diff --git a/flake.nix b/flake.nix index f318d3b..7a5e203 100644 --- a/flake.nix +++ b/flake.nix @@ -122,7 +122,7 @@ }; sharedModules = [ - {_module.args = {inherit pkgs-edge;};} + ./nixos/shared sops-nix.nixosModules.sops disko.nixosModules.disko home-manager.nixosModules.home-manager @@ -132,14 +132,17 @@ { home-manager.sharedModules = [ inputs.catppuccin.homeManagerModules.catppuccin + ./home-manager/shared ]; } ]; desktopModules = [ + ./nixos/desktop { home-manager.sharedModules = [ inputs.plasma-manager.homeManagerModules.plasma-manager + ./home-manager/desktop ]; } ]; @@ -175,6 +178,7 @@ sharedModules ++ desktopModules ++ [ + {_module.args = {inherit pkgs-edge;};} nixos-hardware.nixosModules.dell-xps-13-7390 lanzaboote.nixosModules.lanzaboote # > Our main nixos configuration file < @@ -189,6 +193,7 @@ sharedModules ++ desktopModules ++ [ + {_module.args = {inherit pkgs-edge;};} # > Our main nixos configuration file < ./nixos/hosts/GLaDOS/configuration.nix ]; @@ -200,6 +205,7 @@ modules = sharedModules ++ [ + {_module.args = {inherit pkgs-edge;};} simple-nixos-mailserver.nixosModule # > Our main nixos configuration file < ./nixos/hosts/queen/configuration.nix @@ -211,12 +217,17 @@ specialArgs = {inherit inputs outputs;}; modules = sharedModules - ++ desktopModules ++ [ + {_module.args = {inherit pkgs-edge;};} # > Our main nixos configuration file < ./nixos/hosts/shodan/configuration.nix lanzaboote.nixosModules.lanzaboote jovian.nixosModules.jovian + { + home-manager.sharedModules = [ + inputs.plasma-manager.homeManagerModules.plasma-manager + ]; + } ]; }; diff --git a/home-manager/desktop/package-configs/plasma-desktop.nix b/home-manager/desktop/package-configs/plasma-desktop.nix index 9daf7e7..c76c860 100644 --- a/home-manager/desktop/package-configs/plasma-desktop.nix +++ b/home-manager/desktop/package-configs/plasma-desktop.nix @@ -1,8 +1,4 @@ -{ - pkgs, - osConfig, - ... -}: { +{osConfig, ...}: { home.file.".config/kdeconnect/config" = { text = '' [General] @@ -10,7 +6,8 @@ name=${osConfig.networking.hostName} customDevices=10.0.0.2,10.0.0.3,10.0.0.4,10.0.0.5 ''; - target = "~/.config/kdeconnect/config"; + target = ".config/kdeconnect/config"; + force = true; }; programs.plasma = { diff --git a/home-manager/hosts/EDI/id_ed25519.pub b/home-manager/hosts/EDI/id_ed25519.pub new file mode 100644 index 0000000..9c0c307 --- /dev/null +++ b/home-manager/hosts/EDI/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI diff --git a/home-manager/hosts/GLaDOS/id_ed25519.pub b/home-manager/hosts/GLaDOS/id_ed25519.pub new file mode 100644 index 0000000..6f641a9 --- /dev/null +++ b/home-manager/hosts/GLaDOS/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS diff --git a/home-manager/hosts/queen/id_ed25519.pub b/home-manager/hosts/queen/id_ed25519.pub new file mode 100644 index 0000000..d06bc9c --- /dev/null +++ b/home-manager/hosts/queen/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINl+QRyKBYm+sx0hUiD2u6FBdT7aXsZBGUxm4cb7r24k lillian@GLaDOS diff --git a/home-manager/hosts/shodan/id_ed25519.pub b/home-manager/hosts/shodan/id_ed25519.pub new file mode 100644 index 0000000..c5065c3 --- /dev/null +++ b/home-manager/hosts/shodan/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKRT5MqPrYUhhD5rJFp0PQbkTRtGcNaCaTxEkZw9RiVT lillian@GLaDOS diff --git a/home-manager/hosts/wheatley/id_ed25519.pub b/home-manager/hosts/wheatley/id_ed25519.pub new file mode 100644 index 0000000..0c84515 --- /dev/null +++ b/home-manager/hosts/wheatley/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMrmRjLF2tVkWeV7EOgUiF77Q9t+rBziRAdOPo92pyvF lillian@GLaDOS diff --git a/home-manager/shared/default.nix b/home-manager/shared/default.nix index 1d6907e..72d28fe 100644 --- a/home-manager/shared/default.nix +++ b/home-manager/shared/default.nix @@ -1,4 +1,8 @@ -{pkgs, ...}: { +{ + pkgs, + osConfig, + ... +}: { imports = [ ./shell/helix ./shell/zellij @@ -10,6 +14,11 @@ home = { username = "lillian"; homeDirectory = "/home/lillian"; + file."id_ed25519.pub" = { + source = ../hosts/${osConfig.networking.hostName}/id_ed25519.pub; + target = ".ssh/id_ed25519.pub"; + force = true; + }; }; catppuccin = { diff --git a/nixos/desktop/default.nix b/nixos/desktop/default.nix index c1f3e12..5d00235 100644 --- a/nixos/desktop/default.nix +++ b/nixos/desktop/default.nix @@ -193,7 +193,6 @@ users.users.lillian.extraGroups = ["tss"]; boot = { # tss group has access to TPM devices - # FIXME: re-enable virtual camera loopback when it build again. bootspec.enable = true; #boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; #boot.supportedFilesystems = ["bcachefs"]; diff --git a/nixos/hosts/EDI/configuration.nix b/nixos/hosts/EDI/configuration.nix index cf83571..9069e21 100644 --- a/nixos/hosts/EDI/configuration.nix +++ b/nixos/hosts/EDI/configuration.nix @@ -22,19 +22,11 @@ # You can also split up your configuration and import pieces of it here: # ./users.nix - ../../desktop - ../../../disko/EDI # Import your generated (nixos-generate-config) hardware configuration ./hardware-configuration.nix ]; - sops = { - defaultSopsFile = ./secrets/sops.yaml; - - secrets."wg-private-key".mode = "0440"; - secrets."wg-private-key".owner = config.users.users.root.name; - }; home-manager = { extraSpecialArgs = {inherit inputs outputs;}; diff --git a/nixos/hosts/GLaDOS/configuration.nix b/nixos/hosts/GLaDOS/configuration.nix index bcf54e1..d0efd2a 100644 --- a/nixos/hosts/GLaDOS/configuration.nix +++ b/nixos/hosts/GLaDOS/configuration.nix @@ -21,25 +21,13 @@ # You can also split up your configuration and import pieces of it here: # ./users.nix - ../../desktop + # ../../desktop ../../../disko/GLaDOS # Import your generated (nixos-generate-config) hardware configuration ./hardware-configuration.nix ]; - sops = { - defaultSopsFile = ./secrets/sops.yaml; - - secrets."wg-private-key".mode = "0440"; - secrets."wg-private-key".owner = config.users.users.root.name; - - secrets."ssh-private-key" = { - mode = "0600"; - owner = config.users.users.lillian.name; - path = "/home/lillian/.ssh/id_ed25519"; - }; - }; environment.systemPackages = with pkgs; [ ]; diff --git a/nixos/hosts/GLaDOS/secrets/sops.yaml b/nixos/hosts/GLaDOS/secrets/sops.yaml index cb4c135..def2177 100644 --- a/nixos/hosts/GLaDOS/secrets/sops.yaml +++ b/nixos/hosts/GLaDOS/secrets/sops.yaml @@ -16,8 +16,8 @@ sops: MUZWTVh0dVdMZlRzelJ4WlROUlIyNmcKphNuMN9Wh8h/gvmtUxQWjPKtgjWriLRD +DpEEVGrmu0RJ8/wUqjxGoL4GzLAlZm4EnKlyUyA0tw8sbLZ2Lnl/w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-16T20:07:30Z" - mac: ENC[AES256_GCM,data:LyerFgV0q5Sr4L8OuTFcepVPcsO0IQBZlCFreank+pgnndizQHgQI461yOmHMBQwhEEeL4IBSdkG7CnNbacB0od0BMwZK67OOH13wlEdefQQ64ffWgh9p3jA/MX2dfyY2Qt1jLZLsuwwSETHjXbw4kqk/ik8btacChSu17t+k00=,iv:uNfke8f5os67hfkwVXsWU7OkiNgOQPTq1smXd7h69P0=,tag:T7VHAyGdx+9sip+omw5DDw==,type:str] + lastmodified: "2024-12-22T22:09:35Z" + mac: ENC[AES256_GCM,data:yjUFBgTLQI9Nh2tjiNNV2bsPJsDRQChPEptO8Gmt2vLEK/Kuwl0bZ9J+OmOTe4NOpwq5b/lYt0Lj7itEeOWWW5nnz2Jq0/dLMEu0mSxoWv1rOKylhoeG8oIEx0ui7VKfst72UW/jqqm9TUkDzuskVND1pd4DV3/GQRmy16WPkyo=,iv:the5XkB13jRuNP8Kj9Jmn4csIaDPt1NnScXbxPt7Dk4=,tag:aY4hU9v66/AwrtvcLAT/mA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2 diff --git a/nixos/hosts/queen/configuration.nix b/nixos/hosts/queen/configuration.nix index 93500ba..a85f6c2 100644 --- a/nixos/hosts/queen/configuration.nix +++ b/nixos/hosts/queen/configuration.nix @@ -51,9 +51,6 @@ }; }; - #Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys - sops.defaultSopsFile = ./secrets/sops.yaml; - environment.systemPackages = with pkgs; [ fzf matrix-conduit diff --git a/nixos/hosts/queen/secrets/sops.yaml b/nixos/hosts/queen/secrets/sops.yaml index 2213774..d652321 100644 --- a/nixos/hosts/queen/secrets/sops.yaml +++ b/nixos/hosts/queen/secrets/sops.yaml @@ -13,6 +13,7 @@ grafana-telegraf-key: ENC[AES256_GCM,data:agpUzG1/n2NAKDt45IgelmDf0CUlC82fmD4f7J sync-secrets: ENC[AES256_GCM,data:AwCgqfSXmYVGnCV5PJ5Ql44IiutTS76F1H7Ow7gB4mQQ8PtiAsmArzpAXd7LzsXedm55X04U+GvkcbM9cwPcF+psyb3Zi8EnI/mjnI9MgFyySSEcosJZVAtCpXGIMyYgRXtF5OBh5CzupAG059d1TDAqrSpLXMuSDdypTaOMHxnlq5q1swfpzhhY3PVgUKVFXdjZLX8aF3JTE9ceVxFsB+traLzOQsl+QKty0x0mpuqR97zkMCchX7bTwgUgbl7phzTvmwV8Qw==,iv:gkZs5NB9+CLfz4kfV4ha2llZQPP81uuXRKqUlASgpiA=,tag:DXkiG0ZFHLHlVhwLwtv/XQ==,type:str] writefreely: ENC[AES256_GCM,data:QOj5h/rHCxmgpPNhu3IS4eyruhQokHTJxW6yQM9YDgQ=,iv:qAd+/rAAanzL9FTIX22M+2kwI0WI2d3i86cJrn8MFBo=,tag:3zvpqnovDEoJdvK/qcFDuQ==,type:str] writefreelymysql: ENC[AES256_GCM,data:1JZwIX04O3DBAo7JvEkeNrFcSdcmk/u4WUf/kkbr2JA=,iv:8H8MR8w1iLfl2r62EbxPnLzs4qWFmwB5gNKEaly8q6c=,tag:K01oKMXkeMOFs3u7frMs0Q==,type:str] +ssh-private-key: ENC[AES256_GCM,data:DK/ggskAyhvotRkf36oZBoPw3hGvVlXneqaJZRPwX2a3YVMy4zgDE3iN65UeR6mfkp9J3OmLejOHeWFB/bRCHY3oTW6GUuZljTe2rI1/x/d2s4zX5UPPEWcy3cXH25d72DzElQBEMDKuZyDe0OZ0/NkR//vEeXgoA2Nr/NKHlTWrq/t26DMD2Vt+kQ+S9b0hh4tgh3OP1lwRu9/mTJOmInd/86gKB9+aD9V0oFvNbMEmgbwIah+ZjQBHB7GEIwjUc/lLmc+3RSn9J0rICIhnhL7NTzHUDHkYd93Tm0L9UHIyi9Oco2sK8tuV5mTDM1OK8CbDg/5FICTQ0H4sstCrDNZd2wE4E1kaZuwYOyxpzQpWJY8jOxxw5oIE0IccvvptM/9vp+0f1F2RIDrkIdHSLpFbGZGvXNVAWlXyv+0qOYS7BGzD0KAh9f74GcAvULq36vdzBahb5e+CqT3JXESne8qhkpsP0G9Z1I1Fy0xpADx/9cTnAm5RmXTw/KBPmBA5IZYZBRbR/C+N7Xyxr7u9RcwFJdIbSpAeT/ew,iv:pHT7DtX1ab7boPboXRaSg9w/4sMgNraEswtEf2tBPkw=,tag:Fbw2/Evf4ZsLFMBPflf9CA==,type:str] sops: kms: [] gcp_kms: [] @@ -28,8 +29,8 @@ sops: KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-16T13:34:43Z" - mac: ENC[AES256_GCM,data:IdQmx7/Y2fdQ9gBgKYCUZQuAVRqbP5KWG4EplO6pYqA8b5xzGnmCSCwyYIXU+3NExEZCEKEfX68mdYlWPRTKUdamOBdN+fQrGXwr5lw5dpKe03ccGw7Hayi0B4O8WbLEjw1RU50v2eoK9MpD5FPrUu1AzGz3+txxzV3hoxg6Sp0=,iv:WXvxAvg+sAKYbzjaz1QKDgVrnMraO3EtIgC12zb9Xi0=,tag:FmH84rGBotouvjCOq+xL8w==,type:str] + lastmodified: "2024-12-22T22:32:56Z" + mac: ENC[AES256_GCM,data:kWB6eGaMgON0BFvDQ7BxX36Zul5eT91G6QUJBBHXBbhFm2hg7H3VaPRjsQxAje4juuh3VmaCcydlpQzHfPc4+E97MQNQRA3Ud7Qxi+Bc5jFwtANgoQha3Wja4OSEWcIAIgLTeSJrB9eJa2HqDnZWiAXVPl32lCOVg/Ns+QS1+CU=,iv:wp1a1hEyc8XrWUyYLh2iLvvQOPIcfV0/2rzJnF+HnsE=,tag:Tjdbl+hB4+ZjG+MmscQnvQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.0 + version: 3.9.2 diff --git a/nixos/hosts/shodan/configuration.nix b/nixos/hosts/shodan/configuration.nix index 00abfb6..9542546 100644 --- a/nixos/hosts/shodan/configuration.nix +++ b/nixos/hosts/shodan/configuration.nix @@ -16,7 +16,6 @@ # inputs.nix-colors.homeManagerModules.default # Import the shared settings - ../../shared ../../desktop/package-configs/firefox # You can also split up your configuration and import pieces of it here: @@ -149,14 +148,6 @@ allowUnfree = true; }; }; - sops = { - #Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys - defaultSopsFile = ./secrets/sops.yaml; - - secrets."wg-private-key".mode = "0440"; - secrets."wg-private-key".owner = config.users.users.root.name; - }; - environment.systemPackages = with pkgs; [ # Custom tools auto-mount diff --git a/nixos/hosts/shodan/secrets/sops.yaml b/nixos/hosts/shodan/secrets/sops.yaml index 64419ad..3c8e216 100644 --- a/nixos/hosts/shodan/secrets/sops.yaml +++ b/nixos/hosts/shodan/secrets/sops.yaml @@ -1,5 +1,6 @@ lillian-password: ENC[AES256_GCM,data:uPNBvMyhkiX3eedduFlsFUIcas/VBVSYrsmGTlgGUOzTQST59CYZRoq0ArphIJ3+Usy6KbR5tA5FCp4PoB3qVYBfjlAq6dhZIw==,iv:TiUIo2lvdL6SiDuW4gWn0TeJXkz5MldzqGxuK3MNPnE=,tag:d3p/h+q50JxygDtk2qxIeQ==,type:str] wg-private-key: ENC[AES256_GCM,data:PeuKeYRHfOzGlekLI95EH3qq+blntZrrboPKaKC0ghD5zIyaCYrFHYWLkug=,iv:BcugGYW7+i7d04H4EKn+BdJJPqwMVVvlHBETO0x0kQM=,tag:Z/ammSrFpWTIbVfi4VJZ9w==,type:str] +ssh-private-key: ENC[AES256_GCM,data:7K3p6Lu4je2fNmvtKpLY2z7MG5E0gg3486PCLTlm/NzWpiH0FO8KO2yPkPPVurXfUWj7ig3eiP+bc6+kufRQ8+MCHaR+JA056cdMch0MMK92FyPvJjNKzwB4W3BpdvOKipaZvuvSfgdrEdpz6rWRwBb9KaUW5aHBjW5eQNm+q0yP2uZjW6Ncp/zrdevjlRJyXGnNJD8CBDQgLILvqlvziRO4xBnSZOmFpdCKM9jMkxwHIQUND4ic71G6cheN+kIsgsa67DlJjfrngGWxKrlC3Q2DC+30vHtW8f18oa+g7eu9eTz8+bSLxYJf9TADwE+UYe2Hakib1ju67yxBkcomIjBvqgo+zEr0jC2qYmOvlKfqn64gSbAE7zEVCbavz6gA2EMb0g47twtAdgGUyzppGQ4LXjZXv6lyYov2gdXP7bzAcXXfzDh92BuTUOp9HXOTsLh7XC7cPKziowwwT+oUeOaSujMT9tgqkazgcVR3ne+PjxduptV75gxOwxeu6F2Zm+4Y4xJBdJeyP1Baq0yj4HNY/gv3pxEEXgU5,iv:TJ3AsSvXeUmBsKd6xy+Kc1ws+Yc9ZQ5Q4A8UFHI7Wsg=,tag:egCYoe3Mkbvkup0itszm4w==,type:str] sops: kms: [] gcp_kms: [] @@ -15,8 +16,8 @@ sops: KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-06T18:02:27Z" - mac: ENC[AES256_GCM,data:qMvaXA/3B7rp2BvG10lvLdY/rD1ooh0QwwdfgzixeoHZxnqxmz7HZGP1UE1bGIbLYYeWGEJW440uDll5Q3ky+0qz7W8VbFEYBjaCyNcicnlLgFZXKh2nxeErubzF+I82X8wfNndAH1HWZZmPasTdDHfudjWyZF4/JKPboiyr5xE=,iv:ikj6goYS81rixJDHCWag1pYD6bSasSVOYyENlRjqn9w=,tag:Q3hQO9rqwnCBRLxec0/LTg==,type:str] + lastmodified: "2024-12-22T22:35:15Z" + mac: ENC[AES256_GCM,data:olqDdjgOF7MsYXibawEn4bou6LPof25j231+Vwr+pSGCO19Sj44OkZpS0YmNBi+Uym+X6RGM5uV3fg4JYVgThnALI9JFyFuZ41gjPRyNBXJ16RnogKykHK5XNjQEogYho5bgLA8DTDeOvSfFHW2ENM052z6lJyAaPWJLa4ADlEY=,iv:YXGKcHQfqZCnK9Z3Nw/JxcTmZR++0iKUc7PDbLBqahY=,tag:UbHZvFZjaYjrC51Q1f/oyg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.9.2 diff --git a/nixos/hosts/wheatley/configuration.nix