Compare commits
7 Commits
4c178e57fa
...
470922dce2
| Author | SHA1 | Date | |
|---|---|---|---|
|
470922dce2 | ||
|
|
b0cb61f05e | ||
|
|
e8373d6293 | ||
|
|
ff5de39a19 | ||
|
|
1fc8b2a7cb | ||
|
|
e19ed3ece1 | ||
|
|
f7de7f740d |
@@ -3,6 +3,7 @@ keys:
|
||||
- &nx2 22FB2CC03DC5292AB81CF67D0AF27B383170E634
|
||||
- &nx2_key_13 age1x2lpsennl74n0f5jl60uv2ffjcuqymzf9ap3frlz2quyv0x3hq3scnewwq
|
||||
- &xps-home age1pn4utvwpqdrswn0xurfdexn5nks9cd06jxzwg3m3m6za25ap4vxqxd0p3k
|
||||
- &ace-home age1ur5zpr325cv7w0yn49azz9f48xsxd73w2sytt22yrnw5qs9r34nsv3vl05
|
||||
- &hosts:
|
||||
- &north age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e
|
||||
- &xps age1jvf2lyrt2dw9jfnwgvnhmj9fmvyq8vvtepqjpkyycc5dqkkd4edqhxsgv6
|
||||
@@ -16,5 +17,6 @@ creation_rules:
|
||||
- *ace
|
||||
- *nx2_key_13
|
||||
- *xps-home
|
||||
- *ace-home
|
||||
pgp:
|
||||
- *nx2
|
||||
|
||||
@@ -1,13 +1,13 @@
|
||||
{
|
||||
"base": {
|
||||
"foreground": "#fee5cc",
|
||||
"background": "#190c00"
|
||||
"foreground": "#fefefe",
|
||||
"background": "#020202"
|
||||
},
|
||||
"to_alter": {
|
||||
"accent": "#fc9835",
|
||||
"secondary": "#fc3535",
|
||||
"tertiary": "#e64b73",
|
||||
"special": "#3499fc",
|
||||
"weird": "#56fc34"
|
||||
"accent": "#aaaaff",
|
||||
"secondary": "#aaeeff",
|
||||
"tertiary": "#aaffaa",
|
||||
"special": "#aaffaa",
|
||||
"weird": "#ffffaa"
|
||||
}
|
||||
}
|
||||
@@ -9,7 +9,7 @@
|
||||
programs.gpg = {
|
||||
enable = true;
|
||||
package = pkgs.gnupg;
|
||||
homedir = if hyper.host == "NxXPS" then "${hyper.home}/vault/gnupg" else "${hyper.home}/.gnupg";
|
||||
homedir = "${hyper.home}/vault/gnupg";
|
||||
settings = {
|
||||
armor = true;
|
||||
cert-digest-algo = "SHA512";
|
||||
|
||||
@@ -1,18 +1,7 @@
|
||||
{ pkgs, ... }@all: with all; {
|
||||
imports = [ inputs.sops-nix.homeManagerModules.sops ];
|
||||
sops = {
|
||||
age.keyFile = if (hyper.host == "NxXPS") then
|
||||
"${hyper.home}/vault/age/sops-xps-home.key"
|
||||
else if (hyper.host == "NxACE") then
|
||||
"${hyper.home}/.age_nx2_key_13.txt"
|
||||
else if (hyper.host == "NxNORTH") then
|
||||
"${hyper.home}/.age_nx2_key_13.txt"
|
||||
else "unkown host in sops.nix";
|
||||
age.keyFile = "${hyper.home}/vault/age/sopsnix-${hyper.host}-home.key";
|
||||
defaultSopsFile = ../sops-secrets.yaml;
|
||||
secrets = {
|
||||
"example" = {
|
||||
path = "%r/secrets/example";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -16,8 +16,7 @@
|
||||
"nxrpli" = (nxace "nxrpil") // { hostname = "10.0.1.31"; port = 22; };
|
||||
"nxgit" = (nxace "nxgit") // {
|
||||
user = "git";
|
||||
identityFile = builtins.trace config.programs.ssh.matchBlocks.nxgit
|
||||
"${hyper.home}/vault/ssh/nxgit-nx2-${hyper.host}";
|
||||
