From 79775c4dde7cc86a1995272600230cc8c24b320c Mon Sep 17 00:00:00 2001
From: Alexander Szczepanski <alexander@szczepan.ski>
Date: Fri, 13 Aug 2021 00:05:07 +0200
Subject: [PATCH] added git secret

---
 .gitignore                   |   3 +++
 .gitsecret/keys/pubring.kbx  | Bin 0 -> 2488 bytes
 .gitsecret/keys/pubring.kbx~ | Bin 0 -> 32 bytes
 .gitsecret/keys/trustdb.gpg  | Bin 0 -> 1200 bytes
 .gitsecret/paths/mapping.cfg |   1 +
 configs/common.nix           |  20 ++++++++++++--------
 configs/gui.nix              |  20 ++++++++++++++++++--
 configs/secrets.nix.secret   | Bin 0 -> 636 bytes
 configs/user-gui.nix         |   2 +-
 machine/vps.nix              |   6 ------
 10 files changed, 35 insertions(+), 17 deletions(-)
 create mode 100644 .gitignore
 create mode 100644 .gitsecret/keys/pubring.kbx
 create mode 100644 .gitsecret/keys/pubring.kbx~
 create mode 100644 .gitsecret/keys/trustdb.gpg
 create mode 100644 .gitsecret/paths/mapping.cfg
 create mode 100644 configs/secrets.nix.secret

