From b5587ee60ae0316fdfcf834781a57f1b28ef12e0 Mon Sep 17 00:00:00 2001 From: Chaos Date: Thu, 10 Nov 2022 14:57:07 +0000 Subject: [PATCH] Storage updates, tablet updates, presets & more --- .../normal_drive_data.nix | 1 - {hosts/tablet/hardware => data}/usb_data.nix | 0 ...mk-lappy-ssd.nix => mk-normal-enc-ssd.nix} | 14 +-- .../{mk-lappy-ssd.sh => mk-normal-enc-ssd.sh} | 9 +- home/apps/kitty.nix | 5 +- home/base/zsh.nix | 2 +- home/gui/base/gtk.nix | 4 +- home/gui/environments/gnome/default.nix | 29 ++++- home/home-folders.nix | 16 +++ home/network_manager/nm.nix | 4 - home/programming/editors/vscode.nix | 5 +- home/programming/languages/zig/zig.nix | 6 - home/ssh-usb.nix | 11 ++ hosts/hetzner-vm/hardware.nix | 4 +- .../hetzner-vm/services/mailserver/config.nix | 4 +- .../hetzner-vm/services/mailserver/rspamd.nix | 1 - hosts/nixos-live/nixos-live.nix | 6 +- hosts/nixos.nix | 2 - hosts/storage/hardware.nix | 4 +- hosts/storage/populate-rclone-config.sh | 2 +- hosts/storage/ports.nix | 1 + hosts/storage/rclone_config.template | 10 +- hosts/storage/storage.nix | 25 +++- hosts/tablet/hardware.nix | 57 +-------- hosts/tablet/profiles/macos-vm.nix | 15 --- hosts/tablet/profiles/mpd.nix | 32 ----- hosts/tablet/tablet.nix | 115 ++---------------- hosts/tablet/vm.nix | 11 -- hosts/vault/hardware.nix | 4 +- outputs.nix | 2 +- presets/nixos/desktop.nix | 36 ++++++ presets/nixos/encrypted-usb.nix | 4 + presets/nixos/laptop.nix | 13 ++ presets/nixos/normal-encrypted-drive.nix | 54 ++++++++ profiles/base/nix.nix | 1 + profiles/firewall-allow/aria2c.nix | 22 ++++ profiles/firewall-allow/soulseek.nix | 1 + profiles/laptop/default.nix | 3 +- profiles/mullvad.nix | 1 + profiles/tailscale/tailscale.nix | 5 - .../profiles => profiles}/usb-automount.nix | 2 +- scripts/rebuild.sh | 2 +- treeConfig.nix | 6 +- 43 files changed, 262 insertions(+), 289 deletions(-) rename hosts/tablet/hardware/ssd_data.nix => data/normal_drive_data.nix (99%) rename {hosts/tablet/hardware => data}/usb_data.nix (100%) rename extras/{mk-lappy-ssd.nix => mk-normal-enc-ssd.nix} (65%) rename extras/{mk-lappy-ssd.sh => mk-normal-enc-ssd.sh} (89%) create mode 100644 home/home-folders.nix delete mode 100644 home/network_manager/nm.nix delete mode 100644 home/programming/languages/zig/zig.nix create mode 100644 home/ssh-usb.nix delete mode 100644 hosts/tablet/profiles/macos-vm.nix delete mode 100644 hosts/tablet/profiles/mpd.nix delete mode 100644 hosts/tablet/vm.nix create mode 100644 presets/nixos/desktop.nix create mode 100644 presets/nixos/encrypted-usb.nix create mode 100644 presets/nixos/laptop.nix create mode 100644 presets/nixos/normal-encrypted-drive.nix create mode 100644 profiles/firewall-allow/aria2c.nix create mode 100644 profiles/firewall-allow/soulseek.nix create mode 100644 profiles/mullvad.nix delete mode 100644 profiles/tailscale/tailscale.nix rename {hosts/tablet/profiles => profiles}/usb-automount.nix (96%) diff --git a/hosts/tablet/hardware/ssd_data.nix b/data/normal_drive_data.nix similarity index 99% rename from hosts/tablet/hardware/ssd_data.nix rename to data/normal_drive_data.nix index 6bc8aa2..79a4e48 100644 --- a/hosts/tablet/hardware/ssd_data.nix +++ b/data/normal_drive_data.nix @@ -20,5 +20,4 @@ decrypted_root_path = "/dev/mapper/${root_mapper_name}"; boot_path = "/dev/disk/by-label/${boot_label}"; - } diff --git a/hosts/tablet/hardware/usb_data.nix b/data/usb_data.nix similarity index 100% rename from hosts/tablet/hardware/usb_data.nix rename to data/usb_data.nix diff --git a/extras/mk-lappy-ssd.nix b/extras/mk-normal-enc-ssd.nix similarity index 65% rename from extras/mk-lappy-ssd.nix rename to extras/mk-normal-enc-ssd.nix index 28d5f2a..25b7791 100644 --- a/extras/mk-lappy-ssd.nix +++ b/extras/mk-normal-enc-ssd.nix @@ -1,8 +1,8 @@ { stdenv, bash, parted, cryptsetup, e2fsprogs, dosfstools }: -let ssd_data = import ../hosts/lappy/hardware/ssd_data.nix { }; +let ssd_data = import ../hosts/normal-enc/hardware/ssd_data.nix { }; in stdenv.mkDerivation { - name = "mk-lappy-ssd"; - src = ./mk-lappy-ssd.sh; + name = "mk-normal-enc-ssd"; + src = ./mk-normal-enc-ssd.sh; unpackPhase = '' for srcFile in $src; do cp $srcFile $(stripHash $srcFile) @@ -16,8 +16,8 @@ in stdenv.mkDerivation { inherit dosfstools; patchPhase = '' - substituteAllInPlace mk-lappy-ssd.sh - substituteInPlace mk-lappy-ssd.sh \ + substituteAllInPlace mk-normal-enc-ssd.sh + substituteInPlace mk-normal-enc-ssd.sh \ --replace "@SSD_ENCRYPTED_PARTLABEL@" "${ssd_data.encrypted_root_partlabel}" \ --replace "@SSD_UNENCRYPTED_LABEL@" "${ssd_data.unencrypted_root_label}" \ --replace "@SSD_BOOT_LABEL@" "${ssd_data.boot_label}" @@ -25,7 +25,7 @@ in stdenv.mkDerivation { installPhase = '' mkdir -p $out/bin - cp mk-lappy-ssd.sh $out/bin/mk-lappy-ssd - chmod +x $out/bin/mk-lappy-ssd + cp mk-normal-enc-ssd.sh $out/bin/mk-normal-enc-ssd + chmod +x $out/bin/mk-normal-enc-ssd ''; } diff --git a/extras/mk-lappy-ssd.sh b/extras/mk-normal-enc-ssd.sh similarity index 89% rename from extras/mk-lappy-ssd.sh rename to extras/mk-normal-enc-ssd.sh index aee457d..0960f78 100644 --- a/extras/mk-lappy-ssd.sh +++ b/extras/mk-normal-enc-ssd.sh @@ -34,8 +34,6 @@ SSD_UNENCRYPTED_LABEL=@SSD_UNENCRYPTED_LABEL@ # ssd boot label SSD_BOOT_LABEL=@SSD_BOOT_LABEL@ -echo "Creating Lappy's SSD." - echo "Creating Partitions..." @parted@/bin/parted ${SSD_PATH} -- mklabel gpt @parted@/bin/parted ${SSD_PATH} -- mkpart ESP fat32 1MiB 512MiB @@ -51,10 +49,9 @@ echo "Creating Encrypted Partition" @cryptsetup@/bin/cryptsetup luksFormat "${SSD_PATH}${PARTITION_SEPARATOR}2" --key-file "${KEY_FILE}" echo "Opening Encrypted Partition" -@cryptsetup@/bin/cryptsetup open "${SSD_PATH}${PARTITION_SEPARATOR}2" "mk_enc_ssd" --key-file "${KEY_FILE}" +@cryptsetup@/bin/cryptsetup open "${SSD_PATH}${PARTITION_SEPARATOR}2" "mk_normal_enc_ssd" --key-file "${KEY_FILE}" echo "Formatting Encrypted Root Filesystem" -@e2fsprogs@/bin/mkfs.ext4 -L "${SSD_UNENCRYPTED_LABEL}" /dev/mapper/mk_enc_ssd +@e2fsprogs@/bin/mkfs.ext4 -L "${SSD_UNENCRYPTED_LABEL}" /dev/mapper/mk_normal_enc_ssd -echo "Closing Encrypted Partition" -@cryptsetup@/bin/cryptsetup close "mk_enc_ssd" \ No newline at end of file +echo "mount /dev/mapper/mk_normal_enc_ssd to install" \ No newline at end of file diff --git a/home/apps/kitty.nix b/home/apps/kitty.nix index 6438aa9..bf4a015 100644 --- a/home/apps/kitty.nix +++ b/home/apps/kitty.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, nixosConfig, ... }: { wayland.windowManager.sway.extraSessionCommands = '' @@ -8,7 +8,7 @@ enable = true; font.name = "Comic Code"; settings = { - font_size = 20; + font_size = if nixosConfig.networking.hostName == "tablet" then 12 else 20; bold_font = "auto"; italic_font = "auto"; bold_italic_font = "auto"; @@ -17,6 +17,7 @@ enable_audio_bell = false; tab_bar_style = "separator"; tab_separator = " | "; + confirm_os_window_close = 0; }; }; } diff --git a/home/base/zsh.nix b/home/base/zsh.nix index a6d3ed4..40f3f84 100644 --- a/home/base/zsh.nix +++ b/home/base/zsh.nix @@ -1,5 +1,5 @@ { config, pkgs, ... }: -let usb_data = import ../../hosts/lappy/hardware/usb_data.nix { }; +let usb_data = import ../../data/usb_data.nix { }; in { home.packages = with pkgs; [ exa bat ripgrep vault age ]; programs.zsh = { diff --git a/home/gui/base/gtk.nix b/home/gui/base/gtk.nix index 2b7f899..b1a064a 100644 --- a/home/gui/base/gtk.nix +++ b/home/gui/base/gtk.