diff options
-rw-r--r-- | .sops.yaml | 18 | ||||
-rw-r--r-- | home/cez/home.nix | 2 | ||||
-rw-r--r-- | home/common/home.nix | 5 | ||||
-rw-r--r-- | home/common/modules/mimeapps.nix | 1 | ||||
-rw-r--r-- | home/pc/home.nix | 9 | ||||
-rw-r--r-- | home/pc/modules/dev.nix | 14 | ||||
-rw-r--r-- | home/pc/modules/pass.nix | 10 | ||||
-rw-r--r-- | home/wayland/home.nix | 7 | ||||
-rw-r--r-- | os/cez/configuration.nix | 40 | ||||
-rw-r--r-- | os/cez/modules/network.nix | 15 | ||||
-rw-r--r-- | os/cez/modules/wireguard.nix | 7 | ||||
-rw-r--r-- | os/cez/secrets.yaml | 5 | ||||
-rw-r--r-- | os/common/configuration.nix | 13 | ||||
-rw-r--r-- | os/common/modules/dev.nix | 29 | ||||
-rw-r--r-- | os/pc/configuration.nix | 27 | ||||
-rw-r--r-- | os/pc/modules/getty.nix (renamed from os/cez/modules/getty.nix) | 0 | ||||
-rw-r--r-- | os/pc/modules/network.nix | 10 | ||||
-rw-r--r-- | os/pc/modules/sshfs.nix (renamed from os/cez/modules/sshfs.nix) | 10 | ||||
-rw-r--r-- | os/pc/modules/wayland.nix (renamed from os/cez/modules/wayland.nix) | 13 | ||||
-rw-r--r-- | os/pc/secrets.yaml | 31 |
20 files changed, 142 insertions, 124 deletions
@@ -3,32 +3,34 @@ keys: - &cez age1nur989fnjmfgfk54ctczrwg25epqqr0xgkl5d4swfxka9aw6cdrqdawvaq - &kay age15989j5lkkf2kn5wa2p6qc8wlxjjksc63k5ync8rz8t4e87394pzqm7h4rm + - &lia age1l9kd320xj89vdr06u7ej8fhjrxl470t04trgwd3jwzczknf05aesv2pp8x - &dspace age15hsgvg3tz9lql0jpr5x8pm66r42kemd65fpz0wa6t8nhvwrxygcssjxd9c - &fscusat age1yqma4xm4qss787cnwv2v7j2e0eswhm5k9f27n6zhp74euyydv9essxdrmn creation_rules: - - path_regex: ^hosts/cez/.* + - path_regex: ^[^/]*/pc/.* age: >- age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv, age1nur989fnjmfgfk54ctczrwg25epqqr0xgkl5d4swfxka9aw6cdrqdawvaq - - - path_regex: ^hosts/kay/.* + - path_regex: ^[^/]*/cez/.* + age: >- + age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv, + age1nur989fnjmfgfk54ctczrwg25epqqr0xgkl5d4swfxka9aw6cdrqdawvaq + - path_regex: ^[^/]*/kay/.* age: >- age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv, age15989j5lkkf2kn5wa2p6qc8wlxjjksc63k5ync8rz8t4e87394pzqm7h4rm - - path_regex: ^hosts/lia/.* + - path_regex: ^[^/]*/lia/.* age: >- age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv, age1l9kd320xj89vdr06u7ej8fhjrxl470t04trgwd3jwzczknf05aesv2pp8x - - - path_regex: ^hosts/dspace/.* + - path_regex: ^[^/]*/dspace/.* age: >- age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv, age15hsgvg3tz9lql0jpr5x8pm66r42kemd65fpz0wa6t8nhvwrxygcssjxd9c - - - path_regex: ^hosts/fscusat/.* + - path_regex: ^[^/]*/fscusat/.