identityFile = "${hyper.home}/vault/ssh/nxgit-nx2-${hyper.host}";
|
||||
# addKeysToAgent = "1h";
|
||||
};
|
||||
};
|
||||
|
||||
@@ -58,60 +58,69 @@ sops:
|
||||
- recipient: age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUSW9RSEE1aGV1RVUzZXh0
|
||||
M3FhS01jYU90S3pOUzhKMUFndXVzSk8wYkZrCnhRdkE4cnNxWHJWYjVzUGZVMmNQ
|
||||
N1kxM240OC9oOEloUjhEUmx3c3RTQzQKLS0tIGIwNUhjOURaVXNIeHR5SjNEQmly
|
||||
QUFHYUxTSWREcU9GT2JUSXNBNndkMkEKCIPVu8VbDjsdDaePoivW0jMvzD/GZpHk
|
||||
9P1zJ0fN1NPCTi7spAyiyDWpJa6sfwAVj7Bs2zzFZoJZUxvE054YPw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxODZibjJwSGRJYVpyRXFh
|
||||
UmFmRVIwOGhFaHhpb05iRGtTSnV0UUlkOUd3CnFiOTJ4cTN0OHYvQTlScy9NYXAr
|
||||
a1A1YzFkdkttenhRa1NIUnhuVEZiLzgKLS0tIFVkTDRZNWhHeHN3MWNTSHJRbSs0
|
||||
Nk5FcnBaSkhWcXZaeCtQMDJaVEc1aEEK71jQkA/mOqNIdcNYHDnb43MEVKyNIOpT
|
||||
8J/CV6U5M+YGNvkHXafNFccHKY8dFPVDzcJl0lthECjcGrplzNEWNw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1jvf2lyrt2dw9jfnwgvnhmj9fmvyq8vvtepqjpkyycc5dqkkd4edqhxsgv6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjb3R0bFhqZzg3MC9rZFVi
|
||||
elJCTHdjVlpTVUtaUzcwQklmbVd6TXJsSUNRClk0VExaYVFkaE5KYWtGYmU1bGk4
|
||||
OHJYQUpKZ1gzUnQyaVpudVdiZ0RYb1UKLS0tIGNINzBHRHE3YkhMNVY4dVVlUVBs
|
||||
TzhkWmxYU016TXN5Z0JDUVFZeG1QMWsKiukK/zVn6WEr1E5qKPULsyJQX8qDgQoY
|
||||
JIeoG+OehtZ33VIXJfiNw60taM4XJb+bv/u9dzCY9ahW8M5VthpIlg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBK0dKQWQyOW8xQ0RMOXlv
|
||||
SStnV0R1QWNlZlVrUGdqSTVUSUJHL09RQW5BCk1OL2NLVFk1R1kzTjc1OUR5TmVC
|
||||
MXI0ZnoxcVRoNHFOa2FJT0RvOUtTakUKLS0tIC82QzlJT0RjVHo0aXZOckNNNElO
|
||||
WjZEL0NzL0NzOUdMK3FaOE5Ub2x5OXcKOAahFXWAQNagHz2G+O1TPiKB7UqUl8p2
|
||||
K89cGfal6M2ui403lb2ygEi+v6K908Kh9MzGaDtR0r2k7kGQS4aFmg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1jj7kfjw3e7rf9kwg5f87zf4ns6yr5465wcasanr9gcgwrq7c6dmq6gprgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCOStIUnJVVU5YRFg0T0dF
|
||||
ZjBMVThZSFlRa0lCZ2RFZ1R4Mjk0Zjd4b0RRCkwveXN2SmIwajd6R1NScXpQS0FH
|
||||
S25rOFRKRzd2SFRlZHYxMnZPY3Q3QUEKLS0tIDZRVU54UlFiSWJlWW9LWVRqcGpD
|
||||
RXIxSVA3T0RwZEJDTk1JWHZVT09neUUKX7QgyC+yJ+eDvKX2dW9XU2UA8WPC5Tsm
|
||||
fzlmjPWR/E2Gdnoi0k2+HLWo46SUeMYdpZfx3gK+UmDFUags+SCHpg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaNGhjNHlubGp3QzRkRy9i
|
||||
UmM0ZlE5UUxhM0tCeHkwOUt2VEt1YldnNnhrCnZHWlpWZ3BpZ1BlYTlVVmFZQ2Q4
|
||||
RlF5UldLdDNOZTB6UDlBcldqRmhyTDQKLS0tIG5OZjZkdnNnbTZ2K3kzNGdqdGFE
|
||||
RUdad1FHMTVFVU8xRmpCdHRnK0Z5ZkkKb+25mUdPRozNnyPXGCJOe+xtsOZVe4oy
|
||||
SDpdoSASzq2uljMxVPyINJcbEThJriZAzC30Qt2aroc2zo3dnsnVMg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1x2lpsennl74n0f5jl60uv2ffjcuqymzf9ap3frlz2quyv0x3hq3scnewwq
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzMUw1OXpCN0F6WkdBWFVM
|
||||
M0VWdGlVcllTQlJKQUpKTG9wQ2NqVGEzVFJzCjE4UU92MlljSEIrZENFdVZpQUcx
|
||||
