ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

setting up BOB

Browse Source
This commit is contained in:
Richie Cahill 2024-06-08 21:06:59 -04:00
parent d6c4d9bf12
commit 1bf1cb10d8
7 changed files with 187 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.sops.yaml
View File

@ -9,9 +9,10 @@ keys:
# cspell:disable
- &artemision age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
- &artemision-home age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc
- &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
- &bob age13jg97cvy63fzd2ccthcwvfyyxzw5vmwun8s0afq5l4xm0mhl6pjqhne063
- &jeeves age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w
- &jeeves-jr age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
- &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
- &rhapsody-in-green age1c7adjulcrma0m7l5ur8efxdjzyskrqcwssfkt77a9rmma7gzss5q02pgmy
# cspell:enable
@ -73,7 +74,7 @@ creation_rules:
- *admin_alice
age:
- *artemision
- path_regex: users/richie/secrets\.yaml$
key_groups:
- pgp:
@ -83,3 +84,4 @@ creation_rules:
- *jeeves
- *jeeves-jr
- *rhapsody-in-green
- *bob

3
.vscode/settings.json vendored
View File

@ -28,6 +28,7 @@
"dialout",
"direnv",
"disren",
"dmask",
"dotfiles",
"eamodio",
"errorlens",
@ -37,6 +38,7 @@
"filebrowser",
"fileroller",
"Filesystems",
"fmask",
"foxundermoon",
"gamescope",
"gparted",
@ -92,6 +94,7 @@
"radarr",
"Redistributable",
"ripgrep",
"rpool",
"rspace",
"rtkit",
"Sandro",

58
systems/bob/configuration.nix Normal file
View File

@ -0,0 +1,58 @@
{
imports = [
./hardware.nix
../../users/richie/global/syncthing_base.nix
../../users/richie/global/zerotier.nix
];
boot = {
useSystemdBoot = true;
default = true;
};
networking = {
networkmanager.enable = true;
hostId = "9ab3b18e";
};
hardware = {
pulseaudio.enable = false;
bluetooth = {
enable = true;
powerOnBoot = true;
};
};
security.rtkit.enable = true;
sound.enable = true;
services = {
openssh.settings.PermitRootLogin = "yes";
autopull.enable = false;
displayManager.sddm.enable = true;
xserver = {
enable = true;
desktopManager.plasma5.enable = true;
xkb = {
layout = "us";
variant = "";
};
};
printing.enable = true;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
};
system.autoUpgrade.enable = false;
system.stateVersion = "23.11";
}

8
systems/bob/default.nix Normal file
View File

@ -0,0 +1,8 @@
{ ... }:
{
users = [ "richie" ];
system = "x86_64-linux";
home = true;
sops = true;
server = false;
}

66
systems/bob/hardware.nix Normal file
View File

@ -0,0 +1,66 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usb_storage"
"sd_mod"
];
kernelModules = [ ];
luks.devices = {
"luks-rpool-nvme-Samsung_SSD_970_EVO_Plus_1TB_S6S1NS0T617615W-part2".device = "/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_1TB_S6S1NS0T617615W-part2";
};
};
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
};
fileSystems = {
"/" = lib.mkDefault {
device = "rpool/root";
fsType = "zfs";
};
"/home" = {
device = "rpool/home";
fsType = "zfs";
};
"/boot" = {
device = "/dev/disk/by-uuid/8AE6-270D";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
};
swapDevices = [ { device = "/dev/disk/by-uuid/2ece9ba5-e892-400d-8b50-2126a8eb2fa0"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp11s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

5
users/richie/home/vscode/settings.json
View File

@ -62,5 +62,8 @@
"redhat.telemetry.enabled": true,
"gitlens.plusFeatures.enabled": false,
"github.copilot.editor.enableAutoCompletions": true,
"explorer.confirmPasteNative": false
"explorer.confirmPasteNative": false,
"github.copilot.enable": {
"*": false
}
}

79
users/richie/secrets.yaml
View File

@ -11,60 +11,69 @@ sops:
- recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1NjRCZ3RYS3g1amQxRUJt
bGxFdHRuU3d2eHlnRlZPQjg5dUN0cGhWelNzCjhWTXNNcmhFNFgwVmRISUZVa0JM
SHRQN2UxRllhZXBlNGJWZEhteDFYM2cKLS0tIFJ3T0V2RWNkTjJNTTJEYTZZb1pa
a1NNazgzWDQ5QUVHU285dkRIY0s0YVkKxhqUovG8RPsn48RCy6ibbLIFeh9rZC1t
idys8aiy3Tk1sMAb7miHjDkilfqwcUwAS+OSsXXiwCfY1V/+SrrQaQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4VGsycE1JQUFXbmZOQ3dP
VlMzVllzemN3WWd2dFc4UEdKSnVmcHhNaFZNCmVLZG54RWIybVl3dXNpQ2NLVnBh
dUdKWlJ1dXZ3MFZ1Y2tQVzNJR3pYcjAKLS0tIFFiRHIzZEpjNml3Mm1GOUhRWjBy
UVMwemZIY1RTWkVmQXE3allUNzdLWlkKPBVTtbgPXXnbclANx4nysXeTWmSoIuAg
NfCnCPPgYqe+zW3XL9czEjxyTyH25lnkAWckUhCch3g2uA/7uV1xlg==
-----END AGE ENCRYPTED FILE-----
- recipient: age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5ZnF1RnI2MXZtdVVpZjFo
OUlFMFF5ZDZtYmxRUXVOSTNEVE1hTVlsU1FNCmo5WFYwL2Iyb3RhOXJ4WGlRMk1C
bWR1TGp0V1BNV3o4N3FHekNHM1BYTnMKLS0tIFh0R3N1cklQZ29vdkNIY2ZzUGpR
T2Z6NGRFaDlYUWM2TlVZc1Z5UjJvSjgKwmFszve3db2sAxg76SxoGgQ/x0ZYixev
OHx/DdCUfjQHhI0gNXC9XhySPGhYM4xbCZDEe2gp4QFFtToA+feP7Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2blVUSngvekRPMFRmanhy
c08rZ05TdGtLMVZIdjRrY3Nmclo1eVhqNDFzCnhLQlg5YURCUzR3dStva0llN0Z0
ZzJxVDdRK3pER0RTTVZRS0dhZkkxTEUKLS0tIExNd0ptYm9PY3FnelZmcmgyc3l4
SE1hU1hzOFVhTThBTmg3LzlvMUljdEUKCwkZlOduNCrNZ7S/aDJfVkUny6uCIdQu
3sVk5mtz5hwWtycfMNC8+y67S+VzSZPY3GeBN3f9ShWEFT+sM6k3Dg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpK1hCeVVZQWtMMHZDalo2
L1FFcVhseFpNMEhOREQ0Tnk1TWlrSzMvRTBBCjh4bkovWlpFNFY5c2dMM2pZV2lT
a200dFVtUWp2ZmxBU01pajRZN1NRMmcKLS0tIHd5K25MTVVKc1Z0aTNoeTlacVhT
ZS9MNGxLa0gwdmdmYVovb1NWMFBpMTAKssTiKdnnfWo5B8WAF64FM8hDLi/nU0Ay
5NY3gTYsKyq/pnVFOp1NKU4I6SuV8jWabwVqpsRXYvC5X7Ec1ZQv5Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0RE9lK0xUTXhTQWtJL2V5
SURFZ0Q4R3FiVkFnbUVEeE0yWUNsRjh6WjFzCjdHVnBNTDVVTk0zOWtuWTdMbXZQ
eVpmNE90RzkyTWN4eWs2SUdubFZ2ek0KLS0tIEZaQis2Z1R6SURhT3g3ZHVTQU1R
M1h3dFZXQStBSGtveENQTi9jeGVSRGcKFoTwIJFF4gMX9854JaGt1M8lcKDWijk0
LU22l0GOL9h4EFlIFE3keahXO+47Cjr92uMrlAnsX+xdnH0uPdxrNA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1c7adjulcrma0m7l5ur8efxdjzyskrqcwssfkt77a9rmma7gzss5q02pgmy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4dTJiV3VHVEh5SENKbFdw
TjN5ZlZTZlZBQVVHbktHNUNDQmRnVXMvV0dnCjYwRXFnK2pzcmxDSzZQV1FhR2pL
MTdZYzFUYjFUZ0Y4ODBrWTVDaWJxRUkKLS0tIEh5RXE5NktUOTdxamR4S3RCdm0z
ZjFHcmtnd3lPbVdjSDVBenlBR0FOV28KwcBVT9q/OKnMvAkrWe9/+HB2qknSOurA
nKDYMNExyE6K/uOKKbkH0ucaYBN+7+/b50nfUl5i/tfJvIUaWkwQUg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzWUhhS0RjcVQvMnRYZDl4
eFRZbjNDN1ZlRS9neURWdW9tMmV5RiszSGkwCm91b3dWQXVxRlEzMEVnd1lkT3hI
U2oxK1psMHZROTRNd2gremxmS1l1WXcKLS0tIHlsTy9qcUlySlZ4dHo2czBiaVlE
REg4THhDRmdZOHJGVmxZcmIxUThTMUkKeyTq4ibHWukJx+9ApBSt9y3sfy9895Sf