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: { +{ nixosConfig, pkgs, ... }: { gtk = { enable = true; iconTheme = { @@ -11,7 +11,7 @@ }; font = { name = "Comic Code"; - size = 16; + size = if nixosConfig.networking.hostName == "tablet" then 10 else 16; package = pkgs.comic-code; }; }; diff --git a/home/gui/environments/gnome/default.nix b/home/gui/environments/gnome/default.nix index 53ac3e0..212ebcd 100644 --- a/home/gui/environments/gnome/default.nix +++ b/home/gui/environments/gnome/default.nix @@ -1,5 +1,23 @@ -{ tree, pkgs, lib, inputs, ... }: -let hm = inputs.home-manager.lib.hm; +{ tree, nixosConfig, pkgs, lib, inputs, ... }: +let + hm = inputs.home-manager.lib.hm; + + font-sizes-all = { + default = { + small = "14"; + medium = "16"; + }; + tablet = { + small = "8"; + medium = "10"; + }; + }; + + font-sizes = if nixosConfig.networking.hostName == "tablet" then + font-sizes-all.tablet + else + font-sizes-all.default; + in { imports = with tree; [ home.apps.kitty home.apps.rofi ]; @@ -27,8 +45,8 @@ in { # TODO: Maybe do this with fontconfig too? font-antialiasing = "rgba"; font-hinting = "full"; - font-name = "Comic Code 16"; - monospace-font-name = "Comic Code 14"; + font-name = "Comic Code ${font-sizes.medium}"; + monospace-font-name = "Comic Code ${font-sizes.small}"; }; "org/gnome/desktop/input-sources" = { # TODO: see if this changes when using gnome wayland? @@ -49,6 +67,7 @@ in { natural-scroll = false; # YES! two-finger-scrolling-enabled = true; + tap-to-click = nixosConfig.networking.hostName == "tablet"; }; "org/gnome/desktop/privacy" = { hide-identity = true; @@ -90,7 +109,7 @@ in { }; "org/gnome/desktop/wm/preferences" = { num-workspaces = 9; - titlebar-font = "Comic Code Medium 14"; + titlebar-font = "Comic Code Medium ${font-sizes.small}"; titlebar-uses-system-font = true; }; "org/gnome/settings-daemon/plugins/media-keys" = { diff --git a/home/home-folders.nix b/home/home-folders.nix new file mode 100644 index 0000000..32db00b --- /dev/null +++ b/home/home-folders.nix @@ -0,0 +1,16 @@ +{ config, lib, ... }: { + systemd.user.tmpfiles.rules = (map (dir: + "d ${config.home.homeDirectory}/${dir} - ${config.home.username} users") [ + "Projects" + "Temp" + "Music" + "Mounts" + "Mounts/Storage" + "Mounts/Storage-Public" + "Mounts/Backups" + "Mounts/Backups-Crypt" + "Mounts/Photos-Crypt" + "Mounts/Temp1" + "Mounts/Temp2" + ]); +} diff --git a/home/network_manager/nm.nix b/home/network_manager/nm.nix deleted file mode 100644 index 48be58d..0000000 --- a/home/network_manager/nm.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ config, ... }: { - xsession.preferStatusNotifierItems = true; - services.network-manager-applet.enable = true; -} diff --git a/home/programming/editors/vscode.nix b/home/programming/editors/vscode.nix index 82600d6..46cecd3 100644 --- a/home/programming/editors/vscode.nix +++ b/home/programming/editors/vscode.nix @@ -1,10 +1,13 @@ -{ config, pkgs, ... }: +{ config, nixosConfig, pkgs, ... }: let configDir = "Code"; userDir = if pkgs.stdenv.hostPlatform.isDarwin then "$HOME/Library/Application Support/${configDir}/User" else "${config.xdg.configHome}/${configDir}/User"; + + font-size = if nixosConfig.networking.hostName == "tablet" then 16 else 24; + in { programs.vscode = { enable = true; diff --git a/home/programming/languages/zig/zig.nix b/home/programming/languages/zig/zig.nix deleted file mode 100644 index 04f1891..0000000 --- a/home/programming/languages/zig/zig.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ config, pkgs, ... }: - -{ - home.packages = with pkgs; [ zig zls ]; - programs.vscode.extensions = with pkgs; [ vscode-extensions.tiehuis.zig ]; -} diff --git a/home/ssh-usb.nix b/home/ssh-usb.nix new file mode 100644 index 0000000..f22a39d --- /dev/null +++ b/home/ssh-usb.nix @@ -0,0 +1,11 @@ +{ ... }: +let usb_data = (import ../data/usb_data.nix { }); +in { + programs.ssh.matchBlocks."