talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:8b074617e87d060c501b562c923d8097a776fe7c
Branches Tags
talexander:main
talexander:nix
talexander:install_files_mixin
talexander:starship
talexander:pixelbook
..
compare: talexander:d49f12f58fc05403b1d232812a8314fbeac40f6e
Branches Tags
talexander:nix
talexander:install_files_mixin
talexander:main
talexander:starship
talexander:pixelbook

No commits in common. "8b074617e87d060c501b562c923d8097a776fe7c" and "d49f12f58fc05403b1d232812a8314fbeac40f6e" have entirely different histories.
8b074617e8 ... d49f12f58f

7 changed files with 19 additions and 104 deletions
Show Stats Expand all files Collapse all files

1
nix/configuration/configuration.nix
View File

@ -130,7 +130,6 @@
strace strace
tcpdump tcpdump
git-crypt git-crypt
nix-index-unwrapped
]; ];
services.openssh = { services.openssh = {

3
nix/configuration/hosts/odo/disk-config.nix
View File

@ -118,7 +118,4 @@ lib.mkIf (!config.me.buildingIso) {
fileSystems."/persist".neededForBoot = true; fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true; fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true; fileSystems."/home".neededForBoot = true;
# Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
} }

76
nix/configuration/roles/gpg/default.nix
View File

@ -15,18 +15,7 @@
# gpg -vvv --auto-key-locate local,wkd --locate-keys tom@fizz.buzz # gpg -vvv --auto-key-locate local,wkd --locate-keys tom@fizz.buzz
hardware.gpgSmartcards.enable = true; hardware.gpgSmartcards.enable = true;
services.udev.packages = [ services.udev.packages = [ pkgs.yubikey-personalization ];
pkgs.yubikey-personalization
pkgs.libfido2
(pkgs.writeTextFile {
name = "my-rules";
text = ''
ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0406", MODE="660", GROUP="wheel"
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0406", TAG+="uaccess", GROUP="wheel", MODE="0660"
'';
destination = "/etc/udev/rules.d/50-yubikey.rules";
})
];
services.pcscd.enable = true; services.pcscd.enable = true;
# services.gnome.gnome-keyring.enable = true; # services.gnome.gnome-keyring.enable = true;
@ -47,7 +36,7 @@
}; };
}; };
# programs.gnupg.dirmngr.enable = true; programs.gnupg.dirmngr.enable = true;
programs.gnupg.agent = { programs.gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
@ -71,51 +60,16 @@
}; };
}; };
nixpkgs.overlays = [ # nixpkgs.overlays = [
(final: prev: { # (final: prev: {
# pcsclite = prev.pcsclite.overrideAttrs (old: { # pcsclite = prev.pcsclite.overrideAttrs (old: {
# postPatch = '' # postPatch = ''
# substituteInPlace src/libredirect.c src/spy/libpcscspy.c \ # substituteInPlace src/libredirect.c src/spy/libpcscspy.c \
# --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1" # --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1"
# ''; # '';
# }); # });
# })
# pcsclite = prev.pcsclite.overrideAttrs (old: { # ];
# postPatch =
# old.postPatch
# + (lib.optionalString
# (!(lib.strings.hasInfix ''--replace-fail "libpcsclite_real.so.1"'' old.postPatch))
# ''
# substituteInPlace src/libredirect.c src/spy/libpcscspy.c \
# --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1"
# ''
# );
# });
# pcsclite = prev.pcsclite.overrideAttrs (old: {
# postPatch =
# old.postPatch
# + ''
# substituteInPlace src/libredirect.c src/spy/libpcscspy.c \
# --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1"
# '';
# });
# gnupg = prev.gnupg.override {
# pcsclite = pkgs.pcsclite.overrideAttrs (old: {
# postPatch =
# old.postPatch
# + (lib.optionalString
# (!(lib.strings.hasInfix ''--replace-fail "libpcsclite_real.so.1"'' old.postPatch))
# ''
# substituteInPlace src/libredirect.c src/spy/libpcscspy.c \
# --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1"
# ''
# );
# });
# };
})
];
# security.polkit.extraConfig = '' # security.polkit.extraConfig = ''
# polkit.addRule(function(action, subject) { # polkit.addRule(function(action, subject) {
@ -132,18 +86,13 @@
# ''; # '';
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
pcsclite
pcsctools pcsctools
yubikey-personalization
yubikey-manager
glibcLocales
]; ];
# nixpkgs.overlays = [ # nixpkgs.overlays = [
# (final: prev: { # (final: prev: {
# gnupg = pkgs-unstable.gnupg; # gnupg = pkgs-unstable.gnupg;
# scdaemon = pkgs-unstable.scdaemon; # scdaemon = pkgs-unstable.scdaemon;
# libgcrypt = pkgs-unstable.libgcrypt;
# }) # })
# ]; # ];
@ -159,5 +108,4 @@
# }) # })
# ]; # ];
programs.gnupg.agent.enableExtraSocket = true;
} }

5
nix/configuration/roles/gpg/files/scdaemon.conf
View File

@ -1,7 +1,2 @@
reader-port Yubico Yubi reader-port Yubico Yubi
disable-ccid disable-ccid
log-file /home/talexander/scd.log
verbose
debug cardio
debug-level 5

19
nix/configuration/roles/kubernetes/default.nix
View File

@ -25,9 +25,6 @@ let
export KUBECTL_EXTERNAL_DIFF="${pkgs.colordiff}/bin/colordiff -N -u" export KUBECTL_EXTERNAL_DIFF="${pkgs.colordiff}/bin/colordiff -N -u"
exec ${pkgs.kubectl}/bin/kubectl diff "''${@}" exec ${pkgs.kubectl}/bin/kubectl diff "''${@}"
''; '';
alias_klog = pkgs.writeShellScriptBin "klog" ''
exec ${pkgs.kubectl}/bin/kubectl logs --all-containers "$@"
'';
in in
{ {
imports = [ ]; imports = [ ];
@ -42,21 +39,5 @@ in
alias_ka alias_ka
alias_kdel alias_kdel
alias_kd alias_kd
alias_klog
]; ];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".kube";
user = "talexander";
group = "talexander";
mode = "0750";
}
];
};
};
} }

14
nix/configuration/roles/network/default.nix
View File

@ -10,16 +10,16 @@
networking.dhcpcd.enable = false; networking.dhcpcd.enable = false;
networking.useDHCP = false; networking.useDHCP = false;
# networking.nameservers = [ networking.nameservers = [
# "194.242.2.2#doh.mullvad.net" "194.242.2.2#doh.mullvad.net"
# "2a07:e340::2#doh.mullvad.net" "2a07:e340::2#doh.mullvad.net"
# ]; ];
services.resolved = { services.resolved = {
enable = true; enable = true;
# dnssec = "true"; # dnssec = "true";
# domains = [ "~." ]; domains = [ "~." ];
# fallbackDns = [ ]; fallbackDns = [ ];
# dnsovertls = "true"; dnsovertls = "true";
}; };
# Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection anging and timing out. This causes firefox startup to take an extra 10+ seconds. # Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection anging and timing out. This causes firefox startup to take an extra 10+ seconds.

5
nix/configuration/roles/sway/default.nix
View File

@ -373,11 +373,6 @@ in
source = ./files/settings.ini; source = ./files/settings.ini;
}; };
}; };
home.file = {
".icons/default" = {
source = "${pkgs.adwaita-icon-theme}/share/icons/Adwaita";
};
};
}; };
# For mounting drives in pcmanfm # For mounting drives in pcmanfm