From 01f1e822842d502046c0bb430d359dce5c89d326 Mon Sep 17 00:00:00 2001 From: Andreas Schaafsma Date: Thu, 7 Nov 2024 14:17:25 +0100 Subject: [PATCH] fix home-manager and misc changes --- .sops.yaml | 11 ++ flake.lock | 21 ++++ flake.nix | 26 ++++- homes/x86_64-linux/andreas@nixos-wsl/.gitkeep | 0 .../andreas@nixos-wsl/default.nix | 39 ------- .../andreas@th0nkpad-nixos/.gitkeep | 0 .../andreas@th0nkpad-nixos/default.nix | 24 ++++ modules/home/home/default.nix | 106 ++++++++++++++++++ .../default.nix} | 4 +- secrets.yaml | 42 +++++++ .../x86_64-linux/th0nkpad-nixos/default.nix | 10 +- 11 files changed, 237 insertions(+), 46 deletions(-) create mode 100644 .sops.yaml create mode 100644 homes/x86_64-linux/andreas@nixos-wsl/.gitkeep delete mode 100644 homes/x86_64-linux/andreas@nixos-wsl/default.nix create mode 100644 homes/x86_64-linux/andreas@th0nkpad-nixos/.gitkeep create mode 100644 modules/home/home/default.nix rename modules/home/{stream-tools.nix => stream-tools/default.nix} (73%) create mode 100644 secrets.yaml diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..cb413e8 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,11 @@ +keys: + - users: + - &andreas age19j24x89dfh4f7v58c8k64yupqas4f7qkkyper7yj9dd7vqwvvq0qkyvhxk # generated using cli + - hosts: + - &th0nkpad-nixos age1ma8x6wugvc40mkst33mejq0m6r44jk6zwjjun3znyer5nztgn9vs0nwjx4 # derived from ssh host key +creation_rules: + - path_regex: secrets.yaml$ + key_groups: + - age: + - *andreas + - *th0nkpad-nixos \ No newline at end of file diff --git a/flake.lock b/flake.lock index 3b31f03..19224cd 100644 --- a/flake.lock +++ b/flake.lock @@ -121,6 +121,26 @@ "type": "github" } }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730837930, + "narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "2f607e07f3ac7e53541120536708e824acccfaa8", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "nixos-cosmic": { "inputs": { "flake-compat": "flake-compat", @@ -262,6 +282,7 @@ "root": { "inputs": { "game-of-life": "game-of-life", + "home-manager": "home-manager", "nixos-cosmic": "nixos-cosmic", "nixos-wsl": "nixos-wsl", "nixpkgs": "nixpkgs_4", diff --git a/flake.nix b/flake.nix index 14fa2a9..ba8e210 100644 --- a/flake.nix +++ b/flake.nix @@ -17,17 +17,22 @@ url = "github:mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; - outputs = inputs: let - lib = inputs.snowfall-lib.mkLib { + outputs = inputs: + let + lib = inputs.snowfall-lib.mkLib { inherit inputs; src = ./.; channels-config = { allowUnfree = true; allowUnfreePredicate = _: true; - permittedInsecurePackages = ["openssl-1.1.1w"]; + permittedInsecurePackages = [ "openssl-1.1.1w" ]; }; # Configure Snowfall Lib, all of these settings are optional. @@ -55,7 +60,20 @@ inherit inputs; src = ./.; - + nixos = with inputs; [ + # disko.nixosModules.disko + # impermanence.nixosModules.impermanence + home-manager.nixosModules.home-manager + { + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + }; + } + # nix-ld.nixosModules.nix-ld + # sops-nix.nixosModules.sops + # stylix.nixosModules.stylix + ]; systems.modules.nixos = with inputs; [ # my-input.nixosModules.my-module diff --git a/homes/x86_64-linux/andreas@nixos-wsl/.gitkeep b/homes/x86_64-linux/andreas@nixos-wsl/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/homes/x86_64-linux/andreas@nixos-wsl/default.nix b/homes/x86_64-linux/andreas@nixos-wsl/default.nix deleted file mode 100644 index 78afee7..0000000 --- a/homes/x86_64-linux/andreas@nixos-wsl/default.