From 9ab312012442a9847605e365ab9c454d618702c8 Mon Sep 17 00:00:00 2001 From: iFargle Date: Sun, 17 Dec 2023 20:52:40 +0900 Subject: [PATCH] Update and re-org --- nixos/common/modules/ssh-luks.nix | 51 +++++++++ nixos/hosts/framework-server/default.nix | 2 +- nixos/hosts/framework-server/rdesktop.nix | 26 ----- nixos/hosts/framework-server/ssh-luks.nix | 39 ------- nixos/hosts/nixos-framework/default.nix | 2 - nixos/hosts/nixos-framework/insecure.nix | 5 - nixos/hosts/nixos-laptop/default.nix | 123 ---------------------- 7 files changed, 52 insertions(+), 196 deletions(-) create mode 100644 nixos/common/modules/ssh-luks.nix delete mode 100644 nixos/hosts/framework-server/rdesktop.nix delete mode 100644 nixos/hosts/framework-server/ssh-luks.nix delete mode 100644 nixos/hosts/nixos-framework/insecure.nix delete mode 100644 nixos/hosts/nixos-laptop/default.nix diff --git a/nixos/common/modules/ssh-luks.nix b/nixos/common/modules/ssh-luks.nix new file mode 100644 index 00000000..5c004627 --- /dev/null +++ b/nixos/common/modules/ssh-luks.nix @@ -0,0 +1,51 @@ +{ inputs, config, lib, pkgs, modulesPath, desktop, username, ... }: { + # https://nixos.wiki/wiki/Remote_LUKS_Unlocking + # Unlock command: + # ssh root@ "Password" + + boot.kernelParams = [ "ip=dhcp" ]; + + boot.initrd = { + enable = true; + systemd.users.root.shell = "/bin/systemd-tty-ask-password-agent"; + availableKernelModules = [ "cdc_ncm" ]; + network.enable = true; + network.ssh = { + enable = true; + port = 22; + authorizedKeys = [ + # Work Laptop + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcSRL0kCzlzIUfkXHc29rievK41vwIGzZJ9UxDZ+zyLqqi4Xe+yHOT6XZFiFrKb9anNbPgBNKTZWNv8A22GXg1+zpYxKGm5YwmDA1oP7IkhoXjX8zWrydbE1pK+pqHQVBxrf8zlXFg0BcdDb9yYR6dBCPQ4AYvotwHYfZnR0xJf/5esxftKY+mCa81EkkYuUQfg6oHVrAhA6Jhk3zM4C1rp+8XA9BNCrhmSrK6ct7Z2heS8we5xSUHHIdcpqK5yKsw4ncA526bPknz7/CHNLUAzwPpAYUeiwMm/axBkP0GlEoVx3FapVlM9jBApAXEDNrPEZUKkYPwURfw/JsxodOd us\1137815@AJ095738" + # root@sysctl.io + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJhQbaq5ktgGQPb/4dfne2b5ta9bi4Tbl0EHP9bAaFnl0O9TNEuWCl7U/T8sJh9vKZb28zbgC4nA7UQUMQp7tHTy2DFNP37WWM0u+BPEKSvjMeUhFqya1YGWN5HW6uCMs6FRRz1io/xn+jVi34LoiOXKQ94hWWusKWXDQzrTeF1ho9e0Xd1LzAQ2lDJRxaEaEkm9NgzgO0j5OECaiSEplUruZqvF44gNo4P+9avOqV/hW2QqtpjysBgVq9EtVS1LHJgcOfPyp4zdzNJSEbelBa2foEqQC8oRu1o4paVxC0gkETZ9TeTwkVRHerYrzf4daL9nQ+Wv4nSUbhlfwqub2aSyCSupn6izfjnXG9S1lb4PakpRcMaIglNneQo17X2NzkVSzl0WjldNKfgRYfd+3zclIbAiLI7Eo/JyCRc/YgjoFbK/wfUatYHkihdnIvGLte1wzznNvRi0lMmUaEBx2UbOdzY0Sb9e0ANrDZYsvaNLKHfeJpPLkXZ8hZjWVTFPs= root@sysctl.io" + # root@ifargle.com + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCtjUiN9CgNtvWTqzudWSvlLJ4P0F21BfsNvXt/3xIDQs3HfqrR3na3UUN0APbtH+Mv9vDIYJQZD9cXfL/PEAFqIVfCcTYg4w07q9TbNO1bDO7TjhHOBIAEF781IBKA5cl8lYUrTA8Sz3tPnn2O77Viv0mpXvEUCeujXy+m4Y+zzkvxBJ7lH5FZeWSY22x2mHonc6dSvRpLQB77bzb5xlk2MfKIWYQCRaL5jL8N7kvbxkhh4rYTWIJqSf7Kx9OXBLD9Zxqa7/uxV9NBW88NJTdkxA52LIVY83J/dGNP+QE4nYVoLYar8SGt7BdRfT7YaaU35QNvmI104V7rF3DdJ1dqFTHCWgNm7wiSHK+nfEa2KGfnciS2lcAXGHSG4Y864iwLipx3cB1p9mqnReTI2VA28LOBnpelrR5eXs3r2RPLxeIb5OSwl2NBDFE1em7iPoZKNltJGGCRXDBH4c6zNpEOJW2av0lo9q1gJrqGd7jj8ZXm8QN82o21FbXm2P4dOOE= root@nuc-docker01" + # root@japan-rpi4 + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCS7V/UnkVoLKcppV7Ew7VjkG6usGrFaFSSP3pnJE9ZFotErsSwxYiP7zG3giKX4x+xpP0NTf67qanDAHF3gBO9OeBSxQaUYN+Vuw6nThF7zqiyCRdd0ek/5RBvhrPlcH8h5VSk0UzVCsX18StrrYGjg5qvDf89Zfa3eikWFU162jTdUERK6nw/RzURZWTjrwN8JMePUF50FG5iyvAwL+yQf5U9Xu4TelK3i1k1yscOiWmKW5MBIqE6VN4JL1fCnE3k8tJENXhmp0gnGY+H1tvd+iJkqYbXoujAyXNTrKULf/OknjVg6DlsxJ190OgpeLw6JBw6wvbXIvTQ0B5VX+Sv+CH3vmuHeyt9IpHFti8MIEIoZ9m5xDoGAKKiOzPKjll4yNgPVEHZKOloHpnz2wmXIHV2Qxxg/IWjImtkTgm0S0Io0RIEblJK1Pz9Y/6JqRyK33+wJs8FKUYv9YX4wn8u8out0qdf0H0hH5xRr4Y+1ZoJO1DLM55kf1e+kGpOsG8= root@japan-rpi4" + # Phone + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAIAQCmKeuGJkCc0yYpdwcjNClwWaABvdB3p+WvatdX5p4wYs4iTq6eLkOCHwkMHYpiwyIyUTRbYqSIznzGBMzoWdVPoBpWidFGZAx4Ud8kjvoeFHT4DSPra+SXW7foNme6xHAF96czA6LPDV9IEGb5eXV+chHICZgUr3+oFBnFgJ23O6yagqtAJP2E/adF1V6Xz7RhH1rebQekCJlhMhBVXOMRXQ/ULARUFMwVdahcP0d9ixXap2o6d/XrE8/Hm6egITHr1jYtdlO/+z06US1plmcTGdeqC+b6cgamST5Mn1oOc7MVhtcQRkuwUoa4B/tDI9O8Av24umFutVgBxN6fqE9a9iBeMvAoiOjXH0/OOdXUruHpquXsYNXgCyrhXsE5MZCoP/pb4wBlSMUnSkedzS6l/xAgoQC35GU9KTZJ6Ergvjzvw/25UYYGLM9+d1d8jv4yqX9T3Qnv95jRrT5PTDTp3FMhl2o4KUh++SMpvFvyTsR0Yb82sSEAkggL2yllSXzNMTvlovE859tBWxxs9XCsOCQjp/S60oruBibwopTvwmWhmXbb+17SsKHxfJUkqFzsP5W6o3gugBl8xeu2c+f1DO4pGd/bPzvBi7O20NwhrGy2JXoeWRDmoq4x64ztkK0lYEgqiA+NsxmEBHJpI1K3pECOm913LbdkyCcubjcs7U79E2+u/5RUXUJhYGQcgQtlz/8Io8j+9VgNzaLM+MhNlPHfyBqZ4Wsq/8W3yAEgCFk5mpQJ9p7Q8BZM2DQU65YYRvTyOJDjDz1qd3BhceZ6PTQ7qOanqqWHvkAGhH0LRVoSRImFUUbawmg4gfPpV+ol/qsNkrbRBzhc1gUGHEbjpbM5vO8mEQc/A86Q74mP1Y8ylq6zLe2OXAQQfT/0y6s3DZ3wzYKiqcj9kYPadme/6Iobv5tyf9B8IYZZ4Rfmg6ZeC0U7Fzn+khOZxrlJfsfZ+qfIjwJAVRfvYVPTRCaUIsDnLZbte0jaDPEHdDgv27icdA49PrRWZaQP3m9pgmF5b5b5W7Bbcpczw0Du5uEQ9ShLT/gxdljdhYQg9bdvZvO2iMV6BJtgUfF3Zs0fANMWPnY7qysfscttLVOXF54OYf28TpC2ySG/wps9Qy5tYg9EV/3oAzobDkjL/bKrXiP/5nAZoKOqjisZbxkRCfZb0m+1vhUcctGOuAAmiaC6VKzQmp+nSkhav1NyChdUyU7GNFN5Dy7M+BsjnId0uJvDWdqo4Zqtjcm5DnvNtkDWfqenn68P1+K+vzlX5xAri+f+HOOID1JJBxPbXXzufFz3khAHW84kFLcgefZHGbmegjxgPkvFMWj2sE6agkYwvy5Uv7vex1wzScACZHDdR4hrZFD3ujQRdWwt6C8t758dS7mKeg1WNrHnwT4tVCUUVKqcyITvmQemYMpt8hrBjr+y8I/nwxwGm7N1cqDUtWLhjSG4ipUdfQJH4jgoSKj6xi13tXh7+8Yfh5flCnki47pTiITxWrOFMhbJ8MuMrT4VVmmyQZKeVXkVVt7553PUkTgkEgWgJB6ME9fv///poa6YO2lRVjY1ZFHJNpQGOvy9FMz4At5kVRW4NpqINj1pHtPTopj8oMG2Kcz00NCFCOekgl/jhXQ2xjVLgJpddHoH325yOMHvt4uFqUNF+Hg8LyEKxiDG3qYky/gM3Me1GJFCJwky7u6BA35Njt7SWeSF7SndixnyMrx8myCrR5YzI3n27gzRFWzWbTlKGYrTS1H1kcRETJL3kHM4Oiv+mUthnHyjTIOomKc4bNKK3OHpsjadP4+Bk31r99dgRrwFYMoerTn4dFOpooWEyy84r6B4QAr64poSIKSWsTUYv978HQN/R6+dnGWZ91TbvsBkK7wX//CCn09haWF+rcmiowGgDB8CfTWYEuSBPgNFuD59yT6vtm/uMABxXrTXtajCzDY+a/NF4UKu/VDNjLq/+jelA0AjWLdT5aPVo3n6woqfhJYrWO711NxBjEpqabiyIeNwA8q2lNa5FAjPPqUxy3qbyt+JE9XUw3v8SNigW31/03VsHpVydoQxcrQtx2j0teQt1bA0Fe48dseHiqhKE2eRlSq++zPp5MYtUFKccSp0MGGkZpE/nikR40vGKohYTCK7HizhzU44WsVUzJfoAMcxH0F9F5mRQZX7YbQTomGnyLnpXL5LGTV926jH5fEXCxrjtKtoaBkS7vHc749i8cySV0/L8hkL1XgqyxbLdacFoIK4kottvXfX7l3vd0VGAec+5ndApDct+hq00knKhr4SozxHYZdRlyT8JBrEeYixljOSay8PfS5fsVh4i0PE9i6du0v+bbkaWakd4+atQcfhY88O1Um0quH4/wlxPmtvBtNU1s6B9OncGfrkL1rOMxe0D9O+luYvcyN1tL9Ourp1llqqVwghqc4Qki43RmN7lJXZK+Lm36PaO1UAviApio0Ivv02cMOO14Xn96Diz/Hkmp7JGxaDv12UkOUWjIlTfAgAUSg3jBQ+lk6R+5CbRM8+kIwMk0RTTWtJhQGhi/SW+e2MAeQtjnyU+dv4wxE9l1CzVF/YpvYnwwdWQefN86KS5KLNb/gPEjvF4J8tTJxXPn9K+IMVRW/rJUgxD9s3WRrRsO1TsijFa9+7bLDSPGR9r1Uk92e/WH4KBn106GnkgBHk9IeTuXtzqmSE8VLecY/69y7uZ1KWH9rpuU6n1UwAld4h/J5TtjtMnxyZF679Xw== Phone" + # Win10 Desktop + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRglopgF7AZxQ/5utdVX+SsZV2Bg5La52mJcoS2EDliDg45NrEvkHTA8BXuGkZmDWj4nNgtfZv0glXEPSNN2tZPbn7OuHJB+jhA6qNMNh1t77EPgNVozhLigeFcC+tjyiNeww7GqaxlQcS3aDU6SdxPoBnZ2RMWYyYlXjEZtwWK8QrSWeuqGCaEPV/vfcBwUALS8m6kk6uLYnXkk6VcnXusuZMc6f9qbApRIXtVbP0MgzIrhk7L60UUg2ceMfuhHF4h9NwtJahpg0veIXSAxcGOY9JZaJdBIntsIj8qkG1UjGPRQjUEWQtVv1w6QS6wc08DhATOMdh4LwncVeLDceN3AqFAvR7ysoCQp0CN9ejNmvXY0oOb5f9l0TRHT9jSscD38EobIQzZ+P8fcwQeHav8ikMqzdpds3xfA5LlNZ1xTZqKxR2PXdzy7GYBhwT+T+EaHsw7MCT7dl/YKYlcAX3JejtUdDy62oClaEwg/izfzfjTq9xHGdudjW8kOIvup8= albert j. copeland@DESKTOP-1SJQ70F" + # albert@nixos-vm-01 + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCkT7gLh5pATYzR4chWNerYt5OcQplgkEVVMgSCNzKpHTjG7vJeA2iSN+rV602rdO9Z9XZ67XpNWsZVKyB8PBxyTk9U/d29OJRnSVhuyKodnxXXQSwAhbOhEYa+PcTqSpRHjJMpFNrww8wCrZ3RJ6tu8MroaUSCl0b1aNB3HD2GDbGOgb8k/3Q722eRCYUe9JHzr2y8/f0ajLp7Z//8DSYTr3I8N+ILZuq+UxXV58S2LmUV4F0omzn6FQKpXpPaeHCEIzI50GoQxXaaInSsiBxauJ4Q0kh4Bu++juIKsNSBN6IU0t1ynk8MGd04dC78APx276Q+KXkm4aIpkUQBoR6HpgZ56Y/XR0/2p0x9Cs8xxhnyR7MKE4dY/j5l7BLVSY6q5uFL1FP7jHFtNC68tLYG2nJ081TsCVaZ7mJfXrdSBS9hy6Tsa4AkAwrTkDGAQF7EV/3WZ+fhQSq1HvB/K/VuqX29hx3C1LyzH9kQNNWBxXzVV0IldLgXFFOzTGwwIHVZQqL0qzDVE5hMa1HQkMCPtpKbUiPXe68GDMcB8hQL9M1bCjFpfkfszFKn2jfv0u+ikY5ZDuMPCOV6lcBtiAS0FB04jhZKDbEqbneKMBYXlF6hYmvPcX0Xhm+OlAitN52Fy3OppgOVmOjci370tOOROk5FTW1wehTfGGRMnm8MCDX7X0omtvIwTSrJw/voJN8R3F7YD4QAd3yPv9y7Om5dMAD+o1a+83segQy8LGS55IITsZ+4hMILjQelJwEmyALpCWDMtfGhL529U44paVqCj4NJKI+EKqJdkajUYDzHhHTe2airUiqpfBHoIXAqB5eKn+MAVtbzVIY5lXc62HOSUAqVjxS/C8ZCsomO54q7cVAkd0tKjAaSPEZBMHGUhrDYXcXrpYA55V72lYzQMMX+RG3IuGkNJjnwJ6GQD4NjtX31MAsHbheu4tx788bnmE7uKmNgnSJW0Lg14CmnJsBSlU4HEbgNixV7o5tltYuIVQHmhjmbk9GGEHmEO/32vriznyHsO6m0lrby836e/vXg2Xsv3T+k7XxkFL8rGG6/b+elGt/8+w4ppfH4nJIFljNnSTBbddrDDMPaOv0qywT4VNLmFKRw2lOT0aL0DKMA1WCs37Sg5eqKLB4/8KBQek5P0wMK1876JHoh1924h4uvHyWhUTogSGFQAAKjMLXqEFKlhySEz8MFPybiCdme8mANMPIVjDyY0uR+FijRxjB72a9OU1M/GvIYNSASOSN7eY0uKgL3SWJntnOsVUF0kvYl0XtAaO+rrKU59imNI0lksngn9DTKiCBDa6VB8WB0wA5caqvZTZtUkD+cKwGBLPe8+0+okDVl/j9FMYOJEw5V albert@nixos-vm-01" + # albert@nixos-framework + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDI7fJtiVPMYN2xJVdr84r1Vrquvo0abJQKtt1NO/F0umyCRvGBaim33KrgyWi8fFCqV6/26JNXx8TdJ6ekczuolxE6/LGIngJ4KUFrAaU9QDdcC7dkDGGUbsGXBNKcvy1uI2dJPqEA1+VotjwTs00Xa6nl9d5VH3yMo2Qgn3HoZvZKbBj2H+06ZJaFckLp7GT7OoPWOE50VxgH8tUsQOlgt/ZaFx7klI7EJLus7lo8gLsQeZPJVT9DXFDUJwwbUeUA/BwnRVPMTF1YrhKat/mvl7iApjNYojxClcEArj2e/hqV7EQrDv8wuW7ocb1HW/r2RLtytP27wJNc9RkrFL4mhvsRbFX2XmhbCoyCS4a1fZyxBqSS7jPbG8IBiAaMi9R45b1Jg4zE+960BKKpcrKJoU5+JHX23XJM4+1Mz9aCL2elSed5KeQDjCGdiYRL7NaqXzVK1qjgPbNsdEoL2VYuz8lT1yAtAEh7O+zFf/Argj5qaTlcRfSvKSYT3/rIj75MBLu3XKrcxBAl+2GE0WW8Wsk04XPiyR3dvAhpbLlkpQFCzsJvkAAwJr6Nh3ihY9bwBgLX8zY8ry+gkSMEsa5coazINkvJLtlLWOGt3Z5wkRIWXIrWDpGyLQCOKgUekUVIvYqJDYYuYMk/DJUJQ2OOtZMSHjXd/ajAGfRRU6hQoYopJIAPVBsZNAmQkVz1ijqX9L/B3LkPUTB3q4rxveTFFxdwFIv/QZp3Q258Sl/zfki1QPH+11Eezr2mmMLMc/AzPBONRb3T7/fv8aLXWBoI20az0lb+xCJFBkH4iVKWxAdpBD2Ou/Bc8QiEtPD5g59/bVkWnLcx03TrSL1UChcV7BIlBO0/CEcul9DZEPFaZvyAuSypIT7+Te1DSUqPugtFPdx9vnlXcar5JUfsTTgiJkHxWhidpxv36CBiwnCeAEhUhF/O2je8HCg9vkn9/WLu05X8xBFtQto5mH0SR/wAlz6iUEjQ4JvZMOsQnKnQxGRimmsAU2vM4YwO8u3xnJzs1ClJaWwkOwoHR9voBoY1Atzr/LI7o4R1mAw+HX7FtOqSnbeiD5Zv7OTNcP1RFp5rCCHoryp6WA4biVKZc7hrwDNb8jsym67Ji7Xy0VebZ9+/KOEcZMqgW94zqBlLPjL8VjwPRMdcq0yynho0TME84ODlY4Qfj6bIGcaQ+DEIVirwiomHKlWwX9kG/p4d1NByr4gM1kQ2UFGIgiXFcd56cf5mxR+0y9MhX4Wt2TRqqiwo5lEJz+ftikm3eFvCI5R9/nyVe5PPNz/UIuHjeiQ25b+eU1rt/jxQskqZsqUc8yBvfj67yIp+w3m1LHUfzXTjcPbJaNU68TgH1dComy8P albert@nixos-framework" + # albert@framework-server + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQC6fB03uJZqI3+807FzS4H7pOWz104ZkKrJy5PgIHog6zef0wyRBAI+mEyXh1L0VJ+AgbfHNkHay0rSAoed6qlnqS2w6I7ZRgl3vJTyB6jWlIzY41qH2kOqLwRSNSHYtryb0HDLt+s9Q3rQzdsPQOsxWJA7P6MGpinXUSGqBUIkeSeL3R0oBBt/5dA9/NoZDIDJQ517EIdPL3HAxReEmWzBOXArxHeVOBcPmxvCYl0OppR7K/TSZn3uK1gfd/tdYpgCheb0ob2TZV2UBewomA2rrD6ggtPNQFuvjQu5sEw2TmUrMR/0ufZdZoMvpG8vXnOZ5OfKsyVzgya8p27I74roqP/ipZwvH1vQ3J0E/83SVYIShB0aSolbDXEgCMHVA1vgCWia3vnpFpfrvxvUuP0G7asWBBha+b7hzAMy77v1TRm9aHuhMvD/aNA7znlr2yixP9Tr4TdrVswX2GYIj11HSeNiGmTkkmtaR4d2KROr2kPpeCAXYU9XM/AaaNB9cvL5ndgXsCxRLaCbuogKruBsN9k/NIxvSJ71slcC5ZSSMTxRGLlj/TUQFcRnaZY/jqaUf22rmYdAJ4DJHfJUR+5w4p14iQfqRRO1qaifx6OthTAv1qLkbOhdisPWyBXTQHJnMAz21lLUGlIM3Lz4LS4s5ahfXw8hCnejcLrmEB6KuINfgBwBxWwq++QypF7Eb4VkAOvgyZTLG6q/GJlaYbAnnn+1/KJLR0LxUCwaPVlsxvOx/NhkAcBRTq7B28r2eIwF/+Xy2Ne76/vKUKgif2dhXYDRMhp/ZWvpjPv2+K/zjr36RiDg12PBpQWAQAPnKXRq2D1/qtsMiFxGNbH3z/Ts4HsDYXdGKepamZK4khBGxBEs7TRmh4SEtkmhIXSdPNMtF4Q0dZ+2CPTo6C69ZVDIYU1uJztYqrHX43XplmHlvGYUMjWZ+w9bEl2LmvV4/Jhu37j9taQlmAo3/oY4RwJ5yJeX2D8VVZ76CuyC6b6wQg+Javp9L2G60eZ0kGOd0rhkWZHvDYMjMLaEr1LAmtxHU4n32WSHV//U3pZz/u0I3h8D1IFN0ybmSTV1k1kz9wtfNzSkvLB4FkjpTm/pLD0ps9QILNTWiDFfokXn6CGn4UJfVKoCDf305NFMVzM+ujwR/VXMXmU4nI55er28xfV5wgc66KWyuSz65kLqRB4ClOx7c/mqQtEWRd2nGFKNjf17KjRA1z7ZYK6wOvx59vzUM87x8GVBYUmjMWm9USHADpYyfVJ64aMSu40C02himUU+8AwFXPxaK8r+TEqkuDzw/o7q2opeuUvRgEVPi7Ci70EqPIKHAYnhAKF4Wb5GnbnGY0yyMLL4H1a7m6YHtV2z