diff --git a/hosts/biolimo/biolimo.nix b/hosts/biolimo/biolimo.nix index 820225ea..1ff4289f 100644 --- a/hosts/biolimo/biolimo.nix +++ b/hosts/biolimo/biolimo.nix @@ -10,6 +10,10 @@ in ]; config = { + pub-solar.paranoia.enable = true; + pub-solar.core.hibernation.resumeDevice = "/dev/dm-0"; + pub-solar.core.hibernation.resumeOffset = 15296512; + hardware.cpu.intel.updateMicrocode = true; networking.firewall.allowedTCPPorts = [ 5000 ]; diff --git a/hosts/chocolatebar/chocolatebar.nix b/hosts/chocolatebar/chocolatebar.nix index a61e4c9d..cc6ebe3c 100644 --- a/hosts/chocolatebar/chocolatebar.nix +++ b/hosts/chocolatebar/chocolatebar.nix @@ -28,12 +28,12 @@ in age.secrets."vnc-key.pem" = { file = "${self}/secrets/vnc-key-chocolatebar.pem"; - mode = "700"; + mode = "400"; owner = psCfg.user.name; }; age.secrets."vnc-cert.pem" = { file = "${self}/secrets/vnc-cert-chocolatebar.pem"; - mode = "700"; + mode = "400"; owner = psCfg.user.name; }; pub-solar.sway.vnc.enable = true; diff --git a/hosts/chocolatebar/virtualisation/default.nix b/hosts/chocolatebar/virtualisation/default.nix index bea0d381..730e5a99 100644 --- a/hosts/chocolatebar/virtualisation/default.nix +++ b/hosts/chocolatebar/virtualisation/default.nix @@ -6,7 +6,7 @@ let createService = import ./create-service.nix; isolateGPU = "rx550x"; - handOverUSBDevices = true; + handOverUSBDevices = false; isolateAnyGPU = isolateGPU != null; in diff --git a/hosts/droppie/droppie.nix b/hosts/droppie/droppie.nix index 8918cde2..5bb60ada 100644 --- a/hosts/droppie/droppie.nix +++ b/hosts/droppie/droppie.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, lib, self, ... }: with lib; let psCfg = config.pub-solar; @@ -26,6 +26,10 @@ in } ]; + services.openssh.knownHosts = { + "cloud.pub.solar".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIABPJSwr9DfnqV0KoL23BcxlWtRxuOqQpnFnCv4SG/LW"; + }; + systemd.user.services.ssh-tunnel-cloud-pub-solar = { unitConfig = { Description = "Reverse SSH connection to enable backups from IPv4-only to IPv6-only host"; @@ -33,10 +37,27 @@ in }; serviceConfig = { Type = "simple"; - ExecStart = "${pkgs.openssh}/bin/ssh -vvv -g -N -T -o 'ServerAliveInterval 10' -o 'ExitOnForwardFailure yes' -R 127.0.0.1:22022:localhost:22 cloud.pub.solar"; + ExecStart = "${pkgs.openssh}/bin/ssh -vvv -g -N -T -o 'ServerAliveInterval 10' -o 'ExitOnForwardFailure yes' -R 127.0.0.1:22022:localhost:22 root@cloud.pub.solar"; Restart = "always"; RestartSec = "5s"; }; + wantedBy = [ "default.target" ]; + }; + + services.ddclient = { + enable = true; + ipv6 = true; + domains = [ "backup.b12f.io" ]; + server = "ddns.hosting.de"; + username = "b12f"; + use = "web, web=http://checkip6.spdyn.de/, web-skip=''"; + passwordFile = "/run/agenix/dyndns-droppie.key"; + }; + + age.secrets."dyndns-droppie.key" = { + file = "${self}/secrets/dyndns-droppie.key"; + mode = "400"; + owner = psCfg.user.name; }; }; } diff --git a/modules/core/boot.nix b/modules/core/boot.nix index 9a524a39..8b94f5a3 100644 --- a/modules/core/boot.nix +++ b/modules/core/boot.nix @@ -17,24 +17,26 @@ with lib; }; config = { - # Enable plymouth for better experience of booting - boot.plymouth.enable = true; + boot = { + # Enable plymouth for better experience of booting + plymouth.enable = true; - # Mount / luks device in initrd - # Allow fstrim to work on it. - # The ! makes this enabled by default - boot.initrd = mkIf (!cfg.iso-options.enable && cfg.disk-encryption-active) { - luks.devices."cryptroot" = { - allowDiscards = true; + # Mount / luks device in initrd + # Allow fstrim to work on it. + # The ! makes this enabled by default + initrd = mkIf (!cfg.iso-options.enable && cfg.disk-encryption-active) { + luks.devices."cryptroot" = { + allowDiscards = true; + }; }; + + loader.systemd-boot.enable = true; + + # Use latest LTS linux kernel by default + kernelPackages = pkgs.linuxPackages_5_15; + + # Support ntfs drives + supportedFilesystems = [ "ntfs" ]; }; - - boot.loader.systemd-boot.enable = true; - - # Use latest LTS linux kernel by default - boot.kernelPackages = pkgs.linuxPackages_5_15; - - # Support ntfs drives - boot.supportedFilesystems = [ "ntfs" ]; }; } diff --git a/modules/core/default.nix b/modules/core/default.nix index 7b168268..80ca4926 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -8,6 +8,7 @@ in { imports = [ ./boot.nix + ./hibernation.nix ./fonts.nix ./i18n.nix ./networking.nix diff --git a/modules/core/hibernation.nix b/modules/core/hibernation.nix new file mode 100644 index 00000000..0454d82b --- /dev/null +++ b/modules/core/hibernation.nix @@ -0,0 +1,35 @@ +{ config, pkgs, lib, ... }: +with lib; +let + cfg = config.pub-solar.core.hibernation; +in +{ + options.pub-solar.core.hibernation = { + enable = mkOption { + type = types.bool; + default = false; + description = "Whether the device can hibernate. This creates a swapfile at /swapfile."; + }; + + resumeDevice = mkOption { + type = types.str; + default = "/dev/sda1"; + description = "The location of the hibernation resume swap file."; + }; + + resumeOffset = mkOption { + type = types.nullOr types.int; + default = null; + description = "The swap file offset. Can be found by running `filefrag -v $swap_file_location`. See https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file"; + }; + }; + + config = { + boot = mkIf cfg.enable { + resumeDevice = cfg.resumeDevice; + kernelParams = + if (cfg.resumeOffset == null && cfg.enable) then builtins.abort "config.pub-solar.resumeOffset has to be set if config.pub-solar.enable is true." + else [ "resume_offset=${builtins.toString cfg.resumeOffset}" ]; + }; + }; +} diff --git a/modules/core/nix.nix b/modules/core/nix.nix index 38b70cfc..f7ff5fa4 100644 --- a/modules/core/nix.nix +++ b/modules/core/nix.nix @@ -2,6 +2,8 @@ { nix = { + # Use default version alias for nix package + package = pkgs.nix; # Improve nix store disk usage autoOptimiseStore = true; gc.automatic = true; diff --git a/modules/paranoia/default.nix b/modules/paranoia/default.nix new file mode 100644 index 00000000..bb319767 --- /dev/null +++ b/modules/paranoia/default.nix @@ -0,0 +1,24 @@ +{ config, lib, ... }: + +with lib; +let + psCfg = config.pub-solar; + cfg = config.pub-solar.paranoia; +in +{ + options.pub-solar.paranoia = { + enable = mkOption { + description = '' + Only offer hibernation instead of screen locking and sleeping. This only makes sense + if your hard drive is encrypted, and ensures that the contents of your drive are + encrypted if you are not actively using the device. + ''; + default = false; + type = types.bool; + }; + }; + + config = mkIf cfg.enable { + pub-solar.core.hibernation.enable = true; + }; +} diff --git a/modules/sway/config/config.d/custom-keybindings.conf b/modules/sway/config/config.d/custom-keybindings.conf index f86cf0be..4c7f0614 100644 --- a/modules/sway/config/config.d/custom-keybindings.conf +++ b/modules/sway/config/config.d/custom-keybindings.conf @@ -37,22 +37,6 @@ bindsym $mod+Ctrl+r exec record-screen set $menu exec alacritty --class launcher -e env TERMINAL_COMMAND="alacritty -e" sway-launcher bindsym $mod+Space exec $menu -# Set shut down, restart and locking features -set $mode_system (l)ock, (e)xit, (s)uspend, (h)ibernate, (r)eboot, (Shift+s)hutdown -bindsym $mod+0 mode "$mode_system" -mode "$mode_system" { - bindsym l exec swaylock-bg, mode "default" - bindsym e exec systemctl --user stop graphical-session.target, mode "default" - bindsym s exec systemctl suspend, mode "default" - bindsym h exec systemctl hibernate, mode "default" - bindsym r exec systemctl reboot, mode "default" - bindsym Shift+s exec systemctl poweroff, mode "default" - - # exit system mode: "Enter" or "Escape" - bindsym Return mode "default" - bindsym Escape mode "default" -} - set $mode_vncclient In VNCClient mode. Press $mod+Num_Lock or $mod+Shift+Escape to return. bindsym $mod+Num_Lock mode "$mode_vncclient" bindsym $mod+Shift+Escape mode "$mode_vncclient" diff --git a/modules/sway/config/config.d/mode_system.conf.nix b/modules/sway/config/config.d/mode_system.conf.nix new file mode 100644 index 00000000..f34ecc57 --- /dev/null +++ b/modules/sway/config/config.d/mode_system.conf.nix @@ -0,0 +1,21 @@ +{ psCfg, ... }: '' + # Set shut down, restart and locking features + set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown + bindsym $mod+0 mode "$mode_system" + mode "$mode_system" { + bindsym e exec swaymsg exit, mode "default" +'' + (if psCfg.core.hibernation.enable then '' + bindsym h exec systemctl hibernate, mode "default" +'' else "") ++ (if !psCfg.paranoia.enable then '' + bindsym l exec swaylock-bg, mode "default" + bindsym s exec systemctl suspend, mode "default" +'' else "") + '' + bindsym r exec systemctl reboot, mode "default" + bindsym Shift+s exec systemctl poweroff, mode "default" + + # exit system mode: "Enter" or "Escape" + bindsym Return mode "default" + bindsym Escape mode "default" + } +'' diff --git a/modules/sway/default.nix b/modules/sway/default.nix index f15aabc5..b237c527 100644 --- a/modules/sway/default.nix +++ b/modules/sway/default.nix @@ -2,7 +2,6 @@ with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.sway; in { options.pub-solar.sway = { @@ -23,8 +22,8 @@ in }; }; - config = mkIf cfg.enable (mkMerge [ - (mkIf (cfg.v4l2loopback.enable) { + config = mkIf psCfg.sway.enable (mkMerge [ + (mkIf (psCfg.sway.v4l2loopback.enable) { boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; boot.kernelModules = [ "v4l2loopback" ]; boot.extraModprobeConfig = '' @@ -79,7 +78,6 @@ in xsettingsd ydotool - swaylock-bg sway-launcher record-screen import-gtk-settings @@ -90,20 +88,21 @@ in programs.waybar.enable = true; #programs.waybar.systemd.enable = true; - systemd.user.services.mako = import ./mako.service.nix pkgs; - systemd.user.services.sway = import ./sway.service.nix pkgs; - systemd.user.services.swayidle = import ./swayidle.service.nix pkgs; - systemd.user.services.xsettingsd = import ./xsettingsd.service.nix pkgs; - systemd.user.services.waybar = import ./waybar.service.nix pkgs; - systemd.user.targets.sway-session = import ./sway-session.target.nix pkgs; + systemd.user.services.mako = import ./mako.service.nix { inherit pkgs psCfg; }; + systemd.user.services.sway = import ./sway.service.nix { inherit pkgs psCfg; }; + systemd.user.services.swayidle = import ./swayidle.service.nix { inherit pkgs psCfg; }; + systemd.user.services.xsettingsd = import ./xsettingsd.service.nix { inherit pkgs psCfg; }; + systemd.user.services.waybar = import ./waybar.service.nix { inherit pkgs psCfg; }; + systemd.user.targets.sway-session = import ./sway-session.target.nix { inherit pkgs psCfg; }; - systemd.user.services.wayvnc = mkIf cfg.vnc.enable (import ./wayvnc.service.nix pkgs); + systemd.user.services.wayvnc = mkIf psCfg.sway.vnc.enable (import ./wayvnc.service.nix pkgs); xdg.configFile."sway/config".text = import ./config/config.nix { inherit config pkgs; }; xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf; xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf; xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf; xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf; + xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix { inherit psCfg; }; xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf; xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf; xdg.configFile."wayvnc/config".text = import ./config/wayvnc/config.nix { inherit psCfg; inherit pkgs; }; diff --git a/modules/sway/gammastep.service.nix b/modules/sway/gammastep.service.nix index f59edf02..3960d1ae 100644 --- a/modules/sway/gammastep.service.nix +++ b/modules/sway/gammastep.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "set color temperature of display according to time of day"; diff --git a/modules/sway/libinput-gestures.service.nix b/modules/sway/libinput-gestures.service.nix index c4c860da..798d10d6 100644 --- a/modules/sway/libinput-gestures.service.nix +++ b/modules/sway/libinput-gestures.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "Actions gestures on your touchpad using libinput"; diff --git a/modules/sway/mako.service.nix b/modules/sway/mako.service.nix index 190b986d..b155e148 100644 --- a/modules/sway/mako.service.nix +++ b/modules/sway/mako.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "Lightweight Wayland notification daemon"; diff --git a/modules/sway/sway-session.target.nix b/modules/sway/sway-session.target.nix index 3eb4d24c..7b25376a 100644 --- a/modules/sway/sway-session.target.nix +++ b/modules/sway/sway-session.target.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "sway compositor session"; diff --git a/modules/sway/sway.service.nix b/modules/sway/sway.service.nix index 95efc3e6..0d0d782c 100644 --- a/modules/sway/sway.service.nix +++ b/modules/sway/sway.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "sway - SirCmpwn's Wayland window manager"; diff --git a/modules/sway/swayidle.service.nix b/modules/sway/swayidle.service.nix index 597a8779..ed156a34 100644 --- a/modules/sway/swayidle.service.nix +++ b/modules/sway/swayidle.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, psCfg, ... }: { Unit = { Description = "Idle manager for Wayland"; @@ -9,13 +9,19 @@ pkgs: }; Service = { Type = "simple"; - Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin:${pkgs.swaylock}/bin:${pkgs.swaylock-bg}/bin"; - ExecStart = ''${pkgs.swayidle}/bin/swayidle -w \ - timeout 600 'swaylock-bg' \ - timeout 900 'swaymsg "output * dpms off"' \ - resume 'swaymsg "output * dpms on"' \ - before-sleep 'swaylock-bg' - ''; + Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin"; + ExecStart = + if psCfg.paranoia.enable then '' + ${pkgs.swayidle}/bin/swayidle -w \ + timeout 120 'swaymsg "output * dpms off"' \ + timeout 150 'systemctl hibernate' \ + '' else '' + ${pkgs.swayidle}/bin/swayidle -w \ + timeout 600 'swaylock-bg' \ + timeout 900 'swaymsg "output * dpms off"' \ + resume 'swaymsg "output * dpms on"' \ + before-sleep 'swaylock-bg' + ''; }; Install = { WantedBy = [ "sway-session.target" ]; diff --git a/modules/sway/waybar.service.nix b/modules/sway/waybar.service.nix index ee5e8938..98b8ed35 100644 --- a/modules/sway/waybar.service.nix +++ b/modules/sway/waybar.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "Highly customizable Wayland bar for Sway and Wlroots based compositors."; diff --git a/modules/sway/xsettingsd.service.nix b/modules/sway/xsettingsd.service.nix index 0d729cb2..db3e842c 100644 --- a/modules/sway/xsettingsd.service.nix +++ b/modules/sway/xsettingsd.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "X Settings Daemon"; diff --git a/modules/sway/ydotool.service.nix b/modules/sway/ydotool.service.nix index d53bfcd7..24b64432 100644 --- a/modules/sway/ydotool.service.nix +++ b/modules/sway/ydotool.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "ydotool - Generic command-line automation tool (no X!)"; diff --git a/pkgs/default.nix b/pkgs/default.nix index 6e70e217..c11a09cf 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -13,15 +13,11 @@ with final; { s = writeShellScriptBin "s" (import ./s.nix final); sway-launcher = writeScriptBin "sway-launcher" (import ./sway-launcher.nix final); sway-service = writeShellScriptBin "sway-service" (import ./sway-service.nix final); - swaylock-bg = writeScriptBin "swaylock-bg" (import ./swaylock-bg.nix final); + swaylock-bg = writeShellScriptBin "swaylock-bg" (import ./swaylock-bg.nix final); toggle-kbd-layout = writeShellScriptBin "toggle-kbd-layout" (import ./toggle-kbd-layout.nix final); uhk-agent = import ./uhk-agent.nix final; wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final); drone-docker-runner = writeShellScriptBin "drone-docker-runner" (import ./drone-docker-runner.nix final); record-screen = writeShellScriptBin "record-screen" (import ./record-screen.nix final); - - # ps-fixes - scan2paperless = writeShellScriptBin "scan2paperless" (import ./scan2paperless.nix final); - drone-docker-runner = writeShellScriptBin "drone-docker-runner" (import ./drone-docker-runner.nix final); } diff --git a/secrets/dyndns-droppie.key b/secrets/dyndns-droppie.key new file mode 100644 index 00000000..d4f7e999 --- /dev/null +++ b/secrets/dyndns-droppie.key @@ -0,0 +1,27 @@ +age-encryption.org/v1 +-> ssh-rsa kFDS0A +lbrJzpCXpf3BJYL80d2vD/b4raoPnUKV0D9Ka9yKb72W3ATfA/Cqq7vpisHRnwyj +3pt1TfrPzti/8ZKDqY/Zw171jQbOF6zW45z4m8yJu4J1LYXh8yYrTR3YPwhPoGYm +eZJWWj2YghqCFC7vdL/wZFjkStxwBGgrJfNOxJBcXOpUX2TOzfdNAgJ/pEkvdd/L +jktiU5ITt7KXruwSEXRzHVfmntl4SaqDqYfeb0Y0q2a1oMpxTnBKcYXj6dYcZIHv +Lm8HX0JsIiThz/DXB4sP2O5GlGeYyibj2iMSCsCqadwDpUndVtJnzFgjSQD5A0gd +enNTYly3GSmC9TWt/r2VHHyneAnJ3HQKB5hUEqxPz9peemnvfTA89SIGHddmkXfY +XSeN5WJnSG0+WAOwrpJjzl9CgUg9xJS7dDqVob3CwL9oVEQP8FcuuyqCg72ppd4J +fdseq5/R+HuVnh6sEUHoaHEDidHtTrpE2Rd49Tesj/BT+YrJyQ/kQqHmy9RiLU2f +DSRwLO4/qHF6W8UfuF2N08aMxRpxqXPWTjI/vHxoSJRcSqaofF42x50OQU8lY96c +8bPlDPB7HOBg+7bVvOQCaR3+KRuOx+HYpeMwEokQTwCke+frPfXorilNbAcaFUp4 +QiU1sUZia/FOZ+j47+6pkfC2DfLpiNL2TLWYcNtIzUc +-> ssh-ed25519 7Wns0A aKiZ8iw+Ub5rByBef0apOn6lG5Bv6tzFCiBu3DN6sSg +58+9kySg3ajO7E5V87b/qRu9axpu2hQUuY/cVTt2YdI +-> ssh-rsa wVtlwQ +RbrfuwS5zQzL9yMWFDSnWj9cQFLirTH37Xf79Dis2CJIDd83vmlmGNY5x1aPpZoZ +J6XDhibGTJc02DYuNVIE1IXm0x9tc6Z9PTT+WiAFt1JuKHguXTWLRMM9HmyvWWDg +bFsRDAcYup+SK5d+ME+XooDGueC822rAjkGIRHNSCimGwuLpDRKqyyVfYA+dcfiP +EoYH7x4S09jYRr1C5EkbraLbm1vijc5ikJw3b42KKbyo3wDwKga+Vk2nl2AtgjZp +KipZlyjs+IjMRXX5IBpgoRtXcvHuidsOSc+guRo0ihF9MbzRc/Tt2g0V7t3KjeT0 +SJDLmHOos2RKTmx06aidDg +-> Dz(k-grease ~FF p m)E{J3E +7Igp3pclCAzAmeky5cPqlIzcITT+0jvieQe7ruSxRYRYqpYU7tMQFmHuNUahp+BP +MzOYiM+PIQmn +--- IC9SI76EjaFZxQ5odEeIv49n/O8uOdpM6LE1Z7dtHg4 +l%uE\ ?2\&wG&@W~9"^Ɔon^xOIuO21c*m%)#جeI6A/i \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index dbd43e37..bf4a7c8e 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -8,6 +8,9 @@ let chocolatebar-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINZT3QrKugNTWNOwYziQnxrT5zFqWQDafWjScDuIpMhN root@chocolatebar"; chocolatebar-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDwyNsGCMuyI9x2IxYEbYIL6oYsEfe1wqhHaRxSnK9oc10ge1LJni5o7g6XgryoQpCD9YenImcCxwkKblmlLQ2327uoVC2PUo07li1uT0eIPk0TQoxwp6besFs7/LEzZlgWQsc3gkEXmjk/E0mu0U6z2fkqciJ/ZxWYt9fLP6jBG47U9878rSaZ7k7Ilv6oRA3suArH189k1nerk/tonS4EWXeHZxHh/Eu0tqwmxN/6+g2GicYn6b+MbFQVdQAkctqT5Yz9USm9UKzbaAuZ799u0dJzagHm9JJZOr8r11ENtAkY9kAzRzm3u/ACiSdVzyLdjAK6m0dIPhp3OhedzuHiI6/wRll60tYtQTH1XwUpVbtir3+DT+jwZgO1zH3yL4iNh79kuUo+UEg1ZmGkSZRzSS2vb5qr0J5aSJmCd5sNB7a01PTtSlQPOqSF9PB+UmcLDF7JoKFub0KT/gRZ5neZkXTYQ/Y05qtaaFVlOVISijnm+sLUvKBv6OW8oYXIHBk= ben@chocolatebar"; + droppie-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDuXuPPDXTyJgy4JRwbKcPbawvVB1Il2neyRWb4O5sJ root@nixos"; + droppie-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnYTlTmHCl6LOkexqRR9LqjOoFgt9TQ4VzHQGRHJMzF/AGcDRoqC+pBLFSTzRb5/ikAOsb32XHyKVg4nNdJeQshO11QtDmkCB02D/XcIXxnNQ5A8CztT2az5xJtbbWSdamMnHBLcqLiwoLmXbERpdlt8jNqMHrz+bjCUGYVAFSfc/WdIs6EATJ1eF0VFxv7nUh4qhgStABSwhNsnoYOC/DOBSA9aBP1f5Fz9QHUioPTGi2hRwbTbtFUvTrymPpWVFRApa1zvGXcr4YUCm7ia1ZlZKzRpsPkwLxb8Omm4bGmR0cAVwVhVRySnhpCTwbIBLyw+H8PvKWBBba1NAKyMij root@droppie"; + allKeys = [ bbcom @@ -31,6 +34,13 @@ let chocolatebar-host chocolatebar-user ]; + + droppieKeys = [ + bbcom + + droppie-host + droppie-user + ]; in { "keyfile-biolimo.bin".publicKeys = biolimoKeys; @@ -42,7 +52,9 @@ in "vnc-cert-chocolatebar.pem".publicKeys = chocolatebarKeys; "vnc-key-chocolatebar.pem".publicKeys = chocolatebarKeys; - "drone-runner-exec-config".publicKeys = allKeys; + "drone-runner-exec-config".publicKeys = allKeys; + + "dyndns-droppie.key".publicKeys = droppieKeys; "mopidy.conf".publicKeys = allKeys; } diff --git a/shell/devos.nix b/shell/devos.nix index bd3399a1..9aefcc6f 100644 --- a/shell/devos.nix +++ b/shell/devos.nix @@ -6,7 +6,7 @@ let cachix editorconfig-checker mdbook - nixUnstable + nix nixpkgs-fmt nvfetcher ; diff --git a/users/ben/home.nix b/users/ben/home.nix index 2298431d..30ef1c90 100644 --- a/users/ben/home.nix +++ b/users/ben/home.nix @@ -63,6 +63,12 @@ in MACs = "hmac-sha2-512-etm@openssh.com"; }; }; + + "laurakirst.de" = { + hostname = "webj4bsux.wh.hosting.zone"; + user = "webj4bsux_36qkrk"; + port = 2244; + }; }; }; diff --git a/users/yule/default.nix b/users/yule/default.nix index 10d55ce7..bf1ddcda 100644 --- a/users/yule/default.nix +++ b/users/yule/default.nix @@ -24,6 +24,8 @@ in "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw= b12f Yubi Backup" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a teutat3s" + + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKa5elEXgBc2luVBOHVWZisJgt0epFQOercPi0tZzPU root@cloud.pub.solar" ]; }; };