cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

Merge pull request #7 from cnsta/sops

Browse Source 
sops changes, and things I cannot remember
This commit is contained in:
cnsta
2024-08-09 13:52:14 +02:00
committed by GitHub
parent 38457b0182 db8ac92d4a
commit f3e2c24bee
35 changed files with 753 additions and 160 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
.cleanup-boot.sh Executable file
View File

@@ -0,0 +1,89 @@
#!/bin/bash
# Script to clean up old initrd and kernel files in /boot/EFI/nixos
# Make sure it's added to flake.nix, then run:
# "nix build .#packages.x86_64-linux.cleanup-boot".
# Number of generations to keep
KEEP_GENERATIONS=5
# Log file for cleanup actions
LOG_FILE="/var/log/cleanup-boot.log"
# Dry run flag
DRY_RUN=false
# Check for dry run argument
if [ "$1" = "--dry-run" ]; then
DRY_RUN=true
fi
# Function to log messages
log() {
echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a "$LOG_FILE"
}
# Exit on any error
set -e
log "Starting cleanup script. Keeping the latest $KEEP_GENERATIONS generations."
# List the initrd files in /boot/EFI/nixos sorted by modification time (oldest first)
mapfile -t initrd_files < <(find /boot/EFI/nixos -type f -name 'initrd-*.efi' -printf '%T@ %p\n' | sort -n)
# List the kernel files in /boot/EFI/nixos sorted by modification time (oldest first)
mapfile -t kernel_files < <(find /boot/EFI/nixos -type f -name 'kernel-*.efi' -printf '%T@ %p\n' | sort -n)
# Count the number of initrd and kernel files
initrd_count=${#initrd_files[@]}
kernel_count=${#kernel_files[@]}
log "Found $initrd_count initrd files and $kernel_count kernel files."
# Initialize arrays to hold files to delete
delete_initrd_files=()
delete_kernel_files=()
# If there are fewer than KEEP_GENERATIONS initrd files, don't delete any
if [ "$initrd_count" -le "$KEEP_GENERATIONS" ]; then
log "Fewer than $KEEP_GENERATIONS initrd files found. No initrd files will be deleted."
else
# Get the initrd files to delete
delete_initrd_files=("${initrd_files[@]:0:initrd_count-KEEP_GENERATIONS}")
fi
# If there are fewer than KEEP_GENERATIONS kernel files, don't delete any
if [ "$kernel_count" -le "$KEEP_GENERATIONS" ]; then
log "Fewer than $KEEP_GENERATIONS kernel files found. No kernel files will be deleted."
else
# Get the kernel files to delete
delete_kernel_files=("${kernel_files[@]:0:kernel_count-KEEP_GENERATIONS}")
fi
# Log the files identified for deletion
log "Files identified for deletion:"
for file_entry in "${delete_initrd_files[@]}" "${delete_kernel_files[@]}"; do
file=$(echo "$file_entry" | cut -d' ' -f2-)
log "$file"
done
# Confirm dry run mode
if [ "$DRY_RUN" = true ]; then
log "Dry run mode enabled. No files will be deleted."
fi
# Remove old files
for file_entry in "${delete_initrd_files[@]}" "${delete_kernel_files[@]}"; do
file=$(echo "$file_entry" | cut -d' ' -f2-)
if [ "$DRY_RUN" = false ]; then
if rm -f "$file"; then
log "Deleted: $file"
else
log "Failed to delete: $file"
fi
else
log "Dry run - would delete: $file"
fi
done
log "Cleanup script completed."

1
.gitignore vendored
View File

@@ -1 +1,2 @@
.direnv
result*

40
.sops.yaml Normal file
View File

@@ -0,0 +1,40 @@
keys:
# Users
- &cnst age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
- &adam
- &toothpick # Hosts
- &cnix age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2
- &adampad
- &toothpc
creation_rules:
- path_regex: secrets/cnix-secrets.(yaml|json|env|ini)$
key_groups:
- age:
- *cnst
- *cnix
- path_regex: secrets/cnst-secrets.(yaml|json|env|ini)$
key_groups:
- age:
- *cnst
- *cnix
- path_regex: secrets/adampad-secrets.(yaml|json|env|ini)$
key_groups:
- age:
- *adam
- *adampad
- path_regex: secrets/adam-secrets.(yaml|json|env|ini)$
key_groups:
- age:
- *adam
- *adampad
- path_regex: secrets/toothpc-secrets.(yaml|json|env|ini)$
key_groups:
- age:
- *toothpick
- *toothpc
- path_regex: secrets/toothpick-secrets.(yaml|json|env|ini)$
key_groups:
- age:
- *toothpick
- *toothpc

