cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

replacing sops with agenix

Browse Source
This commit is contained in:
cnst
2024-08-30 13:08:18 +02:00
parent 6befe2e0fe
commit 963a579d89
24 changed files with 603 additions and 607 deletions
Download Patch File Download Diff File Expand all files Collapse all files

162
flake.lock generated
View File

@@ -1,11 +1,32 @@
{ {
"nodes": { "nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1723293904,
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
"owner": "ryantm",
"repo": "agenix",
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"ags": { "ags": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"systems": "systems" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1721306136, "lastModified": 1721306136,
@@ -24,8 +45,8 @@
"anyrun": { "anyrun": {
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs_2",
"systems": "systems_2" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1721135360, "lastModified": 1721135360,
@@ -95,10 +116,10 @@
"compare-to": "compare-to", "compare-to": "compare-to",
"fenix": "fenix", "fenix": "fenix",
"flake-schemas": "flake-schemas", "flake-schemas": "flake-schemas",
"home-manager": "home-manager", "home-manager": "home-manager_2",
"jovian": "jovian", "jovian": "jovian",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_3",
"systems": "systems_3", "systems": "systems_4",
"yafas": "yafas" "yafas": "yafas"
}, },
"locked": { "locked": {
@@ -149,6 +170,28 @@
"type": "github" "type": "github"
} }
}, },
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"devshell": { "devshell": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -434,7 +477,7 @@
}, },
"flake-utils_2": { "flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems_4" "systems": "systems_5"
}, },
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1710146030,
@@ -472,7 +515,7 @@
}, },
"flake-utils_4": { "flake-utils_4": {
"inputs": { "inputs": {
"systems": "systems_6" "systems": "systems_7"
}, },
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1710146030,
@@ -623,6 +666,27 @@
} }
}, },
"home-manager": { "home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"chaotic", "chaotic",
@@ -643,7 +707,7 @@
"type": "github" "type": "github"
} }
}, },
"home-manager_2": { "home-manager_3": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixvim", "nixvim",
@@ -700,8 +764,8 @@
"hyprlang": "hyprlang", "hyprlang": "hyprlang",
"hyprutils": "hyprutils", "hyprutils": "hyprutils",
"hyprwayland-scanner": "hyprwayland-scanner", "hyprwayland-scanner": "hyprwayland-scanner",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_4",
"systems": "systems_5", "systems": "systems_6",
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
@@ -907,7 +971,7 @@
"crane": "crane", "crane": "crane",
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_3",
"flake-parts": "flake-parts_3", "flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_5",
"pre-commit-hooks-nix": "pre-commit-hooks-nix", "pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
@@ -946,7 +1010,7 @@
}, },
"microfetch": { "microfetch": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_5" "nixpkgs": "nixpkgs_6"
}, },
"locked": { "locked": {
"lastModified": 1723918449, "lastModified": 1723918449,
@@ -1072,11 +1136,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1717196966, "lastModified": 1703013332,
"narHash": "sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0=", "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "57610d2f8f0937f39dbd72251e9614b1561942d8", "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1150,6 +1214,22 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1717196966,
"narHash": "sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "57610d2f8f0937f39dbd72251e9614b1561942d8",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1724479785, "lastModified": 1724479785,
"narHash": "sha256-pP3Azj5d6M5nmG68Fu4JqZmdGt4S4vqI5f8te+E/FTw=", "narHash": "sha256-pP3Azj5d6M5nmG68Fu4JqZmdGt4S4vqI5f8te+E/FTw=",
@@ -1165,7 +1245,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1724224976, "lastModified": 1724224976,
"narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=", "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=",
@@ -1181,7 +1261,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1722264024, "lastModified": 1722264024,
"narHash": "sha256-gomyYQrlOltr2/prDRikRDQoPz+J5Qq6SEJrqVC5x2c=", "narHash": "sha256-gomyYQrlOltr2/prDRikRDQoPz+J5Qq6SEJrqVC5x2c=",
@@ -1197,7 +1277,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_5": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1722719969, "lastModified": 1722719969,
"narHash": "sha256-E47qbT/mRtBCSZra+9S9208sp/QnNeOAq7EhHX+eMNE=", "narHash": "sha256-E47qbT/mRtBCSZra+9S9208sp/QnNeOAq7EhHX+eMNE=",
@@ -1212,7 +1292,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_6": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1724819573, "lastModified": 1724819573,
"narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=", "narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=",
@@ -1228,7 +1308,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_7": { "nixpkgs_8": {
"locked": { "locked": {
"lastModified": 1724819573, "lastModified": 1724819573,
"narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=", "narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=",
@@ -1250,9 +1330,9 @@
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_4",
"flake-parts": "flake-parts_4", "flake-parts": "flake-parts_4",
"git-hooks": "git-hooks", "git-hooks": "git-hooks",
"home-manager": "home-manager_2", "home-manager": "home-manager_3",
"nix-darwin": "nix-darwin", "nix-darwin": "nix-darwin",
"nixpkgs": "nixpkgs_7", "nixpkgs": "nixpkgs_8",
"nuschtosSearch": "nuschtosSearch", "nuschtosSearch": "nuschtosSearch",
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
@@ -1321,6 +1401,7 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix",
"ags": "ags", "ags": "ags",
"anyrun": "anyrun", "anyrun": "anyrun",
"chaotic": "chaotic", "chaotic": "chaotic",
@@ -1339,11 +1420,11 @@
"microfetch": "microfetch", "microfetch": "microfetch",
"nix-gaming": "nix-gaming", "nix-gaming": "nix-gaming",
"nixpak": "nixpak", "nixpak": "nixpak",
"nixpkgs": "nixpkgs_6", "nixpkgs": "nixpkgs_7",
"nixpkgs-small": "nixpkgs-small", "nixpkgs-small": "nixpkgs-small",
"nixvim": "nixvim", "nixvim": "nixvim",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"systems": "systems_7" "systems": "systems_8"
} }
}, },
"rust-analyzer-src": { "rust-analyzer-src": {
@@ -1424,16 +1505,16 @@
}, },
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1689347949, "lastModified": 1681028828,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems", "owner": "nix-systems",
"repo": "default-linux", "repo": "default",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-systems", "owner": "nix-systems",
"repo": "default-linux", "repo": "default",
"type": "github" "type": "github"
} }
}, },
@@ -1468,6 +1549,21 @@
} }
}, },
"systems_4": { "systems_4": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_5": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -1482,7 +1578,7 @@
"type": "github" "type": "github"
} }
}, },
"systems_5": { "systems_6": {
"locked": { "locked": {
"lastModified": 1689347949, "lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@@ -1497,7 +1593,7 @@
"type": "github" "type": "github"
} }
}, },
"systems_6": { "systems_7": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -1512,7 +1608,7 @@
"type": "github" "type": "github"
} }
}, },
"systems_7": { "systems_8": {
"locked": { "locked": {
"lastModified": 1689347949, "lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",

5
flake.nix
View File

@@ -89,10 +89,7 @@
}; };
anyrun.url = "github:anyrun-org/anyrun"; anyrun.url = "github:anyrun-org/anyrun";
microfetch.url = "github:NotAShelf/microfetch"; microfetch.url = "github:NotAShelf/microfetch";
sops-nix = { agenix.url = "github:ryantm/agenix";
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
ags = { ags = {
url = "github:Aylur/ags"; url = "github:Aylur/ags";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";

1
home/modules/default.nix
View File

@@ -13,7 +13,6 @@
"${userModules}/terminal/zellij" "${userModules}/terminal/zellij"
"${userModules}/userd/copyq" "${userModules}/userd/copyq"
"${userModules}/userd/mako" "${userModules}/userd/mako"
"${userModules}/userd/sops"
"${userModules}/userd/udiskie" "${userModules}/userd/udiskie"
"${userModules}/utils/ags" "${userModules}/utils/ags"
"${userModules}/utils/anyrun" "${userModules}/utils/anyrun"

77
home/modules/userd/sops/default.nix
View File

@@ -1,77 +0,0 @@
{
inputs,
self,
lib,
config,
...
}: let
inherit (lib) mkIf mkEnableOption mkOption;
cfg = config.modules.userd.sops;
in {
imports = [
inputs.sops-nix.homeManagerModules.sops
];
options = {
modules.userd.sops = {
enable = mkEnableOption "Enables sops home environment";
cnst.enable = mkOption {
type = lib.types.bool;
default = false;
description = "Apply cnst sops settings";
};
toothpick.enable = mkOption {
type = lib.types.bool;
default = false;
description = "Apply toothpick sops settings";
};
adam.enable = mkOption {
type = lib.types.bool;
default = false;
description = "Apply adam sops settings";
};
};
};
config = mkIf cfg.enable {
sops = lib.mkMerge [
{
gnupg = {
home = "~/.gnupg";
sshKeyPaths = [];
};
}
(mkIf cfg.cnst.enable {
age = {sshKeyPaths = ["/home/cnst/.ssh/id_ed25519"];};
secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/cnst-secrets.yaml";
};
ssh_user = {
format = "yaml";
sopsFile = "${self}/secrets/cnst-secrets.yaml";
};
};
})
(mkIf cfg.toothpick.enable {
age = {sshKeyPaths = ["/home/toothpick/.ssh/id_ed25519"];};
secrets = {
ssh_user = {
format = "yaml";
# sopsFile = "${self}/secrets/toothpick-secrets.yaml";
};
};
})
(mkIf cfg.adam.enable {
age = {sshKeyPaths = ["/home/adam/.ssh/id_ed25519"];};
secrets = {
ssh_user = {
format = "yaml";
sopsFile = "${self}/secrets/adam-secrets.yaml";
};
};
})
];
};
}

178
home/users/cnst/modules.nix
View File

@@ -1,76 +1,160 @@
{ {
modules = { modules = {
browsers = { browsers = {
firefox.enable = true; firefox = {
chromium.enable = false; enable = true;
};
chromium = {
enable = false;
};
}; };
comm = { comm = {
discord.enable = true; discord = {
enable = true;
};
}; };
devtools = { devtools = {
nixvim = { nixvim = {
enable = true; enable = true;
plugins = { plugins = {
barbar.enable = true; barbar = {
comment.enable = true; enable = true;
conform-nvim.enable = true; };
copilot.enable = true; comment = {
efm.enable = true; enable = true;
floaterm.enable = false; };
harpoon.enable = false; conform-nvim = {
lsp.enable = true; enable = true;
lualine.enable = true; };
markdown-preview.enable = true; copilot = {
neo-tree.enable = true; enable = true;
none-ls.enable = true; };
rustaceanvim.enable = true; efm = {
startify.enable = true; enable = true;
tagbar.enable = false; };
telescope.enable = true; floaterm = {
treesitter.enable = true; enable = false;
vimtex.enable = false; };
yanky.enable = false; harpoon = {
enable = false;
};
lsp = {
enable = true;
};
lualine = {
enable = true;
};
markdown-preview = {
enable = true;
};
neo-tree = {
enable = true;
};
none-ls = {
enable = true;
};
rustaceanvim = {
enable = true;
};
startify = {
enable = true;
};
tagbar = {
enable = false;
};
telescope = {
enable = true;
};
treesitter = {
enable = true;
};
vimtex = {
enable = false;
};
yanky = {
enable = false;
};
}; };
}; };
vscode.enable = false; vscode = {
enable = false;
};
}; };
gaming = { gaming = {
lutris.enable = false; lutris = {
mangohud.enable = false; enable = false;
};
mangohud = {
enable = false;
};
}; };
terminal = { terminal = {
alacritty.enable = true; alacritty = {
foot.enable = true; enable = true;
kitty.enable = true; };
zellij.enable = false; foot = {
enable = true;
};
kitty = {
enable = true;
};
zellij = {
enable = false;
};
}; };
userd = { userd = {
sops = { copyq = {
enable = false; enable = true;
cnst.enable = false; };
mako = {
enable = true;
};
udiskie = {
enable = true;
}; };
copyq.enable = true;
mako.enable = true;
udiskie.enable = true;
}; };
utils = { utils = {
ags.enable = false; ags = {
anyrun.enable = false; enable = false;
rofi.enable = false; };
waybar.enable = true; anyrun = {
yazi.enable = true; enable = false;
misc.enable = true; };
rofi = {
enable = false;
};
waybar = {
enable = true;
};
yazi = {
enable = true;
};
misc = {
enable = true;
};
}; };
wm = { wm = {
hyprland = { hyprland = {
cnst.enable = true; cnst = {
toothpick.enable = false; enable = true;
adam.enable = false; };
toothpick = {
enable = false;
};
adam = {
enable = false;
};
}; };
utils = { utils = {
hypridle.enable = true; hypridle = {
hyprlock.enable = true; enable = true;
hyprpaper.enable = true; };
hyprlock = {
enable = true;
};
hyprpaper = {
enable = true;
};
}; };
}; };
}; };

166
hosts/cnix/modules.nix
View File

@@ -1,71 +1,145 @@
{ {
modules = { modules = {
gaming = { gaming = {
steam.enable = true; steam = {
gamescope.enable = true; enable = true;
lutris.enable = true; };
gamescope = {
enable = true;
};
lutris = {
enable = true;
};
gamemode = { gamemode = {
enable = true; enable = true;
optimizeGpu = true; optimizeGpu = {
enable = true;
};
}; };
}; };
gui = { gui = {
gnome.enable = false; gnome = {
hyprland.enable = true; enable = false;
}; };
hardware = { hyprland = {
bluetooth.enable = true; enable = true;
logitech.enable = true;
graphics = {
amd.enable = true;
nvidia.enable = false;
}; };
}; };
network = { hardware = {
enable = true; bluetooth = {
hostName = "cnix"; enable = true;
interfaces = { };
"enp7s0" = { logitech = {
allowedTCPPorts = [22 80 443]; enable = true;
};
graphics = {
amd = {
enable = true;
};
nvidia = {
enable = false;
};
};
network = {
enable = true;
hostName = "cnix";
interfaces = {
"enp7s0" = {
allowedTCPPorts = [22 80 443];
};
}; };
}; };
}; };
studio = { studio = {
blender = { blender = {
enable = false; enable = false;
hip = false; hip = {
enable = false;
};
};
gimp = {
enable = true;
};
inkscape = {
enable = true;
}; };
gimp.enable = true;
inkscape.enable = true;
}; };
sysd = { sysd = {
blueman.enable = true; blueman = {
dbus.enable = true; enable = true;
fwupd.enable = true; };
gnome-keyring.enable = true; dbus = {
greetd.enable = true; enable = true;
gvfs.enable = true; };
locate.enable = true; fwupd = {
mullvad.enable = true; enable = true;
pipewire.enable = true; };
powerd.enable = true; gnome-keyring = {
samba.enable = false; enable = true;
sops = { };
enable = false; greetd = {
cnix.enable = false; enable = true;
};
gvfs = {
enable = true;
};
locate = {
enable = true;
};
mullvad = {
enable = true;
};
pipewire = {
enable = true;
};
powerd = {
enable = true;
};
samba = {
enable = false;
};
ssh = {
enable = true;
};
udisks = {
enable = true;
};
xserver = {
amd = {
hhkbse = {
enable = true;
};
};
}; };
ssh.enable = true;
udisks.enable = true;
xserver.amd.hhkbse.enable = true;
}; };
utils = { utils = {
android.enable = true; agenix = {
anyrun.enable = true; enable = true;
corectrl.enable = true; cnix = {
microfetch.enable = true; enable = true;
nix-ld.enable = false; };
misc.enable = true; };
npm.enable = true; android = {
enable = true;
};
anyrun = {
enable = true;
};
corectrl = {
enable = true;
};
microfetch = {
enable = true;
};
nix-ld = {
enable = false;
};
misc = {
enable = true;
};
npm = {
enable = true;
};
}; };
}; };
} }

159
hosts/default.nix
View File

@@ -1,89 +1,88 @@
# Yanked from fufexan! # Yanked from fufexan!
{ inputs {
, homeImports inputs,
, self homeImports,
, ... self,
...
}: { }: {
flake.nixosConfigurations = flake.nixosConfigurations = let
let # custom paths
# custom paths userConfig = "${self}/home";
userConfig = "${self}/home"; systemConfig = "${self}/system";
systemConfig = "${self}/system"; hostConfig = "${self}/hosts";
hostConfig = "${self}/hosts";
cnstConfig = "${self}/home/users/cnst"; cnstConfig = "${self}/home/users/cnst";
toothpickConfig = "${self}/home/users/toothpick"; toothpickConfig = "${self}/home/users/toothpick";
adamConfig = "${self}/home/users/adam"; adamConfig = "${self}/home/users/adam";
userModules = "${self}/home/modules"; userModules = "${self}/home/modules";
systemModules = "${self}/system/modules"; systemModules = "${self}/system/modules";
# shorten paths # shorten paths
inherit (inputs.nixpkgs.lib) nixosSystem; inherit (inputs.nixpkgs.lib) nixosSystem;
mod = "${systemConfig}"; mod = "${systemConfig}";
# get the basic config to build on top of # get the basic config to build on top of
inherit (import "${systemConfig}") shared; inherit (import "${systemConfig}") shared;
# get these into the module system # get these into the module system
specialArgs = { inherit inputs self userConfig systemConfig hostConfig cnstConfig toothpickConfig adamConfig userModules systemModules; }; specialArgs = {inherit inputs self userConfig systemConfig hostConfig cnstConfig toothpickConfig adamConfig userModules systemModules;};
in in {
{ cnix = nixosSystem {
cnix = nixosSystem { inherit specialArgs;
inherit specialArgs; modules =
modules = shared
shared ++ [
++ [ ./cnix
./cnix "${mod}/boot/lanzaboote"
"${mod}/boot/lanzaboote" "${mod}/nix/nh/cnix"
"${mod}/nix/nh/cnix" {
{ home-manager = {
home-manager = { users.cnst.imports = homeImports."cnst@cnix";
users.cnst.imports = homeImports."cnst@cnix"; extraSpecialArgs = specialArgs;
extraSpecialArgs = specialArgs; };
}; }
} inputs.chaotic.nixosModules.default
inputs.chaotic.nixosModules.default inputs.agenix.nixosModules.default
inputs.sops-nix.nixosModules.sops (import "${mod}/dev")
(import "${mod}/dev") ];
];
};
toothpc = nixosSystem {
inherit specialArgs;
modules =
shared
++ [
./toothpc
"${mod}/boot/lanzaboote"
"${mod}/nix/nh/toothpc"
{
home-manager = {
users.toothpick.imports = homeImports."toothpick@toothpc";
extraSpecialArgs = specialArgs;
};
}
inputs.chaotic.nixosModules.default
inputs.sops-nix.nixosModules.sops
(import "${mod}/dev")
];
};
adampad = nixosSystem {
inherit specialArgs;
modules =
shared
++ [
./adampad
"${mod}/boot"
"${mod}/nix/nh/adampad"
{
home-manager = {
users.adam.imports = homeImports."adam@adampad";
extraSpecialArgs = specialArgs;
};
}
inputs.chaotic.nixosModules.default
inputs.sops-nix.nixosModules.sops
];
};
}; };
toothpc = nixosSystem {
inherit specialArgs;
modules =
shared
++ [
./toothpc
"${mod}/boot/lanzaboote"
"${mod}/nix/nh/toothpc"
{
home-manager = {
users.toothpick.imports = homeImports."toothpick@toothpc";
extraSpecialArgs = specialArgs;
};
}
inputs.chaotic.nixosModules.default
inputs.agenix.nixosModules.default
(import "${mod}/dev")
];
};
adampad = nixosSystem {
inherit specialArgs;
modules =
shared
++ [
./adampad
"${mod}/boot"
"${mod}/nix/nh/adampad"
{
home-manager = {
users.adam.imports = homeImports."adam@adampad";
extraSpecialArgs = specialArgs;
};
}
inputs.chaotic.nixosModules.default
inputs.agenix.nixosModules.default
];
};
};
} }

31
secrets/adam-secrets.yaml
View File

@@ -1,31 +0,0 @@
openai_api_key: ENC[AES256_GCM,data:91O7UcISvIJ6fzZxxj6y/6T7KT04tu4dIsWfVgdqt9/JzplA734lTIixRNmYSxmhgVNCyX2pJn0WO1yH7uEsSj2CHyJxVGAL6h+7zqYFo/UxbXAWy9u1hSfAS0BL6WEXrlVzqdt9JGz0lBTK4qFyuXnnSzhPVG2qQGhenmEq1+UkqdY9,iv:rfyekHDh8UUvbcXgPsfsKA6AjO2z5XSGpeHpwpiuSXw=,tag:dHZhfWoO/e4ZUfSAEOxq0A==,type:str]
ssh_user: ENC[AES256_GCM,data:u6YjlfDAX1zEO5Zd6SYn3C3q/H8knUwMT8Xv4d0YbYnVrainntukSKwO5jwUMay+BfgkWfRBil0/mqxBZjS1E+we3iDxYHTLLWXjQ2QJTzrVJHpu1MFcvYPfjQsocS96i6V8N/eH2fNIjSmys4uBxrLlnlsA3nuC4kvk/6rAq7ndp27eyQH/rx7iorMvyMtfRcKTOSCQNlaHu2WLtH6rxcUg8c+zYhlPR1OkM6I7tWrrw/48Bj7USjdXyNXM18qX05/EetkZdM6vHDWWPYTfVEnoP3K8zjgWXwoX/3amNgvX2wQYS8eSGxdLA5hCvKi1ytl3aEr+QjYn3X+qkqtdk6cvMnx6nyotMWpoJdnaRQqarB3gh0kHWCRjs0ALsWyvn7ShUXYOT3fflX1lXiEjpQp5TbvR+EpB4gicpa60j9s13u43znMqYqnlnGvTGoBXbkz6ZE6EcKXyPq9RuNWyK6X/j3kvAyiemoBkJg4rEURnG2bq9oMMvlZtbp1wkSIAwOPJjuAxOyn7LaQTEaBc,iv:u4AOkMRsT7laSfdYxXSa6LxCmDN2cA1ZBGZMRW/k9A0=,tag:s3r5cNHz02cpXdUrSL1jeQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR
b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm
NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t
YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9
qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2
ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx
NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5
VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct
5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-08T16:21:45Z"
mac: ENC[AES256_GCM,data:HZIfU0PQvr/572g+LhdYWmyO5SBUy0xzK5UcwM1PdKt9xYrcy6vC9Sk9VePR2p9f1rZFdw6B5Y2V/O3DG/L5Ct3xV0jHITgOLWjAFyITAxWV8X7FA8SRW4eusv3wuzFT8fTEXvXf8Y4wGozVrWJJIPMwIHOBzBGhM53YkMYEiXQ=,iv:6kkhKvPCewdSadQNd//hDOH0mY66XGkQSZ0KRgz24j8=,tag:Xpu6cTmi1Kvz5FimULzP7A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

31
secrets/adampad-secrets.yaml
View File

@@ -1,31 +0,0 @@
openai_api_key: ENC[AES256_GCM,data:91O7UcISvIJ6fzZxxj6y/6T7KT04tu4dIsWfVgdqt9/JzplA734lTIixRNmYSxmhgVNCyX2pJn0WO1yH7uEsSj2CHyJxVGAL6h+7zqYFo/UxbXAWy9u1hSfAS0BL6WEXrlVzqdt9JGz0lBTK4qFyuXnnSzhPVG2qQGhenmEq1+UkqdY9,iv:rfyekHDh8UUvbcXgPsfsKA6AjO2z5XSGpeHpwpiuSXw=,tag:dHZhfWoO/e4ZUfSAEOxq0A==,type:str]
ssh_host: ENC[AES256_GCM,data:P2+7Sa7jtbCs67sxBGg03KoEQx91w7ulcMGU0Zlo9IU2mDTqYn4FPL11MjJ0x1yXXmizDPQEdIAdtDTQIuIoM8l3RJf63dx6BqX5KMecT9dEKqP7VtY3ZFQ+vCDVq+VwmRRbZ+uk1B6IxZZ3Do0AQKo9vLWqA/ipZMG/ATvJZmAqs7t3VhKMwc//gCA8/b9bsTyk0BbDrqL8/rfuvY0HT9XvhWGpow8lTOcAzJzbr8FWmQzVQIt/wT3vJK4+guBpZy/beombrVNPYBB2+J/wjidatiIvPJvmgE1UpXn8FzdnXoZTwxgBXWHw05FuenjS448VxYXs7Wx6HRYTk4yjFqnnaNoQ4Y4r1GP5sIgThZT2aTpA3w9v2l7y6U9Ft+cjVURDwk/VvNTCi0WCWdw28C3hYj1jcAs7+M4oqbfLZlEpBC1khCHXyvg7sU5RuEKY59PWRbYIXtFf59Faht7r1mhSWN0A/E45k2ASabaNl28Vfam1xFzoNxGfazchhiL1mQMLyoSjmSZ9vVhtg6te,iv:2Xe6mOFqiEWVql+ZAfztc0OLA1NpG6pYXPXz3+KI2Wg=,tag:auVimKI3E6y8yPt0zTB1JA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR
b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm
NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t
YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9
qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2
ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx
NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5
VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct
5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-08T16:19:05Z"
mac: ENC[AES256_GCM,data:825FfQxusSCBHBWIH3VyAb06C+WAe/El1gUCngTOZe76gjex1yuSnMRoVPdLTIFbBhwpmal1jfyvpkaVaLvEyhj7dfHrDXbL/4Nzt5FFqYXQ+2bqUoP8uu+tMvaMEqJlTZFv/gYkx3RZy256rFqh1VXQuzejqVqX2JqbnUDj8/Q=,iv:/Ivr6tejZaudXZGcSUKDUi8oh6RJTu+84KzygLeP8VA=,tag:1DsD1l7jhKYojQASnevTjQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

