Replace personal laptop
This commit is contained in:
parent
ca1f3bf01f
commit
5d927e036b
12 changed files with 1792 additions and 3253 deletions
54
.sops.yaml
54
.sops.yaml
|
|
@ -1,7 +1,7 @@
|
||||||
# Public keys are combination of host + user
|
# Public keys are combination of host + user
|
||||||
keys:
|
keys:
|
||||||
- &sue_root age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
|
- &laptop_root age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
|
||||||
- &sue_pim age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
|
- &laptop_pim age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
|
||||||
- &gamepc_root age1y5wgcxmn37drmjtpgld3xc76mw8dckhred8hecusywjlvdyfedfse8y60u
|
- &gamepc_root age1y5wgcxmn37drmjtpgld3xc76mw8dckhred8hecusywjlvdyfedfse8y60u
|
||||||
- &gamepc_pim age1qlldg2c6kptvnmvlkpf9pae3wnczk6eklcmwdvnzyvvnur3aqdcq3c3trt
|
- &gamepc_pim age1qlldg2c6kptvnmvlkpf9pae3wnczk6eklcmwdvnzyvvnur3aqdcq3c3trt
|
||||||
- &warwick_root age1th8rdw4fs3vmgy9gzc0k9xy88tddjj4vasepckfx9h4nlzsg3q3q4cjgwu
|
- &warwick_root age1th8rdw4fs3vmgy9gzc0k9xy88tddjj4vasepckfx9h4nlzsg3q3q4cjgwu
|
||||||
|
|
@ -11,36 +11,36 @@ keys:
|
||||||
- &lewis_root age108fn93z2c55g9dm9cv5v4w47pykf3khz7e3dmnpv5dhchwnaau0qs20stq
|
- &lewis_root age108fn93z2c55g9dm9cv5v4w47pykf3khz7e3dmnpv5dhchwnaau0qs20stq
|
||||||
|
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: secrets/sue/colmena.yaml
|
- path_regex: secrets/blocktech/colmena.yaml
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *sue_root
|
- *laptop_root
|
||||||
- path_regex: secrets/sue/nixos.yaml
|
- path_regex: secrets/blocktech/nixos.yaml
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *sue_root
|
- *laptop_root
|
||||||
- path_regex: secrets/sue/pim.yaml
|
- path_regex: secrets/blocktech/pkunis.yaml
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *sue_pim
|
- *laptop_pim
|
||||||
- *sue_root
|
- *laptop_root
|
||||||
- path_regex: secrets/gamepc/colmena.yaml
|
- path_regex: secrets/gamepc/colmena.yaml
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *sue_pim
|
- *laptop_pim
|
||||||
- *sue_root
|
- *laptop_root
|
||||||
- path_regex: secrets/gamepc/pim.yaml
|
- path_regex: secrets/gamepc/pim.yaml
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *sue_pim
|
- *laptop_pim
|
||||||
- *sue_root
|
- *laptop_root
|
||||||
- *gamepc_root
|
- *gamepc_root
|
||||||
- *gamepc_pim
|
- *gamepc_pim
|
||||||
- path_regex: secrets/warwick/colmena.yaml
|
- path_regex: secrets/warwick/colmena.yaml
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *sue_pim
|
- *laptop_pim
|
||||||
- *sue_root
|
- *laptop_root
|
||||||
- *niels
|
- *niels
|
||||||
- path_regex: secrets/servers.yaml
|
- path_regex: secrets/servers.yaml
|
||||||
key_groups:
|
key_groups:
|
||||||
|
|
@ -49,14 +49,14 @@ creation_rules:
|
||||||
- *atlas_root
|
- *atlas_root
|
||||||
- *jefke_root
|
- *jefke_root
|
||||||
- *lewis_root
|
- *lewis_root
|
||||||
- *sue_pim
|
- *laptop_pim
|
||||||
- *sue_root
|
- *laptop_root
|
||||||
- *niels
|
- *niels
|
||||||
- path_regex: secrets/atlas/colmena.yaml
|
- path_regex: secrets/atlas/colmena.yaml
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *sue_pim
|
- *laptop_pim
|
||||||
- *sue_root
|
- *laptop_root
|
||||||
- *niels
|
- *niels
|
||||||
- path_regex: secrets/kubernetes.yaml
|
- path_regex: secrets/kubernetes.yaml
|
||||||
key_groups:
|
key_groups:
|
||||||
|
|
@ -64,25 +64,25 @@ creation_rules:
|
||||||
- *atlas_root
|
- *atlas_root
|
||||||
- *jefke_root
|
- *jefke_root
|
||||||
- *lewis_root
|
- *lewis_root
|
||||||
- *sue_pim
|
- *laptop_pim
|
||||||
- *sue_root
|
- *laptop_root
|
||||||
- *niels
|
- *niels
|
||||||
- path_regex: secrets/jefke/colmena.yaml
|
- path_regex: secrets/jefke/colmena.yaml
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *sue_pim
|
- *laptop_pim
|
||||||
- *sue_root
|
- *laptop_root
|
||||||
- *niels
|
- *niels
|
||||||
- path_regex: secrets/lewis/colmena.yaml
|
- path_regex: secrets/lewis/colmena.yaml
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *sue_pim
|
- *laptop_pim
|
||||||
- *sue_root
|
- *laptop_root
|
||||||
- *niels
|
- *niels
|
||||||
- path_regex: secrets/lewis/nixos.yaml
|
- path_regex: secrets/lewis/nixos.yaml
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *lewis_root
|
- *lewis_root
|
||||||
- *sue_pim
|
- *laptop_pim
|
||||||
- *sue_root
|
- *laptop_root
|
||||||
- *niels
|
- *niels
|
||||||
|
|
|
||||||
|
|
@ -15,9 +15,9 @@ inputs @ {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
sue = {
|
blocktech = {
|
||||||
imports = [
|
imports = [
|
||||||
(import ./machines).sue.nixosModule
|
(import ./machines).blocktech.nixosModule
|
||||||
./nixos
|
./nixos
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -12,16 +12,15 @@
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
pim = {
|
pim = {
|
||||||
lanzaboote.enable = true;
|
lanzaboote.enable = false;
|
||||||
tidal.enable = true;
|
tidal.enable = false;
|
||||||
gnome.enable = true;
|
gnome.enable = true;
|
||||||
stylix.enable = true;
|
stylix.enable = true;
|
||||||
wireguard.enable = true;
|
wireguard.enable = true;
|
||||||
compliance.enable = true;
|
sops-nix.usersWithSopsKeys = ["pkunis"];
|
||||||
sops-nix.usersWithSopsKeys = ["pim"];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.pim = {
|
users.users.pkunis = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = ["wheel" "docker" "input" "wireshark" "dialout"];
|
extraGroups = ["wheel" "docker" "input" "wireshark" "dialout"];
|
||||||
};
|
};
|
||||||
|
|
@ -33,10 +32,10 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
facter.reportPath = ./facter.json;
|
facter.reportPath = ./facter.json;
|
||||||
home-manager.users.pim.imports = [./pim.home.nix];
|
home-manager.users.pkunis.imports = [./pkunis.home.nix];
|
||||||
nix.settings.trusted-users = ["pim"];
|
nix.settings.trusted-users = ["pkunis"];
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "23.05";
|
||||||
sops.defaultSopsFile = "${self}/secrets/sue/nixos.yaml";
|
sops.defaultSopsFile = "${self}/secrets/blocktech/nixos.yaml";
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
borgbackup
|
borgbackup
|
||||||
|
|
@ -60,18 +59,26 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices = [{device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b";}];
|
swapDevices = [
|
||||||
fileSystems = {
|
{device = "/dev/disk/by-uuid/949815d4-cfc4-4cf3-bbbe-22516f91119c";}
|
||||||
"/" = {
|
];
|
||||||
device = "/dev/disk/by-uuid/31638735-5cc4-4013-8037-17e30edcbb0a";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
"/boot" = {
|
fileSystems."/" = {
|
||||||
device = "/dev/disk/by-uuid/560E-F8A2";
|
device = "/dev/disk/by-uuid/06710546-327b-402a-b221-8d88b75301d2";
|
||||||
fsType = "vfat";
|
fsType = "ext4";
|
||||||
options = ["fmask=0022" "dmask=0022"];
|
};
|
||||||
};
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/disk/by-uuid/E547-7E6C";
|
||||||
|
fsType = "vfat";
|
||||||
|
options = ["fmask=0077" "dmask=0077"];
|
||||||
|
};
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
initrd.luks.devices."luks-4cc1ad7c-a794-4c54-adc8-c9f666c9b781".device = "/dev/disk/by-uuid/4cc1ad7c-a794-4c54-adc8-c9f666c9b781";
|
||||||
|
initrd.luks.devices."luks-161f5109-c2d7-4307-91f6-27c655d6ab3e".device = "/dev/disk/by-uuid/161f5109-c2d7-4307-91f6-27c655d6ab3e";
|
||||||
|
|
||||||
|
loader.systemd-boot.enable = true;
|
||||||
|
loader.efi.canTouchEfiVariables = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
nix.settings = {
|
nix.settings = {
|
||||||
|
|
@ -79,8 +86,6 @@
|
||||||
trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="];
|
trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="];
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494";
|
|
||||||
|
|
||||||
specialisation.cosmic = lib.mkIf config.pim.cosmic.enable {
|
specialisation.cosmic = lib.mkIf config.pim.cosmic.enable {
|
||||||
configuration = {
|
configuration = {
|
||||||
imports = [
|
imports = [
|
||||||
File diff suppressed because it is too large
Load diff
|
|
@ -9,7 +9,7 @@
|
||||||
in {
|
in {
|
||||||
config = {
|
config = {
|
||||||
pim = {
|
pim = {
|
||||||
tidal.enable = true;
|
tidal.enable = false;
|
||||||
gnome.enable = true;
|
gnome.enable = true;
|
||||||
vscode.enable = true;
|
vscode.enable = true;
|
||||||
syncthing.enable = true;
|
syncthing.enable = true;
|
||||||
|
|
@ -22,8 +22,8 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
home = {
|
home = {
|
||||||
username = "pim";
|
username = "pkunis";
|
||||||
homeDirectory = "/home/pim";
|
homeDirectory = "/home/pkunis";
|
||||||
stateVersion = "23.05";
|
stateVersion = "23.05";
|
||||||
sessionVariables = {
|
sessionVariables = {
|
||||||
MANPAGER = "${lib.getExe neovim} +Man!";
|
MANPAGER = "${lib.getExe neovim} +Man!";
|
||||||
|
|
@ -32,7 +32,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
sops = {
|
sops = {
|
||||||
defaultSopsFile = "${self}/secrets/sue/pim.yaml";
|
defaultSopsFile = "${self}/secrets/blocktech/pkunis.yaml";
|
||||||
age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
|
age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
|
||||||
secrets."keepassxc".path = "${config.xdg.configHome}/keepassxc/keepassxc.ini";
|
secrets."keepassxc".path = "${config.xdg.configHome}/keepassxc/keepassxc.ini";
|
||||||
};
|
};
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
{
|
{
|
||||||
sue = {
|
blocktech = {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
nixosModule = import ./sue/configuration.nix;
|
