hyl.st / helm
nix config
fork atom

curnve does ssh now too

Anish Lakhwara 3c3236cd 19125e33

options
unified split
Changed files
+31 -17
hosts
curve
default.nix
users
anish
default.nix
+25 -14
hosts/curve/default.nix
··· 1 - { self, pkgs, ... }: 2 - { 1 + { self, pkgs, ... }: { 3 2 imports = [ 4 3 ./configuration.nix 5 4 ../users/anish ··· 16 15 # ../profiles/kuberenetes 17 16 # ../profiles/mount-mossnet 18 17 ]; 18 + 19 + # temporarily allow ssh access for work, to be able to do deploy new services 20 + services.openssh = { 21 + enable = true; 22 + settings.PasswordAuthentication = false; 23 + settings.PermitRootLogin = "no"; 24 + }; 19 25 20 26 # import profiling tools 21 27 programs.systemtap.enable = true; 22 28 23 29 virtualisation.docker.enable = true; 24 30 virtualisation.docker.storageDriver = "btrfs"; 25 - environment.systemPackages = with pkgs; [ 26 - docker-compose 27 - ]; 31 + environment.systemPackages = with pkgs; [ docker-compose ]; 28 32 29 33 # Speed up boot by removing dependency on network 30 34 systemd = { 31 - targets.network-online.wantedBy = pkgs.lib.mkForce [ ]; # Normally ["multi-user.target"] 32 - services.NetworkManager-wait-online.wantedBy = pkgs.lib.mkForce [ ]; # Normally ["network-online.target"] 35 + targets.network-online.wantedBy = 36 + pkgs.lib.mkForce [ ]; # Normally ["multi-user.target"] 37 + services.NetworkManager-wait-online.wantedBy = 38 + pkgs.lib.mkForce [ ]; # Normally ["network-online.target"] 33 39 }; 34 40 35 41 programs.gnupg.agent.enable = true; ··· 64 70 65 71 # lazy enable of ports necessary for KDE connect which is installed via cli home profile (for some reason?) 66 72 networking.firewall = { 67 - allowedTCPPortRanges = [{ from = 1714; to = 1764; }]; 68 - allowedUDPPortRanges = [{ from = 1714; to = 1764; }]; 73 + allowedTCPPorts = [ 22 ]; # allow ssh 74 + allowedTCPPortRanges = [{ 75 + from = 1714; 76 + to = 1764; 77 + }]; 78 + allowedUDPPortRanges = [{ 79 + from = 1714; 80 + to = 1764; 81 + }]; 69 82 }; 70 83 71 84 age.secrets.curve-wg.file = "${self}/secrets/curve-wg.age"; ··· 81 94 mossnet.backup = { 82 95 enable = true; 83 96 name = "curve"; 84 - paths = [ 85 - "/home/anish/usr" 86 - "/home/anish/.ssh" 87 - ]; 97 + paths = [ "/home/anish/usr" "/home/anish/.ssh" ]; 88 98 }; 89 99 90 100 # enable adb ··· 93 103 #virtualisation.docker.enable = true; 94 104 boot.blacklistedKernelModules = [ "qcserial" ]; 95 105 # Used for packer Capsul 96 - users.users.anish.extraGroups = [ "adbusers" "wheel" "plugdev" "libvertd" "docker" ]; 106 + users.users.anish.extraGroups = 107 + [ "adbusers" "wheel" "plugdev" "libvertd" "docker" ]; 97 108 virtualisation.libvirtd.enable = true; 98 109 hardware.keyboard.zsa.enable = true; 99 110 services.udev.extraRules = ''
+6 -3
hosts/users/anish/default.nix
··· 4 4 programs.zsh.enable = true; 5 5 users.users.anish = { 6 6 description = "Personal user for Anish"; 7 - hashedPassword = "$y$j9T$y3DPt/dWaPE.gRazQqw1w0$1RMH5sl/Nu8kW3ZMywYCPRniHD/jF5qRh0VKrdJ.bV2"; 7 + hashedPassword = 8 + "$y$j9T$y3DPt/dWaPE.gRazQqw1w0$1RMH5sl/Nu8kW3ZMywYCPRniHD/jF5qRh0VKrdJ.bV2"; 8 9 shell = pkgs.zsh; 9 10 isNormalUser = true; 10 11 extraGroups = [ "wheel" "audio" "networkmanager" "video" ]; 11 12 openssh.authorizedKeys.keys = [ 12 13 # Curve 13 14 "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDM0Zvei46x/yZl/IeBCq6+IYQQ0avulzVyBysF9cPigZMCybWRV7IEU+E3k9t6JrbdbdGfJkcZIWmsWDdKS8W8mBnZpVoT0ffLynu8JQ/TKdGm4Qv6bgUeKNrGsNv0ZPs2CDaGSLj0oJfRF7Ko10tcLP0vW+yujrh+y6TH/vVzJioaV4TGvtCUpn+wEQah9ROwPQLUUofsSWdnRsDJ/gp37zXWs4l5wyjSKtP3O9RZUP7kBekbSqEgSXiTk0oUQSVqIWl9NDiP6onk/gSOjXsR/JPqsSN/XI/c/yj6gyY0f51Ru2D7iBxuMJIJcWV+rU6coIj+ULcQWLzt/7TI8jq5AOOzI/ll4zbL24Eo84Rz+TP9tvMMhDZ0VaMN22AJ8qQEjc5P09tWKsX7Jg39XelyV1jHXncE4yvIE9F4RSCHzWCeKeXakizQNuzSaxTxIExRFYHjNW5bR6+3MTGwVrEIXU+qML+0yFTR86MT+tdY5AreAJQLwbog79O1NupeXJE= anish@curve" 14 - # Line 15 - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDtU2GMYjXj6RGO1+mwM4TDGOo0qrKLTL4Di8+QgDX0p5vUEsnE1PS9wnuqCmSu75U8g0XIAMtvtdYyGk1N+Bx01erAZpT8DLYtIXFCyaiN28PVu5T1D0T+TQ7xgIH1qenXZR2DOQdf6kpvKEfm7+7bWhCo0N/KFMpmReubyzHDQcq/1qQasxTL+YALQFOjwKqsOTBXbHwZ103AEAcQX4ftBFEOfVli4/1aKIK4dNSZYB7J9Htq707YnsEqo9RLAMh0aOTTYgTx9AoSUDeqGuh/AGkcB7NcS7EEtI6d5YUGylwZh/gF6hqE0jl8kn2m5jMKXL3CRohZvjifue8x/GIjpu5WRabUuhBEbrfTQQaC7taHnt5rvYCGzKZx09TexUzhuz2CL480DRoxSG+P+lCNm1dIg/EZrnGEzXCSr36PlOqS5t5gm8tPkzCmZf2wU15A3ZIYUPmnYLqsn4WmIV7rKmdqt2ctWELUXow3PPiZXBucP9P3xpsYEfF1SB2SGNc= u0_a139@localhost" 16 15 # Box 17 16 "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKN8/SH55DBiwVoSnTU8k2Pen+wmovL9QaMyehxGEsJJv/8fzwsswGalD4C/4O51LOvdu4UKkZW5hG02uVSK+58p3UV3pOPyoqsu/aDeIsWsqmTeTzUrBIWOlNzcDKnohLz2oGC5YO+wyTJ9Iteq6aGJDjErsW7sG3h5lXCs551EmJNNGhtBQaaoytMNnWqSdlVjDNCijurH7WUpp40U/RjEp532l4rX6eIIj3jBKEFbhZkFSSjqbj4xM4SyFt+Jmigb1RMjsQjmpfY1vDtM84RcYfpTUte/T5w2dkD5H6kccmWnwKSJpm9wXfx4E7lR9APdUGnau2U1+XxiD3ytGl anish@box" 17 + # Nix-on-droid line 18 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOiXBPVvZAp1fY0a0Tupxj0Ml6MoA51lvqt/jAQq249 nix-on-droid@localhost" 19 + # Work 20 + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/vvh0i6+uAN0GWlK6ZfyTlc/AW54xe2CroUDsDSoGnFKeIUiSsWexobODlVakNhqwCKfsvUh6g+RdA8ZVcamATcYqxysP4X5fRksmAzRm5281O7ZBDHMB2BdcfHSTgiz7JvMRIQYWDlU8Ck6IL4wlN0b2GMUj9t/GeG37us8280rxpRNoIY7M27AJEZ7XNQhctBIVujxctVBgIMYmZiTwziU7ywJv4rNT5OAWvjRXSo1rkxdvx3VESv4y/mp8m7dEupZpIjIFsLs52+UG5LtadulUqtTWg05sCw8LEcmRhflgZSAvjw60RrKFCuWxc8+/Pmaw+zExeBMenqi0NzuTc3S3k2wCKVIZDh/0tlXzIwZ6WRqxDevUtEKfvbEFMXd8akhTfYs0dyszcFRevBxOBPbcKku+FK/HkdPLmEANvxYty3cv+Eipkz3c8JPJPvXNTXrjepXMm0LUKodO3c15hGogCOxUO38kykkyYnn+MxxHparoMfEr2+oHNpQoS5wA1G43ppqjVoRDgnhleu6ixwRkLZzphY3cnOd5jL9Ie5xIGbFWH1qSlQRdHBkHjuf85z7+QK8nFYAhmG1K3Vt3GNtF8LN1tYQkfwBJ/vsroMNzGPoq4PjVbqb80Eq+96cP89XKfU2/xw1g+p2lJDm/zC1WCjXVzf8NRwC7gqPavQ== anishlakhwara@anishs-mbp.lan" 18 21 ]; 19 22 }; 20 23 }