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..8aa993c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+.gitsecret/keys/random_seed
+!*.secret
+configs/secrets.nix
\ No newline at end of file
diff --git a/.gitsecret/keys/pubring.kbx b/.gitsecret/keys/pubring.kbx
new file mode 100644
index 0000000000000000000000000000000000000000..d03cc08457f1fcfaa1ddd90c1305fc67f0f0e59e
GIT binary patch
literal 2488
zcmZQzU{GLWWMJ}kib!K%U|>iTZMgu#AT|VZ&R}8$v+5WaIN2DO7-YJY3!Gxa^V%Qj
zcP_5}zfjL|4x1my9FVH$DUza6OwtB@t@|gMNekTF+mO@Ez`$Swl4D?CU}WH7U|^cZ
zz`&pf7GYvw0n=y%%mp)<cv%uf>n1Y_Fx)d_dA(LX!TqJ^4!%Zf_owC^>ok~m_9h>f
z3V40Rzt4axk~Q<nhRKTT>ATl$=}5mCFT97zqtyS-k}3|rS<ZpwjvxM~H`(X3F1%dH
z8Y!CA_~A!jppxp;)UB@5dt-!luaEndB7aTiv}Myq$GFdLB)%M#<@i~X{v~_H&c-Vf
zcC>%lcz`o<b%6Ar<VBCt_nXhSGugi@<im{H*?sl8=d`~W$0=+`@N@pz^sjC6hZ2>a
zLjCS9Z@Vv^7+&_}L}Q5E8m2r;!>`+f&%H8HtZlo-#rpb8#O2p@OWh-qb=s;U*X_ty
z{`cC>`nP?J-Dx7Ww`VU%u-+l#njE-r`Kz-Vih0eJMm0|T`dk0VnRc$-i;9-mu1-Ch
zZSlOJ)wlDEfa6_@J>ByIB01+aEq@^`R=WP#)}u+P|2z&g1-o$dK4-iiRcltMVSnH6
z?9F-ZuXWhjZ#`hpy*9V2>#SAVJd@k5B5Da7@!?NjarWE3T`=+8QnCD({AD+`Cgm_$
z7XDD!nWMvYJaO)J&Wg~Pog!wX1sA`)yS#J#5i8k*sdEaQn0n1slg^x;y=AYS+ir>C
zO+`66`>fU^WU21^s^N3z?NR%j2OIR3YcO_gkJ$D1KYyLQNm}(gwY82Fx(c>io-=vI
ze=f6fTfu6xS7G<e;{um73SNmS23~V+>C=-9J=yue|G`0agL!%f{I13_2r@D-Zs1{H
zNH0i-q(_D=dX71%6^VH%sYMFGRmoMU1&MjZ*_jG9i7;V@VyLiQadxI1R5ueOv2`-}
zu?RDAFj$BwvS3TmtW2Pk$0W_n%FW5a&cr6l#mT|V#3IJT%*Z6i$Rystz{M#5Oa1{H
z`2Pp%eP2>8xkK-wREKW<+Bsh5Z(ImTiTxPk+Uxyk_O(AtpTsGJNY4B6*8FqU;-%Mq
zUO3)*|MZGqJj>&hmaeaUl%t#aC-8)IpR?~jroJurj`s&9srgJUwCd73BgOMPduqM<
zz4wnVKI%ShILlWs`qw=pvEN_%%zJKpY~I|qU0}+~BJ)kviyC-;w12+xv*^t%<$}C9
z5y4Ck-e|o2FhzFf`6wNy7cWF-?&;BvJ^kBdUsT`w9W&GZFj(k)RoH$o+RI|k{pn|)
z$-mLG&-LY*e`Z6*QKx_Yo47A5dep(7$+F4#=e0Fk8cQ!P<IlLcF<`!5PWt+fLhny5
z%NM)WyN@B-e9>B^YnET1&dXs)YfpLHy({j*Szp#Pi;w9tMP5BGzVj}=tr8s0dDmL9
zXzqQ1+rPprc+N^q-1hd_4AtGK5{kYXTc*oP_S*TsiDYy1nXvYxxO|1flkGnwSe|%3
zuetX4NBNx-$ug@%_pa)%zUh1_c-uD%%@0>Iy59em?o`^G>{2JZ!}`>>lWC8?o&3}q
zUD@%5_d!$M!dcaFyI0&io5D58i@p1w@B0ibhGn*QOOq6p5(=^wo31^6$!(sY-X!7A
z&*ax_c~H#xa2=oa{?tx~`)o6sQ_?q|VVo*@Z$*KRehurjUFH`ioRCVoP#V8`!o-*U
ze<w_j+4zq`=<9a-`uzM2b5`@8ZBe=xuz`(%IlUmAVJD){x~&*=gUzH{>1^N&j$dsR
z4uO?6WgCu`yq$k}_hzG~bzI$PCGCZr$w7QeqOV5pIm$1YdY^&i&GwHO*8MJRZ{@Xv
ztrlqAIPva&wY9HFY0jpOrke)Gx8;VHp1ta7@?k>H{@+cyg)Q<@A5Hg*UY%USEf#fa
z|E?YE%O|Rz>fE&8WkN^Y_c-RX1FN%N7H+?Gojdqn#6t`1S5tS?{9G_w)_be?@ionp
zDr#PJxNx#G&kX*!?wZhXH@`_w=YQOvA62?3d7a6m#b#H0s^vs}-ZS};*08E?kG9-G
zj>P5p{$h#3x>nq#hx$Y`!(JJgd}C~9J1L{wdx)iT<?ef2+tbtx(-y3KaPiFI0|#ED
zCd}T&Zzp3lX?>0%^Wh!#GYub<H(gGeayP7&JNuu(wu_2AQVdp`+g2Q0`RC`Rh2Lw^
z&HjYF+<RlUt@c;#9R`a7qn!4fFZg|1$G-UMp|V+ts=FTZ1{d7<8F=q?#3N^60iWK$
zyY6|@JippKvtD<9?X-|t$?sHj?c^8pxPRWO=JDg-g!F43E;YL?n+(|$YI9e=FDxxs
zJnb1z@yDGvADkAy`pD+*v)zn8Qw}K0JQC0QbngXA80W3r+5H#a$UP2{a6ju;n`kBa
z{YT2jE7x}4Dk#->+`L@!>V{PF`uja4#>*}~dC~Jjip{h+GO9o4sojovg%E}BU9Nj$
ze`b`O2NznMOlB++j2sLK1PU4+<N_sn75{(Ni#vortg?O8u|Dqm3-kVm+Zv|U?kVBh
zaZPn@NY3;mt=i-yo#Oc~J*H=>b~PGZ)Zc%){VZc$-a(@mQq}83kJde0)U&uUbMFfN
z8!OW}3a{zdIPzE>DDE*dl)G@$*JPD?$I^G<?O8e6ySn+7mK<xc(9iB&!p+J*+py-+
z-3$St*lRfkQaqc#KYv;(uQX96k8j(zf~cMuH=>l;=YNv8I`4XR$toX9jkmihQy<5@
zR!#raTzo=g!^Ibs$7e3k$-MK|`=-osg(pj2$CyZWHCgOcvQIj?;mg)Z4(|k;3?gdg
z=1bi8<g?jSVs$|t^OlO1KS#5#o%(Y%&+wa&iEz~!iRjLokFI{b<o$BVl+Cf}(zD<6
zO}d-0Yen}lUbcOGvojmJXWci^*mGL>My(ikx%N7zg97swil2`%{^Ahnk-3F0tf?Tk
zaEDl<1Vc&C_bIFw<d0OZ|8Qg1te^+(a<dmjeX>7&(L^Yu=Y>1Z%!+x7D^@n{*x?lZ
z+VSfJU$xEVZ|AjKsBO*Mcm2)3{{5?tZr6y({U~hYni;+J-$rp!@7&U&*2l|hDn;H;
z?w+mmTW(S!mtenL;SI;SM{FN1F}p5YZS!46=2-fL3yBTt;U}#lb@QLjUU{kL+uGHc
zVdif>m#WT9^!HcX9Ofe9AF*-5&3p}g_Lk+UHQc|xZ`k0@yt88Z!6eJwj8U)xC3|tP
WMbCBFx9s}UKZPuLaxVI@<a7X;Y;l4B

literal 0
HcmV?d00001

diff --git a/.gitsecret/keys/pubring.kbx~ b/.gitsecret/keys/pubring.kbx~
new file mode 100644
index 0000000000000000000000000000000000000000..6ba8046313c7c7110e3a8766cc07d134a09ad358
GIT binary patch
literal 32
gcmZQzU{GLWWMJ}kib!K%U|>iTZMgu#AT|gC089%71ONa4

literal 0
HcmV?d00001

diff --git a/.gitsecret/keys/trustdb.gpg b/.gitsecret/keys/trustdb.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..a745453941d9dbf62d3ad51e5898ab779af211b2
GIT binary patch
literal 1200
zcmZQfFGy!*W@Ke#Vqi!VZMndJ9WZiX7sn7CRfiEIV1dza0S5yHF&ZuyK>`*S4Hs}Q
GU=RQni3B_V

literal 0
HcmV?d00001

diff --git a/.gitsecret/paths/mapping.cfg b/.gitsecret/paths/mapping.cfg
new file mode 100644
index 0000000..6fefeb1
--- /dev/null
+++ b/.gitsecret/paths/mapping.cfg
@@ -0,0 +1 @@
+configs/secrets.nix:f4c7954901423088644fc4a7b0e1a8a5f6880a0a933864cc3220c2836f9d5400
diff --git a/configs/common.nix b/configs/common.nix
index 1b6e1c1..40468fc 100644
--- a/configs/common.nix
+++ b/configs/common.nix
@@ -1,5 +1,7 @@
 { config, pkgs, lib, ... }:
-
+let
+  secrets = import ./secrets.nix;
+in
 {
   imports =
     [
@@ -19,12 +21,9 @@
     nextdns = {
       enable = true;
       arguments = [
-        "-config"
-        "aaa56c"
-        "-cache-size"
-        "10MB"
-        "-listen"
-        "127.0.0.1:53"
+        "-config" secrets.nextdnshash
+        "-cache-size" "10MB"
+        "-listen" "127.0.0.1:53"
         "-report-client-info"
       ];
     };
@@ -39,6 +38,11 @@
     networkmanager.dns = "none";
   };
 
+  programs.gnupg.agent = {
+    enable = true;
+    pinentryFlavor = "curses";
+  };
+
   environment.systemPackages = with pkgs; [
     ack
     atop
@@ -52,7 +56,7 @@
     exa
     ffmpeg
     git
-    git-secrets
+    git-secret
     glances
     gnupg
     gocryptfs
diff --git a/configs/gui.nix b/configs/gui.nix
index dcfb3ba..280c820 100644
--- a/configs/gui.nix
+++ b/configs/gui.nix
@@ -8,10 +8,19 @@
     chromium.commandLineArgs = "--enable-features=WebUIDarkMode,NativeNotifications,VaapiVideoDecoder --ignore-gpu-blocklist --use-gl=desktop --force-dark-mode --disk-cache-dir=/tmp/cache";
   };
 