albert@framework-server" + # albert@osaka-linode-01 + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCWob3th6U8U3HWGs3bqAeZnIgxNKFBJHYWoK9TPvfyFaPa5o3ZMOk3t1i0fk9ULyUReYNvX4FSDN4NO0d0bwgn9n5I/UNQDHTE7l9dA0Qb2YJXVPNkZ4pB1gajkCqNbBsGb3XQUOto9TDwaq40FMA5nqDorzcvnYR4AlcvzTejt/oKzT2b1Sj8Xznra1ZbJsEssz4tVILLsHfuXsnICWwpj9hCAW/Dage3Svk+N8U81IGCRTTtouwZs0oJIJleXyYCnG8dFZSxnGcgi/aD4igwx1PGLmmfWskFo6PPBSnE60x8skYhEavYA+Ai+Sjqmshu9/D1U7ZdY29Ksc2Yad1vpnBfXmm+FP9BN29dpTJlktnrS3Mnq9cDJq5hkcmlbG1vfS/IwyKhyVA08VtjUmga0zo6NUNadsQpGxaAWwi8qAoW9oXpAQodRPQOri/E9UhzG0JXidigmxQ1LsZTzvkCFiAqk80fHljFkwL+Oo+Lt9UMGZHMBfekzpIzF/yozUgv7HahoqTDnsMLo+hv3KLKJ5SL3bggYYCz5NeHtHeMBcMn3mqwJKXuaZsuCF7vFwRtwZJdtZFcrEu7HyPvYT4X24Ab/h6WVcDXlSAW/Qo9i4jvF6/2PWOVFTYICgvtolX+YXZM872wyeu1b2zSdw28AVyZHzPf8OCNyVlYfyfv5XvtJkXdQ63EZ1iBO21pzQDq4P4sFRD5zE581VhTW0gI0f04iHgUiUeI8dNKTNKZBMxts87Zl98qipJVUKdbWW82haMlcvXCNk71oUorOkMoat1RdbUqxjAdcmu7yTht3pDyF/wrORLU00zWEaynXhoYxFtcDRZAkPjjnY9bl4HHBawqcsHHh3uCVhMkw+HKsK0WXooCHQjNvcQokuoHwL61dRnnxO3xT/RW70MrgF82vO6o4NDgbkT1+N1ghgwgA3JsZ5+zkXg2dWagIYUB0JSdqy/7Sp3IgCpX19/RAwMogi1eIMxEOdBt5skhcTfjrniV92ySNriAIrNqj5KEi1VD3OH1z73abmQwExtmhOT3+cKwB0SU4pfJYvHQW55AE2A14NVl878xKA16AqkppqyLJh6x6l8Dm23XVBOh88mGZ7dtWI6RqkAcw3Cirx09zdDd4rxAx6JnkwX3toLgAUGX1fCHjBf0OjHXIRPLxWeCyY/5l6mLB1K6L7PWjbjEbS5jxm652hnKhGTvqGlsINhybESqW6ekm0vOduUOyilfdq+6pB7tbIqsmzmBzf7uwp+kWWcgsrt4TyjarTiVo4g7FPNSGQjhMvA9g3f88MmLqYhUoR00Trrw9QmM75sokPdKpLwmAisz/aCYpVuK1aWadMHhEDnwmUUCz3Acb3QP albert@nixos-linode-img" + # forgejo-runner + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJJE7z4JlohTe2TfB5ovsDWMT+M+V9AyQ6dXNelX6oGU forgejo-runner" + # (Fri Dec 15 09:34:02 AM UTC 2023) albert@piaware-rpi4 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR8PCfKOTArLemqmnHom4vWJ6u8wrlpG6/gSqeYo/qD albert@piaware-rpi4" + # (Fri Dec 15 11:40:53 AM UTC 2023) albert@backups-rpi4 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGNkKoS32K487JaFza9TUFwrjwe9P7SNIHbVNxhzmRcI albert@backups-rpi4" + ]; + hostKeys = [ + # Generate new keys with: + # ssh-keygen -t rsa -N "" -f /boot/ssh_host_rsa_key + "/boot/ssh_host_rsa_key" + ]; + }; + }; +} \ No newline at end of file diff --git a/nixos/hosts/framework-server/default.nix b/nixos/hosts/framework-server/default.nix index 5d94f2a9..897c238a 100644 --- a/nixos/hosts/framework-server/default.nix +++ b/nixos/hosts/framework-server/default.nix @@ -6,8 +6,8 @@ ../../common/modules/secureboot.nix ../../common/modules/udev-rules.nix ../../common/services/fwupd.nix + ../../common/modules/ssh-luks.nix ./builder.nix - ./ssh-luks.nix ./docker.nix ./wireguard.nix ./cron.nix diff --git a/nixos/hosts/framework-server/rdesktop.nix b/nixos/hosts/framework-server/rdesktop.nix deleted file mode 100644 index 284296fd..00000000 --- a/nixos/hosts/framework-server/rdesktop.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ pkgs, ... }: { - # Enabling Gnome causes the machien to sleep. Disable all of these. - systemd.targets.sleep.enable = false; - systemd.targets.suspend.enable = false; - systemd.targets.hibernate.enable = false; - systemd.targets.hybrid-sleep.enable = false; - - services.xrdp = { - enable = true; - defaultWindowManager = "${pkgs.xfce.xfce4-session}/bin/startxfce4"; - openFirewall = true; - confDir = "/etc/xrdp/conf"; - }; - - environment.systemPackages = [ - pkgs.xrdp - pkgs.xorg.xinit - ]; - - # XRDP needs IPv6 disabled to function. - boot.kernel.sysctl = { - "net.ipv6.conf.enp0s13f0u1.disable_ipv6" = true; - "net.ipv6.conf.all.disable_ipv6" = true; - "net.ipv6.conf.wlp170s0.disable_ipv6" = true; - }; -} \ No newline at end of file diff --git a/nixos/hosts/framework-server/ssh-luks.nix b/nixos/hosts/framework-server/ssh-luks.nix deleted file mode 100644 index d790656d..00000000 --- a/nixos/hosts/framework-server/ssh-luks.