overhaul of backup system

2025-11-08 21:14:34 +00:00 · 2025-11-08 21:14:34 +00:00 · 912308dced
commit 912308dced
parent 2bdeadfa7a
19 changed files with 226 additions and 196 deletions
--- a/system/configuration.nix
+++ b/system/configuration.nix
@ -1,20 +1,37 @@
 {pkgs, ...}: let
+  # Helper script to update the system based on local copy of flake
  updateScript = pkgs.writeShellScriptBin "rebuild" ''
    nixos-rebuild switch --flake /etc/nixos#distrust
  '';
+  # Helper script to clear /var/log and systemd journal
  clearLogsScript = pkgs.writeShellScriptBin "clear_logs" ''
    ${pkgs.coreutils}/bin/rm -rf /var/log/*
    ${pkgs.systemd}/bin/journalctl --vacuum-time=0s
  '';
+  # Currently unused, calculates TOR .onion hostname based on secret key
  tor-hostname = import ../helpers/tor-hostname.nix {inherit pkgs;};
 in {
  environment.systemPackages = with pkgs; [vim btop git alejandra statix deadnix] ++ [updateScript tor-hostname];

+  # Necessary for flake support
  nix.settings.experimental-features = ["nix-command" "flakes"];

-  boot.tmp.cleanOnBoot = true;
-  zramSwap.enable = true;
  networking.hostName = "distrust";
+  zramSwap.enable = true;
+  boot.tmp.cleanOnBoot = true;
+
+  users.users = {
+    # Disables root login by setting an invalid password
+    root.hashedPassword = "!";
+    anon = {
+      isNormalUser = true;
+      extraGroups = ["wheel"];
+      hashedPassword = "$6$GAyfgaTQgaBipAbb$gF/9YBh2ucVa/9vDQvEu9DVjSbsqdvSoXwA5RX0kP7.xdCfLqXhGBLlSXHg0e4rkLLd6zI1gRTWd4TfMjnnpS/";
+      openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxah5pnxmk+P7HtwRsryDoAHZsDs5RcGP9IPCNg1KFe cardno:16_179_196"];
+    };
+  };
+
+  security.sudo.wheelNeedsPassword = true;

  services = {
    openssh = {
@ -30,15 +47,6 @@ in {
    };
  };

-  users.users.root.hashedPassword = "!";
-  users.users.anon = {
-    isNormalUser = true;
-    extraGroups = ["wheel"];
-    hashedPassword = "$6$GAyfgaTQgaBipAbb$gF/9YBh2ucVa/9vDQvEu9DVjSbsqdvSoXwA5RX0kP7.xdCfLqXhGBLlSXHg0e4rkLLd6zI1gRTWd4TfMjnnpS/";
-    openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxah5pnxmk+P7HtwRsryDoAHZsDs5RcGP9IPCNg1KFe cardno:16_179_196"];
-  };
-  security.sudo.wheelNeedsPassword = true;
-
  systemd = {
    services.clear-var-log = {
      description = "Clear /var/log directory";
--- a/system/default.nix
+++ b/system/default.nix
@ -5,6 +5,8 @@
 }: {
  imports = [
    ./configuration.nix
+
+    # Auto generated, do not edit. Replace per host
    ./hardware-configuration.nix
    ./networking.nix