diff --git a/dotspace/configuration.nix b/dotspace/configuration.nix new file mode 100644 index 0000000..c3d7709 --- /dev/null +++ b/dotspace/configuration.nix @@ -0,0 +1,20 @@ +{ ... }: { + security.pki.certificates = ['' + -----BEGIN CERTIFICATE----- + MIIBqzCCAVGgAwIBAgIQRC/rocbzjexwYz5mWw/YYDAKBggqhkjOPQQDAjA0MRQw + EgYDVQQKDAtEb3RzcGFjZV92MTEcMBoGA1UEAwwTRG90c3BhY2VfdjEgUm9vdCBD + QTAeFw0yNDEwMTgxNjI4NDRaFw0zNDEwMTYxNjI4NDRaMDQxFDASBgNVBAoMC0Rv + dHNwYWNlX3YxMRwwGgYDVQQDDBNEb3RzcGFjZV92MSBSb290IENBMFkwEwYHKoZI + zj0CAQYIKoZIzj0DAQcDQgAEJA1QxB0h6Hvp/0sjxZ+wedEaC0v8ODGb7TOQFNOR + vutG6AeH8F5yRuFmpUjTIXB6nfCn7Ruu1BjL6tjvcAgULqNFMEMwDgYDVR0PAQH/ + BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYEFPzRcD8OgMChBACO + jN+KyAth49ZjMAoGCCqGSM49BAMCA0gAMEUCIAy+GTFir9N8Xldw0YjQIRZOrM81 + mbpG5txU7FzqEOc0AiEA28/SOnR7hSQEslzfeiDbVk1FCIi9AL64cqv1J+0iJc8= + -----END CERTIFICATE----- + '']; + + imports = [ + ./parts/cifs.nix + ./parts/tinc.nix + ]; +} diff --git a/dotspace/home.nix b/dotspace/home.nix new file mode 100644 index 0000000..3bf0012 --- /dev/null +++ b/dotspace/home.nix @@ -0,0 +1,30 @@ +{ ... }: { + programs.ssh = { + enable = true; + userKnownHostsFile = "~/.ssh/known_hosts ~/.ssh/dotspace_known_hosts"; + matchBlocks = { + "git.mlaga97.space" = { + hostname = "10.86.84.150"; + port = 2222; + proxyJump = "fortress.mlaga97.space"; + }; + }; + }; + + + home.file.".ssh/dotspace_known_hosts".text = '' + [10.86.84.150]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGeO5P0YXb11gWpu+9Zj8qulnOeEHxFVIq/d4hfV6KAM + + fortress.mlaga97.space ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINzNlalnh/cgosa5Vw85YEET9rwcEmfRGTFlNFqSo/53 + + bastion.mlaga97.space ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFtmSrFZNFWFUH7ajyaFQSE85RC5Y5TdlZ0U/C863Zg9 + blockhouse.mlaga97.space ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILGKN+xPvC+o9f5vlItdytZfKbsQyN/7XODU2jexL1TV + drawbridge.mlaga97.space ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOphVdDU4YpAc+5JiwarKVk32kfFtVCmQUIJaXc3XqJA + + vm-docker-0.mlaga97.space ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4bp3QlO6M2dfPvjzdTfcEXEsaJ1fcIxyx8aRZRzekq + vm-docker-1.mlaga97.space ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINolzmDBmxUIpR/pcvmQ91gydyty4HlrDyZcz78NYC9C + vm-docker-2.mlaga97.space ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEm4WfWSfqmVGF6VwyLjxGcjn4YtqlWa2zS3eKxDJOCo + + ll-latitude-e5591.mlaga97.space ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiyCBH4WDsmkbsncWbEtzKcBh7t8dKFtWbGtp70lvGm + ''; +} diff --git a/dotspace/parts/cifs.nix b/dotspace/parts/cifs.nix new file mode 100644 index 0000000..1e73d48 --- /dev/null +++ b/dotspace/parts/cifs.nix @@ -0,0 +1,50 @@ +{ config, ... }: let + SMBShares = [ + { + host = "bastion.mlaga97.space"; + share = "MyBook"; + } + { + host = "bastion.mlaga97.space"; + share = "Frigate"; + } + { + host = "blockhouse.mlaga97.space"; + share = "Parlor"; + } + { + host = "blockhouse.mlaga97.space"; + share = "Archive"; + } + ]; +in { + sops.secrets = builtins.listToAttrs( + map ( + x: { + name = "dotspace/smb/${x.share}"; + value = {}; + } + ) SMBShares + ); + + systemd.mounts = map ( + x: { + type = "cifs"; + options = "rw,vers=3,credentials=${config.sops.secrets."dotspace/smb/${x.share}".path},uid=1000,gid=100,dir_mode=0775,file_mode=0775"; + what = "//${x.host}.mlaga97.space/${x.share}"; + where = "/${x.share}"; + } + ) SMBShares; + + systemd.automounts = map ( + x: { + wantedBy = [ "multi-user.target" ]; + automountConfig = { + TimeoutIdleSec = "60"; + DeviceTimeout = "5"; + MountTimeout = "5"; + }; + where = "/${x.share}"; + } + ) SMBShares; +} diff --git a/dotspace/parts/tinc.nix b/dotspace/parts/tinc.nix new file mode 100644 index 0000000..6f48427 --- /dev/null +++ b/dotspace/parts/tinc.nix @@ -0,0 +1,52 @@ +{ ... }: { + services.tinc.networks.dotspace.hosts = { + # Public Endpoints + fortress = '' + Subnet = 10.86.84.1/32 + Ed25519PublicKey = y+7rtFhl2gIt2ziIqs8+Qo80ENde5vzO6yKSXCF3PLE + Address = 68.183.54.8 + ''; + + # Hosts + casemate = '' + Subnet = 10.86.84.103/32 + Ed25519PublicKey = OgHDM9ps4lOqEGLEexuaFLp/HkhkwAPbPKGifrxeOYK + ''; + blockhouse = '' + Subnet = 10.86.84.104/32 + Ed25519PublicKey = mHWGyv/sVAuozd456AnTuSWZCJ45NtStEiPh3xQGakF + ''; + bastion = '' + Subnet = 10.86.84.105/32 + Ed25519PublicKey = VzuBoJYWD/AhXUAbeWsLbJMqhJQCRn8E6sNqkJJej1G + ''; + outpost = '' + Subnet = 10.86.84.106/32 + Ed25519PublicKey = pYWNeHVj6nfcmmHmTTtsAnykbqDxZ+uhlPrDBOjvWzL + ''; + redoubt = '' + Subnet = 10.86.84.107/32 + Ed25519PublicKey = 9m4yRBs4JsYcx5kmPfH4NlKj1ybCZ6gmnVwUDH0vBKA + ''; + + # VMs + vm_docker_0 = '' + Ed25519PublicKey = ttOHxNuWov0mA5bDBaiujZF/sfieflx8+mcn5LVxCkD + Subnet = 10.86.84.150/32 + ''; + vm_docker_1 = '' + Ed25519PublicKey = ly74/CAQIEDFa+HPMJhWikIHAwm4P0X1L8EpdmI7lGD + Subnet = 10.86.84.151/32 + ''; + vm_docker_2 = '' + Ed25519PublicKey = jfgIkB4PcU04Evs3W/ySyxb7NIxosnmRqJ3vMqI4+kC + Subnet = 10.86.84.152/32 + ''; + + # Clients + ll_latitude_e5591 = '' + Ed25519PublicKey = zlht9xdE9gUKON5MUshN07B6deMz3nRYnOnufi6ATGP + Subnet = 10.86.84.250/32 + ''; + }; +} diff --git a/flake.nix b/flake.nix index 9b82bb3..dd248c8 100644 --- a/flake.nix +++ b/flake.nix @@ -69,7 +69,8 @@ ]; "lauren_lagarde@tui.mlaga97.space" = self.homeManagerModules."lauren_lagarde" ++ [ - ./secrets/mlaga97.nix + ./dotspace/home.nix + ./users/lauren_lagarde/home.nix ]; "lauren_lagarde@gui.mlaga97.space" = self.homeManagerModules."lauren_lagarde@tui.mlaga97.space" ++ [ diff --git a/home-manager/.gitignore b/home-manager/.gitignore deleted file mode 100644 index 1377554..0000000 --- a/home-manager/.gitignore +++ /dev/null @@ -1 +0,0 @@ -*.swp diff --git a/home-manager/assets/resetbluetooth.sh b/home-manager/assets/resetbluetooth.sh deleted file mode 100644 index 4533f4f..0000000 --- a/home-manager/assets/resetbluetooth.sh +++ /dev/null @@ -1,2 +0,0 @@ -systemctl --user restart pipewire && sudo systemctl restart bluetooth -i3-msg restart diff --git a/secrets.tar.zst.gpg b/secrets.tar.zst.gpg index dbac6b9..ad39a3f 100644 Binary files a/secrets.tar.zst.gpg and b/secrets.tar.zst.gpg differ diff --git a/systems/bastion/configuration.nix b/systems/bastion/configuration.nix index 5f5b1be..180dafb 100644 --- a/systems/bastion/configuration.nix +++ b/systems/bastion/configuration.nix @@ -45,12 +45,11 @@ ../../nixos/tweaks/systemd-resolved_nonsense.nix # Dotspace - ../../secrets/dotspace.nix - ../../secrets/dotspace_shares.nix + ../../dotspace/configuration.nix ../../nixos/features/stronghold-binary-cache.nix # Users - ../../users/lauren_lagarde/lauren_lagarde.nix + ../../users/lauren_lagarde/configuration.nix ../../users/ashley_funkhouser/ashley_funkhouser.nix # Bastion Features diff --git a/systems/blockhouse/configuration.nix b/systems/blockhouse/configuration.nix index 30768d5..6c26cf5 100755 --- a/systems/blockhouse/configuration.nix +++ b/systems/blockhouse/configuration.nix @@ -38,12 +38,11 @@ ../../nixos/tweaks/systemd-resolved_nonsense.nix # Dotspace - ../../secrets/dotspace.nix - ../../secrets/dotspace_shares.nix + ../../dotspace/configuration.nix ../../nixos/features/stronghold-binary-cache.nix # Users - ../../users/lauren_lagarde/lauren_lagarde.nix + ../../users/lauren_lagarde/configuration.nix ../../users/ashley_funkhouser/ashley_funkhouser.nix # Blockhouse Features diff --git a/systems/fortress/configuration.nix b/systems/fortress/configuration.nix index 307a40b..c69fd75 100644 --- a/systems/fortress/configuration.nix +++ b/systems/fortress/configuration.nix @@ -41,16 +41,17 @@ ../../nixos/tweaks/enable_flakes.nix ../../nixos/tweaks/systemd-resolved_nonsense.nix + # Dotspace + ../../dotspace/configuration.nix + # Users - ../../users/lauren_lagarde/lauren_lagarde.nix + ../../users/lauren_lagarde/configuration.nix # Additional Software ../../nixos/tweaks/disable_firewall.nix #../../nixos/features/virtualization/dockge.nix ../../nixos/features/virtualization/docker.nix - ../../secrets/dotspace.nix - # Local Config ./gatus.nix ./coturn.nix diff --git a/systems/living-room-nixos.nix b/systems/living-room-nixos.nix deleted file mode 100644 index 135a3a6..0000000 --- a/systems/living-room-nixos.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ ... }: { - imports = [ - ../ll-nixos-base.nix - ../features/gpu/intel.nix - ]; - - home-manager.users.lauren_lagarde = { - imports = [ - ../../modules/mlaga97-home-manager/programs/firefox.nix - ]; - - # Fix issue with HDMI passthrough - xsession.windowManager.i3 = { - config.startup = [ - { command = "xrandr --output HDMI-1 --mode 1920x1080 --rate 60 --primary"; } - ]; - }; - }; -} diff --git a/systems/living-room/configuration.nix b/systems/living-room/configuration.nix index 77f3200..b051f88 100644 --- a/systems/living-room/configuration.nix +++ b/systems/living-room/configuration.nix @@ -40,18 +40,17 @@ ../../nixos/tweaks/disable_nixos_user.nix ../../nixos/tweaks/systemd-resolved_nonsense.nix + # Dotspace + ../../dotspace/configuration.nix + ../../nixos/features/stronghold-binary-cache.nix + # Users ../../users/lauren_lagarde/autologin.nix - ../../users/lauren_lagarde/lauren_lagarde.nix + ../../users/lauren_lagarde/configuration.nix # i3wm ../../nixos/features/i3wm.nix - # Dotspace - ../../secrets/dotspace.nix - ../../secrets/dotspace_shares.nix - ../../nixos/features/stronghold-binary-cache.nix - # living-room ../../nixos/features/gpu/intel.nix ../../nixos/features/systemd-boot.nix diff --git a/systems/ll-latitude-e5591/configuration.nix b/systems/ll-latitude-e5591/configuration.nix index 0223b0e..9220b6f 100644 --- a/systems/ll-latitude-e5591/configuration.nix +++ b/systems/ll-latitude-e5591/configuration.nix @@ -32,7 +32,7 @@ ../../nixos/tweaks/systemd-resolved_nonsense.nix # Lauren Base - ../../users/lauren_lagarde/lauren_lagarde.nix + ../../users/lauren_lagarde/configuration.nix # i3wm ../../nixos/features/i3wm.nix @@ -41,8 +41,7 @@ ../../nixos/tweaks/intel_igpu_screen_tearing.nix # Dotspace - ../../secrets/dotspace.nix - ../../secrets/dotspace_shares.nix + ../../dotspace/configuration.nix ../../nixos/features/stronghold-binary-cache.nix # Additional Software diff --git a/systems/ll-nixos-base.nix b/systems/ll-nixos-base.nix deleted file mode 100644 index 100daa4..0000000 --- a/systems/ll-nixos-base.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ pkgs, ... }: { - imports = [ - # Core Features - ../features/base.nix - ../features/tui-apps.nix - ../features/openssh-server.nix - - # Core Tweaks - ../tweaks/zram.nix - ../tweaks/enable_flakes.nix - ../tweaks/disable_nixos_user.nix - ../tweaks/systemd-resolved_nonsense.nix - - # Lauren Base - ../users/lauren_lagarde/lauren_lagarde.nix - - # i3wm - ../features/i3wm.nix - ../features/hardware/yubikey.nix - ../tweaks/bluetooth.nix - ../tweaks/intel_igpu_screen_tearing.nix - - # Dotspace - ../secrets/dotspace.nix - ../features/stronghold-binary-cache.nix - ]; -} diff --git a/systems/ll-nixos-full.nix b/systems/ll-nixos-full.nix deleted file mode 100644 index 4de9729..0000000 --- a/systems/ll-nixos-full.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ pkgs, ... }: { - imports = [ - # Core Features - ../features/base.nix - ../features/tui-apps.nix - ../features/openssh-server.nix - - # Core Tweaks - ../tweaks/zram.nix - ../tweaks/enable_flakes.nix - ../tweaks/disable_nixos_user.nix - ../tweaks/systemd-resolved_nonsense.nix - - # Lauren Base - ../users/lauren_lagarde/lauren_lagarde.nix - - # i3wm - ../features/i3wm.nix - ../features/hardware/yubikey.nix - ../tweaks/bluetooth.nix - ../tweaks/intel_igpu_screen_tearing.nix - - # Dotspace - ../secrets/dotspace.nix - ../features/stronghold-binary-cache.nix - - # Assume Intel GPU - ../features/gpu/intel.nix - - # Additional Software - ../features/embedded.nix - ../features/hardware/rtl-sdr.nix - ../features/hardware/printing.nix - ../features/virtualization/docker.nix - ../features/virtualization/libvirt-host.nix - ]; -} diff --git a/systems/ll-nixos-live/configuration.nix b/systems/ll-nixos-live/configuration.nix index 4320f8a..3e4a0dd 100644 --- a/systems/ll-nixos-live/configuration.nix +++ b/systems/ll-nixos-live/configuration.nix @@ -31,8 +31,12 @@ ../../nixos/tweaks/disable_nixos_user.nix ../../nixos/tweaks/systemd-resolved_nonsense.nix - # Lauren Base - ../../users/lauren_lagarde/lauren_lagarde.nix + # Dotspace + ../../dotspace/configuration.nix + ../../nixos/features/stronghold-binary-cache.nix + + # Users + ../../users/lauren_lagarde/configuration.nix # i3wm ../../nixos/features/i3wm.nix @@ -40,11 +44,6 @@ ../../nixos/tweaks/bluetooth.nix ../../nixos/tweaks/intel_igpu_screen_tearing.nix - # Dotspace - ../../secrets/dotspace.nix - ../../secrets/dotspace_shares.nix - ../../nixos/features/stronghold-binary-cache.nix - # Additional Software ../../nixos/features/embedded.nix ../../nixos/features/hardware/rtl-sdr.nix diff --git a/systems/ll-nixos-xmrig-worker.nix b/systems/ll-nixos-xmrig-worker.nix deleted file mode 100644 index c628fa1..0000000 --- a/systems/ll-nixos-xmrig-worker.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ pkgs, ... }: { - imports = [ - # Core Features - ../features/base.nix - ../features/tui-apps.nix - ../features/openssh-server.nix - - # Core Tweaks - ../tweaks/zram.nix - ../tweaks/enable_flakes.nix - ]; - - networking.networkmanager.enable = true; - powerManagement.cpuFreqGovernor = "performance"; - - environment.systemPackages = with pkgs; [ - xmrig - ]; - - # Improve xmrig performance - hardware.cpu.x86.msr.enable = true; - hardware.cpu.x86.msr.settings.allow-writes = "on"; - - # Helper Scripts - home-manager.users.nixos.home = { - stateVersion = "24.11"; - file = { - "stronghold" = { - executable = true; - text = '' - sudo nmtui-connect Stronghold - ''; - }; - "mine" = { - executable = true; - text = '' - sudo xmrig --randomx-1gb-pages -o vm-docker-2.mlaga97.space:3333 - ''; - }; - }; - }; - - # SSH Config - users.users.nixos.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCl881A1gvgCx+4ECrmJnO2QCTiqjaOLfAegKAAkvWNFKL0rDfsj8tZULUcyn87HYsRrdmqCOQ62GOjQyK803azq7QTxwY4vjczkJxico4LnIToTobcz+JkgF6Rf/h74bs9dHk4ZU853FRBz3wi/14rI10Iwckt37B1ayJacpELuzFobKYip2FjiL1vNH3tiAFR131z+YBByvNX+uJYEhpsI0xry9zbsSUWUq5/YFpmjezblzYRokfsReYiKJeQBeROSeRC/xFBSnikECSylNI4sw5VIpGXFIxL5xhss+s+3dnb+LFQ+zInOYxkVRydYc/In9Wz6Tu7v07K8bjvE7nQwHenoGtRW590Xu0rJApS+k8Cu16sCO2QFj/aI+gCrhU0ymM0aicr0hFAME6Y7j9HcR6PxYxnXZjI7cfqhO5TG8jot25SPzJcvH3EV5oPKtAkw9XA+8+nAI9czFlUgHnuMJAqw1IGOD3qozwqZ5yn1+kG7FZJRpvaPc5pK2HtqaAKJmnRuVaWcFuNALh86gr7Qn8IEp8Q+YyKmDqrMZ4KLJUMnVqn4y0HVS1eB5nVujaJZUGJWA4q3og0FE/2kH74WEp2ZtuJAoEPcgfZ6Ns7BmmXIZU7qu4kQoQ73b3mn6hCi5xlQ/sClzwHYkRPo4tST64ED/UIRPCYe1byNUWSww== lauren@lagarde.dev" - ]; -} diff --git