b12f restructure #1
|
@ -10,6 +10,10 @@ in
|
|||
];
|
||||
|
||||
config = {
|
||||
pub-solar.paranoia.enable = true;
|
||||
pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
|
||||
pub-solar.core.hibernation.resumeOffset = 15296512;
|
||||
|
||||
hardware.cpu.intel.updateMicrocode = true;
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 5000 ];
|
||||
|
|
|
@ -28,12 +28,12 @@ in
|
|||
|
||||
age.secrets."vnc-key.pem" = {
|
||||
file = "${self}/secrets/vnc-key-chocolatebar.pem";
|
||||
mode = "700";
|
||||
mode = "400";
|
||||
owner = psCfg.user.name;
|
||||
};
|
||||
age.secrets."vnc-cert.pem" = {
|
||||
file = "${self}/secrets/vnc-cert-chocolatebar.pem";
|
||||
mode = "700";
|
||||
mode = "400";
|
||||
owner = psCfg.user.name;
|
||||
};
|
||||
pub-solar.sway.vnc.enable = true;
|
||||
|
|
|
@ -6,7 +6,7 @@ let
|
|||
createService = import ./create-service.nix;
|
||||
|
||||
isolateGPU = "rx550x";
|
||||
handOverUSBDevices = true;
|
||||
handOverUSBDevices = false;
|
||||
|
||||
isolateAnyGPU = isolateGPU != null;
|
||||
in
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{ config, pkgs, lib, self, ... }:
|
||||
with lib;
|
||||
let
|
||||
psCfg = config.pub-solar;
|
||||
|
@ -26,6 +26,10 @@ in
|
|||
}
|
||||
];
|
||||
|
||||
services.openssh.knownHosts = {
|
||||
"cloud.pub.solar".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIABPJSwr9DfnqV0KoL23BcxlWtRxuOqQpnFnCv4SG/LW";
|
||||
};
|
||||
|
||||
systemd.user.services.ssh-tunnel-cloud-pub-solar = {
|
||||
unitConfig = {
|
||||
Description = "Reverse SSH connection to enable backups from IPv4-only to IPv6-only host";
|
||||
|
@ -33,10 +37,27 @@ in
|
|||
};
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
ExecStart = "${pkgs.openssh}/bin/ssh -vvv -g -N -T -o 'ServerAliveInterval 10' -o 'ExitOnForwardFailure yes' -R 127.0.0.1:22022:localhost:22 cloud.pub.solar";
|
||||
ExecStart = "${pkgs.openssh}/bin/ssh -vvv -g -N -T -o 'ServerAliveInterval 10' -o 'ExitOnForwardFailure yes' -R 127.0.0.1:22022:localhost:22 root@cloud.pub.solar";
|
||||
Restart = "always";
|
||||
RestartSec = "5s";
|
||||
};
|
||||
wantedBy = [ "default.target" ];
|
||||
};
|
||||
|
||||
services.ddclient = {
|
||||
enable = true;
|
||||
ipv6 = true;
|
||||
domains = [ "backup.b12f.io" ];
|
||||
server = "ddns.hosting.de";
|
||||
username = "b12f";
|
||||
use = "web, web=http://checkip6.spdyn.de/, web-skip=''";
|
||||
passwordFile = "/run/agenix/dyndns-droppie.key";
|
||||
};
|
||||
|
||||
age.secrets."dyndns-droppie.key" = {
|
||||
file = "${self}/secrets/dyndns-droppie.key";
|
||||
mode = "400";
|
||||
owner = psCfg.user.name;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -17,24 +17,26 @@ with lib;
|
|||
};
|
||||
|
||||
config = {
|
||||
# Enable plymouth for better experience of booting
|
||||
boot.plymouth.enable = true;
|
||||
boot = {
|
||||
# Enable plymouth for better experience of booting
|
||||
plymouth.enable = true;
|
||||
|
||||
# Mount / luks device in initrd
|
||||
# Allow fstrim to work on it.
|
||||
# The ! makes this enabled by default
|
||||
boot.initrd = mkIf (!cfg.iso-options.enable && cfg.disk-encryption-active) {
|
||||
luks.devices."cryptroot" = {
|
||||
allowDiscards = true;
