Graduate eirene
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
		| @@ -40,8 +40,7 @@ Below is a table of all hosts, with links to their respective README files, whic | |||||||
| | Host          | README                                                       | | | Host          | README                                                       | | ||||||
| | ------------- | ------------------------------------------------------------ | | | ------------- | ------------------------------------------------------------ | | ||||||
| | `installer`   | [hosts/installer/README.md](./hosts/installer/README.md)     | | | `installer`   | [hosts/installer/README.md](./hosts/installer/README.md)     | | ||||||
| | `eirene`      | [hosts/eirene/README.md](./hosts/eirene/README.md)           | |  | ||||||
| | `elara`       | [hosts/elara/README.md](./hosts/elara/README.md)             | |  | ||||||
| | `himalia`     | [hosts/himalia/README.md](./hosts/himalia/README.md)         | | | `himalia`     | [hosts/himalia/README.md](./hosts/himalia/README.md)         | | ||||||
|  | | `elara`       | [hosts/elara/README.md](./hosts/elara/README.md)             | | ||||||
| | `jupiter`     | [hosts/jupiter/README.md](./hosts/jupiter/README.md)         | | | `jupiter`     | [hosts/jupiter/README.md](./hosts/jupiter/README.md)         | | ||||||
| | `jupiter-vps` | [hosts/jupiter-vps/README.md](./hosts/jupiter-vps/README.md) | | | `jupiter-vps` | [hosts/jupiter-vps/README.md](./hosts/jupiter-vps/README.md) | | ||||||
|   | |||||||
							
								
								
									
										10
									
								
								flake.nix
									
									
									
									
									
								
							
							
						
						
									
										10
									
								
								flake.nix
									
									
									
									
									
