diff --git a/.sops.yml b/.sops.yml index 96e09c3..2d6e291 100644 --- a/.sops.yml +++ b/.sops.yml @@ -1,8 +1,57 @@ keys: - - &primary age10c5hmykkduvy75yvqfnchm5lcesr5puarhkwp4l7xdwpykdm397q6xdxuy + - home: + - &chris age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x + - system: + - &aule age + - &mandos age + - &manwe age10c5hmykkduvy75yvqfnchm5lcesr5puarhkwp4l7xdwpykdm397q6xdxuy + - &melkor age + - &orome age + - &tulkas age + - &varda age + - &yavanna age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x creation_rules: - - path_regex: secrets/secrets.yml$ + #=================================================================== + # HOSTS + #=================================================================== + - path_regex: systems/x86_64-linux/aule/secrets.yaml$ + age: *aule + + - path_regex: systems/x86_64-linux/mandos/secrets.yaml$ + age: *mandos + + - path_regex: systems/x86_64-linux/manwe/secrets.yaml$ key_groups: - - age: - - *primary + - age: + - *manwe + - *yavanna + + - path_regex: systems/x86_64-linux/melkor/secrets.yaml$ + age: *melkor + + - path_regex: systems/x86_64-linux/orome/secrets.yaml$ + age: *orome + + - path_regex: systems/x86_64-linux/tulkas/secrets.yaml$ + age: *tulkas + + - path_regex: systems/x86_64-linux/varda/secrets.yaml$ + age: *varda + + - path_regex: systems/x86_64-linux/yavanna/secrets.yaml$ + age: *yavanna + + #=================================================================== + # USERS + #=================================================================== + - path_regex: homes/x86_64-linux/chris@\w+/secrets.yaml$ + age: *chris + + + + + + + + diff --git a/README.md b/README.md index 2eb75c9..db11887 100644 --- a/README.md +++ b/README.md @@ -18,4 +18,5 @@ nix build .#install-isoConfigurations.minimal - [dafitt/dotfiles](https://github.com/dafitt/dotfiles/) - [khaneliman/khanelinix](https://github.com/khaneliman/khanelinix) +- [alex007sirois/nix-config](https://github.com/alex007sirois/nix-config) (justfile) - [hmajid2301/nixicle](https://gitlab.com/hmajid2301/nixicle) (the GOAT, he did what I am aiming for!) \ No newline at end of file diff --git a/_secrets/secrets.yaml b/_secrets/secrets.yaml deleted file mode 100644 index 78b1a8c..0000000 --- a/_secrets/secrets.yaml +++ /dev/null @@ -1,30 +0,0 @@ -#ENC[AES256_GCM,data:jozDiJTPaF427kVL4MDV8VOVhft52sOS9YIfj0n8WUJmQzVoiNY=,iv:8kyaDw0l82KZfYKkfKDj0wvcIkY6zas5e8puubEr1mA=,tag:LvuVGvU195BihU8TbPN1xg==,type:comment] -example_key: ENC[AES256_GCM,data:9jefDfjJLP8Ha135Lg==,iv:9SUpjO1t65gA3LiwYN6nMj7icwInxTCQz7JsNEfQ2XA=,tag:Y8BBSLwUQem8wSXAlvnEXg==,type:str] -#ENC[AES256_GCM,data:IU1T4k/+44s8qFnjnreDMihjQRmMd5qSTtfA/ung5/1f1JmBXGP7EwYJBFF9BSBkBqBfv24A9Ok=,iv:tHzL3pW/qsNdWGT3c+ni0uTlkBMWOu/SsraymCuAkqs=,tag:nWZgWdPNiKQ0j/t9Z/5l5g==,type:comment] -#ENC[AES256_GCM,data:BhUTbsJB5voz4m1w8u1Y/MI8kR5lpRW8RpZO65IyGg232uNSoBLXB2QSl1GseyTC8bZHPiCF2gnttPD+76kqVlfzhhDu4EKU,iv:Ic8ZpR2QBBGhF2++S/TR/DRutkTghpMiby+yvNy0CSE=,tag:Z1JEtowycGDNWuznlkId8A==,type:comment] -example: - my_subdir: - my_secret: ENC[AES256_GCM,data:hccfc6uU4tGT,iv:HYjmo9kAVCcXSpDKWGku3vaJVvZHzYB3l079xXw5OEQ=,tag:c2b8BSqlL1LTcDf1nSPfVA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age10c5hmykkduvy75yvqfnchm5lcesr5puarhkwp4l7xdwpykdm397q6xdxuy - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpeHZXWkZ2andYSytmYWpR - ckttNVJZaWxDK2ZwME1iY2wrWFNwR0hzWUNFCjVSaWpmTHkzdHpPNjhueTQ5ZUEz - YW1BcnIwU1hsb2lodk1QcHJvTUdrVVUKLS0tIFNpWlBqb2pOWDVLV0FvU1FUODJB - dTg0QXZuSkJXV3ZRSUlKcktDNElia28KKZ62gTVpeiz1CfK7awURrPZ7zAYx9vfR - Ajxk0cw1gleE6EU2iIlLOWtmyZbcNk1X32a+otXijlH8fDGtoxA97Q== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-09T11:37:49Z" - mac: ENC[AES256_GCM,data:ZEqJc6slPb3YMR9kn/jFImjkQQIT3KyUK3qE3JMty+IAAr9GT8r+rHOwku4TOwL6YzON6L5vkUQFFKnOz9GiJuGkStc6AbML4SfOlRDsaFU4kwO+27UvDBYRqi6iHtJ2pu/uD4wELVhdbElxHvFlCjtgqBWaWmlXw3ATjkiZnik=,iv:zJNM/TqNfBO/mr8ZK/I/FfXwknyn9YpJ0eo4EpHSJvQ=,tag:G4FLx/Hwknq5hYEb8SWQLg==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.4 - -zitadel: - masterKey: thisWillBeAnEncryptedValueInTheFuture diff --git a/flake.lock b/flake.lock index 1935971..ef769ed 100644 --- a/flake.lock +++ b/flake.lock @@ -67,6 +67,26 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1753140376, + "narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=", + "owner": "nix-community", + "repo": "disko", + "rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "erosanix": { "inputs": { "flake-compat": "flake-compat", @@ -94,11 +114,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1753944209, - "narHash": "sha256-dcGdqxhRRGoA/S38BsWOrwIiLYEBOqXKauHdFwKR310=", + "lastModified": 1754290399, + "narHash": "sha256-KwYm1/FeLqP9uE4Sbw+j2nI2/ErNbc9Mn+LPcrEOpX0=", "owner": "nix-community", "repo": "fenix", - "rev": "5ef8607d6e8a08cfb3946aaacaa0494792adf4ae", + "rev": "f53ddf7518d85d59b58df6e9955b25b0ac25f569", "type": "github" }, "original": { @@ -114,11 +134,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1753960679, - "narHash": "sha256-q82/pjksNMev2AJqK1v38BcK29kB2f7yB2GTEsrlR2M=", + "lastModified": 1754311269, + "narHash": "sha256-y84Q8qS5acSxl3QsLLGs4DboPhM/AYUMiTsJJZwmQxY=", "owner": "nix-community", "repo": "flake-firefox-nightly", - "rev": "c709bb72ee604949ff54df9519dc6cb0c6040007", + "rev": "5a6856f353975206aec02373c18e8cea3fa6bb75", "type": "github" }, "original": { @@ -432,11 +452,11 @@ ] }, "locked": { - "lastModified": 1753902883, - "narHash": "sha256-F7IUdBe//PDtcztUdu3XYxzJuKbYip6TwIRWLdrftO0=", + "lastModified": 1754075821, + "narHash": "sha256-ihlkNqYsNgJPCDOE2LPpUl/ww3LBKfsxeWs2sivhb10=", "owner": "himmelblau-idm", "repo": "himmelblau", - "rev": "d01709bf0100183045927c03b90db78fb8e40bda", + "rev": "f77821437959ecd67f2fb2b1266e5a644a46d149", "type": "github" }, "original": { @@ -452,11 +472,11 @@ ] }, "locked": { - "lastModified": 1753943136, - "narHash": "sha256-eiEE5SabVcIlGSTRcRyBjmJMaYAV95SJnjy8YSsVeW4=", + "lastModified": 1754263839, + "narHash": "sha256-ck7lILfCNuunsLvExPI4Pw9OOCJksxXwozum24W8b+8=", "owner": "nix-community", "repo": "home-manager", - "rev": "bd82507edd860c453471c46957cbbe3c9fd01b5c", + "rev": "1d7abbd5454db97e0af51416f4960b3fb64a4773", "type": "github" }, "original": { @@ -473,11 +493,11 @@ ] }, "locked": { - "lastModified": 1753938227, - "narHash": "sha256-KzjI9khMC2tOL5FClh3sHq8Gax1O5Rw0bH1hvJ3FU3E=", + "lastModified": 