From 2f1331185a4387cda2e7eda4f938bf8934d976d8 Mon Sep 17 00:00:00 2001 From: Eclypsed Date: Tue, 14 Oct 2025 15:15:09 -0400 Subject: [PATCH] Reduced config for demo purposes --- flake.nix | 36 +++++++++------------ hosts/demo/placeholder.txt | 1 + hosts/vanta/default.nix | 10 ------ hosts/vanta/hardware-configuration.nix | 40 ----------------------- modules/system/agenix.nix | 20 ------------ modules/system/boot.nix | 3 -- modules/system/default.nix | 3 -- modules/system/fileSystems.nix | 45 -------------------------- modules/system/tailscale.nix | 31 ------------------ modules/system/user.nix | 5 +-- modules/system/virtualisation.nix | 8 ----- secrets/eclypse-password.age | 6 ---- secrets/eclypsecloud-eclypse.age | 5 --- secrets/secrets.nix | 19 ----------- secrets/tailscale-auth.age | 6 ---- 15 files changed, 17 insertions(+), 221 deletions(-) create mode 100644 hosts/demo/placeholder.txt delete mode 100644 hosts/vanta/default.nix delete mode 100644 hosts/vanta/hardware-configuration.nix delete mode 100644 modules/system/agenix.nix delete mode 100644 modules/system/fileSystems.nix delete mode 100644 modules/system/tailscale.nix delete mode 100644 modules/system/virtualisation.nix delete mode 100644 secrets/eclypse-password.age delete mode 100644 secrets/eclypsecloud-eclypse.age delete mode 100644 secrets/secrets.nix delete mode 100644 secrets/tailscale-auth.age diff --git a/flake.nix b/flake.nix index 228d19c..230bc72 100644 --- a/flake.nix +++ b/flake.nix @@ -4,8 +4,6 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - nixos-hardware.url = "github:NixOS/nixos-hardware"; - home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; @@ -16,11 +14,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - agenix = { - url = "github:ryantm/agenix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - nvf = { url = "github:notashelf/nvf"; inputs.nixpkgs.follows = "nixpkgs"; @@ -33,19 +26,20 @@ }; }; - outputs = { nixpkgs, ... }@inputs: - let - system = "x86_64-linux"; - host = "vanta"; - in - { - nixosConfigurations.${host} = nixpkgs.lib.nixosSystem { - inherit system; - specialArgs = { inherit inputs host; }; - modules = [ - ./modules/system - ./hosts/${host} - ]; + outputs = + { nixpkgs, ... }@inputs: + let + system = "x86_64-linux"; + host = "demo"; + in + { + nixosConfigurations.${host} = nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { inherit inputs host; }; + modules = [ + ./modules/system + ./hosts/${host} + ]; + }; }; - }; } diff --git a/hosts/demo/placeholder.txt b/hosts/demo/placeholder.txt new file mode 100644 index 0000000..21e04dd --- /dev/null +++ b/hosts/demo/placeholder.txt @@ -0,0 +1 @@ +Put host config here! diff --git a/hosts/vanta/default.nix b/hosts/vanta/default.nix deleted file mode 100644 index be8b088..0000000 --- a/hosts/vanta/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - inputs, - ... -}: -{ - imports = [ - inputs.nixos-hardware.nixosModules.framework-12th-gen-intel - ./hardware-configuration.nix - ]; -} diff --git a/hosts/vanta/hardware-configuration.nix b/hosts/vanta/hardware-configuration.nix deleted file mode 100644 index f2ccdd8..0000000 --- a/hosts/vanta/hardware-configuration.nix +++ /dev/null @@ -1,40 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/1df00fd1-f531-49b9-9dc6-6d17ca39b67a"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/EE0E-CAE4"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/fbacd982-b161-447c-a34a-7b44bc063a08"; } - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp166s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/modules/system/agenix.nix b/modules/system/agenix.nix deleted file mode 100644 index 526f435..0000000 --- a/modules/system/agenix.