2025-05-23 04:46:06 -07:00
15 changed files with 102 additions and 67 deletions
--- a/provision/additional-setup.md
+++ b/provision/additional-setup.md
@ -2,7 +2,18 @@

 The following documents some NixOS setup that wasn't automated.

-## NIPR email, Teams, etc.
+## Encryption Keys
+
+### Github SSH
+
+Keys for SSH aren't automatically placed with chezmoi `secret` since it complicated
+things to much. The key for github SSH must be transferred manually from Bitwarden
+or:
+
+- `/run/secrets/keys/github_personal` to `~/.ssh/keys/github_personal`.
+- `/run/secrets/radicale/users` to `~/.config/radicale/users`.
+
+### NIPR email, Teams, etc.

 - Run `pcscan` and make sure card reader shows up.
 - Run `pkcs11-register` to register cac.
@ -77,3 +88,8 @@ git clone https://<user>:<token>@git.tstarr.us/tstarr/vulcan.git
 Copy another `.obsidian` folder for the new host (i.e. `.obsidian-<host>`).

 Open vault folder in obsidian and change the `.obsidian` folder in settings.
+
+
+## Wifi on Shivan
+
+Connect to wifi network with: `nmcli device wifi connect <SSID> password <password>`.
--- a/provision/hosts/bulwark/steam-deck.nix
+++ b/provision/hosts/bulwark/steam-deck.nix
@ -2,14 +2,21 @@
 {
  imports = [
    (jovian-nixos + "/modules")
+    #home-manager.nixosModule
  ];

  jovian = {
    steam.desktopSession = "gnome";
    steam.enable = true;
+    steam.autoStart = true; 
    steam.user = "${user}";
-    devices.steamdeck.enable = true;
+    devices.steamdeck = {
+      enable = true;
    };
+  };
+
+  # Disable gdm (this is required for Jovian-NixOS)
+  services.xserver.displayManager.gdm.enable = lib.mkForce false;

  environment.systemPackages = with pkgs; [
    jupiter-dock-updater-bin # Binary package for updating firmware on Jupiter Dock, a hardware accessory for certain laptops.
--- a/provision/hosts/default/default.nix
+++ b/provision/hosts/default/default.nix
@ -1,5 +1,10 @@
 { config, pkgs, user, lib, inputs, ... }:
 {
+  imports = [ 
+    ./git.nix
+    ./home-default.nix
+  ];
+
  nix = {
    package = pkgs.nixFlakes;
    extraOptions = "experimental-features = nix-command flakes";
@ -25,19 +30,4 @@

  # Did you read the comment?
  system.stateVersion = "23.11";
-
-  home-manager.users.${user} = {
-    home.username = "${user}";
-    home.homeDirectory = "/home/${user}";
-    programs.home-manager.enable = true;
-
-    programs.direnv = {
-      enable = true;
-      enableBashIntegration = true;
-      nix-direnv.enable = true;
-    };
-
-    # Did you read the comment?
-    home.stateVersion = "23.11";
-  };
 }
--- a/provision/modules/programs/git.nix
+++ b/provision/modules/programs/git.nix
--- a/provision/hosts/default/home-default.nix
+++ b/provision/hosts/default/home-default.nix
@ -0,0 +1,20 @@
+{ config, pkgs, user, ... }:
+{
+  home-manager.users.${user} = {
+    home.username = "${user}";
+    home.homeDirectory = "/home/${user}";
+    programs.home-manager.enable = true;
+
+    programs.direnv = {
+      enable = true;
+      enableBashIntegration = true;
+      nix-direnv.enable = true;
+    };
+
+    home.packages = with pkgs; [
+    ];
+
+    # Did you read the comment?
+    home.stateVersion = "23.11";
+  };
+}
--- a/provision/hosts/default/physical/backup.nix
+++ b/provision/hosts/default/physical/backup.nix
@ -0,0 +1,22 @@
+{ config, pkgs, user, lib, ... }:
+{
+  services.borgmatic.enable = true;
+  environment.systemPackages = with pkgs; [
+    borgbackup # Deduplicating backup program 
+    tree
+    (pkgs.writeScriptBin "stop-docker-containers" ''
+      #!/bin/sh
+      [ -e /tmp/docker_images ] && rm /tmp/docker_images
+      images=$(docker ps -a -q)
+      echo "$images" > /tmp/docker_images
+      docker stop $images
+    '')
+    (pkgs.writeScriptBin "restore-docker-containers" ''
+      #!/bin/sh
+      [ ! -e /tmp/docker_images ] && exit 0
+      docker start $(cat /tmp/docker_images)
+      rm /tmp/docker_images
+    '')
+  ];
+}
+          
--- a/provision/hosts/default/physical/configuration.nix
+++ b/provision/hosts/default/physical/configuration.nix
@ -1,5 +1,10 @@
 { config, pkgs, user, lib, inputs, ... }:
 {
+  imports = [ 
+    ./home-configuration.nix
+    ./backup.nix
+  ];
+
  nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" "openssl-1.1.1w" ];

