cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

changes to sops and cleanup script works globally

Browse Source
This commit is contained in:
cnst
2024-08-18 16:24:40 +02:00
parent 9490d52c53
commit 35f731b673
11 changed files with 155 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

109
home/modules/userd/sops/default.nix
View File

@@ -5,60 +5,34 @@
config, config,
... ...
}: let }: let
defaultConfig = { inherit (lib) mkIf mkEnableOption mkOption;
age = {sshKeyPaths = ["/home/cnst/.ssh/id_ed25519"];};
defaultSopsFile = "${self}/secrets/cnst-secrets.yaml";
secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/cnst-secrets.yaml";
};
ssh_user = {
format = "yaml";
sopsFile = "${self}/secrets/cnst-secrets.yaml";
};
};
};
userSpecificConfig = lib.mkMerge [
(lib.mkIf (config.home.username == "toothpick") {
age = {sshKeyPaths = ["/home/toothpick/.ssh/id_ed25519"];};
defaultSopsFile = "${self}/secrets/toothpick-secrets.yaml";
secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/toothpick-secrets.yaml";
};
ssh_user = {
format = "yaml";
sopsFile = "${self}/secrets/toothpick-secrets.yaml";
};
};
})
(lib.mkIf (config.home.username == "adam") {
age = {sshKeyPaths = ["/home/adam/.ssh/id_ed25519"];};
defaultSopsFile = "${self}/secrets/adam-secrets.yaml";
secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/adam-secrets.yaml";
};
ssh_user = {
format = "yaml";
sopsFile = "${self}/secrets/adam-secrets.yaml";
};
};
})
];
inherit (lib) mkIf mkEnableOption;
cfg = config.modules.userd.sops; cfg = config.modules.userd.sops;
in { in {
imports = [ imports = [
inputs.sops-nix.homeManagerModules.sops inputs.sops-nix.homeManagerModules.sops
]; ];
options = { options = {
modules.userd.sops.enable = mkEnableOption "Enables sops home environment"; modules.userd.sops = {
enable = mkEnableOption "Enables sops home environment";
cnst = mkOption {
type = lib.types.bool;
default = false;
description = "Apply cnst sops settings";
}; };
toothpick = mkOption {
type = lib.types.bool;
default = false;
description = "Apply toothpick sops settings";
};
adam = mkOption {
type = lib.types.bool;
default = false;
description = "Apply adam sops settings";
};
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
sops = lib.mkMerge [ sops = lib.mkMerge [
{ {
@@ -67,8 +41,45 @@ in {
sshKeyPaths = []; sshKeyPaths = [];
}; };
} }
defaultConfig (mkIf cfg.cnst {
userSpecificConfig age = {sshKeyPaths = ["/home/cnst/.ssh/id_ed25519"];};
secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/cnst-secrets.yaml";
};
ssh_user = {
format = "yaml";
sopsFile = "${self}/secrets/cnst-secrets.yaml";
};
};
})
(mkIf cfg.toothpick {
age = {sshKeyPaths = ["/home/toothpick/.ssh/id_ed25519"];};
secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/toothpick-secrets.yaml";
};
ssh_user = {
format = "yaml";
sopsFile = "${self}/secrets/toothpick-secrets.yaml";
};
};
})
(mkIf cfg.adam {
age = {sshKeyPaths = ["/home/adam/.ssh/id_ed25519"];};
secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/adam-secrets.yaml";
};
ssh_user = {
format = "yaml";
sopsFile = "${self}/secrets/adam-secrets.yaml";
};
};
})
]; ];
}; };
} }

5
home/users/adam/modules.nix
View File

@@ -22,7 +22,10 @@
zellij.enable = false; zellij.enable = false;
}; };
userd = { userd = {
sops.enable = false; sops = {
enable = false;
adam = false;
};
copyq.enable = true; copyq.enable = true;
mako.enable = true; mako.enable = true;
udiskie.enable = true; udiskie.enable = true;

10
home/users/adam/shell.nix
View File

@@ -11,14 +11,14 @@
umod = "nvim /home/adam/.nix-config/home/users/adam/modules.nix"; umod = "nvim /home/adam/.nix-config/home/users/adam/modules.nix";
systemmodules = "nvim /home/adam/.nix-config/hosts/adampad/modules.nix"; systemmodules = "nvim /home/adam/.nix-config/hosts/adampad/modules.nix";
smod = "nvim /home/adam/.nix-config/hosts/adampad/modules.nix"; smod = "nvim /home/adam/.nix-config/hosts/adampad/modules.nix";
nixclean = "sudo nix run .#cleanup-boot"; nixclean = "sudo nix run /home/adam/.nix-config#cleanup-boot";
nixdev = "nix develop ~/.nix-config -c $SHELL"; nixdev = "nix develop ~/.nix-config -c $SHELL";
nixconfig = "cd /home/adam/.nix-config/"; nixconfig = "cd /home/adam/.nix-config/";
ll = "ls -l"; ll = "ls -l";
nixupdate = "nh os switch -v -H adampad && sudo nix run .#cleanup-boot"; nixupdate = "nh os switch -v -H adampad && sudo nix run /home/adam/.nix-config#cleanup-boot";
nixup = "nh os switch -H adampad && sudo nix run .#cleanup-boot"; nixup = "nh os switch -H adampad && sudo nix run /home/adam/.nix-config#cleanup-boot";
flakeupdate = "nh os switch -u -v -H adampad && sudo nix run .#cleanup-boot"; flakeupdate = "nh os switch -u -v -H adampad && sudo nix run /home/adam/.nix-config#cleanup-boot";
flakeup = "nh os switch -u -H adampad && sudo nix run .#cleanup-boot"; flakeup = "nh os switch -u -H adampad && sudo nix run /home/adam/.nix-config#cleanup-boot";
}; };
history = { history = {
size = 1000; size = 1000;

