2023-07-27 21:14:39 +08:00
|
|
|
inputs:
|
2023-09-12 16:31:20 +08:00
|
|
|
let
|
2023-09-18 05:16:38 +08:00
|
|
|
allUsers =
|
2023-09-12 16:31:20 +08:00
|
|
|
{
|
|
|
|
|
root =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-12 16:31:20 +08:00
|
|
|
users.users.root =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-12 16:31:20 +08:00
|
|
|
shell = inputs.pkgs.zsh;
|
2023-09-18 14:03:17 +08:00
|
|
|
autoSubUidGidRange = true;
|
2023-09-12 16:31:20 +08:00
|
|
|
hashedPassword = "$y$j9T$.UyKKvDnmlJaYZAh6./rf/$65dRqishAiqxCE6LEMjqruwJPZte7uiyYLVKpzdZNH5";
|
|
|
|
|
openssh.authorizedKeys.keys =
|
|
|
|
|
[
|
2023-09-18 20:25:17 +08:00
|
|
|
(builtins.concatStringsSep ""
|
|
|
|
|
[
|
|
|
|
|
"sk-ssh-ed25519@openssh.com "
|
2023-09-18 20:46:49 +08:00
|
|
|
"AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEU/JPpLxsk8UWXiZr8CPNG+4WKFB92o1Ep9OEstmPLzAAAABHNzaDo= "
|
|
|
|
|
"chn@pc"
|
2023-09-18 20:25:17 +08:00
|
|
|
])
|
2023-09-12 16:31:20 +08:00
|
|
|
];
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
2023-09-18 05:28:02 +08:00
|
|
|
home-manager.users.root =
|
2023-09-12 16:31:20 +08:00
|
|
|
{
|
2023-09-18 05:40:04 +08:00
|
|
|
imports = inputs.config.nixos.users.sharedModules;
|
2023-09-18 05:28:02 +08:00
|
|
|
config.programs.git =
|
|
|
|
|
{
|
|
|
|
|
extraConfig.core.editor = inputs.lib.mkForce "vim";
|
|
|
|
|
userName = "chn";
|
|
|
|
|
userEmail = "chn@chn.moe";
|
|
|
|
|
};
|
2023-09-12 16:31:20 +08:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
chn =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-12 16:31:20 +08:00
|
|
|
users.users.chn =
|
|
|
|
|
{
|
|
|
|
|
isNormalUser = true;
|
|
|
|
|
extraGroups = inputs.lib.intersectLists
|
2023-09-12 22:43:38 +08:00
|
|
|
[ "adbusers" "networkmanager" "wheel" "wireshark" "libvirtd" "video" "audio" "groupshare" ]
|
2023-09-12 16:31:20 +08:00
|
|
|
(builtins.attrNames inputs.config.users.groups);
|
|
|
|
|
shell = inputs.pkgs.zsh;
|
|
|
|
|
autoSubUidGidRange = true;
|
|
|
|
|
hashedPassword = "$y$j9T$xJwVBoGENJEDSesJ0LfkU1$VEExaw7UZtFyB4VY1yirJvl7qS7oiF49KbEBrV0.hhC";
|
|
|
|
|
openssh.authorizedKeys.keys =
|
|
|
|
|
[
|
2023-09-18 20:46:49 +08:00
|
|
|
# ykman fido credentials list
|
|
|
|
|
# ykman fido credentials delete f2c1ca2d
|
|
|
|
|
# ssh-keygen -t ed25519-sk -O resident
|
|
|
|
|
# ssh-keygen -K
|
2023-09-14 18:46:03 +08:00
|
|
|
(builtins.concatStringsSep ""
|
|
|
|
|
[
|
|
|
|
|
"sk-ssh-ed25519@openssh.com "
|
2023-09-18 20:46:49 +08:00
|
|
|
"AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEU/JPpLxsk8UWXiZr8CPNG+4WKFB92o1Ep9OEstmPLzAAAABHNzaDo= "
|
|
|
|
|
"chn@pc"
|
2023-09-14 18:46:03 +08:00
|
|
|
])
|
2023-09-12 16:31:20 +08:00
|
|
|
];
|
|
|
|
|
};
|
2023-09-18 05:28:02 +08:00
|
|
|
home-manager.users.chn =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-18 05:40:04 +08:00
|
|
|
imports = inputs.config.nixos.users.sharedModules;
|
2023-10-02 13:32:20 +08:00
|
|
|
config =
|
2023-09-12 16:31:20 +08:00
|
|
|
{
|
2023-10-02 13:32:20 +08:00
|
|
|
programs =
|
2023-09-18 05:28:02 +08:00
|
|
|
{
|
2023-11-16 15:51:47 +08:00
|
|
|
git = { userName = "chn"; userEmail = "chn@chn.moe"; };
|
2023-10-02 13:32:20 +08:00
|
|
|
ssh.matchBlocks = builtins.listToAttrs
|
|
|
|
|
(
|
|
|
|
|
(builtins.map
|
2023-11-16 11:27:01 +08:00
|
|
|
(host: { name = host; value = { inherit host; hostname = "${host}.chn.moe"; }; })
|
|
|
|
|
[ "internal.pc" "vps5" "vps6" "internal.vps6" "vps7" "internal.vps7" "internal.nas" ])
|
2023-10-02 13:32:20 +08:00
|
|
|
++ (builtins.map
|
|
|
|
|
(host:
|
|
|
|
|
{
|
|
|
|
|
name = host;
|
|
|
|
|
value =
|
2023-09-25 15:46:18 +08:00
|
|
|
{
|
2023-10-02 13:32:20 +08:00
|
|
|
host = host;
|
|
|
|
|
hostname = "hpc.xmu.edu.cn";
|
|
|
|
|
user = host;
|
|
|
|
|
extraOptions =
|
|
|
|
|
{
|
|
|
|
|
PubkeyAcceptedAlgorithms = "+ssh-rsa";
|
|
|
|
|
HostkeyAlgorithms = "+ssh-rsa";
|
|
|
|
|
SetEnv = "TERM=chn_unset_ls_colors:xterm-256color";
|
|
|
|
|
# in .bash_profile:
|
|
|
|
|
# if [[ $TERM == chn_unset_ls_colors* ]]; then
|
|
|
|
|
# export TERM=${TERM#*:}
|
|
|
|
|
# export CHN_LS_USE_COLOR=1
|
|
|
|
|
# fi
|
|
|
|
|
# in .bashrc
|
|
|
|
|
# [ -n "$CHN_LS_USE_COLOR" ] && alias ls="ls --color=auto"
|
|
|
|
|
};
|
2023-09-25 15:46:18 +08:00
|
|
|
};
|
2023-10-02 13:32:20 +08:00
|
|
|
})
|
|
|
|
|
[ "wlin" "jykang" "hwang" ])
|
|
|
|
|
)
|
|
|
|
|
// {
|
2023-11-16 15:51:47 +08:00
|
|
|
xmupc1 = { host = "xmupc1"; hostname = "office.chn.moe"; port = 6007; };
|
|
|
|
|
nas = { host = "nas"; hostname = "office.chn.moe"; port = 5440; };
|
|
|
|
|
# identityFile = "~/.ssh/xmuhk_id_rsa";
|
|
|
|
|
xmuhk = { host = "xmuhk"; hostname = "10.26.14.56"; user = "xmuhk"; };
|
|
|
|
|
xmuhk2 = { host = "xmuhk2"; hostname = "183.233.219.132"; user = "xmuhk"; port = 62022; };
|
2023-09-18 05:28:02 +08:00
|
|
|
};
|
2023-09-12 16:31:20 +08:00
|
|
|
};
|
2023-10-02 13:32:20 +08:00
|
|
|
home.packages =
|
|
|
|
|
[
|
|
|
|
|
(
|
|
|
|
|
let
|
|
|
|
|
servers = builtins.filter
|
|
|
|
|
(system: system.value.enable)
|
|
|
|
|
(builtins.map
|
|
|
|
|
(system:
|
|
|
|
|
{
|
|
|
|
|
name = system.config.nixos.system.networking.hostname;
|
|
|
|
|
value = system.config.nixos.system.fileSystems.decrypt.manual;
|
|
|
|
|
})
|
|
|
|
|
(builtins.attrValues inputs.topInputs.self.nixosConfigurations));
|
2023-10-02 13:49:26 +08:00
|
|
|
cat = "${inputs.pkgs.coreutils}/bin/cat";
|
2023-10-02 13:32:20 +08:00
|
|
|
gpg = "${inputs.pkgs.gnupg}/bin/gpg";
|
|
|
|
|
ssh = "${inputs.pkgs.openssh}/bin/ssh";
|
|
|
|
|
in inputs.pkgs.writeShellScriptBin "remote-decrypt" (builtins.concatStringsSep "\n"
|
|
|
|
|
(
|
|
|
|
|
(builtins.map (system: builtins.concatStringsSep "\n"
|
|
|
|
|
[
|
|
|
|
|
"decrypt-${system.name}() {"
|
|
|
|
|
" key=$(${cat} ${system.value.keyFile} | ${gpg} --decrypt)"
|
|
|
|
|
(builtins.concatStringsSep "\n" (builtins.map
|
2023-10-02 14:20:21 +08:00
|
|
|
