noa/nixconf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: move nix store to ssh on nuOS

Browse source
This commit is contained in:
Noa Aarts 2024-10-21 10:32:15 +02:00
parent 2934e77dd6
commit 9f8865441b
Signed by: noa
GPG key ID: 1850932741EFF672
4 changed files with 12 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

4
common/ssh-keys.nix Normal file
View file

@ -0,0 +1,4 @@
[
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDmUSRs2akTTWtiaCcB5PNaLFJlwZmvD8YEZp2R4SQ56gj1xddZ0QP8XQIqRd6cmkaGzS9QzNpo03mlaOUTItFarp+OJh7oe9DcqpLR7+30mdLJgmYC6SOm/Upm9jZbl+YVuRbCWUXJ8pgKeJ+GseiKUx/3nPFPJ17Z7xV1GwPBVDxE4F3TVF/JFn6NYE0NF0I35lYUT8JOrmr7r2+VYBt9Pbqta7G6afTl4ETX/pDDiEHQAsf5dUvF/FdAUp50DMVqC81xPlx/ajMzI4thssA8CkUDZdns7WhWSvDuyCz6bRZhnBqJ0oM9clhljhVq7eAScAEH4mM0XEexlE5NUmGqLZJT7NZIX+SRhxtKMTZBY3y6w6cxgNMo8lAhp0d1mlSmBEB1cvlCr38ZtcAyYA1m3vHwnJ4vsbCxxGZeTyLY+mZC4dFcSSyc+P3DtxBle7q6F/Qc9K53I454YsUVHTzD/K1A6r75/6igQBKEoGScVQX5qFLFWOu0k1hOEV3mT3jzP48l5iEz6whdO0EKbHJT3vvM+vj3zLzJ9YeSTDbxTE0AhMNt17yICB/vX1Fi/SwlwjYgUQnwiKbqkOaT5ZTxcqcv3x0EyTdq43J1TEWcAKUW7nlcQ9rwJnwg6MfUKE/cawwPUqGp8WTbavX4/IX/k+jQsuI9XvZ9Y96ilLhTRw== openpgp:0xD85CD295"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBFemc4Pzp7I0y8FHxgRO/c/ReBmXuqXR6CWqbhiQ+0t noa@Noas_flaptop"
]

33
hosts/lambdaos/configuration.nix
View file

@ -75,9 +75,7 @@
description = "Noa Aarts"; description = "Noa Aarts";
extraGroups = [ "networkmanager" "wheel" "docker" "wireshark" "dialout" ]; extraGroups = [ "networkmanager" "wheel" "docker" "wireshark" "dialout" ];
hashedPassword = "$6$rounds=512400$Zip3xoK2zcoR4qEL$N13YTHO5tpWfx2nKb1sye.ZPwfoRtMQ5f3YrMZqKzzoFoSSHHJ.l5ulCEa9HygFxZmBtPnwlseFEtl8ERnwF50"; hashedPassword = "$6$rounds=512400$Zip3xoK2zcoR4qEL$N13YTHO5tpWfx2nKb1sye.ZPwfoRtMQ5f3YrMZqKzzoFoSSHHJ.l5ulCEa9HygFxZmBtPnwlseFEtl8ERnwF50";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = import ../../common/ssh-keys.nix;
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBFemc4Pzp7I0y8FHxgRO/c/ReBmXuqXR6CWqbhiQ+0t noa@Noas_flaptop"
];
}; };
}; };
@ -205,12 +203,6 @@
pulse.enable = true; pulse.enable = true;
jack.enable = true; jack.enable = true;
}; };
nix-serve = {
enable = true;
secretKeyFile = "/var/cache-priv-key.pem";
bindAddress = "127.0.0.1";
port = 22332;
};
fail2ban.enable = true; fail2ban.enable = true;
greetd = { greetd = {
enable = false; enable = false;
@ -250,28 +242,6 @@
}; };
flatpak.enable = true; flatpak.enable = true;
udev.packages = [ pkgs.yubikey-personalization ]; udev.packages = [ pkgs.yubikey-personalization ];
nginx =
{
enable = true;
package = pkgs.nginx.override {
modules = [ pkgs.nginxModules.brotli ];
};
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedBrotliSettings = true;
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
virtualHosts = {
"lambdaos" = {
locations."/".proxyPass = "http://127.0.0.1:22332";
};
};
};
}; };
systemd = { systemd = {
@ -345,7 +315,6 @@
# Open ports in the firewall. # Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
80 # nix-serve
53317 # Localsend 53317 # Localsend
7791 # Pixelflut 7791 # Pixelflut
38281 # Archipelago 38281 # Archipelago

