update

2025-01-15 16:34:51 -08:00 · 2025-01-15 16:34:51 -08:00 · a57c99e31e
commit a57c99e31e
parent 62ac2a18f5
6 changed files with 13 additions and 84 deletions
--- a/lib/default.nix
+++ b/lib/default.nix
@ -4,19 +4,15 @@
    system    ? "x86_64-linux", 
    username  ? "albert"
  }: {
-    hostname = "${hostname}";
-    
-    user = "root";
-    sshUser = "${username}";
+    hostname = hostname;
+    user = "root";  
+    sshUser = username;
    sshOpts = [ "-A" "-q"];

-    # FIX: 
-      # sshUser = "deploy";
-      # sshOpts = [ "-q" "-i" "/home/deploy/.ssh/id_ed25519" ];
-
    profiles = {
      system.path       = inputs.deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.${hostname};
      home-manager.path = inputs.deploy-rs.lib.${system}.activate.home-manager self.homeConfigurations."${username}@${hostname}";
+      home-manager.user = username;
    };
  };

--- a/nixos/common/services/btrbk.nix
+++ b/nixos/common/services/btrbk.nix
@ -53,8 +53,8 @@
        volume."/" = {
          target = "ssh://synology/volume1/btrbk/hosts/${hostname}";
          subvolume = {
-            "/"    = { snapshot_dir = ".snapshots/btrbk"; };
-            "/nix" = { snapshot_dir = ".snapshots/btrbk"; };
+            "/"    = { snapshot_dir = "/.snapshots/btrbk";     };
+            "/nix" = { snapshot_dir = "/nix/.snapshots/btrbk"; };
          };
        };
      };
--- a/nixos/hosts/nuc-server/disks.nix
+++ b/nixos/hosts/nuc-server/disks.nix
@ -10,8 +10,8 @@
    "d /Local-Storage/.snapshots/btrbk 0755 btrbk btrbk"
  ];
  services.btrbk.instances."synology".settings.volume."/".subvolume = {
-    "/home"          = { snapshot_dir = ".snapshots/btrbk"; };
-    "/Local-Storage" = { snapshot_dir = ".snapshots/btrbk"; };
+    "/home"          = { snapshot_dir = "/home/.snapshots/btrbk"; };
+    "/Local-Storage" = { snapshot_dir = "/Local-Storage/.snapshots/btrbk"; };
  };
  
  # services.cron = {
--- a/nixos/small.nix
+++ b/nixos/small.nix
@ -1,4 +1,4 @@
-{ inputs, lib,  pkgs, hostname, stateVersion, username, desktop, system, ... }: {
+{ inputs, lib,hostname, username, desktop, ... }: {
  imports = [ 
    # Modules
    inputs.disko.nixosModules.disko
@ -24,68 +24,4 @@
  ] ++ lib.optional (builtins.isString desktop) ./common/desktops/${desktop};
 
