ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

initial artemision changes (#116)

Browse Source 
* Add artemision

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* blank config.nix for alice

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* move alice config

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* move alice config

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* fix slack (artemision)

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* fix unipicker (artemision)

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* fix vscode (artemision)

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* add wired-notify (not currently working, artemision)

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* change formatter to nixfmt-rfc-style

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* update lock

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* initial format

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* artemision settings

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* add artemision files

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* artemision initial setup

* artemision initial setup

* sops generation

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* sops updates

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* sops updates

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* fix breaking changes, add framework module

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* formatting and friends

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* add boot, mutable users is true

* fmt

* Add desktop/framework dependencies

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* enable sops

* sops/ethernet fixes

* update subs

* cache key fix & mutable users

* temp neovim

* zsh changes

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* dependency fixes, zsh.nix

* zsh fixes for home-manager

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* minor zsh fixes

* minor zsh/home fixes

* cleanup

* typo from merge

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* formatting

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* remove owner

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* non-server :)

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* add display manager

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* switch to gdm

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* wayland errors

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* fix formatting

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* remove ZFS unstable

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* zsh reorg

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* wayland enable

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* add boot partition options

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* wayland agian

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* nix format

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

---------

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
Co-authored-by: ahuston-0 <alice.huston@gmail.com>
This commit is contained in:
Alice Huston 2024-03-24 14:21:28 -04:00 committed by GitHub
parent bc7034e7e2
commit 46a605d12e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
20 changed files with 1093 additions and 160 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
.sops.yaml
View File

@ -6,6 +6,7 @@ keys:
# Generate AGE keys from SSH keys with:
# ssh-keygen -A
# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
- &artemision age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
- &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
- &jeeves age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w
- &jeeves-jr age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
@ -36,20 +37,32 @@ creation_rules:
age:
- *jeeves-jr
- path_regex: systems/palatine-hill/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *palatine-hill
- path_regex: users/alice/secrets\.yaml$
- path_regex: users/alice/secrets\.yaml$
key_groups:
- pgp:
- *admin_alice
age: *servers
age:
- *palatine-hill
- *jeeves
- *jeeves-jr
- *artemision
- path_regex: systems/palatine-hill/secrets\.yaml$
key_groups:
- pgp:
- *admin_alice
age:
- *palatine-hill
- path_regex: users/alice/systems/artemision/secrets\.yaml$
key_groups:
- pgp:
- *admin_alice
age:
- *artemision
- path_regex: users/richie/secrets\.yaml$
key_groups:
- pgp:
- *admin_richie
age: *servers
age: *servers

184
docs/sample-setup.sh Normal file
View File

@ -0,0 +1,184 @@
#!/usr/bin/env nix
#! nix shell nixpkgs#bash nixpkgs#git --command bash
set -o errexit # abort on nonzero exitstatus
set -o nounset # abort on unbound variable
set -o pipefail # don't hide errors within pipes
PROCEED="N"
################################################################################
#
# This script is a sample install script for using this repository
#
# This makes several assumptions, listed below
# the system will use LVM for managing drives and snapshots
# SOPS should be set up (set SOPS=N to disable)
# this is a server (change GITBASE to reflect path to machine config)
# this machine is called "machine"
# this machine will have all partitions on /dev/sda
# there will be no swap partition (set SWAPSIZE to non-zero)
#
# Please check the below variables and make changes as appropriate
#
################################################################################
# Need to validate the below before running the script
# Set SWAPSIZE to something larger than 0 to enable it
# (even if CREATEPARTS is disabled)
VOLGROUP="nixos-vg"
DRIVE="nvme0n1"
MACHINENAME="artemision"
SWAPSIZE="35G"
# Feature toggles (must be Y to be enabled)
CREATEPARTS="Y"
SOPS="Y"
# SOPS owner
OWNERORADMINS="alice"
# Partition planning
ROOTPATH="/dev/$VOLGROUP/root"
SWAPPATH="/dev/$VOLGROUP/swap"
HOMEPATH="/dev/$VOLGROUP/home"
NIXSTOREPATH="/dev/$VOLGROUP/nix"
BOOTPART="/dev/${DRIVE}p1"
# git vars
GITBASE="users/alice/systems"
FEATUREBRANCH="feature/$MACHINENAME"
if [ $PROCEED != "Y" ]; then
echo "PROCEED is not set correctly, please validate the below partitions and update the script accordingly"
lsblk -ao NAME,FSTYPE,FSSIZE,FSUSED,SIZE,MOUNTPOINT
fi
if [ $CREATEPARTS = "Y" ]; then
# Create partition table
sudo parted "/dev/$DRIVE" -- mklabel gpt
# Create boot part
sudo parted "/dev/$DRIVE" -- mkpart ESP fat32 1MB 1024MB
sudo parted "/dev/$DRIVE" -- set 1 esp on
sudo mkfs.fat -F 32 -n NIXBOOT "/dev/${DRIVE}1"
# Create luks part
sudo parted "/dev/$DRIVE" -- mkpart primary ext4 1024MB 100%
sudo parted "/dev/$DRIVE" -- set 2 lvm on
LUKSPART="nixos-pv"
sudo cryptsetup luksFormat "/dev/${DRIVE}p2"
sudo cryptsetup luksOpen "/dev/${DRIVE}p2" "$LUKSPART"
# Create lvm part
sudo pvcreate "/dev/mapper/$LUKSPART"
sudo pvresize "/dev/mapper/$LUKSPART"
sudo pvdisplay
# Create volume group
sudo vgcreate "$VOLGROUP" "/dev/mapper/$LUKSPART"
sudo vgchange -a y "$VOLGROUP"
sudo vgdisplay
# Create swap part on LVM
if [ $SWAPSIZE != 0 ]; then
sudo lvcreate -L "$SWAPSIZE" "$VOLGROUP" -n swap
sudo mkswap -L NIXSWAP -c "$SWAPPATH"
fi
# Create home part on LVM, leaving plenty of room for snapshots
sudo lvcreate -l 50%FREE "$VOLGROUP" -n home
sudo mkfs.ext4 -L NIXHOME -c "$HOMEPATH"
# Create root part on LVM, keeping in mind most data will be on /home or /nix
sudo lvcreate -L 5G "$VOLGROUP" -n root
sudo mkfs.ext4 -L NIXROOT -c "$ROOTPATH"
# Create nix part on LVM
sudo lvcreate -L 100G "$VOLGROUP" -n nix-store
sudo mkfs.ext4 -L NIXSTORE -c "$NIXSTOREPATH"
sudo lvdisplay
lsblk -ao NAME,FSTYPE,FSSIZE,FSUSED,SIZE,MOUNTPOINT
fi
# Mount partitions
sudo mount $ROOTPATH /mnt
sudo mkdir /mnt/{home,nix,boot} || echo "directories already exist (/mnt/{home,nix,boot})"
sudo mount $HOMEPATH /mnt/home
sudo mount $NIXSTOREPATH /mnt/nix
sudo mount $BOOTPART /mnt/boot
# Enable swap if SWAPSIZE is non-zero
if [ $SWAPSIZE != 0 ]; then
sudo swapon "/dev/$VOLGROUP/swap"
fi
# Clone the repo
DOTS="/mnt/root/dotfiles"
GC="git -C $DOTS"
sudo mkdir -p "$DOTS" || echo "directory $DOTS already exists"
sudo $GC clone https://github.com/RAD-Development/nix-dotfiles.git .
sudo $GC checkout "$FEATUREBRANCH"
# Create ssh keys
sudo mkdir /root/.ssh
sudo chmod 700 /root/.ssh
sudo ssh-keygen -t ed25519 -o -a 100 -f "/root/.ssh/id_ed25519_ghdeploy" -q -N "" -C "$MACHINENAME" || echo "key already exists"
read -r -p "get this into github so you can check everything in, then hit enter :)"
cat "$DOTS/id_ed25519_ghdeploy.pub"
if [ $SOPS == "Y" ]; then
# Create ssh host-keys
sudo ssh-keygen -A
sudo mkdir -p /mnt/etc/ssh
sudo cp "/etc/ssh/ssh_host_*" /mnt/etc/ssh
# Get line where AGE comment is and insert new AGE key two lines down
AGELINE=$(grep "Generate AGE keys from SSH keys with" "$DOTS/.sops.yaml" -n | awk -F ':' '{print ($1+2)}')
AGEKEY=$(nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age')
sudo sed -i "${AGELINE}i\\ - &${MACHINENAME} $AGEKEY\\" "$DOTS/.sops.yaml"
# Add server name
SERVERLINE=$(grep 'servers: &servers' "$DOTS/.sops.yaml" -n | awk -F ':' '{print ($1+1)}')
sudo sed -i "${SERVERLINE}i\\ - *${MACHINENAME}\\" "$DOTS/.sops.yaml"
# Add creation rules
CREATIONLINE=$(grep 'creation_rules' "$DOTS/.sops.yaml" -n | awk -F ':' '{print ($1+1)}')
# TODO: below was not working when last attempted
read -r -d '' PATHRULE <<-EOF
- path_regex: $GITBASE/$MACHINENAME/secrets\.yaml$
key_groups:
- pgp: *$OWNERORADMINS
age:
- *$MACHINENAME
EOF
sudo sed -i "${CREATIONLINE}i\\${PATHRULE}\\" "$DOTS/.sops.yaml"
fi
read -r -p "press enter to continue"
# generate hardware.nix
sudo nixos-generate-config --root /mnt --dir "$DOTS"
sudo mv "$DOTS/$GITBASE/$MACHINENAME/hardware{-configuration,}.nix"
# from https://nixos.org/manual/nixos/unstable
sudo nixos-install --flake "$DOTS#$MACHINENAME"
# add ssh config for root and reset git repo url
read -r -d '' SSHCONFIG <<-EOF
Host github.com
User git
Hostname github.com
PreferredAuthentications publickey
IdentityFile /root/.ssh/id_ed25519_ghdeploy
EOF
printf "%s" "$SSHCONFIG" | sudo tee /root/.ssh/config
sudo $GC remote set-url origin 'git@github.com:RAD-Development/nix-dotfiles.git'

