nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sops-Nix

Browse Source
This commit is contained in:
Lennart J. Kurzweg (Nx2)
2024-06-03 16:59:11 +02:00
parent 52343cbc23
commit fce5f49e57
29 changed files with 373 additions and 554 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
.sops.yaml
View File

@@ -1,7 +1,13 @@
keys:
- &primary ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID1RPCcS8DtIf75a2FEW4d8X6WTVeLlmretoLqppvZlJ openpgp:0xC317996E
- &users:
# - &nx2 age1sgzc2jh8af30a3cp6g7l4hyzusqrn3x3xw7frghc4akvjaplwa3stfemxc
- &nx2 22FB2CC03DC5292AB81CF67D0AF27B383170E634
- &hosts:
- &north age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e
creation_rules:
- path_regex: secrets/secrets.yaml$
- path_regex: sops-secrets.yaml$
key_groups:
- age:
- *primary
- *north
pgp:
- *nx2

11
configuration.nix
View File

@@ -1,8 +1,9 @@
{ config, lib, pkgs, pkgs-unstable, user, host, allowed, secrets, rice, nvidia, ... }:
{ pkgs, pkgs-unstable, rice, inputs, ... }:
let
in
{
imports = [
inputs.sops-nix.nixosModules.sops
./system-modules/hardware-configuration.nix
./system-modules/fuse.nix
./system-modules/nvidia.nix
@@ -15,8 +16,8 @@ in
./system-modules/sshd.nix
./system-modules/gpg.nix
./system-modules/sops.nix
# ./system-modules/syncthing.nix
./system-modules/hsmw.nix
./system-modules/syncthing.nix
# ./system-modules/hsmw.nix # old
./system-modules/docker.nix
./system-modules/health_reminder.nix
./system-modules/ollama.nix
@@ -85,6 +86,10 @@ in
sendme
]);
environment.variables = {
EDITOR = "hx";
VISUAL = "hx";
};
fonts.packages = with pkgs; [
noto-fonts

74
flake.lock generated
View File

@@ -42,11 +42,11 @@
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1716782615,
"narHash": "sha256-/Awpe+K8Npq35mhPw3gj+X/phWrvjXCEgbraxmtBlIU=",
"lastModified": 1717128197,
"narHash": "sha256-jUObiEzZXl07D1JYsZr86TJOFFeJw3rJD3OUOCHicP0=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "33111902039a1a779aef5574c7262dd8e9d688ae",
"rev": "179e0cecb2c8a663fcf9acfaff067cd2dd0da66b",
"type": "gitlab"
},
"original": {
@@ -208,11 +208,11 @@
"xdph": "xdph"
},
"locked": {
"lastModified": 1716801877,
"narHash": "sha256-vfMb7opO2xva0jt/UwMGlyjK4DB73SWxus4Oryww+C8=",
"lastModified": 1717151932,
"narHash": "sha256-MwAAjC9AXaxxmvTMkgZZvdWaE/d7AfVd0L1NZtciRbY=",
"ref": "refs/heads/main",
"rev": "db5d39a66f1285f78321d953eac398feaedfc63d",
"revCount": 4744,
"rev": "df6ebe358b30ee7b49f296e05763e5e4b0edce98",
"revCount": 4751,
"submodules": true,
"type": "git",
"url": "https://github.com/hyprwm/Hyprland"
@@ -235,11 +235,11 @@
]
},
"locked": {
"lastModified": 1715722806,
"narHash": "sha256-KrSLG2H3KGELxTFdiBhv8U6D53Q3UsJsQO+KgEabsNA=",
"lastModified": 1717171694,
"narHash": "sha256-LN2lrcGdAMpkooleWSOV+/q1+wx1f3pSBs1TWeoMCkA=",
"owner": "hyprwm",
"repo": "hyprland-plugins",
"rev": "c28d1011f4868c1a1ee80b10d9ee79900686df82",
"rev": "e0cad229c3d799c7f72b1217ab2eb300ceecf3ac",
"type": "github"
},
"original": {
@@ -382,13 +382,29 @@
"type": "github"
}
},
"nixpkgs-unstable": {
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1716509168,
"narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=",
"lastModified": 1716655032,
"narHash": "sha256-kQ25DAiCGigsNR/Quxm3v+JGXAEXZ8I7RAF4U94bGzE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bfb7a882678e518398ce9a31a881538679f6f092",
"rev": "59a450646ec8ee0397f5fa54a08573e8240eb91f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1716948383,
"narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ad57eef4ef0659193044870c731987a6df5cf56b",
"type": "github"
},
"original": {
@@ -415,11 +431,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1716633019,
"narHash": "sha256-xim1b5/HZYbWaZKyI7cn9TJCM6ewNVZnesRr00mXeS4=",
"lastModified": 1716991068,
"narHash": "sha256-Av0UWCCiIGJxsZ6TFc+OiKCJNqwoxMNVYDBChmhjNpo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9d29cd266cebf80234c98dd0b87256b6be0af44e",
"rev": "25cf937a30bf0801447f6bf544fc7486c6309234",
"type": "github"
},
"original": {
@@ -467,7 +483,8 @@
"hyprland-plugins": "hyprland-plugins",
"lanzaboote": "lanzaboote",
"nixpkgs": "nixpkgs_3",
"nixpkgs-unstable": "nixpkgs-unstable"
"nixpkgs-unstable": "nixpkgs-unstable",
"sops-nix": "sops-nix"
}
},
"rust-overlay": {
@@ -495,6 +512,27 @@
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1716692524,
"narHash": "sha256-sALodaA7Zkp/JD6ehgwc0UCBrSBfB4cX66uFGTsqeFU=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "962797a8d7f15ed7033031731d0bb77244839960",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1689347949,

47
flake.nix
View File

@@ -1,5 +1,5 @@
{
description = "A Flake lol";
description = "Multisystem NixOS Flake of Lennart J. Kurzweg";
inputs = {
nixpkgs.url = "nixpkgs/nixos-23.11";
@@ -8,6 +8,10 @@
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
hyprland = {
url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
@@ -50,7 +54,7 @@
user = "nx2";
nvidia = rec {
nvidia = {
enable = true;
prime = true;
# unfree = if enable then [
@@ -79,7 +83,7 @@
];
};
secrets = import ./secrets/passwords-and-certificates.nix;
secrets = import ./git-crypt/secrets.nix;
rice = rec {
lib = import ./nxlib/ricelib.nix { lib = nixpkgs.lib; };
@@ -134,11 +138,7 @@
in
{
nixosConfigurations = {
NxXPS =
let
host = "NxXPS";
in
nixpkgs.lib.nixosSystem {
NxXPS = let host = "NxXPS"; in nixpkgs.lib.nixosSystem {
inherit system;
modules = [ ./configuration.nix ];
specialArgs = { inherit inputs user host pkgs-unstable allowed secrets rice nvidia; };
@@ -148,12 +148,7 @@
modules = [ ./configuration.nix ];
specialArgs = { inherit inputs user host pkgs-unstable allowed secrets rice nvidia; };
};
NxACE =
let
host = "NxACE";
nvidia.enable = false;
in
nixpkgs.lib.nixosSystem {
NxACE = let host = "NxACE"; nvidia.enable = false; in nixpkgs.lib.nixosSystem {
inherit system;
modules = [ ./configuration.nix ];
specialArgs = { inherit inputs user host pkgs-unstable allowed secrets rice nvidia; };
@@ -163,29 +158,17 @@
homeConfigurations = {
"${user}@NxXPS" = let host = "NxXPS"; in home-manager.lib.homeManagerConfiguration {
inherit pkgs;
modules = [
./home.nix
];
modules = [ ./home.nix ];
extraSpecialArgs = { inherit inputs system user host allowed secrets pkgs-unstable rice nvidia; };
};
"${user}@NxNORTH" = let host = "NxNORTH"; in home-manager.lib.homeManagerConfiguration {
inherit pkgs;
modules = [
./home.nix
];
modules = [ ./home.nix ];
extraSpecialArgs = { inherit inputs system user host allowed secrets pkgs-unstable rice nvidia; };
};
"${user}@NxACE" =
let
host = "NxACE";
nvidia.enable = false;
in
home-manager.lib.homeManagerConfiguration {
"${user}@NxACE" = let host = "NxACE"; nvidia.enable = false; in home-manager.lib.homeManagerConfiguration {
inherit pkgs;
modules = [
./home.nix
];
modules = [ ./home.nix ];
extraSpecialArgs = { inherit inputs system user host allowed secrets pkgs-unstable rice nvidia; };
};
"tv@NxACE" =
@@ -196,9 +179,7 @@
in
home-manager.lib.homeManagerConfiguration {
inherit pkgs;
modules = [
./home.nix
];
modules = [ ./home.nix ];
extraSpecialArgs = { inherit inputs system user host allowed secrets pkgs-unstable rice nvidia; };
};
};

29
home-modules/bash.nix Executable file
View File

@@ -0,0 +1,29 @@
{ pkgs, lib, user, ... }:
lib.mkIf (user != "tv")
{
home.packages = with pkgs; [
bash
];
programs.bash = {
enable = true;
shellAliases = {
ll = "ls -l";
la = "ls -a";
lla = "ls -la";
};
shellOptions = [
"histappend"
"checkwinsize"
"extglob"
"globstar"
"checkjobs"
];
enableCompletion = false;
# initExtra = ''
# if [[ $- == *i* ]] # if interactive
# then
# eval "$(${pkgs.starship}/bin/starship init bash)"
# fi
# '';
};
}

4
home-modules/fish.nix
View File

@@ -27,7 +27,7 @@ lib.mkIf (user != "tv")
$(echo -e "$logo" | sed -n 6p): $(bash --version | head --lines 1 | cut -f -4 -d' ')
$(echo -e "$logo" | sed -n 7p): fish $(fish --version | rev | cut -f 1 -d' ' | rev)
$(echo -e "$logo" | sed -n 8p): ''$(uname -r)
$(echo -e "$logo" | sed -n 9p): ''${EDITOR}
$(echo -e "$logo" | sed -n 9p): $($EDITOR --version | head -n 1)
$(echo -e "$logo" | sed -n 10p): $(yazi --version)
$(echo -e "$logo" | sed -n 11p): $(starship --version | head -n 1)
"
@@ -88,7 +88,7 @@ lib.mkIf (user != "tv")
if not set -q IN_NIX_SHELL
nxfetch
end
${pkgs.starship}/bin/starship init fish | source
# ${pkgs.starship}/bin/starship init fish | source
# ${pkgs.any-nix-shell}/bin/any-nix-shell fish --info-right | source
'';
functions = {

6
home-modules/gpg.nix
View File

@@ -1,10 +1,12 @@
{ pkgs, ... }:
{ pkgs, pkgs-unstable, ... }:
{
# there also is a system module
home.packages = with pkgs; [
gnupg
gpg-tui
];
] ++ ( with pkgs-unstable; [
pinentry-all
]);
services.gpg-agent = {
enable = true;

19
home-modules/hyprland.nix
View File

@@ -25,17 +25,17 @@ let
scale = "1.0";
};
left = {
name = "HDMI-A-3";
name = "HDMI-A-2";
resolution = "1920x1080";
position = "0x360";
scale = "1.0";
};
right = {
name = "HDMI-A-2";
resolution = "1920x1080";
position = "4480x360";
scale = "1.0";
};
# right = {
# name = "HDMI-A-2";
# resolution = "1920x1080";
# position = "4480x360";
# scale = "1.0";
# };
};
ace = {
main = {
@@ -82,7 +82,7 @@ lib.mkIf (user != "tv")
]) else (if host == "NxNORTH" then (with monitors.north; [
"${main.name}, ${main.resolution}, ${main.position}, ${main.scale}"
"${left.name}, ${left.resolution}, ${left.position}, ${left.scale}"
"${right.name}, ${right.resolution}, ${right.position}, ${right.scale}"
# "${right.name}, ${right.resolution}, ${right.position}, ${right.scale}"
]) else ( with monitors.ace; [
"${main.name}, ${main.resolution}, ${main.position}, ${main.scale}"
]));
@@ -91,7 +91,8 @@ lib.mkIf (user != "tv")
let
d1 = if host == "NxXPS" then monitors.xps.main.name else (if host == "NxNORTH" then monitors.north.main.name else monitors.ace.main.name);
d2 = if host == "NxXPS" then monitors.xps.second.name else (if host == "NxNORTH" then monitors.north.left.name else monitors.ace.main.name);
d3 = if host == "NxXPS" then monitors.xps.main.name else (if host == "NxNORTH" then monitors.north.right.name else monitors.ace.main.name);
d3 = if host == "NxXPS" then monitors.xps.main.name else (if host == "NxNORTH" then monitors.north.main.name else monitors.ace.main.name);
# d3 = if host == "NxXPS" then monitors.xps.main.name else (if host == "NxNORTH" then monitors.north.right.name else monitors.ace.main.name);
compact = "gapsin:0, gapsout:0, bordersize:1, rounding:false";
in
[

