diff options
Diffstat (limited to 'nix')
| -rw-r--r-- | nix/flake.lock | 30 | ||||
| -rw-r--r-- | nix/flake.nix | 102 | ||||
| -rw-r--r-- | nix/modules/configuration.nix | 2 | ||||
| -rw-r--r-- | nix/modules/home/zsh.nix | 2 | ||||
| -rw-r--r-- | nix/systems/installer/default.nix | 19 |
5 files changed, 85 insertions, 70 deletions
diff --git a/nix/flake.lock b/nix/flake.lock index f0a1cb2..cf1fb58 100644 --- a/nix/flake.lock +++ b/nix/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1737038063, - "narHash": "sha256-rMEuiK69MDhjz1JgbaeQ9mBDXMJ2/P8vmOYRbFndXsk=", + "lastModified": 1738148035, + "narHash": "sha256-KYOATYEwaKysL3HdHdS5kbQMXvzS4iPJzJrML+3TKAo=", "owner": "nix-community", "repo": "disko", - "rev": "bf0abfde48f469c256f2b0f481c6281ff04a5db2", + "rev": "18d0a984cc2bc82cf61df19523a34ad463aa7f54", "type": "github" }, "original": { @@ -189,11 +189,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1737885640, - "narHash": "sha256-GFzPxJzTd1rPIVD4IW+GwJlyGwBDV1Tj5FLYwDQQ9sM=", + "lastModified": 1738277201, + "narHash": "sha256-6L+WXKCw5mqnUIExvqkD99pJQ41xgyCk6z/H9snClwk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4e96537f163fad24ed9eb317798a79afc85b51b7", + "rev": "666e1b3f09c267afd66addebe80fb05a5ef2b554", "type": "github" }, "original": { @@ -221,11 +221,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1737885589, - "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=", + "lastModified": 1738142207, + "narHash": "sha256-NGqpVVxNAHwIicXpgaVqJEJWeyqzoQJ9oc8lnK9+WC4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8", + "rev": "9d3ae807ebd2981d593cddd0080856873139aa40", "type": "github" }, "original": { @@ -258,11 +258,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1738096417, - "narHash": "sha256-Ilaq4ZBWLKRQnnrVdo07RPXvL2bgLSpRRYQbEkTmY8E=", + "lastModified": 1738362438, + "narHash": "sha256-EO2dVkMVLThWqv4hobEZEZGWBEuH2Z9SYqQDrbLSclU=", "owner": "nix-community", "repo": "NUR", - "rev": "9749661663bff263eb630f3a7f200e8b5a6ce3da", + "rev": "95ddad0ff0e67c90314c6ca46324dce5f9a910d2", "type": "github" }, "original": { @@ -356,11 +356,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1737411508, - "narHash": "sha256-j9IdflJwRtqo9WpM0OfAZml47eBblUHGNQTe62OUqTw=", + "lastModified": 1738291974, + "narHash": "sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320=", "owner": "Mic92", "repo": "sops-nix", - "rev": "015d461c16678fc02a2f405eb453abb509d4e1d4", + "rev": "4c1251904d8a08c86ac6bc0d72cc09975e89aef7", "type": "github" }, "original": { diff --git a/nix/flake.nix b/nix/flake.nix index c09005c..058635a 100644 --- a/nix/flake.nix +++ b/nix/flake.nix @@ -5,18 +5,18 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; home-manager = { - url = "github:nix-community/home-manager/release-24.11"; - inputs.nixpkgs.follows = "nixpkgs"; + url = "github:nix-community/home-manager/release-24.11"; + inputs.nixpkgs.follows = "nixpkgs"; }; disko = { - url = "github:nix-community/disko"; - inputs.nixpkgs.follows = "nixpkgs"; + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; }; lanzaboote = { - url = "github:nix-community/lanzaboote/v0.4.1"; - inputs.nixpkgs.follows = "nixpkgs"; + url = "github:nix-community/lanzaboote/v0.4.1"; + inputs.nixpkgs.follows = "nixpkgs"; }; nur.url = "github:nix-community/NUR"; @@ -28,55 +28,55 @@ outputs = { nixpkgs, home-manager, nur, disko, lanzaboote, sops-nix, ... }@attrs: { nixosConfigurations = { - installer = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ( - { pkgs, modulesPath, ... }: - { - imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ]; - } - ) - ./systems/installer/default.nix - ]; - }; + installer = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ( + { pkgs, modulesPath, ... }: + { + imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ]; + } + ) + ./systems/installer/default.nix + ]; + }; - continuity = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = attrs; - modules = [ - lanzaboote.nixosModules.lanzaboote - disko.nixosModules.disko - home-manager.nixosModules.home-manager - sops-nix.nixosModules.sops - { nixpkgs.overlays = [ nur.overlays.default ]; } - { home-manager.extraSpecialArgs = attrs; } + continuity = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = attrs; + modules = [ + lanzaboote.nixosModules.lanzaboote + disko.nixosModules.disko + home-manager.nixosModules.home-manager + sops-nix.nixosModules.sops + { nixpkgs.overlays = [ nur.overlays.default ]; } + { home-manager.extraSpecialArgs = attrs; } - ./modules/sda-simple.nix - ./systems/continuity/default.nix - ]; - }; + ./modules/sda-simple.nix + ./systems/continuity/default.nix + ]; + }; - affinity = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = attrs; - modules = [ - lanzaboote.nixosModules.lanzaboote - disko.nixosModules.disko - home-manager.nixosModules.home-manager - sops-nix.nixosModules.sops - { nixpkgs.overlays = [ nur.overlays.default ]; } - { home-manager.extraSpecialArgs = attrs; } - ./modules/nvme-simple.nix - ./systems/affinity/default.nix - ]; - }; + affinity = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = attrs; + modules = [ + lanzaboote.nixosModules.lanzaboote + disko.nixosModules.disko + home-manager.nixosModules.home-manager + sops-nix.nixosModules.sops + { nixpkgs.overlays = [ nur.overlays.default ]; } + { home-manager.extraSpecialArgs = attrs; } + ./modules/nvme-simple.nix + ./systems/affinity/default.nix + ]; + }; - spontaneity = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = attrs; - modules = []; - }; + spontaneity = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = attrs; + modules = []; + }; }; }; } diff --git a/nix/modules/configuration.nix b/nix/modules/configuration.nix index 8127759..3c12962 100644 --- a/nix/modules/configuration.nix +++ b/nix/modules/configuration.nix @@ -181,7 +181,7 @@ # wifi.macAddress = ""; }; firewall = { - allowedTCPPorts = [ ]; + allowedTCPPorts = [ 11434 ]; allowedUDPPorts = [ ]; }; }; diff --git a/nix/modules/home/zsh.nix b/nix/modules/home/zsh.nix index a5641fd..fc041e9 100644 --- a/nix/modules/home/zsh.nix +++ b/nix/modules/home/zsh.nix @@ -25,7 +25,9 @@ v = "vim"; py = "python3"; rb = "sudo nixos-rebuild switch --flake .#continuity"; + rba = "sudo nixos-rebuild switch --flake .#affinity"; nfu = "cd ~/monorepo/nix && git add . && git commit -m \"new flake lock\" && nix flake update"; + usync = "rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/website_html/ root@nullring.xyz:/usr/share/nginx/ret2pop/"; usite = "cd ~/src/publish-org-roam-ui && bash local.sh && rm -rf ~/website_html/graph_view; cp -r ~/src/publish-org-roam-ui/out ~/website_html/graph_view && rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/website_html/ root@${config.monorepo.vars.remoteHost}:/usr/share/nginx/ret2pop/"; sai = "eval \"$(ssh-agent -s)\" && ssh-add ~/.ssh/id_ed25519 && ssh-add -l"; diff --git a/nix/systems/installer/default.nix b/nix/systems/installer/default.nix index cbfed0d..2b832f4 100644 --- a/nix/systems/installer/default.nix +++ b/nix/systems/installer/default.nix @@ -1,4 +1,4 @@ -{ pkgs, config, ... }: +{ pkgs, config, lib, ... }: let commits = import ./commits.nix; in @@ -9,15 +9,28 @@ in enable = true; }; firewall = { - allowedTCPPorts = [ ]; + allowedTCPPorts = [ 22 ]; allowedUDPPorts = [ ]; }; wireless.enable = false; }; + services.openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = true; + AllowUsers = null; + UseDns = true; + PermitRootLogin = lib.mkForce "prohibit-password"; + }; + }; users.extraUsers.root.password = "nixos"; users.extraUsers.nixos.password = "nixos"; users.users = { + root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell" + ]; nixos = { packages = with pkgs; [ git @@ -35,7 +48,7 @@ fi ping -q -c1 google.com &>/dev/null && echo "online! Proceeding with the installation..." || nmtui cd if [ ! -d "$HOME/monorepo/" ]; then - git clone --recurse-submodules https://git.nullring.xyz/monorepo.git + git clone https://git.nullring.xyz/monorepo.git cd monorepo git checkout "${commits.monorepoCommitHash}" fi |