From a36419634f43e13445c73c16df4fcf79ba865f92 Mon Sep 17 00:00:00 2001 From: catvayor Date: Fri, 31 May 2024 14:58:42 +0200 Subject: [PATCH] rm BOQ --- BOcal/configuration.nix | 56 ----------- BOcal/hardware-configuration.nix | 50 --------- BOcal/net-user/configuration.nix | 168 ------------------------------- BOcal/net_config.nix | 139 ------------------------- BOcal/router.nix | 64 ------------ hive.nix | 9 -- 6 files changed, 486 deletions(-) delete mode 100644 BOcal/configuration.nix delete mode 100644 BOcal/hardware-configuration.nix delete mode 100644 BOcal/net-user/configuration.nix delete mode 100644 BOcal/net_config.nix delete mode 100644 BOcal/router.nix diff --git a/BOcal/configuration.nix b/BOcal/configuration.nix deleted file mode 100644 index 1137efc..0000000 --- a/BOcal/configuration.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ - config, - lib, - pkgs, - users, - ... -}: - -{ - imports = [ - ./hardware-configuration.nix - ./router.nix - ./net_config.nix - (users.root { ssh = true; }) - ]; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.supportedFilesystems = [ "bcachefs" ]; - boot.kernelPackages = pkgs.linuxPackages_latest; - - time.timeZone = "Europe/Paris"; - - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "fr"; - }; - - services.dbus.packages = with pkgs; [ dconf ]; - - programs.zsh.enable = true; - - environment.systemPackages = with pkgs; [ - wget - brightnessctl - nix-search-cli - git - btop - ranger - dnsmasq - screen - ]; - - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - services.openssh.enable = true; - - networking.firewall.enable = false; - networking.useDHCP = false; - - system.stateVersion = "23.11"; -} diff --git a/BOcal/hardware-configuration.nix b/BOcal/hardware-configuration.nix deleted file mode 100644 index 17f9a6a..0000000 --- a/BOcal/hardware-configuration.nix +++ /dev/null @@ -1,50 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot.initrd.availableKernelModules = [ - "xhci_pci" - "ehci_pci" - "ahci" - "usbhid" - "usb_storage" - "sd_mod" - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/b56a6a08-60e7-4997-9f7b-05c58006e730"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/3975-DEB6"; - fsType = "vfat"; - }; - - swapDevices = [ { device = "/dev/disk/by-uuid/b196b10b-5480-49b9-a6fb-ed2f21850815"; } ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; - # networking.interfaces.enp3s2.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/BOcal/net-user/configuration.nix b/BOcal/net-user/configuration.nix deleted file mode 100644 index 9434637..0000000 --- a/BOcal/net-user/configuration.nix +++ /dev/null @@ -1,168 +0,0 @@ -distant-users-id: -{ - pkgs, - lib, - users, - mods, - ... -}: -{ - imports = [ - - - - (users.root { ssh = true; }) - ]; - system.stateVersion = "23.11"; - networking = { - hostName = "net-bocal"; - firewall.enable = false; - }; - time.timeZone = "Europe/Paris"; - i18n.defaultLocale = "fr_FR.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "fr"; - }; - environment.systemPackages = with pkgs; [ git ]; - security.polkit.extraConfig = '' - polkit.addRule(function(action, subject) { - if ( - subject.isInGroup("bocal") - && ( - //action.id == "org.freedesktop.login1.chvt" || - action.id == "org.freedesktop.accounts.change-own-password" || - action.id == "org.freedesktop.locale1.set-keyboard" || - action.id == "org.freedesktop.locale1.set-locale" || - action.id == "org.freedesktop.login1.attach-device" || - action.id == "org.freedesktop.login1.flush-devices" || - action.id == "org.freedesktop.login1.halt" || - action.id == "org.freedesktop.login1.halt-ignore-inhibit" || - action.id == "org.freedesktop.login1.halt-multiple-sessions" || - action.id == "org.freedesktop.login1.hibernate" || - action.id == "org.freedesktop.login1.hibernate-ignore-inhibit" || - action.id == "org.freedesktop.login1.hibernate-multiple-sessions" || - action.id == "org.freedesktop.login1.inhibit-block-idle" || - action.id == "org.freedesktop.login1.inhibit-block-shutdown" || - action.id == "org.freedesktop.login1.inhibit-block-sleep" || - action.id == "org.freedesktop.login1.inhibit-delay-shutdown" || - action.id == "org.freedesktop.login1.inhibit-delay-sleep" || - action.id == "org.freedesktop.login1.inhibit-handle-hibernate-key" || - action.id == "org.freedesktop.login1.inhibit-handle-lid-switch" || - action.id == "org.freedesktop.login1.inhibit-handle-power-key" || - action.id == "org.freedesktop.login1.inhibit-handle-reboot-key" || - action.id == "org.freedesktop.login1.inhibit-handle-suspend-key" || - action.id == "org.freedesktop.login1.lock-sessions" || - action.id == "org.freedesktop.login1.manage" || - action.id == "org.freedesktop.login1.power-off" || - action.id == "org.freedesktop.login1.power-off-ignore-inhibit" || - action.id == "org.freedesktop.login1.power-off-multiple-sessions" || - action.id == "org.freedesktop.login1.reboot" || - action.id == "org.freedesktop.login1.reboot-ignore-inhibit" || - action.id == "org.freedesktop.login1.reboot-multiple-sessions" || - action.id == "org.freedesktop.login1.set-reboot-parameter" || - action.id == "org.freedesktop.login1.set-reboot-to-boot-loader-entry" || - action.id == "org.freedesktop.login1.set-reboot-to-boot-loader-menu" || - action.id == "org.freedesktop.login1.set-reboot-to-firmware-setup" || - action.id == "org.freedesktop.login1.set-self-linger" || - action.id == "org.freedesktop.login1.set-user-linger" || - action.id == "org.freedesktop.login1.set-wall-message" || - action.id == "org.freedesktop.login1.suspend" || - action.id == "org.freedesktop.login1.suspend-ignore-inhibit" || - action.id == "org.freedesktop.login1.suspend-multiple-sessions" - ) - ) - { - return polkit.Result.NO; - } - }) - ''; - - users.groups.bocal.gid = 2000; - users.users = - let - template = - { name, uid }: - { - inherit name; - value = { - isNormalUser = true; - inherit uid; - shell = pkgs.zsh; - group = "bocal"; - homeMode = "750"; - }; - }; - in - builtins.listToAttrs (map template distant-users-id) - // { - root.hashedPassword = "$y$j9T$GK2ejPfMgk0GlBqZX0aBo/$n3nds9zcBi8X8p9aG5Aywq1A.R6Bt/dIOccvfIdMM/1"; - root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvi5VUsDrwS4XqQQfFFIx1JoRDPVdtChUQWqKFbPFtP8gH51woXiKtKRbDebL0z/EmkdYKxxIkzixHTR5xQXjo8JiFZbwldZi5IvMr3x//ad9sVyOhmbRx1DXLKjyOdWyo+w0vORvbEDu2lHktfSvhHGrvUHfFc3EY+cAl7IImgGEeGNPruAuNkN90Lth9QgwJVsdOEs9j7hwwKtpfMMETL5tkW34Nu7io03+SaPxwi2xLuWTdTklfZ7GWYtG2w/hFkzDbkW97rp5dxB1HO58cPqyRlqyfhZFpiUmWlyuMba3Tip6JarCa52IpFffEIDR0CSeh5CFPoeppo/TPDiXDie370TjjQpxJiG+9PobBhmChH5FmQ/lksffI/WimqpVO7Ixf5cYiHN5Z0mgJgZsXwI3YPICQLA8ebSKHA8+mdmkunDmCBRaBj1qEgkp/UoYqXT6BjBm07nOsnL+3SG/yfx4fLotgWtdm2mkjEAG+OGVR7G3Vk/POxn0EqX7Z+gU= sylvain@idefix" - ]; - }; - home-manager.users = - let - template = - { name, uid }: - { - inherit name; - value = { - home.stateVersion = "23.11"; - imports = with mods.home; [ - zsh - neovim - ]; - programs.zsh.profileExtra = "exec ${pkgs.plasma5Packages.plasma-workspace}/bin/startplasma-wayland"; - programs.firefox.enable = true; - home.packages = with pkgs; [ gedit ]; - }; - }; - in - builtins.listToAttrs (map template distant-users-id); - - services.getty = { - loginProgram = pkgs.writeShellScript "autologin" '' - ${pkgs.sudo}/bin/sudo -u $BOCAL rm /home/$BOCAL/.local/state/nix/profiles/home-manager* - ${pkgs.sudo}/bin/sudo -u $BOCAL rm /home/$BOCAL/.local/state/home-manager/gcroots/current-home - ${pkgs.systemd}/bin/systemctl restart home-manager-''${BOCAL}.service - exec ${pkgs.shadow}/bin/login -f $BOCAL - ''; - autologinUser = "bocal"; - }; - systemd.services.unlock = { - wantedBy = [ "multi-user.target" ]; - script = '' - ${pkgs.dbus}/bin/dbus-monitor --system "type='signal',interface='org.freedesktop.DBus.Properties',path_namespace='/org/freedesktop/login1/session'" | while read x; do - case "$x" in - *"boolean true"*) ${pkgs.systemd}/bin/loginctl unlock-sessions - esac - done - ''; - }; - services.xserver = { - enable = true; - xkb.layout = "fr"; - desktopManager.plasma5.enable = true; - displayManager.lightdm.enable = false; - }; - fileSystems = - let - template = - { name, uid }: - { - name = "/home/${name}"; - value = { - device = "192.168.222.1:/home/${name}"; - fsType = "nfs"; - }; - }; - in - { - "/home/bocal" = { - device = "192.168.222.1:/home/bocal"; - fsType = "nfs"; - }; - } - // builtins.listToAttrs (map template distant-users-id); -} diff --git a/BOcal/net_config.nix b/BOcal/net_config.nix deleted file mode 100644 index 0690681..0000000 --- a/BOcal/net_config.nix +++ /dev/null @@ -1,139 +0,0 @@ -{ - lib, - users, - mods, - pkgs, - ... -}: -let - machines = { - "54:bf:64:5d:33:5e" = "arturgo"; - "54:bf:64:5d:33:f9" = "catvayor"; - "54:bf:64:5d:32:d4" = "darksysy"; - "48:4d:7e:d6:fa:1e" = "empraeleerup"; - "48:4d:7e:d6:cf:57" = "glohuglohu"; - "54:bf:64:5d:33:7e" = "h"; - "54:bf:64:5d:32:b7" = "inutile.club"; - "54:bf:64:5d:33:f5" = "jimmicrosoft"; - "48:4d:7e:d6:fc:e8" = "krik"; - "54:bf:64:5d:31:fd" = "loony"; - }; - distant-users = builtins.attrValues machines; - distant-users-id = builtins.genList (i: { - name = builtins.elemAt distant-users i; - uid = 2001 + i; - }) (builtins.length distant-users); - remote_sys = ( - import (pkgs.path + "/nixos/lib/eval-config.nix") { - system = "x86_64-linux"; - specialArgs = { - inherit users mods; - }; - modules = [ (import ./net-user/configuration.nix distant-users-id) ]; - } - ); - remote_build = remote_sys.config.system.build; - json_maker = - mac: user: - pkgs.writeText "netboot-${mac}.json" '' - { - "kernel": "/kernel", - "initrd": [ "/initrd" ], - "cmdline": "init=${remote_build.toplevel}/init loglevel=4 systemd.setenv=BOCAL=${user}" - } - ''; - json_ln = mac: json: ''ln -s ${json} $out/v1/boot/${mac}''; - cmds = [ - "mkdir -p $out/v1/boot" - "ln -s ${remote_build.kernel}/bzImage $out/kernel" - "ln -s ${remote_build.netbootRamdisk}/initrd $out/initrd" - ] ++ builtins.attrValues (builtins.mapAttrs json_ln (builtins.mapAttrs json_maker machines)); - webroot = pkgs.runCommand "netboot-apiroot" { } (builtins.concatStringsSep "\n" cmds); -in -{ - users.groups.bocal.gid = 2000; - users.users = - let - template = - { name, uid }: - { - inherit name; - value = { - isNormalUser = true; - inherit uid; - shell = pkgs.zsh; - group = "bocal"; - homeMode = "750"; - }; - }; - in - builtins.listToAttrs (map template distant-users-id) - // { - bocal = { - isNormalUser = true; - uid = 2000; - shell = pkgs.zsh; - group = "bocal"; - homeMode = "750"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvi5VUsDrwS4XqQQfFFIx1JoRDPVdtChUQWqKFbPFtP8gH51woXiKtKRbDebL0z/EmkdYKxxIkzixHTR5xQXjo8JiFZbwldZi5IvMr3x//ad9sVyOhmbRx1DXLKjyOdWyo+w0vORvbEDu2lHktfSvhHGrvUHfFc3EY+cAl7IImgGEeGNPruAuNkN90Lth9QgwJVsdOEs9j7hwwKtpfMMETL5tkW34Nu7io03+SaPxwi2xLuWTdTklfZ7GWYtG2w/hFkzDbkW97rp5dxB1HO58cPqyRlqyfhZFpiUmWlyuMba3Tip6JarCa52IpFffEIDR0CSeh5CFPoeppo/TPDiXDie370TjjQpxJiG+9PobBhmChH5FmQ/lksffI/WimqpVO7Ixf5cYiHN5Z0mgJgZsXwI3YPICQLA8ebSKHA8+mdmkunDmCBRaBj1qEgkp/UoYqXT6BjBm07nOsnL+3SG/yfx4fLotgWtdm2mkjEAG+OGVR7G3Vk/POxn0EqX7Z+gU= sylvain@idefix" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvGR9LIJrb9fEIuYn4DMAiyPq0gZ/J8Hv/hIcszu0Tp