238
flake.lock generated
View File

@@ -1,32 +1,5 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": [
"hm"
],
"nixpkgs": [
"nixpkgs"
],
"systems": [
"systems"
]
},
"locked": {
"lastModified": 1722339003,
"narHash": "sha256-ZeS51uJI30ehNkcZ4uKqT4ZDARPyqrHADSKAwv5vVCU=",
"owner": "ryantm",
"repo": "agenix",
"rev": "3f1dae074a12feb7327b4bf43cbac0d124488bb7",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"anyrun": {
"inputs": {
"flake-parts": "flake-parts",
@@ -108,12 +81,12 @@
"yafas": "yafas"
},
"locked": {
"lastModified": 1723121942,
"narHash": "sha256-OfowhlEBPCNcaw1RaC9AuW8bc2Ee2NMngjU8dOljtoU=",
"rev": "d266429873c2a75c25eb629448d64387c7e1af22",
"revCount": 1327,
"lastModified": 1723170510,
"narHash": "sha256-wNF5AqKnCWuUnfJfmaJI1cDxxUrD3JdwfJx8dyZoQuQ=",
"rev": "dc407c1618b0892ca94acb857b0cee7383061273",
"revCount": 1329,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/chaotic-cx/nyx/0.1.1327%2Brev-d266429873c2a75c25eb629448d64387c7e1af22/0191321e-6860-744d-b2b8-25e37a49b607/source.tar.gz"
"url": "https://api.flakehub.com/f/pinned/chaotic-cx/nyx/0.1.1329%2Brev-dc407c1618b0892ca94acb857b0cee7383061273/019134ff-40de-7553-8086-c25b2f20a0bf/source.tar.gz"
},
"original": {
"type": "tarball",
@@ -155,28 +128,6 @@
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"devshell": {
"inputs": {
"nixpkgs": [
@@ -198,6 +149,27 @@
"type": "github"
}
},
"firefox-addons": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1723176196,
"narHash": "sha256-8FWJ0kJN6yin5Z9BhtPlVaRzj9ljuUdaBT2i/bquJO4=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "ce877fc7a74fb1abfedcdb4f78e67d930a0841c8",
"type": "gitlab"
},
"original": {
"dir": "pkgs/firefox-addons",
"owner": "rycee",
"repo": "nur-expressions",
"type": "gitlab"
"fenix": {
"inputs": {
"nixpkgs": [
@@ -231,11 +203,11 @@
]
},
"locked": {
"lastModified": 1723120141,
"narHash": "sha256-Fdr2l2eWB3mg3IUMvKyGSaKS3ekEcl+o+Ss3zHAayQs=",
"lastModified": 1723165499,
"narHash": "sha256-s5MWrhnqKerja79uFIqgWthudjFmRMxTHY7iZqOPp4g=",
"owner": "nix-community",
"repo": "flake-firefox-nightly",
"rev": "236cc595c1b3010be5df3b087770d2f4b51b831c",
"rev": "32f8518e684a4feb842ef25999d2a6dc5f64f2ba",
"type": "github"
},
"original": {
@@ -402,6 +374,21 @@
}
},
"flake-utils": {
"locked": {
"lastModified": 1629284811,
"narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
@@ -419,7 +406,7 @@
"type": "github"
}
},
"flake-utils_2": {
"flake-utils_3": {
"inputs": {
"systems": [
"systems"
@@ -439,7 +426,7 @@
"type": "github"
}
},
"flake-utils_3": {
"flake-utils_4": {
"inputs": {
"systems": "systems_5"
},
@@ -533,11 +520,11 @@
},
"hardware": {
"locked": {
"lastModified": 1722332872,
"narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=",
"lastModified": 1723149858,
"narHash": "sha256-3u51s7jdhavmEL1ggtd8wqrTH2clTy5yaZmhLvAXTqc=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "14c333162ba53c02853add87a0000cbd7aa230c2",
"rev": "107bb46eef1f05e86fc485ee8af9b637e5157988",
"type": "github"
},
"original": {
@@ -546,6 +533,31 @@
"type": "github"
}
},
"hercules-ci-effects": {
"inputs": {
"flake-parts": [
"nixpak",
"flake-parts"
],
"nixpkgs": [
"nixpak",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719226092,
"narHash": "sha256-YNkUMcCUCpnULp40g+svYsaH1RbSEj6s4WdZY/SHe38=",
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"rev": "11e4b8dc112e2f485d7c97e1cee77f9958f498f5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"type": "github"
}
},
"hm": {
"inputs": {
"nixpkgs": [
@@ -649,11 +661,11 @@
"xdph": "xdph"
},
"locked": {
"lastModified": 1723110881,
"narHash": "sha256-VqQuxeai86PP/Vh1r6AqOi2pPllqBi68HVJKEk72Z0E=",
"lastModified": 1723143710,
"narHash": "sha256-qbjodK+UgnQ2YdtKmuI1XEG84SZlid39rQo6Ap9NTqI=",
"ref": "refs/heads/main",
"rev": "83a334f97df4389ca30cb63e50317a66a82562b9",
"revCount": 5070,
"rev": "4b4971c06fb02df00a2bd20b6b47b5d0e7d799a7",
"revCount": 5071,
"submodules": true,
"type": "git",
"url": "https://github.com/hyprwm/Hyprland"
@@ -871,7 +883,7 @@
},
"lib-aggregate": {
"inputs": {
"flake-utils": "flake-utils",
"flake-utils": "flake-utils_2",
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
@@ -990,6 +1002,30 @@
"type": "github"
}
},
"nixpak": {
"inputs": {
"flake-parts": [
"flake-parts"
],
"hercules-ci-effects": "hercules-ci-effects",
"nixpkgs": [
"nixpkgs-small"
]
},
"locked": {
"lastModified": 1723083542,
"narHash": "sha256-Nkbb3j+P0zMqvZUlV6WbT5erHasZ14NW0TJS3Bb9dVY=",
"owner": "nixpak",
"repo": "nixpak",
"rev": "d36970c58794c90401617accae0eb48868e335e6",
"type": "github"
},
"original": {
"owner": "nixpak",
"repo": "nixpak",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1717196966,
@@ -1021,6 +1057,22 @@
"type": "github"
}
},
"nixpkgs-small": {
"locked": {
"lastModified": 1723154630,
"narHash": "sha256-TzJYH95nF27y/RGSCGjEu2+OX4TAFdo/HTBx3fabnvM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "417d7213447540319ff280b004460e9a06859045",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1720386169,
@@ -1037,6 +1089,22 @@
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1721524707,
"narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "556533a23879fc7e5f98dd2e0b31a6911a213171",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1722813957,
@@ -1131,11 +1199,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1723123215,
"narHash": "sha256-PZbdO1N8zpmkFsGWk3rLUal/TnpqAXgItsIj6IUCswY=",
"lastModified": 1723192118,
"narHash": "sha256-juQM/w6GY8aHQCBazvyMEPlfnt4pB+ja7WDQOQQYyEY=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "1b135dedc4b6256faad9dae2f625e821425a60dd",
"rev": "c46bd820adabaf23acbccbbd226b1941566acb51",
"type": "github"
},
"original": {
@@ -1146,7 +1214,7 @@
},
"nuschtosSearch": {
"inputs": {
"flake-utils": "flake-utils_3",
"flake-utils": "flake-utils_4",
"nixpkgs": [
"nixvim",
"nixpkgs"
@@ -1195,13 +1263,13 @@
},
"root": {
"inputs": {
"agenix": "agenix",
"anyrun": "anyrun",
"chaotic": "chaotic",
"firefox-addons": "firefox-addons",
"firefox-nightly": "firefox-nightly",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_2",
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils_3",
"hardware": "hardware",
"hm": "hm",
"hyprland": "hyprland",
@@ -1210,8 +1278,11 @@
"lanzaboote": "lanzaboote",
"microfetch": "microfetch",
"nix-gaming": "nix-gaming",
"nixpak": "nixpak",
"nixpkgs": "nixpkgs_6",
"nixpkgs-small": "nixpkgs-small",
"nixvim": "nixvim",
"sops-nix": "sops-nix",
"systems": "systems_6"
}
},
@@ -1253,6 +1324,27 @@
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1722897572,
"narHash": "sha256-3m/iyyjCdRBF8xyehf59QlckIcmShyTesymSb+N4Ap4=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "8ae477955dfd9cbf5fa4eb82a8db8ddbb94e79d9",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1689347949,

