diff --git a/nixos/bootstrap/flake.nix b/nixos/bootstrap/flake.nix index 92d74214..4ddd5974 100644 --- a/nixos/bootstrap/flake.nix +++ b/nixos/bootstrap/flake.nix @@ -63,6 +63,26 @@ self, nixpkgs, nixos-hardware, home-manager, nix, ... }: let + machinesPath = ../machines; + machineFilenames = builtins.attrNames (builtins.readDir machinesPath); + machineNameFromFilename = filename: builtins.head (builtins.split "\\." filename); + machineNames = map machineNameFromFilename machineFilenames; + mkConfigurationParams = filename: { + name = machineNameFromFilename filename; + value = { + modules = [ (machinesPath + ("/" + filename)) ]; + }; + }; + defaultConfigurationParams = + builtins.listToAttrs (map mkConfigurationParams machineFilenames); + customParams = { + biskcomp = { + system = "aarch64-linux"; + }; + air-gapped-pi = { + system = "aarch64-linux"; + }; + }; mkConfig = args@ { system ? "x86_64-linux" @@ -75,32 +95,13 @@ inherit system; modules = baseModules ++ modules; specialArgs = rec { - inherit inputs; + inherit inputs machineNames; makeEnable = (import ../make-enable.nix) nixpkgs.lib; mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys); realUsers = [ "root" "imalison" "kat" "dean" "alex" ]; forEachUser = mapValueToKeys realUsers; - } // specialArgs; + } // specialArgs // (import ../keys.nix); }); - machinesPath = ../machines; - machineFilenames = builtins.attrNames (builtins.readDir machinesPath); - machineNameFromFilename = filename: builtins.head (builtins.split "\\." filename); - mkConfigurationParams = filename: { - name = machineNameFromFilename filename; - value = { - modules = [ (machinesPath + ("/" + filename)) ]; - }; - }; - defaultConfigurationParams = - builtins.listToAttrs (map mkConfigurationParams machineFilenames); - customParams = { - biskcomp = { - system = "aarch64-linux"; - }; - air-gapped-pi = { - system = "aarch64-linux"; - }; - }; in { nixosConfigurations = builtins.mapAttrs (machineName: params: diff --git a/nixos/cache.nix b/nixos/cache.nix new file mode 100644 index 00000000..ede0a540 --- /dev/null +++ b/nixos/cache.nix @@ -0,0 +1,7 @@ +{ machineNames, ... }: +{ + nix = { + binaryCaches = map (machineName: "ssh://${machineName}.local") machineNames; + }; +} + diff --git a/nixos/configuration.nix b/nixos/configuration.nix index 4265106a..fbc0cd43 100644 --- a/nixos/configuration.nix +++ b/nixos/configuration.nix @@ -3,6 +3,7 @@ imports = [ ./android.nix ./base.nix + ./cache.nix ./code.nix ./desktop.nix ./environment.nix diff --git a/nixos/flake.nix b/nixos/flake.nix index 1ab90ff0..5fc83153 100644 --- a/nixos/flake.nix +++ b/nixos/flake.nix @@ -108,42 +108,25 @@ nixified-ai = { url = "github:nixified-ai/flake"; }; nixos-wsl = { url = "github:nix-community/NixOS-WSL"; }; + + agenix.url = "github:ryantm/agenix"; }; outputs = inputs@{ self, nixpkgs, nixos-hardware, home-manager, taffybar, xmonad, - xmonad-contrib, notifications-tray-icon, nix, imalison-taffybar, ... + xmonad-contrib, notifications-tray-icon, nix, agenix, imalison-taffybar, ... }: let - mkConfig = - args@ - { system ? "x86_64-linux" - , baseModules ? [] - , modules ? [] - , specialArgs ? {} - , ... - }: - nixpkgs.lib.nixosSystem (args // { - inherit system; - modules = baseModules ++ modules; - specialArgs = rec { - inherit inputs; - myPackages = { - taffybar = inputs.imalison-taffybar.defaultPackage."