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - inputs, - pkgs, - ... -}: -{ - imports = [ - inputs.agenix.nixosModules.default - ]; - - environment.systemPackages = [ - inputs.agenix.packages.${pkgs.system}.default # CLI Tool - ]; - - age.secrets = { - tailscale-auth.file = ../../secrets/tailscale-auth.age; - eclypsecloud-eclypse.file = ../../secrets/eclypsecloud-eclypse.age; - eclypse-password.file = ../../secrets/eclypse-password.age; - }; -} diff --git a/modules/system/boot.nix b/modules/system/boot.nix index d9cfa63..99afb5d 100644 --- a/modules/system/boot.nix +++ b/modules/system/boot.nix @@ -1,10 +1,8 @@ { - config, ... }: { boot = { - extraModulePackages = with config.boot.kernelPackages; [ virtualbox ]; loader = { systemd-boot = { enable = true; @@ -12,6 +10,5 @@ }; efi.canTouchEfiVariables = true; }; - kernelParams = [ "kvm.enable_virt_at_load=0" ]; }; } diff --git a/modules/system/default.nix b/modules/system/default.nix index 212305a..821c915 100644 --- a/modules/system/default.nix +++ b/modules/system/default.nix @@ -3,7 +3,6 @@ }: { imports = [ - ./agenix.nix ./boot.nix ./fileSystems.nix ./fonts.nix @@ -12,8 +11,6 @@ ./security.nix ./services.nix ./system.nix - ./tailscale.nix ./user.nix - ./virtualisation.nix ]; } diff --git a/modules/system/fileSystems.nix b/modules/system/fileSystems.nix deleted file mode 100644 index 1c58ba6..0000000 --- a/modules/system/fileSystems.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ - pkgs, - config, - ... -}: -let - automount_opts = [ - "x-systemd.automount" - "x-systemd.idle-timeout=60" - "x-systemd.device-timeout=5s" - "x-systemd.mount-timeout=5s" - "noauto" - "user" - "users" - ]; -in -{ - fileSystems = { - "/mnt/EclypseCloud" = { - device = "//100.78.212.35/EclypseCloud"; - fsType = "cifs"; - options = [ - "credentials=${config.age.secrets.eclypsecloud-eclypse.path}" - "uid=${toString config.users.users.eclypse.uid}" - "rw" - ] - ++ automount_opts; - }; - "/mnt/Music" = { - device = "//100.78.212.35/music"; - fsType = "cifs"; - options = [ - "credentials=${config.age.secrets.eclypsecloud-eclypse.path}" - "uid=${toString config.users.users.eclypse.uid}" - "rw" - ] - ++ automount_opts; - }; - }; - - environment.systemPackages = with pkgs; [ - cifs-utils - # rclone - ]; -} diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix deleted file mode 100644 index c16bad6..0000000 --- a/modules/system/tailscale.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - config, - pkgs, - ... -}: -{ - services.tailscale = { - enable = true; - useRoutingFeatures = "client"; - authKeyFile = config.age.secrets.tailscale-auth.path; - - # * Only applied if `authKeyFile` is specified - extraUpFlags = [ - "--ssh" - "--accept-routes=true" - ]; - extraSetFlags = [ - "--operator=eclypse" - ]; - }; - - # Taildrop - systemd.user.services.taildrop = { - description = "Taildrop File Receiver Service"; - wantedBy = [ "default.target" ]; - serviceConfig = { - Type = "simple"; - ExecStart = "${pkgs.tailscale}/bin/tailscale file get --verbose --loop %h/Downloads/"; - }; - }; -} diff --git a/modules/system/user.nix b/modules/system/user.nix index c781c93..0ac1602 100644 --- a/modules/system/user.nix +++ b/modules/system/user.nix @@ -2,7 +2,6 @@ inputs, pkgs, host, - config, ... }: { @@ -22,8 +21,6 @@ }; programs.home-manager.enable = true; }; - - backupFileExtension = "backup18"; }; users.mutableUsers = false; @@ -35,7 +32,7 @@ "networkmanager" "wheel" ]; - hashedPasswordFile = config.age.secrets.eclypse-password.path; + hashedPassword = "$6$33qMKGMsdYC//e/s$Z2mQCqDOwbP185OVOLsE63hg.orMrBbxR8WHIiZ9dAnNk3jgEsEU218qtgsQsyATvjsyHUPBQjsa/3JmNLoMM0"; shell = pkgs.zsh; }; } diff --git a/modules/system/virtualisation.nix b/modules/system/virtualisation.nix deleted file mode 100644 index 055fde4..0000000 --- a/modules/system/virtualisation.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - ... -}: -{ - virtualisation.virtualbox.host.enable = true; - virtualisation.virtualbox.host.enableExtensionPack = true; - users.extraGroups.vboxusers.members = [ "eclypse" ]; -} diff --git a/secrets/eclypse-password.age b/secrets/eclypse-password.age deleted file mode 100644 index 54a2a6c..0000000 --- a/secrets/eclypse-password.age +++ /dev/null @@ -1,6 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 7p4RPw wZdiee1a8rqdaNA8EVLUJIEue1ldgrk3HgVGhmHpnTQ -8VLt5rSvqN+HAHS9JL6hYSj7xVrTtZAcrn5C12it+Fw ---- 9oiyRlMDS7PrUyP4SmkgcMZz+/BENDBn9XN+3216OXY -%v*|M3gg%;F"s 7Uj_HD^*BnK' v~` -דM30mS*u;*V2,pa${G2PsH9aߟXs"=Nh sX \ No newline at end of file diff --git a/secrets/eclypsecloud-eclypse.age b/secrets/eclypsecloud-eclypse.age deleted file mode 100644 index 1a70592..0000000 --- a/secrets/eclypsecloud-eclypse.age +++ /dev/null @@ -1,5 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 7p4RPw dVTohhNu/jjHSNyhw7irzffqzJJFvW0TbkhSmKKrhS8 -zTc4HaFO3hSYVLM35KwEGUcu2R+JGHIN758FpKKxL5U ---- EhTyT6CYdKjAC9yN0kCxx5yW4o27DJteu8YCbVF2Ln4 -ܬ}Pl',QLג5PSMs <₼zyQ o t[a0Uz?R"&ߨCl \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix deleted file mode 100644 index ec9a85b..0000000 --- a/secrets/secrets.nix +++ /dev/null @@ -1,19 +0,0 @@ -# This file is NOT imported into the nix configuration, it is just for the agenix CLI -let - # System public ssh keys (/etc/ssh/) - vanta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaDVBJdMDFL8r9NQCbaLe+DPHGhGzRv2N7+7m1/U8DP"; -in -{ - # Tailscale auth key need to be up to date with a valid auth key in the tailscale - # dashboard. Single-use keys expire after a single machine connects, and even - # reusable keys expire after 90 days. - # Update tailscale-auth.age with `agenix -e tailscale-auth.age -i /path/to/private-ssh-key` - # Note: Only devices with the below public keys are allowed to edit tailscale-auth.age - "tailscale-auth.age".publicKeys = [ vanta ]; # Devices allowed to join the tailnet; - - # Devices that can connect to EclypseCloud with the eclypse user. - "eclypsecloud-eclypse.age".publicKeys = [ vanta ]; - - # Devices that have the eclypse user - "eclypse-password.age".publicKeys = [ vanta ]; -} diff --git a/secrets/tailscale-auth.age b/secrets/tailscale-auth.age deleted file mode 100644 index cd6d951..0000000 --- a/secrets/tailscale-auth.age +++ /dev/null @@ -1,6 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 7p4RPw 7GuZj43+NoyPXf//ZLM99vossbJXOpDQSkBi3w51Wl8 -FTMjlyml+T87LQffffY2AJL5IhTAJF2QlfFvhvZpvOs ---- iONf8B3bUxXtCiv0EAv5QO0ZyhE5A6YfRbcxUr/awFg -TwJ`~B -;lOh{2?PF>@moc~X3@.gھeKV7zphSد6.WO@F  \ No newline at end of file