0
home-modules/nelix.nix
View File

128
home-modules/nixvim.nix
View File

@@ -1,128 +0,0 @@
{ config, pkgs, inputs, system, rice, ... }:
{
imports = [
inputs.nixvim.homeManagerModules.nixvim
];
home.packages = [
pkgs.neovide
];
programs.nixvim = {
enable = true;
viAlias = true;
vimAlias = true;
clipboard.providers.wl-copy.enable = true;
options = {
number = true;
relativenumber = true;
shiftwidth = 2;
};
colorschemes.catppuccin = {
enable = true;
settings = {
mocha = {
base = "#ff0000";
};
disable_underline = true;
flavour = "mocha";
integrations = {
cmp = true;
gitsigns = true;
mini = {
enabled = true;
indentscope_color = "";
};
notify = false;
nvimtree = true;
treesitter = true;
};
styles = {
booleans = [
"bold"
"italic"
];
conditionals = [
"bold"
];
};
term_colors = true;
};
};
# colorschemes.base16 = {
# enable = true;
# setUpBar = true;
# colorscheme = "onedark";
# customColorScheme = {
# base00 = rice.color.background;
# base01 = rice.color.black.bright;
# base02 = rice.color.blue.base;
# base03 = rice.color.blue.bright;
# base04 = rice.color.cyan.base;
# base05 = rice.color.cyan.bright;
# base06 = rice.color.green.base;
# base07 = rice.color.green.bright;
# base08 = rice.color.magenta.base;
# base09 = rice.color.magenta.bright;
# base0A = rice.color.red.base;
# base0B = rice.color.red.bright;
# base0C = rice.color.white.base;
# base0D = rice.color.white.bright;
# base0E = rice.color.yellow.base;
# base0F = rice.color.yellow.bright;
# };
# };
opts = {
termguicolors = true;
};
globals = {
mapleader = " ";
};
plugins = {
telescope = {
enable = true;
extensions = {
fzf-native.enable = true;
};
keymaps = {
"<C-o>" = { action = "find_files"; };
"<leader>fg" = { action = "live_grep"; };
};
};
lightline = {
enable = true;
# colorscheme = "base16";
# active = {
# left = [
# ["mode" "paste"]
# ["readonly" "filename" "modified"]
# ];
# right = [
# [ "lineinfo" ]
# [ "percent" ]
# [ "fileformat" "fileencoding" "filetype" "charvaluehex" ]
# [ "git" ]
# ];
# };
};
nix.enable = true;
lsp-lines.enable = true;
lspkind.enable = true;
};
extraPlugins = [ ];
keymaps =
let
mkKeymap = mode: key: action: { inherit mode key action; };
mkKeymapWithOpts = mode: key: action: opts: (mkKeymap mode key action) // { options = opts; };
in
[
(mkKeymap "" "<Space>" "<Nop>")
(mkKeymap "n" "<leader>ff" "builtin.find_files")
];
};
}
## vl clipboard?

0
home-modules/nvim-lua/options.lua
View File

46
home-modules/nvim-lua/plugin/cmp.lua
View File

@@ -1,46 +0,0 @@
local cmp = require('cmp')
local luasnip = require('luasnip')
require('luasnip.loaders.from_vscode').lazy_load()
luasnip.config.setup {}
cmp.setup {
snippet = {
expand = function(args)
luasnip.lsp_expand(args.body)
end,
},
mapping = cmp.mapping.preset.insert {
['<C-n>'] = cmp.mapping.select_next_item(),
['<C-p>'] = cmp.mapping.select_prev_item(),
['<C-d>'] = cmp.mapping.scroll_docs(-4),
['<C-f>'] = cmp.mapping.scroll_docs(4),
['<C-Space>'] = cmp.mapping.complete {},
['<CR>'] = cmp.mapping.confirm {
behavior = cmp.ConfirmBehavior.Replace,
select = true,
},
['<Tab>'] = cmp.mapping(function(fallback)
if cmp.visible() then
cmp.select_next_item()
elseif luasnip.expand_or_locally_jumpable() then
luasnip.expand_or_jump()
else
fallback()
end
end, { 'i', 's' }),
['<S-Tab>'] = cmp.mapping(function(fallback)
if cmp.visible() then
cmp.select_prev_item()
elseif luasnip.locally_jumpable(-1) then
luasnip.jump(-1)
else
fallback()
end
end, { 'i', 's' }),
},
sources = {
{ name = 'nvim_lsp' },
{ name = 'luasnip' },
},
}

49
home-modules/nvim-lua/plugin/lsp.lua
View File

@@ -1,49 +0,0 @@
local on_attach = function(_, bufnr)
local bufmap = function(keys, func)
vim.keymap.set('n', keys, func, { buffer = bufnr })
end
bufmap('<leader>r', vim.lsp.buf.rename)
bufmap('<leader>a', vim.lsp.buf.code_action)
bufmap('gd', vim.lsp.buf.definition)
bufmap('gD', vim.lsp.buf.declaration)
bufmap('gI', vim.lsp.buf.implementation)
bufmap('<leader>D', vim.lsp.buf.type_definition)
bufmap('gr', require('telescope.builtin').lsp_references)
bufmap('<leader>s', require('telescope.builtin').lsp_document_symbols)
bufmap('<leader>S', require('telescope.builtin').lsp_dynamic_workspace_symbols)
bufmap('K', vim.lsp.buf.hover)
vim.api.nvim_buf_create_user_command(bufnr, 'Format', function(_)
vim.lsp.buf.format()
end, {})
end
local capabilities = vim.lsp.protocol.make_client_capabilities()
capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities)
require('neodev').setup()
require'lspconfig'.lua_ls.setup{}
-- require('lspconfig').lua_ls.setup {
-- on_attach = on_attach,
-- capabilities = capabilities,
-- root_dir = function()
-- return vim.loop.cwd()
-- end,
-- cmd = { "lua-lsp" },
-- settings = {
-- Lua = {
-- workspace = { checkThirdParty = false },
-- telemetry = { enable = false },
-- },
-- }
-- }
require('lspconfig').nixd.setup {
on_attach = on_attach,
capabilities = capabilities,
}

0
home-modules/nvim-lua/plugin/other.lua
View File

16
home-modules/nvim-lua/plugin/telescope.lua
View File

@@ -1,16 +0,0 @@
require('telescope').setup({
extensions = {
fzf = {
fuzzy = true, -- false will only do exact matching
override_generic_sorter = true, -- override the generic sorter
override_file_sorter = true, -- override the file sorter
case_mode = "smart_case", -- or "ignore_case" or "respect_case" (the default case_mode is "smart_case")
}
}
})
require('telescope').load_extension('fzf')
local builtin = require('telescope.builtin')
vim.keymap.set('n', '<leader>ff', builtin.find_files, {})