|
||||
# Mount / luks device in initrd
|
||||
# Allow fstrim to work on it.
|
||||
# The ! makes this enabled by default
|
||||
initrd = mkIf (!cfg.iso-options.enable && cfg.disk-encryption-active) {
|
||||
luks.devices."cryptroot" = {
|
||||
allowDiscards = true;
|
||||
};
|
||||
};
|
||||
|
||||
loader.systemd-boot.enable = true;
|
||||
|
||||
# Use latest LTS linux kernel by default
|
||||
kernelPackages = pkgs.linuxPackages_5_15;
|
||||
|
||||
# Support ntfs drives
|
||||
supportedFilesystems = [ "ntfs" ];
|
||||
};
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
|
||||
# Use latest LTS linux kernel by default
|
||||
boot.kernelPackages = pkgs.linuxPackages_5_15;
|
||||
|
||||
# Support ntfs drives
|
||||
boot.supportedFilesystems = [ "ntfs" ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -8,6 +8,7 @@ in
|
|||
{
|
||||
imports = [
|
||||
./boot.nix
|
||||
./hibernation.nix
|
||||
./fonts.nix
|
||||
./i18n.nix
|
||||
./networking.nix
|
||||
|
|
35
modules/core/hibernation.nix
Normal file
35
modules/core/hibernation.nix
Normal file
|
@ -0,0 +1,35 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.pub-solar.core.hibernation;
|
||||
in
|
||||
{
|
||||
options.pub-solar.core.hibernation = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether the device can hibernate. This creates a swapfile at /swapfile.";
|
||||
};
|
||||
|
||||
resumeDevice = mkOption {
|
||||
type = types.str;
|
||||
default = "/dev/sda1";
|
||||
description = "The location of the hibernation resume swap file.";
|
||||
};
|
||||
|
||||
resumeOffset = mkOption {
|
||||
type = types.nullOr types.int;
|
||||
default = null;
|
||||
description = "The swap file offset. Can be found by running `filefrag -v $swap_file_location`. See https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file";
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
boot = mkIf cfg.enable {
|
||||
resumeDevice = cfg.resumeDevice;
|
||||
kernelParams =
|
||||
if (cfg.resumeOffset == null && cfg.enable) then builtins.abort "config.pub-solar.resumeOffset has to be set if config.pub-solar.enable is true."
|
||||
else [ "resume_offset=${builtins.toString cfg.resumeOffset}" ];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
{
|
||||
nix = {
|
||||
# Use default version alias for nix package
|
||||
package = pkgs.nix;
|
||||
# Improve nix store disk usage
|
||||
autoOptimiseStore = true;
|
||||
gc.automatic = true;
|
||||
|
|
24
modules/paranoia/default.nix
Normal file
24
modules/paranoia/default.nix
Normal file
|
@ -0,0 +1,24 @@
|
|||
{ config, lib, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
psCfg = config.pub-solar;
|
||||
cfg = config.pub-solar.paranoia;
|
||||
in
|
||||
{
|
||||
options.pub-solar.paranoia = {
|
||||
enable = mkOption {
|
||||
description = ''
|
||||
Only offer hibernation instead of screen locking and sleeping. This only makes sense
|
||||
if your hard drive is encrypted, and ensures that the contents of your drive are
|
||||
encrypted if you are not actively using the device.
|
||||
'';
|
||||
default = false;
|
||||
type = types.bool;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
pub-solar.core.hibernation.enable = true;
|
||||
};
|
||||
}
|
|
@ -37,22 +37,6 @@ bindsym $mod+Ctrl+r exec record-screen
|
|||
set $menu exec alacritty --class launcher -e env TERMINAL_COMMAND="alacritty -e" sway-launcher
|
||||
bindsym $mod+Space exec $menu
|
||||
|
||||
# Set shut down, restart and locking features
|
||||
set $mode_system (l)ock, (e)xit, (s)uspend, (h)ibernate, (r)eboot, (Shift+s)hutdown
|
||||
bindsym $mod+0 mode "$mode_system"
|
||||
mode "$mode_system" {
|
||||
bindsym l exec swaylock-bg, mode "default"
|
||||
bindsym e exec systemctl --user stop graphical-session.target, mode "default"
|
||||
bindsym s exec systemctl suspend, mode "default"
|
||||
bindsym h exec systemctl hibernate, mode "default"
|
||||
bindsym r exec systemctl reboot, mode "default"
|
||||
bindsym Shift+s exec systemctl poweroff, mode "default"
|
||||
|
||||
# exit system mode: "Enter" or "Escape"
|
||||
bindsym Return mode "default"
|
||||
bindsym Escape mode "default"
|
||||
}
|
||||
|
||||
set $mode_vncclient In VNCClient mode. Press $mod+Num_Lock or $mod+Shift+Escape to return.
