sam
/
nixos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MODIFY: merlin host setup

This commit is contained in:
Sam 2025-01-19 19:18:31 +00:00
parent 1854ee0f33
commit 2b67f11eab
8 changed files with 29 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
flake.lock
View File

@ -539,11 +539,11 @@
}, },
"nix-secrets": { "nix-secrets": {
"locked": { "locked": {
"lastModified": 1737298189, "lastModified": 1737313275,
"narHash": "sha256-Slso8PDwsOgjxvYSujEY/EOLpSJOdNbQLSQsTMor364=", "narHash": "sha256-hnEGR+AjIrvnb+gTAZYnVvOdSpUj4amGrCWH2jA4wgM=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "c2aca41f539e9aa03e3a6436530516a4d8dd23e6", "rev": "e842e11f209c5270627c6666bc3c24dc983d1c6d",
"revCount": 225, "revCount": 241,
"type": "git", "type": "git",
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
}, },
@ -633,11 +633,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1737295402, "lastModified": 1737312124,
"narHash": "sha256-sxkCkFzgC/y14AANc7G2RVAh6LzO9JWVTStm68XKFLY=", "narHash": "sha256-eZ4WNkrX/0WZVuJbFatnOeMzIn4sUGs7RmRzU1cDGsI=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e4cc9246ce2f16913ddfaf97316983d622a48f4a", "rev": "8dab93a8c1411065f83fd60db8076dd6908449c3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -699,11 +699,11 @@
"treefmt-nix": "treefmt-nix_3" "treefmt-nix": "treefmt-nix_3"
}, },
"locked": { "locked": {
"lastModified": 1737291670, "lastModified": 1737312190,
"narHash": "sha256-iA+SQO8w012sS6OW0knTpOc/UNh8Ca+/I2JC+NDpdlE=", "narHash": "sha256-ZD2RCrIM/n90sWCMGEalMqgLnDlRCTrI0kFTGs+yvhI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "3d5cfb5c3d2832ec39c6565707bf30f9e8e42560", "rev": "1fedeccb422c9f109cd9663d0936d020f5e5230b",
"type": "github" "type": "github"
}, },
"original": { "original": {

10
home/merlin.nix Normal file
View File

@ -0,0 +1,10 @@
{
...
}: {
imports = [
./users/admin
./common/core
./common/optional/git.nix
];
}

2
home/users/admin/default.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, outputs, ... }: { outputs, ... }:
{ {
home.username = "admin"; home.username = "admin";

3
hosts/common/core/default.nix
View File

@ -32,7 +32,8 @@ in
mutableUsers = true; mutableUsers = true;
extraUsers = { extraUsers = {
root = { root = {
hashedPasswordFile = sopsHashedPasswordFile; password = "1234";
# hashedPasswordFile = sopsHashedPasswordFile;
}; };
}; };
}; };

25
hosts/common/users/admin/default.nix
View File

@ -1,10 +1,9 @@
{ pkgs, inputs, config, lib, ... }: { pkgs, inputs, config, lib, ... }:
let let
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
username = "admin"; username = "admin";
pubKeys = lib.filesystem.listFilesRecursive (../keys); pubKeys = lib.filesystem.listFilesRecursive ../keys;
hostname = config.networking.hostName; hostname = config.networking.hostName;
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/${username}".path; sopsHashedPasswordFile = config.sops.secrets."passwords/${username}".path;
secretsDirectory = builtins.toString inputs.nix-secrets; secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml"; secretsFile = "${secretsDirectory}/secrets.yaml";
@ -12,20 +11,12 @@ in
{ {
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
shell = pkgs.zsh; # default shell shell = pkgs.zsh;
hashedPasswordFile = sopsHashedPasswordFile; hashedPasswordFile = sopsHashedPasswordFile;
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key); openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
extraGroups = [ extraGroups = [
"wheel" "wheel"
] ++ ifTheyExist [
"docker"
"lxc"
"git"
"podman"
];
packages = with pkgs; [
]; ];
}; };
@ -34,16 +25,6 @@ in
sopsFile = "${secretsFile}"; sopsFile = "${secretsFile}";
neededForUsers = true; neededForUsers = true;
}; };
"ssh_keys/${username}/id_ed25519" = {
path = "/home/${username}/.ssh/id_ed25519";
mode = "0600";
owner = "${username}";
};
"ssh_keys/${username}/id_ed25519.pub" = {
path = "/home/${username}/.ssh/id_ed25519.pub";
mode = "0644";
owner = "${username}";
};
}; };
programs.zsh.enable = true; programs.zsh.enable = true;

1
hosts/merlin/default.nix
View File

@ -22,6 +22,7 @@
in { in {
imports = [ imports = [
# Create users for this host # Create users for this host
../common/users/admin
# Disk configuration # Disk configuration
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko

3
hosts/merlin/hardware-configuration.nix
View File

@ -4,9 +4,6 @@
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
{ {
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.initrd.kernelModules = [ "dm-snapshot" ];

4
scripts/bootstrap.sh
View File

@ -73,8 +73,8 @@ echo "copying current nix config to host"
cp -pr . "$temp$persist/etc/nixos" cp -pr . "$temp$persist/etc/nixos"
# Install Nixos to target # Install Nixos to target
SHELL=/bin/sh nix run github:nix-community/nixos-anywhere/1.3.0 -- --extra-files "$temp" --disk-encryption-keys /tmp/luks_secret.key /tmp/luks_secret.key --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519" SHELL=/bin/sh nix run github:nix-community/nixos-anywhere/1.6.0 -- --extra-files "$temp" --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519"
[ $? != 0 ] && echo "Error installing Nixos" && exit 1 echo $?
## Delete keys from local known_hosts ## Delete keys from local known_hosts
echo "Deleting host from known_hosts" echo "Deleting host from known_hosts"