Replace personal laptop
This commit is contained in:
parent
ca1f3bf01f
commit
5d927e036b
12 changed files with 1792 additions and 3253 deletions
54
.sops.yaml
54
.sops.yaml
|
|
@ -1,7 +1,7 @@
|
|||
# Public keys are combination of host + user
|
||||
keys:
|
||||
- &sue_root age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
|
||||
- &sue_pim age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
|
||||
- &laptop_root age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
|
||||
- &laptop_pim age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
|
||||
- &gamepc_root age1y5wgcxmn37drmjtpgld3xc76mw8dckhred8hecusywjlvdyfedfse8y60u
|
||||
- &gamepc_pim age1qlldg2c6kptvnmvlkpf9pae3wnczk6eklcmwdvnzyvvnur3aqdcq3c3trt
|
||||
- &warwick_root age1th8rdw4fs3vmgy9gzc0k9xy88tddjj4vasepckfx9h4nlzsg3q3q4cjgwu
|
||||
|
|
@ -11,36 +11,36 @@ keys:
|
|||
- &lewis_root age108fn93z2c55g9dm9cv5v4w47pykf3khz7e3dmnpv5dhchwnaau0qs20stq
|
||||
|
||||
creation_rules:
|
||||
- path_regex: secrets/sue/colmena.yaml
|
||||
- path_regex: secrets/blocktech/colmena.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *sue_root
|
||||
- path_regex: secrets/sue/nixos.yaml
|
||||
- *laptop_root
|
||||
- path_regex: secrets/blocktech/nixos.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *sue_root
|
||||
- path_regex: secrets/sue/pim.yaml
|
||||
- *laptop_root
|
||||
- path_regex: secrets/blocktech/pkunis.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- path_regex: secrets/gamepc/colmena.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- path_regex: secrets/gamepc/pim.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *gamepc_root
|
||||
- *gamepc_pim
|
||||
- path_regex: secrets/warwick/colmena.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *niels
|
||||
- path_regex: secrets/servers.yaml
|
||||
key_groups:
|
||||
|
|
@ -49,14 +49,14 @@ creation_rules:
|
|||
- *atlas_root
|
||||
- *jefke_root
|
||||
- *lewis_root
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *niels
|
||||
- path_regex: secrets/atlas/colmena.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *niels
|
||||
- path_regex: secrets/kubernetes.yaml
|
||||
key_groups:
|
||||
|
|
@ -64,25 +64,25 @@ creation_rules:
|
|||
- *atlas_root
|
||||
- *jefke_root
|
||||
- *lewis_root
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *niels
|
||||
- path_regex: secrets/jefke/colmena.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *niels
|
||||
- path_regex: secrets/lewis/colmena.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *niels
|
||||
- path_regex: secrets/lewis/nixos.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *lewis_root
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *niels
|
||||
|
|
|
|||
|
|
@ -15,9 +15,9 @@ inputs @ {
|
|||
};
|
||||
};
|
||||
|
||||
sue = {
|
||||
blocktech = {
|
||||
imports = [
|
||||
(import ./machines).sue.nixosModule
|
||||
(import ./machines).blocktech.nixosModule
|
||||
./nixos
|
||||
];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -12,16 +12,15 @@
|
|||
|
||||
config = {
|
||||
pim = {
|
||||
lanzaboote.enable = true;
|
||||
tidal.enable = true;
|
||||
lanzaboote.enable = false;
|
||||
tidal.enable = false;
|
||||
gnome.enable = true;
|
||||
stylix.enable = true;
|
||||
wireguard.enable = true;
|
||||
compliance.enable = true;
|
||||
sops-nix.usersWithSopsKeys = ["pim"];
|
||||
sops-nix.usersWithSopsKeys = ["pkunis"];
|
||||
};
|
||||
|
||||
users.users.pim = {
|
||||
users.users.pkunis = {
|
||||
isNormalUser = true;
|
||||
extraGroups = ["wheel" "docker" "input" "wireshark" "dialout"];
|
||||
};
|
||||
|
|
@ -33,10 +32,10 @@
|
|||
};
|
||||
|
||||
facter.reportPath = ./facter.json;
|
||||
home-manager.users.pim.imports = [./pim.home.nix];
|
||||
nix.settings.trusted-users = ["pim"];
|
||||
home-manager.users.pkunis.imports = [./pkunis.home.nix];
|
||||
nix.settings.trusted-users = ["pkunis"];
|
||||
system.stateVersion = "23.05";
|
||||
sops.defaultSopsFile = "${self}/secrets/sue/nixos.yaml";
|
||||
sops.defaultSopsFile = "${self}/secrets/blocktech/nixos.yaml";
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
borgbackup
|
||||
|
|
@ -60,18 +59,26 @@
|
|||
};
|
||||
};
|
||||
|
||||
swapDevices = [{device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b";}];
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-uuid/31638735-5cc4-4013-8037-17e30edcbb0a";
|
||||
swapDevices = [
|
||||
{device = "/dev/disk/by-uuid/949815d4-cfc4-4cf3-bbbe-22516f91119c";}
|
||||
];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/06710546-327b-402a-b221-8d88b75301d2";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-uuid/560E-F8A2";
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/E547-7E6C";
|
||||
fsType = "vfat";
|
||||
options = ["fmask=0022" "dmask=0022"];
|
||||
options = ["fmask=0077" "dmask=0077"];
|
||||
};
|
||||
|
||||
boot = {
|
||||
initrd.luks.devices."luks-4cc1ad7c-a794-4c54-adc8-c9f666c9b781".device = "/dev/disk/by-uuid/4cc1ad7c-a794-4c54-adc8-c9f666c9b781";
|
||||
initrd.luks.devices."luks-161f5109-c2d7-4307-91f6-27c655d6ab3e".device = "/dev/disk/by-uuid/161f5109-c2d7-4307-91f6-27c655d6ab3e";
|
||||
|
||||
loader.systemd-boot.enable = true;
|
||||
loader.efi.canTouchEfiVariables = true;
|
||||
};
|
||||
|
||||
nix.settings = {
|
||||
|
|
@ -79,8 +86,6 @@
|
|||
trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="];
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494";
|
||||
|
||||
specialisation.cosmic = lib.mkIf config.pim.cosmic.enable {
|
||||
configuration = {
|
||||
imports = [
|
||||
File diff suppressed because it is too large
Load diff
|
|
@ -9,7 +9,7 @@
|
|||
in {
|
||||
config = {
|
||||
pim = {
|
||||
tidal.enable = true;
|
||||
tidal.enable = false;
|
||||
gnome.enable = true;
|
||||
vscode.enable = true;
|
||||
syncthing.enable = true;
|
||||
|
|
@ -22,8 +22,8 @@ in {
|
|||
};
|
||||
|
||||
home = {
|
||||
username = "pim";
|
||||
homeDirectory = "/home/pim";
|
||||
username = "pkunis";
|
||||
homeDirectory = "/home/pkunis";
|
||||
stateVersion = "23.05";
|
||||
sessionVariables = {
|
||||
MANPAGER = "${lib.getExe neovim} +Man!";
|
||||
|
|
@ -32,7 +32,7 @@ in {
|
|||
};
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = "${self}/secrets/sue/pim.yaml";
|
||||
defaultSopsFile = "${self}/secrets/blocktech/pkunis.yaml";
|
||||
age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
|
||||
secrets."keepassxc".path = "${config.xdg.configHome}/keepassxc/keepassxc.ini";
|
||||
};
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
sue = {
|
||||
blocktech = {
|
||||
system = "x86_64-linux";
|
||||
nixosModule = import ./sue/configuration.nix;
|
||||
nixosModule = import ./blocktech/configuration.nix;
|
||||
};
|
||||
|
||||
gamepc = {
|
||||
|
|
|
|||
|
|
@ -1,14 +0,0 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
cfg = config.pim.compliance;
|
||||
in {
|
||||
options.pim.compliance.enable = lib.mkEnableOption "compliance";
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.clamav = {
|
||||
daemon.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -18,7 +18,6 @@
|
|||
./stylix.nix
|
||||
./wireguard.nix
|
||||
./gnome.nix
|
||||
./compliance.nix
|
||||
./cinnamon.nix
|
||||
./ssh.nix
|
||||
./desktop.nix
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@
|
|||
}: let
|
||||
cfg = config.pim.tidal;
|
||||
in {
|
||||
# TODO: this is bad and broken
|
||||
options.pim.tidal.enable = lib.mkEnableOption "tidal";
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
sops_nix_keys:
|
||||
root: ENC[AES256_GCM,data:CxF2wjcQ2OFuS7Pgjnc8zc7sqGEz3dcHt4NXkL+V6w7kGPP+b4wBhOlT7b+bEESNslpK2htLY7x+IZWIA8JQpeRKHAKymAUK86I=,iv:5qNFDb86/Vr9Iqzx1eES4wUVY5XTq3iOR4VQliuP1lg=,tag:gx/Q7t52l9kMhPRXdpsB6A==,type:str]
|
||||
pim: ENC[AES256_GCM,data:PWFlRBaqImbCpj3IXU+BtNIRvwru+GRwxDQO4QwINRvxRqC36LE6JpMqaJNrTdCPy+aQ01brTN8y99qXTDlrul32cZnopc37r78=,iv:1tG7rDB5D7D2myes6Ro8hXC140ugjXpiwNpivWFw/xw=,tag:BNm/Ep55tt7xBWZFyzTR5g==,type:str]
|
||||
pkunis: ENC[AES256_GCM,data:192vkgOdMoDEhPU6yilatIfaFS/1LJFvteEMYI1/3SBP773lN62pWoDiJDiBtjBCisA/3yHriL3Dpvs1PwbV0BChmbL+svwKrFE=,iv:/YyZ+NSyZwyGp4NJYUSeYOOUfGaH5jOiVUH8QeWnFUA=,tag:sWN0bQvm8Ejw5+XST0pAEQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
|
@ -16,8 +16,8 @@ sops:
|
|||
NkJzL3JSN2sxbnF6NGNhQlJqTHpHRTAKK+3FqqBAGxdlMtnbsySEcZT1lkQwJWvK
|
||||
GFB+6CtH9UtyIGrdK8Pm/0ahsolYGAim2OjeiKBbs3Q8kLm5WAsgRg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-11-30T23:42:51Z"
|
||||
mac: ENC[AES256_GCM,data:fo856uaz54nxHDJVDpMOPc6GHAzMdVJTfqBiMtJkEwm3AVICtRcI8ucceBnmfKZf9DM2MC2DffU1tvJd5iqpqFZMXCElRnBxWVZGhvrZqIZtmoAin5zBgwOudf1o6msmdNGmZk1ECq/HpHNO/QMQ3rnFdBvOZwL0zu6iZm9XwC0=,iv:T6Tv1ukk0CWbTRVWYdfn/bWQoETk8DRVMOzpJE9mCWE=,tag:eICIYTBvAJLUTpRcMYqc5Q==,type:str]
|
||||
lastmodified: "2025-02-25T13:53:06Z"
|
||||
mac: ENC[AES256_GCM,data:lLojNOq2QtdeqiCHOg6+Kssfa+Ey6JefPQulFkgnr1Onrt60ds2qWg5TTMHMlUaa6vB1S78WqyquTRBLv9Ek/alOae+CgdDi+vVX8hG5Mc2Edcfl+z8rRNFB+2mOEl1gJwKntyxySx6YBiDhZsH0p+Xflw9WGm/lL/FyRCJCwq0=,iv:8PqXupgwdfgdfIzsymVSrjQACoMODR+XYPgLMvASjos=,tag:rLGJlL3alm/qy+3qeS637g==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
Loading…
Add table
Reference in a new issue