From afcc583dcf54e18708194672f0a6f44cb53b220e Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Sun, 9 Jun 2024 22:00:47 +0200 Subject: [PATCH] Reorganize and refactor project --- configuration.nix | 34 ++++- flake.nix | 42 ++---- home-manager/bash/default.nix | 20 --- home-manager/bat/default.nix | 7 - home-manager/direnv/default.nix | 9 -- home-manager/fzf/default.nix | 8 -- home-manager/git/default.nix | 18 --- home-manager/postgresql_client.crt | 17 --- home-manager/postgresql_server.crt | 67 --------- home-manager/ssh/default.nix | 30 ---- home-manager/thunderbird/default.nix | 8 -- home-manager/default.nix => home.nix | 130 +++++++++++------- .../home-manager}/firefox/addons.json | 0 .../home-manager}/firefox/addons.nix | 0 .../home-manager}/firefox/custom-addons.nix | 0 .../home-manager}/firefox/default.nix | 0 .../home-manager}/keepassxc/default.nix | 5 +- .../home-manager}/neovim/bufferline.lua | 0 .../home-manager}/neovim/cmp.lua | 0 .../home-manager}/neovim/commentary.lua | 0 .../home-manager}/neovim/core.lua | 0 .../home-manager}/neovim/default.nix | 0 .../home-manager}/neovim/leap.lua | 0 .../home-manager}/neovim/lspconfig.lua | 0 .../home-manager}/neovim/none-ls.lua | 0 .../home-manager}/neovim/telescope.lua | 0 .../home-manager}/neovim/treesitter.lua | 0 .../home-manager}/syncthing/default.nix | 6 +- secrets/ansible-vault-secret.age | Bin 513 -> 0 bytes secrets/common-pg-tfbackend.age | 12 -- secrets/postgresql_client.key.age | Bin 2091 -> 0 bytes secrets/powerdns-api-key.json.age | 11 -- secrets/secrets.nix | 6 - secrets/sue_azure_rsa.age | Bin 3053 -> 0 bytes secrets/sue_ed25519.age | Bin 752 -> 0 bytes 35 files changed, 130 insertions(+), 300 deletions(-) delete mode 100644 home-manager/bash/default.nix delete mode 100644 home-manager/bat/default.nix delete mode 100644 home-manager/direnv/default.nix delete mode 100644 home-manager/fzf/default.nix delete mode 100644 home-manager/git/default.nix delete mode 100644 home-manager/postgresql_client.crt delete mode 100644 home-manager/postgresql_server.crt delete mode 100644 home-manager/ssh/default.nix delete mode 100644 home-manager/thunderbird/default.nix rename home-manager/default.nix => home.nix (66%) rename {home-manager => modules/home-manager}/firefox/addons.json (100%) rename {home-manager => modules/home-manager}/firefox/addons.nix (100%) rename {home-manager => modules/home-manager}/firefox/custom-addons.nix (100%) rename {home-manager => modules/home-manager}/firefox/default.nix (100%) rename {home-manager => modules/home-manager}/keepassxc/default.nix (68%) rename {home-manager => modules/home-manager}/neovim/bufferline.lua (100%) rename {home-manager => modules/home-manager}/neovim/cmp.lua (100%) rename {home-manager => modules/home-manager}/neovim/commentary.lua (100%) rename {home-manager => modules/home-manager}/neovim/core.lua (100%) rename {home-manager => modules/home-manager}/neovim/default.nix (100%) rename {home-manager => modules/home-manager}/neovim/leap.lua (100%) rename {home-manager => modules/home-manager}/neovim/lspconfig.lua (100%) rename {home-manager => modules/home-manager}/neovim/none-ls.lua (100%) rename {home-manager => modules/home-manager}/neovim/telescope.lua (100%) rename {home-manager => modules/home-manager}/neovim/treesitter.lua (100%) rename {home-manager => modules/home-manager}/syncthing/default.nix (67%) delete mode 100644 secrets/ansible-vault-secret.age delete mode 100644 secrets/common-pg-tfbackend.age delete mode 100644 secrets/postgresql_client.key.age delete mode 100644 secrets/powerdns-api-key.json.age delete mode 100644 secrets/sue_azure_rsa.age delete mode 100644 secrets/sue_ed25519.age diff --git a/configuration.nix b/configuration.nix index 2478933..c450893 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,6 +1,14 @@ -{ pkgs, config, lib, inputs, ... }: { +{ pkgs, config, lib, inputs, flake, system, ... }: { + imports = [ + inputs.stylix.nixosModules.stylix + inputs.agenix.nixosModules.default + inputs.home-manager.nixosModules.home-manager + "${flake}/modules/nixos/lanzaboote.nix" + ]; + time.timeZone = "Europe/Amsterdam"; i18n.defaultLocale = "en_US.UTF-8"; + programs.ssh.startAgent = true; services = { gnome.gnome-keyring.enable = lib.mkForce false; @@ -46,6 +54,7 @@ dig gnomeExtensions.pop-shell gnome.gnome-shell-extensions + gnomeExtensions.window-is-ready-remover ]; gnome.excludePackages = with pkgs; with pkgs.gnome; [ totem @@ -68,8 +77,6 @@ ''; }; - programs.ssh.startAgent = true; - security = { rtkit.enable = true; @@ -153,6 +160,16 @@ permittedInsecurePackages = [ "electron-25.9.0" ]; allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "vmware-horizon-client" "libfprint-2-tod1-goodix" "vmware-workstation" ]; }; + + overlays = [ + inputs.nur.overlay + (final: _prev: { + unstable = import inputs.nixpkgs-unstable { + inherit system; + config.allowUnfree = true; + }; + }) + ]; }; boot = { @@ -201,4 +218,15 @@ }; }; }; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + extraSpecialArgs.flake = flake; + + users.pim.imports = [ + ./home.nix + inputs.homeage.homeManagerModules.homeage + ]; + }; } diff --git a/flake.nix b/flake.nix index d503413..a505d34 100644 --- a/flake.nix +++ b/flake.nix @@ -42,45 +42,21 @@ }; outputs = - { nixpkgs - , nixpkgs-unstable - , home-manager - , homeage - , agenix - , nur - , nixos-hardware - , stylix + { self + , nixpkgs , ... }@inputs: let mkNixosSystem = extraModule: nixpkgs.lib.nixosSystem rec { system = "x86_64-linux"; - specialArgs = { inherit inputs; }; + + specialArgs = { + inherit inputs system; + flake = self; + }; modules = [ - { - nixpkgs.overlays = [ - nur.overlay - (final: _prev: { - unstable = import nixpkgs-unstable { - inherit system; - config.allowUnfree = true; - }; - }) - ]; - } ./configuration.nix - stylix.nixosModules.stylix - ./modules/nixos/lanzaboote.nix - agenix.nixosModules.default - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.pim = { - imports = [ ./home-manager homeage.homeManagerModules.homeage ]; - }; - } extraModule ]; }; @@ -88,7 +64,7 @@ { nixosConfigurations = { x260 = mkNixosSystem ({ pkgs, lib, ... }: { - imports = [ nixos-hardware.nixosModules.lenovo-thinkpad-x260 ]; + imports = [ inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x260 ]; config = { pim.lanzaboote.enable = true; @@ -170,7 +146,7 @@ }); sue = mkNixosSystem ({ ... }: { - imports = [ nixos-hardware.nixosModules.dell-xps-13-9310 ]; + imports = [ inputs.nixos-hardware.nixosModules.dell-xps-13-9310 ]; config = { pim.lanzaboote.enable = true; diff --git a/home-manager/bash/default.nix b/home-manager/bash/default.nix deleted file mode 100644 index 9ed9b2e..0000000 --- a/home-manager/bash/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - config = { - programs.bash = { - enable = true; - shellAliases = { - htop = "btop"; - gp = "git push"; - gco = "git checkout"; - gd = "git diff"; - gc = "git commit"; - gpl = "git pull"; - gb = "git branch"; - ga = "git add"; - gl = "git log"; - gs = "git status"; - tf = "tofu"; - }; - }; - }; -} diff --git a/home-manager/bat/default.nix b/home-manager/bat/default.nix deleted file mode 100644 index 42521fb..0000000 --- a/home-manager/bat/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - config = { - programs.bat = { - enable = true; - }; - }; -} diff --git a/home-manager/direnv/default.nix b/home-manager/direnv/default.nix deleted file mode 100644 index fd12478..0000000 --- a/home-manager/direnv/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - config = { - programs.direnv = { - enable = true; - enableBashIntegration = true; - nix-direnv.enable = true; - }; - }; -} diff --git a/home-manager/fzf/default.nix b/home-manager/fzf/default.nix deleted file mode 100644 index 383f47e..0000000 --- a/home-manager/fzf/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - config = { - programs.fzf = { - enable = true; - enableBashIntegration = true; - }; - }; -} diff --git a/home-manager/git/default.nix b/home-manager/git/default.nix deleted file mode 100644 index cf6c930..0000000 --- a/home-manager/git/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - config = { - programs.git = { - enable = true; - userName = "Pim Kunis"; - userEmail = "pim@kunis.nl"; - extraConfig = { - push.autoSetupRemote = true; - commit.verbose = true; - pull.rebase = true; - }; - includes = [{ - path = "~/git/suecode/.gitconfig"; - condition = "gitdir:~/git/suecode/**"; - }]; - }; - }; -} diff --git a/home-manager/postgresql_client.crt b/home-manager/postgresql_client.crt deleted file mode 100644 index b4710e8..0000000 --- a/home-manager/postgresql_client.crt +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICrzCCAZcCFApupXAa2tPytpi3av47+az0Ggb4MA0GCSqGSIb3DQEBCwUAMBQx -EjAQBgNVBAMMCWplZmtlLmh5cDAeFw0yMzExMjQyMjAzMjhaFw0yNDExMjMyMjAz -MjhaMBQxEjAQBgNVBAMMCXRlcnJhZm9ybTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBALeJ/fYUCmwislUw4XcCxivCUuWuUWI+t/nke9/hWEWTmDG4Z7/a -IAKqsGk0zNATQViAXmYZwdYK70AKQhxat3OJcuZarsurOXVjVJdT4Wr5SxHGHjd0 -bwd8JzFZPIfgYCILCISFjCIfpD58kBq2bkvI4rpn4tb2iPunXp0+S8iHDMB5wAOb -FgT0muuz9ua4R76nq79O9wLbAVf38CDR9bMGcPcKknz0sl37jr7A/pDvQzpFWO33 -eJb64b7Qe4CHslWFj1tdEkXaMpMNWHhc2TmtLtlt6a+RY1R9KdX5x0lQTyJnEwJZ -8YTKnlMoNvkfBznuARFmNNmUYPoHE6WgonMCAwEAATANBgkqhkiG9w0BAQsFAAOC -AQEAaH1HVPThhAkrXE4Zmh49D1zvq5uy6moV326/ovnPQfco2jYBYO5mYxBF32mx -ShEanbJJKkFjWkQHmsWt7nrkeloz6q8sD19nLyyWmMj0Pd6wcLv017Zdo902fh27 -Rl8qZS44vEc+N/5gc2eINMfXm/JOdXYntOVpFO/I+6b9Q2iWFX3YUAXiIDiEYBvS -BBqyXC2nVg6Lp1KVg+EaYW27sj8b5HHXnpEGdXduVmOWttdaQVjYslqmH7mUKi9f -2U9FicMvw6KvkRki+SLKeZr2yIP1QQOnWg0BPbeCpMfdMSu/AtLkAtugZeT8p1Ko -3hMMyKKzyyhiwpzvk21QFNZ5LA== ------END CERTIFICATE----- diff --git a/home-manager/postgresql_server.crt b/home-manager/postgresql_server.crt deleted file mode 100644 index e6bb806..0000000 --- a/home-manager/postgresql_server.crt +++ /dev/null @@ -1,67 +0,0 @@ -Certificate: - Data: - Version: 1 (0x0) - Serial Number: - ef:2f:4d:d4:26:7e:33:1b - Signature Algorithm: sha256WithRSAEncryption - Issuer: CN=jefke.hyp - Validity - Not Before: Nov 22 19:12:03 2023 GMT - Not After : Oct 29 19:12:03 2123 GMT - Subject: CN=jefke.hyp - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public-Key: (2048 bit) - Modulus: - 00:c7:ab:eb:9c:d0:7f:4f:f1:ba:65:0a:8b:07:7b: - 2e:5b:f0:26:82:33:c9:73:e6:91:cc:11:94:05:1c: - 8d:67:29:cb:5e:67:35:02:80:54:af:99:4b:aa:ce: - e8:56:62:be:63:cb:b2:4a:b0:a9:28:12:e2:77:50: - 7d:d5:d2:3b:48:d8:32:59:25:26:ff:a6:5c:f6:eb: - ae:5b:3d:7a:14:10:ba:90:9c:6f:1f:b9:d8:99:0e: - b7:09:5e:62:69:c4:c0:c6:27:b0:d3:60:0d:47:4c: - a5:11:53:f2:f1:4a:f9:a6:bc:d6:a3:35:a2:e8:e5: - a9:d1:60:e8:e5:18:ce:d2:60:80:4e:dc:48:ae:7f: - b7:ea:76:51:28:39:a4:b0:95:82:95:93:98:b2:9f: - 23:c9:81:69:59:a3:e4:f7:5a:1c:01:31:96:c1:4b: - 59:21:f8:a2:e6:9e:21:78:0e:6b:c1:68:c7:5c:16: - 9a:06:54:df:b6:77:1d:2d:89:d0:c8:9e:db:b5:d4: - 8c:fb:b9:4f:b7:6e:39:5f:39:8e:48:73:76:7d:46: - 6e:1f:8d:14:cb:40:b5:ff:c6:f0:c0:44:3c:ed:52: - 3f:4f:7b:69:63:93:c6:41:e6:5e:ed:33:50:20:46: - db:93:bf:e8:52:51:95:f1:81:73:58:da:67:21:7b: - 12:bd - Exponent: 65537 (0x10001) - Signature Algorithm: sha256WithRSAEncryption - aa:5c:89:41:a6:b7:3d:65:87:ca:50:c4:f3:58:aa:d3:b4:55: - b1:a7:8d:18:26:17:e5:8a:21:24:a1:49:53:77:31:5b:55:63: - be:01:d8:fe:b7:06:7c:da:07:1f:94:6a:de:96:ad:ca:3b:20: - 2a:e1:35:90:19:83:6d:37:d1:15:12:de:3c:0e:46:be:66:a1: - 6a:1d:ec:72:dc:46:79:69:e4:af:77:c8:ff:cd:d6:7d:16:88: - ab:44:fd:70:fc:40:47:ff:43:95:11:5a:9a:56:0c:d2:dd:7c: - 3b:87:aa:10:26:fa:25:a3:a0:43:8a:1b:ec:54:11:7e:65:67: - d2:06:e1:3e:3b:e1:0e:b0:80:ef:4b:35:3f:fc:34:1d:95:2e: - ee:c1:67:38:da:b3:74:86:4b:95:8c:0c:1d:51:28:c1:42:e9: - 77:68:d7:ec:3b:66:30:c6:e5:2a:62:ea:15:fb:24:56:cf:02: - d0:25:54:a7:58:15:b5:2a:71:93:56:c0:69:7a:36:18:6c:31: - b1:8e:3c:77:d7:77:ac:fc:e1:94:c5:08:bb:35:ac:48:5f:6b: - 8b:c8:c8:78:f4:a9:ca:4f:9d:51:54:89:97:c9:af:a1:fa:71: - df:58:f6:ff:04:7c:c8:1c:95:6b:1a:e3:a7:f6:43:1c:27:94: - 10:03:ce:ec ------BEGIN CERTIFICATE----- -MIICpjCCAY4CCQDvL03UJn4zGzANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlq -ZWZrZS5oeXAwIBcNMjMxMTIyMTkxMjAzWhgPMjEyMzEwMjkxOTEyMDNaMBQxEjAQ -BgNVBAMMCWplZmtlLmh5cDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMer65zQf0/xumUKiwd7LlvwJoIzyXPmkcwRlAUcjWcpy15nNQKAVK+ZS6rO6FZi -vmPLskqwqSgS4ndQfdXSO0jYMlklJv+mXPbrrls9ehQQupCcbx+52JkOtwleYmnE -wMYnsNNgDUdMpRFT8vFK+aa81qM1oujlqdFg6OUYztJggE7cSK5/t+p2USg5pLCV -gpWTmLKfI8mBaVmj5PdaHAExlsFLWSH4ouaeIXgOa8Fox1wWmgZU37Z3HS2J0Mie -27XUjPu5T7duOV85jkhzdn1Gbh+NFMtAtf/G8MBEPO1SP097aWOTxkHmXu0zUCBG -25O/6FJRlfGBc1jaZyF7Er0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqlyJQaa3 -PWWHylDE81iq07RVsaeNGCYX5YohJKFJU3cxW1VjvgHY/rcGfNoHH5Rq3patyjsg -KuE1kBmDbTfRFRLePA5Gvmahah3sctxGeWnkr3fI/83WfRaIq0T9cPxAR/9DlRFa -mlYM0t18O4eqECb6JaOgQ4ob7FQRfmVn0gbhPjvhDrCA70s1P/w0HZUu7sFnONqz -dIZLlYwMHVEowULpd2jX7DtmMMblKmLqFfskVs8C0CVUp1gVtSpxk1bAaXo2GGwx -sY48d9d3rPzhlMUIuzWsSF9ri8jIePSpyk+dUVSJl8mvofpx31j2/wR8yByVaxrj -p/ZDHCeUEAPO7A== ------END CERTIFICATE----- diff --git a/home-manager/ssh/default.nix b/home-manager/ssh/default.nix deleted file mode 100644 index a6a91b2..0000000 --- a/home-manager/ssh/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, lib, ... }: { - config = { - programs.ssh = { - enable = true; - extraConfig = "User root"; - - matchBlocks = { - github = lib.hm.dag.entryBefore [ "*" ] { - hostname = "github.com"; - user = "pizzapim"; - identitiesOnly = true; - }; - lewis = lib.hm.dag.entryBefore [ "*" ] { hostname = "lewis.dmz"; }; - atlas = lib.hm.dag.entryBefore [ "*" ] { hostname = "atlas.dmz"; }; - jefke = lib.hm.dag.entryBefore [ "*" ] { hostname = "jefke.dmz"; }; - warwick = lib.hm.dag.entryBefore [ "*" ] { hostname = "warwick.dmz"; }; - }; - }; - - homeage.file."sue_ed25519" = { - source = ../../secrets/sue_ed25519.age; - symlinks = [ "${config.home.homeDirectory}/.ssh/sue_ed25519" ]; - }; - - homeage.file."sue_azure_rsa" = { - source = ../../secrets/sue_azure_rsa.age; - symlinks = [ "${config.home.homeDirectory}/.ssh/sue_azure_rsa" ]; - }; - }; -} diff --git a/home-manager/thunderbird/default.nix b/home-manager/thunderbird/default.nix deleted file mode 100644 index fb96bca..0000000 --- a/home-manager/thunderbird/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - config = { - programs.thunderbird = { - enable = true; - profiles.default = { isDefault = true; }; - }; - }; -} diff --git a/home-manager/default.nix b/home.nix similarity index 66% rename from home-manager/default.nix rename to home.nix index 3298323..d4a247c 100644 --- a/home-manager/default.nix +++ b/home.nix @@ -1,18 +1,15 @@ { pkgs, lib, config, ... }: { imports = [ - ./bash - ./neovim - ./firefox - ./ssh - ./syncthing - ./keepassxc - ./git - ./direnv - ./thunderbird - ./fzf - ./bat + ./modules/home-manager/neovim + ./modules/home-manager/firefox + ./modules/home-manager/syncthing + ./modules/home-manager/keepassxc ]; + # Let home-manager manage the X session + xsession.enable = true; + xdg.userDirs.enable = true; + home = { username = "pim"; homeDirectory = "/home/pim"; @@ -64,6 +61,72 @@ home-manager.enable = true; chromium.enable = true; alacritty.enable = true; + bat.enable = true; + + thunderbird = { + enable = true; + profiles.default = { isDefault = true; }; + }; + + direnv = { + enable = true; + enableBashIntegration = true; + nix-direnv.enable = true; + }; + + fzf = { + enable = true; + enableBashIntegration = true; + }; + + bash = { + enable = true; + shellAliases = { + htop = "btop"; + gp = "git push"; + gco = "git checkout"; + gd = "git diff"; + gc = "git commit"; + gpl = "git pull"; + gb = "git branch"; + ga = "git add"; + gl = "git log"; + gs = "git status"; + tf = "tofu"; + }; + }; + + ssh = { + enable = true; + extraConfig = "User root"; + + matchBlocks = { + github = lib.hm.dag.entryBefore [ "*" ] { + hostname = "github.com"; + user = "pizzapim"; + identitiesOnly = true; + }; + lewis = lib.hm.dag.entryBefore [ "*" ] { hostname = "lewis.dmz"; }; + atlas = lib.hm.dag.entryBefore [ "*" ] { hostname = "atlas.dmz"; }; + jefke = lib.hm.dag.entryBefore [ "*" ] { hostname = "jefke.dmz"; }; + warwick = lib.hm.dag.entryBefore [ "*" ] { hostname = "warwick.dmz"; }; + }; + }; + + git = { + enable = true; + userName = "Pim Kunis"; + userEmail = "pim@kunis.nl"; + extraConfig = { + push.autoSetupRemote = true; + commit.verbose = true; + pull.rebase = true; + }; + includes = [{ + path = "~/git/suecode/.gitconfig"; + condition = "gitdir:~/git/suecode/**"; + }]; + }; # Currently, it is not possible to have Home Manager manage Liberwolf extensions. # There is a draft PR which addresses this: @@ -81,6 +144,7 @@ # - refined-github librewolf = { enable = true; + settings = { "identity.fxaccounts.enabled" = true; "privacy.clearOnShutdown.history" = false; @@ -92,50 +156,24 @@ }; }; - # Let home-manager manage the X session - xsession = { enable = true; }; - - xdg = { - userDirs.enable = true; - configFile."home/postgresql_server.crt".source = ./postgresql_server.crt; - configFile."home/postgresql_client.crt".source = ./postgresql_client.crt; - }; - homeage = { identityPaths = [ "/home/pim/.ssh/age_ed25519" ]; installationType = "systemd"; - - file."common-pg-tfbackend" = { - source = ../secrets/common-pg-tfbackend.age; - symlinks = [ "${config.xdg.configHome}/home/common.pg.tfbackend" ]; - }; - - file."ansible-vault-secret" = { - source = ../secrets/ansible-vault-secret.age; - symlinks = [ "${config.xdg.configHome}/home/ansible-vault-secret" ]; - }; - - file."powerdns-api-key" = { - source = ../secrets/powerdns-api-key.json.age; - symlinks = [ "${config.xdg.configHome}/home/powerdns-api-key.json" ]; - }; - - file."postgresql_client.key" = { - source = ../secrets/postgresql_client.key.age; - symlinks = [ "${config.xdg.configHome}/home/postgresql_client.key" ]; - }; }; - fonts.fontconfig.enable = true; - dconf.settings = with lib.hm.gvariant; { "org/gnome/desktop/sound".allow-volume-above-100-percent = true; "org.gnome.desktop.wm.preferences".auto-raise = true; - "org/gnome/shell".enabled-extensions = [ - "workspace-indicator@gnome-shell-extensions.gcampax.github.com" - "pop-shell@system76.com" - ]; + "org/gnome/shell" = { + "disable-extension-version-validation" = true; + + enabled-extensions = [ + "workspace-indicator@gnome-shell-extensions.gcampax.github.com" + "pop-shell@system76.com" + "windowIsReady_Remover@nunofarruca@gmail.com" + ]; + }; "org/gnome/desktop/input-sources" = { sources = [ (mkTuple [ "xkb" "us" ]) ]; diff --git a/home-manager/firefox/addons.json b/modules/home-manager/firefox/addons.json similarity index 100% rename from home-manager/firefox/addons.json rename to modules/home-manager/firefox/addons.json diff --git a/home-manager/firefox/addons.nix b/modules/home-manager/firefox/addons.nix similarity index 100% rename from home-manager/firefox/addons.nix rename to modules/home-manager/firefox/addons.nix diff --git a/home-manager/firefox/custom-addons.nix b/modules/home-manager/firefox/custom-addons.nix similarity index 100% rename from home-manager/firefox/custom-addons.nix