From 90cf8be3d2ec9e3d48737a193dbfcdccd14d39b9 Mon Sep 17 00:00:00 2001 From: Dennis Wuitz Date: Tue, 26 Dec 2023 02:56:52 +0100 Subject: [PATCH] sops and photon setup --- .sops.yaml | 17 ++++++ flake.lock | 18 +++--- keys/alice.asc | 134 +++++++++++++++++++++++++++++++++++++++++++ keys/dennis.asc | 26 +++++++++ modules/boot.nix | 4 +- users/alice/home.nix | 32 +---------- 6 files changed, 190 insertions(+), 41 deletions(-) create mode 100644 .sops.yaml create mode 100644 keys/alice.asc create mode 100644 keys/dennis.asc diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..12a46ac --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,17 @@ +keys: + # The PGP keys in keys/ + - &admins + - F63832C3080D6E1AC77EECF80B4245FFE305BC82 # alice + - 8F79E6CD6434700615867480D11A514F5095BFA8 # dennis + + # Generate AGE keys from SSH keys with: + # nix-shell -p ssh-to-age --run 'ssh some.ssh.wavelens.io cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age' + - &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej + - &photon age1rjlc6vwnz2lcrpshtd9rldlxels6l2utwmnmf3prus8drfefeywq5ljrdg + +creation_rules: + - path_regex: systems/photon/secrets\.yaml$ + key_groups: + - pgp: *admins + age: + - *photon \ No newline at end of file diff --git a/flake.lock b/flake.lock index 5a2b3d5..62f675e 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1703499046, - "narHash": "sha256-A6wclPJCOMEYuD28KBOBTwHEVOKy3f9yvuMFAJ55dco=", + "lastModified": 1703527373, + "narHash": "sha256-AjypRssRtS6F3xkf7rE3/bXkIF2WJOZLbTIspjcE1zM=", "owner": "nix-community", "repo": "home-manager", - "rev": "d5a917bab40daf4e5f82cd27162b8a6656d3beab", + "rev": "80679ea5074ab7190c4cce478c600057cfb5edae", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1702453208, - "narHash": "sha256-0wRi9SposfE2wHqjuKt8WO2izKB/ASDOV91URunIqgo=", + "lastModified": 1703545041, + "narHash": "sha256-nvQA+k1rSszrf4kA4eK2i/SGbzoXyoKHzzyzq/Jca1w=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "7763c6fd1f299cb9361ff2abf755ed9619ef01d6", + "rev": "a15b6e525f5737a47b4ce28445c836996fb2ea8c", "type": "github" }, "original": { @@ -43,11 +43,11 @@ ] }, "locked": { - "lastModified": 