vincent@vincent-ZB" - ]; - }; - }; - home-manager.users.bocal = { - home.stateVersion = "23.11"; - imports = with mods.home; [ - zsh - neovim - ]; - programs.zsh.shellAliases = { - "redac" = "/home/bocal/bin/redac"; - "faire" = "redac faire"; - }; - }; - - services.pixiecore = { - enable = true; - openFirewall = true; - dhcpNoBind = true; - apiServer = "http://localhost:8000"; - mode = "api"; - listen = "192.168.222.1"; - }; - services.nfs.server = { - enable = true; - exports = - let - template = - { name, uid }: - "/home/${name} 192.168.222.0/24(rw,nohide,insecure,no_subtree_check,anonuid=${builtins.toString uid},anongid=2000)"; - in - builtins.concatStringsSep "\n" ( - [ "/home/bocal 192.168.222.0/24(rw,nohide,insecure,no_subtree_check)" ] - ++ map template distant-users-id - ); - }; - services.dnsmasq = { - enable = true; - settings = { - interface = [ "netboot-client" ]; - bind-dynamic = true; - dhcp-option = "3,0.0.0.0"; - dhcp-range = "192.168.222.100,192.168.222.200,255.255.255.0,12h"; - }; - }; - services.nginx = { - enable = true; - virtualHosts."localhost" = { - listen = [ - { - addr = "localhost"; - port = 8000; - } - ]; - root = webroot; - }; - }; -} diff --git a/BOcal/router.nix b/BOcal/router.nix deleted file mode 100644 index f559c09..0000000 --- a/BOcal/router.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -{ - boot.kernel.sysctl."net.ipv4.ip_forward" = true; - - systemd.network = { - enable = true; - networks = { - "uplink" = { - name = "eno1"; - DHCP = "ipv4"; - # networkConfig.IPMasquerade = "ipv4"; - }; - "10-enp2s0" = { - name = "enp2s0"; - bridge = [ "netboot-client" ]; - networkConfig = { - LLDP = false; - EmitLLDP = false; - LinkLocalAddressing = false; - IPv6AcceptRA = false; - IPv6SendRA = false; - }; - }; - "10-enp3s2" = { - name = "enp3s2"; - bridge = [ "netboot-client" ]; - networkConfig = { - LLDP = false; - EmitLLDP = false; - LinkLocalAddressing = false; - IPv6AcceptRA = false; - IPv6SendRA = false; - }; - }; - "11-netboot-client" = { - name = "netboot-client"; - address = [ "192.168.222.1/24" ]; - # dhcpServerConfig = { - # PoolOffset = 100; - # PoolSize = 100; - # BootServerAddress = "192.168.222.1"; - # }; - }; - }; - netdevs."10-client".netdevConfig = { - Name = "netboot-client"; - Kind = "bridge"; - }; - }; - networking.nameservers = [ "208.67.222.222" ]; - - networking.nat = { - enable = true; - internalInterfaces = [ "netboot-client" ]; - externalInterface = "eno1"; - }; - - services.netbird.enable = true; -} diff --git a/hive.nix b/hive.nix index 4047953..435d83f 100644 --- a/hive.nix +++ b/hive.nix @@ -90,15 +90,6 @@ in ]; }; - BOcal = { - deployment.targetHost = "bocal.tmp"; - imports = [ ./BOcal/configuration.nix ]; - - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvi5VUsDrwS4XqQQfFFIx1JoRDPVdtChUQWqKFbPFtP8gH51woXiKtKRbDebL0z/EmkdYKxxIkzixHTR5xQXjo8JiFZbwldZi5IvMr3x//ad9sVyOhmbRx1DXLKjyOdWyo+w0vORvbEDu2lHktfSvhHGrvUHfFc3EY+cAl7IImgGEeGNPruAuNkN90Lth9QgwJVsdOEs9j7hwwKtpfMMETL5tkW34Nu7io03+SaPxwi2xLuWTdTklfZ7GWYtG2w/hFkzDbkW97rp5dxB1HO58cPqyRlqyfhZFpiUmWlyuMba3Tip6JarCa52IpFffEIDR0CSeh5CFPoeppo/TPDiXDie370TjjQpxJiG+9PobBhmChH5FmQ/lksffI/WimqpVO7Ixf5cYiHN5Z0mgJgZsXwI3YPICQLA8ebSKHA8+mdmkunDmCBRaBj1qEgkp/UoYqXT6BjBm07nOsnL+3SG/yfx4fLotgWtdm2mkjEAG+OGVR7G3Vk/POxn0EqX7Z+gU= sylvain@idefix" - ]; - }; - kat-iso = { name, pkgs, ... }: {