From f861e50f3e701f9c97fa9164ddd184d7a2c35a54 Mon Sep 17 00:00:00 2001 From: Sameer Rahmani Date: Tue, 26 Mar 2024 21:16:39 +0000 Subject: [PATCH] Setup maryland --- flake.lock | 39 ++++++++++++++-------------- secrets/mary/user.age | Bin 537 -> 446 bytes secrets/secrets.nix | 4 +-- users/lxsameer/default.nix | 2 -- users/lxsameer/desktop.nix | 52 +------------------------------------ users/mary/default.nix | 26 ++++++++++++++++--- users/mary/desktop.nix | 23 +++++++++++++--- worlds/maryland.nix | 18 ++++++++++++- 8 files changed, 82 insertions(+), 82 deletions(-) diff --git a/flake.lock b/flake.lock index 9005396..252cbf4 100644 --- a/flake.lock +++ b/flake.lock @@ -197,11 +197,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1710427903, - "narHash": "sha256-sV0Q5ndvfjK9JfCg/QM/HX/fcittohvtq8dD62isxdM=", + "lastModified": 1711462743, + "narHash": "sha256-3wKGpHy9Kyh98DrziqC/s//60Q0pE17NgbY93L0uWng=", "owner": "nix-community", "repo": "disko", - "rev": "21d89b333ca300bef82c928c856d48b94a9f997c", + "rev": "a6717b1afee7ae955c61eefdf0ce8f864ef78115", "type": "github" }, "original": { @@ -238,10 +238,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "dirtyRev": "70f14f5928c6cffb3be81784425b57d984a00acd-dirty", - "dirtyShortRev": "70f14f5-dirty", - "lastModified": 1710021649, - "narHash": "sha256-3gmgWWaVJNW1xpbov8dVkf3EGucNXQggd5KsYONfTo0=", + "lastModified": 1711478570, + "narHash": "sha256-qjzwq2qj0e9EpN7QYTnTXipHmrWWUG3bEARmzju81OI=", + "ref": "refs/heads/v4", + "rev": "2d459669cb67e1960579e97e05ccac05c993b70a", + "revCount": 1063, "type": "git", "url": "file:///home/lxsameer/src/fg42" }, @@ -418,11 +419,11 @@ }, "nixlib": { "locked": { - "lastModified": 1710031547, - "narHash": "sha256-pkUg3hOKuGWMGF9WEMPPN/G4pqqdbNGJQ54yhyQYDVY=", + "lastModified": 1711241261, + "narHash": "sha256-knrTvpl81yGFHIpm1SsLDApe0thFkw1cl3ISAMPmP/0=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "630ebdc047ca96d8126e16bb664c7730dc52f6e6", + "rev": "b2a1eeef8c185f6bd27432b053ff09d773244cbc", "type": "github" }, "original": { @@ -439,11 +440,11 @@ ] }, "locked": { - "lastModified": 1710398463, - "narHash": "sha256-fQlYanU84E8uwBpcoTCcLCwU8cqn0eQ7nwTcrWfSngc=", + "lastModified": 1711375484, + "narHash": "sha256-+d4HqehyQvuHUKR8Nv9HGGd/SP5wjg3MA/hEYJBWQq0=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "efd4e38532b5abfaa5c9fc95c5a913157dc20ccb", + "rev": "2b3720c7af2271be8cee713cd2f69c5127b0a8e4", "type": "github" }, "original": { @@ -454,11 +455,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1710123225, - "narHash": "sha256-j3oWlxRZxB7cFsgEntpH3rosjFHRkAo/dhX9H3OfxtY=", + "lastModified": 1711352745, + "narHash": "sha256-luvqik+i3HTvCbXQZgB6uggvEcxI9uae0nmrgtXJ17U=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "ad2fd7b978d5e462048729a6c635c45d3d33c9ba", + "rev": "9a763a7acc4cfbb8603bb0231fec3eda864f81c0", "type": "github" }, "original": { @@ -469,11 +470,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1710346304, - "narHash": "sha256-vwoyBoCovK7+vdbCYqL9MssoFQjaXtZN8sElcjUdbx8=", + "lastModified": 1710889954, + "narHash": "sha256-Pr6F5Pmd7JnNEMHHmspZ0qVqIBVxyZ13ik1pJtm2QXk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a0906f14161a5c5792e9883117b9471f5bf6df72", + "rev": "7872526e9c5332274ea5932a0c3270d6e4724f3b", "type": "github" }, "original": { diff --git a/secrets/mary/user.age b/secrets/mary/user.age index 3e450312c8ccc6aaec0326f0b15f9678f2521be2..d4b37daeae5fef7eab2f938d3f4e6e863d3c82de 100644 GIT binary patch delta 431 zcmV;g0Z{ik~18GmzgXf0)AGBq_ZIUr9(W@&bJAXPF;T0u`sQY%74P;yUXLTqVt zQ*Cc_T3TvWQ)f$5X*Wr7L2P($V`o8k3Sv)oNK{l#a5PG1Ia6{Xx2EoX9NVRL05dw)G?A|PBsa3CiyAZ2h> zMG8Y@L{~9yS50m&NlIu$F*9OLRC;4)b!Tx^HCahxBL^5Z1R8K2o^Rf8w!8GUcSokju2(wRmY@9EI?0D3ny zpXl(k7$>Bh=exby{;bbUAzu)+bV~R1&Hq#|y0BL3)F^D@rt_i_dxPWK4ZFz5I&003aLsF0%!oI^0E$e?6N(|oiDLR!s8^mV2qcy7kT{LLemVCsQpn7@X?C;#gf!4TLYu=x9bOmhaLK)QknxOOl<~er>9zCe;-S zV}lWFf_G_dV4DbrVQ7>V1iuP`87JQel!3_tvh2HjQw@M*ka9hQ8qSR2CT?