31
secrets/cnix-secrets.yaml
View File

@@ -1,31 +0,0 @@
openai_api_key: ENC[AES256_GCM,data:91O7UcISvIJ6fzZxxj6y/6T7KT04tu4dIsWfVgdqt9/JzplA734lTIixRNmYSxmhgVNCyX2pJn0WO1yH7uEsSj2CHyJxVGAL6h+7zqYFo/UxbXAWy9u1hSfAS0BL6WEXrlVzqdt9JGz0lBTK4qFyuXnnSzhPVG2qQGhenmEq1+UkqdY9,iv:rfyekHDh8UUvbcXgPsfsKA6AjO2z5XSGpeHpwpiuSXw=,tag:dHZhfWoO/e4ZUfSAEOxq0A==,type:str]
ssh_host: ENC[AES256_GCM,data:P2+7Sa7jtbCs67sxBGg03KoEQx91w7ulcMGU0Zlo9IU2mDTqYn4FPL11MjJ0x1yXXmizDPQEdIAdtDTQIuIoM8l3RJf63dx6BqX5KMecT9dEKqP7VtY3ZFQ+vCDVq+VwmRRbZ+uk1B6IxZZ3Do0AQKo9vLWqA/ipZMG/ATvJZmAqs7t3VhKMwc//gCA8/b9bsTyk0BbDrqL8/rfuvY0HT9XvhWGpow8lTOcAzJzbr8FWmQzVQIt/wT3vJK4+guBpZy/beombrVNPYBB2+J/wjidatiIvPJvmgE1UpXn8FzdnXoZTwxgBXWHw05FuenjS448VxYXs7Wx6HRYTk4yjFqnnaNoQ4Y4r1GP5sIgThZT2aTpA3w9v2l7y6U9Ft+cjVURDwk/VvNTCi0WCWdw28C3hYj1jcAs7+M4oqbfLZlEpBC1khCHXyvg7sU5RuEKY59PWRbYIXtFf59Faht7r1mhSWN0A/E45k2ASabaNl28Vfam1xFzoNxGfazchhiL1mQMLyoSjmSZ9vVhtg6te,iv:2Xe6mOFqiEWVql+ZAfztc0OLA1NpG6pYXPXz3+KI2Wg=,tag:auVimKI3E6y8yPt0zTB1JA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR
b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm
NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t
YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9
qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2
ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx
NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5
VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct
5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-08T16:19:05Z"
mac: ENC[AES256_GCM,data:825FfQxusSCBHBWIH3VyAb06C+WAe/El1gUCngTOZe76gjex1yuSnMRoVPdLTIFbBhwpmal1jfyvpkaVaLvEyhj7dfHrDXbL/4Nzt5FFqYXQ+2bqUoP8uu+tMvaMEqJlTZFv/gYkx3RZy256rFqh1VXQuzejqVqX2JqbnUDj8/Q=,iv:/Ivr6tejZaudXZGcSUKDUi8oh6RJTu+84KzygLeP8VA=,tag:1DsD1l7jhKYojQASnevTjQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

7
secrets/cnixssh.age Normal file
View File

@@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 13OpUQ DWvImM/f2O9NGvbSWDj4Pw1aPUH+uy7aDZ2SZYx/3XI
KvKxaBlO8CGDMBaLJ9DmOmQPz2EG8aJbxz2giwDSiSk
-> ssh-ed25519 /lVW0g abWBZK+wj2ER9WJe+/WCk0Q8cnFEMEWnK/dwJJF+cx8
t1g/PrGNIqxPdQR5KhdUbHMWPtW7Tohhl1Dy6eASvhE
--- u48Gh9VjkGi56o8tFwkJ++5e4VE82z5ASjO1kgWklH0
<EFBFBD>l|GE<47>:d<>(<28>yt<><74>R*<2A>p<><70>:s7<><37> Q:<3A><><EFBFBD><EFBFBD>]|m<>/<2F><1B>.<2E><>w<EFBFBD><77><EFBFBD>2<EFBFBD>Xv<58><76><70>o<EFBFBD>%<25>{<7B>~qlA<6C><41><EFBFBD>,<2C><>t<EFBFBD>9<17>#<23><>Wa<57><10><>`WTWT<57><54>fNGԫ<01>>X<>U*<2A>о<EFBFBD><D0BE><EFBFBD><EFBFBD>W<16><>s<><73> +<2B>D<EFBFBD><44>2<EFBFBD><32><EFBFBD><EFBFBD><EFBFBD>r<EFBFBD>h<EFBFBD><68>J<EFBFBD><4A><EFBFBD>_<EFBFBD>6<EFBFBD>@<40><><EFBFBD>_%w<>\<03><<3C><>D`^<<3C><>G<EFBFBD><47><EFBFBD><EFBFBD>P<EFBFBD><50>E<EFBFBD>B=I<><49>^<5E><0E>s`Q<><51>#rg:b\U<><55><EFBFBD><EFBFBD><EFBFBD><EFBFBD>*<2A>"V<>7ƶZť><1A><><EFBFBD>D2a"h!<21><>!<21>0N%<25>(<16>fT<66><54><EFBFBD><EFBFBD>x<EFBFBD>/<2F>qJ<13>U<EFBFBD><55><EFBFBD><EFBFBD>d<EFBFBD>)<29><EFBFBD><7F>