9
home-modules/nvim-lua/plugin/treesitter.lua
View File

@@ -1,9 +0,0 @@
require('nvim-treesitter.configs').setup {
ensure_installed = {},
auto_install = false,
highlight = { enable = true },
indent = { enable = true },
}

120
home-modules/nvim.nix
View File

@@ -1,120 +0,0 @@
{ config, pkgs, pkgs-unstable, lib, user, rice, ... }:
let
toLua = str: "lua << EOF\n${str}\nEOF\n";
toLuaFile = file: "lua << EOF\n${builtins.readFile file}\nEOF\n";
theme = {
name = "base16-colorscheme";
package = pkgs-unstable.vimPlugins.base16-nvim;
};
in
lib.mkIf (user != "tv")
{
home.packages = with pkgs; [
neovide
];
programs.neovim = {
enable = true;
viAlias = true;
vimAlias = true;
vimdiffAlias = true;
extraPackages = with pkgs; [
# extra
wl-clipboard
# LSPs
nixd
lua-language-server
];
plugins = with pkgs.vimPlugins; [
nvim-lspconfig
nvim-cmp # A completion engine. Completion sources are installed from external repositories and "sourced".
cmp-nvim-lsp # cmp source: LSPs
luasnip # cmp source: LSPs
nvim-web-devicons # icons or some shit
friendly-snippets # a collention of snippets for many languages
neodev-nvim # configures lua-language-server for Neovim
vim-nix # Syntax highlighting, Filetype detection, Automatic indentation, NixEdit command: navigate nixpkgs by attribute name
telescope-nvim
telescope-fzf-native-nvim
lualine-nvim
comment-nvim
(nvim-treesitter.withPlugins (p: with p; [
tree-sitter-nix
tree-sitter-vim
tree-sitter-bash
tree-sitter-lua
tree-sitter-python
tree-sitter-json
tree-sitter-html
tree-sitter-css
tree-sitter-dockerfile
tree-sitter-ssh_config
tree-sitter-javascript
tree-sitter-gitignore
])
)
] ++ [ theme.package ];
extraLuaConfig = ''
-- Options
vim.keymap.set("n", "<Space>", "<Nop>")
vim.g.mapleader = " "
vim.g.maplocalleader = ' '
vim.o.clipboard = 'unnamedplus'
vim.o.number = true
vim.o.relativenumber = true
vim.o.signcolumn = 'yes'
vim.o.tabstop = 2
vim.o.shiftwidth = 2
vim.o.updatetime = 300
vim.o.termguicolors = true
vim.o.mouse = 'a'
-- Colorscheme
require('base16-colorscheme').setup({
base00 = '${rice.color.background}',
base01 = '${rice.color.black.bright}',
base02 = '${rice.color.blue.base}',
base03 = '${rice.color.blue.bright}',
base04 = '${rice.color.cyan.base}',
base05 = '${rice.color.cyan.bright}',
base06 = '${rice.color.green.base}',
base07 = '${rice.color.green.bright}',
base08 = '${rice.color.magenta.base}',
base09 = '${rice.color.magenta.bright}',
base0A = '${rice.color.red.base}',
base0B = '${rice.color.red.bright}',
base0C = '${rice.color.foreground}',
base0D = '${rice.color.white.bright}',
base0E = '${rice.color.yellow.base}',
base0F = '${rice.color.yellow.bright}',
})
require('base16-colorscheme').with_config({
telescope = true,
-- indentblankline = true,
-- notify = true,
-- ts_rainbow = true,
cmp = true,
-- illuminate = true,
-- dapui = true,
})
-- PLUGINS
require("Comment").setup()
require("lualine").setup({
icons_enabled = true,
theme = '${theme.name}',
})
require("Comment").setup()
${builtins.readFile ./nvim-lua/plugin/lsp.lua}
${builtins.readFile ./nvim-lua/plugin/cmp.lua}
${builtins.readFile ./nvim-lua/plugin/telescope.lua}
${builtins.readFile ./nvim-lua/plugin/treesitter.lua}
'';
};
}

7
home-modules/programming/node.nix Normal file
View File

@@ -0,0 +1,7 @@
{ pkgs, lib, host, ... }:
lib.mkIf (host != "NxACE")
{
home.packages = with pkgs; [
nodejs
];
}

0
home-modules/python.nix → home-modules/programming/python.nix
View File

2
home-modules/qt.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, lib, system, user, allowed, secrets, ... }:
{ pkgs, lib, user, ... }:
lib.mkIf (user != "tv")
{
qt = {

23
home-modules/sops.nix Normal file
View File

@@ -0,0 +1,23 @@
{ user, inputs, ... }:
{
imports = [
inputs.sops-nix.homeManagerModules.sops
];
sops = {
# age.keyFile = "/home/${user}/.config/sops/age/keys.txt";
gnupg.home = "/home/${user}/.gnupg";
defaultSopsFile = ../sops-secrets.yaml;
# %r is $XDG_RUNTIME_DIR
secrets = {
"example" = {
path = "%r/secrets/example";
};
# "sops-age-private-key" = { # Bootstrapping doens't work
# mode = "0400";
# path = "/home/${user}/.config/sops/age/keys.txt";
# };
};
};
}

160
home-modules/starship.nix
View File

@@ -1,16 +1,15 @@
{ config, pkgs, lib, system, user, allowed, secrets, ... }:
{ pkgs, lib, user, rice, ... }:
lib.mkIf (user != "tv")
{
home.packages = [
pkgs.starship
];
## gets sourced in fish.nix
programs.starship = {
enable = true;
settings = {
# enableBashIntegration = true;
enableFishIntegration = true;
settings = with rice.color; {
add_newline = false;
format = lib.strings.concatMapStrings (x: "$" + x) [
"jobs"
@@ -82,96 +81,83 @@ lib.mkIf (user != "tv")
"custom"
"sudo"
"cmd_duration"
"time"
# "time"
"status"
"container"
"shell"
"character"
];
aws.format = "[\\[$symbol($profile)(\\($region\\))(\\[$duration\\])\\]]($style)";
bun.format = "[\\[$symbol($version)\\]]($style)";
c.format = "[\\[$symbol($version(-$name))\\]]($style)";
cmake.format = "[\\[$symbol($version)\\]]($style)";
cmd_duration.format = "[\\[$symbol$duration\\]]($style)";
cobol.format = "[\\[$symbol($version)\\]]($style)";
conda.format = "[\\[$symbol$environment\\]]($style)";
crystal.format = "[\\[$symbol($version)\\]]($style)";
daml.format = "[\\[$symbol($version)\\]]($style)";
dart.format = "[\\[$symbol($version)\\]]($style)";
deno.format = "[\\[$symbol($version)\\]]($style)";
docker_context.format = "[\\[$symbol($context)\\]]($style)";
dotnet.format = "[\\[$symbol($version)(🎯 $tfm)\\]]($style)";
elixir.format = "[\\[$symbol($version \\(OTP $otp_version\\))\\]]($style)";
elm.format = "[\\[$symbol($version)\\]]($style)";
erlang.format = "[\\[$symbol($version)\\]]($style)";
gcloud.format = "[\\[$symbol$account(@$domain)(\\($region\\))\\]]($style)";
git_branch.format = "[\\[$symbol$branch:]($style)";
git_status.format = "([$all_status$ahead_behind]($style))(bold green)[\\]]($style)";
golang.format = "[\\[$symbol($version)\\]]($style)";
haskell.format = "[\\[$symbol($version)\\]]($style)";
helm.format = "[\\[$symbol($version)\\]]($style)";
hg_branch.format = "[\\[$symbol$branch\\]]($style)";
java.format = "[\\[$symbol($version)\\]]($style)";
julia.format = "[\\[$symbol($version)\\]]($style)";
kotlin.format = "[\\[$symbol($version)\\]]($style)";
kubernetes.format = "[\\[$symbol$context( \\($namespace\\))\\]]($style)";
lua.format = "[\\[$symbol($version)\\]]($style)";
memory_usage.format = "[\\[$symbol[$ram( | $swap)\\]]($style)";
meson.format = "[\\[$symbol$project\\]]($style)";
nim.format = "[\\[$symbol($version)\\]]($style)";
nix_shell.format = "[\\[󱄅 $state \\($name\\)\\]]($style)";
nodejs.format = "[\\[$symbol($version)\\]]($style)";
ocaml.format = "[\\[$symbol($version)(\\($switch_indicator$switch_name\\))\\]]($style)";
openstack.format = "[\\[$symbol$cloud(\\($project\\))\\]]($style)";
package.format = "[\\[$symbol$version\\]]($style)";
perl.format = "[\\[$symbol($version)\\]]($style)";
php.format = "[\\[$symbol($version)\\]]($style)";
pulumi.format = "[\\[$symbol$stack\\]]($style)";
purescript.format = "[\\[$symbol($version)\\]]($style)";
python = {
format = ''[\[''${symbol}''${pyenv_prefix}''${version}$virtualenv\]]($style)'';
symbol = " ";
};
raku.format = "[\\[$symbol($version-$vm_version)\\]]($style)";
red.format = "[\\[$symbol($version)\\]]($style)";
ruby.format = "[\\[$symbol($version)\\]]($style)";
rust.format = "[\\[$symbol($version)\\]]($style)";
scala.format = "[\\[$symbol($version)\\]]($style)";
spack.format = "[\\[$symbol$environment\\]]($style)";
sudo.format = "[\\[$symbol]\\]";
swift.format = "[\\[$symbol($version)\\]]($style)";
terraform.format = "[\\[$symbol$workspace\\]]($style)";
time.format = "[\\[$time\\]]($style)";
username.format = "[\\[$user\\]]($style)";
vagrant.format = "[\\[$symbol($version)\\]]($style)";
vlang.format = "[\\[$symbol($version)\\]]($style)";
zig.format = "[\\[$symbol($version)\\]]($style)";
directory = {
format = "[\\[]($style)[$lock_symbol]($lock_style)[$path\\]]($style)";
style = "cyan bold";
};
aws.format = "[\\[$symbol($profile)(\\($region\\))(\\[$duration\\])\\]](fg:${foreground})";
battery.format = "[\\[$symbol$percentage\\]](fg:${foreground})";
bun.format = "[\\[$symbol($version)\\]](fg:${foreground})";
c.format = "[\\[$symbol($version(-$name))\\]](fg:${foreground})";
character = {
format = "$symbol ";
success_symbol = "[\\[󰽧\\]](bold white) ";
error_symbol = "[\\[\\]](bold red) ";
vimcmd_symbol = "[\\[\\]](bold green) ";
vimcmd_replace_one_symbol = "[\\[1\\]](bold green) ";
vimcmd_replace_symbol = "[\\[R\\]](bold green) ";
vimcmd_visual_symbol = "[\\[V\\]](bold green) ";
};
battery.format = "[\\[$symbol$percentage\\]]($style)";
shlvl.format = "[\\[$symbol$shlvl\\]]($style)";