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ inputs, config, lib, pkgs, modulesPath, desktop, username, ... }: { - # https://nixos.wiki/wiki/Remote_LUKS_Unlocking - # Unlock command: - # ssh root@ "Password" - - boot.kernelParams = [ "ip=dhcp" ]; - - boot.initrd = { - enable = true; - systemd.users.root.shell = "/bin/systemd-tty-ask-password-agent"; - availableKernelModules = [ "cdc_ncm" ]; - network.enable = true; - network.ssh = { - enable = true; - port = 22; - authorizedKeys = [ - # root@japan-rpi4 - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCS7V/UnkVoLKcppV7Ew7VjkG6usGrFaFSSP3pnJE9ZFotErsSwxYiP7zG3giKX4x+xpP0NTf67qanDAHF3gBO9OeBSxQaUYN+Vuw6nThF7zqiyCRdd0ek/5RBvhrPlcH8h5VSk0UzVCsX18StrrYGjg5qvDf89Zfa3eikWFU162jTdUERK6nw/RzURZWTjrwN8JMePUF50FG5iyvAwL+yQf5U9Xu4TelK3i1k1yscOiWmKW5MBIqE6VN4JL1fCnE3k8tJENXhmp0gnGY+H1tvd+iJkqYbXoujAyXNTrKULf/OknjVg6DlsxJ190OgpeLw6JBw6wvbXIvTQ0B5VX+Sv+CH3vmuHeyt9IpHFti8MIEIoZ9m5xDoGAKKiOzPKjll4yNgPVEHZKOloHpnz2wmXIHV2Qxxg/IWjImtkTgm0S0Io0RIEblJK1Pz9Y/6JqRyK33+wJs8FKUYv9YX4wn8u8out0qdf0H0hH5xRr4Y+1ZoJO1DLM55kf1e+kGpOsG8= root@japan-rpi4" - # Phone - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAIAQCmKeuGJkCc0yYpdwcjNClwWaABvdB3p+WvatdX5p4wYs4iTq6eLkOCHwkMHYpiwyIyUTRbYqSIznzGBMzoWdVPoBpWidFGZAx4Ud8kjvoeFHT4DSPra+SXW7foNme6xHAF96czA6LPDV9IEGb5eXV+chHICZgUr3+oFBnFgJ23O6yagqtAJP2E/adF1V6Xz7RhH1rebQekCJlhMhBVXOMRXQ/ULARUFMwVdahcP0d9ixXap2o6d/XrE8/Hm6egITHr1jYtdlO/+z06US1plmcTGdeqC+b6cgamST5Mn1oOc7MVhtcQRkuwUoa4B/tDI9O8Av24umFutVgBxN6fqE9a9iBeMvAoiOjXH0/OOdXUruHpquXsYNXgCyrhXsE5MZCoP/pb4wBlSMUnSkedzS6l/xAgoQC35GU9KTZJ6Ergvjzvw/25UYYGLM9+d1d8jv4yqX9T3Qnv95jRrT5PTDTp3FMhl2o4KUh++SMpvFvyTsR0Yb82sSEAkggL2yllSXzNMTvlovE859tBWxxs9XCsOCQjp/S60oruBibwopTvwmWhmXbb+17SsKHxfJUkqFzsP5W6o3gugBl8xeu2c+f1DO4pGd/bPzvBi7O20NwhrGy2JXoeWRDmoq4x64ztkK0lYEgqiA+NsxmEBHJpI1K3pECOm913LbdkyCcubjcs7U79E2+u/5RUXUJhYGQcgQtlz/8Io8j+9VgNzaLM+MhNlPHfyBqZ4Wsq/8W3yAEgCFk5mpQJ9p7Q8BZM2DQU65YYRvTyOJDjDz1qd3BhceZ6PTQ7qOanqqWHvkAGhH0LRVoSRImFUUbawmg4gfPpV+ol/qsNkrbRBzhc1gUGHEbjpbM5vO8mEQc/A86Q74mP1Y8ylq6zLe2OXAQQfT/0y6s3DZ3wzYKiqcj9kYPadme/6Iobv5tyf9B8IYZZ4Rfmg6ZeC0U7Fzn+khOZxrlJfsfZ+qfIjwJAVRfvYVPTRCaUIsDnLZbte0jaDPEHdDgv27icdA49PrRWZaQP3m9pgmF5b5b5W7Bbcpczw0Du5uEQ9ShLT/gxdljdhYQg9bdvZvO2iMV6BJtgUfF3Zs0fANMWPnY7qysfscttLVOXF54OYf28TpC2ySG/wps9Qy5tYg9EV/3oAzobDkjL/bKrXiP/5nAZoKOqjisZbxkRCfZb0m+1vhUcctGOuAAmiaC6VKzQmp+nSkhav1NyChdUyU7GNFN5Dy7M+BsjnId0uJvDWdqo4Zqtjcm5DnvNtkDWfqenn68P1+K+vzlX5xAri+f+HOOID1JJBxPbXXzufFz3khAHW84kFLcgefZHGbmegjxgPkvFMWj2sE6agkYwvy5Uv7vex1wzScACZHDdR4hrZFD3ujQRdWwt6C8t758dS7mKeg1WNrHnwT4tVCUUVKqcyITvmQemYMpt8hrBjr+y8I/nwxwGm7N1cqDUtWLhjSG4ipUdfQJH4jgoSKj6xi13tXh7+8Yfh5flCnki47pTiITxWrOFMhbJ8MuMrT4VVmmyQZKeVXkVVt7553PUkTgkEgWgJB6ME9fv///poa6YO2lRVjY1ZFHJNpQGOvy9FMz4At5kVRW4NpqINj1pHtPTopj8oMG2Kcz00NCFCOekgl/jhXQ2xjVLgJpddHoH325yOMHvt4uFqUNF+Hg8LyEKxiDG3qYky/gM3Me1GJFCJwky7u6BA35Njt7SWeSF7SndixnyMrx8myCrR5YzI3n27gzRFWzWbTlKGYrTS1H1kcRETJL3kHM4Oiv+mUthnHyjTIOomKc4bNKK3OHpsjadP4+Bk31r99dgRrwFYMoerTn4dFOpooWEyy84r6B4QAr64poSIKSWsTUYv978HQN/R6+dnGWZ91TbvsBkK7wX//CCn09haWF+rcmiowGgDB8CfTWYEuSBPgNFuD59yT6vtm/uMABxXrTXtajCzDY+a/NF4UKu/VDNjLq/+jelA0AjWLdT5aPVo3n6woqfhJYrWO711NxBjEpqabiyIeNwA8q2lNa5FAjPPqUxy3qbyt+JE9XUw3v8SNigW31/03VsHpVydoQxcrQtx2j0teQt1bA0Fe48dseHiqhKE2eRlSq++zPp5MYtUFKccSp0MGGkZpE/nikR40vGKohYTCK7