feat(fatteh): integrate into niveum

kmein · Mar 19, 2024 · f57d178 · f57d178
1 parent d4cb0ab
commit f57d178
Show file tree

Hide file tree

Showing 14 changed files with 72 additions and 135 deletions.
diff --git a/configs/default.nix b/configs/default.nix
@@ -83,16 +83,11 @@ in {
       users.users.me = {
         name = "kfm";
         description = kieran.name;
-        hashedPasswordFile = config.age.secrets.kfm-password.path;
         isNormalUser = true;
         uid = 1000;
         extraGroups = ["pipewire" "audio"];
       };
 
-      age.secrets = {
-        kfm-password.file = ../secrets/kfm-password.age;
-      };
-
       home-manager.users.me.xdg.enable = true;
     }
     {

diff --git a/configs/fu-berlin.nix b/configs/fu-berlin.nix
@@ -68,12 +68,6 @@ in {
       group = config.users.users.me.group;
       mode = "400";
     };
-    blackboard-calendar-ics = {
-      file = ../secrets/blackboard-calendar-ics.age;
-      owner = config.users.users.me.name;
-      group = config.users.users.me.group;
-      mode = "400";
-    };
   };
 
   # https://www.zedat.fu-berlin.de/tip4u_157.pdf

diff --git a/configs/gnome.nix b/configs/gnome.nix
@@ -0,0 +1,5 @@
+{
+  services.xserver.enable = true;
+  services.xserver.displayManager.lightdm.enable = true;
+  services.xserver.desktopManager.gnome.enable = true;
+}
diff --git a/configs/ssh.nix b/configs/ssh.nix
@@ -74,6 +74,11 @@ in {
         user = "kfm";
         port = sshPort;
       };
+      fatteh = {
+        hostname = "fatteh.hr";
+        user = "kfm";
+        port = sshPort;
+      };
     };
   };
 }
diff --git a/configs/battery.nix → configs/tlp.nix b/configs/battery.nix → configs/tlp.nix
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -102,6 +102,7 @@
               makanek = "root@makanek";
               manakish = "root@manakish";
               kabsa = "root@kabsa";
+              fatteh = "root@fatteh";
             };
           in
             lib.attrsets.nameValuePair "deploy-${hostname}" {
@@ -266,6 +267,18 @@
             stylix.nixosModules.stylix
           ];
         };
+        fatteh = nixpkgs.lib.nixosSystem rec {
+          system = "x86_64-linux";
+          specialArgs = niveumSpecialArgs system;
+          modules = [
+            systems/fatteh/configuration.nix
+            agenix.nixosModules.default
+            retiolum.nixosModules.retiolum
+            home-manager.nixosModules.home-manager
+            nur.nixosModules.nur
+            stylix.nixosModules.stylix
+          ];
+        };
       };
     }
     // flake-utils.lib.eachSystem [flake-utils.lib.system.x86_64-linux flake-utils.lib.system.x86_64-darwin flake-utils.lib.system.aarch64-linux] (system: let

diff --git a/lib/default.nix b/lib/default.nix
@@ -70,7 +70,7 @@
     sshKeys = pkgs:
       pkgs.lib.strings.splitString "\n" (pkgs.lib.strings.fileContents (pkgs.fetchurl {
         url = "https://github.com/kmein.keys";
-        hash = "sha256-TVv1UHfNs3zIW8vrnCG7PPeMtgr2SDjrb8yZBMvp9/A=";
+        hash = "sha256-kabB1yNEToMw1Lcf4WYx4IfuuLzHOPvABTQku5CE60A=";
       }));
   };
 

diff --git a/lib/retiolum-network.nix b/lib/retiolum-network.nix
@@ -19,6 +19,11 @@
     ipv6 = "42:0:3c46:f7a9:1f0a:1b2b:822a:6050";
   };
 
+  fatteh = {
+    ipv6 = "42:0:3c46:aa73:82b0:14d7:7bf8:bf2";
+    ipv4 = "10.243.2.77";
+  };
+
   manakish = {
     ipv4 = "10.243.2.85";
     ipv6 = "42:0:3c46:ac99:ae36:cb8:c551:ba27";

diff --git a/secrets b/secrets
diff --git a/systems/fatteh/configuration.nix b/systems/fatteh/configuration.nix
@@ -2,128 +2,44 @@
   config,
   pkgs,
   ...
-}: {
+}: let
+  inherit (import ../../lib) retiolumAddresses;
+in {
   imports = [
     ./hardware-configuration.nix
+    ../../configs/networkmanager.nix
+    ../../configs/default.nix
+    # ../../configs/gnome.nix
   ];
 
