generified a lot of stuff and added SSH keys (EDI private key still needs adding)

This commit is contained in:
Lillian Violet 2024-12-23 00:19:46 +01:00
parent 6c64a962f4
commit 45c12e8f37
19 changed files with 82 additions and 80 deletions

View file

@ -122,7 +122,7 @@
}; };
sharedModules = [ sharedModules = [
{_module.args = {inherit pkgs-edge;};} ./nixos/shared
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
disko.nixosModules.disko disko.nixosModules.disko
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
@ -132,14 +132,17 @@
{ {
home-manager.sharedModules = [ home-manager.sharedModules = [
inputs.catppuccin.homeManagerModules.catppuccin inputs.catppuccin.homeManagerModules.catppuccin
./home-manager/shared
]; ];
} }
]; ];
desktopModules = [ desktopModules = [
./nixos/desktop
{ {
home-manager.sharedModules = [ home-manager.sharedModules = [
inputs.plasma-manager.homeManagerModules.plasma-manager inputs.plasma-manager.homeManagerModules.plasma-manager
./home-manager/desktop
]; ];
} }
]; ];
@ -175,6 +178,7 @@
sharedModules sharedModules
++ desktopModules ++ desktopModules
++ [ ++ [
{_module.args = {inherit pkgs-edge;};}
nixos-hardware.nixosModules.dell-xps-13-7390 nixos-hardware.nixosModules.dell-xps-13-7390
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
# > Our main nixos configuration file < # > Our main nixos configuration file <
@ -189,6 +193,7 @@
sharedModules sharedModules
++ desktopModules ++ desktopModules
++ [ ++ [
{_module.args = {inherit pkgs-edge;};}
# > Our main nixos configuration file < # > Our main nixos configuration file <
./nixos/hosts/GLaDOS/configuration.nix ./nixos/hosts/GLaDOS/configuration.nix
]; ];
@ -200,6 +205,7 @@
modules = modules =
sharedModules sharedModules
++ [ ++ [
{_module.args = {inherit pkgs-edge;};}
simple-nixos-mailserver.nixosModule simple-nixos-mailserver.nixosModule
# > Our main nixos configuration file < # > Our main nixos configuration file <
./nixos/hosts/queen/configuration.nix ./nixos/hosts/queen/configuration.nix
@ -211,12 +217,17 @@
specialArgs = {inherit inputs outputs;}; specialArgs = {inherit inputs outputs;};
modules = modules =
sharedModules sharedModules
++ desktopModules
++ [ ++ [
{_module.args = {inherit pkgs-edge;};}
# > Our main nixos configuration file < # > Our main nixos configuration file <
./nixos/hosts/shodan/configuration.nix ./nixos/hosts/shodan/configuration.nix
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
jovian.nixosModules.jovian jovian.nixosModules.jovian
{
home-manager.sharedModules = [
inputs.plasma-manager.homeManagerModules.plasma-manager
];
}
]; ];
}; };

View file

@ -1,8 +1,4 @@
{ {osConfig, ...}: {
pkgs,
osConfig,
...
}: {
home.file.".config/kdeconnect/config" = { home.file.".config/kdeconnect/config" = {
text = '' text = ''
[General] [General]
@ -10,7 +6,8 @@
name=${osConfig.networking.hostName} name=${osConfig.networking.hostName}
customDevices=10.0.0.2,10.0.0.3,10.0.0.4,10.0.0.5 customDevices=10.0.0.2,10.0.0.3,10.0.0.4,10.0.0.5
''; '';
target = "~/.config/kdeconnect/config"; target = ".config/kdeconnect/config";
force = true;
}; };
programs.plasma = { programs.plasma = {

View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI

View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS

View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINl+QRyKBYm+sx0hUiD2u6FBdT7aXsZBGUxm4cb7r24k lillian@GLaDOS

View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKRT5MqPrYUhhD5rJFp0PQbkTRtGcNaCaTxEkZw9RiVT lillian@GLaDOS

View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMrmRjLF2tVkWeV7EOgUiF77Q9t+rBziRAdOPo92pyvF lillian@GLaDOS

