BeiNacht/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

desktop-2024-09-03-08-40-53

Browse Source
This commit is contained in:
Alexander Szczepanski
2024-09-03 08:40:53 +02:00
parent 30d2391d45
commit 39418f6780
6 changed files with 81 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.sops.yaml
View File

@ -5,6 +5,7 @@ keys:
- &desktop age1m873zl0umr6huvs7ft98t7dg3wqx7skzgdrd6vjzeh8h6kkgdghsy5atvx - &desktop age1m873zl0umr6huvs7ft98t7dg3wqx7skzgdrd6vjzeh8h6kkgdghsy5atvx
- &framework age1w3nq2g9ctm43f43lyzfrznywqpqlrk6x9de2qy3sr05mm4yk4u3s05slw4 - &framework age1w3nq2g9ctm43f43lyzfrznywqpqlrk6x9de2qy3sr05mm4yk4u3s05slw4
- &vps-arm age14l4v7kmtpp49mgngftlqquqe2u0mpdnfvnmtgqzv5zlsxh8mpvdspk3mel - &vps-arm age14l4v7kmtpp49mgngftlqquqe2u0mpdnfvnmtgqzv5zlsxh8mpvdspk3mel
- &mini age1hdv2nz7r5fv6glq7jac27uf864t2668a97ptx52q57yfg4jd7ypqkag7wd
creation_rules: creation_rules:
- path_regex: secrets.yaml$ - path_regex: secrets.yaml$
key_groups: key_groups:
@ -13,6 +14,7 @@ creation_rules:
- *desktop - *desktop
- *vps-arm - *vps-arm
- *framework - *framework
- *mini
- path_regex: secrets-desktop.yaml$ - path_regex: secrets-desktop.yaml$
key_groups: key_groups:
- age: - age:
@ -28,3 +30,8 @@ creation_rules:
- age: - age:
- *alex - *alex
- *framework - *framework
- path_regex: secrets-mini.yaml$
key_groups:
- age:
- *alex
- *mini

2
commit.sh
View File

@ -1,3 +1,3 @@
#!/usr/bin/env bash #!/usr/bin/env bash
git commit --all --message `hostname`-`date "+%F-%H-%M-%S"` git commit --message `hostname`-`date "+%F-%H-%M-%S"`

4
machine/mini/configuration.nix
View File

@ -91,6 +91,10 @@ in {
nyx nyx
]; ];
hardware = {
enableAllFirmware = true;
};
services = { services = {
tor = { tor = {
enable = true; enable = true;

15
machine/mini/hardware-configuration.nix
View File

@ -5,7 +5,8 @@
{ {
imports = imports =
[ (modulesPath + "/installer/scan/not-detected.nix") [
(modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
@ -14,16 +15,20 @@
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/8be3b4e5-7219-4427-bba4-340f1dc4b868"; {
device = "/dev/disk/by-uuid/8be3b4e5-7219-4427-bba4-340f1dc4b868";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/7C10-C8BD"; {
device = "/dev/disk/by-uuid/7C10-C8BD";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/edb5324f-3cd2-4b8c-bb05-cca045adeaf6"; } [{ device = "/dev/disk/by-uuid/edb5324f-3cd2-4b8c-bb05-cca045adeaf6"; }];
];
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

30
secrets-mini.yaml Normal file
View File

@ -0,0 +1,30 @@
borg-key: ENC[AES256_GCM,data:Q8Ua7OEnlDDj3zahrv06vqIAxa739bQVa1wKbwQ1ZG9CLRhcTXQUUaUuJRUxcC1GSfi/3pX9Cf1uqVhykmzjGQ==,iv:wrJE3fnteo+3XMpFLNZl/0Jp/twIBDtR5e3anzzZAp4=,tag:hJ4jchuNyc5Fd/Zoft55JA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1gjhlw6vkfers3f76yug3alwupe4jckjhg8ncr8kll5gj5g6wlqtqacqa73
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArQmcraEpldjl5NHBzNWJ0
VEdoM1lKQ1ZESnJ5RVVNZlV2YmdvSzZjL1RVCjlndVVFeGV2V1NCYjE4K3ZMZ3BX
TVdOVFBiNFJHZ1Vsejl3TlJUSFhwOWsKLS0tIGNOT1QxNHpKMGRlK0dYWSttWUUw
RjhOamVXdmR2Z2gra3NmQjlIVjJXVzQKQeVY68j9g51wD2NFrM79Zrxy7WKAyraI
f9X+3olmYnpMfyqDgS00s1xoh7k00ny0uZvhBJebLGhwcdWLW9Bdgw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hdv2nz7r5fv6glq7jac27uf864t2668a97ptx52q57yfg4jd7ypqkag7wd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6OC9MU1Rsd0EvRGFmU216
Njhmc0RncUF3T2xWNWVneVlTZ1QxdGpKbmhvCkZHeG1NeDhxNUdIUWNRMENTdzZs
bytiazlzSXgyb1dGOUZRTlJhWGFFVTgKLS0tIDZ3REczV3JlR1JTNlpQRmxwQS9X
bmVWbDU3UmpxS21WVzdmMXVIVC9QYlUKtAqQNjcBaOsgrTc8gIp2DZMo86i1PfyT
18l61gotEnt533snMriIKNmCpJGviKV/dY0AIplffr9Mty5A7SzfAQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-03T06:38:15Z"
mac: ENC[AES256_GCM,data:SFw5y+65LuiMX5OrzzLL813upXxbDyF/mL7WIIRLNXW9a5aZPXcGJJm+glY/4kGdTzSb9G3WtoKpo/v0UsVP0ZO9eLhOR0g0SZFfUYMxYu/4PMt5TGpxKeVUKdWs7t0rh+4SquHffbi4b0DOFbAjkJoIlkC6hZc70kz9VMyQRuA=,iv:/gyLfdORQJRfiywmge+hzvHJd7Qvd7aHpW51P3L5wXA=,tag:BHmQmPHD3LVPokVP4guveA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

