generified a lot of stuff and added SSH keys (EDI private key still needs adding)

2024-12-23 00:19:46 +01:00 · 2024-12-23 00:19:46 +01:00 · 45c12e8f37
commit 45c12e8f37
parent 6c64a962f4
19 changed files with 82 additions and 80 deletions
--- a/nixos/shared/default.nix
+++ b/nixos/shared/default.nix
@ -9,8 +9,21 @@
    ./locale
    ./packages
  ];
-  sops.age.keyFile = ../../../../../../var/secrets/keys.txt;
-  sops.secrets."lillian-password".neededForUsers = true;
+  sops = {
+    age.keyFile = ../../../../../../var/secrets/keys.txt;
+    secrets."lillian-password".neededForUsers = true;
+
+    defaultSopsFile = ../hosts/${config.networking.hostName}/secrets/sops.yaml;
+
+    secrets."wg-private-key".mode = "0440";
+    secrets."wg-private-key".owner = config.users.users.root.name;
+
+    secrets."ssh-private-key" = {
+      mode = "0600";
+      owner = config.users.users.lillian.name;
+      path = "/home/lillian/.ssh/id_ed25519";
+    };
+  };

  #TODO: remove this when unneeded for freetube
  nixpkgs.config.permittedInsecurePackages = [
@ -50,27 +63,17 @@
      ];
    };
  };
-
-  catppuccin.flavor = "macchiato";
-  catppuccin.enable = true;
-  catppuccin.plymouth.enable = false;
-  catppuccin.grub.enable = false;
+  catppuccin = {
+    flavor = "macchiato";
+    enable = true;
+    plymouth.enable = false;
+    grub.enable = false;
+  };

  # console.catppuccin.enable = true;

  home-manager.backupFileExtension = "backup";

-  users.users.lillian = {
-    isNormalUser = true;
-    extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"];
-    shell = pkgs.zsh;
-    hashedPasswordFile = config.sops.secrets."lillian-password".path;
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS"
-    ];
-  };
-
  programs.zsh = {
    enable = true;
  };
@ -133,10 +136,22 @@

  # Enable completion of system packages by zsh
  environment.pathsToLink = ["/share/zsh"];
+  users = {
+    users.lillian = {
+      isNormalUser = true;
+      extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"];
+      shell = pkgs.zsh;
+      hashedPasswordFile = config.sops.secrets."lillian-password".path;
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS"
+      ];
+    };

-  users.mutableUsers = false;
+    mutableUsers = false;

-  users.users.root = {
-    hashedPassword = "*";
+    users.root = {
+      hashedPassword = "*";
+    };
  };
 }