nixosModule = import ./blocktech/configuration.nix;
|
||||||
};
|
};
|
||||||
|
|
||||||
gamepc = {
|
gamepc = {
|
||||||
|
|
|
||||||
|
|
@ -1,14 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}: let
|
|
||||||
cfg = config.pim.compliance;
|
|
||||||
in {
|
|
||||||
options.pim.compliance.enable = lib.mkEnableOption "compliance";
|
|
||||||
config = lib.mkIf cfg.enable {
|
|
||||||
services.clamav = {
|
|
||||||
daemon.enable = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
@ -18,7 +18,6 @@
|
||||||
./stylix.nix
|
./stylix.nix
|
||||||
./wireguard.nix
|
./wireguard.nix
|
||||||
./gnome.nix
|
./gnome.nix
|
||||||
./compliance.nix
|
|
||||||
./cinnamon.nix
|
./cinnamon.nix
|
||||||
./ssh.nix
|
./ssh.nix
|
||||||
./desktop.nix
|
./desktop.nix
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,7 @@
|
||||||
}: let
|
}: let
|
||||||
cfg = config.pim.tidal;
|
cfg = config.pim.tidal;
|
||||||
in {
|
in {
|
||||||
|
# TODO: this is bad and broken
|
||||||
options.pim.tidal.enable = lib.mkEnableOption "tidal";
|
options.pim.tidal.enable = lib.mkEnableOption "tidal";
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
sops_nix_keys:
|
sops_nix_keys:
|
||||||
root: ENC[AES256_GCM,data:CxF2wjcQ2OFuS7Pgjnc8zc7sqGEz3dcHt4NXkL+V6w7kGPP+b4wBhOlT7b+bEESNslpK2htLY7x+IZWIA8JQpeRKHAKymAUK86I=,iv:5qNFDb86/Vr9Iqzx1eES4wUVY5XTq3iOR4VQliuP1lg=,tag:gx/Q7t52l9kMhPRXdpsB6A==,type:str]
|
root: ENC[AES256_GCM,data:CxF2wjcQ2OFuS7Pgjnc8zc7sqGEz3dcHt4NXkL+V6w7kGPP+b4wBhOlT7b+bEESNslpK2htLY7x+IZWIA8JQpeRKHAKymAUK86I=,iv:5qNFDb86/Vr9Iqzx1eES4wUVY5XTq3iOR4VQliuP1lg=,tag:gx/Q7t52l9kMhPRXdpsB6A==,type:str]
|
||||||
pim: ENC[AES256_GCM,data:PWFlRBaqImbCpj3IXU+BtNIRvwru+GRwxDQO4QwINRvxRqC36LE6JpMqaJNrTdCPy+aQ01brTN8y99qXTDlrul32cZnopc37r78=,iv:1tG7rDB5D7D2myes6Ro8hXC140ugjXpiwNpivWFw/xw=,tag:BNm/Ep55tt7xBWZFyzTR5g==,type:str]
|
pkunis: ENC[AES256_GCM,data:192vkgOdMoDEhPU6yilatIfaFS/1LJFvteEMYI1/3SBP773lN62pWoDiJDiBtjBCisA/3yHriL3Dpvs1PwbV0BChmbL+svwKrFE=,iv:/YyZ+NSyZwyGp4NJYUSeYOOUfGaH5jOiVUH8QeWnFUA=,tag:sWN0bQvm8Ejw5+XST0pAEQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
|
@ -16,8 +16,8 @@ sops:
|
||||||
NkJzL3JSN2sxbnF6NGNhQlJqTHpHRTAKK+3FqqBAGxdlMtnbsySEcZT1lkQwJWvK
|
NkJzL3JSN2sxbnF6NGNhQlJqTHpHRTAKK+3FqqBAGxdlMtnbsySEcZT1lkQwJWvK
|
||||||
GFB+6CtH9UtyIGrdK8Pm/0ahsolYGAim2OjeiKBbs3Q8kLm5WAsgRg==
|
GFB+6CtH9UtyIGrdK8Pm/0ahsolYGAim2OjeiKBbs3Q8kLm5WAsgRg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-11-30T23:42:51Z"
|
lastmodified: "2025-02-25T13:53:06Z"
|
||||||
mac: ENC[AES256_GCM,data:fo856uaz54nxHDJVDpMOPc6GHAzMdVJTfqBiMtJkEwm3AVICtRcI8ucceBnmfKZf9DM2MC2DffU1tvJd5iqpqFZMXCElRnBxWVZGhvrZqIZtmoAin5zBgwOudf1o6msmdNGmZk1ECq/HpHNO/QMQ3rnFdBvOZwL0zu6iZm9XwC0=,iv:T6Tv1ukk0CWbTRVWYdfn/bWQoETk8DRVMOzpJE9mCWE=,tag:eICIYTBvAJLUTpRcMYqc5Q==,type:str]
|
mac: ENC[AES256_GCM,data:lLojNOq2QtdeqiCHOg6+Kssfa+Ey6JefPQulFkgnr1Onrt60ds2qWg5TTMHMlUaa6vB1S78WqyquTRBLv9Ek/alOae+CgdDi+vVX8hG5Mc2Edcfl+z8rRNFB+2mOEl1gJwKntyxySx6YBiDhZsH0p+Xflw9WGm/lL/FyRCJCwq0=,iv:8PqXupgwdfgdfIzsymVSrjQACoMODR+XYPgLMvASjos=,tag:rLGJlL3alm/qy+3qeS637g==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.1
|
version: 3.9.1
|
||||||
Loading…
Add table
Reference in a new issue