From 8ecb7ab408238fe06f1dc7adf14e0932b891b14c Mon Sep 17 00:00:00 2001 From: Gene Liverman Date: Mon, 30 Dec 2024 23:25:38 -0500 Subject: [PATCH 1/3] Switching BigBoy back to NixOS --- .sops.yaml | 5 ++ modules/hosts/nixos/bigboy/default.nix | 63 ++++--------------- .../nixos/bigboy/hardware-configuration.nix | 12 ++-- modules/hosts/nixos/bigboy/secrets.yaml | 22 +++---- 4 files changed, 35 insertions(+), 67 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 048e0db..c110ee4 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,5 +1,6 @@ --- keys: + - &system_bigboy age1hraf69phgqg9y48m2r2sn6tr2sw7tf2h5j62ysl8nrv3qs2ft9kst0ysxm - &system_hetznix01 age1rd55wsu0hhvxk25tm69d9h57z0z0u6556x4ypg09muj3vh4yqs5qaw23nu - &system_hetznix02 age180w4c04kga07097u0us6d72aslnv2523hx64x8fzgzu4tccrxuyqa50hpm - &system_nixnas1 age1g4h5a4f5xfle2a6np8te342pphs3mcuan60emz2zp87nrwjzl5yquhr5vl @@ -10,6 +11,10 @@ keys: - &user_mightymac age1zz34qx3n3dj63sva24kaymetv3apn58lafjq4dl6zw7xxachuyts00mhck - &user_mini_watcher age1rpy8edlpgxuf6w75cvlqexuq2xe4c49h9t2ge6jhc3fzczp8vfasnjelwq creation_rules: + - path_regex: bigboy/secrets.yaml$ + key_groups: + - age: + - *system_bigboy - path_regex: hetznix01/secrets.yaml$ key_groups: - age: diff --git a/modules/hosts/nixos/bigboy/default.nix b/modules/hosts/nixos/bigboy/default.nix index 96b3c2f..aed6c60 100644 --- a/modules/hosts/nixos/bigboy/default.nix +++ b/modules/hosts/nixos/bigboy/default.nix @@ -2,33 +2,20 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ config, pkgs, username, ... }: +{ inputs, config, pkgs, username, ... }: { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ../../../system/common/linux/flatpaks.nix - ]; + imports = [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ../../common/linux/flatpaks.nix + ../../common/linux/ripping.nix + ]; + + system.stateVersion = "24.11"; # Did you read the comment? # Bootloader. boot.loader = { - grub = { - device = "nodev"; - enable = true; - useOSProber = true; - efiSupport = true; - # set $FS_UUID to the UUID of the EFI partition - extraEntries = '' - menuentry "Kubuntu" { - insmod part_gpt - insmod fat - insmod chain - search --no-floppy --fs-uuid --set=root B208-923B - chainloader /EFI/ubuntu/grubx64.efi - } - ''; - }; + systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; @@ -96,7 +83,7 @@ # services.xserver.libinput.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.gene = { + users.users.