diff --git a/.sops.yaml b/.sops.yaml index 048e0db..c110ee4 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,5 +1,6 @@ --- keys: + - &system_bigboy age1hraf69phgqg9y48m2r2sn6tr2sw7tf2h5j62ysl8nrv3qs2ft9kst0ysxm - &system_hetznix01 age1rd55wsu0hhvxk25tm69d9h57z0z0u6556x4ypg09muj3vh4yqs5qaw23nu - &system_hetznix02 age180w4c04kga07097u0us6d72aslnv2523hx64x8fzgzu4tccrxuyqa50hpm - &system_nixnas1 age1g4h5a4f5xfle2a6np8te342pphs3mcuan60emz2zp87nrwjzl5yquhr5vl @@ -10,6 +11,10 @@ keys: - &user_mightymac age1zz34qx3n3dj63sva24kaymetv3apn58lafjq4dl6zw7xxachuyts00mhck - &user_mini_watcher age1rpy8edlpgxuf6w75cvlqexuq2xe4c49h9t2ge6jhc3fzczp8vfasnjelwq creation_rules: + - path_regex: bigboy/secrets.yaml$ + key_groups: + - age: + - *system_bigboy - path_regex: hetznix01/secrets.yaml$ key_groups: - age: diff --git a/modules/hosts/nixos/bigboy/default.nix b/modules/hosts/nixos/bigboy/default.nix index 96b3c2f..aed6c60 100644 --- a/modules/hosts/nixos/bigboy/default.nix +++ b/modules/hosts/nixos/bigboy/default.nix @@ -2,33 +2,20 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ config, pkgs, username, ... }: +{ inputs, config, pkgs, username, ... }: { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ../../../system/common/linux/flatpaks.nix - ]; + imports = [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ../../common/linux/flatpaks.nix + ../../common/linux/ripping.nix + ]; + + system.stateVersion = "24.11"; # Did you read the comment? # Bootloader. boot.loader = { - grub = { - device = "nodev"; - enable = true; - useOSProber = true; - efiSupport = true; - # set $FS_UUID to the UUID of the EFI partition - extraEntries = '' - menuentry "Kubuntu" { - insmod part_gpt - insmod fat - insmod chain - search --no-floppy --fs-uuid --set=root B208-923B - chainloader /EFI/ubuntu/grubx64.efi - } - ''; - }; + systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; @@ -96,7 +83,7 @@ # services.xserver.libinput.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.gene = { + users.users.${username} = { isNormalUser = true; description = "Gene Liverman"; extraGroups = [ "networkmanager" "wheel" "dialout" "input" ]; @@ -118,13 +105,14 @@ angryipscanner displaylink gitkraken - handbrake + kdePackages.ksshaskpass libreoffice meld networkmanager-openvpn slack tilix vivaldi + xorg.xf86videofbdev xfce.xfce4-terminal zoom-us ]; @@ -165,31 +153,4 @@ }; }; - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.05"; # Did you read the comment? - } diff --git a/modules/hosts/nixos/bigboy/hardware-configuration.nix b/modules/hosts/nixos/bigboy/hardware-configuration.nix index 8a6fb88..3d7d89a 100644 --- a/modules/hosts/nixos/bigboy/hardware-configuration.nix +++ b/modules/hosts/nixos/bigboy/hardware-configuration.nix @@ -1,7 +1,7 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, modulesPath, ... }: +{ config, lib, pkgs, modulesPath, ... }: { imports = @@ -14,17 +14,19 @@ boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/79d48f97-18ba-4b98-afe6-8feb6a314c48"; + { device = "/dev/disk/by-uuid/9c2d2979-dc8d-40e0-9ec2-c3cce33cd832"; fsType = "ext4"; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/B208-923B"; + { device = "/dev/disk/by-uuid/59CB-16DE"; fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; + options = [ "fmask=0077" "dmask=0077" ]; }; - swapDevices = [ ]; + swapDevices = + [ { device = "/dev/disk/by-uuid/878ff032-3de0-4efe-a12f-8eccd0ac3253"; } + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/modules/hosts/nixos/bigboy/secrets.yaml b/modules/hosts/nixos/bigboy/secrets.yaml index ce93d9c..377dd29 100644 --- a/modules/hosts/nixos/bigboy/secrets.yaml +++ b/modules/hosts/nixos/bigboy/secrets.yaml @@ -1,22 +1,22 @@ -local_git_config: ENC[AES256_GCM,data:iBJM9cj6wPqxvYOt0Gu25nrPQeTtndyDZqCiGCTTpvJ/7U+lP7Y+PcI=,iv:Y1NOT86IOcgSPEfmvoc5eVuad3GFPLjnoPY+dCBQNUs=,tag:HvUxBkwEIMy1GWYGBWkDww==,type:str] -local_private_env: ENC[AES256_GCM,data:W4Ecx1f5RKqy1hkzrflL0OdRofNr9dLy+SbuLdiL6tSvde9InwezcW1zt07s+jdv,iv:geapIEV4Um8L1vTqJFRxoRx8tePnL90YezA9J5oUuYA=,tag:PGVFjwbFdhPu4msyXkukMA==,type:str] +local_git_config: ENC[AES256_GCM,data:RuHN3enQQLyZu8qHAjlbp/JnDKurqiAiBdrXLPzTFadhmA5m2UyXJ54=,iv:NCWfej/EEB8ylGii+YvdKFagC1rF5ExHIi0M2iDahck=,tag:LVH/Sb7WW/O7Lyg7KSn9mg==,type:str] +local_private_env: ENC[AES256_GCM,data:anm21ivROLWg/D49SeJQ0+wpExtHvOQvTr70Kph4gr6WkAgdgz02ayXULq6bn0HT00YWhcNgkku/Qox5Bg==,iv:JlLqOETaVNBi7dYJN5JljH95UG5+KcvoK+rQGpxyH6E=,tag:BHSp90YJQAKcN5/bUwqG2A==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: - - recipient: age196gl3k9aphy2mh5kgn50wkzn38m35cus8dqhtva6qcfmmxx3acgs6vx2dg + - recipient: age1hraf69phgqg9y48m2r2sn6tr2sw7tf2h5j62ysl8nrv3qs2ft9kst0ysxm enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPQlZlUmdxVnBXa1lSNERW - L1lCcFBVaEpKdi91djlNL0piSnZLUnhpYURVCkJFYXA1UGYwMDRZQm5IM2ZwdFB6 - MnZxOGRMMlNseWlybmU4WXBoUHFnMFkKLS0tIFNLVUtQNFhHeWcvZFNCTUM2NnhO - L2p0MmhjQkZYQjkvUjJVaDBiRG5yYTQKH+vx+bCgmQ4QUxOc0DIQOR6qR9FEgiA6 - 1AjemW35CFzN1N5VHlNZgAplgou8zNxQ8w+AvKuRJ79kDZBESLpltQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtTExHTW1UdjlGb2pDQkcy + UzBoZU9HaW1ZaGZRZC9NcDFHODFlK1ZNL2pvClBUc24zVzdONkJMaStOVTRpcHVR + Tkovc3M5QjNSUWxWc0JFSzhkWEJOR00KLS0tIHdIS255N09yRkRDdU9mOHc5amtW + S2tTaXBUWGJNb3VUbzNWNVlPZEpKQUkKDEVag5HE08uzNdEwfoTPJQdFpxgCDeFV + v8CBBzXtLzy5xdhiNlTovjFstomrew5TvcjsAeCBimgCiaxXJ77Xzg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-20T20:13:00Z" - mac: ENC[AES256_GCM,data:DnIjvLCwQ7D3WW2NqF2YRCzCaq39lYtU1ACQ5+23ydFBsGKwhLxiohfJFXagcsZ966wq48PGQLEWU0VfDpK0wOlphwZasrS4ZfOrC+iEaykIpNIVus+xOCzd2AwSa8k1EM6r7gbs516iZciXLfNuBFrK1KHUZB1r4vkDZUJ3PdE=,iv:hP/7nInLumR/PELcLIxcccLwebcE6Bs4USoLxgFzYyM=,tag:nD5lbuRwEOYlC5L/GknHUA==,type:str] + lastmodified: "2024-12-31T04:37:09Z" + mac: ENC[AES256_GCM,data:0IWoYmBxxghbjMkDUpQugK2SjOndMvV/CTQG1pgddSB4TOrOtZybmNAxvE4GW0eu3p7w5nuk9tuLQmFXeNaDaGNi2ugX63gFy/tynVF4Hsnam9iLo2Ys4Y+umWZ3WLYkTp76ncuIkzSHQL4T4LaG0F8fr0o2dwMKrnO8sAxw8V4=,iv:IzV1NKUqv5gxEqc4H1j4a1+IXOyZMUiVk1pWTRwYmV0=,tag:BjiHr8YCXY8MAkGGkZgZ0w==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.2