diff --git a/.sops.yml b/.sops.yml index 2d6e291..96e09c3 100644 --- a/.sops.yml +++ b/.sops.yml @@ -1,57 +1,8 @@ keys: - - home: - - &chris age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x - - system: - - &aule age - - &mandos age - - &manwe age10c5hmykkduvy75yvqfnchm5lcesr5puarhkwp4l7xdwpykdm397q6xdxuy - - &melkor age - - &orome age - - &tulkas age - - &varda age - - &yavanna age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x + - &primary age10c5hmykkduvy75yvqfnchm5lcesr5puarhkwp4l7xdwpykdm397q6xdxuy creation_rules: - #=================================================================== - # HOSTS - #=================================================================== - - path_regex: systems/x86_64-linux/aule/secrets.yaml$ - age: *aule - - - path_regex: systems/x86_64-linux/mandos/secrets.yaml$ - age: *mandos - - - path_regex: systems/x86_64-linux/manwe/secrets.yaml$ + - path_regex: secrets/secrets.yml$ key_groups: - - age: - - *manwe - - *yavanna - - - path_regex: systems/x86_64-linux/melkor/secrets.yaml$ - age: *melkor - - - path_regex: systems/x86_64-linux/orome/secrets.yaml$ - age: *orome - - - path_regex: systems/x86_64-linux/tulkas/secrets.yaml$ - age: *tulkas - - - path_regex: systems/x86_64-linux/varda/secrets.yaml$ - age: *varda - - - path_regex: systems/x86_64-linux/yavanna/secrets.yaml$ - age: *yavanna - - #=================================================================== - # USERS - #=================================================================== - - path_regex: homes/x86_64-linux/chris@\w+/secrets.yaml$ - age: *chris - - - - - - - - + - age: + - *primary diff --git a/README.md b/README.md index db11887..2eb75c9 100644 --- a/README.md +++ b/README.md @@ -18,5 +18,4 @@ nix build .#install-isoConfigurations.minimal - [dafitt/dotfiles](https://github.com/dafitt/dotfiles/) - [khaneliman/khanelinix](https://github.com/khaneliman/khanelinix) -- [alex007sirois/nix-config](https://github.com/alex007sirois/nix-config) (justfile) - [hmajid2301/nixicle](https://gitlab.com/hmajid2301/nixicle) (the GOAT, he did what I am aiming for!) \ No newline at end of file diff --git a/_secrets/secrets.yaml b/_secrets/secrets.yaml new file mode 100644 index 0000000..78b1a8c --- /dev/null +++ b/_secrets/secrets.yaml @@ -0,0 +1,30 @@ +#ENC[AES256_GCM,data:jozDiJTPaF427kVL4MDV8VOVhft52sOS9YIfj0n8WUJmQzVoiNY=,iv:8kyaDw0l82KZfYKkfKDj0wvcIkY6zas5e8puubEr1mA=,tag:LvuVGvU195BihU8TbPN1xg==,type:comment] +example_key: ENC[AES256_GCM,data:9jefDfjJLP8Ha135Lg==,iv:9SUpjO1t65gA3LiwYN6nMj7icwInxTCQz7JsNEfQ2XA=,tag:Y8BBSLwUQem8wSXAlvnEXg==,type:str] +#ENC[AES256_GCM,data:IU1T4k/+44s8qFnjnreDMihjQRmMd5qSTtfA/ung5/1f1JmBXGP7EwYJBFF9BSBkBqBfv24A9Ok=,iv:tHzL3pW/qsNdWGT3c+ni0uTlkBMWOu/SsraymCuAkqs=,tag:nWZgWdPNiKQ0j/t9Z/5l5g==,type:comment] +#ENC[AES256_GCM,data:BhUTbsJB5voz4m1w8u1Y/MI8kR5lpRW8RpZO65IyGg232uNSoBLXB2QSl1GseyTC8bZHPiCF2gnttPD+76kqVlfzhhDu4EKU,iv:Ic8ZpR2QBBGhF2++S/TR/DRutkTghpMiby+yvNy0CSE=,tag:Z1JEtowycGDNWuznlkId8A==,type:comment] +example: + my_subdir: + my_secret: ENC[AES256_GCM,data:hccfc6uU4tGT,iv:HYjmo9kAVCcXSpDKWGku3vaJVvZHzYB3l079xXw5OEQ=,tag:c2b8BSqlL1LTcDf1nSPfVA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age10c5hmykkduvy75yvqfnchm5lcesr5puarhkwp4l7xdwpykdm397q6xdxuy + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpeHZXWkZ2andYSytmYWpR + ckttNVJZaWxDK2ZwME1iY2wrWFNwR0hzWUNFCjVSaWpmTHkzdHpPNjhueTQ5ZUEz + YW1BcnIwU1hsb2lodk1QcHJvTUdrVVUKLS0tIFNpWlBqb2pOWDVLV0FvU1FUODJB + dTg0QXZuSkJXV3ZRSUlKcktDNElia28KKZ62gTVpeiz1CfK7awURrPZ7zAYx9vfR + Ajxk0cw1gleE6EU2iIlLOWtmyZbcNk1X32a+otXijlH8fDGtoxA97Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-03-09T11:37:49Z" + mac: ENC[AES256_GCM,data:ZEqJc6slPb3YMR9kn/jFImjkQQIT3KyUK3qE3JMty+IAAr9GT8r+rHOwku4TOwL6YzON6L5vkUQFFKnOz9GiJuGkStc6AbML4SfOlRDsaFU4kwO+27UvDBYRqi6iHtJ2pu/uD4wELVhdbElxHvFlCjtgqBWaWmlXw3ATjkiZnik=,iv:zJNM/TqNfBO/mr8ZK/I/FfXwknyn9YpJ0eo4EpHSJvQ=,tag:G4FLx/Hwknq5hYEb8SWQLg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4 + +zitadel: + masterKey: thisWillBeAnEncryptedValueInTheFuture diff --git a/flake.lock b/flake.lock index ef769ed..6bf8015 100644 --- a/flake.lock +++ b/flake.lock @@ -67,26 +67,6 @@ "type": "github" } }, - "disko": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1753140376, - "narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=", - "owner": "nix-community", - "repo": "disko", - "rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "disko", - "type": "github" - } - }, "erosanix": { "inputs": { "flake-compat": "flake-compat", @@ -901,7 +881,6 @@ }, "root": { "inputs": { - "disko": "disko", "erosanix": "erosanix", "fenix": "fenix", "firefox": "firefox", diff --git a/flake.nix b/flake.nix index fa4895c..d696f4b 100644 --- a/flake.nix +++ b/flake.nix @@ -9,11 +9,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - disko = { - url = "github:nix-community/disko"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; @@ -29,14 +24,14 @@ url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; }; - - nixos-wsl = { - url = "github:nix-community/nixos-wsl"; - inputs = { - nixpkgs.follows = "nixpkgs"; - flake-compat.follows = ""; - }; - }; + + # neovim + nvf.url = "github:notashelf/nvf"; + + # plymouth theme + nixos-boot.url = "github:Melkor333/nixos-boot"; + + firefox.url = "github:nix-community/flake-firefox-nightly"; stylix.url = "github:nix-community/stylix"; @@ -46,12 +41,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - # neovim - nvf.url = "github:notashelf/nvf"; - - # plymouth theme - nixos-boot.url = "github:Melkor333/nixos-boot"; - zen-browser.url = "github:MarceColl/zen-browser-flake"; nix-minecraft.url = "github:Infinidoge/nix-minecraft"; @@ -78,6 +67,14 @@ grub2-themes = { url = "github:vinceliuice/grub2-themes"; }; + + nixos-wsl = { + url = "github:nix-community/nixos-wsl"; + inputs = { + nixpkgs.follows = "nixpkgs"; + flake-compat.follows = ""; + }; + }; }; outputs = inputs: inputs.snowfall-lib.mkFlake { @@ -106,7 +103,7 @@ nix-minecraft.overlay flux.overlays.default ]; - + homes.modules = with inputs; [ stylix.homeModules.stylix plasma-manager.homeManagerModules.plasma-manager diff --git a/homes/x86_64-linux/chris@manwe/secrets.yaml b/homes/x86_64-linux/chris@manwe/secrets.yaml deleted file mode 100644 index 0af2506..0000000 --- a/homes/x86_64-linux/chris@manwe/secrets.yaml +++ /dev/null @@ -1,21 +0,0 @@ -user_level_secrets: ENC[AES256_GCM,data:TNT+via+r4bpgROz,iv:cVO6/r4Aovr5uJFhU87mE5XwRJ518y4OJdHo4m92ahM=,tag:jYInD+euh7k1zSnMRppI5Q==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTYVRQTEVSMWM3WXY3eTdW - ZkUwSnNidlJwWGVETURpNUJRRUllYXo4WjNvCmxmN21qVzNFV3N4UVR6WEV1am1W - eW1KTk9HVDluek1BUnBmSGI3Y2ZqaDQKLS0tIHlMYldYMTVORVNWbEgrWlBSanRM - bUZiMHlOU3pxYUhQSTREb0l4TmFlOEkKiasV2H481aJzAvEAvyeWqGYDOW+WKRFX - yyocZDo0o1lHz/gNXoC0/ujU+O3rSXdsy6Qdz6Rm+xeFUfe4KoD4bg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-11T13:21:38Z" - mac: ENC[AES256_GCM,data:kfMcZuYuQqxxfqtyfH7DltSkq8YNz+vroB+ZQKTIpCNC/W6vJP1o23/xLRzdnEgnnH5GfgZQFAK8Am00/bUD2BgEPyXxXNf1lG70ocFbRM9htii92BFfHgfi25zlEqCO7yrudm1HEJyYrFbZnT63H6u1OgWSC38CzEZTBsCE0kU=,iv:feWGBau48s2GSvZjnKPfP2z46SBuHbh//4zzcLv+MTY=,tag:D86akwawLxobhEu2AvBFKg==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.4 diff --git a/justfile b/justfile index 70450dd..c7a9326 100644 --- a/justfile +++ b/justfile @@ -14,11 +14,4 @@ install profile host: nix run nixpkgs#nixos-anywhere -- \ --flake .#{{profile}} \ --generate-hardware-config nixos-generate-config ./hardware-configuration.nix \ - {{host}} - -[doc('builds the configuration for the host')] -build host: - nh os build . -H {{host}} - -edit-secrets target: - sops --config "{{justfile_directory()}}/.sops.yml" edit "{{justfile_directory()}}/{{ if target =~ ".+@.+" { "homes" } else { "systems" } }}/x86_64-linux/{{target}}/secrets.yaml" \ No newline at end of file + {{host}} \ No newline at end of file diff --git a/modules/home/application/zen/default.nix b/modules/home/application/zen/default.nix index ad4cb92..4723cc3 100644 --- a/modules/home/application/zen/default.nix +++ b/modules/home/application/zen/default.nix @@ -15,26 +15,5 @@ in home.sessionVariables = { MOZ_ENABLE_WAYLAND = "1"; }; - - programs.zen-browser = { - policies = { - AutofillAddressEnabled = true; - AutofillCreditCardEnabled = false; - DisableAppUpdate = true; - DisableFeedbackCommands = true; - DisableFirefoxStudies = true; - DisablePocket = true; - DisableTelemetry = true; - # DontCheckDefaultBrowser = false; - NoDefaultBookmarks = true; - # OfferToSaveLogins = false; - EnableTrackingProtection = { - Value = true; - Locked = true; - Cryptomining = true; - Fingerprinting = true; - }; - }; - }; }; } diff --git a/modules/home/default.nix b/modules/home/default.nix index 6dc81b5..e3185e0 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -37,12 +37,11 @@ in { config = { home.sessionVariables = { - SHELL = cfg.shell; EDITOR = cfg.editor; TERMINAL = cfg.terminal; BROWSER = cfg.browser; }; - # users.defaultUserShell = pkgs.${cfg.shell}; + # home.shell = pkgs.${cfg.shell}; }; } diff --git a/modules/home/desktop/plasma/default.nix b/modules/home/desktop/plasma/default.nix index 13476fb..8614a97 100644 --- a/modules/home/desktop/plasma/default.nix +++ b/modules/home/desktop/plasma/default.nix @@ -20,11 +20,6 @@ in panels = import ./panels.nix; powerdevil = import ./power.nix; - kwin = { - edgeBarrier = 0; - cornerBarrier = false; - }; - session = { general.askForConfirmationOnLogout = false; sessionRestore.restoreOpenApplicationsOnLogin = "onLastLogout"; diff --git a/modules/home/terminal/ghostty/default.nix b/modules/home/terminal/ghostty/default.nix index 4681b53..00d925c 100644 --- a/modules/home/terminal/ghostty/default.nix +++ b/modules/home/terminal/ghostty/default.nix @@ -13,7 +13,6 @@ in programs.ghostty = { enable = true; settings = { - command = config.