Try this iso, remove all references to bcachefs from shodan

This commit is contained in:
Lillian Violet 2024-03-20 19:42:38 +01:00
parent 708e4fbefc
commit dd9348b672
5 changed files with 214 additions and 8 deletions

View file

@ -84,6 +84,7 @@
linger,
pihole,
lanzaboote,
jovian,
nixos-hardware,
conduit,
...
@ -134,9 +135,7 @@
}
];
};
};
nixosConfigurations = {
GLaDOS = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs outputs;};
@ -152,9 +151,7 @@
}
];
};
};
nixosConfigurations = {
queen = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs outputs;};
@ -166,9 +163,7 @@
simple-nixos-mailserver.nixosModule
];
};
};
nixosConfigurations = {
shodan = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs outputs;};
@ -178,15 +173,28 @@
sops-nix.nixosModules.sops
lanzaboote.nixosModules.lanzaboote
disko.nixosModules.disko
jovian.nixosModules.jovian
home-manager.nixosModules.home-manager
{
home-manager.sharedModules = [inputs.plasma-manager.homeManagerModules.plasma-manager];
}
];
};
ISO = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs outputs;};
modules = [
"${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma6.nix"
"${nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix"
./nixos/hosts/iso/configuration.nix
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
{
home-manager.sharedModules = [inputs.plasma-manager.homeManagerModules.plasma-manager];
}
];
};
};
nixosConfigurations = {
wheatley = nixpkgs.lib.nixosSystem {
system = "armv7l-linux";
specialArgs = {inherit inputs outputs;};

View file

@ -0,0 +1,13 @@
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
# You can import other home-manager modules here
imports = [
./lillian.nix
];
}

View file

@ -0,0 +1,29 @@
# This is your home-manager configuration file
# Use this to configure your home environment (it replaces ~/.config/nixpkgs/home.nix)
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
# You can import other home-manager modules here
imports = [
# If you want to use modules your own flake exports (from modules/home-manager):
# outputs.homeManagerModules.example
# Or modules exported from other flakes (such as nix-colors):
# inputs.nix-colors.homeManagerModules.default
# You can also split up your configuration and import pieces of it here:
# ./nvim.nix
../../desktop
];
home.packages = with pkgs; [
];
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
home.stateVersion = "24.05";
}

View file

@ -0,0 +1,135 @@
{
inputs,
outputs,
lib,
config,
pkgs,
nixpkgs-stable,
...
}: {
imports = [
# If you want to use modules your own flake exports (from modules/home-manager):
# outputs.homeManagerModules.example
# outputs.nixosModules.contabo.wan
inputs.home-manager.nixosModules.home-manager
# Or modules exported from other flakes (such as nix-colors):
# inputs.nix-colors.homeManagerModules.defaults
# Import shared settings
../../shared
];
boot.tmp.cleanOnBoot = true;
zramSwap.enable = false;
networking.domain = "";
services.openssh = {
enable = true;
# require public key authentication for better security
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "no";
};
nixpkgs = {
# You can add overlays here
overlays = [
];
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
};
};
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
sops.defaultSopsFile = ./secrets/sops.yaml;
environment.systemPackages = with pkgs; [
# Custom tools
dvd
dvt
servo
restart
install-nix
# System tools
aha
direnv
efitools
git-filter-repo
gnupg
pciutils
sbctl
tpm2-tools
tpm2-tss
waydroid
zsh
# KDE/QT
krunner-translator
kdePackages.discover
kdePackages.kcalc
kdePackages.kdepim-addons
kdePackages.kirigami
kdePackages.kdeconnect-kde
# kdePackages.krunner-ssh
# kdePackages.krunner-symbols
kdePackages.packagekit-qt
kdePackages.plasma-pa
kdePackages.sddm-kcm
kdePackages.dolphin-plugins
libportal-qt5
libportal
];
# Enable networking
networking.networkmanager.enable = true;
# Contabo ipv6 nameservers: "2a02:c207::1:53" "2a02:c207::2:53"
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [22];
programs.kdeconnect.enable = true;
# Configure keymap in X11
services.xserver.xkb = {
layout = "us";
variant = "";
options = "terminate:ctrl_alt_bksp,compose:caps_toggle";
};
# Enable bluetooth hardware
hardware.bluetooth.enable = true;
security.tpm2.enable = true;
security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
users.users.lillian.extraGroups = ["tss"]; # tss group has access to TPM devices
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
programs.git = {
enable = true;
};
programs.direnv = {
enable = true;
};
# Enable completion of system packages by zsh
environment.pathsToLink = ["/share/zsh"];
home-manager = {
extraSpecialArgs = {inherit inputs outputs;};
users = {
# Import your home-manager configuration
lillian = import ../../../home-manager/hosts/iso;
};
};
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "unstable";
}

View file

@ -0,0 +1,21 @@
lillian-password: ENC[AES256_GCM,data:eQzZwGxK9Lw2gc8HDNw57odxPzTH4sa/2O97h3VAghRwLClmCYKT91kxj2F3kQ4iEctBl0GxdS4WoL3H9eE4/CAPffXdTmkdYg==,iv:2ezB4DNHFv5ceJ2gtATV12Azm3vFFDLX1qSSy+cKuMY=,tag:zxb5agUCDpi92bYV7+DmoA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArbVd5bkxmV2FSNDVCWXN1
RGxwdVZ5ZEROQTZ1d2ptU1RJc0dTUVlVOTE4CjhjeklubEhwUFgydkFWbDJkcU1U
VnowU29NSG10a3VKbXk3RWNWY0FwZ1EKLS0tIDJYMXhGeXArRnZ1NmQwQ3NqVHdM
dXlaN3dWOUl4Mys2V0x3Z3F6UVU4MVUKEJYpX8XhSNcM+7aUuxnIwrokY0/29Cnh
yz0HAZkaj8FwvnPnafo5jmwVyi6WXECvX5E0NZfjKH4AF5vTu6Wukg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-20T18:17:48Z"
mac: ENC[AES256_GCM,data:3UHIoYPHC6n56CHguOVuoFd9VwCjGiD9VCYy2d5W+4XQEZpjnONX8fhwwWRm42COymz89tmqDmpDp88BnSU8uE14IaCIUoxfCaRiZtjAiHjouua2jr50aUV56pwyan8ZiiOjP8oP1VY/tsv1w0jWI9TjSTHvCdNLR8XEcf6bCrk=,iv:/lBJdkQgwZyiztQ9vSoHgY+WxXJKHFI93dxtOSunHNo=,tag:lLwrSdzoN9CzmyIdLOe5ig==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1