|
||||
bindsym $mod+Num_Lock mode "$mode_vncclient"
|
||||
bindsym $mod+Shift+Escape mode "$mode_vncclient"
|
||||
|
|
21
modules/sway/config/config.d/mode_system.conf.nix
Normal file
21
modules/sway/config/config.d/mode_system.conf.nix
Normal file
|
@ -0,0 +1,21 @@
|
|||
{ psCfg, ... }: ''
|
||||
# Set shut down, restart and locking features
|
||||
set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown
|
||||
bindsym $mod+0 mode "$mode_system"
|
||||
mode "$mode_system" {
|
||||
bindsym e exec swaymsg exit, mode "default"
|
||||
'' + (if psCfg.core.hibernation.enable then ''
|
||||
bindsym h exec systemctl hibernate, mode "default"
|
||||
'' else "")
|
||||
+ (if !psCfg.paranoia.enable then ''
|
||||
bindsym l exec swaylock-bg, mode "default"
|
||||
bindsym s exec systemctl suspend, mode "default"
|
||||
'' else "") + ''
|
||||
bindsym r exec systemctl reboot, mode "default"
|
||||
bindsym Shift+s exec systemctl poweroff, mode "default"
|
||||
|
||||
# exit system mode: "Enter" or "Escape"
|
||||
bindsym Return mode "default"
|
||||
bindsym Escape mode "default"
|
||||
}
|
||||
''
|
|
@ -2,7 +2,6 @@
|
|||
with lib;
|
||||
let
|
||||
psCfg = config.pub-solar;
|
||||
cfg = config.pub-solar.sway;
|
||||
in
|
||||
{
|
||||
options.pub-solar.sway = {
|
||||
|
@ -23,8 +22,8 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable (mkMerge [
|
||||
(mkIf (cfg.v4l2loopback.enable) {
|
||||
config = mkIf psCfg.sway.enable (mkMerge [
|
||||
(mkIf (psCfg.sway.v4l2loopback.enable) {
|
||||
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
|
||||
boot.kernelModules = [ "v4l2loopback" ];
|
||||
boot.extraModprobeConfig = ''
|
||||
|
@ -79,7 +78,6 @@ in
|
|||
xsettingsd
|
||||
ydotool
|
||||
|
||||
swaylock-bg
|
||||
sway-launcher
|
||||
record-screen
|
||||
import-gtk-settings
|
||||
|
@ -90,20 +88,21 @@ in
|
|||
programs.waybar.enable = true;
|
||||
#programs.waybar.systemd.enable = true;
|
||||
|
||||
systemd.user.services.mako = import ./mako.service.nix pkgs;
|
||||
systemd.user.services.sway = import ./sway.service.nix pkgs;
|
||||
systemd.user.services.swayidle = import ./swayidle.service.nix pkgs;
|
||||
systemd.user.services.xsettingsd = import ./xsettingsd.service.nix pkgs;
|
||||
systemd.user.services.waybar = import ./waybar.service.nix pkgs;
|
||||
systemd.user.targets.sway-session = import ./sway-session.target.nix pkgs;
|
||||
systemd.user.services.mako = import ./mako.service.nix { inherit pkgs psCfg; };
|
||||
systemd.user.services.sway = import ./sway.service.nix { inherit pkgs psCfg; };
|
||||
systemd.user.services.swayidle = import ./swayidle.service.nix { inherit pkgs psCfg; };
|
||||
systemd.user.services.xsettingsd = import ./xsettingsd.service.nix { inherit pkgs psCfg; };
|
||||
systemd.user.services.waybar = import ./waybar.service.nix { inherit pkgs psCfg; };
|
||||
systemd.user.targets.sway-session = import ./sway-session.target.nix { inherit pkgs psCfg; };
|
||||
|
||||
systemd.user.services.wayvnc = mkIf cfg.vnc.enable (import ./wayvnc.service.nix pkgs);
|
||||
