From 7613a2498167ebd28acde20213fd95c79f21bf9a Mon Sep 17 00:00:00 2001 From: HackENS milieu Date: Sat, 30 Jul 2022 08:44:32 +0200 Subject: [PATCH] milieu update --- configuration.nix | 1 + hosts/hackens-milieu/configuration.nix | 2 +- profiles/shared-hackens/default.nix | 3 +++ profiles/shared-hackens/gnome.nix | 8 +++++++ profiles/shared-hackens/i3.nix | 7 +++--- profiles/shared-hackens/latex.nix | 4 ++++ profiles/shared-hackens/monitoring.nix | 13 ----------- profiles/shared-hackens/mosquitto.nix | 30 ++++++++++++++++++++++++++ profiles/shared-hackens/programs.nix | 5 +++-- profiles/shared-hackens/system.nix | 1 + profiles/shared-hackens/users.nix | 21 +++++++++--------- pubkeys/BiBi.keys | 3 +++ 12 files changed, 68 insertions(+), 30 deletions(-) create mode 120000 configuration.nix create mode 100644 profiles/shared-hackens/gnome.nix create mode 100644 profiles/shared-hackens/latex.nix create mode 100644 profiles/shared-hackens/mosquitto.nix create mode 100644 pubkeys/BiBi.keys diff --git a/configuration.nix b/configuration.nix new file mode 120000 index 0000000..ca8cf1d --- /dev/null +++ b/configuration.nix @@ -0,0 +1 @@ +hosts/hackens-milieu/configuration.nix \ No newline at end of file diff --git a/hosts/hackens-milieu/configuration.nix b/hosts/hackens-milieu/configuration.nix index 7dbcd7b..ea61d94 100644 --- a/hosts/hackens-milieu/configuration.nix +++ b/hosts/hackens-milieu/configuration.nix @@ -8,7 +8,7 @@ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix - ../../profiles/hackens + ../../profiles/shared-hackens ]; # Use the GRUB 2 boot loader. diff --git a/profiles/shared-hackens/default.nix b/profiles/shared-hackens/default.nix index e21df07..c89e498 100644 --- a/profiles/shared-hackens/default.nix +++ b/profiles/shared-hackens/default.nix @@ -7,6 +7,7 @@ ./syncthing.nix ./programs.nix ./audio.nix + ./mosquitto.nix ./graphics.nix ./monitoring.nix ./users.nix @@ -16,6 +17,8 @@ ./nightworker.nix ./ssd.nix ./aarch64.nix + ./latex.nix + ./gnome.nix # ./netboot-server.nix # -- fix quick xyz mode. ]; } diff --git a/profiles/shared-hackens/gnome.nix b/profiles/shared-hackens/gnome.nix new file mode 100644 index 0000000..74887ea --- /dev/null +++ b/profiles/shared-hackens/gnome.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + services.xserver = { + enable = true; + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + }; +} diff --git a/profiles/shared-hackens/i3.nix b/profiles/shared-hackens/i3.nix index 3a0834f..b319d5e 100644 --- a/profiles/shared-hackens/i3.nix +++ b/profiles/shared-hackens/i3.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, config, lib, ... }: { environment.pathsToLink = [ "/libexec" ]; environment.sessionVariables.TERMINAL = [ "kitty" ]; @@ -7,7 +7,7 @@ BROWSER = "firefox"; }; services.xserver = { - displayManager = { + displayManager = lib.mkIf (!config.services.xserver.displayManager.gdm.enable) { autoLogin = { enable = true; user = "hackens"; @@ -17,7 +17,7 @@ windowManager.i3 = { enable = true; extraSessionCommands = '' - ${pkgs.xlibs.xset}/bin/xset r rate 200 50 + ${pkgs.xorg.xset}/bin/xset r rate 200 50 ''; extraPackages = with pkgs; [ rofi @@ -37,7 +37,6 @@ liberation_ttf fira-code fira-code-symbols - mplus-outline-fonts dina-font proggyfonts powerline-fonts diff --git a/profiles/shared-hackens/latex.nix b/profiles/shared-hackens/latex.nix new file mode 100644 index 0000000..f8549fb --- /dev/null +++ b/profiles/shared-hackens/latex.nix @@ -0,0 +1,4 @@ +{ pkgs, ... }: +{ + environment.systemPackages = [ pkgs.texlive.combined.scheme-full ]; +} diff --git a/profiles/shared-hackens/monitoring.nix b/profiles/shared-hackens/monitoring.nix index ce85023..b3244e6 100644 --- a/profiles/shared-hackens/monitoring.nix +++ b/profiles/shared-hackens/monitoring.nix @@ -56,17 +56,4 @@ }; services.smartd.enable = true; services.smartd.extraOptions = [ "-A /var/log/smartd/" ]; # For netdata. - - # MQTT for every usage, notably