aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--flake.lock12
-rw-r--r--nixos/machine/binky.nix4
-rw-r--r--nixos/machine/ridcully.nix34
-rw-r--r--nixos/modules/autounlock.nix40
-rw-r--r--nixos/modules/default.nix1
-rw-r--r--nixos/modules/desktop.nix20
-rw-r--r--nixos/modules/generic.nix2
-rw-r--r--pkgs/default.nix2
-rw-r--r--pkgs/luks-hw-password/default.nix20
-rwxr-xr-xpkgs/luks-hw-password/luks-hw-password.sh6
10 files changed, 129 insertions, 12 deletions
diff --git a/flake.lock b/flake.lock
index ca5caad..ce30a83 100644
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
"nodes": {
"flake-utils": {
"locked": {
- "lastModified": 1653893745,
- "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",
+ "lastModified": 1656065134,
+ "narHash": "sha256-oc6E6ByIw3oJaIyc67maaFcnjYOz1mMcOtHxbEf9NwQ=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1",
+ "rev": "bee6a7250dd1b01844a2de7e02e4df7d8a0a206c",
"type": "github"
},
"original": {
@@ -44,11 +44,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1655567057,
- "narHash": "sha256-Cc5hQSMsTzOHmZnYm8OSJ5RNUp22bd5NADWLHorULWQ=",
+ "lastModified": 1656250965,
+ "narHash": "sha256-2IlNf6jxEJiuCrGymqLOLjxk2SIj4HhVIwEb0kvcs24=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "e0a42267f73ea52adc061a64650fddc59906fc99",
+ "rev": "9a17f325397d137ac4d219ecbd5c7f15154422f4",
"type": "github"
},
"original": {
diff --git a/nixos/machine/binky.nix b/nixos/machine/binky.nix
index 6ec37d3..c7e319a 100644
--- a/nixos/machine/binky.nix
+++ b/nixos/machine/binky.nix
@@ -12,11 +12,14 @@ with lib;
};
wifiClient = true;
develop = true;
+ gaming = true;
};
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "sd_mod"];
boot.kernelModules = ["kvm-amd"];
+ hardware.cpu.amd.updateMicrocode = true;
+
boot.initrd.luks.devices = {
"encroot".device = "/dev/disk/by-uuid/b317feb5-d68d-4ec3-a24f-0307c116cac8";
};
@@ -61,7 +64,6 @@ with lib;
config = "config /run/secrets/elektroline.ovpn";
};
- cynerd.gaming = true;
};
diff --git a/nixos/machine/ridcully.nix b/nixos/machine/ridcully.nix
index 882f967..4c0bba9 100644
--- a/nixos/machine/ridcully.nix
+++ b/nixos/machine/ridcully.nix
@@ -5,15 +5,28 @@ with lib;
{
config = {
- cynerd.desktop.enable = true;
+ cynerd = {
+ desktop.enable = true;
+ develop = true;
+ gaming = true;
+ };
+
+ boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage"];
+ boot.kernelModules = ["kvm-amd"];
+ hardware.cpu.amd.updateMicrocode = true;
+
+ cynerd.autounlock = {
+ "encroot" = "/dev/disk/by-uuid/c07e929a-6eac-4f99-accf-f7cb3431290c";
+ "enchdd" = "/dev/disk/by-uuid/7fee3cda-efa0-47cd-8832-fdead9a7e6db";
+ };
fileSystems = {
"/" = {
- device = "/dev/disk/by-uuid/3b3063aa-c284-4075-bb37-8820df12a2f5";
+ device = "/dev/mapper/encroot";
options = ["compress=lzo" "subvol=@nix"];
};
"/home" = {
- device = "/dev/disk/by-uuid/3b3063aa-c284-4075-bb37-8820df12a2f5";
+ device = "/dev/mapper/encroot";
options = ["compress=lzo" "subvol=@home"];
};
"/boot" = {
@@ -21,11 +34,24 @@ with lib;
};
"/home2" = {
- device = "/dev/disk/by-uuid/c9aa0b7b-7482-4d4a-bcc3-8bd6a853ae7f";
+ device = "/dev/mapper/enchdd";
options = ["compress=lzo" "subvol=@home"];
};
};
+ services.syncthing = {
+ enable = true;
+ user = mkDefault "cynerd";
+ group = mkDefault "cynerd";
+ openDefaultPorts = true;
+
+ overrideDevices = false;
+ overrideFolders = false;
+
+ dataDir = "/home/cynerd";
+ configDir = "/home/cynerd/.config/syncthing";
+ };
+
};
}
diff --git a/nixos/modules/autounlock.nix b/nixos/modules/autounlock.nix
new file mode 100644
index 0000000..2e40bb2
--- /dev/null
+++ b/nixos/modules/autounlock.nix
