generified a lot of stuff and added SSH keys (EDI private key still needs adding)
This commit is contained in:
parent
6c64a962f4
commit
45c12e8f37
15
flake.nix
15
flake.nix
|
@ -122,7 +122,7 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
sharedModules = [
|
sharedModules = [
|
||||||
{_module.args = {inherit pkgs-edge;};}
|
./nixos/shared
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
disko.nixosModules.disko
|
disko.nixosModules.disko
|
||||||
home-manager.nixosModules.home-manager
|
home-manager.nixosModules.home-manager
|
||||||
|
@ -132,14 +132,17 @@
|
||||||
{
|
{
|
||||||
home-manager.sharedModules = [
|
home-manager.sharedModules = [
|
||||||
inputs.catppuccin.homeManagerModules.catppuccin
|
inputs.catppuccin.homeManagerModules.catppuccin
|
||||||
|
./home-manager/shared
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
desktopModules = [
|
desktopModules = [
|
||||||
|
./nixos/desktop
|
||||||
{
|
{
|
||||||
home-manager.sharedModules = [
|
home-manager.sharedModules = [
|
||||||
inputs.plasma-manager.homeManagerModules.plasma-manager
|
inputs.plasma-manager.homeManagerModules.plasma-manager
|
||||||
|
./home-manager/desktop
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
@ -175,6 +178,7 @@
|
||||||
sharedModules
|
sharedModules
|
||||||
++ desktopModules
|
++ desktopModules
|
||||||
++ [
|
++ [
|
||||||
|
{_module.args = {inherit pkgs-edge;};}
|
||||||
nixos-hardware.nixosModules.dell-xps-13-7390
|
nixos-hardware.nixosModules.dell-xps-13-7390
|
||||||
lanzaboote.nixosModules.lanzaboote
|
lanzaboote.nixosModules.lanzaboote
|
||||||
# > Our main nixos configuration file <
|
# > Our main nixos configuration file <
|
||||||
|
@ -189,6 +193,7 @@
|
||||||
sharedModules
|
sharedModules
|
||||||
++ desktopModules
|
++ desktopModules
|
||||||
++ [
|
++ [
|
||||||
|
{_module.args = {inherit pkgs-edge;};}
|
||||||
# > Our main nixos configuration file <
|
# > Our main nixos configuration file <
|
||||||
./nixos/hosts/GLaDOS/configuration.nix
|
./nixos/hosts/GLaDOS/configuration.nix
|
||||||
];
|
];
|
||||||
|
@ -200,6 +205,7 @@
|
||||||
modules =
|
modules =
|
||||||
sharedModules
|
sharedModules
|
||||||
++ [
|
++ [
|
||||||
|
{_module.args = {inherit pkgs-edge;};}
|
||||||
simple-nixos-mailserver.nixosModule
|
simple-nixos-mailserver.nixosModule
|
||||||
# > Our main nixos configuration file <
|
# > Our main nixos configuration file <
|
||||||
./nixos/hosts/queen/configuration.nix
|
./nixos/hosts/queen/configuration.nix
|
||||||
|
@ -211,12 +217,17 @@
|
||||||
specialArgs = {inherit inputs outputs;};
|
specialArgs = {inherit inputs outputs;};
|
||||||
modules =
|
modules =
|
||||||
sharedModules
|
sharedModules
|
||||||
++ desktopModules
|
|
||||||
++ [
|
++ [
|
||||||
|
{_module.args = {inherit pkgs-edge;};}
|
||||||
# > Our main nixos configuration file <
|
# > Our main nixos configuration file <
|
||||||