4
hosts/muos/configuration.nix
View file

@ -63,9 +63,7 @@
description = "Noa Aarts"; description = "Noa Aarts";
extraGroups = [ "networkmanager" "wheel" "docker" "wireshark" ]; extraGroups = [ "networkmanager" "wheel" "docker" "wireshark" ];
hashedPassword = "$6$rounds=512400$Zip3xoK2zcoR4qEL$N13YTHO5tpWfx2nKb1sye.ZPwfoRtMQ5f3YrMZqKzzoFoSSHHJ.l5ulCEa9HygFxZmBtPnwlseFEtl8ERnwF50"; hashedPassword = "$6$rounds=512400$Zip3xoK2zcoR4qEL$N13YTHO5tpWfx2nKb1sye.ZPwfoRtMQ5f3YrMZqKzzoFoSSHHJ.l5ulCEa9HygFxZmBtPnwlseFEtl8ERnwF50";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = import ../../common/ssh-keys.nix;
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBFemc4Pzp7I0y8FHxgRO/c/ReBmXuqXR6CWqbhiQ+0t noa@Noas_flaptop"
];
}; };
}; };

22
hosts/nuos/configuration.nix
View file

@ -40,14 +40,16 @@
noa = { noa = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "networkmanager" "wheel" "docker" "libvirt" ]; extraGroups = [ "networkmanager" "wheel" "docker" "libvirt" ];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDmUSRs2akTTWtiaCcB5PNaLFJlwZmvD8YEZp2R4SQ56gj1xddZ0QP8XQIqRd6cmkaGzS9QzNpo03mlaOUTItFarp+OJh7oe9DcqpLR7+30mdLJgmYC6SOm/Upm9jZbl+YVuRbCWUXJ8pgKeJ+GseiKUx/3nPFPJ17Z7xV1GwPBVDxE4F3TVF/JFn6NYE0NF0I35lYUT8JOrmr7r2+VYBt9Pbqta7G6afTl4ETX/pDDiEHQAsf5dUvF/FdAUp50DMVqC81xPlx/ajMzI4thssA8CkUDZdns7WhWSvDuyCz6bRZhnBqJ0oM9clhljhVq7eAScAEH4mM0XEexlE5NUmGqLZJT7NZIX+SRhxtKMTZBY3y6w6cxgNMo8lAhp0d1mlSmBEB1cvlCr38ZtcAyYA1m3vHwnJ4vsbCxxGZeTyLY+mZC4dFcSSyc+P3DtxBle7q6F/Qc9K53I454YsUVHTzD/K1A6r75/6igQBKEoGScVQX5qFLFWOu0k1hOEV3mT3jzP48l5iEz6whdO0EKbHJT3vvM+vj3zLzJ9YeSTDbxTE0AhMNt17yICB/vX1Fi/SwlwjYgUQnwiKbqkOaT5ZTxcqcv3x0EyTdq43J1TEWcAKUW7nlcQ9rwJnwg6MfUKE/cawwPUqGp8WTbavX4/IX/k+jQsuI9XvZ9Y96ilLhTRw== openpgp:0xD85CD295"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBFemc4Pzp7I0y8FHxgRO/c/ReBmXuqXR6CWqbhiQ+0t noa@Noas_flaptop"
];
hashedPassword = "$6$rounds=512400$g/s4dcRttXi4ux6c$Z6pKnhJXcWxv0TBSMtvJu5.piETdUBSgBVN7oDPKiQV.lbTYz1r.0XQLwMYxzcvaaX0DL6Iw/SEUTiC2M50wC/"; hashedPassword = "$6$rounds=512400$g/s4dcRttXi4ux6c$Z6pKnhJXcWxv0TBSMtvJu5.piETdUBSgBVN7oDPKiQV.lbTYz1r.0XQLwMYxzcvaaX0DL6Iw/SEUTiC2M50wC/";
openssh.authorizedKeys.keys = import ../../common/ssh-keys.nix;
}; };
}; };
nix.sshServe = {
enable = true;
keys = import ../../common/ssh-keys.nix;
};
# Allow unfree packages # Allow unfree packages
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
@ -230,18 +232,6 @@
}; };
}; };
"locked.itepastra.nl" = {
forceSSL = true;
useACMEHost = "itepastra.nl";
extraConfig = extra;
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://192.168.42.5:9000/";
};
};
"calendar.itepastra.nl" = proxy "itepastra.nl" "http://[::1]:29341"; "calendar.itepastra.nl" = proxy "itepastra.nl" "http://[::1]:29341";
}; };
}; };