122
flake.lock generated
View File

@ -100,6 +100,24 @@
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1709336216,
"narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": [
@ -223,6 +241,21 @@
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1711274671,
"narHash": "sha256-19KQXya5VERUXOdeEJJN+zOqtvuE6MV3qTk9Gr4J9Uo=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "7559df1e4af972d5f1de87975b5ef6a8d7559db2",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixos-modules": {
"inputs": {
"flake-utils": [
@ -262,6 +295,24 @@
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"dir": "lib",
"lastModified": 1709237383,
"narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8",
"type": "github"
},
"original": {
"dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-regression": {
"locked": {
"lastModified": 1643052045,
@ -294,6 +345,22 @@
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1711124224,
"narHash": "sha256-l0zlN/3CiodvWDtfBOVxeTwYSRz93muVbXWSpaMjXxM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "56528ee42526794d413d6f244648aaee4a7b56c0",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"attic": "attic",
@ -303,10 +370,14 @@
"nix": "nix",
"nix-index-database": "nix-index-database",
"nix-pre-commit": "nix-pre-commit",
"nixos-hardware": "nixos-hardware",
"nixos-modules": "nixos-modules",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable_2",
"rust-overlay": "rust-overlay",
"sops-nix": "sops-nix",
"systems": "systems"
"systems": "systems",
"wired-notify": "wired-notify"
}
},
"rust-analyzer-src": {
@ -326,13 +397,36 @@
"type": "github"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1711246447,
"narHash": "sha256-g9TOluObcOEKewFo2fR4cn51Y/jSKhRRo4QZckHLop0=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "dcc802a6ec4e9cc6a1c8c393327f0c42666f22e4",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": [
"nixpkgs"
"nixpkgs-stable"
]
},
"locked": {
@ -363,6 +457,30 @@
"repo": "default",
"type": "github"
}
},
"wired-notify": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": [
"rust-overlay"
]
},
"locked": {
"lastModified": 1710502853,
"narHash": "sha256-+mxZKeCKHI0vxdt4mnWzvbrn/SLS6zj7SG12YudAltA=",
"owner": "Toqozz",
"repo": "wired-notify",
"rev": "3db419563a20f1706a3d45262e782e48eee411a2",
"type": "github"
},
"original": {
"owner": "Toqozz",
"repo": "wired-notify",
"type": "github"
}
}
},
"root": "root",

51
flake.nix
View File

@ -2,31 +2,33 @@
description = "NixOS configuration for RAD-Development Servers";
nixConfig = {
trusted-users = [ "root" ];
substituters = [
"https://cache.nixos.org/?priority=1&want-mass-query=true"
"https://attic.alicehuston.xyz/cache-nix-dot?priority=4&want-mass-query=true"
"https://cache.alicehuston.xyz/?priority=5&want-mass-query=true"
"https://nix-community.cachix.org/?priority=10&want-mass-query=true"
];
trusted-substituters = [
"https://cache.nixos.org"
"https://attic.alicehuston.xyz/cache-nix-dot"
"https://cache.alicehuston.xyz"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"cache.alicehuston.xyz:SJAm8HJVTWUjwcTTLAoi/5E1gUOJ0GWum2suPPv7CUo=%"
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache-nix-dot:0hp/F6mUJXNyZeLBPNBjmyEh8gWsNVH+zkuwlWMmwXg="
];
trusted-users = [
"root"
"@wheel"
];
};
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-23.11";
systems.url = "github:nix-systems/default";
nix-index-database = {
url = "github:Mic92/nix-index-database";
@ -65,7 +67,7 @@
url = "github:Mic92/sops-nix";
inputs = {
nixpkgs.follows = "nixpkgs";
nixpkgs-stable.follows = "nixpkgs";
nixpkgs-stable.follows = "nixpkgs-stable";
};
};
@ -77,6 +79,26 @@
};
};
wired-notify = {
url = "github:Toqozz/wired-notify";
inputs = {
nixpkgs.follows = "nixpkgs";
rust-overlay.follows = "rust-overlay";
};
};
rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs = {
flake-utils.follows = "flake-utils";
nixpkgs.follows = "nixpkgs";
};
};
nixos-hardware = {
url = "github:NixOS/nixos-hardware";
};
attic = {
url = "github:zhaofengli/attic";
inputs = {
@ -92,9 +114,11 @@
nix,
home-manager,
nix-pre-commit,
nixos-hardware,
nixos-modules,
nixpkgs,
sops-nix,
wired-notify,
...
}@inputs:
let
@ -160,7 +184,7 @@
repos = [
{
repo = "https://gitlab.com/vojko.pribudic/pre-commit-update";
rev = "bbd69145df8741f4f470b8f1cf2867121be52121";
rev = "bd6e40ff90e582fcb7b81ffafdf41f9d6cac7131";
hooks = [
{
id = "pre-commit-update";
@ -208,21 +232,14 @@
server ? true,
sops ? true,
system ? "x86_64-linux",
owner ? null,
}:
lib.nixosSystem {
system = "x86_64-linux";
# pkgs = lib.mkIf (system != "x86_64-linux") (import inputs.patch-aarch64 { inherit (nixpkgs) config; inherit system; }).legacyPackages.${system};
modules =
[
nixos-modules.nixosModule
sops-nix.nixosModules.sops
{ config.networking.hostName = "${hostname}"; }
{
nixpkgs.overlays = [
(_self: super: { libgit2 = super.libgit2.overrideAttrs { doCheck = false; }; })
];
}
]
++ (
if server then
@ -249,13 +266,7 @@
"${toString nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
++ (
if home then
(map
(user: {
home-manager.users.${user} = import ./users/${user}/home.nix;
home-manager.users.root = lib.mkIf (owner == user) (import ./users/${user}/home.nix);
})
users
)
(map (user: { home-manager.users.${user} = import ./users/${user}/home.nix; }) users)
else
[ ]
)
@ -320,13 +331,11 @@
hostname = system;
server = false;
users = [ user ];
owner = user;
}
// builtins.removeAttrs (import ./users/${user}/systems/${system} { inherit inputs; }) [
"hostname"
"server"
"users"
"owner"
]
);
})

1
modules/boot.nix
View File

@ -51,7 +51,6 @@ in
};
zfs = lib.mkIf (cfg.filesystem == "zfs") {
enableUnstable = true;
devNodes = "/dev/disk/by-id/";
forceImportRoot = true;
};

82
systems/jeeves-jr/secrets.yaml
View File

@ -8,65 +8,53 @@ sops:
- recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDc0JiUzQvWlZoTk5yN1Y4
WVdiVE96YzdFOUJmcENDN0YwajVQbWFtclFBCmMyc0J1aWIwYi9hZlk2aXNNbjJa
WXk4UWowV05MMkR6dWw4VTZlYXM3d1UKLS0tIGxXTEpRZUpMdEphN09XczVLajhB
Q2lVZndGa3p6ZWlBSzBJNlVEZmpuTFUKykfMMUhiVnpyU+Wuo+eHFrjfNjeq3byA
ktvpewY946v/rUBiyruaaOdCmL0U0Metc+m8gzTdbuTsM7EuY+cTyA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2NXJJMjBjeU9XQS9YZGxQ
V1h5RlNUVTA5Mkx3M3ZobGs5WFA0NXFGakR3CnIxVk9nYU1aWkNoZ0F0WGd0ck5Q
VWpSU0ZRdENTWnFVOVNQY0Z4ems4MEUKLS0tIFVqcGJtZWRxSTZwZWhjYm56bnkr
QmcxMmhaaGZXU1VFN0pvT1VDN3hpcGsKXUlVytBrz8sUorTSHXZaOMYA5U6qUpas
ZJiHtVGxRVwCpraHWLmQTRkO6pT36cEVsfsMnFH6NLOMOvA3vLX8/g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-29T20:01:04Z"
mac: ENC[AES256_GCM,data:9tUmPHyKY42lT1EfbDK7Es9MIdiR5A0rs/ST89baJMANGIN+oKQzkzDujG2WM8hxvgApl/GuIdy5ZBNZlUM0iYxFUd2a0UBDyjw+xTzWIuQr2/TuI8/cOgp04Kk+M9wNlLzE/dJAXsaqBo0EaHpfwKo/3/J53UfiIZrOtAZv+Qg=,iv:E79aJdvhkG2PfsO06QQa2Pzs3yiSHDARpZtM+uxiZJE=,tag:UwEcwBm22Ep2U2mhDgpQ0w==,type:str]
pgp:
- created_at: "2023-12-29T20:00:57Z"
- created_at: "2024-03-23T05:49:12Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQILA84hNUGIgI/nAQ/4/do2eDz0KPLhCY7MH0HCyf9m2tZXvOy7+2pqYxdrKtwP
H5+3O9R3iobBfksnaW8bTU2WK5t7OP4SlKYAeBi0uHoWVt8w/RcrZmVaItOlrDHA
4ER64Izuc9ih6Ug/SOGvkE2NymUpPgsJ6YHyQESy8JdETr1swNOemlbgOYXgg1h2
T7hLdEKQtnYNLMMsO8jZOcPlbCGM0PXZQrWN67kXlWJwkx6qls6XmuXDvAofIQ2C
+GiaR6RDrsa9eofe34TT/FJG2IlAfPnE1sCcy9EYgU+nw6xwMCNn/d7qMqMDZGw/
xRMmnH5ujULsAohZFvCnmZue2BXkhSRrsuLePs4edOS1gm97qaPHQUv3vmDTCpWY
581K0CaauIHq9Gz8zK999jJNFG0Hmi4w9nRajErC8QvzIymgvzbsJHXkVjzYJjT2
NYZ3D/YKbu7zyt3EYLZ0wtHysjdYD9PUsg16X5XxNUV7EHGhUt6mpX+P/h13ZSMq
uwog7ByMUG70cQwqLpJFL40rFpq5mlK4JnonVN0+0PWy7LGxYM8q2WvylP6SDiZy
3EqaqMlAwQsNO+7YStk7IonxoWZ6ff7fD8MtKZ/faBjmSzYsjl7F6o5HUd7APtV/
/HMjbauqHomCoWEyfDNiDKu2lla1MM/wUEacgvpYbW5BAlZoxUtO1MXDRDpIKNJc
AR99EIS9Q1KBmfuzqHuIMrRBy4iHg1nHyvtj/Zh/2AjetnQgdDc5skPuHRL/Bo/2
V8PrlL8j1AHrdL4id31drlLQS4zA0QiJj1gDT1fJgInSU29vPed3ZGDCKCU=
=BkkQ
hQIMA84hNUGIgI/nARAAgcuMhO3nmxYY8KiW6AYxU2rFo2OQnpzZVtbMJB43wDQX
0UAOVmUyhGM2wd3tJgnvyfnguy6p3LfjZrXdTkTzrv5yCJVvKXhORcLisjaXLS8H
TCe9Fa4I9CvKo/yyRsRYS59niql0ocTs1Eb7cLiKuX19RIuQ7TjMPnjkdj5xXooa
kPJXfwL1SpUU3kjhuTHqWlD0m5t0RPiTpDym8fExMSvbTWyMY0BPA+qD1atMeUik
i3x2boqfoyD1GZ64Z5NrxRD0dN6TQvJLX1K1XTzanUhvfsy/PvDftCHKQc2n2Opk
btnKZa1mfiiLUQly+njSvH8ERYg27j5ACEQ0V9rtGPa3xnVYZm6Z5h0v68aqsotJ
aOzJa7/k0ZV/tBD1pT+9T2a/W9v4U+KdKKL19ebNvMtFxy50jN8SQsrTtxv5G5fA
sc+HkrcnLezFHYtGG85PfbTGsKMWpwu+4BrcmuW6dBcADZ1fZdkqgi+GcYGL2xy1
bddjuOWnzXb93t1pSIkaHcVWc6s5Atf3IB/liyNEux4kdquOHZQJi0WBi0l8GEmG
/ggJN4shRqtMqEkomaZkyZMsHnkmenusjbIlKJrwolhZSyDP8Kk5iPYXMxG21vrr
YpWHr388q8H7+ksnxYiNFXyY2cQKtOsD3UMIV8edMc/lHjTOi0BFNMHmU3WDsajS
XAGXsys00baAzcQHIS0jijU4mJQAqYL3S7FrcDGW8qhTGFpQ8ngVLvwLfqMvUn8v
LB3M5/7+Ld8xV4AZWr8mvv+7ZNNnnZzImETCLnekfvLEV9F2pTCH2Z21RPEL
=XWl7
-----END PGP MESSAGE-----
fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82
- created_at: "2023-12-29T20:00:57Z"
- created_at: "2024-03-23T05:49:12Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DqDJbhoEBo+ISAQdApXkJrfSY9LoDQLwRS8ZVY63huJelc3KtOVccvM64kxUw
zhXvuT0ZGQA4PwpvZYK1NOu+T73S5khrbIDe9QzTveyKt6zOqxwK6tn22bs3DLAk
1GYBCQIQKypNWKA8hJina5Dng/h/qA0ZmRJaAJJmQA/1uRFi582CpE+fzBsCjmNQ
1x2YgfPRHobReKl0khPml7hMmLbdcVvaJ9vIb/gluazT1htu6Ozox/zEwHweUZmX
xozdi1jGYcw=
=n5SU
-----END PGP MESSAGE-----
fp: 8F79E6CD6434700615867480D11A514F5095BFA8
- created_at: "2023-12-29T20:00:57Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA29thaGx06tOARAAmhgBXtcqr5bttn6DLFBqNWaLX34FgjTjHlogiKgX3WTv
ZOluzpxbS7jylBHC0cnbgjz9vWEgg3LVzglrlOHl35SX/E09eBn/qs8I7na3o+7K
WdmJG7j3VtYdNyu4BULjGmAUIZE75/aSiIPnIDR3PwKpY6LtKI/jhs69hhmiZ+2r
M3Q91Kk4M7CsqBMUXxFFUOD7r8ZlKfsAn80gpdb/pN8gp0U1pp5JkT9Kz2WjJkzK
/vf/5f7+/8OA/WFbuY488LVSuckHvGGDXjrmoLA78/agYaH1J6qTvar5eCvIetu9
wU9cm6ieztHMOV0Nok46gYWWaKQkH6jmAVneYLAsvBm7QxEJGLlFGF5pUsniqx4A
PtDIw9EmKNnumnsHyfR+8qOgG/4/8AqPklEo9Dxsqcjj++EEvHN2lE9BwdqVNSw9
ZHJ9DXhPKjwq7VD7jvBeElituUzvPb5aPruTL2AxjQ3h0cMj/QmegO5FtBDpRpnN
TpW2FGuayueEgJSV3YJVTJUwmtxgTkL2SMHgW80I7pAq85O4fKETIAR97DCEDPrH
jgI/EEjJg+PlfuAaqo2kgVgYyE6DVkDbIKgF2k8VNFX7XBmnN7xB4apVKx8nJXc+
l7AbJiJy89giQpYWGE5A8fBrYMbvexLMfeKYtZR7t82gkNxOoKBOl0F2T+Ol+L7S
XAGgZuN612AlW9QhZCgjwIxFPK+MR2ff9hIZBVPqx4F45/Gooqxw1iCyitQwlgqL
bpTlKyuZbrgTVekV9vxnYhms6Uvyys1V9bUrKGgpV+9YS4Zfzh+5fN8wQ8Pw
=HVMH
hQIMA29thaGx06tOARAAoI93A3cy3V2dJo8HBIrLC2RK3SKBkPiPFjWO/Zvnv8Q0
IhfzjusX+3f8HIa3CxJjTbOktcq+A2a4EyBes2Rd4bX9H2Fs2VVrSmUf3S/dO1b5
GiZamHnC+1zsXUB5IFcfjMSzeKKsOWYu9DmUcalsseo/XVJjxw9DzRnPUesI/aMs
y5kKKtNDcvAK4AWidME6LTP9FgiMx09sQfuAl4YCJv1trOvxt+dN932fbAkHVAq0
Lc90rG6LDLT1w/8i9evBRRX/ZexAI3vTGn/nTqKi+B9BdFA4dY0KiHtGIS+UNtNo
vL6PTKIRejGfqt13DwUWRobKnezcpJkTkdz+Pa+cQhdwSL2tFjr0hEbZL3e76YEx
CNsgbB9h0pIm/2YvhG1k0f0skWfjXLAtR6PQPKu1OycppX02fbK9XRShb+Fik7P+
GfFLxf4JYAMMOHsxP30EVQONiR9XsITH149GSZ3nTBX7vUsk3b7Z+ou1Ma27EhiW
iPWTqpDgLQ/VZW+027h/l8iwv52L8eE6Y+LE32jNUTQjMW3OWKw9zknX4wciNR07
EPAy8eC9rfhUVnTB7RJlTOY03yyEiBjowJn/0e0g8+AUMKC4mAuasPUwPhptQ6pH
8up/75WglUAg04eni0p5g6X7rGj+09OEDNMtvYVt7HglX7T86O2sBcVKa/j095jS
XAGIy2HXf+By9BFKM4q6uuAh4QceHn2QaQ/ckhYGMrHulzAeORPxYaYdXoeEj18k
auBqSPzj8E9yPi4jl+miEO9BgVhRW45cxBbn2XV2KE08PIP9mZ2jxK9Ne4HQ
=jkZ+
-----END PGP MESSAGE-----
fp: 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3
unencrypted_suffix: _unencrypted

82
systems/palatine-hill/secrets.yaml
View File

@ -16,65 +16,53 @@ sops:
- recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsMXl4RWc0Ymt4YjB4dHk3
YWdHcndLQzhyRFl4Vlp4d015KzJ3dGN2OGxBCkE4MEZjTnVua0pEd1BibWlhOUVs
enZFMUw4dVBBWC9Zb2hhalNxZi9LRGMKLS0tIEFreDViNEEySXlqM3FQMVE1ZEtk
Qkt2U1hWWGo4VzB2bEFYTWUwL0tyYzgKE1H8Wx5VH8D5cBHrniAAVQXD8yyR1eWY
wUjeAOgiTEe8gjulqGDKxjMqcz7w/wuHBTICXEUEi6fBSdDE4RJkkA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmMmpVOE5rcHVVNlIzaW0z
WTZ4Y2h3KytNL2JOSjV1cTN0Q1k4OHNIUHhFCjlrRGtpMXYrTmVCV0FaTEMzakUr
ajRqK051MmFOUHRkcHh5SFUwSklmZUEKLS0tIGxFMWN1eDU2cGEvQlZoU2hUSzZD
V0xCQjJ0aDVIQ0I4NzhjR2pKT0FlTHcKSmcW0txYcqhgtx7U4qR5yKp729rZGWmS
YkwKyyMJZP1mwTKlaKPIwTj9nrBY8RAVyMYjNs/nlNgMO0APmFH8kA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-18T17:10:38Z"
mac: ENC[AES256_GCM,data:ImYBdEk+DqoG9J5fmj2aPqxFuko5AIWzVk0/v2YlMPHwBQ0dUGnYrNMXpZ4KyYlulsQ1R78agjF4Xk6jumvNbAwGZXshSSOx4A6CCAK/Xl7WbS7ilHYl9+H6K4wzTV0f8v1ShGH1INkFF+jWEpeQSSHvhHMs5lOu/N5+ZSLdC9k=,iv:17H07sayQNQmAv4hxtXYimQJX/FibannQn/7rojSrC8=,tag:15+OQlcAVitB/OYmfm+Y9Q==,type:str]
pgp:
- created_at: "2024-02-01T04:49:29Z"
- created_at: "2024-03-23T05:48:45Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA84hNUGIgI/nAQ/9GapgiAVoonYaq99pd66krKBfZMzdaFH6/29azR/f8+/Z
80m0wyS58u54/vosYMdCjiWx7+uiL6PqRs+xzyDlcXJjCqT1ExXywHaEL1IueY4q
3OkqUcj0Vnas0uIBV70Xa8RngxE9hPS7OitmUjEKUhHbFhqJnCNdiXcvEsBQkVpT
C+YOGCpIszWShUHukH7CZuZQWW8mF6+c+pcqPt+NVcuBx+c2tJfXCRxh0QloUbT+
zVmuiwHcQpX0wwO+lLFjuGq/7nUzYyxqbyeqkRwYXFwDF1btdL1aIz7RXobLxjQO
hBDgJZTb0TxZGPzhvgGtMWaK0wDuNa3KA6IEv03ivmkmK0rffEJ4qIW2XXA4MXbU
wJDDMe7u2B5Kgs09soPa9eYQuRRDigvgdTPWg6dPMIdAszqtXCY0l7847ODYl1pw
8J7CS1kL1sShFvoHqPwK5c1231Kc3mJwgAntlwwemBZP60TGcwgmqWRl/LhfoRm5
CwzbVyLZeYRYuuVHeJDNXB1FFmVtpgidcB8tduUZUo80otnBgEzU73ShJHr32BeJ
195qa0vb5KCLz9G89oWZUq5jOKe3rHftCEMlGHQ0cvBHl3SezLCx9FJ373c6Rsq2
egNwg9HMyScJGD93mukGPRlyawJAEEmZawmDJz8IKa/YzxqE+cDHp37MImXIEBzS
XgHsddLzcv0vY73sq+Wl3TYmHEq0Bs36WZWHJ4CkfRqkhRW3AGfS5jo1UAvIYKMa
oZCksFpcoJ4jLfxze/pU3ZX1n4fdapCSZSJNwdwYRygZlx9Mn38l7qF+MX8hTvg=
=7ah4
hQIMA84hNUGIgI/nAQ/+JfUh7rZt9rgUwmXCPd0H2U+JtZZZPTtNUfD1VYdbKegg
HonmyBzDbkK3wg7fYCX+sgI5UlUMF9Z19mblFwD7AvAytFQzQw2EhZ6Fq7EloYeP
h9SG56GCBq7aapToNjS5nV6i70QMpEuwm0exxH7WDxZCsrPo0glu5TJXQXO07gwA
O/E/MDoxrBrH/2SXnfxClzMGHTK8oO4mGKjNZRwV73AyRnsTURRxsqxgB+qMaISm
QXwj3lXQliIdesBFYvHhYFOfqnxYPL/gUZpmK9wtPOtQsrmgcx8l+bTCfFAOh1e1
iPK/23wc3febTUO2DaX4ikAkyoefeps0+rhFswnEBwP24bdC0xyPO8aWQ5+xm7pT
+WpXrvab4q4+7sgvvWZuNgNz18M86T4rjz3x2m+m2LMOYlYna4aTrK3M2JtGYSqe
qFREsL04NCM9xq8VOiAayxtrcrE34+Df3kQHV01h/iYNyMflmFFDs6igAtOm6hxz
jCrVWiu1D1Wcmlo9WdoDbSJrcRKRaU/n3Kp2jbagDrsnL+zHUmU4KustPD8atRTE
mqdkYJlf93omnuX6FKoeLwJa0ok2fnIE/L69ZSljZ/Xy2HgV4K0oEKRa9GQLS1TO
sMa73o1qBgufRZnVmpyGjLOhrZHf6li7fwd5DmCfYQPYUJ7HnCtpuAZ9JPLbrDnS
XgGUqb+HorS9Wyq4MXgcInSX9Ycqzrj2/X0wArJJmznEW+ZfbXSleSWyEe8uZ+r6
e1yFon0WWqpT6iIcV8KJJ1P1pJIZNbXNU1FDGgpnNCsn+xC85mBPfmdvzSl89yY=
=dN9d
-----END PGP MESSAGE-----
fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82
- created_at: "2024-02-01T04:49:29Z"
- created_at: "2024-03-23T05:48:45Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DqDJbhoEBo+ISAQdAKVno0tJCc4ipQxmAk1vA8TJeR0prQ/TAvueAYoTulFkw
KVrbiII3tQQFVeUeT8iG+QZEY1heDW0qGrGg7YLGk71R7HXrOgFMGpjGg+gXQsui
1GgBCQIQqSQ6oXefrAklm7/aMTgfjvo5ZdIPSF9dbwhxx4J3tf+Pm9pyEDZSxTy+
/vHvwlnqJXKOEPnwHl1XJKawwdTOIPeuBTr5uH51/kmd4TcrGBMBXKVHfI5qtqAs
lQNgfsDgk+oH/Q==
=KQD1
-----END PGP MESSAGE-----
fp: 8F79E6CD6434700615867480D11A514F5095BFA8
- created_at: "2024-02-01T04:49:29Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA29thaGx06tOAQ/8Cjj9t2J2t8aehRfqRsFK1npQV/ToTsGLn2mpAl5ITXrF
xOBLg1nqRq1h9++xSdpH2A9KK8tf0JkJ0Yb9sFfu/7SNqTmdnfl7FYSU67Hlxji/
LYBLDy6KPOEkfes8prYcAnNGe6U7W5zHfRasKjbg2RqJ0wrlkB9dttBRFIpTHkUK
amibjf/ScLRJuqt5nwZkNnvOFBImQlXHMOhxp/QUnWzUD1CE6zWGe6hb++ixGoHW
OSqlVF87K1/7jqaUMmX5Jee16ybcziHg5c7dnoq623GWZHZrGEDG3c8E588+c2LJ
RSyQjLfUvvRbkIdBOgKTM0/EdNVmwHLWezRgwiHsZJFP8tJUBY7CZTzIrwFwm4Hz
zxlr/p7egN2KrI8mzePBd9DlOsJJ1gCSW+MMZ/mqi+AntJqmNOcrHyEIr5wPbiyP
c6iIucTAAJIHLgMwa1PzzlK8F8miE0R6ON4IeDg/i5LXk9QpB9FZktiqp2bybPyd
WUNhWbZT9z7homCkjgyMQ/1Pc6/i5NZFQZ5HaGvsiEszToF0uCoMWUxwJeHwfKfO
RRV3XsMMzKaagS3eauq+omE47yj86gePmTIBK2nTvhg3HH3c3S+XN/vKU170scbO
mo03fH09qoXJ0B4QScj8O7NDFdTo4FcOa5eJGpfRcZFaBcNIttz4A5xnho2Pz7nS
XgG1chsapzPutaMWqicefBs7niFgEhIoL2aEBRlY9lpj5noyZBgvC7u00Fi5sXVb
MY3H0SlP4B3ic3fh77L5yr3ZemYh+NVfujdzMak6OgLk+ELrs8ZxMj4MMvEgoq4=
=Nw8m
hQIMA29thaGx06tOARAA1pInRr5kKFWriwQuy47+T8tAKdAvA64Sfqu/Lvr0SbMn
Q/i86fQ5tIhnCj06UGCzOsvosYuKfSsYZ9l4PHHobZOoE1xpPMOBMDvVQhISk+L6
wYSnXro+DKkshIpCfSdv3mQ+/Sdmm27tEkAFPS6iwNc9rBOGaOkTlPBNpTMVZiu0
hL181BhzVmZ4wRTDrh/blN0yd46TIbCub9HVBsePgsg8ABS8r/782KTOlU4zjQAG
pX+Q5JcsHqcWQInuIhzpOQzVE1iurMgaW8s8iwjRqQLtwc2drey4ORo3mQA/XYur
iVtmEV1rUPnm2Q74keaBMkK12ywk8eXM1/skbRFooXRNpwAO2X5m6+uAm35GtaQO
m0wWGxtuU69P+j+QugADo0NpcUK68gk4lNyQUEGMYleV6vXXebstMqzKfzMv0ARk
sfb1ncSyJfD1xmk7yVyg2AzjU6QyLRBtjoTpmnGq8Q0Cb1BlUQQeVhYlTbCfwlcI
YjqNw12yjT01hxONXpCFWmORzge6WB/driidb4DTLmtqQsow/pX6PeoRaADd6gTS
i2Oe35VG52L7zjob40ZeQr3ANQb8sW6Dmjm6Lg/pkcwNV5+9EuvtR+UU0N1+bAVa
U9LUcyXgoNJqt4f2JlNI74KtjrLK2lgXRKS9hr8VtMtHTQHzhZ9KslyBR00wcMLS
XgEkGpB0tAVRDA4s4veIvqTTMPl6b+DSGNq7ytv+iPLPqPN63YZ1ULEnZU1YbDvY
qhFGSIwUxfkkwqaBl0JDYF+lvAD+nko2zjbxQR8jHHcn0+55WqMa3k0dGqoTOVA=
=JBDO
-----END PGP MESSAGE-----
fp: 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3
unencrypted_suffix: _unencrypted

