Skip to content

Commit

Permalink
feat: add more sazed config & secrets prep.
Browse files Browse the repository at this point in the history
  • Loading branch information
@rafaelsgirao
rafaelsgirao committed Jun 4, 2024
1 parent 6e68433 commit 07bda66
Show file tree
Hide file tree
Showing 4 changed files with 20 additions and 24 deletions.
15 changes: 5 additions & 10 deletions hosts/sazed/hardware.nix
100644 → 100755
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,26 +4,21 @@
# (inputs.nixos-hardware + "/lenovo/thinkpad/t480/default.nix")
];

boot.initrd.availableKernelModules =
# [ "xhci_pci" "ahci" "nvme" "usbhid" "sdhci_pci" ];
[ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];

boot.kernelModules = [ "kvm-intel" ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];

swapDevices = [ ];

powerManagement.cpuFreqGovernor = "powersave";

nixpkgs.hostPlatform = "x86_64-linux";

hardware.cpu.amd.updateMicrocode = true;


# Storage.
disko.devices = {
disk.main = {
type = "disk";
# device = "/dev/disk/by-id/ata-WDC_PC_SN520_SDAPMUW-256G-1001_1835C2800054"; #TODO: change later
device = "/dev/disk/by-id/ata-SSD_2.5__512GB_InnovationIT_QLC_663122209170076";
content.type = "gpt";
content.partitions = {
ESP = {
Expand Down
17 changes: 4 additions & 13 deletions hosts/sazed/machine.nix
100644 → 100755
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ pkgs, ... }:

{

Expand All @@ -7,16 +7,15 @@
imports = [
../../modules/systemd-initrd.nix
#Firefox through flatpak (testing)
# ../../modules/workstation/firefox.nix
../../modules/workstation/firefox.nix
../../modules/workstation/default.nix
../../modules/workstation/gnome.nix
../../modules/workstation/flatpak.nix

../../modules/hardware/uefi.nix
../../modules/hardware/zfs.nix

# ../../modules/hardware/nvidia.nix
../../modules/core/lanzaboote.nix
# ../../modules/core/lanzaboote.nix
# ../../modules/core/hardening.nix
# ../../modules/libvirt.nix
../../modules/impermanence.nix
Expand All @@ -35,8 +34,7 @@
machineId = "d50445fd8e8745c5abd3aadefb7f8af6";
machineType = "amd";
class = "workstation";
#TODO: change
pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlOwjvhd+yIUCNLtK4q3nNT3sZNa/CfPcvuxXMU02Fq";
pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL98QtOSOE5mmB/EXHsINd5mHc46gkynP2FBN939BlEc root@sazed";
};

# hm.home.packages = with pkgs; [ anki-bin ];
Expand Down Expand Up @@ -109,13 +107,6 @@
"-m 4096 -smp 4 -enable-kvm"; # https://github.com/NixOS/nixpkgs/issues/59219
};


#SSH daemon only inside Nebula
services.openssh.listenAddresses = [{
addr = config.rg.ip;
port = 22;
}];

#Additional packages
environment.systemPackages = with pkgs; [
appimage-run
Expand Down
1 change: 1 addition & 0 deletions modules/core/options.nix
100644 → 100755
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ in
type = types.str;
default = null;
};
# Generate a new one with: systemd-machine-id-setup
machineId = mkOption {
type = types.str;
default = null;
Expand Down
11 changes: 10 additions & 1 deletion secrets/secrets.nix
100644 → 100755
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,22 @@
let
rg-scout = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFDT738i9yW4X/sO5IKD10zE/A4+Kz9ep01TkMLTrd1a";
users = [ rg-scout ];
rg-yubikey-1-rk = [ "[email protected] AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEwOBxayZyd/zGYyoTRN2rdIQM71nzVT3lISg2pNfrZRAAAABHNzaDo=" ];

users = [ rg-scout rg-yubikey-1-rk ];

scout = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlOwjvhd+yIUCNLtK4q3nNT3sZNa/CfPcvuxXMU02Fq";

spy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINC8PlErcHHqvX6xT0Kk9yjDPqZ3kzlmUznn+6kdLxjD";

saxton = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIIgLXN8cCbZ19eQtmtRsn1R1JEF0gg9lLYWajB2VeE6";

sazed = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL98QtOSOE5mmB/EXHsINd5mHc46gkynP2FBN939BlEc root@sazed";

systems = [
scout
spy
saxton
sazed
];
in
{
Expand Down Expand Up @@ -66,4 +71,8 @@ in
"saxton/Mailserver-pwd-rafael.age".publicKeys = [ saxton ] ++ users;
"saxton/Mailserver-pwd-machines.age".publicKeys = [ saxton ] ++ users;

#Sazed secrets
# "saxton/RGNet-key.age".publicKeys = [ saxton ] ++ users;
# "saxton/RGNet-cert.age".publicKeys = [ saxton ] ++ users;

}

0 comments on commit 07bda66

Please sign in to comment.