Switching BigBoy back to NixOS

.sops.yaml

@@ -1,5 +1,6 @@
 ---
 keys:
+  - &system_bigboy age1hraf69phgqg9y48m2r2sn6tr2sw7tf2h5j62ysl8nrv3qs2ft9kst0ysxm
   - &system_hetznix01 age1rd55wsu0hhvxk25tm69d9h57z0z0u6556x4ypg09muj3vh4yqs5qaw23nu
   - &system_hetznix02 age180w4c04kga07097u0us6d72aslnv2523hx64x8fzgzu4tccrxuyqa50hpm
   - &system_nixnas1 age1g4h5a4f5xfle2a6np8te342pphs3mcuan60emz2zp87nrwjzl5yquhr5vl
@@ -10,6 +11,10 @@ keys:
   - &user_mightymac age1zz34qx3n3dj63sva24kaymetv3apn58lafjq4dl6zw7xxachuyts00mhck
   - &user_mini_watcher age1rpy8edlpgxuf6w75cvlqexuq2xe4c49h9t2ge6jhc3fzczp8vfasnjelwq
 creation_rules:
+  - path_regex: bigboy/secrets.yaml$
+    key_groups:
+      - age:
+          - *system_bigboy
   - path_regex: hetznix01/secrets.yaml$
     key_groups:
       - age:

modules/hosts/nixos/bigboy/default.nix

@@ -2,33 +2,20 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 
-{ config, pkgs, username, ... }:
+{ inputs, config, pkgs, username, ... }:
 
 {
-  imports =
+  imports = [ # Include the results of the hardware scan.
-    [ # Include the results of the hardware scan.
+    ./hardware-configuration.nix
-      ./hardware-configuration.nix
+    ../../common/linux/flatpaks.nix
-      ../../../system/common/linux/flatpaks.nix
+    ../../common/linux/ripping.nix
-    ];
+  ];
+
+  system.stateVersion = "24.11"; # Did you read the comment?
 
   # Bootloader.
   boot.loader = {
-    grub = {
+    systemd-boot.enable = true;
-      device = "nodev";
-      enable = true;
-      useOSProber = true;
-      efiSupport = true;
-      # set $FS_UUID to the UUID of the EFI partition
-      extraEntries = ''
-        menuentry "Kubuntu" {
-          insmod part_gpt
-          insmod fat
-          insmod chain
-          search --no-floppy --fs-uuid --set=root B208-923B
-          chainloader /EFI/ubuntu/grubx64.efi
-        }
-      '';
-    };
     efi.canTouchEfiVariables = true;
   };
 
@@ -96,7 +83,7 @@
   # services.xserver.libinput.enable = true;
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.gene = {
+  users.users.${username} = {
     isNormalUser = true;
     description = "Gene Liverman";
     extraGroups = [ "networkmanager" "wheel" "dialout" "input" ];
@@ -118,13 +105,14 @@
     angryipscanner
     displaylink
     gitkraken
-    handbrake
+    kdePackages.ksshaskpass
     libreoffice
     meld
     networkmanager-openvpn
     slack
     tilix
     vivaldi
+    xorg.xf86videofbdev
     xfce.xfce4-terminal
     zoom-us
   ];
@@ -165,31 +153,4 @@
     };
   };
 
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
-
-  # List services that you want to enable:
-
-  # Enable the OpenSSH daemon.
-  # services.openssh.enable = true;
-
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "24.05"; # Did you read the comment?
-
 }

modules/hosts/nixos/bigboy/hardware-configuration.nix

@@ -1,7 +1,7 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, modulesPath, ... }:
+{ config, lib, pkgs, modulesPath, ... }:
 
 {
   imports =
@@ -14,17 +14,19 @@
   boot.extraModulePackages = [ ];
 
   fileSystems."/" =
-    { device = "/dev/disk/by-uuid/79d48f97-18ba-4b98-afe6-8feb6a314c48";
+    { device = "/dev/disk/by-uuid/9c2d2979-dc8d-40e0-9ec2-c3cce33cd832";
       fsType = "ext4";
     };
 
   fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/B208-923B";
+    { device = "/dev/disk/by-uuid/59CB-16DE";
       fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
+      options = [ "fmask=0077" "dmask=0077" ];
     };
 