./nixos/hosts/shodan/configuration.nix
|
./nixos/hosts/shodan/configuration.nix
|
||||||
lanzaboote.nixosModules.lanzaboote
|
lanzaboote.nixosModules.lanzaboote
|
||||||
jovian.nixosModules.jovian
|
jovian.nixosModules.jovian
|
||||||
|
{
|
||||||
|
home-manager.sharedModules = [
|
||||||
|
inputs.plasma-manager.homeManagerModules.plasma-manager
|
||||||
|
];
|
||||||
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,4 @@
|
||||||
{
|
{osConfig, ...}: {
|
||||||
pkgs,
|
|
||||||
osConfig,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
home.file.".config/kdeconnect/config" = {
|
home.file.".config/kdeconnect/config" = {
|
||||||
text = ''
|
text = ''
|
||||||
[General]
|
[General]
|
||||||
|
@ -10,7 +6,8 @@
|
||||||
name=${osConfig.networking.hostName}
|
name=${osConfig.networking.hostName}
|
||||||
customDevices=10.0.0.2,10.0.0.3,10.0.0.4,10.0.0.5
|
customDevices=10.0.0.2,10.0.0.3,10.0.0.4,10.0.0.5
|
||||||
'';
|
'';
|
||||||
target = "~/.config/kdeconnect/config";
|
target = ".config/kdeconnect/config";
|
||||||
|
force = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
programs.plasma = {
|
programs.plasma = {
|
||||||
|
|
1
home-manager/hosts/EDI/id_ed25519.pub
Normal file
1
home-manager/hosts/EDI/id_ed25519.pub
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI
|
1
home-manager/hosts/GLaDOS/id_ed25519.pub
Normal file
1
home-manager/hosts/GLaDOS/id_ed25519.pub
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS
|
1
home-manager/hosts/queen/id_ed25519.pub
Normal file
1
home-manager/hosts/queen/id_ed25519.pub
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINl+QRyKBYm+sx0hUiD2u6FBdT7aXsZBGUxm4cb7r24k lillian@GLaDOS
|
1
home-manager/hosts/shodan/id_ed25519.pub
Normal file
1
home-manager/hosts/shodan/id_ed25519.pub
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKRT5MqPrYUhhD5rJFp0PQbkTRtGcNaCaTxEkZw9RiVT lillian@GLaDOS
|
1
home-manager/hosts/wheatley/id_ed25519.pub
Normal file
1
home-manager/hosts/wheatley/id_ed25519.pub
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMrmRjLF2tVkWeV7EOgUiF77Q9t+rBziRAdOPo92pyvF lillian@GLaDOS
|
|
@ -1,4 +1,8 @@
|
||||||
{pkgs, ...}: {
|
{
|
||||||
|
pkgs,
|
||||||
|
osConfig,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
imports = [
|
imports = [
|
||||||
./shell/helix
|
./shell/helix
|
||||||
./shell/zellij
|
./shell/zellij
|
||||||
|
@ -10,6 +14,11 @@
|
||||||
home = {
|
home = {
|
||||||
username = "lillian";
|
username = "lillian";
|
||||||
homeDirectory = "/home/lillian";
|
homeDirectory = "/home/lillian";
|
||||||
|
file."id_ed25519.pub" = {
|
||||||
|
source = ../hosts/${osConfig.networking.hostName}/id_ed25519.pub;
|
||||||
|
target = ".ssh/id_ed25519.pub";
|
||||||
|
force = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
catppuccin = {
|
catppuccin = {
|
||||||
|
|
|
@ -193,7 +193,6 @@
|
||||||
users.users.lillian.extraGroups = ["tss"];
|
users.users.lillian.extraGroups = ["tss"];