31
secrets/cnst-secrets.yaml
View File

@@ -1,31 +0,0 @@
openai_api_key: ENC[AES256_GCM,data:91O7UcISvIJ6fzZxxj6y/6T7KT04tu4dIsWfVgdqt9/JzplA734lTIixRNmYSxmhgVNCyX2pJn0WO1yH7uEsSj2CHyJxVGAL6h+7zqYFo/UxbXAWy9u1hSfAS0BL6WEXrlVzqdt9JGz0lBTK4qFyuXnnSzhPVG2qQGhenmEq1+UkqdY9,iv:rfyekHDh8UUvbcXgPsfsKA6AjO2z5XSGpeHpwpiuSXw=,tag:dHZhfWoO/e4ZUfSAEOxq0A==,type:str]
ssh_user: ENC[AES256_GCM,data:u6YjlfDAX1zEO5Zd6SYn3C3q/H8knUwMT8Xv4d0YbYnVrainntukSKwO5jwUMay+BfgkWfRBil0/mqxBZjS1E+we3iDxYHTLLWXjQ2QJTzrVJHpu1MFcvYPfjQsocS96i6V8N/eH2fNIjSmys4uBxrLlnlsA3nuC4kvk/6rAq7ndp27eyQH/rx7iorMvyMtfRcKTOSCQNlaHu2WLtH6rxcUg8c+zYhlPR1OkM6I7tWrrw/48Bj7USjdXyNXM18qX05/EetkZdM6vHDWWPYTfVEnoP3K8zjgWXwoX/3amNgvX2wQYS8eSGxdLA5hCvKi1ytl3aEr+QjYn3X+qkqtdk6cvMnx6nyotMWpoJdnaRQqarB3gh0kHWCRjs0ALsWyvn7ShUXYOT3fflX1lXiEjpQp5TbvR+EpB4gicpa60j9s13u43znMqYqnlnGvTGoBXbkz6ZE6EcKXyPq9RuNWyK6X/j3kvAyiemoBkJg4rEURnG2bq9oMMvlZtbp1wkSIAwOPJjuAxOyn7LaQTEaBc,iv:u4AOkMRsT7laSfdYxXSa6LxCmDN2cA1ZBGZMRW/k9A0=,tag:s3r5cNHz02cpXdUrSL1jeQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR
b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm
NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t
YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9
qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2
ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx
NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5
VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct
5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-08T16:21:45Z"
mac: ENC[AES256_GCM,data:HZIfU0PQvr/572g+LhdYWmyO5SBUy0xzK5UcwM1PdKt9xYrcy6vC9Sk9VePR2p9f1rZFdw6B5Y2V/O3DG/L5Ct3xV0jHITgOLWjAFyITAxWV8X7FA8SRW4eusv3wuzFT8fTEXvXf8Y4wGozVrWJJIPMwIHOBzBGhM53YkMYEiXQ=,iv:6kkhKvPCewdSadQNd//hDOH0mY66XGkQSZ0KRgz24j8=,tag:Xpu6cTmi1Kvz5FimULzP7A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

9
secrets/cnstssh.age Normal file
View File

@@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 13OpUQ xWN4MH83JSI9xQiufyWTggMxrslw66KS3eLJoXTf7xM
Cyj7IOEPshLeOe5imPEJuYopjqiLDwzPU00ojj3LbqA
-> ssh-ed25519 /lVW0g hGwxsq1sdra4Oh+7N9Y/Oj6vqgwGv/yBYK0ldN+NTRE
9a1xalRU9I1itk6d82vzXAvVAhxUr0xNb5ZAWhyyUBw
--- tYFRpS/yQAncovlTEtCG/EmvrLd6FWS7g75jjSTYqYo
<EFBFBD><EFBFBD><EFBFBD>ēc<EFBFBD>g1^qi<71><<3C>s<EFBFBD><73><18><1E>3%'@<40><>W<EFBFBD><57><EFBFBD>{<02><><EFBFBD>l<EFBFBD><02><>/<2F><>1-5<><35>c<EFBFBD><63><EFBFBD><EFBFBD>F"<16><>a<EFBFBD>#jHJ<48>5<EFBFBD>n<EFBFBD><6E>7<EFBFBD>_<EFBFBD><18><>i<EFBFBD><69> <20>CyG<79>p<>Rx<52><78><EFBFBD> M<><4D>D<EFBFBD> <0C>ժ<EFBFBD>`<60><><EFBFBD><EFBFBD><EFBFBD>/Z<><5A>ae<61><65>v<EFBFBD><76><EFBFBD> <0B><>
l<EFBFBD><EFBFBD>Pђ<><D192><EFBFBD><EFBFBD>j~Mqr-}<7D>KtĆjݞ<>N<EFBFBD><4E># <20><>2<EFBFBD>Q?<07><>A <0B>G;cR<63><52><EFBFBD>f<EFBFBD><66><EFBFBD>`ßS<C39F>0<><05>=<3D><><18><>O<>K<EFBFBD><4B><EFBFBD>I4L
<EFBFBD><EFBFBD><EFBFBD><EFBFBD> }<7D><>|R

8
secrets/secrets.nix Normal file
View File

@@ -0,0 +1,8 @@
let
cnst = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIk/zMuOgZCX+bVCFDHxtoec96RaVfV4iG1Gohp0qHdU cnst@cnix";
cnix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFfRlSRg6vV0rRokzzDWnGZgSaUo0SZaURbxxeYXfm6e root@nixos";
in {
"cnstssh.age".publicKeys = [cnst cnix];
"cnixssh.age".publicKeys = [cnst cnix];
}

30
secrets/toothpc-secrets.yamlbak
View File

@@ -1,30 +0,0 @@
ssh_host: ENC[AES256_GCM,data:j38HDBp0jajrXgz2Wb2C6FmqYlT4L1/bLRDAjfvxLWaO4dQmrzihw8rFZ/LmEzRSJ6RDb+Jvfu8EFR6Fz3tJVpb0BcoWNZFqeVsbOpW8K40QOKed6cK4UdemPQk2gvFbw65ProGtjqeqcUaqgJ2kacM/pAhpELFkPjtJjs39fklXAj5bOb802bdzPuFzDCGtb+cw7DU99R9PARQVMzlY8+KiG0MHeDj71Yx8vhr/t/tngMdEaeiSg2UuiVnCjBJ07EXF8EEA5NNXkGErg2m34iiaa6AuPnrYK15EQdeB/fllt3KXxih1Y9VRswP5Wbson9IdxVCXiXmeryFAbNfRiOD8AYAQrHyvxz5VFL6sN+dOIhnLt9Nc84x5Qw6+S3U0mTAe3YL3nsKO+h39Stn5DQxSRS+1SPp8RfGBh1l/s0HBBR8s1ltME576UfGu+4KNzbPb6J9qwR/YHEr3MDFIoZptlcLAEzvlBNeFGFY58IebTUiw7HqeBAgYOHsH3bRp8rmsEuM5a+537AKhxoFC,iv:gHvgfTBjpQxSGXgwCf6Vrt6eNUJiXmbUvaHk5fMOC7U=,tag:/t+Yi9AC7qgwjzlw+QMhww==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR
b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm
NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t
YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9
qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2
ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx
NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5
VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct
5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-25T18:19:18Z"
mac: ENC[AES256_GCM,data:HMDybe9oiYF2efettIpjssXTNTQTWD9TZsYIVd4OMZwf5f+lZBQHMF0PoUtH6MojBncP5We4DwBrhvlcSaEz1OJHT1t+2UPm6VYjshbuf+Ajst+lI0c7zsk7WiB9K7aPbhQAvnc55144n+EdNx3iiIYmfCu4SCjjNhz33mzlfJM=,iv:yZIqHtnbIHz0AFdQtvJuCb3XnsBGP6eigH39JNM5DiI=,tag:DkfLKJ+pbGPe8AlR6oVqWw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

30
secrets/toothpick-secrets.yamlbak
View File

@@ -1,30 +0,0 @@
ssh_user: ENC[AES256_GCM,data:u6YjlfDAX1zEO5Zd6SYn3C3q/H8knUwMT8Xv4d0YbYnVrainntukSKwO5jwUMay+BfgkWfRBil0/mqxBZjS1E+we3iDxYHTLLWXjQ2QJTzrVJHpu1MFcvYPfjQsocS96i6V8N/eH2fNIjSmys4uBxrLlnlsA3nuC4kvk/6rAq7ndp27eyQH/rx7iorMvyMtfRcKTOSCQNlaHu2WLtH6rxcUg8c+zYhlPR1OkM6I7tWrrw/48Bj7USjdXyNXM18qX05/EetkZdM6vHDWWPYTfVEnoP3K8zjgWXwoX/3amNgvX2wQYS8eSGxdLA5hCvKi1ytl3aEr+QjYn3X+qkqtdk6cvMnx6nyotMWpoJdnaRQqarB3gh0kHWCRjs0ALsWyvn7ShUXYOT3fflX1lXiEjpQp5TbvR+EpB4gicpa60j9s13u43znMqYqnlnGvTGoBXbkz6ZE6EcKXyPq9RuNWyK6X/j3kvAyiemoBkJg4rEURnG2bq9oMMvlZtbp1wkSIAwOPJjuAxOyn7LaQTEaBc,iv:u4AOkMRsT7laSfdYxXSa6LxCmDN2cA1ZBGZMRW/k9A0=,tag:s3r5cNHz02cpXdUrSL1jeQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR
b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm
NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t
YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9
qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2
ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx
NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5
VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct
5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-25T18:20:06Z"
mac: ENC[AES256_GCM,data:/pRqY9QwAewkXbfuca3dJd6Jnd4EUujbUmgbSaBimx9T6tv1RcO/IJHJg7JhOOAJIHnsEmGL+rrsA4v9DDPOtTMmvAjQ6vYIU5fKT4ig9aNzv23p+QZmEq7mjS2q9AKstRi/ZAbzh0U1uM+nl0C3FS827TQ0XoD9P/wI+GwClGw=,iv:+cjt0HFhh/VGAjQd6RuUugc6KiGV+pmlh+dx8MK8ziY=,tag:/1Bqn7knxE36jKwpdR2cYg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

4
system/modules/default.nix
View File

@@ -10,7 +10,7 @@
"${systemModules}/hardware/graphics/amd" "${systemModules}/hardware/graphics/amd"
"${systemModules}/hardware/graphics/nvidia" "${systemModules}/hardware/graphics/nvidia"
"${systemModules}/hardware/logitech" "${systemModules}/hardware/logitech"
"${systemModules}/network" "${systemModules}/hardware/network"
"${systemModules}/studio/blender" "${systemModules}/studio/blender"
"${systemModules}/studio/gimp" "${systemModules}/studio/gimp"
"${systemModules}/studio/inkscape" "${systemModules}/studio/inkscape"
@@ -25,12 +25,12 @@
"${systemModules}/sysd/pipewire" "${systemModules}/sysd/pipewire"
"${systemModules}/sysd/powerd" "${systemModules}/sysd/powerd"
"${systemModules}/sysd/samba" "${systemModules}/sysd/samba"
"${systemModules}/sysd/sops"
"${systemModules}/sysd/ssh" "${systemModules}/sysd/ssh"
"${systemModules}/sysd/udisks" "${systemModules}/sysd/udisks"
"${systemModules}/sysd/xserver/amd" "${systemModules}/sysd/xserver/amd"
"${systemModules}/sysd/xserver/amd/hhkbse" "${systemModules}/sysd/xserver/amd/hhkbse"
"${systemModules}/sysd/xserver/nvidia" "${systemModules}/sysd/xserver/nvidia"
"${systemModules}/utils/agenix"
"${systemModules}/utils/android" "${systemModules}/utils/android"
"${systemModules}/utils/anyrun" "${systemModules}/utils/anyrun"
"${systemModules}/utils/corectrl" "${systemModules}/utils/corectrl"

4
system/modules/gaming/gamemode/default.nix
View File

@@ -15,7 +15,7 @@ in {
options = { options = {
modules.gaming.gamemode = { modules.gaming.gamemode = {
enable = mkEnableOption "Enables gamemode"; enable = mkEnableOption "Enables gamemode";
optimizeGpu = mkOption { optimizeGpu.enable = mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = "Whether to apply GPU optimizations."; description = "Whether to apply GPU optimizations.";
@@ -31,7 +31,7 @@ in {
softrealtime = "auto"; softrealtime = "auto";
renice = 15; renice = 15;
}; };
gpu = mkIf cfg.optimizeGpu { gpu = mkIf cfg.optimizeGpu.enable {
apply_gpu_optimisations = "accept-responsibility"; apply_gpu_optimisations = "accept-responsibility";
gpu_device = 0; gpu_device = 0;
amd_performance_level = "high"; amd_performance_level = "high";

50
system/modules/hardware/network/default.nix Normal file
View File

@@ -0,0 +1,50 @@
{
config,
lib,
...
}: let
inherit (lib) mkIf mkEnableOption mkOption types;
cfg = config.modules.hardware.network;
in {
options = {
modules = {
hardware = {
network = {
enable = mkEnableOption "Enable the custom networking module";
hostName = mkOption {
type = types.str;
default = "default-hostname";
description = "Hostname for the system.";
};
interfaces = mkOption {
type = types.attrsOf (types.submodule {
options = {
allowedTCPPorts = mkOption {
type = types.listOf types.int;
default = [];
description = "List of allowed TCP ports for this interface.";
};
};
});
default = {};
description = "Network interface configurations.";
};
};
};
};
};
config = mkIf cfg.enable {
networking = {
networkmanager.enable = true;
inherit (cfg) hostName;
nftables.enable = true;
firewall = {
enable = true;
inherit (cfg) interfaces;
};
};
};
}

48
system/modules/network/default.nix
View File

@@ -1,48 +0,0 @@
{
config,
lib,
...
}: let
inherit (lib) mkIf mkEnableOption mkOption types;
cfg = config.modules.network;
in {
options = {
modules = {
network = {
enable = mkEnableOption "Enable the custom networking module";
hostName = mkOption {
type = types.str;
default = "default-hostname";
description = "Hostname for the system.";
};
interfaces = mkOption {
type = types.attrsOf (types.submodule {
options = {
allowedTCPPorts = mkOption {
type = types.listOf types.int;
default = [];
description = "List of allowed TCP ports for this interface.";
};
};
});
default = {};
description = "Network interface configurations.";
};
};
};
};
config = mkIf cfg.enable {
networking = {
networkmanager.enable = true;
inherit (cfg) hostName;
nftables.enable = true;
firewall = {
enable = true;
inherit (cfg) interfaces;
};
};
};
}

4
system/modules/studio/blender/default.nix
View File

@@ -10,7 +10,7 @@ in {
options = { options = {
modules.studio.blender = { modules.studio.blender = {
enable = mkEnableOption "Enables Blender"; enable = mkEnableOption "Enables Blender";
hip = mkOption { hip.enable = mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = "Use the HIP-enabled version of Blender (for AMD GPUs)."; description = "Use the HIP-enabled version of Blender (for AMD GPUs).";
@@ -20,7 +20,7 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [ environment.systemPackages = [
( (
if cfg.hip if cfg.hip.enable
then pkgs.blender-hip then pkgs.blender-hip
else pkgs.blender else pkgs.blender
) )

76
system/modules/sysd/sops/default.nix
View File

@@ -1,76 +0,0 @@
{
config,
lib,
pkgs,
self,
...
}: let
inherit (lib) mkIf mkEnableOption mkOption;
cfg = config.modules.sysd.sops;
in {
options = {
modules.sysd.sops = {
enable = mkEnableOption "Enables sops system environment";
cnix.enable = mkOption {
type = lib.types.bool;
default = false;
description = "Apply cnix sops settings";
};
toothpc.enable = mkOption {
type = lib.types.bool;
default = false;
description = "Apply toothpc sops settings";
};
adampad.enable = mkOption {
type = lib.types.bool;
default = false;
description = "Apply adampad sops settings";
};
};
};
config = mkIf cfg.enable {
sops = lib.mkMerge [
{
age = {sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];};
gnupg = {
home = "~/.gnupg";
sshKeyPaths = [];
};
}
(mkIf cfg.cnix.enable {
secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/cnix-secrets.yaml";
};
ssh_host = {
format = "yaml";
sopsFile = "${self}/secrets/cnix-secrets.yaml";
};
};
})
(mkIf cfg.toothpc.enable {
secrets = {
ssh_host = {
format = "yaml";
# sopsFile = "${self}/secrets/toothpc-secrets.yaml";
};
};
})
(mkIf cfg.adampad.enable {
secrets = {
ssh_host = {
format = "yaml";
sopsFile = "${self}/secrets/adampad-secrets.yaml";
};
};
})
];
environment.systemPackages = [
pkgs.sops
pkgs.age
];
};
}

58
system/modules/utils/agenix/default.nix Normal file
View File

@@ -0,0 +1,58 @@
{
config,
lib,
inputs,
pkgs,
self,
...
}: let
inherit (lib) mkIf mkEnableOption mkOption mkMerge;
cfg = config.modules.utils.agenix;
in {
options = {
modules.utils.agenix = {
enable = mkEnableOption "Enables agenix system environment";
cnix.enable = mkOption {
type = lib.types.bool;
default = false;
description = "Apply cnix agenix settings";
};
toothpc.enable = mkOption {
type = lib.types.bool;
default = false;
description = "Apply toothpc agenix settings";
};
adampad.enable = mkOption {
type = lib.types.bool;
default = false;
description = "Apply adampad agenix settings";
};
};
};
config = mkIf cfg.enable {
age = mkMerge [
(mkIf cfg.cnix.enable {
secrets = {
cnstssh.file = "${self}/secrets/cnstssh.age";
cnixssh.file = "${self}/secrets/cnixssh.age";
};
})
(mkIf cfg.toothpc.enable {
secrets = {
# Add toothpc specific secrets here
};
})
(mkIf cfg.adampad.enable {
secrets = {
# Add adampad specific secrets here
};
})
];
environment.systemPackages = [
inputs.agenix.packages.x86_64-linux.default
pkgs.age
];
};
}

10
system/modules/utils/misc/default.nix
View File

@@ -11,11 +11,11 @@ in {
modules.utils.misc.enable = mkEnableOption "Enables miscellaneous pacakges"; modules.utils.misc.enable = mkEnableOption "Enables miscellaneous pacakges";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = [
nodejs_22 pkgs.nodejs_22
ripgrep pkgs.ripgrep
fd pkgs.fd
beekeeper-studio pkgs.beekeeper-studio
]; ];
}; };
} }