-  swapDevices = [ ];
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/878ff032-3de0-4efe-a12f-8eccd0ac3253"; }
+    ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's

modules/hosts/nixos/bigboy/secrets.yaml

@@ -1,22 +1,22 @@
-local_git_config: ENC[AES256_GCM,data:iBJM9cj6wPqxvYOt0Gu25nrPQeTtndyDZqCiGCTTpvJ/7U+lP7Y+PcI=,iv:Y1NOT86IOcgSPEfmvoc5eVuad3GFPLjnoPY+dCBQNUs=,tag:HvUxBkwEIMy1GWYGBWkDww==,type:str]
+local_git_config: ENC[AES256_GCM,data:RuHN3enQQLyZu8qHAjlbp/JnDKurqiAiBdrXLPzTFadhmA5m2UyXJ54=,iv:NCWfej/EEB8ylGii+YvdKFagC1rF5ExHIi0M2iDahck=,tag:LVH/Sb7WW/O7Lyg7KSn9mg==,type:str]
-local_private_env: ENC[AES256_GCM,data:W4Ecx1f5RKqy1hkzrflL0OdRofNr9dLy+SbuLdiL6tSvde9InwezcW1zt07s+jdv,iv:geapIEV4Um8L1vTqJFRxoRx8tePnL90YezA9J5oUuYA=,tag:PGVFjwbFdhPu4msyXkukMA==,type:str]
+local_private_env: ENC[AES256_GCM,data:anm21ivROLWg/D49SeJQ0+wpExtHvOQvTr70Kph4gr6WkAgdgz02ayXULq6bn0HT00YWhcNgkku/Qox5Bg==,iv:JlLqOETaVNBi7dYJN5JljH95UG5+KcvoK+rQGpxyH6E=,tag:BHSp90YJQAKcN5/bUwqG2A==,type:str]
 sops:
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
     age:
-        - recipient: age196gl3k9aphy2mh5kgn50wkzn38m35cus8dqhtva6qcfmmxx3acgs6vx2dg
+        - recipient: age1hraf69phgqg9y48m2r2sn6tr2sw7tf2h5j62ysl8nrv3qs2ft9kst0ysxm
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPQlZlUmdxVnBXa1lSNERW
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtTExHTW1UdjlGb2pDQkcy
-            L1lCcFBVaEpKdi91djlNL0piSnZLUnhpYURVCkJFYXA1UGYwMDRZQm5IM2ZwdFB6
+            UzBoZU9HaW1ZaGZRZC9NcDFHODFlK1ZNL2pvClBUc24zVzdONkJMaStOVTRpcHVR
-            MnZxOGRMMlNseWlybmU4WXBoUHFnMFkKLS0tIFNLVUtQNFhHeWcvZFNCTUM2NnhO
+            Tkovc3M5QjNSUWxWc0JFSzhkWEJOR00KLS0tIHdIS255N09yRkRDdU9mOHc5amtW
-            L2p0MmhjQkZYQjkvUjJVaDBiRG5yYTQKH+vx+bCgmQ4QUxOc0DIQOR6qR9FEgiA6
+            S2tTaXBUWGJNb3VUbzNWNVlPZEpKQUkKDEVag5HE08uzNdEwfoTPJQdFpxgCDeFV
-            1AjemW35CFzN1N5VHlNZgAplgou8zNxQ8w+AvKuRJ79kDZBESLpltQ==
+            v8CBBzXtLzy5xdhiNlTovjFstomrew5TvcjsAeCBimgCiaxXJ77Xzg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-20T20:13:00Z"
+    lastmodified: "2024-12-31T04:37:09Z"
-    mac: ENC[AES256_GCM,data:DnIjvLCwQ7D3WW2NqF2YRCzCaq39lYtU1ACQ5+23ydFBsGKwhLxiohfJFXagcsZ966wq48PGQLEWU0VfDpK0wOlphwZasrS4ZfOrC+iEaykIpNIVus+xOCzd2AwSa8k1EM6r7gbs516iZciXLfNuBFrK1KHUZB1r4vkDZUJ3PdE=,iv:hP/7nInLumR/PELcLIxcccLwebcE6Bs4USoLxgFzYyM=,tag:nD5lbuRwEOYlC5L/GknHUA==,type:str]
+    mac: ENC[AES256_GCM,data:0IWoYmBxxghbjMkDUpQugK2SjOndMvV/CTQG1pgddSB4TOrOtZybmNAxvE4GW0eu3p7w5nuk9tuLQmFXeNaDaGNi2ugX63gFy/tynVF4Hsnam9iLo2Ys4Y+umWZ3WLYkTp76ncuIkzSHQL4T4LaG0F8fr0o2dwMKrnO8sAxw8V4=,iv:IzV1NKUqv5gxEqc4H1j4a1+IXOyZMUiVk1pWTRwYmV0=,tag:BjiHr8YCXY8MAkGGkZgZ0w==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.9.2