${username} = { isNormalUser = true; description = "Gene Liverman"; extraGroups = [ "networkmanager" "wheel" "dialout" "input" ]; @@ -118,13 +105,14 @@ angryipscanner displaylink gitkraken - handbrake + kdePackages.ksshaskpass libreoffice meld networkmanager-openvpn slack tilix vivaldi + xorg.xf86videofbdev xfce.xfce4-terminal zoom-us ]; @@ -165,31 +153,4 @@ }; }; - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.05"; # Did you read the comment? - } diff --git a/modules/hosts/nixos/bigboy/hardware-configuration.nix b/modules/hosts/nixos/bigboy/hardware-configuration.nix index 8a6fb88..3d7d89a 100644 --- a/modules/hosts/nixos/bigboy/hardware-configuration.nix +++ b/modules/hosts/nixos/bigboy/hardware-configuration.nix @@ -1,7 +1,7 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, modulesPath, ... }: +{ config, lib, pkgs, modulesPath, ... }: { imports = @@ -14,17 +14,19 @@ boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/79d48f97-18ba-4b98-afe6-8feb6a314c48"; + { device = "/dev/disk/by-uuid/9c2d2979-dc8d-40e0-9ec2-c3cce33cd832"; fsType = "ext4"; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/B208-923B"; + { device = "/dev/disk/by-uuid/59CB-16DE"; fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; + options = [ "fmask=0077" "dmask=0077" ]; }; - swapDevices = [ ]; + swapDevices = + [ { device = "/dev/disk/by-uuid/878ff032-3de0-4efe-a12f-8eccd0ac3253"; } + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/modules/hosts/nixos/bigboy/secrets.yaml b/modules/hosts/nixos/bigboy/secrets.yaml index ce93d9c..377dd29 100644 --- a/modules/hosts/nixos/bigboy/secrets.yaml +++ b/modules/hosts/nixos/bigboy/secrets.yaml @@ -1,22 +1,22 @@ -local_git_config: ENC[AES256_GCM,data:iBJM9cj6wPqxvYOt0Gu25nrPQeTtndyDZqCiGCTTpvJ/7U+lP7Y+PcI=,iv:Y1NOT86IOcgSPEfmvoc5eVuad3GFPLjnoPY+dCBQNUs=,tag:HvUxBkwEIMy1GWYGBWkDww==,type:str] -local_private_env: ENC[AES256_GCM,data:W4Ecx1f5RKqy1hkzrflL0OdRofNr9dLy+SbuLdiL6tSvde9InwezcW1zt07s+jdv,iv:geapIEV4Um8L1vTqJFRxoRx8tePnL90YezA9J5oUuYA=,tag:PGVFjwbFdhPu4msyXkukMA==,type:str] +local_git_config: ENC[AES256_GCM,data:RuHN3enQQLyZu8qHAjlbp/JnDKurqiAiBdrXLPzTFadhmA5m2UyXJ54=,iv:NCWfej/EEB8ylGii+YvdKFagC1rF5ExHIi0M2iDahck=,tag:LVH/Sb7WW/O7Lyg7KSn9mg==,type:str] +local_private_env: ENC[AES256_GCM,data:anm21ivROLWg/D49SeJQ0+wpExtHvOQvTr70Kph4gr6WkAgdgz02ayXULq6bn0HT00YWhcNgkku/Qox5Bg==,iv:JlLqOETaVNBi7dYJN5JljH95UG5+KcvoK+rQGpxyH6E=,tag:BHSp90YJQAKcN5/bUwqG2A==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: - - recipient: age196gl3k9aphy2mh5kgn50wkzn38m35cus8dqhtva6qcfmmxx3acgs6vx2dg + - recipient: age1hraf69phgqg9y48m2r2sn6tr2sw7tf2h5j62ysl8nrv3qs2ft9kst0ysxm enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPQlZlUmdxVnBXa1lSNERW - L1lCcFBVaEpKdi91djlNL0piSnZLUnhpYURVCkJFYXA1UGYwMDRZQm5IM2ZwdFB6 - MnZxOGRMMlNseWlybmU4WXBoUHFnMFkKLS0tIFNLVUtQNFhHeWcvZFNCTUM2NnhO - L2p0MmhjQkZYQjkvUjJVaDBiRG5yYTQKH+vx+bCgmQ4QUxOc0DIQOR6qR9FEgiA6 - 1AjemW35CFzN1N5VHlNZgAplgou8zNxQ8w+AvKuRJ79kDZBESLpltQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtTExHTW1UdjlGb2pDQkcy + UzBoZU9HaW1ZaGZRZC9NcDFHODFlK1ZNL2pvClBUc24zVzdONkJMaStOVTRpcHVR + Tkovc3M5QjNSUWxWc0JFSzhkWEJOR00KLS0tIHdIS255N09yRkRDdU9mOHc5amtW + S2tTaXBUWGJNb3VUbzNWNVlPZEpKQUkKDEVag5HE08uzNdEwfoTPJQdFpxgCDeFV + v8CBBzXtLzy5xdhiNlTovjFstomrew5TvcjsAeCBimgCiaxXJ77Xzg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-20T20:13:00Z" - mac: ENC[AES256_GCM,data:DnIjvLCwQ7D3WW2NqF2YRCzCaq39lYtU1ACQ5+23ydFBsGKwhLxiohfJFXagcsZ966wq48PGQLEWU0VfDpK0wOlphwZasrS4ZfOrC+iEaykIpNIVus+xOCzd2AwSa8k1EM6r7gbs516iZciXLfNuBFrK1KHUZB1r4vkDZUJ3PdE=,iv:hP/7nInLumR/PELcLIxcccLwebcE6Bs4USoLxgFzYyM=,tag:nD5lbuRwEOYlC5L/GknHUA==,type:str] + lastmodified: "2024-12-31T04:37:09Z" + mac: ENC[AES256_GCM,data:0IWoYmBxxghbjMkDUpQugK2SjOndMvV/CTQG1pgddSB4TOrOtZybmNAxvE4GW0eu3p7w5nuk9tuLQmFXeNaDaGNi2ugX63gFy/tynVF4Hsnam9iLo2Ys4Y+umWZ3WLYkTp76ncuIkzSHQL4T4LaG0F8fr0o2dwMKrnO8sAxw8V4=,iv:IzV1NKUqv5gxEqc4H1j4a1+IXOyZMUiVk1pWTRwYmV0=,tag:BjiHr8YCXY8MAkGGkZgZ0w==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.2 From 8f402a4af1a1e67ccf8bb1f1a1d3c31787890557 Mon Sep 17 00:00:00 2001 From: Gene Liverman Date: Mon, 30 Dec 2024 23:40:43 -0500 Subject: [PATCH 2/3] Updated sops keys --- .sops.yaml | 8 +-- modules/hosts/common/secrets.yaml | 98 +++++++++++++++---------------- 2 files changed, 50 insertions(+), 56 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index c110ee4..1d82ef5 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -9,7 +9,6 @@ keys: - &user_airpuppet age1awdf9h0avajf57cudx0rjfmxu2wlxw8wf3sa7yvfk8rp4j6taecsu74x77 - &user_blue_rock age1rt72txg22w8y3cdvq9w7zff0cas6xtkplpj36kxnevfnrtn82f6ss7yw7d - &user_mightymac age1zz34qx3n3dj63sva24kaymetv3apn58lafjq4dl6zw7xxachuyts00mhck - - &user_mini_watcher age1rpy8edlpgxuf6w75cvlqexuq2xe4c49h9t2ge6jhc3fzczp8vfasnjelwq creation_rules: - path_regex: bigboy/secrets.yaml$ key_groups: @@ -47,13 +46,10 @@ creation_rules: key_groups: - age: - *user_mightymac - - path_regex: mini-watcher/secrets.yaml$ - key_groups: - - age: - - *user_mini_watcher - path_regex: modules/hosts/common/secrets.yaml$ key_groups: - age: + - *system_bigboy - *system_hetznix01 - *system_hetznix02 - *system_nixnas1 @@ -62,6 +58,4 @@ creation_rules: - *user_airpuppet - *user_blue_rock - *user_mightymac - - *user_mini_watcher - diff --git a/modules/hosts/common/secrets.yaml b/modules/hosts/common/secrets.yaml index 83c6bcf..1fa4ee5 100644 --- a/modules/hosts/common/secrets.yaml +++ b/modules/hosts/common/secrets.yaml @@ -9,86 +9,86 @@ sops: azure_kv: [] hc_vault: [] age: + - recipient: age1hraf69phgqg9y48m2r2sn6tr2sw7tf2h5j62ysl8nrv3qs2ft9kst0ysxm + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoNUNVVVk4NVZPTU93bE53 + OXRjY2U1R0JFU1hBQU9LU2RmazhVUG92R0RZClF3RXREaFNidjBlZDNRQW9jcWFY + dStPSHV4RS9PQnZ2RFo1NW8zQ2NYT0EKLS0tIHcyVFRRU09SeFQzOC82dHh5WXZl + OTRYOEwxWWkybE9GcndhOEt1VW1Cc0kK3aoH7yrC/Vc98RqzAicwkGKZKiTx5dMl + 6cPFziBIQv03N06vN60eLbBXUMgrT/21Cn/Np79PLzYJ/K/i9Tt4Qg== + -----END AGE ENCRYPTED FILE----- - recipient: age1rd55wsu0hhvxk25tm69d9h57z0z0u6556x4ypg09muj3vh4yqs5qaw23nu enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4bUFtRmZja1ZVK1Blbnk3 - Q0h6cVBNU0t0K1puY1ZIbUVjMmhpSTdVMjFFCms1WE9ZQ3U2b0Q5bysvQlQxT0ty - QjhMTFkyUFB3UlUyb0dla1lvM1laZlUKLS0tIGlBTyt2b0hhNkRsa2t6ajBxa1U5 - UGtrYk43S1FqZUlvT0tOcnlJVXg0TzQKnaloZ21vCJUFpg7kg7A/FkXGhEyKHfbv - GJ6bHLWzgH6Dr78lJoNjwvXdz2Ypld1Rk7ELxU55kxSuBKMIX5e0NQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKblc4TGk4d0hxdW9MREJQ + a2UyWmxSTUZOUUlURHY1eDB1LzRDQUxmRFJ3CkpRak9mVTd5bGxjZnJYQlhBSWpw + ditqemZ5QnNJbEJ0WWJneHM3NkN3SkkKLS0tIHlDT1VyNCtSejRjd1RSZGM4ZzMx + V2d5ZTRkRURRc0huT1k5Y0VNZGVMWWMKn9BnIg+vehG2Nxea2Jz3JMqrPwpNGXuP + 9GU3kbk/ldviqLjqRGmvZR8KiOnazX7AdV/x/c0dO/nfckeKVZ1sAA== -----END AGE ENCRYPTED FILE----- - recipient: age180w4c04kga07097u0us6d72aslnv2523hx64x8fzgzu4tccrxuyqa50hpm enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2VWlqS1VkeWh1WnFDeVd6 - dENWTHZmR2x3RXZTSlhUbmdabE9jU1FuV1EwCkh4ekZzS0ZnbVhVcEhoMUFUUzNG - cXhMMlZ3b0ZqWjFRTnJPc0VHNVIxMlkKLS0tIGlaOWhPdmJTV21jdWVhWHp6K21T - Wk84YWlWeGE3S09ZU0dEeXNYYVZ0dmMKcbtPczNboSE2q23B/1DBsE/wlpyOXcp6 - GFpwHvG19JyuTTBanXdimMTycrmaBZtQkyjhKT267Ap9hADVStlOZg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4N1NkU04xY1JZVG5WRThV + Um5pV3RzZG9UcmZHZk5FUDl4Ni9KbmJLTFFjCmJXcHVORll0eko1bmxDUFhHYVpz + Z1RpdUIzM1lUV3Z3VGU1emdTbmpEWDAKLS0tIC96TFZRMkdHQ255VjZGcVdKcmJD + UWExNWozT2h1TDZ0YmtuWldCeXhEV1EK/v+GJ7eKgpQE1dysCD0dt+ildshnkPqB + j1tqYcnHysXYoQSLUzCADK2Fo7tJ1BC7e4N7C0wZMXZ1B6FkO8GrrA== -----END AGE ENCRYPTED FILE----- - recipient: age1g4h5a4f5xfle2a6np8te342pphs3mcuan60emz2zp87nrwjzl5yquhr5vl enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQaUVlZnBkeDIvZlZHRHZa - OGVjM3NwUUtkTmd5ZlJlanpNWFMzekFwQzBFCnJQeThwbzNhUVNTRmVKNGxvRDBM - OTlYL1lnenpTUk41YnVCdnlHMzU5RTgKLS0tIHdmODhCUW95WW1DZTduOFkzdGVN - bHZIYitEdktkdG5yYUVXL3puV2xxNG8KRJGCGOfQIkh5HIlhU+KOWmyxOI4iEwE5 - hPpeafdtQIeYUPxRZ9LYapXxryjvm0smwgU1sAww7h6rk7pOuhKCGQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoQnZzNnYrb1hTYUtUWits + V3lETXpZODMyN3M4R3B4VHpwMytOamVFM2dZCnl3dmxUWWJYOFdnRFZZVXROWnNn + RjlkdHMyalBaRU5VczhKWEU2dEtFT3cKLS0tIHFOMDJRRVY4dVFjQTV5YWFzZDRr + K2orYzVra3V0OEtROU5ma25jaHJkTjQKdHeDC7b+6zTmClpVOOXTbAcK38ADx6TN + HkyIcASUaC/HqpTSTvXT3OYUE8edQdUAC7Z9wYLTgrxTVZRCTtTzLQ== -----END AGE ENCRYPTED FILE----- - recipient: age1g24zhwvgenpc4wqejt63thvgd4rn5x9n7nnwwme7dm83nfqpp93se2vmq4 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhc0YwWlA2Nko3dTgwcFF5 - UkVpdHBGanRzYnQ0ZFVFNzg0eHpYQkQzMVc0CjR1NnNwa0RkbGMycGRIK1lKVnVn - cXBURFl2WTNxSlV3ZUFnemhMYnNFVDgKLS0tIEVrQVNXZDFuODg3NytuZ3gwcWxY - TFpmZFJEWWFlQWdZUlNxaE1ETXdzTlkKMNVpzuDykFeSoZ5zDLsswdNfTjEjYLPl - p8rffgia2ixVMGhGEHBZKGo6ST3+aeYNhzB2qaLMP8Dj8Jqs1+P+Ng== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZTZRZmRCL0NRVFJTSjVT + WmUyRXExZU5pMzY1SEV0dThjc0hvSXVXdEhjClBLZENteEhvOEF6T0ZqaHA3TE5k + Sko0Y1lKSjdaWTF4amNvc1VJTXkzdDQKLS0tIFNHRnhYQjB2MXdxcmNDREZLdkov + dWxkN3dzanY2TVNPelZFMXpvMTFyUm8KTwij5ubszireukfKqKPEKB8kELS82ld+ + UqDDPu6x7uNT+D9UV5nk4l4zzox5pmxuBxziz4RcTVYCHmhjtVSh7A== -----END AGE ENCRYPTED FILE----- - recipient: age15xlw5vnnjdx2ypz6rq0mqcywuaj3yx8y6lrgf95satafqf7y4qus6rv6ck enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzd0JxcSt3WWg0aFloREZu - RldneXFYTjl1U014RXhZQXVxTzBBMkpwbmhrClJ5TmFUMXhCWGY5TVNzazVzczEz - U3FYOCtyZE9KNmR0dzZ3UUxkaEVQREkKLS0tIHlsaVd5WDUzWWVoWVYzZ3ZVSVcw - VDkvQWViUDdVY045dmRrMjRtMjhFWjAKCoBQXpY1wjNqQIYDB14sA3IEKqSZsJBH - POi1HhW1sxc8SKnJ/ZJX0dir9/KMRcUZO5u/7I+hqe/W5014kOD3+Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpT21zMzRCMXpVOStBbEJO + UlVBdVNRTmkzSjNpRzQrYlExRnVPU3FVM1FzCk11RFVsdVBRMWUxeUFyS1FqckhZ + cndkQktqRTEvNUFrQ3lEa1B3T0V6a2cKLS0tIEtWRXB1Z3hyZjczS0VMZ0I0cFRZ + N3RiR3ZTcFVvUFJlbTFiVS9OOElOd1EKy1tuLTMr+0EB0ZcgOMz8INbhFMUbyfme + NByTM4lrHsOvt1mO6ts+Ug3UWy0KSqE1RQI5XZIU0jsA36z+ISM6tg== -----END AGE ENCRYPTED FILE----- - recipient: age1awdf9h0avajf57cudx0rjfmxu2wlxw8wf3sa7yvfk8rp4j6taecsu74x77 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHZTlnS0p5V2oxQnVoRUJt - R3JrYXBSbEloMk9EZ1JEL1ZKT3Nobk9ycEdBCnMySkpYVzNsS1VIWFA3Ui9vQzR3 - RWppUElDLzRTc0lUbVpOR0NjSlVJUWcKLS0tIER1QVZzcmZ1WmlVNmtoaUMrR2Nx - VkVxa2Ztc3dVVjltSDd0TzVtN2l1SGsKU4Ipyi2EsnglhEF/pZEKprvI/Bb4eocL - oGsYMOyahIMkcFVai+7R74MC+y9GdCklnDVGuVZjaIc2pylzmP6Acg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByeWhOT0pZb1hyOVp6cG1n + b1c1RFJWNUFKSVYremo4TngxcHlEaUlWM1I4CkVzSjZKeGFiTHdTamQrYlg5UGxy + UVh1ZlVWeFFkQk9oeG5BUDAyTlNlQWcKLS0tIGRKSmhkRGVCWnJkRVFXMjBaQm9K + enhPTnBQVjFQSk80UzNvUm1iL0xjMEEKtsMPvSTm+j6FxZbtdxKEBmRsYwXgDQZH + FUXkJLpNFVJVNLRHb8WKfLQaf2xR+tJmNZ0KM8GueHE9ft4q7gxCRA== -----END AGE ENCRYPTED FILE----- - recipient: age1rt72txg22w8y3cdvq9w7zff0cas6xtkplpj36kxnevfnrtn82f6ss7yw7d enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHTkZVbWNkcktyUDNKZDJM - VW1DUElwTGVucXlTUEtVb0hUM2ltbm10M0hNCjNyVzBmTUpGWHV1UkZwdkhMM0pw - ZE5VMTBVRHlSNUNvdWUzM0NhTG00LzAKLS0tIDRYSFFWV2tPMW9MQndjV0ZzY0lr - WXFMb0xUYUZiY2NLUmh4S1U3b29SNUEKKghGvX5G9jfOlEFYsRVSE3lLKCaKpz+F - AoglIjgdaQTrqbAaLM8DG79d+VgzHrZdgeobenGtNSF2WRz/3VDNBg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6UWV3VXVla1M0anREbVNU + MUVRa3FaeHN2WHU2ZjR2cnNlUXRHVVQ1TkVRCmpjTk5nTmJIaU5nRDNheWc5ZDUx + L0wvSVVRQ3A3YS94U3ZpbWFieHJVUG8KLS0tIHpuUFNNOWhlTHRhVHJFdE9tMGJt + c3pmMmlGd0JQV3ptdzlmZDhDY2FGeU0KutCMMR1irGAlD/xYxUGyqj0uXBoChSJL + wsgEMyD62+zqHWDQPqfLFh7b9+/Ir/sQai0qPKiU9uDCuIP/K0TLVQ== -----END AGE ENCRYPTED FILE----- - recipient: age1zz34qx3n3dj63sva24kaymetv3apn58lafjq4dl6zw7xxachuyts00mhck enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6azlFM1JGZ0JDY3RZdkRS - dXdtZUE2QnJVK3dmc3VxbGtDTldlb0dmTVRvClA3Y0x0ZDY3WmtqTWp5b2VRRGdF - VmkyM2dLUXJyeDdNUVpIZlpvdVE3UEEKLS0tIGRuZzEzRkZtT0N4Vjd3TUgyQ29T - Y000cS9ZblJZTkpRMzhNYnZRNVpmODgK9MpExCq5d5PN8HCJPa7WxViLL9pbWv3m - qGfW2iz4N4UH/3mq5zx67jNwtwOKd7B9L4yX+oGgsYewQnLFhr5Xng== - -----END AGE ENCRYPTED FILE----- - - recipient: age1rpy8edlpgxuf6w75cvlqexuq2xe4c49h9t2ge6jhc3fzczp8vfasnjelwq - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4c0tmWGVBSlMwdkhLTC81 - bFBIbWZML2JiVDhrcldVdU1McHl0Ui9nUkhNCm9Ob3hEbGRhTzBreG5hTmFOS1lZ - UE16QzJ4Rjl4NVVMZ0ZzWUxRWm9CM1EKLS0tIHY2QUVNY1Q1Q0dpVDB6K3RsUlpQ - N2VYRDNrUk5wd3JQRVZabUhlRTF2UHMKCjCaXJ394MfsOKSWCuRVa8EA2pcLu1TU - VaXATezktIU+ZrXOrpwRc9u9uac9V3PmxykpzjEvyo2BQ7Ji0wOeEw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDR2tvaUZLV09udXNiaHE3 + SG1HeTE4MUVEeTZlRmx2eWF2RzZ3ZHI2VmxBCisvTWNOcTB6eXRlSEZQQWpCOXFy + Tm1aalJGbVB6SHBnT200OElhZGtmQmMKLS0tIDU5aER4WEFsZDdFQU9hMkhPS3NW + VW9xemJxL05FNzBiNXFLMlpwKzFjTE0KtEzpcVvZrzi40hl2zP9r6Ca4muPCVFbd + hAXOLUi05CkSHDzTt4lrR4BMK46P4rS3ZnpLOfsZO+2zMfGsIOetVw== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-09-11T17:22:16Z" mac: ENC[AES256_GCM,data:WbuN9UpP0OP69ta29VW2LlCFfyTWI3v8IiwUu3tLOxtY3gjdJLZTpaG2hBR985qjLYL3MT7eR7eWp4p99DAKupVBvA6tJl8/+N9+0W/dapcec+qv7u9wRHcFjP9wtggq66vUdGqH8IIHYuGlIhAvCbDouoXuLoFIcB2i2lYNB4Q=,iv:u+KsBgHxLgwSgFLYtY0F6HjCUbSCvNAatIIwrCGGyJg=,tag:bHO4vovTLPVK2vsQvliwzQ==,type:str] From f0c351cbbe27defa4fa0f907055bfc3ddf9bb75e Mon Sep 17 00:00:00 2001 From: Gene Liverman Date: Tue, 31 Dec 2024 15:57:27 -0500 Subject: [PATCH 3/3] Cleanup + a few apps --- modules/hosts/nixos/bigboy/default.nix | 133 ++++++------------ .../nixos/bigboy/hardware-configuration.nix | 2 +- 2 files changed, 45 insertions(+), 90 deletions(-) diff --git a/modules/hosts/nixos/bigboy/default.nix b/modules/hosts/nixos/bigboy/default.nix index aed6c60..9e0a5dc 100644 --- a/modules/hosts/nixos/bigboy/default.nix +++ b/modules/hosts/nixos/bigboy/default.nix @@ -1,10 +1,4 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ inputs, config, pkgs, username, ... }: - -{ +{ inputs, config, pkgs, username, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ../../common/linux/flatpaks.nix @@ -13,7 +7,6 @@ system.stateVersion = "24.11"; # Did you read the comment? - # Bootloader. boot.loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; @@ -21,102 +14,31 @@ environment.sessionVariables.NIXOS_OZONE_WL = "1"; - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Enable networking - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "America/New_York"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; - - # Enable the X11 windowing system. - # You can disable this if you're only using the Wayland session. - services.xserver.enable = true; - - # Enable the KDE Plasma Desktop Environment. - services.displayManager.sddm.enable = true; - services.displayManager.sddm.wayland.enable = true; - services.desktopManager.plasma6.enable = true; - - # Configure keymap in X11 - services.xserver = { - xkb.layout = "us"; - xkb.variant = ""; - }; - - # Enable sound with pipewire. - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.${username} = { - isNormalUser = true; - description = "Gene Liverman"; - extraGroups = [ "networkmanager" "wheel" "dialout" "input" ]; - packages = with pkgs; [ - kdePackages.kate - # thunderbird - ]; - }; - - # Install firefox. - programs.firefox.enable = true; - - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ + environment.systemPackages = with pkgs; [ angryipscanner displaylink + filezilla gitkraken kdePackages.ksshaskpass libreoffice meld + mumble networkmanager-openvpn + rclone + rclone-browser slack tilix vivaldi + vlc xorg.xf86videofbdev xfce.xfce4-terminal zoom-us ]; + hardware.pulseaudio.enable = false; + + networking.networkmanager.enable = true; + programs = { _1password.enable = true; _1password-gui = { @@ -126,6 +48,8 @@ polkitPolicyOwners = [ "${username}" ]; }; + firefox.enable = true; + ssh.askPassword = "ssh-askpass"; # common programs that really should be in another file @@ -133,9 +57,30 @@ xfconf.enable = true; }; + security.rtkit.enable = true; + services = { + displayManager.sddm = { + enable = true; + wayland.enable = true; + }; + desktopManager.plasma6.enable = true; + fstrim.enable = true; fwupd.enable = true; + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; printing.enable = true; # Enable CUPS + xserver = { + enable = true; + xkb = { + layout = "us"; + variant = ""; + }; + }; }; sops = { @@ -153,4 +98,14 @@ }; }; + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.${username} = { + isNormalUser = true; + description = "Gene Liverman"; + extraGroups = [ "networkmanager" "wheel" "dialout" "input" ]; + packages = with pkgs; [ + kdePackages.kate + # thunderbird + ]; + }; } diff --git a/modules/hosts/nixos/bigboy/hardware-configuration.nix b/modules/hosts/nixos/bigboy/hardware-configuration.nix index 3d7d89a..b124fad 100644 --- a/modules/hosts/nixos/bigboy/hardware-configuration.nix +++ b/modules/hosts/nixos/bigboy/hardware-configuration.nix @@ -10,7 +10,7 @@ boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; + boot.kernelModules = [ "kvm-intel" "sg" ]; boot.extraModulePackages = [ ]; fileSystems."/" =