*".identityFile = "${usb_data.ssh_priv_path}"; + programs.git.extraConfig = { + gpg.format = "ssh"; + commit.gpgsign = "true"; + tag.gpgsign = "true"; + user = { signingKey = "${usb_data.ssh_priv_path}"; }; + }; +} diff --git a/hosts/hetzner-vm/hardware.nix b/hosts/hetzner-vm/hardware.nix index 9df81e2..c6d7432 100644 --- a/hosts/hetzner-vm/hardware.nix +++ b/hosts/hetzner-vm/hardware.nix @@ -1,7 +1,5 @@ { modulesPath, ... }: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; diff --git a/hosts/hetzner-vm/services/mailserver/config.nix b/hosts/hetzner-vm/services/mailserver/config.nix index 5ffcfe9..2aa670a 100644 --- a/hosts/hetzner-vm/services/mailserver/config.nix +++ b/hosts/hetzner-vm/services/mailserver/config.nix @@ -1,5 +1,5 @@ -{ }: let - secrets-db = (import ../../secrets-db.nix { }); +{ }: +let secrets-db = (import ../../secrets-db.nix { }); in rec { fqdn = "mail.owo.monster"; domains = [ diff --git a/hosts/hetzner-vm/services/mailserver/rspamd.nix b/hosts/hetzner-vm/services/mailserver/rspamd.nix index 1505e17..4702f7d 100644 --- a/hosts/hetzner-vm/services/mailserver/rspamd.nix +++ b/hosts/hetzner-vm/services/mailserver/rspamd.nix @@ -5,7 +5,6 @@ let ports = (import ../../ports.nix { }); - postfixCfg = config.services.postfix; rspamdCfg = config.services.rspamd; rspamdSocket = "rspamd.service"; diff --git a/hosts/nixos-live/nixos-live.nix b/hosts/nixos-live/nixos-live.nix index 4056c4a..3f8cd1e 100644 --- a/hosts/nixos-live/nixos-live.nix +++ b/hosts/nixos-live/nixos-live.nix @@ -10,6 +10,10 @@ tree.profiles.base tree.profiles.sshd ]; - config.isoImage = { isoBaseName = "nixos-chaos"; compressImage = false; squashfsCompression = "zstd -Xcompression-level 1"; }; + config.isoImage = { + isoBaseName = "nixos-chaos"; + compressImage = false; + squashfsCompression = "zstd -Xcompression-level 1"; + }; config.services.openssh.permitRootLogin = lib.mkForce "yes"; } diff --git a/hosts/nixos.nix b/hosts/nixos.nix index 2fa089b..4dc11f0 100644 --- a/hosts/nixos.nix +++ b/hosts/nixos.nix @@ -37,8 +37,6 @@ in { system = "x86_64-linux"; modules = defaultModules ++ [ ./tablet/tablet.nix ./tablet/hardware.nix ]; }; - - rescue-x86_64 = nixosUnstableSystem { specialArgs = defaultSpecialArgs; diff --git a/hosts/storage/hardware.nix b/hosts/storage/hardware.nix index 9df81e2..c6d7432 100644 --- a/hosts/storage/hardware.nix +++ b/hosts/storage/hardware.nix @@ -1,7 +1,5 @@ { modulesPath, ... }: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; diff --git a/hosts/storage/populate-rclone-config.sh b/hosts/storage/populate-rclone-config.sh index 9b8f81a..14740f2 100755 --- a/hosts/storage/populate-rclone-config.sh +++ b/hosts/storage/populate-rclone-config.sh @@ -42,7 +42,7 @@ simple_get_replace_b2 "/api-keys/backblaze/Chaos-Photos" "B2_CHAOS_PHOTOS" ./tem simple_get_replace_b2 "/api-keys/backblaze/Chaos-Music" "B2_CHAOS_MUSIC" ./template -simple_get_replace_b2 "/api-keys/backblaze/Cryptidz-Backup" "B2_CASSIE_CRYPTIDZ_BACKUP" ./template +simple_get_replace_b2 "/api-keys/backblaze/Phoenix-Cryptidz-Storage" "B2_PHOENIX_CRYPTIDZ_STORAGE" ./template popd cat "${TMP_DIR}/template" > "${OUTPUT_FILE}" diff --git a/hosts/storage/ports.nix b/hosts/storage/ports.nix index 0ff4a4d..6708627 100644 --- a/hosts/storage/ports.nix +++ b/hosts/storage/ports.nix @@ -7,5 +7,6 @@ rclone_serve_restic_vault = 4246; rclone_serve_http_music = 4247; + rclone_serve_http_public = 4248; } diff --git a/hosts/storage/rclone_config.template b/hosts/storage/rclone_config.template index bd5c83d..c434ab0 100644 --- a/hosts/storage/rclone_config.template +++ b/hosts/storage/rclone_config.template @@ -51,12 +51,12 @@ hard_delete = true type = alias remote = B2-Chaos-Music-Source:Chaos-Music -[B2-Cassie-Cryptidz-Backup-Source] +[B2-Phoenix-Cryptidz-Storage-Source] type = b2 -account = B2_CASSIE_CRYPTIDZ_BACKUP_ACCOUNT -key = B2_CASSIE_CRYPTIDZ_BACKUP_KEY +account = B2_PHOENIX_CRYPTIDZ_STORAGE_ACCOUNT +key = B2_PHOENIX_CRYPTIDZ_STORAGE_KEY hard_delete = true -[B2-Cassie-Cryptidz-Backup] +[B2-Phoenix-Cryptidz-Storage] type = alias -remote = B2-Cassie-Cryptidz-Backup-Source:Cryptidz-Backup \ No newline at end of file +remote = B2-Phoenix-Cryptidz-Storage-Source: \ No newline at end of file diff --git a/hosts/storage/storage.nix b/hosts/storage/storage.nix index 33f6715..1e10468 100644 --- a/hosts/storage/storage.nix +++ b/hosts/storage/storage.nix @@ -104,7 +104,18 @@ in { type = "http"; extraArgs = [ "--addr=:${toString ports.rclone_serve_http_music}" - "--baseurl=/music/" + "--baseurl=/Music/" + "--read-only" + ]; + inherit serviceConfig; + } + { + user = "storage"; + remote = "StorageBox:Public"; + type = "http"; + extraArgs = [ + "--addr=:${toString ports.rclone_serve_http_public}" + "--baseurl=/Public/" "--read-only" ]; inherit serviceConfig; @@ -162,8 +173,10 @@ in { forceSSL = true; enableACME = true; locations = { - "/music/".proxyPass = + "/Music/".proxyPass = "http://localhost:${toString ports.rclone_serve_http_music}"; + "/Public/".proxyPass = + "http://localhost:${toString ports.rclone_serve_http_public}"; }; }; @@ -205,18 +218,18 @@ in { source = "StorageBox:Music"; dest = "B2-Chaos-Music:"; } - # Cassie's B2 + # Pheonix System's B2 { source = "StorageBox:Backups"; - dest = "B2-Cassie-Cryptidz-Backup:Backups"; + dest = "B2-Phoenix-Cryptidz-Storage:Backups"; } { source = "StorageBox:Photos"; - dest = "B2-Cassie-Cryptidz-Backup:Photos"; + dest = "B2-Phoenix-Cryptidz-Storage:Photos"; } { source = "StorageBox:Music"; - dest = "B2-Cassie-Cryptidz-Backup:Music"; + dest = "B2-Phoenix-Cryptidz-Storage:Music"; } ]; }; diff --git a/hosts/tablet/hardware.nix b/hosts/tablet/hardware.nix index c606835..94f15c1 100644 --- a/hosts/tablet/hardware.nix +++ b/hosts/tablet/hardware.nix @@ -1,67 +1,22 @@ -{ pkgs, ... }: +{ tree, ... }: let - usb_data = import ./hardware/usb_data.nix { }; - ssd_data = import ./hardware/ssd_data.nix { }; + usb_data = import ../../data/usb_data.nix { }; + drive_data = import ../../data/normal_drive_data.nix { }; in { boot = { loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; - initrd.availableKernelModules = [ + initrd.availableKernelModules = [ # defaults from nixos-generate-config "xhci_pci" - "ahci" "nvme" + "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" - "xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" "rtsx_pci_sdmmc" - "uas" - "usbcore" - "usb_storage" - "vfat" - "nls_cp437" - "nls_iso8859_1" - "aesni_intel" - "cryptd" ]; kernelModules = [ "kvm-intel" ]; - - initrd.postDeviceCommands = pkgs.lib.mkBefore '' - mkdir -m 0755 -p ${usb_data.mountpoint} - - while !(test -b ${usb_data.encrypted_path}) - do - echo "Please Plug In USB" - sleep 1 - done - - echo "Please Decrypt USB" - - cryptsetup luksOpen ${usb_data.encrypted_path} ${usb_data.mapper_name} - - mount -n -t ${usb_data.unencrypted_fs_type} -o ro ${usb_data.mapper_path} ${usb_data.mountpoint} - ''; - - initrd.luks.devices = { - "${ssd_data.root_mapper_name}" = { - device = "${ssd_data.encrypted_root_path}"; - keyFile = "${usb_data.lappy_encryption_key_path}"; - preLVM = false; - allowDiscards = true; - }; - }; }; - - fileSystems = { - "/" = { - device = "${ssd_data.decrypted_root_path}"; - fsType = "${ssd_data.unencrypted_root_fs_type}"; - }; - "/boot" = { - device = "${ssd_data.boot_path}"; - fsType = "${ssd_data.boot_fs_type}"; - }; - }; - + imports = with tree; [ presets.nixos.normal-encrypted-drive ]; } diff --git a/hosts/tablet/profiles/macos-vm.nix b/hosts/tablet/profiles/macos-vm.nix deleted file mode 100644 index 8ce179a..0000000 --- a/hosts/tablet/profiles/macos-vm.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ pkgs, ... }: { - virtualisation.libvirtd.enable = true; - programs.dconf.enable = true; - environment.systemPackages = with pkgs; [ - virt-manager - p7zip - #umlutilities - qemu - gnumake - libguestfs - python3 - ]; - users.users.chaos.extraGroups = [ "libvirtd" "kvm" ]; - -} diff --git a/hosts/tablet/profiles/mpd.nix b/hosts/tablet/profiles/mpd.nix deleted file mode 100644 index da7fba7..0000000 --- a/hosts/tablet/profiles/mpd.