${namespace}.defaults.shell; background-blur-radius = 20; theme = "dark:stylix,light:stylix"; window-theme = (config.${namespace}.themes.polarity or "dark"); diff --git a/modules/nixos/desktop/default.nix b/modules/nixos/desktop/default.nix index 9fd9192..f38a28e 100644 --- a/modules/nixos/desktop/default.nix +++ b/modules/nixos/desktop/default.nix @@ -17,12 +17,18 @@ in example = "plasma"; description = "Which desktop to enable"; }; + + autoLogin = mkEnableOption "Enable plasma's auto login feature."; }; config = mkMerge [ ({ services.displayManager = { enable = true; + + autoLogin = mkIf cfg.autoLogin { + enable = true; + }; }; }) diff --git a/modules/nixos/hardware/bluetooth/default.nix b/modules/nixos/hardware/bluetooth/default.nix index 98fc678..1b99eef 100644 --- a/modules/nixos/hardware/bluetooth/default.nix +++ b/modules/nixos/hardware/bluetooth/default.nix @@ -11,9 +11,6 @@ in hardware.bluetooth = { enable = true; powerOnBoot = true; - settings = { - General.Experimental = true; # Show battery charge of Bluetooth devices - }; }; services.pipewire.wireplumber.extraConfig.bluetoothEnhancements = { diff --git a/modules/nixos/nix/default.nix b/modules/nixos/nix/default.nix index 3104ecd..7d1f069 100644 --- a/modules/nixos/nix/default.nix +++ b/modules/nixos/nix/default.nix @@ -15,10 +15,10 @@ in nix = { package = pkgs.nixVersions.latest; - extraOptions = "experimental-features = nix-command flakes pipe-operators"; + extraOptions = "experimental-features = nix-command flakes"; settings = { - experimental-features = [ "nix-command" "flakes" "pipe-operators" ]; + experimental-features = [ "nix-command" "flakes" ]; allowed-users = [ "@wheel" ]; trusted-users = [ "@wheel" ]; diff --git a/modules/nixos/system/security/sops/default.nix b/modules/nixos/system/security/sops/default.nix index ebceca3..a75856d 100644 --- a/modules/nixos/system/security/sops/default.nix +++ b/modules/nixos/system/security/sops/default.nix @@ -13,10 +13,10 @@ in environment.systemPackages = with pkgs; [ sops ]; sops = { - age.keyFile = "/home/.sops-key.age"; - - defaultSopsFile = ../../../../systems/x86_64-linux/${config.networking.hostName}/secrets.yaml; + defaultSopsFile = ../../../../secrets/secrets.yaml; defaultSopsFormat = "yaml"; + + age.keyFile = "/home/"; }; }; } \ No newline at end of file diff --git a/systems/x86_64-linux/manwe/README.md b/systems/x86_64-linux/manwe/README.md index 1da7ab1..3bb6746 100644 --- a/systems/x86_64-linux/manwe/README.md +++ b/systems/x86_64-linux/manwe/README.md @@ -1,3 +1,8 @@ # Description +<<<<<<< HEAD My steambox. +======= +My desktop, reasoning for the name being the following chain of thought: +**Manwe -> the king of the valar -> leader -> desktop is main machine** +>>>>>>> 72b0f6f8fad97a4ade1b54dfada26828a170febf diff --git a/systems/x86_64-linux/manwe/default.nix