generified a lot of stuff and added SSH keys (EDI private key still needs adding)
This commit is contained in:
parent
6c64a962f4
commit
45c12e8f37
15
flake.nix
15
flake.nix
|
@ -122,7 +122,7 @@
|
|||
};
|
||||
|
||||
sharedModules = [
|
||||
{_module.args = {inherit pkgs-edge;};}
|
||||
./nixos/shared
|
||||
sops-nix.nixosModules.sops
|
||||
disko.nixosModules.disko
|
||||
home-manager.nixosModules.home-manager
|
||||
|
@ -132,14 +132,17 @@
|
|||
{
|
||||
home-manager.sharedModules = [
|
||||
inputs.catppuccin.homeManagerModules.catppuccin
|
||||
./home-manager/shared
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
desktopModules = [
|
||||
./nixos/desktop
|
||||
{
|
||||
home-manager.sharedModules = [
|
||||
inputs.plasma-manager.homeManagerModules.plasma-manager
|
||||
./home-manager/desktop
|
||||
];
|
||||
}
|
||||
];
|
||||
|
@ -175,6 +178,7 @@
|
|||
sharedModules
|
||||
++ desktopModules
|
||||
++ [
|
||||
{_module.args = {inherit pkgs-edge;};}
|
||||
nixos-hardware.nixosModules.dell-xps-13-7390
|
||||
lanzaboote.nixosModules.lanzaboote
|
||||
# > Our main nixos configuration file <
|
||||
|
@ -189,6 +193,7 @@
|
|||
sharedModules
|
||||
++ desktopModules
|
||||
++ [
|
||||
{_module.args = {inherit pkgs-edge;};}
|
||||
# > Our main nixos configuration file <
|
||||
./nixos/hosts/GLaDOS/configuration.nix
|
||||
];
|
||||
|
@ -200,6 +205,7 @@
|
|||
modules =
|
||||
sharedModules
|
||||
++ [
|
||||
{_module.args = {inherit pkgs-edge;};}
|
||||
simple-nixos-mailserver.nixosModule
|
||||
# > Our main nixos configuration file <
|
||||
./nixos/hosts/queen/configuration.nix
|
||||
|
@ -211,12 +217,17 @@
|
|||
specialArgs = {inherit inputs outputs;};
|
||||
modules =
|
||||
sharedModules
|
||||
++ desktopModules
|
||||
++ [
|
||||
{_module.args = {inherit pkgs-edge;};}
|
||||
# > Our main nixos configuration file <
|
||||
./nixos/hosts/shodan/configuration.nix
|
||||
lanzaboote.nixosModules.lanzaboote
|
||||
jovian.nixosModules.jovian
|
||||
{
|
||||
home-manager.sharedModules = [
|
||||
inputs.plasma-manager.homeManagerModules.plasma-manager
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
|
|
|
@ -1,8 +1,4 @@
|
|||
{
|
||||
pkgs,
|
||||
osConfig,
|
||||
...
|
||||
}: {
|
||||
{osConfig, ...}: {
|
||||
home.file.".config/kdeconnect/config" = {
|
||||
text = ''
|
||||
[General]
|
||||
|
@ -10,7 +6,8 @@
|
|||
name=${osConfig.networking.hostName}
|
||||
customDevices=10.0.0.2,10.0.0.3,10.0.0.4,10.0.0.5
|
||||
'';
|
||||
target = "~/.config/kdeconnect/config";
|
||||
target = ".config/kdeconnect/config";
|
||||
force = true;
|
||||
};
|
||||
|
||||
programs.plasma = {
|
||||
|
|
1
home-manager/hosts/EDI/id_ed25519.pub
Normal file
1
home-manager/hosts/EDI/id_ed25519.pub
Normal file
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI
|
1
home-manager/hosts/GLaDOS/id_ed25519.pub
Normal file
1
home-manager/hosts/GLaDOS/id_ed25519.pub
Normal file
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS
|
1
home-manager/hosts/queen/id_ed25519.pub
Normal file
1
home-manager/hosts/queen/id_ed25519.pub
Normal file
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINl+QRyKBYm+sx0hUiD2u6FBdT7aXsZBGUxm4cb7r24k lillian@GLaDOS
|
1
home-manager/hosts/shodan/id_ed25519.pub
Normal file
1
home-manager/hosts/shodan/id_ed25519.pub
Normal file
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKRT5MqPrYUhhD5rJFp0PQbkTRtGcNaCaTxEkZw9RiVT lillian@GLaDOS
|
1
home-manager/hosts/wheatley/id_ed25519.pub
Normal file
1
home-manager/hosts/wheatley/id_ed25519.pub
Normal file
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMrmRjLF2tVkWeV7EOgUiF77Q9t+rBziRAdOPo92pyvF lillian@GLaDOS
|
|
@ -1,4 +1,8 @@
|
|||
{pkgs, ...}: {
|
||||
{
|
||||
pkgs,
|
||||
osConfig,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
./shell/helix
|
||||
./shell/zellij
|
||||
|
@ -10,6 +14,11 @@
|
|||
home = {
|
||||
username = "lillian";
|
||||
homeDirectory = "/home/lillian";
|
||||
file."id_ed25519.pub" = {
|
||||
source = ../hosts/${osConfig.networking.hostName}/id_ed25519.pub;
|
||||
target = ".ssh/id_ed25519.pub";
|
||||
force = true;
|
||||
};
|
||||
};
|
||||
|
||||
catppuccin = {
|
||||
|
|
|
@ -193,7 +193,6 @@
|
|||
users.users.lillian.extraGroups = ["tss"];
|
||||
boot = {
|
||||
# tss group has access to TPM devices
|
||||
# FIXME: re-enable virtual camera loopback when it build again.
|
||||
bootspec.enable = true;
|
||||
#boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
|
||||
#boot.supportedFilesystems = ["bcachefs"];
|
||||
|
|
|
@ -22,19 +22,11 @@
|
|||
# You can also split up your configuration and import pieces of it here:
|
||||
# ./users.nix
|
||||
|
||||
../../desktop
|
||||
|
||||
../../../disko/EDI
|
||||
|
||||
# Import your generated (nixos-generate-config) hardware configuration
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