(device: " echo $key | ${ssh} root@initrd.${system.name}.chn.moe cryptsetup luksOpen "
|
2023-10-02 13:32:20 +08:00
|
|
|
+ (if device.value.ssd then "--allow-discards " else "")
|
|
|
|
|
+ "${device.name} ${device.value.mapper} -")
|
|
|
|
|
(inputs.localLib.attrsToList system.value.devices)))
|
|
|
|
|
"}"
|
|
|
|
|
])
|
|
|
|
|
servers)
|
|
|
|
|
++ [ "decrypt-$1" ]
|
|
|
|
|
))
|
|
|
|
|
)
|
|
|
|
|
];
|
2023-10-27 22:39:23 +08:00
|
|
|
pam.yubico.authorizedYubiKeys.ids = [ "cccccbgrhnub" ];
|
2023-09-12 16:31:20 +08:00
|
|
|
};
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
2023-09-13 02:12:41 +08:00
|
|
|
nixos.services.groupshare.mountPoints = [ "/home/chn/groupshare" ];
|
2023-09-12 16:31:20 +08:00
|
|
|
};
|
2023-09-12 22:43:38 +08:00
|
|
|
xll =
|
|
|
|
|
{
|
|
|
|
|
users.users.xll =
|
|
|
|
|
{
|
|
|
|
|
isNormalUser = true;
|
|
|
|
|
extraGroups = inputs.lib.intersectLists
|
2023-09-14 19:11:33 +08:00
|
|
|
[ "groupshare" "video" ]
|
2023-09-12 22:43:38 +08:00
|
|
|
(builtins.attrNames inputs.config.users.groups);
|
|
|
|
|
passwordFile = inputs.config.sops.secrets."users/xll".path;
|
2023-09-14 18:46:03 +08:00
|
|
|
openssh.authorizedKeys.keys = [ (builtins.readFile ./xll_id_rsa.pub) ];
|
2023-09-12 22:43:38 +08:00
|
|
|
shell = inputs.pkgs.zsh;
|
|
|
|
|
autoSubUidGidRange = true;
|
|
|
|
|
};
|
2023-09-18 05:40:04 +08:00
|
|
|
home-manager.users.xll.imports = inputs.config.nixos.users.sharedModules;
|
2023-09-12 22:43:38 +08:00
|
|
|
sops.secrets."users/xll".neededForUsers = true;
|
2023-09-13 02:12:41 +08:00
|
|
|
nixos.services.groupshare.mountPoints = [ "/home/xll/groupshare" ];
|
2023-09-12 22:43:38 +08:00
|
|
|
};
|
2023-09-14 19:11:33 +08:00
|
|
|
zem =
|
|
|
|
|
{
|
|
|
|
|
users.users.zem =
|
|
|
|
|
{
|
|
|
|
|
isNormalUser = true;
|
|
|
|
|
extraGroups = inputs.lib.intersectLists
|
|
|
|
|
[ "groupshare" "video" ]
|
|
|
|
|
(builtins.attrNames inputs.config.users.groups);
|
|
|
|
|
passwordFile = inputs.config.sops.secrets."users/zem".path;
|
|
|
|
|
openssh.authorizedKeys.keys = [ (builtins.readFile ./zem_id_rsa.pub) ];
|
|
|
|
|
shell = inputs.pkgs.zsh;
|
|
|
|
|
autoSubUidGidRange = true;
|
|
|
|
|
};
|
2023-09-18 05:40:04 +08:00
|
|
|
home-manager.users.zem.imports = inputs.config.nixos.users.sharedModules;
|
2023-09-14 19:11:33 +08:00
|
|
|
sops.secrets."users/zem".neededForUsers = true;
|
|
|
|
|
nixos.services.groupshare.mountPoints = [ "/home/zem/groupshare" ];
|
|
|
|
|
};
|
|
|
|
|
yjq =
|
|
|
|
|
{
|
|
|
|
|
users.users.yjq =
|
|
|
|
|
{
|
|
|
|
|
isNormalUser = true;
|
|
|
|
|
extraGroups = inputs.lib.intersectLists
|
|
|
|
|
[ "groupshare" "video" ]
|
|
|
|
|
(builtins.attrNames inputs.config.users.groups);
|
|
|
|
|
passwordFile = inputs.config.sops.secrets."users/yjq".path;
|
|
|
|
|
openssh.authorizedKeys.keys = [ (builtins.readFile ./yjq_id_rsa.pub) ];
|
|
|
|
|
shell = inputs.pkgs.zsh;
|
|
|
|
|
autoSubUidGidRange = true;
|
|
|
|
|
};
|
2023-09-18 05:40:04 +08:00
|
|
|
home-manager.users.yjq.imports = inputs.config.nixos.users.sharedModules;
|
2023-09-14 19:11:33 +08:00
|
|
|
sops.secrets."users/yjq".neededForUsers = true;
|
|
|
|
|
nixos.services.groupshare.mountPoints = [ "/home/yjq/groupshare" ];
|
|
|
|
|
};
|
|
|
|
|
yxy =
|
|
|
|
|
{
|
|
|
|
|
users.users.yxy =
|
|
|
|
|
{
|
|
|
|
|
isNormalUser = true;
|
|
|
|
|
extraGroups = inputs.lib.intersectLists
|
|
|
|
|
[ "groupshare" "video" ]
|
|
|
|
|
(builtins.attrNames inputs.config.users.groups);
|
|
|
|
|
passwordFile = inputs.config.sops.secrets."users/yxy".path;
|
2023-09-26 17:47:49 +08:00
|
|
|
openssh.authorizedKeys.keys = [ (builtins.readFile ./yxy_id_rsa.pub) ];
|
2023-09-14 19:11:33 +08:00
|
|
|
shell = inputs.pkgs.zsh;
|
|
|
|
|
autoSubUidGidRange = true;
|
|
|
|
|
};
|
2023-09-18 05:40:04 +08:00
|
|
|
home-manager.users.yxy.imports = inputs.config.nixos.users.sharedModules;
|
2023-09-14 19:11:33 +08:00
|
|
|
sops.secrets."users/yxy".neededForUsers = true;
|
|
|
|
|
nixos.services.groupshare.mountPoints = [ "/home/yxy/groupshare" ];
|
|
|
|
|
};
|
2023-09-12 16:31:20 +08:00
|
|
|
};
|
|
|
|
|
in
|
|
|
|
|
{
|
2023-09-18 05:16:38 +08:00
|
|
|
options.nixos.users = let inherit (inputs.lib) mkOption types; in
|
|
|
|
|
{
|
|
|
|
|
users = mkOption { type = types.listOf (types.enum (builtins.attrNames allUsers)); default = [ "root" "chn" ]; };
|
2023-09-18 05:40:04 +08:00
|
|
|
sharedModules = mkOption { type = types.listOf types.anything; default = []; };
|
2023-09-18 05:16:38 +08:00
|
|
|
};
|
|
|
|
|
config =
|
|
|
|
|
let
|
|
|
|
|
inherit (builtins) map attrNames;
|
|
|
|
|
inherit (inputs.lib) mkMerge mkIf;
|
|
|
|
|
inherit (inputs.config.nixos) users;
|
2023-11-16 15:51:47 +08:00
|
|
|
in mkMerge (map (user: mkIf (builtins.elem user users.users) allUsers.${user}) (attrNames allUsers));
|
2023-09-12 16:31:20 +08:00
|
|
|
}
|
2023-07-27 21:14:39 +08:00
|
|
|
|
|
|
|
|
# environment.persistence."/impermanence".users.chn =
|
|
|
|
|
# {
|
2023-09-01 21:05:26 +08:00
|
|
|
# directories =
|
|
|
|
|
# [
|
|
|
|
|
# "Desktop"
|
|
|
|
|
# "Documents"
|
|
|
|
|
# "Downloads"
|
|
|
|
|
# "Music"
|
|
|
|
|
# "repo"
|
|
|
|
|
# "Pictures"
|
|
|
|
|
# "Videos"
|
2023-07-27 21:14:39 +08:00
|
|
|
|
2023-09-01 21:05:26 +08:00
|
|
|
# ".cache"
|
|
|
|
|
# ".config"
|
|
|
|
|
# ".gnupg"
|
|
|
|
|
# ".local"
|
|
|
|
|
# ".ssh"
|
|
|
|
|
# ".android"
|
|
|
|
|
# ".exa"
|
|
|
|
|
# ".gnome"
|
|
|
|
|
# ".Mathematica"
|
|
|
|
|
# ".mozilla"
|
|
|
|
|
# ".pki"
|
|
|
|
|
# ".steam"
|
|
|
|
|
# ".tcc"
|
|
|
|
|
# ".vim"
|
|
|
|
|
# ".vscode"
|
|
|
|
|
# ".Wolfram"
|
|
|
|
|
# ".zotero"
|
2023-07-27 21:14:39 +08:00
|
|
|
|
2023-09-01 21:05:26 +08:00
|
|
|
# ];
|
|
|
|
|
# files =
|
|
|
|
|
# [
|
|
|
|
|
# ".bash_history"
|
|
|
|
|
# ".cling_history"
|
|
|
|
|
# ".gitconfig"
|
|
|
|
|
# ".gtkrc-2.0"
|
|
|
|
|
# ".root_hist"
|
|
|
|
|
# ".viminfo"
|
|
|
|
|
# ".zsh_history"
|
|
|
|
|
# ];
|
2023-09-18 19:08:04 +08:00
|
|
|
# };
|