View file

@ -1,4 +1,8 @@
{pkgs, ...}: { {
pkgs,
osConfig,
...
}: {
imports = [ imports = [
./shell/helix ./shell/helix
./shell/zellij ./shell/zellij
@ -10,6 +14,11 @@
home = { home = {
username = "lillian"; username = "lillian";
homeDirectory = "/home/lillian"; homeDirectory = "/home/lillian";
file."id_ed25519.pub" = {
source = ../hosts/${osConfig.networking.hostName}/id_ed25519.pub;
target = ".ssh/id_ed25519.pub";
force = true;
};
}; };
catppuccin = { catppuccin = {

View file

@ -193,7 +193,6 @@
users.users.lillian.extraGroups = ["tss"]; users.users.lillian.extraGroups = ["tss"];
boot = { boot = {
# tss group has access to TPM devices # tss group has access to TPM devices
# FIXME: re-enable virtual camera loopback when it build again.
bootspec.enable = true; bootspec.enable = true;
#boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; #boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
#boot.supportedFilesystems = ["bcachefs"]; #boot.supportedFilesystems = ["bcachefs"];

View file

@ -22,19 +22,11 @@
# You can also split up your configuration and import pieces of it here: # You can also split up your configuration and import pieces of it here:
# ./users.nix # ./users.nix
../../desktop
../../../disko/EDI ../../../disko/EDI
# Import your generated (nixos-generate-config) hardware configuration # Import your generated (nixos-generate-config) hardware configuration
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
sops = {
defaultSopsFile = ./secrets/sops.yaml;
secrets."wg-private-key".mode = "0440";
secrets."wg-private-key".owner = config.users.users.root.name;
};
home-manager = { home-manager = {
extraSpecialArgs = {inherit inputs outputs;}; extraSpecialArgs = {inherit inputs outputs;};

View file

@ -21,25 +21,13 @@
# You can also split up your configuration and import pieces of it here: # You can also split up your configuration and import pieces of it here:
# ./users.nix # ./users.nix
../../desktop # ../../desktop
../../../disko/GLaDOS ../../../disko/GLaDOS
# Import your generated (nixos-generate-config) hardware configuration # Import your generated (nixos-generate-config) hardware configuration
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
sops = {
defaultSopsFile = ./secrets/sops.yaml;
secrets."wg-private-key".mode = "0440";
secrets."wg-private-key".owner = config.users.users.root.name;
secrets."ssh-private-key" = {
mode = "0600";
owner = config.users.users.lillian.name;
path = "/home/lillian/.ssh/id_ed25519";
};
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
]; ];

View file

@ -16,8 +16,8 @@ sops:
MUZWTVh0dVdMZlRzelJ4WlROUlIyNmcKphNuMN9Wh8h/gvmtUxQWjPKtgjWriLRD MUZWTVh0dVdMZlRzelJ4WlROUlIyNmcKphNuMN9Wh8h/gvmtUxQWjPKtgjWriLRD
+DpEEVGrmu0RJ8/wUqjxGoL4GzLAlZm4EnKlyUyA0tw8sbLZ2Lnl/w== +DpEEVGrmu0RJ8/wUqjxGoL4GzLAlZm4EnKlyUyA0tw8sbLZ2Lnl/w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-16T20:07:30Z" lastmodified: "2024-12-22T22:09:35Z"
mac: ENC[AES256_GCM,data:LyerFgV0q5Sr4L8OuTFcepVPcsO0IQBZlCFreank+pgnndizQHgQI461yOmHMBQwhEEeL4IBSdkG7CnNbacB0od0BMwZK67OOH13wlEdefQQ64ffWgh9p3jA/MX2dfyY2Qt1jLZLsuwwSETHjXbw4kqk/ik8btacChSu17t+k00=,iv:uNfke8f5os67hfkwVXsWU7OkiNgOQPTq1smXd7h69P0=,tag:T7VHAyGdx+9sip+omw5DDw==,type:str] mac: ENC[AES256_GCM,data:yjUFBgTLQI9Nh2tjiNNV2bsPJsDRQChPEptO8Gmt2vLEK/Kuwl0bZ9J+OmOTe4NOpwq5b/lYt0Lj7itEeOWWW5nnz2Jq0/dLMEu0mSxoWv1rOKylhoeG8oIEx0ui7VKfst72UW/jqqm9TUkDzuskVND1pd4DV3/GQRmy16WPkyo=,iv:the5XkB13jRuNP8Kj9Jmn4csIaDPt1NnScXbxPt7Dk4=,tag:aY4hU9v66/AwrtvcLAT/mA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.2 version: 3.9.2