-  # Bootloader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  boot.initrd.luks.devices."luks-aa6beb1b-3e54-4a0e-ac9c-e0c007d73cd5".device = "/dev/disk/by-uuid/aa6beb1b-3e54-4a0e-ac9c-e0c007d73cd5";
-  networking.hostName = "nixos"; # Define your hostname.
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
-  # Enable networking
-  networking.networkmanager.enable = true;
-
-  # Set your time zone.
-  time.timeZone = "Europe/Berlin";
-
-  # Select internationalisation properties.
-  i18n.defaultLocale = "en_US.UTF-8";
-
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = "de_DE.UTF-8";
-    LC_IDENTIFICATION = "de_DE.UTF-8";
-    LC_MEASUREMENT = "de_DE.UTF-8";
-    LC_MONETARY = "de_DE.UTF-8";
-    LC_NAME = "de_DE.UTF-8";
-    LC_NUMERIC = "de_DE.UTF-8";
-    LC_PAPER = "de_DE.UTF-8";
-    LC_TELEPHONE = "de_DE.UTF-8";
-    LC_TIME = "de_DE.UTF-8";
-  };
-
-  # Enable the X11 windowing system.
-  services.xserver.enable = true;
-
-  # Enable the GNOME Desktop Environment.
-  services.xserver.displayManager.gdm.enable = true;
-  services.xserver.desktopManager.gnome.enable = true;
-
-  # Configure keymap in X11
-  services.xserver = {
-    layout = "de";
-    xkbVariant = "T3";
-  };
-
-  # Configure console keymap
-  console.keyMap = "de";
-
-  # Enable CUPS to print documents.
-  services.printing.enable = true;
-
-  # Enable sound with pipewire.
-  sound.enable = true;
-  hardware.pulseaudio.enable = false;
-  security.rtkit.enable = true;
-  services.pipewire = {
-    enable = true;
-    alsa.enable = true;
-    alsa.support32Bit = true;
-    pulse.enable = true;
-    # If you want to use JACK applications, uncomment this
-    #jack.enable = true;
-
-    # use the example session manager (no others are packaged yet so this is enabled by default,
-    # no need to redefine it in your config for now)
-    #media-session.enable = true;
+  niveum = {
+    batteryName = "BAT1";
+    wirelessInterface = "wlp3s0";
+    promptColours.success = "blue";
   };
 
-  # Enable touchpad support (enabled default in most desktopManager).
-  # services.xserver.libinput.enable = true;
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.kfm = {
-    isNormalUser = true;
-    description = "Kierán Meinhardt";
-    extraGroups = ["networkmanager" "wheel"];
-    packages = with pkgs; [
-      firefox
-      #  thunderbird
-    ];
+  stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/onedark.yaml";
+
+  age.secrets = {
+    retiolum-rsa = {
+      file = ../../secrets/fatteh-retiolum-privateKey-rsa.age;
+      mode = "400";
+      owner = "tinc.retiolum";
+      group = "tinc.retiolum";
+    };
+    retiolum-ed25519 = {
+      file = ../../secrets/fatteh-retiolum-privateKey-ed25519.age;
+      mode = "400";
+      owner = "tinc.retiolum";
+      group = "tinc.retiolum";
+    };
+    restic.file = ../../secrets/restic.age;
+    syncthing-cert.file = ../../secrets/fatteh-syncthing-cert.age;
+    syncthing-key.file = ../../secrets/fatteh-syncthing-key.age;
   };
 
-  # Allow unfree packages
-  nixpkgs.config.allowUnfree = true;
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-    #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
-    #  wget
-  ];
-
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
-
-  # List services that you want to enable:
-
-  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
-
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
+  networking.hostName = "fatteh";
+  networking.retiolum = retiolumAddresses.fatteh;
 
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.11"; # Did you read the comment?
+  system.stateVersion = "23.11";
 }
diff --git a/systems/fatteh/hardware-configuration.nix b/systems/fatteh/hardware-configuration.nix
@@ -16,6 +16,10 @@
   boot.initrd.kernelModules = [];
   boot.kernelModules = ["kvm-intel"];
   boot.extraModulePackages = [];
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  boot.initrd.luks.devices."luks-aa6beb1b-3e54-4a0e-ac9c-e0c007d73cd5".device = "/dev/disk/by-uuid/aa6beb1b-3e54-4a0e-ac9c-e0c007d73cd5";
 
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/42b747ff-a432-4c0e-bb0a-59f0a68c44a2";

diff --git a/systems/kabsa/configuration.nix b/systems/kabsa/configuration.nix
@@ -8,9 +8,9 @@
 in {
   imports = [
     ./hardware-configuration.nix
-    ../../configs/battery.nix
+    ../../configs/tlp.nix
     ../../configs/default.nix
-    ../../configs/networkmanager.nix # TODO how to get passwords into there?
+    ../../configs/networkmanager.nix
   ];
 
   niveum = {

diff --git a/systems/manakish/configuration.nix b/systems/manakish/configuration.nix
@@ -10,7 +10,7 @@ in {
     ./hardware-configuration.nix
     ./hdmi.nix
     ../../configs/default.nix
-    ../../configs/battery.nix
+    ../../configs/tlp.nix
     ../../configs/wpa_supplicant.nix
     ../../configs/admin-essentials.nix
   ];