Added kylekrein-mac openssh
This commit is contained in:
parent
0421fb57b3
commit
46a145f179
5 changed files with 74 additions and 38 deletions
|
|
@ -341,7 +341,14 @@
|
||||||
# List services that you want to enable:
|
# List services that you want to enable:
|
||||||
|
|
||||||
# Enable the OpenSSH daemon.
|
# Enable the OpenSSH daemon.
|
||||||
services.openssh.enable = true;
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
# require public key authentication for better security
|
||||||
|
settings.PasswordAuthentication = false;
|
||||||
|
settings.KbdInteractiveAuthentication = false;
|
||||||
|
settings.PermitRootLogin = "no";
|
||||||
|
extraConfig = "HostKey ${config.sops.secrets."ssh_keys/${hwconfig.hostname}".path}";
|
||||||
|
};
|
||||||
|
|
||||||
# Open ports in the firewall.
|
# Open ports in the firewall.
|
||||||
networking.firewall.allowedTCPPorts = [22];
|
networking.firewall.allowedTCPPorts = [22];
|
||||||
|
|
|
||||||
|
|
@ -14,7 +14,7 @@ in {
|
||||||
hardware.asahi = {
|
hardware.asahi = {
|
||||||
peripheralFirmwareDirectory = ./firmware;
|
peripheralFirmwareDirectory = ./firmware;
|
||||||
useExperimentalGPUDriver = true;
|
useExperimentalGPUDriver = true;
|
||||||
experimentalGPUInstallMode = "overlay";
|
#experimentalGPUInstallMode = "overlay";
|
||||||
setupAsahiSound = true;
|
setupAsahiSound = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,14 +1,19 @@
|
||||||
{ pkgs, lib, hwconfig, inputs, ... }:
|
|
||||||
{
|
{
|
||||||
imports = [
|
pkgs,
|
||||||
inputs.apple-silicon-support.nixosModules.default
|
lib,
|
||||||
./mac-hardware-conf.nix
|
hwconfig,
|
||||||
../../hardware/apple-silicon-linux
|
inputs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
imports = [
|
||||||
|
inputs.apple-silicon-support.nixosModules.default
|
||||||
|
./mac-hardware-conf.nix
|
||||||
|
../../hardware/apple-silicon-linux
|
||||||
|
|
||||||
../../modules/hyprland
|
../../modules/hyprland
|
||||||
|
|
||||||
../../users/kylekrein
|
|
||||||
];
|
|
||||||
facter.reportPath = lib.mkForce null; #fails to generate
|
|
||||||
|
|
||||||
|
../../users/kylekrein
|
||||||
|
];
|
||||||
|
sops.secrets."ssh_keys/${hwconfig.hostname}" = {};
|
||||||
|
facter.reportPath = lib.mkForce null; #fails to generate
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,8 @@
|
||||||
users:
|
users:
|
||||||
kylekrein: ENC[AES256_GCM,data:DNLVQ4IPFhUG9MR9hk2BuElvfNZIky3nMGWgilutRwvT3wl25vOLEETrBFoWUO+2ZgLSnhtwWtIJhNlRlTK/rsrUNVTOdwq9AA==,iv:Z+dhr33Wotm064IcwtNfFpvQeL03T29Dn3Bl9VqPL1g=,tag:Qe3sOY0DegSKDptBjnbFrQ==,type:str]
|
kylekrein: ENC[AES256_GCM,data:DNLVQ4IPFhUG9MR9hk2BuElvfNZIky3nMGWgilutRwvT3wl25vOLEETrBFoWUO+2ZgLSnhtwWtIJhNlRlTK/rsrUNVTOdwq9AA==,iv:Z+dhr33Wotm064IcwtNfFpvQeL03T29Dn3Bl9VqPL1g=,tag:Qe3sOY0DegSKDptBjnbFrQ==,type:str]