b/nixos/hosts/wheatley/configuration.nix index 14c43c7..5cbebad 100644 --- a/nixos/hosts/wheatley/configuration.nix +++ b/nixos/hosts/wheatley/configuration.nix @@ -109,9 +109,6 @@ }; }; sops = { - #Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys - defaultSopsFile = ./secrets/sops.yaml; - # users.users = { # ombi.extraGroups = ["radarr" "sonarr" "aria2"]; # }; @@ -143,8 +140,6 @@ secrets."protonvpn-priv-key".mode = "0440"; secrets."protonvpn-priv-key".owner = config.users.users.root.name; - secrets."wg-private-key".mode = "0440"; - secrets."wg-private-key".owner = config.users.users.root.name; }; boot = { kernelPackages = lib.mkForce pkgs.linuxPackages_latest; diff --git a/nixos/hosts/wheatley/secrets/sops.yaml b/nixos/hosts/wheatley/secrets/sops.yaml index 4353e47..6fcd84c 100644 --- a/nixos/hosts/wheatley/secrets/sops.yaml +++ b/nixos/hosts/wheatley/secrets/sops.yaml @@ -4,6 +4,7 @@ protonvpn-priv-key: ENC[AES256_GCM,data:s4LAq1Rqm+jGaK3OKcjIBCQYXPs3oEuTKJMAM+gF rpcSecret: ENC[AES256_GCM,data:3tCZk2csB/ofxPc6,iv:NwT6k1hh73moH6eErT23/Dvwgb1wP/qIuoxXnCgNSao=,tag:nh0mFsh9I4R1baCL1oH+AA==,type:str] webdav-secret: ENC[AES256_GCM,data:SDFyHaE+HprkguOmDfnzwQ/n5OYgbTpxcVl4FGiLcsItefbSDOIQg5l01fqVB8zv+rRGlPcyRrIn7KTPrTpBx7X4RNHfFK4FKKvAANt6z0e5pu1+wnoObWxTShCFjfFoRCLkoh/j/CmLFyFIafrI7rzZUhs=,iv:stygLmNVWXkZL5A0J83CKPefRr7TqXeygQVLszr28eY=,tag:9hss2c77JELSASnwUyAF4w==,type:str] wg-private-key: ENC[AES256_GCM,data:5WGAAst0qVqn1siX3snkAhsSDhZaS33XHT44BfViWLZqvzw+OhPB/jkSr4U=,iv:yXfN50SM3OWdycINB8iWXtvCSS01NBTrGBs1kxd1j0M=,tag:yhjDY1AM5aQ6DFeFEjo2Mw==,type:str] +ssh-private-key: ENC[AES256_GCM,data:zbCR/+REHSN4BIQIXSOQjSRKYWhaXutdn4AE2zxmN44qHPzMI98c7/aX2KFhHOL+vKpgyhhR6JAGVTF5Jk72lmIHwDvwvwx+gLXgpZH1KEK3nTUdwUVcqBDsVB4Na5rTsHMWmRH+NxV7n+3nSQo/Byi0Jb602IPXRNREL+0toCbHon27/o2uIy4uzbsEWZu6N2hadzQCtXmHJM2dqmbKvpADt04TQ4wAcZ6wB0538g5WdtOSU6T1xcBBSDU7MNEVP7e7dUPKJWK79cI+RrzpGIh/da7cM6exSBRas711oL6woH4Hi3G6Yjd1rPxBPt1+/qq45gm/4UvjQywn/1s7BInCe9/5vJLn3TEzuUd96CsT36vEsxMeOekXf50Ntu6Xr02bnFRwUBm76BVGAggwGf/khRNJuLw0xHsCdeKzHsPD0efe5mHTJw8mB3M6vDhO6e3g6E3uRjjBaDnrPuHuD4NE1kCjQTTJh3NbuT2Ab55lhpSOEK+f0Ik2qZgKzALvJhn+MILjXSfP/hXgiwBeP4dkTY3fOcpmnPyS,iv:ojh2hzVzJFy1kvvo/WvaIpMpGT+b9aSC+L8L0iwhF1o=,tag:bHOj/fxDn/qUmp1eijLPuw==,type:str] sops: kms: [] gcp_kms: [] @@ -19,8 +20,8 @@ sops: Vm9mWk5JRGtZNVVhN1JQWTBlb2kySkEKoLI1MzS3uGNUbyn7kI5DylKZiPtc1div bKIboWoobTfDt0EURfmZ5+JrX6DlZxRyNQyl9dsKmZT6pLdaIppStA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-06T17:42:47Z" - mac: ENC[AES256_GCM,data:Fcc8x/C6iv62OJeLSGZlfsLzscWVAki1vdJvPiApx8N0Uazkq0G5PS6haoLEtOzDw2Fi/0pvVWef+O+lOg/mtqxxNBXozv1f66Q9HQCZOZP0PRQPEVcWJJ/vuPMSOlQDEiGJnuakJZeOmtuZkGStcfmlcybsOlyvEYwvbpeweDI=,iv:oDpoDDcQ/+ovsjkCeRLx9Fpiv+0/f/KkC4fFDdUmxHo=,tag:SiYHQmVz0vLFCOs0xhgr4g==,type:str] + lastmodified: "2024-12-22T22:37:02Z" + mac: ENC[AES256_GCM,data:T31z1/pngI6Wa3HMyOxS5ofb2Y5YqK0v5m96mn7n5dQ0d992ooEpoNyE7r8qHsD+tXiHvLIybWUMiMlDLI7Gq8op9GLEYYnFNDfc24k7lQPPuQK/iraJFUQwiRBbK063Rmfa6q6S3P2YN58+oxUJUiKuAy4yUIJTNaHeCCH8HMc=,iv:uLbAtSNbUcsejWdE1oBvCQVOtuaHL7A3R0sT/ispjhU=,tag:t3D7h0B0dDDZ18qo8G8wiA==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.9.2 diff --git a/nixos/shared/default.nix b/nixos/shared/default.nix index 7559c94..cb7062d 100644 --- a/nixos/shared/default.nix +++ b/nixos/shared/default.nix @@ -9,8 +9,21 @@ ./locale ./packages ]; - sops.age.keyFile = ../../../../../../var/secrets/keys.txt; - sops.secrets."lillian-password".neededForUsers = true; + sops = { + age.keyFile = ../../../../../../var/secrets/keys.txt; + secrets."lillian-password".neededForUsers = true; + + defaultSopsFile = ../hosts/${config.networking.hostName}/secrets/sops.yaml; + + secrets."wg-private-key".mode = "0440"; + secrets."wg-private-key".owner = config.users.users.root.name; + + secrets."ssh-private-key" = { + mode = "0600"; + owner = config.users.users.lillian.name; + path = "/home/lillian/.ssh/id_ed25519"; + }; + }; #TODO: remove this when unneeded for freetube nixpkgs.config.permittedInsecurePackages = [ @@ -50,27 +63,17 @@ ]; }; }; - - catppuccin.flavor = "macchiato"; - catppuccin.enable = true; - catppuccin.plymouth.enable = false; - catppuccin.grub.enable = false; + catppuccin = { + flavor = "macchiato"; + enable = true; + plymouth.enable = false; + grub.enable = false; + }; # console.catppuccin.enable = true; home-manager.backupFileExtension = "backup"; - users.users.lillian = { - isNormalUser = true; - extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"]; - shell = pkgs.zsh; - hashedPasswordFile = config.sops.secrets."lillian-password".path; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS" - ]; - }; - programs.zsh = { enable = true; }; @@ -133,10 +136,22 @@ # Enable completion of system packages by zsh environment.pathsToLink = ["/share/zsh"]; + users = { + users.lillian = { + isNormalUser = true; + extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"]; + shell = pkgs.zsh; + hashedPasswordFile = config.sops.secrets."lillian-password".path; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS" + ]; + }; - users.mutableUsers = false; + mutableUsers = false; - users.users.root = { - hashedPassword = "*"; + users.root = { + hashedPassword = "*"; + }; }; }