|
||||||
boot = {
|
boot = {
|
||||||
# tss group has access to TPM devices
|
# tss group has access to TPM devices
|
||||||
# FIXME: re-enable virtual camera loopback when it build again.
|
|
||||||
bootspec.enable = true;
|
bootspec.enable = true;
|
||||||
#boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
|
#boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
|
||||||
#boot.supportedFilesystems = ["bcachefs"];
|
#boot.supportedFilesystems = ["bcachefs"];
|
||||||
|
|
|
@ -22,19 +22,11 @@
|
||||||
# You can also split up your configuration and import pieces of it here:
|
# You can also split up your configuration and import pieces of it here:
|
||||||
# ./users.nix
|
# ./users.nix
|
||||||
|
|
||||||
../../desktop
|
|
||||||
|
|
||||||
../../../disko/EDI
|
../../../disko/EDI
|
||||||
|
|
||||||
# Import your generated (nixos-generate-config) hardware configuration
|
# Import your generated (nixos-generate-config) hardware configuration
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
];
|
];
|
||||||
sops = {
|
|
||||||
defaultSopsFile = ./secrets/sops.yaml;
|
|
||||||
|
|
||||||
secrets."wg-private-key".mode = "0440";
|
|
||||||
secrets."wg-private-key".owner = config.users.users.root.name;
|
|
||||||
};
|
|
||||||
|
|
||||||
home-manager = {
|
home-manager = {
|
||||||
extraSpecialArgs = {inherit inputs outputs;};
|
extraSpecialArgs = {inherit inputs outputs;};
|
||||||
|
|
|
@ -21,25 +21,13 @@
|
||||||
# You can also split up your configuration and import pieces of it here:
|
# You can also split up your configuration and import pieces of it here:
|
||||||
# ./users.nix
|
# ./users.nix
|
||||||
|
|
||||||
../../desktop
|
# ../../desktop
|
||||||
|
|
||||||
../../../disko/GLaDOS
|
../../../disko/GLaDOS
|
||||||
|
|
||||||
# Import your generated (nixos-generate-config) hardware configuration
|
# Import your generated (nixos-generate-config) hardware configuration
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
];
|
];
|
||||||
sops = {
|
|
||||||
defaultSopsFile = ./secrets/sops.yaml;
|
|
||||||
|
|
||||||
secrets."wg-private-key".mode = "0440";
|
|
||||||
secrets."wg-private-key".owner = config.users.users.root.name;
|
|
||||||
|
|
||||||
secrets."ssh-private-key" = {
|
|
||||||
mode = "0600";
|
|
||||||
owner = config.users.users.lillian.name;
|
|
||||||
path = "/home/lillian/.ssh/id_ed25519";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
];
|
];
|
||||||
|
|
|
@ -16,8 +16,8 @@ sops:
|
||||||
MUZWTVh0dVdMZlRzelJ4WlROUlIyNmcKphNuMN9Wh8h/gvmtUxQWjPKtgjWriLRD
|
MUZWTVh0dVdMZlRzelJ4WlROUlIyNmcKphNuMN9Wh8h/gvmtUxQWjPKtgjWriLRD
|
||||||
+DpEEVGrmu0RJ8/wUqjxGoL4GzLAlZm4EnKlyUyA0tw8sbLZ2Lnl/w==
|
+DpEEVGrmu0RJ8/wUqjxGoL4GzLAlZm4EnKlyUyA0tw8sbLZ2Lnl/w==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-12-16T20:07:30Z"
|
lastmodified: "2024-12-22T22:09:35Z"
|
||||||