OctoPrint events. - services.mosquitto = { - enable = true; - listeners = [ - { - address = "192.168.1.118"; - } - ]; - settings = { - # allow_anonymous = true; - }; - }; } diff --git a/profiles/shared-hackens/mosquitto.nix b/profiles/shared-hackens/mosquitto.nix new file mode 100644 index 0000000..42dd8b0 --- /dev/null +++ b/profiles/shared-hackens/mosquitto.nix @@ -0,0 +1,30 @@ +{ ... }: +let + port = 1883; +in +{ + services.mosquitto = { + enable = true; + logType = [ "all" ]; + listeners = [ + { + address = "0.0.0.0"; + acl = [ "topic readwrite #" ]; + port = port; + settings = { + allow_anonymous = true; + }; + } + ]; + bridges.hackensOrg = { + topics = [ "# both" ]; + addresses = [ + { + address = "new.hackens.org"; + } + ]; + }; + }; + networking.firewall.allowedTCPPorts = [ port ]; +} + diff --git a/profiles/shared-hackens/programs.nix b/profiles/shared-hackens/programs.nix index d083307..d3f4730 100644 --- a/profiles/shared-hackens/programs.nix +++ b/profiles/shared-hackens/programs.nix @@ -11,10 +11,11 @@ taskwarrior # Slicers - prusa-slicer super-slicer + super-slicer + # prusa-slicer TODO: it is broken # CAD/3D - blender freecad openscad kicad-with-packages3d + blender openscad # kicad-with-packages3d freecad # Microcontrollers arduino arduino-cli stm32flash stm32loader # FPGA diff --git a/profiles/shared-hackens/system.nix b/profiles/shared-hackens/system.nix index 76367d3..e24c283 100644 --- a/profiles/shared-hackens/system.nix +++ b/profiles/shared-hackens/system.nix @@ -25,6 +25,7 @@ services.locate.enable = true; services.openssh.enable = true; + services.openssh.passwordAuthentication = false; networking.firewall.enable = false; documentation.info.enable = false; } diff --git a/profiles/shared-hackens/users.nix b/profiles/shared-hackens/users.nix index 6b61724..a9925af 100644 --- a/profiles/shared-hackens/users.nix +++ b/profiles/shared-hackens/users.nix @@ -1,23 +1,24 @@ { pkgs, ... }: +let + superadmins = [ + ../../pubkeys/raito.keys + ../../pubkeys/gdd.keys + ../../pubkeys/BiBi.keys + ]; +in { users.users.hackens = { isNormalUser = true; - extraGroups = [ "wheel" ]; + extraGroups = [ "wheel" "dialout" "audio" "video" ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDcKULx/AgnqBsgwRX2BfV8waq6JXIkvZHhu9Y8paofM8awq6Om56BZoA7AV45YOcJxO/eFDOxSegXXmt22s4WjIf8I049aMdsW54BNpFpC/h18cMzm5ylKVGHl1ier/WXxpBsA8YU++YdRlGHPpKnhCtYLnBzD4Q5h+05GMIHismNZP1aGpE9s01FuP8eaDDkZUba7oSpn03AA77DBw4/2ZreSbqo96Z6WwiG09KeZvxFtEIk98EQtmiExB2fwsK3/JIxIBCoZHh4SzERcslxxGgzdppd6NhhSh7g523zhiihLaTAPNXBovGm5wcKOU9uWe+pUWEbwV04E+809aVbkJOdYBCtIf8M91meqpupA8jK38uquePHEFvpNr5UmY0qUlJCoqTvoqg9XgrfJVjlPEmYknj/QjQzkA4k19y8njsyEjnYOBL6tsztg6Igl+NZXjBAPuAzxCsfHOtWw1WM5gANwqOL0V9f7+14yST3HwweqjHRj4xky6ritxK+ujfc= hackens@hackens-desktop" ]; - openssh.authorizedKeys.keyFiles = [ - ../../pubkeys/raito.keys - ../../pubkeys/gdd.keys - ]; - }; + openssh.authorizedKeys.keyFiles = superadmins; + }; users.users.root = { - openssh.authorizedKeys.keyFiles = [ - ./pubkeys/raito.keys - ./pubkeys/gdd.keys - ]; + openssh.authorizedKeys.keyFiles = superadmins; }; } diff --git a/pubkeys/BiBi.keys b/pubkeys/BiBi.keys new file mode 100644 index 0000000..5471362 --- /dev/null +++ b/pubkeys/BiBi.keys @@ -0,0 +1,3 @@ +ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBACC4RyZ/2ZTACUl5j6K1VlLu4+WUI3eUuylxqPw9DVWnKH5u5pGld/6pL3Nq0rM5W5kfDLd0SWYDL5f1FUdBr2VugDGLO8swdOK6SWM3J5TN1c2ZwDAeBsbXF4scqXqT1Fxay31LPUCAy526P6pRowxwBZwEMn6wHc7Lp//LRMOqh2DSA== +ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBABLEDU82YDUFYgji+hM1fdfpxzY2QHNRCrlSF1X9FSqLLBHYxcpIWEl6kd6bQTml+sjhIpdvbDzvr2MR4prk/zsiwDmuLrzv+j7jri7BZkBzREYYm45LQNhbJZuRaszEMpvOU902UOvEzPU2WDAtHH1G7fRnxjHsDAiVc/fUzJz9r9uXg== +ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBADkJamWNY4+IdqAKI4p7NZ9EecVj3gc2oH/JpmyKREnQBBiCdNmu5HOqzplYYIEmr3HtGLZNcL8o0bvXNtX43onLQDsyOa2UuTNRYLOgx9Uq0tFLhGrDmDP1SK/v5OfcM9H+vm5NO4bFdPjqTrqwDOamUrSt83BY9XRue+JIe/nTzDX0g==