admin pass

2024-05-23 11:21:24 +02:00 · 2024-05-23 11:21:24 +02:00 · c95b924af7
commit c95b924af7
parent 5e6f7e5bc7
6 changed files with 274 additions and 28 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,2 @@
+secrets/** filter=git-crypt diff=git-crypt
+.gitattributes !filter !diff
--- a/build-vm.sh
+++ b/build-vm.sh
@ -0,0 +1,5 @@
+#!/bin/sh -e
+nixos-rebuild build-vm --flake .#cafe
+rm -f nixos.qcow2
+./result/bin/run-*-vm
+rm -f nixos.qcow2 result
--- a/flake.lock
+++ b/flake.lock
@ -1,6 +1,194 @@
 {
  "nodes": {
+    "agda": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": [
+          "nixos-config",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1701366566,
+        "narHash": "sha256-B8Jmjld0gGbkVO08GsovVqrUXCs8VfJ8UdM3sjHnzgM=",
+        "owner": "agda",
+        "repo": "agda",
+        "rev": "4293e0a94d15acac915ab9088b2ec028f78d14a9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "agda",
+        "ref": "v2.6.4.1",
+        "repo": "agda",
+        "type": "github"
+      }
+    },
+    "cornelis": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "flake-utils": "flake-utils_2",
+        "nixpkgs": [
+          "nixos-config",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1712595875,
+        "narHash": "sha256-KaAhKeESwOQ0R0vxeAO/CDPiPimiemoARyr0uIVTQ4w=",
+        "owner": "isovector",
+        "repo": "cornelis",
+        "rev": "9d3347e7d8589a28bcdd283001367d60bacf6b05",
+        "type": "github"
+      },
+      "original": {
+        "owner": "isovector",
+        "repo": "cornelis",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1678901627,
+        "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_2": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1710146030,
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixos-config",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1712386041,
+        "narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "release-23.11",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "nixos-config": {
+      "inputs": {
+        "agda": "agda",
+        "cornelis": "cornelis",
+        "home-manager": "home-manager",
+        "nixpkgs": "nixpkgs",
+        "nixpkgs-unstable": "nixpkgs-unstable",
+        "ssbm-nix": "ssbm-nix"
+      },
+      "locked": {
+        "lastModified": 1716454285,
+        "narHash": "sha256-VPD9pgXR7awQ9d1mvh2NpnWnE0FNc2+6nEFlC8I16S0=",
+        "ref": "refs/heads/master",
+        "rev": "259c7dc9971e92323625da97af5177f13975d180",
+        "revCount": 136,
+        "type": "git",
+        "url": "https://githug.xyz/rachel/nixos-config"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://githug.xyz/rachel/nixos-config"
+      }
+    },
    "nixpkgs": {
+      "locked": {
+        "lastModified": 1712588820,
+        "narHash": "sha256-y31s5idk3jMJMAVE4Ud9AdI7HT3CgTAeMTJ0StqKN7Y=",
+        "owner": "NixOs",
+        "repo": "nixpkgs",
+        "rev": "d272ca50d1f7424fbfcd1e6f1c9e01d92f6da167",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOs",
+        "ref": "nixos-23.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1713297878,
+        "narHash": "sha256-hOkzkhLT59wR8VaMbh1ESjtZLbGi+XNaBN6h49SPqEc=",
+        "owner": "NixOs",
+        "repo": "nixpkgs",
+        "rev": "66adc1e47f8784803f2deb6cacd5e07264ec2d5c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOs",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1711703276,
+        "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
      "locked": {
        "lastModified": 1716361217,
        "narHash": "sha256-mzZDr00WUiUXVm1ujBVv6A0qRd8okaITyUp4ezYRgc4=",
@ -18,7 +206,58 @@
    },
    "root": {
      "inputs": {
-        "nixpkgs": "nixpkgs"
+        "nixos-config": "nixos-config",
+        "nixpkgs": "nixpkgs_3"
+      }
+    },
+    "slippi-desktop": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1711346593,
+        "narHash": "sha256-WWgGRT58w1a4UcEe924hqa4ZVodQtsbXC44aCOEj528=",
+        "owner": "project-slippi",
+        "repo": "slippi-desktop-app",
+        "rev": "02f3f007cd03c6e2b0da57db65c90646efc04a86",
+        "type": "github"
+      },
+      "original": {
+        "owner": "project-slippi",
+        "repo": "slippi-desktop-app",
+        "type": "github"
+      }
+    },
+    "ssbm-nix": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_2",
+        "slippi-desktop": "slippi-desktop"
+      },
+      "locked": {
+        "lastModified": 1712071998,
+        "narHash": "sha256-k95NCkXJ61PGMFuqyMtfvP3yTLozED/7DkN+lBWK0gs=",
+        "owner": "lytedev",
+        "repo": "ssbm-nix",
+        "rev": "eff966a97287d1d86b189d59a14bf744d86836b0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lytedev",
+        "repo": "ssbm-nix",
+        "type": "github"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
      }
    }
  },
--- a/flake.nix
+++ b/flake.nix
@ -1,21 +1,40 @@
 {
-  description = "My various NixOs configurations";
+  description = "NixOs configuration for my server";