|
||||||
tania: ENC[AES256_GCM,data:veo/dKQpztSGLfCxpWqoTOlPqSaNeNW2pYrTU9z125hjBVt2LC8X+mDp8vA0r8QFKpkGr1BiwviUTuXsSO1IXn3nHfDGsHQqFQ==,iv:q3pCcil1wiKe5xC6QEn3Q4wV1icW+3CCUQw6QZIINWU=,tag:XvBfIEORfdTcUihtcJQZVg==,type:str]
|
tania: ENC[AES256_GCM,data:veo/dKQpztSGLfCxpWqoTOlPqSaNeNW2pYrTU9z125hjBVt2LC8X+mDp8vA0r8QFKpkGr1BiwviUTuXsSO1IXn3nHfDGsHQqFQ==,iv:q3pCcil1wiKe5xC6QEn3Q4wV1icW+3CCUQw6QZIINWU=,tag:XvBfIEORfdTcUihtcJQZVg==,type:str]
|
||||||
|
ssh_keys:
|
||||||
|
kylekrein-mac: ENC[AES256_GCM,data:Gnh34OQWO6eQfNfyYZsVfvktknmZorQYF+lNMKYvV7XkKjZ3RQNHyJ3UWOX+sVwWdtF7EboXkBPdHvnyLvDVIyv7trxTU5IXQzOI+34AKfPHa828HuOLk0AclCmm6GcNq/X4dKTX5DADG4cE4/V+KtdjvSMtLX7I1cjlfsN7JzcsnjERbK8Q0pTMuA44IUdnh0odH9xFEP/f/hVZZZhc5vrMfAqSx3lQxCF62c0wJaorobsPSM7BTzorVgnMnc3zJRAlgQnCnAe306/6g4hurBteIVeGFhA8gSk1fjZh2fm0opo/lgvHRJOwfpvRWJGEedx7hEpjsDr8BRxeBc2OHaRO5UP+fYh8Qtki8ZeFUjr/psjRRz128Kr0C+NS0AByZtwg54d705uwsnf79jPdM1ewGryCcsxqYWCvT0174cIg3sLdQvPnESbV1zU+QsVskFZwYL+gLtzuAwExPW7cM12M/HS+Eb5xtWvRA46FZ/dnKFwQkUA/VgSi08eC5/EYg8dFBht9hDK+kiLPGHML8A6a3CoiMf0pd+DbdOxA21F0Tw==,iv:oEXxrvWosuiH2wSoSkP7YMwBQu3JKIhn/YeiaTL/UT4=,tag:XgBw2q/6LPWg2zuOC9Wb+w==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
|
@ -16,8 +18,8 @@ sops:
|
||||||
M0hSNWNYbGM3a21McUVMaGNqWTdmNTQK3VRFV4EaC8K8AJi2PUt6TeBgueEmPLI8
|
M0hSNWNYbGM3a21McUVMaGNqWTdmNTQK3VRFV4EaC8K8AJi2PUt6TeBgueEmPLI8
|
||||||
Vdwwbh89+xD5xf4Zm0LctPRlxxM6diubv0gIZZPy/ZXZfiU32ZnM0w==
|
Vdwwbh89+xD5xf4Zm0LctPRlxxM6diubv0gIZZPy/ZXZfiU32ZnM0w==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-12-19T00:21:29Z"
|
lastmodified: "2025-01-12T15:24:10Z"
|
||||||
mac: ENC[AES256_GCM,data:B/sJ9L4aeDm4n+JIRrnjwRF8tbveuH85Y55pzy3lBvub+VF+mv/4PCyRWR8Upi1HWDqKQjN3yEo2+Px8e24csD7kyyirwFuYcbwNslEG4gm1uffx34sP3G+8bmEoLO76tbHrsMIkWTAQl3rmDOcNvVqzVq8KwGQSA2+3gO4d1+o=,iv:f0lOEBfvcsL5WQMz4Le2mu15IGsYFfE4OIUfnno0xXY=,tag:SusRIyzZlqbDbUN2BgvB8w==,type:str]
|
mac: ENC[AES256_GCM,data:nN6b/GItToa87P08ZzkCRMjWX2Hw0jTL73QsWp0T+yAwI3n4BPeeJcuTQrh5zhL6BE87ZN83NQtAotaeRClnKw7x7FKspbKj9bVuExNEV0N9/ivN4l165R4/I8xtFQoJ+BHzA36iGbgXNemhaRexlR07KuOOtNnSNoYYT/FV9Do=,iv:voJusWPg1cw5Z/R5Jk3rQTELGyUcWi4Y+QhNLsD8+DQ=,tag:GoWKU8qgK81p8eqwKmIj6Q==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.2
|
version: 3.9.2
|
||||||
|
|
|
||||||
|
|
@ -1,28 +1,50 @@
|
||||||
{ pkgs, config, lib, hwconfig, inputs, first-nixos-install, ... }:
|
|
||||||
let username = "kylekrein";
|
|
||||||
in
|
|
||||||
{
|
{
|
||||||
imports = [
|
pkgs,
|
||||||
];
|
config,
|
||||||
users.users.${username} = {
|
lib,
|
||||||
isNormalUser = true;
|
hwconfig,
|
||||||
description = "Aleksandr Lebedev";
|
inputs,
|
||||||
extraGroups = [ "networkmanager" "wheel" ];
|
first-nixos-install,
|
||||||
#initialPassword = "1234";
|
...
