commit 44d67db42e35b05d62a668c47df25bb33f586148
parent bf2d0b7e1d55d4c1c18d56ccec24c3270c893302
Author: Katja (ctucx) <git@ctu.cx>
Date: Thu, 28 Nov 2024 14:09:45 +0100
parent bf2d0b7e1d55d4c1c18d56ccec24c3270c893302
Author: Katja (ctucx) <git@ctu.cx>
Date: Thu, 28 Nov 2024 14:09:45 +0100
machines: add `seifenkiste`
9 files changed, 166 insertions(+), 24 deletions(-)
diff --git a/configurations/common/syncthing-config.nix b/configurations/common/syncthing-config.nix @@ -5,6 +5,7 @@ let #mobile devices blechkasten.id = "HGPWBVY-RD4JKBQ-X3V53IB-KRVDXEQ-4YLN5F2-WPPSMYR-SOXGTY6-IDFOAAC"; coladose.id = "BNCAOEB-CYTYIBA-ZKFJKRB-DX4C3MT-SDH7IWQ-5EI35PJ-YUIJSYH-COCGUAW"; + seifenkiste.id = "6YZT5PZ-EKXZBMV-C2MJL75-OCQ36LC-L3QIRPW-VJ5EU3C-2ICZDDO-IZ7IGAO"; iphone.id = "3SM3LJV-XMHYW2D-MU5WQ3T-KGYUJOI-LXOL6YI-BSVZ2B5-QJ6GVXN-MPWMKQ7";
diff --git a/flake.nix b/flake.nix @@ -32,10 +32,8 @@ nixpkgs = import inputs.nixpkgs { system = "x86_64-linux"; - config.permittedInsecurePackages = [ - "olm-3.2.16" - ]; overlays = overlays; + config.permittedInsecurePackages = [ "olm-3.2.16" ]; }; specialArgs = { @@ -47,6 +45,7 @@ defaults = import ./configurations/common; coladose = import ./machines/coladose; + seifenkiste = import ./machines/seifenkiste; briefkasten = import ./machines/briefkasten; trabbi = import ./machines/trabbi;
diff --git a/machines/seifenkiste/default.nix b/machines/seifenkiste/default.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +{ + + imports = [ + ./hardware-configuration.nix + ../../configurations/linux/gnome.nix + ./keyboard.nix + ]; + + deployment.allowLocalDeployment = true; + + ctucxConfig.monitoring.exporters.enable = true; + + boot = { + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; + + kernelPackages = pkgs.linuxPackages_latest; + }; + + services = { + openssh.enable = true; + fprintd.enable = true; + fwupd.enable = true; + }; + + system.stateVersion = "24.11"; + home-manager.users.katja.home.stateVersion = "24.11"; +} +
diff --git a/machines/seifenkiste/hardware-configuration.nix b/machines/seifenkiste/hardware-configuration.nix @@ -0,0 +1,41 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/f81ba7a3-4b34-4c58-9588-78f8920b2f00"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/b3184874-df78-4d02-9412-b060eb37e038"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/9315-B4DE"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; + # networking.interfaces.wwp0s20f0u2.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +}
diff --git a/machines/seifenkiste/keyboard.nix b/machines/seifenkiste/keyboard.nix @@ -0,0 +1,19 @@ +{ ... }: + +{ + + services.keyd = { + enable = true; + keyboards.default = { + ids = [ "*" ]; + settings.main = { + "leftcontrol" = "leftalt"; + "leftalt" = "leftcontrol"; + "rightalt" = "rightcontrol"; + "sysrq" = "rightalt"; + "rightcontrol" = "sysrq"; + }; + }; + }; + +}+ \ No newline at end of file
diff --git a/secrets/passwords/katja.age b/secrets/passwords/katja.age @@ -1,22 +1,23 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJU25UNnNsNlFiSThoZnFT -cXRXRVhIUTdkZVMvY2lvOXkwVUN0Zkx6T3hvCmpydS9HLzJLUHkydjQ1YW5SNFoy -czZoZ1R3d3JucXovMFU5MHZieTdmSG8KLT4gc3NoLWVkMjU1MTkgcThvY3pnIGhw -YmhqZlovUVlxVXJKVFgzblNTZTl2cWpialZiZXVUeDV2L3M4aGl4ejAKQ0hidk1V -b3F2MWZ1dWFNNkd5c3F1MnEwR08xeDdMQ0trYUhYeUhzaEFCZwotPiBzc2gtZWQy -NTUxOSBPSlFWRFEgQ3p6WS9NcUhKZkRZVGpKdHBtdU9ZbDJHMmdEQmFpTmVUZVh2 -cWdjWEVCUQpSaGtZbFpUeDhPNjNCeEpkcmdRSnhVeGsyNTNEWEF6ZVRSemhLZ2dp -K3A4Ci0+IHNzaC1lZDI1NTE5IFpjeGI2ZyBlOTJ0c2dlakpETzFyQUhzRWp0NEcw -ZWVacUZkZTVGdWlhK2ZlZVNNaW1nCmptOW5jczhNbXoreHZLZ2F1SE1DSjI4cHc0 -T29QWXJ4UGNDYU1nQmZ1NEkKLT4gc3NoLWVkMjU1MTkgNGhLQ013IFZaNzJ4bGhZ -SnlWUnFZdDJwWHdkNXBlMm02YklXY2ZQcENLTUhUN3cvU2sKbEpDRitzYVhldU1Y -Qnl3SVJKdHZDSU1sWWNxR2NaWk5lWHlSYmM2cW8xRQotPiBzc2gtZWQyNTUxOSBW -RVVFQ0EgNEpWODY0ZWQ5VUtIS24ra0Zzd3ZWbHExMUk2Y1pxZGptV2hLYm1YOE9r -UQptZlFMRTNEY2J1bWY4dExweE5FZVo4Y2laUCtaUkJQMXQ4eU1ycFVFNmlZCi0+ -IH0qWCdqcy1ncmVhc2UgVTtBQ04KQUdOY1hnY1FwNGNBU0RrMjVsRVB4a0tzeDNX -MVd1U1hvZHZQYXlRdjlQTQotLS0gQkYwY0NZeXd5cXpnZ3htc0lqYTBXOVE0cmlB -RHZvdkwvNENsUVF4RU83cwpgsrNq2T8kCB3jHhKB64/+418AprZL/IiO7fyloJCM -Ap5JWR8ot9nSw43QheFViNV+gjx+K8CKLy9yV93TJablL8jobmDhFNT8q5/eziei -tTKW1InPJIy8P3c/dY0XywXrNC8kQZIxLPhrrd/PbSJMKUPtk14vVjL/uaY1CtJJ -bZTjI4xjqkcWxT4= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaZU9WaUxOMGs2emlWeHF2 +blo2RStiVlMxZkpjREd0UzdWVFJ5NU9qTXljCmI2VDhvUzg5QkRJS2VsNE5CWGNH +N2Z6VGFIeUo2OGoweVh1YnhhUE5Wa0EKLT4gc3NoLWVkMjU1MTkgcThvY3pnIDRF +R0x2L0pQaGdTTXRFdzBpQkx4UDBoSHRvRmVGa3A4ZVJza3ArcDNXeXMKNWQrd0hL +L1l0ckJ3empIK1YvWTRza3JHVzhnbGQvNVlMZjNNZHJhZVMzUQotPiBzc2gtZWQy +NTUxOSBPSlFWRFEgcDR0Yjc0ckoySnh2YS9mbUdWejJ2K1Z2ZURJb3JFTUlaL0JQ +TUdVb25YTQpaMU9TNTg0ZnNVRmJ4bzdadnBiOW94MWdVOUFaUGZLdDB0UUxEemRz +OGc0Ci0+IHNzaC1lZDI1NTE5IFpjeGI2ZyB0NnQ5VmRqb0x0Tjk2aVZsRjNVeWZs +RGJHMEtOR1NLY3RYVzBXa2VReG1nCk8rSXNyeWRXbmdMRFJOWWk0RnM5LzE2OEY1 +aU9pVU1FYjVGQWd1bUE1RnMKLT4gc3NoLWVkMjU1MTkgNGhLQ013IDZ0TWJoaXhM +NGxvWUxWSEFwc284ZXVvVExTWS9kU1V6dHhHbXU1bVJjMHMKbHlybmFKQkVIZ1B1 +Nnk3SDRMdm9qdE8zeUVVOS9aT1BGSlQzRU1acWtMNAotPiBzc2gtZWQyNTUxOSBW +RVVFQ0EgL0VLRW45VmR0QVIyT3ZWejZtMHVGN0Nld3kyZTJ3Z3RFRWM1SkxhYlNt +RQpkQ21SS0JQMmlKMThWQzdTL3hXcWdKQUFwa1ArN0IvV3BUekc3bVpxVVFrCi0+ +IHNzaC1lZDI1NTE5IFNZajZJZyBHcVlRSVNmSUMyVkJVeEJSRHBUT0ROMDdEb3dB +UjFaMmczVExkdkgyTGxzCmNCOHBhekxqam1zYXJsaksrQ3BEUWRSdDNoNUE3UTBC +cXlrR2ZTQXozbGsKLT4gbnctZ3JlYXNlIDBZXUwndSBkJlgKN1RrCi0tLSB4RkhT +VXRiS0FwQ3JlYmNqamU5Z0ErSWY5TFZ2TW1PZ1BBSG1JMVVIWWprCoodEQVRfnjZ +hgnM3A33VpekgtwvymsGlGNot/T4Sm7Q+E4rG4T8bY9BLQZCwcTNLuWlyvZMZzEm +1tahMYrtM4RTACS4qNk97Y0kqjmkdCPHF+Ai6R3bWGvyV5Huv/HeOeynocc+Hikn +EgpfWkF8tic/2O6DCtZ1gT5YWN+zRa4UPvUKr9LLe5hh3A== -----END AGE ENCRYPTED FILE-----
diff --git a/secrets/secrets.nix b/secrets/secrets.nix @@ -3,6 +3,7 @@ let blechkasten = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGAzmzKJ7NTEpe6IAm1KK7vnQG4ASEHHGdEyxbYEdSDJ"; coladose = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/GoIIFuo54vAGA9QK2/HLjIlhNOpCGYu7xqhQaYd5u"; + seifenkiste = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMX8q2ux3YdAFGLRfD8/fCEAEalqxsRQwkOSp6gYedFt"; #servers briefkasten = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN8mi9ZKPdhn20g9gyxE7NYBq/vAKemW4lhaQlLw5QVc"; @@ -13,7 +14,7 @@ let in { "passwords/leah-at-f2k1-de.age".publicKeys = [ main-key trabbi wanderduene wanderduene-old briefkasten ]; - "passwords/katja.age".publicKeys = [ main-key trabbi wanderduene wanderduene-old briefkasten coladose ]; + "passwords/katja.age".publicKeys = [ main-key trabbi wanderduene wanderduene-old briefkasten coladose seifenkiste ]; "restic-server/briefkasten.age".publicKeys = [ main-key trabbi briefkasten ]; "restic-server/wanderduene.age".publicKeys = [ main-key trabbi briefkasten ]; @@ -25,6 +26,9 @@ in { "coladose/syncthing/key.age".publicKeys = [ main-key coladose ]; "coladose/syncthing/cert.age".publicKeys = [ main-key coladose ]; + "seifenkiste/syncthing/key.age".publicKeys = [ main-key seifenkiste ]; + "seifenkiste/syncthing/cert.age".publicKeys = [ main-key seifenkiste ]; + "briefkasten/syncthing/key.age".publicKeys = [ main-key briefkasten ]; "briefkasten/syncthing/cert.age".publicKeys = [ main-key briefkasten ]; "briefkasten/syncthing/htpasswd.age".publicKeys = [ main-key briefkasten ];
diff --git a/secrets/seifenkiste/syncthing/cert.age b/secrets/seifenkiste/syncthing/cert.age @@ -0,0 +1,27 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4Vk9UbmM1ZHN4d29LOEhu +dWNObCtrRmVNMTA2aEphTVBhc0tmTEZTcUZZCkQxWnQ2aXhpdjBWVlRMNzBMUGUx +b09DS2UvSGdLQjVENEpjbjQ4NDRUQncKLT4gc3NoLWVkMjU1MTkgU1lqNklnIHAx +T1Z2S0s1NG5YbDJqWDJlbWNUOGZ5RFZ2ai9VdmNoTXdHSkVQVGRWelkKMTNVcElG +WWVDSm45WnVGay9aWEFKcG1nSlJFb1FVbjlaK1g0ZER0ekxXYwotPiAsOn5weC1o +LWdyZWFzZSArNldWfCBRWjJwQ0YgTHosLiA/ClFzV2cxbHQraWNkOThycGVMRDBW +WW5mcFRUcGI1TUlUVXJSY0EzTzRmTXBrYzFrCi0tLSB3NmxSRFRZL2RhelZ1WnpS +dExrT1I3ZWp6enFid0xvY1RkRjcrSTVoZ0Z3Co8agx1BYN8fEyeOgpl51911qsi+ +KJmAOSwXxAMBZOWAFuS5a3hlWH+ScqoZv1eWx7cMt/bHY01i59AP94Xc3eBpHYOU +8JFf5/Y3SMj+QWY3flY5OD/Ps/8zPaWehm6Rw77di+h5ydddH9qsneYQGut8VStw +HYyyFTXy2jDcBIopAiaaUf1Fe8u8luq2FVG5P/a1skush4P64hpGuO38ULaL3Xxj +VqzKM/WH/PNcWoZSikxgtEbPVcBRxmyA8+LkQbElwYqdKwnxe/+Lb202XqlZ+QFp +ajuop0d7AmdouPKzJ3NSlWMG4IU95ezDx3ZzUrVFAmVe54Mz52f1SpIUt+D8lNJb +jmI+8t72zgViW6nv3OxZrDVHv56zgR9bRzEhZHbTLzXrESLIw5FvJ3e9Za1Vn8YW +4A8mZlFm4YUFgq0KMM7PTTud5BJWHSoVklwlgO+IPBgW0BdgzP9UGs/4d6TQwhat +XBtuPkw+4FSpYJbpgyG1EGKsYWNQD8PFf9+bVOY3cDH3YL2Y8O5f3FvHw6oU4AKr +A3d6vN0+adc3L3TdqNNF2ejPcxkfer24P2E/Il1+NZraBiGVmSdBGemGQ4ZdUW9g +0qB6v0sNsDcxoc42bXmdy2GVrBsDhxEhQF1ktGWrvED6LEb7paVQsAo4zrOrlica +lG5WvXDN+DiLQjsHMbp0/1CG4F5vGUH1f1CYUZtXyiDaWM19d7MZWvtnpZaEDUzS +jRpEmuwCxIjv/z20z0LisfzeJnCZ6FLWQjFXDxaO2bEeob3yX2qVWtWYwTKt4CJU +/mjctA+oJcOyH3JgK+TucCyYcjt2bzFM6TjIo2XGWcjTNcoGyGGTEoqXMf4rJKgV +LJ7P3iiIBAISVCpfRa1vYUBOVlvbgbXsyGjBe/ff6Dp9Mptc6BEVpjPPG8qSQouQ +1/UDj2KoU+t7WBH0iMfiytfBPDuxZC3LJ9KstejAweyZLfPCGQbNa5MFVi8nNG1S +mA+nGsP4S1XHwh7s5S2z+37BCbJrRYG3VGVV5/M2hBJ95B5cy6/QausDpycdlql7 +H22ZhIgsB9yBf3Qz8K14Um3YwJrnnLRwWDkxPnFnl8O2lII5D6U= +-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/seifenkiste/syncthing/key.age b/secrets/seifenkiste/syncthing/key.age @@ -0,0 +1,18 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZUm5ucytMSGNWNHFzeTEy +OVFRM20ybjZObWNUbGdrNnBqTWppSnZDU1hVCnRzS2hJRmVtTWtMTm5kV085aUN2 +S2tQeHlMTXRNdDFiNHlISVJqWE96OFkKLT4gc3NoLWVkMjU1MTkgU1lqNklnIElp +RGp3UnlRdkZzZXo0a2ZLeFQ2Mm1oNjlhdHNYV3pjcEdsM0I5b0prWDgKNG9SOEdu +U0dBaGtrTHY3ZHgwMUVFbDdscHNrNUFxa0J2RmVQZSsxeUd3OAotPiBZVEkwY2Yu +RS1ncmVhc2UKY1NRbjUxUFdSM1cxbDQ0YkkrNE92UHJwOHhubEQrSXVBdnBFYUJL +KzBNN1pkbWY4WEpFVlcrQ2ZVS0JnRUR0dApDWllNcUdiaVM5enFFb2gyeVEzZGl0 +a1lTSHdRNmI0dk53THlJY1QvZlg3VUpmM2NybXdBYVNTM1IwOUMKLS0tIFpkQk16 +dzJMZ2ZjZjVrOG1TMEZmSWNCandPdytraXIzcFR5VXRqNXRjUFEKB1IYCDgGEpTA +kGX6iP8UQcMxL9iDkm0IHi1FvB+kFU5QObzmg5sW5K7Rw/Ng22EuR45JsP6Wwfjw +cm+Wgpu05rN46TKB1IO01XRb0ioLxKj9apJWUVpcGh8OYUPwiDiDyYB/z67nEvrG +gEuFfLsHjMQpkdpD3CGBVVfPyKbGLcHszL3BCusPAWDtNd9WRz8iuW7psXV11cpg +w/OaaBRPIoFj7dxuV4Jiuo8INCw4BOuuvYlzC7OiEIOeAuUgPRshHueAPvmeI5/i +9vYx0iQ+QHU5MRxbiItNLQcoqYpTC98YqVTGmJpqfYiqhYwWNFrnQPjndMXB/R5h +hLrp4gQyNd6Q4MO+Vtnab+GkPhoitZf9qX6FkARSb0fIcNYb0szL/Dzogp1d4WQa +tpjAT1CKaxDstN59hrS1KGFbr0F7EdQ= +-----END AGE ENCRYPTED FILE-----