pa2Kkw1VsnQhvEW0+IeRoQnxeQB6rAXlftNhtEodc6d3w+ny/tI3kA==
-----END AGE ENCRYPTED FILE-----
- recipient: age13jg97cvy63fzd2ccthcwvfyyxzw5vmwun8s0afq5l4xm0mhl6pjqhne063
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2bU5OTWFBNkRRdEFzblhk
VDE1cUdUTHNVUmkzdDFkWHBXL0gxMHVjMjFjCjVLQXROWWErTFhVckorSHZJWG9D
a1BobEorVXdNTC8xcGpvdUZKem04R2cKLS0tIG1TU2ViWTJ2SUxVMG9jOE41bGVk
QWVIUEJxV1diZG0xaUNNMmJaUUhIRHcKlAweCd38TNHdyIhzXIdjgEBj10bn6KK/
0e0qgyWNfkJtBYF2PhaBcr7l58dHSbQXXomgG2npGxPGVYMtoLPTsg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-13T17:27:06Z"
mac: ENC[AES256_GCM,data:xzVCCVSfQz7fH+z3veZI5uJA6eBDRMT5kPT2Qq/KlESKJC4MVn6ErTbdDEFEnfa7vmqnBArPIEWdkSSbPTAvZbCMzuQTUVsjKbHnnvZsVypl0ScVgupGYq/+UhVoW8vKukXMAZ2dZfMWGn3Sso+DpWhR83Pf8FF8Xey4YcJzpIs=,iv:5oDREhX2gxypLurd0lyINklrf2DU/1SyD4sXiO/THUI=,tag:MvlitzHGiRCHJszLn5zoWg==,type:str]
pgp:
- created_at: "2024-04-03T21:19:44Z"
- created_at: "2024-06-09T00:29:47Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA29thaGx06tOAQ/+I3rMi9xjj2DtbhPnMAt7QMBdgu+sK/UU6kLlhnhgTu8m
PChhtOagtqjUGKL1PQZTm3bUfauhSVum2RVAef5BKC8+QNTo9FN02cDksRyvEWqZ
BnXS6CCKC3skRoabArPTu1Geivw/7cuMrVXatZF+ol39wzOYUL0fVbBwWJ+BkzZ2
K/ZGVvLzO5HGxJzAcVDkxXo5QJOBGwVZEtcKnANLbX1CbUGkEUhU3IzBQ8sb7iYk
JCDMnapEehjDIaIDQfCP2YFT3tY9Ab9iPM+2SSwf8JDPC2EAQqWl4Kw50xtqS/l1
FAZ6B3zcN6II79mMjh1gV+md6D9KZEccR1xgGztFFPYzO6ncfuVa3UHe66mNCL/u
y6ag+1Ct+1BMGLFp3T8EPIWZcG533zTfMxv/TG1BQVx+ZWROloyZzoIoLwduU7cw
4yV+ta+BaiJf+5M+H0WHaS+v2OdBhtgvxQieI0IQJtIThIi4yBgrRkF6nnsWaMKh
qLB/yyIPUIRjqJhVPAqCuA6sYxmHqVeM07hienxzmaqQaopaHx7C0x3Jhr90hdjR
F2LDUyKfj2T67wYvpI2m/ioYvS7okUANsvgJsRzxiZrj+MxEy7AcXeDK6/sI1Xgu
eN9A3rJxj5ZyslTwDsUvSEDmrS8utQ7qtWJwfpPKe763GGNM6cC/UeDDlrgsw8LS
XgFjqFSBAGiXkp90FDm0sMdvD1twvwG9s7PF2qv15VYwPiVfLTPWvfInRfWVCbIN
9IqVbtk/NviuyEGz6yGiNKulbRjKeq+oAwgXddaXY4uHruLEr/SYKbfOAJuHBRo=
=pXkD
hQIMA29thaGx06tOAQ//RvcNg6H6CeLvrdLSb7ohPkZGPwgxkIyn8a384ybg5nX3
TiV1aDlg4RNyvQY371ixYVIO4ddjC2OMyt43ghHIUvH2Lp6dn2anPuqlMXXOTeYL
nEH09fsuZ3Mkg6F30MQH3tBOHvkroKPQCA9Y2JSQhkfO1GsAAm1PhCUgqJDKDK38
/fwWSPvrOQDhdRDhTVmAHKRpH6XvSN8d5QUWqwaII+34JkQRFNNhqJZCu04QP0Yy
CaceNJg9IoBy2n2nJZ3zQfzOvxujPEnsXnuQ67Oa2GCwwNEsxfjjeFApi97zOeQA
0LwM6iZGz/d5hdb7HVCVUuU2H9QPNuYWYNEIFJTJjOUY0osaBe+a7xPY4dm5YNsS
Y5VMup6SQINoXQcabkwU2zjbEEEEFWjDrszweLn/YBEdkT1vkJ/Gnrl8j3udYZs4
/xC/xIbIFjOhXmIi+I4WbeQK8bspS+EbEGT/t+iE2mf3zEjZsjVppGtX1rVoGE1x
1H3P2IK6CBiT9d8A7ocLFYdGRoXreQyDNJqd4u0XRMjbTgC2rWbOsaBJDzjyQKXV
oAR8o04wwB0wZZaAYYwb6bIqa/UFO2ZKUvQVu8wDVMt0NBwHSMVivu5ArqZwl+pj
Fyy+t6+JVdvATsBfWEyejJ3Y4jjGUCJPkbAdkAxACdmfikye0A+Je4QGOBctMOzS
XgE9V6KGRqKrr2aZBCMgg4H2hoqQLGpQAEKadJ8RvU7PM6C0wbF/5XNPce8rUqOw
87Bn3wdcQcxCtWHSOj1o0SKRrQ9PlxfnvnVcCGW/vyKbWGvs5JNYMs3IfQ6xXnA=
=OVS5
-----END PGP MESSAGE-----
fp: 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3
unencrypted_suffix: _unencrypted