sops = {
|
||||
defaultSopsFile = ./secrets/sops.yaml;
|
||||
|
||||
secrets."wg-private-key".mode = "0440";
|
||||
secrets."wg-private-key".owner = config.users.users.root.name;
|
||||
};
|
||||
|
||||
home-manager = {
|
||||
extraSpecialArgs = {inherit inputs outputs;};
|
||||
|
|
|
@ -21,25 +21,13 @@
|
|||
# You can also split up your configuration and import pieces of it here:
|
||||
# ./users.nix
|
||||
|
||||
../../desktop
|
||||
# ../../desktop
|
||||
|
||||
../../../disko/GLaDOS
|
||||
|
||||
# Import your generated (nixos-generate-config) hardware configuration
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
sops = {
|
||||
defaultSopsFile = ./secrets/sops.yaml;
|
||||
|
||||
secrets."wg-private-key".mode = "0440";
|
||||
secrets."wg-private-key".owner = config.users.users.root.name;
|
||||
|
||||
secrets."ssh-private-key" = {
|
||||
mode = "0600";
|
||||
owner = config.users.users.lillian.name;
|
||||
path = "/home/lillian/.ssh/id_ed25519";
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
];
|
||||
|
|
|
@ -16,8 +16,8 @@ sops:
|
|||
MUZWTVh0dVdMZlRzelJ4WlROUlIyNmcKphNuMN9Wh8h/gvmtUxQWjPKtgjWriLRD
|
||||
+DpEEVGrmu0RJ8/wUqjxGoL4GzLAlZm4EnKlyUyA0tw8sbLZ2Lnl/w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-12-16T20:07:30Z"
|
||||
mac: ENC[AES256_GCM,data:LyerFgV0q5Sr4L8OuTFcepVPcsO0IQBZlCFreank+pgnndizQHgQI461yOmHMBQwhEEeL4IBSdkG7CnNbacB0od0BMwZK67OOH13wlEdefQQ64ffWgh9p3jA/MX2dfyY2Qt1jLZLsuwwSETHjXbw4kqk/ik8btacChSu17t+k00=,iv:uNfke8f5os67hfkwVXsWU7OkiNgOQPTq1smXd7h69P0=,tag:T7VHAyGdx+9sip+omw5DDw==,type:str]
|
||||
lastmodified: "2024-12-22T22:09:35Z"
|
||||
mac: ENC[AES256_GCM,data:yjUFBgTLQI9Nh2tjiNNV2bsPJsDRQChPEptO8Gmt2vLEK/Kuwl0bZ9J+OmOTe4NOpwq5b/lYt0Lj7itEeOWWW5nnz2Jq0/dLMEu0mSxoWv1rOKylhoeG8oIEx0ui7VKfst72UW/jqqm9TUkDzuskVND1pd4DV3/GQRmy16WPkyo=,iv:the5XkB13jRuNP8Kj9Jmn4csIaDPt1NnScXbxPt7Dk4=,tag:aY4hU9v66/AwrtvcLAT/mA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
|
|
|
@ -51,9 +51,6 @@
|
|||
};
|
||||
};
|
||||
|
||||
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
|
||||
sops.defaultSopsFile = ./secrets/sops.yaml;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
fzf
|
||||
matrix-conduit
|
||||
|
|
|
@ -13,6 +13,7 @@ grafana-telegraf-key: ENC[AES256_GCM,data:agpUzG1/n2NAKDt45IgelmDf0CUlC82fmD4f7J
|
|||
sync-secrets: ENC[AES256_GCM,data:AwCgqfSXmYVGnCV5PJ5Ql44IiutTS76F1H7Ow7gB4mQQ8PtiAsmArzpAXd7LzsXedm55X04U+GvkcbM9cwPcF+psyb3Zi8EnI/mjnI9MgFyySSEcosJZVAtCpXGIMyYgRXtF5OBh5CzupAG059d1TDAqrSpLXMuSDdypTaOMHxnlq5q1swfpzhhY3PVgUKVFXdjZLX8aF3JTE9ceVxFsB+traLzOQsl+QKty0x0mpuqR97zkMCchX7bTwgUgbl7phzTvmwV8Qw==,iv:gkZs5NB9+CLfz4kfV4ha2llZQPP81uuXRKqUlASgpiA=,tag:DXkiG0ZFHLHlVhwLwtv/XQ==,type:str]
|
||||
writefreely: ENC[AES256_GCM,data:QOj5h/rHCxmgpPNhu3IS4eyruhQokHTJxW6yQM9YDgQ=,iv:qAd+/rAAanzL9FTIX22M+2kwI0WI2d3i86cJrn8MFBo=,tag:3zvpqnovDEoJdvK/qcFDuQ==,type:str]
|
||||
writefreelymysql: ENC[AES256_GCM,data:1JZwIX04O3DBAo7JvEkeNrFcSdcmk/u4WUf/kkbr2JA=,iv:8H8MR8w1iLfl2r62EbxPnLzs4qWFmwB5gNKEaly8q6c=,tag:K01oKMXkeMOFs3u7frMs0Q==,type:str]
|
||||
ssh-private-key: ENC[AES256_GCM,data:DK/ggskAyhvotRkf36oZBoPw3hGvVlXneqaJZRPwX2a3YVMy4zgDE3iN65UeR6mfkp9J3OmLejOHeWFB/bRCHY3oTW6GUuZljTe2rI1/x/d2s4zX5UPPEWcy3cXH25d72DzElQBEMDKuZyDe0OZ0/NkR//vEeXgoA2Nr/NKHlTWrq/t26DMD2Vt+kQ+S9b0hh4tgh3OP1lwRu9/mTJOmInd/86gKB9+aD9V0oFvNbMEmgbwIah+ZjQBHB7GEIwjUc/lLmc+3RSn9J0rICIhnhL7NTzHUDHkYd93Tm0L9UHIyi9Oco2sK8tuV5mTDM1OK8CbDg/5FICTQ0H4sstCrDNZd2wE4E1kaZuwYOyxpzQpWJY8jOxxw5oIE0IccvvptM/9vp+0f1F2RIDrkIdHSLpFbGZGvXNVAWlXyv+0qOYS7BGzD0KAh9f74GcAvULq36vdzBahb5e+CqT3JXESne8qhkpsP0G9Z1I1Fy0xpADx/9cTnAm5RmXTw/KBPmBA5IZYZBRbR/C+N7Xyxr7u9RcwFJdIbSpAeT/ew,iv:pHT7DtX1ab7boPboXRaSg9w/4sMgNraEswtEf2tBPkw=,tag:Fbw2/Evf4ZsLFMBPflf9CA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -28,8 +29,8 @@ sops:
|
|||
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
|
||||
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-08-16T13:34:43Z"
|
||||
mac: ENC[AES256_GCM,data:IdQmx7/Y2fdQ9gBgKYCUZQuAVRqbP5KWG4EplO6pYqA8b5xzGnmCSCwyYIXU+3NExEZCEKEfX68mdYlWPRTKUdamOBdN+fQrGXwr5lw5dpKe03ccGw7Hayi0B4O8WbLEjw1RU50v2eoK9MpD5FPrUu1AzGz3+txxzV3hoxg6Sp0=,iv:WXvxAvg+sAKYbzjaz1QKDgVrnMraO3EtIgC12zb9Xi0=,tag:FmH84rGBotouvjCOq+xL8w==,type:str]
|
||||
lastmodified: "2024-12-22T22:32:56Z"
|
||||
mac: ENC[AES256_GCM,data:kWB6eGaMgON0BFvDQ7BxX36Zul5eT91G6QUJBBHXBbhFm2hg7H3VaPRjsQxAje4juuh3VmaCcydlpQzHfPc4+E97MQNQRA3Ud7Qxi+Bc5jFwtANgoQha3Wja4OSEWcIAIgLTeSJrB9eJa2HqDnZWiAXVPl32lCOVg/Ns+QS1+CU=,iv:wp1a1hEyc8XrWUyYLh2iLvvQOPIcfV0/2rzJnF+HnsE=,tag:Tjdbl+hB4+ZjG+MmscQnvQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
||||
version: 3.9.2
|
||||
|
|
|
@ -16,7 +16,6 @@
|
|||
# inputs.nix-colors.homeManagerModules.default
|
||||
|
||||
# Import the shared settings
|
||||
../../shared
|
||||
../../desktop/package-configs/firefox
|
||||
|
||||
# You can also split up your configuration and import pieces of it here:
|
||||
|
@ -149,14 +148,6 @@
|
|||
allowUnfree = true;
|
||||
};
|
||||
};
|
||||
sops = {
|
||||
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
|
||||