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - inherit (lib.mine) enabled; -in { - imports = [ - ../modules.nix - ]; - mine.home = { - gui-apps = { - hexchat = enabled; - }; - networking = enabled; - sops.secrets.deploy_ed25519 = { - mode = "0400"; - path = "${config.home.homeDirectory}/.ssh/deploy_ed25519"; - }; - tui.neomutt.personalEmail = true; - personal-apps = enabled; - suites.laptop = enabled; - user.settings = { - stylix = { - fonts = { - terminalSize = 10.0; - waybarSize = 12; - }; - image = ../../../systems/x86_64-linux/ironman-laptop/ffvii.jpg; - }; - transparancy.terminalOpacity = 0.85; - }; - waybar.resolution = 768; - }; - home = { - packages = [pkgs.tochd]; - }; -} diff --git a/homes/x86_64-linux/andreas@th0nkpad-nixos/.gitkeep b/homes/x86_64-linux/andreas@th0nkpad-nixos/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/homes/x86_64-linux/andreas@th0nkpad-nixos/default.nix b/homes/x86_64-linux/andreas@th0nkpad-nixos/default.nix index e69de29..6245949 100644 --- a/homes/x86_64-linux/andreas@th0nkpad-nixos/default.nix +++ b/homes/x86_64-linux/andreas@th0nkpad-nixos/default.nix @@ -0,0 +1,24 @@ +{ config +, lib +, pkgs +, ... +}: +let + inherit (lib.my-namespace) enabled; +in +{ + imports = [ + # ../modules.nix + ]; + my-namespace.home = { + stream-tools = enabled; + # networking = enabled; + # personal-apps = enabled; + # suites.laptop = enabled; + }; + home = { + packages = [ + pkgs.nil + ]; + }; +} diff --git a/modules/home/home/default.nix b/modules/home/home/default.nix new file mode 100644 index 0000000..827c81e --- /dev/null +++ b/modules/home/home/default.nix @@ -0,0 +1,106 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit (lib) mkIf; + inherit (lib.mine) enabled; + + imp = config.mine.home.impermanence.enable; +in { + config = { + home = { + packages = with pkgs; [ + dig + duf + du-dust + eltclsh + fzf + idracclient + inetutils + jq + neofetch + nerdfonts + nodejs_18 + p7zip + poppler_utils + pv + qrencode + restic + rclone + ripgrep + switchssh + unzip + yq + zip + ]; + sessionPath = ["$HOME/bin" "$HOME/.local/bin"]; + shellAliases = { + # "df" = "duf -only local"; + # "du" = "dust -xd1 --skip-total"; + # # "ducks" = "du -chs * 2>/dev/null | sort -rh | head -11 && du -chs .* 2>/dev/null | sort -rh | head -11"; + # "gmount" = "rclone mount google:/ ~/Drive/"; + "df" = "df -h"; + "nano" = "vim"; + }; + stateVersion = "24.05"; + }; + # manual = { + # html.enable = false; + # manpages.enable = false; + # json.enable = false; + # }; + programs = { + bash = { + enable = true; + enableCompletion = true; + enableVteIntegration = true; + }; + dircolors = enabled; + direnv = { + enable = true; + enableBashIntegration = true; + nix-direnv = enabled; + }; + gpg = { + enable = true; + settings = { + personal-cipher-preferences = "AES256 AES192 AES"; + personal-digest-preferences = "SHA512 SHA384 SHA256"; + personal-compress-preferences = "ZLIB BZIP2 ZIP Uncompressed"; + default-preference-list = "SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed"; + cert-digest-algo = "SHA512"; + s2k-digest-algo = "SHA512"; + s2k-cipher-algo = "AES256"; + charset = "utf-8"; + fixed-list-mode = true; + no-comments = true; + no-emit-version = true; + no-greeting = true; + keyid-format = "0xlong"; + list-options = "show-uid-validity"; + verify-options = "show-uid-validity"; + with-fingerprint = true; + require-cross-certification = true; + no-symkey-cache = true; + use-agent = true; + throw-keyids = true; + }; + }; + home-manager = enabled; + }; + services = { + gpg-agent = { + enable = true; + enableScDaemon = true; + enableSshSupport = true; + extraConfig = '' + ttyname $GPG_TTY + ''; + defaultCacheTtl = 10800; + maxCacheTtl = 21600; + }; + }; + }; +} diff --git a/modules/home/stream-tools.nix b/modules/home/stream-tools/default.nix similarity index 73% rename from modules/home/stream-tools.nix rename to modules/home/stream-tools/default.nix index 342695f..e119547 100644 --- a/modules/home/stream-tools.nix +++ b/modules/home/stream-tools/default.nix @@ -4,8 +4,8 @@ lib, ... }: let - inherit (lib.my-namespace) mkEnableOption mkIf; - cfg = config.my-namespace.home.stream-tools; + inherit (lib) mkEnableOption mkIf; + cfg = config.mine.home.stream-tools; in { options.my-namespace.home.stream-tools = { enable = mkEnableOption "Enable the Stream Machine Tools"; diff --git a/secrets.yaml b/secrets.yaml new file mode 100644 index 0000000..d92cc56 --- /dev/null +++ b/secrets.yaml @@ -0,0 +1,42 @@ +private-keys: + andreas: ENC[AES256_GCM,data:UMOMU5vd+kOvReBP+noCPopsP90uAx0UM5mLgsXX1obks3DvcW28yVpLR952CroDzUOYwpkQ+7MheBznZxVfG6+b36rzphIUyDXArix3c90mak+4fhkUFAxsAW2VeKzUTGEBIUiejtfW4sBaHoQVWpDBSLbGajB9GzBXspNR+J/nriD8xas9ZkvYvFM4BIKM5vFNQxCGUy44IyHffxtX9kHjboiSeIgK7Gj1hA4iC/byIBqTLzJOCBHQs3irs/CSbZgFR7MFuiqR2ZWVdJ1dKAr9fejd36muymsutVUDzTsq/P1Id0YlgnYVcpJxAMHKq8QEZu8yNLEzkr/QMxs5Z2Bu93CkiJDAGXJZvtipfLX0UtIkResCLBD40EKty8U2OnKwm4k3xzJoHRTZ3qVnJQGESYHTZHHumRRcDYJnQBL6iav50mG0KS0mfcoetoDTpQfxsi3OnLO7kjSP2fE8sSJRi363nfciBwH/TTf911HhD5ruOo3bQeryjtGN8Y+PAqvrILiIKPODvoRVqaka,iv:lvlaQwEzDpvdSjH6Z4NrzABifyVP5jyzERHP72CSbis=,tag:rmSINraNXFZElfFHZDqeeQ==,type:str] +andreas-password: ENC[AES256_GCM,data:XBvfrBSrlKzpO9vgmwQYJshlJH1OCMrcdfYMvp32ZOFZSf4/GrM/FRaatS7to+0ZgJlLNt+npSK0nwV8NXvwgHgN8bsuDiL7KQ==,iv:lD0ruX5AVKVfdA0/vpeUAPf5cTSExyaF8VWebFkbXV8=,tag:nAuwEkHGtlEzu8Qbe0ECdA==,type:str] +#ENC[AES256_GCM,data:aX2EVkOK7ivoDTzSMmonY64dU6mnRjE83sA3MFIPnzeJ5snZN8WY9PF1CmkDU/ZVB+j9Law=,iv:sPfVyBuGCyd/Y9Lw9cl0akA2IUE5/Yi5C07dh6Ioyu0=,tag:tOT5uHVdgYG+/E4ye0QcFg==,type:comment] +#ENC[AES256_GCM,data:djH8vAA+TvvbA/Jsuvca7E4o6pYTfKGGdK4=,iv:5Dw0niDhi7P6P9XRz2qgSL3CxpiXBtIsekOMycroLrA=,tag:OSvPPgq0kV4JskrQ86Qp5A==,type:comment] +#ENC[AES256_GCM,data:C1BstOPXnCf4Cr8UlanCegA=,iv:k9Me959xb6Weg/yArAIg5kWH36se/yyGWNQUu314uw0=,tag:x0bTh0bsYxbCX5GObsGI5g==,type:comment] +#ENC[AES256_GCM,data:Q0vsUrzlOgDICeIxXtc=,iv:gR8sYrtE/v9GGDEO2nj/v5IHr9ycXhvv1VcB/dEH/FU=,tag:FBde9vkRM/drFtpTWfLcNg==,type:comment] +#ENC[AES256_GCM,data:LoKuLBSze19z0U/45DBFt6aEJBs=,iv:Btk0sBgj8h5Qk5eYNwPHULuhPu0nXSXE2iR4UVFcBeA=,tag:S2I9HQkeo/jJboy44vrgCw==,type:comment] +#ENC[AES256_GCM,data:wDZ6Ln5teASPxXPvQGRZCdBIvfY=,iv:Qnx32skeDMB21GwhXd5fImkHS+y+HUOdNvbMT2mpy6A=,tag:BKl04542M8rH6BpFERqHZg==,type:comment] +#ENC[AES256_GCM,data:f+g7qdm8xf/wDhQqlnzIdmHhzfOG73VWfdw=,iv:/kDspwnXH7QfhzUuHATQTniLm/ZX6mo/QGxyQXdubcY=,tag:muoXeMNHb5vqm8IoC6Gl4A==,type:comment] +#ENC[AES256_GCM,data:42kR+DANphdxNVWNlxePU8U=,iv:JeZgMtb7a+/7V5hruQIHio0Aj+ThpHZwajx10e0rqOA=,tag:Ln+7DFl6+aq4YLZ8GK9qOg==,type:comment] +#ENC[AES256_GCM,data:DjK/fZDWEaa2BA==,iv:AnceR62V3OJrn5utgdffMcC+mWdxsUYMYn6454SVCsY=,tag:MRa8cDMEMGtBCxvqcKy/0Q==,type:comment] +#ENC[AES256_GCM,data:jqzidzai+6ShhzM=,iv:PDjUgLaoFVxAWBLXfWkXRzBp5BuvGU7DCorRYY6dan0=,tag:dKa2O7n/jno/M5nzCzCD/w==,type:comment] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age19j24x89dfh4f7v58c8k64yupqas4f7qkkyper7yj9dd7vqwvvq0qkyvhxk + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdGZlV3R4eW5FYS9HZGYr + N3VSR0tIbzUrL0RsUEw2NkZtUWcxVG55bEIwCjQ5U0Ztd1luUEQ2SEg4RHA2RWRK + K3dhN2liMDYyZElhbkZEUC9namhrc2MKLS0tIEhYTEYwQWduNkdKbGJQcTBRUWVG + aDMwR1I5NG13dUhwRXg1TXI4dG9nWXMKti+hv0+7/Rz0W22bToYs1/DFzoMllHpB + 7uuVpUFDuC2D40ize0UX4rJ8Yo63lhJrRpsxIhzkP/vq+wMAFrKKLg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ma8x6wugvc40mkst33mejq0m6r44jk6zwjjun3znyer5nztgn9vs0nwjx4 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnK0dSTTVJWmt3aS91UmFm + Ui9zT3VpMlBybWJXOVdKdU5mTkprdU5WRm00CktHd2g4M1VldHhTQyszRTVTOUtt + Mld4a3lYSHF2SytIc0RjQ1RoODQvaE0KLS0tIGN3SlpMeTEvNktNSm5oT0dXRVFr + UmZrTXhyM2hYWW1kY05xa01PM1MzUDAK67AkP1XE445RXbVxcksRXL7MYHFjLPLV + ITL404AabakBeOX9yixwymzkD1BbUYEdW6N28ntqdH5cZZfVteYdMA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-07T10:47:23Z" + mac: ENC[AES256_GCM,data:zqkbmx7XIHQnOVkozPLiBzsNhACbGwvWiFcFlEHhlyEeQ7rvltLlUlgivb7aawwG1RuxCwshHwLfuKRQ/iGJcXjFO4UM5VER6CAA/88UrpgXW8VBw8iuchr+Y58lu0s+98fj7VffcuWjhJ1AYvBxFaTZA6DjxFjv3l1Gyxtw6kM=,iv:XG9Qb61INy1OJZjI3cDbY9fswLqf8+QvcUMrmtKGtuQ=,tag:+JacTF/+qU+j/cm8Wn1c8g==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/systems/x86_64-linux/th0nkpad-nixos/default.nix b/systems/x86_64-linux/th0nkpad-nixos/default.nix index f25ae57..9a70d00 100644 --- a/systems/x86_64-linux/th0nkpad-nixos/default.nix +++ b/systems/x86_64-linux/th0nkpad-nixos/default.nix @@ -54,7 +54,7 @@ in # thunderbird ]; }; - lib.my-namespace.home.stream-tools.enable = true; + # lib.my-namespace.home.stream-tools.enable = true; # Open ports in the firewall. @@ -91,10 +91,18 @@ in flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo ''; }; + + services.openssh = { + enable = true; + passwordAuthentication = true; + }; + + # services.xrdp.enable = true; # services.xrdp.defaultWindowManager = "${pkgs.gnome-session}/bin/gnome-session"; # services.xrdp.openFirewall = true; + # Disable the GNOME3/GDM auto-suspend feature that cannot be disabled in GUI! # If no user is logged in, the machine will power down after 20 minutes. systemd.targets.sleep.enable = false;