								
							| @@ -137,9 +137,9 @@ | |||||||
|           specialArgs = { inherit inputs system; }; |           specialArgs = { inherit inputs system; }; | ||||||
|         }; |         }; | ||||||
|  |  | ||||||
|         eirene = nixpkgs.lib.nixosSystem rec { |         himalia = nixpkgs.lib.nixosSystem rec { | ||||||
|           system = "x86_64-linux"; |           system = "x86_64-linux"; | ||||||
|           modules = [ ./hosts/eirene ]; |           modules = [ ./hosts/himalia ]; | ||||||
|           specialArgs = { inherit inputs system; }; |           specialArgs = { inherit inputs system; }; | ||||||
|         }; |         }; | ||||||
|  |  | ||||||
| @@ -149,12 +149,6 @@ | |||||||
|           specialArgs = { inherit inputs system; }; |           specialArgs = { inherit inputs system; }; | ||||||
|         }; |         }; | ||||||
|  |  | ||||||
|         himalia = nixpkgs.lib.nixosSystem rec { |  | ||||||
|           system = "x86_64-linux"; |  | ||||||
|           modules = [ ./hosts/himalia ]; |  | ||||||
|           specialArgs = { inherit inputs system; }; |  | ||||||
|         }; |  | ||||||
|  |  | ||||||
|         jupiter = nixpkgs.lib.nixosSystem rec { |         jupiter = nixpkgs.lib.nixosSystem rec { | ||||||
|           system = "x86_64-linux"; |           system = "x86_64-linux"; | ||||||
|           modules = [ ./hosts/jupiter ]; |           modules = [ ./hosts/jupiter ]; | ||||||
|   | |||||||
| @@ -1,4 +1,9 @@ | |||||||
| { config, pkgs, ... }: | { | ||||||
|  |   config, | ||||||
|  |   lib, | ||||||
|  |   pkgs, | ||||||
|  |   ... | ||||||
|  | }: | ||||||
| { | { | ||||||
|   imports = [ ./options.nix ]; |   imports = [ ./options.nix ]; | ||||||
|  |  | ||||||
| @@ -8,22 +13,11 @@ | |||||||
|   # https://git.eisfunke.com/config/nixos/-/blob/e65e1dc21d06d07b454005762b177ef151f8bfb6/nixos/machine-id.nix |   # https://git.eisfunke.com/config/nixos/-/blob/e65e1dc21d06d07b454005762b177ef151f8bfb6/nixos/machine-id.nix | ||||||
|   sops.secrets.machineId.mode = "0444"; |   sops.secrets.machineId.mode = "0444"; | ||||||
|  |  | ||||||
|   fileSystems."/persist".neededForBoot = true; |  | ||||||
|  |  | ||||||
|   environment = { |   environment = { | ||||||
|     impermanence.enable = true; |     impermanence.enable = true; | ||||||
|  |  | ||||||
|     etc.machine-id.source = pkgs.runCommandLocal "machine-id-link" { } '' |     etc.machine-id.source = pkgs.runCommandLocal "machine-id-link" { } '' | ||||||
|       ln -s ${config.sops.secrets.machineId.path} $out |       ln -s ${config.sops.secrets.machineId.path} $out | ||||||
|     ''; |     ''; | ||||||
|  |  | ||||||
|     persistence = { |  | ||||||
|       "/persist/user"."/etc/nixos" = { }; |  | ||||||
|       "/persist/state" = { |  | ||||||
|         "/var/lib/nixos" = { }; |  | ||||||
|         "/var/lib/systemd" = { }; |  | ||||||
|         "/var/log" = { }; |  | ||||||
|       }; |  | ||||||
|     }; |  | ||||||
|   }; |   }; | ||||||
| } | } | ||||||
|   | |||||||
| @@ -210,8 +210,6 @@ in | |||||||
|         }; |         }; | ||||||
|       }; |       }; | ||||||
|  |  | ||||||
|       fileSystems = builtins.mapAttrs (_: _: { neededForBoot = true; }) cfg; |  | ||||||
|  |  | ||||||
|       systemd = { |       systemd = { | ||||||
|         mounts = builtins.map (c: { |         mounts = builtins.map (c: { | ||||||
|           description = c.path; |           description = c.path; | ||||||
| @@ -274,11 +272,17 @@ in | |||||||
|         ); |         ); | ||||||
|       }; |       }; | ||||||
|  |  | ||||||
|       environment.persistence."/persist" = { |       fileSystems = builtins.mapAttrs (_: _: { neededForBoot = true; }) cfg // { | ||||||
|         "/etc/nixos" = { }; |         "/persist".neededForBoot = true; | ||||||
|         "/var/lib/nixos" = { }; |       }; | ||||||
|         "/var/lib/systemd" = { }; |  | ||||||
|         "/var/log" = { }; |       environment.persistence = { | ||||||
|  |         "/persist/user"."/etc/nixos" = { }; | ||||||
|  |         "/persist/state" = { | ||||||
|  |           "/var/lib/nixos" = { }; | ||||||
|  |           "/var/lib/systemd" = { }; | ||||||
|  |           "/var/log" = { }; | ||||||
|  |         }; | ||||||
|       }; |       }; | ||||||
|  |  | ||||||
|       assertions = |       assertions = | ||||||
|   | |||||||
| @@ -26,7 +26,7 @@ | |||||||
|  |  | ||||||
|       sshKeyPaths = |       sshKeyPaths = | ||||||
|         if config.environment.impermanence.enable then |         if config.environment.impermanence.enable then | ||||||
|           [ config.environment.persistence."/persist"."/etc/ssh/ssh_host_ed25519_key".source ] |           [ config.environment.persistence."/persist/state"."/etc/ssh/ssh_host_ed25519_key".source ] | ||||||
|         else |         else | ||||||
|           [ "/etc/ssh/ssh_host_ed25519_key" ]; |           [ "/etc/ssh/ssh_host_ed25519_key" ]; | ||||||
|     }; |     }; | ||||||
|   | |||||||
| @@ -2,7 +2,6 @@ | |||||||
| { | { | ||||||
|   programs.ssh.knownHosts = { |   programs.ssh.knownHosts = { | ||||||
|     installer.publicKeyFile = ../../../../installer/secrets/ssh_host_ed25519_key.pub; |     installer.publicKeyFile = ../../../../installer/secrets/ssh_host_ed25519_key.pub; | ||||||
|     eirene.publicKeyFile = ../../../../eirene/secrets/ssh_host_ed25519_key.pub; |  | ||||||
|     elara.publicKeyFile = ../../../../elara/secrets/ssh_host_ed25519_key.pub; |     elara.publicKeyFile = ../../../../elara/secrets/ssh_host_ed25519_key.pub; | ||||||
|     himalia.publicKeyFile = ../../../../himalia/secrets/ssh_host_ed25519_key.pub; |     himalia.publicKeyFile = ../../../../himalia/secrets/ssh_host_ed25519_key.pub; | ||||||
|  |  | ||||||
|   | |||||||
| @@ -1 +0,0 @@ | |||||||
| # eirene |  | ||||||
| @@ -1,67 +0,0 @@ | |||||||
| { inputs, ... }: |  | ||||||
| { |  | ||||||
|   imports = [ |  | ||||||
|     inputs.disko.nixosModules.disko |  | ||||||
|     ./format.nix |  | ||||||
|  |  | ||||||
|     ./hardware |  | ||||||
|  |  | ||||||
|     ../common/configs/system/backup |  | ||||||
|     ../common/configs/system/bluetooth |  | ||||||
|     ../common/configs/system/boot |  | ||||||
|     ../common/configs/system/brightnessctl |  | ||||||
|     ../common/configs/system/btrfs |  | ||||||
|     ../common/configs/system/cpu |  | ||||||
|     ../common/configs/system/documentation |  | ||||||
|     ../common/configs/system/getty |  | ||||||
|     ../common/configs/system/git |  | ||||||
|     ../common/configs/system/gpg-agent |  | ||||||
|     ../common/configs/system/impermanence |  | ||||||
|     ../common/configs/system/libvirt |  | ||||||
|     ../common/configs/system/neovim |  | ||||||
|     ../common/configs/system/networkmanager |  | ||||||
|     ../common/configs/system/nix |  | ||||||
|     ../common/configs/system/nix-cleanup |  | ||||||
|     ../common/configs/system/nix-install |  | ||||||
|     ../common/configs/system/nix-ld |  | ||||||
|     ../common/configs/system/nix-update |  | ||||||
|     ../common/configs/system/nixpkgs |  | ||||||
|     ../common/configs/system/ntp |  | ||||||
|     ../common/configs/system/pipewire |  | ||||||
|     ../common/configs/system/podman |  | ||||||
|     ../common/configs/system/powertop |  | ||||||
|     ../common/configs/system/printing |  | ||||||
|     ../common/configs/system/smartmontools |  | ||||||
|     ../common/configs/system/sops |  | ||||||
|     ../common/configs/system/ssh |  | ||||||
|     ../common/configs/system/ssh-agent |  | ||||||
|     ../common/configs/system/sshd |  | ||||||
|     ../common/configs/system/sudo |  | ||||||
|     ../common/configs/system/system |  | ||||||
