cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

Merge pull request #42 from cnsta/agenix

Browse Source 
replacing sops with agenix
This commit is contained in:
cnsta
2024-08-30 13:09:44 +02:00
committed by GitHub
parent 6befe2e0fe 963a579d89
commit b721c5cc25
24 changed files with 603 additions and 607 deletions
Download Patch File Download Diff File Expand all files Collapse all files

162
flake.lock generated
View File

@@ -1,11 +1,32 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1723293904,
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
"owner": "ryantm",
"repo": "agenix",
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"ags": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
"systems": "systems_2"
},
"locked": {
"lastModified": 1721306136,
@@ -24,8 +45,8 @@
"anyrun": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs",
"systems": "systems_2"
"nixpkgs": "nixpkgs_2",
"systems": "systems_3"
},
"locked": {
"lastModified": 1721135360,
@@ -95,10 +116,10 @@
"compare-to": "compare-to",
"fenix": "fenix",
"flake-schemas": "flake-schemas",
"home-manager": "home-manager",
"home-manager": "home-manager_2",
"jovian": "jovian",
"nixpkgs": "nixpkgs_2",
"systems": "systems_3",
"nixpkgs": "nixpkgs_3",
"systems": "systems_4",
"yafas": "yafas"
},
"locked": {
@@ -149,6 +170,28 @@
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"devshell": {
"inputs": {
"nixpkgs": [
@@ -434,7 +477,7 @@
},
"flake-utils_2": {
"inputs": {
"systems": "systems_4"
"systems": "systems_5"
},
"locked": {
"lastModified": 1710146030,
@@ -472,7 +515,7 @@
},
"flake-utils_4": {
"inputs": {
"systems": "systems_6"
"systems": "systems_7"
},
"locked": {
"lastModified": 1710146030,
@@ -623,6 +666,27 @@
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"chaotic",
@@ -643,7 +707,7 @@
"type": "github"
}
},
"home-manager_2": {
"home-manager_3": {
"inputs": {
"nixpkgs": [
"nixvim",
@@ -700,8 +764,8 @@
"hyprlang": "hyprlang",
"hyprutils": "hyprutils",
"hyprwayland-scanner": "hyprwayland-scanner",
"nixpkgs": "nixpkgs_3",
"systems": "systems_5",
"nixpkgs": "nixpkgs_4",
"systems": "systems_6",
"xdph": "xdph"
},
"locked": {
@@ -907,7 +971,7 @@
"crane": "crane",
"flake-compat": "flake-compat_3",
"flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_5",
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay"
},
@@ -946,7 +1010,7 @@
},
"microfetch": {
"inputs": {
"nixpkgs": "nixpkgs_5"
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1723918449,
@@ -1072,11 +1136,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1717196966,
"narHash": "sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0=",
"lastModified": 1703013332,
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "57610d2f8f0937f39dbd72251e9614b1561942d8",
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
"type": "github"
},
"original": {
@@ -1150,6 +1214,22 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1717196966,
"narHash": "sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "57610d2f8f0937f39dbd72251e9614b1561942d8",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1724479785,
"narHash": "sha256-pP3Azj5d6M5nmG68Fu4JqZmdGt4S4vqI5f8te+E/FTw=",
@@ -1165,7 +1245,7 @@
"type": "github"
}
},
"nixpkgs_3": {
"nixpkgs_4": {
"locked": {
"lastModified": 1724224976,
"narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=",
@@ -1181,7 +1261,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1722264024,
"narHash": "sha256-gomyYQrlOltr2/prDRikRDQoPz+J5Qq6SEJrqVC5x2c=",
@@ -1197,7 +1277,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1722719969,
"narHash": "sha256-E47qbT/mRtBCSZra+9S9208sp/QnNeOAq7EhHX+eMNE=",
@@ -1212,7 +1292,7 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_7": {
"locked": {
"lastModified": 1724819573,
"narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=",
@@ -1228,7 +1308,7 @@
"type": "github"
}
},
"nixpkgs_7": {
"nixpkgs_8": {
"locked": {
"lastModified": 1724819573,
"narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=",
@@ -1250,9 +1330,9 @@
"flake-compat": "flake-compat_4",
"flake-parts": "flake-parts_4",
"git-hooks": "git-hooks",
"home-manager": "home-manager_2",
"home-manager": "home-manager_3",
"nix-darwin": "nix-darwin",
"nixpkgs": "nixpkgs_7",
"nixpkgs": "nixpkgs_8",
"nuschtosSearch": "nuschtosSearch",
"treefmt-nix": "treefmt-nix"
},
@@ -1321,6 +1401,7 @@
},
"root": {
"inputs": {
"agenix": "agenix",
"ags": "ags",
"anyrun": "anyrun",
"chaotic": "chaotic",
@@ -1339,11 +1420,11 @@
"microfetch": "microfetch",
"nix-gaming": "nix-gaming",
"nixpak": "nixpak",
"nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs_7",
"nixpkgs-small": "nixpkgs-small",
"nixvim": "nixvim",
"sops-nix": "sops-nix",
"systems": "systems_7"
"systems": "systems_8"
}
},
"rust-analyzer-src": {
@@ -1424,16 +1505,16 @@
},
"systems": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"repo": "default",
"type": "github"
}
},
@@ -1468,6 +1549,21 @@
}
},
"systems_4": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -1482,7 +1578,7 @@
"type": "github"
}
},
"systems_5": {
"systems_6": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@@ -1497,7 +1593,7 @@
"type": "github"
}
},
"systems_6": {
"systems_7": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -1512,7 +1608,7 @@
"type": "github"
}
},
"systems_7": {
"systems_8": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",

5
flake.nix
View File

@@ -89,10 +89,7 @@
};
anyrun.url = "github:anyrun-org/anyrun";
microfetch.url = "github:NotAShelf/microfetch";
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix.url = "github:ryantm/agenix";
ags = {
url = "github:Aylur/ags";
inputs.nixpkgs.follows = "nixpkgs";

