diff --git a/.sops.yaml b/.sops.yaml index b7a8695..9a4312c 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,7 +1,13 @@ keys: - - &primary ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID1RPCcS8DtIf75a2FEW4d8X6WTVeLlmretoLqppvZlJ openpgp:0xC317996E + - &users: + # - &nx2 age1sgzc2jh8af30a3cp6g7l4hyzusqrn3x3xw7frghc4akvjaplwa3stfemxc + - &nx2 22FB2CC03DC5292AB81CF67D0AF27B383170E634 + - &hosts: + - &north age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e creation_rules: - - path_regex: secrets/secrets.yaml$ + - path_regex: sops-secrets.yaml$ key_groups: - age: - - *primary + - *north + pgp: + - *nx2 diff --git a/configuration.nix b/configuration.nix index f637c4e..07f1950 100755 --- a/configuration.nix +++ b/configuration.nix @@ -1,8 +1,9 @@ -{ config, lib, pkgs, pkgs-unstable, user, host, allowed, secrets, rice, nvidia, ... }: +{ pkgs, pkgs-unstable, rice, inputs, ... }: let in { imports = [ + inputs.sops-nix.nixosModules.sops ./system-modules/hardware-configuration.nix ./system-modules/fuse.nix ./system-modules/nvidia.nix @@ -15,8 +16,8 @@ in ./system-modules/sshd.nix ./system-modules/gpg.nix ./system-modules/sops.nix - # ./system-modules/syncthing.nix - ./system-modules/hsmw.nix + ./system-modules/syncthing.nix + # ./system-modules/hsmw.nix # old ./system-modules/docker.nix ./system-modules/health_reminder.nix ./system-modules/ollama.nix @@ -85,6 +86,10 @@ in sendme ]); + environment.variables = { + EDITOR = "hx"; + VISUAL = "hx"; + }; fonts.packages = with pkgs; [ noto-fonts diff --git a/flake.lock b/flake.lock index f486732..dba001a 100755 --- a/flake.lock +++ b/flake.lock @@ -42,11 +42,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1716782615, - "narHash": "sha256-/Awpe+K8Npq35mhPw3gj+X/phWrvjXCEgbraxmtBlIU=", + "lastModified": 1717128197, + "narHash": "sha256-jUObiEzZXl07D1JYsZr86TJOFFeJw3rJD3OUOCHicP0=", "owner": "rycee", "repo": "nur-expressions", - "rev": "33111902039a1a779aef5574c7262dd8e9d688ae", + "rev": "179e0cecb2c8a663fcf9acfaff067cd2dd0da66b", "type": "gitlab" }, "original": { @@ -208,11 +208,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1716801877, - "narHash": "sha256-vfMb7opO2xva0jt/UwMGlyjK4DB73SWxus4Oryww+C8=", + "lastModified": 1717151932, + "narHash": "sha256-MwAAjC9AXaxxmvTMkgZZvdWaE/d7AfVd0L1NZtciRbY=", "ref": "refs/heads/main", - "rev": "db5d39a66f1285f78321d953eac398feaedfc63d", - "revCount": 4744, + "rev": "df6ebe358b30ee7b49f296e05763e5e4b0edce98", + "revCount": 4751, "submodules": true, "type": "git", "url": "https://github.com/hyprwm/Hyprland" @@ -235,11 +235,11 @@ ] }, "locked": { - "lastModified": 1715722806, - "narHash": "sha256-KrSLG2H3KGELxTFdiBhv8U6D53Q3UsJsQO+KgEabsNA=", + "lastModified": 1717171694, + "narHash": "sha256-LN2lrcGdAMpkooleWSOV+/q1+wx1f3pSBs1TWeoMCkA=", "owner": "hyprwm", "repo": "hyprland-plugins", - "rev": "c28d1011f4868c1a1ee80b10d9ee79900686df82", + "rev": "e0cad229c3d799c7f72b1217ab2eb300ceecf3ac", "type": "github" }, "original": { @@ -382,13 +382,29 @@ "type": "github" } }, - "nixpkgs-unstable": { + "nixpkgs-stable_2": { "locked": { - "lastModified": 1716509168, - "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=", + "lastModified": 1716655032, + "narHash": "sha256-kQ25DAiCGigsNR/Quxm3v+JGXAEXZ8I7RAF4U94bGzE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bfb7a882678e518398ce9a31a881538679f6f092", + "rev": "59a450646ec8ee0397f5fa54a08573e8240eb91f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1716948383, + "narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ad57eef4ef0659193044870c731987a6df5cf56b", "type": "github" }, "original": { @@ -415,11 +431,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1716633019, - "narHash": "sha256-xim1b5/HZYbWaZKyI7cn9TJCM6ewNVZnesRr00mXeS4=", + "lastModified": 1716991068, + "narHash": "sha256-Av0UWCCiIGJxsZ6TFc+OiKCJNqwoxMNVYDBChmhjNpo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9d29cd266cebf80234c98dd0b87256b6be0af44e", + "rev": "25cf937a30bf0801447f6bf544fc7486c6309234", "type": "github" }, "original": { @@ -467,7 +483,8 @@ "hyprland-plugins": "hyprland-plugins", "lanzaboote": "lanzaboote", "nixpkgs": "nixpkgs_3", - "nixpkgs-unstable": "nixpkgs-unstable" + "nixpkgs-unstable": "nixpkgs-unstable", + "sops-nix": "sops-nix" } }, "rust-overlay": { @@ -495,6 +512,27 @@ "type": "github" } }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_2" + }, + "locked": { + "lastModified": 1716692524, + "narHash": "sha256-sALodaA7Zkp/JD6ehgwc0UCBrSBfB4cX66uFGTsqeFU=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "962797a8d7f15ed7033031731d0bb77244839960", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1689347949, diff --git a/flake.nix b/flake.nix index 6d6e4c1..5d8b116 100755 --- a/flake.nix +++ b/flake.nix @@ -1,5 +1,5 @@ { - description = "A Flake lol"; + description = "Multisystem NixOS Flake of Lennart J. Kurzweg"; inputs = { nixpkgs.url = "nixpkgs/nixos-23.11"; @@ -8,6 +8,10 @@ url = "github:nix-community/home-manager/release-23.11"; inputs.nixpkgs.follows = "nixpkgs"; }; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; hyprland = { url = "git+https://github.com/hyprwm/Hyprland?submodules=1"; @@ -50,7 +54,7 @@ user = "nx2"; - nvidia = rec { + nvidia = { enable = true; prime = true; # unfree = if enable then [ @@ -79,7 +83,7 @@ ]; }; - secrets = import ./secrets/passwords-and-certificates.nix; + secrets = import ./git-crypt/secrets.nix; rice = rec { lib = import ./nxlib/ricelib.nix { lib = nixpkgs.lib; }; @@ -134,11 +138,7 @@ in { nixosConfigurations = { - NxXPS = - let - host = "NxXPS"; - in - nixpkgs.lib.nixosSystem { + NxXPS = let host = "NxXPS"; in nixpkgs.lib.nixosSystem { inherit system; modules = [ ./configuration.nix ]; specialArgs = { inherit inputs user host pkgs-unstable allowed secrets rice nvidia; }; @@ -148,12 +148,7 @@ modules = [ ./configuration.nix ]; specialArgs = { inherit inputs user host pkgs-unstable allowed secrets rice nvidia; }; }; - NxACE = - let - host = "NxACE"; - nvidia.enable = false; - in - nixpkgs.lib.nixosSystem { + NxACE = let host = "NxACE"; nvidia.enable = false; in nixpkgs.lib.nixosSystem { inherit system; modules = [ ./configuration.nix ]; specialArgs = { inherit inputs user host pkgs-unstable allowed secrets rice nvidia; }; @@ -163,29 +158,17 @@ homeConfigurations = { "${user}@NxXPS" = let host = "NxXPS"; in home-manager.lib.homeManagerConfiguration { inherit pkgs; - modules = [ - ./home.nix - ]; + modules = [ ./home.nix ]; extraSpecialArgs = { inherit inputs system user host allowed secrets pkgs-unstable rice nvidia; }; }; "${user}@NxNORTH" = let host = "NxNORTH"; in home-manager.lib.homeManagerConfiguration { inherit pkgs; - modules = [ - ./home.nix - ]; + modules = [ ./home.nix ]; extraSpecialArgs = { inherit inputs system user host allowed secrets pkgs-unstable rice nvidia; }; }; - - "${user}@NxACE" = - let - host = "NxACE"; - nvidia.enable = false; - in - home-manager.lib.homeManagerConfiguration { + "${user}@NxACE" = let host = "NxACE"; nvidia.enable = false; in home-manager.lib.homeManagerConfiguration { inherit pkgs; - modules = [ - ./home.nix - ]; + modules = [ ./home.nix ]; extraSpecialArgs = { inherit inputs system user host allowed secrets pkgs-unstable rice nvidia; }; }; "tv@NxACE" = @@ -196,9 +179,7 @@ in home-manager.lib.homeManagerConfiguration { inherit pkgs; - modules = [ - ./home.nix - ]; + modules = [ ./home.nix ]; extraSpecialArgs = { inherit inputs system user host allowed secrets pkgs-unstable rice nvidia; }; }; }; diff --git a/home-modules/bash.nix b/home-modules/bash.nix new file mode 100755 index 0000000..c5d0985 --- /dev/null +++ b/home-modules/bash.nix @@ -0,0 +1,29 @@ +{ pkgs, lib, user, ... }: +lib.mkIf (user != "tv") +{ + home.packages = with pkgs; [ + bash + ]; + programs.bash = { + enable = true; + shellAliases = { + ll = "ls -l"; + la = "ls -a"; + lla = "ls -la"; + }; + shellOptions = [ + "histappend" + "checkwinsize" + "extglob" + "globstar" + "checkjobs" + ]; + enableCompletion = false; + # initExtra = '' + # if [[ $- == *i* ]] # if interactive + # then + # eval "$(${pkgs.starship}/bin/starship init bash)" + # fi + # ''; + }; +} diff --git a/home-modules/fish.nix b/home-modules/fish.nix index 0a02e87..cd1b824 100755 --- a/home-modules/fish.nix +++ b/home-modules/fish.nix @@ -27,7 +27,7 @@ lib.mkIf (user != "tv") $(echo -e "$logo" | sed -n 6p): $(bash --version | head --lines 1 | cut -f -4 -d' ') $(echo -e "$logo" | sed -n 7p): fish $(fish --version | rev | cut -f 1 -d' ' | rev) $(echo -e "$logo" | sed -n 8p): ''$(uname -r) - $(echo -e "$logo" | sed -n 9p): ''${EDITOR} + $(echo -e "$logo" | sed -n 9p): $($EDITOR --version | head -n 1) $(echo -e "$logo" | sed -n 10p): $(yazi --version) $(echo -e "$logo" | sed -n 11p): $(starship --version | head -n 1) " @@ -88,7 +88,7 @@ lib.mkIf (user != "tv") if not set -q IN_NIX_SHELL nxfetch end - ${pkgs.starship}/bin/starship init fish | source + # ${pkgs.starship}/bin/starship init fish | source # ${pkgs.any-nix-shell}/bin/any-nix-shell fish --info-right | source ''; functions = { diff --git a/home-modules/gpg.nix b/home-modules/gpg.nix index 46647d1..5e21c48 100644 --- a/home-modules/gpg.nix +++ b/home-modules/gpg.nix @@ -1,10 +1,12 @@ -{ pkgs, ... }: +{ pkgs, pkgs-unstable, ... }: { # there also is a system module home.packages = with pkgs; [ gnupg gpg-tui - ]; + ] ++ ( with pkgs-unstable; [ + pinentry-all + ]); services.gpg-agent = { enable = true; diff --git a/home-modules/hyprland.nix b/home-modules/hyprland.nix index d113945..d35ded3 100755 --- a/home-modules/hyprland.nix +++ b/home-modules/hyprland.nix @@ -25,17 +25,17 @@ let scale = "1.0"; }; left = { - name = "HDMI-A-3"; + name = "HDMI-A-2"; resolution = "1920x1080"; position = "0x360"; scale = "1.0"; }; - right = { - name = "HDMI-A-2"; - resolution = "1920x1080"; - position = "4480x360"; - scale = "1.0"; - }; + # right = { + # name = "HDMI-A-2"; + # resolution = "1920x1080"; + # position = "4480x360"; + # scale = "1.0"; + # }; }; ace = { main = { @@ -82,7 +82,7 @@ lib.mkIf (user != "tv") ]) else (if host == "NxNORTH" then (with monitors.north; [ "${main.name}, ${main.resolution}, ${main.position}, ${main.scale}" "${left.name}, ${left.resolution}, ${left.position}, ${left.scale}" - "${right.name}, ${right.resolution}, ${right.position}, ${right.scale}" + # "${right.name}, ${right.resolution}, ${right.position}, ${right.scale}" ]) else ( with monitors.ace; [ "${main.name}, ${main.resolution}, ${main.position}, ${main.scale}" ])); @@ -91,7 +91,8 @@ lib.mkIf (user != "tv") let d1 = if host == "NxXPS" then monitors.xps.main.name else (if host == "NxNORTH" then monitors.north.main.name else monitors.ace.main.name); d2 = if host == "NxXPS" then monitors.xps.second.name else (if host == "NxNORTH" then monitors.north.left.name else monitors.ace.main.name); - d3 = if host == "NxXPS" then monitors.xps.main.name else (if host == "NxNORTH" then monitors.north.right.name else monitors.ace.main.name); + d3 = if host == "NxXPS" then monitors.xps.main.name else (if host == "NxNORTH" then monitors.north.main.name else monitors.ace.main.name); + # d3 = if host == "NxXPS" then monitors.xps.main.name else (if host == "NxNORTH" then monitors.north.right.name else monitors.ace.main.name); compact = "gapsin:0, gapsout:0, bordersize:1, rounding:false"; in [ diff --git a/home-modules/nelix.nix b/home-modules/nelix.nix deleted file mode 100644 index e69de29..0000000 diff --git a/home-modules/nixvim.nix b/home-modules/nixvim.nix deleted file mode 100755 index 308abda..0000000 --- a/home-modules/nixvim.nix +++ /dev/null @@ -1,128 +0,0 @@ -{ config, pkgs, inputs, system, rice, ... }: -{ - imports = [ - inputs.nixvim.homeManagerModules.nixvim - ]; - - home.packages = [ - pkgs.neovide - ]; - programs.nixvim = { - enable = true; - viAlias = true; - vimAlias = true; - clipboard.providers.wl-copy.enable = true; - - options = { - number = true; - relativenumber = true; - shiftwidth = 2; - }; - colorschemes.catppuccin = { - enable = true; - settings = { - mocha = { - base = "#ff0000"; - }; - disable_underline = true; - flavour = "mocha"; - integrations = { - cmp = true; - gitsigns = true; - mini = { - enabled = true; - indentscope_color = ""; - }; - notify = false; - nvimtree = true; - treesitter = true; - }; - styles = { - booleans = [ - "bold" - "italic" - ]; - conditionals = [ - "bold" - ]; - }; - term_colors = true; - }; - }; - # colorschemes.base16 = { - # enable = true; - # setUpBar = true; - # colorscheme = "onedark"; - - # customColorScheme = { - # base00 = rice.color.background; - # base01 = rice.color.black.bright; - # base02 = rice.color.blue.base; - # base03 = rice.color.blue.bright; - # base04 = rice.color.cyan.base; - # base05 = rice.color.cyan.bright; - # base06 = rice.color.green.base; - # base07 = rice.color.green.bright; - # base08 = rice.color.magenta.base; - # base09 = rice.color.magenta.bright; - # base0A = rice.color.red.base; - # base0B = rice.color.red.bright; - # base0C = rice.color.white.base; - # base0D = rice.color.white.bright; - # base0E = rice.color.yellow.base; - # base0F = rice.color.yellow.bright; - # }; - # }; - opts = { - termguicolors = true; - }; - globals = { - mapleader = " "; - }; - plugins = { - telescope = { - enable = true; - extensions = { - fzf-native.enable = true; - }; - keymaps = { - "" = { action = "find_files"; }; - "fg" = { action = "live_grep"; }; - }; - }; - - lightline = { - enable = true; - # colorscheme = "base16"; - # active = { - # left = [ - # ["mode" "paste"] - # ["readonly" "filename" "modified"] - # ]; - - # right = [ - # [ "lineinfo" ] - # [ "percent" ] - # [ "fileformat" "fileencoding" "filetype" "charvaluehex" ] - # [ "git" ] - # ]; - # }; - }; - nix.enable = true; - - lsp-lines.enable = true; - lspkind.enable = true; - }; - extraPlugins = [ ]; - keymaps = - let - mkKeymap = mode: key: action: { inherit mode key action; }; - mkKeymapWithOpts = mode: key: action: opts: (mkKeymap mode key action) // { options = opts; }; - in - [ - (mkKeymap "" "" "") - (mkKeymap "n" "ff" "builtin.find_files") - ]; - }; -} -## vl clipboard? diff --git a/home-modules/nvim-lua/options.lua b/home-modules/nvim-lua/options.lua deleted file mode 100755 index e69de29..0000000 diff --git a/home-modules/nvim-lua/plugin/cmp.lua b/home-modules/nvim-lua/plugin/cmp.lua deleted file mode 100755 index cf2b7a7..0000000 --- a/home-modules/nvim-lua/plugin/cmp.lua +++ /dev/null @@ -1,46 +0,0 @@ -local cmp = require('cmp') -local luasnip = require('luasnip') - -require('luasnip.loaders.from_vscode').lazy_load() -luasnip.config.setup {} - -cmp.setup { - snippet = { - expand = function(args) - luasnip.lsp_expand(args.body) - end, - }, - mapping = cmp.mapping.preset.insert { - [''] = cmp.mapping.select_next_item(), - [''] = cmp.mapping.select_prev_item(), - [''] = cmp.mapping.scroll_docs(-4), - [''] = cmp.mapping.scroll_docs(4), - [''] = cmp.mapping.complete {}, - [''] = cmp.mapping.confirm { - behavior = cmp.ConfirmBehavior.Replace, - select = true, - }, - [''] = cmp.mapping(function(fallback) - if cmp.visible() then - cmp.select_next_item() - elseif luasnip.expand_or_locally_jumpable() then - luasnip.expand_or_jump() - else - fallback() - end - end, { 'i', 's' }), - [''] = cmp.mapping(function(fallback) - if cmp.visible() then - cmp.select_prev_item() - elseif luasnip.locally_jumpable(-1) then - luasnip.jump(-1) - else - fallback() - end - end, { 'i', 's' }), - }, - sources = { - { name = 'nvim_lsp' }, - { name = 'luasnip' }, - }, -} diff --git a/home-modules/nvim-lua/plugin/lsp.lua b/home-modules/nvim-lua/plugin/lsp.lua deleted file mode 100755 index 6dd7f01..0000000 --- a/home-modules/nvim-lua/plugin/lsp.lua +++ /dev/null @@ -1,49 +0,0 @@ -local on_attach = function(_, bufnr) - - local bufmap = function(keys, func) - vim.keymap.set('n', keys, func, { buffer = bufnr }) - end - - bufmap('r', vim.lsp.buf.rename) - bufmap('a', vim.lsp.buf.code_action) - - bufmap('gd', vim.lsp.buf.definition) - bufmap('gD', vim.lsp.buf.declaration) - bufmap('gI', vim.lsp.buf.implementation) - bufmap('D', vim.lsp.buf.type_definition) - - bufmap('gr', require('telescope.builtin').lsp_references) - bufmap('s', require('telescope.builtin').lsp_document_symbols) - bufmap('S', require('telescope.builtin').lsp_dynamic_workspace_symbols) - - bufmap('K', vim.lsp.buf.hover) - - vim.api.nvim_buf_create_user_command(bufnr, 'Format', function(_) - vim.lsp.buf.format() - end, {}) -end - -local capabilities = vim.lsp.protocol.make_client_capabilities() -capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities) - -require('neodev').setup() -require'lspconfig'.lua_ls.setup{} --- require('lspconfig').lua_ls.setup { --- on_attach = on_attach, --- capabilities = capabilities, --- root_dir = function() --- return vim.loop.cwd() --- end, --- cmd = { "lua-lsp" }, --- settings = { --- Lua = { --- workspace = { checkThirdParty = false }, --- telemetry = { enable = false }, --- }, --- } --- } - -require('lspconfig').nixd.setup { - on_attach = on_attach, - capabilities = capabilities, -} diff --git a/home-modules/nvim-lua/plugin/other.lua b/home-modules/nvim-lua/plugin/other.lua deleted file mode 100755 index e69de29..0000000 diff --git a/home-modules/nvim-lua/plugin/telescope.lua b/home-modules/nvim-lua/plugin/telescope.lua deleted file mode 100755 index f2dae3d..0000000 --- a/home-modules/nvim-lua/plugin/telescope.lua +++ /dev/null @@ -1,16 +0,0 @@ -require('telescope').setup({ - extensions = { - fzf = { - fuzzy = true, -- false will only do exact matching - override_generic_sorter = true, -- override the generic sorter - override_file_sorter = true, -- override the file sorter - case_mode = "smart_case", -- or "ignore_case" or "respect_case" (the default case_mode is "smart_case") - } - } -}) - -require('telescope').load_extension('fzf') - - -local builtin = require('telescope.builtin') -vim.keymap.set('n', 'ff', builtin.find_files, {}) \ No newline at end of file diff --git a/home-modules/nvim-lua/plugin/treesitter.lua b/home-modules/nvim-lua/plugin/treesitter.lua deleted file mode 100755 index 2edb953..0000000 --- a/home-modules/nvim-lua/plugin/treesitter.lua +++ /dev/null @@ -1,9 +0,0 @@ -require('nvim-treesitter.configs').setup { - ensure_installed = {}, - - auto_install = false, - - highlight = { enable = true }, - - indent = { enable = true }, -} diff --git a/home-modules/nvim.nix b/home-modules/nvim.nix deleted file mode 100755 index 8f3fd0b..0000000 --- a/home-modules/nvim.nix +++ /dev/null @@ -1,120 +0,0 @@ -{ config, pkgs, pkgs-unstable, lib, user, rice, ... }: -let - toLua = str: "lua << EOF\n${str}\nEOF\n"; - toLuaFile = file: "lua << EOF\n${builtins.readFile file}\nEOF\n"; - - theme = { - name = "base16-colorscheme"; - package = pkgs-unstable.vimPlugins.base16-nvim; - }; -in -lib.mkIf (user != "tv") -{ - home.packages = with pkgs; [ - neovide - ]; - - programs.neovim = { - enable = true; - - viAlias = true; - vimAlias = true; - vimdiffAlias = true; - - extraPackages = with pkgs; [ - # extra - wl-clipboard - - # LSPs - nixd - lua-language-server - ]; - - plugins = with pkgs.vimPlugins; [ - nvim-lspconfig - nvim-cmp # A completion engine. Completion sources are installed from external repositories and "sourced". - cmp-nvim-lsp # cmp source: LSPs - luasnip # cmp source: LSPs - nvim-web-devicons # icons or some shit - friendly-snippets # a collention of snippets for many languages - neodev-nvim # configures lua-language-server for Neovim - vim-nix # Syntax highlighting, Filetype detection, Automatic indentation, NixEdit command: navigate nixpkgs by attribute name - telescope-nvim - telescope-fzf-native-nvim - lualine-nvim - comment-nvim - (nvim-treesitter.withPlugins (p: with p; [ - tree-sitter-nix - tree-sitter-vim - tree-sitter-bash - tree-sitter-lua - tree-sitter-python - tree-sitter-json - tree-sitter-html - tree-sitter-css - tree-sitter-dockerfile - tree-sitter-ssh_config - tree-sitter-javascript - tree-sitter-gitignore - ]) - ) - ] ++ [ theme.package ]; - - extraLuaConfig = '' - -- Options - vim.keymap.set("n", "", "") - vim.g.mapleader = " " - vim.g.maplocalleader = ' ' - vim.o.clipboard = 'unnamedplus' - vim.o.number = true - vim.o.relativenumber = true - vim.o.signcolumn = 'yes' - vim.o.tabstop = 2 - vim.o.shiftwidth = 2 - vim.o.updatetime = 300 - vim.o.termguicolors = true - vim.o.mouse = 'a' - - -- Colorscheme - require('base16-colorscheme').setup({ - base00 = '${rice.color.background}', - base01 = '${rice.color.black.bright}', - base02 = '${rice.color.blue.base}', - base03 = '${rice.color.blue.bright}', - base04 = '${rice.color.cyan.base}', - base05 = '${rice.color.cyan.bright}', - base06 = '${rice.color.green.base}', - base07 = '${rice.color.green.bright}', - base08 = '${rice.color.magenta.base}', - base09 = '${rice.color.magenta.bright}', - base0A = '${rice.color.red.base}', - base0B = '${rice.color.red.bright}', - base0C = '${rice.color.foreground}', - base0D = '${rice.color.white.bright}', - base0E = '${rice.color.yellow.base}', - base0F = '${rice.color.yellow.bright}', - }) - require('base16-colorscheme').with_config({ - telescope = true, - -- indentblankline = true, - -- notify = true, - -- ts_rainbow = true, - cmp = true, - -- illuminate = true, - -- dapui = true, - }) - - -- PLUGINS - require("Comment").setup() - require("lualine").setup({ - icons_enabled = true, - theme = '${theme.name}', - }) - require("Comment").setup() - ${builtins.readFile ./nvim-lua/plugin/lsp.lua} - ${builtins.readFile ./nvim-lua/plugin/cmp.lua} - ${builtins.readFile ./nvim-lua/plugin/telescope.lua} - ${builtins.readFile ./nvim-lua/plugin/treesitter.lua} - ''; - }; -} diff --git a/home-modules/programming/node.nix