From db355752008831b5058a3075b39886e4b1d2a7aa Mon Sep 17 00:00:00 2001 From: James Andariese Date: Fri, 18 Apr 2025 16:13:34 -0500 Subject: [PATCH] updates for 2025 --- Makefile | 1 + hosts/installer.nix | 14 +++++++++++--- modules/k3s.nix | 4 ++-- modules/users.nix | 23 +++++++++++++++++++++++ types/server.nix | 2 ++ 5 files changed, 39 insertions(+), 5 deletions(-) create mode 100644 modules/users.nix diff --git a/Makefile b/Makefile index 0443167..e50b0ba 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,5 @@ installer.iso: flake.nix modules hosts/installer.nix nix build .#nixosConfigurations.installer.config.system.build.isoImage + rm -f installer.iso cp result/iso/nixos-*.iso installer.iso diff --git a/hosts/installer.nix b/hosts/installer.nix index 2a1ce56..69b0251 100644 --- a/hosts/installer.nix +++ b/hosts/installer.nix @@ -70,11 +70,11 @@ let installer = pkgs.writeShellApplication { mount /dev/disk/by-label/BOOT /mnt/boot mkdir -p /mnt/root - TOKEN="$(dig +short lan-git-token.cascade TXT | tr -d '"')" + TOKEN="$(dig +short lan-auth-token.strudelline.net TXT | tr -d '"')" umask 0077 mkdir -p /root - printf 'machine git.strudelline.net\nlogin james\npassword %s\n' "$TOKEN" > /root/.netrc - printf 'machine git.strudelline.net\nlogin james\npassword %s\n' "$TOKEN" > /mnt/root/.netrc + printf 'machine git.strudelline.net\nlogin lan-auth\npassword %s\n' "$TOKEN" > /root/.netrc + printf 'machine git.strudelline.net\nlogin lan-auth\npassword %s\n' "$TOKEN" > /mnt/root/.netrc nixos-install --flake git+https://git.strudelline.net/cascade/nixos#"$HOSTNAME" --impure --no-root-password ''; @@ -82,6 +82,14 @@ let installer = pkgs.writeShellApplication { in { imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ]; + + boot.kernelParams = [ "console=ttyS0,115200n8" ]; + boot.loader.grub.extraConfig = " + serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1 + terminal_input serial + terminal_output serial + "; + environment.systemPackages = [ installer ]; diff --git a/modules/k3s.nix b/modules/k3s.nix index c038d1f..4dd4984 100644 --- a/modules/k3s.nix +++ b/modules/k3s.nix @@ -12,8 +12,8 @@ in { networking.nameservers = [ - 172.16.1.53 - 172.16.1.8 + "172.16.1.53" + "172.16.1.8" ]; system.activationScripts."corenet-flux" = mkIf true '' diff --git a/modules/users.nix b/modules/users.nix new file mode 100644 index 0000000..9925279 --- /dev/null +++ b/modules/users.nix @@ -0,0 +1,23 @@ +{config, lib, ...}: +with builtins; +with lib; +let adminGroups = + filter (x: hasAttr x config.users.groups) [ "users" "networkmanager" "wheel" "keyd" "tss" "plugdev" "uinput" "tss" "disk" "dialout" "kvm" "docker" "libvirtd" ] + ; +adminUser = name: { hashedPassword, sshKeys ? [], ...}@options: { + users.users."${name}" = { + isNormalUser = true; + description = name; + linger = true; + extraGroups = adminGroups; + hashedPassword = hashedPassword; + openssh.authorizedKeys.keys = if (isList sshKeys) then sshKeys else [ sshKeys ]; + }; +}; +in +{ config = mkMerge [ + (adminUser "james" { + hashedPassword = "$6$rounds=3329299$pm3dw//wbFgSL3vc$9oXIvCyHqvQHpcn0cvn686mlbt5T4Qd4c5vgSdI8oNhVGXb7pteLyzN.b2pJ3w22NsPovWoL9M.ScyJXRTPP10"; + sshKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA2FMpfO9p2xfATWwaqpT3cGwYOtraiTMfmRXDBI7jrR james"; + }) +];} diff --git a/types/server.nix b/types/server.nix index 2fb7bc9..702c210 100644 --- a/types/server.nix +++ b/types/server.nix @@ -5,6 +5,8 @@ ../modules/session.nix ../modules/server.nix ../modules/systemd-efi.nix + ../modules/luks.nix + ../modules/users.nix ../modules/k3s.nix ];