|     ../common/configs/system/timezone |  | ||||||
|     ../common/configs/system/tlp |  | ||||||
|     ../common/configs/system/tmux |  | ||||||
|     ../common/configs/system/tree |  | ||||||
|     ../common/configs/system/upower |  | ||||||
|     ../common/configs/system/users |  | ||||||
|     ../common/configs/system/zsh |  | ||||||
|  |  | ||||||
|     ./users/nick |  | ||||||
|   ]; |  | ||||||
|  |  | ||||||
|   networking.hostName = "eirene"; |  | ||||||
|  |  | ||||||
|   boot.supportedFilesystems = [ "ntfs" ]; |  | ||||||
|  |  | ||||||
|   fileSystems."/mnt/windows" = { |  | ||||||
|     device = "/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S69ENF0R841140X-part3"; |  | ||||||
|     fsType = "ntfs3"; |  | ||||||
|     noCheck = true; |  | ||||||
|     options = [ |  | ||||||
|       "users" |  | ||||||
|       "nofail" |  | ||||||
|       "sys_immutable" |  | ||||||
|       "windows_names" |  | ||||||
|     ]; |  | ||||||
|   }; |  | ||||||
| } |  | ||||||
| @@ -1,87 +0,0 @@ | |||||||
| { |  | ||||||
|   disko.devices = { |  | ||||||
|     disk.main = { |  | ||||||
|       device = "/dev/disk/by-id/nvme-SAMSUNG_MZVL22T0HBLB-00BL2_S64RNE0R602762"; |  | ||||||
|       type = "disk"; |  | ||||||
|       content = { |  | ||||||
|         type = "gpt"; |  | ||||||
|         partitions = { |  | ||||||
|           boot = { |  | ||||||
|             name = "boot"; |  | ||||||
|             size = "1M"; |  | ||||||
|             type = "EF02"; |  | ||||||
|           }; |  | ||||||
|           esp = { |  | ||||||
|             name = "esp"; |  | ||||||
|             size = "512M"; |  | ||||||
|             type = "EF00"; |  | ||||||
|             content = { |  | ||||||
|               type = "filesystem"; |  | ||||||
|               format = "vfat"; |  | ||||||
|               mountpoint = "/boot"; |  | ||||||
|               mountOptions = [ "umask=0077" ]; |  | ||||||
|             }; |  | ||||||
|           }; |  | ||||||
|           swap = { |  | ||||||
|             name = "swap"; |  | ||||||
|             size = "32G"; |  | ||||||
|             content = { |  | ||||||
|               type = "swap"; |  | ||||||
|               resumeDevice = true; |  | ||||||
|             }; |  | ||||||
|           }; |  | ||||||
|           root = { |  | ||||||
|             name = "root"; |  | ||||||
|             size = "100%"; |  | ||||||
|             content = { |  | ||||||
|               name = "main"; |  | ||||||
|               type = "luks"; |  | ||||||
|               passwordFile = "/tmp/keyfile"; |  | ||||||
|               settings = { |  | ||||||
|                 allowDiscards = true; |  | ||||||
|               }; |  | ||||||
|               content = { |  | ||||||
|                 type = "btrfs"; |  | ||||||
|                 extraArgs = [ "-f" ]; |  | ||||||
|                 subvolumes = |  | ||||||
|                   let |  | ||||||
|                     mountOptions = [ |  | ||||||
|                       "compress=zstd:1" |  | ||||||
|                       "noatime" |  | ||||||
|                       "user_subvol_rm_allowed" |  | ||||||
|                     ]; |  | ||||||
|                   in |  | ||||||
|                   { |  | ||||||
|                     "@" = { |  | ||||||
|                       mountpoint = "/"; |  | ||||||
|                       inherit mountOptions; |  | ||||||
|                     }; |  | ||||||
|                     "@persist" = { |  | ||||||
|                       mountpoint = "/persist"; |  | ||||||
|                       inherit mountOptions; |  | ||||||
|                     }; |  | ||||||
|                     "@persist/user" = { |  | ||||||
|                       mountpoint = "/persist/user"; |  | ||||||
|                       inherit mountOptions; |  | ||||||
|                     }; |  | ||||||
|                     "@persist/state" = { |  | ||||||
|                       mountpoint = "/persist/state"; |  | ||||||
|                       inherit mountOptions; |  | ||||||
|                     }; |  | ||||||
|                     "@persist/cache" = { |  | ||||||
|                       mountpoint = "/persist/cache"; |  | ||||||
|                       inherit mountOptions; |  | ||||||
|                     }; |  | ||||||
|                     "@nix" = { |  | ||||||
|                       mountpoint = "/nix"; |  | ||||||
|                       inherit mountOptions; |  | ||||||
|                     }; |  | ||||||
|                   }; |  | ||||||
|               }; |  | ||||||
|             }; |  | ||||||
|           }; |  | ||||||
|         }; |  | ||||||
|       }; |  | ||||||
|     }; |  | ||||||
|   }; |  | ||||||
| } |  | ||||||
| @@ -1,12 +0,0 @@ | |||||||
| # shellcheck shell=bash |  | ||||||
|  |  | ||||||
| AMD=/dev/dri/by-path/pci-0000:06:00.0-card |  | ||||||
| NVIDIA=/dev/dri/by-path/pci-0000:01:00.0-card |  | ||||||
|  |  | ||||||
| if [[ -e "$AMD" ]]; then |  | ||||||
|   card=$AMD |  | ||||||
| else |  | ||||||
|   card=$NVIDIA |  | ||||||
| fi |  | ||||||
|  |  | ||||||
| ln -sf "$card" "$HOME"/.config/hypr/card |  | ||||||
| @@ -1,100 +0,0 @@ | |||||||
| { |  | ||||||
|   config, |  | ||||||
|   pkgs, |  | ||||||
|   lib, |  | ||||||
|   ... |  | ||||||
| }: |  | ||||||
| { |  | ||||||
|   imports = [ ./display.nix ]; |  | ||||||
|  |  | ||||||
|   # https://github.com/NixOS/nixos-hardware/tree/master/lenovo/legion/16achg6 |  | ||||||
|   hardware = { |  | ||||||
|     enableAllFirmware = true; |  | ||||||
|  |  | ||||||
|     cpu = { |  | ||||||
|       cores = 8; |  | ||||||
|       threads = 16; |  | ||||||
|       amd.updateMicrocode = true; |  | ||||||
|     }; |  | ||||||
|  |  | ||||||
|     nvidia = { |  | ||||||
|       open = true; |  | ||||||
|       powerManagement.enable = true; |  | ||||||
|       dynamicBoost.enable = true; |  | ||||||
|  |  | ||||||
|       prime = { |  | ||||||
|         offload = { |  | ||||||
|           enable = true; |  | ||||||
|           enableOffloadCmd = true; |  | ||||||
|         }; |  | ||||||
|         nvidiaBusId = "PCI:1:0:0"; |  | ||||||
|         amdgpuBusId = "PCI:6:0:0"; |  | ||||||
|       }; |  | ||||||
|     }; |  | ||||||
|  |  | ||||||
|     graphics = { |  | ||||||
|       enable32Bit = true; |  | ||||||
|       extraPackages = with pkgs; [ |  | ||||||
|         amdvlk |  | ||||||
|         driversi686Linux.amdvlk |  | ||||||
|         rocmPackages.clr |  | ||||||
|         rocmPackages.clr.icd |  | ||||||
|       ]; |  | ||||||
|     }; |  | ||||||
|  |  | ||||||
|     nvidia-container-toolkit.enable = ( |  | ||||||
|       config.virtualisation.containerd.enable |  | ||||||
|       || config.virtualisation.docker.enable |  | ||||||
|       || config.virtualisation.podman.enable |  | ||||||
|     ); |  | ||||||
|   }; |  | ||||||
|  |  | ||||||
|   boot = { |  | ||||||
|     kernelParams = [ "amd_pstate=active" ]; |  | ||||||
|     kernelModules = [ "kvm-amd" ]; |  | ||||||
|     initrd.kernelModules = [ |  | ||||||
|       "nvme" |  | ||||||
|       "ahci" |  | ||||||
|       "usbhid" |  | ||||||
|       "amdgpu" |  | ||||||
|     ]; |  | ||||||
|   }; |  | ||||||
|  |  | ||||||
|   nixpkgs.config = { |  | ||||||
|     cudaSupport = true; |  | ||||||
|     rocmSupport = true; |  | ||||||
|   }; |  | ||||||
|  |  | ||||||
|   powerManagement.enable = true; |  | ||||||
|  |  | ||||||
|   services = { |  | ||||||
|     xserver.videoDrivers = [ "nvidia" ]; |  | ||||||
|     fstrim.enable = true; |  | ||||||
|     tlp.settings.DISK_DEVICES = lib.mkDefault "nvme0n1 nvme1n1"; |  | ||||||
|   }; |  | ||||||
|  |  | ||||||
