From 5ef9bfb6024e351fd825bc33ec65ecf1318e045f Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Fri, 31 May 2024 10:18:37 -0500 Subject: [PATCH] Stuff and things --- modules/home-manager/linux.nix | 1 + nixos/beefcake.nix | 5 ++-- nixos/rascal.nix | 46 ++++++++++++++++++++++++++-------- 3 files changed, 39 insertions(+), 13 deletions(-) diff --git a/modules/home-manager/linux.nix b/modules/home-manager/linux.nix index 599dc06..a6cb37a 100644 --- a/modules/home-manager/linux.nix +++ b/modules/home-manager/linux.nix @@ -8,6 +8,7 @@ programs.fish = { shellAliases = { # TODO: these aren't working? + disks = "df -h && lsblk"; sctl = "sudo systemctl"; bt = "bluetoothctl"; pa = "pulsemixer"; diff --git a/nixos/beefcake.nix b/nixos/beefcake.nix index bfbd3ac..76a8f79 100644 --- a/nixos/beefcake.nix +++ b/nixos/beefcake.nix @@ -608,7 +608,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 # clickhouse and plausible analytics once they're up and running? services.restic.backups = let defaults = { - passwordFile = "/root/restic-localbackup-password"; + passwordFile = "/root/restic-remotebackup-password"; paths = [ "/storage/files.lyte.dev" "/storage/daniel" @@ -631,6 +631,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 local = defaults // { + passwordFile = "/root/restic-localbackup-password"; repository = "/storage/backups/local"; }; rascal = @@ -878,7 +879,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 "d /storage/dawncraft/downloads/ 0770 1000 1000 -" ]; virtualisation.oci-containers.containers.minecraft-dawncraft = { - autoStart = true; + autoStart = false; # sending commands: https://docker-minecraft-server.readthedocs.io/en/latest/commands/ image = "docker.io/itzg/minecraft-server"; diff --git a/nixos/rascal.nix b/nixos/rascal.nix index f0775b1..31eb9bc 100644 --- a/nixos/rascal.nix +++ b/nixos/rascal.nix @@ -1,6 +1,5 @@ { inputs, - # outputs, config, modulesPath, ... @@ -18,24 +17,49 @@ fsType = "f2fs"; }; + fileSystems."/storage" = { + device = "/dev/disk/by-uuid/410fa651-4918-447c-9337-97cc12ff6d2a"; + fsType = "ext4"; + }; + boot.loader.grub = { enable = true; device = "/dev/sda"; }; + users.users = { + beefcake = { + # used for restic backups + isNormalUser = true; + openssh.authorizedKeys.keys = + config.users.users.daniel.openssh.authorizedKeys.keys + ++ [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7HrojwoyHED+A/FzRjYmIL0hzofwBd9IYHH6yV0oPO root@beefcake" + ]; + }; + + daniel = { + # used for restic backups + isNormalUser = true; + extraGroups = ["users" "wheel" "video" "dialout" "uucp"]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev" + ]; + }; + + root = { + openssh.authorizedKeys.keys = config.users.users.daniel.openssh.authorizedKeys.keys; + }; + }; + networking = { hostName = "rascal"; networkmanager.enable = true; - }; - - users.users.beefcake = { - # used for restic backups - isNormalUser = true; - openssh.authorizedKeys.keys = - config.users.users.daniel.openssh.authorizedKeys.keys - ++ [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7HrojwoyHED+A/FzRjYmIL0hzofwBd9IYHH6yV0oPO root@beefcake" - ]; + firewall = { + enable = true; + allowPing = true; + allowedTCPPorts = [22]; + }; }; system.stateVersion = "22.05";