mirror of
https://github.com/ivabus/nixos
synced 2024-11-22 08:25:07 +03:00
uhhhhhhhhh
add secrets refactor things
This commit is contained in:
parent
9f5882ea76
commit
e5a3158d2e
17 changed files with 161 additions and 34 deletions
|
@ -1,7 +1,6 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
package = pkgs.nixUnstable;
|
package = pkgs.nixUnstable;
|
||||||
extraOptions = ''
|
extraOptions = ''
|
||||||
|
@ -15,7 +14,8 @@
|
||||||
automatic = true;
|
automatic = true;
|
||||||
options = "--delete-older-than 7d";
|
options = "--delete-older-than 7d";
|
||||||
};
|
};
|
||||||
|
daemonCPUSchedPolicy = "idle";
|
||||||
|
daemonIOSchedClass = "idle";
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
@ -27,19 +27,7 @@
|
||||||
pciutils
|
pciutils
|
||||||
coreutils-full
|
coreutils-full
|
||||||
killall
|
killall
|
||||||
|
git-crypt
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.networkmanager.enable = true;
|
|
||||||
networking.nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" ];
|
|
||||||
|
|
||||||
services.timesyncd.enable = true;
|
|
||||||
networking.timeServers = [ "ntp1.vniiftri.ru" "0.ru.pool.ntp.org" "0.pool.ntp.org" ];
|
|
||||||
|
|
||||||
i18n.defaultLocale = "ru_RU.UTF-8";
|
|
||||||
console = {
|
|
||||||
font = "${pkgs.terminus_font}/share/consolefonts/ter-u16b.psf.gz";
|
|
||||||
keyMap = "us";
|
|
||||||
packages = with pkgs; [ terminus_font ];
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
}
|
|
@ -5,8 +5,9 @@
|
||||||
powertop
|
powertop
|
||||||
lm_sensors
|
lm_sensors
|
||||||
];
|
];
|
||||||
|
|
||||||
|
boot.plymouth.enable = true;
|
||||||
|
|
||||||
services.tlp.enable = true;
|
services.tlp.enable = true;
|
||||||
services.upower.enable = true;
|
services.upower.enable = true;
|
||||||
|
|
||||||
networking.wireless.iwd.enable = true;
|
|
||||||
}
|
}
|
12
common/locale.nix
Normal file
12
common/locale.nix
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
time.timeZone = "Europe/Moscow";
|
||||||
|
|
||||||
|
i18n.defaultLocale = "ru_RU.UTF-8";
|
||||||
|
console = {
|
||||||
|
font = "${pkgs.terminus_font}/share/consolefonts/ter-u16b.psf.gz";
|
||||||
|
keyMap = "us";
|
||||||
|
packages = with pkgs; [ terminus_font ];
|
||||||
|
};
|
||||||
|
}
|
15
common/networking.nix
Normal file
15
common/networking.nix
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
networking.wireless.iwd.enable = true;
|
||||||
|
networking.wireless.iwd.settings = {
|
||||||
|
General = {
|
||||||
|
EnableNetworkConfiguration = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" ];
|
||||||
|
|
||||||
|
services.timesyncd.enable = true;
|
||||||
|
networking.timeServers = [ "ntp1.vniiftri.ru" "0.ru.pool.ntp.org" "0.pool.ntp.org" ];
|
||||||
|
}
|
9
common/remote-access.nix
Normal file
9
common/remote-access.nix
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
settings.PasswordAuthentication = false;
|
||||||
|
};
|
||||||
|
programs.mosh.enable = true;
|
||||||
|
}
|
|
@ -1,9 +1,12 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
let
|
||||||
|
secrets = import ../secrets.nix;
|
||||||
|
in {
|
||||||
users.users.ivabus = {
|
users.users.ivabus = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = [ "wheel" ];
|
extraGroups = [ "wheel" ];
|
||||||
|
uid = 1000;
|
||||||
packages = with pkgs; [
|
packages = with pkgs; [
|
||||||
tree
|
tree
|
||||||
cargo
|
cargo
|
||||||
|
@ -12,6 +15,11 @@
|
||||||
gitFull
|
gitFull
|
||||||
];
|
];
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
# Air M2 macOS
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6HY6er37FUz2tPQnwq5SUQZ5KHmMpGQA5yNlxPOyoCV+uvdx/cU8KF7jlFoyBC9xf2FvNyB8H1MZ6t2eUs4m/pVMpoBbNSTZLSxlvv2n4HuxL2Sg3qPdioJOyxDfnXA4OIZ+Tc+z4zM3ZnPJm1ccGW7W+YPhZ7GhBpl5wlMw+m06dCt8wfdDA4fuf4brnLt1ZMs4aOtVM8u4ZEtMs3IVXVUgtRH5m0RXZ94s7RkrUHhl2UOkOclhkQOiQop9RuJMjpi+iYkDYCniuGCKcKPrmi1+qicKM8KyrYGqR7FkUvzr+H8XtJXu++Kvmjcn54jDYqM4sq/MNL2rf8QaIUGLwiq2ljH2dGamElvElWZoXQBGPp4L80IEbaMVISIcvcNj+8cKW3rPvEUK5iT8jCkIOUwm1oo70YawS5VXTPLDsZif12QduTcJhVJekEaP0ZSifO52zeJksj0adwiEMJPqm7bIk5Y+9dCbQH7PtkWY4Tw3bdGNsYnTXC80MeEfrIKE="
|
||||||
|
];
|
||||||
|
hashedPassword = secrets.hashed-password;
|
||||||
};
|
};
|
||||||
|
|
||||||
programs.zsh = {
|
programs.zsh = {
|
||||||
|
@ -21,7 +29,47 @@
|
||||||
programs.gnupg.agent.enable = true;
|
programs.gnupg.agent.enable = true;
|
||||||
programs.ssh.startAgent = true;
|
programs.ssh.startAgent = true;
|
||||||
|
|
||||||
|
home-manager.useGlobalPkgs = true;
|
||||||
|
home-manager.useUserPackages = true;
|
||||||
|
home-manager.users.ivabus = {
|
||||||
|
gtk = {
|
||||||
|
enable = true;
|
||||||
|
theme = {
|
||||||
|
name = "Catppuccin-Macchiato-Standard-Blue-dark";
|
||||||
|
package = pkgs.catppuccin-gtk.override {
|
||||||
|
accents = [ "blue" ];
|
||||||
|
tweaks = [ "rimless" ];
|
||||||
|
size = "standard";
|
||||||
|
variant = "macchiato";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
iconTheme = {
|
||||||
|
name = "Mint-Y-Blue";
|
||||||
|
package = pkgs.cinnamon.mint-y-icons;
|
||||||
|
};
|
||||||
|
cursorTheme = {
|
||||||
|
name = "Catppuccin-Macchiato-Dark-Cursors";
|
||||||
|
package = pkgs.catppuccin-cursors.macchiatoDark;
|
||||||
|
};
|
||||||
|
font = {
|
||||||
|
name = "Ubuntu";
|
||||||
|
size = 9;
|
||||||
|
package = pkgs.ubuntu_font_family;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
home.pointerCursor = {
|
||||||
|
name = "Catppuccin-Macchiato-Dark-Cursors";
|
||||||
|
package = pkgs.catppuccin-cursors.macchiatoDark;
|
||||||
|
x11.defaultCursor = "Catppuccin-Macchiato-Dark-Cursors";
|
||||||
|
};
|
||||||
programs.git = {
|
programs.git = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
userName = "Ivan Bushchik";
|
||||||
|
userEmail = "ivabus@ivabus.dev";
|
||||||
|
signing.key = "DF1D910360471F0CCF076E449F6DDABE11A2674D";
|
||||||
|
signing.signByDefault = true;
|
||||||
|
package = pkgs.gitAndTools.gitFull;
|
||||||
|
};
|
||||||
|
home.stateVersion = "23.05";
|
||||||
};
|
};
|
||||||
}
|
}
|
12
flake.nix
12
flake.nix
|
@ -11,16 +11,22 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
outputs = { self, nixpkgs, ... }@inputs: {
|
outputs = { self, nixpkgs, home-manager, ... }@inputs: {
|
||||||
# Stella = Unchartevice 6540 (Ryzen 3 3250U, 16GB RAM)
|
# Stella = Unchartevice 6540 (Ryzen 3 3250U, 16GB RAM)
|
||||||
nixosConfigurations."stella" = nixpkgs.lib.nixosSystem {
|
nixosConfigurations."stella" = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
modules = [
|
modules = [
|
||||||
|
home-manager.nixosModules.home-manager
|
||||||
./common/base.nix
|
./common/base.nix
|
||||||
./common/user.nix
|
./common/user.nix
|
||||||
./roles/laptop.nix
|
./common/laptop.nix
|
||||||
|
./common/networking.nix
|
||||||
|
./common/locale.nix
|
||||||
|
./common/remote-access.nix
|
||||||
./roles/graphical.nix
|
./roles/graphical.nix
|
||||||
./roles/gaming.nix
|
#./roles/gaming.nix
|
||||||
|
./roles/devel.nix
|
||||||
|
./roles/yggdrasil-client.nix
|
||||||
./machines/stella/configuration.nix
|
./machines/stella/configuration.nix
|
||||||
./machines/stella/hardware.nix
|
./machines/stella/hardware.nix
|
||||||
];
|
];
|
||||||
|
|
|
@ -6,16 +6,10 @@
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
networking.hostName = "stella";
|
networking.hostName = "stella";
|
||||||
time.timeZone = "Europe/Moscow";
|
|
||||||
|
|
||||||
services.xserver.videoDrivers=["amdgpu"];
|
services.xserver.videoDrivers=["amdgpu"];
|
||||||
boot.initrd.kernelModules=["amdgpu"];
|
boot.initrd.kernelModules=["amdgpu"];
|
||||||
|
|
||||||
services.openssh = {
|
|
||||||
enable = true;
|
|
||||||
settings.PasswordAuthentication = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "23.05";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -39,5 +39,5 @@
|
||||||
STOP_CHARGE_THRESH_BAT0 = 80;
|
STOP_CHARGE_THRESH_BAT0 = 80;
|
||||||
};
|
};
|
||||||
powerManagement.enable = true;
|
powerManagement.enable = true;
|
||||||
powerManagement.cpuFreqGovernor = "powersave";
|
powerManagement.cpuFreqGovernor = "performance";
|
||||||
}
|
}
|
||||||
|
|
15
roles/devel.nix
Normal file
15
roles/devel.nix
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
jetbrains.clion
|
||||||
|
rustc
|
||||||
|
cargo
|
||||||
|
rustup
|
||||||
|
vscode
|
||||||
|
clang
|
||||||
|
llvm
|
||||||
|
lld
|
||||||
|
];
|
||||||
|
}
|
|
@ -1,3 +1,4 @@
|
||||||
|
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
|
|
@ -9,11 +9,12 @@
|
||||||
mpv
|
mpv
|
||||||
glib
|
glib
|
||||||
ffmpeg
|
ffmpeg
|
||||||
cinnamon.mint-y-icons
|
cinnamon.nemo
|
||||||
usbmuxd
|
usbmuxd
|
||||||
telegram-desktop
|
telegram-desktop
|
||||||
|
keepassxc
|
||||||
];
|
];
|
||||||
services.fwupd.enable = true;
|
|
||||||
services.greetd = {
|
services.greetd = {
|
||||||
enable = true;
|
enable = true;
|
||||||
vt = 7;
|
vt = 7;
|
||||||
|
@ -37,7 +38,6 @@
|
||||||
swaylock
|
swaylock
|
||||||
poweralertd
|
poweralertd
|
||||||
kanshi
|
kanshi
|
||||||
catppuccin-cursors
|
|
||||||
libsForQt5.qt5ct
|
libsForQt5.qt5ct
|
||||||
mako
|
mako
|
||||||
pulseaudio
|
pulseaudio
|
||||||
|
@ -55,15 +55,29 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
alsa.enable = true;
|
alsa.enable = true;
|
||||||
pulse.enable = true;
|
pulse.enable = true;
|
||||||
|
alsa.support32Bit = true;
|
||||||
|
jack.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
qt = {
|
||||||
|
enable = true;
|
||||||
|
platformTheme = "gtk2";
|
||||||
|
style = "gtk2";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.dbus.enable = true;
|
services.dbus.enable = true;
|
||||||
|
|
||||||
fonts.fonts = with pkgs; [
|
fonts.packages = with pkgs; [
|
||||||
noto-fonts
|
noto-fonts
|
||||||
noto-fonts-cjk
|
noto-fonts-cjk
|
||||||
noto-fonts-emoji
|
noto-fonts-emoji
|
||||||
jetbrains-mono
|
jetbrains-mono
|
||||||
font-awesome
|
font-awesome
|
||||||
|
#google-fonts
|
||||||
|
liberation_ttf
|
||||||
|
open-sans
|
||||||
|
roboto
|
||||||
|
roboto-mono
|
||||||
|
kochi-substitute
|
||||||
];
|
];
|
||||||
}
|
}
|
13
roles/yggdrasil-client.nix
Normal file
13
roles/yggdrasil-client.nix
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.yggdrasil = {
|
||||||
|
enable = true;
|
||||||
|
persistentKeys = true;
|
||||||
|
settings = {
|
||||||
|
Peers = [
|
||||||
|
"tls://ygg.iva.bz:50002"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
9
secrets.nix
Normal file
9
secrets.nix
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
|
||||||
|
let
|
||||||
|
canaryHash = builtins.hashFile "sha256" ./secrets/canary;
|
||||||
|
expectedHash = "bc6f38a927602241c5e0996b61ebd3a90d5356ca76dc968ec14df3cd45c6612c";
|
||||||
|
in
|
||||||
|
if canaryHash != expectedHash then abort "Secrets are not readable. Have you run `git-crypt unlock`?"
|
||||||
|
else {
|
||||||
|
hashed-password = builtins.readFile ./secrets/hashed-password;
|
||||||
|
}
|
2
secrets/.gitattributes
vendored
Normal file
2
secrets/.gitattributes
vendored
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
* filter=git-crypt diff=git-crypt
|
||||||
|
.gitattributes !filter !diff
|
BIN
secrets/canary
Normal file
BIN
secrets/canary
Normal file
Binary file not shown.
BIN
secrets/hashed-password
Normal file
BIN
secrets/hashed-password
Normal file
Binary file not shown.
Loading…
Reference in a new issue