61
flake.nix
View File

@@ -9,28 +9,32 @@
./home
./hosts
];
perSystem = {pkgs, ...}: {
devShells = import ./system/nix/shell {inherit pkgs;};
formatter = pkgs.alejandra;
packages.cleanup-boot = pkgs.buildFHSUserEnv {
name = "cleanup-boot";
targetPkgs = pkgs: [pkgs.bash];
runScript = ./.cleanup-boot.sh;
};
};
};
inputs = {
# Nix environs
# nix environs
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
# nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-unstable-small";
nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-unstable-small";
systems.url = "github:nix-systems/default-linux";
hardware.url = "github:nixos/nixos-hardware";
lanzaboote.url = "github:nix-community/lanzaboote";
# Sandbox wrappers for programs
# nixpak = {
# url = "github:nixpak/nixpak";
# inputs = {
# nixpkgs.follows = "nixpkgs-small";
# flake-parts.follows = "flake-parts";
# };
# };
nixpak = {
url = "github:nixpak/nixpak";
inputs = {
nixpkgs.follows = "nixpkgs-small";
flake-parts.follows = "flake-parts";
};
};
flake-utils = {
url = "github:numtide/flake-utils";
inputs.systems.follows = "systems";
@@ -50,11 +54,22 @@
};
# cachyos
chaotic.url = "https://flakehub.com/f/chaotic-cx/nyx/*.tar.gz";
# hyprland environ
hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
hyprland-contrib = {
url = "github:hyprwm/contrib";
inputs.nixpkgs.follows = "hyprland/nixpkgs";
};
hyprlock = {
url = "github:hyprwm/hyprlock";
inputs = {
hyprlang.follows = "hyprland/hyprlang";
hyprutils.follows = "hyprland/hyprutils";
nixpkgs.follows = "hyprland/nixpkgs";
systems.follows = "hyprland/systems";
};
};
nix-gaming = {
url = "github:fufexan/nix-gaming";
inputs = {
@@ -66,24 +81,16 @@
url = "github:nix-community/flake-firefox-nightly";
inputs.nixpkgs.follows = "nixpkgs";
};
# Schizophrenic Firefox configuration
# schizofox = {
# url = "github:schizofox/schizofox";
# inputs = {
# nixpkgs.follows = "nixpkgs-small";
# flake-parts.follows = "flake-parts";
# nixpak.follows = "nixpak";
# };
# };
# Third party programs, packaged with nix
firefox-addons = {
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
inputs.nixpkgs.follows = "nixpkgs";
};
anyrun.url = "github:anyrun-org/anyrun";
microfetch.url = "github:NotAShelf/microfetch";
agenix = {
url = "github:ryantm/agenix";
inputs = {
nixpkgs.follows = "nixpkgs";
home-manager.follows = "hm";
systems.follows = "systems";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
hyprlock = {
url = "github:hyprwm/hyprlock";

1
home/bin/hyprland/cnst/cfg/inputs.nix
View File

@@ -51,7 +51,6 @@
};
misc = {
vrr = 2;
no_direct_scanout = false;
mouse_move_enables_dpms = 1;
key_press_enables_dpms = 0;
force_default_wallpaper = 0;

5
home/bin/neovim/plugins/chatgpt.nix
View File

@@ -1,5 +1,8 @@
{
{config, ...}: {
programs.nixvim.plugins.chatgpt = {
enable = true;
settings = {
api_key_cmd = "cat ${config.sops.secrets.openai_api_key.path}";
};
};
}

2
home/bin/neovim/plugins/default.nix
View File

@@ -13,7 +13,7 @@
./tagbar.nix
./telescope.nix
./treesitter.nix
# ./chatgpt.nix
./chatgpt.nix
# ./vimtex.nix
./nonels.nix
./conform.nix

3
home/bin/neovim/plugins/lsp.nix
View File

@@ -54,6 +54,9 @@
# C#
csharp-ls.enable = true;
# Yaml
yamlls.enable = true;
# Lua
lua-ls = {
enable = true;

2
home/default.nix
View File

@@ -11,6 +11,8 @@
./usr/share/git/cnst
./usr/share/shell/cnst
./bin/hyprland/cnst
./opt/browsers/firefox
./opt/sops
./etc
./bin
./opt

12
home/opt/browsers/chromium/default.nix Normal file
View File

@@ -0,0 +1,12 @@
{pkgs, ...}: {
programs.chromium = {
enable = true;
package = pkgs.ungoogled-chromium;
extensions = [
"gebbhagfogifgggkldgodflihgfeippi" # return youtube dislike
"mnjggcdmjocbbbhaepdhchncahnbgone" # sponsorblock for youtube
"ponfpcnoihfmfllpaingbgckeeldkhle" # enhancer for youtube
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
];
};
}

34
home/opt/browsers/default.nix
View File

@@ -1,34 +0,0 @@
{
pkgs,
lib,
config,
inputs,
...
}: let
firefoxFlake = inputs.firefox-nightly.packages.${pkgs.stdenv.hostPlatform.system};
_firefoxNightly = firefoxFlake.firefox-nightly-bin;
_chromium = pkgs.ungoogled-chromium;
# _mullvad = pkgs.mullvad-browser;
in {
home.packages = lib.mkMerge [
(lib.mkIf (pkgs.hostPlatform.system == "x86_64-linux") (
with pkgs; [
# browsers
_firefoxNightly
pkgs.firefox-bin
# _chromium
]
))
];
programs.chromium = {
enable = true;
package = pkgs.ungoogled-chromium;
extensions = [
"gebbhagfogifgggkldgodflihgfeippi" # return youtube dislike
"mnjggcdmjocbbbhaepdhchncahnbgone" # sponsorblock for youtube
"ponfpcnoihfmfllpaingbgckeeldkhle" # enhancer for youtube
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
];
};
}

