From 44b17a0648c70b1e5cf0c45a303dbc183e7bd12c Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sun, 24 Nov 2024 18:10:44 +0100 Subject: [PATCH] add phone config --- flake.lock | 214 +++++++++++++++++++++++++++++++++++++++- flake.nix | 26 ++++- home/vinzenz/git.nix | 6 ++ hosts/droid/default.nix | 14 +++ hosts/droid/sshd.nix | 37 +++++++ hosts/droid/stuff.nix | 23 +++++ 6 files changed, 318 insertions(+), 2 deletions(-) create mode 100644 hosts/droid/default.nix create mode 100644 hosts/droid/sshd.nix create mode 100644 hosts/droid/stuff.nix diff --git a/flake.lock b/flake.lock index 6882354..2f92a2f 100644 --- a/flake.lock +++ b/flake.lock @@ -54,6 +54,48 @@ "type": "github" } }, + "home-manager-droid": { + "inputs": { + "nixpkgs": [ + "nixpkgs-droid" + ] + }, + "locked": { + "lastModified": 1726989464, + "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.05", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nix-on-droid", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709445365, + "narHash": "sha256-DVv6nd9FQBbMWbOmhq0KVqmlc3y3FMSYl49UXmMcO+0=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "4de84265d7ec7634a69ba75028696d74de9a44a7", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "lix": { "flake": false, "locked": { @@ -89,6 +131,55 @@ "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz" } }, + "nix-formatter-pack": { + "inputs": { + "nixpkgs": [ + "nix-on-droid", + "nixpkgs" + ], + "nmd": "nmd", + "nmt": "nmt" + }, + "locked": { + "lastModified": 1705252799, + "narHash": "sha256-HgSTREh7VoXjGgNDwKQUYcYo13rPkltW7IitHrTPA5c=", + "owner": "Gerschtli", + "repo": "nix-formatter-pack", + "rev": "2de39dedd79aab14c01b9e2934842051a160ffa5", + "type": "github" + }, + "original": { + "owner": "Gerschtli", + "repo": "nix-formatter-pack", + "type": "github" + } + }, + "nix-on-droid": { + "inputs": { + "home-manager": "home-manager_2", + "nix-formatter-pack": "nix-formatter-pack", + "nixpkgs": [ + "nixpkgs-droid" + ], + "nixpkgs-docs": "nixpkgs-docs", + "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap", + "nmd": "nmd_2" + }, + "locked": { + "lastModified": 1720396533, + "narHash": "sha256-UFzk/hZWO1VkciIO5UPaSpJN8s765wsngUSvtJM6d5Q=", + "owner": "nix-community", + "repo": "nix-on-droid", + "rev": "f3d3b8294039f2f9a8fb7ea82c320f29c6b0fe25", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.05", + "repo": "nix-on-droid", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1731755305, @@ -105,11 +196,132 @@ "type": "github" } }, + "nixpkgs-docs": { + "locked": { + "lastModified": 1705957679, + "narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9a333eaa80901efe01df07eade2c16d183761fa3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-droid": { + "locked": { + "lastModified": 1731797254, + "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-for-bootstrap": { + "locked": { + "lastModified": 1720244366, + "narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", + "type": "github" + } + }, + "nmd": { + "flake": false, + "locked": { + "lastModified": 1666190571, + "narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=", + "owner": "rycee", + "repo": "nmd", + "rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmd", + "type": "gitlab" + } + }, + "nmd_2": { + "inputs": { + "nixpkgs": [ + "nix-on-droid", + "nixpkgs-docs" + ], + "scss-reset": "scss-reset" + }, + "locked": { + "lastModified": 1705050560, + "narHash": "sha256-x3zzcdvhJpodsmdjqB4t5mkVW22V3wqHLOun0KRBzUI=", + "owner": "~rycee", + "repo": "nmd", + "rev": "66d9334933119c36f91a78d565c152a4fdc8d3d3", + "type": "sourcehut" + }, + "original": { + "owner": "~rycee", + "repo": "nmd", + "type": "sourcehut" + } + }, + "nmt": { + "flake": false, + "locked": { + "lastModified": 1648075362, + "narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=", + "owner": "rycee", + "repo": "nmt", + "rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmt", + "type": "gitlab" + } + }, "root": { "inputs": { "home-manager": "home-manager", + "home-manager-droid": "home-manager-droid", "lix-module": "lix-module", - "nixpkgs": "nixpkgs" + "nix-on-droid": "nix-on-droid", + "nixpkgs": "nixpkgs", + "nixpkgs-droid": "nixpkgs-droid" + } + }, + "scss-reset": { + "flake": false, + "locked": { + "lastModified": 