View file

@ -51,9 +51,6 @@
}; };
}; };
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
sops.defaultSopsFile = ./secrets/sops.yaml;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
fzf fzf
matrix-conduit matrix-conduit

View file

@ -13,6 +13,7 @@ grafana-telegraf-key: ENC[AES256_GCM,data:agpUzG1/n2NAKDt45IgelmDf0CUlC82fmD4f7J
sync-secrets: ENC[AES256_GCM,data:AwCgqfSXmYVGnCV5PJ5Ql44IiutTS76F1H7Ow7gB4mQQ8PtiAsmArzpAXd7LzsXedm55X04U+GvkcbM9cwPcF+psyb3Zi8EnI/mjnI9MgFyySSEcosJZVAtCpXGIMyYgRXtF5OBh5CzupAG059d1TDAqrSpLXMuSDdypTaOMHxnlq5q1swfpzhhY3PVgUKVFXdjZLX8aF3JTE9ceVxFsB+traLzOQsl+QKty0x0mpuqR97zkMCchX7bTwgUgbl7phzTvmwV8Qw==,iv:gkZs5NB9+CLfz4kfV4ha2llZQPP81uuXRKqUlASgpiA=,tag:DXkiG0ZFHLHlVhwLwtv/XQ==,type:str] sync-secrets: ENC[AES256_GCM,data:AwCgqfSXmYVGnCV5PJ5Ql44IiutTS76F1H7Ow7gB4mQQ8PtiAsmArzpAXd7LzsXedm55X04U+GvkcbM9cwPcF+psyb3Zi8EnI/mjnI9MgFyySSEcosJZVAtCpXGIMyYgRXtF5OBh5CzupAG059d1TDAqrSpLXMuSDdypTaOMHxnlq5q1swfpzhhY3PVgUKVFXdjZLX8aF3JTE9ceVxFsB+traLzOQsl+QKty0x0mpuqR97zkMCchX7bTwgUgbl7phzTvmwV8Qw==,iv:gkZs5NB9+CLfz4kfV4ha2llZQPP81uuXRKqUlASgpiA=,tag:DXkiG0ZFHLHlVhwLwtv/XQ==,type:str]
writefreely: ENC[AES256_GCM,data:QOj5h/rHCxmgpPNhu3IS4eyruhQokHTJxW6yQM9YDgQ=,iv:qAd+/rAAanzL9FTIX22M+2kwI0WI2d3i86cJrn8MFBo=,tag:3zvpqnovDEoJdvK/qcFDuQ==,type:str] writefreely: ENC[AES256_GCM,data:QOj5h/rHCxmgpPNhu3IS4eyruhQokHTJxW6yQM9YDgQ=,iv:qAd+/rAAanzL9FTIX22M+2kwI0WI2d3i86cJrn8MFBo=,tag:3zvpqnovDEoJdvK/qcFDuQ==,type:str]
writefreelymysql: ENC[AES256_GCM,data:1JZwIX04O3DBAo7JvEkeNrFcSdcmk/u4WUf/kkbr2JA=,iv:8H8MR8w1iLfl2r62EbxPnLzs4qWFmwB5gNKEaly8q6c=,tag:K01oKMXkeMOFs3u7frMs0Q==,type:str] writefreelymysql: ENC[AES256_GCM,data:1JZwIX04O3DBAo7JvEkeNrFcSdcmk/u4WUf/kkbr2JA=,iv:8H8MR8w1iLfl2r62EbxPnLzs4qWFmwB5gNKEaly8q6c=,tag:K01oKMXkeMOFs3u7frMs0Q==,type:str]
