Added Host kb-senfnvp

2025-03-07 01:54:44 +01:00 · 2025-03-07 01:54:44 +01:00 · cbccbed0cc
commit cbccbed0cc
parent dbc4df9284
4 changed files with 149 additions and 0 deletions
--- a/homes/aarch64-linux/master@kb-senfnvp/default.nix
+++ b/homes/aarch64-linux/master@kb-senfnvp/default.nix
@ -0,0 +1,22 @@
+{ config, pkgs, lib, inputs, ... }:
+{
+  home.username = "master";
+  home.homeDirectory = "/home/master";
+  home.packages = with pkgs; [
+   fastfetch
+   btop
+   sops
+  ];
+
+  # SSH Configuration
+  programs.ssh.enable = true;
+  programs.ssh.matchBlocks."kb01@kb-one-git" = {
+    host = "git.kb-one.de";
+    user = "git";
+    identityFile = "/home/master/.ssh/kb01@kb-one-git";
+    port = 9522;
+  };
+
+  home.stateVersion = "24.05"; # NEVER CHANGE!!!
+}
+
--- a/homes/x86_64-linux/kb@Ohybke/default.nix
+++ b/homes/x86_64-linux/kb@Ohybke/default.nix
@ -104,6 +104,20 @@ in {
    identityFile = "/home/kb/.ssh/master@kb-web-01";
    port = 2222;
  };
+  programs.ssh.matchBlocks."root@kb-senfnvp-remoteunlock" = {
+    host = "kb-senfnvp-remoteunlock";
+    hostname = "senfnvp.kb-one.de";
+    user = "root";
+    identityFile = "/home/kb/.ssh/root@kb-senfnvp-remoteunlock";
+    port = 7299;
+  };
+  programs.ssh.matchBlocks."master@kb-senfnvp" = {
+    host = "kb-senfnvp";
+    hostname = "senfnvp.kb-one.de";
+    user = "master";
+    identityFile = "/home/kb/.ssh/master@kb-senfnvp";
+    port = 9553;
+  };

  programs.firefox = {
    enable = true;
--- a/systems/aarch64-linux/kb-senfnvp/default.nix
+++ b/systems/aarch64-linux/kb-senfnvp/default.nix
@ -0,0 +1,61 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [
+    ./hardware.nix
+  ];
+
+  networking.hostName = "kb-senfnvp"; 
+  networking.networkmanager.enable = true;
+  networking.nameservers = [
+    "1.1.1.1"
+  ];
+ 
+  # Set your time zone.
+  time.timeZone = "Europe/Amsterdam";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "de";
+  };
+
+  users.users.master = { # Managed by Homemanager
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJszrrdVHmMUdgOakyFNOIPV9BfopwflqivmK13Fmsab kb@Ohybke"
+    ];
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    git
+    wget
+    vim
+    tree
+    fastfetch
+  ];
+
+  # Default Editor
+  programs.vim.enable = true;
+  programs.vim.defaultEditor = true;
+
+  # SSH and Mosh
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = false;
+    settings.KbdInteractiveAuthentication = false;
+    ports = [ 9553 ];
+    openFirewall = true;
+  };
+  programs.mosh.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+
+  system.stateVersion = "24.11"; # NEVER CHANGE THIS !!!!
+
+}
+
--- a/systems/aarch64-linux/kb-senfnvp/hardware.nix
+++ b/systems/aarch64-linux/kb-senfnvp/hardware.nix
@ -0,0 +1,52 @@
+{ config, lib, pkgs, modulesPath, ... }:
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  # System
+  boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_scsi" "sr_mod" "sr_mod" "r8169" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+
+  # Boot Loader
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # SSH Remote Unlock
+  boot.kernelParams = [ "ip=dhcp" ];
+  boot.initrd.systemd.users.root.shell = "/bin/cryptsetup-askpass";
+  boot.initrd.network = {
+    enable = true;
+    ssh = {
+      enable = true;
+      port = 7299;
+      authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6jJa135d46R9XgV7h5SfxALabycI5ZPN8kdSQbEkYM kb@Ohybke" ];
+      hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" ];
+    };
+    postCommands = ''
+      echo 'cryptsetup-askpass' >> /root/.profile
+    '';
+  };
+
+  # Disks
+  boot.initrd.luks.devices."luks-2d08047a-a014-480b-8a24-a70e20a2d7d7".device = "/dev/disk/by-uuid/2d08047a-a014-480b-8a24-a70e20a2d7d7";
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/9c1d9682-5cfb-4683-a789-f544fc6e7681";
+    fsType = "ext4";
+  };
+  fileSystems."/boot" = { 
+    device = "/dev/disk/by-uuid/FEAA-61DA";
+    fsType = "vfat";
+    options = [ "fmask=0077" "dmask=0077" ];
+  };
+
+  swapDevices = [ ];
+
+  # Networking
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp7s0.useDHCP = lib.mkDefault true;
+
+}