router: enable serial console on ttyS0

hosts/gendry.jakehillion-terminals.ts.hillion.co.uk/default.nix

@@ -30,6 +30,7 @@
     };
 
     ## Desktop
+    custom.users.jake.password = true;
     custom.desktop.awesome.enable = true;
 
     ## Resilio
@@ -84,12 +85,7 @@
       };
     };
 
-    ## Password (for interactive logins)
-    age.secrets."passwords/gendry.jakehillion-terminals.ts.hillion.co.uk/jake".file = ../../secrets/passwords/gendry.jakehillion-terminals.ts.hillion.co.uk/jake.age;
-
     users.users."${config.custom.user}" = {
-      passwordFile = config.age.secrets."passwords/gendry.jakehillion-terminals.ts.hillion.co.uk/jake".path;
-
       packages = with pkgs; [
         prismlauncher
       ];

hosts/router.home.ts.hillion.co.uk/default.nix

@@ -19,6 +19,9 @@
       "net.ipv4.conf.all.forwarding" = true;
     };
 
+    ## Interactive password
+    custom.users.jake.password = true;
+
     ## Impermanence
     custom.impermanence.enable = true;
 

hosts/router.home.ts.hillion.co.uk/hardware-configuration.nix

@@ -12,6 +12,7 @@
   boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-intel" ];
+  boot.kernelParams = [ "console=ttyS0,115200n8" ];
   boot.extraModulePackages = [ ];
 
   fileSystems."/" =

modules/default.nix

@@ -7,6 +7,7 @@
     ./common/hostinfo.nix
     ./desktop/awesome/default.nix
     ./drone/default.nix
+    ./ids.nix
     ./impermanence.nix
     ./locations.nix
     ./resilio.nix

modules/ids.nix

@@ -0,0 +1,21 @@
+{ config, pkgs, lib, ... }:
+
+{
+  config = {
+    ids.uids = {
+      ## Defined System Users (see https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/misc/ids.nix)
+      unifi = 183;
+
+      ## Consistent People
+      jake = 1000;
+      joseph = 1001;
+    };
+    ids.gids = {
+      ## Defined System Groups (see https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/misc/ids.nix)
+      unifi = 183;
+
+      ## Consistent Groups
+      mediaaccess = 1200;
+    };
+  };
+}

modules/users.nix

@@ -1,21 +1,21 @@
 { config, pkgs, lib, ... }:
 
+let
+  cfg = config.custom.users;
+in
 {
-  config = {
-    ids.uids = {
-      ## Defined System Users (see https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/misc/ids.nix)
-      unifi = 183;
-
-      ## Consistent People
-      jake = 1000;
-      joseph = 1001;
+  options.custom.users = {
+    jake = {
+      password = lib.mkOption {
+        description = "Enable an interactive password.";
+        type = lib.types.bool;
+        default = false;
       };
-    ids.gids = {
-      ## Defined System Groups (see https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/misc/ids.nix)
-      unifi = 183;
-
-      ## Consistent Groups
-      mediaaccess = 1200;
     };
   };
+
+  config = lib.mkIf cfg.jake.password {
+    age.secrets."passwords/jake".file = ../secrets/passwords/jake.age;
+    users.users.jake.passwordFile = config.age.secrets."passwords/jake".path;
+  };
 }

secrets/passwords/gendry.jakehillion-terminals.ts.hillion.co.uk/jake.age

@@ -1,22 +0,0 @@
-age-encryption.org/v1
--> ssh-rsa GxPFJQ
-QdAi0Hx70g3qk8IjDJt1AsUWxsDyf/xPrxrkrK9Ad1H2WPpZ9NlP/rTFqBar8tUB
-SaHL6BCP3ZXnoecD/dfSzQxW9KjgvhjZ1hRvmCn1W9ss1Y5LEVW5UZrkCp/3Hmkq
-wz63dObgadMqEoEA72L/A3WIH2iTx4wEW8YPDpo359F1hbAw0WDEJcjwADv9hImj
-htQZyFfOq/LUNRW1WDNS+FjETrxXTaozFcnQSzmPvlfC98lx2+Y+AN3nT4tTZaM/
-k63AobkTItuY06cPNnqndTuUMyhXHVNCX+s9bdFe/3jvaBUu0+gZ0dMphoEVumbg
-JrzC3aLwHFVbLUVL3i/oTA
--> ssh-rsa K9mW1w
-gIsjWimmGNSwMaDrBHyno5z4Bzg58zUbjikbMUKn0tMniA14LNhrNyqcjLEMpqra
-v93Zs+mQ9qIMP7ngwdLkNCOMe/Sa5fVKO8WEeXbs8J4cfHM9olgVwgfwyipkyQlT
-C215GEaXAyeDZVg6dWYt+oQFNtWuaWMNqvMAgq0ZIsq+OOdbvfYJkopdcIDwtWjZ
-SoyoN5K/DLMu2BVzNjs3lMVL05HEXz1BgUQHVY0cPWF+/A+51v4LkfHwbEJG47TY
-0ICVMJomuzvP/2PIqbKrgrp5mzKpirxpHFtKRPyWjB2A78p+uP6VJjA3KGzdFigL
-Dwsw7H2WPlCRp8bNBWZgyg
--> ssh-ed25519 rjda/A ogkCjcpYMPgo19AEBSBsNaIk45e45WzA56qGdCsB7B4
-kt9h0r5+oT5yrveLbbcJVsVYhlJ9Uh/S+sA+o67hCgc
--> |WiTRkb2-grease f~X":
-X8pIHiPHYZWaBjj1H653wxf6MA6/noj4DsBCtgxGRitApWw
---- 8t+DYI+x/AdSt7zXMbhxjzox6qLM1COvctXS72tSjx8
-ÕaëÙü²SµRl®Éª¹t>÷³T'6­–ÿô&
éM¼²¡ñrñR|­øÓ‡ØUÃQñÖ0QdfÖ©åQ<‡*ê4ÅPFÛbV
":ÒÚãùn<C3B9>Bš:¶³%'\Úõ¶;IËÌ&ýökœ£m&Á°…Ë÷|ýJàršÔ9¦áã÷;=Œ
-EÍÎx¯²ù

secrets/passwords/jake.age

@@ -0,0 +1,21 @@
+age-encryption.org/v1
+-> ssh-rsa GxPFJQ
+clM3ZZ+BrFyrKzQEptaVd8zHVtQJZi2gCxeQcdr4X07XFFfDoz+Ft2uY8+FVq54E
+U2d1Qorf14/K7ubHlTMFcTLksD9CsMSpj4tiVzZ6jLzoL2g8ygsnllyT2IcG6dmB
+8ZLRL+agcZJo+9cfdxOYwJTzjbDuuhGKsQDfS5T833CgDfleJ96XVFkDEnf4yQcB
+DBNU4R10SIyHAhRDjZpIRyDAOkwfTVABxHFS9TFfIOWho6tRwfdUeoWAnzqO4wUJ
+FFTvnbiX44WU5VbUf7Em/92NDWtDJM98B2s+LbgZpGk3oqcY4iyVJIhi7Tfrz5+m
+5EXsa62mgd30xXHkdBp+6w
+-> ssh-rsa K9mW1w
+hMggZlLSWTyf2LhYSVnvC11S9yPM7GN5uMRYlRyQoppHsHvNMkRQKYdwdzJUX2QA
+5OZ8XQwxct1MAxCp1kiwa7B/EwrlZfoFZgao8VWSs0TZTMCJnYFJ+ETBmVU1JnNa
+ZOJR+0bTdFMvWCkf5FeIAPz2CeOQ4XfmyU4QMnMdENzUVqPMoB0vPDd9mPNrWeiz
+wuZgD4jqzZDbyuRhveOy4fCBQ485jxnqaT9l+VPQSA9xrDUMC5TA6Vg6yxwmu/hY
+pv1Dni7aCiYALRPr7UK2hNUU84cG+8eFf53w+rngzt1lZElvjO0Oailaz5weCkP7
+nmSfOOpf5/sHE8uhHb9TSA
+-> ssh-ed25519 rjda/A rnnAChws0QFbuQeviARY1GxIMf7Q1EGcLclq9b/pFxM
+sOIHM3BMvKIKzXi14CRXJEiIHikJuRf2cl5egADncV4
+-> ssh-ed25519 8+Ls0w tJ9gHXR03ez8quA9/KSLzc+g8y1HE7RJ6SPsJ8O66hY
+J+YWnfPQClYZRZehQco7zpCZUorLYv8uNinfmcEtq+o
+--- iHsZcXh9VESnGPGMQnB7mdn3EVgCUXduFshfX1q88q0
+ęAZZ›Ź=É:“N3ĘVL¨AÓ"6Nčć4µ†áŇş:éƉX`řÍżkÔýěČ
<01>9Ŕs/rćaWîÍPŐ@§z<C2A7>ínµ›E,PŃ{0V$’mÎj'"=ŽLîŁ&B9$ú(<1B>w†,m›ô©gŚźÉtT8J<˙©0ťú…
_<>!˙PEv®JÎY鳲ě

secrets/secrets.nix

@@ -32,7 +32,7 @@ let
 in
 {
   # User Passwords
-  "passwords/gendry.jakehillion-terminals.ts.hillion.co.uk/jake.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ];
+  "passwords/jake.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.home.router ];
 
   # Tailscale Pre-Auth Keys
   "tailscale/gendry.jakehillion-terminals.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ];