diff --git a/homes/aarch64-linux/master@kb-senfnvp/default.nix b/homes/aarch64-linux/master@kb-senfnvp/default.nix new file mode 100644 index 0000000..68b5e31 --- /dev/null +++ b/homes/aarch64-linux/master@kb-senfnvp/default.nix @@ -0,0 +1,22 @@ +{ config, pkgs, lib, inputs, ... }: +{ + home.username = "master"; + home.homeDirectory = "/home/master"; + home.packages = with pkgs; [ + fastfetch + btop + sops + ]; + + # SSH Configuration + programs.ssh.enable = true; + programs.ssh.matchBlocks."kb01@kb-one-git" = { + host = "git.kb-one.de"; + user = "git"; + identityFile = "/home/master/.ssh/kb01@kb-one-git"; + port = 9522; + }; + + home.stateVersion = "24.05"; # NEVER CHANGE!!! +} + diff --git a/homes/x86_64-linux/kb@Ohybke/default.nix b/homes/x86_64-linux/kb@Ohybke/default.nix index 76b81e8..3ec34b3 100644 --- a/homes/x86_64-linux/kb@Ohybke/default.nix +++ b/homes/x86_64-linux/kb@Ohybke/default.nix @@ -104,6 +104,20 @@ in { identityFile = "/home/kb/.ssh/master@kb-web-01"; port = 2222; }; + programs.ssh.matchBlocks."root@kb-senfnvp-remoteunlock" = { + host = "kb-senfnvp-remoteunlock"; + hostname = "senfnvp.kb-one.de"; + user = "root"; + identityFile = "/home/kb/.ssh/root@kb-senfnvp-remoteunlock"; + port = 7299; + }; + programs.ssh.matchBlocks."master@kb-senfnvp" = { + host = "kb-senfnvp"; + hostname = "senfnvp.kb-one.de"; + user = "master"; + identityFile = "/home/kb/.ssh/master@kb-senfnvp"; + port = 9553; + }; programs.firefox = { enable = true; diff --git a/systems/aarch64-linux/kb-senfnvp/default.nix b/systems/aarch64-linux/kb-senfnvp/default.nix new file mode 100644 index 0000000..78afab5 --- /dev/null +++ b/systems/aarch64-linux/kb-senfnvp/default.nix @@ -0,0 +1,61 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ./hardware.nix + ]; + + networking.hostName = "kb-senfnvp"; + networking.networkmanager.enable = true; + networking.nameservers = [ + "1.1.1.1" + ]; + + # Set your time zone. + time.timeZone = "Europe/Amsterdam"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "de"; + }; + + users.users.master = { # Managed by Homemanager + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJszrrdVHmMUdgOakyFNOIPV9BfopwflqivmK13Fmsab kb@Ohybke" + ]; + isNormalUser = true; + extraGroups = [ "wheel" ]; + }; + + environment.systemPackages = with pkgs; [ + git + wget + vim + tree + fastfetch + ]; + + # Default Editor + programs.vim.enable = true; + programs.vim.defaultEditor = true; + + # SSH and Mosh + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + settings.KbdInteractiveAuthentication = false; + ports = [ 9553 ]; + openFirewall = true; + }; + programs.mosh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + + system.stateVersion = "24.11"; # NEVER CHANGE THIS !!!! + +} + diff --git a/systems/aarch64-linux/kb-senfnvp/hardware.nix b/systems/aarch64-linux/kb-senfnvp/hardware.nix new file mode 100644 index 0000000..1df4e24 --- /dev/null +++ b/systems/aarch64-linux/kb-senfnvp/hardware.nix @@ -0,0 +1,52 @@ +{ config, lib, pkgs, modulesPath, ... }: +{ + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + # System + boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_scsi" "sr_mod" "sr_mod" "r8169" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; + + # Boot Loader + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # SSH Remote Unlock + boot.kernelParams = [ "ip=dhcp" ]; + boot.initrd.systemd.users.root.shell = "/bin/cryptsetup-askpass"; + boot.initrd.network = { + enable = true; + ssh = { + enable = true; + port = 7299; + authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6jJa135d46R9XgV7h5SfxALabycI5ZPN8kdSQbEkYM kb@Ohybke" ]; + hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" ]; + }; + postCommands = '' + echo 'cryptsetup-askpass' >> /root/.profile + ''; + }; + + # Disks + boot.initrd.luks.devices."luks-2d08047a-a014-480b-8a24-a70e20a2d7d7".device = "/dev/disk/by-uuid/2d08047a-a014-480b-8a24-a70e20a2d7d7"; + fileSystems."/" = { + device = "/dev/disk/by-uuid/9c1d9682-5cfb-4683-a789-f544fc6e7681"; + fsType = "ext4"; + }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/FEAA-61DA"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = [ ]; + + # Networking + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp7s0.useDHCP = lib.mkDefault true; + +}