nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: nx2:b37781ef9042094eeaa3a86d4eb7b4c6e2b91151
Branches Tags
nx2:master nx2:nod nx2:gitea nx2:north
...
compare: nx2:a2c8c6e4d630d9a7e4a56ab1edd9c877cb20cdda
Branches Tags
nx2:master nx2:nod nx2:gitea nx2:north

3 Commits
b37781ef90 ... a2c8c6e4d6

Author SHA1 Message Date
Lennart J. Kurzweg (Nx2)
a2c8c6e4d6 obs+gpg fix 2024-06-09 23:39:09 +02:00
Lennart J. Kurzweg (Nx2)
28be563a54 better boot 2024-06-09 20:57:24 +02:00
Lennart J. Kurzweg (Nx2)
b5f04085ba curses pinentry 2024-06-09 20:54:54 +02:00
8 changed files with 106 additions and 59 deletions
Expand all files Collapse all files

3
.sops.yaml
View File

@@ -1,6 +1,6 @@
keys: keys:
- &users: - &users:
# - &nx2 age1sgzc2jh8af30a3cp6g7l4hyzusqrn3x3xw7frghc4akvjaplwa3stfemxc - &nx2backup age1sgzc2jh8af30a3cp6g7l4hyzusqrn3x3xw7frghc4akvjaplwa3stfemxc
- &nx2 22FB2CC03DC5292AB81CF67D0AF27B383170E634 - &nx2 22FB2CC03DC5292AB81CF67D0AF27B383170E634
- &hosts: - &hosts:
- &north age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e - &north age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e
@@ -13,5 +13,6 @@ creation_rules:
- *north - *north
- *xps - *xps
- *ace - *ace
- *nx2backup
pgp: pgp:
- *nx2 - *nx2

8
flake.lock generated
View File

@@ -208,11 +208,11 @@
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1717946608, "lastModified": 1717960589,
"narHash": "sha256-YtqFGpsbPXBp8hvuzYYTrxVrBuxb+MNcPVsOeebLvxY=", "narHash": "sha256-0fPh9sFwzWbvDTTY6omTrYk2r9nBz7e4AzGH6HlRLCo=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "4168b8c17b12b90873fab1ca73c2981b53f48bf5", "rev": "121c6ac3eae1601a1498e52a9be7030ebfed242c",
"revCount": 4786, "revCount": 4788,
"submodules": true, "submodules": true,
"type": "git", "type": "git",
"url": "https://github.com/hyprwm/Hyprland" "url": "https://github.com/hyprwm/Hyprland"

2
home-modules/gpg.nix
View File

@@ -8,6 +8,7 @@
pinentry-all pinentry-all
]); ]);
# services.pcscd.enable = true;
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;
verbose = true; verbose = true;
@@ -16,6 +17,7 @@
]; ];
enableSshSupport = true; enableSshSupport = true;
enableFishIntegration = true; enableFishIntegration = true;
# pinentryPackage = pkgs.pinentry-gtk2;
}; };
home.file.".gnupg/gpg.conf".text = '' home.file.".gnupg/gpg.conf".text = ''

15
home-modules/obs.nix Normal file
View File

@@ -0,0 +1,15 @@
{ pkgs, lib, host, ... }:
lib.mkIf (host != "NxACE")
{
# home.packages = with pkgs; [
# obs-studio
# ];
programs.obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [
obs-move-transition
obs-composite-blur
obs-backgroundremoval
];
};
}

4
home.nix
View File

@@ -7,8 +7,9 @@
./home-modules/chatterino.nix ./home-modules/chatterino.nix
./home-modules/email.nix ./home-modules/email.nix
./home-modules/bitwarden.nix ./home-modules/bitwarden.nix
./home-modules/office.nix
./home-modules/virt-manager.nix ./home-modules/virt-manager.nix
./home-modules/office.nix
./home-modules/obs.nix
./home-modules/gestures.nix ./home-modules/gestures.nix
@@ -67,7 +68,6 @@
spotify spotify
spicetify-cli spicetify-cli
obs-studio
swww playerctl swww playerctl