|   programs.gamescope.env = { |  | ||||||
|     __NV_PRIME_RENDER_OFFLOAD = "1"; |  | ||||||
|     __VK_LAYER_NV_optimus = "NVIDIA_only"; |  | ||||||
|     __GLX_VENDOR_LIBRARY_NAME = "nvidia"; |  | ||||||
|   }; |  | ||||||
|  |  | ||||||
|   home-manager.sharedModules = [ |  | ||||||
|     { |  | ||||||
|       wayland.windowManager.hyprland.settings = { |  | ||||||
|         env = [ "AQ_DRM_DEVICES,$HOME/.config/hypr/card" ]; |  | ||||||
|  |  | ||||||
|         device = [ |  | ||||||
|           { |  | ||||||
|             name = "syna2ba6:00-06cb:ce44-touchpad"; |  | ||||||
|             sensitivity = 0.5; |  | ||||||
|           } |  | ||||||
|         ]; |  | ||||||
|  |  | ||||||
|         gestures.workspace_swipe_distance = 600; |  | ||||||
|       }; |  | ||||||
|  |  | ||||||
|       programs.zsh.loginExtra = lib.mkBefore (builtins.readFile ./card.sh); |  | ||||||
|     } |  | ||||||
|   ]; |  | ||||||
| } |  | ||||||
| @@ -1,32 +0,0 @@ | |||||||
| { pkgs, ... }: |  | ||||||
| { |  | ||||||
|   boot.kernelParams = [ "video=eDP-1:2560x1600@165" ]; |  | ||||||
|  |  | ||||||
|   programs.steam.package = pkgs.steam.override { extraEnv.STEAM_FORCE_DESKTOPUI_SCALING = 1.25; }; |  | ||||||
|  |  | ||||||
|   home-manager.sharedModules = [ |  | ||||||
|     { |  | ||||||
|       wayland.windowManager.hyprland.settings = { |  | ||||||
|         monitor = [ |  | ||||||
|           "eDP-1, preferred, 0x0, 1.25" |  | ||||||
|           ", maxwidth, auto-center-up, 1" |  | ||||||
|         ]; |  | ||||||
|  |  | ||||||
|         workspace = [ |  | ||||||
|           "1, monitor:eDP-1, layoutopt:orientation:left" |  | ||||||
|           "2, monitor:eDP-1, layoutopt:orientation:left" |  | ||||||
|           "3, monitor:eDP-1, layoutopt:orientation:left" |  | ||||||
|           "4, monitor:eDP-1, layoutopt:orientation:left" |  | ||||||
|           "5, monitor:eDP-1, layoutopt:orientation:left" |  | ||||||
|           "6, monitor:eDP-1, layoutopt:orientation:left" |  | ||||||
|           "7, monitor:eDP-1, layoutopt:orientation:left" |  | ||||||
|           "8, monitor:eDP-1, layoutopt:orientation:left" |  | ||||||
|           "9, monitor:eDP-1, layoutopt:orientation:left" |  | ||||||
|           "10, monitor:eDP-1, layoutopt:orientation:left" |  | ||||||
|         ]; |  | ||||||
|       }; |  | ||||||
|  |  | ||||||
|       programs.vscode.profiles.default.userSettings."window.zoomLevel" = (1.25 - 1) / 0.2; |  | ||||||
|     } |  | ||||||
|   ]; |  | ||||||
| } |  | ||||||
| @@ -1 +0,0 @@ | |||||||
| ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFG/ImO80n4+M8AIkS75leQiju6/zu09qV0keROjE6VC root@eirene |  | ||||||
| @@ -1,48 +0,0 @@ | |||||||
| { |  | ||||||
|   user ? throw "user argument is required", |  | ||||||
|   home ? throw "home argument is required", |  | ||||||
| }: |  | ||||||
| { |  | ||||||
|   config, |  | ||||||
|   inputs, |  | ||||||
|   lib, |  | ||||||
|   system, |  | ||||||
|   ... |  | ||||||
| }: |  | ||||||
| let |  | ||||||
|   hmConfig = config.home-manager.users.${user}; |  | ||||||
|   selfPkgs = inputs.self.packages.${system}; |  | ||||||
| in |  | ||||||
| { |  | ||||||
|   home-manager.users.${user} = { |  | ||||||
|     sops = { |  | ||||||
|       secrets = { |  | ||||||
|         "git/credentials/git.karaolidis.com/admin/username".sopsFile = |  | ||||||
|           ../../../../../../../secrets/personal/secrets.yaml; |  | ||||||
|         "git/credentials/git.karaolidis.com/admin/password".sopsFile = |  | ||||||
|           ../../../../../../../secrets/personal/secrets.yaml; |  | ||||||
|       }; |  | ||||||
|  |  | ||||||
|       templates."git/credentials" = { |  | ||||||
|         content = '' |  | ||||||
|           https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/username"}:${ |  | ||||||
|             hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/password" |  | ||||||
|           }@git.karaolidis.com |  | ||||||
|         ''; |  | ||||||
|         path = "${home}/.config/git/credentials"; |  | ||||||
|       }; |  | ||||||
|     }; |  | ||||||
|  |  | ||||||
|     programs.ssh = { |  | ||||||
|       matchBlocks = { |  | ||||||
|         "github.com" = { |  | ||||||
|           hostname = "github.com"; |  | ||||||
|           user = "git"; |  | ||||||
|           identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; |  | ||||||
|         }; |  | ||||||
|       }; |  | ||||||
|  |  | ||||||
|       userKnownHostsFiles = with selfPkgs; [ ssh-known-hosts-github ]; |  | ||||||
|     }; |  | ||||||
|   }; |  | ||||||
| } |  | ||||||
| @@ -1,18 +0,0 @@ | |||||||
| { |  | ||||||
|   user ? throw "user argument is required", |  | ||||||
|   home ? throw "home argument is required", |  | ||||||
| }: |  | ||||||
| { config, ... }: |  | ||||||
| let |  | ||||||
|   hmConfig = config.home-manager.users.${user}; |  | ||||||
| in |  | ||||||
| { |  | ||||||
|   home-manager.users.${user} = { |  | ||||||
|     sops.secrets = { |  | ||||||
|       "gpg/key".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; |  | ||||||
|       "gpg/pass".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; |  | ||||||
|     }; |  | ||||||
|  |  | ||||||
|     programs.clipbook.bookmarks."GPG Passphrase".source = hmConfig.sops.secrets."gpg/pass".path; |  | ||||||
|   }; |  | ||||||
| } |  | ||||||
| @@ -1,32 +0,0 @@ | |||||||
| { |  | ||||||
|   user ? throw "user argument is required", |  | ||||||
|   home ? throw "home argument is required", |  | ||||||
| }: |  | ||||||
| { config, pkgs, ... }: |  | ||||||
| let |  | ||||||
|   hmConfig = config.home-manager.users.${user}; |  | ||||||
| in |  | ||||||
| { |  | ||||||
|   home-manager.users.${user}.sops = { |  | ||||||
|     secrets = { |  | ||||||
|       "registry/docker.io".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; |  | ||||||
|       "registry/registry.karaolidis.com".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; |  | ||||||
|     }; |  | ||||||
|  |  | ||||||
|     templates.containers-auth = { |  | ||||||
|       content = builtins.readFile ( |  | ||||||
|         (pkgs.formats.json { }).generate "auth.json" { |  | ||||||
|           auths = { |  | ||||||
|             "docker.io" = { |  | ||||||
|               auth = hmConfig.sops.placeholder."registry/docker.io"; |  | ||||||
|             }; |  | ||||||
|             "registry.karaolidis.com" = { |  | ||||||
|               auth = hmConfig.sops.placeholder."registry/registry.karaolidis.com"; |  | ||||||
|             }; |  | ||||||
|           }; |  | ||||||
|         } |  | ||||||
|       ); |  | ||||||
|       path = "${home}/.config/containers/auth.json"; |  | ||||||
|     }; |  | ||||||
|   }; |  | ||||||
| } |  | ||||||
| @@ -1,32 +0,0 @@ | |||||||
| { |  | ||||||
|   user ? throw "user argument is required", |  | ||||||
|   home ? throw "home argument is required", |  | ||||||
| }: |  | ||||||
| { config, ... }: |  | ||||||
| let |  | ||||||
|   hmConfig = config.home-manager.users.${user}; |  | ||||||
| in |  | ||||||
| { |  | ||||||
|   home-manager.users.${user} = { |  | ||||||
|     sops.secrets = { |  | ||||||
|       "ssh/key" = { |  | ||||||
|         sopsFile = ../../../../../../../secrets/personal/secrets.yaml; |  | ||||||
|         path = "${home}/.ssh/ssh_personal_ed25519_key"; |  | ||||||
|       }; |  | ||||||
|  |  | ||||||
|       "ssh/pass".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; |  | ||||||
|     }; |  | ||||||
|  |  | ||||||
|     programs = { |  | ||||||
|       ssh.matchBlocks = { |  | ||||||
|         "karaolidis.com" = { |  | ||||||
|           hostname = "karaolidis.com"; |  | ||||||