32
home/opt/browsers/firefox/default.nix Normal file
View File

@@ -0,0 +1,32 @@
{
inputs,
pkgs,
...
}: {
programs.firefox = {
enable = true;
package = inputs.firefox-nightly.packages.${pkgs.system}.firefox-nightly-bin;
profiles.cnst = {
search = {
force = true;
default = "DuckDuckGo";
privateDefault = "DuckDuckGo";
order = ["DuckDuckGo" "Google"];
};
bookmarks = {};
extensions = with inputs.firefox-addons.packages.${pkgs.system}; [
ublock-origin
sponsorblock
clearurls
return-youtube-dislikes
# enhancer-for-youtube # unfree
];
settings = {
"apz.overscroll.enabled" = true;
"browser.aboutConfig.showWarning" = false;
"general.autoScroll" = true;
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
};
};
};
}

1
home/opt/default.nix
View File

@@ -1,7 +1,6 @@
{
imports = [
# shared apps
./browsers
./discord
./utility
./alacritty

68
home/opt/sops/default.nix Normal file
View File

@@ -0,0 +1,68 @@
{
inputs,
self,
lib,
config,
...
}: let
defaultConfig = {
age = {sshKeyPaths = ["/home/cnst/.ssh/id_ed25519"];};
defaultSopsFile = "${self}/secrets/cnst-secrets.yaml";
secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/cnst-secrets.yaml";
};
ssh_user = {
format = "yaml";
sopsFile = "${self}/secrets/cnst-secrets.yaml";
};
};
};
userSpecificConfig = lib.mkMerge [
(lib.mkIf (config.home.username == "toothpick") {
age = {sshKeyPaths = ["/home/toothpick/.ssh/id_ed25519"];};
defaultSopsFile = "${self}/secrets/toothpick-secrets.yaml";
secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/toothpick-secrets.yaml";
};
ssh_user = {
format = "yaml";
sopsFile = "${self}/secrets/toothpick-secrets.yaml";
};
};
})
(lib.mkIf (config.home.username == "adam") {
age = {sshKeyPaths = ["/home/adam/.ssh/id_ed25519"];};
defaultSopsFile = "${self}/secrets/adam-secrets.yaml";
secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/adam-secrets.yaml";
};
ssh_user = {
format = "yaml";
sopsFile = "${self}/secrets/adam-secrets.yaml";
};
};
})
];
in {
imports = [
inputs.sops-nix.homeManagerModules.sops
];
sops = lib.mkMerge [
{
gnupg = {
home = "~/.gnupg";
sshKeyPaths = [];
};
}
defaultConfig
userSpecificConfig
];
}

3
home/opt/utility/default.nix
View File

@@ -1,5 +1,8 @@
{pkgs, ...}: {
programs = {
ssh = {
enable = true;
};
# image viewer
feh = {
enable = true;

7
home/profiles/cnst/default.nix
View File

@@ -1,4 +1,8 @@
{pkgs, ...}: {
{
pkgs,
self,
...
}: {
home = {
username = "cnst";
homeDirectory = "/home/cnst";
@@ -43,6 +47,7 @@
json.enable = false;
manpages.enable = false;
};
# age.secrets.secret1.file = "${self}/secrets/openai.age";
# let HM manage itself when in standalone mode
programs.home-manager.enable = true;

4
home/usr/share/shell/cnst/default.nix
View File

@@ -12,8 +12,8 @@
ll = "ls -l";
nixupdate = "nh os switch -v -H cnix";
nixup = "nh os switch -H cnix";
flakeupdate = "nh os switch -u -v -H cnix";
flakeup = "nh os switch -u -H cnix";
flakeupdate = "nh os switch -u -v -H cnix && sudo nix run .#cleanup-boot";
flakeup = "nh os switch -u -H cnix && sudo nix run .#cleanup-boot";
};
history = {
size = 1000;

7
hosts/cnix/default.nix
View File

@@ -8,8 +8,13 @@
in {
users.users.cnst = {
isNormalUser = true;
# hashedPasswordFile = config.age.secrets.openai.path;
shell = pkgs.zsh;
# openssh.authorizedKeys.keys = [];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTdWHnYsr+sWg1tMSPRUaQhB8msdCoanaJOtP8v1ZBX root@cnix"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtk/N0vZIangyccQoDq1e+k+t9gdymaYvjIs+Xh6TIMuDEO2piaiAs5PvIPQI3FPlPG4rQKgJwE3RwTCM1XXX/euhXzzmae32E/eLBF7fOtT0YjA07sXAW+vjKI7xhEdh+3D2Vi59taV/sw8QsNwTYFo1BQjjwqSHN+xhM3myFKEMquTxo6LqfFMR8oLSTyC4qUwk+H2w/6kmVFJa/7qGVhbEpryM/Oj+LMqzG6PYfmWzZ2qPFJ4FWHLTLVstBxpvT4p91lm0Z6aC+4KyYo52vwzEk2U/GGwzzc5DbXgyAzhaU8BM8IWkaRiE7RU8PNM1vRQ05L1JJ1T2o9a92QeZiJxz+3cgV/yZUYOKdZNrfskKpOzdm00yfhznVpI8y1lfgyvd+eJRLLpeOkGnAO3fW7RLLcwVKX6st8gBWf2SKWNFyuWdTU9SJC/sgttiBrsCiBTItKYLE8ihdJLrJn+cIxUoFe6WjZa9bv0WWetiW3g1WgiJeIWnlWERdDsxKfatwkE8mfPJtt6mZio/cLyC16HN57fNkqMqelca9deaXu2hwWBuE0dsOsL6HlhY8lFwQ5P+x7D3gZGpYWMZl35uqDt2AzFGje3Rrzv0NO7UUixeIit6c5BWhSxIpSgpl6065Uo5+jfeQlbaO1Kri4wwCR6VvQ/F0v+4IQZLSzOC3Gw== root@cnix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJMWwiz9YWBMUKFtAmF3xTEdBW27zkBH8UYaqWWcs70d cnst@cnix"
];
extraGroups = ifTheyExist [
"wheel"
"networkmanager"

1
hosts/cnix/ssh_host_ed25519_key.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTdWHnYsr+sWg1tMSPRUaQhB8msdCoanaJOtP8v1ZBX root@cnix

6
hosts/cnix/xkb/symbols/hhkbse
View File

@@ -6,7 +6,7 @@ xkb_symbols "hhkbse" {
name[Group1]="Sweden - HHKBse";
key <AE01> {[ 1, exclam, section, onehalf ]};
key <AE02> {[ 2, quotedbl, at, paragraph ]};
key <AE02> {[ 2, quotedbl, at ]};
key <AE03> {[ 3, numbersign, sterling ]};
key <AE04> {[ 4, dollar, currency ]};
key <AE05> {[ 5, percent, EuroSign, permille ]};
@@ -18,7 +18,7 @@ xkb_symbols "hhkbse" {
key <AE11> {[ plus, question, backslash, plusminus ]};
key <AE12> {[ Next, braceleft, Home ]};
key <BKSL> {[ Prior, braceright, End ]};
key <TLDE> {[ Delete,asciicircum, asterisk ]};
key <TLDE> {[ Delete, bar, asterisk, brokenbar ]};
key <AD01> {[ q, Q ]};
key <AD02> {[ w, W ]};
@@ -31,7 +31,7 @@ xkb_symbols "hhkbse" {
key <AD09> {[ o, O ]};
key <AD10> {[ p, P, Up, Greek_pi ]};
key <AD11> {[ aring, Aring ]};
key <AD12> {[apostrophe, bar, asciitilde, brokenbar ]};
key <AD12> {[apostrophe,asciicircum, asciitilde ]};
key <AC01> {[ a, A ]};
key <AC02> {[ s, S ]};
key <AC03> {[ d, D ]};

3
hosts/default.nix
View File

@@ -35,9 +35,8 @@
extraSpecialArgs = specialArgs;
};
}
inputs.chaotic.nixosModules.default
inputs.agenix.nixosModules.default
inputs.sops-nix.nixosModules.sops
];
};
toothpc = nixosSystem {

31
secrets/adam-secrets.yaml Normal file
View File

@@ -0,0 +1,31 @@
openai_api_key: ENC[AES256_GCM,data:91O7UcISvIJ6fzZxxj6y/6T7KT04tu4dIsWfVgdqt9/JzplA734lTIixRNmYSxmhgVNCyX2pJn0WO1yH7uEsSj2CHyJxVGAL6h+7zqYFo/UxbXAWy9u1hSfAS0BL6WEXrlVzqdt9JGz0lBTK4qFyuXnnSzhPVG2qQGhenmEq1+UkqdY9,iv:rfyekHDh8UUvbcXgPsfsKA6AjO2z5XSGpeHpwpiuSXw=,tag:dHZhfWoO/e4ZUfSAEOxq0A==,type:str]
ssh_user: ENC[AES256_GCM,data:u6YjlfDAX1zEO5Zd6SYn3C3q/H8knUwMT8Xv4d0YbYnVrainntukSKwO5jwUMay+BfgkWfRBil0/mqxBZjS1E+we3iDxYHTLLWXjQ2QJTzrVJHpu1MFcvYPfjQsocS96i6V8N/eH2fNIjSmys4uBxrLlnlsA3nuC4kvk/6rAq7ndp27eyQH/rx7iorMvyMtfRcKTOSCQNlaHu2WLtH6rxcUg8c+zYhlPR1OkM6I7tWrrw/48Bj7USjdXyNXM18qX05/EetkZdM6vHDWWPYTfVEnoP3K8zjgWXwoX/3amNgvX2wQYS8eSGxdLA5hCvKi1ytl3aEr+QjYn3X+qkqtdk6cvMnx6nyotMWpoJdnaRQqarB3gh0kHWCRjs0ALsWyvn7ShUXYOT3fflX1lXiEjpQp5TbvR+EpB4gicpa60j9s13u43znMqYqnlnGvTGoBXbkz6ZE6EcKXyPq9RuNWyK6X/j3kvAyiemoBkJg4rEURnG2bq9oMMvlZtbp1wkSIAwOPJjuAxOyn7LaQTEaBc,iv:u4AOkMRsT7laSfdYxXSa6LxCmDN2cA1ZBGZMRW/k9A0=,tag:s3r5cNHz02cpXdUrSL1jeQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR
b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm
NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t
YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9
qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2
ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx
NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5
VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct
5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-08T16:21:45Z"
mac: ENC[AES256_GCM,data:HZIfU0PQvr/572g+LhdYWmyO5SBUy0xzK5UcwM1PdKt9xYrcy6vC9Sk9VePR2p9f1rZFdw6B5Y2V/O3DG/L5Ct3xV0jHITgOLWjAFyITAxWV8X7FA8SRW4eusv3wuzFT8fTEXvXf8Y4wGozVrWJJIPMwIHOBzBGhM53YkMYEiXQ=,iv:6kkhKvPCewdSadQNd//hDOH0mY66XGkQSZ0KRgz24j8=,tag:Xpu6cTmi1Kvz5FimULzP7A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

31
secrets/adampad-secrets.yaml Normal file
View File

@@ -0,0 +1,31 @@
openai_api_key: ENC[AES256_GCM,data:91O7UcISvIJ6fzZxxj6y/6T7KT04tu4dIsWfVgdqt9/JzplA734lTIixRNmYSxmhgVNCyX2pJn0WO1yH7uEsSj2CHyJxVGAL6h+7zqYFo/UxbXAWy9u1hSfAS0BL6WEXrlVzqdt9JGz0lBTK4qFyuXnnSzhPVG2qQGhenmEq1+UkqdY9,iv:rfyekHDh8UUvbcXgPsfsKA6AjO2z5XSGpeHpwpiuSXw=,tag:dHZhfWoO/e4ZUfSAEOxq0A==,type:str]
ssh_host: ENC[AES256_GCM,data:P2+7Sa7jtbCs67sxBGg03KoEQx91w7ulcMGU0Zlo9IU2mDTqYn4FPL11MjJ0x1yXXmizDPQEdIAdtDTQIuIoM8l3RJf63dx6BqX5KMecT9dEKqP7VtY3ZFQ+vCDVq+VwmRRbZ+uk1B6IxZZ3Do0AQKo9vLWqA/ipZMG/ATvJZmAqs7t3VhKMwc//gCA8/b9bsTyk0BbDrqL8/rfuvY0HT9XvhWGpow8lTOcAzJzbr8FWmQzVQIt/wT3vJK4+guBpZy/beombrVNPYBB2+J/wjidatiIvPJvmgE1UpXn8FzdnXoZTwxgBXWHw05FuenjS448VxYXs7Wx6HRYTk4yjFqnnaNoQ4Y4r1GP5sIgThZT2aTpA3w9v2l7y6U9Ft+cjVURDwk/VvNTCi0WCWdw28C3hYj1jcAs7+M4oqbfLZlEpBC1khCHXyvg7sU5RuEKY59PWRbYIXtFf59Faht7r1mhSWN0A/E45k2ASabaNl28Vfam1xFzoNxGfazchhiL1mQMLyoSjmSZ9vVhtg6te,iv:2Xe6mOFqiEWVql+ZAfztc0OLA1NpG6pYXPXz3+KI2Wg=,tag:auVimKI3E6y8yPt0zTB1JA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR
b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm
NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t
YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9
qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2
ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx
NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5
VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct
5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-08T16:19:05Z"
mac: ENC[AES256_GCM,data:825FfQxusSCBHBWIH3VyAb06C+WAe/El1gUCngTOZe76gjex1yuSnMRoVPdLTIFbBhwpmal1jfyvpkaVaLvEyhj7dfHrDXbL/4Nzt5FFqYXQ+2bqUoP8uu+tMvaMEqJlTZFv/gYkx3RZy256rFqh1VXQuzejqVqX2JqbnUDj8/Q=,iv:/Ivr6tejZaudXZGcSUKDUi8oh6RJTu+84KzygLeP8VA=,tag:1DsD1l7jhKYojQASnevTjQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

31
secrets/cnix-secrets.yaml Normal file
View File

@@ -0,0 +1,31 @@
openai_api_key: ENC[AES256_GCM,data:91O7UcISvIJ6fzZxxj6y/6T7KT04tu4dIsWfVgdqt9/JzplA734lTIixRNmYSxmhgVNCyX2pJn0WO1yH7uEsSj2CHyJxVGAL6h+7zqYFo/UxbXAWy9u1hSfAS0BL6WEXrlVzqdt9JGz0lBTK4qFyuXnnSzhPVG2qQGhenmEq1+UkqdY9,iv:rfyekHDh8UUvbcXgPsfsKA6AjO2z5XSGpeHpwpiuSXw=,tag:dHZhfWoO/e4ZUfSAEOxq0A==,type:str]
ssh_host: ENC[AES256_GCM,data:P2+7Sa7jtbCs67sxBGg03KoEQx91w7ulcMGU0Zlo9IU2mDTqYn4FPL11MjJ0x1yXXmizDPQEdIAdtDTQIuIoM8l3RJf63dx6BqX5KMecT9dEKqP7VtY3ZFQ+vCDVq+VwmRRbZ+uk1B6IxZZ3Do0AQKo9vLWqA/ipZMG/ATvJZmAqs7t3VhKMwc//gCA8/b9bsTyk0BbDrqL8/rfuvY0HT9XvhWGpow8lTOcAzJzbr8FWmQzVQIt/wT3vJK4+guBpZy/beombrVNPYBB2+J/wjidatiIvPJvmgE1UpXn8FzdnXoZTwxgBXWHw05FuenjS448VxYXs7Wx6HRYTk4yjFqnnaNoQ4Y4r1GP5sIgThZT2aTpA3w9v2l7y6U9Ft+cjVURDwk/VvNTCi0WCWdw28C3hYj1jcAs7+M4oqbfLZlEpBC1khCHXyvg7sU5RuEKY59PWRbYIXtFf59Faht7r1mhSWN0A/E45k2ASabaNl28Vfam1xFzoNxGfazchhiL1mQMLyoSjmSZ9vVhtg6te,iv:2Xe6mOFqiEWVql+ZAfztc0OLA1NpG6pYXPXz3+KI2Wg=,tag:auVimKI3E6y8yPt0zTB1JA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR
b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm
NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t
YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9
qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2
ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx
NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5
VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct
5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-08T16:19:05Z"
mac: ENC[AES256_GCM,data:825FfQxusSCBHBWIH3VyAb06C+WAe/El1gUCngTOZe76gjex1yuSnMRoVPdLTIFbBhwpmal1jfyvpkaVaLvEyhj7dfHrDXbL/4Nzt5FFqYXQ+2bqUoP8uu+tMvaMEqJlTZFv/gYkx3RZy256rFqh1VXQuzejqVqX2JqbnUDj8/Q=,iv:/Ivr6tejZaudXZGcSUKDUi8oh6RJTu+84KzygLeP8VA=,tag:1DsD1l7jhKYojQASnevTjQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

31
secrets/cnst-secrets.yaml Normal file
View File

@@ -0,0 +1,31 @@
openai_api_key: ENC[AES256_GCM,data:91O7UcISvIJ6fzZxxj6y/6T7KT04tu4dIsWfVgdqt9/JzplA734lTIixRNmYSxmhgVNCyX2pJn0WO1yH7uEsSj2CHyJxVGAL6h+7zqYFo/UxbXAWy9u1hSfAS0BL6WEXrlVzqdt9JGz0lBTK4qFyuXnnSzhPVG2qQGhenmEq1+UkqdY9,iv:rfyekHDh8UUvbcXgPsfsKA6AjO2z5XSGpeHpwpiuSXw=,tag:dHZhfWoO/e4ZUfSAEOxq0A==,type:str]
ssh_user: ENC[AES256_GCM,data:u6YjlfDAX1zEO5Zd6SYn3C3q/H8knUwMT8Xv4d0YbYnVrainntukSKwO5jwUMay+BfgkWfRBil0/mqxBZjS1E+we3iDxYHTLLWXjQ2QJTzrVJHpu1MFcvYPfjQsocS96i6V8N/eH2fNIjSmys4uBxrLlnlsA3nuC4kvk/6rAq7ndp27eyQH/rx7iorMvyMtfRcKTOSCQNlaHu2WLtH6rxcUg8c+zYhlPR1OkM6I7tWrrw/48Bj7USjdXyNXM18qX05/EetkZdM6vHDWWPYTfVEnoP3K8zjgWXwoX/3amNgvX2wQYS8eSGxdLA5hCvKi1ytl3aEr+QjYn3X+qkqtdk6cvMnx6nyotMWpoJdnaRQqarB3gh0kHWCRjs0ALsWyvn7ShUXYOT3fflX1lXiEjpQp5TbvR+EpB4gicpa60j9s13u43znMqYqnlnGvTGoBXbkz6ZE6EcKXyPq9RuNWyK6X/j3kvAyiemoBkJg4rEURnG2bq9oMMvlZtbp1wkSIAwOPJjuAxOyn7LaQTEaBc,iv:u4AOkMRsT7laSfdYxXSa6LxCmDN2cA1ZBGZMRW/k9A0=,tag:s3r5cNHz02cpXdUrSL1jeQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR
b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm
NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t
YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9
qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2
ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx
NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5
VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct
5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-08T16:21:45Z"
mac: ENC[AES256_GCM,data:HZIfU0PQvr/572g+LhdYWmyO5SBUy0xzK5UcwM1PdKt9xYrcy6vC9Sk9VePR2p9f1rZFdw6B5Y2V/O3DG/L5Ct3xV0jHITgOLWjAFyITAxWV8X7FA8SRW4eusv3wuzFT8fTEXvXf8Y4wGozVrWJJIPMwIHOBzBGhM53YkMYEiXQ=,iv:6kkhKvPCewdSadQNd//hDOH0mY66XGkQSZ0KRgz24j8=,tag:Xpu6cTmi1Kvz5FimULzP7A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

1
secrets/keys/cnst.txt Normal file
View File

@@ -0,0 +1 @@
AGE-SECRET-KEY-1SG89YDGGMZEE9U9YUFTJS8DKFTNSJQXD0TXVDRQE9GD3EXF8YWPQUGEXMH

31
secrets/toothpc-secrets.yaml Normal file
View File

@@ -0,0 +1,31 @@
openai_api_key: ENC[AES256_GCM,data:91O7UcISvIJ6fzZxxj6y/6T7KT04tu4dIsWfVgdqt9/JzplA734lTIixRNmYSxmhgVNCyX2pJn0WO1yH7uEsSj2CHyJxVGAL6h+7zqYFo/UxbXAWy9u1hSfAS0BL6WEXrlVzqdt9JGz0lBTK4qFyuXnnSzhPVG2qQGhenmEq1+UkqdY9,iv:rfyekHDh8UUvbcXgPsfsKA6AjO2z5XSGpeHpwpiuSXw=,tag:dHZhfWoO/e4ZUfSAEOxq0A==,type:str]
ssh_user: ENC[AES256_GCM,data:u6YjlfDAX1zEO5Zd6SYn3C3q/H8knUwMT8Xv4d0YbYnVrainntukSKwO5jwUMay+BfgkWfRBil0/mqxBZjS1E+we3iDxYHTLLWXjQ2QJTzrVJHpu1MFcvYPfjQsocS96i6V8N/eH2fNIjSmys4uBxrLlnlsA3nuC4kvk/6rAq7ndp27eyQH/rx7iorMvyMtfRcKTOSCQNlaHu2WLtH6rxcUg8c+zYhlPR1OkM6I7tWrrw/48Bj7USjdXyNXM18qX05/EetkZdM6vHDWWPYTfVEnoP3K8zjgWXwoX/3amNgvX2wQYS8eSGxdLA5hCvKi1ytl3aEr+QjYn3X+qkqtdk6cvMnx6nyotMWpoJdnaRQqarB3gh0kHWCRjs0ALsWyvn7ShUXYOT3fflX1lXiEjpQp5TbvR+EpB4gicpa60j9s13u43znMqYqnlnGvTGoBXbkz6ZE6EcKXyPq9RuNWyK6X/j3kvAyiemoBkJg4rEURnG2bq9oMMvlZtbp1wkSIAwOPJjuAxOyn7LaQTEaBc,iv:u4AOkMRsT7laSfdYxXSa6LxCmDN2cA1ZBGZMRW/k9A0=,tag:s3r5cNHz02cpXdUrSL1jeQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR
b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm
NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t
YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9
qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2
ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx
NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5
VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct
5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-08T16:21:45Z"
mac: ENC[AES256_GCM,data:HZIfU0PQvr/572g+LhdYWmyO5SBUy0xzK5UcwM1PdKt9xYrcy6vC9Sk9VePR2p9f1rZFdw6B5Y2V/O3DG/L5Ct3xV0jHITgOLWjAFyITAxWV8X7FA8SRW4eusv3wuzFT8fTEXvXf8Y4wGozVrWJJIPMwIHOBzBGhM53YkMYEiXQ=,iv:6kkhKvPCewdSadQNd//hDOH0mY66XGkQSZ0KRgz24j8=,tag:Xpu6cTmi1Kvz5FimULzP7A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