systemd.user.services.wayvnc = mkIf psCfg.sway.vnc.enable (import ./wayvnc.service.nix pkgs);
|
||||
|
||||
xdg.configFile."sway/config".text = import ./config/config.nix { inherit config pkgs; };
|
||||
xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf;
|
||||
xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf;
|
||||
xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf;
|
||||
xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf;
|
||||
xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix { inherit psCfg; };
|
||||
xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf;
|
||||
xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf;
|
||||
xdg.configFile."wayvnc/config".text = import ./config/wayvnc/config.nix { inherit psCfg; inherit pkgs; };
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
pkgs:
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
Unit = {
|
||||
Description = "set color temperature of display according to time of day";
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
pkgs:
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
Unit = {
|
||||
Description = "Actions gestures on your touchpad using libinput";
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
pkgs:
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
Unit = {
|
||||
Description = "Lightweight Wayland notification daemon";
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
pkgs:
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
Unit = {
|
||||
Description = "sway compositor session";
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
pkgs:
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
Unit = {
|
||||
Description = "sway - SirCmpwn's Wayland window manager";
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
pkgs:
|
||||
{ pkgs, psCfg, ... }:
|
||||
{
|
||||
Unit = {
|
||||
Description = "Idle manager for Wayland";
|
||||
|
@ -9,13 +9,19 @@ pkgs:
|
|||
};
|
||||
Service = {
|
||||
Type = "simple";
|
||||
Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin:${pkgs.swaylock}/bin:${pkgs.swaylock-bg}/bin";
|
||||
ExecStart = ''${pkgs.swayidle}/bin/swayidle -w \
|
||||
timeout 600 'swaylock-bg' \
|
||||
timeout 900 'swaymsg "output * dpms off"' \
|
||||
resume 'swaymsg "output * dpms on"' \
|
||||
before-sleep 'swaylock-bg'
|
||||
'';
|
||||
Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin";
|
||||
ExecStart =
|
||||
if psCfg.paranoia.enable then ''
|
||||
${pkgs.swayidle}/bin/swayidle -w \
|
||||
timeout 120 'swaymsg "output * dpms off"' \
|
||||
timeout 150 'systemctl hibernate' \
|
||||
'' else ''
|
||||
${pkgs.swayidle}/bin/swayidle -w \
|
||||
timeout 600 'swaylock-bg' \
|
||||
timeout 900 'swaymsg "output * dpms off"' \
|
||||
resume 'swaymsg "output * dpms on"' \
|
||||
before-sleep 'swaylock-bg'
|
||||
'';
|
||||
};
|
||||
Install = {
|
||||
WantedBy = [ "sway-session.target" ];
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
pkgs:
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
Unit = {
|
||||
Description = "Highly customizable Wayland bar for Sway and Wlroots based compositors.";