-  networking.networkmanager = {
-    enable = true;
+  networking = {
+    firewall.enable = false;
+    networkmanager = {
+      enable = true;
+    };
   };
 
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  #   pinentryFlavor = "gtk2";
+  # };
+
   environment.systemPackages = with pkgs; [
     baobab
     barrier
@@ -64,6 +73,13 @@
     transmission-gtk
     virtmanager
     vulkan-tools
+    openconnect
+    networkmanager-openconnect
+    cypress
+    gnome.cheese
+    megapixels
+    obs-studio
+    fswebcam
   ];
 
   programs = {
diff --git a/configs/secrets.nix.secret b/configs/secrets.nix.secret
new file mode 100644
index 0000000000000000000000000000000000000000..1c6af6a0a0805769f3b983012c73859e58db6aab
GIT binary patch
literal 636
zcmZo=;$b$E7Pz~&A*Y*>|G&$Ikhb7=Cl|NBHe0`W;=flM%Y_R{e_ZYUA+mgO>tR;k
zbS8<#N<lwj5?}Hz*|n!XX_w!jl{%%n_U(Qx-=<+3#g*)GgY)1IrZY^dlEtTmUc35v
z&g0MzMV@;C>-K(%KCdFoX;ODQp)%n)gSu_fLHX8w`o)`8O>NGZb4zbp=d5*eR=Ua0
z{ciAKhS0{%JLEn3+Rm%C%k2C<Py0HT(Q84$LyAqGR&?#Y+LxytbmLaQj33j=<N~g^
zB)q$!ZPK{()&Bp+{njUIdp<4G3FbR9_Y&*Z4F^|+Utn5O+@WIW==<=Te~g^tXS?a=
zk1tzhvLWK)#M=8e+TTh#xPDTycz5C0`cLn!D>%HIeNx;(Yxj%!cD}RftS|3jyt8<I
zTBe=mmtEQu?IkPkO!M*+X1%>gg6+h+@3-9)1fR4`?l*jIzevkQ$v`Vb@zS+fdz`o5
zEtWYj>rU45g7RroTh{EE|JJ{zd{g5h{?!Sthtiq)L^;E4swDdrYvY>ddNNO3IB~JY
z1_cL$_aB6%-`(dqGflUfv;3QA48L*f>&u;Gk`s5t8CeGW7Cbw7+wO&_|0`#EN{O^2
z3RW%lNK4z3>B;E*v`1V`{n92EldQmnJ=xv;0<+KDzxT%RR7_se%Wb>rUv#h8kj%!g
z*!#S_g1Oic&*P8er2aYefBBMPy~jJJc=2}uzlXQBc-{1RefrX+Y(_Et4fEpLo)kvD
zf1abe_nLftGP{kBZ{7=oM<xOeE0@T)uibXJ#yOv@P2=)n_Gt#U{!f3nB1@EO%3|-&
zEPmDD^P>;x%zC}=#H|(6@2D%yY2d7i3%Z=e^``DepuBdv)l-ARFE7g`xJF9)z5)QJ
CFFBzA

literal 0
HcmV?d00001

diff --git a/configs/user-gui.nix b/configs/user-gui.nix
index ddf3e3d..7002f35 100644
--- a/configs/user-gui.nix
+++ b/configs/user-gui.nix
@@ -103,7 +103,7 @@
     services = {
       picom = {
         enable = true;
-        blur = false;
+        blur = true;
         shadow = true;
         vSync = true;
       };
diff --git a/machine/vps.nix b/machine/vps.nix
index 3f99ef2..b2ec487 100644
--- a/machine/vps.nix
+++ b/machine/vps.nix
@@ -30,13 +30,7 @@
     nodejs
   ];
 
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
   programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
 
   security.acme.email = "webmaster@szczepan.ski";
   security.acme.acceptTerms = true;