mock secrets

.github/workflows/niveum.yml

@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        system: [makanek,manakish,kabsa,zaatar,ful,fatteh]
+        system: [makanek,manakish,kabsa,zaatar,ful,fatteh,kibbeh]
     steps:
     - uses: actions/checkout@v3
     - name: Install QEMU (ARM)

configs/admin-essentials.nix

@@ -52,6 +52,22 @@ in {
       pkgs.psmisc # for killall, pstree
     ];
 
+
+    security.wrappers = {
+      pmount = {
+        setuid = true;
+        owner = "root";
+        group = "root";
+        source = "${pkgs.pmount}/bin/pmount";
+      };
+      pumount = {
+        setuid = true;
+        owner = "root";
+        group = "root";
+        source = "${pkgs.pmount}/bin/pumount";
+      };
+    };
+
   environment.shellAliases = let
     take = pkgs.writers.writeDash "take" ''
       mkdir "$1" && cd "$1"

configs/bluetooth.nix

@@ -7,10 +7,4 @@
   };
 
   environment.systemPackages = [ pkgs.bluetuith ];
-
-  # services.blueman.enable = true;
-
-  # environment.systemPackages = [pkgs.blueman];
-
-  # home-manager.users.me = {services.blueman-applet.enable = true;};
 }

configs/default.nix

@@ -126,22 +126,6 @@ in {
         };
       };
     }
-    {
-      security.wrappers = {
-        pmount = {
-          setuid = true;
-          owner = "root";
-          group = "root";
-          source = "${pkgs.pmount}/bin/pmount";
-        };
-        pumount = {
-          setuid = true;
-          owner = "root";
-          group = "root";
-          source = "${pkgs.pmount}/bin/pumount";
-        };
-      };
-    }
     {programs.command-not-found.enable = true;}
     {
       programs.gnupg = {
@@ -255,6 +239,11 @@ in {
     ./watson.nix
     ./wallpaper.nix
     ./zsh.nix
+    {
+      home-manager.users.me.home.file.".zshrc".text = ''
+        # nothing to see here
+      '';
+    }
     ./tor.nix
     ./stw-berlin.nix
     ./mastodon-bot.nix

configs/zsh.nix

@@ -2,11 +2,10 @@
   config,
   pkgs,
   ...
-}: {
-  home-manager.users.me.home.file.".zshrc".text = ''
-    # nothing to see here
-  '';
-
+}: let
+  promptColours.success = "cyan";
+  promptColours.failure = "red";
+in {
   environment.systemPackages = [pkgs.atuin];
   environment.variables.ATUIN_CONFIG_DIR = toString (pkgs.writeTextDir "/config.toml" ''
     auto_sync = true
@@ -58,7 +57,7 @@
 
       fpath=(${zsh-completions}/src $fpath)
     '';
-    promptInit = with config.niveum; ''
+    promptInit = ''
       autoload -Uz vcs_info
       zstyle ':vcs_info:*' enable git
       zstyle ':vcs_info:*' check-for-changes true

flake.nix

@@ -111,6 +111,7 @@
               tabula = "root@tabula";
               kabsa = "root@kabsa";
               fatteh = "root@fatteh";
+              kibbeh = "root@kibbeh";
             };
           in
             lib.attrsets.nameValuePair "deploy-${hostname}" {
@@ -227,7 +228,15 @@
           specialArgs = niveumSpecialArgs system;
           modules = [
             systems/zaatar/configuration.nix
-            inputs.self.nixosModules.moodle-dl
+            agenix.nixosModules.default
+            retiolum.nixosModules.retiolum
+          ];
+        };
+        kibbeh = nixpkgs.lib.nixosSystem rec {
+          system = "x86_64-linux";
+          specialArgs = niveumSpecialArgs system;
+          modules = [
+            systems/kibbeh/configuration.nix
             agenix.nixosModules.default
             retiolum.nixosModules.retiolum
           ];

secrets.txt

@@ -1,13 +1,10 @@
 secrets/alertmanager-token-reporters.age
-secrets/cifs-credentials-hu-berlin.age
 secrets/cifs-credentials-zodiac.age
 secrets/di-fm-key.age
 secrets/email-password-cock.age
-secrets/email-password-dslalewa.age
-secrets/email-password-fsklassp.age
 secrets/email-password-fysi.age
+secrets/email-password-letos.age
 secrets/email-password-meinhak99.age
-secrets/email-password-meinhaki.age
 secrets/email-password-posteo.age
 secrets/fatteh-retiolum-privateKey-ed25519.age
 secrets/fatteh-retiolum-privateKey-rsa.age
@@ -30,6 +27,10 @@ secrets/kabsa-syncthing-key.age
 secrets/kabsa-wireguard-aether-key.age
 secrets/kabsa-wireguard-aether-psk.age
 secrets/kfm-password.age
+secrets/kibbeh-retiolum-privateKey-ed25519.age
+secrets/kibbeh-retiolum-privateKey-rsa.age
+secrets/kibbeh-syncthing-cert.age
+secrets/kibbeh-syncthing-key.age
 secrets/ledger-basicAuth.age
 secrets/makanek-retiolum-privateKey-ed25519.age
 secrets/makanek-retiolum-privateKey-rsa.age
@@ -39,10 +40,8 @@ secrets/manakish-syncthing-cert.age
 secrets/manakish-syncthing-key.age
 secrets/manakish-wireguard-aether-key.age
 secrets/manakish-wireguard-aether-psk.age
-secrets/mastodon-token-autorenkalender.age
 secrets/mastodon-token-celan.age
 secrets/mastodon-token-hesychius.age
-secrets/mastodon-token-logotheca.age
 secrets/mastodon-token-nietzsche.age
 secrets/mastodon-token-smyth.age
 secrets/mastodon-token-tlgwotd.age

systems/kabsa/configuration.nix

@@ -20,8 +20,6 @@ in {
     promptColours.success = "cyan";
   };
 
-  stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/dracula.yaml";
-
   nix.settings = {
     cores = 1;
     max-jobs = 2;

systems/kibbeh/configuration.nix

@@ -0,0 +1,106 @@
+{ config, pkgs, niveumPackages, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+    ../../configs/spacetime.nix
+    ../../configs/admin-essentials.nix
+    ../../configs/keyboard.nix
+    ../../configs/sound.nix
+    ../../configs/printing.nix
+    ../../configs/nix.nix
+    ../../configs/flix.nix
+    ../../configs/fonts.nix
+    ../../configs/retiolum.nix
+    ../../configs/sshd.nix
+    ../../configs/sudo.nix
+    ../../configs/zsh.nix
+    ../../configs/tor.nix
+  ];
+
+  age.secrets = {
+    retiolum-rsa = {
+      file = ../../secrets/kibbeh-retiolum-privateKey-rsa.age;
+      mode = "400";
+      owner = "tinc-retiolum";
+      group = "tinc-retiolum";
+    };
+    retiolum-ed25519 = {
+      file = ../../secrets/kibbeh-retiolum-privateKey-ed25519.age;
+      mode = "400";
+      owner = "tinc-retiolum";
+      group = "tinc-retiolum";
+    };
+  };
+
+  services.gnome.gnome-keyring.enable = true;
+  security.pam.services.lightdm.enableGnomeKeyring = true;
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  services.openssh.enable = true;
+
+  boot.initrd.luks.devices."luks-b3988d35-72a9-4e7c-992d-f500bb388554".device =
+    "/dev/disk/by-uuid/b3988d35-72a9-4e7c-992d-f500bb388554";
+
+  networking.hostName = "kibbeh";
+  networking.networkmanager.enable = true;
+
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "de_DE.UTF-8";
+    LC_IDENTIFICATION = "de_DE.UTF-8";
+    LC_MEASUREMENT = "de_DE.UTF-8";
+    LC_MONETARY = "de_DE.UTF-8";
+    LC_NAME = "de_DE.UTF-8";
+    LC_NUMERIC = "de_DE.UTF-8";
+    LC_PAPER = "de_DE.UTF-8";
+    LC_TELEPHONE = "de_DE.UTF-8";
+    LC_TIME = "de_DE.UTF-8";
+  };
+
+  services.xserver.enable = true;
+  services.xserver.displayManager.lightdm.enable = true;
+  services.xserver.desktopManager.pantheon.enable = true;
+  # services.displayManager.autoLogin.enable = true;
+  # services.displayManager.autoLogin.user = config.users.users.me.name;
+
+  age.secrets = {
+    di-fm-key.file = ../../secrets/di-fm-key.age;
+  };
+
+  users.users.me = {
+    name = "kfm";
+    isNormalUser = true;
+    description = "किरण";
+    extraGroups = [ "networkmanager" ];
+    password = "hackme";
+    packages = with pkgs; [
+      # packages TODO
+      firefox
+      thunderbird
+      alacritty
+      tor-browser-bundle-bin
+      zathura
+      okular
+      anki-bin
+      libreoffice
+      xournalpp
+      jellyfin-media-player
+      niveumPackages.mpv-tv
+      (niveumPackages.mpv-radio.override { di-fm-key-file = config.age.secrets.di-fm-key.path; })
+      niveumPackages.meteo
+      spotify
+    ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    htop
+    git
+    vim
+    (niveumPackages.vim.override { colorscheme = "base16-gruvbox-dark-medium"; })
+  ];
+
+  system.stateVersion = "23.11";
+}

systems/kibbeh/hardware-configuration.nix

@@ -0,0 +1,43 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/ecab6acb-66f1-41c9-8281-59c76cf8f0c6";
+      fsType = "ext4";
+    };
+
+  boot.initrd.luks.devices."luks-16a8b3b0-5e0a-4d36-920c-eb6322a3c181".device = "/dev/disk/by-uuid/16a8b3b0-5e0a-4d36-920c-eb6322a3c181";
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/8066-63C2";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/8cebdb17-4f2e-4750-8e91-71aa942bdfde"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s25.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wwp0s29u1u4i6.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}