|           user = "nick"; |  | ||||||
|           identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; |  | ||||||
|         }; |  | ||||||
|       }; |  | ||||||
|  |  | ||||||
|       clipbook.bookmarks."SSH Key Passphrase".source = hmConfig.sops.secrets."ssh/pass".path; |  | ||||||
|     }; |  | ||||||
|   }; |  | ||||||
| } |  | ||||||
| @@ -1,17 +0,0 @@ | |||||||
| { |  | ||||||
|   user ? throw "user argument is required", |  | ||||||
|   home ? throw "home argument is required", |  | ||||||
| }: |  | ||||||
| { ... }: |  | ||||||
| { |  | ||||||
|   home-manager.users.${user}.services.syncthing.settings.folders = { |  | ||||||
|     official = { |  | ||||||
|       label = "Official"; |  | ||||||
|       path = "${home}/Documents/Official"; |  | ||||||
|       devices = [ |  | ||||||
|         "amalthea" |  | ||||||
|         "ganymede" |  | ||||||
|       ]; |  | ||||||
|     }; |  | ||||||
|   }; |  | ||||||
| } |  | ||||||
| @@ -1,23 +0,0 @@ | |||||||
| { |  | ||||||
|   user ? throw "user argument is required", |  | ||||||
|   home ? throw "home argument is required", |  | ||||||
| }: |  | ||||||
| { ... }: |  | ||||||
| { |  | ||||||
|   home-manager.users.${user} = { |  | ||||||
|     programs.obsidian.vaults."Documents/Obsidian/master".enable = true; |  | ||||||
|  |  | ||||||
|     services.syncthing.settings.folders.obsidian = { |  | ||||||
|       label = "Obsidian"; |  | ||||||
|       path = "${home}/Documents/Obsidian"; |  | ||||||
|       devices = [ |  | ||||||
|         "amalthea" |  | ||||||
|         "ganymede" |  | ||||||
|       ]; |  | ||||||
|       maxConflicts = 0; |  | ||||||
|     }; |  | ||||||
|  |  | ||||||
|     home.file."Documents/Obsidian/.stignore".source = |  | ||||||
|       ../../../../../../common/configs/user/gui/obsidian/.stignore; |  | ||||||
|   }; |  | ||||||
| } |  | ||||||
| @@ -1,21 +0,0 @@ | |||||||
| { |  | ||||||
|   user ? throw "user argument is required", |  | ||||||
|   home ? throw "home argument is required", |  | ||||||
| }: |  | ||||||
| { ... }: |  | ||||||
| { |  | ||||||
|   home-manager.users.${user}.programs.vscode.languages = { |  | ||||||
|     c.enable = true; |  | ||||||
|     go.enable = true; |  | ||||||
|     java.enable = true; |  | ||||||
|     lua.enable = true; |  | ||||||
|     markdown.enable = true; |  | ||||||
|     nix.enable = true; |  | ||||||
|     python.enable = true; |  | ||||||
|     rest.enable = true; |  | ||||||
|     rust.enable = true; |  | ||||||
|     sops.enable = true; |  | ||||||
|     typescript.enable = true; |  | ||||||
|     yaml.enable = true; |  | ||||||
|   }; |  | ||||||
| } |  | ||||||
| @@ -1,119 +0,0 @@ | |||||||
| { config, lib, ... }: |  | ||||||
| let |  | ||||||
|   # FIXME: https://github.com/NixOS/nixpkgs/issues/24570 |  | ||||||
|   # FIXME: https://github.com/NixOS/nixpkgs/issues/305643 |  | ||||||
|   user = "nick"; |  | ||||||
|   home = "/home/nick"; |  | ||||||
| in |  | ||||||
| { |  | ||||||
|   imports = [ |  | ||||||
|     ../../../common/configs/user/options.nix |  | ||||||
|  |  | ||||||
|     (import ../../../common/configs/user/console/android { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/bashmount { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/brightnessctl { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/btop { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/dive { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/fastfetch { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/ffmpeg { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/git { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/gpg-agent { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/home-manager { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/imagemagick { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/ip { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/jq { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/libvirt { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/lsof { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/ncdu { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/neovim { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/nix { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/nix-cleanup { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/nix-develop { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/nix-direnv { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/pipewire { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/podman { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/ranger { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/sops { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/ssh { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/ssh-agent { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/syncthing { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/tmux { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/tree { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/unzip { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/wget { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/xdg { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/yt-dlp { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/console/zsh { inherit user home; }) |  | ||||||
|  |  | ||||||
|     (import ../../../common/configs/user/gui/astal { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/bluetooth { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/brightnessctl { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/btop { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/chromium { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/clipbook { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/cliphist { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/darktable { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/discord { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/emoji { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/firefox { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/gtk { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/hyprland { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/hyprshot { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/kitty { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/libreoffice { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/networkmanager { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/obs { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/obsidian { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/pipewire { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/qalculate { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/qt { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/rofi { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/rquickshare { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/spicetify { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/steam { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/swww { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/theme { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/transmission { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/vscode { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/wev { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/wl-clipboard { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/x11 { inherit user home; }) |  | ||||||
|     (import ../../../common/configs/user/gui/xdg { inherit user home; }) |  | ||||||
|  |  | ||||||
|     (import ./configs/console/git { inherit user home; }) |  | ||||||