mac: ENC[AES256_GCM,data:LyerFgV0q5Sr4L8OuTFcepVPcsO0IQBZlCFreank+pgnndizQHgQI461yOmHMBQwhEEeL4IBSdkG7CnNbacB0od0BMwZK67OOH13wlEdefQQ64ffWgh9p3jA/MX2dfyY2Qt1jLZLsuwwSETHjXbw4kqk/ik8btacChSu17t+k00=,iv:uNfke8f5os67hfkwVXsWU7OkiNgOQPTq1smXd7h69P0=,tag:T7VHAyGdx+9sip+omw5DDw==,type:str]
|
mac: ENC[AES256_GCM,data:yjUFBgTLQI9Nh2tjiNNV2bsPJsDRQChPEptO8Gmt2vLEK/Kuwl0bZ9J+OmOTe4NOpwq5b/lYt0Lj7itEeOWWW5nnz2Jq0/dLMEu0mSxoWv1rOKylhoeG8oIEx0ui7VKfst72UW/jqqm9TUkDzuskVND1pd4DV3/GQRmy16WPkyo=,iv:the5XkB13jRuNP8Kj9Jmn4csIaDPt1NnScXbxPt7Dk4=,tag:aY4hU9v66/AwrtvcLAT/mA==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.2
|
version: 3.9.2
|
||||||
|
|
|
@ -51,9 +51,6 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
|
|
||||||
sops.defaultSopsFile = ./secrets/sops.yaml;
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
fzf
|
fzf
|
||||||
matrix-conduit
|
matrix-conduit
|
||||||
|
|
|
@ -13,6 +13,7 @@ grafana-telegraf-key: ENC[AES256_GCM,data:agpUzG1/n2NAKDt45IgelmDf0CUlC82fmD4f7J
|
||||||
sync-secrets: ENC[AES256_GCM,data:AwCgqfSXmYVGnCV5PJ5Ql44IiutTS76F1H7Ow7gB4mQQ8PtiAsmArzpAXd7LzsXedm55X04U+GvkcbM9cwPcF+psyb3Zi8EnI/mjnI9MgFyySSEcosJZVAtCpXGIMyYgRXtF5OBh5CzupAG059d1TDAqrSpLXMuSDdypTaOMHxnlq5q1swfpzhhY3PVgUKVFXdjZLX8aF3JTE9ceVxFsB+traLzOQsl+QKty0x0mpuqR97zkMCchX7bTwgUgbl7phzTvmwV8Qw==,iv:gkZs5NB9+CLfz4kfV4ha2llZQPP81uuXRKqUlASgpiA=,tag:DXkiG0ZFHLHlVhwLwtv/XQ==,type:str]
|
sync-secrets: ENC[AES256_GCM,data:AwCgqfSXmYVGnCV5PJ5Ql44IiutTS76F1H7Ow7gB4mQQ8PtiAsmArzpAXd7LzsXedm55X04U+GvkcbM9cwPcF+psyb3Zi8EnI/mjnI9MgFyySSEcosJZVAtCpXGIMyYgRXtF5OBh5CzupAG059d1TDAqrSpLXMuSDdypTaOMHxnlq5q1swfpzhhY3PVgUKVFXdjZLX8aF3JTE9ceVxFsB+traLzOQsl+QKty0x0mpuqR97zkMCchX7bTwgUgbl7phzTvmwV8Qw==,iv:gkZs5NB9+CLfz4kfV4ha2llZQPP81uuXRKqUlASgpiA=,tag:DXkiG0ZFHLHlVhwLwtv/XQ==,type:str]
|
||||||
writefreely: ENC[AES256_GCM,data:QOj5h/rHCxmgpPNhu3IS4eyruhQokHTJxW6yQM9YDgQ=,iv:qAd+/rAAanzL9FTIX22M+2kwI0WI2d3i86cJrn8MFBo=,tag:3zvpqnovDEoJdvK/qcFDuQ==,type:str]
|
writefreely: ENC[AES256_GCM,data:QOj5h/rHCxmgpPNhu3IS4eyruhQokHTJxW6yQM9YDgQ=,iv:qAd+/rAAanzL9FTIX22M+2kwI0WI2d3i86cJrn8MFBo=,tag:3zvpqnovDEoJdvK/qcFDuQ==,type:str]
|
||||||
writefreelymysql: ENC[AES256_GCM,data:1JZwIX04O3DBAo7JvEkeNrFcSdcmk/u4WUf/kkbr2JA=,iv:8H8MR8w1iLfl2r62EbxPnLzs4qWFmwB5gNKEaly8q6c=,tag:K01oKMXkeMOFs3u7frMs0Q==,type:str]
|
writefreelymysql: ENC[AES256_GCM,data:1JZwIX04O3DBAo7JvEkeNrFcSdcmk/u4WUf/kkbr2JA=,iv:8H8MR8w1iLfl2r62EbxPnLzs4qWFmwB5gNKEaly8q6c=,tag:K01oKMXkeMOFs3u7frMs0Q==,type:str]
|
||||||
|
ssh-private-key: ENC[AES256_GCM,data:DK/ggskAyhvotRkf36oZBoPw3hGvVlXneqaJZRPwX2a3YVMy4zgDE3iN65UeR6mfkp9J3OmLejOHeWFB/bRCHY3oTW6GUuZljTe2rI1/x/d2s4zX5UPPEWcy3cXH25d72DzElQBEMDKuZyDe0OZ0/NkR//vEeXgoA2Nr/NKHlTWrq/t26DMD2Vt+kQ+S9b0hh4tgh3OP1lwRu9/mTJOmInd/86gKB9+aD9V0oFvNbMEmgbwIah+ZjQBHB7GEIwjUc/lLmc+3RSn9J0rICIhnhL7NTzHUDHkYd93Tm0L9UHIyi9Oco2sK8tuV5mTDM1OK8CbDg/5FICTQ0H4sstCrDNZd2wE4E1kaZuwYOyxpzQpWJY8jOxxw5oIE0IccvvptM/9vp+0f1F2RIDrkIdHSLpFbGZGvXNVAWlXyv+0qOYS7BGzD0KAh9f74GcAvULq36vdzBahb5e+CqT3JXESne8qhkpsP0G9Z1I1Fy0xpADx/9cTnAm5RmXTw/KBPmBA5IZYZBRbR/C+N7Xyxr7u9RcwFJdIbSpAeT/ew,iv:pHT7DtX1ab7boPboXRaSg9w/4sMgNraEswtEf2tBPkw=,tag:Fbw2/Evf4ZsLFMBPflf9CA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -28,8 +29,8 @@ sops:
|
||||||
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
|
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
|
||||||
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
|
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-08-16T13:34:43Z"
|
lastmodified: "2024-12-22T22:32:56Z"
|
||||||
mac: ENC[AES256_GCM,data:IdQmx7/Y2fdQ9gBgKYCUZQuAVRqbP5KWG4EplO6pYqA8b5xzGnmCSCwyYIXU+3NExEZCEKEfX68mdYlWPRTKUdamOBdN+fQrGXwr5lw5dpKe03ccGw7Hayi0B4O8WbLEjw1RU50v2eoK9MpD5FPrUu1AzGz3+txxzV3hoxg6Sp0=,iv:WXvxAvg+sAKYbzjaz1QKDgVrnMraO3EtIgC12zb9Xi0=,tag:FmH84rGBotouvjCOq+xL8w==,type:str]
|
mac: ENC[AES256_GCM,data:kWB6eGaMgON0BFvDQ7BxX36Zul5eT91G6QUJBBHXBbhFm2hg7H3VaPRjsQxAje4juuh3VmaCcydlpQzHfPc4+E97MQNQRA3Ud7Qxi+Bc5jFwtANgoQha3Wja4OSEWcIAIgLTeSJrB9eJa2HqDnZWiAXVPl32lCOVg/Ns+QS1+CU=,iv:wp1a1hEyc8XrWUyYLh2iLvvQOPIcfV0/2rzJnF+HnsE=,tag:Tjdbl+hB4+ZjG+MmscQnvQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.0
|
version: 3.9.2
|
||||||
|
|
|
@ -16,7 +16,6 @@
|
||||||
# inputs.nix-colors.homeManagerModules.default
|
# inputs.nix-colors.homeManagerModules.default
|
||||||
|
|
||||||
# Import the shared settings
|
# Import the shared settings
|
||||||
../../shared
|
|
||||||
../../desktop/package-configs/firefox
|
../../desktop/package-configs/firefox
|
||||||
|
|
||||||
# You can also split up your configuration and import pieces of it here:
|
# You can also split up your configuration and import pieces of it here:
|
||||||
|
@ -149,14 +148,6 @@
|
||||||
allowUnfree = true;
|
allowUnfree = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
sops = {
|
|
||||||
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
|
|
||||||
defaultSopsFile = ./secrets/sops.yaml;
|
|
||||||
|
|
||||||
secrets."wg-private-key".mode = "0440";
|
|
||||||
secrets."wg-private-key".owner = config.users.users.root.name;
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
# Custom tools
|
# Custom tools
|
||||||
auto-mount
|
auto-mount
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
lillian-password: ENC[AES256_GCM,data:uPNBvMyhkiX3eedduFlsFUIcas/VBVSYrsmGTlgGUOzTQST59CYZRoq0ArphIJ3+Usy6KbR5tA5FCp4PoB3qVYBfjlAq6dhZIw==,iv:TiUIo2lvdL6SiDuW4gWn0TeJXkz5MldzqGxuK3MNPnE=,tag:d3p/h+q50JxygDtk2qxIeQ==,type:str]
|
lillian-password: ENC[AES256_GCM,data:uPNBvMyhkiX3eedduFlsFUIcas/VBVSYrsmGTlgGUOzTQST59CYZRoq0ArphIJ3+Usy6KbR5tA5FCp4PoB3qVYBfjlAq6dhZIw==,iv:TiUIo2lvdL6SiDuW4gWn0TeJXkz5MldzqGxuK3MNPnE=,tag:d3p/h+q50JxygDtk2qxIeQ==,type:str]
|
||||||
wg-private-key: ENC[AES256_GCM,data:PeuKeYRHfOzGlekLI95EH3qq+blntZrrboPKaKC0ghD5zIyaCYrFHYWLkug=,iv:BcugGYW7+i7d04H4EKn+BdJJPqwMVVvlHBETO0x0kQM=,tag:Z/ammSrFpWTIbVfi4VJZ9w==,type:str]