b/home-modules/programming/node.nix new file mode 100644 index 0000000..e2decfd --- /dev/null +++ b/home-modules/programming/node.nix @@ -0,0 +1,7 @@ +{ pkgs, lib, host, ... }: +lib.mkIf (host != "NxACE") +{ + home.packages = with pkgs; [ + nodejs + ]; +} diff --git a/home-modules/python.nix b/home-modules/programming/python.nix similarity index 100% rename from home-modules/python.nix rename to home-modules/programming/python.nix diff --git a/home-modules/qt.nix b/home-modules/qt.nix index 22a11b8..b78e18d 100755 --- a/home-modules/qt.nix +++ b/home-modules/qt.nix @@ -1,7 +1,7 @@ -{ config, pkgs, lib, system, user, allowed, secrets, ... }: +{ pkgs, lib, user, ... }: lib.mkIf (user != "tv") { qt = { platformTheme = "gtk"; }; -} \ No newline at end of file +} diff --git a/home-modules/sops.nix b/home-modules/sops.nix new file mode 100644 index 0000000..23468d8 --- /dev/null +++ b/home-modules/sops.nix @@ -0,0 +1,23 @@ +{ user, inputs, ... }: +{ + imports = [ + inputs.sops-nix.homeManagerModules.sops + ]; + + sops = { + # age.keyFile = "/home/${user}/.config/sops/age/keys.txt"; + gnupg.home = "/home/${user}/.gnupg"; + defaultSopsFile = ../sops-secrets.yaml; + + # %r is $XDG_RUNTIME_DIR + secrets = { + "example" = { + path = "%r/secrets/example"; + }; + # "sops-age-private-key" = { # Bootstrapping doens't work + # mode = "0400"; + # path = "/home/${user}/.config/sops/age/keys.txt"; + # }; + }; + }; +} diff --git a/home-modules/starship.nix b/home-modules/starship.nix index 69dbec1..e74fd6c 100755 --- a/home-modules/starship.nix +++ b/home-modules/starship.nix @@ -1,16 +1,15 @@ -{ config, pkgs, lib, system, user, allowed, secrets, ... }: +{ pkgs, lib, user, rice, ... }: lib.mkIf (user != "tv") { home.packages = [ pkgs.starship ]; - ## gets sourced in fish.nix - - programs.starship = { enable = true; - settings = { + # enableBashIntegration = true; + enableFishIntegration = true; + settings = with rice.color; { add_newline = false; format = lib.strings.concatMapStrings (x: "$" + x) [ "jobs" @@ -82,96 +81,83 @@ lib.mkIf (user != "tv") "custom" "sudo" "cmd_duration" - "time" + # "time" "status" "container" "shell" "character" ]; - aws.format = "[\\[$symbol($profile)(\\($region\\))(\\[$duration\\])\\]]($style)"; - bun.format = "[\\[$symbol($version)\\]]($style)"; - c.format = "[\\[$symbol($version(-$name))\\]]($style)"; - cmake.format = "[\\[$symbol($version)\\]]($style)"; - cmd_duration.format = "[\\[$symbol$duration\\]]($style)"; - cobol.format = "[\\[$symbol($version)\\]]($style)"; - conda.format = "[\\[$symbol$environment\\]]($style)"; - crystal.format = "[\\[$symbol($version)\\]]($style)"; - daml.format = "[\\[$symbol($version)\\]]($style)"; - dart.format = "[\\[$symbol($version)\\]]($style)"; - deno.format = "[\\[$symbol($version)\\]]($style)"; - docker_context.format = "[\\[$symbol($context)\\]]($style)"; - dotnet.format = "[\\[$symbol($version)(🎯 $tfm)\\]]($style)"; - elixir.format = "[\\[$symbol($version \\(OTP $otp_version\\))\\]]($style)"; - elm.format = "[\\[$symbol($version)\\]]($style)"; - erlang.format = "[\\[$symbol($version)\\]]($style)"; - gcloud.format = "[\\[$symbol$account(@$domain)(\\($region\\))\\]]($style)"; - git_branch.format = "[\\[$symbol$branch:]($style)"; - git_status.format = "([$all_status$ahead_behind]($style))(bold green)[\\]]($style)"; - golang.format = "[\\[$symbol($version)\\]]($style)"; - haskell.format = "[\\[$symbol($version)\\]]($style)"; - helm.format = "[\\[$symbol($version)\\]]($style)"; - hg_branch.format = "[\\[$symbol$branch\\]]($style)"; - java.format = "[\\[$symbol($version)\\]]($style)"; - julia.format = "[\\[$symbol($version)\\]]($style)"; - kotlin.format = "[\\[$symbol($version)\\]]($style)"; - kubernetes.format = "[\\[$symbol$context( \\($namespace\\))\\]]($style)"; - lua.format = "[\\[$symbol($version)\\]]($style)"; - memory_usage.format = "[\\[$symbol[$ram( | $swap)\\]]($style)"; - meson.format = "[\\[$symbol$project\\]]($style)"; - nim.format = "[\\[$symbol($version)\\]]($style)"; - nix_shell.format = "[\\[󱄅 $state \\($name\\)\\]]($style)"; - nodejs.format = "[\\[$symbol($version)\\]]($style)"; - ocaml.format = "[\\[$symbol($version)(\\($switch_indicator$switch_name\\))\\]]($style)"; - openstack.format = "[\\[$symbol$cloud(\\($project\\))\\]]($style)"; - package.format = "[\\[$symbol$version\\]]($style)"; - perl.format = "[\\[$symbol($version)\\]]($style)"; - php.format = "[\\[$symbol($version)\\]]($style)"; - pulumi.format = "[\\[$symbol$stack\\]]($style)"; - purescript.format = "[\\[$symbol($version)\\]]($style)"; - python = { - format = ''[\[''${symbol}''${pyenv_prefix}''${version}$virtualenv\]]($style)''; - symbol = " "; - }; - raku.format = "[\\[$symbol($version-$vm_version)\\]]($style)"; - red.format = "[\\[$symbol($version)\\]]($style)"; - ruby.format = "[\\[$symbol($version)\\]]($style)"; - rust.format = "[\\[$symbol($version)\\]]($style)"; - scala.format = "[\\[$symbol($version)\\]]($style)"; - spack.format = "[\\[$symbol$environment\\]]($style)"; - sudo.format = "[\\[$symbol]\\]"; - swift.format = "[\\[$symbol($version)\\]]($style)"; - terraform.format = "[\\[$symbol$workspace\\]]($style)"; - time.format = "[\\[$time\\]]($style)"; - username.format = "[\\[$user\\]]($style)"; - vagrant.format = "[\\[$symbol($version)\\]]($style)"; - vlang.format = "[\\[$symbol($version)\\]]($style)"; - zig.format = "[\\[$symbol($version)\\]]($style)"; - directory = { - format = "[\\[]($style)[$lock_symbol]($lock_style)[$path\\]]($style)"; - style = "cyan bold"; - }; + aws.format = "[\\[$symbol($profile)(\\($region\\))(\\[$duration\\])\\]](fg:${foreground})"; + battery.format = "[\\[$symbol$percentage\\]](fg:${foreground})"; + bun.