10
users/alice/home.nix
View File

@ -1,6 +1,8 @@
{ pkgs, ... }:
{
imports = [ ./home/zsh.nix ];
home = {
# # Adds the 'hello' command to your environment. It prints a friendly
# # "Hello, world!" when run.
@ -52,13 +54,17 @@
};
programs = {
zsh.enable = true;
starship.enable = true;
fzf = {
enable = true;
enableZshIntegration = true;
};
nix-index = {
enable = true;
enableZshIntegration = true;
};
topgrade = {
enable = true;
settings = {
@ -73,5 +79,7 @@
};
};
services.ssh-agent.enable = true;
home.stateVersion = "23.11";
}

99
users/alice/home/zsh.nix Normal file
View File

@ -0,0 +1,99 @@
{ ... }:
{
programs.zsh = {
enable = true;
# autosuggestion.enable = true;
oh-my-zsh = {
enable = true;
plugins = [
"git"
"docker"
"docker-compose"
"colored-man-pages"
"rust"
"systemd"
"tmux"
"ufw"
"z"
"fzf"
];
};
initExtra = ''
# functions
function mount-data {
if [[ -f /home/alice/backup/.noconnection ]]; then
sshfs -p 10934 lily@192.168.1.154:/mnt/backup/data/ ~/backup -C
else
echo "Connection to backup server already open."
fi
}
function mount-backup {
if [[ -f /home/alice/backup/.noconnection ]]; then
sudo borgmatic mount --options allow_other,nonempty --archive latest --mount-point ~/backup -c /etc/borgmatic/config_checkless.yaml
else
echo "Connection to backup server already open."
fi
}
function mount-ubuntu {
if [[ -f /home/alice/backup/.noconnection ]]; then
sshfs lily@192.168.76.101:/mnt/backup/ubuntu.old/ ~/backup -C
else
echo "Connection to backup server already open."
fi
}
'';
shellAliases = {
"sgc" = "sudo git -C /root/dotfiles";
## SSH
"ssh-init" = "ssh-add -t 24h ~/.ssh/id_ed25519_janus ~/.ssh/id_ed25519_dennis ~/.ssh/id_ed25519_hetzner ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails ~/.ssh/id_ed25519_gl ~/.ssh/id_ed25519_jeeves2 ~/.ssh/id_ed25519_jeeves ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine";
## Backups
"borgmatic-backup-quick" = "sudo borgmatic --log-file-verbosity 2 -v1 --progress --log-file=/var/log/borgmatic.log -c /etc/borgmatic/config_checkless.yaml";
"borgmatic-backup-full" = "sudo borgmatic --log-file-verbosity 2 -v1 --log-file=/var/log/borgmatic.log -c /etc/borgmatic/config_full_arch.yaml";
"umount-backup" = "sudo borgmatic umount --mount-point /home/alice/backup -c /etc/borgmatic/config_checkless.yaml";
"restic-backup" = "/home/alice/Scripts/restic/backup.sh";
## VPN
"pfSense-vpn" = "sudo openvpn --config /etc/openvpn/client/pfSense-TCP4-1194-alice-config.ovpn";
"pfSense-vpn-all" = "sudo openvpn --config /etc/openvpn/client/pfSense-TCP4-1195-alice-config.ovpn";
## Utilities
"lrt" = "exa --icons -lsnew";
"lynis-grep" = ''sudo lynis audit system 2&>1 | grep -v "egrep"'';
"egrep" = "grep -E";
"htgp" = "history | grep";
"gen_walpaper" = "wal -i '/home/alice/Pictures/Wallpapers/1440pdump'";
"vlgdf" = "valgrind --leak-check=full --show-leak-kinds=all --track-origins=yes";
"ls" = "exa --icons";
"libreoffice-writer" = "libreoffice --writer";
"libreoffice-calc" = "libreoffice --calc";
"notes" = "code /home/alice/Scripts/Notes/dendron.code-workspace";
"ua-drop-caches" = "sudo paccache -rk3; yay -Sc --aur --noconfirm";
"ua-update-all" = ''
(export TMPFILE="$(mktemp)"; \
sudo true; \
rate-mirrors --save=$TMPFILE --protocol https\
--country-test-mirrors-per-country 10 arch --max-delay=21600 \
&& sudo mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist-backup \
&& sudo mv $TMPFILE /etc/pacman.d/mirrorlist \
&& ua-drop-caches \
&& yay -Syyu)
'';
# applications (rofi entries)
"ARMEclipse" = "nohup /opt/DS-5_CE/bin/eclipse &";
"Wizard101-old" = "prime-run playonlinux --run Wizard\\ 101";
"Wizard101" = "prime-run ~/.wine/drive_c/ProgramData/KingsIsle Entertainment/Wizard101/Wizard101.exe";
"Pirate101" = "prime-run playonlinux --run Pirate\\ 101";
"octave" = "prime-run octave --gui";
"pc-firefox" = "proxychains firefox -P qbit -no-remote -P 127.0.0.1:9050";
"hx" = "helix";
};
};
# TODO: add environment bs
}

64
users/alice/secrets.yaml
View File

@ -6,54 +6,54 @@ sops:
azure_kv: []
hc_vault: []
age:
- recipient: age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w
- recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVQjVEMCtsREdCUTBQa21D
dDFSVnkrbk5hNlo3RkFoTTg3MjBLbE1oaVVrCjltcEQyRlhtWWtCQzlseEtvRks5
bmpTcUNZeDJ0VEFCa0FyZytIbTZhVGcKLS0tIE8zVld3cnEvR0VtN3d3d2lpWmg0
enZHM1ZycDQwUS9Ea05QWHdJeGM0UDAKop5M4ubVN+5nfeCS37T4j3FPn+aheo+y
eIUPSSo8Tzl+b7eNyvj4nrG7zGr+kTJhc2m03FNacadVblQiHXlc+g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Mk13QUFFeGx3OFc2MnN1
ejBwa25sVGJSaWhHTXI3L2dQWEk4Sm9zZ0dVCnpIblczcWRvVU02SnlNZFdvWHhy
d2NEMXpUUGFyUHZJeVluSEVROHV1UncKLS0tIHl0V1JaQ3ZtSkhrOXAzRkNMOU5B
Y0oyRWJMdXZmeDZxSzNCWUJEQzRESUkKIwxWT8Px1Y4QxW6FC349N89UbeGiA98k
gTwTDmABCbJt6MEc3zmoRSObirGLzgvmPjzXlHdmqcKoR0twXUBDYA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5b0FVMHdMWENPTXNZSEJG
SXBOdnhmUWt4QWZCOS9SRFJyNXY2Q1pDS2pJCk5sN25xSm5KVGNsWTlaOWRUaEFY
MXR4RHFaY1RRNEVVSHgweW1LUDlweFUKLS0tIFp1dG5RS05FdXlvTGMwUFdLK3o3
Y0pCclZFVGZxNlBrdFBocnBoVVNmMm8K7R9LKDLZPQbSU4rRoIKbbI/QWDG2A9V1
3Gour+tJuf/UjYsP/vqmNPzNrCjOu2iJ/WKBvtMJ3CVsJsEEWMuvTA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBra1V4bXBkZklucDEwbmdz
dk41QjN0eUtsZVMvellRMFRCOHd3Q2p4cXhZCmhkZzhwWTg0QkgrQTdIeEU0QjZS
aTU0c1NFV1hjZmFUUTFtaUYyMG1Pd2sKLS0tICtoMmsrSHJLS3g3K1JWelFOcWhL
VW1yekgzQkI2Uk9tRDJQTldrakZLUmMKMhmS9xqucsbfdIe1BjlPSYkvF88onzww
j5YkZSaaxNHcbMaTVc1+QjYv7NooM79EpUX96hP4BDwORpU3FWS2jA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
- recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyeHF2aXErVkJ3ZnhLNWYv
VEZJcTFzUHgvRHloeG1mWnZtdGt5UUNhWkcwCittNzRGQXJ1dkdJaVl0elNtVVFI
Y2dDcFdsK2k3eUhWUEFLYWdwUHRONUkKLS0tIHhrek1RTG1sM2NaakdVZHpDZlk3
aVhmdXBkbDhrRG9ZaHFVR3FOZUJFejQK6q/JOuoST0zCZzg6C7Se7VzVs9DpSMD4
0uddoEsKadtI+II+ozmuc/RkdP4lfymBioW7ka4Wlyap5apzWHd0fg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1VHF0aUN3cE1OcUtzWkdM
UGNPdVJteDFvRXFXVFVTV2p0WDV1TjBrTDIwCjVpYU1vbXdDQ24vR25qN0pEalVw
U2laUHg4TkVCLzNQRDI5Tnpzam5ZT2MKLS0tIDJNdXk2Y3V0bEFlY0NLdXUyMWw0
aHZYZkJoajZDa0pZVkpxbzFXTm9ZbXMKamjLneLosXuqhUcsiLXFGEgMVN+Yzklh
XKf6vPmwcPuOsy5yimy5P/TygLWJ0JeXDoieDEL+/NN6kt2qtUWD4g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-03T22:20:54Z"
mac: ENC[AES256_GCM,data:X+j5RMl1RUlciT1fdLYGCzkD2AZmprmAsLhaC9Fy3zoeWlGJcC/m5g7kftPOUkha83NgOkWuaa4tjIMegQwK8snmY8R8Q6XNVuS6maYnynzFwzhGON7L33j7465onXsNqfQfa+I8AEaz69CynfbTq4L7WOLO6s8pvh1LDLi4ZvE=,iv:8uTaRrYxg6mVNIPm0Pg7S13nG2VOg/4IjVbbeilQOAg=,tag:lCrBGVRt3uYY5/fHDG2xVQ==,type:str]
pgp:
- created_at: "2024-03-02T20:52:45Z"
- created_at: "2024-03-23T05:48:28Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA84hNUGIgI/nARAAr8UXHBCr6C3TrW1g+xLf7Q5XMP1cx2TAId7tCS/Z9R5e
+Zdzx+WYRuQwKLAYB7MwzVA22DpK8o5FY0kSXQCEziha5HCRMta2XHeprOU1GfK5
jDOqdZK/DOpmqeuaBDhzczgXFR3h5nRQ9YJFcfEVB0JhUmsoLUTR/I9fTUNXPFa7
d6urPxEcLyLqgWR5AxO9xjeia/WObidfYrYaXn+VY4lTx/kwV6Rsm5eThAagmtYP
kQqfNn9M68zgf8yQre9piNEktHf0tBhREZycd0xd0EMCM6TbIbisPI3ITqDQPV6c
eglcqcdOqNMjeVVbzQtTglzfKO4M2gquSLR4Kuvt08JH6bhtOGlT1njKfDKGykti
+ifHYD8iEk4opYJ1H9fS55E673gJXN1rUZGvAhG+FPz2bW/UAgq0OvdzAdZ+90B9
fm8vb7F0UdwC8lO6SC2QLiTVzu3wNuh9s//2rwXLmzewkkH+J4wpg6+Kyer/IkrI
D9qak5tRFJcKlfWbn4skH2T7aloFXuJYHcVjAIg7XHjK4PUsHkq1n2lP9VkpQ14w
zt2Mn9gmtYX8GNwqQeys/BqkHdkVk2VTV6Ge9O0PmIGx2n/3F8iZwNedz324I8HE
NIbdNR3V94uDRuHAPH4hL+1t9MoEklFbvvMp1Aak/eaw6rvQV/Ore3852pX7xJ7S
XgH3rCh73zJEq9NuqKux2U4sW47e1J8tFPet5Sfvm7Ra/0fqtf6YbufKNvd9OuXc
m61xY+IxYwDfxvMLfFKX0GLFyLNmBoiPCLkVZ6Y+UmK3zD2BVbVtDLuVSi/ELV4=
=iuPC
hQIMA84hNUGIgI/nAQ/9HO5t//5ztagOvKoBP/W4p9Huhav4MEmqZADmbXEv+ZcG
ihnaeiofyoaKbJXfmGZ8vDIA68ZvKFL/n0sDR/plUHAuHuCR2qa+sVmo9ruJyKEq
EWc/BlguqXJCiga/MP2Ocbh+XQYJMcwGorcR1tkFjL3HkHlY+MuMCZJr8nhoERba
bHNIG6J31EHZ3ivub38C9GWuwaosBqO5AlUH3nRA63vMcOCwdnpXzvc4qeIgtfxn
ouSdj7zl75v1KG8wlR0v8ciHHdNxQ/8WoLK9QduXIFnFGxAXFYOY2838mMNZOSr4
q6tg7ICKdMS1h3I4cTknUFEE7ZEEDMoZR/r89rJMXMQJGZ4JWVgkAroXyriRACSp
GmObXzur8BmJvaSmpckacNqZqUyVCveM82344t/q4BDZmiOKUhFQNeo8uQhgd3Jf
Z3gnNA1FsvMJOn2/oLxDP0d54uysN1fWnuhXiosiONonBNcHCuPF5Zp3OdAXJ/a9
YSj0n6mee600bhn0ff0MrxXfiBQUXBnTjtUljhM1EuXrniskp1OK2Xi736O+5KwN
ppT0Iol/cdfUcPNj+cONjkk6xVcARNuQ8vu0clGMPfqfkg3Ne9gLqUGoH5f2PMe2
sWNFMhhfqcnhwEGXDw3hXEGoabzxKr5YbItwe3t9oxbp59lgxuP38yaTnOe4KzPS
XgHntRY2zgxeKFruk8BjCyeffJO/4uXaj2LKcGcRKP3nyJ1h0JX7itmsGbYshhTZ
976Oaooyoabhv7NbUrZkpk6TcD+H6AIC7vavLZsva+BgDXKRH9nxTcDXo45WbL8=
=qXlJ
-----END PGP MESSAGE-----
fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82
unencrypted_suffix: _unencrypted