53
sops-secrets.yaml
View File

@@ -26,43 +26,52 @@ sops:
- recipient: age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e - recipient: age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKM0tBcGRsbmNRUmpUdUJP YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdWFGWTZ4WktJNy85aUlz
bGdQS3RaRENLTEVlZlZOMU5GeU9WTlBJSW00CjUwY010aTNVMW56SEZaTFZEd2E0 R1ZPR2xSajUxSGU5NlVDTGhpUGJ1S0RMVkc4CmhZR080ZVdHUHZnSmk1ekIyM0xm
TXh5TmtnMlU0Sm5uMk96cTJuSll2WU0KLS0tIExKY0hPNnZmeHV4czV1Qng5SkUr ZDN6dXJ6aXYyYkg4WVdiMlgwbmNBUzAKLS0tIE9qUmFpN3Nrek9JTGlaN3RjcDA1
VWl1U2dYT2VRVWRjaTFUNS9wVDdEMnMKNkkFBhfS0XH0Ekqoe/RYBuVzTSGKnvQe bUZxZ0FuOXcxSVQraUgveEh3dm5XK0kKToAW0mEq3G/wWRnvfJWasW7eO8BeFlej
LSchPODzUEBhmPOAE7rdIBfYu+Dx7MSyAuZBqHSkyj6wSjktjFmeVg== OkXvP5R4+bddAsGPK83UxOUOFbZAzaYulFSaAFOssCOTui335nj+/w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jvf2lyrt2dw9jfnwgvnhmj9fmvyq8vvtepqjpkyycc5dqkkd4edqhxsgv6 - recipient: age1jvf2lyrt2dw9jfnwgvnhmj9fmvyq8vvtepqjpkyycc5dqkkd4edqhxsgv6
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJUGN2aVZOSWVwaFZFYVk4 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvNzRERlBkMFVwbk5ka3Rz
V3JyaFlIYXFabzN4cjRRb3d0MEJkSGZUL0hJClRUWXE1YURZTnZ5djM4QmlPSmd4 WHN5VE1XVFN6OWlMSFl1MnQyTEc4RHZVa0ZZCkZuY3doMTNUclMvWTJmQzFkbHlh
TmZURE5EZFplZFhZZVo5Y1NMMGU4bncKLS0tIDVOTmpoanVHK1BtR3JGTlNyeUNw Z3ZXSUZuRzBoN2NtU2dWUzFXMjc1MDQKLS0tIGNvN1JsdGF2ZFU2Vkl4UGtzdDFJ
Y3FtQzhjMG82dlBmakxoeWcvWHB0Sk0K1970jOatgLAC/eIgia7+NXnE8X7WzML+ aE9uY1NQSkFoWmg4WGlvV2JDbkcyeXMKh1yVwrTV+4XhEiiiMhA7rW7z11N+EsXU
iYOdpBOD6vV1bxpKUHe434YmnNCEGH6btpssfmF+ge6RaS6rynPKmQ== FBHP2nk2UXWPQGioMiCinead8tjX2jfeQcmTwdk4aYMtnvpqWS5RVQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jj7kfjw3e7rf9kwg5f87zf4ns6yr5465wcasanr9gcgwrq7c6dmq6gprgk - recipient: age1jj7kfjw3e7rf9kwg5f87zf4ns6yr5465wcasanr9gcgwrq7c6dmq6gprgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFQkJyUHI3d053TWtjRFlR YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBva2JleWhLeERPbklkems1
TUlWVm9iK0IweGpZQXZUWUlHSmYrWkpEZ3lFCkN4bkQxTjhQdk00K1VMWWtMenFv YjJXUzlSZmhla0JFU2dtWFZzNWt4MTk4aEhFCnNvVmZmNm9Uc1pMWWNBRFpYRUJ1
bVZXNGJheTFVR1V4cHdSWHA4aVNHTzQKLS0tIHJXUUJOWXM2NHRPVlQwb0FTeC9V R20vOEpsTGZFZ1p4V1JzSnVlSGJNY00KLS0tIDMreVdDSHdGVnhvVi9ENXFJY045
WlgwZFFRbE5PdnJVSGlOOW9zeEhTajQKB+x9mdS+VAJagsdr8DJiQM6WMoYmvzhp ZGdKSmZmRFMveld2UmlPNmtNWTdIbWsKJkmAaS91KR1Lvx2tCuu7sfUUYq4eeLsa
KUa8HEtkMUKLtwm4tMjKcBEqZFv/sKXOMqDO5o35z1jKeErCnnxzIA== woel57Bqqpo8f0UMb8T6s8grdKMspZCkIu5ooR/U4xWhwOJQwd2gbw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1sgzc2jh8af30a3cp6g7l4hyzusqrn3x3xw7frghc4akvjaplwa3stfemxc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMVUJaM3MweHBMNjlxdHRD
blNZWHM3ZlZrUkVrQ3NhNnFkc1VIMytkMVhFCndTczlsVFc3bGRhRkZmRm5sMXp0
dnZrOEVoS3F6L0hSSTUrYllnNldYTnMKLS0tIFNjVzEzTC9LZldGMmlZS3VYRThW
SHJLR3lvdlFiRmJuU25RUHFFTmpjamMKbzycdDvQBAuOiRROTZEQSnaXoPapz73L
yVS9EUP25FSx/sGqRqaCefbeaybuM1aso6LDnlomv4Bib7zjugWKSw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-03T19:04:51Z" lastmodified: "2024-06-03T19:04:51Z"
mac: ENC[AES256_GCM,data:4oE9N4llvpXW15FhQLJ4vl+9FQQoNF1BK/DrX9jymrUxc5QVqASLLWRMZqwfoYofn2JqXIuNpFgW+NpoRQjqzTaFNt2OSGWYMmT10t2yteM40fhfZrRAU+hwOm8QhnbJrVgUunO2S6USGqkyr+nhafQkGPmqIiqPeW8bQROSSwc=,iv:NWEuLtamkQIS84mEZNByYA6vBLVkfCsuNtkT1OmtqFE=,tag:O06xDZT+Tqd66H4s+JMf+w==,type:str] mac: ENC[AES256_GCM,data:4oE9N4llvpXW15FhQLJ4vl+9FQQoNF1BK/DrX9jymrUxc5QVqASLLWRMZqwfoYofn2JqXIuNpFgW+NpoRQjqzTaFNt2OSGWYMmT10t2yteM40fhfZrRAU+hwOm8QhnbJrVgUunO2S6USGqkyr+nhafQkGPmqIiqPeW8bQROSSwc=,iv:NWEuLtamkQIS84mEZNByYA6vBLVkfCsuNtkT1OmtqFE=,tag:O06xDZT+Tqd66H4s+JMf+w==,type:str]
pgp: pgp:
- created_at: "2024-06-03T19:30:15Z" - created_at: "2024-06-09T19:44:41Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hF4DCvJ7ODFw5jQSAQdA6eOMCqmAKRaVZbBBWpyERU/SXe0aCWxTx+CL1GSkuUsw hF4DCvJ7ODFw5jQSAQdAUcAbKZ7q2ZNLG55YA8gSUc7Lyqn2G/7srJa17lezUlgw
Vj9R3IvD+yQUwbaBntD0Orf7aLUnDHr0jGxDrFcMbGkqBsqS2ewCtUavqSUw6A1u MIhuvf6H1TfUkabE8it12NZzhSibmC+7T6FqB9tTY8UXvMn8KzVbIX5Opu/J9NNp
1GgBCQIQNcQCGpxX1Gzum/7HVsJE4JCaE4Dr2yQtdmUQhzxS3zTdc6xwUWSPPOZi 1GgBCQIQUai/KFbpw4kaUthOe2ftUuN7fYLL0Nl4ZqrGNJMFYTjwOFyb6yWE7i7C
5hXw4GZKN/MtiFyxAVRBaxsoPHhH3VaxJaXQ365E4TP+q8Urbk7V6aUFNKQs1+Xr fEjGjALJU2ZZIL3mZ4FYkqU1eoidKLSnDtsGArxz0ACEo8UWuR7t1QFD3oYUFu0D
I/3GfobQh/FfZQ== i5Hfz3tyzMfPsA==
=ru2B =7FCO
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 22FB2CC03DC5292AB81CF67D0AF27B383170E634 fp: 22FB2CC03DC5292AB81CF67D0AF27B383170E634
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted

61
system-modules/boot.nix
View File

@@ -1,5 +1,5 @@
{ config, pkgs, host, inputs, ... }: { config, pkgs, host, inputs, ... }:
let let
grub-theme-ascii-diana = (pkgs.fetchFromGitea { grub-theme-ascii-diana = (pkgs.fetchFromGitea {
domain = "git.nx2.site"; domain = "git.nx2.site";
owner = "nx2"; owner = "nx2";
@@ -7,48 +7,67 @@
rev = "0.5.0"; rev = "0.5.0";
hash = "sha256-e+55NYsSsWY6GPbYUtdVEB9krueuCAWT3Ce/Ghops1g="; hash = "sha256-e+55NYsSsWY6GPbYUtdVEB9krueuCAWT3Ce/Ghops1g=";
}); });
in in
{ {
imports = if host == "NxNORTH" then [ imports = if host == "NxNORTH" then [
inputs.lanzaboote.nixosModules.lanzaboote inputs.lanzaboote.nixosModules.lanzaboote
] else []; ] else [];
config = if host == "NxNORTH" then {
# I have to boot with secureboot becasue of the chinese spyware called Vanguard
environment.systemPackages = with pkgs; [ sbctl ];
boot = {
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
loader.systemd-boot.enable = false; # let lanzaboote install systemd-boot
config = if (host == "NxXPS" || host == "NxACE") then { # kernelPackages = pkgs.linuxPackages_latest;
boot.loader.efi.canTouchEfiVariables = true; extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
kernelModules = [ "v4l2loopback" ];
extraModprobeConfig = ''options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1'';
};
security.polkit.enable = true;
} else if host == "NxXPS" then {
boot.loader.grub = { boot.loader.grub = {
enable = true; enable = true;
configurationLimit = 30; configurationLimit = 30;
device = "nodev"; device = "nodev";
# useOSProber = true; # useOSProber = true;
efiSupport = true; efiSupport = true;
#theme = grub-theme-ascii-diana; theme = grub-theme-ascii-diana;
#font = "${grub-theme-ascii-diana}/unicode.pf2"; font = "${grub-theme-ascii-diana}/unicode.pf2";
fontSize = 50; fontSize = 50;
# splashImage = null; # splashImage = null;
extraEntries = if host == "NxXPS" then ''
efi.canTouchEfiVariables = true;
extraEntries = ''
menuentry 'Windows 11' --class windows --class os $menuentry_id_option 'osprober-efi-0A97-7A2D' { menuentry 'Windows 11' --class windows --class os $menuentry_id_option 'osprober-efi-0A97-7A2D' {
insmod part_gpt insmod part_gpt
insmod fat insmod fat
search --no-floppy --fs-uuid --set=root 0A97-7A2D search --no-floppy --fs-uuid --set=root 0A97-7A2D
chainloader /EFI/Microsoft/Boot/bootmgfw.efi chainloader /EFI/Microsoft/Boot/bootmgfw.efi
} }
'' else ''''; '';
};
} else {
# I have to boot with secureboot becasue of the chinese spyware called Vanguard
environment.systemPackages = with pkgs; [
sbctl
];
boot = {
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
# let lanzaboote install systemd-boot extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
loader.systemd-boot.enable = false; kernelModules = [ "v4l2loopback" ];
extraModprobeConfig = ''options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1'';
};
} else { # NxACE
kernelPackages = pkgs.linuxPackages_latest;
extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
boot.loader.grub = {
enable = true;
configurationLimit = 30;
device = "nodev";
# useOSProber = true;
efiSupport = true;
fontSize = 50;
efi.canTouchEfiVariables = true;
splashImage = null;
}; };
}; };
} }

1
system-modules/gpg.nix
View File

@@ -10,6 +10,7 @@
enableSSHSupport = true; enableSSHSupport = true;
enableExtraSocket = true; enableExtraSocket = true;
enableBrowserSocket = true; enableBrowserSocket = true;
# pinentryPackage = pkgs.pinentry-gtk2;
}; };
}; };
} }