From 46a605d12e8a6c090974edd604beb710e20b8827 Mon Sep 17 00:00:00 2001 From: Alice Huston Date: Sun, 24 Mar 2024 14:21:28 -0400 Subject: [PATCH] initial artemision changes (#116) * Add artemision Signed-off-by: ahuston-0 * blank config.nix for alice Signed-off-by: ahuston-0 * move alice config Signed-off-by: ahuston-0 * move alice config Signed-off-by: ahuston-0 * fix slack (artemision) Signed-off-by: ahuston-0 * fix unipicker (artemision) Signed-off-by: ahuston-0 * fix vscode (artemision) Signed-off-by: ahuston-0 * add wired-notify (not currently working, artemision) Signed-off-by: ahuston-0 * change formatter to nixfmt-rfc-style Signed-off-by: ahuston-0 * update lock Signed-off-by: ahuston-0 * initial format Signed-off-by: ahuston-0 * artemision settings Signed-off-by: ahuston-0 * add artemision files Signed-off-by: ahuston-0 * artemision initial setup * artemision initial setup * sops generation Signed-off-by: ahuston-0 * sops updates Signed-off-by: ahuston-0 * sops updates Signed-off-by: ahuston-0 * fix breaking changes, add framework module Signed-off-by: ahuston-0 * formatting and friends Signed-off-by: ahuston-0 * add boot, mutable users is true * fmt * Add desktop/framework dependencies Signed-off-by: ahuston-0 * enable sops * sops/ethernet fixes * update subs * cache key fix & mutable users * temp neovim * zsh changes Signed-off-by: ahuston-0 * dependency fixes, zsh.nix * zsh fixes for home-manager Signed-off-by: ahuston-0 * minor zsh fixes * minor zsh/home fixes * cleanup * typo from merge Signed-off-by: ahuston-0 * formatting Signed-off-by: ahuston-0 * remove owner Signed-off-by: ahuston-0 * non-server :) Signed-off-by: ahuston-0 * add display manager Signed-off-by: ahuston-0 * switch to gdm Signed-off-by: ahuston-0 * wayland errors Signed-off-by: ahuston-0 * fix formatting Signed-off-by: ahuston-0 * remove ZFS unstable Signed-off-by: ahuston-0 * zsh reorg Signed-off-by: ahuston-0 * wayland enable Signed-off-by: ahuston-0 * add boot partition options Signed-off-by: ahuston-0 * wayland agian Signed-off-by: ahuston-0 * nix format Signed-off-by: ahuston-0 --------- Signed-off-by: ahuston-0 Co-authored-by: ahuston-0 --- .sops.yaml | 31 ++- docs/sample-setup.sh | 184 ++++++++++++++++++ flake.lock | 122 +++++++++++- flake.nix | 51 +++-- modules/boot.nix | 1 - systems/jeeves-jr/secrets.yaml | 82 ++++---- systems/palatine-hill/secrets.yaml | 82 ++++---- users/alice/home.nix | 10 +- users/alice/home/zsh.nix | 99 ++++++++++ users/alice/secrets.yaml | 64 +++--- .../systems/artemision/configuration.nix | 63 ++++++ users/alice/systems/artemision/default.nix | 10 + users/alice/systems/artemision/desktop.nix | 19 ++ users/alice/systems/artemision/hardware.nix | 90 +++++++++ users/alice/systems/artemision/non-server.nix | 101 ++++++++++ users/alice/systems/artemision/programs.nix | 40 ++++ users/alice/systems/artemision/secrets.yaml | 51 +++++ users/alice/systems/configuration.nix | 12 ++ users/alice/systems/non-server.nix | 88 +++++++++ users/alice/systems/programs.nix | 53 +++++ 20 files changed, 1093 insertions(+), 160 deletions(-) create mode 100644 docs/sample-setup.sh create mode 100644 users/alice/home/zsh.nix create mode 100644 users/alice/systems/artemision/configuration.nix create mode 100644 users/alice/systems/artemision/default.nix create mode 100644 users/alice/systems/artemision/desktop.nix create mode 100644 users/alice/systems/artemision/hardware.nix create mode 100644 users/alice/systems/artemision/non-server.nix create mode 100644 users/alice/systems/artemision/programs.nix create mode 100644 users/alice/systems/artemision/secrets.yaml create mode 100644 users/alice/systems/configuration.nix create mode 100644 users/alice/systems/non-server.nix create mode 100644 users/alice/systems/programs.nix diff --git a/.sops.yaml b/.sops.yaml index aaa2737..c31ac31 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -6,6 +6,7 @@ keys: # Generate AGE keys from SSH keys with: # ssh-keygen -A # nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age' + - &artemision age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2 - &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej - &jeeves age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w - &jeeves-jr age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh @@ -36,20 +37,32 @@ creation_rules: age: - *jeeves-jr - - path_regex: systems/palatine-hill/secrets\.yaml$ - key_groups: - - pgp: *admins - age: - - *palatine-hill - - - path_regex: users/alice/secrets\.yaml$ + - path_regex: users/alice/secrets\.yaml$ key_groups: - pgp: - *admin_alice - age: *servers + age: + - *palatine-hill + - *jeeves + - *jeeves-jr + - *artemision + + - path_regex: systems/palatine-hill/secrets\.yaml$ + key_groups: + - pgp: + - *admin_alice + age: + - *palatine-hill + + - path_regex: users/alice/systems/artemision/secrets\.yaml$ + key_groups: + - pgp: + - *admin_alice + age: + - *artemision - path_regex: users/richie/secrets\.yaml$ key_groups: - pgp: - *admin_richie - age: *servers + age: *servers diff --git a/docs/sample-setup.sh b/docs/sample-setup.sh new file mode 100644 index 0000000..229190e --- /dev/null +++ b/docs/sample-setup.sh @@ -0,0 +1,184 @@ +#!/usr/bin/env nix +#! nix shell nixpkgs#bash nixpkgs#git --command bash + +set -o errexit # abort on nonzero exitstatus +set -o nounset # abort on unbound variable +set -o pipefail # don't hide errors within pipes + +PROCEED="N" + +################################################################################ +# +# This script is a sample install script for using this repository +# +# This makes several assumptions, listed below +# the system will use LVM for managing drives and snapshots +# SOPS should be set up (set SOPS=N to disable) +# this is a server (change GITBASE to reflect path to machine config) +# this machine is called "machine" +# this machine will have all partitions on /dev/sda +# there will be no swap partition (set SWAPSIZE to non-zero) +# +# Please check the below variables and make changes as appropriate +# +################################################################################ + +# Need to validate the below before running the script +# Set SWAPSIZE to something larger than 0 to enable it +# (even if CREATEPARTS