@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+ cnf = config.cynerd.autounlock;
+
+in {
+
+ options = {
+ cynerd.autounlock = mkOption {
+ type = with types; attrsOf string;
+ default = {};
+ description = "Devices to be auto-unlocked.";
+ };
+ };
+
+ config = mkIf (cnf != {}) {
+
+ environment.systemPackages = [ pkgs.luks-hw-password ];
+ boot.initrd = {
+ extraFiles."/bin/luks-password" = pkgs.luks-hw-password + "/bin/luks-hw-password";
+ luks.devices = mapAttrs (name: value: {
+ device = value;
+ keyFile = "/keys/${name}.key";
+ fallbackToPassword = true;
+ preOpenCommands = ''
+ mkdir -p /keys
+ luks-hw-password > /keys/${name}.key
+ '';
+ postOpenCommands = ''
+ rm -rf /keys
+ '';
+ }) cnf;
+ };
+
+ };
+
+}
diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix
index 1077dc7..278f2d8 100644
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@@ -1,4 +1,5 @@
nixpkgs: {
+ cynerd-autounlock = import ./autounlock.nix;
cynerd-compile = import ./compile.nix;
cynerd-desktop = import ./desktop.nix;
cynerd-develop = import ./develop.nix nixpkgs;
diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix
index 184c52d..d04b1fb 100644
--- a/nixos/modules/desktop.nix
+++ b/nixos/modules/desktop.nix
@@ -5,6 +5,14 @@ let
cnf = config.cynerd.desktop;
+ autologinScript = pkgs.writeText "login-program.sh" ''
+ if [[ "$(tty)" == '/dev/tty1' ]]; then
+ ${pkgs.shadow}/bin/login -f cynerd;
+ else
+ ${pkgs.shadow}/bin/login;
+ fi
+ '';
+
in {
options = {
@@ -197,5 +205,17 @@ in {
};
};
+ services.getty = {
+ extraArgs = [ "--skip-login" ];
+ loginProgram = "${pkgs.bash}/bin/sh";
+ loginOptions = toString (pkgs.writeText "login-program.sh" ''
+ if [[ "$(tty)" == '/dev/tty1' ]]; then
+ ${pkgs.shadow}/bin/login -f cynerd;
+ else
+ ${pkgs.shadow}/bin/login;
+ fi
+ '');
+ };
+
};
}
diff --git a/nixos/modules/generic.nix b/nixos/modules/generic.nix
index 67a80f8..ab47f19 100644
--- a/nixos/modules/generic.nix
+++ b/nixos/modules/generic.nix
@@ -30,7 +30,7 @@ with lib;
git # We need git for this repository to even work
# Administration tools
coreutils moreutils psmisc progress lshw file
- dig
+ drill
gnumake
exfat exfatprogs
nix-index
diff --git a/pkgs/default.nix b/pkgs/default.nix
index 64de2ac..9950e7b 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -13,6 +13,8 @@ let
];
});
+ luks-hw-password = callPackage ./luks-hw-password { };
+
delft-icon-theme = callPackage ./theme/delft-icon-theme.nix { };
background-lnxpcs = callPackage ./theme/background-lnxpcs.nix { };
swaybackground = callPackage ./theme/swaybackground.nix { };
diff --git a/pkgs/luks-hw-password/default.nix b/pkgs/luks-hw-password/default.nix
new file mode 100644
index 0000000..9797735
--- /dev/null
+++ b/pkgs/luks-hw-password/default.nix
@@ -0,0 +1,20 @@
+{ lib, stdenvNoCC, makeWrapper
+, dmidecode, coreutils
+}:
+
+stdenvNoCC.mkDerivation {
+ pname = "luks-hw-password";
+ version = "1.0";
+ meta = with lib; {
+ license = licenses.gpl3;
+ platforms = platforms.linux;
+ };
+
+ nativeBuildInputs = [ makeWrapper ];
+ phases = [ "installPhase" ];
+ installPhase = ''
+ mkdir -p $out/bin
+ makeWrapper ${./luks-hw-password.sh} $out/bin/luks-hw-password \
+ --prefix PATH : ${lib.makeBinPath [ dmidecode coreutils ]}
+ '';
+}
diff --git a/pkgs/luks-hw-password/luks-hw-password.sh b/pkgs/luks-hw-password/luks-hw-password.sh
new file mode 100755
index 0000000..8ad64bb
--- /dev/null
+++ b/pkgs/luks-hw-password/luks-hw-password.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+{
+ dmidecode -s system-uuid
+ dmidecode -s baseboard-serial-number
+ dmidecode -s processor-version
+} | sha512sum | cut -f1 -d ' '