From 98e22c2639ea4c0ac2734b28cec27b37e4d159a3 Mon Sep 17 00:00:00 2001 From: Aaron Bieber Date: Wed, 28 Feb 2024 09:48:35 -0700 Subject: [PATCH] all: switch from barrier to rkvm --- configs/smug.nix | 4 ++-- flake.lock | 8 ++++---- hosts/europa/default.nix | 31 ++++++++++++++++++++++++++----- hosts/stan/default.nix | 19 +++++++++++++++---- 4 files changed, 47 insertions(+), 15 deletions(-) diff --git a/configs/smug.nix b/configs/smug.nix index 76c7103..3db259b 100644 --- a/configs/smug.nix +++ b/configs/smug.nix @@ -56,9 +56,9 @@ in ]; } { - name = "Barrier"; + name = "KVM"; commands = [ - "barriers -a 127.0.0.1 -f --disable-crypto" + "sudo rkvm-server /etc/rkvm/server.toml" ]; panes = [ { diff --git a/flake.lock b/flake.lock index d21217f..d2e4866 100644 --- a/flake.lock +++ b/flake.lock @@ -562,11 +562,11 @@ ] }, "locked": { - "lastModified": 1707101062, - "narHash": "sha256-2GJWMoIzetP6isvu62XBoeLMG00x6QkjuY9w51pSC8s=", + "lastModified": 1709134824, + "narHash": "sha256-vBuZkJoM8JqThSO/TntmzjngnHsthqRZltt5gWpVmJk=", "ref": "main", - "rev": "e358f0a9ba75dba44b5b7853a6387c7e8a67ae26", - "revCount": 126, + "rev": "86158f5100491f8701cf3ff057bc6e958c71d2e5", + "revCount": 128, "type": "git", "url": "ssh://xin-secrets-ro/qbit/xin-secrets.git" }, diff --git a/hosts/europa/default.nix b/hosts/europa/default.nix index 050d95b..3949875 100644 --- a/hosts/europa/default.nix +++ b/hosts/europa/default.nix @@ -9,9 +9,6 @@ let inherit (inputs.stable.legacyPackages.${pkgs.system}) chirp beets; inherit (builtins) readFile; inherit (xinlib) jobToUserService; - #doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default.override { - # doomPrivateDir = ../../configs/doom.d; - #}; peerixUser = if builtins.hasAttr "peerix" config.users.users then config.users.users.peerix.name @@ -36,6 +33,7 @@ let path = [ pkgs.taskobs ] ++ pkgs.taskobs.buildInputs; } ]; + rkvmTomlFmt = pkgs.formats.toml { }; in { _module.args.isUnstable = true; @@ -43,6 +41,18 @@ in imports = [ ./hardware-configuration.nix ../../pkgs ]; sops.secrets = { + rkvm_cert = { + sopsFile = config.xin-secrets.europa.qbit; + owner = "root"; + group = "wheel"; + mode = "400"; + }; + rkvm_key = { + sopsFile = config.xin-secrets.europa.qbit; + owner = "root"; + group = "wheel"; + mode = "400"; + }; fastmail = { sopsFile = config.xin-secrets.europa.qbit; owner = "qbit"; @@ -304,7 +314,19 @@ in ]; environment = { - etc."barrier.conf" = { text = readFile ../../configs/barrier.conf; }; + etc."rkvm/server.toml" = { + text = readFile + (rkvmTomlFmt.generate "server.toml" { + listen = "127.0.0.1:24800"; + switch-keys = [ + "caps-lock" + "left-alt" + ]; + certificate = "${config.sops.secrets.rkvm_cert.path}"; + key = "${config.sops.secrets.rkvm_key.path}"; + password = "fake"; + }); + }; sessionVariables = { XDG_BIN_HOME = "\${HOME}/.local/bin"; XDG_CACHE_HOME = "\${HOME}/.cache"; @@ -318,7 +340,6 @@ in systemPackages = with pkgs; [ arduino - barrier beets # stable calibre chirp # stable diff --git a/hosts/stan/default.nix b/hosts/stan/default.nix index b952d1b..1b630ca 100644 --- a/hosts/stan/default.nix +++ b/hosts/stan/default.nix @@ -19,9 +19,7 @@ let if builtins.hasAttr "peerix" config.users.users then config.users.users.peerix.name else "root"; - #doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default.override { - # doomPrivateDir = ../../configs/doom.d; - #}; + rkvmTomlFmt = pkgs.formats.toml { }; in { _module.args.isUnstable = true; @@ -122,6 +120,12 @@ in sshFidoAgent.enable = true; sops.secrets = { + rkvm_cert = { + sopsFile = config.xin-secrets.stan.main; + owner = "root"; + group = "wheel"; + mode = "400"; + }; vm_pass = { sopsFile = config.xin-secrets.stan.main; owner = "root"; @@ -177,7 +181,6 @@ in }; }; systemPackages = with pkgs; [ - barrier fzf google-chrome ispell @@ -265,6 +268,14 @@ in }; services = { + rkvm.client = { + enable = true; + settings = { + certificate = "${config.sops.secrets.rkvm_cert.path}"; + password = "fake"; + server = "127.0.0.1:24800"; + }; + }; restic = { backups = { remote = {