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ pkgs, tree, ... }: { - imports = with tree; [ - ./mpd-music-sync.nix - profiles.sound.pulseaudio.pulse-recv-native-localhost - ]; - - environment.systemPackages = with pkgs; [ mpc_cli ]; - - systemd.tmpfiles.rules = [ - "d /var/lib/mpd 0755 mpd mpd -" - "d /var/lib/mpd/data 0755 mpd mpd -" - "d /var/lib/mpd/playlists 0755 mpd mpd -" - ]; - - services.mpd = { - enable = true; - dataDir = "/var/lib/mpd/data"; - playlistDirectory = "/var/lib/mpd/playlists"; - musicDirectory = "/music"; - extraConfig = '' - host_permissions "127.0.0.1 read,add,control,admin" - audio_output { - type "pulse" - name "Pulseaudio" - server "127.0.0.1" - } - ''; - }; - - systemd.services.mpd.serviceConfig.StateDirectory = - [ "/music" "/var/lib/mpd" ]; -} diff --git a/hosts/tablet/tablet.nix b/hosts/tablet/tablet.nix index bff89da..2e98dff 100644 --- a/hosts/tablet/tablet.nix +++ b/hosts/tablet/tablet.nix @@ -1,89 +1,26 @@ -{ tree, config, pkgs, lib, ... }: -let usb_data = import ./hardware/usb_data.nix { }; -in { +{ tree, config, pkgs, lib, ... }: { imports = with tree; [ users.root users.chaos - profiles.tailscale - #profiles.dnscrypt - #profiles.printing profiles.sshd - - hosts.lappy.profiles.usb-automount - hosts.lappy.profiles.harry-vpn - - # required for dualsense controller profiles.kernels.latest - profiles.laptop + presets.nixos.desktop + presets.nixos.laptop + presets.nixos.encrypted-usb - # Bluetooth - #profiles.connectivity.bluetooth - - profiles.connectivity.network_manager - profiles.connectivity.ios - - profiles.sound.pipewire - - profiles.gui.base - profiles.gui.environments.gnome - - profiles.gaming.steam - - # for sci-hub and whenever websites break - profiles.tor - - # For cross compiling and deploying to raspberry - profiles.cross.arm64 - - profiles.force_dns - #extras.shenanigans-hotspot + ./profiles/harry-vpn.nix ]; - services.mullvad-vpn.enable = true; - home-manager.users.root = { imports = with tree; [ home.base ]; home.stateVersion = "22.05"; }; home-manager.users.chaos = { - programs.ssh.matchBlocks."*".identityFile = "${usb_data.ssh_priv_path}"; - programs.git.extraConfig = { - gpg.format = "ssh"; - commit.gpgsign = "true"; - tag.gpgsign = "true"; - user = { signingKey = "${usb_data.ssh_priv_path}"; }; - }; imports = with tree; [ home.base home.dev.all - #home.reversing - - home.gui.base - home.gui.environments.gnome - - #home.gaming.emulators.ds - #home.gaming.games.minecraft - #home.gaming.games.osu - #home.gaming.platforms.steam - - #home.bluetooth - #home.network_manager - - home.apps.vivaldi - home.apps.telegram - home.apps.quassel - home.apps.mpv - home.apps.strawberry - home.apps.file-roller - home.apps.nautilus - home.apps.nicotine-plus - home.apps.musicutil - home.apps.pavucontrol - home.apps.mullvad - home.apps.aria2 - home.apps.rclone - home.apps.restic + home.home-folders home.programming.editors.vscode home.programming.languages.go @@ -92,45 +29,10 @@ in { home.stateVersion = "22.05"; }; - hardware.opengl.extraPackages = with pkgs; [ - vaapiIntel - vaapiVdpau - libvdpau-va-gl - intel-media-driver - ]; - - #services.getty.extraArgs = [ "--skip-login" "--login-options" "chaos" ]; - networking.firewall.enable = true; networking.firewall.allowPing = true; - # Allow Soulseek - networking.firewall.allowedTCPPorts = [ 8080 2235 ]; - networking.firewall.allowedTCPPortRanges = [ - # Allow aria2 to work - { - from = 6881; - to = 6999; - } - { - from = 50101; - to = 50109; - } - ]; - networking.firewall.allowedUDPPortRanges = [ - # Allow aria2 to work - { - from = 6881; - to = 6999; - } - { - from = 50101; - to = 50109; - } - ]; - - networking.enableIPv6 = true; - systemd.services.NetworkManager-wait-online.enable = false; + networking.enableIPv6 = false; # let vscode, vivaldi, etc work. security.unprivilegedUsernsClone = true; @@ -145,14 +47,11 @@ in { nix.extraOptions = '' keep-outputs = true keep-derivations = true - builders-use-substitutes = true ''; networking.hostName = "tablet"; time.timeZone = "Europe/London"; - services.fstrim.enable = true; - system.stateVersion = "21.11"; } diff --git a/hosts/tablet/vm.nix b/hosts/tablet/vm.nix deleted file mode 100644 index 735e1d6..0000000 --- a/hosts/tablet/vm.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ lib, inputs, ... }: { - imports = [ "${inputs.nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix" ]; - users.users.root.password = "owo"; - users.users.chaos.password = "owo"; - home-manager.users.chaos.home.sessionVariables = { - WLR_RENDERER_ALLOW_SOFTWARE = "1"; - }; - services.getty.extraArgs = lib.mkForce [ ]; - virtualisation.cores = 4; - virtualisation.qemu.options = [ "-vga" "qxl" ]; -} diff --git a/hosts/vault/hardware.nix b/hosts/vault/hardware.nix index 9df81e2..c6d7432 100644 --- a/hosts/vault/hardware.nix +++ b/hosts/vault/hardware.nix @@ -1,7 +1,5 @@ { modulesPath, ... }: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; diff --git a/outputs.nix b/outputs.nix index 11a206f..d075422 100644 --- a/outputs.nix +++ b/outputs.nix @@ -22,7 +22,7 @@ in { exa #inputs.deploy-rs.packages."x86_64-linux".deploy-rs (pkgs-x86_64-linux.callPackage ./extras/mk-enc-usb.nix { }) - (pkgs-x86_64-linux.callPackage ./extras/mk-lappy-ssd.nix { }) + (pkgs-x86_64-linux.callPackage ./extras/mk-normal-enc-ssd.nix { }) ]; }; } diff --git a/presets/nixos/desktop.nix b/presets/nixos/desktop.nix new file mode 100644 index 0000000..a258bc0 --- /dev/null +++ b/presets/nixos/desktop.nix @@ -0,0 +1,36 @@ +{ tree, ... }: { + imports = with tree; [ + profiles.sound.pipewire + profiles.gui.base + profiles.gui.environments.gnome + + profiles.firewall-allow.aria2c + profiles.firewall-allow.soulseek + profiles.mullvad + ]; + + home-manager.users.chaos = { + imports = with tree; [ + home.gui.base + home.gui.environments.gnome + + home.apps.file-roller + home.apps.nautilus + home.apps.pavucontrol + home.apps.mpv + + home.apps.vivaldi + home.apps.telegram + home.apps.quassel + + home.apps.strawberry + home.apps.nicotine-plus + home.apps.musicutil + + home.apps.mullvad + home.apps.aria2 + home.apps.rclone + home.apps.restic + ]; + }; +} diff --git a/presets/nixos/encrypted-usb.nix b/presets/nixos/encrypted-usb.nix new file mode 100644 index 0000000..0747690 --- /dev/null +++ b/presets/nixos/encrypted-usb.nix @@ -0,0 +1,4 @@ +{ tree, ... }: { + imports = with tree; [ profiles.usb-automount ]; + home-manager.users.chaos = { imports = with tree; [ home.ssh-usb ]; }; +} diff --git a/presets/nixos/laptop.nix b/presets/nixos/laptop.nix new file mode 100644 index 0000000..9ebbedb --- /dev/null +++ b/presets/nixos/laptop.nix @@ -0,0 +1,13 @@ +{ tree, ... }: { + imports = with tree; [ + profiles.laptop + + profiles.connectivity.network_manager + profiles.connectivity.ios + + profiles.force_dns + profiles.tor + ]; + services.fstrim.enable = true; + systemd.services.NetworkManager-wait-online.enable = false; +} diff --git a/presets/nixos/normal-encrypted-drive.nix b/presets/nixos/normal-encrypted-drive.nix new file mode 100644 index 0000000..242adee --- /dev/null +++ b/presets/nixos/normal-encrypted-drive.nix @@ -0,0 +1,54 @@ +{ pkgs, ... }: +let + usb_data = import ../../data/usb_data.nix { }; + drive_data = import ../../data/normal_drive_data.nix { }; +in { + config.boot = { + initrd.availableKernelModules = [ + # For USB w/ Encryption Key + "usb_storage" + "usbcore" + "uas" + "sd_mod" + # For USB Keyboards + "usbhid" + # For Cryptography + "aesni_intel" + "cryptd" + ]; + initrd.postDeviceCommands = pkgs.lib.mkBefore '' + mkdir -m 0755 -p ${usb_data.mountpoint} + + while !