5
home/users/cnst/modules.nix
View File

@@ -22,7 +22,10 @@
zellij.enable = false; zellij.enable = false;
}; };
userd = { userd = {
sops.enable = true; sops = {
enable = true;
cnst = true;
};
copyq.enable = true; copyq.enable = true;
mako.enable = true; mako.enable = true;
udiskie.enable = true; udiskie.enable = true;

10
home/users/cnst/shell.nix
View File

@@ -11,14 +11,14 @@
umod = "nvim /home/cnst/.nix-config/home/users/cnst/modules.nix"; umod = "nvim /home/cnst/.nix-config/home/users/cnst/modules.nix";
systemmodules = "nvim /home/cnst/.nix-config/hosts/cnix/modules.nix"; systemmodules = "nvim /home/cnst/.nix-config/hosts/cnix/modules.nix";
smod = "nvim /home/cnst/.nix-config/hosts/cnix/modules.nix"; smod = "nvim /home/cnst/.nix-config/hosts/cnix/modules.nix";
nixclean = "sudo nix run .#cleanup-boot"; nixclean = "sudo nix run /home/cnst/.nix-config#cleanup-boot";
nixdev = "nix develop ~/.nix-config -c $SHELL"; nixdev = "nix develop ~/.nix-config -c $SHELL";
nixconfig = "cd /home/cnst/.nix-config/"; nixconfig = "cd /home/cnst/.nix-config/";
ll = "ls -l"; ll = "ls -l";
nixupdate = "nh os switch -v -H cnix && sudo nix run .#cleanup-boot"; nixupdate = "nh os switch -v -H cnix && sudo nix run /home/cnst/.nix-config#cleanup-boot";
nixup = "nh os switch -H cnix && sudo nix run .#cleanup-boot"; nixup = "nh os switch -H cnix && sudo nix run /home/cnst/.nix-config#cleanup-boot";
flakeupdate = "nh os switch -u -v -H cnix && sudo nix run .#cleanup-boot"; flakeupdate = "nh os switch -u -v -H cnix && sudo nix run /home/cnst/.nix-config#cleanup-boot";
flakeup = "nh os switch -u -H cnix && sudo nix run .#cleanup-boot"; flakeup = "nh os switch -u -H cnix && sudo nix run /home/cnst/.nix-config#cleanup-boot";
}; };
history = { history = {
size = 1000; size = 1000;

5
home/users/toothpick/modules.nix
View File

@@ -22,7 +22,10 @@
zellij.enable = false; zellij.enable = false;
}; };
userd = { userd = {
sops.enable = false; sops = {
enable = false;
toothpick = false;
};
copyq.enable = true; copyq.enable = true;
mako.enable = true; mako.enable = true;
udiskie.enable = true; udiskie.enable = true;

10
home/users/toothpick/shell.nix
View File

@@ -11,14 +11,14 @@
umod = "nvim /home/toothpick/.nix-config/home/users/toothpick/modules.nix"; umod = "nvim /home/toothpick/.nix-config/home/users/toothpick/modules.nix";
systemmodules = "nvim /home/toothpick/.nix-config/hosts/toothpc/modules.nix"; systemmodules = "nvim /home/toothpick/.nix-config/hosts/toothpc/modules.nix";
smod = "nvim /home/toothpick/.nix-config/hosts/toothpc/modules.nix"; smod = "nvim /home/toothpick/.nix-config/hosts/toothpc/modules.nix";
nixclean = "sudo nix run .#cleanup-boot"; nixclean = "sudo nix run /home/toothpick/.nix-config#cleanup-boot";
nixdev = "nix develop ~/.nix-config -c $SHELL"; nixdev = "nix develop ~/.nix-config -c $SHELL";
nixconfig = "cd /home/toothpick/.nix-config/"; nixconfig = "cd /home/toothpick/.nix-config/";
ll = "ls -l"; ll = "ls -l";
nixupdate = "nh os switch -v -H toothpc && sudo nix run .#cleanup-boot"; nixupdate = "nh os switch -v -H toothpc && sudo nix run /home/toothpick/.nix-config#cleanup-boot";
nixup = "nh os switch -H toothpc && sudo nix run .#cleanup-boot"; nixup = "nh os switch -H toothpc && sudo nix run /home/toothpick/.nix-config#cleanup-boot";
flakeupdate = "nh os switch -u -v -H toothpc && sudo nix run .#cleanup-boot"; flakeupdate = "nh os switch -u -v -H toothpc && sudo nix run /home/toothpick/.nix-config#cleanup-boot";
flakeup = "nh os switch -u -H toothpc && sudo nix run .#cleanup-boot"; flakeup = "nh os switch -u -H toothpc && sudo nix run /home/toothpick/.nix-config#cleanup-boot";
}; };
history = { history = {
size = 1000; size = 1000;

5
hosts/adampad/modules.nix
View File

@@ -50,7 +50,10 @@
pipewire.enable = true; pipewire.enable = true;
powerd.enable = true; powerd.enable = true;
samba.enable = false; samba.enable = false;
sops.enable = false; sops = {
enable = false;
adampad = false;
};
ssh.enable = true; ssh.enable = true;
udisks.enable = true; udisks.enable = true;
xserver.amd.enable = true; xserver.amd.enable = true;

5
hosts/cnix/modules.nix
View File

@@ -50,7 +50,10 @@
pipewire.enable = true; pipewire.enable = true;
powerd.enable = true; powerd.enable = true;
samba.enable = false; samba.enable = false;
sops.enable = true; sops = {
enable = true;
cnix = true;
};
ssh.enable = true; ssh.enable = true;
udisks.enable = true; udisks.enable = true;
xserver.amd.hhkbse.enable = true; xserver.amd.hhkbse.enable = true;

5
hosts/toothpc/modules.nix
View File

@@ -50,7 +50,10 @@
pipewire.enable = true; pipewire.enable = true;
powerd.enable = true; powerd.enable = true;
samba.enable = false; samba.enable = false;
sops.enable = false; sops = {
enable = false;
toothpc = false;
};
ssh.enable = true; ssh.enable = true;
udisks.enable = true; udisks.enable = true;
xserver.nvidia.enable = true; xserver.nvidia.enable = true;

101
system/modules/sysd/sops/default.nix
View File

@@ -5,54 +5,30 @@
self, self,
... ...
}: let }: let
defaultConfig = { inherit (lib) mkIf mkEnableOption mkOption;
defaultSopsFile = "${self}/secrets/cnix-secrets.yaml"; cfg = config.modules.sysd.sops;
secrets = { in {
openai_api_key = { options = {
format = "yaml"; modules.sysd.sops = {
sopsFile = "${self}/secrets/cnix-secrets.yaml"; enable = mkEnableOption "Enables sops system environment";
cnix = mkOption {
type = lib.types.bool;
default = false;
description = "Apply cnix sops settings";
}; };
ssh_host = { toothpc = mkOption {
format = "yaml"; type = lib.types.bool;
sopsFile = "${self}/secrets/cnix-secrets.yaml"; default = false;
description = "Apply toothpc sops settings";
};
adampad = mkOption {
type = lib.types.bool;
default = false;
description = "Apply adampad sops settings";
}; };
}; };
}; };
hostSpecificConfig = lib.mkMerge [
(lib.mkIf (config.networking.hostName == "toothpc") {
defaultSopsFile = "${self}/secrets/toothpc-secrets.yaml";
secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/toothpc-secrets.yaml";
};
ssh_host = {
format = "yaml";
sopsFile = "${self}/secrets/toothpc-secrets.yaml";
};
};
})
(lib.mkIf (config.networking.hostName == "adampad") {
defaultSopsFile = "${self}/secrets/adampad-secrets.yaml";
secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/adampad-secrets.yaml";
};
ssh_host = {
format = "yaml";
sopsFile = "${self}/secrets/adampad-secrets.yaml";
};
};
})
];
inherit (lib) mkIf mkEnableOption;
cfg = config.modules.sysd.sops;
in {
options = {
modules.sysd.sops.enable = mkEnableOption "Enables sops";
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
sops = lib.mkMerge [ sops = lib.mkMerge [
{ {
@@ -62,9 +38,44 @@ in {
sshKeyPaths = []; sshKeyPaths = [];
}; };
} }
defaultConfig (mkIf cfg.cnix {
hostSpecificConfig secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/cnix-secrets.yaml";
};
ssh_host = {
format = "yaml";
sopsFile = "${self}/secrets/cnix-secrets.yaml";
};
};
})
(mkIf cfg.toothpc {
secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/toothpc-secrets.yaml";
};
ssh_host = {
format = "yaml";
sopsFile = "${self}/secrets/toothpc-secrets.yaml";
};
};
})
(mkIf cfg.adampad {
secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/adampad-secrets.yaml";
};
ssh_host = {
format = "yaml";
sopsFile = "${self}/secrets/adampad-secrets.yaml";
};
};
})
]; ];
environment.systemPackages = [ environment.systemPackages = [
pkgs.sops pkgs.sops
pkgs.age pkgs.age