-a{R>Ca z(_g>utnS`^?7e^RWbf(6yFwA6CA+`FW0&-aWs%ey8v|VU8{b(O<}$ ByHWrE diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 1790f5d..0cdbf40 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -23,10 +23,10 @@ let mary = { yubikey_1 = "age1yubikey1qtsln0tj4my8t0nywnmpse8tsfl28ctmd26tkxahspm5skefmqvmvpw4ef4"; yubikey_2 = "age1yubikey1qvnajv3gu2t7q239nxz2ggfykavrt0k5vaauy9gc8ac82gsrsx3cwk7lfpd"; - pub = "age1zmrr9vrq6r3twfj3e00vn33hn2qgggv5dg3l2kysw9kjtx2r2ckq87ee5w"; + pub = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOXfcDiEl2a520F3BEirU8ey4VUxcNQu90FIescz1PQi mary@maryland"; }; in { "lxsameer/user.age".publicKeys = [ lxsameer.pub ]; - "mary/user.age".publicKeys = [ mary.yubikey_1 mary.yubikey_2 ]; + "mary/user.age".publicKeys = [ mary.pub ]; } diff --git a/users/lxsameer/default.nix b/users/lxsameer/default.nix index 6eaf31d..834a71a 100644 --- a/users/lxsameer/default.nix +++ b/users/lxsameer/default.nix @@ -73,7 +73,6 @@ rec { "networkmanager" ]; password = "123123"; - }; users.lxsameer = { isNormalUser = true; @@ -90,7 +89,6 @@ rec { openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG3aV2dwnll3KxFR57Oj6Br51c7gJ/pkRa+IkKM6slve lxsameer@lxsameer.com" ]; - }; }; diff --git a/users/lxsameer/desktop.nix b/users/lxsameer/desktop.nix index 7cddd22..697cd56 100644 --- a/users/lxsameer/desktop.nix +++ b/users/lxsameer/desktop.nix @@ -154,57 +154,6 @@ in { remmina ]; - # # basic configuration of git, please change to your own - # programs.git = { - # enable = true; - # package = pkgs.gitFull; - # userName = "Sameer Rahmani"; - # userEmail = "lxsameer@gnu.org"; - # aliases = { - # co = "checkout"; - # br = "branch"; - # ci = "commit"; - # st = "status"; - # unstage = "reset HEAD --"; - # last = "log -1 HEAD"; - # lg = - # "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit"; - # brs = - # "for-each-ref --sort='-authordate:iso8601' --count 20 --format=' %(color:green)%(authordate:relative)%09%(if)%(HEAD)%(then)%(color:brightwhite)*%(else)%(color:white) %(end)%(refname:short)%09%(color:yellow)%(authorname)%(authoremail)' refs/heads"; - # e = "emacsclient"; - # }; - - # signing = { - # key = "0x8741FACBF412FFA5"; - # signByDefault = true; - # }; - - # difftastic.enable = true; - # # delta.enable = true; - - # extraConfig = { - # core = { - # abbrev = 12; - # excludesFile = "${./git/gitignore}"; - # }; - - # pretty = { fixes = ''Fixes: %h ("%s")''; }; - - # url."git@github.com:" = { insteadOf = "https://github.com/"; }; - - # sendemail = { - # smtpEncryption = "tls"; - # smtpServer = "fencepost.gnu.org"; - # smtpUser = "lxsameer"; - # smtpServerPort = 587; - # }; - - # status.submoduleSummary = true; - # pull.rebase = false; - # http.sslVerify = true; - # }; - # }; - # starship - an customizable prompt for any shell programs.starship = { enable = true; @@ -453,4 +402,5 @@ in { enableBashIntegration = true; # see note on other shells below nix-direnv.enable = true; }; + } diff --git a/users/mary/default.nix b/users/mary/default.nix index 3b71dcc..064d5b5 100644 --- a/users/mary/default.nix +++ b/users/mary/default.nix @@ -43,15 +43,15 @@ rec { (inputs.agenix.packages.x86_64-linux.default.override { ageBin = "${rager}/bin/rager"; }) ]; - age.identityPaths = [ + # This is an actual private key, we should avoid + # including it in the store + "/home/mary/.ssh/universe" + # Since these are stubs, its ok to include them in the store ./yubikey_1.stub.id ./yubikey_2.stub.id - # But this is an actual private key, we should avoid - # including it in the store - #"~/.ssh/universe.priv" ]; age.secrets.user.file = ../../secrets/mary/user.age; @@ -61,6 +61,19 @@ rec { gid = 1001; }; + users.lxsameer1 = { + isNormalUser = true; + shell = pkgs.zsh; + uid = 9000; + group = "lxsameer"; + + extraGroups = [ + "wheel" + "networkmanager" + ]; + password = "123123"; + }; + users.mary = { isNormalUser = true; shell = pkgs.zsh; @@ -71,8 +84,13 @@ rec { "wheel" "networkmanager" ]; + hashedPasswordFile = config.age.secrets.user.path; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG3aV2dwnll3KxFR57Oj6Br51c7gJ/pkRa+IkKM6slve lxsameer@lxsameer.com" + ]; + }; }; diff --git a/users/mary/desktop.nix b/users/mary/desktop.nix index 8c927c1..63a2de1 100644 --- a/users/mary/desktop.nix +++ b/users/mary/desktop.nix @@ -113,6 +113,10 @@ protonvpn-gui yubioath-flutter yubikey-manager + + shotwell + flameshot + ]; # basic configuration of git, please change to your own @@ -224,7 +228,6 @@ eval $(thefuck --alias) autopair-init ''; - plugins = with pkgs; [ { name = "formarks"; @@ -312,7 +315,6 @@ programs.mpv.enable = true; programs.obs-studio.enable = true; - programs.noti.enable = true; # Let home Manager install and manage itself. programs.home-manager.enable = true; @@ -327,9 +329,18 @@ home.stateVersion = "24.05"; services.network-manager-applet.enable = true; + + programs.gpg = { + enable = true; + scdaemonSettings = { + disable-ccid = true; + }; + homedir = lib.mkForce "/home/mary/.gnupg"; + }; + services.gpg-agent = { enable = true; - enableSshSupport = false; + enableSshSupport = lib.mkForce false; }; gtk = { @@ -342,5 +353,11 @@ platformTheme = "gtk"; }; + programs.direnv = { + enable = true; + enableBashIntegration = true; # see note on other shells below + nix-direnv.enable = true; + }; + services.ssh-agent.enable = true; } diff --git a/worlds/maryland.nix b/worlds/maryland.nix index 5537457..ad17071 100644 --- a/worlds/maryland.nix +++ b/worlds/maryland.nix @@ -34,6 +34,7 @@ let nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; boot.initrd.kernelModules = [ "amdgpu" ]; + boot.kernelParams = [ "radeon.cik_support=0" "amdgpu.cik_support=1" ]; hardware.enableRedistributableFirmware = true; hardware.cpu.amd.updateMicrocode = true; @@ -41,19 +42,33 @@ let services.xserver.displayManager.sddm.enable = true; services.xserver.desktopManager.plasma6.enable = true; + # I want to fully control my users via nix + users.mutableUsers = false; + networking.extraHosts = '' + 192.168.0.86 sameer + ''; + services.printing.enable = true; services.avahi = { enable = true; nssmdns = true; openFirewall = true; }; + + fileSystems."/home".neededForBoot = true; + services.gvfs.enable = true; + + networking.firewall = { + enable = true; + allowedTCPPorts = [ 8000 ]; + }; + }; mary = pkgs.callPackage ../users/mary/default.nix {}; fg42 = inputs.fg42.packages.${system}.default; inVM = (utils.sanitizeBuilderConfig hostBuilderConfig).inVM; - in { installer = import ./installer.nix (params // { @@ -79,6 +94,7 @@ in { desktop styles yubikey + virtualisation.podman inputs.home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true;