1754110197, + "narHash": "sha256-N7GWK2084EsNdwzwg6FCIgMrSau1WwzxGSNdPHx5Tak=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "8d1f0004594e0eddc00159ad7666e669a6bcb711", + "rev": "04ce5c103eb621220d69102bc0ee27c3abd89204", "type": "github" }, "original": { @@ -492,11 +512,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1753618592, - "narHash": "sha256-9sDACkrSbZOA1srKWQzvbkBFHZeXvHW8EYpWrVZPxDg=", + "lastModified": 1754223384, + "narHash": "sha256-pewBF80b4slivTMSeONyOPceyzUUlBLpVOxlGf0hFEY=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "81b2f78680ca3864bfdc0d4cbc3444af3e1ff271", + "rev": "2d6fee65844e851060a6817984248bcf8358c6b0", "type": "github" }, "original": { @@ -549,11 +569,11 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1753928630, - "narHash": "sha256-ASqyvmJ2EEUCyDJGMHRQ1ZqWnCd4SiVd7hi7dGBuSvw=", + "lastModified": 1754274768, + "narHash": "sha256-bI+Z15bpec7VEnxkrqOG+JX0bFa9CnVeg/uiaf8iiS0=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "30af81148ee29a4a13c938c25d3e68877b1b27fb", + "rev": "b54894d44fbe4d29c081ade695ffdb07bb21b322", "type": "github" }, "original": { @@ -621,11 +641,11 @@ ] }, "locked": { - "lastModified": 1753704990, - "narHash": "sha256-5E14xuNWy2Un1nFR55k68hgbnD8U2x/rE5DXJtYKusw=", + "lastModified": 1754260137, + "narHash": "sha256-IViMH6Fwj8nwO1nuYCqOTpjm9OK9rQ0w8nmoOwPlo98=", "owner": "nix-community", "repo": "nixos-wsl", - "rev": "58c814cc6d4a789191f9c12e18277107144b0c91", + "rev": "57ba096649fa4e12dc564e8e3c529255baf89b35", "type": "github" }, "original": { @@ -652,11 +672,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1753579242, - "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", + "lastModified": 1754184128, + "narHash": "sha256-AjhoyBL4eSyXf01Bmc6DiuaMrJRNdWopmdnMY0Pa/M0=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", + "rev": "02e72200e6d56494f4a7c0da8118760736e41b60", "type": "github" }, "original": { @@ -683,11 +703,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1753948617, - "narHash": "sha256-68ounbeMLJTO/Igq0rEqjldNReb/r2gR9zgLU2qiH7A=", + "lastModified": 1754284898, + "narHash": "sha256-wzM6HN0xxyooekXfl7p5P4Bn0LieOKOfsLg4DqY7XLk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4f1a1d0af135001efc1a58c8f31ede7bb1045874", + "rev": "114484ca7213ac06fa7907e58dd8ef9d801d39f0", "type": "github" }, "original": { @@ -715,11 +735,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1753965693, - "narHash": "sha256-ks84bo0xIjUdRJGqLHQTyXR5OGb+8zUQg+XarbSEtrw=", + "lastModified": 1754315431, + "narHash": "sha256-fnVgd+mIJeR/fsaJB11KcTFjoJzLZNglLjVRtAzwcUI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "113bb8d5ca48dc31c62835b5fafed82092d87a91", + "rev": "66023e4de2495a69792a2b72bd131358b824d2e3", "type": "github" }, "original": { @@ -747,11 +767,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1753694789, - "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=", + "lastModified": 1754214453, + "narHash": "sha256-Q/I2xJn/j1wpkGhWkQnm20nShYnG7TI99foDBpXm1SY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727", + "rev": "5b09dc45f24cf32316283e62aec81ffee3c3e376", "type": "github" }, "original": { @@ -843,11 +863,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1753878721, - "narHash": "sha256-Y+Kr6FTHggnZ31nhaiOhIboIi+dhnLmQ9p0xf0wwnDc=", + "lastModified": 