singularity.format = "[\\[$symbol\\[$env\\]\\]]($style)";
jobs = {
format = "[\\[$symbol $number\\]]($style)";
number_threshold = 1;
};
vcsh.format = "[\\[vcsh [$symbol$repo\\]]($style)";
hostname = {
format = "[\\[$ssh_symbol$hostname\\]]($style)";
ssh_symbol = "󰖟 ";
ssh_only = true;
success_symbol = "[\\[󰽧\\]](${foreground})";
error_symbol = "[\\[\\]](${negative.base})";
vimcmd_replace_one_symbol = "[\\[1\\]](${special.base})";
vimcmd_replace_symbol = "[\\[R\\]](${special.base})";
vimcmd_symbol = "[\\[\\]](${special.base})";
vimcmd_visual_symbol = "[\\[V\\]](${special.base})";
};
cmake.format = "[\\[$symbol($version)\\]](fg:${foreground})";
cmd_duration.format = "[\\[$symbol$duration\\]](fg:${accent.bright})";
cobol.format = "[\\[$symbol($version)\\]](fg:${foreground})";
conda.format = "[\\[$symbol$environment\\]](fg:${foreground})";
crystal.format = "[\\[$symbol($version)\\]](fg:${foreground})";
daml.format = "[\\[$symbol($version)\\]](fg:${foreground})";
dart.format = "[\\[$symbol($version)\\]](fg:${foreground})";
deno.format = "[\\[$symbol($version)\\]](fg:${foreground})";
directory.format = "[\\[](fg:${accent.base})[$lock_symbol](${negative.base})[$path\\]](fg:${accent.base})";
docker_context.format = "[\\[$symbol($context)\\]](fg:${foreground})";
dotnet.format = "[\\[$symbol($version)(🎯 $tfm)\\]](fg:${foreground})";
elixir.format = "[\\[$symbol($version \\(OTP $otp_version\\))\\]](fg:${foreground})";
elm.format = "[\\[$symbol($version)\\]](fg:${foreground})";
erlang.format = "[\\[$symbol($version)\\]](fg:${foreground})";
gcloud.format = "[\\[$symbol$account(@$domain)(\\($region\\))\\]](fg:${foreground})";
git_branch.format = "[\\[$symbol$branch](fg:${secondary.base})";
git_status.format = "[:](fg:${secondary.base})[$all_status$ahead_behind](fg:${tertiary.base})[\\]](fg:${secondary.base})";
golang.format = "[\\[$symbol($version)\\]](fg:${foreground})";
haskell.format = "[\\[$symbol($version)\\]](fg:${foreground})";
helm.format = "[\\[$symbol($version)\\]](fg:${foreground})";
hg_branch.format = "[\\[$symbol$branch\\]](fg:${foreground})";
hostname.format = "[\\[󰖟 $hostname\\]](fg:${foreground})"; # ssh only by default
java.format = "[\\[$symbol($version)\\]](fg:${foreground})";
jobs.format = "[\\[$symbol $number\\]](fg:${foreground})";
julia.format = "[\\[$symbol($version)\\]](fg:${foreground})";
kotlin.format = "[\\[$symbol($version)\\]](fg:${foreground})";
kubernetes.format = "[\\[$symbol$context( \\($namespace\\))\\]](fg:${foreground})";
lua.format = "[\\[$symbol($version)\\]](fg:${foreground})";
memory_usage.format = "[\\[$symbol[$ram( | $swap)\\]](fg:${foreground})";
meson.format = "[\\[$symbol$project\\]](fg:${foreground})";
nim.format = "[\\[$symbol($version)\\]](fg:${foreground})";
nix_shell.format = "[\\[󱄅 $state\\($name\\)\\]](fg:${foreground})";
nodejs.format = "[\\[$symbol$version\\]](fg:${yellow.bright})";
ocaml.format = "[\\[$symbol($version)(\\($switch_indicator$switch_name\\))\\]](fg:${foreground})";
openstack.format = "[\\[$symbol$cloud(\\($project\\))\\]](fg:${foreground})";
package.format = "[\\[$symbol$version\\]](fg:${foreground})";
perl.format = "[\\[$symbol($version)\\]](fg:${foreground})";
php.format = "[\\[$symbol($version)\\]](fg:${foreground})";
pulumi.format = "[\\[$symbol$stack\\]](fg:${foreground})";
purescript.format = "[\\[$symbol($version)\\]](fg:${foreground})";
python.format = "[\\[ ](${blue.base})[$pyenv_prefix$version$virtualenv](${yellow.base})[\\]](fg:${blue.base})";
raku.format = "[\\[$symbol($version-$vm_version)\\]](fg:${foreground})";
red.format = "[\\[$symbol($version)\\]](fg:${foreground})";
ruby.format = "[\\[$symbol($version)\\]](fg:${foreground})";
rust.format = "[\\[$symbol($version)\\]](fg:${foreground})";
scala.format = "[\\[$symbol($version)\\]](fg:${foreground})";
shlvl.format = "[\\[$symbol$shlvl\\]](fg:${foreground})";
singularity.format = "[\\[$symbol\\[$env\\]\\]](fg:${foreground})";
spack.format = "[\\[$symbol$environment\\]](fg:${foreground})";
sudo.format = "[\\[$symbol]\\]";
swift.format = "[\\[$symbol($version)\\]](fg:${foreground})";
terraform.format = "[\\[$symbol$workspace\\]](fg:${foreground})";
time.format = "[\\[$time\\]](fg:${foreground})";
username.format = "[\\[$user\\]](fg:${foreground})";
vagrant.format = "[\\[$symbol($version)\\]](fg:${foreground})";
vcsh.format = "[\\[vcsh [$symbol$repo\\]](fg:${foreground})";
vlang.format = "[\\[$symbol($version)\\]](fg:${foreground})";
zig.format = "[\\[$symbol($version)\\]](fg:${foreground})";
};
};
}