|     (import ./configs/console/gpg { inherit user home; }) |  | ||||||
|     (import ./configs/console/podman { inherit user home; }) |  | ||||||
|     (import ./configs/console/ssh { inherit user home; }) |  | ||||||
|     (import ./configs/console/syncthing { inherit user home; }) |  | ||||||
|  |  | ||||||
|     (import ./configs/gui/obsidian { inherit user home; }) |  | ||||||
|     (import ./configs/gui/vscode { inherit user home; }) |  | ||||||
|   ]; |  | ||||||
|  |  | ||||||
|   # echo "password" | mkpasswd -s |  | ||||||
|   sops.secrets."${user}-password" = { |  | ||||||
|     sopsFile = ../../../../secrets/personal/secrets.yaml; |  | ||||||
|     key = "password"; |  | ||||||
|     neededForUsers = true; |  | ||||||
|   }; |  | ||||||
|  |  | ||||||
|   users.users.${user} = { |  | ||||||
|     inherit home; |  | ||||||
|     isNormalUser = true; |  | ||||||
|     email = "nick@karaolidis.com"; |  | ||||||
|     fullName = "Nikolaos Karaolidis"; |  | ||||||
|     description = "Nikolaos Karaolidis"; |  | ||||||
|     hashedPasswordFile = config.sops.secrets."${user}-password".path; |  | ||||||
|     extraGroups = [ "wheel" ]; |  | ||||||
|     linger = true; |  | ||||||
|     uid = lib.strings.toInt (builtins.readFile ./uid); |  | ||||||
|     openssh.authorizedKeys.keys = [ |  | ||||||
|       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEWDA5vnIB7KE2VG28Ovg5rXtQqxFwMXsfozLsH0BNZS nick@karaolidis.com" |  | ||||||
|     ]; |  | ||||||
|   }; |  | ||||||
|  |  | ||||||
|   home-manager.users.${user}.home = { |  | ||||||
|     username = user; |  | ||||||
|     homeDirectory = home; |  | ||||||
|   }; |  | ||||||
| } |  | ||||||
| @@ -1 +0,0 @@ | |||||||
| 1000 |  | ||||||
| @@ -22,7 +22,7 @@ | |||||||
|     nvidia = { |     nvidia = { | ||||||
|       open = true; |       open = true; | ||||||
|       powerManagement.enable = true; |       powerManagement.enable = true; | ||||||
|       # TODO |       # TODO: Enable | ||||||
|       # dynamicBoost.enable = true; |       # dynamicBoost.enable = true; | ||||||
|  |  | ||||||
|       prime = { |       prime = { | ||||||
|   | |||||||
| @@ -8,22 +8,8 @@ I have automated myself out of a job. How to use: | |||||||
|  |  | ||||||
| 3. Connect to the internet with `nmcli` | 3. Connect to the internet with `nmcli` | ||||||
|  |  | ||||||
| - Scan for available networks: |  | ||||||
|  |  | ||||||
|   ```bash |   ```bash | ||||||
|   nmcli device wifi list |   sudo nmcli device wifi connect "<SSID>" [--ask] | ||||||
|   ``` |  | ||||||
|  |  | ||||||
| - For an open network: |  | ||||||
|  |  | ||||||
|   ```bash |  | ||||||
|   nmcli device wifi connect "<SSID>" |  | ||||||
|   ``` |  | ||||||
|  |  | ||||||
| - For a secured network: |  | ||||||
|  |  | ||||||
|   ```bash |  | ||||||
|   nmcli device wifi connect "<SSID>" password "<password>" |  | ||||||
|   ``` |   ``` | ||||||
|  |  | ||||||
| 4. Run `sudo nix-install /etc/nixos -m install|repair -h host [-k key] [-c] [-r]"` | 4. Run `sudo nix-install /etc/nixos -m install|repair -h host [-k key] [-c] [-r]"` | ||||||
|   | |||||||
| @@ -7,6 +7,7 @@ | |||||||
|     ./hardware |     ./hardware | ||||||
|  |  | ||||||
|     ../common/configs/system/boot |     ../common/configs/system/boot | ||||||
|  |     ../common/configs/system/brightnessctl | ||||||
|     ../common/configs/system/btrfs |     ../common/configs/system/btrfs | ||||||
|     ../common/configs/system/documentation |     ../common/configs/system/documentation | ||||||
|     ../common/configs/system/getty |     ../common/configs/system/getty | ||||||
|   | |||||||
| @@ -7,7 +7,9 @@ | |||||||
|     ./hardware |     ./hardware | ||||||
|  |  | ||||||
|     ../common/configs/system/boot |     ../common/configs/system/boot | ||||||
|  |     ../common/configs/system/brightnessctl | ||||||
|     ../common/configs/system/btrfs |     ../common/configs/system/btrfs | ||||||
|  |     ../common/configs/system/cpu | ||||||
|     ../common/configs/system/documentation |     ../common/configs/system/documentation | ||||||
|     ../common/configs/system/git |     ../common/configs/system/git | ||||||
|     ../common/configs/system/impermanence |     ../common/configs/system/impermanence | ||||||
| @@ -36,17 +38,18 @@ | |||||||
|   # TODO: DNS for .local |   # TODO: DNS for .local | ||||||
|   networking.hostName = "jupiter"; |   networking.hostName = "jupiter"; | ||||||
|  |  | ||||||
|   fileSystems."/mnt/storage" = { |   # TODO: Enable | ||||||
|     label = "storage"; |   # fileSystems."/mnt/storage" = { | ||||||
|     fsType = "btrfs"; |   #   label = "storage"; | ||||||
|     options = [ |   #   fsType = "btrfs"; | ||||||
|       "x-initrd.mount" |   #   options = [ | ||||||
|       "defaults" |   #     "x-initrd.mount" | ||||||
|       "subvol=@" |   #     "defaults" | ||||||
|       "compress=zstd:5" |   #     "subvol=@" | ||||||
|       "noatime" |   #     "compress=zstd:5" | ||||||
|     ]; |   #     "noatime" | ||||||
|   }; |   #   ]; | ||||||
|  |   # }; | ||||||
|  |  | ||||||
|   users.users.root.openssh.authorizedKeys.keys = [ |   users.users.root.openssh.authorizedKeys.keys = [ | ||||||
|     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEWDA5vnIB7KE2VG28Ovg5rXtQqxFwMXsfozLsH0BNZS nick@karaolidis.com" |     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEWDA5vnIB7KE2VG28Ovg5rXtQqxFwMXsfozLsH0BNZS nick@karaolidis.com" | ||||||
|   | |||||||
| @@ -2,8 +2,7 @@ | |||||||
|   disko.devices = { |   disko.devices = { | ||||||
|     disk = { |     disk = { | ||||||
|       main = { |       main = { | ||||||
|         # TODO: Set to correct device |         device = "/dev/disk/by-id/nvme-SAMSUNG_MZVL22T0HBLB-00BL2_S64RNE0R602762"; | ||||||
|         device = "/dev/vda"; |  | ||||||
|         type = "disk"; |         type = "disk"; | ||||||
|         content = { |         content = { | ||||||
|           type = "gpt"; |           type = "gpt"; | ||||||
| @@ -24,15 +23,14 @@ | |||||||
|                 mountOptions = [ "umask=0077" ]; |                 mountOptions = [ "umask=0077" ]; | ||||||
|               }; |               }; | ||||||
|             }; |             }; | ||||||
|             # TODO: Set correct swap size and enable |             swap = { | ||||||
|             # swap = { |               name = "swap"; | ||||||
|             #   name = "swap"; |               size = "64G"; | ||||||
|             #   size = "64G"; |               content = { | ||||||
|             #   content = { |                 type = "swap"; | ||||||
|             #     type = "swap"; |                 resumeDevice = true; | ||||||
|             #     resumeDevice = true; |               }; | ||||||
|             #   }; |             }; | ||||||
|             # }; |  | ||||||
|             root = { |             root = { | ||||||
|               name = "root"; |               name = "root"; | ||||||
|               size = "100%"; |               size = "100%"; | ||||||
| @@ -63,12 +61,20 @@ | |||||||
|                         mountpoint = "/persist"; |                         mountpoint = "/persist"; | ||||||
|                         inherit mountOptions; |                         inherit mountOptions; | ||||||
|                       }; |                       }; | ||||||
|                       "@nix" = { |                       "@persist/user" = { | ||||||
|                         mountpoint = "/nix"; |                         mountpoint = "/persist/user"; | ||||||
|                         inherit mountOptions; |                         inherit mountOptions; | ||||||
|                       }; |                       }; | ||||||
|                       "@cache" = { |                       "@persist/state" = { | ||||||
|                         mountpoint = "/cache"; |                         mountpoint = "/persist/state"; | ||||||
|  |                         inherit mountOptions; | ||||||
|  |                       }; | ||||||
|  |                       "@persist/cache" = { | ||||||
|  |                         mountpoint = "/persist/cache"; | ||||||
|  |                         inherit mountOptions; | ||||||
|  |                       }; | ||||||
|  |                       "@nix" = { | ||||||
|  |                         mountpoint = "/nix"; | ||||||
|                         inherit mountOptions; |                         inherit mountOptions; | ||||||
|                       }; |                       }; | ||||||
|                     }; |                     }; | ||||||
| @@ -79,60 +85,60 @@ | |||||||
|         }; |         }; | ||||||
|       }; |       }; | ||||||
|  |  | ||||||
|       storage0 = { |       # TODO: Set to correct device | ||||||
|         # TODO: Set to correct device |       # storage0 = { | ||||||
|         device = "/dev/vdb"; |       #   device = "/dev/vdb"; | ||||||
|         type = "disk"; |       #   type = "disk"; | ||||||
|         content = { |       #   content = { | ||||||
|           type = "gpt"; |       #     type = "gpt"; | ||||||
|           partitions = { |       #     partitions = { | ||||||
|             root = { |       #       root = { | ||||||
|               name = "root"; |       #         name = "root"; | ||||||
|               size = "100%"; |       #         size = "100%"; | ||||||
|               content = { |       #         content = { | ||||||
|                 name = "storage0"; |       #           name = "storage0"; | ||||||
|                 type = "luks"; |       #           type = "luks"; | ||||||
|                 passwordFile = "/tmp/keyfile"; |       #           passwordFile = "/tmp/keyfile"; | ||||||
|                 settings = { |       #           settings = { | ||||||
|                   allowDiscards = true; |       #             allowDiscards = true; | ||||||
|                 }; |       #           }; | ||||||
|               }; |       #         }; | ||||||
|             }; |       #       }; | ||||||
|           }; |       #     }; | ||||||
|         }; |       #   }; | ||||||
|       }; |       # }; | ||||||
|  |  | ||||||
|       storage1 = { |       # TODO: Set to correct device | ||||||
|         # TODO: Set to correct device |       # storage1 = { | ||||||
|         device = "/dev/vdc"; |       #   device = "/dev/vdc"; | ||||||
|         type = "disk"; |       #   type = "disk"; | ||||||
|         content = { |       #   content = { | ||||||
|           type = "gpt"; |       #     type = "gpt"; | ||||||
|           partitions = { |       #     partitions = { | ||||||
|             root = { |       #       root = { | ||||||
|               name = "root"; |       #         name = "root"; | ||||||
|               size = "100%"; |       #         size = "100%"; | ||||||
|               content = { |       #         content = { | ||||||
|                 name = "storage1"; |       #           name = "storage1"; | ||||||
|                 type = "luks"; |       #           type = "luks"; | ||||||
|                 passwordFile = "/tmp/keyfile"; |       #           passwordFile = "/tmp/keyfile"; | ||||||
|                 settings = { |       #           settings = { | ||||||
|                   allowDiscards = true; |       #             allowDiscards = true; | ||||||
|                 }; |       #           }; | ||||||
|  |  | ||||||
|                 # storageN content must be placed on last alphabetical drive |       #           # storageN content must be placed on last alphabetical drive | ||||||
|                 content = { |       #           content = { | ||||||
|                   type = "btrfs"; |       #             type = "btrfs"; | ||||||
|                   extraArgs = [ "-f -L storage -m raid1 -d raid1 /dev/mapper/storage0" ]; |       #             extraArgs = [ "-f -L storage -m raid1 -d raid1 /dev/mapper/storage0" ]; | ||||||
|                   subvolumes = { |       #             subvolumes = { | ||||||
|                     "@" = { }; |       #               "@" = { }; | ||||||
|                   }; |       #             }; | ||||||
|                 }; |       #           }; | ||||||
|               }; |       #         }; | ||||||
|             }; |       #       }; | ||||||
|           }; |       #     }; | ||||||
|         }; |       #   }; | ||||||
|       }; |       # }; | ||||||
|     }; |     }; | ||||||
|   }; |   }; | ||||||
| } | } | ||||||
|   | |||||||
| @@ -1,18 +1,75 @@ | |||||||
| { ... }: |  | ||||||
| { | { | ||||||
|   # TODO Remove |   config, | ||||||
|   hardware.enableAllHardware = true; |   pkgs, | ||||||
|  |   lib, | ||||||
|  |   ... | ||||||
|  | }: | ||||||
|  | { | ||||||
|  |   imports = [ ./display.nix ]; | ||||||
|  |  | ||||||
|   # TODO Update |   hardware = { | ||||||
|   boot.initrd.kernelModules = [ |     enableAllFirmware = true; | ||||||
|     "ahci" |  | ||||||
|     "xhci_pci" |  | ||||||
|     "virtio_pci" |  | ||||||
|     "virtio_scsi" |  | ||||||
|     "virtio_blk" |  | ||||||
|     "virtio_console" |  | ||||||
|     "sd_mod" |  | ||||||
|   ]; |  | ||||||
|  |  | ||||||
|   services.fstrim.enable = true; |     cpu = { | ||||||
|  |       cores = 8; | ||||||
|  |       threads = 16; | ||||||
|  |       amd.updateMicrocode = true; | ||||||
|  |     }; | ||||||
|  |  | ||||||
|  |     nvidia = { | ||||||
|  |       open = true; | ||||||
|  |       powerManagement.enable = true; | ||||||
|  |       dynamicBoost.enable = true; | ||||||
|  |  | ||||||
|  |       prime = { | ||||||
|  |         offload = { | ||||||
|  |           enable = true; | ||||||
|  |           enableOffloadCmd = true; | ||||||
|  |         }; | ||||||
|  |         nvidiaBusId = "PCI:1:0:0"; | ||||||
|  |         amdgpuBusId = "PCI:6:0:0"; | ||||||
|  |       }; | ||||||
|  |     }; | ||||||
|  |  | ||||||
|  |     graphics = { | ||||||
|  |       enable32Bit = true; | ||||||
|  |       extraPackages = with pkgs; [ | ||||||
|  |         amdvlk | ||||||
|  |         driversi686Linux.amdvlk | ||||||
|  |         rocmPackages.clr | ||||||
|  |         rocmPackages.clr.icd | ||||||
|  |       ]; | ||||||
|  |     }; | ||||||
|  |  | ||||||
|  |     nvidia-container-toolkit.enable = ( | ||||||
|  |       config.virtualisation.containerd.enable | ||||||
|  |       || config.virtualisation.docker.enable | ||||||
|  |       || config.virtualisation.podman.enable | ||||||
|  |     ); | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  |   boot = { | ||||||
|  |     kernelParams = [ "amd_pstate=active" ]; | ||||||
|  |     kernelModules = [ "kvm-amd" ]; | ||||||
|  |     initrd.kernelModules = [ | ||||||
|  |       "nvme" | ||||||
|  |       "ahci" | ||||||
|  |       "usbhid" | ||||||
|  |       "amdgpu" | ||||||
|  |     ]; | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  |   nixpkgs.config = { | ||||||
|  |     cudaSupport = true; | ||||||
|  |     rocmSupport = true; | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  |   powerManagement.enable = true; | ||||||
|  |  | ||||||
|  |   services = { | ||||||
|  |     xserver.videoDrivers = [ "nvidia" ]; | ||||||
|  |     fstrim.enable = true; | ||||||
|  |     tlp.settings.DISK_DEVICES = lib.mkDefault "nvme0n1 nvme1n1"; | ||||||
|  |     logind.lidSwitch = "ignore"; | ||||||
|  |   }; | ||||||
| } | } | ||||||
|   | |||||||
							