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
pkgs:
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
Unit = {
|
||||
Description = "X Settings Daemon";
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
pkgs:
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
Unit = {
|
||||
Description = "ydotool - Generic command-line automation tool (no X!)";
|
||||
|
|
|
@ -13,15 +13,11 @@ with final; {
|
|||
s = writeShellScriptBin "s" (import ./s.nix final);
|
||||
sway-launcher = writeScriptBin "sway-launcher" (import ./sway-launcher.nix final);
|
||||
sway-service = writeShellScriptBin "sway-service" (import ./sway-service.nix final);
|
||||
swaylock-bg = writeScriptBin "swaylock-bg" (import ./swaylock-bg.nix final);
|
||||
swaylock-bg = writeShellScriptBin "swaylock-bg" (import ./swaylock-bg.nix final);
|
||||
toggle-kbd-layout = writeShellScriptBin "toggle-kbd-layout" (import ./toggle-kbd-layout.nix final);
|
||||
uhk-agent = import ./uhk-agent.nix final;
|
||||
wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final);
|
||||
drone-docker-runner = writeShellScriptBin "drone-docker-runner" (import ./drone-docker-runner.nix final);
|
||||
record-screen = writeShellScriptBin "record-screen" (import ./record-screen.nix final);
|
||||
|
||||
# ps-fixes
|
||||
|
||||
scan2paperless = writeShellScriptBin "scan2paperless" (import ./scan2paperless.nix final);
|
||||
drone-docker-runner = writeShellScriptBin "drone-docker-runner" (import ./drone-docker-runner.nix final);
|
||||
}
|
||||
|
|
27
secrets/dyndns-droppie.key
Normal file
27
secrets/dyndns-droppie.key
Normal file
|
@ -0,0 +1,27 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-rsa kFDS0A
|
||||
lbrJzpCXpf3BJYL80d2vD/b4raoPnUKV0D9Ka9yKb72W3ATfA/Cqq7vpisHRnwyj
|
||||
3pt1TfrPzti/8ZKDqY/Zw171jQbOF6zW45z4m8yJu4J1LYXh8yYrTR3YPwhPoGYm
|
||||
eZJWWj2YghqCFC7vdL/wZFjkStxwBGgrJfNOxJBcXOpUX2TOzfdNAgJ/pEkvdd/L
|
||||
jktiU5ITt7KXruwSEXRzHVfmntl4SaqDqYfeb0Y0q2a1oMpxTnBKcYXj6dYcZIHv
|
||||
Lm8HX0JsIiThz/DXB4sP2O5GlGeYyibj2iMSCsCqadwDpUndVtJnzFgjSQD5A0gd
|
||||
enNTYly3GSmC9TWt/r2VHHyneAnJ3HQKB5hUEqxPz9peemnvfTA89SIGHddmkXfY
|
||||
XSeN5WJnSG0+WAOwrpJjzl9CgUg9xJS7dDqVob3CwL9oVEQP8FcuuyqCg72ppd4J
|
||||
fdseq5/R+HuVnh6sEUHoaHEDidHtTrpE2Rd49Tesj/BT+YrJyQ/kQqHmy9RiLU2f
|
||||
DSRwLO4/qHF6W8UfuF2N08aMxRpxqXPWTjI/vHxoSJRcSqaofF42x50OQU8lY96c
|
||||
8bPlDPB7HOBg+7bVvOQCaR3+KRuOx+HYpeMwEokQTwCke+frPfXorilNbAcaFUp4
|
||||
QiU1sUZia/FOZ+j47+6pkfC2DfLpiNL2TLWYcNtIzUc
|
||||
-> ssh-ed25519 7Wns0A aKiZ8iw+Ub5rByBef0apOn6lG5Bv6tzFCiBu3DN6sSg
|
||||
58+9kySg3ajO7E5V87b/qRu9axpu2hQUuY/cVTt2YdI
|
||||
-> ssh-rsa wVtlwQ
|
||||
RbrfuwS5zQzL9yMWFDSnWj9cQFLirTH37Xf79Dis2CJIDd83vmlmGNY5x1aPpZoZ
|
||||
J6XDhibGTJc02DYuNVIE1IXm0x9tc6Z9PTT+WiAFt1JuKHguXTWLRMM9HmyvWWDg
|
||||
bFsRDAcYup+SK5d+ME+XooDGueC822rAjkGIRHNSCimGwuLpDRKqyyVfYA+dcfiP
|
||||
EoYH7x4S09jYRr1C5EkbraLbm1vijc5ikJw3b42KKbyo3wDwKga+Vk2nl2AtgjZp
|
||||
KipZlyjs+IjMRXX5IBpgoRtXcvHuidsOSc+guRo0ihF9MbzRc/Tt2g0V7t3KjeT0
|
||||
SJDLmHOos2RKTmx06aidDg
|
||||
-> Dz(k-grease ~FF p m)E{J3E
|
||||