1754137146, + "narHash": "sha256-V2AE32tLNvtYVBuc8ZRbkGjAZGsJchFbNVd6v5JXvg8=", "owner": "notashelf", "repo": "nvf", - "rev": "e35a74c44a35b28fd09f136dd3c0dbe9f300258f", + "rev": "16d396f039ffefabf93b7b3261e2a17e2f84439b", "type": "github" }, "original": { @@ -866,11 +886,11 @@ ] }, "locked": { - "lastModified": 1748196248, - "narHash": "sha256-1iHjsH6/5UOerJEoZKE+Gx1BgAoge/YcnUsOA4wQ/BU=", + "lastModified": 1754241118, + "narHash": "sha256-nsBBqbAFB7lUYIh6S6l7fQ/ALDhCckp7+rqbY2767uE=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "b7697abe89967839b273a863a3805345ea54ab56", + "rev": "968109159b4bbe4386ac281272ddcebeef09ebfc", "type": "github" }, "original": { @@ -881,6 +901,7 @@ }, "root": { "inputs": { + "disko": "disko", "erosanix": "erosanix", "fenix": "fenix", "firefox": "firefox", @@ -905,11 +926,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1753838657, - "narHash": "sha256-4FA7NTmrAqW5yt4A3hhzgDmAFD0LbGRMGKhb1LBSItI=", + "lastModified": 1754218780, + "narHash": "sha256-M+bLCsYRYA7iudlZkeOf+Azm/1TUvihIq51OKia6KJ8=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "8611b714597c89b092f3d4874f14acd3f72f44fd", + "rev": "8d75311400a108d7ffe17dc9c38182c566952e6e", "type": "github" }, "original": { @@ -978,11 +999,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1753919664, - "narHash": "sha256-U7Ts8VbVD4Z6n67gFx00dkpQJu27fMu173IUopX3pNI=", + "lastModified": 1754264048, + "narHash": "sha256-Yg1W0sFhBpnglfhWGlFmxzSmte1F157luHAADp5Hguk=", "owner": "nix-community", "repo": "stylix", - "rev": "30f5022236cf8dd257941cb0f910e198e7e464c7", + "rev": "1b5e1c5642cf96e07daf14ae4c5ddd23d7ed5623", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index d696f4b..fa4895c 100644 --- a/flake.nix +++ b/flake.nix @@ -9,6 +9,11 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; @@ -24,14 +29,14 @@ url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; }; - - # neovim - nvf.url = "github:notashelf/nvf"; - - # plymouth theme - nixos-boot.url = "github:Melkor333/nixos-boot"; - - firefox.url = "github:nix-community/flake-firefox-nightly"; + + nixos-wsl = { + url = "github:nix-community/nixos-wsl"; + inputs = { + nixpkgs.follows = "nixpkgs"; + flake-compat.follows = ""; + }; + }; stylix.url = "github:nix-community/stylix"; @@ -41,6 +46,12 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + # neovim + nvf.url = "github:notashelf/nvf"; + + # plymouth theme + nixos-boot.url = "github:Melkor333/nixos-boot"; + zen-browser.url = "github:MarceColl/zen-browser-flake"; nix-minecraft.url = "github:Infinidoge/nix-minecraft"; @@ -67,14 +78,6 @@ grub2-themes = { url = "github:vinceliuice/grub2-themes"; }; - - nixos-wsl = { - url = "github:nix-community/nixos-wsl"; - inputs = { - nixpkgs.follows = "nixpkgs"; - flake-compat.follows = ""; - }; - }; }; outputs = inputs: inputs.snowfall-lib.mkFlake { @@ -103,7 +106,7 @@ nix-minecraft.overlay flux.overlays.default ]; - + homes.modules = with inputs; [ stylix.homeModules.stylix plasma-manager.homeManagerModules.plasma-manager diff --git a/homes/x86_64-linux/chris@manwe/secrets.yaml b/homes/x86_64-linux/chris@manwe/secrets.yaml new file mode 100644 index 0000000..0af2506 --- /dev/null +++ b/homes/x86_64-linux/chris@manwe/secrets.yaml @@ -0,0 +1,21 @@ +user_level_secrets: ENC[AES256_GCM,data:TNT+via+r4bpgROz,iv:cVO6/r4Aovr5uJFhU87mE5XwRJ518y4OJdHo4m92ahM=,tag:jYInD+euh7k1zSnMRppI5Q==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTYVRQTEVSMWM3WXY3eTdW + ZkUwSnNidlJwWGVETURpNUJRRUllYXo4WjNvCmxmN21qVzNFV3N4UVR6WEV1am1W + eW1KTk9HVDluek1BUnBmSGI3Y2ZqaDQKLS0tIHlMYldYMTVORVNWbEgrWlBSanRM + bUZiMHlOU3pxYUhQSTREb0l4TmFlOEkKiasV2H481aJzAvEAvyeWqGYDOW+WKRFX + yyocZDo0o1lHz/gNXoC0/ujU+O3rSXdsy6Qdz6Rm+xeFUfe4KoD4bg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-08-11T13:21:38Z" + mac: ENC[AES256_GCM,data:kfMcZuYuQqxxfqtyfH7DltSkq8YNz+vroB+ZQKTIpCNC/W6vJP1o23/xLRzdnEgnnH5GfgZQFAK8Am00/bUD2BgEPyXxXNf1lG70ocFbRM9htii92BFfHgfi25zlEqCO7yrudm1HEJyYrFbZnT63H6u1OgWSC38CzEZTBsCE0kU=,iv:feWGBau48s2GSvZjnKPfP2z46SBuHbh//4zzcLv+MTY=,tag:D86akwawLxobhEu2AvBFKg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4 diff --git a/justfile b/justfile new file mode 100644 index 0000000..70450dd --- /dev/null +++ b/justfile @@ -0,0 +1,24 @@ +[private] +default: + @just -l + +[doc('Update flake dependencies')] +update: + nix flake update + +[doc('install nixos on a system (uses nix-anywhere) +> profile: Which profile to use +> host: How to reach the target system in the standard format of `user@host` +')] +install profile host: + nix run nixpkgs#nixos-anywhere -- \ + --flake .#{{profile}} \ + --generate-hardware-config nixos-generate-config ./hardware-configuration.nix \ + {{host}} + +[doc('builds the configuration for the host')] +build host: + nh os build . -H {{host}} + +edit-secrets target: + sops --config "{{justfile_directory()}}/.sops.yml" edit "{{justfile_directory()}}/{{ if target =~ ".+@.+" { "homes" } else { "systems" } }}/x86_64-linux/{{target}}/secrets.yaml" \ No newline at end of file diff --git a/modules/nixos/nix/default.nix b/modules/nixos/nix/default.nix index 7d1f069..3104ecd 100644 --- a/modules/nixos/nix/default.nix +++ b/modules/nixos/nix/default.nix @@ -15,10 +15,10 @@ in nix = { package = pkgs.nixVersions.latest; - extraOptions = "experimental-features = nix-command flakes"; + extraOptions = "experimental-features = nix-command flakes pipe-operators"; settings = { - experimental-features = [ "nix-command" "flakes" ]; + experimental-features = [ "nix-command" "flakes" "pipe-operators" ]; allowed-users = [ "@wheel" ]; trusted-users = [ "@wheel" ]; diff --git a/modules/nixos/system/security/sops/default.nix b/modules/nixos/system/security/sops/default.nix index a75856d..ebceca3 100644 --- a/modules/nixos/system/security/sops/default.nix +++ b/modules/nixos/system/security/sops/default.nix @@ -13,10 +13,10 @@ in environment.systemPackages = with pkgs; [ sops ]; sops = { - defaultSopsFile = ../../../../secrets/secrets.yaml; - defaultSopsFormat = "yaml"; + age.keyFile = "/home/.sops-key.age"; - age.keyFile = "/home/"; + defaultSopsFile = ../../../../systems/x86_64-linux/${config.networking.hostName}/secrets.yaml; + defaultSopsFormat = "yaml"; }; }; } \ No newline at end of file diff --git a/systems/x86_64-linux/manwe/README.md b/systems/x86_64-linux/manwe/README.md index 