ssh-ed25519 CUCjXQ 70JZRvnQ3DL1VIT+2mxP8MGQHGSnbEWkZ2sppBNqex0 +O/x7uUlk08P7tRcswx3mBZG+JuLaaJbqtZfmOWOqICI +-> ssh-ed25519 krYeuQ UnBbedQ+1RFHDktCdT8+xi3tYE5lbgciRT3PhxZAQQE +8AmqhCFnG7zmlKmH/Hk3LByktISqs4+oDHvAcj87YA0 +-> ssh-ed25519 l9dSQg /zQmLpZJlelyrDx/+/EqsR7DSIYo5wDFgBAWOgfmQh8 +8rtQf29u+7UynIidyDbjGgRt/s/CqTWr8WwLYe/bV4I +-> $b}ea+-grease 'tm-kc N$y lMjgr;ggvonpK$:lzN C߾&7z1(9%W6ԍ>5Y \ No newline at end of file diff --git a/users/hana/default.nix b/users/hana/default.nix new file mode 100644 index 0000000..8e4b267 --- /dev/null +++ b/users/hana/default.nix @@ -0,0 +1,31 @@ +{ config, lib, modules, pkgs, ... }: { + users.users.hana = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + shell = pkgs.zsh; + uid = 1002; + passwordFile = config.age.secrets.passwd.path; + }; + + home-manager.users.hana = { config, enableGUI, lib, pkgs, ... }: { + home = { + username = "hana"; + homeDirectory = "/home/hana"; + stateVersion = "21.11"; + keyboard = null; # see https://github.com/nix-community/home-manager/issues/2219 + }; + + imports = with modules.user; [ + direnv + git + neovim + sessionVariables + zsh + ]; + + programs.git.signing.signByDefault = lib.mkForce false; + programs.zsh.history.path = lib.mkForce "/nix/persist/hana/zsh_history"; + + home.file.".ssh/authorized_keys".source = config.lib.file.mkOutOfStoreSymlink "/nix/persist/hana/authorized_keys"; + }; +}