6
home.nix
View File

@@ -25,6 +25,7 @@
./home-modules/kitty.nix
./home-modules/fish.nix
./home-modules/bash.nix
./home-modules/starship.nix
# ./home-modules/nvim.nix
./home-modules/helix.nix
@@ -35,6 +36,7 @@
./home-modules/ssh.nix
./home-modules/gpg.nix
./home-modules/sops.nix
./home-modules/git.nix
./home-modules/mako.nix
@@ -43,7 +45,9 @@
./home-modules/latex.nix
./home-modules/pandoc.nix
./home-modules/python.nix
./home-modules/programming/python.nix
./home-modules/programming/node.nix
./home-modules/color-pallete.nix
];

BIN
secrets/passwords-and-certificates.nix
View File

Binary file not shown.

44
sops-secrets.yaml Normal file
View File

@@ -0,0 +1,44 @@
#ENC[AES256_GCM,data:Nr/V1n/48pdl,iv:KTy8zGqEWdtHMyDIj24AQLewxXQglCYix7ZQUdrV4Fw=,tag:TAXOAJWikNj1ly0kyCRhkg==,type:comment]
example: ENC[AES256_GCM,data:WH4=,iv:dQ7quTadSmPNi3F86Xfzne02CVMzyFipcrHYfHdKmf8=,tag:I+yDyMRvrQPOO/SsZmqpnQ==,type:str]
#ENC[AES256_GCM,data:A1GC2X8=,iv:1MwkWw/40DnwoWxGXDlvuQUDDAUiZFvMmi5AwIngShs=,tag:0U5T0I7RRZ021bY7M63uKA==,type:comment]
#ENC[AES256_GCM,data:TuiKn1QG8jtb9jhYhBEP/cLO4G0cT1VLkpgTx/nFKYSFMcC9Fe0tHkjiDRxoAUHfaJLHX6jeIOvFM2niMOifwrSl0g9IaKDBG6GxjmwiwKvRj+RisvMMILzquSU+sPzF+A==,iv:cvjbR397v8w0B061uiFli2W/asdoHyHjpGumU+ij2Bc=,tag:g1ZDEyQkE02x5aIhFZJyPA==,type:comment]
#ENC[AES256_GCM,data:8rASr+5XsQ==,iv:1uCh1v+k4wGUlsYTh/yHVBsrUZtTOsQur8RL2YW3V3A=,tag:+3YzUslU/YVTHnU2QzY1ow==,type:comment]
ssh:
NxNORTH-ssh_host_ed25519_key: ENC[AES256_GCM,data:4zIDtZzL196XTXg4qxCXLDvk9cD7cBvuK01TB/5ZjQp51jvbDA4aNgujEcVtcBQbCi34TsKMHa3j4VAdfeGrt6hmPLb1krog6/qsqSyFV9u9pBq2EqBokC0JIM8j5xpYWsswxa7/IWWuKTuJA3SXVey2SxJWMCzEXhov54L068ObVMJeKpg8C1+Ax6AohTG+ntYrvxIDz06RxyddfV/OBY/EbUafiDsNCa3rJo5jvsDSErChpXqvP0zInWnQF0bSyvo2CCwzAhHrN+c7dYkZ4cRMIMTnbfx93Qi3soWzfXvyZZsPIRW6UcvNfvNLY3g5amkQzUCYTxgXfiJbpoUHv4EZybOfGTU9sS+2s73OfWzkeQpJDp3QYDGCIdEctFkJ1ntFhdL2XKKHsvMPIWuOHbBuE7dG7yNyzICRAaQH4MDIrDDywXloGC+J6Vwjte/ZiNOjZA1WUPpVhlABppM0XQNauRz+uXcF7JCSn8mj1KNaD0JM2AR9tlu6sDociLq3JyoJMXoNNhuM//zu0Ac9,iv:BGc1rCP9LHpYpIMY94tsEE+YltQBx4ZouOmHZlM7WlU=,tag:7DpI9vXJ1vkZjDj2UtQ/Ag==,type:str]
NxXPS-ssh_host_ed25519_key: ENC[AES256_GCM,data:tdWOujPO,iv:jATctkrtEhrdQvw1jf7UCNYqltQaN8ySMpob5VApKJY=,tag:s0zu/eXnzW6eqqnGTwBJqg==,type:str]
NxACE-ssh_host_ed25519_key: ENC[AES256_GCM,data:1dh3SYzf,iv:tG5maEax2fke5bhdcdAoMp8AObKbs8kKI1p5akysu4g=,tag:JTDa1beKwTQ9ggwlkdpYtg==,type:str]
syncthing:
NxNORTH-cert.pem: ENC[AES256_GCM,data:nmI2a5G345pkmEbaQXsNWRMTbZGnH3zWZFWDJ0Gys5e9l1+Y8GndRHaiGnnPwAjswk7GRt3VqUtluCXEq1hYOEjRWqzziNGs2GjJGw8ddz5DNKtD4jriAKMYhZWTZXg/3rx/mSx/9qk79eGxbZmPzi9qAZi+phnjh+dUFuTZEvn3WM16+JBc8FEgX3AvgTbGR9bJcBjINvGSiYIQWKSLIScay9zHSYU62Qf24nPVRuXGibL7xOiV+HgBqA2N3VKY0Th/l4X/SrXrRAFSWJ+/ZuhRI6gS9ZcawlZIKpYtbKmiDpI0C/qGLhjjF2HKQMrElI3Nb+iHRoIS+zUMsa0RflgEMLCU71Ix22LzGLlbpyhvNja8sFLS1WnDLYafBg4/zw8cEJxPo+XZFtwms0GfQdAmvTTdtFTWHOqacuGMz1mZAYG+QLKd5xwYlkxVOarqGXX2l1TbbkyqaKAl7rWIx/3nF5Mhvob65DWNhPtSAj+39oHF1mMLmEitHiyHFn8nzSRvCkKiBAz4Xgngkq2HRyjpuxXcSk+RnbD2Ahuv4+X6IxSTYQnxSaxPvBqttvNLOIwSFbVqHiQgaH0bggecvQ3W/wBuXw50oUwK2baBKf5ENq58E6kVpO/IXvUCP1Oa5kVNKkQSc1Xig7SCFxTufEU2NmHPJxs2W0Pnf/tA2EyunkdHCMTO9aeRm5WCncbsvsHnTvQKO+F6CFL98zFItL74q831QGdFLxqYfiIhxG/cFjmzbESJJ+SDF25uNtsDrLoGTUJYeCIq3W+zMwUbEuCNiKpn7RvvHO4gP/pwwh7at6kmUbwjUNW9Ex3wwtIXQIsa5g1fIhTBXAATm4USOOWjN6XuHmqoVdjbgJ2VuAtwJyF7jP3JZvhiEaIJOjeAUvv5G4Zzp9FgyNJ6YTtOpzD/bobRDpDaVmitDNef2rDggbWACcGZ3uTgn4bylnCowyPS0T2JzolR3AhsC/xbjesBkHcnWJCrREdsvPFgeKm77IIFLwfNIq1RXYKt4vjmvTMe+dFoFscybV1v1lG3qQc9PaPezw==,iv:7N8WtW/yJWcK7iFzHhV+vjnA6uxDl1YrW/rnXlRWi6o=,tag:EMcVWqJHs3YCj4j+xz//FA==,type:str]
NxNORTH-key.pem: ENC[AES256_GCM,data:Zdtype95U/u6HXMsBQ9lG7LRv9jCksuiYCj5LB1pzO9w4O8VhcoaT54tgel9g9YBr5VWKbu2AOqrsVnwtmEUfx70Thsa6sYgYnFxkrxIMnXCPEvs9yTKOyO8OPaBFSO5eKOCZFYSx5jJ5anlxZ6JA6nDpevf/C93zaZYGveucYbcLZcdm785j1eQ6uS0HvCnYACgoy54Q6GcuZ3/mSioy4MIsEW/QCm/67rRlL3kRmdXTJBd2S57ZpS4ECxwcnzxbNVItS3YhmlaJpxRB9M/UwSiXce86AowKTmj5ckzwKRcM9bVP2c5oHLenVQIMQOvq2BUVpYk6/5kQ2HBb83E1/dkC7ZL81lfKpNspJP5upaXmZ/U6HmAS6vT31Lsj7NZ,iv:/vt0Z4a9QEu8a53c0djtkvtglqnKo96CYmBMXSccz3U=,tag:qCinJ/DoUbc8vPSJVY+rgA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuQitqblRZVjZGS3p1RlpP
cGRPRWI4SGYwekw3bXhTOVIzcTJZaE9nR3lVCllMWHFrNTZPNTBXUWg2VDRMTUlW
SVRDU0wwNmN2bXhjcFhNbE1zNXVsWVUKLS0tIDNCcTBxVUYwbDhJWGdlVUo2ck5z
UlV2VWNjcjUzcC9KZjdsa25qU0wxWk0KqH+D2YWSk51R5qsRnom1xAu/jAEe0Wx9
A5Nfrr+P+5oTnrF0MSP5o4zqFzs99PEcCE6sCksZoqkMYXbhXozgPg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-03T14:14:15Z"
mac: ENC[AES256_GCM,data:0ik8M9+V6qlc+5Z5rPi0X9UOa2Yf/cZdrpsXXfPj7hV9WSVnlDn2kJGt2PeLT5TwllAWm5mMVgovKEnuI/2hrck4AAGcvretvC0EPHr5Q4FOx84A8pDTsvff4x555mYyaGC4C5s8hUPe/OwwJXG19FWqHBVq638K/jFBS6mUk6Y=,iv:f8g+2vhqwgaYtG0sk5MdjQwPOVgBt/uNwojFyGgWUNY=,tag:HQyWQNRaAhmIJ+A/Uvbi+w==,type:str]
pgp:
- created_at: "2024-06-03T14:32:43Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DCvJ7ODFw5jQSAQdAw7WVNFgl452xdetQH5D9TjUe/CINVE19hjBMNNqn+X0w
qnbUM5s3wCofJSdVDSgleVXXZA1KcbW0ORbd6FVPv8dKX3x2mUMDb/tdLTkYzOL1
1GgBCQIQ+10jG029Xa1Psa3J0ZXs9UOz2vGiuLj3kCDke2yfwUM6CHKEWlsaJXNE
QYphW1hlKYZmcMU2ZjKTVzyKHbsr6X+guakozwiDW2DQDxZTFtaNKcrr0oPKa1Cn
ZOkzYH6Zwoc0Cw==
=4e5L
-----END PGP MESSAGE-----
fp: 22FB2CC03DC5292AB81CF67D0AF27B383170E634
unencrypted_suffix: _unencrypted
version: 3.8.1

