added git secret

2021-08-13 00:05:07 +02:00
parent e532f3baa2
commit 79775c4dde
10 changed files with 35 additions and 17 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,3 @@
 .gitsecret/keys/random_seed
 !*.secret
 configs/secrets.nix
--- a/.gitsecret/keys/pubring.kbx
+++ b/.gitsecret/keys/pubring.kbx
--- a/.gitsecret/keys/pubring.kbx~
+++ b/.gitsecret/keys/pubring.kbx~
--- a/.gitsecret/keys/trustdb.gpg
+++ b/.gitsecret/keys/trustdb.gpg
--- a/.gitsecret/paths/mapping.cfg
+++ b/.gitsecret/paths/mapping.cfg
@ -0,0 +1 @@
 configs/secrets.nix:f4c7954901423088644fc4a7b0e1a8a5f6880a0a933864cc3220c2836f9d5400
--- a/configs/common.nix
+++ b/configs/common.nix
@ -1,5 +1,7 @@
 { config, pkgs, lib, ... }:
-
+let
  secrets = import ./secrets.nix;
 in
 {
  imports =
    [
@ -19,12 +21,9 @@
    nextdns = {
      enable = true;
      arguments = [
-        "-config"
+        "-config" secrets.nextdnshash
-        "aaa56c"
+        "-cache-size" "10MB"
-        "-cache-size"
+        "-listen" "127.0.0.1:53"
        "10MB"
        "-listen"
        "127.0.0.1:53"
        "-report-client-info"
      ];
    };
@ -39,6 +38,11 @@
    networkmanager.dns = "none";
  };
  programs.gnupg.agent = {
    enable = true;
    pinentryFlavor = "curses";
  };
  environment.systemPackages = with pkgs; [
    ack
    atop
@ -52,7 +56,7 @@
    exa
    ffmpeg
    git
-    git-secrets
+    git-secret
    glances
    gnupg
    gocryptfs
--- a/configs/gui.nix
+++ b/configs/gui.nix
@ -8,10 +8,19 @@
    chromium.commandLineArgs = "--enable-features=WebUIDarkMode,NativeNotifications,VaapiVideoDecoder --ignore-gpu-blocklist --use-gl=desktop --force-dark-mode --disk-cache-dir=/tmp/cache";
  };
-  networking.networkmanager = {
+  networking = {
-    enable = true;
+    firewall.enable = false;
    networkmanager = {
      enable = true;
    };
  };
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  #   pinentryFlavor = "gtk2";
  # };
  environment.systemPackages = with pkgs; [
    baobab
    barrier
@ -64,6 +73,13 @@
    transmission-gtk
    virtmanager
    vulkan-tools
    openconnect
    networkmanager-openconnect
    cypress
    gnome.cheese
    megapixels
    obs-studio
    fswebcam
  ];
  programs = {
--- a/configs/secrets.nix.secret
+++ b/configs/secrets.nix.secret
--- a/configs/user-gui.nix
+++ b/configs/user-gui.nix
@ -103,7 +103,7 @@
    services = {
      picom = {
        enable = true;
-        blur = false;
+        blur = true;
        shadow = true;
        vSync = true;
      };
--- a/machine/vps.nix
+++ b/machine/vps.nix
@ -30,13 +30,7 @@
    nodejs
  ];
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };
  security.acme.email = "webmaster@szczepan.ski";
  security.acme.acceptTerms = true;
		`@ -0,0 +1 @@`
							`configs/secrets.nix:f4c7954901423088644fc4a7b0e1a8a5f6880a0a933864cc3220c2836f9d5400`