rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2024-11-15 05:13:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

refactor: ran deadnix

Browse source
This commit is contained in:
Rouven Seifert 2023-11-16 15:53:15 +01:00
parent d863cf6688
commit 2fae2a695b
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
17 changed files with 20 additions and 142 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
.sops.yaml
View file

@ -1,11 +0,0 @@
keys:
- &yubi 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09
- &rouven age1l80slr486r82csm758q2a32j2e2qdxdyxgh46um6thsjv08la9sq7475p6
- &falkenstein-1 age1de938w6hzpv4cuzss7v3pt0chv4d0t220ue5n9d93ffuak7u949sumnhz3
creation_rules:
- path_regex: secrets/rouven\.yaml$
key_groups:
- pgp:
- *yubi
age:
- *rouven

37
flake.lock
View file

@ -353,22 +353,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1699756042,
"narHash": "sha256-bHHjQQBsEPOxLL+klYU2lYshDnnWY12SewzQ7n5ab2M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9502d0245983bb233da8083b55d60d96fd3c29ff",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"pfersel": { "pfersel": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -452,7 +436,6 @@
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"pfersel": "pfersel", "pfersel": "pfersel",
"purge": "purge", "purge": "purge",
"sops-nix": "sops-nix",
"trucksimulatorbot": "trucksimulatorbot" "trucksimulatorbot": "trucksimulatorbot"
} }
}, },
@ -481,26 +464,6 @@
"type": "github" "type": "github"
} }
}, },
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1699951338,
"narHash": "sha256-1GeczM7XfgHcYGYiYNcdwSFu3E62vmh4d7mffWZvyzE=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "0e3a94167dcd10a47b89141f35b2ff9e04b34c46",
"type": "github"
},
"original": {
"id": "sops-nix",
"type": "indirect"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,

7
flake.nix
View file

@ -8,9 +8,6 @@
url = "github:nix-community/nix-index-database"; url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
sops-nix = {
inputs.nixpkgs.follows = "nixpkgs";
};
agenix = { agenix = {
url = "github:ryantm/agenix"; url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -53,7 +50,6 @@
, nixpkgs , nixpkgs
, home-manager , home-manager
, nix-index-database , nix-index-database
, sops-nix
, agenix , agenix
, impermanence , impermanence
, nix-colors , nix-colors
@ -96,7 +92,7 @@
home-manager.users.rouven = { home-manager.users.rouven = {
imports = [ imports = [
nix-colors.homeManagerModules.default nix-colors.homeManagerModules.default
sops-nix.homeManagerModules.sops agenix.homeManagerModules.default
]; ];
}; };
} }
@ -140,7 +136,6 @@
./hosts/vm ./hosts/vm
./shared ./shared
nix-index-database.nixosModules.nix-index nix-index-database.nixosModules.nix-index
sops-nix.nixosModules.sops
]; ];
}; };
iso = nixpkgs.lib.nixosSystem { iso = nixpkgs.lib.nixosSystem {

2
hosts/falkenstein-1/modules/networks/default.nix
View file

@ -1,4 +1,4 @@
{ config, lib, ... }: { config, ... }:
{ {
age.secrets = { age.secrets = {
"wireguard/dorm/private" = { "wireguard/dorm/private" = {

2
hosts/nuc/default.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: { config, pkgs, ... }:
{ {
imports = imports =
[ [

2
hosts/thinkpad/modules/greetd/default.nix
View file

@ -1,4 +1,4 @@
{ pkgs, lib, ... }: { pkgs, ... }:
{ {
services.greetd = { services.greetd = {
enable = true; enable = true;

1
hosts/thinkpad/modules/networks/uni.nix
View file

@ -1,6 +1,5 @@
{ config, ... }: { config, ... }:
{ {
# sops.secrets."uni/zih" = { };
age.secrets.tud = { age.secrets.tud = {
file = ../../../../secrets/thinkpad/tud.age; file = ../../../../secrets/thinkpad/tud.age;
}; };

1
secrets.nix
View file

@ -35,6 +35,5 @@ in
"secrets/rouven/mail/tu-dresden.age".publicKeys = [ rouven ]; "secrets/rouven/mail/tu-dresden.age".publicKeys = [ rouven ];
"secrets/rouven/mail/agdsn.age".publicKeys = [ rouven ]; "secrets/rouven/mail/agdsn.age".publicKeys = [ rouven ];
"secrets/rouven/mail/google.age".publicKeys = [ rouven ]; "secrets/rouven/mail/google.age".publicKeys = [ rouven ];
"secrets/rouven/ssh/git.age".publicKeys = [ rouven ];
"secrets/rouven/spotify.age".publicKeys = [ rouven ]; "secrets/rouven/spotify.age".publicKeys = [ rouven ];
} }

51
secrets/rouven.yaml
View file

@ -1,51 +0,0 @@
email:
tu-dresden: ENC[AES256_GCM,data:0c/NpILreIbyZ5PIIDR55og//b/cNA==,iv:vf6b93deMdX5l7nRAgE+YfMp4S3z24zydf4TrUpnCq0=,tag:i6PxkzY5X1tmkNvWWXN73Q==,type:str]
rfive: ENC[AES256_GCM,data:5Gx00fozp3Fb1DPUVNeec2t1Ms+XC86ZLRhc0khSkj+v2g==,iv:+HBth0dBOs/bLPRNCe/ivhKodDFSe1KtX+vAkYXQoMs=,tag:e79QaG4BfXH6in0FAXVcoA==,type:str]
google: ENC[AES256_GCM,data:044yUHWp8PvtTytFwfCAhg==,iv:nRWzcxXCogombevZQxYsMuLL4us1kv6WKfChRphLR48=,tag:fnHxnweczc5bElK8kGa6rw==,type:str]
ifsr: ENC[AES256_GCM,data:debmpTL+VYNE3InslDyV0FW1sKjBFA==,iv:ZKwyOMsfQivesFoEJeDCNnPzOgwlP0xmJ0GNsA57njM=,tag:CJZhWTb2MfsR+rv2VY6Xmw==,type:str]
agdsn: ENC[AES256_GCM,data:ark7+PHOOd5IwkGOSShVnrwQ1g0tQuJ5,iv:d+rj8C3FUHg+bSjDAYd4bQ20vvocTpyjcQKwXEHVY/o=,tag:VC1ISQsA/u0iDY0DgJ6yfA==,type:str]
spotify: ENC[AES256_GCM,data:J9j4aIyXIRZcjcjYH1+J,iv:fEiMS+BiXiq8O/fHV1nBPhQ+mv83Qx2SzntkSGd5aVg=,tag:1BZtXH9szEOJBs83LXhrOw==,type:str]
ssh:
git:
private: ENC[AES256_GCM,data:J1gKjZMXa0/KEbc3U3MD/paOVcUTLzvs1h1MSAoanOWRCuTePUSy0gMC8CkAW+HHJNJtYZ6NG9rw9JOAt+ITMo9B0dvqY/n96E0GSvemnJ3W7prSy083PhSsgbfSq3wM1pC/tdiAlcM4xiDAMetH50JElcNb59to1dkaSTczBQCeM9gZ0cAbuyCL3tmDR3pWEe9/BIMxworJw9okubJuphxE7tVUODOkR9V7dvI+bB1k67VLbwm0os1HZwEG5xfKKnke8AIUqP3cvFhM7YP1MSUqGeo29pwmYGld52zHoQWwzAGEy4HGvQcASHX47hBN00KgEeTf/RcTRAUcBtOnXkwnS/pCLJCJnxYNYz7nEWPMsJC2spqb5oZPJcKuKyat/GbVyCOvkSWjmS2Y6jz8qesBFQKIOWDAitXGML9gSKztXd0F1UohuKw+qR2utEjyGO8VOnqYg7UKAy1PRZskg/z+zYFeKkKOItAK0R5rBUouLyUXYiSjYYzVsJq3FoWS2VyZPDDS9GNwUTpcrVFZc/GGa6iqGqgyqtsG,iv:XeIfJ0heXz48jEP8DXct0E9MZLOTE3MJsj5F2zFrN1g=,tag:EnS6eYFymaQvGIQps5l5aA==,type:str]
public_unencrypted: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICqjaaB4RSwGGZXHb8UqTLz0GkOWlKctHoxmhpkwsFMI rouven@thinkpad
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1l80slr486r82csm758q2a32j2e2qdxdyxgh46um6thsjv08la9sq7475p6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2d1N1elJjb2c4OTAzMEs0
cDg4NXBtZW9OLzZGV2ZFeEdlcDhCeGpRTkJnCmdKU01ISnZWdTZqc01MR3lqSWRG
YmVSSVJ0b05GWGFVamtUbkRUNm1pZ2sKLS0tIERPNXlNZkdmbmZadVIwRWZpV1BM
N08rUm1KNCtOaHlYVnFZUFViZnNHeUkKvQTAtOKQqCJP54eV6bxxCWX5CKACPJQP
MBkKw0jbgjBI4SuDdPQVaXE0gEllJPjENUjqXGVatYbhBStbIraZQQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-05T18:57:42Z"
mac: ENC[AES256_GCM,data:Op3aUdt0pnacMJ++zAJsjJOhiKnV9b8t2jrAci5+ZNwIdY2MNVauByQtD0QcD/ApcJzpvS0fblj/EU36mmpoWE5HBQziFDoKi82t/Wpemmvefph1UdjSeqxN4oq68j7QJO0ESso3LlXeSRg08Nre8f7/ReLMgUrEVi1OI2/+C04=,iv:dpnOMM5hj8ugXI9q2BKtzLiaio1nngHYlwIjOjaeGag=,tag:0snf53Zb3zg+T4k0RaRo1g==,type:str]
pgp:
- created_at: "2023-02-25T23:44:24Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMAzUXo8ZPJwGLARAAja+e+NQECvY7Pq8jVEvrTDZVWtywNXUhWIHaoA6dQG0y
gbl4rTnOGEaTQbLZuT6HMHvu20ejgu48Xw34phKjw4S0nTL8PKH/euaQPPGt0qIS
NEClOSPE+1l2UN7DbK/ViNNpPePi/ApM0dvc+Kmywy7vlDXT39JNWb/bHIpl95vK
4LQ1oL1hQ8thRnVa8vhyEGx89eAKNV7+b8rhMAAwai83TBMZK8p/HS9PegXDYRPA
ZReBbuWD4za89jWQyKSJZul2sDwfnrih+FLyCZp1BHyUIoi96ysFH1NrX8mQ/LgO
8G4q0593DJ/M9ergP3RngjIJ6xj/ZS2ggaFeE3H/YD9R8DV/QtjrnIzwpLPKyxmi
hX6/VGHYghpRNonsB4IJZSyqTNJAdkqQE6DN3xIxw25j49i90C+5pAn3YYvc/Pac
O8Ra0kfh6ELxG9DdmJr3mWj+Co3L7mjD/q6Np5YRWwKcT4VLLBJaIobeE7FH+6DC
Ti2hzz5Zj9wAH6KB8VjtjXUGguaH1Dx5H26w+pdkwFlBaDXg3V7UXrAxhN7DoV8a
pvjO7bRIMdOfCVLXs+z3QjUY++kMK1zfO1vek3JSt9p0d9QQ5zez9ddqE12BMEJ1
rdm5IZEY52zqohXQ4MgC61beE8KEGvGA4EqI4XUBQFLLLKUP63u6liiJ4qODR2TS
UQGzV/RwExLowpG03J0te1EavWwLiGC+Nrq51ycWCAJOMsJ4ANcMsYfvxuVUQSaT
xrS8y7eZ8gZWNy3toaZK39bns4dBVKs9XtVWatsycx4REw==
=pj83
-----END PGP MESSAGE-----
fp: 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09
unencrypted_suffix: _unencrypted
version: 3.8.1

BIN
secrets/rouven/ssh/git.age
View file

Binary file not shown.

7
shared/sops.nix
View file

@ -1,7 +0,0 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [ sops ];
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.age.generateKey = false;
sops.defaultSopsFile = ../secrets/${config.networking.hostName}.yaml;
}

2
shared/tmux.nix
View file

@ -1,4 +1,4 @@
{ pkgs, lib, ... }: { pkgs, ... }:
{ {
programs.tmux = { programs.tmux = {
enable = true; enable = true;

16
users/rouven/modules/accounts/default.nix
View file

@ -1,14 +1,14 @@
{ pkgs, lib, ... }: { config, pkgs, ... }:
let let
gpg-default-key = "116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09"; gpg-default-key = "116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09";
in in
{ {
sops.secrets = { age.secrets = {
"email/rfive" = { }; "mail/rfive".file = ../../../../secrets/rouven/mail/rfive.age;
"email/tu-dresden" = { }; "mail/tu-dresden".file = ../../../../secrets/rouven/mail/tu-dresden.age;
"email/ifsr" = { }; "mail/ifsr".file = ../../../../secrets/rouven/mail/ifsr.age;
"email/agdsn" = { }; "mail/agdsn".file = ../../../../secrets/rouven/mail/agdsn.age;
"email/google" = { }; "mail/google".file = ../../../../secrets/rouven/mail/google.age;
}; };
programs = { programs = {
aerc = { aerc = {
@ -56,7 +56,7 @@ in
gpg.key = gpg-default-key; gpg.key = gpg-default-key;
realName = "Rouven Seifert"; realName = "Rouven Seifert";
userName = address; userName = address;
passwordCommand = "${pkgs.coreutils}/bin/cat $XDG_RUNTIME_DIR/secrets/email/rfive"; passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets."mail/rfive".path}";
imap = { imap = {
host = "mail.rfive.de"; host = "mail.rfive.de";
port = 993; port = 993;

2
users/rouven/modules/default.nix
View file

@ -2,13 +2,13 @@
{ {
imports = [ imports = [
./accounts ./accounts
# ./age
./foot ./foot
./git ./git
./gpg ./gpg
./helix ./helix
./wayland ./wayland
./mpv ./mpv
./sops
./spotify ./spotify
./ssh ./ssh
./theme ./theme

8
users/rouven/modules/sops/default.nix
View file

@ -1,8 +0,0 @@
{ config, ... }:
{
sops = {
age.sshKeyPaths = [ "/home/${config.home.username}/.ssh/id_ed25519" ];
age.generateKey = false;
defaultSopsFile = ../../../../secrets/${config.home.username}.yaml;
};
}

8
users/rouven/modules/spotify/default.nix
View file

@ -1,15 +1,17 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
home.packages = [ pkgs.spotify-tui ]; home.packages = [ pkgs.spotify-tui ];
sops.secrets."spotify" = { }; age.secrets.spotify = {
file = ../../../../secrets/rouven/spotify.age;
};
services.spotifyd = { services.spotifyd = {
enable = true; enable = true;
settings = { settings = {
global = { global = {
username = config.accounts.email.accounts."gmail".address; username = config.accounts.email.accounts."gmail".address;
password_cmd = "${pkgs.coreutils}/bin/cat $XDG_RUNTIME_DIR/secrets/spotify"; password_cmd = "${pkgs.coreutils}/bin/cat ${config.age.secrets.spotify.path}";
}; };
}; };
}; };
systemd.user.services.spotifyd.Unit.After = [ "sops-nix.service" ]; systemd.user.services.spotifyd.Unit.After = [ "agenix.service" ];
} }

5
users/rouven/modules/ssh/default.nix
View file

@ -1,11 +1,8 @@
{ ... }: { ... }:
let let
git = "/run/user/1000/secrets/ssh/git/private"; git = "~/.ssh/git";
in in
{ {
sops.secrets = {
"ssh/git/private" = { };
};
programs.ssh = rec { programs.ssh = rec {
enable = true; enable = true;
compression = true; compression = true;