|
wg-private-key: ENC[AES256_GCM,data:PeuKeYRHfOzGlekLI95EH3qq+blntZrrboPKaKC0ghD5zIyaCYrFHYWLkug=,iv:BcugGYW7+i7d04H4EKn+BdJJPqwMVVvlHBETO0x0kQM=,tag:Z/ammSrFpWTIbVfi4VJZ9w==,type:str]
|
||||||
|
ssh-private-key: ENC[AES256_GCM,data:7K3p6Lu4je2fNmvtKpLY2z7MG5E0gg3486PCLTlm/NzWpiH0FO8KO2yPkPPVurXfUWj7ig3eiP+bc6+kufRQ8+MCHaR+JA056cdMch0MMK92FyPvJjNKzwB4W3BpdvOKipaZvuvSfgdrEdpz6rWRwBb9KaUW5aHBjW5eQNm+q0yP2uZjW6Ncp/zrdevjlRJyXGnNJD8CBDQgLILvqlvziRO4xBnSZOmFpdCKM9jMkxwHIQUND4ic71G6cheN+kIsgsa67DlJjfrngGWxKrlC3Q2DC+30vHtW8f18oa+g7eu9eTz8+bSLxYJf9TADwE+UYe2Hakib1ju67yxBkcomIjBvqgo+zEr0jC2qYmOvlKfqn64gSbAE7zEVCbavz6gA2EMb0g47twtAdgGUyzppGQ4LXjZXv6lyYov2gdXP7bzAcXXfzDh92BuTUOp9HXOTsLh7XC7cPKziowwwT+oUeOaSujMT9tgqkazgcVR3ne+PjxduptV75gxOwxeu6F2Zm+4Y4xJBdJeyP1Baq0yj4HNY/gv3pxEEXgU5,iv:TJ3AsSvXeUmBsKd6xy+Kc1ws+Yc9ZQ5Q4A8UFHI7Wsg=,tag:egCYoe3Mkbvkup0itszm4w==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -15,8 +16,8 @@ sops:
|
||||||
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
|
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
|
||||||
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
|
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-12-06T18:02:27Z"
|
lastmodified: "2024-12-22T22:35:15Z"
|
||||||
mac: ENC[AES256_GCM,data:qMvaXA/3B7rp2BvG10lvLdY/rD1ooh0QwwdfgzixeoHZxnqxmz7HZGP1UE1bGIbLYYeWGEJW440uDll5Q3ky+0qz7W8VbFEYBjaCyNcicnlLgFZXKh2nxeErubzF+I82X8wfNndAH1HWZZmPasTdDHfudjWyZF4/JKPboiyr5xE=,iv:ikj6goYS81rixJDHCWag1pYD6bSasSVOYyENlRjqn9w=,tag:Q3hQO9rqwnCBRLxec0/LTg==,type:str]
|
mac: ENC[AES256_GCM,data:olqDdjgOF7MsYXibawEn4bou6LPof25j231+Vwr+pSGCO19Sj44OkZpS0YmNBi+Uym+X6RGM5uV3fg4JYVgThnALI9JFyFuZ41gjPRyNBXJ16RnogKykHK5XNjQEogYho5bgLA8DTDeOvSfFHW2ENM052z6lJyAaPWJLa4ADlEY=,iv:YXGKcHQfqZCnK9Z3Nw/JxcTmZR++0iKUc7PDbLBqahY=,tag:UbHZvFZjaYjrC51Q1f/oyg==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.1
|
version: 3.9.2
|
||||||
|
|
|
@ -109,9 +109,6 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
sops = {
|
sops = {
|
||||||
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
|
|
||||||
defaultSopsFile = ./secrets/sops.yaml;
|
|
||||||
|
|
||||||
# users.users = {
|
# users.users = {
|
||||||
# ombi.extraGroups = ["radarr" "sonarr" "aria2"];
|
# ombi.extraGroups = ["radarr" "sonarr" "aria2"];
|
||||||
# };
|
# };
|
||||||
|
@ -143,8 +140,6 @@
|
||||||
|
|
||||||
secrets."protonvpn-priv-key".mode = "0440";
|
secrets."protonvpn-priv-key".mode = "0440";
|
||||||
secrets."protonvpn-priv-key".owner = config.users.users.root.name;
|
secrets."protonvpn-priv-key".owner = config.users.users.root.name;
|
||||||
secrets."wg-private-key".mode = "0440";
|
|
||||||
secrets."wg-private-key".owner = config.users.users.root.name;
|
|
||||||
};
|
};
|
||||||
boot = {
|
boot = {
|
||||||
kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
|
kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
