changed media to sparky

flake.lock

@@ -58,11 +58,11 @@
     "nix-secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1715874814,
-        "narHash": "sha256-6/+UqZ8szxgfDUqOoohJes3dp35N1S/WMMb3O5sXMxw=",
+        "lastModified": 1715968354,
+        "narHash": "sha256-SqWi7qdDTdWV8eNfe/AgPI2qa+CR9xvSqeW+bUlgrQs=",
         "ref": "refs/heads/master",
-        "rev": "dc3f14aae4111cd318f4c42c91382bf884101556",
-        "revCount": 6,
+        "rev": "e2756ddf1b86a9fa574740fe7e9d12c3996a24a1",
+        "revCount": 10,
         "type": "git",
         "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
       },

flake.nix

@@ -81,10 +81,10 @@
           ./hosts/bootstrap
         ];
       };
-      media = nixpkgs.lib.nixosSystem {
+      sparky = nixpkgs.lib.nixosSystem {
         inherit specialArgs;
         modules = [
-          ./hosts/media
+          ./hosts/sparky
           home-manager.nixosModules.home-manager{
             home-manager.extraSpecialArgs = specialArgs;
           }

home/common/optional/sops.nix

@@ -1,8 +1,10 @@
-{ inputs, config, ... }:
+{ inputs, config, osConfig, ... }:
 let
   secretsDirectory = builtins.toString inputs.nix-secrets;
   secretsFile = "${secretsDirectory}/secrets.yaml";
   homeDirectory = config.home.homeDirectory;
+  username = config.home.username;
+  hostname = osConfig.networking.hostName;
 in
 {
   imports = [
@@ -16,11 +18,11 @@ in
     validateSopsFiles = false;
 
     secrets = {
-      "ssh_keys/sam/gitea" = {
-        path = "${homeDirectory}/.ssh/gitea";
+      "ssh_keys/${username}@${hostname}/${username}@${hostname}-ssh-ed25519" = {
+        path = "${homeDirectory}/.ssh/${username}@${hostname}-ssh-ed25519";
       };
-      "ssh_keys/sam/gitea.pub" = {
-        path = "${homeDirectory}/.ssh/gitea.pub";
+      "ssh_keys/${username}@${hostname}/${username}@${hostname}-ssh-ed25519.pub" = {
+        path = "${homeDirectory}/.ssh/${username}@${hostname}-ssh-ed25519.pub";
       };
     };
   };

hosts/common/core/default.nix

@@ -9,6 +9,7 @@
       pkgs.curl
       pkgs.just
       pkgs.git
+      pkgs.neovim
   ]; 
 
 }

hosts/sparky/default.nix

@@ -4,8 +4,8 @@
   imports =
     [ 
       # Disk configuration
-      #inputs.disko.nixosModules.disko
-      #(import ../common/disks/std-disk-config.nix { device = "/dev/vda"; })
+      inputs.disko.nixosModules.disko
+      (import ../common/disks/std-disk-config.nix { device = "/dev/vda"; })
       ../common/optional/btrfs-impermanence.nix
       inputs.impermanence.nixosModules.impermanence
 
@@ -41,6 +41,7 @@
     ];
     users.media = {
         directories = [
+          "sync"
           "keep"
           ".ssh"
         ];
@@ -56,7 +57,7 @@
   };
 
   networking = {
-    hostName = "media";
+    hostName = "sparky";
     networkmanager.enable = true;
     enableIPv6 = false;
   };
@@ -67,33 +68,29 @@
       enable = true;
       ports = [22]; # FIXME: Make this use configVars.networking
       settings.PermitRootLogin = "yes";
-      # Fix LPE vulnerability with sudo use SSH_AUTH_SOCK: https://github.com/NixOS/nixpkgs/issues/31611
-      # this mitigates the security issue caused by enabling u2fAuth in pam
       authorizedKeysFiles = lib.mkForce ["/etc/ssh/authorized_keys.d/%u"];
     };
   };
+  services.libinput.enable = true;
+  services.displayManager.defaultSession = "cinnamon";
+
+	services.xserver = {
+		enable = true;
+		#libinput.enable = true;
+		displayManager.lightdm.enable = true;
+		desktopManager = {
+			cinnamon.enable = true;
+		};
+		#displayManager.defaultSession = "cinnamon";
+	};
 
   security.pam = {
     sshAgentAuth.enable = true;
-    #FIXME the above is deprecated in 24.05 but we will wait until release
-    #sshAgentAuth.enable = true;
     services = {
       sudo.u2fAuth = true;
     };
   };
 
-  # ssh-agent is used to pull my private secrets repo from gitlab when deploying nix-config.
- # programs.ssh.startAgent = true;
-
-  environment.systemPackages = builtins.attrValues {
-    inherit(pkgs)
-    wget
-    curl
-    git
-    rsync;
-  };
-
-
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
   system.stateVersion = "23.11";
 }

hosts/sparky/hardware-configuration.nix

@@ -13,38 +13,6 @@
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
 
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/d6657061-a847-49f8-9219-f9e668fe34aa";
-      fsType = "btrfs";
-      options = [ "subvol=root" ];
-    };
-
-  fileSystems."/nix" =
-    { device = "/dev/disk/by-uuid/d6657061-a847-49f8-9219-f9e668fe34aa";
-      fsType = "btrfs";
-      options = [ "subvol=nix" ];
-    };
-
-  fileSystems."/.swapvol" =
-    { device = "/dev/disk/by-uuid/d6657061-a847-49f8-9219-f9e668fe34aa";
-      fsType = "btrfs";
-      options = [ "subvol=swap" ];
-    };
-
-  fileSystems."/persist" =
-    { device = "/dev/disk/by-uuid/d6657061-a847-49f8-9219-f9e668fe34aa";
-      fsType = "btrfs";
-      options = [ "subvol=persist" ];
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/7619-58F2";
-      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
-    };
-
-  swapDevices = [ ];
-
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's
   # still possible to use this option, but it's recommended to use it in conjunction

scripts/bootstrap.sh

@@ -21,8 +21,8 @@ read -p "Enter nixosSystem to build, e.g. 'bootstrap': " config
 KEY_DIR="$HOME/keys/$hostname/"
 mkdir -p $KEY_DIR
 
-echo "Creating ssh keys for new host. Will create in current directory: "$KEY_DIR
-KEY_NAME="ssh_ed25519_key_$hostname"
+echo "Creating ssh keys for new host."
+KEY_NAME="$username@$hostname-ssh-ed25519"
 
 KNOWN_HOSTS=$(grep "$ip" ~/.ssh/known_hosts)
 confirm_delete=""
@@ -30,8 +30,8 @@ confirm_delete=""
 [ "$KNOWN_HOSTS" != "" ] && echo -e "Host found in: ~/.ssh/known_hosts\n\n$KNOWN_HOSTS\n" && read -p "Delete existing hosts from ~/.ssh/known_hosts? (yes|no) " confirm_delete
 [ "$confirm_delete" = "yes" ] && sed -i "/$ip/d" ~/.ssh/known_hosts 
 
-echo "Copying pubkey to target host"
-ssh-copy-id -i "$(readlink -n "$HOME/.ssh/gitea.pub" )" "root@$ip"
+echo "Copying deploy_key pubkey to target host"
+ssh-copy-id -i "$(readlink -n "$HOME/.ssh/deploy_key-ssh-ed25519.pub" )" "root@$ip"
 
 overwrite=""
 [ -f "$KEY_DIR/$KEY_NAME" ] && read -p "Key exists, would you like to overwrite it? (yes|no) " overwrite
@@ -39,7 +39,7 @@ overwrite=""
 [  -z "$overwrite" ] || [ "$overwrite" == "yes" ] && ssh-keygen -t ed25519 -f "$KEY_DIR/$KEY_NAME" -C "$hostname@$ip" -N ""
 
 echo "Copying ssh key to target host:"
-scp -i "$KEY_DIR/ssh_ed25519_key_$hostname"* "root@$ip:/etc/ssh/"
+scp -i "$KEY_DIR/$KEY_NAME"* "root@$ip:/etc/ssh/"
 [ $? != 0 ] && echo "Error copying keys to target host" && exit 1
 
 echo "Generating age key from ssh key"
@@ -76,12 +76,12 @@ done
 echo "$ip is now online and port 22 is open!"
 
 echo "Configuring ssh keys on target host to enable connection to gitea:"
-ssh-copy-id -i "$HOME/.ssh/gitea.pub" "$username@$ip"
+ssh-copy-id -i "$HOME/.ssh/deploy_key-ssh-ed25519.pub" "$username@$ip"
 read -r -d '' config << EOM
 Host git.bitlab21.com
     IdentitiesOnly yes
     StrictHostKeyChecking no
-    IdentityFile ~/.ssh/gitea
+    IdentityFile ~/.ssh/deploy_key-ssh-ed25519
 EOM
 
 # Append the string to file on target machine
@@ -119,7 +119,7 @@ done
 echo "Copying gitea private ssh key to host"
 echo "New password is 'nixos'"
 
-rsync -av "$(readlink -n "$HOME/.ssh/gitea" )" "$username@$ip":~/.ssh/gitea
+rsync -av "$(readlink -n "$HOME/.ssh/deploy_key-ssh-ed25519" )" "$username@$ip":~/.ssh/deploy_key-ssh-ed25519
 ssh "$username@$ip" "nix-shell -p git --run 'git clone git@git.bitlab21.com:sam/nixos.git'"
 ssh "$username@$ip" "nix-shell -p git --run 'git clone git@git.bitlab21.com:sam/nix-secrets.git'"