From dceaab5707a0205958124c1f0f7f3a7ac97a0146 Mon Sep 17 00:00:00 2001 From: Aaron Bieber Date: Wed, 9 Aug 2023 05:56:09 -0600 Subject: [PATCH] hamie: init, but also not working --- bin/mkboot | 3 + flake.nix | 13 ++++- minimal.nix | 158 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 173 insertions(+), 1 deletion(-) create mode 100644 minimal.nix diff --git a/bin/mkboot b/bin/mkboot index db71c14..77577f0 100755 --- a/bin/mkboot +++ b/bin/mkboot @@ -4,6 +4,9 @@ case $1 in arm | arm64) nix build .#nixosConfigurations.arm64Install.config.system.build.sdImage ;; +hamie) + nix build .#nixosConfigurations.hamie.config.system.build.sdImage + ;; haas) nix build .#nixosConfigurations.hassInstall.config.system.build.isoImage ;; diff --git a/flake.nix b/flake.nix index 9024e14..e92cd76 100644 --- a/flake.nix +++ b/flake.nix @@ -257,6 +257,17 @@ "${stable}/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma5.nix" ]; }; + + hamie = stable.lib.nixosSystem { + system = "aarch64-linux"; + + modules = [ + (import ./minimal.nix) + xin-secrets.nixosModules.sops + + "${stable}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix" + ]; + }; }; packages = forAllSystems (system: let @@ -348,7 +359,7 @@ }; checks = let - buildList = ["europa" "stan" "h" "box" "faf"]; + buildList = ["europa" "stan" "h" "box" "faf" "hamie"]; in with unstable.lib; foldl' recursiveUpdate {} (mapAttrsToList (name: system: { diff --git a/minimal.nix b/minimal.nix new file mode 100644 index 0000000..7571482 --- /dev/null +++ b/minimal.nix @@ -0,0 +1,158 @@ +{ + config, + lib, + options, + pkgs, + ... +}: let + managementKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDM2k2C6Ufx5RNf4qWA9BdQHJfAkskOaqEWf8yjpySwH Nix Manager"; +in { + imports = [./configs/colemak.nix ./configs/tmux.nix ./configs/neovim.nix]; + + options.myconf = { + hwPubKeys = lib.mkOption rec { + type = lib.types.listOf lib.types.str; + default = [ + managementKey + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB1cBO17AFcS2NtIT+rIxR2Fhdu3HD4de4+IsFyKKuGQAAAACnNzaDpsZXNzZXI=" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDEKElNAm/BhLnk4Tlo00eHN5bO131daqt2DIeikw0b2AAAABHNzaDo=" + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0=" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHrYWbbgBkGcOntDqdMaWVZ9xn+dHM+Ap6s1HSAalL28AAAACHNzaDptYWlu" + ]; + example = default; + description = "List of hardwar public keys to use"; + }; + zshPrompt = lib.mkOption rec { + type = lib.types.lines; + example = default; + description = "Base zsh prompt"; + default = '' + autoload -U promptinit && promptinit + autoload -Uz vcs_info + autoload -Uz colors && colors + + setopt prompt_subst + #setopt prompt_sp + + zstyle ':vcs_info:*' enable git hg cvs + zstyle ':vcs_info:*' get-revision true + zstyle ':vcs_info:git:*' check-for-changes true + zstyle ':vcs_info:git:*' formats '(%b)' + + precmd_vcs_info() { vcs_info } + precmd_functions+=( precmd_vcs_info ) + + prompt_char() { + if [ -z "$IN_NIX_SHELL" ]; then + echo -n "%#" + else + echo -n ";" + fi + } + + PROMPT='%n@%m[%(?.%{$fg[default]%}.%{$fg[red]%})%?%{$reset_color%}]:%~$vcs_info_msg_0_$(prompt_char) ' + + eval "$(direnv hook zsh)" + + ''; + }; + zshConf = lib.mkOption rec { + type = lib.types.lines; + example = default; + description = "Base zsh config"; + default = '' + export NO_COLOR=1 + # That sweet sweet ^W + WORDCHARS='*?_-.[]~=&;!#$%^(){}<>' + + autoload -Uz compinit && compinit + + set -o emacs + + ''; + }; + }; + + config = { + sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + + # from https://github.com/dylanaraps/neofetch + users.motd = '' + + ::::. '::::: ::::' + '::::: ':::::. ::::' + ::::: '::::.::::: + .......:::::..... :::::::: + ::::::::::::::::::. :::::: ::::. + ::::::::::::::::::::: :::::. ::::' + ..... ::::' :::::' + ::::: '::' :::::' + ........::::: ' :::::::::::. + ::::::::::::: ::::::::::::: + ::::::::::: .. ::::: + .::::: .::: ::::: + .::::: ..... + ::::: :::::. ......:::::::::::::' + ::: ::::::. ':::::::::::::::::' + .:::::::: ':::::::::: + .::::'''::::. '::::. + .::::' ::::. '::::. + .:::: :::: '::::. + + ''; + boot.tmp.cleanOnBoot = true; + + environment.systemPackages = with pkgs; [inetutils]; + + environment.interactiveShellInit = '' + alias vi=nvim + ''; + + time.timeZone = "US/Mountain"; + + systemd.services."setdate" = + if pkgs.system == "aarch64-linux" + then { + description = "Set date on boot"; + wantedBy = ["network-online.target"]; + after = ["network-online.target"]; + script = '' + . /etc/profile; + ${pkgs.outils}/bin/rdate pool.ntp.org + ''; + serviceConfig.Type = "oneshot"; + } + else {}; + + programs = { + zsh.enable = true; + ssh = { + startAgent = true; + extraConfig = ""; + }; + }; + + users.users.root = { + openssh.authorizedKeys.keys = config.myconf.hwPubKeys; + }; + + services = { + openntpd.enable = true; + pcscd.enable = true; + openssh = { + enable = true; + settings = { + PermitRootLogin = lib.mkForce "prohibit-password"; + PasswordAuthentication = false; + KexAlgorithms = ["curve25519-sha256" "curve25519-sha256@libssh.org"]; + Macs = [ + "hmac-sha2-512-etm@openssh.com" + "hmac-sha2-256-etm@openssh.com" + "umac-128-etm@openssh.com" + ]; + }; + }; + }; + system.stateVersion = "21.11"; + }; +}