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + c.format = "[\\[$symbol($version(-$name))\\]](fg:${foreground})"; character = { - format = "$symbol"; - success_symbol = "[\\[󰽧\\]](bold white) "; - error_symbol = "[\\[\\]](bold red) "; - vimcmd_symbol = "[\\[\\]](bold green) "; - vimcmd_replace_one_symbol = "[\\[1\\]](bold green) "; - vimcmd_replace_symbol = "[\\[R\\]](bold green) "; - vimcmd_visual_symbol = "[\\[V\\]](bold green) "; - }; - battery.format = "[\\[$symbol$percentage\\]]($style)"; - shlvl.format = "[\\[$symbol$shlvl\\]]($style)"; - singularity.format = "[\\[$symbol\\[$env\\]\\]]($style)"; - jobs = { - format = "[\\[$symbol $number\\]]($style)"; - number_threshold = 1; - }; - vcsh.format = "[\\[vcsh [$symbol$repo\\]]($style)"; - hostname = { - format = "[\\[$ssh_symbol$hostname\\]]($style)"; - ssh_symbol = "󰖟 "; - ssh_only = true; + format = "$symbol "; + success_symbol = "[\\[󰽧\\]](${foreground})"; + error_symbol = "[\\[\\]](${negative.base})"; + vimcmd_replace_one_symbol = "[\\[1\\]](${special.base})"; + vimcmd_replace_symbol = "[\\[R\\]](${special.base})"; + vimcmd_symbol = "[\\[\\]](${special.base})"; + vimcmd_visual_symbol = "[\\[V\\]](${special.base})"; }; + cmake.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + cmd_duration.format = "[\\[$symbol$duration\\]](fg:${accent.bright})"; + cobol.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + conda.format = "[\\[$symbol$environment\\]](fg:${foreground})"; + crystal.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + daml.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + dart.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + deno.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + directory.format = "[\\[](fg:${accent.base})[$lock_symbol](${negative.base})[$path\\]](fg:${accent.base})"; + docker_context.format = "[\\[$symbol($context)\\]](fg:${foreground})"; + dotnet.format = "[\\[$symbol($version)(🎯 $tfm)\\]](fg:${foreground})"; + elixir.format = "[\\[$symbol($version \\(OTP $otp_version\\))\\]](fg:${foreground})"; + elm.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + erlang.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + gcloud.format = "[\\[$symbol$account(@$domain)(\\($region\\))\\]](fg:${foreground})"; + git_branch.format = "[\\[$symbol$branch](fg:${secondary.base})"; + git_status.format = "[:](fg:${secondary.base})[$all_status$ahead_behind](fg:${tertiary.base})[\\]](fg:${secondary.base})"; + golang.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + haskell.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + helm.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + hg_branch.format = "[\\[$symbol$branch\\]](fg:${foreground})"; + hostname.format = "[\\[󰖟 $hostname\\]](fg:${foreground})"; # ssh only by default + java.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + jobs.format = "[\\[$symbol $number\\]](fg:${foreground})"; + julia.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + kotlin.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + kubernetes.format = "[\\[$symbol$context( \\($namespace\\))\\]](fg:${foreground})"; + lua.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + memory_usage.format = "[\\[$symbol[$ram( | $swap)\\]](fg:${foreground})"; + meson.format = "[\\[$symbol$project\\]](fg:${foreground})"; + nim.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + nix_shell.format = "[\\[󱄅 $state\\($name\\)\\]](fg:${foreground})"; + nodejs.format = "[\\[$symbol$version\\]](fg:${yellow.bright})"; + ocaml.format = "[\\[$symbol($version)(\\($switch_indicator$switch_name\\))\\]](fg:${foreground})"; + openstack.format = "[\\[$symbol$cloud(\\($project\\))\\]](fg:${foreground})"; + package.format = "[\\[$symbol$version\\]](fg:${foreground})"; + perl.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + php.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + pulumi.format = "[\\[$symbol$stack\\]](fg:${foreground})"; + purescript.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + python.format = "[\\[ ](${blue.base})[$pyenv_prefix$version$virtualenv](${yellow.base})[\\]](fg:${blue.base})"; + raku.format = "[\\[$symbol($version-$vm_version)\\]](fg:${foreground})"; + red.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + ruby.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + rust.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + scala.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + shlvl.format = "[\\[$symbol$shlvl\\]](fg:${foreground})"; + singularity.format = "[\\[$symbol\\[$env\\]\\]](fg:${foreground})"; + spack.format = "[\\[$symbol$environment\\]](fg:${foreground})"; + sudo.format = "[\\[$symbol]\\]"; + swift.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + terraform.format = "[\\[$symbol$workspace\\]](fg:${foreground})"; + time.format = "[\\[$time\\]](fg:${foreground})"; + username.format = "[\\[$user\\]](fg:${foreground})"; + vagrant.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + vcsh.format = "[\\[vcsh [$symbol$repo\\]](fg:${foreground})"; + vlang.format = "[\\[$symbol($version)\\]](fg:${foreground})"; + zig.format = "[\\[$symbol($version)\\]](fg:${foreground})"; }; }; } diff --git a/home.nix b/home.nix index da4ebb7..6488743 100755 --- a/home.nix +++ b/home.nix @@ -25,6 +25,7 @@ ./home-modules/kitty.nix ./home-modules/fish.nix + ./home-modules/bash.nix ./home-modules/starship.nix # ./home-modules/nvim.nix ./home-modules/helix.nix @@ -35,6 +36,7 @@ ./home-modules/ssh.nix ./home-modules/gpg.nix + ./home-modules/sops.nix ./home-modules/git.nix ./home-modules/mako.nix @@ -43,7 +45,9 @@ ./home-modules/latex.nix ./home-modules/pandoc.nix - ./home-modules/python.nix + + ./home-modules/programming/python.nix + ./home-modules/programming/node.nix ./home-modules/color-pallete.nix ]; diff --git a/secrets/passwords-and-certificates.nix b/secrets/passwords-and-certificates.nix deleted file mode 100755 index f225aac..0000000 Binary files a/secrets/passwords-and-certificates.nix and /dev/null differ diff --git a/sops-secrets.yaml b/sops-secrets.yaml new file mode 100644 index 0000000..22c19ae --- /dev/null +++ b/sops-secrets.yaml @@ -0,0 +1,44 @@ +#ENC[AES256_GCM,data:Nr/V1n/48pdl,iv:KTy8zGqEWdtHMyDIj24AQLewxXQglCYix7ZQUdrV4Fw=,tag:TAXOAJWikNj1ly0kyCRhkg==,type:comment] +example: ENC[AES256_GCM,data:WH4=,iv:dQ7quTadSmPNi3F86Xfzne02CVMzyFipcrHYfHdKmf8=,tag:I+yDyMRvrQPOO/SsZmqpnQ==,type:str] +#ENC[AES256_GCM,data:A1GC2X8=,iv:1MwkWw/40DnwoWxGXDlvuQUDDAUiZFvMmi5AwIngShs=,tag:0U5T0I7RRZ021bY7M63uKA==,type:comment] +#ENC[AES256_GCM,data:TuiKn1QG8jtb9jhYhBEP/cLO4G0cT1VLkpgTx/nFKYSFMcC9Fe0tHkjiDRxoAUHfaJLHX6jeIOvFM2niMOifwrSl0g9IaKDBG6GxjmwiwKvRj+RisvMMILzquSU+sPzF+A==,iv:cvjbR397v8w0B061uiFli2W/asdoHyHjpGumU+ij2Bc=,tag:g1ZDEyQkE02x5aIhFZJyPA==,type:comment] +#ENC[AES256_GCM,data:8rASr+5XsQ==,iv:1uCh1v+k4wGUlsYTh/yHVBsrUZtTOsQur8RL2YW3V3A=,tag:+3YzUslU/YVTHnU2QzY1ow==,type:comment] +ssh: + NxNORTH-ssh_host_ed25519_key: ENC[AES256_GCM,data:4zIDtZzL196XTXg4qxCXLDvk9cD7cBvuK01TB/5ZjQp51jvbDA4aNgujEcVtcBQbCi34TsKMHa3j4VAdfeGrt6hmPLb1krog6/qsqSyFV9u9pBq2EqBokC0JIM8j5xpYWsswxa7/IWWuKTuJA3SXVey2SxJWMCzEXhov54L068ObVMJeKpg8C1+Ax6AohTG+ntYrvxIDz06RxyddfV/OBY/EbUafiDsNCa3rJo5jvsDSErChpXqvP0zInWnQF0bSyvo2CCwzAhHrN+c7dYkZ4cRMIMTnbfx93Qi3soWzfXvyZZsPIRW6UcvNfvNLY3g5amkQzUCYTxgXfiJbpoUHv4EZybOfGTU9sS+2s73OfWzkeQpJDp3QYDGCIdEctFkJ1ntFhdL2XKKHsvMPIWuOHbBuE7dG7yNyzICRAaQH4MDIrDDywXloGC+J6Vwjte/ZiNOjZA1WUPpVhlABppM0XQNauRz+uXcF7JCSn8mj1KNaD0JM2AR9tlu6sDociLq3JyoJMXoNNhuM//zu0Ac9,iv:BGc1rCP9LHpYpIMY94tsEE+YltQBx4ZouOmHZlM7WlU=,tag:7DpI9vXJ1vkZjDj2UtQ/Ag==,type:str] + NxXPS-ssh_host_ed25519_key: ENC[AES256_GCM,data:tdWOujPO,iv:jATctkrtEhrdQvw1jf7UCNYqltQaN8ySMpob5VApKJY=,tag:s0zu/eXnzW6eqqnGTwBJqg==,type:str] + NxACE-ssh_host_ed25519_key: ENC[AES256_GCM,data:1dh3SYzf,iv:tG5maEax2fke5bhdcdAoMp8AObKbs8kKI1p5akysu4g=,tag:JTDa1beKwTQ9ggwlkdpYtg==,type:str] +syncthing: + NxNORTH-cert.pem: ENC[AES256_GCM,data:nmI2a5G345pkmEbaQXsNWRMTbZGnH3zWZFWDJ0Gys5e9l1+Y8GndRHaiGnnPwAjswk7GRt3VqUtluCXEq1hYOEjRWqzziNGs2GjJGw8ddz5DNKtD4jriAKMYhZWTZXg/3rx/mSx/9qk79eGxbZmPzi9qAZi+phnjh+dUFuTZEvn3WM16+JBc8FEgX3AvgTbGR9bJcBjINvGSiYIQWKSLIScay9zHSYU62Qf24nPVRuXGibL7xOiV+HgBqA2N3VKY0Th/l4X/SrXrRAFSWJ+/ZuhRI6gS9ZcawlZIKpYtbKmiDpI0C/qGLhjjF2HKQMrElI3Nb+iHRoIS+zUMsa0RflgEMLCU71Ix22LzGLlbpyhvNja8sFLS1WnDLYafBg4/zw8cEJxPo+XZFtwms0GfQdAmvTTdtFTWHOqacuGMz1mZAYG+QLKd5xwYlkxVOarqGXX2l1TbbkyqaKAl7rWIx/3nF5Mhvob65DWNhPtSAj+39oHF1mMLmEitHiyHFn8nzSRvCkKiBAz4Xgngkq2HRyjpuxXcSk+RnbD2Ahuv4+X6IxSTYQnxSaxPvBqttvNLOIwSFbVqHiQgaH0bggecvQ3W/wBuXw50oUwK2baBKf5ENq58E6kVpO/IXvUCP1Oa5kVNKkQSc1Xig7SCFxTufEU2NmHPJxs2W0Pnf/tA2EyunkdHCMTO9aeRm5WCncbsvsHnTvQKO+F6CFL98zFItL74q831QGdFLxqYfiIhxG/cFjmzbESJJ+SDF25uNtsDrLoGTUJYeCIq3W+zMwUbEuCNiKpn7RvvHO4gP/pwwh7at6kmUbwjUNW9Ex3wwtIXQIsa5g1fIhTBXAATm4USOOWjN6XuHmqoVdjbgJ2VuAtwJyF7jP3JZvhiEaIJOjeAUvv5G4Zzp9FgyNJ6YTtOpzD/bobRDpDaVmitDNef2rDggbWACcGZ3uTgn4bylnCowyPS0T2JzolR3AhsC/xbjesBkHcnWJCrREdsvPFgeKm77IIFLwfNIq1RXYKt4vjmvTMe+dFoFscybV1v1lG3qQc9PaPezw==,iv:7N8WtW/yJWcK7iFzHhV+vjnA6uxDl1YrW/rnXlRWi6o=,tag:EMcVWqJHs3YCj4j+xz//FA==,type:str] + NxNORTH-key.pem: ENC[AES256_GCM,data:Zdtype95U/u6HXMsBQ9lG7LRv9jCksuiYCj5LB1pzO9w4O8VhcoaT54tgel9g9YBr5VWKbu2AOqrsVnwtmEUfx70Thsa6sYgYnFxkrxIMnXCPEvs9yTKOyO8OPaBFSO5eKOCZFYSx5jJ5anlxZ6JA6nDpevf/C93zaZYGveucYbcLZcdm785j1eQ6uS0HvCnYACgoy54Q6GcuZ3/mSioy4MIsEW/QCm/67rRlL3kRmdXTJBd2S57ZpS4ECxwcnzxbNVItS3YhmlaJpxRB9M/UwSiXce86AowKTmj5ckzwKRcM9bVP2c5oHLenVQIMQOvq2BUVpYk6/5kQ2HBb83E1/dkC7ZL81lfKpNspJP5upaXmZ/U6HmAS6vT31Lsj7NZ,iv:/vt0Z4a9QEu8a53c0djtkvtglqnKo96CYmBMXSccz3U=,tag:qCinJ/DoUbc8vPSJVY+rgA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuQitqblRZVjZGS3p1RlpP + cGRPRWI4SGYwekw3bXhTOVIzcTJZaE9nR3lVCllMWHFrNTZPNTBXUWg2VDRMTUlW + SVRDU0wwNmN2bXhjcFhNbE1zNXVsWVUKLS0tIDNCcTBxVUYwbDhJWGdlVUo2ck5z + UlV2VWNjcjUzcC9KZjdsa25qU0wxWk0KqH+D2YWSk51R5qsRnom1xAu/jAEe0Wx9 + A5Nfrr+P+5oTnrF0MSP5o4zqFzs99PEcCE6sCksZoqkMYXbhXozgPg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-03T14:14:15Z" + mac: ENC[AES256_GCM,data:0ik8M9+V6qlc+5Z5rPi0X9UOa2Yf/cZdrpsXXfPj7hV9WSVnlDn2kJGt2PeLT5TwllAWm5mMVgovKEnuI/2hrck4AAGcvretvC0EPHr5Q4FOx84A8pDTsvff4x555mYyaGC4C5s8hUPe/OwwJXG19FWqHBVq638K/jFBS6mUk6Y=,iv:f8g+2vhqwgaYtG0sk5MdjQwPOVgBt/uNwojFyGgWUNY=,tag:HQyWQNRaAhmIJ+A/Uvbi+w==,type:str] + pgp: + - created_at: "2024-06-03T14:32:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DCvJ7ODFw5jQSAQdAw7WVNFgl452xdetQH5D9TjUe/CINVE19hjBMNNqn+X0w + qnbUM5s3wCofJSdVDSgleVXXZA1KcbW0ORbd6FVPv8dKX3x2mUMDb/tdLTkYzOL1 + 1GgBCQIQ+10jG029Xa1Psa3J0ZXs9UOz2vGiuLj3kCDke2yfwUM6CHKEWlsaJXNE + QYphW1hlKYZmcMU2ZjKTVzyKHbsr6X+guakozwiDW2DQDxZTFtaNKcrr0oPKa1Cn + ZOkzYH6Zwoc0Cw== + =4e5L + -----END PGP MESSAGE----- + fp: 22FB2CC03DC5292AB81CF67D0AF27B383170E634 + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/system-modules/hsmw.nix b/system-modules/hsmw.nix index 835fdd4..5cfca01 100755 --- a/system-modules/hsmw.nix +++ b/system-modules/hsmw.