7Igp3pclCAzAmeky5cPqlIzcITT+0jvieQe7ruSxRYRYqpYU7tMQFmHuNUahp+BP
|
||||
MzOYiM+PIQmn
|
||||
--- IC9SI76EjaFZxQ5odEeIv49n/O8uOdpM6LE1Z7dtHg4
|
||||
l%Àu¯¯ÃE„\ÎüÔ?2\&ÚwG&@¡W£~9"úŠ^ÊƆý¼Á<>oån^šë<C5A1>㻳xšèOI‡¢uOíò‡21c*ãm¸%ô)ý#”جeõIÙ6îA/i
|
|
@ -8,6 +8,9 @@ let
|
|||
chocolatebar-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINZT3QrKugNTWNOwYziQnxrT5zFqWQDafWjScDuIpMhN root@chocolatebar";
|
||||
chocolatebar-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDwyNsGCMuyI9x2IxYEbYIL6oYsEfe1wqhHaRxSnK9oc10ge1LJni5o7g6XgryoQpCD9YenImcCxwkKblmlLQ2327uoVC2PUo07li1uT0eIPk0TQoxwp6besFs7/LEzZlgWQsc3gkEXmjk/E0mu0U6z2fkqciJ/ZxWYt9fLP6jBG47U9878rSaZ7k7Ilv6oRA3suArH189k1nerk/tonS4EWXeHZxHh/Eu0tqwmxN/6+g2GicYn6b+MbFQVdQAkctqT5Yz9USm9UKzbaAuZ799u0dJzagHm9JJZOr8r11ENtAkY9kAzRzm3u/ACiSdVzyLdjAK6m0dIPhp3OhedzuHiI6/wRll60tYtQTH1XwUpVbtir3+DT+jwZgO1zH3yL4iNh79kuUo+UEg1ZmGkSZRzSS2vb5qr0J5aSJmCd5sNB7a01PTtSlQPOqSF9PB+UmcLDF7JoKFub0KT/gRZ5neZkXTYQ/Y05qtaaFVlOVISijnm+sLUvKBv6OW8oYXIHBk= ben@chocolatebar";
|
||||
|
||||
droppie-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDuXuPPDXTyJgy4JRwbKcPbawvVB1Il2neyRWb4O5sJ root@nixos";
|
||||
droppie-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnYTlTmHCl6LOkexqRR9LqjOoFgt9TQ4VzHQGRHJMzF/AGcDRoqC+pBLFSTzRb5/ikAOsb32XHyKVg4nNdJeQshO11QtDmkCB02D/XcIXxnNQ5A8CztT2az5xJtbbWSdamMnHBLcqLiwoLmXbERpdlt8jNqMHrz+bjCUGYVAFSfc/WdIs6EATJ1eF0VFxv7nUh4qhgStABSwhNsnoYOC/DOBSA9aBP1f5Fz9QHUioPTGi2hRwbTbtFUvTrymPpWVFRApa1zvGXcr4YUCm7ia1ZlZKzRpsPkwLxb8Omm4bGmR0cAVwVhVRySnhpCTwbIBLyw+H8PvKWBBba1NAKyMij root@droppie";
|
||||
|
||||
allKeys = [
|
||||
bbcom
|
||||
|
||||
|
@ -31,6 +34,13 @@ let
|
|||
chocolatebar-host
|
||||
chocolatebar-user
|
||||
];
|
||||
|
||||
droppieKeys = [
|
||||
bbcom
|
||||
|
||||
droppie-host
|
||||
droppie-user
|
||||
];
|
||||
in
|
||||
{
|
||||
"keyfile-biolimo.bin".publicKeys = biolimoKeys;
|
||||
|
@ -42,7 +52,9 @@ in
|
|||
"vnc-cert-chocolatebar.pem".publicKeys = chocolatebarKeys;
|
||||
"vnc-key-chocolatebar.pem".publicKeys = chocolatebarKeys;
|
||||
|
||||
"drone-runner-exec-config".publicKeys = allKeys;
|
||||
"drone-runner-exec-config".publicKeys = allKeys;
|
||||
|
||||
"dyndns-droppie.key".publicKeys = droppieKeys;
|
||||
|
||||
"mopidy.conf".publicKeys = allKeys;
|
||||
}
|
||||
|
|
|
@ -6,7 +6,7 @@ let
|
|||
cachix
|
||||
editorconfig-checker
|
||||
mdbook
|
||||
nixUnstable
|
||||
nix
|
||||
nixpkgs-fmt
|
||||
nvfetcher
|
||||
;
|
||||
|
|
|
@ -63,6 +63,12 @@ in
|
|||
MACs = "hmac-sha2-512-etm@openssh.com";
|
||||
};
|
||||
};
|
||||
|
||||
"laurakirst.de" = {
|
||||
hostname = "webj4bsux.wh.hosting.zone";
|
||||
user = "webj4bsux_36qkrk";
|
||||
port = 2244;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -24,6 +24,8 @@ in
|
|||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw= b12f Yubi Backup"
|
||||
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a teutat3s"
|
||||
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKa5elEXgBc2luVBOHVWZisJgt0epFQOercPi0tZzPU root@cloud.pub.solar"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue