Compare commits

...

6 commits

7 changed files with 138 additions and 85 deletions

View file

@ -1,17 +1,15 @@
NIX_RUN := nix run .\#
NIX_LOCK := nix flake lock
DEPS_MY := \
DEPS_EDITOR := \
nixeovim
DEPS_NIXOS := \
DEPS_SYSTEM := \
nixpkgs \
nixpkgs-unstable \
hardware \
home-manager \
agenix
DEPS_MISC := \
agenix \
wired \
nil
@ -56,17 +54,13 @@ rollback:
################################################################################
.PHONY: deps-my
deps-my:
$(NIX_LOCK) $(foreach dep,$(DEPS_MY),--update-input $(dep))
deps-editor:
$(NIX_LOCK) $(foreach dep,$(DEPS_EDITOR),--update-input $(dep))
.PHONY: deps-nixos
deps-nixos:
$(NIX_LOCK) $(foreach dep,$(DEPS_NIXOS),--update-input $(dep))
.PHONY: deps-misc
deps-misc:
$(NIX_LOCK) $(foreach dep,$(DEPS_MISC),--update-input $(dep))
deps-system:
$(NIX_LOCK) $(foreach dep,$(DEPS_SYSTEM),--update-input $(dep))
.PHONY: deps
deps: deps-my deps-nixos deps-misc ;
deps: deps-editor deps-system ;

View file

@ -10,11 +10,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1707830867,
"narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=",
"lastModified": 1715290355,
"narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=",
"owner": "ryantm",
"repo": "agenix",
"rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6",
"rev": "8d37c5bdeade12b6479c85acd133063ab53187a0",
"type": "github"
},
"original": {
@ -23,28 +23,6 @@
"type": "github"
}
},
"alejandra": {
"inputs": {
"flakeCompat": "flakeCompat",
"nixpkgs": [
"wired",
"nixpkgs"
]
},
"locked": {
"lastModified": 1652974241,
"narHash": "sha256-0AolxQtKj3Oek0WSbODDpPVO5Ih8PXHOA3qXEKPB4dQ=",
"owner": "kamadorueda",
"repo": "alejandra",
"rev": "0be1462419fc73270a5dc0f84f8092603890b029",
"type": "github"
},
"original": {
"owner": "kamadorueda",
"repo": "alejandra",
"type": "github"
}
},
"firefox-addons": {
"inputs": {
"flake-utils": "flake-utils",
@ -67,6 +45,24 @@
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1714641030,
"narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1629284811,
@ -115,29 +111,31 @@
"type": "github"
}
},
"flakeCompat": {
"flake": false,
"flake-utils_4": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1648199409,
"narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "64a525ee38886ab9028e6f61790de0832aa3ef03",
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"hardware": {
"locked": {
"lastModified": 1711352745,
"narHash": "sha256-luvqik+i3HTvCbXQZgB6uggvEcxI9uae0nmrgtXJ17U=",
"lastModified": 1716173274,
"narHash": "sha256-FC21Bn4m6ctajMjiUof30awPBH/7WjD0M5yqrWepZbY=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "9a763a7acc4cfbb8603bb0231fec3eda864f81c0",
"rev": "d9e0b26202fd500cf3e79f73653cce7f7d541191",
"type": "github"
},
"original": {
@ -196,11 +194,11 @@
]
},
"locked": {
"lastModified": 1712386041,
"narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=",
"lastModified": 1715381426,
"narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff",
"rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4",
"type": "github"
},
"original": {
@ -242,11 +240,11 @@
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1694177726,
"narHash": "sha256-eaYATUkElEbXGcehShhYfcGhrjfTMQEmJqxvO+/5ciw=",
"lastModified": 1714571717,
"narHash": "sha256-o4tqlTzi9kcVub167kTGXgCac9jM3kW4+v9MH/ue4Hk=",
"owner": "oxalica",
"repo": "nil",
"rev": "4775e34c30f6101a9bb4364a0c7e4aae4ae43f11",
"rev": "2f3ed6348bbf1440fcd1ab0411271497a0fbbfa4",
"type": "github"
},
"original": {
@ -310,13 +308,25 @@
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1714640452,
"narHash": "sha256-QBx10+k6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1713714268,
"narHash": "sha256-ZJGnom7YthvNxUZLdUzy5VePTwYgDYcnnPpyHT4n9lY=",
"lastModified": 1716128955,
"narHash": "sha256-3DNg/PV+X2V7yn8b/fUR2ppakw7D9N4sjVBGk6nDwII=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "69ee1d82f1fa4c70a3dc9a64111e7eef3b8e4527",
"rev": "f9256de8281f2ccd04985ac5c30d8f69aefadbe8",
"type": "github"
},
"original": {
@ -328,11 +338,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1711460390,
"narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=",
"lastModified": 1716061101,
"narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "44733514b72e732bd49f5511bd0203dea9b9a434",
"rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2",
"type": "github"
},
"original": {
@ -342,6 +352,22 @@
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1706487304,
"narHash": "sha256-LE8lVX28MV2jWJsidW13D2qrHU/RUUONendL2Q/WlJg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "90f456026d284c22b3e3497be980b2e47d0b28ac",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
@ -392,11 +418,30 @@
]
},
"locked": {
"lastModified": 1688783586,
"narHash": "sha256-HHaM2hk2azslv1kH8zmQxXo2e7i5cKgzNIuK4yftzB0=",
"lastModified": 1714529851,
"narHash": "sha256-YMKJW880f7LHXVRzu93xa6Ek+QLECIu0IRQbXbzZe38=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "7a29283cc242c2486fc67f60b431ef708046d176",
"rev": "9ca720fdcf7865385ae3b93ecdf65f1a64cb475e",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_3": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1715393623,
"narHash": "sha256-nSUFcUqyTQQ/aYFIB05mpCzytcKvfKMy3ZQAe0fP26A=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "8eb8671512cb0c72c748058506e50c54fb5d8e2b",
"type": "github"
},
"original": {
@ -435,35 +480,35 @@
"type": "github"
}
},
"utils": {
"systems_3": {
"locked": {
"lastModified": 1652776076,
"narHash": "sha256-gzTw/v1vj4dOVbpBSJX4J0DwUR6LIyXo7/SuuTJp1kM=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "04c1b180862888302ddfb2e3ad9eaa63afc60cf8",
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"wired": {
"inputs": {
"alejandra": "alejandra",
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
"rust-overlay": "rust-overlay_3"
},
"locked": {
"lastModified": 1671338321,
"narHash": "sha256-Nm/DarDGFYP+ocPcoEYh4guKXH+jndREtMl0VKMSYF8=",
"lastModified": 1715552757,
"narHash": "sha256-ZOgCSIcdvG8+RcZCXSAEmb/LZ2Ap9wU4nvbxNDA+QN0=",
"owner": "Toqozz",
"repo": "wired-notify",
"rev": "f4300acba8180f8fc6babc1a118f9b3753a2b052",
"rev": "18b44306b2636fc7f238a9d946c7b8aac217122d",
"type": "github"
},
"original": {

View file

@ -53,14 +53,12 @@
(system:
let
pkgs = import nixpkgs { inherit system; };
inherit (pkgs) lib;
inherit (pkgs) lib nixos-rebuild;
nixeovimPackage = config: nixeovim.lib.mkNixeovimPackage { inherit system config; };
nixos-rebuild = pkgs.nixos-rebuild.override { nix = pkgs.nixVersions.stable; };
localMachines = lib.filterAttrs (h: m: m.config.deployment.targetHost == null) self.nixosConfigurations;
vpsMachines = lib.filterAttrs (h: m: m.config.deployment.targetHost != null) self.nixosConfigurations;
in
{
packages = {
@ -81,6 +79,7 @@
switch = lib.recurseIntoAttrs (lib.mapAttrs
(hostname: machine: pkgs.writeShellScript "switch/${hostname}" ''
set -e
${nixos-rebuild}/bin/nixos-rebuild switch --flake .#${hostname} $@
${lib.optionalString machine.config.hardware.pulseaudio.systemWide ''
systemctl restart pulseaudio.service

View file

@ -7,6 +7,8 @@
./users
];
local.yubikey.enable = true;
################################################################################
# Programs
################################################################################

View file

@ -72,16 +72,21 @@ in
publicKey = "mzVH0N3q7UE/XjMwgRks+D8KFuIj91VkOK2ytgjsnkw=";
allowedIPs = [ "10.20.30.4/32" ];
}
# Phone 1
# Phone 1 j
{
publicKey = "bwKSB61krDPZV9JVw2ChPCImxqjJHQ2vXvWjbqPy/2o=";
allowedIPs = [ "10.20.30.5/32" ];
}
# Phone 2
# Phone 2 m
{
publicKey = "0+ejwId5JcTeMvoz+I/ACpmpUFjD7rl9wqz8H/OAHEw=";
allowedIPs = [ "10.20.30.6/32" ];
}
# Phone 3 n
{
publicKey = "IUw38F1ik2y2XoPh3Nd1VVxHz9nfKDfNKyzBaEi0rjc=";
allowedIPs = [ "10.20.30.7/32" ];
}
];
};
};

8
notes/yubikey.md Normal file
View file

@ -0,0 +1,8 @@
# Yubikey
configure pam u2f
```bash
mkdir -p ~/.config/Yubico
nix shell nixpkgs#pam_u2f --command pamu2fcfg > ~/.config/Yubico/u2f_keys
```

View file

@ -2,7 +2,7 @@
{
nixpkgs.overlays = lib.mkAfter [
inputs.nil.overlays.default
inputs.nil.overlays.nil
inputs.wired.overlays.default
];