1631450058, + "narHash": "sha256-muDlZJPtXDIGevSEWkicPP0HQ6VtucbkMNygpGlBEUM=", + "owner": "andreymatin", + "repo": "scss-reset", + "rev": "0cf50e27a4e95e9bb5b1715eedf9c54dee1a5a91", + "type": "github" + }, + "original": { + "owner": "andreymatin", + "repo": "scss-reset", + "type": "github" } }, "systems": { diff --git a/flake.nix b/flake.nix index d954d1a..d730c86 100644 --- a/flake.nix +++ b/flake.nix @@ -1,22 +1,40 @@ { inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; + home-manager = { url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; }; + lix-module = { url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; + + nixpkgs-droid.url = "github:NixOS/nixpkgs/nixos-24.05"; + + nix-on-droid = { + url = "github:nix-community/nix-on-droid/release-24.05"; + inputs.nixpkgs.follows = "nixpkgs-droid"; + }; + + home-manager-droid = { + url = "github:nix-community/home-manager/release-24.05"; + inputs.nixpkgs.follows = "nixpkgs-droid"; + }; + }; outputs = { + self, nixpkgs, home-manager, lix-module, - ... + nixpkgs-droid, + nix-on-droid, + home-manager-droid, }: { nixosConfigurations = @@ -43,6 +61,12 @@ hetzner-vpn1 = import ./hosts/hetzner-vpn1 host-params; }; + nixOnDroidConfigurations.default = import ./hosts/droid { + inherit nix-on-droid; + nixpkgs = nixpkgs-droid; + home-manager = home-manager-droid; + }; + formatter = { x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style; aarch64-linux = nixpkgs.legacyPackages.aarch64-linux.nixfmt-rfc-style; diff --git a/home/vinzenz/git.nix b/home/vinzenz/git.nix index bb64f13..f219d60 100644 --- a/home/vinzenz/git.nix +++ b/home/vinzenz/git.nix @@ -13,4 +13,10 @@ merge.tool = "kdiff3"; push.autoSetupRemote = "true"; }; + + ignores = [ + ".direnv" + ".idea" + ".envrc" + ]; } diff --git a/hosts/droid/default.nix b/hosts/droid/default.nix new file mode 100644 index 0000000..9384457 --- /dev/null +++ b/hosts/droid/default.nix @@ -0,0 +1,14 @@ +{ + nixpkgs, + nix-on-droid, + home-manager, + ... +}: +nix-on-droid.lib.nixOnDroidConfiguration { + pkgs = import nixpkgs { system = "aarch64-linux"; }; + modules = [ + home-manager.nixosModules.home-manager + ./sshd.nix + ./stuff.nix + ]; +} diff --git a/hosts/droid/sshd.nix b/hosts/droid/sshd.nix new file mode 100644 index 0000000..4ab5207 --- /dev/null +++ b/hosts/droid/sshd.nix @@ -0,0 +1,37 @@ +{ config, pkgs, ... }: +let + sshdTmpDirectory = "${config.user.home}/sshd-tmp"; + sshdDirectory = "${config.user.home}/sshd"; + pubKeys = '' + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming + ''; + port = 8022; +in +{ + build.activation.sshd = '' + $DRY_RUN_CMD mkdir $VERBOSE_ARG --parents "${config.user.home}/.ssh" + $DRY_RUN_CMD echo "${pubKeys}" > "${config.user.home}/.ssh/authorized_keys" + + if [[ ! -d "${sshdDirectory}" ]]; then + $DRY_RUN_CMD rm $VERBOSE_ARG --recursive --force "${sshdTmpDirectory}" + $DRY_RUN_CMD mkdir $VERBOSE_ARG --parents "${sshdTmpDirectory}" + + $VERBOSE_ECHO "Generating host keys..." + $DRY_RUN_CMD ${pkgs.openssh}/bin/ssh-keygen -t rsa -b 4096 -f "${sshdTmpDirectory}/ssh_host_rsa_key" -N "" + + $VERBOSE_ECHO "Writing sshd_config..." + $DRY_RUN_CMD echo -e "HostKey ${sshdDirectory}/ssh_host_rsa_key\nPort ${toString port}\n" > "${sshdTmpDirectory}/sshd_config" + + $DRY_RUN_CMD mv $VERBOSE_ARG "${sshdTmpDirectory}" "${sshdDirectory}" + fi + ''; + + environment.packages = [ + (pkgs.writeScriptBin "sshd-start" '' + #!${pkgs.runtimeShell} + + echo "Starting sshd in non-daemonized way on port ${toString port}" + ${pkgs.openssh}/bin/sshd -f "${sshdDirectory}/sshd_config" -D + '') + ]; +} diff --git a/hosts/droid/stuff.nix b/hosts/droid/stuff.nix new file mode 100644 index 0000000..c13094a --- /dev/null +++ b/hosts/droid/stuff.nix @@ -0,0 +1,23 @@ +{ + pkgs, + ... +}: +{ + environment.packages = with pkgs; [ + nano + hostname + zsh + openssh + which + curl + ]; + + # Backup etc files instead of failing to activate generation if a file already exists in /etc + environment.etcBackupExtension = ".bak"; + + system.stateVersion = "24.05"; + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + time.timeZone = "Europe/Berlin"; +}