defaultSopsFile = ./secrets/sops.yaml;
|
||||
|
||||
secrets."wg-private-key".mode = "0440";
|
||||
secrets."wg-private-key".owner = config.users.users.root.name;
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
# Custom tools
|
||||
auto-mount
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
lillian-password: ENC[AES256_GCM,data:uPNBvMyhkiX3eedduFlsFUIcas/VBVSYrsmGTlgGUOzTQST59CYZRoq0ArphIJ3+Usy6KbR5tA5FCp4PoB3qVYBfjlAq6dhZIw==,iv:TiUIo2lvdL6SiDuW4gWn0TeJXkz5MldzqGxuK3MNPnE=,tag:d3p/h+q50JxygDtk2qxIeQ==,type:str]
|
||||
wg-private-key: ENC[AES256_GCM,data:PeuKeYRHfOzGlekLI95EH3qq+blntZrrboPKaKC0ghD5zIyaCYrFHYWLkug=,iv:BcugGYW7+i7d04H4EKn+BdJJPqwMVVvlHBETO0x0kQM=,tag:Z/ammSrFpWTIbVfi4VJZ9w==,type:str]
|
||||
ssh-private-key: ENC[AES256_GCM,data:7K3p6Lu4je2fNmvtKpLY2z7MG5E0gg3486PCLTlm/NzWpiH0FO8KO2yPkPPVurXfUWj7ig3eiP+bc6+kufRQ8+MCHaR+JA056cdMch0MMK92FyPvJjNKzwB4W3BpdvOKipaZvuvSfgdrEdpz6rWRwBb9KaUW5aHBjW5eQNm+q0yP2uZjW6Ncp/zrdevjlRJyXGnNJD8CBDQgLILvqlvziRO4xBnSZOmFpdCKM9jMkxwHIQUND4ic71G6cheN+kIsgsa67DlJjfrngGWxKrlC3Q2DC+30vHtW8f18oa+g7eu9eTz8+bSLxYJf9TADwE+UYe2Hakib1ju67yxBkcomIjBvqgo+zEr0jC2qYmOvlKfqn64gSbAE7zEVCbavz6gA2EMb0g47twtAdgGUyzppGQ4LXjZXv6lyYov2gdXP7bzAcXXfzDh92BuTUOp9HXOTsLh7XC7cPKziowwwT+oUeOaSujMT9tgqkazgcVR3ne+PjxduptV75gxOwxeu6F2Zm+4Y4xJBdJeyP1Baq0yj4HNY/gv3pxEEXgU5,iv:TJ3AsSvXeUmBsKd6xy+Kc1ws+Yc9ZQ5Q4A8UFHI7Wsg=,tag:egCYoe3Mkbvkup0itszm4w==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -15,8 +16,8 @@ sops:
|
|||
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
|
||||
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-12-06T18:02:27Z"
|
||||
mac: ENC[AES256_GCM,data:qMvaXA/3B7rp2BvG10lvLdY/rD1ooh0QwwdfgzixeoHZxnqxmz7HZGP1UE1bGIbLYYeWGEJW440uDll5Q3ky+0qz7W8VbFEYBjaCyNcicnlLgFZXKh2nxeErubzF+I82X8wfNndAH1HWZZmPasTdDHfudjWyZF4/JKPboiyr5xE=,iv:ikj6goYS81rixJDHCWag1pYD6bSasSVOYyENlRjqn9w=,tag:Q3hQO9rqwnCBRLxec0/LTg==,type:str]
|
||||
lastmodified: "2024-12-22T22:35:15Z"
|
||||
mac: ENC[AES256_GCM,data:olqDdjgOF7MsYXibawEn4bou6LPof25j231+Vwr+pSGCO19Sj44OkZpS0YmNBi+Uym+X6RGM5uV3fg4JYVgThnALI9JFyFuZ41gjPRyNBXJ16RnogKykHK5XNjQEogYho5bgLA8DTDeOvSfFHW2ENM052z6lJyAaPWJLa4ADlEY=,iv:YXGKcHQfqZCnK9Z3Nw/JxcTmZR++0iKUc7PDbLBqahY=,tag:UbHZvFZjaYjrC51Q1f/oyg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
version: 3.9.2
|
||||
|
|
|
@ -109,9 +109,6 @@
|
|||
};
|
||||
};
|
||||
sops = {
|
||||
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
|
||||
defaultSopsFile = ./secrets/sops.yaml;
|
||||
|
||||
# users.users = {
|
||||
# ombi.extraGroups = ["radarr" "sonarr" "aria2"];
|