rename to modules/home-manager/firefox/custom-addons.nix diff --git a/home-manager/firefox/default.nix b/modules/home-manager/firefox/default.nix similarity index 100% rename from home-manager/firefox/default.nix rename to modules/home-manager/firefox/default.nix diff --git a/home-manager/keepassxc/default.nix b/modules/home-manager/keepassxc/default.nix similarity index 68% rename from home-manager/keepassxc/default.nix rename to modules/home-manager/keepassxc/default.nix index f06673f..eff97f3 100644 --- a/home-manager/keepassxc/default.nix +++ b/modules/home-manager/keepassxc/default.nix @@ -1,8 +1,9 @@ -{ pkgs, config, ... }: { +{ pkgs, config, flake, ... }: { config = { home.packages = [ pkgs.unstable.keepassxc ]; + homeage.file."keepassxc.ini" = { - source = ../../secrets/keepassxc.ini.age; + source = "${flake}/secrets/keepassxc.ini.age"; symlinks = [ "${config.xdg.configHome}/keepassxc/keepassxc.ini" ]; }; }; diff --git a/home-manager/neovim/bufferline.lua b/modules/home-manager/neovim/bufferline.lua similarity index 100% rename from home-manager/neovim/bufferline.lua rename to modules/home-manager/neovim/bufferline.lua diff --git a/home-manager/neovim/cmp.lua b/modules/home-manager/neovim/cmp.lua similarity index 100% rename from home-manager/neovim/cmp.lua rename to modules/home-manager/neovim/cmp.lua diff --git a/home-manager/neovim/commentary.lua b/modules/home-manager/neovim/commentary.lua similarity index 100% rename from home-manager/neovim/commentary.lua rename to modules/home-manager/neovim/commentary.lua diff --git a/home-manager/neovim/core.lua b/modules/home-manager/neovim/core.lua similarity index 100% rename from home-manager/neovim/core.lua rename to modules/home-manager/neovim/core.lua diff --git a/home-manager/neovim/default.nix b/modules/home-manager/neovim/default.nix similarity index 100% rename from home-manager/neovim/default.nix rename to modules/home-manager/neovim/default.nix diff --git a/home-manager/neovim/leap.lua b/modules/home-manager/neovim/leap.lua similarity index 100% rename from home-manager/neovim/leap.lua rename to modules/home-manager/neovim/leap.lua diff --git a/home-manager/neovim/lspconfig.lua b/modules/home-manager/neovim/lspconfig.lua similarity index 100% rename from home-manager/neovim/lspconfig.lua rename to modules/home-manager/neovim/lspconfig.lua diff --git a/home-manager/neovim/none-ls.lua b/modules/home-manager/neovim/none-ls.lua similarity index 100% rename from home-manager/neovim/none-ls.lua rename to modules/home-manager/neovim/none-ls.lua diff --git a/home-manager/neovim/telescope.lua b/modules/home-manager/neovim/telescope.lua similarity index 100% rename from home-manager/neovim/telescope.lua rename to modules/home-manager/neovim/telescope.lua diff --git a/home-manager/neovim/treesitter.lua b/modules/home-manager/neovim/treesitter.lua similarity index 100% rename from home-manager/neovim/treesitter.lua rename to modules/home-manager/neovim/treesitter.lua diff --git a/home-manager/syncthing/default.nix b/modules/home-manager/syncthing/default.nix similarity index 67% rename from home-manager/syncthing/default.nix rename to modules/home-manager/syncthing/default.nix index 590e2c4..71c0836 100644 --- a/home-manager/syncthing/default.nix +++ b/modules/home-manager/syncthing/default.nix @@ -1,14 +1,14 @@ -{ config, ... }: { +{ config, flake, ... }: { config = { services.syncthing.enable = true; homeage.file."syncthing-key.pem" = { - source = ../../secrets/syncthing-key.pem.age; + source = "${flake}/secrets/syncthing-key.pem.age"; symlinks = [ "${config.xdg.configHome}/syncthing/key.pem" ]; }; homeage.file."syncthing-cert.pem" = { - source = ../../secrets/syncthing-cert.pem.age; + source = "${flake}/secrets/syncthing-cert.pem.age"; symlinks = [ "${config.xdg.configHome}/syncthing/cert.pem" ]; }; }; diff --git a/secrets/ansible-vault-secret.age b/secrets/ansible-vault-secret.age deleted file mode 100644 index 046d64ad9b09e02db38961b728fc72911d80a3b9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 513 zcmZ9|JFC-B003YS6mK_OTm*xQN{C5Lo?V2rO>WZ1ZPGT)Lwmikk35^CNqbJ4K^z<$ zM4c5^C;bzGAa2eMItccT;;g8vzu<$<^XJ4ooff-%9cJmRtnf)l*NEF#Sq8*>1~`tc zV_iu%5yEs&WY{bdjyff$Wb)YM-FB4KVcoWJkdlRIqeP*)eYF|az*5_Jraa0P&>hZN zW>_Gdb`h#(BT7o_air=UK@`?xF#TVH4L9O^EJ^I1l_-%BG@3z0Q-!z)QnSO^jTO`s zkRI|(v!WfxL8vxhZO-+ETV@06I-hd3Qp5l<38m&oEIYNF@hD1L6 ssh-ed25519 LAPUww i6BkkMy9gSSVZ+L+EMYSLakp1qA4yOGbEkLrO4Ddbxs -FsoRnCiPsJEKQj+2iJaqn+BbU+bFMAkReRotiV+0WCs --> ssh-ed25519 vBZj5g +6YFp3yYXSEzRMXu7WyURkJk/cA87irnW5FpKRYnGSA -dJkMmnxyVEv/S9FmCrRkrYDCh+OwXK+UYno3ncr5nOk --> 6gQa-grease Yt+ucm#U |9mIdoTgR7zMyb5K}9bYpmLMmJM(ZAdqHD|C5EF;xm}NLOKMD@Zjq zZb5lhN<=wKMNV35MQVC7Z)G=Pc3Mq!d1QKTPgGP*GeHV1J|J^*Xf0)AGBq_ZIUsgI zT52_CATwGta(QHNN@6uqN_a?4L~uBBVpds2Z#Q>wS$bJeHF8KxPGxIMVohvs3PUqZ zK}~o_V^V8)NOo6uT4P6TZ#hb2HgaV|LqS(kQc!MWLV9IEGE#AC3N1b$M=fV^Wnpt= z3UxDMYH3JuOE7jsSW#(gV|qwAS5?8L*LwchY#8{>RskQB6z!HN=DuYKTv!RTv9NjJW%9-HyVvZsDuh;Qc$@{)ACIHB8$p`$$8 z)eDqeP%25qL6kc`<)v|YZ9{bzS*a?VR5D;EK=fc4D`ZA(1-q+X;UtFY3jK^Cg}Q6+tGh*|$DY3?qmIYXQyDifiLgXsb#wrpR~lBXwoW<l)KX9Ul`g+e5Wg;+KVhMh>l!n7JccwLCV_#_2UW_g8tY7X#w4C)tgASAvJT z5)Br~Y{l??m^wXU?3wGGs-vi(a}+R>>lNlLSSEcR%@atP7(uQf+`@s&2q@sz!;I`l zQS@hJBK{r#Dazc@QV1Z@N6>tuHj=CJRDk-k(7d)>@D^`qY_T!SEaDPj?jW?5HhoWv z)k9|G4YU_}M2<&^G-33(e8TE(`sAq*tm!)wGZ=Kf(9#NKOHcHA`$r%JTDTEDl7NdT zit^o@c*sY;x3#*9qZT18=JC zvNd(6IC${Aud^;SouEfZKie`G*rmUyV+!#h_+r#MOYCvM!E4m zw6j?Dk>;K?2o9Tci^`36-;yaC7G(XfIKGV&*%yk9g8HNd4l~< za-M`y*e597Q+%9e-iPvAv10w%^)(f;it3DJkeYj!UOTqvGUUUEZ@yv)QAuwMS>^6z zklud%5izLZ#Z}FsLie1dG=1Nj&Rgpms)QLUVZRe{MQx`BpUB+xo1ZDQ=9vQ($Lj=` zruxy>6zO}ceeZ6Z;E2vEwKK;ZP3l7VbBq*#vNBkIro)6l{GZ0DTcd)M>w%7(a%G~W z5W>XpqBa|*^6rKEK2zb(r6MrBu2&Hlvwr%3Ckbz6iVSUKDSvbH9rng34~*=#9-=q~ zFUomW5W+LrRDFiGW3Jfv&JEi(dnldlYYb5*t24wwySgn5TxFr273A^%V4YRw^qA)32x7vOqvgxGY~U$totcgR51)=5q$@ab$vYHgSr0P8BjqrRUJl$ z<6(Gb#=n{Z8TaV?-&t?a#PjtB5VYi ztV79T7!D(k)54ts(9p7fnQN~-Rueznnw$i={+3HVLe$gX$6go%IgGe2n2j4M1;|+0 zogzXz2Ub$V_;bJEDQ9Bz5Z*)TYaI)QaR&X?Bl5V)_#ih=y6GO8PG?Fikh45I zY)e+bwA4`;S@lSp)*=Jlh%o8?RX?@CqNDM;u`Q7%xa(;$KM_@$u1w3sGWhd-6Cy^d zI|h}DuAHYalVQuDl5qp&ze4sM3vWyft56|Cj+Mhufir{pEx-g0mn4l^Q<;H?%>YW6 z)6lS*i&yxbj ssh-ed25519 LAPUww NnvaPUzk3WjwC3nu7T47DXtNqDuysbgAccdF1kWO5yQ -XYX2GfZSHrnhoKutbqVxB9zghbl1kZDyOTphUXvt8oQ --> ssh-ed25519 vBZj5g mpi+OE3ST+mP05IKimQrwOZxOaDgeUUoKujOOSXEljQ -kwHkJu14Xpqgd4POeuLLcbech+Kh2XSfBed3M1Cu8DA --> =6-grease C`Yq5 Y2 4 -8sgSLLYCXkFRy0SFfNH0fhb14HonKVpVfkc1rc7sC7bXVXi8FGri/d/AW42G2J9m -W/FfhKnGBAOj1cA/wPw4cqCcQKbux78C7BdN6EfrF+ddzF+n98EwtBJ/cjzRky+A -FJJY ---- sytjLDBFLb2VqtF3LSiSS1Nxb56oNtx2AGzhYCPItW8 -.r-҆/ BD$լFFЙS/M i/# q%u7͟6rW e?i,[Y9 \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 1900029..e542a9a 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -9,14 +9,8 @@ in { "wg-quick-home-privkey.age".publicKeys = publicKeys; "wg-quick-home-preshared-key.age".publicKeys = publicKeys; - "sue_ed25519.age".publicKeys = publicKeys; - "sue_azure_rsa.age".publicKeys = publicKeys; "syncthing-key.pem.age".publicKeys = publicKeys; "syncthing-cert.pem.age".publicKeys = publicKeys; - "common-pg-tfbackend.age".publicKeys = publicKeys; - "ansible-vault-secret.age".publicKeys = publicKeys; - "powerdns-api-key.json.age".publicKeys = publicKeys; "keepassxc.ini.age".publicKeys = publicKeys; # Secret agent causes private keys in config file. - "postgresql_client.key.age".publicKeys = publicKeys; } diff --git a/secrets/sue_azure_rsa.age b/secrets/sue_azure_rsa.age deleted file mode 100644 index 09acba438ae7cc691b373bbb484c4f2cd1d13a5b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3053 zcmVaWhYDaA|8uWLi{1YkF@`XkkZVHZOBnGII)Xc6u;$Z$V*9 zMq*Y~PhmE0Y;!m=YcW!8QfM?qQg}mBM|ws}X=`a#Y&Z%nJ|J^*Xf0)AGBq_ZIUsgI zT52_CAUHQPQBqlPHA6*8Ra9bFF?dyFZ&pJqYjAICLo-ZsGip;%WMf%JZ%{}y3R){= zQEo$8S8qvIacf9=VNf+eRZvD#W<+{JNl0l(G;?WqFIY=rD^*r73N1b$bZ1*FXL4m> zb7de^MmlFeAR|zI3T-P^Zct=vYeHvdIYLQrQ&MM2GI2>vcv&$+OJ_txSadZwXK-pz zD>XS*WqMdzRarJNHFr%@RAyvsdSOX9c?w2sPC`O;bvb8acS$!