diff --git a/.sops.yml b/.sops.yml index 96e09c3..4b9efc8 100644 --- a/.sops.yml +++ b/.sops.yml @@ -1,8 +1,60 @@ keys: - &primary age10c5hmykkduvy75yvqfnchm5lcesr5puarhkwp4l7xdwpykdm397q6xdxuy + - home: + - &chris age + - system: + - &aule age + - &mandos age + - &manwe age10c5hmykkduvy75yvqfnchm5lcesr5puarhkwp4l7xdwpykdm397q6xdxuy + - &melkor age + - &orome age + - &tulkas age + - &varda age + - &yavanna age creation_rules: - - path_regex: secrets/secrets.yml$ + - path_regex: secrets/secrets.ya?ml$ key_groups: - age: - *primary + + #=================================================================== + # HOSTS + #=================================================================== + - path_regex: systems/x64_86-linux/aule/secrets.yaml$ + age: *aule + + - path_regex: systems/x64_86-linux/mandos/secrets.yaml$ + age: *mandos + + - path_regex: systems/x64_86-linux/manwe/secrets.yaml$ + age: *manwe + + - path_regex: systems/x64_86-linux/melkor/secrets.yaml$ + age: *melkor + + - path_regex: systems/x64_86-linux/orome/secrets.yaml$ + age: *orome + + - path_regex: systems/x64_86-linux/tulkas/secrets.yaml$ + age: *tulkas + + - path_regex: systems/x64_86-linux/varda/secrets.yaml$ + age: *varda + + - path_regex: systems/x64_86-linux/yavanna/secrets.yaml$ + age: *yavanna + + #=================================================================== + # USERS + #=================================================================== + - path_regex: homes/x64_86-linux/chris@\w+/secrets.ya?ml$ + age: chris + + + + + + + + diff --git a/README.md b/README.md index 2eb75c9..db11887 100644 --- a/README.md +++ b/README.md @@ -18,4 +18,5 @@ nix build .#install-isoConfigurations.minimal - [dafitt/dotfiles](https://github.com/dafitt/dotfiles/) - [khaneliman/khanelinix](https://github.com/khaneliman/khanelinix) +- [alex007sirois/nix-config](https://github.com/alex007sirois/nix-config) (justfile) - [hmajid2301/nixicle](https://gitlab.com/hmajid2301/nixicle) (the GOAT, he did what I am aiming for!) \ No newline at end of file diff --git a/flake.lock b/flake.lock index 6bf8015..ef769ed 100644 --- a/flake.lock +++ b/flake.lock @@ -67,6 +67,26 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1753140376, + "narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=", + "owner": "nix-community", + "repo": "disko", + "rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "erosanix": { "inputs": { "flake-compat": "flake-compat", @@ -881,6 +901,7 @@ }, "root": { "inputs": { + "disko": "disko", "erosanix": "erosanix", "fenix": "fenix", "firefox": "firefox", diff --git a/flake.nix b/flake.nix index d696f4b..9467815 100644 --- a/flake.nix +++ b/flake.nix @@ -9,6 +9,11 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; @@ -103,7 +108,7 @@ nix-minecraft.overlay flux.overlays.default ]; - + homes.modules = with inputs; [ stylix.homeModules.stylix plasma-manager.homeManagerModules.plasma-manager diff --git a/justfile b/justfile index c7a9326..28330be 100644 --- a/justfile +++ b/justfile @@ -14,4 +14,8 @@ install profile host: nix run nixpkgs#nixos-anywhere -- \ --flake .#{{profile}} \ --generate-hardware-config nixos-generate-config ./hardware-configuration.nix \ - {{host}} \ No newline at end of file + {{host}} + +[doc('builds the configuration for the host')] +build host: + nh os build . -H {{host}} \ No newline at end of file diff --git a/modules/nixos/nix/default.nix b/modules/nixos/nix/default.nix index 7d1f069..3104ecd 100644 --- a/modules/nixos/nix/default.nix +++ b/modules/nixos/nix/default.nix @@ -15,10 +15,10 @@ in nix = { package = pkgs.nixVersions.latest; - extraOptions = "experimental-features = nix-command