HizhzU44WsVUzJfoAMcxH0F9F5mRQZX7YbQTomGnyLnpXL5LGTV926jH5fEXCxrjtKtoaBkS7vHc749i8cySV0/L8hkL1XgqyxbLdacFoIK4kottvXfX7l3vd0VGAec+5ndApDct+hq00knKhr4SozxHYZdRlyT8JBrEeYixljOSay8PfS5fsVh4i0PE9i6du0v+bbkaWakd4+atQcfhY88O1Um0quH4/wlxPmtvBtNU1s6B9OncGfrkL1rOMxe0D9O+luYvcyN1tL9Ourp1llqqVwghqc4Qki43RmN7lJXZK+Lm36PaO1UAviApio0Ivv02cMOO14Xn96Diz/Hkmp7JGxaDv12UkOUWjIlTfAgAUSg3jBQ+lk6R+5CbRM8+kIwMk0RTTWtJhQGhi/SW+e2MAeQtjnyU+dv4wxE9l1CzVF/YpvYnwwdWQefN86KS5KLNb/gPEjvF4J8tTJxXPn9K+IMVRW/rJUgxD9s3WRrRsO1TsijFa9+7bLDSPGR9r1Uk92e/WH4KBn106GnkgBHk9IeTuXtzqmSE8VLecY/69y7uZ1KWH9rpuU6n1UwAld4h/J5TtjtMnxyZF679Xw== Phone" - # Win10 Desktop - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRglopgF7AZxQ/5utdVX+SsZV2Bg5La52mJcoS2EDliDg45NrEvkHTA8BXuGkZmDWj4nNgtfZv0glXEPSNN2tZPbn7OuHJB+jhA6qNMNh1t77EPgNVozhLigeFcC+tjyiNeww7GqaxlQcS3aDU6SdxPoBnZ2RMWYyYlXjEZtwWK8QrSWeuqGCaEPV/vfcBwUALS8m6kk6uLYnXkk6VcnXusuZMc6f9qbApRIXtVbP0MgzIrhk7L60UUg2ceMfuhHF4h9NwtJahpg0veIXSAxcGOY9JZaJdBIntsIj8qkG1UjGPRQjUEWQtVv1w6QS6wc08DhATOMdh4LwncVeLDceN3AqFAvR7ysoCQp0CN9ejNmvXY0oOb5f9l0TRHT9jSscD38EobIQzZ+P8fcwQeHav8ikMqzdpds3xfA5LlNZ1xTZqKxR2PXdzy7GYBhwT+T+EaHsw7MCT7dl/YKYlcAX3JejtUdDy62oClaEwg/izfzfjTq9xHGdudjW8kOIvup8= albert j. copeland@DESKTOP-1SJQ70F" - # albert@nixos-rpi4-03 - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDEQJ8RuO0546Uz7vhRIeoWoqq4r137Ih4yKENHIPHRNbWntg02xpVGhCaKJiE4Hgm9hdxNYxoEtrBMyfE6beESBusX9z4Qg7WHXANqQZq8CaGhgMtBGhnw2YkoQBTt1AjQVIrIU/hAu8YoojLR7Vl6J1+VDfPHHYd/xqNuJuuy9c54K244o7Upjf3/rTpp9ZBNpOmtDnx7KVjXmrfyC8bD2fiwdgf1JrARybmGose6J/ICoM9qbdMker9HYM+8ewstve8eiCODX3PADFsxOla7DFZGvJkE6+3K5igmzHCLnGdcMSaercBvuP19G11VRsap2gvE5sstwDVC9PkJqe1WfSUsmlKmQo3MMQBYpjcw9QBHkiyzqkRU/yrybMCG8zr9foShWjQhvhOnsZoLpK2I6J+8tkUatsgMxdjQv/55XfucCNXrC9xGvGUCetEQ+6M6F4lN4aHgkJVGn4eQeGFnulVA5R4UZZdXuuZK1DzkymWYX36qe+PiEd5bxm8F1dzvQWA5mc2eMj+y7pEvBHN+4t96+95pGvcI6vHoDNYxLNnCWIAov31XcxfvF6DJUoIqtmOs8DQVRcFwxBPxsQLCzBpesyAPm21kH+A025JpC9u0Exr+eo6Pv8CXrV+MoUAA9SQZQw/EVpmzixL6NuyHi84P+tUp5C/33ceVHmQGI0q54IjCzAHp/Q0+S/vP+OwEKb2+T64OYdpR8gLG/iId2oBT5uwcLKrTvtW2UNGrGoVbOqe1syL8Nn/K6sv0O+QAF/9I40FUpnqBMI6H4GIps5etZZiQaY0E8tOv18vITawJI2IxI5HLZuS+bmD/uCGYdxO1auiVtwZltvf0MNVnZQoGkr5k5xjLGhHej9wV1/5ZHZhsZQFC2Izp261R6UX1kMxngkZzoPWVNLcFJ7JCpg8G8lvgBUIXVtHIFEzbKmvqvqJICCZU9oV5IFDLeZVqAR5RkTjxRb50yhlgCcR8IBBy9sGnmD48hNPTbCTaqUdQt0pRrMZe5j1uvSgaNaihkN79al8HO01flKapfdb27dnNHId3Pgt0wl9Z5YBsbd8f8KzAhDhXzFbBwPVTAmJV3wgBINH7dhJjbQqPpOjYPEkrlyurOZpCHAxACEk9BOp9d+Zod/2FGwPWW5RE36DXHvb4YOEVRlWmJ58MB5uu0YNgfdDXSE7c5pJFeFYNMIDl0cF6ys7KYfd/XPrUjdpeBtb0Q51l6Q5FpVmLN0zfbx0q8qgeXnWR+qTsLsqfmxTNzGYtgDWflyDBMy2wUaUKeWQp4hjtNTZN80VvpeMljwUhZOFo9OCRC2xr0S2zxjrH6Zh4LlRqIaTxBw8eNyPrYYUH+eYxLLFCgScOJMwN albert@nixos-rpi4-03" - # albert@nixos-rpi4-02 - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCgGLJfc04/koTVvbT8wUJ2N40Q6RMHCTkFvnfRmhiHgi02A6BBJAc0RxuVUJPhCwYJqdBZcqh92uNXuG5Hjj/VgmEj079gBr+TcdLKKbHOEgpXYr5vijmaHpBZ5jJUYNV4u4sg0Ri60KfeYAkjfPAwt/DEGC405Ypo+v25fgnyxmLNHxIsS60qGTyEcxkZvbpvlaojE7LbT5QxypNijXBshAGDE+yWBPfgipNQRCxuFGsQfJn4Ty9U8+8uvQZhXOLnUjTpdTeLcdGgJITNL7juvh72HlHxWHlk23Vd42C1rlzt/JlUixauj2bg3LSAQun5SldqnNtDaX/0/QBBfG6jk48y7YwvPY33/FvZubaJ+Rj8vJq1fNQ4EAkX0aLY7WPK6OJxxpDBOvhxRvLoIi5lI1aNT+uuTQLUCelCjh1Tah4QHlDPaL5GK09OIb6jebv4pBMWGN1gp3LbB0zP92z1tVWuqJ9YDLbZkZa2ZwSSav41/O/dIXac7I8Yu29OOfj1G60Aef9OBdAZ1r2mjsfO560rY5M7HnxjOlognEj2xS3V5CKcYoa6a17l7e8+DE0N9vbt28pKTJ/1FbOx1ceJ6YX9sp1Typz4J5WxcVtWmQsrK7hIV+Fsrr3y/EZdRwcY092JTC3nyKCBPxe2h5e2rVCT1lIS/i0ZR/t6vlmz9qvoD8A3wWpzMyzHX8mEmrv0h9IO49WfnKu2YkFFuoQVnhk+b8zOU1IaYreau6atQZsq0TDPncbi7UoJ+/yCRg5m6+JnlQJ2lj19mCdWcnJtezYUAIniJ8lkKuGUe/aSrmy3wLU5vmWToQhliA48hK9Zy+tdRcFQmhKVbe5WDI78RCj67THAs+5zwe1uXx9oR1wQxXL7H/X1lGB6Oidn7tmqvytYnx/bt0vHBBTqnGI3RgrqCsUSyraqQAPAXvuiAvMQwwiHbB3VbjopsF0hcVWlDDbgQxK6bZZR93yNABirHrEbqckXn5X96Lrc4Ivp/xj16nnvH8hqeT07zIiRw/HIKJGalue7SPsBKQJqsvejdKsPRcApNwcZsu0BKPEKnU+G1NY+pXO3xIVA5WsYmyMX6lb27Cgcn/4/VFj1Eqq0kQ6nZhx3hMh1V/E7pyghciPqpz1an+BXQI4T94rRo9eRUBmt3eatYk0k0IMASB8wI0yCCQ8HVyrA3tb3Op7KzODkBzoekoB4983VSGuOz7unWbrVOpg66diL24TGTcDYP2hb9Q3VY/4tzSo2tUXSkolLpb7MXnSVlDfXviIeCOfr7DcA+WQ3OUIwhXiqjcfAWumRO2Nw/e42JkOvGQgVKJYqX5PjBstuGVc7LYqrBsCnWrScHfIYrZCUOXe+vVYV