  # Use the systemd-boot EFI boot loader.
@ -12,11 +17,4 @@
    extraGroups = [ "dialout" "wheel" "docker" "libvirtd" ];
    shell = pkgs.bash;
  };
-
-  home-manager.users.${user} = {
-    programs.vscode = {
-      enable = true;
-      package = pkgs.vscode.fhs;
-    };
-  };
 }
--- a/provision/hosts/default/physical/home-configuration.nix
+++ b/provision/hosts/default/physical/home-configuration.nix
@ -0,0 +1,9 @@
+{ config, pkgs, user, ... }:
+{
+  home-manager.users.${user} = {
+    programs.vscode = {
+      enable = true;
+      package = pkgs.vscode.fhs;
+    };
+  };
+}
--- a/provision/hosts/kestrel/configuration.nix
+++ b/provision/hosts/kestrel/configuration.nix
@ -65,7 +65,6 @@
      virt-manager.enable = true;
    };
    system = {
-      backup.enable = true;
      nipr.enable = true;
      ssh.enable = true;
      terminal.enable = true;
--- a/provision/hosts/torus/configuration.nix
+++ b/provision/hosts/torus/configuration.nix
@ -106,7 +106,6 @@
      jellyfin.enable = true;
    };
    system = {
-      backup.enable = true;
      terminal.enable = true;
      ssh.enable = true;
    };
--- a/provision/modules/desktop/gnome.nix
+++ b/provision/modules/desktop/gnome.nix
@ -139,7 +139,6 @@ in {
          favorite-apps = [
            "google-chrome.desktop"
            "kitty.desktop"
-            "org.gnome.Nautilus.desktop"
            "steam.desktop"
            "vesktop.desktop"
          ];
--- a/provision/modules/programs/default.nix
+++ b/provision/modules/programs/default.nix
@ -1,4 +1,4 @@
 { ... }:
 {
-  imports = [ ./git.nix ./chezmoi.nix ./kitty.nix ];
+  imports = [ ./chezmoi.nix ./kitty.nix ];
 }
--- a/provision/modules/system/backup.nix
+++ b/provision/modules/system/backup.nix
@ -1,26 +0,0 @@
-{ config, pkgs, user, lib, ... }:
-
-let cfg = config.modules.system.backup;
-in {
-  options.modules.system.backup.enable = lib.mkEnableOption "backup";
-  config = lib.mkIf cfg.enable {
-    services.borgmatic.enable = true;
-    environment.systemPackages = with pkgs; [
-      borgbackup # Deduplicating backup program 
-      tree
-      (pkgs.writeScriptBin "stop-docker-containers" ''
-        #!/bin/sh
-        [ -e /tmp/docker_images ] && rm /tmp/docker_images
-        images=$(docker ps -a -q)
-        echo "$images" > /tmp/docker_images
-        docker stop $images
-      '')
-      (pkgs.writeScriptBin "restore-docker-containers" ''
-        #!/bin/sh
-        [ ! -e /tmp/docker_images ] && exit 0
-        docker start $(cat /tmp/docker_images)
-        rm /tmp/docker_images
-      '')
-    ];
-  };
-}
--- a/provision/modules/system/default.nix
+++ b/provision/modules/system/default.nix
@ -1,4 +1,4 @@
 { ... }:
 {
-  imports = [ ./backup.nix ./nipr.nix ./ssh.nix ./terminal.nix ./wireguard-client.nix ];
+  imports = [ ./nipr.nix ./ssh.nix ./terminal.nix ./wireguard-client.nix ];
 }
--- a/provision/readme.md
+++ b/provision/readme.md
@ -5,7 +5,8 @@ Set of configs files to setup NixOS.

 ## Usage

-1. Install NixOS with this [guide](https://nixos.wiki/wiki/NixOS_Installation_Guide). Use the following paritions and btrfs subvolumes:
+1. Install NixOS with this [guide](https://nixos.wiki/wiki/NixOS_Installation_Guide).
+   Use the following paritions and btrfs subvolumes:

   | Name    | Type  | Mount Point | Size         |
   |---------|-------|-------------|--------------|
@ -37,4 +38,5 @@ Perform additional setup found in [additional-setup](additional-setup.md)

 ## Update

-`nixos-rebuild` command is aliased to `nu` assuming the flake is named the same at the hostname of the machine.
+`nixos-rebuild` command is aliased to `nu` assuming the flake is named the same at the
+hostname of the machine.