ssh-private-key: ENC[AES256_GCM,data:DK/ggskAyhvotRkf36oZBoPw3hGvVlXneqaJZRPwX2a3YVMy4zgDE3iN65UeR6mfkp9J3OmLejOHeWFB/bRCHY3oTW6GUuZljTe2rI1/x/d2s4zX5UPPEWcy3cXH25d72DzElQBEMDKuZyDe0OZ0/NkR//vEeXgoA2Nr/NKHlTWrq/t26DMD2Vt+kQ+S9b0hh4tgh3OP1lwRu9/mTJOmInd/86gKB9+aD9V0oFvNbMEmgbwIah+ZjQBHB7GEIwjUc/lLmc+3RSn9J0rICIhnhL7NTzHUDHkYd93Tm0L9UHIyi9Oco2sK8tuV5mTDM1OK8CbDg/5FICTQ0H4sstCrDNZd2wE4E1kaZuwYOyxpzQpWJY8jOxxw5oIE0IccvvptM/9vp+0f1F2RIDrkIdHSLpFbGZGvXNVAWlXyv+0qOYS7BGzD0KAh9f74GcAvULq36vdzBahb5e+CqT3JXESne8qhkpsP0G9Z1I1Fy0xpADx/9cTnAm5RmXTw/KBPmBA5IZYZBRbR/C+N7Xyxr7u9RcwFJdIbSpAeT/ew,iv:pHT7DtX1ab7boPboXRaSg9w/4sMgNraEswtEf2tBPkw=,tag:Fbw2/Evf4ZsLFMBPflf9CA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -28,8 +29,8 @@ sops:
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw== NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-16T13:34:43Z" lastmodified: "2024-12-22T22:32:56Z"
mac: ENC[AES256_GCM,data:IdQmx7/Y2fdQ9gBgKYCUZQuAVRqbP5KWG4EplO6pYqA8b5xzGnmCSCwyYIXU+3NExEZCEKEfX68mdYlWPRTKUdamOBdN+fQrGXwr5lw5dpKe03ccGw7Hayi0B4O8WbLEjw1RU50v2eoK9MpD5FPrUu1AzGz3+txxzV3hoxg6Sp0=,iv:WXvxAvg+sAKYbzjaz1QKDgVrnMraO3EtIgC12zb9Xi0=,tag:FmH84rGBotouvjCOq+xL8w==,type:str] mac: ENC[AES256_GCM,data:kWB6eGaMgON0BFvDQ7BxX36Zul5eT91G6QUJBBHXBbhFm2hg7H3VaPRjsQxAje4juuh3VmaCcydlpQzHfPc4+E97MQNQRA3Ud7Qxi+Bc5jFwtANgoQha3Wja4OSEWcIAIgLTeSJrB9eJa2HqDnZWiAXVPl32lCOVg/Ns+QS1+CU=,iv:wp1a1hEyc8XrWUyYLh2iLvvQOPIcfV0/2rzJnF+HnsE=,tag:Tjdbl+hB4+ZjG+MmscQnvQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.0 version: 3.9.2

