pegasust
/
dotfiles
1
0
Fork 0
Code Issues 6 Pull Requests Projects Releases Wiki Activity

e2@phoenix is broken, use e2@LA instead

top-level-nix
Pegasust 2022-12-24 02:19:24 -07:00
parent e3a0eb7c3f
commit 8bd3eb914e
4 changed files with 57 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nix-conf/secrets.nix
View File

@ -12,5 +12,7 @@ let
c_ = builtins; c_ = builtins;
in { in {
"system/secrets/s3fs.age".publicKeys = c_.attrValues (all); "system/secrets/s3fs.age".publicKeys = c_.attrValues (all);
"system/secrets/s3fs.digital-garden.age".publicKeys = c_.attrValues (all);
"system/secrets/_nhitrl.age".publicKeys = c_.attrValues (all); "system/secrets/_nhitrl.age".publicKeys = c_.attrValues (all);
} }

49
nix-conf/system/flake.nix
View File

@ -21,6 +21,9 @@
# owner = "hungtr"; # owner = "hungtr";
# group = "users"; # group = "users";
}; };
age.secrets."s3fs.digital-garden" = {
file = ./secrets/s3fs.digital-garden.age;
};
age.secrets._nhitrl_cred = { age.secrets._nhitrl_cred = {
file = ./secrets/_nhitrl.age; file = ./secrets/_nhitrl.age;
}; };
@ -235,19 +238,40 @@
s3fs-exec = "${pkgs.s3fs}/bin/s3fs"; s3fs-exec = "${pkgs.s3fs}/bin/s3fs";
in "${mount_dest} ${confToBackendArg backend_args} :${s3fs-exec}\#${bucket}"; in "${mount_dest} ${confToBackendArg backend_args} :${s3fs-exec}\#${bucket}";
personalStorage = [ personalStorage = [
# hungtr-hot @ phoenix is broken :)
# (autofs-s3fs_entry {
# mount_dest = "hot";
# backend_args = {
# "-fstype" = "fuse";
# use_cache = "/tmp";
# del_cache = null;
# allow_other = null;
# url = ''"https://f5i0.ph.idrivee2-32.com"'';
# # TODO: builtins.readFile requires a Git-controlled file
# passwd_file = config.age.secrets.s3fs.path;
# dbglevel = "debug"; # enable this for better debugging info in journalctl
# uid = "1000"; # default user
# gid = "100"; # users
# umask="003"; # others read only, fully shared for users group
# # _netdev = null; # ignored by s3fs (https://github.com/s3fs-fuse/s3fs-fuse/blob/master/src/s3fs.cpp#L4910)
# };
# bucket = "hungtr-hot";
# })
(autofs-s3fs_entry { (autofs-s3fs_entry {
mount_dest = "hot"; mount_dest = "garden";
backend_args = { backend_args = {
"-fstype" = "fuse"; "-fstype" = "fuse";
use_cache = "/tmp"; use_cache = "/tmp";
del_cache = null; del_cache = null;
allow_other = null; allow_other = null;
url = ''"https://f5i0.ph.idrivee2-32.com"''; url = "https://v5h5.la11.idrivee2-14.com";
# TODO: builtins.readFile requires a Git-controlled file passwd_file = config.age.secrets."s3fs.digital-garden".path;
passwd_file = config.age.secrets.s3fs.path; dbglevel = "debug"; # enable this for better debugging info in journalctl
# dbglevel = "debug"; # enable this for better debugging info in journalctl uid = "1000"; # default user
gid = "100"; # users
umask="003"; # others read only, fully shared for users group
}; };
bucket = "hungtr-hot"; bucket = "digital-garden";
}) })
(let args = { (let args = {
"-fstype" = "cifs"; "-fstype" = "cifs";
@ -279,7 +303,7 @@
autoMaster = '' autoMaster = ''
/perso file:${persoConf} /perso file:${persoConf}
''; '';
timeout = 600; # default, 600 seconds (10 mins) of inactivity => unmount timeout = 30; # default: 600, 600 seconds (10 mins) of inactivity => unmount
# debug = true; # writes to more to journalctl # debug = true; # writes to more to journalctl
}; };
}) })
@ -328,7 +352,16 @@
services.xserver.enable = true; services.xserver.enable = true;
# KDE & Plasma 5 # KDE & Plasma 5
services.xserver.displayManager.sddm.enable = true; services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5.enable = true; services.xserver.desktopManager.plasma5 = {
enable = true;
excludePackages = let qt = pkgs.libsForQt5; in [
qt.elisa # audio viewer
qt.konsole # I use alacritty instaed
qt.plasma-browser-integration
qt.print-manager # will enable if I need
qt.khelpcenter # why not just write manpages instead :(
];
};
time.timeZone = "America/Phoenix"; time.timeZone = "America/Phoenix";
# Configure keymap in X11 # Configure keymap in X11

10
nix-conf/system/secrets/s3fs.digital-garden.age Normal file
View File

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 ahbzMg GUriNV3lYlrA4xfIUj9PedI8p87avdQKOXhFqVnyzG4
TvLDyCGbmU0N26SLWDIhj8tAgwrx1kFyhe6knPvJbLg
-> ssh-ed25519 glsjZQ uZUN8LJ5tnBlkrQ23JutAMzOODVF/96m+5qwgE0mJgM
srPQPu/fcCSDsbyZF8HLytPts7LGib6AHKBxaVXbK+c
-> R{n]I@-grease
EdbrkSaDEZBhArX2fk83dPE8DAtFuCdzm9TlIfXWhv8+jFLNmSshkKYc2Rlj/FE1
7w
--- GYDU/uV9eu8AKstyufFIueBnuvXwlKO3Oz9LLxkkhKQ
/MôïŽ×XƒÁ€ôÑb€vÎV}®^}|~êž¹.í•qÒU–Ô"‘€Öµ*«Åy‡…ÆÄñÇIôifªjîE´JW®a\ ðÉysUïö<>“Ÿ¥Qè$

7
scripts/config-sysnix.sh
View File

@ -39,10 +39,11 @@ if [ ! -f "${SSH_PRIV}" ]; then
fi fi
# idempotently adds to authorized_keys # idempotently adds to authorized_keys
cat "${SSH_PUB}" >> "${SSH_DIR}/authorized_keys" cat "${SSH_PUB}" >> "${SSH_DIR}/authorized_keys"
# If we do this, then uniq is performed first :?
# sort "${SSH_DIR}/authorized_keys" | uniq >"${SSH_DIR}/authorized_keys" # sort "${SSH_DIR}/authorized_keys" | uniq >"${SSH_DIR}/authorized_keys"
sort "${SSH_DIR}/authorized_keys" | uniq | tee "${SSH_DIR}/authorized_keys" # NOTE: if we do sort... file >file, the ">file" is performed first, which truncates
cat "${SSH_DIR}/authorized_keys" # the file before we open to read. Hence, `sort [...] file >file` yields empty file.
# Because of this, we have to use `-o`
sort -u "${SSH_DIR}/authorized_keys" -o "${SSH_DIR}/authorized_keys"
echo "Apply nixos-rebuild" echo "Apply nixos-rebuild"
sudo nixos-rebuild switch --flake "${SYSNIX_DIR}#${HOSTNAME}" sudo nixos-rebuild switch --flake "${SYSNIX_DIR}#${HOSTNAME}"