diff --git a/colmena/local.nix b/colmena/local.nix index a567ae9..51720b9 100644 --- a/colmena/local.nix +++ b/colmena/local.nix @@ -8,6 +8,10 @@ in { tags = [ "local" ]; }; + nixpkgs.config.packageOverrides = pkgs: { + agenix = (import "${sources.agenix}" { inherit pkgs; }).agenix; + }; + environment.systemPackages = with pkgs; [ agenix colmena diff --git a/colmena/remote.nix b/colmena/remote.nix index 47191f7..efe4e6e 100644 --- a/colmena/remote.nix +++ b/colmena/remote.nix @@ -3,13 +3,9 @@ { deployment = { targetHost = "${name}.birdsong.network"; - targetUser = "qenya"; tags = [ "remote" ]; }; - # Required for remote builds - security.sudo.wheelNeedsPassword = false; - imports = [ ../common/openssh.nix ]; diff --git a/common/openssh.nix b/common/openssh.nix index 6715088..5e9651a 100644 --- a/common/openssh.nix +++ b/common/openssh.nix @@ -12,4 +12,9 @@ services.fail2ban.enable = true; networking.firewall.allowedTCPPorts = [ 22 ]; + + # Allow remote root login only from home network + # TODO: Find a less hacky way of doing remote deployment + users.users.root.openssh.authorizedKeys.keys = config.users.users.qenya.openssh.authorizedKeys.keys; + services.openssh.extraConfig = "Match Address 45.14.17.200\n PermitRootLogin prohibit-password"; } \ No newline at end of file diff --git a/common/sudo.nix b/common/sudo.nix deleted file mode 100644 index fe9b2fc..0000000 --- a/common/sudo.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ config, lib, pkgs,... }: - -{ - security.sudo.execWheelOnly = true; -} diff --git a/hive.nix b/hive.nix index e3ccd2b..d7a8ae9 100644 --- a/hive.nix +++ b/hive.nix @@ -6,24 +6,12 @@ in { deployment.replaceUnknownProfiles = false; networking.hostName = name; - nixpkgs.config = { - allowUnfree = true; - packageOverrides = pkgs: { - agenix = (import sources.agenix { inherit pkgs; }).agenix; - vscode-extensions = (import sources.nix-vscode-extensions).extensions.x86_64-linux; # TODO: This should check the host architecture - }; - }; - - home-manager = { - useUserPackages = true; - useGlobalPkgs = true; - }; + nixpkgs.config.allowUnfree = true; imports = [ (import "${sources.home-manager}/nixos") (import "${sources.agenix}/modules/age.nix") ./pinning.nix - ./common/sudo.nix ./common/utilities.nix ./users/qenya.nix ]; diff --git a/home/vscode.nix b/home/vscode.nix index 6620c02..4187060 100644 --- a/home/vscode.nix +++ b/home/vscode.nix @@ -1,32 +1,39 @@ { config, lib, pkgs, ... }: { - programs.vscode = { - enable = true; - enableExtensionUpdateCheck = false; - enableUpdateCheck = false; - package = pkgs.vscodium; - extensions = (with pkgs.vscode-extensions; [ - open-vsx.jnoortheen.nix-ide - open-vsx.ms-python.python - open-vsx.robbowen.synthwave-vscode - ]); - mutableExtensionsDir = false; - userSettings = { - "extensions.autoUpdate" = false; - "git.autofetch" = true; - "git.confirmSync" = false; - "git.enableSmartCommit" = true; - "javascript.updateImportsOnFileMove.enabled" = "always"; - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "nix.serverSettings".nil = { - diagnostics.ignored = [ "unused_binding" "unused_with" ]; - formatting.command = [ "nixpkgs-fmt" ]; + programs.vscode = + let + system = builtins.currentSystem; + sources = import ../npins; + extensions = (import sources.nix-vscode-extensions).extensions.${system}; + in + { + enable = true; + enableExtensionUpdateCheck = false; + enableUpdateCheck = false; + package = pkgs.vscodium; + extensions = (with pkgs.vscode-extensions; [ + jnoortheen.nix-ide + ms-python.python + ]) ++ (with extensions.open-vsx; [ + robbowen.synthwave-vscode + ]); + mutableExtensionsDir = false; + userSettings = { + "extensions.autoUpdate" = false; + "git.autofetch" = true; + "git.confirmSync" = false; + "git.enableSmartCommit" = true; + "javascript.updateImportsOnFileMove.enabled" = "always"; + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "nix.serverSettings".nil = { + diagnostics.ignored = [ "unused_binding" "unused_with" ]; + formatting.command = [ "nixpkgs-fmt" ]; + }; + "workbench.colorTheme" = "SynthWave '84"; }; - "workbench.colorTheme" = "SynthWave '84"; }; - }; # Language servers etc home.packages = with pkgs; [ diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index c30e2ee..70865b3 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -7,7 +7,6 @@ ./home.nix ../../common/fonts.nix ../../common/gaming.nix - ./syncthing.nix ]; boot.loader.systemd-boot.enable = true; diff --git a/hosts/tohru/hardware-configuration.nix b/hosts/tohru/hardware-configuration.nix index 9f80893..d42b1de 100644 --- a/hosts/tohru/hardware-configuration.nix +++ b/hosts/tohru/hardware-configuration.nix @@ -28,16 +28,6 @@ fsType = "zfs"; }; - fileSystems."/config" = - { device = "rpool/config"; - fsType = "zfs"; - }; - - fileSystems."/data" = - { device = "rpool/data"; - fsType = "zfs"; - }; - fileSystems."/home" = { device = "rpool/home"; fsType = "zfs"; @@ -49,13 +39,18 @@ options = [ "fmask=0022" "dmask=0022" ]; }; + fileSystems."/data" = + { device = "rpool/data"; + fsType = "zfs"; + }; + fileSystems."/data/steam" = { device = "rpool/data/steam"; fsType = "zfs"; }; - fileSystems."/data/syncthing" = - { device = "rpool/data/syncthing"; + fileSystems."/config" = + { device = "rpool/config"; fsType = "zfs"; }; diff --git a/hosts/tohru/syncthing.nix b/hosts/tohru/syncthing.nix deleted file mode 100644 index 4d8f10d..0000000 --- a/hosts/tohru/syncthing.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - services.syncthing = { - enable = true; - user = "qenya"; - dataDir = "/data/syncthing"; - overrideDevices = true; - overrideFolders = true; - settings = { - devices = { - "kilgharrah" = { id = "RDT7IGD-76FZ6LY-37PPB2W-DWPQRPR-LZ4AXF7-4GIIHYJ-RVXUUSG-ZXPN3AZ"; }; - }; - }; - }; -}