2
system-modules/hsmw.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, lib, system, host, user, allowed, secrets, ... }:
{ pkgs, lib, host, secrets, ... }:
lib.mkIf (host != "NxACE")
{
environment.systemPackages = [

19
system-modules/sops.nix
View File

@@ -1,8 +1,25 @@
{ pkgs, ... }:
{ pkgs, user, ... }:
{
environment.systemPackages = with pkgs; [
age
ssh-to-age
sops
];
sops = {
defaultSopsFile = ../sops-secrets.yaml;
defaultSopsFormat = "yaml";
# age = {
# # keyFile = "/home/${user}/.config/sops/age/keys.txt";
# # keyFile = "/var/lib/sops-nix/key.txt";
# # keyFile = "/home/${user}/.config/sops/age/age-public-key-from-ssh-A-subkey.txt";
# sshKeyPaths = [ ];
# # sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# # generateKey = true;
# };
# gnupg = {
# sshKeyPaths = [];
# home = "/home/${user}/.gnupg";
# };
secrets.example = {};
};
}

14
system-modules/sshd.nix
View File

@@ -1,9 +1,19 @@
{ config, pkgs, lib, secrets, ... }:
{ host, secrets, ... }:
{
environment.etc."ssh/ssh_host_ed25519_key.pub".text = if (host == "NxNORTH") then
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1r5gUQPPS/dGB0SsvWtP6WdNWoxMwhhHRrqlO19cJt root@NxNORTH"
else if ( host == "NxXPS") then
""
else
"";
sops.secrets."ssh/${host}-ssh_host_ed25519_key" = {
mode = "0600";
path = "/etc/ssh/ssh_host_ed25519_key.shadow";
};
services.openssh = {
enable = true;
ports = secrets.nx2site.ssh.ports;
ports = secrets.ssh.ports;
settings = {
PasswordAuthentication = false;
};

72
system-modules/syncthing.nix
View File

@@ -1,33 +1,52 @@
{ pkgs, lib, user, host, secrets, ...}:
{ config, pkgs, lib, user, host, secrets, ...}:
let
devices = {
north = { name = "NxNORTH"; id = ""; };
xps = { name = "NxXPS"; id = ""; };
ace = { name = "NxACE"; id = ""; };
s21u = { name = "NxS21U"; id = ""; };
diane = { name = "diane"; id = ""; };
daniel = { name = "daniel"; id = ""; };
tessa = { name = "tessa"; id = ""; };
georg = { name = "georg"; id = ""; };
};
# helper funcitons
conv = _: device: with device; { "${name}" = {id = id;};};
justname = devices: (builtins.map (device: device.name)) devices;
todevice = key: name: { inherit name; id = secrets.syncthing.id.${key}; };
devices = builtins.mapAttrs todevice {
north = "NxNORTH";
xps = "NxXPS";
ace = "NxACE";
s21u = "NxS21U";
diane = "diane";
daniel = "daniel";
tessa = "tessa";
georg = "georg";
};
dirs = {
default = { name = "sync"; path = "/home/${user}/sync"; };
};
justname = devices: (builtins.map (device: device.name)) devices;
cd = /home/${user}/.config/syncthing;
cd = "/home/${user}/.config/syncthing";
in
lib.mkIf (user != "tv")
{
services.syncthing = {
sops.secrets = {
"syncthing/${host}-cert.pem" = {
owner = user;
# path = "/home/${user}/.config/syncthing/cert.pem";
};
"syncthing/${host}-key.pem" = {
owner = user;
# path = "/home/${user}/.config/syncthing/key.pem";
};
};
services.syncthing = with (builtins.mapAttrs conv devices); {
enable = true;
user = "${user}";
dataDir = "/home/${user}/.local/share/syncthing"; # useless ?
configDir = cd;
# key = builtins.toFile "key.pem" secrets.syncthing.${host}.key;
# cert = builtins.toFile "cert.pem" secrets.syncthing.${host}.cert;
# overrideDevices = true;
# overrideFolders = true;
# key = "/home/${user}/.config/syncthing/key.pem";
# cert = "/home/${user}/.config/syncthing/cert.pem";
key = config.sops.secrets."syncthing/${host}-key.pem".path;
cert = config.sops.secrets."syncthing/${host}-cert.pem".path;
overrideDevices = true;
overrideFolders = true;
guiAddress = if ( host == "NxACE" ) then "0.0.0.0:8384" else "127.0.0.1:8384";
settings = {
devices = with (builtins.mapAttrs conv devices); if (host == "NxXPS") then (
north // ace // s21u
@@ -41,11 +60,26 @@ lib.mkIf (user != "tv")
path = default.path;
devices = with devices; (justname [ north ace s21u ]);
};
} else if (host == "NxNORTH") then {
"${default.name}" = {
path = default.path;
devices = with devices; (justname [ s21u ]);
# devices = with devices; (justname [ xps ace s21u ]);
};
} else {
what = "dman";
"${default.name}" = {
path = default.path;
devices = with devices; (justname [ xps north s21u ]);
};
};
gui = {
theme = "black";
user = user;
password = secrets.syncthing.gui-password; # option to use a file is till in the works... https://github.com/NixOS/nixpkgs/issues/85336
};
};
};
systemd.services."syncthing".after = [ "sops-nix.service" ];
}