diff --git a/certificates/sat-r220-02.lab.eng.rdu2.redhat.com.crt b/certificates/sat-r220-02.lab.eng.rdu2.redhat.com.crt deleted file mode 100644 index a836e9b..0000000 --- a/certificates/sat-r220-02.lab.eng.rdu2.redhat.com.crt +++ /dev/null @@ -1,98 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - d0:17:d1:86:81:d4:f1:28 - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=North Carolina, L=Raleigh, O=Katello, OU=SomeOrgUnit, CN=sat-r220-02.lab.eng.rdu2.redhat.com - Validity - Not Before: Nov 2 15:37:13 2018 GMT - Not After : Jan 17 15:37:13 2038 GMT - Subject: C=US, ST=North Carolina, L=Raleigh, O=Katello, OU=SomeOrgUnit, CN=sat-r220-02.lab.eng.rdu2.redhat.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:ba:03:39:e3:af:3e:c7:89:bd:d0:07:66:83:18: - 9c:c0:da:56:e8:bb:37:fe:03:67:94:9a:1c:9d:47: - da:6a:a7:6e:56:6d:0a:73:05:79:0e:44:61:71:78: - 33:33:79:b1:ce:a6:9d:87:d0:01:81:10:d5:e3:21: - 0f:d0:e9:ef:86:dc:13:34:62:42:47:81:f6:ce:d8: - 78:de:00:0c:a6:5d:25:d8:cc:72:6a:c4:7c:e1:5b: - 84:2b:e2:3c:b6:51:7e:8e:e6:e1:55:7d:b4:c8:e7: - 98:76:eb:20:15:48:6f:2e:91:ca:b7:17:d4:d9:76: - 5b:40:1c:7e:4c:0b:6f:2c:63:fa:78:c5:8b:b5:36: - b6:01:d9:da:58:a9:06:76:32:18:ca:b2:7c:2d:aa: - 4f:4e:f5:67:30:4c:a6:a3:e3:ef:7c:1d:d3:67:de: - da:a5:b9:57:0d:74:01:c3:24:a9:03:61:98:91:c2: - 1f:1d:a4:36:d2:a6:f4:95:6f:01:6a:99:41:ea:f0: - 8c:7a:7d:a0:0d:34:93:a3:80:cb:19:fb:1a:e1:c4: - 0b:60:5c:8d:33:ea:90:ed:98:d2:2a:06:6e:a2:02: - 1f:f8:2c:1e:d4:d0:d4:8f:93:8d:c9:fe:21:39:6a: - 5b:7b:60:5d:2a:9c:1e:3f:51:31:b1:be:56:28:cb: - 4d:cd - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:TRUE - X509v3 Key Usage: - Digital Signature, Key Encipherment, Certificate Sign, CRL Sign - X509v3 Extended Key Usage: - TLS Web Server Authentication, TLS Web Client Authentication - Netscape Cert Type: - SSL Server, SSL CA - Netscape Comment: - Katello SSL Tool Generated Certificate - X509v3 Subject Key Identifier: - 72:CD:88:06:03:FE:5D:A2:D0:B3:20:C7:37:74:06:84:A8:A8:13:DF - X509v3 Authority Key Identifier: - keyid:72:CD:88:06:03:FE:5D:A2:D0:B3:20:C7:37:74:06:84:A8:A8:13:DF - DirName:/C=US/ST=North Carolina/L=Raleigh/O=Katello/OU=SomeOrgUnit/CN=sat-r220-02.lab.eng.rdu2.redhat.com - serial:D0:17:D1:86:81:D4:F1:28 - - Signature Algorithm: sha256WithRSAEncryption - 70:fe:c6:9f:1a:62:e8:b0:a6:25:df:e8:51:6c:e9:08:48:00: - 72:2b:d8:a2:95:6e:57:01:8e:2a:9c:a0:14:f8:c9:8a:e3:5d: - 48:64:f9:0f:81:e7:3e:b1:c2:cb:a0:ec:55:d6:e4:7f:c0:46: - 7b:bc:66:15:88:61:73:3b:ea:9e:ea:cb:32:79:35:bc:dc:eb: - 6f:d8:d0:89:c2:ae:fd:02:43:cd:e0:38:d6:9c:16:d7:6d:bb: - 2c:73:53:3c:82:56:51:d8:96:71:e1:28:49:31:be:fb:ed:23: - 08:e5:8d:eb:48:c7:25:5d:ef:0e:30:22:d3:93:7f:f1:66:b8: - 7f:8f:5c:d2:97:e7:13:0e:5b:06:1d:fd:97:1d:a5:24:93:d9: - 8a:d2:ba:51:00:b3:71:c8:61:da:79:31:64:75:96:d0:b8:d8: - 45:57:24:40:2f:11:d6:63:70:f5:bf:8d:fc:7f:1b:b9:ad:e0: - 16:6a:89:9b:6a:0c:d3:e3:b5:14:b4:5c:36:8a:b0:dd:15:4d: - 4e:77:e9:9b:29:df:e9:e3:27:dc:87:f8:6e:5d:a9:14:42:5c: - 8b:7b:13:9d:8b:c7:7a:4d:6d:52:7e:5f:02:9f:21:15:de:98: - 5d:f5:25:30:d3:fa:b4:34:f3:ff:8d:36:c7:e3:1c:d3:b1:f7: - b6:7b:ad:40 ------BEGIN CERTIFICATE----- -MIIFEDCCA/igAwIBAgIJANAX0YaB1PEoMA0GCSqGSIb3DQEBCwUAMIGOMQswCQYD -VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVp -Z2gxEDAOBgNVBAoMB0thdGVsbG8xFDASBgNVBAsMC1NvbWVPcmdVbml0MSwwKgYD -VQQDDCNzYXQtcjIyMC0wMi5sYWIuZW5nLnJkdTIucmVkaGF0LmNvbTAeFw0xODEx -MDIxNTM3MTNaFw0zODAxMTcxNTM3MTNaMIGOMQswCQYDVQQGEwJVUzEXMBUGA1UE -CAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVpZ2gxEDAOBgNVBAoMB0th -dGVsbG8xFDASBgNVBAsMC1NvbWVPcmdVbml0MSwwKgYDVQQDDCNzYXQtcjIyMC0w -Mi5sYWIuZW5nLnJkdTIucmVkaGF0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBALoDOeOvPseJvdAHZoMYnMDaVui7N/4DZ5SaHJ1H2mqnblZtCnMF -eQ5EYXF4MzN5sc6mnYfQAYEQ1eMhD9Dp74bcEzRiQkeB9s7YeN4ADKZdJdjMcmrE -fOFbhCviPLZRfo7m4VV9tMjnmHbrIBVIby6RyrcX1Nl2W0AcfkwLbyxj+njFi7U2 -tgHZ2lipBnYyGMqyfC2qT071ZzBMpqPj73wd02fe2qW5Vw10AcMkqQNhmJHCHx2k -NtKm9JVvAWqZQerwjHp9oA00k6OAyxn7GuHEC2BcjTPqkO2Y0ioGbqICH/gsHtTQ -1I+Tjcn+ITlqW3tgXSqcHj9RMbG+VijLTc0CAwEAAaOCAW0wggFpMAwGA1UdEwQF -MAMBAf8wCwYDVR0PBAQDAgGmMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD -AjARBglghkgBhvhCAQEEBAMCAkQwNQYJYIZIAYb4QgENBCgWJkthdGVsbG8gU1NM -IFRvb2wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRyzYgGA/5dotCz -IMc3dAaEqKgT3zCBwwYDVR0jBIG7MIG4gBRyzYgGA/5dotCzIMc3dAaEqKgT36GB -lKSBkTCBjjELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAw -DgYDVQQHDAdSYWxlaWdoMRAwDgYDVQQKDAdLYXRlbGxvMRQwEgYDVQQLDAtTb21l -T3JnVW5pdDEsMCoGA1UEAwwjc2F0LXIyMjAtMDIubGFiLmVuZy5yZHUyLnJlZGhh -dC5jb22CCQDQF9GGgdTxKDANBgkqhkiG9w0BAQsFAAOCAQEAcP7Gnxpi6LCmJd/o -UWzpCEgAcivYopVuVwGOKpygFPjJiuNdSGT5D4HnPrHCy6DsVdbkf8BGe7xmFYhh -czvqnurLMnk1vNzrb9jQicKu/QJDzeA41pwW1227LHNTPIJWUdiWceEoSTG+++0j -COWN60jHJV3vDjAi05N/8Wa4f49c0pfnEw5bBh39lx2lJJPZitK6UQCzcchh2nkx -ZHWW0LjYRVckQC8R1mNw9b+N/H8bua3gFmqJm2oM0+O1FLRcNoqw3RVNTnfpmynf -6eMn3If4bl2pFEJci3sTnYvHek1tUn5fAp8hFd6YXfUlMNP6tDTz/402x+Mc07H3 -tnutQA== ------END CERTIFICATE----- diff --git a/nix/os/devices/steveej-t480s-work/configuration.nix b/nix/os/devices/steveej-t480s-work/configuration.nix deleted file mode 100644 index 061d8c8..0000000 --- a/nix/os/devices/steveej-t480s-work/configuration.nix +++ /dev/null @@ -1,16 +0,0 @@ -{...}: { - disabledModules = ["system/boot/initrd-network.nix"]; - - imports = [ - ../../modules/initrd-network.nix - - ../../profiles/common/configuration.nix - ../../profiles/graphical/configuration.nix - ../../modules/encryptedDisk.nix - - ./system.nix - ./hw.nix - ./pkg.nix - ./user.nix - ]; -} diff --git a/nix/os/devices/steveej-t480s-work/hw.nix b/nix/os/devices/steveej-t480s-work/hw.nix deleted file mode 100644 index 988e624..0000000 --- a/nix/os/devices/steveej-t480s-work/hw.nix +++ /dev/null @@ -1,30 +0,0 @@ -{...}: let - stage1Modules = [ - "aesni_intel" - "kvm-intel" - "aes_x86_64" - "nvme" - "nvme_core" - - "pcieport" - "thunderbolt" - "e1000e" - "xhci_pci" - "hxci_hcd" - ]; -in { - # TASK: new device - hardware.encryptedDisk = { - enable = true; - diskId = "ata-Crucial_CT750MX300SSD1_16161311C7A6"; - }; - - # boot.initrd.availableKernelModules = stage1Modules; - boot.initrd.kernelModules = stage1Modules; - boot.extraModprobeConfig = '' - options kvm-intel nested=1 - options kvm-intel enable_shadow_vmcs=1 - options kvm-intel enable_apicv=1 - options kvm-intel ept=1 - ''; -} diff --git a/nix/os/devices/steveej-t480s-work/pkg.nix b/nix/os/devices/steveej-t480s-work/pkg.nix deleted file mode 100644 index 557ede1..0000000 --- a/nix/os/devices/steveej-t480s-work/pkg.nix +++ /dev/null @@ -1,15 +0,0 @@ -{pkgs, ...