various things, e.g. add authorized keys

2022-10-01 14:01:15 +02:00
parent 3b96abee0e
commit a1fcb93507
7 changed files with 52 additions and 21 deletions
--- a/hosts/configuration.nix
+++ b/hosts/configuration.nix
@@ -24,12 +24,12 @@
    shell = pkgs.zsh;                       # Default shell
    uid = 2000;
 #    initialPassword = "password95";
-#    openssh.authorizedKeys = [
-#      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
-#      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
-#      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
-#      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
-#    ];
+    openssh.authorizedKeys.keys = [
+      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
+      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
+      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
+      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
+    ];
  };
  #security.sudo.wheelNeedsPassword = true; # User does not need to give password when using sudo.

@@ -119,14 +119,15 @@
                                            # generating a key:
                                            #   - $ ssh-keygen   |  ssh-copy-id <ip/domain>  |  ssh-add
                                            #   - if ssh-add does not work: $ eval `ssh-agent -s`
-      allowSFTP = true;                     # SFTP: secure file transfer protocol (send file to server)
+#      allowSFTP = true;                     # SFTP: secure file transfer protocol (send file to server)
                                            # connect: $ sftp <user>@<ip/domain>
                                            # commands:
                                            #   - lpwd & pwd = print (local) parent working directory
                                            #   - put/get <filename> = send or receive file
-      extraConfig = ''
-        HostKeyAlgorithms +ssh-rsa
-      '';                                   # Temporary extra config so ssh will work in guacamole
+#      extraConfig = ''
+#        HostKeyAlgorithms +ssh-rsa
+#      '';                                   # Temporary extra config so ssh will work in guacamole
+      passwordAuthentication = false;
    };
    #flatpak.enable = true;                  # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up
                                            # sudo flatpak uninstall --delete-data <app-id> (> flatpak list --app) - flatpak uninstall --unused
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -11,7 +11,7 @@
 #            └─ ./home.nix 
 #

-{ lib, inputs, nixpkgs, home-manager, nur, user, location, hyprland, ... }:
+{ lib, inputs, nixpkgs, nixos-hardware, home-manager, nur, user, location, hyprland, ... }:

 let
  system = "x86_64-linux";                                  # System architecture
@@ -46,18 +46,19 @@ in

  laptop = lib.nixosSystem {                                # Laptop profile
    inherit system;
-    specialArgs = { inherit inputs user location hyprland; };
+    specialArgs = { inherit inputs user location hyprland nixos-hardware; };
    modules = [
      hyprland.nixosModules.default
      ./laptop
      ./configuration.nix
+      nixos-hardware.nixosModules.common-cpu-intel

      home-manager.nixosModules.home-manager {
        home-manager.useGlobalPkgs = true;
        home-manager.useUserPackages = true;
        home-manager.extraSpecialArgs = { inherit user; };
        home-manager.users.${user} = {
-          imports = [(import ./home.nix)] ++ [(import ./laptop/home.nix)];
+        imports = [(import ./home.nix)] ++ [(import ./laptop/home.nix)];
        };
      }
    ];
--- a/hosts/laptop/hardware-configuration.nix
+++ b/hosts/laptop/hardware-configuration.nix
@@ -28,8 +28,13 @@
      options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@" ];
    };

-  boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/75eccc7f-30b0-4fe8-8f82-90edaf284cd5";
-  boot.initrd.luks.fido2Support = true;
+  boot.initrd.luks = {
+    fido2Support = true;
+    devices."root" = {
+      device = "/dev/disk/by-uuid/75eccc7f-30b0-4fe8-8f82-90edaf284cd5";
+      allowDiscards = true;
+    };
+  };

  fileSystems."/home" =
    { device = "/dev/mapper/root";