diff --git a/flake.lock b/flake.lock index 2f5b89c..166c0ad 100644 --- a/flake.lock +++ b/flake.lock @@ -539,11 +539,11 @@ }, "nix-secrets": { "locked": { - "lastModified": 1737298189, - "narHash": "sha256-Slso8PDwsOgjxvYSujEY/EOLpSJOdNbQLSQsTMor364=", + "lastModified": 1737313275, + "narHash": "sha256-hnEGR+AjIrvnb+gTAZYnVvOdSpUj4amGrCWH2jA4wgM=", "ref": "refs/heads/master", - "rev": "c2aca41f539e9aa03e3a6436530516a4d8dd23e6", - "revCount": 225, + "rev": "e842e11f209c5270627c6666bc3c24dc983d1c6d", + "revCount": 241, "type": "git", "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" }, @@ -633,11 +633,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1737295402, - "narHash": "sha256-sxkCkFzgC/y14AANc7G2RVAh6LzO9JWVTStm68XKFLY=", + "lastModified": 1737312124, + "narHash": "sha256-eZ4WNkrX/0WZVuJbFatnOeMzIn4sUGs7RmRzU1cDGsI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e4cc9246ce2f16913ddfaf97316983d622a48f4a", + "rev": "8dab93a8c1411065f83fd60db8076dd6908449c3", "type": "github" }, "original": { @@ -699,11 +699,11 @@ "treefmt-nix": "treefmt-nix_3" }, "locked": { - "lastModified": 1737291670, - "narHash": "sha256-iA+SQO8w012sS6OW0knTpOc/UNh8Ca+/I2JC+NDpdlE=", + "lastModified": 1737312190, + "narHash": "sha256-ZD2RCrIM/n90sWCMGEalMqgLnDlRCTrI0kFTGs+yvhI=", "owner": "nix-community", "repo": "NUR", - "rev": "3d5cfb5c3d2832ec39c6565707bf30f9e8e42560", + "rev": "1fedeccb422c9f109cd9663d0936d020f5e5230b", "type": "github" }, "original": { diff --git a/home/merlin.nix b/home/merlin.nix new file mode 100644 index 0000000..8667d7f --- /dev/null +++ b/home/merlin.nix @@ -0,0 +1,10 @@ +{ + ... +}: { + imports = [ + ./users/admin + ./common/core + ./common/optional/git.nix + ]; + +} diff --git a/home/users/admin/default.nix b/home/users/admin/default.nix index 2db1b84..d6d7ae9 100644 --- a/home/users/admin/default.nix +++ b/home/users/admin/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, outputs, ... }: +{ outputs, ... }: { home.username = "admin"; diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix index c05ff8e..1b63593 100644 --- a/hosts/common/core/default.nix +++ b/hosts/common/core/default.nix @@ -32,7 +32,8 @@ in mutableUsers = true; extraUsers = { root = { - hashedPasswordFile = sopsHashedPasswordFile; + password = "1234"; + # hashedPasswordFile = sopsHashedPasswordFile; }; }; }; diff --git a/hosts/common/users/admin/default.nix b/hosts/common/users/admin/default.nix index 462a97a..a7b4226 100644 --- a/hosts/common/users/admin/default.nix +++ b/hosts/common/users/admin/default.nix @@ -1,10 +1,9 @@ { pkgs, inputs, config, lib, ... }: let - ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; username = "admin"; - pubKeys = lib.filesystem.listFilesRecursive (../keys); + pubKeys = lib.filesystem.listFilesRecursive ../keys; hostname = config.networking.hostName; - sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/${username}".path; + sopsHashedPasswordFile = config.sops.secrets."passwords/${username}".path; secretsDirectory = builtins.toString inputs.nix-secrets; secretsFile = "${secretsDirectory}/secrets.yaml"; @@ -12,20 +11,12 @@ in { users.users.${username} = { isNormalUser = true; - shell = pkgs.zsh; # default shell + shell = pkgs.zsh; hashedPasswordFile = sopsHashedPasswordFile; openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key); extraGroups = [ "wheel" - ] ++ ifTheyExist [ - "docker" - "lxc" - "git" - "podman" - ]; - - packages = with pkgs; [ ]; }; @@ -34,16 +25,6 @@ in sopsFile = "${secretsFile}"; neededForUsers = true; }; - "ssh_keys/${username}/id_ed25519" = { - path = "/home/${username}/.ssh/id_ed25519"; - mode = "0600"; - owner = "${username}"; - }; - "ssh_keys/${username}/id_ed25519.pub" = { - path = "/home/${username}/.ssh/id_ed25519.pub"; - mode = "0644"; - owner = "${username}"; - }; }; programs.zsh.enable = true; diff --git a/hosts/merlin/default.nix b/hosts/merlin/default.nix index 4d3192a..1191370 100644 --- a/hosts/merlin/default.nix +++ b/hosts/merlin/default.nix @@ -22,6 +22,7 @@ in { imports = [ # Create users for this host + ../common/users/admin # Disk configuration inputs.disko.nixosModules.disko diff --git a/hosts/merlin/hardware-configuration.nix b/hosts/merlin/hardware-configuration.nix index 0a2bb19..db50950 100644 --- a/hosts/merlin/hardware-configuration.nix +++ b/hosts/merlin/hardware-configuration.nix @@ -4,9 +4,6 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; boot.initrd.kernelModules = [ "dm-snapshot" ]; diff --git a/scripts/bootstrap.sh b/scripts/bootstrap.sh index fd458b4..98b07ba 100755 --- a/scripts/bootstrap.sh +++ b/scripts/bootstrap.sh @@ -73,8 +73,8 @@ echo "copying current nix config to host" cp -pr . "$temp$persist/etc/nixos" # Install Nixos to target -SHELL=/bin/sh nix run github:nix-community/nixos-anywhere/1.3.0 -- --extra-files "$temp" --disk-encryption-keys /tmp/luks_secret.key /tmp/luks_secret.key --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519" -[ $? != 0 ] && echo "Error installing Nixos" && exit 1 +SHELL=/bin/sh nix run github:nix-community/nixos-anywhere/1.6.0 -- --extra-files "$temp" --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519" +echo $? ## Delete keys from local known_hosts echo "Deleting host from known_hosts"