}: { - nixpkgs.config.packageOverrides = pkgs: - with pkgs; { - nixPath = - (import ../../../default.nix { - versionsPath = ./versions.nix; - }) - .nixPath; - }; - home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix { - inherit pkgs; - }; - services.teamviewer.enable = true; - system.stateVersion = "19.09"; -} diff --git a/nix/os/devices/steveej-t480s-work/system.nix b/nix/os/devices/steveej-t480s-work/system.nix deleted file mode 100644 index ec4c317..0000000 --- a/nix/os/devices/steveej-t480s-work/system.nix +++ /dev/null @@ -1,134 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: let - keys = import ../../../variables/keys.nix; -in { - # TASK: new device - networking.hostName = "steveej-t480s-work"; # Define your hostname. - - # Used for testing local Openshift clusters - environment.etc."NetworkManager/dnsmasq.d/openshift.conf".text = let - openshiftClusterName = "openshift-steveej"; - openshiftDomain = "openshift.testing"; - openshiftSubnetBase = "192.168.126"; - in '' - server=/${openshiftDomain}/${openshiftSubnetBase}.1 - address=/.apps.${openshiftClusterName}.${openshiftDomain}/${openshiftSubnetBase}.51 - ''; - networking.firewall.enable = lib.mkForce false; - networking.firewall.checkReversePath = false; - - networking.bridges."virbr1".interfaces = []; - networking.interfaces."virbr1".ipv4.addresses = [ - { - address = "10.254.254.254"; - prefixLength = 24; - } - ]; - - services.printing = { - enable = true; - drivers = with pkgs; [hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper]; - }; - - services.fprintd.enable = true; - security.pam.services = { - login.fprintAuth = true; - sudo.fprintAuth = true; - }; - - # Kubernetes - # services.kubernetes.roles = ["master" "node"]; - - # virtualization - virtualisation = { - libvirtd = {enable = true;}; - - virtualbox.host = { - enable = false; - addNetworkInterface = false; - }; - - docker = { - enable = true; - extraOptions = "--experimental"; - }; - }; - - boot.initrd.network = { - enable = true; - useDHCP = true; - udhcpc.extraArgs = ["-x hostname:${config.networking.hostName}"]; - - ssh = { - enable = true; - authorizedKeys = keys.users.steveej.openssh; - hostKeys = [ - "/etc/secrets/initrd/ssh_host_rsa_key" - "/etc/secrets/initrd/ssh_host_ed25519_key" - ]; - }; - }; - - security.pki.certificateFiles = [ - "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" - ../../../../certificates/sat-r220-02.lab.eng.rdu2.redhat.com.crt - ]; - - services.xserver.videoDrivers = ["modesetting"]; - services.xserver.serverFlagsSection = '' - Option "BlankTime" "0" - Option "StandbyTime" "0" - Option "SuspendTime" "0" - Option "OffTime" "0" - ''; - - # the default profile uses linuxPackages_latest - # boot.kernelPackages = lib.mkForce pkgs.linuxPackages; - - krb5 = { - enable = true; - config = let - pkinit_crt = pkgs.fetchurl { - url = "https://password.corp.redhat.com/ipa.crt"; - sha256 = "0cflhkb7szzlakjmz2rmw8l8j5jqsyy2rl7ciclmi5fdfjrrx1cd"; - }; - in '' - [libdefaults] - default_realm = IPA.REDHAT.COM - dns_lookup_realm = true - dns_lookup_kdc = true - rdns = false - dns_canonicalize_hostname = true - ticket_lifetime = 24h - forwardable = true - udp_preference_limit = 0 - default_ccache_name = KEYRING:persistent:%{uid} - - [realms] - REDHAT.COM = { - default_domain = redhat.com - dns_lookup_kdc = true - master_kdc = kerberos.corp.redhat.com - admin_server = kerberos.corp.redhat.com - } - - #make sure to save the IPA CA cert - #mkdir /etc/ipa && curl -o /etc/ipa/ca.crt https://password.corp.redhat.com/ipa.crt - IPA.REDHAT.COM = { - pkinit_anchors = FILE:${pkinit_crt} - pkinit_pool = FILE:${pkinit_crt} - default_domain = ipa.redhat.com - dns_lookup_kdc = true - # Trust tickets issued by legacy realm on this host - auth_to_local = RULE:[1:$1@$0](.*@REDHAT\.COM)s/@.*// - auth_to_local = DEFAULT - } - ''; - }; - - hardware.ledger.enable = true; -} diff --git a/nix/os/devices/steveej-t480s-work/user.nix b/nix/os/devices/steveej-t480s-work/user.nix deleted file mode 100644 index 156c71b..0000000 --- a/nix/os/devices/steveej-t480s-work/user.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - config, - pkgs, - ... -}: let - passwords = import ../../../variables/passwords.crypt.nix; - keys = import ../../../variables/keys.nix; - inherit (import ../../lib/default.nix {}) mkUser; -in { - users.extraUsers.steveej2 = mkUser { - uid = 1001; - openssh.authorizedKeys.keys = keys.users.steveej.openssh; - }; - - users.extraUsers.steveej3 = mkUser { - uid = 1002; - openssh.authorizedKeys.keys = keys.users.steveej.openssh; - shell = pkgs.posh {image = "quay.io/enarx/fedora";}; - }; -} diff --git a/nix/os/devices/steveej-t480s-work/versions.nix b/nix/os/devices/steveej-t480s-work/versions.nix deleted file mode 100644 index 0e3479b..0000000 --- a/nix/os/devices/steveej-t480s-work/versions.nix +++ /dev/null @@ -1,26 +0,0 @@ -let - nixpkgs = { - url = "https://github.com/NixOS/nixpkgs/"; - ref = "nixos-20.09"; - rev = "b94726217f7cdc02ddf277b65553762d520da196"; - }; -in { - inherit nixpkgs; - nixos = nixpkgs // {suffix = "/nixos";}; - "channels-nixos-stable" = nixpkgs; - "channels-nixos-unstable" = { - url = "https://github.com/NixOS/nixpkgs/"; - ref = "nixos-unstable"; - rev = "e9158eca70ae59e73fae23be5d13d3fa0cfc78b4"; - }; - "nixpkgs-master" = { - url = "https://github.com/NixOS/nixpkgs/"; - ref = "master"; - rev = "cd75006f1abd1671f2367b8cfd9406b32f5296da"; - }; - "home-manager-module" = { - url = "https://github.com/nix-community/home-manager"; - ref = "release-20.09"; - rev = "63f299b3347aea183fc5088e4d6c4a193b334a41"; - }; -} diff --git a/nix/os/devices/steveej-t480s-work/versions.tmpl.nix b/nix/os/devices/steveej-t480s-work/versions.tmpl.nix deleted file mode 100644 index 96f7be3..0000000 --- a/nix/os/devices/steveej-t480s-work/versions.tmpl.nix +++ /dev/null @@ -1,34 +0,0 @@ -let - nixpkgs = { - url = "https://github.com/NixOS/nixpkgs/"; - ref = "nixos-20.09"; - rev = '' - <% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d ' - ' -%>''; - }; -in { - inherit nixpkgs; - nixos = nixpkgs // {suffix = "/nixos";}; - "channels-nixos-stable" = nixpkgs; - "channels-nixos-unstable" = { - url = "https://github.com/NixOS/nixpkgs/"; - ref = "nixos-unstable"; - rev = '' - <% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d ' - ' -%>''; - }; - "nixpkgs-master" = { - url = "https://github.com/NixOS/nixpkgs/"; - ref = "master"; - rev = '' - <% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d ' - ' -%>''; - }; - "home-manager-module" = { - url = "https://github.com/nix-community/home-manager"; - ref = "release-20.09"; - rev = '' - <% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d ' - ' -%>''; - }; -}