Reorganize and refactor project
This commit is contained in:
parent
ed1e654706
commit
afcc583dcf
35 changed files with 130 additions and 300 deletions
|
@ -1,6 +1,14 @@
|
||||||
{ pkgs, config, lib, inputs, ... }: {
|
{ pkgs, config, lib, inputs, flake, system, ... }: {
|
||||||
|
imports = [
|
||||||
|
inputs.stylix.nixosModules.stylix
|
||||||
|
inputs.agenix.nixosModules.default
|
||||||
|
inputs.home-manager.nixosModules.home-manager
|
||||||
|
"${flake}/modules/nixos/lanzaboote.nix"
|
||||||
|
];
|
||||||
|
|
||||||
time.timeZone = "Europe/Amsterdam";
|
time.timeZone = "Europe/Amsterdam";
|
||||||
i18n.defaultLocale = "en_US.UTF-8";
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
programs.ssh.startAgent = true;
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
gnome.gnome-keyring.enable = lib.mkForce false;
|
gnome.gnome-keyring.enable = lib.mkForce false;
|
||||||
|
@ -46,6 +54,7 @@
|
||||||
dig
|
dig
|
||||||
gnomeExtensions.pop-shell
|
gnomeExtensions.pop-shell
|
||||||
gnome.gnome-shell-extensions
|
gnome.gnome-shell-extensions
|
||||||
|
gnomeExtensions.window-is-ready-remover
|
||||||
];
|
];
|
||||||
gnome.excludePackages = with pkgs; with pkgs.gnome; [
|
gnome.excludePackages = with pkgs; with pkgs.gnome; [
|
||||||
totem
|
totem
|
||||||
|
@ -68,8 +77,6 @@
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
programs.ssh.startAgent = true;
|
|
||||||
|
|
||||||
security = {
|
security = {
|
||||||
rtkit.enable = true;
|
rtkit.enable = true;
|
||||||
|
|
||||||
|
@ -153,6 +160,16 @@
|
||||||
permittedInsecurePackages = [ "electron-25.9.0" ];
|
permittedInsecurePackages = [ "electron-25.9.0" ];
|
||||||
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "vmware-horizon-client" "libfprint-2-tod1-goodix" "vmware-workstation" ];
|
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "vmware-horizon-client" "libfprint-2-tod1-goodix" "vmware-workstation" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
overlays = [
|
||||||
|
inputs.nur.overlay
|
||||||
|
(final: _prev: {
|
||||||
|
unstable = import inputs.nixpkgs-unstable {
|
||||||
|
inherit system;
|
||||||
|
config.allowUnfree = true;
|
||||||
|
};
|
||||||
|
})
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
|
@ -201,4 +218,15 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
home-manager = {
|
||||||
|
useGlobalPkgs = true;
|
||||||
|
useUserPackages = true;
|
||||||
|
extraSpecialArgs.flake = flake;
|
||||||
|
|
||||||
|
users.pim.imports = [
|
||||||
|
./home.nix
|
||||||
|
inputs.homeage.homeManagerModules.homeage
|
||||||
|
];
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
42
flake.nix
42
flake.nix
|
@ -42,45 +42,21 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs =
|
outputs =
|
||||||
{ nixpkgs
|
{ self
|
||||||
, nixpkgs-unstable
|
, nixpkgs
|
||||||
, home-manager
|
|
||||||
, homeage
|
|
||||||
, agenix
|
|
||||||
, nur
|
|
||||||
, nixos-hardware
|
|
||||||
, stylix
|
|
||||||
, ...
|
, ...
|
||||||
}@inputs:
|
}@inputs:
|
||||||
let
|
let
|
||||||
mkNixosSystem = extraModule: nixpkgs.lib.nixosSystem rec {
|
mkNixosSystem = extraModule: nixpkgs.lib.nixosSystem rec {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
specialArgs = { inherit inputs; };
|
|
||||||
|
specialArgs = {
|
||||||
|
inherit inputs system;
|
||||||
|
flake = self;
|
||||||
|
};
|
||||||
|
|
||||||
modules = [
|
modules = [
|
||||||
{
|
|
||||||
nixpkgs.overlays = [
|
|
||||||
nur.overlay
|
|
||||||
(final: _prev: {
|
|
||||||
unstable = import nixpkgs-unstable {
|
|
||||||
inherit system;
|
|
||||||
config.allowUnfree = true;
|
|
||||||
};
|
|
||||||
})
|
|
||||||
];
|
|
||||||
}
|
|
||||||
./configuration.nix
|
./configuration.nix
|
||||||
stylix.nixosModules.stylix
|
|
||||||
./modules/nixos/lanzaboote.nix
|
|
||||||
agenix.nixosModules.default
|
|
||||||
home-manager.nixosModules.home-manager
|
|
||||||
{
|
|
||||||
home-manager.useGlobalPkgs = true;
|
|
||||||
home-manager.useUserPackages = true;
|
|
||||||
home-manager.users.pim = {
|
|
||||||
imports = [ ./home-manager homeage.homeManagerModules.homeage ];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
extraModule
|
extraModule
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
@ -88,7 +64,7 @@
|
||||||
{
|
{
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
x260 = mkNixosSystem ({ pkgs, lib, ... }: {
|
x260 = mkNixosSystem ({ pkgs, lib, ... }: {
|
||||||
imports = [ nixos-hardware.nixosModules.lenovo-thinkpad-x260 ];
|
imports = [ inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x260 ];
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
pim.lanzaboote.enable = true;
|
pim.lanzaboote.enable = true;
|
||||||
|
@ -170,7 +146,7 @@
|
||||||
});
|
});
|
||||||
|
|
||||||
sue = mkNixosSystem ({ ... }: {
|
sue = mkNixosSystem ({ ... }: {
|
||||||
imports = [ nixos-hardware.nixosModules.dell-xps-13-9310 ];
|
imports = [ inputs.nixos-hardware.nixosModules.dell-xps-13-9310 ];
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
pim.lanzaboote.enable = true;
|
pim.lanzaboote.enable = true;
|
||||||
|
|
|
@ -1,20 +0,0 @@
|
||||||
{
|
|
||||||
config = {
|
|
||||||
programs.bash = {
|
|
||||||
enable = true;
|
|
||||||
shellAliases = {
|
|
||||||
htop = "btop";
|
|
||||||
gp = "git push";
|
|
||||||
gco = "git checkout";
|
|
||||||
gd = "git diff";
|
|
||||||
gc = "git commit";
|
|
||||||
gpl = "git pull";
|
|
||||||
gb = "git branch";
|
|
||||||
ga = "git add";
|
|
||||||
gl = "git log";
|
|
||||||
gs = "git status";
|
|
||||||
tf = "tofu";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,7 +0,0 @@
|
||||||
{
|
|
||||||
config = {
|
|
||||||
programs.bat = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,9 +0,0 @@
|
||||||
{
|
|
||||||
config = {
|
|
||||||
programs.direnv = {
|
|
||||||
enable = true;
|
|
||||||
enableBashIntegration = true;
|
|
||||||
nix-direnv.enable = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,8 +0,0 @@
|
||||||
{
|
|
||||||
config = {
|
|
||||||
programs.fzf = {
|
|
||||||
enable = true;
|
|
||||||
enableBashIntegration = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,18 +0,0 @@
|
||||||
{
|
|
||||||
config = {
|
|
||||||
programs.git = {
|
|
||||||
enable = true;
|
|
||||||
userName = "Pim Kunis";
|
|
||||||
userEmail = "pim@kunis.nl";
|
|
||||||
extraConfig = {
|
|
||||||
push.autoSetupRemote = true;
|
|
||||||
commit.verbose = true;
|
|
||||||
pull.rebase = true;
|
|
||||||
};
|
|
||||||
includes = [{
|
|
||||||
path = "~/git/suecode/.gitconfig";
|
|
||||||
condition = "gitdir:~/git/suecode/**";
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,17 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIICrzCCAZcCFApupXAa2tPytpi3av47+az0Ggb4MA0GCSqGSIb3DQEBCwUAMBQx
|
|
||||||
EjAQBgNVBAMMCWplZmtlLmh5cDAeFw0yMzExMjQyMjAzMjhaFw0yNDExMjMyMjAz
|
|
||||||
MjhaMBQxEjAQBgNVBAMMCXRlcnJhZm9ybTCCASIwDQYJKoZIhvcNAQEBBQADggEP
|
|
||||||
ADCCAQoCggEBALeJ/fYUCmwislUw4XcCxivCUuWuUWI+t/nke9/hWEWTmDG4Z7/a
|
|
||||||
IAKqsGk0zNATQViAXmYZwdYK70AKQhxat3OJcuZarsurOXVjVJdT4Wr5SxHGHjd0
|
|
||||||
bwd8JzFZPIfgYCILCISFjCIfpD58kBq2bkvI4rpn4tb2iPunXp0+S8iHDMB5wAOb
|
|
||||||
FgT0muuz9ua4R76nq79O9wLbAVf38CDR9bMGcPcKknz0sl37jr7A/pDvQzpFWO33
|
|
||||||
eJb64b7Qe4CHslWFj1tdEkXaMpMNWHhc2TmtLtlt6a+RY1R9KdX5x0lQTyJnEwJZ
|
|
||||||
8YTKnlMoNvkfBznuARFmNNmUYPoHE6WgonMCAwEAATANBgkqhkiG9w0BAQsFAAOC
|
|
||||||
AQEAaH1HVPThhAkrXE4Zmh49D1zvq5uy6moV326/ovnPQfco2jYBYO5mYxBF32mx
|
|
||||||
ShEanbJJKkFjWkQHmsWt7nrkeloz6q8sD19nLyyWmMj0Pd6wcLv017Zdo902fh27
|
|
||||||
Rl8qZS44vEc+N/5gc2eINMfXm/JOdXYntOVpFO/I+6b9Q2iWFX3YUAXiIDiEYBvS
|
|
||||||
BBqyXC2nVg6Lp1KVg+EaYW27sj8b5HHXnpEGdXduVmOWttdaQVjYslqmH7mUKi9f
|
|
||||||
2U9FicMvw6KvkRki+SLKeZr2yIP1QQOnWg0BPbeCpMfdMSu/AtLkAtugZeT8p1Ko
|
|
||||||
3hMMyKKzyyhiwpzvk21QFNZ5LA==
|
|
||||||
-----END CERTIFICATE-----
|
|
|
@ -1,67 +0,0 @@
|
||||||
Certificate:
|
|
||||||
Data:
|
|
||||||
Version: 1 (0x0)
|
|
||||||
Serial Number:
|
|
||||||
ef:2f:4d:d4:26:7e:33:1b
|
|
||||||
Signature Algorithm: sha256WithRSAEncryption
|
|
||||||
Issuer: CN=jefke.hyp
|
|
||||||
Validity
|
|
||||||
Not Before: Nov 22 19:12:03 2023 GMT
|
|
||||||
Not After : Oct 29 19:12:03 2123 GMT
|
|
||||||
Subject: CN=jefke.hyp
|
|
||||||
Subject Public Key Info:
|
|
||||||
Public Key Algorithm: rsaEncryption
|
|
||||||
RSA Public-Key: (2048 bit)
|
|
||||||
Modulus:
|
|
||||||
00:c7:ab:eb:9c:d0:7f:4f:f1:ba:65:0a:8b:07:7b:
|
|
||||||
2e:5b:f0:26:82:33:c9:73:e6:91:cc:11:94:05:1c:
|
|
||||||
8d:67:29:cb:5e:67:35:02:80:54:af:99:4b:aa:ce:
|
|
||||||
e8:56:62:be:63:cb:b2:4a:b0:a9:28:12:e2:77:50:
|
|
||||||
7d:d5:d2:3b:48:d8:32:59:25:26:ff:a6:5c:f6:eb:
|
|
||||||
ae:5b:3d:7a:14:10:ba:90:9c:6f:1f:b9:d8:99:0e:
|
|
||||||
b7:09:5e:62:69:c4:c0:c6:27:b0:d3:60:0d:47:4c:
|
|
||||||
a5:11:53:f2:f1:4a:f9:a6:bc:d6:a3:35:a2:e8:e5:
|
|
||||||
a9:d1:60:e8:e5:18:ce:d2:60:80:4e:dc:48:ae:7f:
|
|
||||||
b7:ea:76:51:28:39:a4:b0:95:82:95:93:98:b2:9f:
|
|
||||||
23:c9:81:69:59:a3:e4:f7:5a:1c:01:31:96:c1:4b:
|
|
||||||
59:21:f8:a2:e6:9e:21:78:0e:6b:c1:68:c7:5c:16:
|
|
||||||
9a:06:54:df:b6:77:1d:2d:89:d0:c8:9e:db:b5:d4:
|
|
||||||
8c:fb:b9:4f:b7:6e:39:5f:39:8e:48:73:76:7d:46:
|
|
||||||
6e:1f:8d:14:cb:40:b5:ff:c6:f0:c0:44:3c:ed:52:
|
|
||||||
3f:4f:7b:69:63:93:c6:41:e6:5e:ed:33:50:20:46:
|
|
||||||
db:93:bf:e8:52:51:95:f1:81:73:58:da:67:21:7b:
|
|
||||||
12:bd
|
|
||||||
Exponent: 65537 (0x10001)
|
|
||||||
Signature Algorithm: sha256WithRSAEncryption
|
|
||||||
aa:5c:89:41:a6:b7:3d:65:87:ca:50:c4:f3:58:aa:d3:b4:55:
|
|
||||||
b1:a7:8d:18:26:17:e5:8a:21:24:a1:49:53:77:31:5b:55:63:
|
|
||||||
be:01:d8:fe:b7:06:7c:da:07:1f:94:6a:de:96:ad:ca:3b:20:
|
|
||||||
2a:e1:35:90:19:83:6d:37:d1:15:12:de:3c:0e:46:be:66:a1:
|
|
||||||
6a:1d:ec:72:dc:46:79:69:e4:af:77:c8:ff:cd:d6:7d:16:88:
|
|
||||||
ab:44:fd:70:fc:40:47:ff:43:95:11:5a:9a:56:0c:d2:dd:7c:
|
|
||||||
3b:87:aa:10:26:fa:25:a3:a0:43:8a:1b:ec:54:11:7e:65:67:
|
|
||||||
d2:06:e1:3e:3b:e1:0e:b0:80:ef:4b:35:3f:fc:34:1d:95:2e:
|
|
||||||
ee:c1:67:38:da:b3:74:86:4b:95:8c:0c:1d:51:28:c1:42:e9:
|
|
||||||
77:68:d7:ec:3b:66:30:c6:e5:2a:62:ea:15:fb:24:56:cf:02:
|
|
||||||
d0:25:54:a7:58:15:b5:2a:71:93:56:c0:69:7a:36:18:6c:31:
|
|
||||||
b1:8e:3c:77:d7:77:ac:fc:e1:94:c5:08:bb:35:ac:48:5f:6b:
|
|
||||||
8b:c8:c8:78:f4:a9:ca:4f:9d:51:54:89:97:c9:af:a1:fa:71:
|
|
||||||
df:58:f6:ff:04:7c:c8:1c:95:6b:1a:e3:a7:f6:43:1c:27:94:
|
|
||||||
10:03:ce:ec
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIICpjCCAY4CCQDvL03UJn4zGzANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlq
|
|
||||||
ZWZrZS5oeXAwIBcNMjMxMTIyMTkxMjAzWhgPMjEyMzEwMjkxOTEyMDNaMBQxEjAQ
|
|
||||||
BgNVBAMMCWplZmtlLmh5cDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
|
|
||||||
AMer65zQf0/xumUKiwd7LlvwJoIzyXPmkcwRlAUcjWcpy15nNQKAVK+ZS6rO6FZi
|
|
||||||
vmPLskqwqSgS4ndQfdXSO0jYMlklJv+mXPbrrls9ehQQupCcbx+52JkOtwleYmnE
|
|
||||||
wMYnsNNgDUdMpRFT8vFK+aa81qM1oujlqdFg6OUYztJggE7cSK5/t+p2USg5pLCV
|
|
||||||
gpWTmLKfI8mBaVmj5PdaHAExlsFLWSH4ouaeIXgOa8Fox1wWmgZU37Z3HS2J0Mie
|
|
||||||
27XUjPu5T7duOV85jkhzdn1Gbh+NFMtAtf/G8MBEPO1SP097aWOTxkHmXu0zUCBG
|
|
||||||
25O/6FJRlfGBc1jaZyF7Er0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqlyJQaa3
|
|
||||||
PWWHylDE81iq07RVsaeNGCYX5YohJKFJU3cxW1VjvgHY/rcGfNoHH5Rq3patyjsg
|
|
||||||
KuE1kBmDbTfRFRLePA5Gvmahah3sctxGeWnkr3fI/83WfRaIq0T9cPxAR/9DlRFa
|
|
||||||
mlYM0t18O4eqECb6JaOgQ4ob7FQRfmVn0gbhPjvhDrCA70s1P/w0HZUu7sFnONqz
|
|
||||||
dIZLlYwMHVEowULpd2jX7DtmMMblKmLqFfskVs8C0CVUp1gVtSpxk1bAaXo2GGwx
|
|
||||||
sY48d9d3rPzhlMUIuzWsSF9ri8jIePSpyk+dUVSJl8mvofpx31j2/wR8yByVaxrj
|
|
||||||
p/ZDHCeUEAPO7A==
|
|
||||||
-----END CERTIFICATE-----
|
|
|
@ -1,30 +0,0 @@
|
||||||
{ config, lib, ... }: {
|
|
||||||
config = {
|
|
||||||
programs.ssh = {
|
|
||||||
enable = true;
|
|
||||||
extraConfig = "User root";
|
|
||||||
|
|
||||||
matchBlocks = {
|
|
||||||
github = lib.hm.dag.entryBefore [ "*" ] {
|
|
||||||
hostname = "github.com";
|
|
||||||
user = "pizzapim";
|
|
||||||
identitiesOnly = true;
|
|
||||||
};
|
|
||||||
lewis = lib.hm.dag.entryBefore [ "*" ] { hostname = "lewis.dmz"; };
|
|
||||||
atlas = lib.hm.dag.entryBefore [ "*" ] { hostname = "atlas.dmz"; };
|
|
||||||
jefke = lib.hm.dag.entryBefore [ "*" ] { hostname = "jefke.dmz"; };
|
|
||||||
warwick = lib.hm.dag.entryBefore [ "*" ] { hostname = "warwick.dmz"; };
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
homeage.file."sue_ed25519" = {
|
|
||||||
source = ../../secrets/sue_ed25519.age;
|
|
||||||
symlinks = [ "${config.home.homeDirectory}/.ssh/sue_ed25519" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
homeage.file."sue_azure_rsa" = {
|
|
||||||
source = ../../secrets/sue_azure_rsa.age;
|
|
||||||
symlinks = [ "${config.home.homeDirectory}/.ssh/sue_azure_rsa" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,8 +0,0 @@
|
||||||
{
|
|
||||||
config = {
|
|
||||||
programs.thunderbird = {
|
|
||||||
enable = true;
|
|
||||||
profiles.default = { isDefault = true; };
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,18 +1,15 @@
|
||||||
{ pkgs, lib, config, ... }: {
|
{ pkgs, lib, config, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
./bash
|
./modules/home-manager/neovim
|
||||||
./neovim
|
./modules/home-manager/firefox
|
||||||
./firefox
|
./modules/home-manager/syncthing
|
||||||
./ssh
|
./modules/home-manager/keepassxc
|
||||||
./syncthing
|
|
||||||
./keepassxc
|
|
||||||
./git
|
|
||||||
./direnv
|
|
||||||
./thunderbird
|
|
||||||
./fzf
|
|
||||||
./bat
|
|
||||||
];
|
];
|
||||||
|
|
||||||
|
# Let home-manager manage the X session
|
||||||
|
xsession.enable = true;
|
||||||
|
xdg.userDirs.enable = true;
|
||||||
|
|
||||||
home = {
|
home = {
|
||||||
username = "pim";
|
username = "pim";
|
||||||
homeDirectory = "/home/pim";
|
homeDirectory = "/home/pim";
|
||||||
|
@ -64,6 +61,72 @@
|
||||||
home-manager.enable = true;
|
home-manager.enable = true;
|
||||||
chromium.enable = true;
|
chromium.enable = true;
|
||||||
alacritty.enable = true;
|
alacritty.enable = true;
|
||||||
|
bat.enable = true;
|
||||||
|
|
||||||
|
thunderbird = {
|
||||||
|
enable = true;
|
||||||
|
profiles.default = { isDefault = true; };
|
||||||
|
};
|
||||||
|
|
||||||
|
direnv = {
|
||||||
|
enable = true;
|
||||||
|
enableBashIntegration = true;
|
||||||
|
nix-direnv.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
fzf = {
|
||||||
|
enable = true;
|
||||||
|
enableBashIntegration = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
bash = {
|
||||||
|
enable = true;
|
||||||
|
shellAliases = {
|
||||||
|
htop = "btop";
|
||||||
|
gp = "git push";
|
||||||
|
gco = "git checkout";
|
||||||
|
gd = "git diff";
|
||||||
|
gc = "git commit";
|
||||||
|
gpl = "git pull";
|
||||||
|
gb = "git branch";
|
||||||
|
ga = "git add";
|
||||||
|
gl = "git log";
|
||||||
|
gs = "git status";
|
||||||
|
tf = "tofu";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
ssh = {
|
||||||
|
enable = true;
|
||||||
|
extraConfig = "User root";
|
||||||
|
|
||||||
|
matchBlocks = {
|
||||||
|
github = lib.hm.dag.entryBefore [ "*" ] {
|
||||||
|
hostname = "github.com";
|
||||||
|
user = "pizzapim";
|
||||||
|
identitiesOnly = true;
|
||||||
|
};
|
||||||
|
lewis = lib.hm.dag.entryBefore [ "*" ] { hostname = "lewis.dmz"; };
|
||||||
|
atlas = lib.hm.dag.entryBefore [ "*" ] { hostname = "atlas.dmz"; };
|
||||||
|
jefke = lib.hm.dag.entryBefore [ "*" ] { hostname = "jefke.dmz"; };
|
||||||
|
warwick = lib.hm.dag.entryBefore [ "*" ] { hostname = "warwick.dmz"; };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
git = {
|
||||||
|
enable = true;
|
||||||
|
userName = "Pim Kunis";
|
||||||
|
userEmail = "pim@kunis.nl";
|
||||||
|
extraConfig = {
|
||||||
|
push.autoSetupRemote = true;
|
||||||
|
commit.verbose = true;
|
||||||
|
pull.rebase = true;
|
||||||
|
};
|
||||||
|
includes = [{
|
||||||
|
path = "~/git/suecode/.gitconfig";
|
||||||
|
condition = "gitdir:~/git/suecode/**";
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
|
||||||
# Currently, it is not possible to have Home Manager manage Liberwolf extensions.
|
# Currently, it is not possible to have Home Manager manage Liberwolf extensions.
|
||||||
# There is a draft PR which addresses this:
|
# There is a draft PR which addresses this:
|
||||||
|
@ -81,6 +144,7 @@
|
||||||
# - refined-github
|
# - refined-github
|
||||||
librewolf = {
|
librewolf = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
"identity.fxaccounts.enabled" = true;
|
"identity.fxaccounts.enabled" = true;
|
||||||
"privacy.clearOnShutdown.history" = false;
|
"privacy.clearOnShutdown.history" = false;
|
||||||
|
@ -92,50 +156,24 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Let home-manager manage the X session
|
|
||||||
xsession = { enable = true; };
|
|
||||||
|
|
||||||
xdg = {
|
|
||||||
userDirs.enable = true;
|
|
||||||
configFile."home/postgresql_server.crt".source = ./postgresql_server.crt;
|
|
||||||
configFile."home/postgresql_client.crt".source = ./postgresql_client.crt;
|
|
||||||
};
|
|
||||||
|
|
||||||
homeage = {
|
homeage = {
|
||||||
identityPaths = [ "/home/pim/.ssh/age_ed25519" ];
|
identityPaths = [ "/home/pim/.ssh/age_ed25519" ];
|
||||||
installationType = "systemd";
|
installationType = "systemd";
|
||||||
|
|
||||||
file."common-pg-tfbackend" = {
|
|
||||||
source = ../secrets/common-pg-tfbackend.age;
|
|
||||||
symlinks = [ "${config.xdg.configHome}/home/common.pg.tfbackend" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
file."ansible-vault-secret" = {
|
|
||||||
source = ../secrets/ansible-vault-secret.age;
|
|
||||||
symlinks = [ "${config.xdg.configHome}/home/ansible-vault-secret" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
file."powerdns-api-key" = {
|
|
||||||
source = ../secrets/powerdns-api-key.json.age;
|
|
||||||
symlinks = [ "${config.xdg.configHome}/home/powerdns-api-key.json" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
file."postgresql_client.key" = {
|
|
||||||
source = ../secrets/postgresql_client.key.age;
|
|
||||||
symlinks = [ "${config.xdg.configHome}/home/postgresql_client.key" ];
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
fonts.fontconfig.enable = true;
|
|
||||||
|
|
||||||
dconf.settings = with lib.hm.gvariant; {
|
dconf.settings = with lib.hm.gvariant; {
|
||||||
"org/gnome/desktop/sound".allow-volume-above-100-percent = true;
|
"org/gnome/desktop/sound".allow-volume-above-100-percent = true;
|
||||||
"org.gnome.desktop.wm.preferences".auto-raise = true;
|
"org.gnome.desktop.wm.preferences".auto-raise = true;
|
||||||
|
|
||||||
"org/gnome/shell".enabled-extensions = [
|
"org/gnome/shell" = {
|
||||||
"workspace-indicator@gnome-shell-extensions.gcampax.github.com"
|
"disable-extension-version-validation" = true;
|
||||||
"pop-shell@system76.com"
|
|
||||||
];
|
enabled-extensions = [
|
||||||
|
"workspace-indicator@gnome-shell-extensions.gcampax.github.com"
|
||||||
|
"pop-shell@system76.com"
|
||||||
|
"windowIsReady_Remover@nunofarruca@gmail.com"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
"org/gnome/desktop/input-sources" = {
|
"org/gnome/desktop/input-sources" = {
|
||||||
sources = [ (mkTuple [ "xkb" "us" ]) ];
|
sources = [ (mkTuple [ "xkb" "us" ]) ];
|
|
@ -1,8 +1,9 @@
|
||||||
{ pkgs, config, ... }: {
|
{ pkgs, config, flake, ... }: {
|
||||||
config = {
|
config = {
|
||||||
home.packages = [ pkgs.unstable.keepassxc ];
|
home.packages = [ pkgs.unstable.keepassxc ];
|
||||||
|
|
||||||
homeage.file."keepassxc.ini" = {
|
homeage.file."keepassxc.ini" = {
|
||||||
source = ../../secrets/keepassxc.ini.age;
|
source = "${flake}/secrets/keepassxc.ini.age";
|
||||||
symlinks = [ "${config.xdg.configHome}/keepassxc/keepassxc.ini" ];
|
symlinks = [ "${config.xdg.configHome}/keepassxc/keepassxc.ini" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
|
@ -1,14 +1,14 @@
|
||||||
{ config, ... }: {
|
{ config, flake, ... }: {
|
||||||
config = {
|
config = {
|
||||||
services.syncthing.enable = true;
|
services.syncthing.enable = true;
|
||||||
|
|
||||||
homeage.file."syncthing-key.pem" = {
|
homeage.file."syncthing-key.pem" = {
|
||||||
source = ../../secrets/syncthing-key.pem.age;
|
source = "${flake}/secrets/syncthing-key.pem.age";
|
||||||
symlinks = [ "${config.xdg.configHome}/syncthing/key.pem" ];
|
symlinks = [ "${config.xdg.configHome}/syncthing/key.pem" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
homeage.file."syncthing-cert.pem" = {
|
homeage.file."syncthing-cert.pem" = {
|
||||||
source = ../../secrets/syncthing-cert.pem.age;
|
source = "${flake}/secrets/syncthing-cert.pem.age";
|
||||||
symlinks = [ "${config.xdg.configHome}/syncthing/cert.pem" ];
|
symlinks = [ "${config.xdg.configHome}/syncthing/cert.pem" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
Binary file not shown.
|
@ -1,12 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 LAPUww i6BkkMy9gSSVZ+L+EMYSLakp1qA4yOGbEkLrO4Ddbxs
|
|
||||||
FsoRnCiPsJEKQj+2iJaqn+BbU+bFMAkReRotiV+0WCs
|
|
||||||
-> ssh-ed25519 vBZj5g +6YFp3yYXSEzRMXu7WyURkJk/cA87irnW5FpKRYnGSA
|
|
||||||
dJkMmnxyVEv/S9FmCrRkrYDCh+OwXK+UYno3ncr5nOk
|
|
||||||
-> 6gQa-grease Yt+ucm#U |<d\`t
|
|
||||||
SxpuSh2ee/jDNu7mXcn82fTt6/wy7ksA+W1xHQHiShJGvyyr6dTIPEk0qY1oqIPt
|
|
||||||
HkQNvNYLpMwpAqSTvmcmybps4CoWt0x6GJ0aBPOlYEIuwHnJ5Pkvnf4U9wPuwr6Y
|
|
||||||
zQ
|
|
||||||
--- hHweNMiKEIEw/TwSGhElfRiQYqLtmhwylkMWvfthyGY
|
|
||||||
?×%Ö¿H¹§G¤/Pì#’
|
|
||||||
ÚŠÐÛäF±QÙç„lRÊDcNÖЉ
ç$Hs©ŠTæžø<C5BE>C¹ÊÁÏqVf¤àˆÝkëã•ø<E280A2>ï¡×OŒÞÛµæE•êgißžXŒ§sá”)gO¢.·]·æÐCJcè<63>E^EŸq:<3A>qß&™E™#¾ArĪə€ñì
|
|
Binary file not shown.
|
@ -1,11 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 LAPUww NnvaPUzk3WjwC3nu7T47DXtNqDuysbgAccdF1kWO5yQ
|
|
||||||
XYX2GfZSHrnhoKutbqVxB9zghbl1kZDyOTphUXvt8oQ
|
|
||||||
-> ssh-ed25519 vBZj5g mpi+OE3ST+mP05IKimQrwOZxOaDgeUUoKujOOSXEljQ
|
|
||||||
kwHkJu14Xpqgd4POeuLLcbech+Kh2XSfBed3M1Cu8DA
|
|
||||||
-> =6-grease C`Yq5 Y2 4
|
|
||||||
8sgSLLYCXkFRy0SFfNH0fhb14HonKVpVfkc1rc7sC7bXVXi8FGri/d/AW42G2J9m
|
|
||||||
W/FfhKnGBAOj1cA/wPw4cqCcQKbux78C7BdN6EfrF+ddzF+n98EwtBJ/cjzRky+A
|
|
||||||
FJJY
|
|
||||||
--- sytjLDBFLb2VqtF3LSiSS1Nxb56oNtx2AGzhYCPItW8
|
|
||||||
.ÚËr-Ò†±–åØè/BD$Õ¬F³Ðó¡FÜЙó‰SÅÙ/MœÎËâò ª¸òi/<2F># ‹šÙqžï%u7ÍŸ6ƒör…W ¸öe?…ƒÉ…i,·ÐÑä[ÁY¤9ÙÿÀÁ
|
|
|
@ -9,14 +9,8 @@ in
|
||||||
{
|
{
|
||||||
"wg-quick-home-privkey.age".publicKeys = publicKeys;
|
"wg-quick-home-privkey.age".publicKeys = publicKeys;
|
||||||
"wg-quick-home-preshared-key.age".publicKeys = publicKeys;
|
"wg-quick-home-preshared-key.age".publicKeys = publicKeys;
|
||||||
"sue_ed25519.age".publicKeys = publicKeys;
|
|
||||||
"sue_azure_rsa.age".publicKeys = publicKeys;
|
|
||||||
"syncthing-key.pem.age".publicKeys = publicKeys;
|
"syncthing-key.pem.age".publicKeys = publicKeys;
|
||||||
"syncthing-cert.pem.age".publicKeys = publicKeys;
|
"syncthing-cert.pem.age".publicKeys = publicKeys;
|
||||||
"common-pg-tfbackend.age".publicKeys = publicKeys;
|
|
||||||
"ansible-vault-secret.age".publicKeys = publicKeys;
|
|
||||||
"powerdns-api-key.json.age".publicKeys = publicKeys;
|
|
||||||
"keepassxc.ini.age".publicKeys =
|
"keepassxc.ini.age".publicKeys =
|
||||||
publicKeys; # Secret agent causes private keys in config file.
|
publicKeys; # Secret agent causes private keys in config file.
|
||||||
"postgresql_client.key.age".publicKeys = publicKeys;
|
|
||||||
}
|
}
|
||||||
|
|
Binary file not shown.
Binary file not shown.
Loading…
Reference in a new issue