a/systems/outpost.nix b/systems/outpost.nix index a46fc4d..7ad1c2b 100644 --- a/systems/outpost.nix +++ b/systems/outpost.nix @@ -22,10 +22,13 @@ ../tweaks/systemd-resolved_nonsense.nix # Dotspace - ../secrets/dotspace.nix + ../../dotspace/configuration.nix # Users - ../users/lauren_lagarde/lauren_lagarde.nix + ../../users/lauren_lagarde/configuration.nix + + # Outpost + ../../nixos/tweaks/disable_firewall.nix ]; ############################################################################## diff --git a/systems/redoubt/configuration.nix b/systems/redoubt/configuration.nix index be5078e..11ea6dc 100644 --- a/systems/redoubt/configuration.nix +++ b/systems/redoubt/configuration.nix @@ -30,11 +30,11 @@ ../../nixos/tweaks/systemd-resolved_nonsense.nix # Dotspace - ../../secrets/dotspace.nix + ../../dotspace/configuration.nix ../../nixos/features/stronghold-binary-cache.nix # Users - ../../users/lauren_lagarde/lauren_lagarde.nix + ../../users/lauren_lagarde/configuration.nix ../../users/ashley_funkhouser/ashley_funkhouser.nix # Features diff --git a/systems/stronghold/configuration.nix b/systems/stronghold/configuration.nix index 426d7c9..c85cf79 100644 --- a/systems/stronghold/configuration.nix +++ b/systems/stronghold/configuration.nix @@ -18,13 +18,13 @@ ../../nixos/tweaks/disable_nixos_user.nix ../../nixos/tweaks/systemd-resolved_nonsense.nix - # Lauren Base - ../../users/lauren_lagarde/lauren_lagarde.nix - # Dotspace - ../../secrets/dotspace.nix + ../../dotspace/configuration.nix ../../nixos/features/stronghold-binary-cache.nix + # Users + ../../users/lauren_lagarde/configuration.nix + # Docker Host Stuff ../../nixos/tweaks/disable_firewall.nix ../../nixos/features/virtualization/docker.nix diff --git a/systems/vm-docker-host/vm-docker-host-base.nix b/systems/vm-docker-host/vm-docker-host-base.nix index d4bba47..306611c 100644 --- a/systems/vm-docker-host/vm-docker-host-base.nix +++ b/systems/vm-docker-host/vm-docker-host-base.nix @@ -11,12 +11,12 @@ ../../tweaks/disable_nixos_user.nix ../../tweaks/systemd-resolved_nonsense.nix - # Lauren Base - ../../users/lauren_lagarde/lauren_lagarde.nix - # Dotspace - ../../secrets/dotspace.nix - ../../features/stronghold-binary-cache.nix + ../../dotspace/configuration.nix + ../../nixos/features/stronghold-binary-cache.nix + + # Users + ../../users/lauren_lagarde/configuration.nix # Docker Host Stuff ../../tweaks/disable_firewall.nix diff --git a/users/lauren_lagarde/lauren_lagarde.nix b/users/lauren_lagarde/configuration.nix similarity index 100% rename from users/lauren_lagarde/lauren_lagarde.nix rename to users/lauren_lagarde/configuration.nix diff --git a/users/lauren_lagarde/home.nix b/users/lauren_lagarde/home.nix new file mode 100644 index 0000000..ad1cb49 --- /dev/null +++ b/users/lauren_lagarde/home.nix @@ -0,0 +1,7 @@ +{ ... }: { + programs.git = { + enable = true; + userName = "Lauren Lagarde"; + userEmail = "lauren@lagarde.dev"; + }; +}