ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 4 Actions Packages Projects Releases Wiki Activity

Merge pull request #5 from RAD-Development/jeeves-jr

Browse Source 
Seting up Jeeves jr
This commit is contained in:
Richie Cahill 2023-12-29 15:25:11 -05:00 committed by GitHub
commit 96f8203cb4
10 changed files with 417 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
.sops.yaml
View File

@ -2,19 +2,34 @@ keys:
# The PGP keys in keys/ # The PGP keys in keys/
- &admin_alice F63832C3080D6E1AC77EECF80B4245FFE305BC82 - &admin_alice F63832C3080D6E1AC77EECF80B4245FFE305BC82
- &admin_dennis 8F79E6CD6434700615867480D11A514F5095BFA8 - &admin_dennis 8F79E6CD6434700615867480D11A514F5095BFA8
- &admin_richie 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3
# Generate AGE keys from SSH keys with: # Generate AGE keys from SSH keys with:
# nix-shell -p ssh-to-age --run 'ssh some.ssh.wavelens.io cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age' # nix-shell -p ssh-to-age --run 'ssh some.ssh.wavelens.io cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
- &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej - &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
- &photon age13aqs2mx66dmnyd74sygnwavufv6a4pwnvcqj4ud4l94jk0tjgu6ss57slw - &photon age13aqs2mx66dmnyd74sygnwavufv6a4pwnvcqj4ud4l94jk0tjgu6ss57slw
- &jeeves-jr age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
# add new users by executing: sops users/<user>/secrets.yaml
# then have someone already in the repo run the below
#
# update keys by executing: sops updatekeys secrets.yaml # update keys by executing: sops updatekeys secrets.yaml
creation_rules: creation_rules:
- path_regex: systems/jeeves-jr/secrets\.yaml$
key_groups:
- pgp:
- *admin_alice
- *admin_dennis
- *admin_richie
age:
- *jeeves-jr
- path_regex: systems/palatine-hill/secrets\.yaml$ - path_regex: systems/palatine-hill/secrets\.yaml$
key_groups: key_groups:
- pgp: - pgp:
- *admin_alice - *admin_alice
- *admin_dennis - *admin_dennis
- *admin_richie
age: age:
- *palatine-hill - *palatine-hill
@ -23,6 +38,7 @@ creation_rules:
- pgp: - pgp:
- *admin_alice - *admin_alice
- *admin_dennis - *admin_dennis
- *admin_richie
age: age:
- *photon - *photon
@ -31,6 +47,7 @@ creation_rules:
- pgp: - pgp:
- *admin_alice - *admin_alice
age: age:
- *jeeves-jr
- *palatine-hill - *palatine-hill
- *photon - *photon
@ -39,5 +56,15 @@ creation_rules:
- pgp: - pgp:
- *admin_dennis - *admin_dennis
age: age:
- *jeeves-jr
- *palatine-hill - *palatine-hill
- *photon - *photon
- path_regex: users/richie/secrets\.yaml$
key_groups:
- pgp:
- *admin_richie
age:
- *jeeves-jr
- *palatine-hill
- *photon

15
flake.nix
View File

@ -69,9 +69,10 @@
}; };
in in
{ {
photon = constructSystem { jeeves-jr = constructSystem {
hostname = "photon"; hostname = "jeeves-jr";
users = [ users = [
"richie"
"alice" "alice"
"dennis" "dennis"
]; ];
@ -80,6 +81,16 @@
palatine-hill = constructSystem { palatine-hill = constructSystem {
hostname = "palatine-hill"; hostname = "palatine-hill";
users = [ users = [
"richie"
"alice"
"dennis"
];
};
photon = constructSystem {
hostname = "photon";
users = [
"richie"
"alice" "alice"
"dennis" "dennis"
]; ];

67
keys/richie.asc Normal file
View File

@ -0,0 +1,67 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGQ4gGgBEAC2s0Q4nQ5aTlpTg4u/Hl9gq56IAGoUW9wlgEoStHXyA1WziY2s
1pt45l4Q6kORswXoXv0ULTWBQAGponjY3l+HNm+B0XMr6EogjV/EP/UCyEi8zpqs
PaoJiB95s8rTsh+E7GzWR8KDhazOrGFY+QQOsTWEhLF8jkISd9aC05pf+WnKyxLC
wFjNFXRWUgPKyKPWIUd3SJP2IH6rSSkp7SMCAUiteQx2c43thnr4c/wcfGANKbFO
PhYrkTJKSqt38NoFtNB/Eo/MaVwdEnTMmeovF9sA2s0SLat8+FngSEcIXvL5UpA4
K73+lOQUROWFju7LrIyOhksSZXyQvP+64PxfpbtHadH6wQ4Ckz0GYIYnDQ1q66dh
OKQq9efIlxb7ky47qXRMY8u6d2d4bceLM4a24lYajZ70HZTEF4hy5KCMd8DAmAzU
WLCkaz6SQVDsme60jH3Mavd18B8HZ1d5Vi75hNaylMRtq7o6IA60NnVXh07U+Zto
n8QOze0JqO/GaM7FzfijfsW670j//FSu5wUGnBYprBz7SFh2nCy/XPZYThtHtPbI
YeESs8WZtqkfs4RpmMkOKcTLNiTFXIsCqHIhR8lDnJl+skEMxg7L8FF2txph4ssU
BZ6dAbFy8KsH+2Sr2qfK0yHOVs37ymv+/WaxC0d+QpLAupRhzL+s2kIYGQARAQAB
tB9SaWNoaWUgPFJpY2hpZUB0bW13b3Jrc2hvcC5jb20+iQJOBBMBCAA4FiEEKfUB
fJXZ5gsbHoQHBysOC4MS3+MFAmQ4gGgCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgEC
F4AACgkQBysOC4MS3+PnKA//YUDZbuaas5MIWRqZsh02GEXVX4n727JP4iqZU4R0
Cndq7KCl+8XJ9RqmpRZab1FhEj/DQZYisKvloMvBop4q1XLLkabaQF5NsbDvIQG6
5TgbeSUmVWP6JS4Ka05FKIEwjKFS6ogbd1tscVs50zFWW+veewWMwwQF1mw+N5wx
LsnHRDIBPOj8Z+p07fyYlP2RMtqdjUqHOtDBiAvbFaXd1huEHd6H2bhnVLaxsJUf
EEGu92ND0GgW2tDrJIL+bNhZfsnHZEZPyruLZXcwW0JIyLf+sgob/iY0duDH1JDS
ty5tS3ke9O3Q56mPogHP7jlMwtVHzQQPlviVtNvYhRamb5hUDc9Qu9uXNM0HOWdg
MI5KE1xbdjz1OmymakfcfbVcSz1vu3k4XpqChiKt+psw8BnHGcguPchetkroCJcM
OLwnCoKH3TFxZfaZQGPDhHCGU484Nj1M/wHo9RcoWtrPWz+Y7W0U+47EdmGM1Vpl
9hIoXqjEWENz6Ph5DD0vxMptQPrRfmtLiJsWxAJRS9MH+ZWXxjJ2byKXiEHdR7la
Xgj8ejtzaZB04Ow9+zptFH6nwTygGGodcRkYYFtYSS7C46aihvMRLj68uHB2yC2b
zYutMtU6eregDaWiAeGycZcanGnU36JDifjaCF84oty6a3EpfdGCc9KkHk1Is+sR
TVe5Ag0EZDiAaAEQANy3ekveJexjqdhWmGjqF1rp90uWYJeVwg0Dlc621SNEzrfu
suC1BEHC2xdZz85yPbfdUPThAn/AmaMYlNIvzXmsGJdfIIsL7ZT+K6K+9ClbFhR8
eIZZjhpSOMwLEfNroyZPcOwEua9bSr3mwU+i2ED+dCKcxG4/wAtmeK2PNOz0t0/F
umLHW9Zk8YZBVSq7sGZ77TBi7GHOVzR/3wWy0qXgVMSQXtmOoDCmd1B1pD/BOkBA
2iI4spRLiDPW3XVDeAGydYPPEIXtFax7ZCs4BhjT4witJ2110fddrAh6e48yU4Hn
ca5F+QD6hVvUgHmdM/9GMqYf2mMC8tqNQf33Ib148zIhtQN5OtDz/sce5Xj8rk0j
HUuZ3E0jViK72ZRnZD46CyIc99ZcLCAhsHZDaMTEDfWX8ToQzA+Ahyth0RMykwhX
