From 5ef9bfb6024e351fd825bc33ec65ecf1318e045f Mon Sep 17 00:00:00 2001
From: Daniel Flanagan <daniel@lyte.dev>
Date: Fri, 31 May 2024 10:18:37 -0500
Subject: [PATCH] Stuff and things

---
 modules/home-manager/linux.nix |  1 +
 nixos/beefcake.nix             |  5 ++--
 nixos/rascal.nix               | 46 ++++++++++++++++++++++++++--------
 3 files changed, 39 insertions(+), 13 deletions(-)

diff --git a/modules/home-manager/linux.nix b/modules/home-manager/linux.nix
index 599dc06..a6cb37a 100644
--- a/modules/home-manager/linux.nix
+++ b/modules/home-manager/linux.nix
@@ -8,6 +8,7 @@
   programs.fish = {
     shellAliases = {
       # TODO: these aren't working?
+      disks = "df -h && lsblk";
       sctl = "sudo systemctl";
       bt = "bluetoothctl";
       pa = "pulsemixer";
diff --git a/nixos/beefcake.nix b/nixos/beefcake.nix
index bfbd3ac..76a8f79 100644
--- a/nixos/beefcake.nix
+++ b/nixos/beefcake.nix
@@ -608,7 +608,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
       # clickhouse and plausible analytics once they're up and running?
       services.restic.backups = let
         defaults = {
-          passwordFile = "/root/restic-localbackup-password";
+          passwordFile = "/root/restic-remotebackup-password";
           paths = [
             "/storage/files.lyte.dev"
             "/storage/daniel"
@@ -631,6 +631,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
         local =
           defaults
           // {
+            passwordFile = "/root/restic-localbackup-password";
             repository = "/storage/backups/local";
           };
         rascal =
@@ -878,7 +879,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
         "d /storage/dawncraft/downloads/ 0770 1000 1000 -"
       ];
       virtualisation.oci-containers.containers.minecraft-dawncraft = {
-        autoStart = true;
+        autoStart = false;
 
         # sending commands: https://docker-minecraft-server.readthedocs.io/en/latest/commands/
         image = "docker.io/itzg/minecraft-server";
diff --git a/nixos/rascal.nix b/nixos/rascal.nix
index f0775b1..31eb9bc 100644
--- a/nixos/rascal.nix
+++ b/nixos/rascal.nix
@@ -1,6 +1,5 @@
 {
   inputs,
-  # outputs,
   config,
   modulesPath,
   ...
@@ -18,24 +17,49 @@
     fsType = "f2fs";
   };
 
+  fileSystems."/storage" = {
+    device = "/dev/disk/by-uuid/410fa651-4918-447c-9337-97cc12ff6d2a";
+    fsType = "ext4";
+  };
+
   boot.loader.grub = {
     enable = true;
     device = "/dev/sda";
   };
 
+  users.users = {
+    beefcake = {
+      # used for restic backups
+      isNormalUser = true;
+      openssh.authorizedKeys.keys =
+        config.users.users.daniel.openssh.authorizedKeys.keys
+        ++ [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7HrojwoyHED+A/FzRjYmIL0hzofwBd9IYHH6yV0oPO root@beefcake"
+        ];
+    };
+
+    daniel = {
+      # used for restic backups
+      isNormalUser = true;
+      extraGroups = ["users" "wheel" "video" "dialout" "uucp"];
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev"
+      ];
+    };
+
+    root = {
+      openssh.authorizedKeys.keys = config.users.users.daniel.openssh.authorizedKeys.keys;
+    };
+  };
+
   networking = {
     hostName = "rascal";
     networkmanager.enable = true;
-  };
-
-  users.users.beefcake = {
-    # used for restic backups
-    isNormalUser = true;
-    openssh.authorizedKeys.keys =
-      config.users.users.daniel.openssh.authorizedKeys.keys
-      ++ [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7HrojwoyHED+A/FzRjYmIL0hzofwBd9IYHH6yV0oPO root@beefcake"
-      ];
+    firewall = {
+      enable = true;
+      allowPing = true;
+      allowedTCPPorts = [22];
+    };
   };
 
   system.stateVersion = "22.05";