Adding mini-watcher

2026-03-27 01:17:42 -04:00 · 2024-01-26 23:57:27 -05:00 · 2024-01-26 23:57:27 -05:00 · 5fbfb7ed7e
commit 5fbfb7ed7e
parent 79648976a5
5 changed files with 78 additions and 0 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -4,6 +4,7 @@ keys:
  - &system_rainbow_planet age15xlw5vnnjdx2ypz6rq0mqcywuaj3yx8y6lrgf95satafqf7y4qus6rv6ck
  - &user_airpuppet age1awdf9h0avajf57cudx0rjfmxu2wlxw8wf3sa7yvfk8rp4j6taecsu74x77
  - &user_blue_rock age1rt72txg22w8y3cdvq9w7zff0cas6xtkplpj36kxnevfnrtn82f6ss7yw7d
+  - &user_mini_watcher age1rpy8edlpgxuf6w75cvlqexuq2xe4c49h9t2ge6jhc3fzczp8vfasnjelwq
 creation_rules:
  - path_regex: nixnuc/secrets.yaml$
    key_groups:
@ -21,10 +22,17 @@ creation_rules:
    key_groups:
      - age:
          - *user_blue_rock
+  - path_regex: mini-watcher/secrets.yaml$
+    key_groups:
+      - age:
+          - *user_mini_watcher
  - path_regex: modules/system/common/secrets.yaml$
    key_groups:
      - age:
          - *system_nixnuc
          - *system_rainbow_planet
+          - *user_airpuppet
          - *user_blue_rock
+          - *user_mini_watcher
+

--- a/flake.nix
+++ b/flake.nix
@ -111,6 +111,27 @@
      ];
    }; # end nixosSystem

+    linuxHomeConfig = system: hostname: username: home-manager.lib.homeManagerConfiguration {
+      pkgs = import nixpkgs {
+        inherit system;
+        config = {
+          allowUnfree = true;
+          permittedInsecurePackages = [ "electron-21.4.4" ];
+        };
+      };
+      extraSpecialArgs = { inherit genebean-omp-themes hostname username; };
+      modules = [
+        ./modules/home-manager/hosts/${hostname}/${username}.nix
+        {
+          home = {
+            username = "${username}";
+            homeDirectory = "/home/${username}";
+          };
+        }
+        sops-nix.homeManagerModules.sops
+      ];
+    }; # end homeManagerConfiguration
+
  in {
      darwinConfigurations = {
        AirPuppet = darwinHostConfig "x86_64-darwin" "AirPuppet" "gene";
@ -121,5 +142,9 @@
        nixnuc = nixosHostConfig "x86_64-linux" "nixnuc" "gene";
        rainbow-planet = nixosHostConfig "x86_64-linux" "rainbow-planet" "gene";
      };
+
+     homeConfigurations = {
+       gene = linuxHomeConfig "x86_64-linux" "mini-watcher" "gene";
+     };
  };
 }
--- a/modules/home-manager/common/hm-sops.nix
+++ b/modules/home-manager/common/hm-sops.nix
@ -0,0 +1,15 @@
+{ pkgs, hostname, username, ... }: {
+  home.packages = with pkgs; [
+    home-manager
+  ];
+
+  sops = {
+    age.keyFile = /home/${username}/.config/sops/age/keys.txt;
+    defaultSopsFile = ../hosts/${hostname}/secrets.yaml;
+    secrets = {
+      local_git_config.path = "/home/${username}/.gitconfig-local";
+      local_private_env.path = "/home/${username}/.private-env";
+    };
+  };
+}
+
--- a/modules/home-manager/hosts/mini-watcher/gene.nix
+++ b/modules/home-manager/hosts/mini-watcher/gene.nix
@ -0,0 +1,8 @@
+{ pkgs, genebean-omp-themes, ... }: {
+  home.stateVersion = "23.11";
+  imports = [
+    ../../common/all-cli.nix
+    ../../common/all-linux.nix
+    ../../common/hm-sops.nix
+  ];
+}
--- a/modules/home-manager/hosts/mini-watcher/secrets.yaml
+++ b/modules/home-manager/hosts/mini-watcher/secrets.yaml
@ -0,0 +1,22 @@
+local_git_config: ENC[AES256_GCM,data:ECcO9NiS6Xo1AevHx/4tIGmhVHTG+WHIJI/RgYLe4DbptPJQFxFMBEk=,iv:xPvAfNywX7Ww3iwZDwQGTa88ZoJZqnIjdNDv4R0iAf0=,tag:bQ7rNxPniyP7SNW8Nz+1rw==,type:str]
+local_private_env: ENC[AES256_GCM,data:Eg1IYFMJFysMavh1ssddpO3fzoyrKpA2dfSNSUUUsb/548IxqOktXIArR5bqbWVL//bUmnYI3N37jYRFiQSO,iv:50WBKSSy/Ea6l6kdggeoVCXhRG6lc4QxQBm1CoK2RTc=,tag:USADBcnceslCg3ueSikf+w==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1rpy8edlpgxuf6w75cvlqexuq2xe4c49h9t2ge6jhc3fzczp8vfasnjelwq
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBveXpUSFNmVXJFTy9ieWRv
+            a1Fpb2xic1lnYW5mZ2VaY1dyOXVUbkNGWnlNCkxKcUZVbm0rRUNydERUeC9ueloy
+            N3d0NGxyaTFCd1lMUmh2VklqbTZJalkKLS0tIC8xb1VnZU0xbmdObnZIUjRvU01k
+            bmtPb3hjTkxMaDJwSGQ0amF5ci85UXcK16fgU78H4SK8LKDyYCUgMdRE2ZTygzyE
+            spYcQ8w+PvQSxLUFJKW6DZdkSXLkNR0HkmVkuSmBKW0lVNWCfXbfvA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-01-28T00:59:32Z"
+    mac: ENC[AES256_GCM,data:Dcs3LkQtReunJGQl1aBy/fo022r0fwAdjDKRlgGsDtnWWEWZww6+n30yCkMjDrQCZm4NekDCYrEd0Dhq90nLON+vxykojxd/UTBEX86NIxUrGtO3faotP0/buVi59JgqQQqBDB14GpJttZGVr59LVlxieG1PhpmE9lFePpT8eR4=,iv:7KmeBD4Pk+guEW0nb9/W7olsF36bwfZtFkehO5u40po=,tag:PJmbdqiud4FHxbVcZv2png==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1