1703466232, - "narHash": "sha256-euLiyAHlppxizV0aRHx9adR4fTTLQVFL5sJ4LWn6dTQ=", + "lastModified": 1703545968, + "narHash": "sha256-u5yE7Bw2mw/yu+Ljk51YOoy0rz3suGdiOS6dSu8Zgm0=", "owner": "SuperSandro2000", "repo": "nixos-modules", - "rev": "d428b73701f49f1fe5f47720db4d093d60818f18", + "rev": "c5ae5e9b02fddb35ae37479c77238fc3dd9a1589", "type": "github" }, "original": { diff --git a/keys/alice.asc b/keys/alice.asc new file mode 100644 index 0000000..05c84e8 --- /dev/null +++ b/keys/alice.asc @@ -0,0 +1,134 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGNBF/33QABDADHZbNJTaBGLHyTN+Bjw0MQPzWcpPlUoY3LoyjDrllsSNVhAGP/ ++soCIda2Hw4oKEZb4A/YHQiJlddKcHgvaWQpDVKo94ZQ8ctPdEA2bmbIqcBxWzC8 +KRKX4iYBZVLljG4SqjUV+ImTI1baJPY1RETo+imi2pR99wZFtXxAciZkhLTVoJWL +Tx6Ph0qHzxrCBRHjCK6WsTv4RRDAWLhS5tX88m6mbX3riOGNS/MJ0kFweP+5w0qj +dg9tEaSPpgblpRWyGMwibaaSKwgnTqR7uoxhqiNjC8KP9pwJPjKd5L0K1uRjVXOI +rJIxWA0g1KCbUwCeaayYliGZ6I3IMOan6Bx+Gap27TqyjmAwlI0YgYGQIS9h/wVO +aSK0onVwSu4sZoIGW0DnyKF18QpRfLViAaWptoCtaShkXfIXlPVhsPAKHOnJK+Zw +06Ucgie8em1YQHWyCaPqGSO5Fo3weFF+SDvwpY4mWFHpnRx6JcThVTaYUkgNMiBA +2lOlqLw2okcyftcAEQEAAbQlQWxpY2UgSHVzdG9uIDxhbGljZWdodXN0b25AZ21h +aWwuY29tPokB1AQTAQgAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBPY4 +MsMIDW4ax37s+AtCRf/jBbyCBQJkGxpkBQkGBHDkAAoJEAtCRf/jBbyCMWAMAKgL +r2W63NwYGj0QfV4/+6Va8LWzkFSi9qjBrdzpQjdKBfzIOrKtnToO+iAaeTSzhIdr +CyCH8z/AOv+7D6sGGsVGtiu/f0zoLNlEmp3wH1RenxBq9XK1lT2oPsiUL5setHec +ba/z6ErLvIKjpWIu+UtrAHFkJIh6VvXhgyIUYkB1dIzy297B3nyvpxsRHoxJSpr4 +aej/TFdpawZinDoJ0tWd9vKpDTEMIiXtQBhcgzV+NNFRfQdR0jJDnsoz7oCjsgnD +ILCLMR7IzMerTN/hypGMDOeANX3F9M7yQlLgGYUSt6ViXjYru4lb3zMEm3UyT8Bi +qQICj2RK8I8pDqMqBN/hP6bZjKAFfxPdQlvwmNfAIJuxNKJHYUJHqHfT3r71YJps +vws+RtnA8hKLVWr9c45BaGWvVRx9BS6z/5LznWkKvsnpW2iIHkF8+/RKFC8xtK3m +h3yOjVrBYKHGHwFtFhTO0/fi+RZOPk7eGaySJpb3f4Hdorr4b2Bp0XtnVgVcoYkB +1AQTAQgAPhYhBPY4MsMIDW4ax37s+AtCRf/jBbyCBQJf990AAhsDBQkB4TOABQsJ +CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEAtCRf/jBbyCbb0MAJ2YB3mwk8umPWbG +Th0vwzJYhNNZF/GnrAxRehWmxR+15zO5g2S9J9Mx1C8X4AHY0DkZJSanGj++xhXP +pV7CccC/4Pfip7Doz3aV1baB3kTBtwvuNES6OXv8/09Dq2OFi76ArfJBNSNLQdNk +9YKnWS358C51wmXYM4ZF7KLSYxRNtr0Y2hwxIq+JPvBMJ1N+vx3AIxFqKIEfVaEp +IwMNaCJBojY7P/UBKLOq/2w0tTbMSsO4xHIElGZQnke4tBFiQIrR4W7+KZpfPL34 +KRwB2c1dNyYO/en0cRCYJHquSbAkgg/gWYmkj2cUglPjksJKXEq3VJPmkfMjU9+d +TK2wHW/4V9ELp3z/zDorptCkUNY2+Asf3W4YfvXrqSDAynA5s6KBN357wvYxwImd +oMICYwUkD+eQGQA56RIeF6W/i6EndBIBNeygr+ysVKdycEEokNN53iHujCfXcKLV +wXNnDyNFZ+NGZ4ybFdADMpg6gWdvOaiTcW++x/h1cUe8TFjzrbkBjQRf990AAQwA +2S0HRUcJELtXnA/ZQWLxgpLpe1WgDKGSlVIecggX15awJboMAOs7r2itYYX7Rjl0 +CJh4SyWZ3jDu+aP6U1xo+Q1l4eyOtkrIvqSJkOxXAdOM+oNpIdNLkf4mn08WvfU4 +mKCH9E0jwT6r7EdR9CutzNZ1GnwHeCFW8xOtsFoef3S6WIrcP9cWjhQ2QPkV3XOd +wIUG8t9qtpC26rzMadJSWj9NFy3tIyl3zOw5mrc/bgPQ8wca51ZcxNG2QIxegD33 +3lMLFtQHVZJl5i6+xJu50CCQi/z3d3APzk5oSsEo5tr7+D4mkpsd67gW4lXEX1cO +11zGV+PUw+i+zYgLQmSBHWgYOoLvA76DhNimOoN9EAdeIl6P7Y+gWmW+ZvGk9z0g +/ZKpihdKYhIGn5flR8mQIWnArNk8ASEYKWSA5y+et6KioGGqSyhtIgEepWNuQoFj +mQh+cCfJSumFzJRhCPQWbQsmuAlK4MOnWT2vaFk6qyWP52aJesjtNC+4dfGZdU8R +ABEBAAGJAcwEKAEIADYWIQT2ODLDCA1uGsd+7PgLQkX/4wW8ggUCYsyZvRgdASJl +eHBpcmluZyBvbGQgc3Via2V5cyIACgkQC0JF/+MFvIIk/AwAppJGiYK+fg3ogHYX +PkWMTgN2riXp/8hIwKB6I3Hq9C+dg5qKQhSOsi2Kw9g7QrJ+Yd8yKhCS73GnnOJg +/LT4BPV7siRBqYkuLvad454obsd6XNCsEA7xPyeWNqUnC7uwiAb/y+uyOx1aFaf9 +ZJZ0novc7yZxmp4IynEon6QplTg+uj6iLYoqFTlSN6X8wm+piJXqBK2l0mp/ZvxB +xZ9ARu7eVvgQ4Q43sekId5RqHZsNbsUP6hpKTpMQhtWsEpv+W1EKvw0K6wgdxgT4 +/55S66gc0WTRY6AeES/aQA11XNe2VXmmjNdpF0wcV/UKQliYL6jd/fBWhdWpd0Jj +Fj+RzGJXkW93ppUgyK+KBAggXDW3JxTCM0x99PVwPGxN0bd6NJFW7X8RYeHEFgZu +Z5GJBFjDEzE4EDvUqfVFyLlDKdtTinFAaqTujaBb7refp1jwdY1pIXk7wVmfoF/H +QsE6wkedD1ArKKBtn+gr/KjdWjtwfhgq14uAz+dgdF3o1X5eiQG8BBgBCAAmAhsM +FiEE9jgywwgNbhrHfuz4C0JF/+MFvIIFAmHbv2MFCQLRMGMACgkQC0JF/+MFvIJD +ZQwApRq1BDKclyPvQdejX1UyON/GnlDsSzQhu0SQALNVANsVJXNJgJOmjpnPEVnu +FLH/LtdrtEUBs62UzDofhwtgy6/KBDfQONPtCTiZAdJ8P9MDmJzmKAZj9d3oA+1m +C6t9ZVuIEA5ucspjxXDV2KM1NDzQrW5a1x6eidTrHiVnaTZtTd+6TOYMtonRn2n5 +grpRzh80PwPFjWxrdpo0gkPsbaSNts4VhIv6RvO8x+T9pIoHbFXK58jWHGH5c6E0 +NCLrlocxRI2m51PAUcJFohsA0/queLNi7NXmetw4C9nRKJaMflgfdKssM9YDk4/n +7bv3wqVmXvelljpzdmKb8CKEQAYTiXgU89ldO2aSBWKz4iHQS8rfr4dRZVxt7wUY +3Vh1X0O/21s5CXSp/Inj+EHskbUVsymWf1VKPjLkMqYTpGUVT7bTwMSguNDy16OY +cG/pcwb+S0j4JAprZX0UBwGpdgxcbsoipFXZjbpJgjAAiM+s3LWfqFyxELuT8hgB +kPeDuQINBGHmRxQBEACzWKaz7Mqy7BuN42Re11xloHZYfLUEDCUPM9ITdw6v6tJ5 +nNhlXJotpHy9PP0/y73j4CbmooKVkGeXzXrPmYKvuFbyvwBrQUo6w5K5dMzv6Ift +SZwaX/09u6+y715uoEiYqlXrtJ0uLdgb+ljI/uNeoR88hyRhNLtHRhnoC0M2jIum +OPvNWCEmdvdZXEEyiZWxK1fYytCfCgzhuWPODPwiBT1qLk5dZwneK69HRogV0tcF +LNW5Sf5oUTRMJtpAv31W3g+g/NnpmbWLW2ewcgBORNPG2y6X2JYZ+a12zqU3afKr +r2d/QUOcjjWytbXz2YBh8ys5EQkD0dp8Tnl3woL63qXHT7P5jeiGnVexSXa5lbWq +VDT70RSoJT+bnbC3c609eQqdDW7bThY2naVzpuYpjvUPG/KunDrbEp31p4IUa1hZ +Jclg17Ns3VTNMdJPee8rVFpQD7avVT11SzOGgBuNlzIySUT3CaLz3zTIh60UPv1u +ZKwSlbXrAonq9O36UjDYePK7UuaH1Ec9sJmP9JlEW0FBlMRCWQ/IevgCmpPTcQfq +/5RGupB8wb0vh4wYDo0JgSDfcvxFmxuHdficTCZQpLyuiA3FgIdq28RJgyKLQT9Y +4M20rNfOZ+HKrCF9iq/pi9VL2us4xXu3NpMNBUDUvaUjcopyLu52xpA3OSspuwAR +AQABiQHMBCgBCAA2FiEE9jgywwgNbhrHfuz4C0JF/+MFvIIFAmLMmb0YHQEiZXhw +aXJpbmcgb2xkIHN1YmtleXMiAAoJEAtCRf/jBbyC2kUMAMUpWzErKbY1Fhb5N3TM +/esAsiwYZjdEYRc5O5hnzZhmePZDQHU0mvUPCBqRJQOUZLHB3ABxaK4MjTGnJmYr +segfrjz64ivTMbSq+kNurg71n5nkxijB+f/qoZ8BFG/goKKPevJIQzXBnXzkJeld +xcQ9yV86kfHG90gXuseR4qPwflOgUWFlqBkK4itqtTICLc1a3rIIEqaba8g80v75 ++XIOliPXJDjqTQhW5BT8l2cJPCeOj91MxopVKCt8D15223rjF1v9sso6QNogfELl +z4tQkIlw8mmJQ5t5rzu8gKqLfSweoyk6zJNoLeaLpibFVBK/NTQ96U0BrpXl6yEP +5d9uuv5sdEA3ioIv3L6mDzAjLrTI+dBVZefrEndrPfpJ+gijY+aIow4Ec+Ek3iw+ +rqetnQKObtVUKMFg9xjTrf4jqA05jfEbOsUhB/UWliX+m3C72DjuYFK4gc8h50YE +6mY1UfPKa4LZjkZWimcdpBoZk8rvvGKJ5yxetUVpc8Vv6IkD8gQYAQgAJhYhBPY4 +MsMIDW4ax37s+AtCRf/jBbyCBQJh5kcUAhsCBQkA7U4AAkAJEAtCRf/jBbyCwXQg +BBkBCAAdFiEEpDCS4Uu1iKD+tP9UJ181DjcuqJMFAmHmRxQACgkQJ181DjcuqJOa +0hAAsKW4uaBdfE4ZL6LMBoWomi2fpwHS5zfnG+gXFygZM/9Yi0HJew1wSat5V/pM +jGQfnXABNQBx9sQmArazJlrXXx3+l/OOxvKsY2SdeGLIKpy3ufgc0q09oc6NiuTq +6qRw869YaACrdbYK9yAuqnX95KlDcVPrFdu6BA5Vwz2grvAZFNTyJs8prkDibp8E +JqsEpk543KgEhIREHWqC9LCAsPoQE1YKZ0a9FjrNW7NE5dHXE7rv1OJ1P1ScuxYe +dnDXNyQsx4I+fenzmPx1ql2j9UMYpnQFtyemYz9phIN1qclA86+qLd2rYOANUzdH +yQYhjuxxacXVVDvnXImdgkal/Mp7+g7Pi6vyzvgQt/1vDmRm/XIauhXCnOTX4rBm +/NTdnaaVuF9CjpSKeLi7hFJYyLaywr41Pd7x/VULd53P6jSqesn8s2U3Rob+8GJS +7clJpL8DRbxRGBx12Oih+CzqCqa18lqBmWqOsyv5keV2vWnBFDGtS3vQqdvAH4TL +cVp3t3sy0oURaFeg+4zwlSOGFPwFG/G0z8F5shKq9zMCDqd2aTBgnW1V9wCXC5d1 +FV7VeT6JzfSvDSqWr0zS3ciMdinYLtmSHPv5NfNQmQCu0oOytyn1KxQ3efOuSsc5 +83U8Y0u/4RiAmm7muFKaNnH6GBc1iDTdbibtvU1eVQFfVnxLTQv+N6S39uc3SMSI +YZzofnGthGWg2gkaVF7UXwKP5UH9HRTBUjVgiIfWvU3weaTsKVsBFRv9pJ4WA2+y +uOH4Ew0LnkkbLynpgmpCHD3STqNQiOtuVqs21vID8+BL1AtSQga6CJ08uDVXi1pQ +OnwdMzISWiEIj+dylCjfQrHFu1MMU+PolcSf5VPszetmI2R526veCwW9uzhb2kPH +gyT0aRlW01rAU1On87vgxiD6TQVFvOBF/IwbqnQrR+98RlxavHpkHsjv13PpWgT0 +Hl9AnySQKzTjdvRpViD3JanowcwC6eaWLZu71o/e+/aYqgzW+rGL66ROwKZoDlaR +VplmQwq1b8/DU6PSCZrfdiu3ycTEu5Bv7mjwSDu0l1dZx07Cs5RJ5/IvhvNeX4WH +TbnAwJjgHiyQCxqTJnhhhRkYjAAbFhmCstGk3wWzubr8rqb5Dy04O6R/jZET3+WH +UFSAGngE1+PGim7kDEgWqI/D2XDCECiqYq45Nso8fGHqRWZ4ne8GuQINBGLMmf4B +EADukvOEQUe2VD/5i1LFsgyBfuCMbs3Uq+mm2fYDSLfQrHaOUTq4AiwJTeUtixAu +Pov/kt1BQf/KOnqEiiZKgQIGYpTdnmpf3XjWPEU/veSSa9Smy2IG6N3u7o97rcbl +F/NXxarYMzQhDm842qxSHiafVYvZJAmJGsgTJ+ZTv0NUHOdOEMlgg1nZrZIv7PYW +yNyMD4sXHO3Opuzfa8AXBQuICmBM/Nuv5/l3lhcRYXSImMB+xlAZCvS2pyAZODk9 +mXzFVHpctjUezHkfQrUsI6FFOvo0h9QbBB8rMxrGEedla+gdTa+8Hgs/Ou5G5YdN +Xo0tfK1/u+RqFtk2piAF3/5u9Ov9qox/n1akFlFZM89mmu0DgiUH8y1YFNAuPHRT +tzFRwvExT1JFZaUgezZY5ivPxctjJLDaD1A1T72pc7FMcBX6iLqMkt2/2AeDa/JV +MzwYOm2/q4rP8vra8Id2Op6M4RIzlKXMbjW9RkP90pzzYECttvyLWXPRGNJSNEDl +djENbJbdSm+j2STLukk8qW1reYRmU7DsOtCSM8lyvuJjZp0yYVheIjBFnWPs4fKw +DX4lVC+MEWqMDagi9AmJOCVwB32dR5N8GXLFth67otmzwDhF4qZcLAuGFWyjj+4s +2LDxqe45mTBEkI/Yns08WGjxkyCbFZUbSvc723SGzYP3GwARAQABiQPyBBgBCAAm +AhsCFiEE9jgywwgNbhrHfuz4C0JF/+MFvIIFAmQbGpoFCQMvtBwCQMF0IAQZAQgA +HRYhBHVlUgxu5Aa5g2fDvx+s9AdeMhL3BQJizJn+AAoJEB+s9AdeMhL3euYQAJNq +ds6s+55fiT1ldpnK/5MG6VX4OnBBl9crShNZykLKMRpOTw/6/JpO82M6vSUexYVX +TZzc6GWZMwzWVighrkQr+SkvuF2U+1fKR4mYGtqE7eO04Nz6Sn9y6ADhS2Ulsp4k +z35X8h5UpIBaHnLD8vuvPZwcvkvF+UMPQLHD2xwojrN6RcCYl6mk9Uobd8yqrs+q +nlGNk3iwNhx/YwCINsvm0LcFw0eOKLdClSSrjcEMyrk9ELP1KXJEgU9hGzyBrsGx +GDeUGX+mSCSIH0nm9wHDTpFsaPHGRBqDHvx54ZntWTeCjtw2/xMN7GbOO8j75G0S +DQv5aCQuvrNUBxH0F7FZdZfy5fer0lOrNf+tq4XTc0GB7Nyf1oaAzVQdHGqVm6sd +1/B9rSqrpIh7VjcEaO2pHzKGy1n1RIlXVNT+rAqSwAgRZosmW43u9fOiHluQ1Bxw ++ieePdK8MG59WipBJo7qs0djm0jX5cXBDa7UTIcJMHYaU5tf3cJVoHnKz2Vdn5Jk +Z2BRY9pZwnnFO0AoOHMLwEG5f2bjAcTZmdW7haS075inAEqA28dBJHQzi8kROxgS +uypTjQDrI66Us4KQPCzKG7CLGdSrM3udqD7CmmEUiMjfPfe+xVhTE5EhZcAzwRSF +KSKxCSSNnjQ7RX6ZLAJOnhSszHy8Lu4OiAEFVZpCCRALQkX/4wW8giiVC/9Uo4Jt +UtV9Z4uc+WWWg2CbAp4Mn+pu77lTXe50GykYTOE14B5UARXz0K42EZ1DhjSJBpGS +w8rrB1HMRgofWXwschnnYsLnxnkcacGGazvQM2PV2HSWQ8xTyn4IysfeHT55buA0 +sI8VQFm5MjDc/tUCnpFgp9v5q9+gncexo9GWVxaO+3oa4Y2B4Ypi8JHE0Osp9klG +XZt+kAuJXDhtd0MViYrPQaHMgI1zyx2vyak2hSXpbI9ao9klqiQTXTzoLh08xP3j +Dgoy5o9TbyYcDCf2bthqlpCOZyXgGS6DiF280hq9ZBeLSUdE675CZ6xY9RmvVmut +tYYvZca+JdINjvNTJHO4BjqJc83Cm08u1R/e+km+jOc52GJJxXdmev+AzYsoe3ol +vn8mp6C1/K2XJxOF+vcXb9gK+wA1FE/E5x7iNb4xlMzMy0+4AdM9MRWB2U7R2S2m +5AnihX03lwZzHk2GghGbJj1eEeyq0fRcg7VQh45e660HV2ytLgvFEWn8KNI= +=U1yy +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/keys/dennis.asc b/keys/dennis.asc new file mode 100644 index 0000000..77611db --- /dev/null +++ b/keys/dennis.asc @@ -0,0 +1,26 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEZHhWiRYJKwYBBAHaRw8BAQdApLSB6EIA/rIChQzJ/DTuZo0xjZqLd0YanYZN +Hk65RDe0LkRlbm5pcyBXdWl0eiAoTUFJTikgPGRlbm5pcy5oZW5yaXF1ZUB3dWl0 +ei5kZT6IkwQTFgoAOxYhBI955s1kNHAGFYZ0gNEaUU9Qlb+oBQJkeFaJAhsDBQsJ +CAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJENEaUU9Qlb+oJEkA/jV6SgEqfLBH +Te5cctEeKi1I6NhF9ygQaQ3E1iOawKjNAP9AKaJU9FZxBkkdQYRUwBT1HT5a9AE5 +Sc9Kv0gGjJOxBrg4BGR4VokSCisGAQQBl1UBBQEBB0CIoOJNjVR40yMwH/tJRfvE +FvVc8Vf6S/H0Gn0jqMT5QQMBCAeIeAQYFgoAIBYhBI955s1kNHAGFYZ0gNEaUU9Q +lb+oBQJkeFaJAhsMAAoJENEaUU9Qlb+ozsYA/1WRuFNfGvkGnfxekqZVSFWzV8+7 +dxTsdFH6Rp4ShU2IAQC7p0YlJ86tH4cUKX1vgp3Fd5MwysFgwoI9GmPkIjX4BLgz +BGR4V2kWCSsGAQQB2kcPAQEHQJYHv/LMo8N6iM3zFvOKrF7ZLp3eAG/cOED0yDzr +vgkdiO8EGBYKACAWIQSPeebNZDRwBhWGdIDRGlFPUJW/qAUCZHhXaQIbIgCBCRDR +GlFPUJW/qHYgBBkWCgAdFiEErfK/dQolfE3HjkAfURC2OXTM6bgFAmR4V2kACgkQ +URC2OXTM6bjzbwD9Hpa0WcBU6yeSXR/6rmXImdEZSQUrT2T/KGBQQGMoDO8BAO2Z +hb8Twi+tkgabc4+6QzrnnF8owCNi0snngcaqXBwIECoA/io/Rc9XwHYgwI8QkQjU +SwRrkWSL2nHJBOyTNr51aw6jAPwJGFgjiiiqaTPtVJmGhVvjr06W66RMK6IRejPl +AwNBBrgzBGR4WCQWCSsGAQQB2kcPAQEHQAoyEdbEjTAt540SMi4qA3YqioPuE2Y0 +omU1cNECTDpKiO8EGBYKACAWIQSPeebNZDRwBhWGdIDRGlFPUJW/qAUCZHhYJAIb +AgCBCRDRGlFPUJW/qHYgBBkWCgAdFiEEaRWBxbY0svsuEwNkS1ay/lwzFeQFAmR4 +WCQACgkQS1ay/lwzFeRL6AEAy+o1W/rY3Bwqws+NtEQmZp8ImuNL/VryMy/fvV1g +WJcA/Rr7pVW424dMWNz9MzAJBtxT8DLzwqC+lLl4uduoEIkAPcIA+wSosu1Stl03 +qaZg4TW6yawfUu9ixjKRbIv/THjQ26n8AP42LYM+BgT98KHYpCvP5TnNDJ3EX3Jy +1lnOvas0EEuhAA== +=tFtY +-----END PGP PUBLIC KEY BLOCK----- diff --git a/modules/boot.nix b/modules/boot.nix index e1d049a..18fe85c 100644 --- a/modules/boot.nix +++ b/modules/boot.nix @@ -39,9 +39,9 @@ in tmp.useTmpfs = true; kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; kernelParams = [ - "ip=:::" "nordrand" - ] ++ lib.optional (cfg.cpuType == "amd") "kvm-amd"; + ] ++ lib.optional (cfg.cpuType == "amd") "kvm-amd" + ++ lib.optional cfg.fullDiskEncryption "ip=:::"; zfs = { enableUnstable = true; diff --git a/users/alice/home.nix b/users/alice/home.nix index 2943ec1..7fa7299 100644 --- a/users/alice/home.nix +++ b/users/alice/home.nix @@ -1,31 +1,10 @@ -{ config, lib, pkgs, ... }: +{ pkgs, ... }: { - # Home Manager needs a bit of information about you and the paths it should - # manage. home.username = "alice"; home.homeDirectory = "/home/alice"; - # The home.packages option allows you to install Nix packages into your - # environment. home.packages = with pkgs; [ - # # Adds the 'hello' command to your environment. It prints a friendly - # # "Hello, world!" when run. - # pkgs.hello - - # # It is sometimes useful to fine-tune packages, for example, by applying - # # overrides. You can do that directly here, just don't forget the - # # parentheses. Maybe you want to install Nerd Fonts with a limited number of - # # fonts? - # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) - - # # You can also create simple shell scripts directly inside your - # # configuration. For example, this adds a command 'my-hello' to your - # # environment: - # (pkgs.writeShellScriptBin "my-hello" '' - # echo "Hello, ${config.home.username}!" - # '') - # Rust packages topgrade trunk @@ -41,11 +20,6 @@ tealdeer helix - # pipx packages - # Not sure that I need these right now - #python311Packages.python-lsp-server - #python311Packages.pycodestyle - # nix specific packages nil nixfmt @@ -61,7 +35,5 @@ programs.zsh.enable = true; - home.stateVersion = "23.05"; - # Let Home Manager install and manage itself. - # programs.home-manager.enable = false; + home.stateVersion = "23.11"; }