|
||||||
|
|
|
@ -4,6 +4,7 @@ protonvpn-priv-key: ENC[AES256_GCM,data:s4LAq1Rqm+jGaK3OKcjIBCQYXPs3oEuTKJMAM+gF
|
||||||
rpcSecret: ENC[AES256_GCM,data:3tCZk2csB/ofxPc6,iv:NwT6k1hh73moH6eErT23/Dvwgb1wP/qIuoxXnCgNSao=,tag:nh0mFsh9I4R1baCL1oH+AA==,type:str]
|
rpcSecret: ENC[AES256_GCM,data:3tCZk2csB/ofxPc6,iv:NwT6k1hh73moH6eErT23/Dvwgb1wP/qIuoxXnCgNSao=,tag:nh0mFsh9I4R1baCL1oH+AA==,type:str]
|
||||||
webdav-secret: ENC[AES256_GCM,data:SDFyHaE+HprkguOmDfnzwQ/n5OYgbTpxcVl4FGiLcsItefbSDOIQg5l01fqVB8zv+rRGlPcyRrIn7KTPrTpBx7X4RNHfFK4FKKvAANt6z0e5pu1+wnoObWxTShCFjfFoRCLkoh/j/CmLFyFIafrI7rzZUhs=,iv:stygLmNVWXkZL5A0J83CKPefRr7TqXeygQVLszr28eY=,tag:9hss2c77JELSASnwUyAF4w==,type:str]
|
webdav-secret: ENC[AES256_GCM,data:SDFyHaE+HprkguOmDfnzwQ/n5OYgbTpxcVl4FGiLcsItefbSDOIQg5l01fqVB8zv+rRGlPcyRrIn7KTPrTpBx7X4RNHfFK4FKKvAANt6z0e5pu1+wnoObWxTShCFjfFoRCLkoh/j/CmLFyFIafrI7rzZUhs=,iv:stygLmNVWXkZL5A0J83CKPefRr7TqXeygQVLszr28eY=,tag:9hss2c77JELSASnwUyAF4w==,type:str]
|
||||||
wg-private-key: ENC[AES256_GCM,data:5WGAAst0qVqn1siX3snkAhsSDhZaS33XHT44BfViWLZqvzw+OhPB/jkSr4U=,iv:yXfN50SM3OWdycINB8iWXtvCSS01NBTrGBs1kxd1j0M=,tag:yhjDY1AM5aQ6DFeFEjo2Mw==,type:str]
|
wg-private-key: ENC[AES256_GCM,data:5WGAAst0qVqn1siX3snkAhsSDhZaS33XHT44BfViWLZqvzw+OhPB/jkSr4U=,iv:yXfN50SM3OWdycINB8iWXtvCSS01NBTrGBs1kxd1j0M=,tag:yhjDY1AM5aQ6DFeFEjo2Mw==,type:str]
|
||||||
|
ssh-private-key: ENC[AES256_GCM,data:zbCR/+REHSN4BIQIXSOQjSRKYWhaXutdn4AE2zxmN44qHPzMI98c7/aX2KFhHOL+vKpgyhhR6JAGVTF5Jk72lmIHwDvwvwx+gLXgpZH1KEK3nTUdwUVcqBDsVB4Na5rTsHMWmRH+NxV7n+3nSQo/Byi0Jb602IPXRNREL+0toCbHon27/o2uIy4uzbsEWZu6N2hadzQCtXmHJM2dqmbKvpADt04TQ4wAcZ6wB0538g5WdtOSU6T1xcBBSDU7MNEVP7e7dUPKJWK79cI+RrzpGIh/da7cM6exSBRas711oL6woH4Hi3G6Yjd1rPxBPt1+/qq45gm/4UvjQywn/1s7BInCe9/5vJLn3TEzuUd96CsT36vEsxMeOekXf50Ntu6Xr02bnFRwUBm76BVGAggwGf/khRNJuLw0xHsCdeKzHsPD0efe5mHTJw8mB3M6vDhO6e3g6E3uRjjBaDnrPuHuD4NE1kCjQTTJh3NbuT2Ab55lhpSOEK+f0Ik2qZgKzALvJhn+MILjXSfP/hXgiwBeP4dkTY3fOcpmnPyS,iv:ojh2hzVzJFy1kvvo/WvaIpMpGT+b9aSC+L8L0iwhF1o=,tag:bHOj/fxDn/qUmp1eijLPuw==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -19,8 +20,8 @@ sops:
|
||||||
Vm9mWk5JRGtZNVVhN1JQWTBlb2kySkEKoLI1MzS3uGNUbyn7kI5DylKZiPtc1div
|
Vm9mWk5JRGtZNVVhN1JQWTBlb2kySkEKoLI1MzS3uGNUbyn7kI5DylKZiPtc1div
|
||||||
bKIboWoobTfDt0EURfmZ5+JrX6DlZxRyNQyl9dsKmZT6pLdaIppStA==
|
bKIboWoobTfDt0EURfmZ5+JrX6DlZxRyNQyl9dsKmZT6pLdaIppStA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-12-06T17:42:47Z"
|
lastmodified: "2024-12-22T22:37:02Z"
|
||||||
mac: ENC[AES256_GCM,data:Fcc8x/C6iv62OJeLSGZlfsLzscWVAki1vdJvPiApx8N0Uazkq0G5PS6haoLEtOzDw2Fi/0pvVWef+O+lOg/mtqxxNBXozv1f66Q9HQCZOZP0PRQPEVcWJJ/vuPMSOlQDEiGJnuakJZeOmtuZkGStcfmlcybsOlyvEYwvbpeweDI=,iv:oDpoDDcQ/+ovsjkCeRLx9Fpiv+0/f/KkC4fFDdUmxHo=,tag:SiYHQmVz0vLFCOs0xhgr4g==,type:str]
|
