mirror of
https://github.com/ivabus/nixos
synced 2024-11-10 02:25:18 +03:00
uhhhhhhhhh
add secrets refactor things
This commit is contained in:
parent
9f5882ea76
commit
e5a3158d2e
|
@ -1,7 +1,6 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
|
||||
nix = {
|
||||
package = pkgs.nixUnstable;
|
||||
extraOptions = ''
|
||||
|
@ -15,7 +14,8 @@
|
|||
automatic = true;
|
||||
options = "--delete-older-than 7d";
|
||||
};
|
||||
|
||||
daemonCPUSchedPolicy = "idle";
|
||||
daemonIOSchedClass = "idle";
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
@ -27,19 +27,7 @@
|
|||
pciutils
|
||||
coreutils-full
|
||||
killall
|
||||
git-crypt
|
||||
];
|
||||
|
||||
networking.networkmanager.enable = true;
|
||||
networking.nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" ];
|
||||
|
||||
services.timesyncd.enable = true;
|
||||
networking.timeServers = [ "ntp1.vniiftri.ru" "0.ru.pool.ntp.org" "0.pool.ntp.org" ];
|
||||
|
||||
i18n.defaultLocale = "ru_RU.UTF-8";
|
||||
console = {
|
||||
font = "${pkgs.terminus_font}/share/consolefonts/ter-u16b.psf.gz";
|
||||
keyMap = "us";
|
||||
packages = with pkgs; [ terminus_font ];
|
||||
};
|
||||
|
||||
}
|
|
@ -5,8 +5,9 @@
|
|||
powertop
|
||||
lm_sensors
|
||||
];
|
||||
|
||||
boot.plymouth.enable = true;
|
||||
|
||||
services.tlp.enable = true;
|
||||
services.upower.enable = true;
|
||||
|
||||
networking.wireless.iwd.enable = true;
|
||||
}
|
12
common/locale.nix
Normal file
12
common/locale.nix
Normal file
|
@ -0,0 +1,12 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
time.timeZone = "Europe/Moscow";
|
||||
|
||||
i18n.defaultLocale = "ru_RU.UTF-8";
|
||||
console = {
|
||||
font = "${pkgs.terminus_font}/share/consolefonts/ter-u16b.psf.gz";
|
||||
keyMap = "us";
|
||||
packages = with pkgs; [ terminus_font ];
|
||||
};
|
||||
}
|
15
common/networking.nix
Normal file
15
common/networking.nix
Normal file
|
@ -0,0 +1,15 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
networking.wireless.iwd.enable = true;
|
||||
networking.wireless.iwd.settings = {
|
||||
General = {
|
||||
EnableNetworkConfiguration = true;
|
||||
};
|
||||
};
|
||||
|
||||
networking.nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" ];
|
||||
|
||||
services.timesyncd.enable = true;
|
||||
networking.timeServers = [ "ntp1.vniiftri.ru" "0.ru.pool.ntp.org" "0.pool.ntp.org" ];
|
||||
}
|
9
common/remote-access.nix
Normal file
9
common/remote-access.nix
Normal file
|
@ -0,0 +1,9 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings.PasswordAuthentication = false;
|
||||
};
|
||||
programs.mosh.enable = true;
|
||||
}
|
|
@ -1,9 +1,12 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
let
|
||||
secrets = import ../secrets.nix;
|
||||
in {
|
||||
users.users.ivabus = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" ];
|
||||
uid = 1000;
|
||||
packages = with pkgs; [
|
||||
tree
|
||||
cargo
|
||||
|
@ -12,6 +15,11 @@
|
|||
gitFull
|
||||
];
|
||||
shell = pkgs.zsh;
|
||||
openssh.authorizedKeys.keys = [
|
||||
# Air M2 macOS
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6HY6er37FUz2tPQnwq5SUQZ5KHmMpGQA5yNlxPOyoCV+uvdx/cU8KF7jlFoyBC9xf2FvNyB8H1MZ6t2eUs4m/pVMpoBbNSTZLSxlvv2n4HuxL2Sg3qPdioJOyxDfnXA4OIZ+Tc+z4zM3ZnPJm1ccGW7W+YPhZ7GhBpl5wlMw+m06dCt8wfdDA4fuf4brnLt1ZMs4aOtVM8u4ZEtMs3IVXVUgtRH5m0RXZ94s7RkrUHhl2UOkOclhkQOiQop9RuJMjpi+iYkDYCniuGCKcKPrmi1+qicKM8KyrYGqR7FkUvzr+H8XtJXu++Kvmjcn54jDYqM4sq/MNL2rf8QaIUGLwiq2ljH2dGamElvElWZoXQBGPp4L80IEbaMVISIcvcNj+8cKW3rPvEUK5iT8jCkIOUwm1oo70YawS5VXTPLDsZif12QduTcJhVJekEaP0ZSifO52zeJksj0adwiEMJPqm7bIk5Y+9dCbQH7PtkWY4Tw3bdGNsYnTXC80MeEfrIKE="
|
||||
];
|
||||
hashedPassword = secrets.hashed-password;
|
||||
};
|
||||
|
||||
programs.zsh = {
|
||||
|
@ -21,7 +29,47 @@
|
|||
programs.gnupg.agent.enable = true;
|
||||
programs.ssh.startAgent = true;
|
||||
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.users.ivabus = {
|
||||
gtk = {
|
||||
enable = true;
|
||||
theme = {
|
||||
name = "Catppuccin-Macchiato-Standard-Blue-dark";
|
||||
package = pkgs.catppuccin-gtk.override {
|
||||
accents = [ "blue" ];
|
||||
tweaks = [ "rimless" ];
|
||||
size = "standard";
|
||||
variant = "macchiato";
|
||||
};
|
||||
};
|
||||
iconTheme = {
|
||||
name = "Mint-Y-Blue";
|
||||
package = pkgs.cinnamon.mint-y-icons;
|
||||
};
|
||||
cursorTheme = {
|
||||
name = "Catppuccin-Macchiato-Dark-Cursors";
|
||||
package = pkgs.catppuccin-cursors.macchiatoDark;
|
||||
};
|
||||
font = {
|
||||
name = "Ubuntu";
|
||||
size = 9;
|
||||
package = pkgs.ubuntu_font_family;
|
||||
};
|
||||
};
|
||||
home.pointerCursor = {
|
||||
name = "Catppuccin-Macchiato-Dark-Cursors";
|
||||
package = pkgs.catppuccin-cursors.macchiatoDark;
|
||||
x11.defaultCursor = "Catppuccin-Macchiato-Dark-Cursors";
|
||||
};
|
||||
programs.git = {
|
||||
enable = true;
|
||||
userName = "Ivan Bushchik";
|
||||
userEmail = "ivabus@ivabus.dev";
|
||||
signing.key = "DF1D910360471F0CCF076E449F6DDABE11A2674D";
|
||||
signing.signByDefault = true;
|
||||
package = pkgs.gitAndTools.gitFull;
|
||||
};
|
||||
home.stateVersion = "23.05";
|
||||
};
|
||||
}
|
12
flake.nix
12
flake.nix
|
@ -11,16 +11,22 @@
|
|||
};
|
||||
|
||||
|
||||
outputs = { self, nixpkgs, ... }@inputs: {
|
||||
outputs = { self, nixpkgs, home-manager, ... }@inputs: {
|
||||
# Stella = Unchartevice 6540 (Ryzen 3 3250U, 16GB RAM)
|
||||
nixosConfigurations."stella" = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
home-manager.nixosModules.home-manager
|
||||
./common/base.nix
|
||||
./common/user.nix
|
||||
./roles/laptop.nix
|
||||
./common/laptop.nix
|
||||
./common/networking.nix
|
||||
./common/locale.nix
|
||||
./common/remote-access.nix
|
||||
./roles/graphical.nix
|
||||
./roles/gaming.nix
|
||||
#./roles/gaming.nix
|
||||
./roles/devel.nix
|
||||
./roles/yggdrasil-client.nix
|
||||
./machines/stella/configuration.nix
|
||||
./machines/stella/hardware.nix
|
||||
];
|
||||
|
|
|
@ -6,16 +6,10 @@
|
|||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
networking.hostName = "stella";
|
||||
time.timeZone = "Europe/Moscow";
|
||||
|
||||
services.xserver.videoDrivers=["amdgpu"];
|
||||
boot.initrd.kernelModules=["amdgpu"];
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings.PasswordAuthentication = false;
|
||||
};
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
}
|
||||
|
||||
|
|
|
@ -39,5 +39,5 @@
|
|||
STOP_CHARGE_THRESH_BAT0 = 80;
|
||||
};
|
||||
powerManagement.enable = true;
|
||||
powerManagement.cpuFreqGovernor = "powersave";
|
||||
powerManagement.cpuFreqGovernor = "performance";
|
||||
}
|
||||
|
|
15
roles/devel.nix
Normal file
15
roles/devel.nix
Normal file
|
@ -0,0 +1,15 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
environment.systemPackages = with pkgs; [
|
||||
jetbrains.clion
|
||||
rustc
|
||||
cargo
|
||||
rustup
|
||||
vscode
|
||||
clang
|
||||
llvm
|
||||
lld
|
||||
];
|
||||
}
|
|
@ -1,3 +1,4 @@
|
|||
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
|
|
|
@ -9,11 +9,12 @@
|
|||
mpv
|
||||
glib
|
||||
ffmpeg
|
||||
cinnamon.mint-y-icons
|
||||
cinnamon.nemo
|
||||
usbmuxd
|
||||
telegram-desktop
|
||||
keepassxc
|
||||
];
|
||||
services.fwupd.enable = true;
|
||||
|
||||
services.greetd = {
|
||||
enable = true;
|
||||
vt = 7;
|
||||
|
@ -37,7 +38,6 @@
|
|||
swaylock
|
||||
poweralertd
|
||||
kanshi
|
||||
catppuccin-cursors
|
||||
libsForQt5.qt5ct
|
||||
mako
|
||||
pulseaudio
|
||||
|
@ -55,15 +55,29 @@
|
|||
enable = true;
|
||||
alsa.enable = true;
|
||||
pulse.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
jack.enable = true;
|
||||
};
|
||||
|
||||
qt = {
|
||||
enable = true;
|
||||
platformTheme = "gtk2";
|
||||
style = "gtk2";
|
||||
};
|
||||
|
||||
services.dbus.enable = true;
|
||||
|
||||
fonts.fonts = with pkgs; [
|
||||
fonts.packages = with pkgs; [
|
||||
noto-fonts
|
||||
noto-fonts-cjk
|
||||
noto-fonts-emoji
|
||||
jetbrains-mono
|
||||
font-awesome
|
||||
#google-fonts
|
||||
liberation_ttf
|
||||
open-sans
|
||||
roboto
|
||||
roboto-mono
|
||||
kochi-substitute
|
||||
];
|
||||
}
|
13
roles/yggdrasil-client.nix
Normal file
13
roles/yggdrasil-client.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
services.yggdrasil = {
|
||||
enable = true;
|
||||
persistentKeys = true;
|
||||
settings = {
|
||||
Peers = [
|
||||
"tls://ygg.iva.bz:50002"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
9
secrets.nix
Normal file
9
secrets.nix
Normal file
|
@ -0,0 +1,9 @@
|
|||
|
||||
let
|
||||
canaryHash = builtins.hashFile "sha256" ./secrets/canary;
|
||||
expectedHash = "bc6f38a927602241c5e0996b61ebd3a90d5356ca76dc968ec14df3cd45c6612c";
|
||||
in
|
||||
if canaryHash != expectedHash then abort "Secrets are not readable. Have you run `git-crypt unlock`?"
|
||||
else {
|
||||
hashed-password = builtins.readFile ./secrets/hashed-password;
|
||||
}
|
2
secrets/.gitattributes
vendored
Normal file
2
secrets/.gitattributes
vendored
Normal file
|
@ -0,0 +1,2 @@
|
|||
* filter=git-crypt diff=git-crypt
|
||||
.gitattributes !filter !diff
|
BIN
secrets/canary
Normal file
BIN
secrets/canary
Normal file
Binary file not shown.
BIN
secrets/hashed-password
Normal file
BIN
secrets/hashed-password
Normal file
Binary file not shown.
Loading…
Reference in a new issue