is disabled) +VOLGROUP="nixos-vg" +DRIVE="nvme0n1" +MACHINENAME="artemision" +SWAPSIZE="35G" + +# Feature toggles (must be Y to be enabled) +CREATEPARTS="Y" +SOPS="Y" + +# SOPS owner +OWNERORADMINS="alice" + +# Partition planning +ROOTPATH="/dev/$VOLGROUP/root" +SWAPPATH="/dev/$VOLGROUP/swap" +HOMEPATH="/dev/$VOLGROUP/home" +NIXSTOREPATH="/dev/$VOLGROUP/nix" +BOOTPART="/dev/${DRIVE}p1" + +# git vars +GITBASE="users/alice/systems" +FEATUREBRANCH="feature/$MACHINENAME" + +if [ $PROCEED != "Y" ]; then + echo "PROCEED is not set correctly, please validate the below partitions and update the script accordingly" + lsblk -ao NAME,FSTYPE,FSSIZE,FSUSED,SIZE,MOUNTPOINT +fi + + + +if [ $CREATEPARTS = "Y" ]; then + # Create partition table + sudo parted "/dev/$DRIVE" -- mklabel gpt + + # Create boot part + sudo parted "/dev/$DRIVE" -- mkpart ESP fat32 1MB 1024MB + sudo parted "/dev/$DRIVE" -- set 1 esp on + sudo mkfs.fat -F 32 -n NIXBOOT "/dev/${DRIVE}1" + + # Create luks part + sudo parted "/dev/$DRIVE" -- mkpart primary ext4 1024MB 100% + sudo parted "/dev/$DRIVE" -- set 2 lvm on + + LUKSPART="nixos-pv" + sudo cryptsetup luksFormat "/dev/${DRIVE}p2" + sudo cryptsetup luksOpen "/dev/${DRIVE}p2" "$LUKSPART" + + # Create lvm part + sudo pvcreate "/dev/mapper/$LUKSPART" + sudo pvresize "/dev/mapper/$LUKSPART" + sudo pvdisplay + + # Create volume group + sudo vgcreate "$VOLGROUP" "/dev/mapper/$LUKSPART" + sudo vgchange -a y "$VOLGROUP" + sudo vgdisplay + + # Create swap part on LVM + if [ $SWAPSIZE != 0 ]; then + sudo lvcreate -L "$SWAPSIZE" "$VOLGROUP" -n swap + sudo mkswap -L NIXSWAP -c "$SWAPPATH" + fi + + # Create home part on LVM, leaving plenty of room for snapshots + sudo lvcreate -l 50%FREE "$VOLGROUP" -n home + sudo mkfs.ext4 -L NIXHOME -c "$HOMEPATH" + + # Create root part on LVM, keeping in mind most data will be on /home or /nix + sudo lvcreate -L 5G "$VOLGROUP" -n root + sudo mkfs.ext4 -L NIXROOT -c "$ROOTPATH" + + # Create nix part on LVM + sudo lvcreate -L 100G "$VOLGROUP" -n nix-store + sudo mkfs.ext4 -L NIXSTORE -c "$NIXSTOREPATH" + + sudo lvdisplay + + lsblk -ao NAME,FSTYPE,FSSIZE,FSUSED,SIZE,MOUNTPOINT +fi + +# Mount partitions +sudo mount $ROOTPATH /mnt + +sudo mkdir /mnt/{home,nix,boot} || echo "directories already exist (/mnt/{home,nix,boot})" +sudo mount $HOMEPATH /mnt/home +sudo mount $NIXSTOREPATH /mnt/nix +sudo mount $BOOTPART /mnt/boot + +# Enable swap if SWAPSIZE is non-zero +if [ $SWAPSIZE != 0 ]; then + sudo swapon "/dev/$VOLGROUP/swap" +fi + +# Clone the repo +DOTS="/mnt/root/dotfiles" +GC="git -C $DOTS" +sudo mkdir -p "$DOTS" || echo "directory $DOTS already exists" +sudo $GC clone https://github.com/RAD-Development/nix-dotfiles.git . +sudo $GC checkout "$FEATUREBRANCH" + +# Create ssh keys +sudo mkdir /root/.ssh +sudo chmod 700 /root/.ssh +sudo ssh-keygen -t ed25519 -o -a 100 -f "/root/.ssh/id_ed25519_ghdeploy" -q -N "" -C "$MACHINENAME" || echo "key already exists" + +read -r -p "get this into github so you can check everything in, then hit enter :)" +cat "$DOTS/id_ed25519_ghdeploy.pub" + +if [ $SOPS == "Y" ]; then + # Create ssh host-keys + sudo ssh-keygen -A + sudo mkdir -p /mnt/etc/ssh + sudo cp "/etc/ssh/ssh_host_*" /mnt/etc/ssh + + # Get line where AGE comment is and insert new AGE key two lines down + AGELINE=$(grep "Generate AGE keys from SSH keys with" "$DOTS/.sops.yaml" -n | awk -F ':' '{print ($1+2)}') + AGEKEY=$(nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age') + sudo sed -i "${AGELINE}i\\ - &${MACHINENAME} $AGEKEY\\" "$DOTS/.sops.yaml" + + # Add server name + SERVERLINE=$(grep 'servers: &servers' "$DOTS/.sops.yaml" -n | awk -F ':' '{print ($1+1)}') + sudo sed -i "${SERVERLINE}i\\ - *${MACHINENAME}\\" "$DOTS/.sops.yaml" + + # Add creation rules + CREATIONLINE=$(grep 'creation_rules' "$DOTS/.sops.yaml" -n | awk -F ':' '{print ($1+1)}') + # TODO: below was not working when last attempted + read -r -d '' PATHRULE <<-EOF + - path_regex: $GITBASE/$MACHINENAME/secrets\.yaml$ + key_groups: + - pgp: *$OWNERORADMINS + age: + - *$MACHINENAME +EOF + sudo sed -i "${CREATIONLINE}i\\${PATHRULE}\\" "$DOTS/.sops.yaml" +fi + +read -r -p "press enter to continue" + +# generate hardware.nix +sudo nixos-generate-config --root /mnt --dir "$DOTS" +sudo mv "$DOTS/$GITBASE/$MACHINENAME/hardware{-configuration,}.nix" + +# from https://nixos.org/manual/nixos/unstable + +sudo nixos-install --flake "$DOTS#$MACHINENAME" + +# add ssh config for root and reset git repo url +read -r -d '' SSHCONFIG <<-EOF +Host github.com + User git + Hostname github.com + PreferredAuthentications publickey + IdentityFile /root/.ssh/id_ed25519_ghdeploy +EOF +printf "%s" "$SSHCONFIG" | sudo tee /root/.ssh/config +sudo $GC remote set-url origin 'git@github.com:RAD-Development/nix-dotfiles.git' diff --git a/flake.lock b/flake.lock index 97b1965..898d384 100644 --- a/flake.lock +++ b/flake.lock @@ -100,6 +100,24 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1709336216, + "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": [ @@ -223,6 +241,21 @@ "type": "github" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1711274671, + "narHash": "sha256-19KQXya5VERUXOdeEJJN+zOqtvuE6MV3qTk9Gr4J9Uo=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "7559df1e4af972d5f1de87975b5ef6a8d7559db2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixos-modules": { "inputs": { "flake-utils": [ @@ -262,6 +295,24 @@ "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "dir": "lib", + "lastModified": 1709237383, + "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-regression": { "locked": { "lastModified": 1643052045, @@ -294,6 +345,22 @@ "type": "github" } }, + "nixpkgs-stable_2": { + "locked": { + "lastModified": 1711124224, + "narHash": "sha256-l0zlN/3CiodvWDtfBOVxeTwYSRz93muVbXWSpaMjXxM=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "56528ee42526794d413d6f244648aaee4a7b56c0", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "attic": "attic", @@ -303,10 +370,14 @@ "nix": "nix", "nix-index-database": "nix-index-database", "nix-pre-commit": "nix-pre-commit", + "nixos-hardware": "nixos-hardware", "nixos-modules": "nixos-modules", "nixpkgs": "nixpkgs", + "nixpkgs-stable": "nixpkgs-stable_2", + "rust-overlay": "rust-overlay", "sops-nix": "sops-nix", - "systems": "systems" + "systems": "systems", + "wired-notify": "wired-notify" } }, "rust-analyzer-src": { @@ -326,13 +397,36 @@ "type": "github" } }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1711246447, + "narHash": "sha256-g9TOluObcOEKewFo2fR4cn51Y/jSKhRRo4QZckHLop0=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "dcc802a6ec4e9cc6a1c8c393327f0c42666f22e4", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "sops-nix": { "inputs": { "nixpkgs": [ "nixpkgs" ], "nixpkgs-stable": [ - "nixpkgs" + "nixpkgs-stable" ] }, "locked": { @@ -363,6 +457,30 @@ "repo": "default", "type": "github" } + }, + "wired-notify": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": [ + "rust-overlay" + ] + }, + "locked": { + "lastModified": 1710502853, + "narHash": "sha256-+mxZKeCKHI0vxdt4mnWzvbrn/SLS6zj7SG12YudAltA=", + "owner": "Toqozz", + "repo": "wired-notify", + "rev": "3db419563a20f1706a3d45262e782e48eee411a2", + "type": "github" + }, + "original": { + "owner": "Toqozz", + "repo": "wired-notify", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index f6345d6..70d8f54 100644 --- a/flake.nix +++ b/flake.nix @@ -2,31 +2,33 @@ description = "NixOS configuration for RAD-Development Servers"; nixConfig = { - trusted-users = [ "root" ]; substituters = [ "https://cache.nixos.org/?priority=1&want-mass-query=true" "https://attic.alicehuston.xyz/cache-nix-dot?priority=4&want-mass-query=true" "https://cache.alicehuston.xyz/?priority=5&want-mass-query=true" "https://nix-community.cachix.org/?priority=10&want-mass-query=true" ]; - trusted-substituters = [ "https://cache.nixos.org" "https://attic.alicehuston.xyz/cache-nix-dot" "https://cache.alicehuston.xyz" "https://nix-community.cachix.org" ]; - trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "cache.alicehuston.xyz:SJAm8HJVTWUjwcTTLAoi/5E1gUOJ0GWum2suPPv7CUo=%" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache-nix-dot:0hp/F6mUJXNyZeLBPNBjmyEh8gWsNVH+zkuwlWMmwXg=" ]; + trusted-users = [ + "root" + "@wheel" + ]; }; inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-23.11"; systems.url = "github:nix-systems/default"; nix-index-database = { url = "github:Mic92/nix-index-database"; @@ -65,7 +67,7 @@ url = "github:Mic92/sops-nix"; inputs = { nixpkgs.follows = "nixpkgs"; - nixpkgs-stable.follows = "nixpkgs"; + nixpkgs-stable.follows = "nixpkgs-stable"; }; }; @@ -77,6 +79,26 @@ }; }; + wired-notify = { + url = "github:Toqozz/wired-notify"; + inputs = { + nixpkgs.follows = "nixpkgs"; + rust-overlay.follows = "rust-overlay"; + }; + }; + + rust-overlay = { + url = "github:oxalica/rust-overlay"; + inputs = { + flake-utils.follows = "flake-utils"; + nixpkgs.follows = "nixpkgs"; + }; + }; + + nixos-hardware = { + url = "github:NixOS/nixos-hardware"; + }; + attic = { url = "github:zhaofengli/attic"; inputs = { @@ -92,9 +114,11 @@ nix, home-manager, nix-pre-commit, + nixos-hardware, nixos-modules, nixpkgs, sops-nix, + wired-notify, ... }@inputs: let @@ -160,7 +184,7 @@ repos = [ { repo = "https://gitlab.com/vojko.pribudic/pre-commit-update"; - rev = "bbd69145df8741f4f470b8f1cf2867121be52121"; + rev = "bd6e40ff90e582fcb7b81ffafdf41f9d6cac7131"; hooks = [ { id = "pre-commit-update"; @@ -208,21 +232,14 @@ server ? true, sops ? true, system ? "x86_64-linux", - owner ? null, }: lib.nixosSystem { system = "x86_64-linux"; - # pkgs = lib.mkIf (system != "x86_64-linux") (import inputs.patch-aarch64 { inherit (nixpkgs) config; inherit system; }).legacyPackages.${system}; modules = [ nixos-modules.nixosModule sops-nix.nixosModules.sops { config.networking.hostName = "${hostname}"; } - { - nixpkgs.overlays = [ - (_self: super: { libgit2 = super.libgit2.overrideAttrs { doCheck = false; }; }) - ]; - } ] ++ ( if server then @@ -249,13 +266,7 @@ "${toString nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" ++ ( if home then - (map - (user: { - home-manager.users.${user} = import ./users/${user}/home.nix; - home-manager.users.root = lib.mkIf (owner == user) (import ./users/${user}/home.nix); - }) - users - ) + (map (user: { home-manager.users.${user} = import ./users/${user}/home.nix; }) users) else [ ] ) @@ -320,13 +331,11 @@ hostname = system; server = false; users = [ user ]; - owner = user; } // builtins.removeAttrs (import ./users/${user}/systems/${system} { inherit inputs; }) [ "hostname" "server" "users" - "owner" ] ); }) diff --git a/modules/boot.nix b/modules/boot.nix index d3b1d28..d1efba2 100644 --- a/modules/boot.nix +++ b/modules/boot.nix @@ -51,7 +51,6 @@ in }; zfs = lib.mkIf (cfg.filesystem == "zfs") { - enableUnstable = true; devNodes = "/dev/disk/by-id/"; forceImportRoot = true; }; diff --git a/systems/jeeves-jr/secrets.yaml b/systems/jeeves-jr/secrets.yaml index 99abe5f..1d3c237 100644 --- a/systems/jeeves-jr/secrets.yaml +++ b/systems/jeeves-jr/secrets.yaml @@ -8,65 +8,53 @@ sops: - recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDc0JiUzQvWlZoTk5yN1Y4 - WVdiVE96YzdFOUJmcENDN0YwajVQbWFtclFBCmMyc0J1aWIwYi9hZlk2aXNNbjJa - WXk4UWowV05MMkR6dWw4VTZlYXM3d1UKLS0tIGxXTEpRZUpMdEphN09XczVLajhB - Q2lVZndGa3p6ZWlBSzBJNlVEZmpuTFUKykfMMUhiVnpyU+Wuo+eHFrjfNjeq3byA - ktvpewY946v/rUBiyruaaOdCmL0U0Metc+m8gzTdbuTsM7EuY+cTyA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2NXJJMjBjeU9XQS9YZGxQ + V1h5RlNUVTA5Mkx3M3ZobGs5WFA0NXFGakR3CnIxVk9nYU1aWkNoZ0F0WGd0ck5Q + VWpSU0ZRdENTWnFVOVNQY0Z4ems4MEUKLS0tIFVqcGJtZWRxSTZwZWhjYm56bnkr + QmcxMmhaaGZXU1VFN0pvT1VDN3hpcGsKXUlVytBrz8sUorTSHXZaOMYA5U6qUpas + ZJiHtVGxRVwCpraHWLmQTRkO6pT36cEVsfsMnFH6NLOMOvA3vLX8/g== -----END AGE ENCRYPTED FILE----- lastmodified: "2023-12-29T20:01:04Z" mac: ENC[AES256_GCM,data:9tUmPHyKY42lT1EfbDK7Es9MIdiR5A0rs/ST89baJMANGIN+oKQzkzDujG2WM8hxvgApl/GuIdy5ZBNZlUM0iYxFUd2a0UBDyjw+xTzWIuQr2/TuI8/cOgp04Kk+M9wNlLzE/dJAXsaqBo0EaHpfwKo/3/J53UfiIZrOtAZv+Qg=,iv:E79aJdvhkG2PfsO06QQa2Pzs3yiSHDARpZtM+uxiZJE=,tag:UwEcwBm22Ep2U2mhDgpQ0w==,type:str] pgp: - - created_at: "2023-12-29T20:00:57Z" + - created_at: "2024-03-23T05:49:12Z" enc: |- -----BEGIN PGP MESSAGE----- - hQILA84hNUGIgI/nAQ/4/do2eDz0KPLhCY7MH0HCyf9m2tZXvOy7+2pqYxdrKtwP - H5+3O9R3iobBfksnaW8bTU2WK5t7OP4SlKYAeBi0uHoWVt8w/RcrZmVaItOlrDHA - 4ER64Izuc9ih6Ug/SOGvkE2NymUpPgsJ6YHyQESy8JdETr1swNOemlbgOYXgg1h2 - T7hLdEKQtnYNLMMsO8jZOcPlbCGM0PXZQrWN67kXlWJwkx6qls6XmuXDvAofIQ2C - +GiaR6RDrsa9eofe34TT/FJG2IlAfPnE1sCcy9EYgU+nw6xwMCNn/d7qMqMDZGw/ - xRMmnH5ujULsAohZFvCnmZue2BXkhSRrsuLePs4edOS1gm97qaPHQUv3vmDTCpWY - 581K0CaauIHq9Gz8zK999jJNFG0Hmi4w9nRajErC8QvzIymgvzbsJHXkVjzYJjT2 - NYZ3D/YKbu7zyt3EYLZ0wtHysjdYD9PUsg16X5XxNUV7EHGhUt6mpX+P/h13ZSMq - uwog7ByMUG70cQwqLpJFL40rFpq5mlK4JnonVN0+0PWy7LGxYM8q2WvylP6SDiZy - 3EqaqMlAwQsNO+7YStk7IonxoWZ6ff7fD8MtKZ/faBjmSzYsjl7F6o5HUd7APtV/ - /HMjbauqHomCoWEyfDNiDKu2lla1MM/wUEacgvpYbW5BAlZoxUtO1MXDRDpIKNJc - AR99EIS9Q1KBmfuzqHuIMrRBy4iHg1nHyvtj/Zh/2AjetnQgdDc5skPuHRL/Bo/2 - V8PrlL8j1AHrdL4id31drlLQS4zA0QiJj1gDT1fJgInSU29vPed3ZGDCKCU= - =BkkQ + hQIMA84hNUGIgI/nARAAgcuMhO3nmxYY8KiW6AYxU2rFo2OQnpzZVtbMJB43wDQX + 0UAOVmUyhGM2wd3tJgnvyfnguy6p3LfjZrXdTkTzrv5yCJVvKXhORcLisjaXLS8H + TCe9Fa4I9CvKo/yyRsRYS59niql0ocTs1Eb7cLiKuX19RIuQ7TjMPnjkdj5xXooa + kPJXfwL1SpUU3kjhuTHqWlD0m5t0RPiTpDym8fExMSvbTWyMY0BPA+qD1atMeUik + i3x2boqfoyD1GZ64Z5NrxRD0dN6TQvJLX1K1XTzanUhvfsy/PvDftCHKQc2n2Opk + btnKZa1mfiiLUQly+njSvH8ERYg27j5ACEQ0V9rtGPa3xnVYZm6Z5h0v68aqsotJ + aOzJa7/k0ZV/tBD1pT+9T2a/W9v4U+KdKKL19ebNvMtFxy50jN8SQsrTtxv5G5fA + sc+HkrcnLezFHYtGG85PfbTGsKMWpwu+4BrcmuW6dBcADZ1fZdkqgi+GcYGL2xy1 + bddjuOWnzXb93t1pSIkaHcVWc6s5Atf3IB/liyNEux4kdquOHZQJi0WBi0l8GEmG + /ggJN4shRqtMqEkomaZkyZMsHnkmenusjbIlKJrwolhZSyDP8Kk5iPYXMxG21vrr + YpWHr388q8H7+ksnxYiNFXyY2cQKtOsD3UMIV8edMc/lHjTOi0BFNMHmU3WDsajS + XAGXsys00baAzcQHIS0jijU4mJQAqYL3S7FrcDGW8qhTGFpQ8ngVLvwLfqMvUn8v + LB3M5/7+Ld8xV4AZWr8mvv+7ZNNnnZzImETCLnekfvLEV9F2pTCH2Z21RPEL + =XWl7 -----END PGP MESSAGE----- fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82 - - created_at: "2023-12-29T20:00:57Z" + - created_at: "2024-03-23T05:49:12Z" enc: |- -----BEGIN PGP MESSAGE----- - hF4DqDJbhoEBo+ISAQdApXkJrfSY9LoDQLwRS8ZVY63huJelc3KtOVccvM64kxUw - zhXvuT0ZGQA4PwpvZYK1NOu+T73S5khrbIDe9QzTveyKt6zOqxwK6tn22bs3DLAk - 1GYBCQIQKypNWKA8hJina5Dng/h/qA0ZmRJaAJJmQA/1uRFi582CpE+fzBsCjmNQ - 1x2YgfPRHobReKl0khPml7hMmLbdcVvaJ9vIb/gluazT1htu6Ozox/zEwHweUZmX - xozdi1jGYcw= - =n5SU - -----END PGP MESSAGE----- - fp: 8F79E6CD6434700615867480D11A514F5095BFA8 - - created_at: "2023-12-29T20:00:57Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMA29thaGx06tOARAAmhgBXtcqr5bttn6DLFBqNWaLX34FgjTjHlogiKgX3WTv - ZOluzpxbS7jylBHC0cnbgjz9vWEgg3LVzglrlOHl35SX/E09eBn/qs8I7na3o+7K - WdmJG7j3VtYdNyu4BULjGmAUIZE75/aSiIPnIDR3PwKpY6LtKI/jhs69hhmiZ+2r - M3Q91Kk4M7CsqBMUXxFFUOD7r8ZlKfsAn80gpdb/pN8gp0U1pp5JkT9Kz2WjJkzK - /vf/5f7+/8OA/WFbuY488LVSuckHvGGDXjrmoLA78/agYaH1J6qTvar5eCvIetu9 - wU9cm6ieztHMOV0Nok46gYWWaKQkH6jmAVneYLAsvBm7QxEJGLlFGF5pUsniqx4A - PtDIw9EmKNnumnsHyfR+8qOgG/4/8AqPklEo9Dxsqcjj++EEvHN2lE9BwdqVNSw9 - ZHJ9DXhPKjwq7VD7jvBeElituUzvPb5aPruTL2AxjQ3h0cMj/QmegO5FtBDpRpnN - TpW2FGuayueEgJSV3YJVTJUwmtxgTkL2SMHgW80I7pAq85O4fKETIAR97DCEDPrH - jgI/EEjJg+PlfuAaqo2kgVgYyE6DVkDbIKgF2k8VNFX7XBmnN7xB4apVKx8nJXc+ - l7AbJiJy89giQpYWGE5A8fBrYMbvexLMfeKYtZR7t82gkNxOoKBOl0F2T+Ol+L7S - XAGgZuN612AlW9QhZCgjwIxFPK+MR2ff9hIZBVPqx4F45/Gooqxw1iCyitQwlgqL - bpTlKyuZbrgTVekV9vxnYhms6Uvyys1V9bUrKGgpV+9YS4Zfzh+5fN8wQ8Pw - =HVMH + hQIMA29thaGx06tOARAAoI93A3cy3V2dJo8HBIrLC2RK3SKBkPiPFjWO/Zvnv8Q0 + IhfzjusX+3f8HIa3CxJjTbOktcq+A2a4EyBes2Rd4bX9H2Fs2VVrSmUf3S/dO1b5 + GiZamHnC+1zsXUB5IFcfjMSzeKKsOWYu9DmUcalsseo/XVJjxw9DzRnPUesI/aMs + y5kKKtNDcvAK4AWidME6LTP9FgiMx09sQfuAl4YCJv1trOvxt+dN932fbAkHVAq0 + Lc90rG6LDLT1w/8i9evBRRX/ZexAI3vTGn/nTqKi+B9BdFA4dY0KiHtGIS+UNtNo + vL6PTKIRejGfqt13DwUWRobKnezcpJkTkdz+Pa+cQhdwSL2tFjr0hEbZL3e76YEx + CNsgbB9h0pIm/2YvhG1k0f0skWfjXLAtR6PQPKu1OycppX02fbK9XRShb+Fik7P+ + GfFLxf4JYAMMOHsxP30EVQONiR9XsITH149GSZ3nTBX7vUsk3b7Z+ou1Ma27EhiW + iPWTqpDgLQ/VZW+027h/l8iwv52L8eE6Y+LE32jNUTQjMW3OWKw9zknX4wciNR07 + EPAy8eC9rfhUVnTB7RJlTOY03yyEiBjowJn/0e0g8+AUMKC4mAuasPUwPhptQ6pH + 8up/75WglUAg04eni0p5g6X7rGj+09OEDNMtvYVt7HglX7T86O2sBcVKa/j095jS + XAGIy2HXf+By9BFKM4q6uuAh4QceHn2QaQ/ckhYGMrHulzAeORPxYaYdXoeEj18k + auBqSPzj8E9yPi4jl+miEO9BgVhRW45cxBbn2XV2KE08PIP9mZ2jxK9Ne4HQ + =jkZ+ -----END PGP MESSAGE----- fp: 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3 unencrypted_suffix: _unencrypted diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml index df5d607..c4f60ce 100644 --- a/systems/palatine-hill/secrets.yaml +++ b/systems/palatine-hill/secrets.yaml @@ -16,65 +16,53 @@ sops: - recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsMXl4RWc0Ymt4YjB4dHk3 - YWdHcndLQzhyRFl4Vlp4d015KzJ3dGN2OGxBCkE4MEZjTnVua0pEd1BibWlhOUVs - enZFMUw4dVBBWC9Zb2hhalNxZi9LRGMKLS0tIEFreDViNEEySXlqM3FQMVE1ZEtk - Qkt2U1hWWGo4VzB2bEFYTWUwL0tyYzgKE1H8Wx5VH8D5cBHrniAAVQXD8yyR1eWY - wUjeAOgiTEe8gjulqGDKxjMqcz7w/wuHBTICXEUEi6fBSdDE4RJkkA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmMmpVOE5rcHVVNlIzaW0z + WTZ4Y2h3KytNL2JOSjV1cTN0Q1k4OHNIUHhFCjlrRGtpMXYrTmVCV0FaTEMzakUr + ajRqK051MmFOUHRkcHh5SFUwSklmZUEKLS0tIGxFMWN1eDU2cGEvQlZoU2hUSzZD + V0xCQjJ0aDVIQ0I4NzhjR2pKT0FlTHcKSmcW0txYcqhgtx7U4qR5yKp729rZGWmS + YkwKyyMJZP1mwTKlaKPIwTj9nrBY8RAVyMYjNs/nlNgMO0APmFH8kA== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-02-18T17:10:38Z" mac: ENC[AES256_GCM,data:ImYBdEk+DqoG9J5fmj2aPqxFuko5AIWzVk0/v2YlMPHwBQ0dUGnYrNMXpZ4KyYlulsQ1R78agjF4Xk6jumvNbAwGZXshSSOx4A6CCAK/Xl7WbS7ilHYl9+H6K4wzTV0f8v1ShGH1INkFF+jWEpeQSSHvhHMs5lOu/N5+ZSLdC9k=,iv:17H07sayQNQmAv4hxtXYimQJX/FibannQn/7rojSrC8=,tag:15+OQlcAVitB/OYmfm+Y9Q==,type:str] pgp: - - created_at: "2024-02-01T04:49:29Z" + - created_at: "2024-03-23T05:48:45Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA84hNUGIgI/nAQ/9GapgiAVoonYaq99pd66krKBfZMzdaFH6/29azR/f8+/Z - 80m0wyS58u54/vosYMdCjiWx7+uiL6PqRs+xzyDlcXJjCqT1ExXywHaEL1IueY4q - 3OkqUcj0Vnas0uIBV70Xa8RngxE9hPS7OitmUjEKUhHbFhqJnCNdiXcvEsBQkVpT - C+YOGCpIszWShUHukH7CZuZQWW8mF6+c+pcqPt+NVcuBx+c2tJfXCRxh0QloUbT+ - zVmuiwHcQpX0wwO+lLFjuGq/7nUzYyxqbyeqkRwYXFwDF1btdL1aIz7RXobLxjQO - hBDgJZTb0TxZGPzhvgGtMWaK0wDuNa3KA6IEv03ivmkmK0rffEJ4qIW2XXA4MXbU - wJDDMe7u2B5Kgs09soPa9eYQuRRDigvgdTPWg6dPMIdAszqtXCY0l7847ODYl1pw - 8J7CS1kL1sShFvoHqPwK5c1231Kc3mJwgAntlwwemBZP60TGcwgmqWRl/LhfoRm5 - CwzbVyLZeYRYuuVHeJDNXB1FFmVtpgidcB8tduUZUo80otnBgEzU73ShJHr32BeJ - 195qa0vb5KCLz9G89oWZUq5jOKe3rHftCEMlGHQ0cvBHl3SezLCx9FJ373c6Rsq2 - egNwg9HMyScJGD93mukGPRlyawJAEEmZawmDJz8IKa/YzxqE+cDHp37MImXIEBzS - XgHsddLzcv0vY73sq+Wl3TYmHEq0Bs36WZWHJ4CkfRqkhRW3AGfS5jo1UAvIYKMa - oZCksFpcoJ4jLfxze/pU3ZX1n4fdapCSZSJNwdwYRygZlx9Mn38l7qF+MX8hTvg= - =7ah4 + hQIMA84hNUGIgI/nAQ/+JfUh7rZt9rgUwmXCPd0H2U+JtZZZPTtNUfD1VYdbKegg + HonmyBzDbkK3wg7fYCX+sgI5UlUMF9Z19mblFwD7AvAytFQzQw2EhZ6Fq7EloYeP + h9SG56GCBq7aapToNjS5nV6i70QMpEuwm0exxH7WDxZCsrPo0glu5TJXQXO07gwA + O/E/MDoxrBrH/2SXnfxClzMGHTK8oO4mGKjNZRwV73AyRnsTURRxsqxgB+qMaISm + QXwj3lXQliIdesBFYvHhYFOfqnxYPL/gUZpmK9wtPOtQsrmgcx8l+bTCfFAOh1e1 + iPK/23wc3febTUO2DaX4ikAkyoefeps0+rhFswnEBwP24bdC0xyPO8aWQ5+xm7pT + +WpXrvab4q4+7sgvvWZuNgNz18M86T4rjz3x2m+m2LMOYlYna4aTrK3M2JtGYSqe + qFREsL04NCM9xq8VOiAayxtrcrE34+Df3kQHV01h/iYNyMflmFFDs6igAtOm6hxz + jCrVWiu1D1Wcmlo9WdoDbSJrcRKRaU/n3Kp2jbagDrsnL+zHUmU4KustPD8atRTE + mqdkYJlf93omnuX6FKoeLwJa0ok2fnIE/L69ZSljZ/Xy2HgV4K0oEKRa9GQLS1TO + sMa73o1qBgufRZnVmpyGjLOhrZHf6li7fwd5DmCfYQPYUJ7HnCtpuAZ9JPLbrDnS + XgGUqb+HorS9Wyq4MXgcInSX9Ycqzrj2/X0wArJJmznEW+ZfbXSleSWyEe8uZ+r6 + e1yFon0WWqpT6iIcV8KJJ1P1pJIZNbXNU1FDGgpnNCsn+xC85mBPfmdvzSl89yY= + =dN9d -----END PGP MESSAGE----- fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82 - - created_at: "2024-02-01T04:49:29Z" + - created_at: "2024-03-23T05:48:45Z" enc: |- -----BEGIN PGP MESSAGE----- - hF4DqDJbhoEBo+ISAQdAKVno0tJCc4ipQxmAk1vA8TJeR0prQ/TAvueAYoTulFkw - KVrbiII3tQQFVeUeT8iG+QZEY1heDW0qGrGg7YLGk71R7HXrOgFMGpjGg+gXQsui - 1GgBCQIQqSQ6oXefrAklm7/aMTgfjvo5ZdIPSF9dbwhxx4J3tf+Pm9pyEDZSxTy+ - /vHvwlnqJXKOEPnwHl1XJKawwdTOIPeuBTr5uH51/kmd4TcrGBMBXKVHfI5qtqAs - lQNgfsDgk+oH/Q== - =KQD1 - -----END PGP MESSAGE----- - fp: 8F79E6CD6434700615867480D11A514F5095BFA8 - - created_at: "2024-02-01T04:49:29Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMA29thaGx06tOAQ/8Cjj9t2J2t8aehRfqRsFK1npQV/ToTsGLn2mpAl5ITXrF - xOBLg1nqRq1h9++xSdpH2A9KK8tf0JkJ0Yb9sFfu/7SNqTmdnfl7FYSU67Hlxji/ - LYBLDy6KPOEkfes8prYcAnNGe6U7W5zHfRasKjbg2RqJ0wrlkB9dttBRFIpTHkUK - amibjf/ScLRJuqt5nwZkNnvOFBImQlXHMOhxp/QUnWzUD1CE6zWGe6hb++ixGoHW - OSqlVF87K1/7jqaUMmX5Jee16ybcziHg5c7dnoq623GWZHZrGEDG3c8E588+c2LJ - RSyQjLfUvvRbkIdBOgKTM0/EdNVmwHLWezRgwiHsZJFP8tJUBY7CZTzIrwFwm4Hz - zxlr/p7egN2KrI8mzePBd9DlOsJJ1gCSW+MMZ/mqi+AntJqmNOcrHyEIr5wPbiyP - c6iIucTAAJIHLgMwa1PzzlK8F8miE0R6ON4IeDg/i5LXk9QpB9FZktiqp2bybPyd - WUNhWbZT9z7homCkjgyMQ/1Pc6/i5NZFQZ5HaGvsiEszToF0uCoMWUxwJeHwfKfO - RRV3XsMMzKaagS3eauq+omE47yj86gePmTIBK2nTvhg3HH3c3S+XN/vKU170scbO - mo03fH09qoXJ0B4QScj8O7NDFdTo4FcOa5eJGpfRcZFaBcNIttz4A5xnho2Pz7nS - XgG1chsapzPutaMWqicefBs7niFgEhIoL2aEBRlY9lpj5noyZBgvC7u00Fi5sXVb - MY3H0SlP4B3ic3fh77L5yr3ZemYh+NVfujdzMak6OgLk+ELrs8ZxMj4MMvEgoq4= - =Nw8m + hQIMA29thaGx06tOARAA1pInRr5kKFWriwQuy47+T8tAKdAvA64Sfqu/Lvr0SbMn + Q/i86fQ5tIhnCj06UGCzOsvosYuKfSsYZ9l4PHHobZOoE1xpPMOBMDvVQhISk+L6 + wYSnXro+DKkshIpCfSdv3mQ+/Sdmm27tEkAFPS6iwNc9rBOGaOkTlPBNpTMVZiu0 + hL181BhzVmZ4wRTDrh/blN0yd46TIbCub9HVBsePgsg8ABS8r/782KTOlU4zjQAG + pX+Q5JcsHqcWQInuIhzpOQzVE1iurMgaW8s8iwjRqQLtwc2drey4ORo3mQA/XYur + iVtmEV1rUPnm2Q74keaBMkK12ywk8eXM1/skbRFooXRNpwAO2X5m6+uAm35GtaQO + m0wWGxtuU69P+j+QugADo0NpcUK68gk4lNyQUEGMYleV6vXXebstMqzKfzMv0ARk + sfb1ncSyJfD1xmk7yVyg2AzjU6QyLRBtjoTpmnGq8Q0Cb1BlUQQeVhYlTbCfwlcI + YjqNw12yjT01hxONXpCFWmORzge6WB/driidb4DTLmtqQsow/pX6PeoRaADd6gTS + i2Oe35VG52L7zjob40ZeQr3ANQb8sW6Dmjm6Lg/pkcwNV5+9EuvtR+UU0N1+bAVa + U9LUcyXgoNJqt4f2JlNI74KtjrLK2lgXRKS9hr8VtMtHTQHzhZ9KslyBR00wcMLS + XgEkGpB0tAVRDA4s4veIvqTTMPl6b+DSGNq7ytv+iPLPqPN63YZ1ULEnZU1YbDvY + qhFGSIwUxfkkwqaBl0JDYF+lvAD+nko2zjbxQR8jHHcn0+55WqMa3k0dGqoTOVA= + =JBDO -----END PGP MESSAGE----- fp: 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3 unencrypted_suffix: _unencrypted diff --git a/users/alice/home.nix b/users/alice/home.nix index 35def59..faa35b2 100644 --- a/users/alice/home.nix +++ b/users/alice/home.nix @@ -1,6 +1,8 @@ { pkgs, ... }: { + imports = [ ./home/zsh.nix ]; + home = { # # Adds the 'hello' command to your environment. It prints a friendly # # "Hello, world!" when run. @@ -52,13 +54,17 @@ }; programs = { - zsh.enable = true; starship.enable = true; fzf = { enable = true; enableZshIntegration = true; }; + nix-index = { + enable = true; + enableZshIntegration = true; + }; + topgrade = { enable = true; settings = { @@ -73,5 +79,7 @@ }; }; + services.ssh-agent.enable = true; + home.stateVersion = "23.11"; } diff --git a/users/alice/home/zsh.nix b/users/alice/home/zsh.nix new file mode 100644 index 0000000..e79f94c --- /dev/null +++ b/users/alice/home/zsh.nix @@ -0,0 +1,99 @@ +{ ... }: +{ + + programs.zsh = { + + enable = true; + # autosuggestion.enable = true; + oh-my-zsh = { + enable = true; + plugins = [ + "git" + "docker" + "docker-compose" + "colored-man-pages" + "rust" + "systemd" + "tmux" + "ufw" + "z" + "fzf" + ]; + }; + initExtra = '' + # functions + function mount-data { + if [[ -f /home/alice/backup/.noconnection ]]; then + sshfs -p 10934 lily@192.168.1.154:/mnt/backup/data/ ~/backup -C + else + echo "Connection to backup server already open." + fi + } + + function mount-backup { + if [[ -f /home/alice/backup/.noconnection ]]; then + sudo borgmatic mount --options allow_other,nonempty --archive latest --mount-point ~/backup -c /etc/borgmatic/config_checkless.yaml + else + echo "Connection to backup server already open." + fi + } + + function mount-ubuntu { + if [[ -f /home/alice/backup/.noconnection ]]; then + sshfs lily@192.168.76.101:/mnt/backup/ubuntu.old/ ~/backup -C + else + echo "Connection to backup server already open." + fi + } + ''; + shellAliases = { + "sgc" = "sudo git -C /root/dotfiles"; + ## SSH + "ssh-init" = "ssh-add -t 24h ~/.ssh/id_ed25519_janus ~/.ssh/id_ed25519_dennis ~/.ssh/id_ed25519_hetzner ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails ~/.ssh/id_ed25519_gl ~/.ssh/id_ed25519_jeeves2 ~/.ssh/id_ed25519_jeeves ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine"; + + ## Backups + "borgmatic-backup-quick" = "sudo borgmatic --log-file-verbosity 2 -v1 --progress --log-file=/var/log/borgmatic.log -c /etc/borgmatic/config_checkless.yaml"; + "borgmatic-backup-full" = "sudo borgmatic --log-file-verbosity 2 -v1 --log-file=/var/log/borgmatic.log -c /etc/borgmatic/config_full_arch.yaml"; + "umount-backup" = "sudo borgmatic umount --mount-point /home/alice/backup -c /etc/borgmatic/config_checkless.yaml"; + "restic-backup" = "/home/alice/Scripts/restic/backup.sh"; + + ## VPN + "pfSense-vpn" = "sudo openvpn --config /etc/openvpn/client/pfSense-TCP4-1194-alice-config.ovpn"; + "pfSense-vpn-all" = "sudo openvpn --config /etc/openvpn/client/pfSense-TCP4-1195-alice-config.ovpn"; + + ## Utilities + "lrt" = "exa --icons -lsnew"; + "lynis-grep" = ''sudo lynis audit system 2&>1 | grep -v "egrep"''; + "egrep" = "grep -E"; + "htgp" = "history | grep"; + "gen_walpaper" = "wal -i '/home/alice/Pictures/Wallpapers/1440pdump'"; + "vlgdf" = "valgrind --leak-check=full --show-leak-kinds=all --track-origins=yes"; + "ls" = "exa --icons"; + "libreoffice-writer" = "libreoffice --writer"; + "libreoffice-calc" = "libreoffice --calc"; + "notes" = "code /home/alice/Scripts/Notes/dendron.code-workspace"; + "ua-drop-caches" = "sudo paccache -rk3; yay -Sc --aur --noconfirm"; + "ua-update-all" = '' + (export TMPFILE="$(mktemp)"; \ + sudo true; \ + rate-mirrors --save=$TMPFILE --protocol https\ + --country-test-mirrors-per-country 10 arch --max-delay=21600 \ + && sudo mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist-backup \ + && sudo mv $TMPFILE /etc/pacman.d/mirrorlist \ + && ua-drop-caches \ + && yay -Syyu) + ''; + + # applications (rofi entries) + "ARMEclipse" = "nohup /opt/DS-5_CE/bin/eclipse &"; + "Wizard101-old" = "prime-run playonlinux --run Wizard\\ 101"; + "Wizard101" = "prime-run ~/.wine/drive_c/ProgramData/KingsIsle Entertainment/Wizard101/Wizard101.exe"; + "Pirate101" = "prime-run playonlinux --run Pirate\\ 101"; + "octave" = "prime-run octave --gui"; + "pc-firefox" = "proxychains firefox -P qbit -no-remote -P 127.0.0.1:9050"; + "hx" = "helix"; + }; + }; + + # TODO: add environment bs +} diff --git a/users/alice/secrets.yaml b/users/alice/secrets.yaml index ec84259..1cc8ea4 100644 --- a/users/alice/secrets.yaml +++ b/users/alice/secrets.yaml @@ -6,54 +6,54 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w + - recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVQjVEMCtsREdCUTBQa21D - dDFSVnkrbk5hNlo3RkFoTTg3MjBLbE1oaVVrCjltcEQyRlhtWWtCQzlseEtvRks5 - bmpTcUNZeDJ0VEFCa0FyZytIbTZhVGcKLS0tIE8zVld3cnEvR0VtN3d3d2lpWmg0 - enZHM1ZycDQwUS9Ea05QWHdJeGM0UDAKop5M4ubVN+5nfeCS37T4j3FPn+aheo+y - eIUPSSo8Tzl+b7eNyvj4nrG7zGr+kTJhc2m03FNacadVblQiHXlc+g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Mk13QUFFeGx3OFc2MnN1 + ejBwa25sVGJSaWhHTXI3L2dQWEk4Sm9zZ0dVCnpIblczcWRvVU02SnlNZFdvWHhy + d2NEMXpUUGFyUHZJeVluSEVROHV1UncKLS0tIHl0V1JaQ3ZtSkhrOXAzRkNMOU5B + Y0oyRWJMdXZmeDZxSzNCWUJEQzRESUkKIwxWT8Px1Y4QxW6FC349N89UbeGiA98k + gTwTDmABCbJt6MEc3zmoRSObirGLzgvmPjzXlHdmqcKoR0twXUBDYA== -----END AGE ENCRYPTED FILE----- - recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5b0FVMHdMWENPTXNZSEJG - SXBOdnhmUWt4QWZCOS9SRFJyNXY2Q1pDS2pJCk5sN25xSm5KVGNsWTlaOWRUaEFY - MXR4RHFaY1RRNEVVSHgweW1LUDlweFUKLS0tIFp1dG5RS05FdXlvTGMwUFdLK3o3 - Y0pCclZFVGZxNlBrdFBocnBoVVNmMm8K7R9LKDLZPQbSU4rRoIKbbI/QWDG2A9V1 - 3Gour+tJuf/UjYsP/vqmNPzNrCjOu2iJ/WKBvtMJ3CVsJsEEWMuvTA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBra1V4bXBkZklucDEwbmdz + dk41QjN0eUtsZVMvellRMFRCOHd3Q2p4cXhZCmhkZzhwWTg0QkgrQTdIeEU0QjZS + aTU0c1NFV1hjZmFUUTFtaUYyMG1Pd2sKLS0tICtoMmsrSHJLS3g3K1JWelFOcWhL + VW1yekgzQkI2Uk9tRDJQTldrakZLUmMKMhmS9xqucsbfdIe1BjlPSYkvF88onzww + j5YkZSaaxNHcbMaTVc1+QjYv7NooM79EpUX96hP4BDwORpU3FWS2jA== -----END AGE ENCRYPTED FILE----- - - recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej + - recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyeHF2aXErVkJ3ZnhLNWYv - VEZJcTFzUHgvRHloeG1mWnZtdGt5UUNhWkcwCittNzRGQXJ1dkdJaVl0elNtVVFI - Y2dDcFdsK2k3eUhWUEFLYWdwUHRONUkKLS0tIHhrek1RTG1sM2NaakdVZHpDZlk3 - aVhmdXBkbDhrRG9ZaHFVR3FOZUJFejQK6q/JOuoST0zCZzg6C7Se7VzVs9DpSMD4 - 0uddoEsKadtI+II+ozmuc/RkdP4lfymBioW7ka4Wlyap5apzWHd0fg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1VHF0aUN3cE1OcUtzWkdM + UGNPdVJteDFvRXFXVFVTV2p0WDV1TjBrTDIwCjVpYU1vbXdDQ24vR25qN0pEalVw + U2laUHg4TkVCLzNQRDI5Tnpzam5ZT2MKLS0tIDJNdXk2Y3V0bEFlY0NLdXUyMWw0 + aHZYZkJoajZDa0pZVkpxbzFXTm9ZbXMKamjLneLosXuqhUcsiLXFGEgMVN+Yzklh + XKf6vPmwcPuOsy5yimy5P/TygLWJ0JeXDoieDEL+/NN6kt2qtUWD4g== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-02-03T22:20:54Z" mac: ENC[AES256_GCM,data:X+j5RMl1RUlciT1fdLYGCzkD2AZmprmAsLhaC9Fy3zoeWlGJcC/m5g7kftPOUkha83NgOkWuaa4tjIMegQwK8snmY8R8Q6XNVuS6maYnynzFwzhGON7L33j7465onXsNqfQfa+I8AEaz69CynfbTq4L7WOLO6s8pvh1LDLi4ZvE=,iv:8uTaRrYxg6mVNIPm0Pg7S13nG2VOg/4IjVbbeilQOAg=,tag:lCrBGVRt3uYY5/fHDG2xVQ==,type:str] pgp: - - created_at: "2024-03-02T20:52:45Z" + - created_at: "2024-03-23T05:48:28Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA84hNUGIgI/nARAAr8UXHBCr6C3TrW1g+xLf7Q5XMP1cx2TAId7tCS/Z9R5e - +Zdzx+WYRuQwKLAYB7MwzVA22DpK8o5FY0kSXQCEziha5HCRMta2XHeprOU1GfK5 - jDOqdZK/DOpmqeuaBDhzczgXFR3h5nRQ9YJFcfEVB0JhUmsoLUTR/I9fTUNXPFa7 - d6urPxEcLyLqgWR5AxO9xjeia/WObidfYrYaXn+VY4lTx/kwV6Rsm5eThAagmtYP - kQqfNn9M68zgf8yQre9piNEktHf0tBhREZycd0xd0EMCM6TbIbisPI3ITqDQPV6c - eglcqcdOqNMjeVVbzQtTglzfKO4M2gquSLR4Kuvt08JH6bhtOGlT1njKfDKGykti - +ifHYD8iEk4opYJ1H9fS55E673gJXN1rUZGvAhG+FPz2bW/UAgq0OvdzAdZ+90B9 - fm8vb7F0UdwC8lO6SC2QLiTVzu3wNuh9s//2rwXLmzewkkH+J4wpg6+Kyer/IkrI - D9qak5tRFJcKlfWbn4skH2T7aloFXuJYHcVjAIg7XHjK4PUsHkq1n2lP9VkpQ14w - zt2Mn9gmtYX8GNwqQeys/BqkHdkVk2VTV6Ge9O0PmIGx2n/3F8iZwNedz324I8HE - NIbdNR3V94uDRuHAPH4hL+1t9MoEklFbvvMp1Aak/eaw6rvQV/Ore3852pX7xJ7S - XgH3rCh73zJEq9NuqKux2U4sW47e1J8tFPet5Sfvm7Ra/0fqtf6YbufKNvd9OuXc - m61xY+IxYwDfxvMLfFKX0GLFyLNmBoiPCLkVZ6Y+UmK3zD2BVbVtDLuVSi/ELV4= - =iuPC + hQIMA84hNUGIgI/nAQ/9HO5t//5ztagOvKoBP/W4p9Huhav4MEmqZADmbXEv+ZcG + ihnaeiofyoaKbJXfmGZ8vDIA68ZvKFL/n0sDR/plUHAuHuCR2qa+sVmo9ruJyKEq + EWc/BlguqXJCiga/MP2Ocbh+XQYJMcwGorcR1tkFjL3HkHlY+MuMCZJr8nhoERba + bHNIG6J31EHZ3ivub38C9GWuwaosBqO5AlUH3nRA63vMcOCwdnpXzvc4qeIgtfxn + ouSdj7zl75v1KG8wlR0v8ciHHdNxQ/8WoLK9QduXIFnFGxAXFYOY2838mMNZOSr4 + q6tg7ICKdMS1h3I4cTknUFEE7ZEEDMoZR/r89rJMXMQJGZ4JWVgkAroXyriRACSp + GmObXzur8BmJvaSmpckacNqZqUyVCveM82344t/q4BDZmiOKUhFQNeo8uQhgd3Jf + Z3gnNA1FsvMJOn2/oLxDP0d54uysN1fWnuhXiosiONonBNcHCuPF5Zp3OdAXJ/a9 + YSj0n6mee600bhn0ff0MrxXfiBQUXBnTjtUljhM1EuXrniskp1OK2Xi736O+5KwN + ppT0Iol/cdfUcPNj+cONjkk6xVcARNuQ8vu0clGMPfqfkg3Ne9gLqUGoH5f2PMe2 + sWNFMhhfqcnhwEGXDw3hXEGoabzxKr5YbItwe3t9oxbp59lgxuP38yaTnOe4KzPS + XgHntRY2zgxeKFruk8BjCyeffJO/4uXaj2LKcGcRKP3nyJ1h0JX7itmsGbYshhTZ + 976Oaooyoabhv7NbUrZkpk6TcD+H6AIC7vavLZsva+BgDXKRH9nxTcDXo45WbL8= + =qXlJ -----END PGP MESSAGE----- fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82 unencrypted_suffix: _unencrypted diff --git a/users/alice/systems/artemision/configuration.nix b/users/alice/systems/artemision/configuration.nix new file mode 100644 index 0000000..0a122fc --- /dev/null +++ b/users/alice/systems/artemision/configuration.nix @@ -0,0 +1,63 @@ +{ pkgs, ... }: +{ + imports = [ + ../configuration.nix + ../programs.nix + ./programs.nix + ./desktop.nix + ]; + + time.timeZone = "America/New_York"; + console.keyMap = "us"; + + # temp workaround for building while in nixos-enter + services.logrotate.checkConfig = false; + + networking = { + hostId = "58f50a15"; + firewall.enable = true; + }; + + boot = { + useSystemdBoot = true; + default = true; + }; + + i18n = { + defaultLocale = "en_US.utf8"; + supportedLocales = [ "en_US.UTF-8/UTF-8" ]; + }; + + virtualisation = { + docker = { + enable = true; + recommendedDefaults = true; + logDriver = "local"; + storageDriver = "overlay2"; + daemon."settings" = { + experimental = true; + data-root = "/var/lib/docker"; + exec-opts = [ "native.cgroupdriver=systemd" ]; + log-opts = { + max-size = "10m"; + max-file = "5"; + }; + }; + }; + }; + + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + + services.fwupd.package = + (import + (builtins.fetchTarball { + url = "https://github.com/NixOS/nixpkgs/archive/bb2009ca185d97813e75736c2b8d1d8bb81bde05.tar.gz"; + sha256 = "sha256:003qcrsq5g5lggfrpq31gcvj82lb065xvr7bpfa8ddsw8x4dnysk"; + }) + { inherit (pkgs) system; } + ).fwupd; + + services.fprintd.enable = false; + + system.stateVersion = "24.05"; +} diff --git a/users/alice/systems/artemision/default.nix b/users/alice/systems/artemision/default.nix new file mode 100644 index 0000000..d392633 --- /dev/null +++ b/users/alice/systems/artemision/default.nix @@ -0,0 +1,10 @@ +{ inputs, ... }: +{ + system = "x86_64-linux"; + home = true; + sops = true; + modules = [ + inputs.nixos-hardware.nixosModules.framework-13-7040-amd + { environment.systemPackages = [ inputs.wired-notify.packages.x86_64-linux.default ]; } + ]; +} diff --git a/users/alice/systems/artemision/desktop.nix b/users/alice/systems/artemision/desktop.nix new file mode 100644 index 0000000..e9d89ec --- /dev/null +++ b/users/alice/systems/artemision/desktop.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + pkgs, + ... +}: + +{ + programs.hyprland = { + enable = true; + xwayland.enable = true; + }; + # Optional, hint electron apps to use wayland: + environment.sessionVariables.NIXOS_OZONE_WL = "1"; + + services.xserver.displayManager.gdm = { + enable = true; + }; +} diff --git a/users/alice/systems/artemision/hardware.nix b/users/alice/systems/artemision/hardware.nix new file mode 100644 index 0000000..50d28e4 --- /dev/null +++ b/users/alice/systems/artemision/hardware.nix @@ -0,0 +1,90 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot.initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "thunderbolt" + "usb_storage" + "usbhid" + "sd_mod" + ]; + boot.initrd.kernelModules = [ + "dm-snapshot" + "r8152" + ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/f3c11d62-37f4-495e-b668-1ff49e0d3a47"; + fsType = "ext4"; + options = [ + "noatime" + "nodiratime" + "discard" + ]; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/720af942-464c-4c1e-be41-0438936264f0"; + fsType = "ext4"; + options = [ + "noatime" + "nodiratime" + "discard" + ]; + }; + + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/035f23f8-d895-4b0c-bcf5-45885a5dbbd9"; + fsType = "ext4"; + options = [ + "noatime" + "nodiratime" + "discard" + ]; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/5AD7-6005"; + fsType = "vfat"; + options = [ + "noatime" + "nodiratime" + "discard" + ]; + }; + + swapDevices = [ { device = "/dev/disk/by-uuid/7f0dba0f-d04e-4c94-9fba-1d0811673df1"; } ]; + + boot.initrd.luks.devices = { + "nixos-pv" = { + device = "/dev/disk/by-uuid/12a7f660-bbcc-4066-81d0-e66005ee534a"; + preLVM = true; + allowDiscards = true; + }; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp196s0f3u2u1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/users/alice/systems/artemision/non-server.nix b/users/alice/systems/artemision/non-server.nix new file mode 100644 index 0000000..fd5fb2f --- /dev/null +++ b/users/alice/systems/artemision/non-server.nix @@ -0,0 +1,101 @@ +{ + config, + lib, + pkgs, + ... +}: + +{ + # Adds some items from the server config without importing everything + security.auditd.enable = true; + nixpkgs.config.allowUnfree = true; + + i18n = { + defaultLocale = "en_US.utf8"; + supportedLocales = [ "en_US.UTF-8/UTF-8" ]; + }; + + boot = { + default = true; + }; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + }; + + users = { + defaultUserShell = pkgs.zsh; + mutableUsers = false; + }; + + networking = { + firewall = { + enable = lib.mkDefault true; + allowedTCPPorts = [ ]; + }; + }; + + services = { + autopull = { + enable = true; + ssh-key = "/root/.ssh/id_ed25519_ghdeploy"; + path = /root/dotfiles; + }; + }; + + # programs = { + # zsh = { + # enable = true; + # syntaxHighlighting.enable = true; + # zsh-autoenv.enable = true; + # enableCompletion = true; + # enableBashCompletion = true; + # ohMyZsh.enable = true; + # autosuggestions = { + # enable = true; + # strategy = [ "completion" ]; + # async = true; + # }; + # }; + # }; + + nix = { + diffSystem = true; + settings = { + experimental-features = [ + "nix-command" + "flakes" + ]; + keep-outputs = true; + builders-use-substitutes = true; + connect-timeout = 20; + }; + + # free up to 10 gb when only 1 gb left + extraOptions = '' + min-free = ${toString (1 * 1024 * 1024 * 1024)} + max-free = ${toString (10 * 1024 * 1024 * 1024)} + ''; + + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + + optimise = { + automatic = true; + dates = [ "01:00" ]; + }; + }; + + system = { + autoUpgrade = { + enable = true; + randomizedDelaySec = "1h"; + persistent = true; + flake = "github:RAD-Development/nix-dotfiles"; + }; + }; +} diff --git a/users/alice/systems/artemision/programs.nix b/users/alice/systems/artemision/programs.nix new file mode 100644 index 0000000..b96912e --- /dev/null +++ b/users/alice/systems/artemision/programs.nix @@ -0,0 +1,40 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + bat + btop + croc + deadnix + direnv + fd + file + htop + hwloc + iperf3 + jp2a + jq + lsof + lynis + ncdu + neofetch + nix-init + nix-output-monitor + nix-prefetch + nix-tree + nixpkgs-fmt + nmap + pciutils + python3 + qrencode + ripgrep + smartmontools + tig + tokei + tree + unzip + ventoy + wget + zoxide + zsh-nix-shell + ]; +} diff --git a/users/alice/systems/artemision/secrets.yaml b/users/alice/systems/artemision/secrets.yaml new file mode 100644 index 0000000..b6e934b --- /dev/null +++ b/users/alice/systems/artemision/secrets.yaml @@ -0,0 +1,51 @@ +hello: ENC[AES256_GCM,data:UJlsd5kvnhEv7eJeYwg+NHm9sgUAxYM5DoR0gDPLi9J7P+8FI8WPMkN1wEAHJA==,iv:NFSdZQ1OK4BT+EAGZz122NB7WrVCEzv4wwMxFIE/OKI=,tag:6YT7Vw8tFrw9iEFKxeKRFQ==,type:str] +example_key: ENC[AES256_GCM,data:KMXgMrqe7M101ZMJ2g==,iv:MJ3Iiu/0KIVhPFnqfovysqvPJAv1OsnxE4VIsuexFkE=,tag:X6KIKNGym8/9VglmG3SNRw==,type:str] +#ENC[AES256_GCM,data:QR3WNE/a1hZIXnTjFjK3kA==,iv:eXoZJ5rQaYqN7LjEp2M13OCMwuQ+80M5AXjV0uNc4C8=,tag:sCvL6pr9zAyWZziffVFMzg==,type:comment] +example_array: + - ENC[AES256_GCM,data:g8PulCLrXZYSEdZJELE=,iv:irGwciFn1zXBxFpGAJtD46EQLGUO5oqdCzRgv1204JE=,tag:2MuDdRYMjhtTY++lPuj1FQ==,type:str] + - ENC[AES256_GCM,data:qv7GvmoOX8VSdaiW/90=,iv:6NOWeWqHUV9ciKPmZF4C7ijuIPFr3YZi3Dh7xWnb07k=,tag:VHXdBhWmEpb7uavCPqGZ4w==,type:str] +example_number: ENC[AES256_GCM,data:g8BIEIcwKRLSbw==,iv:Ay4aiukAvXeDhzlpMPn++zR0Tt2lMqCx362uN37S+ac=,tag:NTtNaIu5u8YsIm0M4OgL0A==,type:float] +example_booleans: + - ENC[AES256_GCM,data:94T9mg==,iv:qKGJke4SGhgN09Yebh5MPrRBDNnguJQ+1dl5XQffGZQ=,tag:0Pa3eujmSxDCnAHKHsx6yQ==,type:bool] + - ENC[AES256_GCM,data:gEvfi+Q=,iv:0DrXoZk8OkdUShc7WAKOL8xG26RFZp3M3qYFAb1hDAs=,tag:uemBrdF87nrfLpfnQ8bD8g==,type:bool] +#ENC[AES256_GCM,data:pC2Kdy7wNc0=,iv:J7Ggfv6K3dCzL42j5MGd+BjQGseoAoYs4k6+yc3FSiA=,tag:9MriduP9SEIi+c1q4tfzlQ==,type:comment] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRZUNHeDdqaGt0QnFIejdM + MU5uaDNiN2xOeVlZNzQyZXZ0R2NYUU83ZWxrCmNDL3J6ZjNmejBuUXk3cldwZUEz + UWVqMTVPelN1MTJDNzc0UU9XNWkralUKLS0tIDU2b053Uk5VZGlWUk9XMXZ5Wllk + UlhhNzNjTHdVaXlPOFJhc0EyZGh3RDQK1c7nctmrorze4Kr0Grmcmx3N/UYXPwJc + FfClOoGxO+4ZDtxG61SDU1UdYae4loQ8roM8jDIPFMfoEum2bT8oXw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-23T05:46:44Z" + mac: ENC[AES256_GCM,data:/QpK5JuZgnKKHSOTKMRV291UJbPQaNFOx5hheBFx8aVKbS0TGPBMhFp65mw2dOjwT92iyjTxsox/wwev0wcNdNwlvLYTwFdwf4D6FHyLgX/DSkMfqcXbk8HHFlu0LEyd3W6wi2DBsB0KwiVcfsFKoUD4fKbpWnY2EXFOPD6L2Vg=,iv:hPlgFlPqTDXqfcCjRsJuznR+d3PlwT2kJ/TwFe1obfM=,tag:ZkpcEP0u95vvR37GkJGkuQ==,type:str] + pgp: + - created_at: "2024-03-23T05:46:35Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA84hNUGIgI/nAQ/+IwyPDjs/jDCBlnYFboHh6TXx8ulysESst4hz5crM4L0u + wylKyfEIBx0eLy0mLLA4DhcpYza0Nry5RLdwDNfimhATErfQxnwqlZ6RnYKnh3Hk + 93L66+BEKPd3EZOH+RC/wb0qiTDmU0yna8jtVO0uU7s6//hm/g7bdmQAK0YIJLcb + sd83n99R4oHVrq7iFc74/AV5isW9GcfmvLI94eodFpaE1dpqm4KzNpLueDCOvA/1 + vPo5Lgtp9WM4FhXUqMiplCNqMIt+Hyj3F+p+9jgQ2dLfHuVkI8pzd47gOHyMDYPy + fn6SVKZtOyfNDwhs7L5piiarSXISBGtx36ISDvtvtr/vgMydTdvILIOo9pkSGVtN + 4W7+ywMaFjfAeShTVtUJNJqmp/8agt2WtaUX4kPPha4SxlNSOMpeTQ31bs89gBtc + g2325afL2WPK4NSAOmU8VMXqmFc2A10aFlx5nsfT4S1wkoNbitTWgoAcCa7kGRPW + xZca225cwLUzkggv74cfYT3YnQL40AMSOMqSRS8pbTFEENG1BtsB5A++Jji2i4tO + xoGIL8LRCEfiHpTC7eBwDDVmKb5StgKsXs6yYbQG5XW2W+/Jgum64Sb7+LviQ9Mq + WHNiu5MZPeKyHFu9jI9Ne1HpYJnb7/X9AxFw2e/vFwVn+kjaXcH/PhsYuPUyqkzS + XgG3tFbcgNtMWyoLU2EL1Qvwq1pHVrwmeNXHidESx23HeJtnIwoKkdopl4qqqNle + uQYP89bvb6zFWlqOSwLORZmj1W1wVTYV9eXplDbJob8agBKIcIuhtwri5e96gf4= + =XdJo + -----END PGP MESSAGE----- + fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82 + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/users/alice/systems/configuration.nix b/users/alice/systems/configuration.nix new file mode 100644 index 0000000..197eec7 --- /dev/null +++ b/users/alice/systems/configuration.nix @@ -0,0 +1,12 @@ +{ + config, + lib, + pkgs, + ... +}: + +{ + imports = [ ./non-server.nix ]; + + services.fwupd.enable = true; +} diff --git a/users/alice/systems/non-server.nix b/users/alice/systems/non-server.nix new file mode 100644 index 0000000..e48f2d1 --- /dev/null +++ b/users/alice/systems/non-server.nix @@ -0,0 +1,88 @@ +{ + config, + lib, + pkgs, + ... +}: + +{ + # Adds some items from the server config without importing everything + security.auditd.enable = true; + nixpkgs.config.allowUnfree = true; + + i18n = { + defaultLocale = "en_US.utf8"; + supportedLocales = [ "en_US.UTF-8/UTF-8" ]; + }; + + boot = { + default = true; + }; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + }; + + users = { + defaultUserShell = pkgs.zsh; + mutableUsers = false; + }; + + networking = { + firewall = { + enable = lib.mkDefault true; + allowedTCPPorts = [ ]; + }; + }; + + services = { + autopull = { + enable = true; + ssh-key = "/root/.ssh/id_ed25519_ghdeploy"; + path = /root/dotfiles; + }; + }; + + programs.zsh = { + enable = true; + syntaxHighlighting.enable = true; + zsh-autoenv.enable = true; + enableCompletion = true; + enableBashCompletion = true; + ohMyZsh.enable = true; + autosuggestions = { + enable = true; + strategy = [ "completion" ]; + async = true; + }; + }; + + nix = { + diffSystem = true; + settings = { + experimental-features = [ + "nix-command" + "flakes" + ]; + keep-outputs = true; + builders-use-substitutes = true; + connect-timeout = 20; + }; + + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + }; + + system = { + autoUpgrade = { + enable = true; + randomizedDelaySec = "1h"; + persistent = true; + flake = "github:RAD-Development/nix-dotfiles"; + }; + }; +} diff --git a/users/alice/systems/programs.nix b/users/alice/systems/programs.nix new file mode 100644 index 0000000..da67a42 --- /dev/null +++ b/users/alice/systems/programs.nix @@ -0,0 +1,53 @@ +{ + pkgs, + config, + inputs, + ... +}: +{ + environment.systemPackages = with pkgs; [ + bfg-repo-cleaner + candy-icons + calibre + # calibre dedrm? + discord-canary + fanficfare + ferium + # gestures replacement + gpu-viewer + headsetcontrol + ipmiview + ipscan + masterpdfeditor4 + mons + # nbt explorer? + neovim + noisetorch + ocrmypdf + pinentry-rofi + playonlinux + protonmail-bridge + protontricks + redshift + ripgrep + rpi-imager + rofi-wayland + # signal in tray? + siji + simple-mtpfs + slack + snyk + spotify + spotify-player + #swaylock/waylock? + sweet-nova + unipicker + ventoy + vscode + watchman + xboxdrv + yubioath-flutter + zoom + ]; + # ++ [ inputs.wired.packages.${system}.wired ]; +}