mac: ENC[AES256_GCM,data:T31z1/pngI6Wa3HMyOxS5ofb2Y5YqK0v5m96mn7n5dQ0d992ooEpoNyE7r8qHsD+tXiHvLIybWUMiMlDLI7Gq8op9GLEYYnFNDfc24k7lQPPuQK/iraJFUQwiRBbK063Rmfa6q6S3P2YN58+oxUJUiKuAy4yUIJTNaHeCCH8HMc=,iv:uLbAtSNbUcsejWdE1oBvCQVOtuaHL7A3R0sT/ispjhU=,tag:t3D7h0B0dDDZ18qo8G8wiA==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.1
|
version: 3.9.2
|
||||||
|
|
|
@ -9,8 +9,21 @@
|
||||||
./locale
|
./locale
|
||||||
./packages
|
./packages
|
||||||
];
|
];
|
||||||
sops.age.keyFile = ../../../../../../var/secrets/keys.txt;
|
sops = {
|
||||||
sops.secrets."lillian-password".neededForUsers = true;
|
age.keyFile = ../../../../../../var/secrets/keys.txt;
|
||||||
|
secrets."lillian-password".neededForUsers = true;
|
||||||
|
|
||||||
|
defaultSopsFile = ../hosts/${config.networking.hostName}/secrets/sops.yaml;
|
||||||
|
|
||||||
|
secrets."wg-private-key".mode = "0440";
|
||||||
|
secrets."wg-private-key".owner = config.users.users.root.name;
|
||||||
|
|
||||||
|
secrets."ssh-private-key" = {
|
||||||
|
mode = "0600";
|
||||||
|
owner = config.users.users.lillian.name;
|
||||||
|
path = "/home/lillian/.ssh/id_ed25519";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
#TODO: remove this when unneeded for freetube
|
#TODO: remove this when unneeded for freetube
|
||||||
nixpkgs.config.permittedInsecurePackages = [
|
nixpkgs.config.permittedInsecurePackages = [
|
||||||
|
@ -50,27 +63,17 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
catppuccin = {
|
||||||
catppuccin.flavor = "macchiato";
|
flavor = "macchiato";
|
||||||
catppuccin.enable = true;
|
enable = true;
|
||||||
catppuccin.plymouth.enable = false;
|
plymouth.enable = false;
|
||||||
catppuccin.grub.enable = false;
|
grub.enable = false;
|
||||||
|
};
|
||||||
|
|
||||||
# console.catppuccin.enable = true;
|
# console.catppuccin.enable = true;
|
||||||
|
|
||||||
home-manager.backupFileExtension = "backup";
|
home-manager.backupFileExtension = "backup";
|
||||||
|
|
||||||
users.users.lillian = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"];
|
|
||||||
shell = pkgs.zsh;
|
|
||||||
hashedPasswordFile = config.sops.secrets."lillian-password".path;
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.zsh = {
|
programs.zsh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
};
|
};
|
||||||
|
@ -133,10 +136,22 @@
|
||||||
|
|
||||||
# Enable completion of system packages by zsh
|
# Enable completion of system packages by zsh
|
||||||
environment.pathsToLink = ["/share/zsh"];
|
environment.pathsToLink = ["/share/zsh"];
|
||||||
|
users = {
|
||||||
|
users.lillian = {
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"];
|
||||||
|
shell = pkgs.zsh;
|
||||||
|
hashedPasswordFile = config.sops.secrets."lillian-password".path;
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
users.mutableUsers = false;
|
mutableUsers = false;
|
||||||
|
|
||||||
users.users.root = {
|
users.root = {
|
||||||
hashedPassword = "*";
|
hashedPassword = "*";
|
||||||
};
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue