diff --git a/.sops.yaml b/.sops.yaml index 2229a45..19e09c1 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -29,6 +29,13 @@ creation_rules: - age: - *sue_pim - *sue_root + - path_regex: secrets/gamepc/pim.yaml + key_groups: + - age: + - *sue_pim + - *sue_root + - *gamepc_root + - *gamepc_pim - path_regex: secrets/warwick/colmena.yaml key_groups: - age: diff --git a/machines/gamepc/configuration.nix b/machines/gamepc/configuration.nix index f8fe1e3..88997f8 100644 --- a/machines/gamepc/configuration.nix +++ b/machines/gamepc/configuration.nix @@ -19,6 +19,7 @@ pim = { isNormalUser = true; + extraGroups = ["autologin"]; openssh.authorizedKeys.keys = config.pim.ssh.keys.pim; }; }; @@ -29,7 +30,24 @@ tags = ["desktop"]; }; - services.openssh.enable = true; + services = { + openssh.enable = true; + + xserver.displayManager.lightdm.extraSeatDefaults = '' + autologin-user=pim + ''; + + sunshine = { + enable = true; + openFirewall = true; + + settings = { + sunshine_name = config.networking.hostName; + origin_web_ui_allowed = "wan"; + credentials_file = "/home/pim/.config/sunshine/sunshine_credentials.json"; + }; + }; + }; boot.loader.grub = { enable = true; diff --git a/machines/gamepc/pim.home.nix b/machines/gamepc/pim.home.nix index 248fbf4..cf831fb 100644 --- a/machines/gamepc/pim.home.nix +++ b/machines/gamepc/pim.home.nix @@ -1,14 +1,26 @@ -{pkgs, ...}: { +{ + self, + pkgs, + config, + ... +}: { home = { username = "pim"; homeDirectory = "/home/pim"; stateVersion = "24.05"; + + packages = with pkgs.unstable; [ + devenv + vlc + handbrake + lutris + ]; }; - home.packages = with pkgs.unstable; [ - devenv - vlc - handbrake - lutris - ]; + sops = { + defaultSopsFile = "${self}/secrets/gamepc/pim.yaml"; + # TODO: should be set automatically? + age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt"; + secrets."sunshine_credentials".path = "${config.xdg.configHome}/sunshine/sunshine_credentials.json"; + }; } diff --git a/secrets/gamepc/pim.yaml b/secrets/gamepc/pim.yaml new file mode 100644 index 0000000..d3fd6a4 --- /dev/null +++ b/secrets/gamepc/pim.yaml @@ -0,0 +1,48 @@ +sunshine_credentials: ENC[AES256_GCM,data:P1sttD3H65DQje+Cs5CVLqvhtXWtoBgu/TBZ3WFIWqErRKtKa31V2lLrgixrty4TVM5qq06zE5z3lQ78ZAHLNh80jMPvoAcCqTXXoWwIYwdHJT0iG09f0ZfpiVTZU4MuCn0uuaJ6873AYe60siZW8uFntu3v230izoAqY9Ex+BzIOOliuqrnIRzdw06TCrrBTJUr,iv:WZqkSZOsiCWx7VPuTDA1Js1DcHZLK9YLDxTQ2nVlFQ8=,tag:iJ6bSofnPWWm7B+VPm+MyQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjajAwMFhxd09tUkpyZ0xP + SkVRK2NTaVJxdVhpbXVkQUNyR3hmUTl5WlZBCmgrc3RHRlFwVGJDS0Q0YTlwbjV0 + M2Exa0J5UEplbHVmbzFpWEoyWEFsNE0KLS0tIHltbTdyWm9kRkxzSXFJcFAzWEtX + MGpSUUNaQi9WTkE5N3hEKzF5Q2F5SmsKuSQKcEyjbow88jvnd12mABUZplmOy+Oo + +ZUgBYODny2Rw+poo52G2zqUvuViDOW6yEUO2dCLmT+n5T7jQgtbBw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhUExjaGpwT3ROcGcrOHVE + Nmt2bGhHNVpMeDZzdWE5NlJoVmFvYXoyeXpJClVRaGxPRmtKTXRiNUxKT2hWWkhH + a3RMMDVnYm9FZ2VaM2t3WVRtQjlnVDgKLS0tIDRtdXlsdUNtMnM1VDZ1T2JXSlMv + VVo0a0M3UERKQlZ1b3ZPWWFadjcyTFUKoJnTvyn2+VR6p2qcUpGaZg7z9LfJWeLR + Q5PeSx2cjVn/2jYu/DzIVe2TtA1iUooa9BrQhF0pLUZrG3x3d62Uuw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1y5wgcxmn37drmjtpgld3xc76mw8dckhred8hecusywjlvdyfedfse8y60u + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Qmp6aE1MSU9lb2s3OG9J + eFBHU1M5UGIxSkJScndRK3AvYWxKdVZDMVVJCmZ2VmQ1MkxNNnM0UHVZM1BVd3NX + ZVJ0aHhUbnJzb29LVHozdUJmMjNZUVUKLS0tIFg3Q1Q5ZmRHN29lakJYYlhleWVX + RTkrZjNOblVmaDFVU1JXK3orS2sxUFEKOPVFTXfg9Nd2Kul7+nSRou6yyhZgl4/b + 2PqNhL93fWYe56rwHcFv2XV2ZFLSAecJQqQOkTSrZurzsx+yDSTfjw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1qlldg2c6kptvnmvlkpf9pae3wnczk6eklcmwdvnzyvvnur3aqdcq3c3trt + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYcmg3YThHcThiZXVZQ0ZI + aFc2dDFYZGVmcXhFUWdiR21SNHJvSHdrdFJ3CmxVbXNUZ2ZtaGNQMU8yNVdUeVhx + Ui8rdlRFT1RBUGN4YlRVVlBDdE9hd1kKLS0tIGp5azREbEJNaS9iaWhsTFM3b0N2 + OTN5b0pINFVha2lTNkdyYlM3Q1o0VkkKp6EDdnF5IN44lVnQPaoglzMoS9LGeBa+ + f2aRHIUOZ6NNAGn0Y/YUOroneF3QEFEXbEdiWtmnXVEGOU+vftrF4g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-10T10:52:17Z" + mac: ENC[AES256_GCM,data:B/PTXBcsV7jdcLQ2nenfv2ugEKXq1LGrCX17pp1Qu1xgQ/tj7Zdhx4JTCc/VfcaXqroV4F2t72yvCpCG3qSg8LG2z5xjjGBM3sN1ous/hbrPC+ahbu0Vp/fx9l2X9Gy8uOs2CBvATPBX0+j8uhwHDfCGVPLwa1LcH10F1/28hGw=,iv:4tO7Tg66gSlp6v3herKTfjuKvpiQQePMyOEGK539kDI=,tag:uxUW4zRDLvGh+pgO/K4v4g==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1