wip

author: Mike Vink <mike@pionative.com> 2024-07-14 06:40:52 +0200
committer: Mike Vink <mike@pionative.com> 2024-07-14 06:40:52 +0200
commit: 98c31cac3e931023b5afeb209af6b6eed2a025c7 (patch)
tree: 4f78891affa3ce2cfbb7f0b1b3efc31d68c87ab7 /machines
parent: f56f38fc344a80244266e0b69f909775599ba5b2 (diff)
3 files changed, 71 insertions, 78 deletions
diff --git a/machines/lemptop.nix b/machines/lemptop.nix
index a3e0781..ee362a1 100644
--- a/machines/lemptop.nix
+++ b/machines/lemptop.nix
@@ -4,7 +4,13 @@ with lib;
   imports =
     [ (modulesPath + "/installer/scan/not-detected.nix")
     ];
-  networking.nameservers = ["192.168.2.13"];
+  # networking.nameservers = ["192.168.2.13"];
+  hm.xsession.initExtra = ''
+      ${pkgs.xorg.xset}/bin/xset r rate 230 30
+      [ -z "$(lsusb | grep microdox)" ] && ${pkgs.xorg.setxkbmap}/bin/setxkbmap -option "ctrl:swapcaps"
+      wal -R
+      dwm
+  '';
 
   sops.age.keyFile = "${config.hm.xdg.configHome}/sops/age/keys.txt";
   services.tailscale.enable = true;
@@ -30,9 +36,7 @@ with lib;
       -----END CERTIFICATE-----
     '';
   };
-  users.users.${ivi.username} = {
-    shell = pkgs.zsh;
-  };
+  my.shell = pkgs.zsh;
   environment.shells = [pkgs.bashInteractive pkgs.zsh];
   environment.pathsToLink = [ "/share/zsh" ];
   programs.zsh.enable = true;
diff --git a/machines/pump-netboot.nix b/machines/pump-netboot.nix
new file mode 100644
index 0000000..ce6b877
--- /dev/null
+++ b/machines/pump-netboot.nix
@@ -0,0 +1,63 @@
+{ config, pkgs, lib, modulesPath, ... }: with lib; {
+  imports = [
+    (modulesPath + "/installer/netboot/netboot-minimal.nix")
+  ];
+  services.getty.autologinUser = lib.mkForce "root";
+  users.users.root.openssh.authorizedKeys.keys = my.sshKeys;
+
+  services.openssh.enable = true;
+  sops.age.keyFile = "${config.my.home}/sops/age/keys.txt";
+  services.syncthing = {
+    cert = builtins.toFile "syncthing-cert" ''
+      -----BEGIN CERTIFICATE-----
+      MIICGzCCAaKgAwIBAgIIRGieK4FEhD0wCgYIKoZIzj0EAwIwSjESMBAGA1UEChMJ
+      U3luY3RoaW5nMSAwHgYDVQQLExdBdXRvbWF0aWNhbGx5IEdlbmVyYXRlZDESMBAG
+      A1UEAxMJc3luY3RoaW5nMB4XDTI0MDIxMTAwMDAwMFoXDTQ0MDIwNjAwMDAwMFow
+      SjESMBAGA1UEChMJU3luY3RoaW5nMSAwHgYDVQQLExdBdXRvbWF0aWNhbGx5IEdl
+      bmVyYXRlZDESMBAGA1UEAxMJc3luY3RoaW5nMHYwEAYHKoZIzj0CAQYFK4EEACID
+      YgAEH/4taBY2lcNBXZCxNOklTahIlhN+ypYMOqw7LNlKZVdv7JzRR67akp/F99mF
+      PA+IB1CQoPOTXUjnhm84Tob/8MoUA1jM5uspclxXG95eMw2J7E7svBEGJA2RsEQE
+      dsU3o1UwUzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
+      AQUFBwMCMAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJc3luY3RoaW5nMAoGCCqG
+      SM49BAMCA2cAMGQCMCP0Ro0ZjGfQf9R3x3neKZzrJxkD11ZK9NBNTaeWAKbrhkjp
+      qqW9uTONfIOXZmgtrQIwf6Ykr934UA5I6Rk8qNV8d082n3FNMw1NgK9GmUv2XMZ5
+      eOpDAYJrhLx5jb7d3L4/
+      -----END CERTIFICATE-----
+    '';
+  };
+
+  networking.hostName = "pump";
+  networking.domain = "vinkies.net";
+
+  boot.supportedFilesystems = [ "zfs" ];
+  boot.zfs.forceImportRoot = false;
+  networking.hostId = "7da046cb";
+
+  boot.initrd.network = {
+    enable = true;
+    ssh = {
+      enable = true; # Use a different port than your usual SSH port!
+      port = 2222;
+      hostKeys = [
+        (/. + "${config.my.home}" + "/.ssh/initrd/key")
+      ];
+      authorizedKeys = my.sshKeys;
+    };
+    postCommands = ''
+      echo "zfs load-key -a; killall zfs" >> /root/.profile
+    '';
+  };
+
+  fileSystems."/data" =
+    { device = "zpool/data";
+      fsType = "zfs";
+      neededForBoot = true;
+    };
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  system.stateVersion = "24.05";
+  nix.extraOptions = mkForce ''
+    experimental-features = nix-command flakes
+  '';
+  nix.package = mkForce pkgs.nixVersions.stable;
+}
diff --git a/machines/pump.nix b/machines/pump.nix
deleted file mode 100644
index 87198db..0000000
--- a/machines/pump.nix
+++ /dev/null
@@ -1,74 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-  services.openssh = {
-      enable = true;
-      settings.X11Forwarding = true;
-  };
-  sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
-  services.syncthing = {
-    cert = builtins.toFile "syncthing-cert" ''
-      -----BEGIN CERTIFICATE-----
-      MIICGzCCAaKgAwIBAgIIRGieK4FEhD0wCgYIKoZIzj0EAwIwSjESMBAGA1UEChMJ
-      U3luY3RoaW5nMSAwHgYDVQQLExdBdXRvbWF0aWNhbGx5IEdlbmVyYXRlZDESMBAG
-      A1UEAxMJc3luY3RoaW5nMB4XDTI0MDIxMTAwMDAwMFoXDTQ0MDIwNjAwMDAwMFow
-      SjESMBAGA1UEChMJU3luY3RoaW5nMSAwHgYDVQQLExdBdXRvbWF0aWNhbGx5IEdl
-      bmVyYXRlZDESMBAGA1UEAxMJc3luY3RoaW5nMHYwEAYHKoZIzj0CAQYFK4EEACID
-      YgAEH/4taBY2lcNBXZCxNOklTahIlhN+ypYMOqw7LNlKZVdv7JzRR67akp/F99mF
-      PA+IB1CQoPOTXUjnhm84Tob/8MoUA1jM5uspclxXG95eMw2J7E7svBEGJA2RsEQE
-      dsU3o1UwUzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-      AQUFBwMCMAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJc3luY3RoaW5nMAoGCCqG
-      SM49BAMCA2cAMGQCMCP0Ro0ZjGfQf9R3x3neKZzrJxkD11ZK9NBNTaeWAKbrhkjp
-      qqW9uTONfIOXZmgtrQIwf6Ykr934UA5I6Rk8qNV8d082n3FNMw1NgK9GmUv2XMZ5
-      eOpDAYJrhLx5jb7d3L4/
-      -----END CERTIFICATE-----
-    '';
-  };
-
-  networking.hostName = "pump";
-  networking.domain = "vinkies.net";
-
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  boot.supportedFilesystems = [ "zfs" ];
-  boot.zfs.forceImportRoot = false;
-  networking.hostId = "7da046cb";
-
-  fileSystems."/data" =
-    { device = "zpool/data";
-      fsType = "zfs";
-      neededForBoot = true;
-    };
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/fc8829a4-d9d5-4001-a3b2-8dae8b85acd7";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/C7FB-25D8";
-      fsType = "vfat";
-    };
-
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/2c11292d-3110-482d-abde-08e0fc493555"; }
-    ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}
author	Mike Vink <mike@pionative.com>	2024-07-14 06:40:52 +0200
committer	Mike Vink <mike@pionative.com>	2024-07-14 06:40:52 +0200
commit	98c31cac3e931023b5afeb209af6b6eed2a025c7 (patch)
tree	4f78891affa3ce2cfbb7f0b1b3efc31d68c87ab7 /machines
parent	f56f38fc344a80244266e0b69f909775599ba5b2 (diff)