||||
# };
|
||||
|
@ -143,8 +140,6 @@
|
|||
|
||||
secrets."protonvpn-priv-key".mode = "0440";
|
||||
secrets."protonvpn-priv-key".owner = config.users.users.root.name;
|
||||
secrets."wg-private-key".mode = "0440";
|
||||
secrets."wg-private-key".owner = config.users.users.root.name;
|
||||
};
|
||||
boot = {
|
||||
kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
|
||||
|
|
|
@ -4,6 +4,7 @@ protonvpn-priv-key: ENC[AES256_GCM,data:s4LAq1Rqm+jGaK3OKcjIBCQYXPs3oEuTKJMAM+gF
|
|||
rpcSecret: ENC[AES256_GCM,data:3tCZk2csB/ofxPc6,iv:NwT6k1hh73moH6eErT23/Dvwgb1wP/qIuoxXnCgNSao=,tag:nh0mFsh9I4R1baCL1oH+AA==,type:str]
|
||||
webdav-secret: ENC[AES256_GCM,data:SDFyHaE+HprkguOmDfnzwQ/n5OYgbTpxcVl4FGiLcsItefbSDOIQg5l01fqVB8zv+rRGlPcyRrIn7KTPrTpBx7X4RNHfFK4FKKvAANt6z0e5pu1+wnoObWxTShCFjfFoRCLkoh/j/CmLFyFIafrI7rzZUhs=,iv:stygLmNVWXkZL5A0J83CKPefRr7TqXeygQVLszr28eY=,tag:9hss2c77JELSASnwUyAF4w==,type:str]
|
||||
wg-private-key: ENC[AES256_GCM,data:5WGAAst0qVqn1siX3snkAhsSDhZaS33XHT44BfViWLZqvzw+OhPB/jkSr4U=,iv:yXfN50SM3OWdycINB8iWXtvCSS01NBTrGBs1kxd1j0M=,tag:yhjDY1AM5aQ6DFeFEjo2Mw==,type:str]
|
||||
ssh-private-key: ENC[AES256_GCM,data:zbCR/+REHSN4BIQIXSOQjSRKYWhaXutdn4AE2zxmN44qHPzMI98c7/aX2KFhHOL+vKpgyhhR6JAGVTF5Jk72lmIHwDvwvwx+gLXgpZH1KEK3nTUdwUVcqBDsVB4Na5rTsHMWmRH+NxV7n+3nSQo/Byi0Jb602IPXRNREL+0toCbHon27/o2uIy4uzbsEWZu6N2hadzQCtXmHJM2dqmbKvpADt04TQ4wAcZ6wB0538g5WdtOSU6T1xcBBSDU7MNEVP7e7dUPKJWK79cI+RrzpGIh/da7cM6exSBRas711oL6woH4Hi3G6Yjd1rPxBPt1+/qq45gm/4UvjQywn/1s7BInCe9/5vJLn3TEzuUd96CsT36vEsxMeOekXf50Ntu6Xr02bnFRwUBm76BVGAggwGf/khRNJuLw0xHsCdeKzHsPD0efe5mHTJw8mB3M6vDhO6e3g6E3uRjjBaDnrPuHuD4NE1kCjQTTJh3NbuT2Ab55lhpSOEK+f0Ik2qZgKzALvJhn+MILjXSfP/hXgiwBeP4dkTY3fOcpmnPyS,iv:ojh2hzVzJFy1kvvo/WvaIpMpGT+b9aSC+L8L0iwhF1o=,tag:bHOj/fxDn/qUmp1eijLPuw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -19,8 +20,8 @@ sops:
|
|||
Vm9mWk5JRGtZNVVhN1JQWTBlb2kySkEKoLI1MzS3uGNUbyn7kI5DylKZiPtc1div
|
||||
bKIboWoobTfDt0EURfmZ5+JrX6DlZxRyNQyl9dsKmZT6pLdaIppStA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-12-06T17:42:47Z"
|
||||
mac: ENC[AES256_GCM,data:Fcc8x/C6iv62OJeLSGZlfsLzscWVAki1vdJvPiApx8N0Uazkq0G5PS6haoLEtOzDw2Fi/0pvVWef+O+lOg/mtqxxNBXozv1f66Q9HQCZOZP0PRQPEVcWJJ/vuPMSOlQDEiGJnuakJZeOmtuZkGStcfmlcybsOlyvEYwvbpeweDI=,iv:oDpoDDcQ/+ovsjkCeRLx9Fpiv+0/f/KkC4fFDdUmxHo=,tag:SiYHQmVz0vLFCOs0xhgr4g==,type:str]
|
||||
lastmodified: "2024-12-22T22:37:02Z"
|
||||
mac: ENC[AES256_GCM,data:T31z1/pngI6Wa3HMyOxS5ofb2Y5YqK0v5m96mn7n5dQ0d992ooEpoNyE7r8qHsD+tXiHvLIybWUMiMlDLI7Gq8op9GLEYYnFNDfc24k7lQPPuQK/iraJFUQwiRBbK063Rmfa6q6S3P2YN58+oxUJUiKuAy4yUIJTNaHeCCH8HMc=,iv:uLbAtSNbUcsejWdE1oBvCQVOtuaHL7A3R0sT/ispjhU=,tag:t3D7h0B0dDDZ18qo8G8wiA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
version: 3.9.2
|
||||
|
|
|
@ -9,8 +9,21 @@
|
|||
./locale
|
||||
./packages
|
||||
];
|
||||
sops.age.keyFile = ../../../../../../var/secrets/keys.txt;
|
||||
sops.secrets."lillian-password".neededForUsers = true;
|
||||
sops = {
|
||||
age.keyFile = ../../../../../../var/secrets/keys.txt;
|
||||
secrets."lillian-password".neededForUsers = true;
|
||||
|
||||
defaultSopsFile = ../hosts/${config.networking.hostName}/secrets/sops.yaml;
|
||||
|
||||
secrets."wg-private-key".mode = "0440";
|
||||
secrets."wg-private-key".owner = config.users.users.root.name;
|
||||
|
||||
secrets."ssh-private-key" = {
|
||||
mode = "0600";
|
||||
owner = config.users.users.lillian.name;
|
||||
path = "/home/lillian/.ssh/id_ed25519";
|
||||
};
|
||||
};
|
||||
|
||||
#TODO: remove this when unneeded for freetube
|
||||
nixpkgs.config.permittedInsecurePackages = [
|
||||
|
@ -50,27 +63,17 @@
|
|||
];
|
||||
};
|
||||
};
|
||||
|
||||
catppuccin.flavor = "macchiato";
|
||||
catppuccin.enable = true;
|
||||
catppuccin.plymouth.enable = false;
|
||||
catppuccin.grub.enable = false;
|
||||
catppuccin = {
|
||||
flavor = "macchiato";
|
||||
enable = true;
|
||||
plymouth.enable = false;
|
||||
grub.enable = false;
|
||||
};
|
||||
|
||||
# console.catppuccin.enable = true;
|
||||
|
||||
home-manager.backupFileExtension = "backup";
|
||||
|
||||
users.users.lillian = {
|
||||
isNormalUser = true;
|
||||
extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"];
|
||||
shell = pkgs.zsh;
|
||||
hashedPasswordFile = config.sops.secrets."lillian-password".path;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS"
|
||||
];
|
||||
};
|
||||
|
||||
programs.zsh = {
|
||||
enable = true;
|
||||
};
|
||||
|
@ -133,10 +136,22 @@
|
|||
|
||||
# Enable completion of system packages by zsh
|
||||
environment.pathsToLink = ["/share/zsh"];
|
||||
users = {
|
||||
users.lillian = {
|
||||
isNormalUser = true;
|
||||
extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"];
|
||||
shell = pkgs.zsh;
|
||||
hashedPasswordFile = config.sops.secrets."lillian-password".path;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS"
|
||||
];
|
||||
};
|
||||
|
||||
users.mutableUsers = false;
|
||||
mutableUsers = false;
|
||||
|
||||
users.users.root = {
|
||||
hashedPassword = "*";
|
||||
users.root = {
|
||||
hashedPassword = "*";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue