update nixos configuration to have ssh key for live iso; new journal entry

author: Preston Pan <ret2pop@gmail.com> 2025-02-03 02:59:16 -0800
committer: Preston Pan <ret2pop@gmail.com> 2025-02-03 02:59:16 -0800
commit: d6efefc1d9e6b9fd515c5cb5f2a077e05caeaab7 (patch)
tree: 16228e6842ade232308754c7b55fff3f46b4205f /nix
parent: 9e4f938d03c72bdcd81b020ab5276b969023a7e3 (diff)
5 files changed, 85 insertions, 70 deletions
diff --git a/nix/flake.lock b/nix/flake.lock
index f0a1cb2..cf1fb58 100644
--- a/nix/flake.lock
+++ b/nix/flake.lock
@@ -28,11 +28,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737038063,
-        "narHash": "sha256-rMEuiK69MDhjz1JgbaeQ9mBDXMJ2/P8vmOYRbFndXsk=",
+        "lastModified": 1738148035,
+        "narHash": "sha256-KYOATYEwaKysL3HdHdS5kbQMXvzS4iPJzJrML+3TKAo=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "bf0abfde48f469c256f2b0f481c6281ff04a5db2",
+        "rev": "18d0a984cc2bc82cf61df19523a34ad463aa7f54",
         "type": "github"
       },
       "original": {
@@ -189,11 +189,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1737885640,
-        "narHash": "sha256-GFzPxJzTd1rPIVD4IW+GwJlyGwBDV1Tj5FLYwDQQ9sM=",
+        "lastModified": 1738277201,
+        "narHash": "sha256-6L+WXKCw5mqnUIExvqkD99pJQ41xgyCk6z/H9snClwk=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "4e96537f163fad24ed9eb317798a79afc85b51b7",
+        "rev": "666e1b3f09c267afd66addebe80fb05a5ef2b554",
         "type": "github"
       },
       "original": {
@@ -221,11 +221,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1737885589,
-        "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=",
+        "lastModified": 1738142207,
+        "narHash": "sha256-NGqpVVxNAHwIicXpgaVqJEJWeyqzoQJ9oc8lnK9+WC4=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8",
+        "rev": "9d3ae807ebd2981d593cddd0080856873139aa40",
         "type": "github"
       },
       "original": {
@@ -258,11 +258,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1738096417,
-        "narHash": "sha256-Ilaq4ZBWLKRQnnrVdo07RPXvL2bgLSpRRYQbEkTmY8E=",
+        "lastModified": 1738362438,
+        "narHash": "sha256-EO2dVkMVLThWqv4hobEZEZGWBEuH2Z9SYqQDrbLSclU=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "9749661663bff263eb630f3a7f200e8b5a6ce3da",
+        "rev": "95ddad0ff0e67c90314c6ca46324dce5f9a910d2",
         "type": "github"
       },
       "original": {
@@ -356,11 +356,11 @@
         "nixpkgs": "nixpkgs_3"
       },
       "locked": {
-        "lastModified": 1737411508,
-        "narHash": "sha256-j9IdflJwRtqo9WpM0OfAZml47eBblUHGNQTe62OUqTw=",
+        "lastModified": 1738291974,
+        "narHash": "sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "015d461c16678fc02a2f405eb453abb509d4e1d4",
+        "rev": "4c1251904d8a08c86ac6bc0d72cc09975e89aef7",
         "type": "github"
       },
       "original": {
diff --git a/nix/flake.nix b/nix/flake.nix
index c09005c..058635a 100644
--- a/nix/flake.nix
+++ b/nix/flake.nix
@@ -5,18 +5,18 @@
     nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
 
     home-manager = {
-	url = "github:nix-community/home-manager/release-24.11";
-	inputs.nixpkgs.follows = "nixpkgs";
+	    url = "github:nix-community/home-manager/release-24.11";
+	    inputs.nixpkgs.follows = "nixpkgs";
     };
 