63
users/alice/systems/artemision/configuration.nix Normal file
View File

@ -0,0 +1,63 @@
{ pkgs, ... }:
{
imports = [
../configuration.nix
../programs.nix
./programs.nix
./desktop.nix
];
time.timeZone = "America/New_York";
console.keyMap = "us";
# temp workaround for building while in nixos-enter
services.logrotate.checkConfig = false;
networking = {
hostId = "58f50a15";
firewall.enable = true;
};
boot = {
useSystemdBoot = true;
default = true;
};
i18n = {
defaultLocale = "en_US.utf8";
supportedLocales = [ "en_US.UTF-8/UTF-8" ];
};
virtualisation = {
docker = {
enable = true;
recommendedDefaults = true;
logDriver = "local";
storageDriver = "overlay2";
daemon."settings" = {
experimental = true;
data-root = "/var/lib/docker";
exec-opts = [ "native.cgroupdriver=systemd" ];
log-opts = {
max-size = "10m";
max-file = "5";
};
};
};
};
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
services.fwupd.package =
(import
(builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/bb2009ca185d97813e75736c2b8d1d8bb81bde05.tar.gz";
sha256 = "sha256:003qcrsq5g5lggfrpq31gcvj82lb065xvr7bpfa8ddsw8x4dnysk";
})
{ inherit (pkgs) system; }
).fwupd;
services.fprintd.enable = false;
system.stateVersion = "24.05";
}

10
users/alice/systems/artemision/default.nix Normal file
View File

@ -0,0 +1,10 @@
{ inputs, ... }:
{
system = "x86_64-linux";
home = true;
sops = true;
modules = [
inputs.nixos-hardware.nixosModules.framework-13-7040-amd
{ environment.systemPackages = [ inputs.wired-notify.packages.x86_64-linux.default ]; }
];
}

19
users/alice/systems/artemision/desktop.nix Normal file
View File

@ -0,0 +1,19 @@
{
config,
lib,
pkgs,
...
}:
{
programs.hyprland = {
enable = true;
xwayland.enable = true;
};
# Optional, hint electron apps to use wayland:
environment.sessionVariables.NIXOS_OZONE_WL = "1";
services.xserver.displayManager.gdm = {
enable = true;
};
}

90
users/alice/systems/artemision/hardware.nix Normal file
View File

@ -0,0 +1,90 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [
"dm-snapshot"
"r8152"
];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/f3c11d62-37f4-495e-b668-1ff49e0d3a47";
fsType = "ext4";
options = [
"noatime"
"nodiratime"
"discard"
];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/720af942-464c-4c1e-be41-0438936264f0";
fsType = "ext4";
options = [
"noatime"
"nodiratime"
"discard"
];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/035f23f8-d895-4b0c-bcf5-45885a5dbbd9";
fsType = "ext4";
options = [
"noatime"
"nodiratime"
"discard"
];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/5AD7-6005";
fsType = "vfat";
options = [
"noatime"
"nodiratime"
"discard"
];
};
swapDevices = [ { device = "/dev/disk/by-uuid/7f0dba0f-d04e-4c94-9fba-1d0811673df1"; } ];
boot.initrd.luks.devices = {
"nixos-pv" = {
device = "/dev/disk/by-uuid/12a7f660-bbcc-4066-81d0-e66005ee534a";
preLVM = true;
allowDiscards = true;
};
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp196s0f3u2u1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

101
users/alice/systems/artemision/non-server.nix Normal file
View File

@ -0,0 +1,101 @@
{
config,
lib,
pkgs,
...
}:
{
# Adds some items from the server config without importing everything
security.auditd.enable = true;
nixpkgs.config.allowUnfree = true;
i18n = {
defaultLocale = "en_US.utf8";
supportedLocales = [ "en_US.UTF-8/UTF-8" ];
};
boot = {
default = true;
};
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
};
users = {
defaultUserShell = pkgs.zsh;
mutableUsers = false;
};
networking = {
firewall = {
enable = lib.mkDefault true;
allowedTCPPorts = [ ];
};
};
services = {
autopull = {
enable = true;
ssh-key = "/root/.ssh/id_ed25519_ghdeploy";
path = /root/dotfiles;
};
};
# programs = {
# zsh = {
# enable = true;
# syntaxHighlighting.enable = true;
# zsh-autoenv.enable = true;
# enableCompletion = true;
# enableBashCompletion = true;
# ohMyZsh.enable = true;
# autosuggestions = {
# enable = true;
# strategy = [ "completion" ];
# async = true;
# };
# };
# };
nix = {
diffSystem = true;
settings = {
experimental-features = [
"nix-command"
"flakes"
];
keep-outputs = true;
builders-use-substitutes = true;
connect-timeout = 20;
};
# free up to 10 gb when only 1 gb left
extraOptions = ''
min-free = ${toString (1 * 1024 * 1024 * 1024)}
max-free = ${toString (10 * 1024 * 1024 * 1024)}
'';
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
optimise = {
automatic = true;
dates = [ "01:00" ];
};
};
system = {
autoUpgrade = {
enable = true;
randomizedDelaySec = "1h";
persistent = true;
flake = "github:RAD-Development/nix-dotfiles";
};
};
}

40
users/alice/systems/artemision/programs.nix Normal file
View File

@ -0,0 +1,40 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
bat
btop
croc
deadnix
direnv
fd
file
htop
hwloc
iperf3
jp2a
jq
lsof
lynis
ncdu
neofetch
nix-init
nix-output-monitor
nix-prefetch
nix-tree
nixpkgs-fmt
nmap
pciutils
python3
qrencode
ripgrep
smartmontools
tig
tokei
tree
unzip
ventoy
wget
zoxide
zsh-nix-shell
];
}

