summary refs log tree commit diff
path: root/profiles
diff options
context:
space:
mode:
authortzlil <tzlils@protonmail.com>2023-01-21 17:34:49 +0200
committertzlil <tzlils@protonmail.com>2023-01-21 17:34:49 +0200
commitd9317de584c66b068a336889aa9adc3ac3837e5e (patch)
treef9418f271c8e9bdc2cc6075de471bc4b7049f965 /profiles
parent5aa3d1eb375f7d67b717f0306752bd974fce1fbc (diff)
change deploy-rs to nixinate, change user to use passwordFile, add password age secret, remove NetworkManager-wait-online.service
Diffstat (limited to 'profiles')
-rw-r--r--profiles/core.nix3
-rw-r--r--profiles/gentoo.nix22
-rw-r--r--profiles/network.nix7
-rw-r--r--profiles/ssh.nix8
-rw-r--r--profiles/user.nix19
5 files changed, 45 insertions, 14 deletions
diff --git a/profiles/core.nix b/profiles/core.nix
index f578621..e23879f 100644
--- a/profiles/core.nix
+++ b/profiles/core.nix
@@ -23,9 +23,6 @@
     users.mutableUsers = false;
     environment.defaultPackages = lib.mkForce [];
 
-    # dont do this
-    users.users.root.initialPassword = "hunter2";
-
     age.identityPaths = [ "/nix/persist/etc/ssh/ssh_host_ed25519_key" ];
   };
 }
\ No newline at end of file
diff --git a/profiles/gentoo.nix b/profiles/gentoo.nix
new file mode 100644
index 0000000..67f7e78
--- /dev/null
+++ b/profiles/gentoo.nix
@@ -0,0 +1,22 @@
+{ pkgs, lib, config, inputs, ... }:
+
+{
+  imports = [];
+  config = {
+    nativeStdenv = prev.stdenvAdapters.withCFlags [ "-O3" "-pipe" "-mcpu=apple-m1" ]
+    (prev.overrideCC prev.llvmPackages_latest.stdenv
+      (prev.wrapCCWith rec {
+        cc = prev.llvmPackages_latest.clang-unwrapped;
+        bintools = (final.wrapBintoolsWith {
+          coreutils = final.uutils-coreutils;
+          libc = final.musl;
+          bintools = final.binutils-unwrapped.overrideAttrs
+            (old: {
+              postInstall = ''
+                ln -sf ${final.mold}/bin/mold $out/bin/ld
+              '';
+            });
+        });
+      }));
+  };
+}
\ No newline at end of file
diff --git a/profiles/network.nix b/profiles/network.nix
index 0ba325b..1b3026b 100644
--- a/profiles/network.nix
+++ b/profiles/network.nix
@@ -22,6 +22,13 @@
         '';
     };
 
+    # Don't wait for network startup
+    # https://old.reddit.com/r/NixOS/comments/vdz86j/how_to_remove_boot_dependency_on_network_for_a
+    systemd = {
+      targets.network-online.wantedBy = pkgs.lib.mkForce []; # Normally ["multi-user.target"]
+      services.NetworkManager-wait-online.wantedBy = pkgs.lib.mkForce []; # Normally ["network-online.target"]
+    };
+
     services.dnscrypt-proxy2 = {
       enable = true;
       settings = {
diff --git a/profiles/ssh.nix b/profiles/ssh.nix
index e0a623a..4c12cc7 100644
--- a/profiles/ssh.nix
+++ b/profiles/ssh.nix
@@ -5,10 +5,7 @@
     services.openssh = {
       enable = true;
       openFirewall = false;
-      passwordAuthentication = false;
-      kbdInteractiveAuthentication = false;
       allowSFTP = false;
-      permitRootLogin = "no";
       startWhenNeeded = true;
       extraConfig = ''
         AllowTcpForwarding yes
@@ -20,6 +17,11 @@
 
         AllowUsers tzlil
       '';
+      settings = {
+        permitRootLogin = "no";
+        passwordAuthentication = false;
+        kbdInteractiveAuthentication = false;
+      };
     };
     environment.persistence."/nix/persist" = {
       hideMounts = true;
diff --git a/profiles/user.nix b/profiles/user.nix
index 6ae1261..6aa8262 100644
--- a/profiles/user.nix
+++ b/profiles/user.nix
@@ -9,13 +9,23 @@
     inputs.home-manager.nixosModules."home-manager"
   ];
   config = {
+    age.secrets = {
+      id_ed25519 = {
+        file = ../secrets/id_ed25519.age;
+        mode = "600";
+        owner = "tzlil";
+        group = "users";
+      };
+      password.file = ../secrets/password.age;
+    };
+
     users.users.tzlil = {
       isNormalUser = true;
       description = "Me";
       extraGroups = ["wheel"];
       packages = [pkgs.git];
       shell = pkgs.fish;
-      hashedPassword = "$5$itsrHkJPRhLdik0x$RxCXp8KmiPVa1dMQhHMQsjLgvx27MmeQ9ZVybV8bzE8";
+      passwordFile = config.age.secrets.password.path;
       openssh.authorizedKeys.keys = [
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMDyzrs9sbstv3KFK5FV8qYlSknnEy8Cn+qch4dJLmHA"
       ];
@@ -24,13 +34,6 @@
     nix.settings.allowed-users = ["root" "tzlil"];
     nix.settings.trusted-users = ["root" "tzlil"];
 
-    age.secrets.id_ed25519 = {
-      file = ../secrets/id_ed25519.age;
-      mode = "600";
-      owner = "tzlil";
-      group = "users";
-    };
-
     home-manager = {
       useGlobalPkgs = true;
       useUserPackages = true;