albert@nixos-rpi4-02" - # albert@nixos-rpi4-01 - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCzIkWmNJ5KGV1F4zME/u+B+LXjW8TI3+sTkcNAJrbsPrp6N8LcxR4a+uwfqJv/Cf6i97Z2WPvUyWTX25X3fEB/jgpS8az5fpxkJ2BvzNho5iHJAg0pIv6+1x5WkKZhqUbB7zc7pdHZvl1ElSgUgzgp2uxuvy5XNm2xqrxS337dG/pFEuK+sg8uZ5bRXbv1ATJ5451aHM49mzbTFxl8J09AKu3U189dofnqQLhyQv08X9n7kbitNaLHjsgv2FMP5pUSI8ysQliOtsQ7FV76OoetJmtEp/1LTSzYffgXtrNqayTninZAUyIORjKVyyGVVb/siz/rsQqWQcx2eneq1ZEGg7nWNsjEoGMsaZFO+FQc6TJIV9aTmh9N7vcVLEFfvUO7F62P1H2y9h2OCaSsYwekLbDw2Gel1FZmL4iVLzETy2NwOXiGWkYtUy+uvMdGtdLQjvhRu6AmwpMGXtG+z3YyjzYb6tUgYuY7EvDFiC+LhY8PBI30ozHHXRD4v2CyD0xdHteq4Yi6y2hcytvcohGd8dg5v7L6DCeLt07/B3kcRfrxOUBa84hcFOHtauhyNVSFk5RGfDg38yVv5XgZMGNvYuUQFdlrkPyP54hbLZ+QXUQt+BuI7uoGa9ezecF6abAfPODGbmP8DqgVD8BmLcv7nMlEcXu+sK0h8H41DnWkhvPZ+ET/JIXAHxpfbFJ9XVCrv9e+bWh2JegJD0fjpWX8KYRpJmhObrz4DqveXdhx1zVQvCEln6+IlRfM1zvNEnX1yV8Oj4VPah2p1TtAyB+Npk5ccErONrvfAaYChWg6EoNFX08AeMaU7AR0q2Yan9ZEaUT+D1ngo0mM0V77s1BKLvEnDklwUxDo87+Wp+H1wOS+nWQV9MRyJoFgZJmZ3iecutSddju5xhfu4Y6PmVXXrWAXxHJxQElDt2RqodyDjSELoua1OiHQDkupK9JSevP2m/G2xFWEcgFtcV2jErHOWSNudqqLv398TN4xrSTKAmPyO70lyMM94tURbVH/dlAq5inoCWPTdv9bK1UuCv/D4jVAnLoKLh9Er75egYgypKcUbMFohsn8Bn0GbLX0jOb8F2nAlIlAc4BRDpuT+jLD0hD6LMK7VyBKWGTUa7IkrdfGI/u1c4i+MD34rnxBu63Oas3RgMh7eFEVZeUslYCSh1aH2usMhGEboyovacvNNsrrd2O+HmbmTfmZtpcKAe+6a0PfkkTCNo+pib6SqOUMJsKqe62POA8lPixpQXcgHua56BdYl12Knf3pVhHb5KVKVFtv7B7FcjFaNj67I8yezsY9j41nAynlJyNV2AQXU9/UIqWltIiKwRoGSxLXMMId0ymHd8qlRVV9kVSPN0AV albert@nixos-rpi4-01" - # albert@nixos-framework - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDI7fJtiVPMYN2xJVdr84r1Vrquvo0abJQKtt1NO/F0umyCRvGBaim33KrgyWi8fFCqV6/26JNXx8TdJ6ekczuolxE6/LGIngJ4KUFrAaU9QDdcC7dkDGGUbsGXBNKcvy1uI2dJPqEA1+VotjwTs00Xa6nl9d5VH3yMo2Qgn3HoZvZKbBj2H+06ZJaFckLp7GT7OoPWOE50VxgH8tUsQOlgt/ZaFx7klI7EJLus7lo8gLsQeZPJVT9DXFDUJwwbUeUA/BwnRVPMTF1YrhKat/mvl7iApjNYojxClcEArj2e/hqV7EQrDv8wuW7ocb1HW/r2RLtytP27wJNc9RkrFL4mhvsRbFX2XmhbCoyCS4a1fZyxBqSS7jPbG8IBiAaMi9R45b1Jg4zE+960BKKpcrKJoU5+JHX23XJM4+1Mz9aCL2elSed5KeQDjCGdiYRL7NaqXzVK1qjgPbNsdEoL2VYuz8lT1yAtAEh7O+zFf/Argj5qaTlcRfSvKSYT3/rIj75MBLu3XKrcxBAl+2GE0WW8Wsk04XPiyR3dvAhpbLlkpQFCzsJvkAAwJr6Nh3ihY9bwBgLX8zY8ry+gkSMEsa5coazINkvJLtlLWOGt3Z5wkRIWXIrWDpGyLQCOKgUekUVIvYqJDYYuYMk/DJUJQ2OOtZMSHjXd/ajAGfRRU6hQoYopJIAPVBsZNAmQkVz1ijqX9L/B3LkPUTB3q4rxveTFFxdwFIv/QZp3Q258Sl/zfki1QPH+11Eezr2mmMLMc/AzPBONRb3T7/fv8aLXWBoI20az0lb+xCJFBkH4iVKWxAdpBD2Ou/Bc8QiEtPD5g59/bVkWnLcx03TrSL1UChcV7BIlBO0/CEcul9DZEPFaZvyAuSypIT7+Te1DSUqPugtFPdx9vnlXcar5JUfsTTgiJkHxWhidpxv36CBiwnCeAEhUhF/O2je8HCg9vkn9/WLu05X8xBFtQto5mH0SR/wAlz6iUEjQ4JvZMOsQnKnQxGRimmsAU2vM4YwO8u3xnJzs1ClJaWwkOwoHR9voBoY1Atzr/LI7o4R1mAw+HX7FtOqSnbeiD5Zv7OTNcP1RFp5rCCHoryp6WA4biVKZc7hrwDNb8jsym67Ji7Xy0VebZ9+/KOEcZMqgW94zqBlLPjL8VjwPRMdcq0yynho0TME84ODlY4Qfj6bIGcaQ+DEIVirwiomHKlWwX9kG/p4d1NByr4gM1kQ2UFGIgiXFcd56cf5mxR+0y9MhX4Wt2TRqqiwo5lEJz+ftikm3eFvCI5R9/nyVe5PPNz/UIuHjeiQ25b+eU1rt/jxQskqZsqUc8yBvfj67yIp+w3m1LHUfzXTjcPbJaNU68TgH1dComy8P albert@nixos-framework" - ]; - hostKeys = [ - # Generate new keys with: - # ssh-keygen -t rsa -N "" -f /boot/ssh_host_rsa_key - "/boot/ssh_host_rsa_key" - ]; - }; - }; -} \ No newline at end of file diff --git a/nixos/hosts/nixos-framework/default.nix b/nixos/hosts/nixos-framework/default.nix index a775486d..361ffc2b 100644 --- a/nixos/hosts/nixos-framework/default.nix +++ b/nixos/hosts/nixos-framework/default.nix @@ -7,8 +7,6 @@ ../../common/modules/udev-rules.nix ../../common/services/powertop.nix ../../common/services/fwupd.nix - # Temporary - Remove when this is no longer insecure - ./insecure.nix ]; # steam , etc diff --git a/nixos/hosts/nixos-framework/insecure.nix b/nixos/hosts/nixos-framework/insecure.nix deleted file mode 100644 index 3ebb8736..00000000 --- a/nixos/hosts/nixos-framework/insecure.