     disko = {
-	url = "github:nix-community/disko";
-	inputs.nixpkgs.follows = "nixpkgs";
+	    url = "github:nix-community/disko";
+	    inputs.nixpkgs.follows = "nixpkgs";
     };
 
     lanzaboote = {
-	url = "github:nix-community/lanzaboote/v0.4.1";
-	inputs.nixpkgs.follows = "nixpkgs";
+	    url = "github:nix-community/lanzaboote/v0.4.1";
+	    inputs.nixpkgs.follows = "nixpkgs";
     };
 
     nur.url = "github:nix-community/NUR";
@@ -28,55 +28,55 @@
 
   outputs = { nixpkgs, home-manager, nur, disko, lanzaboote, sops-nix, ... }@attrs: {
     nixosConfigurations = {
-	installer = nixpkgs.lib.nixosSystem {
-	  system = "x86_64-linux";
-	  modules = [
-	    (
-	      { pkgs, modulesPath, ... }:
-	      {
-		imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ];
-	      }
-	    )
-	    ./systems/installer/default.nix
-	  ];
-	};
+	    installer = nixpkgs.lib.nixosSystem {
+	      system = "x86_64-linux";
+	      modules = [
+	        (
+	          { pkgs, modulesPath, ... }:
+	          {
+		          imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ];
+	          }
+	        )
+	        ./systems/installer/default.nix
+	      ];
+	    };
 
-	continuity = nixpkgs.lib.nixosSystem {
-	  system = "x86_64-linux";
-	  specialArgs = attrs;
-	  modules = [
-	    lanzaboote.nixosModules.lanzaboote
-	    disko.nixosModules.disko
-	    home-manager.nixosModules.home-manager
-	    sops-nix.nixosModules.sops
-	    { nixpkgs.overlays = [ nur.overlays.default ]; }
-	    { home-manager.extraSpecialArgs = attrs; }
+	    continuity = nixpkgs.lib.nixosSystem {
+	      system = "x86_64-linux";
+	      specialArgs = attrs;
+	      modules = [
+	        lanzaboote.nixosModules.lanzaboote
+	        disko.nixosModules.disko
+	        home-manager.nixosModules.home-manager
+	        sops-nix.nixosModules.sops
+	        { nixpkgs.overlays = [ nur.overlays.default ]; }
+	        { home-manager.extraSpecialArgs = attrs; }
 
-	    ./modules/sda-simple.nix
-	    ./systems/continuity/default.nix
-	  ];
-	};
+	        ./modules/sda-simple.nix
+	        ./systems/continuity/default.nix
+	      ];
+	    };
 
-	affinity = nixpkgs.lib.nixosSystem {
-	  system = "x86_64-linux";
-	  specialArgs = attrs;
-	  modules = [
-	    lanzaboote.nixosModules.lanzaboote
-	    disko.nixosModules.disko
-	    home-manager.nixosModules.home-manager
-	    sops-nix.nixosModules.sops
-	    { nixpkgs.overlays = [ nur.overlays.default ]; }
-	    { home-manager.extraSpecialArgs = attrs; }
-	    ./modules/nvme-simple.nix
-	    ./systems/affinity/default.nix
-	  ];
-	};
+	    affinity = nixpkgs.lib.nixosSystem {
+	      system = "x86_64-linux";
+	      specialArgs = attrs;
+	      modules = [
+	        lanzaboote.nixosModules.lanzaboote
+	        disko.nixosModules.disko
+	        home-manager.nixosModules.home-manager
+	        sops-nix.nixosModules.sops
+	        { nixpkgs.overlays = [ nur.overlays.default ]; }
+	        { home-manager.extraSpecialArgs = attrs; }
+	        ./modules/nvme-simple.nix
+	        ./systems/affinity/default.nix
+	      ];
+	    };
 
-	spontaneity = nixpkgs.lib.nixosSystem {
-	  system = "x86_64-linux";
-	  specialArgs = attrs;
-	  modules = [];
-	};
+	    spontaneity = nixpkgs.lib.nixosSystem {
+	      system = "x86_64-linux";
+	      specialArgs = attrs;
+	      modules = [];
+	    };
     };
   };
 }
diff --git a/nix/modules/configuration.nix b/nix/modules/configuration.nix
index 8127759..3c12962 100644
--- a/nix/modules/configuration.nix
+++ b/nix/modules/configuration.nix
@@ -181,7 +181,7 @@
 	# wifi.macAddress = "";
     };
     firewall = {
-	allowedTCPPorts = [ ];
+	allowedTCPPorts = [ 11434 ];
 	allowedUDPPorts = [ ];
     };
   };
diff --git a/nix/modules/home/zsh.nix b/nix/modules/home/zsh.nix
index a5641fd..fc041e9 100644
--- a/nix/modules/home/zsh.nix
+++ b/nix/modules/home/zsh.nix
@@ -25,7 +25,9 @@
       v = "vim";
       py = "python3";
       rb = "sudo nixos-rebuild switch --flake .#continuity";
+      rba = "sudo nixos-rebuild switch --flake .#affinity";
       nfu = "cd ~/monorepo/nix && git add . && git commit -m \"new flake lock\" &&  nix flake update";
+      usync =  "rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/website_html/ root@nullring.xyz:/usr/share/nginx/ret2pop/";
       usite
       = "cd ~/src/publish-org-roam-ui && bash local.sh && rm -rf ~/website_html/graph_view; cp -r ~/src/publish-org-roam-ui/out ~/website_html/graph_view && rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/website_html/ root@${config.monorepo.vars.remoteHost}:/usr/share/nginx/ret2pop/";
       sai = "eval \"$(ssh-agent -s)\" && ssh-add ~/.ssh/id_ed25519 && ssh-add -l";
diff --git a/nix/systems/installer/default.nix b/nix/systems/installer/default.nix
index cbfed0d..2b832f4 100644
--- a/nix/systems/installer/default.nix
+++ b/nix/systems/installer/default.nix
@@ -1,4 +1,4 @@
-{ pkgs, config, ... }:
+{ pkgs, config, lib, ... }:
 let
   commits = import ./commits.nix;
 in
@@ -9,15 +9,28 @@ in
       enable = true;
     };
     firewall = {
-      allowedTCPPorts = [ ];
+      allowedTCPPorts = [ 22 ];
       allowedUDPPorts = [ ];
     };
     wireless.enable = false;
   };
+  services.openssh = {
+    enable = true;
+    ports = [ 22 ];
+    settings = {
+      PasswordAuthentication = true;
+      AllowUsers = null;
+      UseDns = true;
+      PermitRootLogin = lib.mkForce "prohibit-password";
+    };
+  };
 
   users.extraUsers.root.password = "nixos";
   users.extraUsers.nixos.password = "nixos";
   users.users = {
+    root.openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell"
+    ];
     nixos = {
       packages = with pkgs; [
         git
@@ -35,7 +48,7 @@ fi
 ping -q -c1 google.com &>/dev/null && echo "online! Proceeding with the installation..." || nmtui
 cd
 if [ ! -d "$HOME/monorepo/" ]; then
-  git clone --recurse-submodules https://git.nullring.xyz/monorepo.git
+  git clone https://git.nullring.xyz/monorepo.git
   cd monorepo
   git checkout "${commits.monorepoCommitHash}"
 fi
author	Preston Pan <ret2pop@gmail.com>	2025-02-03 02:59:16 -0800
committer	Preston Pan <ret2pop@gmail.com>	2025-02-03 02:59:16 -0800
commit	d6efefc1d9e6b9fd515c5cb5f2a077e05caeaab7 (patch)
tree	16228e6842ade232308754c7b55fff3f46b4205f /nix
parent	9e4f938d03c72bdcd81b020ab5276b969023a7e3 (diff)