From 5634e20d49bed21ddabe87f7788f611920686484 Mon Sep 17 00:00:00 2001 From: Snorre Ettrup Altschul Date: Sun, 2 Mar 2025 20:33:52 +0100 Subject: [PATCH] passiword --- configuration.nix | 50 ++++++++++++++++++++++++++++++++--------------- disko.nix | 24 +++++++++++------------ passwd | 1 - password.nix | 1 + 4 files changed, 46 insertions(+), 30 deletions(-) delete mode 100644 passwd create mode 100644 password.nix diff --git a/configuration.nix b/configuration.nix index c5738cd..f1f2347 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,9 +1,8 @@ -{ - pkgs, - inputs, - modulesPath, - lib, - ... +{ pkgs +, inputs +, modulesPath +, lib +, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") # Temporary @@ -19,14 +18,19 @@ timeout = 0; }; - nix.settings.experimental-features = ["nix-command" "flakes"]; + # boot.zfs.extraPools = [ "zraid" ]; + + boot.supportedFilesystems = [ "zfs" ]; + boot.zfs.forceImportRoot = false; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.gc = { automatic = true; options = "--delete-older-than 30d"; }; nix.optimise = { automatic = true; - dates = ["05:00"]; + dates = [ "05:00" ]; }; networking.hostName = "enis"; @@ -34,12 +38,12 @@ networking.networkmanager.enable = true; networking.firewall = { enable = true; - allowedTCPPorts = []; - allowedUDPPorts = []; + allowedTCPPorts = [ ]; + allowedUDPPorts = [ ]; }; home-manager = { - extraSpecialArgs = {inherit inputs;}; + extraSpecialArgs = { inherit inputs; }; users = { "enis" = import ./home.nix; }; @@ -47,8 +51,7 @@ users.users."enis" = { isNormalUser = true; - # hashedPasswordFile = "./password"; - initialPassword = "1234"; + hashedPassword = import ./password.nix; extraGroups = [ "networkmanager" "audio" @@ -58,6 +61,18 @@ shell = pkgs.zsh; }; + users.users."nixos" = + { + isNormalUser = true; + initialPassword = "1234"; + extraGroups = [ "wheel" ]; + }; + + users.users.root = + { + initialPassword = "1234"; + }; + programs.zsh = { enable = true; enableGlobalCompInit = true; @@ -71,6 +86,8 @@ curl git vim + + zfs ]; environment.variables = { @@ -89,14 +106,15 @@ programs.mtr.enable = true; programs.gnupg.agent.enable = true; + services.udev.enable = true; services.thermald.enable = true; services.openssh = { enable = true; settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - AllowUsers = ["enis"]; + PasswordAuthentication = true; + KbdInteractiveAuthentication = true; + AllowUsers = null; PermitRootLogin = "no"; }; }; diff --git a/disko.nix b/disko.nix index 7a6c1b8..22ca562 100644 --- a/disko.nix +++ b/disko.nix @@ -7,7 +7,7 @@ disko.devices = { disk = { - root = { + main = { type = "disk"; device = root-disk; content = { @@ -57,7 +57,7 @@ } // lib.attrsets.genAttrs raid-disks (name: { type = "disk"; - device = "/dev" + name; + device = "/dev/" + name; content = { type = "gpt"; partitions = { @@ -65,7 +65,7 @@ size = "100%"; content = { type = "zfs"; - pool = "zraid"; + pool = "storage"; }; }; }; @@ -73,23 +73,21 @@ }); zpool = lib.mkIf (builtins.length raid-disks > 0) { - zraid = { + storage = { type = "zpool"; mode = "raidz"; # TODO: Cache-ing - rootFsOptions = { - compression = "zstd"; - "com.sun:auto-snapshot" = "false"; - }; + # rootFsOptions = { + # compression = "zstd"; + # "com.sun:auto-snapshot" = "false"; + # }; + + mountpoint = "/storage"; datasets = { var = { type = "zfs_fs"; - mountpoint = "/var"; - }; - home = { - type = "zfs_fs"; - mountpoint = "/home"; + mountpoint = "/storage/var"; }; }; }; diff --git a/passwd b/passwd deleted file mode 100644 index adc7c33..0000000 --- a/passwd +++ /dev/null @@ -1 +0,0 @@ -$y$j9T$rflI.YoiFDa7wg2F2rmgy1$uCLInRwRKmUIUYlhdHFUwBf0yhnRUK9eTVMvX8UjCz3 diff --git a/password.nix b/password.nix new file mode 100644 index 0000000..73410f4 --- /dev/null +++ b/password.nix @@ -0,0 +1 @@ +"$y$j9T$rflI.YoiFDa7wg2F2rmgy1$uCLInRwRKmUIUYlhdHFUwBf0yhnRUK9eTVMvX8UjCz3"