SUh3SUh4bnZFVFpJOThQdG8wM24xZVkKLS0tIGJsUUl1QmJiRUFFRERrWWlMK1Fk
|
||||
V2ZCS0tFUHNKckY1YXNRa3lwS3dVYW8KzrtAPlNuWQxSR2PEqFyqI5yv8jD2ZE3j
|
||||
CT1SFmY9vf++WiOt1epby2MNpYdgyNrvlcaNUiE8Pt5ce0Y21pbq5A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArV094ZWwvTzJuYlE1Um14
|
||||
K09wUlcxdFc1eFB3bXgrSXlRK3ZRSnB1QXhBClhNZVFIRHBVUGkwOVk3ejc5b0FN
|
||||
cEtkSTFHZ1FWUDQzZUJBbHRsMnhWMUkKLS0tIDhQWGpvV01TRHY0VnJCclRsVHl6
|
||||
YkZJWm5xWlh2NmtibnVPYSs2QjF0TW8KRj+d44ttYXoElSzxv6n4u9NL/aeXJQpc
|
||||
Fc0797glPXgInJZkQSzCmjKs6LzY82I5D34evwuFzuwD/TMAGyo0/g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1pn4utvwpqdrswn0xurfdexn5nks9cd06jxzwg3m3m6za25ap4vxqxd0p3k
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3MHZlREs5OGxqTkZadmx1
|
||||
R2hwMmc1YlZTd3owOHRIajJQMnVCbTFPOWtrCndMQ2Evc09VazNGVktrMXVHR2Vw
|
||||
dFZWMm9rdi9iQWh3Y1lQT1g2SDJqNjQKLS0tIHYwVmVLeWQvc2ZWUzkxZzdKSnZt
|
||||
TE44bHh2SFBMNldkdWZGcXc0c05LVWsK7LfqdRED2NkJxAxq+48MlLyIV30ihe0+
|
||||
t269ote4qHDBx0RCZd5/hYUph/8Xf/fPa7Q6JYl6fkKiWUA3uWdbFQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAreTRVWkxiNnZKeFFiNVA2
|
||||
ZldmbXpUN2lyYjh0M0ZNSHpHRGk0aHpkUUZzCmhrZnBTWTlTYU13K2YwNFVCT1px
|
||||
ZUhWODQrZHlIR2RQOFhmUXY2NXI3QUkKLS0tIHlDcnI0dGt3a2h6a3l1YkRMNkVr
|
||||
QVRCdkMza3JDb01mdW5mbTZtbFVVR3MK3dww+AlRaTwe2oveZzcRaKgLE++U0jxJ
|
||||
kaC8DmqQh/XbiqlJ9sIIg6PfmyME7ACe31TkZVc1MhSvVePmxRRLYQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ur5zpr325cv7w0yn49azz9f48xsxd73w2sytt22yrnw5qs9r34nsv3vl05
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoR1g0Wk1idkFVbUlNaEls
|
||||
dlRMWHNFMW5HSmtyUlF5YnBMZkFGUzFEZ0ZRCmZoZDZDRlFIbk5mQU1Kbk9hU0p6
|
||||
WldxaHpuZVlqVkJyK0hEZkFaV2FKZG8KLS0tIGxMdFJBc1pDMmpKVm5mbTFRUU9m
|
||||
SUwwSStwcmw0VDFLdTlqZDViV0k3YTgKukCR3ZJaJpEHNCxoisES9/uIULz1E7XW
|
||||
w4VVHk+0fuTUCcCWz/Lpw58OgNdNz7mAx8Ji2Uyid3qTkd6NjdCVaA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-09-07T21:03:20Z"
|
||||
mac: ENC[AES256_GCM,data:x8eIqQQGxtB5ukScesN1Lf4cFicTOi3VSOr/hFxKzccgwW7HLLEqwjai6e67KUFC2otaN9TR7ft0tUsTVwWRVRCHnpEoQ5KshLHy2zsk+CmPIpWTLCZJBpe154z3rRLlc10DCM7yhqArzepw0HgE4j1knADqLVwC7e0k+o/OmE8=,iv:uXeIv19J3LmYg7gtA2SGUSoMe9uccrvvztlDFSSs1V8=,tag:YTJpZdw1K+7//EARR+MviA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2025-10-04T19:49:10Z"
|
||||
- created_at: "2025-10-04T23:33:42Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4DCvJ7ODFw5jQSAQdA2lEw0/JamW2LbvTLg0PhRxyNFbBunqhNa0/Bgv9riF8w
|
||||
4MIL+i7o3KOAGF4h3NQpQNkG1rgMImzlXbSOzLJJV/uEMkew6VASKENAa+4FFo7t
|
||||
0l4B3QpXdQzCWe07HXhqG+YetjR8tM9Rtk5XZuw4XTyca49BZezXPCbqgstoSW+U
|
||||
TSjvpKr4FeE3tA3ePo4Jo7HYa1qotJe97pgDqziWIqEIJNwNhwROv9aLagWX9cVd
|
||||
=dhDw
|
||||
hF4DCvJ7ODFw5jQSAQdAwFhdvVSDAhK6TQhL1Jd+Bw9KNHD5BhzMxM04+tsOmVMw
|
||||
DDFAuBEfqGGzsJfrWPfdJJOPGYHK3vz/O6zitpCy1cF7EuSkak11nLDAG6Itozuv
|
||||
0l4BS8mBaxvNcJUePYCq0SY7qVmu+OGnchKJ2e3suJllxZ+Uxc9WDSBxRVGMcwXo
|
||||
N2d/0dtdU8HAP70/L2SeTDMgK+lX++71DGAO45+c040GbMnB1SGJfWDa71b0BHVS
|
||||
=5jtR
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 22FB2CC03DC5292AB81CF67D0AF27B383170E634
|
||||
unencrypted_suffix: _unencrypted
|
||||
|
||||
@@ -9,7 +9,9 @@
|
||||
boot = {
|
||||
initrd = {
|
||||
availableKernelModules = [ "xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||
luks.devices.cryptroot.device = pkgs.lib.mkIf (hyper.host == "NxXPS") "/dev/nvme0n1p7";
|
||||
luks.devices = pkgs.lib.mkIf (hyper.host == "NxXPS") {
|
||||
"vault".device = "/dev/nvme0n1p7";
|
||||
};
|
||||
kernelModules = pkgs.lib.mkIf (hyper.host == "NxXPS") [ "i915" "cryptd" ];
|
||||
};
|
||||
kernelModules = [ "kvm-intel" ];
|
||||
@@ -28,7 +30,7 @@
|
||||
"${hyper.home}/vault" = { device = "/dev/disk/by-label/vault"; fsType = "ext4"; };
|
||||
} else if hyper.host == "NxNORTH" then {
|
||||
"${hyper.home}/shared" = { device = "/dev/disk/by-label/shared"; } // ntfs;
|
||||
} else if hyper.host == "NxXPS" then {
|
||||
} else if hyper.host == "NxACE" then {
|
||||
"/vault" = { device = "/dev/disk/by-label/vault"; fsType = "ext4"; };
|
||||
} else {});
|
||||
hardware = {
|
||||
|
||||
@@ -1,36 +1,37 @@
|
||||
{ pkgs, ... }@all: with all;
|
||||
{
|
||||
users.defaultUserShell = pkgs.bash; # if interactive, itll switch to fish
|
||||
|
||||
users.users."${hyper.user}" = {
|
||||
{ pkgs, ... }@all: with all; {
|
||||
users = {
|
||||
defaultUserShell = pkgs.bash; # if interactive, itll switch to fish
|
||||
users."${hyper.user}" = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [
|
||||
# TODO: actually put the groups into the relevant files
|
||||
"networkmanager"
|
||||
"wheel"
|
||||
"audio"
|
||||
"video"
|
||||
"lp"
|
||||
"scanner"
|
||||
"docker"
|
||||
"libvirtd"
|
||||
"uinput"
|
||||
"input"
|
||||
"ydotool"
|
||||
"acme"
|
||||
"nginx"
|
||||
"adbusers"
|
||||
"audio"
|
||||
"audiobookshelf"
|
||||
"copyparty"
|
||||
"docker"
|
||||
"input"
|
||||
"libvirtd"
|
||||
"lp"
|
||||
"networkmanager"
|
||||
"nextcloud"
|
||||
"nginx"
|
||||
"postgres"
|
||||
"radicale"
|
||||
"audiobookshelf"
|
||||
"nextcloud"
|
||||
"scanner"
|
||||
"uinput"
|
||||
"video"
|
||||
"wheel"
|
||||
"ydotool"
|
||||
];
|
||||
useDefaultShell = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID1RPCcS8DtIf75a2FEW4d8X6WTVeLlmretoLqppvZlJ" # From [A] GPG Sub Key
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5sYVtPLHXatTjrpol46xr9R4TidcB4t8axO6/ReNNR nx2@ssh.nx2.site" # NxXPS
|
||||
];
|
||||
};
|
||||
|
||||
};
|
||||
programs = {
|
||||
bash = {
|
||||
interactiveShellInit = ''
|
||||
|
||||
Reference in New Issue
Block a user