								
								
									
										4
									
								
								hosts/jupiter/hardware/display.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								hosts/jupiter/hardware/display.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,4 @@ | |||||||
|  | { ... }: | ||||||
|  | { | ||||||
|  |   boot.kernelParams = [ "video=eDP-1:2560x1600@165" ]; | ||||||
|  | } | ||||||
| @@ -1 +1 @@ | |||||||
| ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQoqvM5g/0e/UAH+GHsp0IegTd+Y1WZ+H5TRvypUv03 root@jupiter | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEoe+/nXBPhLKVZ2Fo4iif8F9WgrriBE+/oXPdANR+7G root@jupiter | ||||||
|   | |||||||
| @@ -94,9 +94,7 @@ in | |||||||
|               networks.outline.ref |               networks.outline.ref | ||||||
|               networks.traefik.ref |               networks.traefik.ref | ||||||
|             ]; |             ]; | ||||||
|             volumes = [ |             volumes = [ "${volumes.outline.ref}:/var/lib/outline/data" ]; | ||||||
|               "${volumes.outline.ref}:/var/lib/outline/data" |  | ||||||
|             ]; |  | ||||||
|             environments = { |             environments = { | ||||||
|               URL = "https://docs.karaolidis.com"; |               URL = "https://docs.karaolidis.com"; | ||||||
|               PGSSLMODE = "disable"; |               PGSSLMODE = "disable"; | ||||||
|   | |||||||
| @@ -1,16 +1,11 @@ | |||||||
| { pkgs, ... }: | { pkgs, ... }: | ||||||
| let |  | ||||||
|   sish = pkgs.sish.overrideAttrs (oldAttrs: { |  | ||||||
|     patches = oldAttrs.patches or [ ] ++ [ ./proxy-ssl-termination.patch ]; |  | ||||||
|   }); |  | ||||||
| in |  | ||||||
| pkgs.dockerTools.buildImage { | pkgs.dockerTools.buildImage { | ||||||
|   name = "sish"; |   name = "sish"; | ||||||
|   fromImage = import ../base { inherit pkgs; }; |   fromImage = import ../base { inherit pkgs; }; | ||||||
|  |  | ||||||
|   copyToRoot = pkgs.buildEnv { |   copyToRoot = pkgs.buildEnv { | ||||||
|     name = "root"; |     name = "root"; | ||||||
|     paths = [ sish ]; |     paths = with pkgs; [ sish ]; | ||||||
|     pathsToLink = [ "/bin" ]; |     pathsToLink = [ "/bin" ]; | ||||||
|   }; |   }; | ||||||
|  |  | ||||||
|   | |||||||
| @@ -1,82 +0,0 @@ | |||||||
| diff --git a/cmd/sish.go b/cmd/sish.go |  | ||||||
| index 0f7bee3..7fb1656 100644 |  | ||||||
| --- a/cmd/sish.go |  | ||||||
| +++ b/cmd/sish.go |  | ||||||
| @@ -99,6 +99,7 @@ func init() { |  | ||||||
|  	rootCmd.PersistentFlags().BoolP("proxy-protocol", "", false, "Use the proxy-protocol while proxying connections in order to pass-on IP address and port information") |  | ||||||
|  	rootCmd.PersistentFlags().BoolP("proxy-protocol-use-timeout", "", false, "Use a timeout for the proxy-protocol read") |  | ||||||
|  	rootCmd.PersistentFlags().BoolP("proxy-protocol-listener", "", false, "Use the proxy-protocol to resolve ip addresses from user connections") |  | ||||||
| +	rootCmd.PersistentFlags().BoolP("proxy-ssl-termination", "", false, "Whether sish is running behind an SSL-terminated reverse proxy\nIf true, the displayed HTTP URL will use `https://` despite running on port 80") |  | ||||||
|  	rootCmd.PersistentFlags().BoolP("https", "", false, "Listen for HTTPS connections. Requires a correct --https-certificate-directory") |  | ||||||
|  	rootCmd.PersistentFlags().BoolP("force-all-https", "", false, "Redirect all requests to the https server") |  | ||||||
|  	rootCmd.PersistentFlags().BoolP("force-https", "", false, "Allow indiviual binds to request for https to be enforced") |  | ||||||
| diff --git a/config.example.yml b/config.example.yml |  | ||||||
| index 2249f5d..fbac885 100644 |  | ||||||
| --- a/config.example.yml |  | ||||||
| +++ b/config.example.yml |  | ||||||
| @@ -79,6 +79,7 @@ proxy-protocol-policy: use |  | ||||||
|  proxy-protocol-timeout: 200ms |  | ||||||
|  proxy-protocol-use-timeout: false |  | ||||||
|  proxy-protocol-version: "1" |  | ||||||
| +proxy-ssl-termination: false |  | ||||||
|  redirect-root: true |  | ||||||
|  redirect-root-location: https://github.com/antoniomika/sish |  | ||||||
|  rewrite-host-header: true |  | ||||||
| diff --git a/docs/posts/cli.md b/docs/posts/cli.md |  | ||||||
| index f6891a0..c31ab1c 100644 |  | ||||||
| --- a/docs/posts/cli.md |  | ||||||
| +++ b/docs/posts/cli.md |  | ||||||
| @@ -1,6 +1,6 @@ |  | ||||||
|  --- |  | ||||||
|  title: CLI |  | ||||||
| -description: How use sish's CLI  |  | ||||||
| +description: How use sish's CLI |  | ||||||
|  keywords: [sish, cli] |  | ||||||
|  --- |  | ||||||
|   |  | ||||||
| @@ -107,6 +107,7 @@ Flags: |  | ||||||
|        --proxy-protocol-use-timeout                              Use a timeout for the proxy-protocol read |  | ||||||
|    -q, --proxy-protocol-version string                           What version of the proxy protocol to use. Can either be 1, 2, or userdefined. |  | ||||||
|                                                                  If userdefined, the user needs to add a command to SSH called proxyproto=version (ie proxyproto=1) (default "1") |  | ||||||
| +      --proxy-ssl-termination                                   Whether sish is running behind an SSL terminated reverse proxy |  | ||||||
|        --redirect-root                                           Redirect the root domain to the location defined in --redirect-root-location (default true) |  | ||||||
|    -r, --redirect-root-location string                           The location to redirect requests to the root domain |  | ||||||
|                                                                  to instead of responding with a 404 (default "https://github.com/antoniomika/sish") |  | ||||||
| @@ -129,6 +130,7 @@ Flags: |  | ||||||
|        --verify-dns                                              Verify DNS information for hosts and ensure it matches a connecting users sha256 key fingerprint (default true) |  | ||||||
|        --verify-ssl                                              Verify SSL certificates made on proxied HTTP connections (default true) |  | ||||||
|    -v, --version                                                 version for sish |  | ||||||
| +      --welcome-message string                                  Message displayed to users upon connection (default "Press Ctrl-C to close the session.") |  | ||||||
|    -y, --whitelisted-countries string                            A comma separated list of whitelisted countries. Applies to HTTP, TCP, and SSH connections |  | ||||||
|    -w, --whitelisted-ips string                                  A comma separated list of whitelisted ips. Applies to HTTP, TCP, and SSH connections |  | ||||||
|  ``` |  | ||||||
| diff --git a/sshmuxer/httphandler.go b/sshmuxer/httphandler.go |  | ||||||
| index eb8ad63..833ed6a 100644 |  | ||||||
| --- a/sshmuxer/httphandler.go |  | ||||||
| +++ b/sshmuxer/httphandler.go |  | ||||||
| @@ -121,16 +121,17 @@ func handleHTTPListener(check *channelForwardMsg, _ string, requestMessages stri |  | ||||||
|  		} |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
| -	httpPortString := "" |  | ||||||
| -	if state.Ports.HTTPPort != 80 { |  | ||||||
| -		httpPortString = fmt.Sprintf(":%d", state.Ports.HTTPPort) |  | ||||||
| -	} |  | ||||||
| - |  | ||||||
| -	requestMessages += fmt.Sprintf("%s: http://%s%s%s%s\r\n", aurora.BgBlue("HTTP"), userPass, pH.HTTPUrl.Host, httpPortString, pH.HTTPUrl.Path) |  | ||||||
| +	if !viper.GetBool("proxy-ssl-termination") { |  | ||||||
| +		httpPortString := "" |  | ||||||
| +		if state.Ports.HTTPPort != 80 { |  | ||||||
| +			httpPortString = fmt.Sprintf(":%d", state.Ports.HTTPPort) |  | ||||||
| +		} |  | ||||||
|   |  | ||||||
| -	log.Printf("%s forwarding started: http://%s%s%s%s -> %s for client: %s\n", aurora.BgBlue("HTTP"), userPass, pH.HTTPUrl.Host, httpPortString, pH.HTTPUrl.Path, listenerHolder.Addr().String(), sshConn.SSHConn.RemoteAddr().String()) |  | ||||||
| +		requestMessages += fmt.Sprintf("%s: http://%s%s%s%s\r\n", aurora.BgBlue("HTTP"), userPass, pH.HTTPUrl.Host, httpPortString, pH.HTTPUrl.Path) |  | ||||||
| +		log.Printf("%s forwarding started: http://%s%s%s%s -> %s for client: %s\n", aurora.BgBlue("HTTP"), userPass, pH.HTTPUrl.Host, httpPortString, pH.HTTPUrl.Path, listenerHolder.Addr().String(), sshConn.SSHConn.RemoteAddr().String()) |  | ||||||
| +	} |  | ||||||
|   |  | ||||||
| -	if viper.GetBool("https") { |  | ||||||
| +	if viper.GetBool("https") || viper.GetBool("proxy-ssl-termination") { |  | ||||||
|  		httpsPortString := "" |  | ||||||
|  		if state.Ports.HTTPSPort != 443 { |  | ||||||
|  			httpsPortString = fmt.Sprintf(":%d", state.Ports.HTTPSPort) |  | ||||||
		Reference in New Issue
	
	Block a user