1
home/modules/default.nix
View File

@@ -13,7 +13,6 @@
"${userModules}/terminal/zellij"
"${userModules}/userd/copyq"
"${userModules}/userd/mako"
"${userModules}/userd/sops"
"${userModules}/userd/udiskie"
"${userModules}/utils/ags"
"${userModules}/utils/anyrun"

77
home/modules/userd/sops/default.nix
View File

@@ -1,77 +0,0 @@
{
inputs,
self,
lib,
config,
...
}: let
inherit (lib) mkIf mkEnableOption mkOption;
cfg = config.modules.userd.sops;
in {
imports = [
inputs.sops-nix.homeManagerModules.sops
];
options = {
modules.userd.sops = {
enable = mkEnableOption "Enables sops home environment";
cnst.enable = mkOption {
type = lib.types.bool;
default = false;
description = "Apply cnst sops settings";
};
toothpick.enable = mkOption {
type = lib.types.bool;
default = false;
description = "Apply toothpick sops settings";
};
adam.enable = mkOption {
type = lib.types.bool;
default = false;
description = "Apply adam sops settings";
};
};
};
config = mkIf cfg.enable {
sops = lib.mkMerge [
{
gnupg = {
home = "~/.gnupg";
sshKeyPaths = [];
};
}
(mkIf cfg.cnst.enable {
age = {sshKeyPaths = ["/home/cnst/.ssh/id_ed25519"];};
secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/cnst-secrets.yaml";
};
ssh_user = {
format = "yaml";
sopsFile = "${self}/secrets/cnst-secrets.yaml";
};
};
})
(mkIf cfg.toothpick.enable {
age = {sshKeyPaths = ["/home/toothpick/.ssh/id_ed25519"];};
secrets = {
ssh_user = {
format = "yaml";
# sopsFile = "${self}/secrets/toothpick-secrets.yaml";
};
};
})
(mkIf cfg.adam.enable {
age = {sshKeyPaths = ["/home/adam/.ssh/id_ed25519"];};
secrets = {
ssh_user = {
format = "yaml";
sopsFile = "${self}/secrets/adam-secrets.yaml";
};
};
})
];
};
}

178
home/users/cnst/modules.nix
View File

@@ -1,76 +1,160 @@
{
modules = {
browsers = {
firefox.enable = true;
chromium.enable = false;
firefox = {
enable = true;
};
chromium = {
enable = false;
};
};
comm = {
discord.enable = true;
discord = {
enable = true;
};
};
devtools = {
nixvim = {
enable = true;
plugins = {
barbar.enable = true;
comment.enable = true;
conform-nvim.enable = true;
copilot.enable = true;
efm.enable = true;
floaterm.enable = false;
harpoon.enable = false;
lsp.enable = true;
lualine.enable = true;
markdown-preview.enable = true;
neo-tree.enable = true;
none-ls.enable = true;
rustaceanvim.enable = true;
startify.enable = true;
tagbar.enable = false;
telescope.enable = true;
treesitter.enable = true;
vimtex.enable = false;
yanky.enable = false;
barbar = {
enable = true;
};
comment = {
enable = true;
};
conform-nvim = {
enable = true;
};
copilot = {
enable = true;
};
efm = {
enable = true;
};
floaterm = {
enable = false;
};
harpoon = {
enable = false;
};
lsp = {
enable = true;
};
lualine = {
enable = true;
};
markdown-preview = {
enable = true;
};
neo-tree = {
enable = true;
};
none-ls = {
enable = true;
};
rustaceanvim = {
enable = true;
};
startify = {
enable = true;
};
tagbar = {
enable = false;
};
telescope = {
enable = true;
};
treesitter = {
enable = true;
};
vimtex = {
enable = false;
};
yanky = {
enable = false;
};
};
};
vscode.enable = false;
vscode = {
enable = false;
};
};
gaming = {
lutris.enable = false;
mangohud.enable = false;
lutris = {
enable = false;
};
mangohud = {
enable = false;
};
};
terminal = {
alacritty.enable = true;
foot.enable = true;
kitty.enable = true;
zellij.enable = false;
alacritty = {
enable = true;
};
foot = {
enable = true;
};
kitty = {
enable = true;
};
zellij = {
enable = false;
};
};
userd = {
sops = {
enable = false;
cnst.enable = false;
copyq = {
enable = true;
};
mako = {
enable = true;
};
udiskie = {
enable = true;
};
copyq.enable = true;
mako.enable = true;
udiskie.enable = true;
};
utils = {
ags.enable = false;
anyrun.enable = false;
rofi.enable = false;
waybar.enable = true;
yazi.enable = true;
misc.enable = true;
ags = {
enable = false;
};
anyrun = {
enable = false;
};
rofi = {
enable = false;
};
waybar = {
enable = true;
};
yazi = {
enable = true;
};
misc = {
enable = true;
};
};
wm = {
hyprland = {
cnst.enable = true;
toothpick.enable = false;
adam.enable = false;
cnst = {
enable = true;
};
toothpick = {
enable = false;
};
adam = {
enable = false;
};
};
utils = {
hypridle.enable = true;
hyprlock.enable = true;
hyprpaper.enable = true;
hypridle = {
enable = true;
};
hyprlock = {
enable = true;
};
hyprpaper = {
enable = true;
};
};
};
};

166
hosts/cnix/modules.nix
View File

@@ -1,71 +1,145 @@
{
modules = {
gaming = {
steam.enable = true;
gamescope.enable = true;
lutris.enable = true;
steam = {
enable = true;
};
gamescope = {
enable = true;
};
lutris = {
enable = true;
};
gamemode = {
enable = true;
optimizeGpu = true;
optimizeGpu = {
enable = true;
};
};
};
gui = {
gnome.enable = false;
hyprland.enable = true;
};
hardware = {
bluetooth.enable = true;
logitech.enable = true;
graphics = {
amd.enable = true;
nvidia.enable = false;
gnome = {
enable = false;
};
hyprland = {
enable = true;
};
};
network = {
enable = true;
hostName = "cnix";
interfaces = {
"enp7s0" = {
allowedTCPPorts = [22 80 443];
hardware = {
bluetooth = {
enable = true;
};
logitech = {
enable = true;
};
graphics = {
amd = {
enable = true;
};
nvidia = {
enable = false;
};
};
network = {
enable = true;
hostName = "cnix";
interfaces = {
"enp7s0" = {
allowedTCPPorts = [22 80 443];
};
};
};
};
studio = {
blender = {
enable = false;
hip = false;
hip = {
enable = false;
};
};
gimp = {
enable = true;
};
inkscape = {
enable = true;
};
gimp.enable = true;
inkscape.enable = true;
};
sysd = {
blueman.enable = true;
dbus.enable = true;
fwupd.enable = true;
gnome-keyring.enable = true;
greetd.enable = true;
gvfs.enable = true;
locate.enable = true;
mullvad.enable = true;
pipewire.enable = true;
powerd.enable = true;
samba.enable = false;
sops = {
enable = false;
cnix.enable = false;
blueman = {
enable = true;
};
dbus = {
enable = true;
};
fwupd = {
enable = true;
};
gnome-keyring = {
enable = true;
};
greetd = {
enable = true;
};
gvfs = {
enable = true;
};
locate = {
enable = true;
};
mullvad = {
enable = true;
};
pipewire = {
enable = true;
};
powerd = {
enable = true;
};
samba = {
enable = false;
};
ssh = {
enable = true;
};
udisks = {
enable = true;
};
xserver = {
amd = {
hhkbse = {
enable = true;
};
};
};
ssh.enable = true;
udisks.enable = true;
xserver.amd.hhkbse.enable = true;
};
utils = {
android.enable = true;
anyrun.enable = true;
corectrl.enable = true;
microfetch.enable = true;
nix-ld.enable = false;
misc.enable = true;
npm.enable = true;
agenix = {
enable = true;
cnix = {
enable = true;
};
};
android = {
enable = true;
};
anyrun = {
enable = true;
};
corectrl = {
enable = true;
};
microfetch = {
enable = true;
};
nix-ld = {
enable = false;
};
misc = {
enable = true;
};
npm = {
enable = true;
};
};
};
}

159
hosts/default.nix
View File

@@ -1,89 +1,88 @@
# Yanked from fufexan!
{ inputs
, homeImports
, self
, ...
{
inputs,
homeImports,
self,
...
}: {
flake.nixosConfigurations =
let
# custom paths
userConfig = "${self}/home";
systemConfig = "${self}/system";
hostConfig = "${self}/hosts";
flake.nixosConfigurations = let
# custom paths
userConfig = "${self}/home";
systemConfig = "${self}/system";
hostConfig = "${self}/hosts";
cnstConfig = "${self}/home/users/cnst";
toothpickConfig = "${self}/home/users/toothpick";
adamConfig = "${self}/home/users/adam";
cnstConfig = "${self}/home/users/cnst";
toothpickConfig = "${self}/home/users/toothpick";
adamConfig = "${self}/home/users/adam";
userModules = "${self}/home/modules";
systemModules = "${self}/system/modules";
userModules = "${self}/home/modules";
systemModules = "${self}/system/modules";
# shorten paths
inherit (inputs.nixpkgs.lib) nixosSystem;
mod = "${systemConfig}";
# shorten paths
inherit (inputs.nixpkgs.lib) nixosSystem;
mod = "${systemConfig}";
# get the basic config to build on top of
inherit (import "${systemConfig}") shared;
# get the basic config to build on top of
inherit (import "${systemConfig}") shared;
# get these into the module system
specialArgs = { inherit inputs self userConfig systemConfig hostConfig cnstConfig toothpickConfig adamConfig userModules systemModules; };
in
{
cnix = nixosSystem {
inherit specialArgs;
modules =
shared
++ [
./cnix
"${mod}/boot/lanzaboote"
"${mod}/nix/nh/cnix"
{
home-manager = {
users.cnst.imports = homeImports."cnst@cnix";
extraSpecialArgs = specialArgs;
};
}
inputs.chaotic.nixosModules.default
inputs.sops-nix.nixosModules.sops
(import "${mod}/dev")
];
};
toothpc = nixosSystem {
inherit specialArgs;
modules =
shared
++ [
./toothpc
"${mod}/boot/lanzaboote"
"${mod}/nix/nh/toothpc"
{
home-manager = {
users.toothpick.imports = homeImports."toothpick@toothpc";
extraSpecialArgs = specialArgs;
};
}
inputs.chaotic.nixosModules.default
inputs.sops-nix.nixosModules.sops
(import "${mod}/dev")
];
};
adampad = nixosSystem {
inherit specialArgs;
modules =
shared
++ [
./adampad
"${mod}/boot"
"${mod}/nix/nh/adampad"
{
home-manager = {
users.adam.imports = homeImports."adam@adampad";
extraSpecialArgs = specialArgs;
};
}
inputs.chaotic.nixosModules.default
inputs.sops-nix.nixosModules.sops
];
};
# get these into the module system
specialArgs = {inherit inputs self userConfig systemConfig hostConfig cnstConfig toothpickConfig adamConfig userModules systemModules;};
in {
cnix = nixosSystem {
inherit specialArgs;
modules =
shared
++ [
./cnix
"${mod}/boot/lanzaboote"
"${mod}/nix/nh/cnix"
{
home-manager = {
users.cnst.imports = homeImports."cnst@cnix";
extraSpecialArgs = specialArgs;
};
}
inputs.chaotic.nixosModules.default
inputs.agenix.nixosModules.default
(import "${mod}/dev")
];
};
toothpc = nixosSystem {
inherit specialArgs;
modules =
shared
++ [
./toothpc
"${mod}/boot/lanzaboote"
"${mod}/nix/nh/toothpc"
{
home-manager = {
users.toothpick.imports = homeImports."toothpick@toothpc";
extraSpecialArgs = specialArgs;
};
}
inputs.chaotic.nixosModules.default
inputs.agenix.nixosModules.default
(import "${mod}/dev")
];
};
adampad = nixosSystem {
inherit specialArgs;
modules =
shared
++ [
./adampad
"${mod}/boot"
"${mod}/nix/nh/adampad"
{
home-manager = {
users.adam.imports = homeImports."adam@adampad";
extraSpecialArgs = specialArgs;
};
}
inputs.chaotic.nixosModules.default
inputs.agenix.nixosModules.default
];
};
};
}

