added git secret

2021-08-13 00:05:07 +02:00
parent e532f3baa2
commit 79775c4dde
10 changed files with 35 additions and 17 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,3 @@
+.gitsecret/keys/random_seed
+!*.secret
+configs/secrets.nix
--- a/.gitsecret/keys/pubring.kbx
+++ b/.gitsecret/keys/pubring.kbx
--- a/.gitsecret/keys/pubring.kbx~
+++ b/.gitsecret/keys/pubring.kbx~
--- a/.gitsecret/keys/trustdb.gpg
+++ b/.gitsecret/keys/trustdb.gpg
--- a/.gitsecret/paths/mapping.cfg
+++ b/.gitsecret/paths/mapping.cfg
@ -0,0 +1 @@
+configs/secrets.nix:f4c7954901423088644fc4a7b0e1a8a5f6880a0a933864cc3220c2836f9d5400
--- a/configs/common.nix
+++ b/configs/common.nix
@ -1,5 +1,7 @@
 { config, pkgs, lib, ... }:
-
+let
+  secrets = import ./secrets.nix;
+in
 {
  imports =
    [
@ -19,12 +21,9 @@
    nextdns = {
      enable = true;
      arguments = [
-        "-config"
-        "aaa56c"
-        "-cache-size"
-        "10MB"
-        "-listen"
-        "127.0.0.1:53"
+        "-config" secrets.nextdnshash
+        "-cache-size" "10MB"
+        "-listen" "127.0.0.1:53"
        "-report-client-info"
      ];
    };
@ -39,6 +38,11 @@
    networkmanager.dns = "none";
  };

+  programs.gnupg.agent = {
+    enable = true;
+    pinentryFlavor = "curses";
+  };
+
  environment.systemPackages = with pkgs; [
    ack
    atop
@ -52,7 +56,7 @@
    exa
    ffmpeg
    git
-    git-secrets
+    git-secret
    glances
    gnupg
    gocryptfs
--- a/configs/gui.nix
+++ b/configs/gui.nix
@ -8,10 +8,19 @@
    chromium.commandLineArgs = "--enable-features=WebUIDarkMode,NativeNotifications,VaapiVideoDecoder --ignore-gpu-blocklist --use-gl=desktop --force-dark-mode --disk-cache-dir=/tmp/cache";
  };

-  networking.networkmanager = {
-    enable = true;
+  networking = {
+    firewall.enable = false;
+    networkmanager = {
+      enable = true;
+    };
  };

+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  #   pinentryFlavor = "gtk2";
+  # };
+
  environment.systemPackages = with pkgs; [
    baobab
    barrier
@ -64,6 +73,13 @@
    transmission-gtk
    virtmanager
    vulkan-tools
+    openconnect
+    networkmanager-openconnect
+    cypress
+    gnome.cheese
+    megapixels
+    obs-studio
+    fswebcam
  ];

  programs = {
--- a/configs/secrets.nix.secret
+++ b/configs/secrets.nix.secret
--- a/configs/user-gui.nix
+++ b/configs/user-gui.nix
@ -103,7 +103,7 @@
    services = {
      picom = {
        enable = true;
-        blur = false;
+        blur = true;
        shadow = true;
        vSync = true;
      };
--- a/machine/vps.nix
+++ b/machine/vps.nix
@ -30,13 +30,7 @@
    nodejs
  ];

-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
  programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };

  security.acme.email = "webmaster@szczepan.ski";
  security.acme.acceptTerms = true;
				`@ -0,0 +1 @@`
				`configs/secrets.nix:f4c7954901423088644fc4a7b0e1a8a5f6880a0a933864cc3220c2836f9d5400`