b/systems/x86_64-linux/manwe/default.nix index 76d4e6d..c333f85 100644 --- a/systems/x86_64-linux/manwe/default.nix +++ b/systems/x86_64-linux/manwe/default.nix @@ -28,11 +28,5 @@ }; }; - - services.displayManager.autoLogin = { - enable = true; - user = "chris"; - }; - system.stateVersion = "23.11"; } diff --git a/systems/x86_64-linux/manwe/disks.nix b/systems/x86_64-linux/manwe/disks.nix index e3e449f..d68db6a 100644 --- a/systems/x86_64-linux/manwe/disks.nix +++ b/systems/x86_64-linux/manwe/disks.nix @@ -1,59 +1,34 @@ -{ config, lib, pkgs, modulesPath, inputs, ... }: +{ config, lib, pkgs, modulesPath, ... }: let inherit (lib.modules) mkDefault; in { - imports = [ - inputs.disko.nixosModules.disko - ]; + # TODO :: Implement disko at some point - config = { - swapDevices = []; + swapDevices = []; - boot.supportedFilesystems = [ "nfs" ]; - - disko.devices = { - disk = { - main = { - device = "/dev/nvme0"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - ESP = { - size = "100M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; + boot.supportedFilesystems = [ "nfs" ]; + + fileSystems = { + "/" = { + device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; }; - - fileSystems = { - "/home/chris/media" = { - device = "ulmo:/"; - fsType = "nfs"; - }; - "/home/chris/mandos" = { - device = "mandos:/"; - fsType = "nfs"; - }; + "/boot" = { + device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + "/home/chris/media" = { + device = "ulmo:/"; + fsType = "nfs"; + }; + + "/home/chris/mandos" = { + device = "mandos:/"; + fsType = "nfs"; }; }; } diff --git a/systems/x86_64-linux/manwe/secrets.yaml b/systems/x86_64-linux/manwe/secrets.yaml deleted file mode 100644 index 6e2a986..0000000 --- a/systems/x86_64-linux/manwe/secrets.yaml +++ /dev/null @@ -1,31 +0,0 @@ -zitadel: - masterKey: ENC[AES256_GCM,data:iSeZOloWLrdP8S+ac7ubIcv9TF3Sm8Ni,iv:8v3/ratFQ5vq2rbZOUMKfPhVTA9uQY2eFQU4IR8s3VU=,tag:9y90aDQ2PfFT//X2i2YvvA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age10c5hmykkduvy75yvqfnchm5lcesr5puarhkwp4l7xdwpykdm397q6xdxuy - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4R0UyWmx5L3hCbGhQVXI0 - NmpkMThPVlgrRHZZMnFrNTAwbzVTY1F6NEVVCjJaRHdhbHV6R1RJM2JIQzc3dkNu - a01FYlM3b1dXbmxGN2tWU3FMdXMveG8KLS0tIG1SSjNXdXZNN2ZyQ2UyZ0pIZXJJ - NmpMS2oySFE1S1RER3J1RGl4MlRQK00Ks+PcxcHmygYz+a+d0ZrzrdUpTQ50NYkA - aDFbtRtukn9e7i3bGUyD4nisSvs4YjfoQxR/pC8hs4k3f5V2jwDh2w== - -----END AGE ENCRYPTED FILE----- - - recipient: age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwaTN4clFoWDNwU2lpaHBn - M2pVeU5oM0JRNmp6NEJjQ3BHeWlzeSs3bTI0CnBocngvbzZQUXBsMG9Oc2J6dlBT - MjdtaFdmOHg5ZmZmSkViWGJFYThQYXcKLS0tIFRNd2JiVlFTREtDMTdzR2V0SlVo - Q0d5ZDVDM05LdFp4UnB4dFRPUm5vU0UKR/MAONEWaT6XXyPB1IrSIKqW5PZNIbuB - n7QX3DJIzlajtmq+82/wPFPTBkLvSSjV5FKL5ErMwTDndcIn+NlOhQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-11T13:11:00Z" - mac: ENC[AES256_GCM,data:P34YsR/Rvc3q4Os5n9hxonJLCXwifMRnKOCM59h5MRMT/aqjl+QlBX+oUADsqDSrhUscQb3N/UlpFeOT6qg+FmJbT/mYMH6v1xK16VD0M7VWydXpmjDu5If+O89lgDHsiEOGDgeR04jkiaY0yzT9U8l9CND5fMvF3I9o5Z1SZQk=,iv:NgUD8gB2bQa5vh0nb0Ngqp5dn0yqskHudWo8xoVjM4Q=,tag:5oTcnailDCHeMvMLz63e1w==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.4