31
secrets/toothpick-sercrets.yaml Normal file
View File

@@ -0,0 +1,31 @@
openai_api_key: ENC[AES256_GCM,data:91O7UcISvIJ6fzZxxj6y/6T7KT04tu4dIsWfVgdqt9/JzplA734lTIixRNmYSxmhgVNCyX2pJn0WO1yH7uEsSj2CHyJxVGAL6h+7zqYFo/UxbXAWy9u1hSfAS0BL6WEXrlVzqdt9JGz0lBTK4qFyuXnnSzhPVG2qQGhenmEq1+UkqdY9,iv:rfyekHDh8UUvbcXgPsfsKA6AjO2z5XSGpeHpwpiuSXw=,tag:dHZhfWoO/e4ZUfSAEOxq0A==,type:str]
ssh_user: ENC[AES256_GCM,data:u6YjlfDAX1zEO5Zd6SYn3C3q/H8knUwMT8Xv4d0YbYnVrainntukSKwO5jwUMay+BfgkWfRBil0/mqxBZjS1E+we3iDxYHTLLWXjQ2QJTzrVJHpu1MFcvYPfjQsocS96i6V8N/eH2fNIjSmys4uBxrLlnlsA3nuC4kvk/6rAq7ndp27eyQH/rx7iorMvyMtfRcKTOSCQNlaHu2WLtH6rxcUg8c+zYhlPR1OkM6I7tWrrw/48Bj7USjdXyNXM18qX05/EetkZdM6vHDWWPYTfVEnoP3K8zjgWXwoX/3amNgvX2wQYS8eSGxdLA5hCvKi1ytl3aEr+QjYn3X+qkqtdk6cvMnx6nyotMWpoJdnaRQqarB3gh0kHWCRjs0ALsWyvn7ShUXYOT3fflX1lXiEjpQp5TbvR+EpB4gicpa60j9s13u43znMqYqnlnGvTGoBXbkz6ZE6EcKXyPq9RuNWyK6X/j3kvAyiemoBkJg4rEURnG2bq9oMMvlZtbp1wkSIAwOPJjuAxOyn7LaQTEaBc,iv:u4AOkMRsT7laSfdYxXSa6LxCmDN2cA1ZBGZMRW/k9A0=,tag:s3r5cNHz02cpXdUrSL1jeQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1aj6tdyjcxjc3fqda3uvnzy6m49yj4ankvzdstnj3w9dr8hmsccts5vsgd8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVHlvWkJRQmlQSWlYU0FR
b0pJQm43VzIrTWd2SzZSMVlra2szTnZPMnpZCkdldldmbm9pRWNCcFQ5eS9pMXhm
NzBmOG96Q0Q0ZHNrR3pCMVJZckIvc1kKLS0tIHViWkFBOEhJekszbmlLVFkwS29t
YTFNY2R6WitlZ0lxenV6eWJaTllJOXcK7LYlzxIZm5x+cv9nrjXdhh2X0UkUMXj9
qLNE3hLDTPD1TjSTjPZqhwn/tu8juvkghpGbP/uTt4HTDQ7AL6LX/g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rzee3wxh7773p7ytaq3zcl8q4tpsz3l43rdv2wezetgk0dlz0vws9jcpu2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2ZSUGhVS01wTG9Zckh2
ZXNCd3BuQW55TEFqYWFtbTFnK3gwQTZNdGhzCkl0S0RadUxsM0JMa3hxa1FXS0Jx
NWlUdVd3cFpYemk2bWhDYlU2M3NqN3cKLS0tIGJPN0IzY01DYzVHeDNMQytZZUx5
VllLc2hqS1VhN3pQSm9FSFdOSmtpdE0KeMUGzVs1xRcOQfdVFQ6d2it8/iOkKNct
5ItiKjBqsrF3U/gPbXmOcPgxm6/Es+O0h8QQ0+JGYU8hNj/+0cRDrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-08T16:21:45Z"
mac: ENC[AES256_GCM,data:HZIfU0PQvr/572g+LhdYWmyO5SBUy0xzK5UcwM1PdKt9xYrcy6vC9Sk9VePR2p9f1rZFdw6B5Y2V/O3DG/L5Ct3xV0jHITgOLWjAFyITAxWV8X7FA8SRW4eusv3wuzFT8fTEXvXf8Y4wGozVrWJJIPMwIHOBzBGhM53YkMYEiXQ=,iv:6kkhKvPCewdSadQNd//hDOH0mY66XGkQSZ0KRgz24j8=,tag:Xpu6cTmi1Kvz5FimULzP7A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

2
system/default.nix
View File

@@ -20,9 +20,9 @@ let
++ [
./opt/gaming.nix
./opt/android
./opt/agenix
./opt/gimp
./opt/inkscape
./opt/sops
./srv/blueman
];
toothpc =

14
system/nix/default.nix
View File

@@ -16,7 +16,6 @@
pkgs.git
pkgs.scx
pkgs.stow
pkgs.age
];
localBinInPath = true;
};
@@ -24,6 +23,7 @@
console.useXkbConfig = true;
nix = {
package = pkgs.lix;
# pin the registry to avoid downloading and evaling a new nixpkgs version every time
registry = lib.mapAttrs (_: v: {flake = v;}) inputs;
@@ -37,11 +37,17 @@
experimental-features = ["nix-command" "flakes"];
flake-registry = "/etc/nix/registry.json";
# for direnv GC roots
keep-derivations = true;
keep-outputs = true;
# # for direnv GC roots
# keep-derivations = true;
# keep-outputs = true;
trusted-users = ["root" "@wheel"];
};
gc = {
automatic = true;
dates = "weekly";
# Keep the last 3 generations
options = "--delete-older-than +3";
};
};
}

6
system/nix/nh/cnix/default.nix
View File

@@ -3,9 +3,11 @@
programs = {
nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/home/cnst/.nix-config";
# clean = {
# enable = true;
# extraArgs = "--keep-since 4d --keep 3";
# };
};
};
}

11
system/opt/agenix/default.nix
View File

@@ -1,3 +1,10 @@
{inputs, ...}: {
environment.systemPackages = [inputs.agenix.packages.x86_64-linux.default];
{
inputs,
pkgs,
...
}: {
environment.systemPackages = [
inputs.agenix.packages.x86_64-linux.default
pkgs.age
];
}

66
system/opt/sops/default.nix Normal file
View File

@@ -0,0 +1,66 @@
{
config,
lib,
pkgs,
self,
...
}: let
defaultConfig = {
defaultSopsFile = "${self}/secrets/cnix-secrets.yaml";
secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/cnix-secrets.yaml";
};
ssh_host = {
format = "yaml";
sopsFile = "${self}/secrets/cnix-secrets.yaml";
};
};
};
hostSpecificConfig = lib.mkMerge [
(lib.mkIf (config.networking.hostName == "toothpc") {
defaultSopsFile = "${self}/secrets/toothpc-secrets.yaml";
secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/toothpc-secrets.yaml";
};
ssh_host = {
format = "yaml";
sopsFile = "${self}/secrets/toothpc-secrets.yaml";
};
};
})
(lib.mkIf (config.networking.hostName == "adampad") {
defaultSopsFile = "${self}/secrets/adampad-secrets.yaml";
secrets = {
openai_api_key = {
format = "yaml";
sopsFile = "${self}/secrets/adampad-secrets.yaml";
};
ssh_host = {
format = "yaml";
sopsFile = "${self}/secrets/adampad-secrets.yaml";
};
};
})
];
in {
sops = lib.mkMerge [
{
age = {sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];};
gnupg = {
home = "~/.gnupg";
sshKeyPaths = [];
};
}
defaultConfig
hostSpecificConfig
];
environment.systemPackages = [
pkgs.sops
pkgs.age
];
}

5
system/srv/openssh/default.nix
View File

@@ -1,9 +1,8 @@
{
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
programs.ssh = {
startAgent = true;
};
}