|
||||||
hashedPasswordFile = config.sops.secrets."users/${username}".path;
|
}: let
|
||||||
packages = with pkgs; [];
|
username = "kylekrein";
|
||||||
};
|
in {
|
||||||
sops.secrets = {
|
imports = [
|
||||||
"users/${username}" = {
|
];
|
||||||
neededForUsers = true;
|
users.users.${username} = {
|
||||||
};
|
isNormalUser = true;
|
||||||
};
|
description = "Aleksandr Lebedev";
|
||||||
|
extraGroups = ["networkmanager" "wheel"];
|
||||||
|
#initialPassword = "1234";
|
||||||
|
hashedPasswordFile = config.sops.secrets."users/${username}".path;
|
||||||
|
packages = with pkgs; [];
|
||||||
|
|
||||||
home-manager.users."${username}" = import ../../home.nix { inherit lib; inherit username; inherit inputs; inherit first-nixos-install; inherit hwconfig; inherit config; inherit pkgs; };
|
openssh.authorizedKeys.keys = [
|
||||||
kylekrein.services.autoUpgrade = {
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMt3PWVvmEL6a0HHTsxL4KMq1UGKFdzgX5iIkm6owGQ kylekrein@kylekrein-mac"
|
||||||
configDir = lib.mkForce "/home/${username}/nixos-config";
|
];
|
||||||
user = lib.mkForce username;
|
};
|
||||||
|
sops.secrets = {
|
||||||
|
"users/${username}" = {
|
||||||
|
neededForUsers = true;
|
||||||
};
|
};
|
||||||
programs.nh.flake = lib.mkForce "/home/${username}/nixos-config";
|
};
|
||||||
systemd.tmpfiles.rules = (if hwconfig.useImpermanence then ["d /persist/home/${username} 0700 ${username} users -"] else []); # /persist/home/<user> created, owned by that user
|
|
||||||
|
home-manager.users."${username}" = import ../../home.nix {
|
||||||
|
inherit lib;
|
||||||
|
inherit username;
|
||||||
|
inherit inputs;
|
||||||
|
inherit first-nixos-install;
|
||||||
|
inherit hwconfig;
|
||||||
|
inherit config;
|
||||||
|
inherit pkgs;
|
||||||
|
};
|
||||||
|
kylekrein.services.autoUpgrade = {
|
||||||
|
configDir = lib.mkForce "/home/${username}/nixos-config";
|
||||||
|
user = lib.mkForce username;
|
||||||
|
};
|
||||||
|
programs.nh.flake = lib.mkForce "/home/${username}/nixos-config";
|
||||||
|
systemd.tmpfiles.rules =
|
||||||
|
if hwconfig.useImpermanence
|
||||||
|
then ["d /persist/home/${username} 0700 ${username} users -"]
|
||||||
|
else []; # /persist/home/<user> created, owned by that user
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue