Merge branch 'b12f' into feature/ci-runner-onecommit-test

This commit is contained in:
Benjamin Bädorf 2022-08-24 20:45:05 +02:00
commit b2daa8d2db
No known key found for this signature in database
GPG key ID: 4406E80E13CD656C
27 changed files with 213 additions and 71 deletions

View file

@ -10,6 +10,10 @@ in
]; ];
config = { config = {
pub-solar.paranoia.enable = true;
pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
pub-solar.core.hibernation.resumeOffset = 15296512;
hardware.cpu.intel.updateMicrocode = true; hardware.cpu.intel.updateMicrocode = true;
networking.firewall.allowedTCPPorts = [ 5000 ]; networking.firewall.allowedTCPPorts = [ 5000 ];

View file

@ -28,12 +28,12 @@ in
age.secrets."vnc-key.pem" = { age.secrets."vnc-key.pem" = {
file = "${self}/secrets/vnc-key-chocolatebar.pem"; file = "${self}/secrets/vnc-key-chocolatebar.pem";
mode = "700"; mode = "400";
owner = psCfg.user.name; owner = psCfg.user.name;
}; };
age.secrets."vnc-cert.pem" = { age.secrets."vnc-cert.pem" = {
file = "${self}/secrets/vnc-cert-chocolatebar.pem"; file = "${self}/secrets/vnc-cert-chocolatebar.pem";
mode = "700"; mode = "400";
owner = psCfg.user.name; owner = psCfg.user.name;
}; };
pub-solar.sway.vnc.enable = true; pub-solar.sway.vnc.enable = true;

View file

@ -6,7 +6,7 @@ let
createService = import ./create-service.nix; createService = import ./create-service.nix;
isolateGPU = "rx550x"; isolateGPU = "rx550x";
handOverUSBDevices = true; handOverUSBDevices = false;
isolateAnyGPU = isolateGPU != null; isolateAnyGPU = isolateGPU != null;
in in

View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, self, ... }:
with lib; with lib;
let let
psCfg = config.pub-solar; psCfg = config.pub-solar;
@ -26,6 +26,10 @@ in
} }
]; ];
services.openssh.knownHosts = {
"cloud.pub.solar".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIABPJSwr9DfnqV0KoL23BcxlWtRxuOqQpnFnCv4SG/LW";
};
systemd.user.services.ssh-tunnel-cloud-pub-solar = { systemd.user.services.ssh-tunnel-cloud-pub-solar = {
unitConfig = { unitConfig = {
Description = "Reverse SSH connection to enable backups from IPv4-only to IPv6-only host"; Description = "Reverse SSH connection to enable backups from IPv4-only to IPv6-only host";
@ -33,10 +37,27 @@ in
}; };
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
ExecStart = "${pkgs.openssh}/bin/ssh -vvv -g -N -T -o 'ServerAliveInterval 10' -o 'ExitOnForwardFailure yes' -R 127.0.0.1:22022:localhost:22 cloud.pub.solar"; ExecStart = "${pkgs.openssh}/bin/ssh -vvv -g -N -T -o 'ServerAliveInterval 10' -o 'ExitOnForwardFailure yes' -R 127.0.0.1:22022:localhost:22 root@cloud.pub.solar";
Restart = "always"; Restart = "always";
RestartSec = "5s"; RestartSec = "5s";
}; };
wantedBy = [ "default.target" ];
};
services.ddclient = {
enable = true;
ipv6 = true;
domains = [ "backup.b12f.io" ];
server = "ddns.hosting.de";
username = "b12f";
use = "web, web=http://checkip6.spdyn.de/, web-skip=''";
passwordFile = "/run/agenix/dyndns-droppie.key";
};
age.secrets."dyndns-droppie.key" = {
file = "${self}/secrets/dyndns-droppie.key";
mode = "400";
owner = psCfg.user.name;
}; };
}; };
} }

View file

@ -17,24 +17,26 @@ with lib;
}; };
config = { config = {
# Enable plymouth for better experience of booting boot = {
boot.plymouth.enable = true; # Enable plymouth for better experience of booting
plymouth.enable = true;
# Mount / luks device in initrd # Mount / luks device in initrd
# Allow fstrim to work on it. # Allow fstrim to work on it.
# The ! makes this enabled by default # The ! makes this enabled by default
boot.initrd = mkIf (!cfg.iso-options.enable && cfg.disk-encryption-active) { initrd = mkIf (!cfg.iso-options.enable && cfg.disk-encryption-active) {
luks.devices."cryptroot" = { luks.devices."cryptroot" = {
allowDiscards = true; allowDiscards = true;
};
}; };
loader.systemd-boot.enable = true;
# Use latest LTS linux kernel by default
kernelPackages = pkgs.linuxPackages_5_15;
# Support ntfs drives
supportedFilesystems = [ "ntfs" ];
}; };
boot.loader.systemd-boot.enable = true;
# Use latest LTS linux kernel by default
boot.kernelPackages = pkgs.linuxPackages_5_15;
# Support ntfs drives
boot.supportedFilesystems = [ "ntfs" ];
}; };
} }

View file

@ -8,6 +8,7 @@ in
{ {
imports = [ imports = [
./boot.nix ./boot.nix
./hibernation.nix
./fonts.nix ./fonts.nix
./i18n.nix ./i18n.nix
./networking.nix ./networking.nix

View file

@ -0,0 +1,35 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.pub-solar.core.hibernation;
in
{
options.pub-solar.core.hibernation = {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether the device can hibernate. This creates a swapfile at /swapfile.";
};
resumeDevice = mkOption {
type = types.str;
default = "/dev/sda1";
description = "The location of the hibernation resume swap file.";
};
resumeOffset = mkOption {
type = types.nullOr types.int;
default = null;
description = "The swap file offset. Can be found by running `filefrag -v $swap_file_location`. See https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file";
};
};
config = {
boot = mkIf cfg.enable {
resumeDevice = cfg.resumeDevice;
kernelParams =
if (cfg.resumeOffset == null && cfg.enable) then builtins.abort "config.pub-solar.resumeOffset has to be set if config.pub-solar.enable is true."
else [ "resume_offset=${builtins.toString cfg.resumeOffset}" ];
};
};
}

View file

@ -2,6 +2,8 @@
{ {
nix = { nix = {
# Use default version alias for nix package
package = pkgs.nix;
# Improve nix store disk usage # Improve nix store disk usage
autoOptimiseStore = true; autoOptimiseStore = true;
gc.automatic = true; gc.automatic = true;

View file

@ -0,0 +1,24 @@
{ config, lib, ... }:
with lib;
let
psCfg = config.pub-solar;
cfg = config.pub-solar.paranoia;
in
{
options.pub-solar.paranoia = {
enable = mkOption {
description = ''
Only offer hibernation instead of screen locking and sleeping. This only makes sense
if your hard drive is encrypted, and ensures that the contents of your drive are
encrypted if you are not actively using the device.
'';
default = false;
type = types.bool;
};
};
config = mkIf cfg.enable {
pub-solar.core.hibernation.enable = true;
};
}

View file

@ -37,22 +37,6 @@ bindsym $mod+Ctrl+r exec record-screen
set $menu exec alacritty --class launcher -e env TERMINAL_COMMAND="alacritty -e" sway-launcher set $menu exec alacritty --class launcher -e env TERMINAL_COMMAND="alacritty -e" sway-launcher
bindsym $mod+Space exec $menu bindsym $mod+Space exec $menu
# Set shut down, restart and locking features
set $mode_system (l)ock, (e)xit, (s)uspend, (h)ibernate, (r)eboot, (Shift+s)hutdown
bindsym $mod+0 mode "$mode_system"
mode "$mode_system" {
bindsym l exec swaylock-bg, mode "default"
bindsym e exec systemctl --user stop graphical-session.target, mode "default"
bindsym s exec systemctl suspend, mode "default"
bindsym h exec systemctl hibernate, mode "default"
bindsym r exec systemctl reboot, mode "default"
bindsym Shift+s exec systemctl poweroff, mode "default"
# exit system mode: "Enter" or "Escape"
bindsym Return mode "default"
bindsym Escape mode "default"
}
set $mode_vncclient In VNCClient mode. Press $mod+Num_Lock or $mod+Shift+Escape to return. set $mode_vncclient In VNCClient mode. Press $mod+Num_Lock or $mod+Shift+Escape to return.
bindsym $mod+Num_Lock mode "$mode_vncclient" bindsym $mod+Num_Lock mode "$mode_vncclient"
bindsym $mod+Shift+Escape mode "$mode_vncclient" bindsym $mod+Shift+Escape mode "$mode_vncclient"

View file

@ -0,0 +1,21 @@
{ psCfg, ... }: ''
# Set shut down, restart and locking features
set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown
bindsym $mod+0 mode "$mode_system"
mode "$mode_system" {
bindsym e exec swaymsg exit, mode "default"
'' + (if psCfg.core.hibernation.enable then ''
bindsym h exec systemctl hibernate, mode "default"
'' else "")
+ (if !psCfg.paranoia.enable then ''
bindsym l exec swaylock-bg, mode "default"
bindsym s exec systemctl suspend, mode "default"
'' else "") + ''
bindsym r exec systemctl reboot, mode "default"
bindsym Shift+s exec systemctl poweroff, mode "default"
# exit system mode: "Enter" or "Escape"
bindsym Return mode "default"
bindsym Escape mode "default"
}
''

View file

@ -2,7 +2,6 @@
with lib; with lib;
let let
psCfg = config.pub-solar; psCfg = config.pub-solar;
cfg = config.pub-solar.sway;
in in
{ {
options.pub-solar.sway = { options.pub-solar.sway = {
@ -23,8 +22,8 @@ in
}; };
}; };
config = mkIf cfg.enable (mkMerge [ config = mkIf psCfg.sway.enable (mkMerge [
(mkIf (cfg.v4l2loopback.enable) { (mkIf (psCfg.sway.v4l2loopback.enable) {
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
boot.kernelModules = [ "v4l2loopback" ]; boot.kernelModules = [ "v4l2loopback" ];
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''
@ -79,7 +78,6 @@ in
xsettingsd xsettingsd
ydotool ydotool
swaylock-bg
sway-launcher sway-launcher
record-screen record-screen
import-gtk-settings import-gtk-settings
@ -90,20 +88,21 @@ in
programs.waybar.enable = true; programs.waybar.enable = true;
#programs.waybar.systemd.enable = true; #programs.waybar.systemd.enable = true;
systemd.user.services.mako = import ./mako.service.nix pkgs; systemd.user.services.mako = import ./mako.service.nix { inherit pkgs psCfg; };
systemd.user.services.sway = import ./sway.service.nix pkgs; systemd.user.services.sway = import ./sway.service.nix { inherit pkgs psCfg; };
systemd.user.services.swayidle = import ./swayidle.service.nix pkgs; systemd.user.services.swayidle = import ./swayidle.service.nix { inherit pkgs psCfg; };
systemd.user.services.xsettingsd = import ./xsettingsd.service.nix pkgs; systemd.user.services.xsettingsd = import ./xsettingsd.service.nix { inherit pkgs psCfg; };
systemd.user.services.waybar = import ./waybar.service.nix pkgs; systemd.user.services.waybar = import ./waybar.service.nix { inherit pkgs psCfg; };
systemd.user.targets.sway-session = import ./sway-session.target.nix pkgs; systemd.user.targets.sway-session = import ./sway-session.target.nix { inherit pkgs psCfg; };
systemd.user.services.wayvnc = mkIf cfg.vnc.enable (import ./wayvnc.service.nix pkgs); systemd.user.services.wayvnc = mkIf psCfg.sway.vnc.enable (import ./wayvnc.service.nix pkgs);
xdg.configFile."sway/config".text = import ./config/config.nix { inherit config pkgs; }; xdg.configFile."sway/config".text = import ./config/config.nix { inherit config pkgs; };
xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf; xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf;
xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf; xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf;
xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf; xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf;
xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf; xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf;
xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix { inherit psCfg; };
xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf; xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf;
xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf; xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf;
xdg.configFile."wayvnc/config".text = import ./config/wayvnc/config.nix { inherit psCfg; inherit pkgs; }; xdg.configFile."wayvnc/config".text = import ./config/wayvnc/config.nix { inherit psCfg; inherit pkgs; };

View file

@ -1,4 +1,4 @@
pkgs: { pkgs, ... }:
{ {
Unit = { Unit = {
Description = "set color temperature of display according to time of day"; Description = "set color temperature of display according to time of day";

View file

@ -1,4 +1,4 @@
pkgs: { pkgs, ... }:
{ {
Unit = { Unit = {
Description = "Actions gestures on your touchpad using libinput"; Description = "Actions gestures on your touchpad using libinput";

View file

@ -1,4 +1,4 @@
pkgs: { pkgs, ... }:
{ {
Unit = { Unit = {
Description = "Lightweight Wayland notification daemon"; Description = "Lightweight Wayland notification daemon";

View file

@ -1,4 +1,4 @@
pkgs: { pkgs, ... }:
{ {
Unit = { Unit = {
Description = "sway compositor session"; Description = "sway compositor session";

View file

@ -1,4 +1,4 @@
pkgs: { pkgs, ... }:
{ {
Unit = { Unit = {
Description = "sway - SirCmpwn's Wayland window manager"; Description = "sway - SirCmpwn's Wayland window manager";

View file

@ -1,4 +1,4 @@
pkgs: { pkgs, psCfg, ... }:
{ {
Unit = { Unit = {
Description = "Idle manager for Wayland"; Description = "Idle manager for Wayland";
@ -9,13 +9,19 @@ pkgs:
}; };
Service = { Service = {
Type = "simple"; Type = "simple";
Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin:${pkgs.swaylock}/bin:${pkgs.swaylock-bg}/bin"; Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin";
ExecStart = ''${pkgs.swayidle}/bin/swayidle -w \ ExecStart =
timeout 600 'swaylock-bg' \ if psCfg.paranoia.enable then ''
timeout 900 'swaymsg "output * dpms off"' \ ${pkgs.swayidle}/bin/swayidle -w \
resume 'swaymsg "output * dpms on"' \ timeout 120 'swaymsg "output * dpms off"' \
before-sleep 'swaylock-bg' timeout 150 'systemctl hibernate' \
''; '' else ''
${pkgs.swayidle}/bin/swayidle -w \
timeout 600 'swaylock-bg' \
timeout 900 'swaymsg "output * dpms off"' \
resume 'swaymsg "output * dpms on"' \
before-sleep 'swaylock-bg'
'';
}; };
Install = { Install = {
WantedBy = [ "sway-session.target" ]; WantedBy = [ "sway-session.target" ];

View file

@ -1,4 +1,4 @@
pkgs: { pkgs, ... }:
{ {
Unit = { Unit = {
Description = "Highly customizable Wayland bar for Sway and Wlroots based compositors."; Description = "Highly customizable Wayland bar for Sway and Wlroots based compositors.";

View file

@ -1,4 +1,4 @@
pkgs: { pkgs, ... }:
{ {
Unit = { Unit = {
Description = "X Settings Daemon"; Description = "X Settings Daemon";

View file

@ -1,4 +1,4 @@
pkgs: { pkgs, ... }:
{ {
Unit = { Unit = {
Description = "ydotool - Generic command-line automation tool (no X!)"; Description = "ydotool - Generic command-line automation tool (no X!)";

View file

@ -13,15 +13,11 @@ with final; {
s = writeShellScriptBin "s" (import ./s.nix final); s = writeShellScriptBin "s" (import ./s.nix final);
sway-launcher = writeScriptBin "sway-launcher" (import ./sway-launcher.nix final); sway-launcher = writeScriptBin "sway-launcher" (import ./sway-launcher.nix final);
sway-service = writeShellScriptBin "sway-service" (import ./sway-service.nix final); sway-service = writeShellScriptBin "sway-service" (import ./sway-service.nix final);
swaylock-bg = writeScriptBin "swaylock-bg" (import ./swaylock-bg.nix final); swaylock-bg = writeShellScriptBin "swaylock-bg" (import ./swaylock-bg.nix final);
toggle-kbd-layout = writeShellScriptBin "toggle-kbd-layout" (import ./toggle-kbd-layout.nix final); toggle-kbd-layout = writeShellScriptBin "toggle-kbd-layout" (import ./toggle-kbd-layout.nix final);
uhk-agent = import ./uhk-agent.nix final; uhk-agent = import ./uhk-agent.nix final;
wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final); wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final);
drone-docker-runner = writeShellScriptBin "drone-docker-runner" (import ./drone-docker-runner.nix final); drone-docker-runner = writeShellScriptBin "drone-docker-runner" (import ./drone-docker-runner.nix final);
record-screen = writeShellScriptBin "record-screen" (import ./record-screen.nix final); record-screen = writeShellScriptBin "record-screen" (import ./record-screen.nix final);
# ps-fixes
scan2paperless = writeShellScriptBin "scan2paperless" (import ./scan2paperless.nix final); scan2paperless = writeShellScriptBin "scan2paperless" (import ./scan2paperless.nix final);
drone-docker-runner = writeShellScriptBin "drone-docker-runner" (import ./drone-docker-runner.nix final);
} }

View file

@ -0,0 +1,27 @@
age-encryption.org/v1
-> ssh-rsa kFDS0A
lbrJzpCXpf3BJYL80d2vD/b4raoPnUKV0D9Ka9yKb72W3ATfA/Cqq7vpisHRnwyj
3pt1TfrPzti/8ZKDqY/Zw171jQbOF6zW45z4m8yJu4J1LYXh8yYrTR3YPwhPoGYm
eZJWWj2YghqCFC7vdL/wZFjkStxwBGgrJfNOxJBcXOpUX2TOzfdNAgJ/pEkvdd/L
jktiU5ITt7KXruwSEXRzHVfmntl4SaqDqYfeb0Y0q2a1oMpxTnBKcYXj6dYcZIHv
Lm8HX0JsIiThz/DXB4sP2O5GlGeYyibj2iMSCsCqadwDpUndVtJnzFgjSQD5A0gd
enNTYly3GSmC9TWt/r2VHHyneAnJ3HQKB5hUEqxPz9peemnvfTA89SIGHddmkXfY
XSeN5WJnSG0+WAOwrpJjzl9CgUg9xJS7dDqVob3CwL9oVEQP8FcuuyqCg72ppd4J
fdseq5/R+HuVnh6sEUHoaHEDidHtTrpE2Rd49Tesj/BT+YrJyQ/kQqHmy9RiLU2f
DSRwLO4/qHF6W8UfuF2N08aMxRpxqXPWTjI/vHxoSJRcSqaofF42x50OQU8lY96c
8bPlDPB7HOBg+7bVvOQCaR3+KRuOx+HYpeMwEokQTwCke+frPfXorilNbAcaFUp4
QiU1sUZia/FOZ+j47+6pkfC2DfLpiNL2TLWYcNtIzUc
-> ssh-ed25519 7Wns0A aKiZ8iw+Ub5rByBef0apOn6lG5Bv6tzFCiBu3DN6sSg
58+9kySg3ajO7E5V87b/qRu9axpu2hQUuY/cVTt2YdI
-> ssh-rsa wVtlwQ
RbrfuwS5zQzL9yMWFDSnWj9cQFLirTH37Xf79Dis2CJIDd83vmlmGNY5x1aPpZoZ
J6XDhibGTJc02DYuNVIE1IXm0x9tc6Z9PTT+WiAFt1JuKHguXTWLRMM9HmyvWWDg
bFsRDAcYup+SK5d+ME+XooDGueC822rAjkGIRHNSCimGwuLpDRKqyyVfYA+dcfiP
EoYH7x4S09jYRr1C5EkbraLbm1vijc5ikJw3b42KKbyo3wDwKga+Vk2nl2AtgjZp
KipZlyjs+IjMRXX5IBpgoRtXcvHuidsOSc+guRo0ihF9MbzRc/Tt2g0V7t3KjeT0
SJDLmHOos2RKTmx06aidDg
-> Dz(k-grease ~FF p m)E{J3E
7Igp3pclCAzAmeky5cPqlIzcITT+0jvieQe7ruSxRYRYqpYU7tMQFmHuNUahp+BP
MzOYiM+PIQmn
--- IC9SI76EjaFZxQ5odEeIv49n/O8uOdpM6LE1Z7dtHg4
l%Àu¯¯ÃE„\ÎüÔ ?2\&ÚwG&@¡­W£~9"úŠ^ÊƆý¼Á<>oån^šë<C5A1>㻳xšèOI‡¢uOíò‡21c*ãm¸%ô)ý#”جeõIÙ6îA/i

View file

@ -8,6 +8,9 @@ let
chocolatebar-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINZT3QrKugNTWNOwYziQnxrT5zFqWQDafWjScDuIpMhN root@chocolatebar"; chocolatebar-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINZT3QrKugNTWNOwYziQnxrT5zFqWQDafWjScDuIpMhN root@chocolatebar";
chocolatebar-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDwyNsGCMuyI9x2IxYEbYIL6oYsEfe1wqhHaRxSnK9oc10ge1LJni5o7g6XgryoQpCD9YenImcCxwkKblmlLQ2327uoVC2PUo07li1uT0eIPk0TQoxwp6besFs7/LEzZlgWQsc3gkEXmjk/E0mu0U6z2fkqciJ/ZxWYt9fLP6jBG47U9878rSaZ7k7Ilv6oRA3suArH189k1nerk/tonS4EWXeHZxHh/Eu0tqwmxN/6+g2GicYn6b+MbFQVdQAkctqT5Yz9USm9UKzbaAuZ799u0dJzagHm9JJZOr8r11ENtAkY9kAzRzm3u/ACiSdVzyLdjAK6m0dIPhp3OhedzuHiI6/wRll60tYtQTH1XwUpVbtir3+DT+jwZgO1zH3yL4iNh79kuUo+UEg1ZmGkSZRzSS2vb5qr0J5aSJmCd5sNB7a01PTtSlQPOqSF9PB+UmcLDF7JoKFub0KT/gRZ5neZkXTYQ/Y05qtaaFVlOVISijnm+sLUvKBv6OW8oYXIHBk= ben@chocolatebar"; chocolatebar-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDwyNsGCMuyI9x2IxYEbYIL6oYsEfe1wqhHaRxSnK9oc10ge1LJni5o7g6XgryoQpCD9YenImcCxwkKblmlLQ2327uoVC2PUo07li1uT0eIPk0TQoxwp6besFs7/LEzZlgWQsc3gkEXmjk/E0mu0U6z2fkqciJ/ZxWYt9fLP6jBG47U9878rSaZ7k7Ilv6oRA3suArH189k1nerk/tonS4EWXeHZxHh/Eu0tqwmxN/6+g2GicYn6b+MbFQVdQAkctqT5Yz9USm9UKzbaAuZ799u0dJzagHm9JJZOr8r11ENtAkY9kAzRzm3u/ACiSdVzyLdjAK6m0dIPhp3OhedzuHiI6/wRll60tYtQTH1XwUpVbtir3+DT+jwZgO1zH3yL4iNh79kuUo+UEg1ZmGkSZRzSS2vb5qr0J5aSJmCd5sNB7a01PTtSlQPOqSF9PB+UmcLDF7JoKFub0KT/gRZ5neZkXTYQ/Y05qtaaFVlOVISijnm+sLUvKBv6OW8oYXIHBk= ben@chocolatebar";
droppie-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDuXuPPDXTyJgy4JRwbKcPbawvVB1Il2neyRWb4O5sJ root@nixos";
droppie-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnYTlTmHCl6LOkexqRR9LqjOoFgt9TQ4VzHQGRHJMzF/AGcDRoqC+pBLFSTzRb5/ikAOsb32XHyKVg4nNdJeQshO11QtDmkCB02D/XcIXxnNQ5A8CztT2az5xJtbbWSdamMnHBLcqLiwoLmXbERpdlt8jNqMHrz+bjCUGYVAFSfc/WdIs6EATJ1eF0VFxv7nUh4qhgStABSwhNsnoYOC/DOBSA9aBP1f5Fz9QHUioPTGi2hRwbTbtFUvTrymPpWVFRApa1zvGXcr4YUCm7ia1ZlZKzRpsPkwLxb8Omm4bGmR0cAVwVhVRySnhpCTwbIBLyw+H8PvKWBBba1NAKyMij root@droppie";
allKeys = [ allKeys = [
bbcom bbcom
@ -31,6 +34,13 @@ let
chocolatebar-host chocolatebar-host
chocolatebar-user chocolatebar-user
]; ];
droppieKeys = [
bbcom
droppie-host
droppie-user
];
in in
{ {
"keyfile-biolimo.bin".publicKeys = biolimoKeys; "keyfile-biolimo.bin".publicKeys = biolimoKeys;
@ -42,7 +52,9 @@ in
"vnc-cert-chocolatebar.pem".publicKeys = chocolatebarKeys; "vnc-cert-chocolatebar.pem".publicKeys = chocolatebarKeys;
"vnc-key-chocolatebar.pem".publicKeys = chocolatebarKeys; "vnc-key-chocolatebar.pem".publicKeys = chocolatebarKeys;
"drone-runner-exec-config".publicKeys = allKeys; "drone-runner-exec-config".publicKeys = allKeys;
"dyndns-droppie.key".publicKeys = droppieKeys;
"mopidy.conf".publicKeys = allKeys; "mopidy.conf".publicKeys = allKeys;
} }

View file

@ -6,7 +6,7 @@ let
cachix cachix
editorconfig-checker editorconfig-checker
mdbook mdbook
nixUnstable nix
nixpkgs-fmt nixpkgs-fmt
nvfetcher nvfetcher
; ;

View file

@ -63,6 +63,12 @@ in
MACs = "hmac-sha2-512-etm@openssh.com"; MACs = "hmac-sha2-512-etm@openssh.com";
}; };
}; };
"laurakirst.de" = {
hostname = "webj4bsux.wh.hosting.zone";
user = "webj4bsux_36qkrk";
port = 2244;
};
}; };
}; };

View file

@ -24,6 +24,8 @@ in
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw= b12f Yubi Backup" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw= b12f Yubi Backup"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a teutat3s" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a teutat3s"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKa5elEXgBc2luVBOHVWZisJgt0epFQOercPi0tZzPU root@cloud.pub.solar"
]; ];
}; };
}; };