  inputs = {
    nixpkgs.url = "github:NixOs/nixpkgs/nixos-23.11";
+    nixos-config.url = "git+https://githug.xyz/rachel/nixos-config";
  };

-  outputs = { self, nixpkgs, ... }: 
+  outputs = { self, nixpkgs, nixos-config, ... }: 
    let nix-config-module =
        {
          nix.registry.nixpkgs.flake = nixpkgs;
          system.configurationRevision = nixpkgs.lib.mkIf (self ? rev) self.rev;
        };
+        keyboard-module =
+        {
+          console = {
+            useXkbConfig = true;
+          };
+
+          services.xserver = {
+            xkb = {
+              layout = "fox";
+              extraLayouts.fox = {
+                description = "Layout suitable to be used by a fox";
+                languages = [ "se" ];
+                symbolsFile = nixos-config.keyboardLayouts.fox;
+              };
+            };
+          };
+        };
    in {
      nixosConfigurations.cafe = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        modules = [
          nix-config-module
+          keyboard-module
          ./host.nix
        ];
      };
--- a/host.nix
+++ b/host.nix
@ -3,6 +3,7 @@ let gitea = {
      host = "10.10.0.1";
      local = "10.10.0.2";
    };
+    secrets = import ./secrets/secrets.nix;
 in
 {
  # [CONTAINERS]
@ -12,7 +13,7 @@ in
    privateNetwork = true;
    hostAddress  = gitea.host;
    localAddress = gitea.local;
-    config = ./gitea.nix;
+    config = ./guests/gitea.nix;
  };

  # [NGINX]
@ -31,31 +32,11 @@ in
  networking.firewall.allowedUDPPorts = [ ];

  # VM test user
-  users.users.test.isSystemUser = true ;
-  users.users.test.initialPassword = "test";
-  users.users.test.group = "test";
-  users.groups.test = {};
+  users.users.admin.isSystemUser = true ;
+  users.users.admin.hashedPassword = builtins.readFile ./secrets/admin_password;
+  users.users.admin.group = "admin";
+  users.groups.admin = {};

-  console = {
-    useXkbConfig = true;
-  };
-
-  services.xserver = {
-    xkb = {
-      layout = "fox,sus";
-      options = "ctrl:nocaps";
-      extraLayouts.sus = {
-        description = "Swedish US";
-        languages = [ "se" ];
-        symbolsFile = ../shared/sus.xkb;
-      };
-      extraLayouts.fox = {
-        description = "Layout suitable to be used by a fox";
-        languages = [ "se" ];
-        symbolsFile = ../shared/fox.xkb;
-      };
-    };
-  };

  system.stateVersion = "23.11";

--- a/secrets/admin_password
+++ b/secrets/admin_password