49
secrets.yaml
View File

@ -8,38 +8,47 @@ sops:
- recipient: age1gjhlw6vkfers3f76yug3alwupe4jckjhg8ncr8kll5gj5g6wlqtqacqa73 - recipient: age1gjhlw6vkfers3f76yug3alwupe4jckjhg8ncr8kll5gj5g6wlqtqacqa73
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmV0ZpdFhLSCtmaDJBSm9O YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvcTFVblJnMklBeUJiVXlz
NWlJbk1ubExMN3dFWkt2NlJOU1djV3N6MVg0ClhIQkxsUEI5KzBIcGFENFUwY1lk dzJTcDdQVkpNK1J0OEhYVkc2N3NaNGUvMjNzClVFVGN5S0tPSy9ob3cvaUhma2N4
d0JMY1h4eitvM2IycFplbFpKNkQvRlEKLS0tIHJBbW1HNjZQNEJtaHY4L2FvOGNR Nm0wT0RaOEdQajAwSnkvQTc2N1FRSzQKLS0tIHd6dUxzWE5XVUVwWm9CMWxTdHM4
cndvbitxZ0JGdGRLcXNLR2p1YURNUlUKOaR6alKJDEMLTtihyiDHNWgY90DRZmL6 dXRuN045TFl0M1VwSWgwWGsxRXFVR0UKOTzo3qKjTsnWOsCKJy4gZyGjQjS7cFIE
sBXOhvwM/FRlk5v02lUnxgKovmBO2DzXTDPQe3x6EDDu/uNRSmQgpw== kFdz0hRVkWrq/oenYt3xaEhf8H3bXURIhp8EnPSgo2Dr34c04AtaNw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1m873zl0umr6huvs7ft98t7dg3wqx7skzgdrd6vjzeh8h6kkgdghsy5atvx - recipient: age1m873zl0umr6huvs7ft98t7dg3wqx7skzgdrd6vjzeh8h6kkgdghsy5atvx
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwaVp1M2tMSEpPQmtudHhD YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGQVdTaDdoZTh1ei9LV1Ro
L0hNTnMxVmVqVEtEenowdUhjYk5XZk5FcUhZCjB0ajlrZ3o4YzFJbDZHWkdQUDZi UDdhQk9CU0R4Z0o1SElNOXpLcjRHR2pmK0VFCmtQUTJFVzJhMnprSFp4TFh4T3Yz
blZ1a1lSUmswSEZXcERjc2ZzczRZNHcKLS0tIGhNdG5PK0JVUlFIdHBUV2NZeStn Zkk0bGR1bUp4Q2hZcHFEVUhRdDVvblUKLS0tIGFDdjNCVlplVHFxSG4zNXFtQUND
VTh4ZFAwSVp5Z2FrRWZzaHg1eTM0cUEKRJz/9ynrY1As6ccfufOre5l9JWCg9EAh Ri9iQU5SRU5oMGdob1FDSlFmVVczU28K06xJtBqffr7G3+4ctAFf5Eh5lSHQ91Zf
D56lEjXNirt9E5l9nrVqnvKMy0Ll2leIA5AT0Vs03fuvwl98oUd2sA== lxyW9aXij61Nqhdkeo2GVtxw6Q3/MGWgacmZ5bHPaYz76YQI1ku9ag==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age14l4v7kmtpp49mgngftlqquqe2u0mpdnfvnmtgqzv5zlsxh8mpvdspk3mel - recipient: age14l4v7kmtpp49mgngftlqquqe2u0mpdnfvnmtgqzv5zlsxh8mpvdspk3mel
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKZWRUZkZlTG1WVmsxSS9t YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlamhTbU5FclNRVEVjL01m
cWNMTjNHbnliL2pxdXdyOUJPcllmNG5KZVRzCjBKc3Y3WFg2VU9HQldVMFk2a1BQ QWRFTGI3ZHJGTUtSNjI3cFE2NjA0SEZ1QWgwCjZRTGg5NXlCS0hxc2JCeXBBSmZ2
TWxqVzBDcFZSQVBwRjgya3dZaitoOW8KLS0tIE1WdVo2OGFrS282N3V2Y3YySm5D bHRhQjdFUE9ZM0JmaXZOVFAxMTk4Rk0KLS0tIFJtMHpnSTNqUkExQWpUT2wvR2kv
OVVFWUY5T2didm8zQy8vejQyOER4OWMKEv1+tXVbYUA6/Od4Fzgm/OALKhKtCwy1 ZjNXem1KTDN1N0RZcHBpNklFVmpZNHcKb81FFkAZVz/vVCQJlqVBrJk+jdWG3inT
7sul/bHY4BDu1Zrf3J8y5JWy4HviElcwz400Laq3s9coPm5M+nqizg== x+y8BDgZ/R/J0DhxdwbWzMxBT/Agb8I3It6ixlAQlOXcbS4lQE/1WA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1w3nq2g9ctm43f43lyzfrznywqpqlrk6x9de2qy3sr05mm4yk4u3s05slw4 - recipient: age1w3nq2g9ctm43f43lyzfrznywqpqlrk6x9de2qy3sr05mm4yk4u3s05slw4
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvYmZWcGlHcEtFelRtTXFB YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYTnRHT1BuYjVoVllJMktR
UnZ5MUhUTlM4alFmNkY1M0FDUktsNDhoUjE0CjZtOVRVb1JqZGExdk1obGZwdGVk RGMzMTBFQjRhSkMwOENZeHFJVHRxQnl5RkJZCndQRWVRWmkwYjVKT1Z2SWFnODFm
MURVV1Q5eGdIeEZ0K2RnYnNHd2JUYWMKLS0tIDZFZW0rbzlWdWlRN3NoaWhreEp5 OStNRGlzSlpSaWtMNEkzbzc1ZHpZZ1EKLS0tIExQb3ZNNVl6SWVKSTVzYnJTd00v
RVVMdEs0bDc1U0ZJTEZxRjhxaUliQ1EKIAPdKf9HB4v6KSAJw7yn7K6KijhVNaSK Sjc2cWJjK3doYnBqV0cxV05ublU2ZEUKCv4pTu6qLc4EErYpucbKVV4jnRs/kl/6
Q30AodXtXuIuQsderBG4GEU/a/PU9gVCh98HjY8cV1CCthgLYjK+gQ== F2HgZdu+Fag2J8YqDTWJXntNKtEIfSeRy7X2BL9i98RIsqSBmMWchg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hdv2nz7r5fv6glq7jac27uf864t2668a97ptx52q57yfg4jd7ypqkag7wd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2WFFIUlFIWFptamxKd3NQ
Mk0yVnNwbXlTQ3FuUlRsWDFGdWhkTnlOc3dFClJpdlIyUHZzZTMrcXJUNngrOFo4
TlVVYndGeHlRNFZPRXdPeE43em5PaGMKLS0tIFo4c3F4TWhJY21Xcm9EUHZxNkZX
RXBXbzJ4QVlMV0pVeHpiVXFYUU9KV2sKfXcnRRV2woD8j6Wc57vaE+jHQssiic5n
62ob3gt7bPtZdDbTZqrZzwuiSp0NI4jTkmQyPG+E0Ehm3KX5BjXmOw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-31T15:55:06Z" lastmodified: "2024-08-31T15:55:06Z"
mac: ENC[AES256_GCM,data:KQraWMxoXkcrEHCG6R+M31qRCGMwXekA9hIgyULXLaCjkHHJ1JRovgMD0ujTgZVseLipXBCXzH2RJvErNDhozXyrSEpzU0hBb50c0BCD3yaSPojTFCHDGIt/9qi4YHVnOHBP7jVxrFSGk84TNgMqO16dUNsMu6faEYX8CpkHoZM=,iv:ci/kWQCWuV98YdCtgKqQCOgsfAup/pG4smoWvFXRWX4=,tag:2ivvnVo0+ft3BIts3axMGw==,type:str] mac: ENC[AES256_GCM,data:KQraWMxoXkcrEHCG6R+M31qRCGMwXekA9hIgyULXLaCjkHHJ1JRovgMD0ujTgZVseLipXBCXzH2RJvErNDhozXyrSEpzU0hBb50c0BCD3yaSPojTFCHDGIt/9qi4YHVnOHBP7jVxrFSGk84TNgMqO16dUNsMu6faEYX8CpkHoZM=,iv:ci/kWQCWuV98YdCtgKqQCOgsfAup/pG4smoWvFXRWX4=,tag:2ivvnVo0+ft3BIts3axMGw==,type:str]