* age: >- age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv, age1yqma4xm4qss787cnwv2v7j2e0eswhm5k9f27n6zhp74euyydv9essxdrmn diff --git a/home/cez/home.nix b/home/cez/home.nix index a97ce83..bba7bd9 100644 --- a/home/cez/home.nix +++ b/home/cez/home.nix @@ -1,3 +1,3 @@ { ... }: { - imports = [ ../wayland/home.nix ]; + imports = [ ../pc/home.nix ]; } diff --git a/home/common/home.nix b/home/common/home.nix index c103a3f..13cbff5 100644 --- a/home/common/home.nix +++ b/home/common/home.nix @@ -17,11 +17,12 @@ in { htop curl file + nnn + ps_mem + dig tcpdump mtr - nnn - ps_mem geoipWithDatabase ]; }; diff --git a/home/common/modules/mimeapps.nix b/home/common/modules/mimeapps.nix index 6f4b770..269cea6 100644 --- a/home/common/modules/mimeapps.nix +++ b/home/common/modules/mimeapps.nix @@ -1,6 +1,7 @@ { ... }: { xdg.mimeApps = { enable = true; + defaultApplications = { # text "application/javascript" = "nvim.desktop"; diff --git a/home/pc/home.nix b/home/pc/home.nix new file mode 100644 index 0000000..cad5bd6 --- /dev/null +++ b/home/pc/home.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: { + imports = [ + ./modules/pass.nix + ./modules/dev.nix + ../wayland/home.nix + ]; + + home.packages = with pkgs; [ ffmpeg ]; +} diff --git a/home/pc/modules/dev.nix b/home/pc/modules/dev.nix new file mode 100644 index 0000000..0d51bdb --- /dev/null +++ b/home/pc/modules/dev.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: { + programs.man.enable = true; + + home.packages = with pkgs; [ + git + sops + + man-pages + man-pages-posix + + nil + nodePackages.bash-language-server + ]; +} diff --git a/home/pc/modules/pass.nix b/home/pc/modules/pass.nix new file mode 100644 index 0000000..9117c3a --- /dev/null +++ b/home/pc/modules/pass.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: { + home.packages = with pkgs; [ + (pass.withExtensions (exts: [ exts.pass-otp ])) + ]; + + services.gpg-agent = { + enable = true; + pinentryPackage = pkgs.pinentry-bemenu; + }; +} diff --git a/home/wayland/home.nix b/home/wayland/home.nix index a7d2186..253e4f1 100644 --- a/home/wayland/home.nix +++ b/home/wayland/home.nix @@ -9,13 +9,14 @@ ]; home.packages = with pkgs; [ - mpv - imv wtype - qemu grim slurp xdg-utils + + mpv + imv + qemu element-desktop-wayland ]; } diff --git a/os/cez/configuration.nix b/os/cez/configuration.nix index f8c9dfe..655ff8b 100644 --- a/os/cez/configuration.nix +++ b/os/cez/configuration.nix @@ -1,42 +1,14 @@ -{ config, pkgs, ... }: let - user = config.global.userdata.name; -in { +{ ... }: { imports = [ - ../common/configuration.nix + ../pc/configuration.nix ./hardware-configuration.nix - ./modules/wayland.nix - ./modules/sshfs.nix ./modules/wireguard.nix - ./modules/network.nix ./modules/tlp.nix - ./modules/getty.nix ]; - boot = { - consoleLogLevel = 3; - kernelPackages = pkgs.linuxPackages_latest; - }; - - sound = { - enable = true; - extraConfig = '' - defaults.pcm.card 1 - defaults.ctl.card 1 - ''; - }; - - services.pipewire = { - enable = true; - pulse.enable = true; - }; - - programs.adb.enable = true; - users.users.${user} = { - extraGroups = [ "adbusers" ]; - packages = with pkgs; [ - ffmpeg - (pass.withExtensions (exts: [ exts.pass-otp ])) - ]; - }; + sound.extraConfig = '' + defaults.pcm.card 1 + defaults.ctl.card 1 + ''; } diff --git a/os/cez/modules/network.nix b/os/cez/modules/network.nix deleted file mode 100644 index fb30056..0000000 --- a/os/cez/modules/network.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ ... }: - -{ - networking = { - firewall.enable = false; - - wireless.iwd = { - enable = true; - settings = { - General.EnableNetworkConfiguration = true; - Network.NameResolvingService = "resolvconf"; - }; - }; - }; -} diff --git a/os/cez/modules/wireguard.nix b/os/cez/modules/wireguard.nix index 706751c..40dd796 100644 --- a/os/cez/modules/wireguard.nix +++ b/os/cez/modules/wireguard.nix @@ -1,9 +1,6 @@ -{ config, ... }: - -let +{ config, ... }: let domain = config.global.userdata.domain; -in -{ +in { sops.secrets."misc/wireguard" = {}; networking.wg-quick.interfaces."kay" = { diff --git a/os/cez/secrets.yaml b/os/cez/secrets.yaml index f72eba6..5cfd108 100644 --- a/os/cez/secrets.yaml +++ b/os/cez/secrets.yaml @@ -1,5 +1,4 @@ misc: - sftp: ENC[AES256_GCM,data:xic1JI1RHo3Xc/izQBubMQ5TEvQxeFIOEbkFj/MWjw7UOgQrQEozfhvmGvB3lqjdgO2e2RXYHc7RvwAfquZN9QWFFp7vS7JqhqGTg4+I0JNh28LDsdzeAXe7d4yLkJ5cl4EhU5a6Zd9Qo60JyO8HRAMSXQBuHMzTW0A4achARcTguyJUiCntxvyLiKPZGdGj7HsHfxr32S1ieejGDqxuOLTrssOgyxikWT+PqibWie+JDH20+ZP8l6ip8FdNaWcyzfED/SJybpRbDBvL3iXw9tb67SeRWKR8I91nyyLh69hwLHrp/IgboDlCW8/ZmOYoRWCJF4lH86v3312wuoU60x8IoSL7YhWW5N3WQpWxWeEmLlMFD0x6LcJclUeoIlpVNvR8wDNKeayHhdLChIs2ZiEUAAIaTcUKdWWccY7JraMosqKgS9BmnjLJLEei9kFEF+y97QxQ/q4AfyFPbajxSd7aujqXuUfqpL1aLgt65h1TyOKN3E3Y2faiTaR76EALyv2d4PdYHWhkhxXVATRhsG+N2Mg9FSCciGnD7wlu9IR28HrbLuvX7W2KsLDVdI2oBtfExTf8YQwPSk1vp28=,iv:VyhdbfiiQJqG6cKAz6WjmlG3MkM25VzQzfCt1qYgH4M=,tag:KIoEb/dkEPpeaCJaNkAflw==,type:str] wireguard: ENC[AES256_GCM,data:WUHMeYro1PS25wEtsQKHHtpLXbtox8JtqX5863dHelBIA2SB7YZ+eWyv5hQ=,iv:hGgR3UcFeVGZjWJjdnVuQeUQtz3p4Lh6QRBJDfTr9Qo=,tag:4qpU9Ue4QtfBINdy0CSdvw==,type:str] sops: kms: [] @@ -25,8 +24,8 @@ sops: dVZ3V0VUQzF5VzN0RFM5c0RjZHpJZ0EK09qgyPHEhHgRZt2GZQB5IM9Z/nfYXW28 fcfmF6pko9qOYQ72P7vwv8Xub0SEI8GKGQwz2QPDJT9gd1qtipuhuQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-09T06:00:09Z" - mac: ENC[AES256_GCM,data:WkXFwF0bHvFvNTlLKrGk6iQpk5RqMIapluqyv3rcKATP4S1rQSCXwlUn88TNfKeOsJ6pSqoBmwPNjufr9SNrPZZNKYZ4sA4yft9jgCeBcyX6TaPPA123qL8xM3C2TcaE1oBrG9fwmMgEJMYJA7LxBAXz4sW17geb/y4TZgUDwBw=,iv:VJzYR0dbT761ezejxOwPO6x8cKPAzMZtwZHWvPhiDzI=,tag:Xu43SfKeGgCJivfgk+vp3Q==,type:str] + lastmodified: "2024-06-04T10:16:20Z" + mac: ENC[AES256_GCM,data:NhVEt9Yg3J3+L1CqaI2IKFtC4VG9FdDkTOuDwc/hbwDvJmdbT7YocyQSX4IxsZ5ZxpaFXcp56C+QE5tDyjdWJs+njcxm8zDLsXaCfu3vLn7JHgzeQ9JeKeCzWV2oAj+PaTiY64QuhDP3LhaFZEZPEPJK5lGYR0XEZQHV2ngtF3U=,iv:LEkUb2cthtT+QG0SryRG17a5VRBli8PtRfhf1gTGBLo=,tag:G1Lo7tGUMWxgvSEQIuIAaw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/os/common/configuration.nix b/os/common/configuration.nix index 4d2ac87..e075ac3 100644 --- a/os/common/configuration.nix +++ b/os/common/configuration.nix @@ -12,21 +12,17 @@ in ]; imports = [ ./modules/tmux.nix - ./modules/dev.nix ./modules/nix.nix ./modules/pppd.nix ./modules/stalwart-mail.nix ]; + system.stateVersion = "24.11"; sops = { defaultSopsFile = ../${host}/secrets.yaml; age.keyFile = "/var/secrets/${host}.sops"; }; - - system.stateVersion = "24.11"; - nix.settings.experimental-features = [ "flakes" "nix-command" ]; - boot = { tmp.useTmpfs = true; loader.timeout = 1; @@ -43,22 +39,21 @@ in "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL8LnyOuPmtKRqAZeHueNN4kfYvpRQVwCivSTq+SZvDU sinan@cez" ]; }; - time.timeZone = "Asia/Kolkata"; networking.useDHCP = false; environment = { - binsh = "${lib.getExe pkgs.dash}"; + binsh = lib.getExe pkgs.dash; systemPackages = with pkgs; [ dash - luajit neovim - sops ]; + variables = { EDITOR = "nvim"; VISUAL = "nvim"; }; + shellAliases = { ls = "ls --color=auto --group-directories-first"; grep = "grep --color=auto"; diff --git a/os/common/modules/dev.nix b/os/common/modules/dev.nix deleted file mode 100644 index eb00619..0000000 --- a/os/common/modules/dev.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, pkgs, ... }: - -let - user = config.global.userdata.name; -in -{ - users.users.${user}.packages = with pkgs; [ - gcc - git - lua - - (python3.withPackages (p: with p; [ - pip - build - ])) - - man-pages - man-pages-posix - - ccls - lua-language-server - nil - nodePackages.bash-language-server - nodePackages.pyright - shellcheck - ]; - - documentation.dev.enable = true; -} diff --git a/os/pc/configuration.nix b/os/pc/configuration.nix new file mode 100644 index 0000000..4cd3a62 --- /dev/null +++ b/os/pc/configuration.nix @@ -0,0 +1,27 @@ +{ config, pkgs, ... }: let + user = config.global.userdata.name; +in { + imports = [ + ../common/configuration.nix + + ./modules/getty.nix + ./modules/sshfs.nix + ./modules/network.nix + ./modules/wayland.nix + ]; + + boot = { + consoleLogLevel = 3; + kernelPackages = pkgs.linuxPackages_latest; + }; + + sound.enable = true; + services.pipewire = { + enable = true; + pulse.enable = true; + }; + + documentation.dev.enable = true; + programs.adb.enable = true; + users.users.${user}.extraGroups = [ "adbusers" ]; +} diff --git a/os/cez/modules/getty.nix b/os/pc/modules/getty.nix index 8c7f57e..8c7f57e 100644 --- a/os/cez/modules/getty.nix +++ b/os/pc/modules/getty.nix diff --git a/os/pc/modules/network.nix b/os/pc/modules/network.nix new file mode 100644 index 0000000..6e07963 --- /dev/null +++ b/os/pc/modules/network.nix @@ -0,0 +1,10 @@ +{ ... }: { + networking.wireless.iwd = { + enable = true; + + settings = { + General.EnableNetworkConfiguration = true; + Network.NameResolvingService = "resolvconf"; + }; + }; +} diff --git a/os/cez/modules/sshfs.nix b/os/pc/modules/sshfs.nix index 5fdbeaf..2dbccce 100644 --- a/os/cez/modules/sshfs.nix +++ b/os/pc/modules/sshfs.nix @@ -1,18 +1,16 @@ -{ config, pkgs, ... }: - -let +{ config, pkgs, ... }: let domain = config.global.userdata.domain; user = config.global.userdata.name; uid = config.users.users.${user}.uid; gid = config.users.groups.users.gid; -in -{ - sops.secrets."misc/sftp" = {}; +in { + sops.secrets."misc/sftp".sopsFile = ../secrets.yaml; system.fsPackages = with pkgs; [ sshfs ]; fileSystems."/media/kay" = { device = "sftp@${domain}:"; fsType = "sshfs"; + options = [ "allow_other" # for non-root access "uid=${toString uid}" diff --git a/os/cez/modules/wayland.nix b/os/pc/modules/wayland.nix index 872c7fb..e609cd9 100644 --- a/os/cez/modules/wayland.nix +++ b/os/pc/modules/wayland.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: let +{ config, ... }: let user = config.global.userdata.name; fontSans = config.global.font.sans.name; @@ -9,9 +9,11 @@ in { fonts = { packages = fontPackages; enableDefaultPackages = true; + fontconfig = { hinting.style = "full"; subpixel.rgba = "rgb"; + defaultFonts = { monospace = [ fontMonospace ]; serif = [ fontSans ]; @@ -29,13 +31,6 @@ in { }; }; - programs = { - gnupg.agent = { - enable = true; - pinentryPackage = pkgs.pinentry-bemenu; - }; - }; - - security.pam.services.swaylock = {}; hardware.opengl.enable = true; + security.pam.services.swaylock = {}; } diff --git a/os/pc/secrets.yaml b/os/pc/secrets.yaml new file mode 100644 index 0000000..3e49d32 --- /dev/null +++ b/os/pc/secrets.yaml @@ -0,0 +1,31 @@ +misc: + sftp: ENC[AES256_GCM,data:xic1JI1RHo3Xc/izQBubMQ5TEvQxeFIOEbkFj/MWjw7UOgQrQEozfhvmGvB3lqjdgO2e2RXYHc7RvwAfquZN9QWFFp7vS7JqhqGTg4+I0JNh28LDsdzeAXe7d4yLkJ5cl4EhU5a6Zd9Qo60JyO8HRAMSXQBuHMzTW0A4achARcTguyJUiCntxvyLiKPZGdGj7HsHfxr32S1ieejGDqxuOLTrssOgyxikWT+PqibWie+JDH20+ZP8l6ip8FdNaWcyzfED/SJybpRbDBvL3iXw9tb67SeRWKR8I91nyyLh69hwLHrp/IgboDlCW8/ZmOYoRWCJF4lH86v3312wuoU60x8IoSL7YhWW5N3WQpWxWeEmLlMFD0x6LcJclUeoIlpVNvR8wDNKeayHhdLChIs2ZiEUAAIaTcUKdWWccY7JraMosqKgS9BmnjLJLEei9kFEF+y97QxQ/q4AfyFPbajxSd7aujqXuUfqpL1aLgt65h1TyOKN3E3Y2faiTaR76EALyv2d4PdYHWhkhxXVATRhsG+N2Mg9FSCciGnD7wlu9IR28HrbLuvX7W2KsLDVdI2oBtfExTf8YQwPSk1vp28=,iv:VyhdbfiiQJqG6cKAz6WjmlG3MkM25VzQzfCt1qYgH4M=,tag:KIoEb/dkEPpeaCJaNkAflw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLd3E0NC9Vb25ySXR0R0xL + b0pLcUdsNjYzZ0F6SkdodFZjT0s2OE5TZ0E0CkM5RHY4MmpBNFR6TWJLejlqS2FC + TmpRRUdMRkQ3SnhvY2ZtN3ZzYjRQYmsKLS0tIEZlWkRLVWJOaXV6V3Zmb2hUV0xj + d0N3S0ZIR0MyOERHV1k5RVBVVWVHQkkKZVtPjmpOPJM8STs70/nki6vTeo4mp47A + xEVUzxeUGpoyAewxSCo9W6IGtKyZQl0TEL3ucAmhOsjX4BWe2JShMA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1nur989fnjmfgfk54ctczrwg25epqqr0xgkl5d4swfxka9aw6cdrqdawvaq + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFWENJNzlDL1FpTkYwV1ps + V1VWeW4yOFZwZ1h5SGwzV2oyVkJaaHF0a1JRCmpFWWRLZzdUTUliZHpCTzJDYlhu + Yk51d1orS0tsMitBM0ZKSTQ4T05sNVEKLS0tIEVuZkY1bld2RldZOVNOc1E3bG5X + dVZ3V0VUQzF5VzN0RFM5c0RjZHpJZ0EK09qgyPHEhHgRZt2GZQB5IM9Z/nfYXW28 + fcfmF6pko9qOYQ72P7vwv8Xub0SEI8GKGQwz2QPDJT9gd1qtipuhuQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-04T10:15:07Z" + mac: ENC[AES256_GCM,data:zkxID1SWr9q7PQR4EVb/PaNVdS1xQdVcnwHlWzseqZrjEgyJLlupYKwEOw9eB4dY/R1VZx46BgI5Kk6rgbrIopnV3symARUOcqPUHM3lfz7h3S3sRJv547fu0UdQGp00HM1pW2nA5v6w8oY+H96+JdVtorrAt56B7EN6J28nb3M=,iv:p2gUIviAG3mBcMH6KUGmnvetWH9lb8ZlamSGOpbqins=,tag:adw9FMLJk5cUHmNmuRnZUQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 |