(test -b ${usb_data.encrypted_path}) + do + echo "Please Plug In USB" + sleep 1 + done + + echo "Please Decrypt USB" + + cryptsetup luksOpen ${usb_data.encrypted_path} ${usb_data.mapper_name} + + mount -n -t ${usb_data.unencrypted_fs_type} -o ro ${usb_data.mapper_path} ${usb_data.mountpoint} + ''; + + initrd.luks.devices = { + "${drive_data.root_mapper_name}" = { + device = "${drive_data.encrypted_root_path}"; + keyFile = "${usb_data.lappy_encryption_key_path}"; + preLVM = false; + allowDiscards = true; + }; + }; + }; + config.fileSystems = { + "/" = { + device = "${drive_data.decrypted_root_path}"; + fsType = "${drive_data.unencrypted_root_fs_type}"; + }; + "/boot" = { + device = "${drive_data.boot_path}"; + fsType = "${drive_data.boot_fs_type}"; + }; + }; +} diff --git a/profiles/base/nix.nix b/profiles/base/nix.nix index 1b81a3f..3f5425e 100644 --- a/profiles/base/nix.nix +++ b/profiles/base/nix.nix @@ -16,4 +16,5 @@ inputs.deploy-rs.overlay ]; }; + environment.etc."nixpkgs-commit".text = inputs.nixpkgs-unstable.rev; } diff --git a/profiles/firewall-allow/aria2c.nix b/profiles/firewall-allow/aria2c.nix new file mode 100644 index 0000000..2f2786e --- /dev/null +++ b/profiles/firewall-allow/aria2c.nix @@ -0,0 +1,22 @@ +{ ... }: { + networking.firewall.allowedTCPPortRanges = [ + { + from = 6881; + to = 6999; + } + { + from = 50101; + to = 50109; + } + ]; + networking.firewall.allowedUDPPortRanges = [ + { + from = 6881; + to = 6999; + } + { + from = 50101; + to = 50109; + } + ]; +} diff --git a/profiles/firewall-allow/soulseek.nix b/profiles/firewall-allow/soulseek.nix new file mode 100644 index 0000000..120b3c4 --- /dev/null +++ b/profiles/firewall-allow/soulseek.nix @@ -0,0 +1 @@ +{ ... }: { networking.firewall.allowedTCPPorts = [ 2235 ]; } diff --git a/profiles/laptop/default.nix b/profiles/laptop/default.nix index 2e3d4a4..d61e220 100644 --- a/profiles/laptop/default.nix +++ b/profiles/laptop/default.nix @@ -1,7 +1,8 @@ -{ config, ... }: { +{ config, pkgs, ... }: { services.xserver.libinput.enable = true; services.tlp.enable = true; powerManagement.enable = true; powerManagement.powertop.enable = true; hardware.acpilight.enable = true; + environment.systemPackages = [ config.boot.kernelPackages.cpupower ]; } diff --git a/profiles/mullvad.nix b/profiles/mullvad.nix new file mode 100644 index 0000000..f380774 --- /dev/null +++ b/profiles/mullvad.nix @@ -0,0 +1 @@ +{ ... }: { services.mullvad-vpn.enable = true; } diff --git a/profiles/tailscale/tailscale.nix b/profiles/tailscale/tailscale.nix deleted file mode 100644 index 59f6902..0000000 --- a/profiles/tailscale/tailscale.nix +++ /dev/null @@ -1,5 +0,0 @@ -_: { - services.tailscale.enable = true; - networking.firewall.trustedInterfaces = [ "tailscale0" ]; - networking.firewall.checkReversePath = "loose"; -} diff --git a/hosts/tablet/profiles/usb-automount.nix b/profiles/usb-automount.nix similarity index 96% rename from hosts/tablet/profiles/usb-automount.nix rename to profiles/usb-automount.nix index d0d3773..4724125 100644 --- a/hosts/tablet/profiles/usb-automount.nix +++ b/profiles/usb-automount.nix @@ -1,6 +1,6 @@ { lib, pkgs, ... }: let - usb_data = import ../hardware/usb_data.nix { }; + usb_data = import ../data/usb_data.nix { }; mapper_name = "usb_unencrypted_afterboot"; mapper_path = "/dev/mapper/${mapper_name}"; mount_usb = pkgs.writeShellScriptBin "mount_usb" '' diff --git a/scripts/rebuild.sh b/scripts/rebuild.sh index 06763d0..5e5906f 100755 --- a/scripts/rebuild.sh +++ b/scripts/rebuild.sh @@ -15,4 +15,4 @@ FIRST_ARG="${1:-switch}" shift sudo cpupower frequency-set -g performance -nixos-rebuild --flake "path:${REPO_ROOT}#$(hostname)" ${FIRST_ARG} $@ +nixos-rebuild --flake "${REPO_ROOT}#$(hostname)" ${FIRST_ARG} $@ diff --git a/treeConfig.nix b/treeConfig.nix index be51e6f..c79d86a 100644 --- a/treeConfig.nix +++ b/treeConfig.nix @@ -14,6 +14,8 @@ "profiles/connectivity/*".functor.enable = true; "profiles/gaming/*".functor.enable = true; "profiles/gui/environments/*".functor.enable = true; + "profiles/firewall-allow/*".functor.enable = true; + "users/*".functor.enable = true; "home/*".functor.enable = true; "home/gui/environments/*".functor.enable = true; @@ -21,8 +23,10 @@ "home/gaming/emulators/*".functor.enable = true; "home/gaming/games/*".functor.enable = true; "home/gaming/platforms/*".functor.enable = true; - "home/programming/languages/*".functor.enable = true; + + "presets/nixos/*".functor.enable = true; + "modules/nixos" = { functor = { enable = true;