Compare commits
4 commits
5592bc9650
...
25cc3e0040
Author | SHA1 | Date | |
---|---|---|---|
25cc3e0040 | |||
a15ffef4ce | |||
daeb5b69f4 | |||
e1c0f409c3 |
11 changed files with 122 additions and 52 deletions
|
@ -2,7 +2,6 @@ keys:
|
|||
- &base age1tltjgexkp5fz3rum4j0k66ty5q4u8ptvkgkepumd20zal24g2qfs5xgw76
|
||||
- ¬522 age1emv3kzvwgl36hgllrv7rlekqy3y3c6eztadl3lv09ks3z9vv6vdqw06yqa
|
||||
- &pc-installer age1eh2vd6cdy23qazwg0hzq95pn9e6p8yaqu4g6zyan8gzal4x5ed5qful8kg
|
||||
- &root age1pcdyf483yl2r8wny30yxsp9yusgder6vra7yrf7qjqn5fjhcxeaq3342ew
|
||||
- &darkkirb age15g6tzvcmcp3ae4hwnn4pwewat6eq9unlhtjrlaka6rf94ej9dd5qqpgt7u
|
||||
|
||||
creation_rules:
|
||||
|
@ -31,6 +30,7 @@ creation_rules:
|
|||
- path_regex: programs/ssh/shared-keys.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *root
|
||||
- *darkkirb
|
||||
- *base
|
||||
- *not522
|
||||
- *pc-installer
|
||||
|
|
|
@ -3,5 +3,6 @@
|
|||
isGraphical = true;
|
||||
imports = [
|
||||
./kde
|
||||
./graphical/plymouth.nix
|
||||
];
|
||||
}
|
||||
|
|
17
config/graphical/plymouth.nix
Normal file
17
config/graphical/plymouth.nix
Normal file
|
@ -0,0 +1,17 @@
|
|||
{config, ...}: {
|
||||
boot = {
|
||||
plymouth.enable = true;
|
||||
consoleLogLevel = 0;
|
||||
initrd.verbose = false;
|
||||
kernelParams = [
|
||||
"quiet"
|
||||
"splash"
|
||||
"boot.shell_on_fail"
|
||||
"loglevel=3"
|
||||
"rd.systemd.show_status=false"
|
||||
"rd.udev.log_level=3"
|
||||
"udev.log_priority=3"
|
||||
];
|
||||
loader.timeout = 0;
|
||||
};
|
||||
}
|
5
config/verbose.nix
Normal file
5
config/verbose.nix
Normal file
|
@ -0,0 +1,5 @@
|
|||
{...}: {
|
||||
disabledModules = [
|
||||
./graphical/plymouth.nix
|
||||
];
|
||||
}
|
|
@ -18,5 +18,11 @@
|
|||
./graphical.nix
|
||||
];
|
||||
};
|
||||
specialisation.graphical-verbose = {
|
||||
configuration.imports = [
|
||||
./graphical.nix
|
||||
"${nixos-config}/config/verbose.nix"
|
||||
];
|
||||
};
|
||||
isInstaller = true;
|
||||
}
|
||||
|
|
|
@ -106,21 +106,27 @@ in {
|
|||
settings = {
|
||||
"extensions.autoDisableScopes" = 0;
|
||||
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
|
||||
"browser.tabs.inTitlebar" = 0;
|
||||
"widget.use-xdg-desktop-portal.file-picker" = 1;
|
||||
"widget.use-xdg-desktop-portal.location" = 1;
|
||||
"widget.use-xdg-desktop-portal.mime-handler" = 1;
|
||||
"widget.use-xdg-desktop-portal.open-uri" = 1;
|
||||
"widget.use-xdg-desktop-portal.settings" = 1;
|
||||
};
|
||||
userChrome = ''
|
||||
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
|
||||
#main-window #titlebar {
|
||||
overflow: hidden;
|
||||
transition: height 0.3s 0.3s !important;
|
||||
|
||||
#TabsToolbar {
|
||||
visibility: collapse;
|
||||
}
|
||||
|
||||
#titlebar {
|
||||
display: none;
|
||||
}
|
||||
|
||||
#sidebar-header {
|
||||
display: none;
|
||||
}
|
||||
/* Default state: Set initial height to enable animation */
|
||||
#main-window #titlebar { height: 3em !important; }
|
||||
#main-window[uidensity="touch"] #titlebar { height: 3.35em !important; }
|
||||
#main-window[uidensity="compact"] #titlebar { height: 2.7em !important; }
|
||||
/* Hidden state: Hide native tabs strip */
|
||||
#main-window[titlepreface*=""] #titlebar { height: 0 !important; }
|
||||
/* Hidden state: Fix z-index of active pinned tabs */
|
||||
#main-window[titlepreface*=""] #tabbrowser-tabs { z-index: 0 !important; }
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,39 +1,51 @@
|
|||
{config, ...}: {
|
||||
{
|
||||
config,
|
||||
systemConfig,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
identityFile =
|
||||
if config.home.username == "root"
|
||||
then systemConfig.sops.secrets.".ssh/builder_id_ed25519".path
|
||||
else config.sops.secrets.".ssh/builder_id_ed25519".path;
|
||||
in {
|
||||
programs.ssh = {
|
||||
enable = true;
|
||||
matchBlocks = {
|
||||
"build-nas" = {
|
||||
hostname = "nas.int.chir.rs";
|
||||
identitiesOnly = true;
|
||||
identityFile = config.sops.secrets.".ssh/builder_id_ed25519".path;
|
||||
inherit identityFile;
|
||||
port = 22;
|
||||
user = "remote-build";
|
||||
};
|
||||
"build-rainbow-resort" = {
|
||||
hostname = "rainbow-resort.int.chir.rs";
|
||||
identitiesOnly = true;
|
||||
identityFile = config.sops.secrets.".ssh/builder_id_ed25519".path;
|
||||
inherit identityFile;
|
||||
port = 22;
|
||||
user = "remote-build";
|
||||
};
|
||||
"build-aarch64" = {
|
||||
hostname = "instance-20221213-1915.int.chir.rs";
|
||||
identitiesOnly = true;
|
||||
identityFile = config.sops.secrets.".ssh/builder_id_ed25519".path;
|
||||
inherit identityFile;
|
||||
port = 22;
|
||||
user = "remote-build";
|
||||
};
|
||||
"build-riscv" = {
|
||||
hostname = "not522.tailbab65.ts.net";
|
||||
identitiesOnly = true;
|
||||
identityFile = config.sops.secrets.".ssh/builder_id_ed25519".path;
|
||||
inherit identityFile;
|
||||
port = 22;
|
||||
user = "remote-build";
|
||||
};
|
||||
};
|
||||
};
|
||||
sops.secrets.".ssh/builder_id_ed25519" = {
|
||||
sops.secrets = lib.mkIf (config.home.username != "root") {
|
||||
".ssh/builder_id_ed25519" = {
|
||||
mode = "600";
|
||||
sopsFile = ./shared-keys.yaml;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
systemConfig,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
|
@ -10,12 +11,17 @@
|
|||
controlMaster = "auto";
|
||||
controlPersist = "10m";
|
||||
matchBlocks."*" = lib.hm.dag.entryAfter ["build-nas" "build-rainbow-resort" "build-aarch64" "build-riscv"] {
|
||||
identityFile = config.sops.secrets.".ssh/id_ed25519_sk".path;
|
||||
identityFile =
|
||||
if config.home.username == "root"
|
||||
then systemConfig.sops.secrets.".ssh/id_ed25519_sk".path
|
||||
else config.sops.secrets.".ssh/id_ed25519_sk".path;
|
||||
};
|
||||
enable = true;
|
||||
};
|
||||
sops.secrets.".ssh/id_ed25519_sk" = {
|
||||
sops.secrets = lib.mkIf (config.home.username != "root") {
|
||||
".ssh/id_ed25519_sk" = {
|
||||
mode = "600";
|
||||
sopsFile = ./shared-keys.yaml;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -7,32 +7,41 @@ sops:
|
|||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1pcdyf483yl2r8wny30yxsp9yusgder6vra7yrf7qjqn5fjhcxeaq3342ew
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1OGN5azZvMFZlY0wxZ0xX
|
||||
b2lGakZzY1FCdnhTZlU0RTB3aUVhUlROYTJJCnlZdDk1K28wTjBVR09rVlRLT3J3
|
||||
WU1FeDJWRlNjb2lyMGpCVVlJYVhLNGcKLS0tIEt1VVlkY3FsYk1aeUcvaFlDS3Ju
|
||||
SFVHWnpMdXlQcXdaNUtwOUh3Sjg1YUEKEiO3ohjqoNg5lu/2Yyg07HMuvo+qtsMR
|
||||
2e0CBnuUT8g2kIsN8IYgY6sMX3yNvpuL0AmjiL+ncF/w38JFBzJmCw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age15g6tzvcmcp3ae4hwnn4pwewat6eq9unlhtjrlaka6rf94ej9dd5qqpgt7u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4UkcrcENqckkxcXJHcG0z
|
||||
b0hzZ0JPWjg4RjREMENmeVRyUmJvNWc2WVhJCkVoM3lhb2VpUXUvNTR2K2pwUVVU
|
||||
MzRrMm5XWTRSdXppcXdvWmlYWXNrcEEKLS0tIG92c3VOYkVvRG1Bd0Z6U2ZZRG14
|
||||
dHQvc3JMU0JRUEFNWHVjQkNOYmdYQzAKSWERLI8m2IzLdmGCel7ca12JeOTBm5mg
|
||||
qmjtjTTRRZc+decLAgpZd0CUza3hZcJjRWyKUXP4yeItCaAmOgJ7VQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxeUl2SHFQVDZEUnB6aGtT
|
||||
dnh4V3JObG5QVTFNWUJZNEVCZ0ZSN0RrZXdrCmZLeHVEMTl5Uk13eVZzZUhYQUpV
|
||||
ZEFjWGtvQXB4S0lPNTF6dkRuTURCaE0KLS0tIGxTRXBBQ3kvUjUya05YREUrRDVR
|
||||
dHJLcWF3QTBNNTNMTElPckZsNTVuZlkKv+O1BXdVBAhQA98crwWC8h5EHy8XT7FZ
|
||||
PB7KEKxI/K5Gk+mBEYmipU1sUIgDOlZxXqC1kDKdmZmhHbKDEC2irQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1tltjgexkp5fz3rum4j0k66ty5q4u8ptvkgkepumd20zal24g2qfs5xgw76
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqWVZVRXoyVSsyMlVEU3NF
|
||||
SHFMMGVVeHdMcUtvQ0ZNdHFzYlI4ZjdNL1hnCnFQK0pzaGovTHV0K1A3cUtEQVRE
|
||||
N09hZ1BjUEtnbGdaWTJQSXJHMHZQaW8KLS0tIDlZc2RteFgycnhrMFdSR0RjOTBK
|
||||
SEtJZWVEZ3dsbkUyM09JVnI1WnN6RXcK+odcorNYMvm21CWVDlO48ubj3X3nuhRh
|
||||
m0giyDyxRRXFye7XptZayT64Vcx6wRXXMm3SOZL2BVwuLibZeIagrg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQVHlBeHJTODVBQ1hhYkFF
|
||||
emFWczVmblR6VW5rbkF6MnUwejA3Wjc3aXpBCmI2Wm1xc2VFeDdXcUZEN0dJOWF0
|
||||
V3RON2FKY1U4YmhPQldTWWNZaUZ5dEUKLS0tIDJRQVJreE9JV0FLcnRWQzhFRGtK
|
||||
cFhyUlBMQVg1a2pPdXI3SW5KSmsvNVUK86u53KET36rjOqB7Ecp//vk+fr7sSxyR
|
||||
luP5xkQKNCECQxsSMuFO3T4qY8Kso93mO9vajv51rXBOK/8mQ2Q/CQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1emv3kzvwgl36hgllrv7rlekqy3y3c6eztadl3lv09ks3z9vv6vdqw06yqa
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVQlVwem1tQ3NqSHViQm1a
|
||||
bkR2MnVZT1ZLM0Q2V0tiUEg4UC8zTjBIbUFNCkZ4REhYb2hNTFFCSFF0VmZnbSty
|
||||
SklVZ0JQWXRka0pSajV2TlU1aUJSeVEKLS0tIHFEWHdteW50WVArcmtISEFoNTVa
|
||||
d3hwK2F1VVNWbUxpZmY3cjNKMHd3L1kKyqHhER26gbDrmn+bDHVlhG3/MP5hL2OF
|
||||
OuqVrOI1wBFwFN5BCbSnvnG4QOkqFnhh9O+zmGzPfw95nsLVF2wjng==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1eh2vd6cdy23qazwg0hzq95pn9e6p8yaqu4g6zyan8gzal4x5ed5qful8kg
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1VzA2VUNoRVFNNUlaTyt1
|
||||
VEVyRmJxYlBPZ2RwQkFKU2JFbDEyYU8wZjE4Cm54a29ZaGRueFRtaHI4RXFEN1FB
|
||||
U3RUYjRQM2hDY0RHd0FiZ0VBWmtwTHcKLS0tIG1sejZtWTJReVA0ZmlYVmFNSzIx
|
||||
MkNpV3pYYlNCQ05QN0NyQXM3Q2Nzb00K9o3t7LNSk8A9MTGUicE1KmyQdWnBOypn
|
||||
PCyV+1tAfQeDaKCHR0Wvxlfqz3EEb8KzCK1tAohxGeSJywl9PF4unQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-11-06T08:58:58Z"
|
||||
mac: ENC[AES256_GCM,data:yzeJcuRDNbPebTJ4wwT4yiOuFMplSOf/XJcdw+g04S3ELj8tWwmQszv/gYJfCTI7kfeREbggyddF/2g4T7dzwCK2dWvGNRvGz96JFvYalWwI8a1ZSDk2DCS1ahKzcXisLG1WtVqVpr7i5ttkWGUjrgcRJrekLCCHGz228JnlUvE=,iv:EQs/TLqF8Hzah5YDZ2GqSrpr8FGkZgHt/Q/4bMlWe8U=,tag:AWsIaUAphZ2g95idHnhNSQ==,type:str]
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{config, ...}: {
|
||||
{
|
||||
nixos-config,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
users.users.root = {
|
||||
createHome = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
|
@ -10,10 +15,14 @@
|
|||
neededForUsers = true;
|
||||
sopsFile = ./system.yaml;
|
||||
};
|
||||
sops.secrets."users/users/root/age-key" = {
|
||||
owner = "root";
|
||||
sopsFile = ./system.yaml;
|
||||
sops.secrets.".ssh/builder_id_ed25519" = {
|
||||
mode = "600";
|
||||
sopsFile = "${nixos-config}/programs/ssh/shared-keys.yaml";
|
||||
};
|
||||
home-manager.users.root.sops.age.keyFile = config.sops.secrets."users/users/root/age-key".path;
|
||||
sops.secrets.".ssh/id_ed25519_sk" = {
|
||||
mode = "600";
|
||||
sopsFile = "${nixos-config}/programs/ssh/shared-keys.yaml";
|
||||
};
|
||||
home-manager.users.root.sops.secrets = lib.mkForce {};
|
||||
environment.impermanence.users = ["root"];
|
||||
}
|
||||
|
|
|
@ -2,7 +2,6 @@ users:
|
|||
users:
|
||||
root:
|
||||
hashedPassword: ENC[AES256_GCM,data:ptHTZ/MHRId363TlEWNJpOMQ46dISPSQjvrqsxQzq9hmDU3oC0FO9Mtf08I9wcVa0KpIEQfSZp/AgZ7yburK9EpfBccwudRdzpCBynsRYxhbuirSAm4ANaBLyrYx1jsCXFbeNDA4xsrmfw==,iv:WIG8qv7vAIUN8MMPkPKc9sjG1CQMYk03/C2TYSDs9zY=,tag:9Vm8Grn2AtME0O329N60Bw==,type:str]
|
||||
age-key: ENC[AES256_GCM,data:A0G/R9o2Qray5kk7lqwu00EOJD0mRQ5cYWRDBzvw0gMTIq+JU16m5QrXLgzK3M/oURxPbBUOC+Wy7ZdiPAHVj5i353bsVLzGi6wIuwQpL2HA0RUwcos/bBnPTcvRriErBIpMYxgkxEVvgb4NpS0523V09AiXgX5DSY/z6pmQ1ERtXl1YRW+lCRqewgUUweC4WE31iG82NDOXkPZM+oaFginQeUy0Ruy4Kya4xQjC/+pzbxRdJwQKGkf/5fLl,iv:1TnvWbolHgQgOMmOBxpqxUlKmD14oCd+Yo/Jn2AHuL8=,tag:ML2ifWFpzHHxJ4F2OQ3+jA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -36,8 +35,8 @@ sops:
|
|||
MGg3ZUxqcnhzbiszb2RNVkkwNUNIbHcK/NdUErDE9xecelLx1i0MjZCKkdev+hdx
|
||||
ZWwQORih0fGotN9FjFQuBTc4Y0ApRy8Su52xCp1UOqM0FhnaHjwEQQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-11-06T08:34:07Z"
|
||||
mac: ENC[AES256_GCM,data:U3+GUzxyPL7infWqht48rQ7Oe7E7Fu3WU883VZjJSKLM46ilDf0mWhpIWX7JDwhFzii/fSyF3+FsJvBDD4bcnK8L0UiS7C9z6yH9RGtOXI6is6jitfgm4qOuPP+aZa99hEDUf/ZO5uEzE/Psayf4aVAxEyL3L+SgVdiWf2MIFmk=,iv:XQavrryRBHnSf/xPMGY/lk/ep1qdRdgDtzUVwde4vXE=,tag:yWScrP9lTH1SiHpUiQuAXw==,type:str]
|
||||
lastmodified: "2024-11-07T07:35:18Z"
|
||||
mac: ENC[AES256_GCM,data:fGS1pQBHJ6vausZUbARxt7J/69tcFk1kkzrHLox12J+QQfgZYAm8xoue343Jw2NH+OgeYyOfAz8nKfKmZiibQIGPbV/JPkFvI7KQL7sEy7PLYLFU0cWF5DXwG4Y4z71rfgnNcX7emc2iQWwEcXMU6wM84ltkqf5zPPelvphXz+I=,iv:mVOFo1PtYVqMTvHmrmTO+eOqZ3N57kuc0KP5/XAN1b0=,tag:OJBY9qGxkVVNqJlDmDOJGQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
|
|
Loading…
Reference in a new issue