6NPKvOw2VqRK+j6iyYvtDXLmcsR890dzHDJLfrJWCJ0scpeWFvlLkVhQaT3NEqEK
oUENBFf8zxfTQ7BksyV2ESTwu5xqfYeJ1g1FoTfL30+/W0003K7hoPQuU3ebj3wY
3mMrG0hgo0iM9wHk83WWt+fDYj09yptGWAgBQNOpRR/0EbwEd74C3UxZQtUmxwPz
YW2g1GWyEgtA76UJ00TuQHBGklcKtY0IbHKwjn7NwHbYWu67R7Le3+cj3LOVABEB
AAGJAjYEGAEIACAWIQQp9QF8ldnmCxsehAcHKw4LgxLf4wUCZDiAaAIbDAAKCRAH
Kw4LgxLf462sEACDweQr1ik35sbw3qlPn3b/d2UYBK+r8G3Pk1RhNra2rFtkRY8Y
rEAlFeYOCBplsyg8swIClPjKpqIEehMV4X2E0N6WpyPzuOgNP4OPAmJngUYM9uxr
kcVhYubgp2Hcxk5TkbvHIc31P5ItCl7UUYC3bXf32K5GVeOAxsZBS6elwdxlFteY
WKjkwoZklPPfce4ctG/phy8dnn+pFMFnyisFFp81R2P+ztdSDLm/U27d8g9cjcWK
mhZtGox4zf7250p+gIUnlnBdtXIWBaUFidha5qql0/iSsMrhu2m12XaLc5HiubYY
RNIHcCRitG0Qc/pWVjZAD/bqOTl4/M1AeN7qZ/8Y1II1tCdBZ1MGinKS/3aGjTn5
RzvYrQeP7YTInyah7MpUTYoxI+VHHeD7hTy/y0GPZBtZ24B/s3ICuMemejILeI8M
aHj8FmBSXJ3dD8195QyONuQB5hNB3qGhc995KsDK3leCwJc3+MFLZPaEZnB+f+uo
+pdngVsKH2IAVOtJN+QULmuEFmiEGRAghJwxfA4M92Bn0jSa9KMyTsM41b3zdSVU
ipnn9FVX7RemSdF/z2SXAczwMLwVjai4j8b/U9O3oc0wrDF4QgrKKKIESlID/0Jf
QLwhRYHy03r2yENO9lEeTBaSF94HsN1UjrZtzpGx6QTGBohA2RrztXkosLgzBGWP
FicWCSsGAQQB2kcPAQEHQBlJ0lXDQnpcV7nR/MWPifi0WVTDPe0njjVIHNq/Z/xI
iQKtBBgBCAAgFiEEKfUBfJXZ5gsbHoQHBysOC4MS3+MFAmWPFicCGwIAgQkQBysO
C4MS3+N2IAQZFgoAHRYhBAA/2xaaamErUuSen5+R1096JyceBQJljxYnAAoJEJ+R
1096Jycejy0A/2BmBatOihlxnO1G0U5qy3eiFkzmYKhm9WEW+w461hjuAP40cTMS
xgnpUzUrsEs6+3Om7TLAa0VAqYLjA8NTVJs6AiPGEACuGgYn4uBzeXGLgHHUmLsY
25rOajs/zAZnQkMz1epMKJDZ658cIDKyjJ6mLkkBwHwARrMhb38AEphXgyuAtHMN
mEPRzABZutleW33KCk6zzVLyYVFBDWEI7hIFdNfJcJjXsDX0oGKB/oT5vlU25YgN
cBAC7q9PGfq/XkeFOz9j3UOXMuzTKmtrX28IiSPqk+IkzeL35otzrG1wsUPLDLRS
nlmwtnP4oQ50cUvTiDesk3QqPQn+2wPYakMydq7bvUcv/jakCADJq8Lsg4AmUxpQ
bZNj2Zu/j8g+0KYUTriuQpZHf+mjVoNzwxiDKobMvKNzyNrZwMnZhAcDnCXSHpZL
KnBcQGpsOjZicA9HodVRdU80DM46MSsncxAN+jwdHUOtCtONP059kF8JegwyevFS
1hY/6ZTMETtKckWbs2gMTEK48SXF3EQ2jMq8lbD9SccuEi6R19R5qiLwQBgUHawT
PcirlASclpR2zjLH1/MovxMFykCUUaQgGH0TjCe5X95Y7QdVgw6ocHkSFUsLN8V1
L3UfOIobFFW6EuRg5urKpljoi20dYsAyorqye9q825RyuWa5oLDtqXshCuOzLy6O
BgnM2FIvUpxAFmlXlC9eG8bUChfqEakio68Iwl6LUQouDR9gprWcookZV716YBVC
/IKQxyKTQK+nas4pfaUhYw==
=in5n
-----END PGP PUBLIC KEY BLOCK-----

55
systems/jeeves-jr/configuration.nix Normal file
View File

@ -0,0 +1,55 @@
{ pkgs, ... }:
{
time.timeZone = "America/New_York";
console.keyMap = "us";
networking.hostId = "1beb3026";
boot = {
# TODO add pool name
zfs.extraPools = [ "Main" ];
filesystem = "zfs";
useSystemdBoot = true;
};
virtualisation = {
docker = {
enable = true;
recommendedDefaults = true;
logDriver = "local";
daemon."settings" = {
experimental = true;
exec-opts = [ "native.cgroupdriver=systemd" ];
log-opts = {
max-size = "10m";
max-file = "5";
};
data-root = "/var/lib/docker";
};
storageDriver = "overlay2";
};
podman = {
enable = true;
recommendedDefaults = true;
};
};
environment.systemPackages = with pkgs; [
docker-compose
];
services = {
nfs.server.enable = true;
openssh.ports = [ 352 ];
smartd.enable = true;
zfs = {
trim.enable = true;
autoScrub.enable = true;
};
};
networking.firewall.enable = false;
system.stateVersion = "23.05";
}

39
systems/jeeves-jr/hardware.nix Normal file
View File

@ -0,0 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/c59f7261-ebab-4cc9-8f1d-3f4c2e4b1971";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/7295-A442";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/9d4ef549-d426-489d-8332-0a49589c6aed"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

73
systems/jeeves-jr/secrets.yaml Normal file
View File

@ -0,0 +1,73 @@
hello: ENC[AES256_GCM,data:y98ZcYZQSYP8GBFysKvD292lU1EPa0o/wV7EHPLelIIHl8bWE5Lz27KUsCnzNQ==,iv:zU9zBeNyAyiLs30ftxrATG/X/U7Z7euLqjDKmg0Lh7Y=,tag:MG61sKRBEvE7T/oWO3rGpA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDc0JiUzQvWlZoTk5yN1Y4
WVdiVE96YzdFOUJmcENDN0YwajVQbWFtclFBCmMyc0J1aWIwYi9hZlk2aXNNbjJa
WXk4UWowV05MMkR6dWw4VTZlYXM3d1UKLS0tIGxXTEpRZUpMdEphN09XczVLajhB
Q2lVZndGa3p6ZWlBSzBJNlVEZmpuTFUKykfMMUhiVnpyU+Wuo+eHFrjfNjeq3byA
ktvpewY946v/rUBiyruaaOdCmL0U0Metc+m8gzTdbuTsM7EuY+cTyA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-29T20:01:04Z"
mac: ENC[AES256_GCM,data:9tUmPHyKY42lT1EfbDK7Es9MIdiR5A0rs/ST89baJMANGIN+oKQzkzDujG2WM8hxvgApl/GuIdy5ZBNZlUM0iYxFUd2a0UBDyjw+xTzWIuQr2/TuI8/cOgp04Kk+M9wNlLzE/dJAXsaqBo0EaHpfwKo/3/J53UfiIZrOtAZv+Qg=,iv:E79aJdvhkG2PfsO06QQa2Pzs3yiSHDARpZtM+uxiZJE=,tag:UwEcwBm22Ep2U2mhDgpQ0w==,type:str]
pgp:
- created_at: "2023-12-29T20:00:57Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQILA84hNUGIgI/nAQ/4/do2eDz0KPLhCY7MH0HCyf9m2tZXvOy7+2pqYxdrKtwP