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - nixpkgs.config.permittedInsecurePackages = [ - "electron-25.9.0" - ]; -} \ No newline at end of file diff --git a/nixos/hosts/nixos-laptop/default.nix b/nixos/hosts/nixos-laptop/default.nix deleted file mode 100644 index 69f75bdc..00000000 --- a/nixos/hosts/nixos-laptop/default.nix +++ /dev/null @@ -1,123 +0,0 @@ -{ config, lib, pkgs, modulesPath, desktop, username, ... }: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ../../common/services/powertop.nix - ../../common/modules/secureboot.nix - ]; - # steam, nvidia-x11, etc - nixpkgs.config.allowUnfree = true; - - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "thunderbolt" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" "acpi_call" ]; - boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ]; - - # This expects the following: - # /boot is "VFAT" fstype with label "BOOT" - # / is "btrfs" fstype with label "ROOT" - # swap is "swap" fstype with label "SWAP" - - fileSystems."/" = { - device = "/dev/disk/by-label/ROOT"; - fsType = "btrfs"; - options = [ "subvol=@" ]; - }; - - boot.initrd.luks.devices."DISK".device = "/dev/nvme0n1p1"; - - fileSystems."/boot" = { - device = "/dev/disk/by-label/BOOT"; - fsType = "vfat"; - }; - - # Enable Swap on LUKS - boot.initrd.luks.devices."SWAP" = { - device = "/dev/nvme0n1p2"; - keyFile = "/crypto_keyfile.bin"; - }; - - # Set up the keyfile - boot.initrd.secrets."/crypto_keyfile.bin" = null; - # Hibernation resume device - boot.resumeDevice = "/dev/disk/by-label/SWAP"; - # Confirm the swap devices - swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ]; - - networking.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - - # Set your time zone. - time.timeZone = "Asia/Tokyo"; - - # Set the networking hostname: - networking.hostName = "nixos-laptop"; - - # Configure the fingerprint reader - services.fprintd = { - enable = true; - tod.enable = true; - tod.driver = pkgs.libfprint-2-tod1-vfs0090; - }; - - # Enable nVidia PRIME Render Offload and OpenGL - # https://github.com/NixOS/nixos-hardware/blob/master/lenovo/thinkpad/p1/3th-gen/nvidia.nix - - # https://libreddit.kavin.rocks/r/NixOS/comments/x04dyv/optimus_help/ - # boot.kernelParams = [ "nomodeset" ]; - - # nVidia information: - # https://github.com/NixOS/nixpkgs/pull/211300 - # https://github.com/NixOS/nixpkgs/pull/244060 - - # Try gamescope: - programs.gamescope.enable = true; - programs.steam.gamescopeSession.enable = true; - - hardware = { - opengl = { - enable = true; - driSupport32Bit = true; - driSupport = true; - }; - nvidia = { - open = false; - nvidiaSettings = true; - dynamicBoost.enable = true; - package = config.boot.kernelPackages.nvidiaPackages.latest; - powerManagement.finegrained = true; - powerManagement.enable = true; - modesetting.enable = true; - prime = { - offload = { - enable = true; - enableOffloadCmd = true; - }; - intelBusId = lib.mkDefault "PCI:0:2:0"; - nvidiaBusId = lib.mkDefault "PCI:1:0:0"; - }; - }; - }; - - environment.systemPackages = with pkgs; [ - # Fingerprint software - fprintd - - # nVidia gpu options - vulkan-loader - vulkan-validation-layers - vulkan-tools - gwe - nvtop-nvidia - - # Game related things - gamemode - - # WINE - wineWowPackages.stable - winetricks - wineWowPackages.waylandFull - ]; - -}