chore: rpi updates

justinrubek · justinrubek · commit 38bec72423b5 · 2024-07-01T18:31:47.000-05:00
diff --git a/README.md b/README.md
@@ -38,6 +38,7 @@ Deployment configuration contained in `./deploy`
 - build the image: `nix build .#nixosConfigurations.rpi5.config.system.build.sdImage`
 - decompress (to `rpi-image`): `zstd --decompress result/sd-image/nixos-sd-image-24.11.20240529.ad57eef-aarch64-linux.img.zst -o rpi-image`
 - use `dd` to write the image to an sd card: `sudo dd if=rpi-image of=/dev/sdX bs=4M`
+- remotely apply nixos-configuration: `nixos-rebuild switch --flake .#rpi5 --target-host rpi5`
 
 ## terraform
 
diff --git a/nixos/configurations/rpi5/default.nix b/nixos/configurations/rpi5/default.nix
@@ -8,5 +8,24 @@ inputs: {
     inputs.raspberry-pi-nix.nixosModules.raspberry-pi
   ];
   environment.systemPackages = [inputs.self.packages.aarch64-linux.neovim];
-  users.users.root.openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL1Uj62/yt8juK3rSfrVuX/Ut+xzw1Z75KZS/7fOLm6l"];
+  justinrubek = {
+    administration.enable = true;
+    tailscale.enable = true;
+  };
+  networking.firewall = {
+    allowedTCPPorts = [22];
+    interfaces.${config.services.tailscale.interfaceName} = {
+      allowedTCPPorts = [22];
+    };
+  };
+  users.users = {
+    justin = {
+      isNormalUser = true;
+      description = "Justin";
+      extraGroups = ["networkmanager" "wheel" "docker" "input" "systemd-journal"];
+      shell = pkgs.bashInteractive;
+      openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL1Uj62/yt8juK3rSfrVuX/Ut+xzw1Z75KZS/7fOLm6l"];
+    };
+    root.openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL1Uj62/yt8juK3rSfrVuX/Ut+xzw1Z75KZS/7fOLm6l"];
+  };
 }
diff --git a/nixos/modules/admin_ssh.nix b/nixos/modules/admin_ssh.nix
@@ -13,14 +13,13 @@ in {
   };
 
   config = lib.mkIf cfg.enable {
-    # provide the `admin` user
     users.users.admin = {
       name = "admin";
       isNormalUser = true;
       extraGroups = ["wheel"];
 
       openssh.authorizedKeys.keys = [
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsUQZGQOH2kmQNeG/Ezmsv6A/70JUO8nLh9WaZ/o7DlmpYeEyUdloTazxpP9FjuRv7d7nzRqtQFOF74TBaDEAxR9/eHxX9zc5RfyE1RYeGWPGgnuHpxoTijh70ncTlU6sr0oqP7e24qeIy7pqWKQmV8RDOkr2etbnb5OpCHEsZJ0l0sPYQpYi0Ud8cM/HFCCVPeg21wVuxBX2rA4ze8+YgnPJZRnhtHZg7rAapvhiIfDAJ3xIweauCoz0vZdmANlUsg2AoOx9b2Ym6rGNmRrJUNZYcsNxmUHc1/oc1g9NZ7GoaMhfw0BHVJ0kyfE2glpJX9iu6WHWjbL+XM0QnCFrc3hbQc41zYQsMHcY/N/P5MW9Gj77Q9P/qRDbwlVOdoFw1bUpIoMgsJ95o5gv5mClHuBLZD3ZO5cyRfnjH4w0pt6EnWtbkORsT5A7ULOQOG8AOuBL3ok/yVTVAFV2yMbaEg1BM2By0U6hn9M6SGWuOiM1oMwvVFJWdmZsvPeTZqaU= justin"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL1Uj62/yt8juK3rSfrVuX/Ut+xzw1Z75KZS/7fOLm6l"
       ];
     };
 
