diff --git a/flake.lock b/flake.lock index 71a9b094..8f69ebeb 100644 --- a/flake.lock +++ b/flake.lock @@ -1,11 +1,32 @@ { "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "systems": "systems" + }, + "locked": { + "lastModified": 1723293904, + "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", + "owner": "ryantm", + "repo": "agenix", + "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, "ags": { "inputs": { "nixpkgs": [ "nixpkgs" ], - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1721306136, @@ -24,8 +45,8 @@ "anyrun": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs", - "systems": "systems_2" + "nixpkgs": "nixpkgs_2", + "systems": "systems_3" }, "locked": { "lastModified": 1721135360, @@ -95,10 +116,10 @@ "compare-to": "compare-to", "fenix": "fenix", "flake-schemas": "flake-schemas", - "home-manager": "home-manager", + "home-manager": "home-manager_2", "jovian": "jovian", - "nixpkgs": "nixpkgs_2", - "systems": "systems_3", + "nixpkgs": "nixpkgs_3", + "systems": "systems_4", "yafas": "yafas" }, "locked": { @@ -149,6 +170,28 @@ "type": "github" } }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "devshell": { "inputs": { "nixpkgs": [ @@ -434,7 +477,7 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_4" + "systems": "systems_5" }, "locked": { "lastModified": 1710146030, @@ -472,7 +515,7 @@ }, "flake-utils_4": { "inputs": { - "systems": "systems_6" + "systems": "systems_7" }, "locked": { "lastModified": 1710146030, @@ -623,6 +666,27 @@ } }, "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { "inputs": { "nixpkgs": [ "chaotic", @@ -643,7 +707,7 @@ "type": "github" } }, - "home-manager_2": { + "home-manager_3": { "inputs": { "nixpkgs": [ "nixvim", @@ -700,8 +764,8 @@ "hyprlang": "hyprlang", "hyprutils": "hyprutils", "hyprwayland-scanner": "hyprwayland-scanner", - "nixpkgs": "nixpkgs_3", - "systems": "systems_5", + "nixpkgs": "nixpkgs_4", + "systems": "systems_6", "xdph": "xdph" }, "locked": { @@ -907,7 +971,7 @@ "crane": "crane", "flake-compat": "flake-compat_3", "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "pre-commit-hooks-nix": "pre-commit-hooks-nix", "rust-overlay": "rust-overlay" }, @@ -946,7 +1010,7 @@ }, "microfetch": { "inputs": { - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1723918449, @@ -1072,11 +1136,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1717196966, - "narHash": "sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0=", + "lastModified": 1703013332, + "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "57610d2f8f0937f39dbd72251e9614b1561942d8", + "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", "type": "github" }, "original": { @@ -1150,6 +1214,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1717196966, + "narHash": "sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "57610d2f8f0937f39dbd72251e9614b1561942d8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1724479785, "narHash": "sha256-pP3Azj5d6M5nmG68Fu4JqZmdGt4S4vqI5f8te+E/FTw=", @@ -1165,7 +1245,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1724224976, "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=", @@ -1181,7 +1261,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1722264024, "narHash": "sha256-gomyYQrlOltr2/prDRikRDQoPz+J5Qq6SEJrqVC5x2c=", @@ -1197,7 +1277,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1722719969, "narHash": "sha256-E47qbT/mRtBCSZra+9S9208sp/QnNeOAq7EhHX+eMNE=", @@ -1212,7 +1292,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1724819573, "narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=", @@ -1228,7 +1308,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1724819573, "narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=", @@ -1250,9 +1330,9 @@ "flake-compat": "flake-compat_4", "flake-parts": "flake-parts_4", "git-hooks": "git-hooks", - "home-manager": "home-manager_2", + "home-manager": "home-manager_3", "nix-darwin": "nix-darwin", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "nuschtosSearch": "nuschtosSearch", "treefmt-nix": "treefmt-nix" }, @@ -1321,6 +1401,7 @@ }, "root": { "inputs": { + "agenix": "agenix", "ags": "ags", "anyrun": "anyrun", "chaotic": "chaotic", @@ -1339,11 +1420,11 @@ "microfetch": "microfetch", "nix-gaming": "nix-gaming", "nixpak": "nixpak", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "nixpkgs-small": "nixpkgs-small", "nixvim": "nixvim", "sops-nix": "sops-nix", - "systems": "systems_7" + "systems": "systems_8" } }, "rust-analyzer-src": { @@ -1424,16 +1505,16 @@ }, "systems": { "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "type": "github" }, "original": { "owner": "nix-systems", - "repo": "default-linux", + "repo": "default", "type": "github" } }, @@ -1468,6 +1549,21 @@ } }, "systems_4": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "systems_5": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -1482,7 +1578,7 @@ "type": "github" } }, - "systems_5": { + "systems_6": { "locked": { "lastModified": 1689347949, "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", @@ -1497,7 +1593,7 @@ "type": "github" } }, - "systems_6": { + "systems_7": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -1512,7 +1608,7 @@ "type": "github" } }, - "systems_7": { + "systems_8": { "locked": { "lastModified": 1689347949, "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", diff --git a/flake.nix b/flake.nix index a82d03fe..5975ab3d 100644 --- a/flake.nix +++ b/flake.nix @@ -89,10 +89,7 @@ }; anyrun.url = "github:anyrun-org/anyrun"; microfetch.url = "github:NotAShelf/microfetch"; - sops-nix = { - url = "github:Mic92/sops-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + agenix.url = "github:ryantm/agenix"; ags = { url = "github:Aylur/ags"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/home/modules/default.nix b/home/modules/default.nix index 50e047a5..12d25036 100644 --- a/home/modules/default.nix +++ b/home/modules/default.nix @@ -13,7 +13,6 @@ "${userModules}/terminal/zellij" "${userModules}/userd/copyq" "${userModules}/userd/mako" - "${userModules}/userd/sops" "${userModules}/userd/udiskie" "${userModules}/utils/ags" "${userModules}/utils/anyrun" diff --git a/home/modules/userd/sops/default.nix b/home/modules/userd/sops/default.nix deleted file mode 100644 index ef2aeb06..00000000 --- a/home/modules/userd/sops/default.nix +++ /dev/null @@ -1,77 +0,0 @@ -{ - inputs, - self, - lib, - config, - ... -}: let - inherit (lib) mkIf mkEnableOption mkOption; - cfg = config.modules.userd.sops; -in { - imports = [ - inputs.sops-nix.homeManagerModules.sops - ]; - - options = { - modules.userd.sops = { - enable = mkEnableOption "Enables sops home environment"; - cnst.enable = mkOption { - type = lib.types.bool; - default = false; - description = "Apply cnst sops settings"; - }; - toothpick.enable = mkOption { - type = lib.types.bool; - default = false; - description = "Apply toothpick sops settings"; - }; - adam.enable = mkOption { - type = lib.types.bool; - default = false; - description = "Apply adam sops settings"; - }; - }; - }; - - config = mkIf cfg.enable { - sops = lib.mkMerge [ - { - gnupg = { - home = "~/.gnupg"; - sshKeyPaths = []; - }; - } - (mkIf cfg.cnst.enable { - age = {sshKeyPaths = ["/home/cnst/.ssh/id_ed25519"];}; - secrets = { - openai_api_key = { - format = "yaml"; - sopsFile = "${self}/secrets/cnst-secrets.yaml"; - }; - ssh_user = { - format = "yaml"; - sopsFile = "${self}/secrets/cnst-secrets.yaml"; - }; - }; - }) - (mkIf cfg.toothpick.enable { - age = {sshKeyPaths = ["/home/toothpick/.ssh/id_ed25519"];}; - secrets = { - ssh_user = { - format = "yaml"; - # sopsFile = "${self}/secrets/toothpick-secrets.yaml"; - }; - }; - }) - (mkIf cfg.adam.enable { - age = {sshKeyPaths = ["/home/adam/.ssh/id_ed25519"];}; - secrets = { - ssh_user = { - format = "yaml"; - sopsFile = "${self}/secrets/adam-secrets.yaml"; - }; - }; - }) - ]; - }; -} diff --git a/home/users/cnst/modules.nix b/home/users/cnst/modules.nix index 9a3e80e8..7793eb52 100644 --- a/home/users/cnst/modules.nix +++ b/home/users/cnst/modules.nix @@ -1,76 +1,160 @@ { modules = { browsers = { - firefox.enable = true; - chromium.enable = false; + firefox = { + enable = true; + }; + chromium = { + enable = false; + }; }; comm = { - discord.enable = true; + discord = { + enable = true; + }; }; devtools = { nixvim = { enable = true; plugins = { - barbar.enable = true; - comment.enable = true; - conform-nvim.enable = true; - copilot.enable = true; - efm.enable = true; - floaterm.enable = false; - harpoon.enable = false; - lsp.enable = true; - lualine.enable = true; - markdown-preview.enable = true; - neo-tree.enable = true; - none-ls.enable = true; - rustaceanvim.enable = true; - startify.enable = true; - tagbar.enable = false; - telescope.enable = true; - treesitter.enable = true; - vimtex.enable = false; - yanky.enable = false; + barbar = { + enable = true; + }; + comment = { + enable = true; + }; + conform-nvim = { + enable = true; + }; + copilot = { + enable = true; + }; + efm = { + enable = true; + }; + floaterm = { + enable = false; + }; + harpoon = { + enable = false; + }; + lsp = { + enable = true; + }; + lualine = { + enable = true; + }; + markdown-preview = { + enable = true; + }; + neo-tree = { + enable = true; + }; + none-ls = { + enable = true; + }; + rustaceanvim = { + enable = true; + }; + startify = { + enable = true; + }; + tagbar = { + enable = false; + }; + telescope = { + enable = true; + }; + treesitter = { + enable = true; + }; + vimtex = { + enable = false; + }; + yanky = { + enable = false; + }; }; }; - vscode.enable = false; + vscode = { + enable = false; + }; }; gaming = { - lutris.enable = false; - mangohud.enable = false; + lutris = { + enable = false; + }; + mangohud = { + enable = false; + }; }; terminal = { - alacritty.enable = true; - foot.enable = true; - kitty.enable = true; - zellij.enable = false; + alacritty = { + enable = true; + }; + foot = { + enable = true; + }; + kitty = { + enable = true; + }; + zellij = { + enable = false; + }; }; userd = { - sops = { - enable = false; - cnst.enable = false; + copyq = { + enable = true; + }; + mako = { + enable = true; + }; + udiskie = { + enable = true; }; - copyq.enable = true; - mako.enable = true; - udiskie.enable = true; }; utils = { - ags.enable = false; - anyrun.enable = false; - rofi.enable = false; - waybar.enable = true; - yazi.enable = true; - misc.enable = true; + ags = { + enable = false; + }; + anyrun = { + enable = false; + }; + rofi = { + enable = false; + }; + waybar = { + enable = true; + }; + yazi = { + enable = true; + }; + misc = { + enable = true; + }; }; wm = { hyprland = { - cnst.enable = true; - toothpick.enable = false; - adam.enable = false; + cnst = { + enable = true; + }; + toothpick = { + enable = false; + }; + adam = { + enable = false; + }; }; utils = { - hypridle.enable = true; - hyprlock.enable = true; - hyprpaper.enable = true; + hypridle = { + enable = true; + }; + hyprlock = { + enable = true; + }; + hyprpaper = { + enable = true; + }; }; }; }; diff --git a/hosts/cnix/modules.nix b/hosts/cnix/modules.nix index b5855673..a37a0e10 100644 --- a/hosts/cnix/modules.nix +++ b/hosts/cnix/modules.nix @@ -1,71 +1,145 @@ { modules = { gaming = { - steam.enable = true; - gamescope.enable = true; - lutris.enable = true; + steam = { + enable = true; + }; + gamescope = { + enable = true; + }; + lutris = { + enable = true; + }; gamemode = { enable = true; - optimizeGpu = true; + optimizeGpu = { + enable = true; + }; }; }; gui = { - gnome.enable = false; - hyprland.enable = true; - }; - hardware = { - bluetooth.enable = true; - logitech.enable = true; - graphics = { - amd.enable = true; - nvidia.enable = false; + gnome = { + enable = false; + }; + hyprland = { + enable = true; }; }; - network = { - enable = true; - hostName = "cnix"; - interfaces = { - "enp7s0" = { - allowedTCPPorts = [22 80 443]; + hardware = { + bluetooth = { + enable = true; + }; + logitech = { + enable = true; + }; + graphics = { + amd = { + enable = true; + }; + nvidia = { + enable = false; + }; + }; + network = { + enable = true; + hostName = "cnix"; + interfaces = { + "enp7s0" = { + allowedTCPPorts = [22 80 443]; + }; }; }; }; studio = { blender = { enable = false; - hip = false; + hip = { + enable = false; + }; + }; + gimp = { + enable = true; + }; + inkscape = { + enable = true; }; - gimp.enable = true; - inkscape.enable = true; }; sysd = { - blueman.enable = true; - dbus.enable = true; - fwupd.enable = true; - gnome-keyring.enable = true; - greetd.enable = true; - gvfs.enable = true; - locate.enable = true; - mullvad.enable = true; - pipewire.enable = true; - powerd.enable = true; - samba.enable = false; - sops = { - enable = false; - cnix.enable = false; + blueman = { + enable = true; + }; + dbus = { + enable = true; + }; + fwupd = { + enable = true; + }; + gnome-keyring = { + enable = true; + }; + greetd = { + enable = true; + }; + gvfs = { + enable = true; + }; + locate = { + enable = true; + }; + mullvad = { + enable = true; + }; + pipewire = { + enable = true; + }; + powerd = { + enable = true; + }; + samba = { + enable = false; + }; + ssh = { + enable = true; + }; + udisks = { + enable = true; + }; + xserver = { + amd = { + hhkbse = { + enable = true; + }; + }; }; - ssh.enable = true; - udisks.enable = true; - xserver.amd.hhkbse.enable = true; }; utils = { - android.enable = true; - anyrun.enable = true; - corectrl.enable = true; - microfetch.enable = true; - nix-ld.enable = false; - misc.enable = true; - npm.enable = true; + agenix = { + enable = true; + cnix = { + enable = true; + }; + }; + android = { + enable = true; + }; + anyrun = { + enable = true; + }; + corectrl = { + enable = true; + }; + microfetch = { + enable = true; + }; + nix-ld = { + enable = false; + }; + misc = { + enable = true; + }; + npm = { + enable = true; + }; }; }; } diff --git a/hosts/default.nix b/hosts/default.nix index 73feda74..49af9ac8 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -1,89 +1,88 @@ # Yanked from fufexan! -{ inputs -, homeImports -, self -, ... +{ + inputs, + homeImports, + self, + ... }: { - flake.nixosConfigurations = - let - # custom paths - userConfig = "${self}/home"; - systemConfig = "${self}/system"; - hostConfig = "${self}/hosts"; + flake.nixosConfigurations = let + # custom paths + userConfig = "${self}/home"; + systemConfig = "${self}/system"; + hostConfig = "${self}/hosts"; - cnstConfig = "${self}/home/users/cnst"; - toothpickConfig = "${self}/home/users/toothpick"; - adamConfig = "${self}/home/users/adam"; + cnstConfig = "${self}/home/users/cnst"; + toothpickConfig = "${self}/home/users/toothpick"; + adamConfig = "${self}/home/users/adam"; - userModules = "${self}/home/modules"; - systemModules = "${self}/system/modules"; + userModules = "${self}/home/modules"; + systemModules = "${self}/system/modules"; - # shorten paths - inherit (inputs.nixpkgs.lib) nixosSystem; - mod = "${systemConfig}"; + # shorten paths + inherit (inputs.nixpkgs.lib) nixosSystem; + mod = "${systemConfig}"; - # get the basic config to build on top of - inherit (import "${systemConfig}") shared; + # get the basic config to build on top of + inherit (import "${systemConfig}") shared; - # get these into the module system - specialArgs = { inherit inputs self userConfig systemConfig hostConfig cnstConfig toothpickConfig adamConfig userModules systemModules; }; - in - { - cnix = nixosSystem { - inherit specialArgs; - modules = - shared - ++ [ - ./cnix - "${mod}/boot/lanzaboote" - "${mod}/nix/nh/cnix" - { - home-manager = { - users.cnst.imports = homeImports."cnst@cnix"; - extraSpecialArgs = specialArgs; - }; - } - inputs.chaotic.nixosModules.default - inputs.sops-nix.nixosModules.sops - (import "${mod}/dev") - ]; - }; - toothpc = nixosSystem { - inherit specialArgs; - modules = - shared - ++ [ - ./toothpc - "${mod}/boot/lanzaboote" - "${mod}/nix/nh/toothpc" - { - home-manager = { - users.toothpick.imports = homeImports."toothpick@toothpc"; - extraSpecialArgs = specialArgs; - }; - } - inputs.chaotic.nixosModules.default - inputs.sops-nix.nixosModules.sops - (import "${mod}/dev") - ]; - }; - adampad = nixosSystem { - inherit specialArgs; - modules = - shared - ++ [ - ./adampad - "${mod}/boot" - "${mod}/nix/nh/adampad" - { - home-manager = { - users.adam.imports = homeImports."adam@adampad"; - extraSpecialArgs = specialArgs; - }; - } - inputs.chaotic.nixosModules.default - inputs.sops-nix.nixosModules.sops - ]; - }; + # get these into the module system + specialArgs = {inherit inputs self userConfig systemConfig hostConfig cnstConfig toothpickConfig adamConfig userModules systemModules;}; + in { + cnix = nixosSystem { + inherit specialArgs; + modules = + shared + ++ [ + ./cnix + "${mod}/boot/lanzaboote" + "${mod}/nix/nh/cnix" + { + home-manager = { + users.cnst.imports = homeImports."cnst@cnix"; + extraSpecialArgs = specialArgs; + }; + } + inputs.chaotic.nixosModules.default + inputs.agenix.nixosModules.default + (import "${mod}/dev") + ]; }; + toothpc = nixosSystem { + inherit specialArgs; + modules = + shared + ++ [ + ./toothpc + "${mod}/boot/lanzaboote" + "${mod}/nix/nh/toothpc" + { + home-manager = { + users.toothpick.imports = homeImports."toothpick@toothpc"; + extraSpecialArgs = specialArgs; + }; + } + inputs.chaotic.nixosModules.default + inputs.agenix.nixosModules.default + (import "${mod}/dev") + ]; + }; + adampad = nixosSystem { + inherit specialArgs; + modules = + shared + ++ [ + ./adampad + "${mod}/boot" + "${mod}/nix/nh/adampad" + { + home-manager = { + users.adam.imports = homeImports."adam@adampad"; + extraSpecialArgs = specialArgs; + }; + } + inputs.chaotic.nixosModules.default + inputs.agenix.nixosModules.default + ]; + }; + }; } diff --git a/secrets/adam-secrets.yaml b/secrets/adam-secrets.yaml deleted file mode 100644 index 097f0c99..00000000 --- a/secrets/adam-secrets.yaml +++ /dev/null @@ -1,31 +0,0 @@ -openai_api_key: ENC[AES256_GCM,data:91O7UcISvIJ6fzZxxj6y/6T7KT04tu4dIsWfVgdqt9/JzplA734lTIixRNmYSxmhgVNCyX2pJn0WO1yH7uEsSj2CHyJxVGAL6h+7zqYFo/UxbXAWy9u1hSfAS0BL6WEXrlVzqdt9JGz0lBTK4qFyuXnnSzhPVG2qQGhenmEq1+UkqdY9,iv:rfyekHDh8UUvbcXgPsfsKA6AjO2z5XSGpeHpwpiuSXw=,tag:dHZhfWoO/e4ZUfSAEOxq0A==,type:str] -ssh_user: ENC[AES256_GCM,data:u6YjlfDAX1zEO5Zd6SYn3C3q/H8knUwMT8Xv4d0YbYnVrainntukSKwO5jwUMay+BfgkWfRBil0/mqxBZjS1E+we3iDxYHTLLWXjQ2QJTzrVJHpu1MFcvYPfjQsocS96i6V8N/eH2fNIjSmys4uBxrLlnlsA3nuC4kvk/6rAq7ndp27eyQH/rx7iorMvyMtfRcKTOSCQNlaHu2WLtH6rxcUg8c+zYhlPR1OkM6I7tWrrw/48Bj7USjdXyNXM18qX05/EetkZdM6vHDWWPYTfVEnoP3K8zjgWXwoX/3amNgvX2wQYS8eSGxdLA5hCvKi1ytl3aEr+QjYn3X+qkqtdk6cvMnx6nyotMWpoJdnaRQqarB3gh0kHWCRjs0ALsWyvn7ShUXYOT3fflX1lXiEjpQp5TbvR+EpB4gicpa60j9s13u43znMqYqnlnGvTGoBXbkz6ZE6EcKXyPq9RuNWyK6X/j3kvAyiemoBkJg4rEURnG2bq9oMMvlZtbp1wkSIAwOPJjuAxOyn7LaQTEaBc,iv:u4AOkMRsT7laSfdYxXSa6LxCmDN2cA1ZBGZMRW/k9A0=,tag:s3r5cNHz02cpXdUrSL1jeQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR - b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm - NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t - YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9 - qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g== - -----END AGE ENCRYPTED FILE----- - - recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2 - ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx - NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5 - VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct - 5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-08T16:21:45Z" - mac: ENC[AES256_GCM,data:HZIfU0PQvr/572g+LhdYWmyO5SBUy0xzK5UcwM1PdKt9xYrcy6vC9Sk9VePR2p9f1rZFdw6B5Y2V/O3DG/L5Ct3xV0jHITgOLWjAFyITAxWV8X7FA8SRW4eusv3wuzFT8fTEXvXf8Y4wGozVrWJJIPMwIHOBzBGhM53YkMYEiXQ=,iv:6kkhKvPCewdSadQNd//hDOH0mY66XGkQSZ0KRgz24j8=,tag:Xpu6cTmi1Kvz5FimULzP7A==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.0 diff --git a/secrets/adampad-secrets.yaml b/secrets/adampad-secrets.yaml deleted file mode 100644 index 6f1b56e2..00000000 --- a/secrets/adampad-secrets.yaml +++ /dev/null @@ -1,31 +0,0 @@ -openai_api_key: ENC[AES256_GCM,data:91O7UcISvIJ6fzZxxj6y/6T7KT04tu4dIsWfVgdqt9/JzplA734lTIixRNmYSxmhgVNCyX2pJn0WO1yH7uEsSj2CHyJxVGAL6h+7zqYFo/UxbXAWy9u1hSfAS0BL6WEXrlVzqdt9JGz0lBTK4qFyuXnnSzhPVG2qQGhenmEq1+UkqdY9,iv:rfyekHDh8UUvbcXgPsfsKA6AjO2z5XSGpeHpwpiuSXw=,tag:dHZhfWoO/e4ZUfSAEOxq0A==,type:str] -ssh_host: ENC[AES256_GCM,data:P2+7Sa7jtbCs67sxBGg03KoEQx91w7ulcMGU0Zlo9IU2mDTqYn4FPL11MjJ0x1yXXmizDPQEdIAdtDTQIuIoM8l3RJf63dx6BqX5KMecT9dEKqP7VtY3ZFQ+vCDVq+VwmRRbZ+uk1B6IxZZ3Do0AQKo9vLWqA/ipZMG/ATvJZmAqs7t3VhKMwc//gCA8/b9bsTyk0BbDrqL8/rfuvY0HT9XvhWGpow8lTOcAzJzbr8FWmQzVQIt/wT3vJK4+guBpZy/beombrVNPYBB2+J/wjidatiIvPJvmgE1UpXn8FzdnXoZTwxgBXWHw05FuenjS448VxYXs7Wx6HRYTk4yjFqnnaNoQ4Y4r1GP5sIgThZT2aTpA3w9v2l7y6U9Ft+cjVURDwk/VvNTCi0WCWdw28C3hYj1jcAs7+M4oqbfLZlEpBC1khCHXyvg7sU5RuEKY59PWRbYIXtFf59Faht7r1mhSWN0A/E45k2ASabaNl28Vfam1xFzoNxGfazchhiL1mQMLyoSjmSZ9vVhtg6te,iv:2Xe6mOFqiEWVql+ZAfztc0OLA1NpG6pYXPXz3+KI2Wg=,tag:auVimKI3E6y8yPt0zTB1JA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR - b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm - NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t - YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9 - qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g== - -----END AGE ENCRYPTED FILE----- - - recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2 - ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx - NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5 - VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct - 5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-08T16:19:05Z" - mac: ENC[AES256_GCM,data:825FfQxusSCBHBWIH3VyAb06C+WAe/El1gUCngTOZe76gjex1yuSnMRoVPdLTIFbBhwpmal1jfyvpkaVaLvEyhj7dfHrDXbL/4Nzt5FFqYXQ+2bqUoP8uu+tMvaMEqJlTZFv/gYkx3RZy256rFqh1VXQuzejqVqX2JqbnUDj8/Q=,iv:/Ivr6tejZaudXZGcSUKDUi8oh6RJTu+84KzygLeP8VA=,tag:1DsD1l7jhKYojQASnevTjQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.0 diff --git a/secrets/cnix-secrets.yaml b/secrets/cnix-secrets.yaml deleted file mode 100644 index 6f1b56e2..00000000 --- a/secrets/cnix-secrets.yaml +++ /dev/null @@ -1,31 +0,0 @@ -openai_api_key: ENC[AES256_GCM,data:91O7UcISvIJ6fzZxxj6y/6T7KT04tu4dIsWfVgdqt9/JzplA734lTIixRNmYSxmhgVNCyX2pJn0WO1yH7uEsSj2CHyJxVGAL6h+7zqYFo/UxbXAWy9u1hSfAS0BL6WEXrlVzqdt9JGz0lBTK4qFyuXnnSzhPVG2qQGhenmEq1+UkqdY9,iv:rfyekHDh8UUvbcXgPsfsKA6AjO2z5XSGpeHpwpiuSXw=,tag:dHZhfWoO/e4ZUfSAEOxq0A==,type:str] -ssh_host: ENC[AES256_GCM,data:P2+7Sa7jtbCs67sxBGg03KoEQx91w7ulcMGU0Zlo9IU2mDTqYn4FPL11MjJ0x1yXXmizDPQEdIAdtDTQIuIoM8l3RJf63dx6BqX5KMecT9dEKqP7VtY3ZFQ+vCDVq+VwmRRbZ+uk1B6IxZZ3Do0AQKo9vLWqA/ipZMG/ATvJZmAqs7t3VhKMwc//gCA8/b9bsTyk0BbDrqL8/rfuvY0HT9XvhWGpow8lTOcAzJzbr8FWmQzVQIt/wT3vJK4+guBpZy/beombrVNPYBB2+J/wjidatiIvPJvmgE1UpXn8FzdnXoZTwxgBXWHw05FuenjS448VxYXs7Wx6HRYTk4yjFqnnaNoQ4Y4r1GP5sIgThZT2aTpA3w9v2l7y6U9Ft+cjVURDwk/VvNTCi0WCWdw28C3hYj1jcAs7+M4oqbfLZlEpBC1khCHXyvg7sU5RuEKY59PWRbYIXtFf59Faht7r1mhSWN0A/E45k2ASabaNl28Vfam1xFzoNxGfazchhiL1mQMLyoSjmSZ9vVhtg6te,iv:2Xe6mOFqiEWVql+ZAfztc0OLA1NpG6pYXPXz3+KI2Wg=,tag:auVimKI3E6y8yPt0zTB1JA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR - b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm - NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t - YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9 - qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g== - -----END AGE ENCRYPTED FILE----- - - recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2 - ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx - NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5 - VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct - 5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-08T16:19:05Z" - mac: ENC[AES256_GCM,data:825FfQxusSCBHBWIH3VyAb06C+WAe/El1gUCngTOZe76gjex1yuSnMRoVPdLTIFbBhwpmal1jfyvpkaVaLvEyhj7dfHrDXbL/4Nzt5FFqYXQ+2bqUoP8uu+tMvaMEqJlTZFv/gYkx3RZy256rFqh1VXQuzejqVqX2JqbnUDj8/Q=,iv:/Ivr6tejZaudXZGcSUKDUi8oh6RJTu+84KzygLeP8VA=,tag:1DsD1l7jhKYojQASnevTjQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.0 diff --git a/secrets/cnixssh.age b/secrets/cnixssh.age new file mode 100644 index 00000000..3a7fe6b3 --- /dev/null +++ b/secrets/cnixssh.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 13OpUQ DWvImM/f2O9NGvbSWDj4Pw1aPUH+uy7aDZ2SZYx/3XI +KvKxaBlO8CGDMBaLJ9DmOmQPz2EG8aJbxz2giwDSiSk +-> ssh-ed25519 /lVW0g abWBZK+wj2ER9WJe+/WCk0Q8cnFEMEWnK/dwJJF+cx8 +t1g/PrGNIqxPdQR5KhdUbHMWPtW7Tohhl1Dy6eASvhE +--- u48Gh9VjkGi56o8tFwkJ++5e4VE82z5ASjO1kgWklH0 +l|GE:d(ytR*p:s7 Q:]|m/.w2Xvpۉo%{~qlA,t9#Wa`WTWTfNGԫ>XU*оWs +D2rhJ_6@_%w\<D`^D2a"h!!0N%(fTx/qJUd) Ⱦⴒ%@F4y2+L̲hQU?h*<5`# [g圱Ԩ鯟zMou Ɔm_y7׳y mpg5 ~z:sM螏-oM&)yizxfaKk \ No newline at end of file diff --git a/secrets/cnst-secrets.yaml b/secrets/cnst-secrets.yaml deleted file mode 100644 index 097f0c99..00000000 --- a/secrets/cnst-secrets.yaml +++ /dev/null @@ -1,31 +0,0 @@ -openai_api_key: ENC[AES256_GCM,data:91O7UcISvIJ6fzZxxj6y/6T7KT04tu4dIsWfVgdqt9/JzplA734lTIixRNmYSxmhgVNCyX2pJn0WO1yH7uEsSj2CHyJxVGAL6h+7zqYFo/UxbXAWy9u1hSfAS0BL6WEXrlVzqdt9JGz0lBTK4qFyuXnnSzhPVG2qQGhenmEq1+UkqdY9,iv:rfyekHDh8UUvbcXgPsfsKA6AjO2z5XSGpeHpwpiuSXw=,tag:dHZhfWoO/e4ZUfSAEOxq0A==,type:str] -ssh_user: ENC[AES256_GCM,data:u6YjlfDAX1zEO5Zd6SYn3C3q/H8knUwMT8Xv4d0YbYnVrainntukSKwO5jwUMay+BfgkWfRBil0/mqxBZjS1E+we3iDxYHTLLWXjQ2QJTzrVJHpu1MFcvYPfjQsocS96i6V8N/eH2fNIjSmys4uBxrLlnlsA3nuC4kvk/6rAq7ndp27eyQH/rx7iorMvyMtfRcKTOSCQNlaHu2WLtH6rxcUg8c+zYhlPR1OkM6I7tWrrw/48Bj7USjdXyNXM18qX05/EetkZdM6vHDWWPYTfVEnoP3K8zjgWXwoX/3amNgvX2wQYS8eSGxdLA5hCvKi1ytl3aEr+QjYn3X+qkqtdk6cvMnx6nyotMWpoJdnaRQqarB3gh0kHWCRjs0ALsWyvn7ShUXYOT3fflX1lXiEjpQp5TbvR+EpB4gicpa60j9s13u43znMqYqnlnGvTGoBXbkz6ZE6EcKXyPq9RuNWyK6X/j3kvAyiemoBkJg4rEURnG2bq9oMMvlZtbp1wkSIAwOPJjuAxOyn7LaQTEaBc,iv:u4AOkMRsT7laSfdYxXSa6LxCmDN2cA1ZBGZMRW/k9A0=,tag:s3r5cNHz02cpXdUrSL1jeQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR - b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm - NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t - YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9 - qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g== - -----END AGE ENCRYPTED FILE----- - - recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2 - ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx - NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5 - VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct - 5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-08T16:21:45Z" - mac: ENC[AES256_GCM,data:HZIfU0PQvr/572g+LhdYWmyO5SBUy0xzK5UcwM1PdKt9xYrcy6vC9Sk9VePR2p9f1rZFdw6B5Y2V/O3DG/L5Ct3xV0jHITgOLWjAFyITAxWV8X7FA8SRW4eusv3wuzFT8fTEXvXf8Y4wGozVrWJJIPMwIHOBzBGhM53YkMYEiXQ=,iv:6kkhKvPCewdSadQNd//hDOH0mY66XGkQSZ0KRgz24j8=,tag:Xpu6cTmi1Kvz5FimULzP7A==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.0 diff --git a/secrets/cnstssh.age b/secrets/cnstssh.age new file mode 100644 index 00000000..7e6b26c1 --- /dev/null +++ b/secrets/cnstssh.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 13OpUQ xWN4MH83JSI9xQiufyWTggMxrslw66KS3eLJoXTf7xM +Cyj7IOEPshLeOe5imPEJuYopjqiLDwzPU00ojj3LbqA +-> ssh-ed25519 /lVW0g hGwxsq1sdra4Oh+7N9Y/Oj6vqgwGv/yBYK0ldN+NTRE +9a1xalRU9I1itk6d82vzXAvVAhxUr0xNb5ZAWhyyUBw +--- tYFRpS/yQAncovlTEtCG/EmvrLd6FWS7g75jjSTYqYo +ēcg1^qiuA jJ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 00000000..6df1c668 --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,8 @@ +let + cnst = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIk/zMuOgZCX+bVCFDHxtoec96RaVfV4iG1Gohp0qHdU cnst@cnix"; + + cnix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFfRlSRg6vV0rRokzzDWnGZgSaUo0SZaURbxxeYXfm6e root@nixos"; +in { + "cnstssh.age".publicKeys = [cnst cnix]; + "cnixssh.age".publicKeys = [cnst cnix]; +} diff --git a/secrets/toothpc-secrets.yamlbak b/secrets/toothpc-secrets.yamlbak deleted file mode 100644 index 4a085a1a..00000000 --- a/secrets/toothpc-secrets.yamlbak +++ /dev/null @@ -1,30 +0,0 @@ -ssh_host: ENC[AES256_GCM,data:j38HDBp0jajrXgz2Wb2C6FmqYlT4L1/bLRDAjfvxLWaO4dQmrzihw8rFZ/LmEzRSJ6RDb+Jvfu8EFR6Fz3tJVpb0BcoWNZFqeVsbOpW8K40QOKed6cK4UdemPQk2gvFbw65ProGtjqeqcUaqgJ2kacM/pAhpELFkPjtJjs39fklXAj5bOb802bdzPuFzDCGtb+cw7DU99R9PARQVMzlY8+KiG0MHeDj71Yx8vhr/t/tngMdEaeiSg2UuiVnCjBJ07EXF8EEA5NNXkGErg2m34iiaa6AuPnrYK15EQdeB/fllt3KXxih1Y9VRswP5Wbson9IdxVCXiXmeryFAbNfRiOD8AYAQrHyvxz5VFL6sN+dOIhnLt9Nc84x5Qw6+S3U0mTAe3YL3nsKO+h39Stn5DQxSRS+1SPp8RfGBh1l/s0HBBR8s1ltME576UfGu+4KNzbPb6J9qwR/YHEr3MDFIoZptlcLAEzvlBNeFGFY58IebTUiw7HqeBAgYOHsH3bRp8rmsEuM5a+537AKhxoFC,iv:gHvgfTBjpQxSGXgwCf6Vrt6eNUJiXmbUvaHk5fMOC7U=,tag:/t+Yi9AC7qgwjzlw+QMhww==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR - b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm - NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t - YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9 - qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g== - -----END AGE ENCRYPTED FILE----- - - recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2 - ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx - NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5 - VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct - 5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-25T18:19:18Z" - mac: ENC[AES256_GCM,data:HMDybe9oiYF2efettIpjssXTNTQTWD9TZsYIVd4OMZwf5f+lZBQHMF0PoUtH6MojBncP5We4DwBrhvlcSaEz1OJHT1t+2UPm6VYjshbuf+Ajst+lI0c7zsk7WiB9K7aPbhQAvnc55144n+EdNx3iiIYmfCu4SCjjNhz33mzlfJM=,iv:yZIqHtnbIHz0AFdQtvJuCb3XnsBGP6eigH39JNM5DiI=,tag:DkfLKJ+pbGPe8AlR6oVqWw==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.0 diff --git a/secrets/toothpick-secrets.yamlbak b/secrets/toothpick-secrets.yamlbak deleted file mode 100644 index abc86173..00000000 --- a/secrets/toothpick-secrets.yamlbak +++ /dev/null @@ -1,30 +0,0 @@ -ssh_user: ENC[AES256_GCM,data:u6YjlfDAX1zEO5Zd6SYn3C3q/H8knUwMT8Xv4d0YbYnVrainntukSKwO5jwUMay+BfgkWfRBil0/mqxBZjS1E+we3iDxYHTLLWXjQ2QJTzrVJHpu1MFcvYPfjQsocS96i6V8N/eH2fNIjSmys4uBxrLlnlsA3nuC4kvk/6rAq7ndp27eyQH/rx7iorMvyMtfRcKTOSCQNlaHu2WLtH6rxcUg8c+zYhlPR1OkM6I7tWrrw/48Bj7USjdXyNXM18qX05/EetkZdM6vHDWWPYTfVEnoP3K8zjgWXwoX/3amNgvX2wQYS8eSGxdLA5hCvKi1ytl3aEr+QjYn3X+qkqtdk6cvMnx6nyotMWpoJdnaRQqarB3gh0kHWCRjs0ALsWyvn7ShUXYOT3fflX1lXiEjpQp5TbvR+EpB4gicpa60j9s13u43znMqYqnlnGvTGoBXbkz6ZE6EcKXyPq9RuNWyK6X/j3kvAyiemoBkJg4rEURnG2bq9oMMvlZtbp1wkSIAwOPJjuAxOyn7LaQTEaBc,iv:u4AOkMRsT7laSfdYxXSa6LxCmDN2cA1ZBGZMRW/k9A0=,tag:s3r5cNHz02cpXdUrSL1jeQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR - b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm - NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t - YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9 - qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g== - -----END AGE ENCRYPTED FILE----- - - recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2 - ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx - NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5 - VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct - 5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-25T18:20:06Z" - mac: ENC[AES256_GCM,data:/pRqY9QwAewkXbfuca3dJd6Jnd4EUujbUmgbSaBimx9T6tv1RcO/IJHJg7JhOOAJIHnsEmGL+rrsA4v9DDPOtTMmvAjQ6vYIU5fKT4ig9aNzv23p+QZmEq7mjS2q9AKstRi/ZAbzh0U1uM+nl0C3FS827TQ0XoD9P/wI+GwClGw=,iv:+cjt0HFhh/VGAjQd6RuUugc6KiGV+pmlh+dx8MK8ziY=,tag:/1Bqn7knxE36jKwpdR2cYg==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.0 diff --git a/system/modules/default.nix b/system/modules/default.nix index 1483c376..dc2a3348 100644 --- a/system/modules/default.nix +++ b/system/modules/default.nix @@ -10,7 +10,7 @@ "${systemModules}/hardware/graphics/amd" "${systemModules}/hardware/graphics/nvidia" "${systemModules}/hardware/logitech" - "${systemModules}/network" + "${systemModules}/hardware/network" "${systemModules}/studio/blender" "${systemModules}/studio/gimp" "${systemModules}/studio/inkscape" @@ -25,12 +25,12 @@ "${systemModules}/sysd/pipewire" "${systemModules}/sysd/powerd" "${systemModules}/sysd/samba" - "${systemModules}/sysd/sops" "${systemModules}/sysd/ssh" "${systemModules}/sysd/udisks" "${systemModules}/sysd/xserver/amd" "${systemModules}/sysd/xserver/amd/hhkbse" "${systemModules}/sysd/xserver/nvidia" + "${systemModules}/utils/agenix" "${systemModules}/utils/android" "${systemModules}/utils/anyrun" "${systemModules}/utils/corectrl" diff --git a/system/modules/gaming/gamemode/default.nix b/system/modules/gaming/gamemode/default.nix index a7828e16..35c4c0c5 100644 --- a/system/modules/gaming/gamemode/default.nix +++ b/system/modules/gaming/gamemode/default.nix @@ -15,7 +15,7 @@ in { options = { modules.gaming.gamemode = { enable = mkEnableOption "Enables gamemode"; - optimizeGpu = mkOption { + optimizeGpu.enable = mkOption { type = lib.types.bool; default = false; description = "Whether to apply GPU optimizations."; @@ -31,7 +31,7 @@ in { softrealtime = "auto"; renice = 15; }; - gpu = mkIf cfg.optimizeGpu { + gpu = mkIf cfg.optimizeGpu.enable { apply_gpu_optimisations = "accept-responsibility"; gpu_device = 0; amd_performance_level = "high"; diff --git a/system/modules/hardware/network/default.nix b/system/modules/hardware/network/default.nix new file mode 100644 index 00000000..80981728 --- /dev/null +++ b/system/modules/hardware/network/default.nix @@ -0,0 +1,50 @@ +{ + config, + lib, + ... +}: let + inherit (lib) mkIf mkEnableOption mkOption types; + cfg = config.modules.hardware.network; +in { + options = { + modules = { + hardware = { + network = { + enable = mkEnableOption "Enable the custom networking module"; + + hostName = mkOption { + type = types.str; + default = "default-hostname"; + description = "Hostname for the system."; + }; + + interfaces = mkOption { + type = types.attrsOf (types.submodule { + options = { + allowedTCPPorts = mkOption { + type = types.listOf types.int; + default = []; + description = "List of allowed TCP ports for this interface."; + }; + }; + }); + default = {}; + description = "Network interface configurations."; + }; + }; + }; + }; + }; + + config = mkIf cfg.enable { + networking = { + networkmanager.enable = true; + inherit (cfg) hostName; + nftables.enable = true; + firewall = { + enable = true; + inherit (cfg) interfaces; + }; + }; + }; +} diff --git a/system/modules/network/default.nix b/system/modules/network/default.nix deleted file mode 100644 index d1d3b896..00000000 --- a/system/modules/network/default.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ - config, - lib, - ... -}: let - inherit (lib) mkIf mkEnableOption mkOption types; - cfg = config.modules.network; -in { - options = { - modules = { - network = { - enable = mkEnableOption "Enable the custom networking module"; - - hostName = mkOption { - type = types.str; - default = "default-hostname"; - description = "Hostname for the system."; - }; - - interfaces = mkOption { - type = types.attrsOf (types.submodule { - options = { - allowedTCPPorts = mkOption { - type = types.listOf types.int; - default = []; - description = "List of allowed TCP ports for this interface."; - }; - }; - }); - default = {}; - description = "Network interface configurations."; - }; - }; - }; - }; - - config = mkIf cfg.enable { - networking = { - networkmanager.enable = true; - inherit (cfg) hostName; - nftables.enable = true; - firewall = { - enable = true; - inherit (cfg) interfaces; - }; - }; - }; -} diff --git a/system/modules/studio/blender/default.nix b/system/modules/studio/blender/default.nix index bbf5ddf7..38a078b4 100644 --- a/system/modules/studio/blender/default.nix +++ b/system/modules/studio/blender/default.nix @@ -10,7 +10,7 @@ in { options = { modules.studio.blender = { enable = mkEnableOption "Enables Blender"; - hip = mkOption { + hip.enable = mkOption { type = lib.types.bool; default = false; description = "Use the HIP-enabled version of Blender (for AMD GPUs)."; @@ -20,7 +20,7 @@ in { config = mkIf cfg.enable { environment.systemPackages = [ ( - if cfg.hip + if cfg.hip.enable then pkgs.blender-hip else pkgs.blender ) diff --git a/system/modules/sysd/sops/default.nix b/system/modules/sysd/sops/default.nix deleted file mode 100644 index 38671c92..00000000 --- a/system/modules/sysd/sops/default.nix +++ /dev/null @@ -1,76 +0,0 @@ -{ - config, - lib, - pkgs, - self, - ... -}: let - inherit (lib) mkIf mkEnableOption mkOption; - cfg = config.modules.sysd.sops; -in { - options = { - modules.sysd.sops = { - enable = mkEnableOption "Enables sops system environment"; - cnix.enable = mkOption { - type = lib.types.bool; - default = false; - description = "Apply cnix sops settings"; - }; - toothpc.enable = mkOption { - type = lib.types.bool; - default = false; - description = "Apply toothpc sops settings"; - }; - adampad.enable = mkOption { - type = lib.types.bool; - default = false; - description = "Apply adampad sops settings"; - }; - }; - }; - - config = mkIf cfg.enable { - sops = lib.mkMerge [ - { - age = {sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];}; - gnupg = { - home = "~/.gnupg"; - sshKeyPaths = []; - }; - } - (mkIf cfg.cnix.enable { - secrets = { - openai_api_key = { - format = "yaml"; - sopsFile = "${self}/secrets/cnix-secrets.yaml"; - }; - ssh_host = { - format = "yaml"; - sopsFile = "${self}/secrets/cnix-secrets.yaml"; - }; - }; - }) - (mkIf cfg.toothpc.enable { - secrets = { - ssh_host = { - format = "yaml"; - # sopsFile = "${self}/secrets/toothpc-secrets.yaml"; - }; - }; - }) - (mkIf cfg.adampad.enable { - secrets = { - ssh_host = { - format = "yaml"; - sopsFile = "${self}/secrets/adampad-secrets.yaml"; - }; - }; - }) - ]; - - environment.systemPackages = [ - pkgs.sops - pkgs.age - ]; - }; -} diff --git a/system/modules/utils/agenix/default.nix b/system/modules/utils/agenix/default.nix new file mode 100644 index 00000000..68e7b422 --- /dev/null +++ b/system/modules/utils/agenix/default.nix @@ -0,0 +1,58 @@ +{ + config, + lib, + inputs, + pkgs, + self, + ... +}: let + inherit (lib) mkIf mkEnableOption mkOption mkMerge; + cfg = config.modules.utils.agenix; +in { + options = { + modules.utils.agenix = { + enable = mkEnableOption "Enables agenix system environment"; + cnix.enable = mkOption { + type = lib.types.bool; + default = false; + description = "Apply cnix agenix settings"; + }; + toothpc.enable = mkOption { + type = lib.types.bool; + default = false; + description = "Apply toothpc agenix settings"; + }; + adampad.enable = mkOption { + type = lib.types.bool; + default = false; + description = "Apply adampad agenix settings"; + }; + }; + }; + + config = mkIf cfg.enable { + age = mkMerge [ + (mkIf cfg.cnix.enable { + secrets = { + cnstssh.file = "${self}/secrets/cnstssh.age"; + cnixssh.file = "${self}/secrets/cnixssh.age"; + }; + }) + (mkIf cfg.toothpc.enable { + secrets = { + # Add toothpc specific secrets here + }; + }) + (mkIf cfg.adampad.enable { + secrets = { + # Add adampad specific secrets here + }; + }) + ]; + + environment.systemPackages = [ + inputs.agenix.packages.x86_64-linux.default + pkgs.age + ]; + }; +} diff --git a/system/modules/utils/misc/default.nix b/system/modules/utils/misc/default.nix index b0ef2d4f..e90d34e4 100644 --- a/system/modules/utils/misc/default.nix +++ b/system/modules/utils/misc/default.nix @@ -11,11 +11,11 @@ in { modules.utils.misc.enable = mkEnableOption "Enables miscellaneous pacakges"; }; config = mkIf cfg.enable { - environment.systemPackages = with pkgs; [ - nodejs_22 - ripgrep - fd - beekeeper-studio + environment.systemPackages = [ + pkgs.nodejs_22 + pkgs.ripgrep + pkgs.fd + pkgs.beekeeper-studio ]; }; }