feat(fatteh): integrate into niveum

feat: disable autologin
chore: remock secrets
2026-03-22 12:51:08 +01:00 · 2024-03-19 21:14:27 +01:00 · 2024-03-19 20:21:20 +01:00 · 2024-03-19 20:13:33 +01:00 · 2024-03-19 20:13:13 +01:00
17 changed files with 146 additions and 31 deletions
--- a/.github/workflows/niveum.yml
+++ b/.github/workflows/niveum.yml
@@ -7,7 +7,7 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        system: [makanek,manakish,kabsa,zaatar,ful]
+        system: [makanek,manakish,kabsa,zaatar,ful,fatteh]
    steps:
    - uses: actions/checkout@v3
    - name: Install QEMU (ARM)
--- a/configs/cloud.nix
+++ b/configs/cloud.nix
@@ -109,16 +109,16 @@ in {
      folders = let
        cloud-dir = "${config.users.users.me.home}/cloud";
      in {
-        "${cloud-dir}/syncthing/zotero/storage".devices = ["kabsa" "manakish"];
-        "${cloud-dir}/syncthing/common".devices = ["kabsa" "manakish"];
-        "${cloud-dir}/syncthing/library".devices = ["kabsa" "manakish" "heym"];
-        "${cloud-dir}/syncthing/mundoiu".devices = ["kabsa" "manakish" "heym"];
+        "${cloud-dir}/syncthing/zotero/storage".devices = ["kabsa" "manakish" "fatteh"];
+        "${cloud-dir}/syncthing/common".devices = ["kabsa" "manakish" "fatteh"];
+        "${cloud-dir}/syncthing/library".devices = ["kabsa" "manakish" "heym" "fatteh"];
+        "${cloud-dir}/syncthing/mundoiu".devices = ["kabsa" "manakish" "heym" "fatteh"];
        "${cloud-dir}/syncthing/obsidian" = {
-          devices = ["kabsa" "manakish" "heym"];
+          devices = ["kabsa" "manakish" "heym" "fatteh"];
          id = "3r1hu-3barr";
        };
        "${cloud-dir}/syncthing/music" = {
-          devices = ["kabsa" "manakish" "heym" "zaatar"];
+          devices = ["kabsa" "manakish" "heym" "zaatar" "fatteh"];
          id = "music";
        };
      };
--- a/configs/default.nix
+++ b/configs/default.nix
@@ -83,16 +83,11 @@ in {
      users.users.me = {
        name = "kfm";
        description = kieran.name;
-        hashedPasswordFile = config.age.secrets.kfm-password.path;
        isNormalUser = true;
        uid = 1000;
        extraGroups = ["pipewire" "audio"];
      };

-      age.secrets = {
-        kfm-password.file = ../secrets/kfm-password.age;
-      };
-
      home-manager.users.me.xdg.enable = true;
    }
    {
@@ -123,7 +118,7 @@ in {
        enable = true;
        displayManager = {
          autoLogin = {
-            enable = true;
+            enable = false;
            user = config.users.users.me.name;
          };
          lightdm = {
--- a/configs/fu-berlin.nix
+++ b/configs/fu-berlin.nix
@@ -68,12 +68,6 @@ in {
      group = config.users.users.me.group;
      mode = "400";
    };
-    blackboard-calendar-ics = {
-      file = ../secrets/blackboard-calendar-ics.age;
-      owner = config.users.users.me.name;
-      group = config.users.users.me.group;
-      mode = "400";
-    };
  };

  # https://www.zedat.fu-berlin.de/tip4u_157.pdf
--- a/configs/gnome.nix
+++ b/configs/gnome.nix
@@ -0,0 +1,5 @@
+{
+  services.xserver.enable = true;
+  services.xserver.displayManager.lightdm.enable = true;
+  services.xserver.desktopManager.gnome.enable = true;
+}
--- a/configs/ssh.nix
+++ b/configs/ssh.nix
@@ -74,6 +74,11 @@ in {
        user = "kfm";
        port = sshPort;
      };
+      fatteh = {
+        hostname = "fatteh.hr";
+        user = "kfm";
+        port = sshPort;
+      };
    };
  };
 }
--- a/configs/battery.nix
+++ b/configs/battery.nix
--- a/flake.lock
+++ b/flake.lock
@@ -1179,11 +1179,11 @@
    },
    "retiolum_2": {
      "locked": {
-        "lastModified": 1708082526,
-        "narHash": "sha256-Zp5qGHlJge93vM2Z+5jGyyD6o48NvmCjjaujeZJ1vsI=",
+        "lastModified": 1710877137,
+        "narHash": "sha256-oc6CXM2abODnQ4q+/A5a+9SXrdRVp5pwyv7rKO/YUiw=",
        "ref": "refs/heads/master",
-        "rev": "00af6f8e749d720a0423834024adafef4f9ebf03",
-        "revCount": 338,
+        "rev": "3506e34e564a777015718007ec9b8847fcd38637",
+        "revCount": 339,
        "type": "git",
        "url": "https://git.thalheim.io/Mic92/retiolum"
      },
--- a/flake.nix
+++ b/flake.nix
@@ -102,6 +102,7 @@
              makanek = "root@makanek";
              manakish = "root@manakish";
              kabsa = "root@kabsa";
+              fatteh = "root@fatteh";
            };
          in
            lib.attrsets.nameValuePair "deploy-${hostname}" {
@@ -266,6 +267,18 @@
            stylix.nixosModules.stylix
          ];
        };
+        fatteh = nixpkgs.lib.nixosSystem rec {
+          system = "x86_64-linux";
+          specialArgs = niveumSpecialArgs system;
+          modules = [
+            systems/fatteh/configuration.nix
+            agenix.nixosModules.default
+            retiolum.nixosModules.retiolum
+            home-manager.nixosModules.home-manager
+            nur.nixosModules.nur
+            stylix.nixosModules.stylix
+          ];
+        };
      };
    }
    // flake-utils.lib.eachSystem [flake-utils.lib.system.x86_64-linux flake-utils.lib.system.x86_64-darwin flake-utils.lib.system.aarch64-linux] (system: let
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -70,7 +70,7 @@
    sshKeys = pkgs:
      pkgs.lib.strings.splitString "\n" (pkgs.lib.strings.fileContents (pkgs.fetchurl {
        url = "https://github.com/kmein.keys";
-        hash = "sha256-TVv1UHfNs3zIW8vrnCG7PPeMtgr2SDjrb8yZBMvp9/A=";
+        hash = "sha256-kabB1yNEToMw1Lcf4WYx4IfuuLzHOPvABTQku5CE60A=";
      }));
  };

@@ -81,6 +81,7 @@
    toum.id = "CBJQXFF-FMFGWFU-2J6FMPR-SRDTSGX-7NHOYOH-CQCABKF-KQJMRJC-SDE24Q4";
    zaatar.id = "CGHO6LK-ZJBAXBD-UWI7AH3-BXYARE6-EUIM7PE-O2FUCOM-VCCRNCM-IG34WQ7";
    tahina.id = "UKJ2CBO-EQPKQL4-3QLRUSG-SSYR6AB-CCCUTKU-CLPYR7N-RUI5A6Y-JTL5NA4";
+    fatteh.id = "GSOGYT3-2GBHZXT-MNCTDIY-3BJIR4V-OHVOOMJ-ICVLKXR-U4C7RFB-HJOK3AC";
  };

  ignorePaths = [
--- a/lib/retiolum-network.nix
+++ b/lib/retiolum-network.nix
@@ -19,6 +19,11 @@
    ipv6 = "42:0:3c46:f7a9:1f0a:1b2b:822a:6050";
  };

+  fatteh = {
+    ipv6 = "42:0:3c46:aa73:82b0:14d7:7bf8:bf2";
+    ipv4 = "10.243.2.77";
+  };
+
  manakish = {
    ipv4 = "10.243.2.85";
    ipv6 = "42:0:3c46:ac99:ae36:cb8:c551:ba27";
--- a/2
+++ b/2
--- a/secrets.txt
+++ b/secrets.txt
@@ -10,24 +10,25 @@ secrets/email-password-fysi.age
 secrets/email-password-meinhak99.age
 secrets/email-password-meinhaki.age
 secrets/email-password-posteo.age
+secrets/fatteh-retiolum-privateKey-ed25519.age
+secrets/fatteh-retiolum-privateKey-rsa.age
+secrets/fatteh-syncthing-cert.age
+secrets/fatteh-syncthing-key.age
 secrets/ful-retiolum-privateKey-ed25519.age
 secrets/ful-retiolum-privateKey-rsa.age
 secrets/ful-root.age
-secrets/ful-specus-privateKey.age
 secrets/github-token-i3status-rust.age
 secrets/grafana-password-admin.age
 secrets/hetzner-storagebox-credentials.age
 secrets/home-assistant-token.age
 secrets/kabsa-retiolum-privateKey-ed25519.age
 secrets/kabsa-retiolum-privateKey-rsa.age
-secrets/kabsa-specus-privateKey.age
 secrets/kabsa-syncthing-cert.age
 secrets/kabsa-syncthing-key.age
 secrets/kfm-password.age
 secrets/ledger-basicAuth.age
 secrets/makanek-retiolum-privateKey-ed25519.age
 secrets/makanek-retiolum-privateKey-rsa.age
-secrets/makanek-specus-privateKey.age
 secrets/manakish-retiolum-privateKey-ed25519.age
 secrets/manakish-retiolum-privateKey-rsa.age
 secrets/manakish-syncthing-cert.age
--- a/systems/fatteh/configuration.nix
+++ b/systems/fatteh/configuration.nix
@@ -0,0 +1,45 @@
+{
+  config,
+  pkgs,
+  ...
+}: let
+  inherit (import ../../lib) retiolumAddresses;
+in {
+  imports = [
+    ./hardware-configuration.nix
+    ../../configs/networkmanager.nix
+    ../../configs/default.nix
+    # ../../configs/gnome.nix
+  ];
+
+  niveum = {
+    batteryName = "BAT1";
+    wirelessInterface = "wlp3s0";
+    promptColours.success = "blue";
+  };
+
+  stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/onedark.yaml";
+
+  age.secrets = {
+    retiolum-rsa = {
+      file = ../../secrets/fatteh-retiolum-privateKey-rsa.age;
+      mode = "400";
+      owner = "tinc.retiolum";
+      group = "tinc.retiolum";
+    };
+    retiolum-ed25519 = {
+      file = ../../secrets/fatteh-retiolum-privateKey-ed25519.age;
+      mode = "400";
+      owner = "tinc.retiolum";
+      group = "tinc.retiolum";
+    };
+    restic.file = ../../secrets/restic.age;
+    syncthing-cert.file = ../../secrets/fatteh-syncthing-cert.age;
+    syncthing-key.file = ../../secrets/fatteh-syncthing-key.age;
+  };
+
+  networking.hostName = "fatteh";
+  networking.retiolum = retiolumAddresses.fatteh;
+
+  system.stateVersion = "23.11";
+}
--- a/systems/fatteh/hardware-configuration.nix
+++ b/systems/fatteh/hardware-configuration.nix
@@ -0,0 +1,51 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-intel"];
+  boot.extraModulePackages = [];
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  boot.initrd.luks.devices."luks-aa6beb1b-3e54-4a0e-ac9c-e0c007d73cd5".device = "/dev/disk/by-uuid/aa6beb1b-3e54-4a0e-ac9c-e0c007d73cd5";
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/42b747ff-a432-4c0e-bb0a-59f0a68c44a2";
+    fsType = "ext4";
+  };
+
+  boot.initrd.luks.devices."luks-67c1f7da-4318-49f7-bd98-cc731990b595".device = "/dev/disk/by-uuid/67c1f7da-4318-49f7-bd98-cc731990b595";
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/9051-0891";
+    fsType = "vfat";
+  };
+
+  swapDevices = [
+    {device = "/dev/disk/by-uuid/529a1893-773e-4d04-bf6c-16e67e1ed3c7";}
+  ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wwan0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/systems/kabsa/configuration.nix
+++ b/systems/kabsa/configuration.nix
@@ -8,9 +8,9 @@
 in {
  imports = [
    ./hardware-configuration.nix
-    ../../configs/battery.nix
+    ../../configs/tlp.nix
    ../../configs/default.nix
-    ../../configs/networkmanager.nix # TODO how to get passwords into there?
+    ../../configs/networkmanager.nix
  ];

  niveum = {
--- a/systems/manakish/configuration.nix
+++ b/systems/manakish/configuration.nix
@@ -10,7 +10,7 @@ in {
    ./hardware-configuration.nix
    ./hdmi.nix
    ../../configs/default.nix
-    ../../configs/battery.nix
+    ../../configs/tlp.nix
    ../../configs/wpa_supplicant.nix
    ../../configs/admin-essentials.nix
  ];
Author	SHA1	Message	Date
Kierán Meinhardt	f57d1780fb	feat(fatteh): integrate into niveum	2024-03-19 21:14:27 +01:00
Kierán Meinhardt	d4cb0abc24	feat: disable autologin	2024-03-19 20:21:20 +01:00
Kierán Meinhardt	1f418c9532	chore: remock secrets	2024-03-19 20:13:33 +01:00
Kierán Meinhardt	ab3a17be25	wip: initialize fatteh	2024-03-19 20:13:13 +01:00