H5+3O9R3iobBfksnaW8bTU2WK5t7OP4SlKYAeBi0uHoWVt8w/RcrZmVaItOlrDHA
4ER64Izuc9ih6Ug/SOGvkE2NymUpPgsJ6YHyQESy8JdETr1swNOemlbgOYXgg1h2
T7hLdEKQtnYNLMMsO8jZOcPlbCGM0PXZQrWN67kXlWJwkx6qls6XmuXDvAofIQ2C
+GiaR6RDrsa9eofe34TT/FJG2IlAfPnE1sCcy9EYgU+nw6xwMCNn/d7qMqMDZGw/
xRMmnH5ujULsAohZFvCnmZue2BXkhSRrsuLePs4edOS1gm97qaPHQUv3vmDTCpWY
581K0CaauIHq9Gz8zK999jJNFG0Hmi4w9nRajErC8QvzIymgvzbsJHXkVjzYJjT2
NYZ3D/YKbu7zyt3EYLZ0wtHysjdYD9PUsg16X5XxNUV7EHGhUt6mpX+P/h13ZSMq
uwog7ByMUG70cQwqLpJFL40rFpq5mlK4JnonVN0+0PWy7LGxYM8q2WvylP6SDiZy
3EqaqMlAwQsNO+7YStk7IonxoWZ6ff7fD8MtKZ/faBjmSzYsjl7F6o5HUd7APtV/
/HMjbauqHomCoWEyfDNiDKu2lla1MM/wUEacgvpYbW5BAlZoxUtO1MXDRDpIKNJc
AR99EIS9Q1KBmfuzqHuIMrRBy4iHg1nHyvtj/Zh/2AjetnQgdDc5skPuHRL/Bo/2
V8PrlL8j1AHrdL4id31drlLQS4zA0QiJj1gDT1fJgInSU29vPed3ZGDCKCU=
=BkkQ
-----END PGP MESSAGE-----
fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82
- created_at: "2023-12-29T20:00:57Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DqDJbhoEBo+ISAQdApXkJrfSY9LoDQLwRS8ZVY63huJelc3KtOVccvM64kxUw
zhXvuT0ZGQA4PwpvZYK1NOu+T73S5khrbIDe9QzTveyKt6zOqxwK6tn22bs3DLAk
1GYBCQIQKypNWKA8hJina5Dng/h/qA0ZmRJaAJJmQA/1uRFi582CpE+fzBsCjmNQ
1x2YgfPRHobReKl0khPml7hMmLbdcVvaJ9vIb/gluazT1htu6Ozox/zEwHweUZmX
xozdi1jGYcw=
=n5SU
-----END PGP MESSAGE-----
fp: 8F79E6CD6434700615867480D11A514F5095BFA8
- created_at: "2023-12-29T20:00:57Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA29thaGx06tOARAAmhgBXtcqr5bttn6DLFBqNWaLX34FgjTjHlogiKgX3WTv
ZOluzpxbS7jylBHC0cnbgjz9vWEgg3LVzglrlOHl35SX/E09eBn/qs8I7na3o+7K
WdmJG7j3VtYdNyu4BULjGmAUIZE75/aSiIPnIDR3PwKpY6LtKI/jhs69hhmiZ+2r
M3Q91Kk4M7CsqBMUXxFFUOD7r8ZlKfsAn80gpdb/pN8gp0U1pp5JkT9Kz2WjJkzK
/vf/5f7+/8OA/WFbuY488LVSuckHvGGDXjrmoLA78/agYaH1J6qTvar5eCvIetu9
wU9cm6ieztHMOV0Nok46gYWWaKQkH6jmAVneYLAsvBm7QxEJGLlFGF5pUsniqx4A
PtDIw9EmKNnumnsHyfR+8qOgG/4/8AqPklEo9Dxsqcjj++EEvHN2lE9BwdqVNSw9
ZHJ9DXhPKjwq7VD7jvBeElituUzvPb5aPruTL2AxjQ3h0cMj/QmegO5FtBDpRpnN
TpW2FGuayueEgJSV3YJVTJUwmtxgTkL2SMHgW80I7pAq85O4fKETIAR97DCEDPrH
jgI/EEjJg+PlfuAaqo2kgVgYyE6DVkDbIKgF2k8VNFX7XBmnN7xB4apVKx8nJXc+
l7AbJiJy89giQpYWGE5A8fBrYMbvexLMfeKYtZR7t82gkNxOoKBOl0F2T+Ol+L7S
XAGgZuN612AlW9QhZCgjwIxFPK+MR2ff9hIZBVPqx4F45/Gooqxw1iCyitQwlgqL
bpTlKyuZbrgTVekV9vxnYhms6Uvyys1V9bUrKGgpV+9YS4Zfzh+5fN8wQ8Pw
=HVMH
-----END PGP MESSAGE-----
fp: 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3
unencrypted_suffix: _unencrypted
version: 3.8.1

59
users/alice/secrets.yaml
View File

@ -6,45 +6,54 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: age:
- recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1di9UUkxaSVJLcmJyWlNw
LzE3R1RKQzd2QkwyV3JGYmF4M093WGpYRTBjCllKdk8rVmwxZEIzMjd1UkFNaFdO
aEJld3BxY25WWTU3R0VDZWlTdUtMb00KLS0tIDBUb2l6dUpOUE9wK1hTMzVFVzlX
NmxVTUkzdEtCMk12ZkN1Y0FwT2xad28K1mhtbCSVeLM6zHTSplvn5V7Jk01zRu0G
Mxsd+8RmdJx2mSyz+/XDQIwEL1626y5nlwoJFcNwx0mz+s0MPGJ6yA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej - recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkZnlZNmFXVVFaSks5R0ds YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtdWc1YVY3Mk5pSnNGL2Er
SWtXTitBY1BmWHltVkxtanpaMkt5S1N4ZzBRCkpkQ2Z2Sld0U3BnVXIyZFNEUHdn OWJWRWN4djN2NlhaRERRaEdqdlVpUkRvUkRnCms1dm80YVZjamZXTndMMFd0S3p6
RDBaMklHZXk1VTk2ZUIxMGQrbkJZZ0kKLS0tIGVDQ2cxQ2d1TWptSUZCOW9BanlJ eGtWSlg4TGNzVk9GZFloNjFlbHF2QVkKLS0tIEdsUHJjNWtVQVpPT1M1SWt5ZVhY
UzNxS0I4NEdGcTNNdUcwamZTRDBXcVEKgin2jqp4tEBnKYnQF5Ki2Btt/+lP3zEJ SWcxei94Y1lReURjVjVDNWNSVEpRaHMK4TrinhjpUeeSfRYPiEyLRL7PsBcAevpU
FlcK7rU3pe8AijwWx3Ybgzv/10/YOzDn6dL6MYwtB80ZFe6NOavBlQ== bJorDQi64NeNxI8+yEVPQb+4Uewm5p8LqOFU9otWK6wTPwCRVSmueg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age13aqs2mx66dmnyd74sygnwavufv6a4pwnvcqj4ud4l94jk0tjgu6ss57slw - recipient: age13aqs2mx66dmnyd74sygnwavufv6a4pwnvcqj4ud4l94jk0tjgu6ss57slw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrUTN1UHlpeXBxYWtUQis0 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0VW1WUEw0eDlzTkpXdHd5
MDZFc3BPai9xWmVVWkRxdjNYNlo2R3IzbUNjCncyRlczNTdXcnpMMkxzdU5BTEs3 R0tXUXJYRG1WeWIxQXUxVGU5NmcyTjd5dzNNCnoxdVpnbThtUFlpN1lSYjdYWHZQ
NDVGb3ROL2xaWUthUDA5Y3V2c0Z4a1UKLS0tIEJYSHN3eEFBQ2JkK2tJZld5Y3Fz UitHd3ExTnZlUWgyZVNTUEdvSmczRzQKLS0tIEVZUml0ejJVOUlJb3RUVGx0V2hJ
aVZVTnBGNGpadFdVOFlTdkZ3TDJmSjAKF1d47FC7hCdLbqfzqK5LqB3xfMCpEU8R THdwZG9QQ01mamYrclhHT2dQUXhIWTQK9fxQV7RDYij2aCdfgCufUToWgoais1KI
XThuRWwRHWKqmG19K5GMaHMZp9sYVMW8dVPh/LG/3gbiMploUDmK0w== UQ7bPV0ZPhaBX4h2Q7kUk7FJwK5aGAsoBxf4KW4V78tSbz+XIyd3JQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-29T14:45:28Z" lastmodified: "2023-12-29T14:45:28Z"
mac: ENC[AES256_GCM,data:kyE+9X3l0PjzcOsau1X1LmqSFpMLnQrQKldDVM/rrA/Hct+qP0iiapV6529HpCFOkguwtjD/V0d3XC/WlUnFubK2JPUBbYH/1Wa7xJhM577bENKhztTOCpQZGSREdyhEqpXiz6jf+a3ch50AMDY773meKf/1+y76NVBVPv5Cc7E=,iv:W0nvCEbF/kVoOM892EBrINWe/+2ts3jPLBa3Tjm4ULE=,tag:rcMVaWgmwIEXzCBzstfKmQ==,type:str] mac: ENC[AES256_GCM,data:kyE+9X3l0PjzcOsau1X1LmqSFpMLnQrQKldDVM/rrA/Hct+qP0iiapV6529HpCFOkguwtjD/V0d3XC/WlUnFubK2JPUBbYH/1Wa7xJhM577bENKhztTOCpQZGSREdyhEqpXiz6jf+a3ch50AMDY773meKf/1+y76NVBVPv5Cc7E=,iv:W0nvCEbF/kVoOM892EBrINWe/+2ts3jPLBa3Tjm4ULE=,tag:rcMVaWgmwIEXzCBzstfKmQ==,type:str]
pgp: pgp:
- created_at: "2023-12-28T18:03:08Z" - created_at: "2023-12-29T19:22:00Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMA84hNUGIgI/nAQ/+OTWLMMznF7u83v2fDUjvRtG6Zf5dR1wsJjeYUFZzxQoF hQIMA84hNUGIgI/nARAAkukuQibWzzEQYmvp9z3f7wUq2vDAhAfE247gNaNwJknx
wJwKPbOPNP4HuEIbvXANFfuuUEZNwq+czUPSPqjmeEjf3DfE/JcIzQ8J6AP7Q2b4 sY39C48o6VelCC2aD0VJ3X39t9aUzgKKF5+QEmyM1FMi/ulU5OoLvsAz1SkxaA0Q
OstgK5MGKo9/IXrIDUK2fRuwGaXKyq/TG2fP10ljTlXzMlfm9OZA71QPZYBpwtSe QDYbCzwzVPNIxjcrdeLnj3GRM47ji9mpsLDWPOuA6ugDE2pp9epOnK9xddPRQs9J
1lR3gDIpha1yYTQP0STsnusvQkbNyKHNiIwjmkitjgdkreLPqhXlfwievcYcwOCp /sEaYprJypETj2Dt9kUsjbm1vWkxtrMb4Zuop1gJ6p6LazeM01GkmGGf1UzkLYAk
8UKAqAWJIQVZfHAZJzDWcmnWPK+wR2/pjNKklgYLcSn961o5GMu+6Z64pP3c9BXh 69QK8QF7S93QBXZvZe1xlsabGbd06yZU1AsSVdsd1rp0RxW2gwhYF9OPTwbyCnGh
GRogv1f3bvH1aDcP+cB0eaQCyDLFkWKbRgBWubyCGJbJFovzpHNmcYkrlwNmGXoe zisT7nB0iPja9ZR2KMAWCgUi4A3xafYpJQg5HOvqrpFT90lKeP9aLm0fGMnB4dwc
9yrUICQB52gMOSSNCIM39T/yWLOV9O/ga20BUwaoR4duvFNrxktmJXGBGMCfhR2p 5BbT7VK8qI8yHSqtfGexbY9Q0lBIKu5Gx18oFi15RPkqwGisaBtUsSH+OADF4xei
y74vVhm54Lqw5hwW54eLq14qQzOGhDIyeuuboFGm2BAYgdp4gUmOqTDMWS8Vt1lU Khhhvzu3Ov+2F4rIIFXt3i+smhpYbpwhk3RLNf0rZ8P3SqsnOnY7mgX1KflIt1Mu
oKJOEeT83h2cxXnb0hJ6IWLyEns37+/aB4LWIvnQOgq8yaYEVI4JksKsM+cLVQVZ tVisPtW2mCHl/iZEdlG9N/0TIBQ0cmUyxqFoLO0aTWWmOAjcU6YC5Iwmc0zktTvC
V3FKWZBTNvCZd6jiWjZdfd3q+Q9QbSQEg1DrKwNXQuF9DMrxg+3xyzQVMYpRbGKr MD+82NGWzc8CbhjtXEXGv5BTQTCFSTe+Ptr8gJscuIeD8SbRTZmdt9rh9s3asiOz
pfB6u1CB6jw/NdajgCyHLJN44QELfcWhqriLWP7uEz9jl8di5g5NCP0l+agJjNzS /xJveWDLeBOR9hkr/ArzmLOd/H1E+Wca9wVZ9ZyuTgp6MPapHrMug6aMO39i/MbS
XgEaZapnHWm3E2v+1IQ8xrMdTl9t/cRLtIG71Y+rz3DH6jtixNv9pZn7BNqdeKlR XgFPlJy8Ouu9F2R3nDhHaz4GDrtSfQibZ4AcchIQPq3tEJSn6IeC46zkNnHY4msL
K1wloUtBbLjgHwDvPIGiUB+dcrHPo2OQTVO5bgax8mAyKuPDKQBLjLsWn2+H6eI= N0Py3gaPolxCEMMtWNyxL4PqfVBXVV8S47ztae6OPC/21Cc9RPxA81gIqwctDSU=
=8fVd =Xf3o
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82 fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted

8
users/richie/default.nix Normal file
View File

@ -0,0 +1,8 @@
{ pkgs, lib, config, name, ... }:
import ../default.nix {
inherit pkgs lib config name;
publicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtRuAqeERMet9sFh1NEkG+pHLq/JRAAGDtv29flXF59 Richie@tmmworkshop.com Desktop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJSlv8ujrMpr8qjpX2V+UBXSP5FGhM1l+/5aGnfb2MV Richie@tmmworkshop.com Laptop"
];
}

39
users/richie/home.nix Normal file
View File

@ -0,0 +1,39 @@
{ pkgs, ... }:
{
home.username = "richie";
home.homeDirectory = "/home/richie";
home.packages = with pkgs; [
# Rust packages
topgrade
trunk
wasm-pack
cargo-watch
#pkgs.cargo-tarpaulin
cargo-generate
cargo-audit
cargo-update
diesel-cli
# gitoxide currently broke 09182023
gitoxide
tealdeer
helix
# nix specific packages
nil
nixfmt
# markdown
nodePackages.markdownlint-cli
# doom emacs dependencies
fd
ripgrep
clang
];
programs.zsh.enable = true;
home.stateVersion = "23.11";
}

60
users/richie/secrets.yaml Normal file
View File

@ -0,0 +1,60 @@
richie:
user-password: ENC[AES256_GCM,data:gcQaaFXQJSXgYR6L,iv:rO7hXTuiCDt4UWnnYfQrhSBMrhU359tyCjSGFde60BA=,tag:yfbD+BItaMkZQ4balezzLA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvZ3lTRWRGb1FHSCtRR21u
ZldONWFsVUYyZGRmSHVkcXFNQzBEbW1IMFFvCnBVblJXdVZQdEhGSnhsbnRWZVVn
cyszaUszVlY1Y0c1NnlkZ20wSUtGNUkKLS0tIEhzRTV5alJHelI3c1NnbUVaOGZO
VEEyemgrVDhvQkhqQjdhYjlHaXd4MmsKW9XvJbDiJ4/eoPb4sGz6/fr7Hr7q3e+6
UNoguO9UgbgXUMmjlBeRJwlMLu91eevct5pPyhrGsJYzar/3jnsnSA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2TEZwYkJrNjdzVmZDM0xO
REV0NEYvWmNJblNiTmJoOXhYQXNESmFDTVdRCkJYRU9GSk9qZnBiYTF0MEhPQ3hQ
YWNHQ3hPSEVqRnIyTUgxajRBWlZjRXcKLS0tIHVodFJ0RnhsVUwya29IdFFrS2FK
dmJ1MDZURzlzaUR4d29SSTc1SE5hVFkK+KKi1PiXNMa98otrLO87k3JmHSc37Dvv
IAZDB6umTlyYulfh1TQuC5GXXKEVBm8Bu3plk3Wi9uNoiC+nnXflBg==
-----END AGE ENCRYPTED FILE-----
- recipient: age13aqs2mx66dmnyd74sygnwavufv6a4pwnvcqj4ud4l94jk0tjgu6ss57slw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQem9YOTVhdzM0QzRVSWI2
dERHMmR4Z1FMV0UyaE84S0RZdVhQOEhibVdBCmtCbnhkb3JPeUdrMDhVVXU1M01q
dTZpdmV5WjUyaENCNmxYUkMxVjdLWFEKLS0tIERHWFdSM2l0cUcrWHNGV1lTMkhj
Q0U1OUtUM1N4MGQyZnAwd1l5alVOSUUK9xe9xmC4zFpy7sukTzdHsQQjc3eFphXD
2zx2PkAvHh5lN8k+ZRd9UvZG4olrIe9KwXfmIb+6i02HgVIhA94SWw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-29T19:13:11Z"
mac: ENC[AES256_GCM,data:47aPXQ6n7AvYuYpvhk7jWjeqQnjXsSShrcboiwLja5p+VIJsOUWYtNonq45Owtlo30eQE46wJK4IJLEl8AAdotYLrpqAb0d+ox4tZq/HgVRAqG7j7aLw846KpogTUeRHH577ieoWo82+70DT1+HIyO+qB44ZYuJ7TY3BUt0MX7Q=,iv:OxDzGBEr2xBiOvPl7iUK0mwsaqHrZ/pQVLdrdTSm9tM=,tag:/2vQLyL/WmR02kWO3GHGNA==,type:str]
pgp:
- created_at: "2023-12-29T19:12:08Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA29thaGx06tOAQ//bMYIEq2Iwerw6y06vvpC1GPCr+lqe96ascw8MRxzObYJ
DMW/ZK/BoTFDjIKcUfrKDUj/RU+qX2Q3YMYn5mzDWozLoquJLUDU9iMnD0hhjYmE
nayUvXH8r+mqqOA7hhhNoFim0QkVUNjdZaZ46k6iD6a3PYp1Hn/Lpc53kgnsYxxh
p/Qf5glo5IuShZAbgZHyLyj02YKTzPmItKX1Z5/nAx4oMjstv4eCABCauNM5QRoQ
f9HAUVJql3gce2CFbot28DG8zYwJKhcatfa2PjIYIb6xSpMg4VRCOM/UWRyqdes4
C79QTovTE9+lbP3UBZXGPuHKwRrcbtLUIQYyujNrooXuymWAbzzrR8WmTHQRfuEt
ui6lwJzbxuRcnNF/fIZ2YUCRIlEzGkpJ3PvAqFBLT8Q3GuD8bVfcuulE4EwTTaYq
R/yRtOPRkXdYfLlc1WRzVSg/uRZyNSZXhMD+BUiXxDY1hdMnJ2Z9xBLB0fP+Edd7
yGEbDO16EswZ4gJZviCPs4hWdB/kOKQAvREKomUBUN+d6uEgVGFM3y8xzLfqZUx9
qHspGEpRxSJQruNt//hAFy8bQZCRaWS23Dn+YR95IiZKZIt4dipTaiZWRZXdN3TN
X18vR6fkbVLLlGzl5a/+PCV7N8tdPSD77IvgV3KzVG42XFG2CcJ1ut8l7zmmWTbS
XgHj8lYLbFh2cWBFb/F1dqnHeJ/tTSzTsqyn8jV8f7jKeieUBNMNHugTYDYzeY5j
bvrR4yhICJVYCVNaeRA04cFG0k3/krujqVJ2S5FDd3C25qdT5sJ2sBBcDman3hE=
=d8jh
-----END PGP MESSAGE-----
fp: 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3
unencrypted_suffix: _unencrypted
version: 3.8.1