51
users/alice/systems/artemision/secrets.yaml Normal file
View File

@ -0,0 +1,51 @@
hello: ENC[AES256_GCM,data:UJlsd5kvnhEv7eJeYwg+NHm9sgUAxYM5DoR0gDPLi9J7P+8FI8WPMkN1wEAHJA==,iv:NFSdZQ1OK4BT+EAGZz122NB7WrVCEzv4wwMxFIE/OKI=,tag:6YT7Vw8tFrw9iEFKxeKRFQ==,type:str]
example_key: ENC[AES256_GCM,data:KMXgMrqe7M101ZMJ2g==,iv:MJ3Iiu/0KIVhPFnqfovysqvPJAv1OsnxE4VIsuexFkE=,tag:X6KIKNGym8/9VglmG3SNRw==,type:str]
#ENC[AES256_GCM,data:QR3WNE/a1hZIXnTjFjK3kA==,iv:eXoZJ5rQaYqN7LjEp2M13OCMwuQ+80M5AXjV0uNc4C8=,tag:sCvL6pr9zAyWZziffVFMzg==,type:comment]
example_array:
- ENC[AES256_GCM,data:g8PulCLrXZYSEdZJELE=,iv:irGwciFn1zXBxFpGAJtD46EQLGUO5oqdCzRgv1204JE=,tag:2MuDdRYMjhtTY++lPuj1FQ==,type:str]
- ENC[AES256_GCM,data:qv7GvmoOX8VSdaiW/90=,iv:6NOWeWqHUV9ciKPmZF4C7ijuIPFr3YZi3Dh7xWnb07k=,tag:VHXdBhWmEpb7uavCPqGZ4w==,type:str]
example_number: ENC[AES256_GCM,data:g8BIEIcwKRLSbw==,iv:Ay4aiukAvXeDhzlpMPn++zR0Tt2lMqCx362uN37S+ac=,tag:NTtNaIu5u8YsIm0M4OgL0A==,type:float]
example_booleans:
- ENC[AES256_GCM,data:94T9mg==,iv:qKGJke4SGhgN09Yebh5MPrRBDNnguJQ+1dl5XQffGZQ=,tag:0Pa3eujmSxDCnAHKHsx6yQ==,type:bool]
- ENC[AES256_GCM,data:gEvfi+Q=,iv:0DrXoZk8OkdUShc7WAKOL8xG26RFZp3M3qYFAb1hDAs=,tag:uemBrdF87nrfLpfnQ8bD8g==,type:bool]
#ENC[AES256_GCM,data:pC2Kdy7wNc0=,iv:J7Ggfv6K3dCzL42j5MGd+BjQGseoAoYs4k6+yc3FSiA=,tag:9MriduP9SEIi+c1q4tfzlQ==,type:comment]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRZUNHeDdqaGt0QnFIejdM
MU5uaDNiN2xOeVlZNzQyZXZ0R2NYUU83ZWxrCmNDL3J6ZjNmejBuUXk3cldwZUEz
UWVqMTVPelN1MTJDNzc0UU9XNWkralUKLS0tIDU2b053Uk5VZGlWUk9XMXZ5Wllk
UlhhNzNjTHdVaXlPOFJhc0EyZGh3RDQK1c7nctmrorze4Kr0Grmcmx3N/UYXPwJc
FfClOoGxO+4ZDtxG61SDU1UdYae4loQ8roM8jDIPFMfoEum2bT8oXw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-23T05:46:44Z"
mac: ENC[AES256_GCM,data:/QpK5JuZgnKKHSOTKMRV291UJbPQaNFOx5hheBFx8aVKbS0TGPBMhFp65mw2dOjwT92iyjTxsox/wwev0wcNdNwlvLYTwFdwf4D6FHyLgX/DSkMfqcXbk8HHFlu0LEyd3W6wi2DBsB0KwiVcfsFKoUD4fKbpWnY2EXFOPD6L2Vg=,iv:hPlgFlPqTDXqfcCjRsJuznR+d3PlwT2kJ/TwFe1obfM=,tag:ZkpcEP0u95vvR37GkJGkuQ==,type:str]
pgp:
- created_at: "2024-03-23T05:46:35Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA84hNUGIgI/nAQ/+IwyPDjs/jDCBlnYFboHh6TXx8ulysESst4hz5crM4L0u
wylKyfEIBx0eLy0mLLA4DhcpYza0Nry5RLdwDNfimhATErfQxnwqlZ6RnYKnh3Hk
93L66+BEKPd3EZOH+RC/wb0qiTDmU0yna8jtVO0uU7s6//hm/g7bdmQAK0YIJLcb
sd83n99R4oHVrq7iFc74/AV5isW9GcfmvLI94eodFpaE1dpqm4KzNpLueDCOvA/1
vPo5Lgtp9WM4FhXUqMiplCNqMIt+Hyj3F+p+9jgQ2dLfHuVkI8pzd47gOHyMDYPy
fn6SVKZtOyfNDwhs7L5piiarSXISBGtx36ISDvtvtr/vgMydTdvILIOo9pkSGVtN
4W7+ywMaFjfAeShTVtUJNJqmp/8agt2WtaUX4kPPha4SxlNSOMpeTQ31bs89gBtc
g2325afL2WPK4NSAOmU8VMXqmFc2A10aFlx5nsfT4S1wkoNbitTWgoAcCa7kGRPW
xZca225cwLUzkggv74cfYT3YnQL40AMSOMqSRS8pbTFEENG1BtsB5A++Jji2i4tO
xoGIL8LRCEfiHpTC7eBwDDVmKb5StgKsXs6yYbQG5XW2W+/Jgum64Sb7+LviQ9Mq
WHNiu5MZPeKyHFu9jI9Ne1HpYJnb7/X9AxFw2e/vFwVn+kjaXcH/PhsYuPUyqkzS
XgG3tFbcgNtMWyoLU2EL1Qvwq1pHVrwmeNXHidESx23HeJtnIwoKkdopl4qqqNle
uQYP89bvb6zFWlqOSwLORZmj1W1wVTYV9eXplDbJob8agBKIcIuhtwri5e96gf4=
=XdJo
-----END PGP MESSAGE-----
fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82
unencrypted_suffix: _unencrypted
version: 3.8.1

12
users/alice/systems/configuration.nix Normal file
View File

@ -0,0 +1,12 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ./non-server.nix ];
services.fwupd.enable = true;
}

88
users/alice/systems/non-server.nix Normal file
View File

@ -0,0 +1,88 @@
{
config,
lib,
pkgs,
...
}:
{
# Adds some items from the server config without importing everything
security.auditd.enable = true;
nixpkgs.config.allowUnfree = true;
i18n = {
defaultLocale = "en_US.utf8";
supportedLocales = [ "en_US.UTF-8/UTF-8" ];
};
boot = {
default = true;
};
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
};
users = {
defaultUserShell = pkgs.zsh;
mutableUsers = false;
};
networking = {
firewall = {
enable = lib.mkDefault true;
allowedTCPPorts = [ ];
};
};
services = {
autopull = {
enable = true;
ssh-key = "/root/.ssh/id_ed25519_ghdeploy";
path = /root/dotfiles;
};
};
programs.zsh = {
enable = true;
syntaxHighlighting.enable = true;
zsh-autoenv.enable = true;
enableCompletion = true;
enableBashCompletion = true;
ohMyZsh.enable = true;
autosuggestions = {
enable = true;
strategy = [ "completion" ];
async = true;
};
};
nix = {
diffSystem = true;
settings = {
experimental-features = [
"nix-command"
"flakes"
];
keep-outputs = true;
builders-use-substitutes = true;
connect-timeout = 20;
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
};
system = {
autoUpgrade = {
enable = true;
randomizedDelaySec = "1h";
persistent = true;
flake = "github:RAD-Development/nix-dotfiles";
};
};
}

53
users/alice/systems/programs.nix Normal file
View File

@ -0,0 +1,53 @@
{
pkgs,
config,
inputs,
...
}:
{
environment.systemPackages = with pkgs; [
bfg-repo-cleaner
candy-icons
calibre
# calibre dedrm?
discord-canary
fanficfare
ferium
# gestures replacement
gpu-viewer
headsetcontrol
ipmiview
ipscan
masterpdfeditor4
mons
# nbt explorer?
neovim
noisetorch
ocrmypdf
pinentry-rofi
playonlinux
protonmail-bridge
protontricks
redshift
ripgrep
rpi-imager
rofi-wayland
# signal in tray?
siji
simple-mtpfs
slack
snyk
spotify
spotify-player
#swaylock/waylock?
sweet-nova
unipicker
ventoy
vscode
watchman
xboxdrv
yubioath-flutter
zoom
];
# ++ [ inputs.wired.packages.${system}.wired ];
}