#L~TNPV=`JRM^|uH zGfq%fM>RruOL;<4VnJ$0MsY%TVRl$`Gzu*(Eg(itSwlitLU(O&S~6{FVtOk$c11;2 zX+}9nMPY4OOHp@DYC%gmVPj}xRSM2^Mks-{#gv5Q$T_1NUf1}UpjYteG2GNW>sqT) zPw>z~3O9?p=rXaFTx28O94HA)RNu4IWj15#%#bkts_2E;6JSWZq z`}mvR1{f2^;t}r2S^I@vuI=S`uD~TFdZA&|iLx+-Y>hsPIoRG7*LsLCF^4O;sfwk~ zgqhLZWp5l8{3PaqC)>Ml;E8OXHLw^#I`Q^DB8ZhtVZbP1s3g48m#xPQQgO%Jr;A*T z-domEKs_Xd--fO9&rN&l`g4*bt+x~O&X$y-w+qBN`G;1ED~lvlns#-BXeUZ2h1b4C z7`M`IsvD)yq*w}4C}?&2y(5~coX?3B^}VA zEt}rQUww{af4;81cI6l{)XCnF33Ji>;B!~~f5eV*z#(qCh50BbtL0D86LJqJPYEDs zGm{AfCwK_T`S(9$c+kH4kx&NOp${Cm>&i?KQn~XAKF=a9IAa|SCWKA?+O!~cB8jee zcZtB9#xKr$Oq5$4nOxVPmq*((?}2upf4Hy;uBNIh{x>xVZdQH*hmLAvay za)ZI^ZDX%Fq5|EJGDga8CTA%|!ZaV?B>`o=f<{P48tR_-MGUgFH#HpE@ghkw)~Eu| zLt{+r6_jnnoSsC%H?^zZ%U@G0p9J#qKna%Hk5{^WzD!AzgUs$%)kQ2MmQMjv*HsaA zihMKLVK(0x`-rH%JW}PDBDTc-%9TX-(J-GE?QmRd$wUf_4}S{@dVUc0wL7aNDwJ`V z5hP;e^Djx)5$KPyK$(L*-3G21;@9gj1(bq-s_RlVOsT{}!6PD~q<${iuW2VESzFwB z3X2ciS6@jjV%lT#T`JQ<8nyCrdKz?U9uf*183+}CZ3`i_pVW9yOe%xSC#^tMOCw|E zP+Bl>U9HDvusnpk?#w+Hx1z%!JsB;yS}oO%M`0%dniGq0KUm>1du954`FRdI&Lejn zgt*zkXY{D`Tv{ccm|oIieg!*K4*%y#s(^H4!Td=*JZMnbYg+z37pqa~mhSIXsWRCy zjokceWVaRFI5IrV@%`DwPOZ={`kD%ejn0#Vrc_)KwpP9rvDr-eD6P9|s617@rBY-; zfVL2=Y{`di z{wFIgfH~jAX3a%OAuE0ifAu+-8eNWPN<%9uTL(G9&Mh!PPjR0W*Jkw`AmiFfLtn2I zP}~^+LXV{TQOTA@F0BP{ob(jPcN0sC?*@uBO0QGq8)Wfuhf!OoEppnflU3_AAv-dFfAdz9&MMf$K=HbX*rQLhhsOov006@Y( z(4zropcP4sF-@HuOTQEg@#J4?Mi_p>lEZxmu4o07S|kqrc*GB~KbQbDm-2h!tI^35 zse2YL4@jF;<4Ie-@Y9o+p0P!Q=Z7X~>_grt5P5w$D=S?s`kY~X=*z^0>RxYU+8H6! zsK1h#@u2Bdf=}?!1$Hqpf~GY?K^|3UM-XGN*U2H3O=A#h0J@=EO77 zAfiJzNeGe(c)lN5)_#0v^BLY$t*93AFw43&D;VYiNnx_FsZHVkLGp7AJK4D7jqRT2 z%zR`$e5yeC@#%xd_0BU1TVe1jBpRRjYaAS&gFhs)aGe9=L!7OWLu@$}$qZ1XA;je( zi{E67+20_v5xO;8@Op?_f$MX}8>rf+T>~#3dr>1SICkI6`JXDI?;z#p(v2CmA-NZU z`B!o3>vHzqwLX2oK##Z^QiOCvfZ-0hNkZ`(YKsl*k7%phynnE80UdQ$pt9|i_oD%g4;e0=Z>Tx~G+__V z0Vs^@nZ2Xo3g~+GNm3-ofIsE4IeG;oBGZK{(HpkIgDp6VpAwidTIoC?F}-)j=-Ram z#HyrZkojb)EPMA4O0HL=8^cL{Q>@jkK=rynBQ#+6Yb;0~Z86ALY6|p2slLltnsZTv zSh33{C*c<}wHYa+Xt!dMXClq;r59>;k?K&T|AkVK_kS;7)i;pr-|TQ>dMXiae)V9U zSR%CfztBZ*2jbC9{zBUbykfeP)cbtUI2sy*u|EWdqgk3cLrsYpnVVR+aCsrRw`CMl zQ0i@gcy~CI-IDu|vuN7yt6&w)G%HqMoeQ)1{%dog| zMrb439<<+aYP@CO-59K!n~!;bTu*>#4g+c^&PY+%mrE5B!*;%e`iGSm6e`KzxXAsQ{1?s8lS0wgRoX!9=?I<@V&Y=MRM%7QrA3%KofeD$%QOxs-i%ioKu!1Vs)u3^YKnYHcde(( z{p6G&cmQfUJqZr*e!E3&7~OGdL~K&@gyt&T-49D8lr@2=S4rsZ8QW>RfUSg%l4kEe v$IYSOZm!450w4^PMcbAp0v3A`qD*Nhnt8h#dKign0e2wWYa#KtkKlI`ootAJ diff --git a/secrets/sue_ed25519.age b/secrets/sue_ed25519.age deleted file mode 100644 index 44605dd4e9e0ec3282c9c37630f02ce4dab8bc4e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 752 zcmV4sbXhSkP*FxrOJihgYe#oNFEdAaZe?|IO=d4KRdZx8RWu4YH$!SpLqs(~ zGGS9`S4mcIQZ_McF;h-*K}|GlbTVsWMRP=II8bjdRapuxJ|J^*Xf0)AGBq_ZIUsgI zT52_CAXQ32OJz_ncvMYrdUZD|O?qumI7&-MF=~2IVR~d}Z&gxuOgM02MRa&U3Q}rO zP--)HFhX}&a%p)?H%C=&NJ2++ctmz*Gf^=sG-z=-cxh5$Z8>c)3N1b$J}qZ*Wnpt= z3QKfaOJi1QbyG%1R7^HXOjl6~EiEk|c4RbAW@}ATX*X9ZNoH13Hb-}BS}$!wG)h5n zQZH;|QF%91bWde=ZEsNui3Yl3wVGVZl*Fuzc<*X)^yqUHjUM?nP-YK>>vcYBv|m8Q zg^MS8w)QlPR~N)PgDZXTeLK^%qm@9H3_a>*nnJK3uZ<>PB=;DT95ZHby$2?r@H{rx9R5fGPua68gi1E!YrI zXE$M&KNX7+QnL#B#WhpT(^=JmLL)XaWO@mgp{TP+*v(hBJU_4u5G(7jCN{b1J9&mO z_tvMSQ>fT~OUZrkMl5%d8y~xYe18LyTc<_G?Zgk@TXti)$v9>4;uzNw1={zUM%25- zQ0#8P_tV-|p04Gdhv2hGheU~%3=P2+orqE+OhTB_Fq>AIp5_iu0bmSC=5m<5W30t< zSZDSGe8YJz^LCCKlOg_s=o!`!Ij99bq00ElWU^Xjw?@biF`j8#WN`#&0_z<>m;!X{ z9u}e8wiKM&ze>+~v}scf4P!3C20u$8Cam9b=H+5cPn_-AZ9a1r`D(}Ig8)>B*BGSQ i-wbCHXK%mT;j#N=<);PqM?5X@eHmW@{c(H1Qj`gLP&)Mh