flakes"; + extraOptions = "experimental-features = nix-command flakes pipe-operators"; settings = { - experimental-features = [ "nix-command" "flakes" ]; + experimental-features = [ "nix-command" "flakes" "pipe-operators" ]; allowed-users = [ "@wheel" ]; trusted-users = [ "@wheel" ]; diff --git a/modules/nixos/system/security/sops/default.nix b/modules/nixos/system/security/sops/default.nix index a75856d..1383681 100644 --- a/modules/nixos/system/security/sops/default.nix +++ b/modules/nixos/system/security/sops/default.nix @@ -13,10 +13,11 @@ in environment.systemPackages = with pkgs; [ sops ]; sops = { + age.keyFile = "/home/.sops-key.age"; + defaultSopsFile = ../../../../secrets/secrets.yaml; defaultSopsFormat = "yaml"; - age.keyFile = "/home/"; }; }; } \ No newline at end of file diff --git a/systems/x86_64-linux/manwe/disks.nix b/systems/x86_64-linux/manwe/disks.nix index d68db6a..e3e449f 100644 --- a/systems/x86_64-linux/manwe/disks.nix +++ b/systems/x86_64-linux/manwe/disks.nix @@ -1,34 +1,59 @@ -{ config, lib, pkgs, modulesPath, ... }: +{ config, lib, pkgs, modulesPath, inputs, ... }: let inherit (lib.modules) mkDefault; in { - # TODO :: Implement disko at some point + imports = [ + inputs.disko.nixosModules.disko + ]; - swapDevices = []; + config = { + swapDevices = []; - boot.supportedFilesystems = [ "nfs" ]; - - fileSystems = { - "/" = { - device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; + boot.supportedFilesystems = [ "nfs" ]; + + disko.devices = { + disk = { + main = { + device = "/dev/nvme0"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "100M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; }; + + fileSystems = { + "/home/chris/media" = { + device = "ulmo:/"; + fsType = "nfs"; + }; - "/boot" = { - device = "/dev/disk/by-label/boot"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - "/home/chris/media" = { - device = "ulmo:/"; - fsType = "nfs"; - }; - - "/home/chris/mandos" = { - device = "mandos:/"; - fsType = "nfs"; + "/home/chris/mandos" = { + device = "mandos:/"; + fsType = "nfs"; + }; }; }; } diff --git a/_secrets/secrets.yaml b/systems/x86_64-linux/manwe/secrets.yaml similarity index 71% rename from _secrets/secrets.yaml rename to systems/x86_64-linux/manwe/secrets.yaml index 78b1a8c..1872dc2 100644 --- a/_secrets/secrets.yaml +++ b/systems/x86_64-linux/manwe/secrets.yaml @@ -11,15 +11,15 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age10c5hmykkduvy75yvqfnchm5lcesr5puarhkwp4l7xdwpykdm397q6xdxuy - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpeHZXWkZ2andYSytmYWpR - ckttNVJZaWxDK2ZwME1iY2wrWFNwR0hzWUNFCjVSaWpmTHkzdHpPNjhueTQ5ZUEz - YW1BcnIwU1hsb2lodk1QcHJvTUdrVVUKLS0tIFNpWlBqb2pOWDVLV0FvU1FUODJB - dTg0QXZuSkJXV3ZRSUlKcktDNElia28KKZ62gTVpeiz1CfK7awURrPZ7zAYx9vfR - Ajxk0cw1gleE6EU2iIlLOWtmyZbcNk1X32a+otXijlH8fDGtoxA97Q== - -----END AGE ENCRYPTED FILE----- + - recipient: age10c5hmykkduvy75yvqfnchm5lcesr5puarhkwp4l7xdwpykdm397q6xdxuy + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpeHZXWkZ2andYSytmYWpR + ckttNVJZaWxDK2ZwME1iY2wrWFNwR0hzWUNFCjVSaWpmTHkzdHpPNjhueTQ5ZUEz + YW1BcnIwU1hsb2lodk1QcHJvTUdrVVUKLS0tIFNpWlBqb2pOWDVLV0FvU1FUODJB + dTg0QXZuSkJXV3ZRSUlKcktDNElia28KKZ62gTVpeiz1CfK7awURrPZ7zAYx9vfR + Ajxk0cw1gleE6EU2iIlLOWtmyZbcNk1X32a+otXijlH8fDGtoxA97Q== + -----END AGE ENCRYPTED FILE----- lastmodified: "2025-03-09T11:37:49Z" mac: ENC[AES256_GCM,data:ZEqJc6slPb3YMR9kn/jFImjkQQIT3KyUK3qE3JMty+IAAr9GT8r+rHOwku4TOwL6YzON6L5vkUQFFKnOz9GiJuGkStc6AbML4SfOlRDsaFU4kwO+27UvDBYRqi6iHtJ2pu/uD4wELVhdbElxHvFlCjtgqBWaWmlXw3ATjkiZnik=,iv:zJNM/TqNfBO/mr8ZK/I/FfXwknyn9YpJ0eo4EpHSJvQ=,tag:G4FLx/Hwknq5hYEb8SWQLg==,type:str] pgp: []