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, system, host, user, allowed, secrets, ... }: +{ pkgs, lib, host, secrets, ... }: lib.mkIf (host != "NxACE") { environment.systemPackages = [ diff --git a/system-modules/sops.nix b/system-modules/sops.nix index 631d7a1..4a00376 100644 --- a/system-modules/sops.nix +++ b/system-modules/sops.nix @@ -1,8 +1,25 @@ -{ pkgs, ... }: +{ pkgs, user, ... }: { environment.systemPackages = with pkgs; [ age ssh-to-age sops ]; + sops = { + defaultSopsFile = ../sops-secrets.yaml; + defaultSopsFormat = "yaml"; + # age = { + # # keyFile = "/home/${user}/.config/sops/age/keys.txt"; + # # keyFile = "/var/lib/sops-nix/key.txt"; + # # keyFile = "/home/${user}/.config/sops/age/age-public-key-from-ssh-A-subkey.txt"; + # sshKeyPaths = [ ]; + # # sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + # # generateKey = true; + # }; + # gnupg = { + # sshKeyPaths = []; + # home = "/home/${user}/.gnupg"; + # }; + secrets.example = {}; + }; } diff --git a/system-modules/sshd.nix b/system-modules/sshd.nix index 9f42f61..3e2cb10 100644 --- a/system-modules/sshd.nix +++ b/system-modules/sshd.nix @@ -1,9 +1,19 @@ -{ config, pkgs, lib, secrets, ... }: +{ host, secrets, ... }: { + environment.etc."ssh/ssh_host_ed25519_key.pub".text = if (host == "NxNORTH") then + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1r5gUQPPS/dGB0SsvWtP6WdNWoxMwhhHRrqlO19cJt root@NxNORTH" + else if ( host == "NxXPS") then + "" + else + ""; + sops.secrets."ssh/${host}-ssh_host_ed25519_key" = { + mode = "0600"; + path = "/etc/ssh/ssh_host_ed25519_key.shadow"; + }; services.openssh = { enable = true; - ports = secrets.nx2site.ssh.ports; + ports = secrets.ssh.ports; settings = { PasswordAuthentication = false; }; diff --git a/system-modules/syncthing.nix b/system-modules/syncthing.nix index 604bbd7..b220ba4 100644 --- a/system-modules/syncthing.nix +++ b/system-modules/syncthing.nix @@ -1,37 +1,56 @@ -{ pkgs, lib, user, host, secrets, ...}: +{ config, pkgs, lib, user, host, secrets, ...}: let - devices = { - north = { name = "NxNORTH"; id = ""; }; - xps = { name = "NxXPS"; id = ""; }; - ace = { name = "NxACE"; id = ""; }; - s21u = { name = "NxS21U"; id = ""; }; - diane = { name = "diane"; id = ""; }; - daniel = { name = "daniel"; id = ""; }; - tessa = { name = "tessa"; id = ""; }; - georg = { name = "georg"; id = ""; }; - }; + # helper funcitons conv = _: device: with device; { "${name}" = {id = id;};}; + justname = devices: (builtins.map (device: device.name)) devices; + todevice = key: name: { inherit name; id = secrets.syncthing.id.${key}; }; + + devices = builtins.mapAttrs todevice { + north = "NxNORTH"; + xps = "NxXPS"; + ace = "NxACE"; + s21u = "NxS21U"; + diane = "diane"; + daniel = "daniel"; + tessa = "tessa"; + georg = "georg"; + }; + dirs = { default = { name = "sync"; path = "/home/${user}/sync"; }; }; - justname = devices: (builtins.map (device: device.name)) devices; - cd = /home/${user}/.config/syncthing; + cd = "/home/${user}/.config/syncthing"; in lib.mkIf (user != "tv") { - services.syncthing = { + + sops.secrets = { + "syncthing/${host}-cert.pem" = { + owner = user; + # path = "/home/${user}/.config/syncthing/cert.pem"; + }; + "syncthing/${host}-key.pem" = { + owner = user; + # path = "/home/${user}/.config/syncthing/key.pem"; + }; + }; + + services.syncthing = with (builtins.mapAttrs conv devices); { enable = true; user = "${user}"; dataDir = "/home/${user}/.local/share/syncthing"; # useless ? configDir = cd; - # key = builtins.toFile "key.pem" secrets.syncthing.${host}.key; - # cert = builtins.toFile "cert.pem" secrets.syncthing.${host}.cert; - # overrideDevices = true; - # overrideFolders = true; + # key = "/home/${user}/.config/syncthing/key.pem"; + # cert = "/home/${user}/.config/syncthing/cert.pem"; + key = config.sops.secrets."syncthing/${host}-key.pem".path; + cert = config.sops.secrets."syncthing/${host}-cert.pem".path; + overrideDevices = true; + overrideFolders = true; + guiAddress = if ( host == "NxACE" ) then "0.0.0.0:8384" else "127.0.0.1:8384"; settings = { devices = with (builtins.mapAttrs conv devices); if (host == "NxXPS") then ( north // ace // s21u - ) else if (host == "NxNORTH") then ( + ) else if (host == "NxNORTH") then ( xps // ace // s21u ) else ( north // xps // s21u // diane // daniel // tessa // georg @@ -41,11 +60,26 @@ lib.mkIf (user != "tv") path = default.path; devices = with devices; (justname [ north ace s21u ]); }; + } else if (host == "NxNORTH") then { + "${default.name}" = { + path = default.path; + devices = with devices; (justname [ s21u ]); + # devices = with devices; (justname [ xps ace s21u ]); + }; } else { - what = "dman"; + "${default.name}" = { + path = default.path; + devices = with devices; (justname [ xps north s21u ]); + }; + }; + gui = { + theme = "black"; + user = user; + password = secrets.syncthing.gui-password; # option to use a file is till in the works... https://github.com/NixOS/nixpkgs/issues/85336 }; }; }; - + + systemd.services."syncthing".after = [ "sops-nix.service" ]; }