summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsinanmohd <sinan@sinanmohd.com>2024-06-04 14:38:25 +0530
committersinanmohd <sinan@sinanmohd.com>2024-06-04 18:04:18 +0530
commit654fa9e430be421df30ee79e7ea5f4e40b39dddc (patch)
tree37d9bc759e3e1b3323e76d85d706123f3b799d88
parent84073038e22d3201ac0176a94527c040bb153e9e (diff)
home, os: refactor
-rw-r--r--.sops.yaml18
-rw-r--r--home/cez/home.nix2
-rw-r--r--home/common/home.nix5
-rw-r--r--home/common/modules/mimeapps.nix1
-rw-r--r--home/pc/home.nix9
-rw-r--r--home/pc/modules/dev.nix14
-rw-r--r--home/pc/modules/pass.nix10
-rw-r--r--home/wayland/home.nix7
-rw-r--r--os/cez/configuration.nix40
-rw-r--r--os/cez/modules/network.nix15
-rw-r--r--os/cez/modules/wireguard.nix7
-rw-r--r--os/cez/secrets.yaml5
-rw-r--r--os/common/configuration.nix13
-rw-r--r--os/common/modules/dev.nix29
-rw-r--r--os/pc/configuration.nix27
-rw-r--r--os/pc/modules/getty.nix (renamed from os/cez/modules/getty.nix)0
-rw-r--r--os/pc/modules/network.nix10
-rw-r--r--os/pc/modules/sshfs.nix (renamed from os/cez/modules/sshfs.nix)10
-rw-r--r--os/pc/modules/wayland.nix (renamed from os/cez/modules/wayland.nix)13
-rw-r--r--os/pc/secrets.yaml31
20 files changed, 142 insertions, 124 deletions
diff --git a/.sops.yaml b/.sops.yaml
index 84ea125..10d4d96 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -3,32 +3,34 @@ keys:
- &cez age1nur989fnjmfgfk54ctczrwg25epqqr0xgkl5d4swfxka9aw6cdrqdawvaq
- &kay age15989j5lkkf2kn5wa2p6qc8wlxjjksc63k5ync8rz8t4e87394pzqm7h4rm
+
- &lia age1l9kd320xj89vdr06u7ej8fhjrxl470t04trgwd3jwzczknf05aesv2pp8x
- &dspace age15hsgvg3tz9lql0jpr5x8pm66r42kemd65fpz0wa6t8nhvwrxygcssjxd9c
- &fscusat age1yqma4xm4qss787cnwv2v7j2e0eswhm5k9f27n6zhp74euyydv9essxdrmn
creation_rules:
- - path_regex: ^hosts/cez/.*
+ - path_regex: ^[^/]*/pc/.*
age: >-
age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv,
age1nur989fnjmfgfk54ctczrwg25epqqr0xgkl5d4swfxka9aw6cdrqdawvaq
-
- - path_regex: ^hosts/kay/.*
+ - path_regex: ^[^/]*/cez/.*
+ age: >-
+ age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv,
+ age1nur989fnjmfgfk54ctczrwg25epqqr0xgkl5d4swfxka9aw6cdrqdawvaq
+ - path_regex: ^[^/]*/kay/.*
age: >-
age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv,
age15989j5lkkf2kn5wa2p6qc8wlxjjksc63k5ync8rz8t4e87394pzqm7h4rm
- - path_regex: ^hosts/lia/.*
+ - path_regex: ^[^/]*/lia/.*
age: >-
age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv,
age1l9kd320xj89vdr06u7ej8fhjrxl470t04trgwd3jwzczknf05aesv2pp8x
-
- - path_regex: ^hosts/dspace/.*
+ - path_regex: ^[^/]*/dspace/.*
age: >-
age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv,
age15hsgvg3tz9lql0jpr5x8pm66r42kemd65fpz0wa6t8nhvwrxygcssjxd9c
-
- - path_regex: ^hosts/fscusat/.*
+ - path_regex: ^[^/]*/fscusat/.*
age: >-
age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv,
age1yqma4xm4qss787cnwv2v7j2e0eswhm5k9f27n6zhp74euyydv9essxdrmn
diff --git a/home/cez/home.nix b/home/cez/home.nix
index a97ce83..bba7bd9 100644
--- a/home/cez/home.nix
+++ b/home/cez/home.nix
@@ -1,3 +1,3 @@
{ ... }: {
- imports = [ ../wayland/home.nix ];
+ imports = [ ../pc/home.nix ];
}
diff --git a/home/common/home.nix b/home/common/home.nix
index c103a3f..13cbff5 100644
--- a/home/common/home.nix
+++ b/home/common/home.nix
@@ -17,11 +17,12 @@ in {
htop
curl
file
+ nnn
+ ps_mem
+
dig
tcpdump
mtr
- nnn
- ps_mem
geoipWithDatabase
];
};
diff --git a/home/common/modules/mimeapps.nix b/home/common/modules/mimeapps.nix
index 6f4b770..269cea6 100644
--- a/home/common/modules/mimeapps.nix
+++ b/home/common/modules/mimeapps.nix
@@ -1,6 +1,7 @@
{ ... }: {
xdg.mimeApps = {
enable = true;
+
defaultApplications = {
# text
"application/javascript" = "nvim.desktop";
diff --git a/home/pc/home.nix b/home/pc/home.nix
new file mode 100644
index 0000000..cad5bd6
--- /dev/null
+++ b/home/pc/home.nix
@@ -0,0 +1,9 @@
+{ pkgs, ... }: {
+ imports = [
+ ./modules/pass.nix
+ ./modules/dev.nix
+ ../wayland/home.nix
+ ];
+
+ home.packages = with pkgs; [ ffmpeg ];
+}
diff --git a/home/pc/modules/dev.nix b/home/pc/modules/dev.nix
new file mode 100644
index 0000000..0d51bdb
--- /dev/null
+++ b/home/pc/modules/dev.nix
@@ -0,0 +1,14 @@
+{ pkgs, ... }: {
+ programs.man.enable = true;
+
+ home.packages = with pkgs; [
+ git
+ sops
+
+ man-pages
+ man-pages-posix
+
+ nil
+ nodePackages.bash-language-server
+ ];
+}
diff --git a/home/pc/modules/pass.nix b/home/pc/modules/pass.nix
new file mode 100644
index 0000000..9117c3a
--- /dev/null
+++ b/home/pc/modules/pass.nix
@@ -0,0 +1,10 @@
+{ pkgs, ... }: {
+ home.packages = with pkgs; [
+ (pass.withExtensions (exts: [ exts.pass-otp ]))
+ ];
+
+ services.gpg-agent = {
+ enable = true;
+ pinentryPackage = pkgs.pinentry-bemenu;
+ };
+}
diff --git a/home/wayland/home.nix b/home/wayland/home.nix
index a7d2186..253e4f1 100644
--- a/home/wayland/home.nix
+++ b/home/wayland/home.nix
@@ -9,13 +9,14 @@
];
home.packages = with pkgs; [
- mpv
- imv
wtype
- qemu
grim
slurp
xdg-utils
+
+ mpv
+ imv
+ qemu
element-desktop-wayland
];
}
diff --git a/os/cez/configuration.nix b/os/cez/configuration.nix
index f8c9dfe..655ff8b 100644
--- a/os/cez/configuration.nix
+++ b/os/cez/configuration.nix
@@ -1,42 +1,14 @@
-{ config, pkgs, ... }: let
- user = config.global.userdata.name;
-in {
+{ ... }: {
imports = [
- ../common/configuration.nix
+ ../pc/configuration.nix
./hardware-configuration.nix
- ./modules/wayland.nix
- ./modules/sshfs.nix
./modules/wireguard.nix
- ./modules/network.nix
./modules/tlp.nix
- ./modules/getty.nix
];
- boot = {
- consoleLogLevel = 3;
- kernelPackages = pkgs.linuxPackages_latest;
- };
-
- sound = {
- enable = true;
- extraConfig = ''
- defaults.pcm.card 1
- defaults.ctl.card 1
- '';
- };
-
- services.pipewire = {
- enable = true;
- pulse.enable = true;
- };
-
- programs.adb.enable = true;
- users.users.${user} = {
- extraGroups = [ "adbusers" ];
- packages = with pkgs; [
- ffmpeg
- (pass.withExtensions (exts: [ exts.pass-otp ]))
- ];
- };
+ sound.extraConfig = ''
+ defaults.pcm.card 1
+ defaults.ctl.card 1
+ '';
}
diff --git a/os/cez/modules/network.nix b/os/cez/modules/network.nix
deleted file mode 100644
index fb30056..0000000
--- a/os/cez/modules/network.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ ... }:
-
-{
- networking = {
- firewall.enable = false;
-
- wireless.iwd = {
- enable = true;
- settings = {
- General.EnableNetworkConfiguration = true;
- Network.NameResolvingService = "resolvconf";
- };
- };
- };
-}
diff --git a/os/cez/modules/wireguard.nix b/os/cez/modules/wireguard.nix
index 706751c..40dd796 100644
--- a/os/cez/modules/wireguard.nix
+++ b/os/cez/modules/wireguard.nix
@@ -1,9 +1,6 @@
-{ config, ... }:
-
-let
+{ config, ... }: let
domain = config.global.userdata.domain;
-in
-{
+in {
sops.secrets."misc/wireguard" = {};
networking.wg-quick.interfaces."kay" = {
diff --git a/os/cez/secrets.yaml b/os/cez/secrets.yaml
index f72eba6..5cfd108 100644
--- a/os/cez/secrets.yaml
+++ b/os/cez/secrets.yaml
@@ -1,5 +1,4 @@
misc:
- sftp: ENC[AES256_GCM,data:xic1JI1RHo3Xc/izQBubMQ5TEvQxeFIOEbkFj/MWjw7UOgQrQEozfhvmGvB3lqjdgO2e2RXYHc7RvwAfquZN9QWFFp7vS7JqhqGTg4+I0JNh28LDsdzeAXe7d4yLkJ5cl4EhU5a6Zd9Qo60JyO8HRAMSXQBuHMzTW0A4achARcTguyJUiCntxvyLiKPZGdGj7HsHfxr32S1ieejGDqxuOLTrssOgyxikWT+PqibWie+JDH20+ZP8l6ip8FdNaWcyzfED/SJybpRbDBvL3iXw9tb67SeRWKR8I91nyyLh69hwLHrp/IgboDlCW8/ZmOYoRWCJF4lH86v3312wuoU60x8IoSL7YhWW5N3WQpWxWeEmLlMFD0x6LcJclUeoIlpVNvR8wDNKeayHhdLChIs2ZiEUAAIaTcUKdWWccY7JraMosqKgS9BmnjLJLEei9kFEF+y97QxQ/q4AfyFPbajxSd7aujqXuUfqpL1aLgt65h1TyOKN3E3Y2faiTaR76EALyv2d4PdYHWhkhxXVATRhsG+N2Mg9FSCciGnD7wlu9IR28HrbLuvX7W2KsLDVdI2oBtfExTf8YQwPSk1vp28=,iv:VyhdbfiiQJqG6cKAz6WjmlG3MkM25VzQzfCt1qYgH4M=,tag:KIoEb/dkEPpeaCJaNkAflw==,type:str]
wireguard: ENC[AES256_GCM,data:WUHMeYro1PS25wEtsQKHHtpLXbtox8JtqX5863dHelBIA2SB7YZ+eWyv5hQ=,iv:hGgR3UcFeVGZjWJjdnVuQeUQtz3p4Lh6QRBJDfTr9Qo=,tag:4qpU9Ue4QtfBINdy0CSdvw==,type:str]
sops:
kms: []
@@ -25,8 +24,8 @@ sops:
dVZ3V0VUQzF5VzN0RFM5c0RjZHpJZ0EK09qgyPHEhHgRZt2GZQB5IM9Z/nfYXW28
fcfmF6pko9qOYQ72P7vwv8Xub0SEI8GKGQwz2QPDJT9gd1qtipuhuQ==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2024-01-09T06:00:09Z"
- mac: ENC[AES256_GCM,data:WkXFwF0bHvFvNTlLKrGk6iQpk5RqMIapluqyv3rcKATP4S1rQSCXwlUn88TNfKeOsJ6pSqoBmwPNjufr9SNrPZZNKYZ4sA4yft9jgCeBcyX6TaPPA123qL8xM3C2TcaE1oBrG9fwmMgEJMYJA7LxBAXz4sW17geb/y4TZgUDwBw=,iv:VJzYR0dbT761ezejxOwPO6x8cKPAzMZtwZHWvPhiDzI=,tag:Xu43SfKeGgCJivfgk+vp3Q==,type:str]
+ lastmodified: "2024-06-04T10:16:20Z"
+ mac: ENC[AES256_GCM,data:NhVEt9Yg3J3+L1CqaI2IKFtC4VG9FdDkTOuDwc/hbwDvJmdbT7YocyQSX4IxsZ5ZxpaFXcp56C+QE5tDyjdWJs+njcxm8zDLsXaCfu3vLn7JHgzeQ9JeKeCzWV2oAj+PaTiY64QuhDP3LhaFZEZPEPJK5lGYR0XEZQHV2ngtF3U=,iv:LEkUb2cthtT+QG0SryRG17a5VRBli8PtRfhf1gTGBLo=,tag:G1Lo7tGUMWxgvSEQIuIAaw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
diff --git a/os/common/configuration.nix b/os/common/configuration.nix
index 4d2ac87..e075ac3 100644
--- a/os/common/configuration.nix
+++ b/os/common/configuration.nix
@@ -12,21 +12,17 @@ in
];
imports = [
./modules/tmux.nix
- ./modules/dev.nix
./modules/nix.nix
./modules/pppd.nix
./modules/stalwart-mail.nix
];
+ system.stateVersion = "24.11";
sops = {
defaultSopsFile = ../${host}/secrets.yaml;
age.keyFile = "/var/secrets/${host}.sops";
};
-
- system.stateVersion = "24.11";
- nix.settings.experimental-features = [ "flakes" "nix-command" ];
-
boot = {
tmp.useTmpfs = true;
loader.timeout = 1;
@@ -43,22 +39,21 @@ in
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL8LnyOuPmtKRqAZeHueNN4kfYvpRQVwCivSTq+SZvDU sinan@cez"
];
};
-
time.timeZone = "Asia/Kolkata";
networking.useDHCP = false;
environment = {
- binsh = "${lib.getExe pkgs.dash}";
+ binsh = lib.getExe pkgs.dash;
systemPackages = with pkgs; [
dash
- luajit
neovim
- sops
];
+
variables = {
EDITOR = "nvim";
VISUAL = "nvim";
};
+
shellAliases = {
ls = "ls --color=auto --group-directories-first";
grep = "grep --color=auto";
diff --git a/os/common/modules/dev.nix b/os/common/modules/dev.nix
deleted file mode 100644
index eb00619..0000000
--- a/os/common/modules/dev.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- user = config.global.userdata.name;
-in
-{
- users.users.${user}.packages = with pkgs; [
- gcc
- git
- lua
-
- (python3.withPackages (p: with p; [
- pip
- build
- ]))
-
- man-pages
- man-pages-posix
-
- ccls
- lua-language-server
- nil
- nodePackages.bash-language-server
- nodePackages.pyright
- shellcheck
- ];
-
- documentation.dev.enable = true;
-}
diff --git a/os/pc/configuration.nix b/os/pc/configuration.nix
new file mode 100644
index 0000000..4cd3a62
--- /dev/null
+++ b/os/pc/configuration.nix
@@ -0,0 +1,27 @@
+{ config, pkgs, ... }: let
+ user = config.global.userdata.name;
+in {
+ imports = [
+ ../common/configuration.nix
+
+ ./modules/getty.nix
+ ./modules/sshfs.nix
+ ./modules/network.nix
+ ./modules/wayland.nix
+ ];
+
+ boot = {
+ consoleLogLevel = 3;
+ kernelPackages = pkgs.linuxPackages_latest;
+ };
+
+ sound.enable = true;
+ services.pipewire = {
+ enable = true;
+ pulse.enable = true;
+ };
+
+ documentation.dev.enable = true;
+ programs.adb.enable = true;
+ users.users.${user}.extraGroups = [ "adbusers" ];
+}
diff --git a/os/cez/modules/getty.nix b/os/pc/modules/getty.nix
index 8c7f57e..8c7f57e 100644
--- a/os/cez/modules/getty.nix
+++ b/os/pc/modules/getty.nix
diff --git a/os/pc/modules/network.nix b/os/pc/modules/network.nix
new file mode 100644
index 0000000..6e07963
--- /dev/null
+++ b/os/pc/modules/network.nix
@@ -0,0 +1,10 @@
+{ ... }: {
+ networking.wireless.iwd = {
+ enable = true;
+
+ settings = {
+ General.EnableNetworkConfiguration = true;
+ Network.NameResolvingService = "resolvconf";
+ };
+ };
+}
diff --git a/os/cez/modules/sshfs.nix b/os/pc/modules/sshfs.nix
index 5fdbeaf..2dbccce 100644
--- a/os/cez/modules/sshfs.nix
+++ b/os/pc/modules/sshfs.nix
@@ -1,18 +1,16 @@
-{ config, pkgs, ... }:
-
-let
+{ config, pkgs, ... }: let
domain = config.global.userdata.domain;
user = config.global.userdata.name;
uid = config.users.users.${user}.uid;
gid = config.users.groups.users.gid;
-in
-{
- sops.secrets."misc/sftp" = {};
+in {
+ sops.secrets."misc/sftp".sopsFile = ../secrets.yaml;
system.fsPackages = with pkgs; [ sshfs ];
fileSystems."/media/kay" = {
device = "sftp@${domain}:";
fsType = "sshfs";
+
options = [
"allow_other" # for non-root access
"uid=${toString uid}"
diff --git a/os/cez/modules/wayland.nix b/os/pc/modules/wayland.nix
index 872c7fb..e609cd9 100644
--- a/os/cez/modules/wayland.nix
+++ b/os/pc/modules/wayland.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }: let
+{ config, ... }: let
user = config.global.userdata.name;
fontSans = config.global.font.sans.name;
@@ -9,9 +9,11 @@ in {
fonts = {
packages = fontPackages;
enableDefaultPackages = true;
+
fontconfig = {
hinting.style = "full";
subpixel.rgba = "rgb";
+
defaultFonts = {
monospace = [ fontMonospace ];
serif = [ fontSans ];
@@ -29,13 +31,6 @@ in {
};
};
- programs = {
- gnupg.agent = {
- enable = true;
- pinentryPackage = pkgs.pinentry-bemenu;
- };
- };
-
- security.pam.services.swaylock = {};
hardware.opengl.enable = true;
+ security.pam.services.swaylock = {};
}
diff --git a/os/pc/secrets.yaml b/os/pc/secrets.yaml
new file mode 100644
index 0000000..3e49d32
--- /dev/null
+++ b/os/pc/secrets.yaml
@@ -0,0 +1,31 @@
+misc:
+ sftp: ENC[AES256_GCM,data:xic1JI1RHo3Xc/izQBubMQ5TEvQxeFIOEbkFj/MWjw7UOgQrQEozfhvmGvB3lqjdgO2e2RXYHc7RvwAfquZN9QWFFp7vS7JqhqGTg4+I0JNh28LDsdzeAXe7d4yLkJ5cl4EhU5a6Zd9Qo60JyO8HRAMSXQBuHMzTW0A4achARcTguyJUiCntxvyLiKPZGdGj7HsHfxr32S1ieejGDqxuOLTrssOgyxikWT+PqibWie+JDH20+ZP8l6ip8FdNaWcyzfED/SJybpRbDBvL3iXw9tb67SeRWKR8I91nyyLh69hwLHrp/IgboDlCW8/ZmOYoRWCJF4lH86v3312wuoU60x8IoSL7YhWW5N3WQpWxWeEmLlMFD0x6LcJclUeoIlpVNvR8wDNKeayHhdLChIs2ZiEUAAIaTcUKdWWccY7JraMosqKgS9BmnjLJLEei9kFEF+y97QxQ/q4AfyFPbajxSd7aujqXuUfqpL1aLgt65h1TyOKN3E3Y2faiTaR76EALyv2d4PdYHWhkhxXVATRhsG+N2Mg9FSCciGnD7wlu9IR28HrbLuvX7W2KsLDVdI2oBtfExTf8YQwPSk1vp28=,iv:VyhdbfiiQJqG6cKAz6WjmlG3MkM25VzQzfCt1qYgH4M=,tag:KIoEb/dkEPpeaCJaNkAflw==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLd3E0NC9Vb25ySXR0R0xL
+ b0pLcUdsNjYzZ0F6SkdodFZjT0s2OE5TZ0E0CkM5RHY4MmpBNFR6TWJLejlqS2FC
+ TmpRRUdMRkQ3SnhvY2ZtN3ZzYjRQYmsKLS0tIEZlWkRLVWJOaXV6V3Zmb2hUV0xj
+ d0N3S0ZIR0MyOERHV1k5RVBVVWVHQkkKZVtPjmpOPJM8STs70/nki6vTeo4mp47A
+ xEVUzxeUGpoyAewxSCo9W6IGtKyZQl0TEL3ucAmhOsjX4BWe2JShMA==
+ -----END AGE ENCRYPTED FILE-----
+ - recipient: age1nur989fnjmfgfk54ctczrwg25epqqr0xgkl5d4swfxka9aw6cdrqdawvaq
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFWENJNzlDL1FpTkYwV1ps
+ V1VWeW4yOFZwZ1h5SGwzV2oyVkJaaHF0a1JRCmpFWWRLZzdUTUliZHpCTzJDYlhu
+ Yk51d1orS0tsMitBM0ZKSTQ4T05sNVEKLS0tIEVuZkY1bld2RldZOVNOc1E3bG5X
+ dVZ3V0VUQzF5VzN0RFM5c0RjZHpJZ0EK09qgyPHEhHgRZt2GZQB5IM9Z/nfYXW28
+ fcfmF6pko9qOYQ72P7vwv8Xub0SEI8GKGQwz2QPDJT9gd1qtipuhuQ==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2024-06-04T10:15:07Z"
+ mac: ENC[AES256_GCM,data:zkxID1SWr9q7PQR4EVb/PaNVdS1xQdVcnwHlWzseqZrjEgyJLlupYKwEOw9eB4dY/R1VZx46BgI5Kk6rgbrIopnV3symARUOcqPUHM3lfz7h3S3sRJv547fu0UdQGp00HM1pW2nA5v6w8oY+H96+JdVtorrAt56B7EN6J28nb3M=,iv:p2gUIviAG3mBcMH6KUGmnvetWH9lb8ZlamSGOpbqins=,tag:adw9FMLJk5cUHmNmuRnZUQ==,type:str]
+ pgp: []
+ unencrypted_suffix: _unencrypted
+ version: 3.8.1