107 lines
2.7 KiB
Nix
107 lines
2.7 KiB
Nix
{
|
|
self,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}: let
|
|
sops = lib.getExe pkgs.sops;
|
|
in {
|
|
config = {
|
|
pim = {
|
|
lanzaboote.enable = true;
|
|
tidal.enable = true;
|
|
gnome.enable = true;
|
|
stylix.enable = true;
|
|
wireguard.enable = true;
|
|
compliance.enable = true;
|
|
};
|
|
|
|
users.users.pim = {
|
|
isNormalUser = true;
|
|
extraGroups = ["wheel" "docker" "input" "wireshark" "dialout"];
|
|
};
|
|
|
|
deployment = {
|
|
allowLocalDeployment = true;
|
|
targetHost = null;
|
|
tags = ["desktop"];
|
|
|
|
keys = {
|
|
# TODO: Create macro for this
|
|
root-sops-age-key = {
|
|
keyCommand = ["sudo" sops "--extract" "[\"sops_age_key\"]" "-d" "${self}/machines/sue/nixos.sops.yaml"];
|
|
name = "keys.txt";
|
|
destDir = "/root/.config/sops/age";
|
|
};
|
|
|
|
pim-sops-age-key = {
|
|
keyCommand = ["sudo" sops "--extract" "[\"sops_age_key\"]" "-d" "${self}/machines/sue/home.sops.yaml"];
|
|
name = "keys.txt";
|
|
destDir = "/home/pim/.config/sops/age";
|
|
user = "pim";
|
|
group = "users";
|
|
};
|
|
};
|
|
};
|
|
|
|
services.tailscale.enable = true;
|
|
facter.reportPath = ./facter.json;
|
|
home-manager.users.pim.imports = [./pim.home.nix];
|
|
networking.hostName = "sue";
|
|
nix.settings.trusted-users = ["pim"];
|
|
|
|
sops = {
|
|
age.keyFile = "/root/.config/sops/age/keys.txt";
|
|
defaultSopsFile = ./nixos.sops.yaml;
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
borgbackup
|
|
kubectl
|
|
nmap
|
|
poppler_utils # For pdfunite
|
|
silicon
|
|
units
|
|
];
|
|
|
|
virtualisation.docker = {
|
|
enable = true;
|
|
rootless = {
|
|
enable = true;
|
|
setSocketVariable = true;
|
|
};
|
|
};
|
|
|
|
swapDevices = [{device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b";}];
|
|
fileSystems = {
|
|
"/" = {
|
|
device = "/dev/disk/by-uuid/31638735-5cc4-4013-8037-17e30edcbb0a";
|
|
fsType = "ext4";
|
|
};
|
|
|
|
"/boot" = {
|
|
device = "/dev/disk/by-uuid/560E-F8A2";
|
|
fsType = "vfat";
|
|
options = ["fmask=0022" "dmask=0022"];
|
|
};
|
|
};
|
|
|
|
nix.settings = {
|
|
substituters = ["https://cosmic.cachix.org/"];
|
|
trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="];
|
|
};
|
|
|
|
boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494";
|
|
|
|
# specialisation.cosmic.configuration = {
|
|
# imports = [
|
|
# inputs.nixos-cosmic.nixosModules.default
|
|
# ];
|
|
|
|
# services = {
|
|
# desktopManager.cosmic.enable = true;
|
|
# displayManager.cosmic-greeter.enable = true;
|
|
# };
|
|
# };
|
|
};
|
|
}
|