View file

@ -16,7 +16,6 @@
# inputs.nix-colors.homeManagerModules.default # inputs.nix-colors.homeManagerModules.default
# Import the shared settings # Import the shared settings
../../shared
../../desktop/package-configs/firefox ../../desktop/package-configs/firefox
# You can also split up your configuration and import pieces of it here: # You can also split up your configuration and import pieces of it here:
@ -149,14 +148,6 @@
allowUnfree = true; allowUnfree = true;
}; };
}; };
sops = {
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
defaultSopsFile = ./secrets/sops.yaml;
secrets."wg-private-key".mode = "0440";
secrets."wg-private-key".owner = config.users.users.root.name;
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# Custom tools # Custom tools
auto-mount auto-mount

View file

@ -1,5 +1,6 @@
lillian-password: ENC[AES256_GCM,data:uPNBvMyhkiX3eedduFlsFUIcas/VBVSYrsmGTlgGUOzTQST59CYZRoq0ArphIJ3+Usy6KbR5tA5FCp4PoB3qVYBfjlAq6dhZIw==,iv:TiUIo2lvdL6SiDuW4gWn0TeJXkz5MldzqGxuK3MNPnE=,tag:d3p/h+q50JxygDtk2qxIeQ==,type:str] lillian-password: ENC[AES256_GCM,data:uPNBvMyhkiX3eedduFlsFUIcas/VBVSYrsmGTlgGUOzTQST59CYZRoq0ArphIJ3+Usy6KbR5tA5FCp4PoB3qVYBfjlAq6dhZIw==,iv:TiUIo2lvdL6SiDuW4gWn0TeJXkz5MldzqGxuK3MNPnE=,tag:d3p/h+q50JxygDtk2qxIeQ==,type:str]
wg-private-key: ENC[AES256_GCM,data:PeuKeYRHfOzGlekLI95EH3qq+blntZrrboPKaKC0ghD5zIyaCYrFHYWLkug=,iv:BcugGYW7+i7d04H4EKn+BdJJPqwMVVvlHBETO0x0kQM=,tag:Z/ammSrFpWTIbVfi4VJZ9w==,type:str] wg-private-key: ENC[AES256_GCM,data:PeuKeYRHfOzGlekLI95EH3qq+blntZrrboPKaKC0ghD5zIyaCYrFHYWLkug=,iv:BcugGYW7+i7d04H4EKn+BdJJPqwMVVvlHBETO0x0kQM=,tag:Z/ammSrFpWTIbVfi4VJZ9w==,type:str]
ssh-private-key: ENC[AES256_GCM,data:7K3p6Lu4je2fNmvtKpLY2z7MG5E0gg3486PCLTlm/NzWpiH0FO8KO2yPkPPVurXfUWj7ig3eiP+bc6+kufRQ8+MCHaR+JA056cdMch0MMK92FyPvJjNKzwB4W3BpdvOKipaZvuvSfgdrEdpz6rWRwBb9KaUW5aHBjW5eQNm+q0yP2uZjW6Ncp/zrdevjlRJyXGnNJD8CBDQgLILvqlvziRO4xBnSZOmFpdCKM9jMkxwHIQUND4ic71G6cheN+kIsgsa67DlJjfrngGWxKrlC3Q2DC+30vHtW8f18oa+g7eu9eTz8+bSLxYJf9TADwE+UYe2Hakib1ju67yxBkcomIjBvqgo+zEr0jC2qYmOvlKfqn64gSbAE7zEVCbavz6gA2EMb0g47twtAdgGUyzppGQ4LXjZXv6lyYov2gdXP7bzAcXXfzDh92BuTUOp9HXOTsLh7XC7cPKziowwwT+oUeOaSujMT9tgqkazgcVR3ne+PjxduptV75gxOwxeu6F2Zm+4Y4xJBdJeyP1Baq0yj4HNY/gv3pxEEXgU5,iv:TJ3AsSvXeUmBsKd6xy+Kc1ws+Yc9ZQ5Q4A8UFHI7Wsg=,tag:egCYoe3Mkbvkup0itszm4w==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -15,8 +16,8 @@ sops:
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw== NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-06T18:02:27Z" lastmodified: "2024-12-22T22:35:15Z"
mac: ENC[AES256_GCM,data:qMvaXA/3B7rp2BvG10lvLdY/rD1ooh0QwwdfgzixeoHZxnqxmz7HZGP1UE1bGIbLYYeWGEJW440uDll5Q3ky+0qz7W8VbFEYBjaCyNcicnlLgFZXKh2nxeErubzF+I82X8wfNndAH1HWZZmPasTdDHfudjWyZF4/JKPboiyr5xE=,iv:ikj6goYS81rixJDHCWag1pYD6bSasSVOYyENlRjqn9w=,tag:Q3hQO9rqwnCBRLxec0/LTg==,type:str] mac: ENC[AES256_GCM,data:olqDdjgOF7MsYXibawEn4bou6LPof25j231+Vwr+pSGCO19Sj44OkZpS0YmNBi+Uym+X6RGM5uV3fg4JYVgThnALI9JFyFuZ41gjPRyNBXJ16RnogKykHK5XNjQEogYho5bgLA8DTDeOvSfFHW2ENM052z6lJyAaPWJLa4ADlEY=,iv:YXGKcHQfqZCnK9Z3Nw/JxcTmZR++0iKUc7PDbLBqahY=,tag:UbHZvFZjaYjrC51Q1f/oyg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.1 version: 3.9.2

View file

@ -109,9 +109,6 @@
}; };
}; };
sops = { sops = {
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
defaultSopsFile = ./secrets/sops.yaml;
# users.users = { # users.users = {
# ombi.extraGroups = ["radarr" "sonarr" "aria2"]; # ombi.extraGroups = ["radarr" "sonarr" "aria2"];
# }; # };
@ -143,8 +140,6 @@
secrets."protonvpn-priv-key".mode = "0440"; secrets."protonvpn-priv-key".mode = "0440";
secrets."protonvpn-priv-key".owner = config.users.users.root.name; secrets."protonvpn-priv-key".owner = config.users.users.root.name;
secrets."wg-private-key".mode = "0440";
secrets."wg-private-key".owner = config.users.users.root.name;
}; };
boot = { boot = {
kernelPackages = lib.mkForce pkgs.linuxPackages_latest; kernelPackages = lib.mkForce pkgs.linuxPackages_latest;