31
secrets/adam-secrets.yaml
View File

@@ -1,31 +0,0 @@
openai_api_key: ENC[AES256_GCM,data:91O7UcISvIJ6fzZxxj6y/6T7KT04tu4dIsWfVgdqt9/JzplA734lTIixRNmYSxmhgVNCyX2pJn0WO1yH7uEsSj2CHyJxVGAL6h+7zqYFo/UxbXAWy9u1hSfAS0BL6WEXrlVzqdt9JGz0lBTK4qFyuXnnSzhPVG2qQGhenmEq1+UkqdY9,iv:rfyekHDh8UUvbcXgPsfsKA6AjO2z5XSGpeHpwpiuSXw=,tag:dHZhfWoO/e4ZUfSAEOxq0A==,type:str]
ssh_user: ENC[AES256_GCM,data:u6YjlfDAX1zEO5Zd6SYn3C3q/H8knUwMT8Xv4d0YbYnVrainntukSKwO5jwUMay+BfgkWfRBil0/mqxBZjS1E+we3iDxYHTLLWXjQ2QJTzrVJHpu1MFcvYPfjQsocS96i6V8N/eH2fNIjSmys4uBxrLlnlsA3nuC4kvk/6rAq7ndp27eyQH/rx7iorMvyMtfRcKTOSCQNlaHu2WLtH6rxcUg8c+zYhlPR1OkM6I7tWrrw/48Bj7USjdXyNXM18qX05/EetkZdM6vHDWWPYTfVEnoP3K8zjgWXwoX/3amNgvX2wQYS8eSGxdLA5hCvKi1ytl3aEr+QjYn3X+qkqtdk6cvMnx6nyotMWpoJdnaRQqarB3gh0kHWCRjs0ALsWyvn7ShUXYOT3fflX1lXiEjpQp5TbvR+EpB4gicpa60j9s13u43znMqYqnlnGvTGoBXbkz6ZE6EcKXyPq9RuNWyK6X/j3kvAyiemoBkJg4rEURnG2bq9oMMvlZtbp1wkSIAwOPJjuAxOyn7LaQTEaBc,iv:u4AOkMRsT7laSfdYxXSa6LxCmDN2cA1ZBGZMRW/k9A0=,tag:s3r5cNHz02cpXdUrSL1jeQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR
b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm
NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t
YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9
qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2
ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx
NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5
VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct
5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-08T16:21:45Z"
mac: ENC[AES256_GCM,data:HZIfU0PQvr/572g+LhdYWmyO5SBUy0xzK5UcwM1PdKt9xYrcy6vC9Sk9VePR2p9f1rZFdw6B5Y2V/O3DG/L5Ct3xV0jHITgOLWjAFyITAxWV8X7FA8SRW4eusv3wuzFT8fTEXvXf8Y4wGozVrWJJIPMwIHOBzBGhM53YkMYEiXQ=,iv:6kkhKvPCewdSadQNd//hDOH0mY66XGkQSZ0KRgz24j8=,tag:Xpu6cTmi1Kvz5FimULzP7A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

31
secrets/adampad-secrets.yaml
View File

@@ -1,31 +0,0 @@
openai_api_key: ENC[AES256_GCM,data:91O7UcISvIJ6fzZxxj6y/6T7KT04tu4dIsWfVgdqt9/JzplA734lTIixRNmYSxmhgVNCyX2pJn0WO1yH7uEsSj2CHyJxVGAL6h+7zqYFo/UxbXAWy9u1hSfAS0BL6WEXrlVzqdt9JGz0lBTK4qFyuXnnSzhPVG2qQGhenmEq1+UkqdY9,iv:rfyekHDh8UUvbcXgPsfsKA6AjO2z5XSGpeHpwpiuSXw=,tag:dHZhfWoO/e4ZUfSAEOxq0A==,type:str]
ssh_host: ENC[AES256_GCM,data:P2+7Sa7jtbCs67sxBGg03KoEQx91w7ulcMGU0Zlo9IU2mDTqYn4FPL11MjJ0x1yXXmizDPQEdIAdtDTQIuIoM8l3RJf63dx6BqX5KMecT9dEKqP7VtY3ZFQ+vCDVq+VwmRRbZ+uk1B6IxZZ3Do0AQKo9vLWqA/ipZMG/ATvJZmAqs7t3VhKMwc//gCA8/b9bsTyk0BbDrqL8/rfuvY0HT9XvhWGpow8lTOcAzJzbr8FWmQzVQIt/wT3vJK4+guBpZy/beombrVNPYBB2+J/wjidatiIvPJvmgE1UpXn8FzdnXoZTwxgBXWHw05FuenjS448VxYXs7Wx6HRYTk4yjFqnnaNoQ4Y4r1GP5sIgThZT2aTpA3w9v2l7y6U9Ft+cjVURDwk/VvNTCi0WCWdw28C3hYj1jcAs7+M4oqbfLZlEpBC1khCHXyvg7sU5RuEKY59PWRbYIXtFf59Faht7r1mhSWN0A/E45k2ASabaNl28Vfam1xFzoNxGfazchhiL1mQMLyoSjmSZ9vVhtg6te,iv:2Xe6mOFqiEWVql+ZAfztc0OLA1NpG6pYXPXz3+KI2Wg=,tag:auVimKI3E6y8yPt0zTB1JA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR
b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm
NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t
YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9
qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2
ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx
NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5
VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct
5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-08T16:19:05Z"
mac: ENC[AES256_GCM,data:825FfQxusSCBHBWIH3VyAb06C+WAe/El1gUCngTOZe76gjex1yuSnMRoVPdLTIFbBhwpmal1jfyvpkaVaLvEyhj7dfHrDXbL/4Nzt5FFqYXQ+2bqUoP8uu+tMvaMEqJlTZFv/gYkx3RZy256rFqh1VXQuzejqVqX2JqbnUDj8/Q=,iv:/Ivr6tejZaudXZGcSUKDUi8oh6RJTu+84KzygLeP8VA=,tag:1DsD1l7jhKYojQASnevTjQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

31
secrets/cnix-secrets.yaml
View File

@@ -1,31 +0,0 @@
openai_api_key: ENC[AES256_GCM,data:91O7UcISvIJ6fzZxxj6y/6T7KT04tu4dIsWfVgdqt9/JzplA734lTIixRNmYSxmhgVNCyX2pJn0WO1yH7uEsSj2CHyJxVGAL6h+7zqYFo/UxbXAWy9u1hSfAS0BL6WEXrlVzqdt9JGz0lBTK4qFyuXnnSzhPVG2qQGhenmEq1+UkqdY9,iv:rfyekHDh8UUvbcXgPsfsKA6AjO2z5XSGpeHpwpiuSXw=,tag:dHZhfWoO/e4ZUfSAEOxq0A==,type:str]
ssh_host: ENC[AES256_GCM,data:P2+7Sa7jtbCs67sxBGg03KoEQx91w7ulcMGU0Zlo9IU2mDTqYn4FPL11MjJ0x1yXXmizDPQEdIAdtDTQIuIoM8l3RJf63dx6BqX5KMecT9dEKqP7VtY3ZFQ+vCDVq+VwmRRbZ+uk1B6IxZZ3Do0AQKo9vLWqA/ipZMG/ATvJZmAqs7t3VhKMwc//gCA8/b9bsTyk0BbDrqL8/rfuvY0HT9XvhWGpow8lTOcAzJzbr8FWmQzVQIt/wT3vJK4+guBpZy/beombrVNPYBB2+J/wjidatiIvPJvmgE1UpXn8FzdnXoZTwxgBXWHw05FuenjS448VxYXs7Wx6HRYTk4yjFqnnaNoQ4Y4r1GP5sIgThZT2aTpA3w9v2l7y6U9Ft+cjVURDwk/VvNTCi0WCWdw28C3hYj1jcAs7+M4oqbfLZlEpBC1khCHXyvg7sU5RuEKY59PWRbYIXtFf59Faht7r1mhSWN0A/E45k2ASabaNl28Vfam1xFzoNxGfazchhiL1mQMLyoSjmSZ9vVhtg6te,iv:2Xe6mOFqiEWVql+ZAfztc0OLA1NpG6pYXPXz3+KI2Wg=,tag:auVimKI3E6y8yPt0zTB1JA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR
b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm
NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t
YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9
qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2
ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx
NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5
VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct
5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-08T16:19:05Z"
mac: ENC[AES256_GCM,data:825FfQxusSCBHBWIH3VyAb06C+WAe/El1gUCngTOZe76gjex1yuSnMRoVPdLTIFbBhwpmal1jfyvpkaVaLvEyhj7dfHrDXbL/4Nzt5FFqYXQ+2bqUoP8uu+tMvaMEqJlTZFv/gYkx3RZy256rFqh1VXQuzejqVqX2JqbnUDj8/Q=,iv:/Ivr6tejZaudXZGcSUKDUi8oh6RJTu+84KzygLeP8VA=,tag:1DsD1l7jhKYojQASnevTjQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

7
secrets/cnixssh.age Normal file
View File

@@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 13OpUQ DWvImM/f2O9NGvbSWDj4Pw1aPUH+uy7aDZ2SZYx/3XI
KvKxaBlO8CGDMBaLJ9DmOmQPz2EG8aJbxz2giwDSiSk
-> ssh-ed25519 /lVW0g abWBZK+wj2ER9WJe+/WCk0Q8cnFEMEWnK/dwJJF+cx8
t1g/PrGNIqxPdQR5KhdUbHMWPtW7Tohhl1Dy6eASvhE
--- u48Gh9VjkGi56o8tFwkJ++5e4VE82z5ASjO1kgWklH0
<EFBFBD>l|GE<47>:d<>(<28>yt<><74>R*<2A>p<><70>:s7<><37> Q:<3A><><EFBFBD><EFBFBD>]|m<>/<2F><1B>.<2E><>w<EFBFBD><77><EFBFBD>2<EFBFBD>Xv<58><76><70>o<EFBFBD>%<25>{<7B>~qlA<6C><41><EFBFBD>,<2C><>t<EFBFBD>9<17>#<23><>Wa<57><10><>`WTWT<57><54>fNGԫ<01>>X<>U*<2A>о<EFBFBD><D0BE><EFBFBD><EFBFBD>W<16><>s<><73> +<2B>D<EFBFBD><44>2<EFBFBD><32><EFBFBD><EFBFBD><EFBFBD>r<EFBFBD>h<EFBFBD><68>J<EFBFBD><4A><EFBFBD>_<EFBFBD>6<EFBFBD>@<40><><EFBFBD>_%w<>\<03><<3C><>D`^<<3C><>G<EFBFBD><47><EFBFBD><EFBFBD>P<EFBFBD><50>E<EFBFBD>B=I<><49>^<5E><0E>s`Q<><51>#rg:b\U<><55><EFBFBD><EFBFBD><EFBFBD><EFBFBD>*<2A>"V<>7ƶZť><1A><><EFBFBD>D2a"h!<21><>!<21>0N%<25>(<16>fT<66><54><EFBFBD><EFBFBD>x<EFBFBD>/<2F>qJ<13>U<EFBFBD><55><EFBFBD><EFBFBD>d<EFBFBD>)<29><EFBFBD><7F>

31
secrets/cnst-secrets.yaml
View File

@@ -1,31 +0,0 @@
openai_api_key: ENC[AES256_GCM,data:91O7UcISvIJ6fzZxxj6y/6T7KT04tu4dIsWfVgdqt9/JzplA734lTIixRNmYSxmhgVNCyX2pJn0WO1yH7uEsSj2CHyJxVGAL6h+7zqYFo/UxbXAWy9u1hSfAS0BL6WEXrlVzqdt9JGz0lBTK4qFyuXnnSzhPVG2qQGhenmEq1+UkqdY9,iv:rfyekHDh8UUvbcXgPsfsKA6AjO2z5XSGpeHpwpiuSXw=,tag:dHZhfWoO/e4ZUfSAEOxq0A==,type:str]
ssh_user: ENC[AES256_GCM,data:u6YjlfDAX1zEO5Zd6SYn3C3q/H8knUwMT8Xv4d0YbYnVrainntukSKwO5jwUMay+BfgkWfRBil0/mqxBZjS1E+we3iDxYHTLLWXjQ2QJTzrVJHpu1MFcvYPfjQsocS96i6V8N/eH2fNIjSmys4uBxrLlnlsA3nuC4kvk/6rAq7ndp27eyQH/rx7iorMvyMtfRcKTOSCQNlaHu2WLtH6rxcUg8c+zYhlPR1OkM6I7tWrrw/48Bj7USjdXyNXM18qX05/EetkZdM6vHDWWPYTfVEnoP3K8zjgWXwoX/3amNgvX2wQYS8eSGxdLA5hCvKi1ytl3aEr+QjYn3X+qkqtdk6cvMnx6nyotMWpoJdnaRQqarB3gh0kHWCRjs0ALsWyvn7ShUXYOT3fflX1lXiEjpQp5TbvR+EpB4gicpa60j9s13u43znMqYqnlnGvTGoBXbkz6ZE6EcKXyPq9RuNWyK6X/j3kvAyiemoBkJg4rEURnG2bq9oMMvlZtbp1wkSIAwOPJjuAxOyn7LaQTEaBc,iv:u4AOkMRsT7laSfdYxXSa6LxCmDN2cA1ZBGZMRW/k9A0=,tag:s3r5cNHz02cpXdUrSL1jeQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR
b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm
NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t
YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9
qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2
ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx
NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5
VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct
5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-08T16:21:45Z"
mac: ENC[AES256_GCM,data:HZIfU0PQvr/572g+LhdYWmyO5SBUy0xzK5UcwM1PdKt9xYrcy6vC9Sk9VePR2p9f1rZFdw6B5Y2V/O3DG/L5Ct3xV0jHITgOLWjAFyITAxWV8X7FA8SRW4eusv3wuzFT8fTEXvXf8Y4wGozVrWJJIPMwIHOBzBGhM53YkMYEiXQ=,iv:6kkhKvPCewdSadQNd//hDOH0mY66XGkQSZ0KRgz24j8=,tag:Xpu6cTmi1Kvz5FimULzP7A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

9
secrets/cnstssh.age Normal file
View File

@@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 13OpUQ xWN4MH83JSI9xQiufyWTggMxrslw66KS3eLJoXTf7xM
Cyj7IOEPshLeOe5imPEJuYopjqiLDwzPU00ojj3LbqA
-> ssh-ed25519 /lVW0g hGwxsq1sdra4Oh+7N9Y/Oj6vqgwGv/yBYK0ldN+NTRE
9a1xalRU9I1itk6d82vzXAvVAhxUr0xNb5ZAWhyyUBw
--- tYFRpS/yQAncovlTEtCG/EmvrLd6FWS7g75jjSTYqYo
<EFBFBD><EFBFBD><EFBFBD>ēc<EFBFBD>g1^qi<71><<3C>s<EFBFBD><73><18><1E>3%'@<40><>W<EFBFBD><57><EFBFBD>{<02><><EFBFBD>l<EFBFBD><02><>/<2F><>1-5<><35>c<EFBFBD><63><EFBFBD><EFBFBD>F"<16><>a<EFBFBD>#jHJ<48>5<EFBFBD>n<EFBFBD><6E>7<EFBFBD>_<EFBFBD><18><>i<EFBFBD><69> <20>CyG<79>p<>Rx<52><78><EFBFBD> M<><4D>D<EFBFBD> <0C>ժ<EFBFBD>`<60><><EFBFBD><EFBFBD><EFBFBD>/Z<><5A>ae<61><65>v<EFBFBD><76><EFBFBD> <0B><>
l<EFBFBD><EFBFBD>Pђ<><D192><EFBFBD><EFBFBD>j~Mqr-}<7D>KtĆjݞ<>N<EFBFBD><4E># <20><>2<EFBFBD>Q?<07><>A <0B>G;cR<63><52><EFBFBD>f<EFBFBD><66><EFBFBD>`ßS<C39F>0<><05>=<3D><><18><>O<>K<EFBFBD><4B><EFBFBD>I4L
<EFBFBD><EFBFBD><EFBFBD><EFBFBD> }<7D><>|R

8
secrets/secrets.nix Normal file
View File

@@ -0,0 +1,8 @@
let
cnst = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIk/zMuOgZCX+bVCFDHxtoec96RaVfV4iG1Gohp0qHdU cnst@cnix";
cnix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFfRlSRg6vV0rRokzzDWnGZgSaUo0SZaURbxxeYXfm6e root@nixos";
in {
"cnstssh.age".publicKeys = [cnst cnix];
"cnixssh.age".publicKeys = [cnst cnix];
}

30
secrets/toothpc-secrets.yamlbak
View File

@@ -1,30 +0,0 @@
ssh_host: ENC[AES256_GCM,data:j38HDBp0jajrXgz2Wb2C6FmqYlT4L1/bLRDAjfvxLWaO4dQmrzihw8rFZ/LmEzRSJ6RDb+Jvfu8EFR6Fz3tJVpb0BcoWNZFqeVsbOpW8K40QOKed6cK4UdemPQk2gvFbw65ProGtjqeqcUaqgJ2kacM/pAhpELFkPjtJjs39fklXAj5bOb802bdzPuFzDCGtb+cw7DU99R9PARQVMzlY8+KiG0MHeDj71Yx8vhr/t/tngMdEaeiSg2UuiVnCjBJ07EXF8EEA5NNXkGErg2m34iiaa6AuPnrYK15EQdeB/fllt3KXxih1Y9VRswP5Wbson9IdxVCXiXmeryFAbNfRiOD8AYAQrHyvxz5VFL6sN+dOIhnLt9Nc84x5Qw6+S3U0mTAe3YL3nsKO+h39Stn5DQxSRS+1SPp8RfGBh1l/s0HBBR8s1ltME576UfGu+4KNzbPb6J9qwR/YHEr3MDFIoZptlcLAEzvlBNeFGFY58IebTUiw7HqeBAgYOHsH3bRp8rmsEuM5a+537AKhxoFC,iv:gHvgfTBjpQxSGXgwCf6Vrt6eNUJiXmbUvaHk5fMOC7U=,tag:/t+Yi9AC7qgwjzlw+QMhww==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR
b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm
NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t
YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9
qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2
ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx
NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5
VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct
5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-25T18:19:18Z"
mac: ENC[AES256_GCM,data:HMDybe9oiYF2efettIpjssXTNTQTWD9TZsYIVd4OMZwf5f+lZBQHMF0PoUtH6MojBncP5We4DwBrhvlcSaEz1OJHT1t+2UPm6VYjshbuf+Ajst+lI0c7zsk7WiB9K7aPbhQAvnc55144n+EdNx3iiIYmfCu4SCjjNhz33mzlfJM=,iv:yZIqHtnbIHz0AFdQtvJuCb3XnsBGP6eigH39JNM5DiI=,tag:DkfLKJ+pbGPe8AlR6oVqWw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

30
secrets/toothpick-secrets.yamlbak
View File

@@ -1,30 +0,0 @@
ssh_user: ENC[AES256_GCM,data:u6YjlfDAX1zEO5Zd6SYn3C3q/H8knUwMT8Xv4d0YbYnVrainntukSKwO5jwUMay+BfgkWfRBil0/mqxBZjS1E+we3iDxYHTLLWXjQ2QJTzrVJHpu1MFcvYPfjQsocS96i6V8N/eH2fNIjSmys4uBxrLlnlsA3nuC4kvk/6rAq7ndp27eyQH/rx7iorMvyMtfRcKTOSCQNlaHu2WLtH6rxcUg8c+zYhlPR1OkM6I7tWrrw/48Bj7USjdXyNXM18qX05/EetkZdM6vHDWWPYTfVEnoP3K8zjgWXwoX/3amNgvX2wQYS8eSGxdLA5hCvKi1ytl3aEr+QjYn3X+qkqtdk6cvMnx6nyotMWpoJdnaRQqarB3gh0kHWCRjs0ALsWyvn7ShUXYOT3fflX1lXiEjpQp5TbvR+EpB4gicpa60j9s13u43znMqYqnlnGvTGoBXbkz6ZE6EcKXyPq9RuNWyK6X/j3kvAyiemoBkJg4rEURnG2bq9oMMvlZtbp1wkSIAwOPJjuAxOyn7LaQTEaBc,iv:u4AOkMRsT7laSfdYxXSa6LxCmDN2cA1ZBGZMRW/k9A0=,tag:s3r5cNHz02cpXdUrSL1jeQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR
b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm
NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t
YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9
qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2
ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx
NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5
VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct
5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-25T18:20:06Z"
mac: ENC[AES256_GCM,data:/pRqY9QwAewkXbfuca3dJd6Jnd4EUujbUmgbSaBimx9T6tv1RcO/IJHJg7JhOOAJIHnsEmGL+rrsA4v9DDPOtTMmvAjQ6vYIU5fKT4ig9aNzv23p+QZmEq7mjS2q9AKstRi/ZAbzh0U1uM+nl0C3FS827TQ0XoD9P/wI+GwClGw=,iv:+cjt0HFhh/VGAjQd6RuUugc6KiGV+pmlh+dx8MK8ziY=,tag:/1Bqn7knxE36jKwpdR2cYg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

4
system/modules/default.nix
View File

@@ -10,7 +10,7 @@
"${systemModules}/hardware/graphics/amd"
"${systemModules}/hardware/graphics/nvidia"
"${systemModules}/hardware/logitech"
"${systemModules}/network"
"${systemModules}/hardware/network"
"${systemModules}/studio/blender"
"${systemModules}/studio/gimp"
"${systemModules}/studio/inkscape"
@@ -25,12 +25,12 @@
"${systemModules}/sysd/pipewire"
"${systemModules}/sysd/powerd"
"${systemModules}/sysd/samba"
"${systemModules}/sysd/sops"
"${systemModules}/sysd/ssh"
"${systemModules}/sysd/udisks"
"${systemModules}/sysd/xserver/amd"
"${systemModules}/sysd/xserver/amd/hhkbse"
"${systemModules}/sysd/xserver/nvidia"
"${systemModules}/utils/agenix"
"${systemModules}/utils/android"
"${systemModules}/utils/anyrun"
"${systemModules}/utils/corectrl"

4
system/modules/gaming/gamemode/default.nix
View File

@@ -15,7 +15,7 @@ in {
options = {
modules.gaming.gamemode = {
enable = mkEnableOption "Enables gamemode";
optimizeGpu = mkOption {
optimizeGpu.enable = mkOption {
type = lib.types.bool;
default = false;
description = "Whether to apply GPU optimizations.";
@@ -31,7 +31,7 @@ in {
softrealtime = "auto";
renice = 15;
};
gpu = mkIf cfg.optimizeGpu {
gpu = mkIf cfg.optimizeGpu.enable {
apply_gpu_optimisations = "accept-responsibility";
gpu_device = 0;
amd_performance_level = "high";

50
system/modules/hardware/network/default.nix Normal file
View File

@@ -0,0 +1,50 @@
{
config,
lib,
...
}: let
inherit (lib) mkIf mkEnableOption mkOption types;
cfg = config.modules.hardware.network;
in {
options = {
modules = {
hardware = {
network = {
enable = mkEnableOption "Enable the custom networking module";
hostName = mkOption {
type = types.str;
default = "default-hostname";
description = "Hostname for the system.";
};
interfaces = mkOption {
type = types.attrsOf (types.submodule {
options = {
allowedTCPPorts = mkOption {
type = types.listOf types.int;
default = [];
description = "List of allowed TCP ports for this interface.";
};
};
});
default = {};
description = "Network interface configurations.";
};
};
};
};
};
config = mkIf cfg.enable {
networking = {
networkmanager.enable = true;
inherit (cfg) hostName;
nftables.enable = true;
firewall = {
enable = true;
inherit (cfg) interfaces;
};
};
};
}

48
system/modules/network/default.nix
View File

@@ -1,48 +0,0 @@
{
config,
lib,
...
}: let
inherit (lib) mkIf mkEnableOption mkOption types;
cfg = config.modules.network;
in {
options = {
modules = {
network = {
enable = mkEnableOption "Enable the custom networking module";
hostName = mkOption {
type = types.str;
default = "default-hostname";
description = "Hostname for the system.";
};
interfaces = mkOption {
type = types.attrsOf (types.submodule {
options = {
allowedTCPPorts = mkOption {
type = types.listOf types.int;
default = [];
description = "List of allowed TCP ports for this interface.";
};
};
});
default = {};
description = "Network interface configurations.";
};
};
};
};
config = mkIf cfg.enable {
networking = {
networkmanager.enable = true;
inherit (cfg) hostName;
nftables.enable = true;
firewall = {
enable = true;
inherit (cfg) interfaces;
};
};
};
}

4
system/modules/studio/blender/default.nix
View File

@@ -10,7 +10,7 @@ in {
options = {
modules.studio.blender = {
enable = mkEnableOption "Enables Blender";
hip = mkOption {
hip.enable = mkOption {
type = lib.types.bool;
default = false;
description = "Use the HIP-enabled version of Blender (for AMD GPUs).";
@@ -20,7 +20,7 @@ in {
config = mkIf cfg.enable {
environment.systemPackages = [
(
if cfg.hip
if cfg.hip.enable
then pkgs.blender-hip
else pkgs.blender
)

76
system/modules/sysd/sops/default.nix
View File

@@ -1,76 +0,0 @@
{
config,
lib,
pkgs,
self,
...
}: let
inherit (lib) mkIf mkEnableOption mkOption;
cfg = config.modules.sysd.sops;
in {
options = {
modules.sysd.sops = {
enable = mkEnableOption "Enables sops system environment";
cnix.enable = mkOption {
type = lib.types.bool;
default = false;
description = "Apply cnix sops settings";
};
toothpc.enable = mkOption {
type = lib.types.bool;
default = false;
description = "Apply toothpc sops settings";
};
adampad.enable = mkOption {
type = lib.types.bool;
default = false;
description = "Apply adampad sops settings";
};
};
};
config = mkIf cfg.enable {
sops = lib.mkMerge [
{
age = {sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];};
gnupg = {
home = "~/.gnupg";
sshKeyPaths = [];
};
}
(mkIf cfg.cnix.enable {
secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/cnix-secrets.yaml";
};
ssh_host = {
format = "yaml";
sopsFile = "${self}/secrets/cnix-secrets.yaml";
};
};
})
(mkIf cfg.toothpc.enable {
secrets = {
ssh_host = {
format = "yaml";
# sopsFile = "${self}/secrets/toothpc-secrets.yaml";
};
};
})
(mkIf cfg.adampad.enable {
secrets = {
ssh_host = {
format = "yaml";
sopsFile = "${self}/secrets/adampad-secrets.yaml";
};
};
})
];
environment.systemPackages = [
pkgs.sops
pkgs.age
];
};
}

58
system/modules/utils/agenix/default.nix Normal file
View File

@@ -0,0 +1,58 @@
{
config,
lib,
inputs,
pkgs,
self,
...
}: let
inherit (lib) mkIf mkEnableOption mkOption mkMerge;
cfg = config.modules.utils.agenix;
in {
options = {
modules.utils.agenix = {
enable = mkEnableOption "Enables agenix system environment";
cnix.enable = mkOption {
type = lib.types.bool;
default = false;
description = "Apply cnix agenix settings";
};
toothpc.enable = mkOption {
type = lib.types.bool;
default = false;
description = "Apply toothpc agenix settings";
};
adampad.enable = mkOption {
type = lib.types.bool;
default = false;
description = "Apply adampad agenix settings";
};
};
};
config = mkIf cfg.enable {
age = mkMerge [
(mkIf cfg.cnix.enable {
secrets = {
cnstssh.file = "${self}/secrets/cnstssh.age";
cnixssh.file = "${self}/secrets/cnixssh.age";
};
})
(mkIf cfg.toothpc.enable {
secrets = {
# Add toothpc specific secrets here
};
})
(mkIf cfg.adampad.enable {
secrets = {
# Add adampad specific secrets here
};
})
];
environment.systemPackages = [
inputs.agenix.packages.x86_64-linux.default
pkgs.age
];
};
}

10
system/modules/utils/misc/default.nix
View File

@@ -11,11 +11,11 @@ in {
modules.utils.misc.enable = mkEnableOption "Enables miscellaneous pacakges";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
nodejs_22
ripgrep
fd
beekeeper-studio
environment.systemPackages = [
pkgs.nodejs_22
pkgs.ripgrep
pkgs.fd
pkgs.beekeeper-studio
];
};
}