Uhhhh, lots of changes I forgot to push earlier

2024-09-24 05:41:40 +02:00 · 2024-09-24 05:41:40 +02:00 · 5230faf7c4
commit 5230faf7c4
parent de5e4fe049
20 changed files with 1697 additions and 1634 deletions
--- a/hosts/nixos/calypso/default.nix
+++ b/hosts/nixos/calypso/default.nix
@ -53,6 +53,9 @@
  programs.kdeconnect.enable = true;
  programs.firejail.enable = true;
  # }}}
+  # {{{ SSH keys
+  users.users.pilot.openssh.authorizedKeys.keyFiles = [ ../tethys/keys/id_ed25519.pub ];
+  # }}}

  satellite.pilot.name = "moon";
  boot.loader.systemd-boot.enable = true;
--- a/hosts/nixos/calypso/filesystems/partitions.nix
+++ b/hosts/nixos/calypso/filesystems/partitions.nix
@ -62,19 +62,13 @@
                # {{{ /persist/data
                "persist-data" = {
                  mountpoint = "/persist/data";
-                  mountOptions = [
-                    "compress=zstd"
-                    "noatime"
-                  ];
+                  mountOptions = [ "compress=zstd" ];
                };
                # }}}
                # {{{ /persist/state
                "persist-state" = {
                  mountpoint = "/persist/state";
-                  mountOptions = [
-                    "compress=zstd"
-                    "noatime"
-                  ];
+                  mountOptions = [ "compress=zstd" ];
                };
                # }}}
                # {{{ /local/nix
--- a/hosts/nixos/common/optional/services/restic/default.nix
+++ b/hosts/nixos/common/optional/services/restic/default.nix
@ -74,4 +74,9 @@ in
    };
    # }}}
  };
+
+  environment.persistence."/persist/local/cache".directories = [
+    "/var/cache/restic-backups-data"
+    "/var/cache/restic-backups-state"
+  ];
 }
--- a/hosts/nixos/common/optional/services/syncthing.nix
+++ b/hosts/nixos/common/optional/services/syncthing.nix
@ -18,7 +18,7 @@ in
    overrideFolders = true;

    settings = {
-      # {{{ Device ids 
+      # {{{ Device ids
      devices = {
        enceladus.id = "QWOAERM-V2FNXPI-TB7NFUS-LKW7JTB-IZY4OEZ-FYDPJNP-6IKPW4Y-YREXDQM";
        lapetus.id = "VVHM7RC-ZSDOZJI-EGBIJR4-2DOGAXG-OEJZWSH-OYUK5XT-7CDMWSL-3AVM2AZ";
--- a/hosts/nixos/common/optional/users/pilot.nix
+++ b/hosts/nixos/common/optional/users/pilot.nix
@ -21,6 +21,9 @@
    # Configure users through nix only
    mutableUsers = false;

+    # Sync up root and `pilot` shell
+    users.root.shell = config.users.users.pilot.shell;
+
    # {{{ Create pilot user
    users.pilot = {
      inherit (config.satellite.pilot) name;
@ -46,27 +49,6 @@

      hashedPasswordFile = config.sops.secrets.pilot_password.path;
      shell = pkgs.fish;
-
-      # {{{ Authorize ssh keys
-      openssh.authorizedKeys.keyFiles =
-        let
-          # Record containing all the hosts
-          hosts = outputs.nixosConfigurations;
-
-          # Function from hostname to relative path to public ssh key
-          idKey = host: ../../${host}/keys/id_ed25519.pub;
-        in
-        lib.pipe hosts [
-          # attrsetof host -> attrsetof path
-          (builtins.mapAttrs (name: _: idKey name)) # string -> host -> path
-
-          # attrsetof path -> path[]
-          builtins.attrValues
-
-          # path[] -> path[]
-          (builtins.filter builtins.pathExists)
-        ];
-      # }}}
    };
    # }}}
  };
--- a/hosts/nixos/iso/default.nix
+++ b/hosts/nixos/iso/default.nix
@ -43,10 +43,14 @@
    ];
  };
  # }}}
-
-  # Tell sops-nix to use the hermes keys for decrypting secrets
-  sops.age.sshKeyPaths = [ "/hermes/secrets/hermes/ssh_host_ed25519_key" ];
-
+  #  {{{ SSH keys
+  users.users.pilot.openssh.authorizedKeys.keyFiles = [
+    ../calypso/keys/id_ed25519.pub
+    ../lapetus/keys/id_ed25519.pub
+    ../tethys/keys/id_ed25519.pub
+  ];
+  #  }}}
+  #  {{{ Install some packages
  environment.systemPackages =
    let
      cloneConfig = pkgs.writeShellScriptBin "liftoff" ''
@ -60,6 +64,10 @@
      neovim # Text editor
      cloneConfig # Clones my nixos config from github
    ];
+  #  }}}
+
+  # Tell sops-nix to use the hermes keys for decrypting secrets
+  sops.age.sshKeyPaths = [ "/hermes/secrets/hermes/ssh_host_ed25519_key" ];

  # Fast but bad compression
  # isoImage.squashfsCompression = "gzip -Xcompression-level 1";
--- a/hosts/nixos/lapetus/default.nix
+++ b/hosts/nixos/lapetus/default.nix
@ -26,7 +26,7 @@
    ./services/grafana.nix
    ./services/guacamole
    ./services/homer.nix
-    ./services/intray.nix
+    # ./services/intray.nix
    ./services/invidious.nix
    ./services/jellyfin.nix
    ./services/jupyter.nix
@ -65,6 +65,15 @@
    }
  ];
  # }}}
+  # {{{ SSH keys
+  users.users.pilot.openssh.authorizedKeys.keyFiles = [
+    ../calypso/keys/id_ed25519.pub
+    ../tethys/keys/id_ed25519.pub
+  ];
+
+  users.users.root.openssh.authorizedKeys.keyFiles =
+    config.users.users.pilot.openssh.authorizedKeys.keyFiles;
+  # }}}

  boot.loader.systemd-boot.enable = true;
 }
--- a/hosts/nixos/tethys/default.nix
+++ b/hosts/nixos/tethys/default.nix
@ -59,4 +59,7 @@
    # }
  ];
  # }}}
+  # {{{ SSH keys
+  users.users.pilot.openssh.authorizedKeys.keyFiles = [ ../calypso/keys/id_ed25519.pub ];
+  # }}}
 }