View file

@ -4,6 +4,7 @@ protonvpn-priv-key: ENC[AES256_GCM,data:s4LAq1Rqm+jGaK3OKcjIBCQYXPs3oEuTKJMAM+gF
rpcSecret: ENC[AES256_GCM,data:3tCZk2csB/ofxPc6,iv:NwT6k1hh73moH6eErT23/Dvwgb1wP/qIuoxXnCgNSao=,tag:nh0mFsh9I4R1baCL1oH+AA==,type:str] rpcSecret: ENC[AES256_GCM,data:3tCZk2csB/ofxPc6,iv:NwT6k1hh73moH6eErT23/Dvwgb1wP/qIuoxXnCgNSao=,tag:nh0mFsh9I4R1baCL1oH+AA==,type:str]
webdav-secret: ENC[AES256_GCM,data:SDFyHaE+HprkguOmDfnzwQ/n5OYgbTpxcVl4FGiLcsItefbSDOIQg5l01fqVB8zv+rRGlPcyRrIn7KTPrTpBx7X4RNHfFK4FKKvAANt6z0e5pu1+wnoObWxTShCFjfFoRCLkoh/j/CmLFyFIafrI7rzZUhs=,iv:stygLmNVWXkZL5A0J83CKPefRr7TqXeygQVLszr28eY=,tag:9hss2c77JELSASnwUyAF4w==,type:str] webdav-secret: ENC[AES256_GCM,data:SDFyHaE+HprkguOmDfnzwQ/n5OYgbTpxcVl4FGiLcsItefbSDOIQg5l01fqVB8zv+rRGlPcyRrIn7KTPrTpBx7X4RNHfFK4FKKvAANt6z0e5pu1+wnoObWxTShCFjfFoRCLkoh/j/CmLFyFIafrI7rzZUhs=,iv:stygLmNVWXkZL5A0J83CKPefRr7TqXeygQVLszr28eY=,tag:9hss2c77JELSASnwUyAF4w==,type:str]
wg-private-key: ENC[AES256_GCM,data:5WGAAst0qVqn1siX3snkAhsSDhZaS33XHT44BfViWLZqvzw+OhPB/jkSr4U=,iv:yXfN50SM3OWdycINB8iWXtvCSS01NBTrGBs1kxd1j0M=,tag:yhjDY1AM5aQ6DFeFEjo2Mw==,type:str] wg-private-key: ENC[AES256_GCM,data:5WGAAst0qVqn1siX3snkAhsSDhZaS33XHT44BfViWLZqvzw+OhPB/jkSr4U=,iv:yXfN50SM3OWdycINB8iWXtvCSS01NBTrGBs1kxd1j0M=,tag:yhjDY1AM5aQ6DFeFEjo2Mw==,type:str]
ssh-private-key: ENC[AES256_GCM,data:zbCR/+REHSN4BIQIXSOQjSRKYWhaXutdn4AE2zxmN44qHPzMI98c7/aX2KFhHOL+vKpgyhhR6JAGVTF5Jk72lmIHwDvwvwx+gLXgpZH1KEK3nTUdwUVcqBDsVB4Na5rTsHMWmRH+NxV7n+3nSQo/Byi0Jb602IPXRNREL+0toCbHon27/o2uIy4uzbsEWZu6N2hadzQCtXmHJM2dqmbKvpADt04TQ4wAcZ6wB0538g5WdtOSU6T1xcBBSDU7MNEVP7e7dUPKJWK79cI+RrzpGIh/da7cM6exSBRas711oL6woH4Hi3G6Yjd1rPxBPt1+/qq45gm/4UvjQywn/1s7BInCe9/5vJLn3TEzuUd96CsT36vEsxMeOekXf50Ntu6Xr02bnFRwUBm76BVGAggwGf/khRNJuLw0xHsCdeKzHsPD0efe5mHTJw8mB3M6vDhO6e3g6E3uRjjBaDnrPuHuD4NE1kCjQTTJh3NbuT2Ab55lhpSOEK+f0Ik2qZgKzALvJhn+MILjXSfP/hXgiwBeP4dkTY3fOcpmnPyS,iv:ojh2hzVzJFy1kvvo/WvaIpMpGT+b9aSC+L8L0iwhF1o=,tag:bHOj/fxDn/qUmp1eijLPuw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -19,8 +20,8 @@ sops:
Vm9mWk5JRGtZNVVhN1JQWTBlb2kySkEKoLI1MzS3uGNUbyn7kI5DylKZiPtc1div Vm9mWk5JRGtZNVVhN1JQWTBlb2kySkEKoLI1MzS3uGNUbyn7kI5DylKZiPtc1div
bKIboWoobTfDt0EURfmZ5+JrX6DlZxRyNQyl9dsKmZT6pLdaIppStA== bKIboWoobTfDt0EURfmZ5+JrX6DlZxRyNQyl9dsKmZT6pLdaIppStA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-06T17:42:47Z" lastmodified: "2024-12-22T22:37:02Z"
mac: ENC[AES256_GCM,data:Fcc8x/C6iv62OJeLSGZlfsLzscWVAki1vdJvPiApx8N0Uazkq0G5PS6haoLEtOzDw2Fi/0pvVWef+O+lOg/mtqxxNBXozv1f66Q9HQCZOZP0PRQPEVcWJJ/vuPMSOlQDEiGJnuakJZeOmtuZkGStcfmlcybsOlyvEYwvbpeweDI=,iv:oDpoDDcQ/+ovsjkCeRLx9Fpiv+0/f/KkC4fFDdUmxHo=,tag:SiYHQmVz0vLFCOs0xhgr4g==,type:str] mac: ENC[AES256_GCM,data:T31z1/pngI6Wa3HMyOxS5ofb2Y5YqK0v5m96mn7n5dQ0d992ooEpoNyE7r8qHsD+tXiHvLIybWUMiMlDLI7Gq8op9GLEYYnFNDfc24k7lQPPuQK/iraJFUQwiRBbK063Rmfa6q6S3P2YN58+oxUJUiKuAy4yUIJTNaHeCCH8HMc=,iv:uLbAtSNbUcsejWdE1oBvCQVOtuaHL7A3R0sT/ispjhU=,tag:t3D7h0B0dDDZ18qo8G8wiA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.1 version: 3.9.2