3bb6746..1da7ab1 100644 --- a/systems/x86_64-linux/manwe/README.md +++ b/systems/x86_64-linux/manwe/README.md @@ -1,8 +1,3 @@ # Description -<<<<<<< HEAD My steambox. -======= -My desktop, reasoning for the name being the following chain of thought: -**Manwe -> the king of the valar -> leader -> desktop is main machine** ->>>>>>> 72b0f6f8fad97a4ade1b54dfada26828a170febf diff --git a/systems/x86_64-linux/manwe/disks.nix b/systems/x86_64-linux/manwe/disks.nix index d68db6a..e3e449f 100644 --- a/systems/x86_64-linux/manwe/disks.nix +++ b/systems/x86_64-linux/manwe/disks.nix @@ -1,34 +1,59 @@ -{ config, lib, pkgs, modulesPath, ... }: +{ config, lib, pkgs, modulesPath, inputs, ... }: let inherit (lib.modules) mkDefault; in { - # TODO :: Implement disko at some point + imports = [ + inputs.disko.nixosModules.disko + ]; - swapDevices = []; + config = { + swapDevices = []; - boot.supportedFilesystems = [ "nfs" ]; - - fileSystems = { - "/" = { - device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; + boot.supportedFilesystems = [ "nfs" ]; + + disko.devices = { + disk = { + main = { + device = "/dev/nvme0"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "100M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; }; + + fileSystems = { + "/home/chris/media" = { + device = "ulmo:/"; + fsType = "nfs"; + }; - "/boot" = { - device = "/dev/disk/by-label/boot"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - "/home/chris/media" = { - device = "ulmo:/"; - fsType = "nfs"; - }; - - "/home/chris/mandos" = { - device = "mandos:/"; - fsType = "nfs"; + "/home/chris/mandos" = { + device = "mandos:/"; + fsType = "nfs"; + }; }; }; } diff --git a/systems/x86_64-linux/manwe/secrets.yaml b/systems/x86_64-linux/manwe/secrets.yaml new file mode 100644 index 0000000..6e2a986 --- /dev/null +++ b/systems/x86_64-linux/manwe/secrets.yaml @@ -0,0 +1,31 @@ +zitadel: + masterKey: ENC[AES256_GCM,data:iSeZOloWLrdP8S+ac7ubIcv9TF3Sm8Ni,iv:8v3/ratFQ5vq2rbZOUMKfPhVTA9uQY2eFQU4IR8s3VU=,tag:9y90aDQ2PfFT//X2i2YvvA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age10c5hmykkduvy75yvqfnchm5lcesr5puarhkwp4l7xdwpykdm397q6xdxuy + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4R0UyWmx5L3hCbGhQVXI0 + NmpkMThPVlgrRHZZMnFrNTAwbzVTY1F6NEVVCjJaRHdhbHV6R1RJM2JIQzc3dkNu + a01FYlM3b1dXbmxGN2tWU3FMdXMveG8KLS0tIG1SSjNXdXZNN2ZyQ2UyZ0pIZXJJ + NmpMS2oySFE1S1RER3J1RGl4MlRQK00Ks+PcxcHmygYz+a+d0ZrzrdUpTQ50NYkA + aDFbtRtukn9e7i3bGUyD4nisSvs4YjfoQxR/pC8hs4k3f5V2jwDh2w== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwaTN4clFoWDNwU2lpaHBn + M2pVeU5oM0JRNmp6NEJjQ3BHeWlzeSs3bTI0CnBocngvbzZQUXBsMG9Oc2J6dlBT + MjdtaFdmOHg5ZmZmSkViWGJFYThQYXcKLS0tIFRNd2JiVlFTREtDMTdzR2V0SlVo + Q0d5ZDVDM05LdFp4UnB4dFRPUm5vU0UKR/MAONEWaT6XXyPB1IrSIKqW5PZNIbuB + n7QX3DJIzlajtmq+82/wPFPTBkLvSSjV5FKL5ErMwTDndcIn+NlOhQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-08-11T13:11:00Z" + mac: ENC[AES256_GCM,data:P34YsR/Rvc3q4Os5n9hxonJLCXwifMRnKOCM59h5MRMT/aqjl+QlBX+oUADsqDSrhUscQb3N/UlpFeOT6qg+FmJbT/mYMH6v1xK16VD0M7VWydXpmjDu5If+O89lgDHsiEOGDgeR04jkiaY0yzT9U8l9CND5fMvF3I9o5Z1SZQk=,iv:NgUD8gB2bQa5vh0nb0Ngqp5dn0yqskHudWo8xoVjM4Q=,tag:5oTcnailDCHeMvMLz63e1w==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4