  programs.fish.enable = true;
-
-  # NOTE:  This user is used to remotely build NixOS using deploy-rs
-  #        The private key needs to be manually copied to /home/deploy/.ssh/id_ed25519 
-  #        on any machine being used to deploy from.  It is located in secrets.yaml -> 
-  #        deploy/ssh_key
-
-  # Configure the user 
-  users.users.deploy = {
-    isNormalUser = true;
-    createHome = true;
-    home = "/home/deploy";
-    # Only add the minimum required groups
-    extraGroups = [ "deploy" "nixbld" ]; # Create a dedicated group
-    # Disable interactive login
-    # TODO:  Need to re-enable this when things are working
-    # shell = "/run/current-system/sw/bin/nologin";
-    openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPyjI22cErvcrjDGkdqnnDDh/L6+5GemXL0l/sGXPuIJ deploy" ];
-  };
-
-  # Anyone in the deploy group is allowed to connect to the Nix daemon
-  nix.settings.trusted-users = [ "@deploy" ];
-
-  # Create a dedicated group
-  users.groups.deploy = {};
-
-security.sudo = {
-  enable = true;
-  extraRules = [{
-    users = [ "deploy" ];
-    commands = [
-      {
-        command = "/run/current-system/sw/bin/nixos-rebuild";
-        options = [ "NOPASSWD" ];
-      }
-      {
-        command = "/run/current-system/sw/bin/home-manager";
-        options = [ "NOPASSWD" ];
-      }
-      {
-        command = "/nix/store/*/bin/switch-to-configuration";
-        options = [ "NOPASSWD" ];
-      }
-      {
-        command = "/nix/store/*-system/bin/switch-to-configuration";
-        options = [ "NOPASSWD" ];
-      }
-      {
-        command = "/run/current-system/sw/bin/nix-env";
-        options = [ "NOPASSWD" ];
-      }
-      {
-        command = "/run/current-system/sw/bin/nix-store";
-        options = [ "NOPASSWD" ];
-      }
-      {
-        command = "/run/current-system/sw/bin/nix-daemon";
-        options = [ "NOPASSWD" ];
-      }
-    ];
-  }];
-};
- 
-  # Sets permissions  
-  systemd.tmpfiles.rules = [ "Z /etc/nixos/git - deploy deploy" ]; 
 }
--- a/nixos/users/albert/default.nix
+++ b/nixos/users/albert/default.nix
@ -11,7 +11,7 @@ in {
      isNormalUser = true;
      description = "Albert J. Copeland";
      # video is required for the "light" command to work
-      extraGroups = [ "networkmanager" "wheel" "deploy" ] 
+      extraGroups = [ "networkmanager" "wheel" ] 
        ++ ifExists [ "keys"      ]
        ++ ifExists [ "audio"     ]
        ++ ifExists [ "video"     ] 
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@ -6,18 +6,15 @@ btrfs-backups:
    gotify_token: ENC[AES256_GCM,data:PP8UTJWrDKhonLxN8vEj,iv:hTGWyktK+Ce7hAd0bARztLAQDSvhWgLcKRyGqyfgVKU=,tag:2xboM6Uv8NWld89EUl2jEg==,type:str]
 btrbk:
    ssh_key: ENC[AES256_GCM,data:HxT85XlROSSKqPOEToSmrpzc6cutWRDkLxIO8o13AENtAlqEfBtcVTe/XKKbUjx+38FkqznVuHgVxXtnWLfON0yCx2PqoWVsluPfW44QFswQdtM0dYYCFy1hK7pg0xSplIeYdNZC9VFhL+SoBYXfTHKpalPo5LwYVrtQnO9yV/PrYw07oYTEKWGVxpi0KJJ2vo4UwxONzEJJSjJU/M0haQ1mvgTU5kFS5e4cMZOy3cGpGSUOPlUDlQgUlANcK92HFZlFnRyd2r+pjYVkSeixfQ9Zq30nNoaSu1J2VZhkt1KTfAXnuGIjlByvSVE9ZF78rlZfTBmZzJEyB3N3rtWEWUOrLZx8ZCh1YIpp6VK2WNJKtW2SpCpkG0fCoKzJiBvf+GuV4P0vdBHo6/xt12CHx498XUZSP644b1vnUim+RRmDQkVnTJnjY4YilIUME8MEFMzNuGamX/IX+U+UDGYwE+/7rc1BMZyJdzQka272uj66Q+fE7f/wzgtVbtgBBkIi3pDfv3smfFU8xGQoNmGJWIy1edvDJpoxsIaZ,iv:SvcLu1ffduCYj6tEfj6cSZM9CSB9TbGXWz4CixXYnsA=,tag:enn3+zPZbDl7IfivWv82Fg==,type:str]
-    ssh_pub_key: ENC[AES256_GCM,data:Ml1yjWnnsOCe0d/iqtgDXshKn3cIrWiqhV9Vz07JKjH7kiGUB1JFMZSGu/U7iYA72DTfqJvGtT+cHzjhYVx5HcPnqTW+6e7o1tdZtpascuDr9qU65o2p,iv:KWos4jYOEWZgZAaPohbLFMg6ecytU9v9quMOrGMaeMk=,tag:jlk6JUuWOnrVJyg52tbMGQ==,type:str]
-deploy:
-    ssh_key: ENC[AES256_GCM,data:UjjdKnvDXHqJYk/n0Q8HoVTBKFbaHOZ6jaJ1IIuLdCp54RYn1AmJybciIR+/KW/Y381astJY68iLgMVrscNZ2IsI5SvdFQ6Z0fNosSsDfF1ntaT04imm++HSlKOghhZl8LtXZa+6+WcLSdCdWNVUb+xmAZh3eqTQZaR+GcqfZKQLk34ZCN3fLTiCtynQtXTON1Zng9FLVszM8G22w9RAo4PsgHCSVircH+BTKd76+YZynREScSWIm3vJrjaTTfOk0OLH1TkS/lObnHJmR9BZi3xuqRj2r16G9BqwyseIEDCMXCxiN/k0q6LAjdpzo1eleNwy9nHG/5Uu5MN3S4y65ESJlD22kk1BGT96l0cyf47Xxst1My33Gr56PT9A4Qu3AQ8mNc8s6VjQHuTF0363C2RwYv8OreRWN/kkzPKNHqXFbyQIwIJ4UsrVoZkDoggiGjXDU7CvJ3BSTXl/z8Lbh3BDEA+8kyWdDgRPAwyVs1nrwcBMOsIEFBYLDwIxYhOc/o1Y+b+jkAC5JTnA3laRji7mIZstu3UsA+FC,iv:utbR484ecLQ2Stm9aOPLr+0kHspMTmius5otq9D5fCY=,tag:vNWHrBapEMF7D8CvJDdOYA==,type:str]
-    ssh_pub_key: ENC[AES256_GCM,data:Ila55CvLNYnxxNVcLS/uzWQa707j7QjMSMGFadYbHpg4hUUXzRODhBWtusSIztrLD1euHFl8Na6M+bx84DSxcsaF0X6mexYVbtxJHF9HTdnZPZM0u+in,iv:yTDPy++YcxcVZjboh4vgAOvh+APKoBeAqtJS0ro2sWQ=,tag:SVtffDUvmyog3uQ4SaoBfA==,type:str]
+    ssh_pub_key: ENC[AES256_GCM,data:ARuXIOnW2x2NceekoRPG/Vy+zj/RdryE9m4MYt6e1NFGOgC2k69ZAmBui0+aIly2kJP4VyKJ/cf70APuv4uBmahAClFFdj5ZNrQnINiQzJF6iWOiaRI=,iv:+TqQ1WWaVRy/Ec8N3WUxSlkfU2me2ncII8smq6RsJr8=,tag:G4+/js93EFWudg9cRigxog==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age: []
-    lastmodified: "2025-01-14T20:45:34Z"
-    mac: ENC[AES256_GCM,data:KjuiBTPuq0j3FXy5qZRINYsqDoNWXOn8+MDh+QVLIDZqH3qe5iXg9r/hTlGiTOiWfnoMd4nbItcWMqGqZIFeUfBGKYWPUlMM4vxydDaXyZDbtQMGQZ6aSCqKbcO7hazFf4XAyGqKv6YA+tBRPeCXsxeFq1QLRpGoAPsY7wFeQgk=,iv:bgzBJCGcdzQvVGPW5gEha5kEksPEYcXKafyMN797i64=,tag:vnMDLJ/cX0G9TWGTdFkaXA==,type:str]
+    lastmodified: "2025-01-16T00:34:44Z"
+    mac: ENC[AES256_GCM,data:oG1TahgiYBXqDV9oftlBfhSlUIDwkyPMQncoxq9+443ktXZ4Ze+FpYw3FH4NAR4n59CWfzrwUYWY+YYoRUIUzNrOloygy2z/FAdnyYXs3CDt++4Gilz74P9f5THloXgKF5LMSIyYh091zrEV25nSqdSHQZnXKQOQJAAsitMcAdU=,iv:k7SJ9bnC1eiOSkomIrB1Ou0VoUfRcYI3m0GUKTGATQw=,tag:wfjGh3q7X0EXbx4o37syLQ==,type:str]
    pgp:
        - created_at: "2025-01-10T20:21:25Z"
          enc: |-