${system}"; - }; - makeEnable = (import ./make-enable.nix) nixpkgs.lib; - mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys); - realUsers = [ "root" "imalison" "kat" "dean" "alex" ]; - forEachUser = mapValueToKeys realUsers; - } // specialArgs; - }); machinesFilepath = ./machines; machineFilenames = builtins.attrNames (builtins.readDir machinesFilepath); machineNameFromFilename = filename: builtins.head (builtins.split "\\." filename); + machineNames = map machineNameFromFilename machineFilenames; mkConfigurationParams = filename: { name = machineNameFromFilename filename; value = { - modules = [ (machinesFilepath + ("/" + filename)) ]; + modules = [ + (machinesFilepath + ("/" + filename)) agenix.nixosModules.default + ]; }; }; defaultConfigurationParams = @@ -156,6 +139,25 @@ system = "aarch64-linux"; }; }; + mkConfig = + args@ + { system ? "x86_64-linux" + , baseModules ? [] + , modules ? [] + , specialArgs ? {} + , ... + }: + nixpkgs.lib.nixosSystem (args // { + inherit system; + modules = baseModules ++ modules; + specialArgs = rec { + inherit inputs machineNames; + makeEnable = (import ./make-enable.nix) nixpkgs.lib; + mapValueToKeys = keys: value: builtins.listToAttrs (map (name: { inherit name value; }) keys); + realUsers = [ "root" "imalison" "kat" "dean" "alex" ]; + forEachUser = mapValueToKeys realUsers; + } // specialArgs // (import ./keys.nix); + }); in { nixosConfigurations = builtins.mapAttrs (machineName: params: diff --git a/nixos/keys.nix b/nixos/keys.nix new file mode 100644 index 00000000..f27288ff --- /dev/null +++ b/nixos/keys.nix @@ -0,0 +1,23 @@ +rec { + kanivanKeys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUSkj7587e+MAUNyU/KRpw9Vk++53Wv5nB+0V1QgiTO3rMQe6HJt0Tm2wi/o/T8GNjueT2D69YgkqOIF1FQwsj2EFLObcMzeBgs5gTSglqggA2I91BIc1vvgjCDpogOMAzAQGlTxRnqrEXhqG0jJtw8KIzLr9WrvWLdTT4rHtWS8RoOBgkQ8oxbggZ4vtbMBIwoIAYGRr70KBRNCsLTPLa8yEf+DDQxq1entzxSjHXHgyeBSVVpPCrBVmhjandk+lIFInjvAiAE1ZkJHSRccL73ORmgb1crwH7xlD9NwBPmypowMi8UIRMKfL2lNehT0AQIlEAikUBLMDzPIPhnwLZ imalison@ivanm-dfinity-razer.local" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHEsLV27EteTsuVl1gLAZRCklpMFBMhakKbQ2+MkN5rm JuiceSSH" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzGkqGJm+nrMvsrfuWOLVxXHvi0UL1ULJmyfzS9sKpy imalison@biskcomp" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOuO/tc728fKyctlufiehZQuKsD0XDiS/5x7TImk0Ip4 imalison@ivanm-dfinity-razer" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDt/rcYuGGlXBcRUJvzUCgOW8PNVkJJ5TwEOha1/KGM4 imalison@stevie-nixos" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzGkqGJm+nrMvsrfuWOLVxXHvi0UL1ULJmyfzS9sKpy imalison@biskcomp" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJr9kVlYIZIPXfXom4Fi7S2yvp5sWJ6BSM5m3uLh+8y5 imalison@adele" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIiZd2FiyTJvuvDh5hH0L3BqZV3E/kwwyau57QD7pz7C cardno:000614590850" # Dfinity Admin + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHOEt0T+Hxxat5tbkD9mSu8T271QjRrLr2EA0rIDXUNL cardno:000614590748" # Dfinity Read-Only + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMCJ08qswd3OoApAIHQwojEUJ4sre89vSngbM3x5pBP2 imalison@jay-lenovo.local" # Kat's Lenovo Legion + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOVGIGnpkU7HNQ/zl/Ffi562M+laWY9/yIjB63BCMiTS kat@nixcomp.local" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3tlMePru6ZlSuf8yUii3N1dy3WwJnSQAt3EgETkctK kat@jay-lenovo.local" + ]; + deanKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDvbEVL+y7eV4+mtxOuHwyomBBQ6uYMesctstua20+e deanwenstrand@deans-mbp-2.lan" + ]; + alexKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2SQkJenAX67Ze99SKOVpKDD1XvAZnxQ8RLP0dL/Ej2 alexm@MALISONSERVER" + ]; + allKeys = kanivanKeys ++ deanKeys ++ alexKeys; +} diff --git a/nixos/users.nix b/nixos/users.nix index 9fb174d3..662954fe 100644 --- a/nixos/users.nix +++ b/nixos/users.nix @@ -1,7 +1,5 @@ -{ pkgs, inputs, realUsers, forEachUser, ... }: -{ - security.sudo.wheelNeedsPassword = false; - users.users = let +{ pkgs, realUsers, forEachUser, kanivanKeys, deanKeys, alexKeys, allKeys, ... }: +let extraGroups = [ "audio" "adbusers" @@ -22,21 +20,10 @@ createHome = true; shell = pkgs.zsh; }; - allKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHEsLV27EteTsuVl1gLAZRCklpMFBMhakKbQ2+MkN5rm JuiceSSH" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzGkqGJm+nrMvsrfuWOLVxXHvi0UL1ULJmyfzS9sKpy imalison@biskcomp" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOuO/tc728fKyctlufiehZQuKsD0XDiS/5x7TImk0Ip4 imalison@ivanm-dfinity-razer" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDt/rcYuGGlXBcRUJvzUCgOW8PNVkJJ5TwEOha1/KGM4 imalison@stevie-nixos" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzGkqGJm+nrMvsrfuWOLVxXHvi0UL1ULJmyfzS9sKpy imalison@biskcomp" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJr9kVlYIZIPXfXom4Fi7S2yvp5sWJ6BSM5m3uLh+8y5 imalison@adele" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIiZd2FiyTJvuvDh5hH0L3BqZV3E/kwwyau57QD7pz7C cardno:000614590850" # Dfinity Admin - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHOEt0T+Hxxat5tbkD9mSu8T271QjRrLr2EA0rIDXUNL cardno:000614590748" # Dfinity Read-Only - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMCJ08qswd3OoApAIHQwojEUJ4sre89vSngbM3x5pBP2 IvanMalison@gmail.com" # Kat's Lenovo Legion - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUSkj7587e+MAUNyU/KRpw9Vk++53Wv5nB+0V1QgiTO3rMQe6HJt0Tm2wi/o/T8GNjueT2D69YgkqOIF1FQwsj2EFLObcMzeBgs5gTSglqggA2I91BIc1vvgjCDpogOMAzAQGlTxRnqrEXhqG0jJtw8KIzLr9WrvWLdTT4rHtWS8RoOBgkQ8oxbggZ4vtbMBIwoIAYGRr70KBRNCsLTPLa8yEf+DDQxq1entzxSjHXHgyeBSVVpPCrBVmhjandk+lIFInjvAiAE1ZkJHSRccL73ORmgb1crwH7xlD9NwBPmypowMi8UIRMKfL2lNehT0AQIlEAikUBLMDzPIPhnwLZ imalison@ivanm-dfinity-razer.local" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOVGIGnpkU7HNQ/zl/Ffi562M+laWY9/yIjB63BCMiTS kat@nixcomp.local" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3tlMePru6ZlSuf8yUii3N1dy3WwJnSQAt3EgETkctK kat@jay-lenovo.local" - ]; - in { +in +{ + security.sudo.wheelNeedsPassword = false; + users.users = { syncthing = { extraGroups = [ "syncthing" "wheel" ]; home = "/var/lib/syncthing"; @@ -45,30 +32,30 @@ imalison = userDefaults // { name = "imalison"; shell = pkgs.zsh; - openssh.authorizedKeys.keys = allKeys; + openssh.authorizedKeys.keys = kanivanKeys; }; kat = userDefaults // { name = "kat"; shell = pkgs.zsh; - openssh.authorizedKeys.keys = allKeys; + openssh.authorizedKeys.keys = kanivanKeys; }; dean = userDefaults // { name = "dean"; shell = pkgs.zsh; - openssh.authorizedKeys.keys = allKeys ++ [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDvbEVL+y7eV4+mtxOuHwyomBBQ6uYMesctstua20+e deanwenstrand@deans-mbp-2.lan" - ]; + openssh.authorizedKeys.keys = kanivanKeys ++ deanKeys; }; alex = userDefaults // { name = "alex"; shell = pkgs.zsh; - openssh.authorizedKeys.keys = allKeys ++ [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2SQkJenAX67Ze99SKOVpKDD1XvAZnxQ8RLP0dL/Ej2 alexm@MALISONSERVER" - ]; + openssh.authorizedKeys.keys = kanivanKeys ++ alexKeys; }; }; nix.settings.trusted-users = realUsers; + nix.sshServe = { + enable = true; + keys = allKeys; + }; home-manager.users = forEachUser (import ./home-manager.nix); }