View file

@ -9,8 +9,21 @@
./locale ./locale
./packages ./packages
]; ];
sops.age.keyFile = ../../../../../../var/secrets/keys.txt; sops = {
sops.secrets."lillian-password".neededForUsers = true; age.keyFile = ../../../../../../var/secrets/keys.txt;
secrets."lillian-password".neededForUsers = true;
defaultSopsFile = ../hosts/${config.networking.hostName}/secrets/sops.yaml;
secrets."wg-private-key".mode = "0440";
secrets."wg-private-key".owner = config.users.users.root.name;
secrets."ssh-private-key" = {
mode = "0600";
owner = config.users.users.lillian.name;
path = "/home/lillian/.ssh/id_ed25519";
};
};
#TODO: remove this when unneeded for freetube #TODO: remove this when unneeded for freetube
nixpkgs.config.permittedInsecurePackages = [ nixpkgs.config.permittedInsecurePackages = [
@ -50,27 +63,17 @@
]; ];
}; };
}; };
catppuccin = {
catppuccin.flavor = "macchiato"; flavor = "macchiato";
catppuccin.enable = true; enable = true;
catppuccin.plymouth.enable = false; plymouth.enable = false;
catppuccin.grub.enable = false; grub.enable = false;
};
# console.catppuccin.enable = true; # console.catppuccin.enable = true;
home-manager.backupFileExtension = "backup"; home-manager.backupFileExtension = "backup";
users.users.lillian = {
isNormalUser = true;
extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"];
shell = pkgs.zsh;
hashedPasswordFile = config.sops.secrets."lillian-password".path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS"
];
};
programs.zsh = { programs.zsh = {
enable = true; enable = true;
}; };
@ -133,10 +136,22 @@
# Enable completion of system packages by zsh # Enable completion of system packages by zsh
environment.pathsToLink = ["/share/zsh"]; environment.pathsToLink = ["/share/zsh"];
users = {
users.lillian = {
isNormalUser = true;
extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"];
shell = pkgs.zsh;
hashedPasswordFile = config.sops.secrets."lillian-password".path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS"
];
};
users.mutableUsers = false; mutableUsers = false;
users.users.root = { users.root = {
hashedPassword = "*"; hashedPassword = "*";
};
}; };
} }