diff --git a/.gitattributes b/.gitattributes index c6e85dd20..e6ea66745 100644 --- a/.gitattributes +++ b/.gitattributes @@ -5,5 +5,8 @@ lazy-lock.json -diff # git lfs *.png filter=lfs diff=lfs merge=lfs -text +# treat age files as binarys +*.age -text -diff + # templates should not register on linguist flake/templates/* linguist-vendored diff --git a/.sops.yaml b/.sops.yaml deleted file mode 100755 index 84791a200..000000000 --- a/.sops.yaml +++ /dev/null @@ -1,13 +0,0 @@ -keys: - - &isabel age1w98qzycsw5jk9hpy4yg5ld05qqdvs2vxctdypx0tqppvxrk579yshzctus - - &hydra age1dfcv3m85krzqya9tsft5hwrapl3zq35ry6zrt8gy92afcyrrau6q879rfc - - &luz age1c28zh0wrj567uzhj8echy684srjgcpksj0c6m0rhjx09wcxgtp8sxdyw4q - - &valkyrie age1e9thqqupjlm6hfpjjwamt9rzyxuuqrrpd5vtxj0mxnpaec4lk5vqwf09zl -creation_rules: - - path_regex: modules/base/secrets/[^/]+\.yaml$ - key_groups: - - age: - - *isabel - - *hydra - - *luz - - *valkyrie diff --git a/docs/default.nix b/docs/default.nix index f5241988e..e3474b042 100644 --- a/docs/default.nix +++ b/docs/default.nix @@ -21,6 +21,11 @@ specialArgs = {inherit pkgs;}; }; + gitHubDeclaration = user: repo: subpath: { + url = "https://github.com/${user}/${repo}/blob/main/${subpath}"; + name = subpath; + }; + mkDoc = name: options: let doc = pkgs.nixosOptionsDoc { options = filterAttrs (n: _: n != "_module") options; @@ -32,12 +37,7 @@ map (decl: if lib.hasPrefix (toString ../.) (toString decl) - then let - subpath = removePrefix "/" (removePrefix (toString ../.) (toString decl)); - in { - url = "https://github.com/isabelroses/dotfiles/tree/main/${subpath}"; - name = subpath; - } + then gitHubDeclaration "isabelroses" "dotfiles" (removePrefix "/" (removePrefix (toString ../.) (toString decl))) else decl) opt.declarations; }; @@ -54,9 +54,23 @@ convert = md: pkgs.runCommand "isabelroses-dotfiles.html" {nativeBuildInputs = with pkgs; [pandoc texinfo];} '' mkdir $out - cp ${./pandoc.css} style.css - pandoc -o file.texi ${builtins.concatStringsSep " " md} - texi2any ./file.texi --html --split=chapter --css-include=./style.css --document-language=en -o $out + + pandoc \ + --from markdown \ + --to texinfo \ + -o file.texi \ + ${builtins.concatStringsSep " " md} + + sed -i "s/@top Top/@top isabelroses' modules/" file.texi + + texi2any ./file.texi \ + --html \ + --split=chapter \ + --css-include=${./pandoc.css} \ + --document-language=en \ + -o $out + + substituteInPlace $out/index.html --replace "Top (isabelroses’ modules)" "isabelroses’ modules" ''; modulesPath = ../modules; @@ -73,5 +87,19 @@ hm = mkDoc "home-manager" hmEval.options; in { html = convert [nixos darwin hm]; - md = pkgs.linkFarm "md" (lib.mapAttrsToList (name: path: {inherit name path;}) ["nixos" "darwin" "hm"]); + + md = pkgs.linkFarm "md" [ + { + name = "nixos"; + path = extraModulesPath + /nixos; + } + { + name = "darwin"; + path = extraModulesPath + /darwin; + } + { + name = "home-manager"; + path = extraModulesPath + /home-manager; + } + ]; } diff --git a/flake.lock b/flake.lock index 99ca1338b..d3e486f99 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,30 @@ { "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": [ + "home-manager" + ], + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1707830867, + "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=", + "owner": "ryantm", + "repo": "agenix", + "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, "ags": { "inputs": { "nixpkgs": [ @@ -222,6 +247,28 @@ } }, "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "darwin_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -469,7 +516,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1685518550, @@ -487,7 +534,7 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_3" + "systems": "systems_4" }, "locked": { "lastModified": 1705309234, @@ -505,7 +552,7 @@ }, "flake-utils_3": { "inputs": { - "systems": "systems_4" + "systems": "systems_5" }, "locked": { "lastModified": 1701680307, @@ -523,7 +570,7 @@ }, "flake-utils_4": { "inputs": { - "systems": "systems_5" + "systems": "systems_6" }, "locked": { "lastModified": 1705309234, @@ -541,7 +588,7 @@ }, "flake-utils_5": { "inputs": { - "systems": "systems_6" + "systems": "systems_7" }, "locked": { "lastModified": 1701680307, @@ -559,7 +606,7 @@ }, "flake-utils_6": { "inputs": { - "systems": "systems_7" + "systems": "systems_8" }, "locked": { "lastModified": 1705309234, @@ -577,7 +624,7 @@ }, "flake-utils_7": { "inputs": { - "systems": "systems_8" + "systems": "systems_9" }, "locked": { "lastModified": 1681202837, @@ -686,7 +733,7 @@ "inputs": { "hyprland-protocols": "hyprland-protocols", "nixpkgs": "nixpkgs_2", - "systems": "systems_2", + "systems": "systems_3", "wlroots": "wlroots", "xdph": "xdph" }, @@ -1421,6 +1468,7 @@ }, "root": { "inputs": { + "agenix": "agenix", "ags": "ags", "auto-cpufreq": "auto-cpufreq", "bellado": "bellado", @@ -1428,7 +1476,7 @@ "catppuccin-toolbox": "catppuccin-toolbox", "catppuccin-vsc": "catppuccin-vsc", "catppuccinifier": "catppuccinifier", - "darwin": "darwin", + "darwin": "darwin_2", "deploy-rs": "deploy-rs", "flake-parts": "flake-parts", "flake-schemas": "flake-schemas", @@ -1452,7 +1500,6 @@ "rust-overlay": "rust-overlay_4", "schizofox": "schizofox", "simple-nixos-mailserver": "simple-nixos-mailserver", - "sops": "sops", "treefmt-nix": "treefmt-nix", "vscode-server": "vscode-server", "xdg-portal-hyprland": "xdg-portal-hyprland" @@ -1630,29 +1677,6 @@ "type": "gitlab" } }, - "sops": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1707842202, - "narHash": "sha256-3dTBbCzHJBinwhsisGJHW1HLBsLbj91+a5ZDXt7ttW0=", - "owner": "Mic92", - "repo": "sops-nix", - "rev": "48afd3264ec52bee85231a7122612e2c5202fa74", - "type": "github" - }, - "original": { - "owner": "Mic92", - "repo": "sops-nix", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, @@ -1668,7 +1692,7 @@ "type": "github" } }, - "systems_2": { + "systems_10": { "locked": { "lastModified": 1689347949, "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", @@ -1683,7 +1707,7 @@ "type": "github" } }, - "systems_3": { + "systems_2": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -1698,6 +1722,21 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, "systems_4": { "locked": { "lastModified": 1681028828, @@ -1775,16 +1814,16 @@ }, "systems_9": { "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "type": "github" }, "original": { "owner": "nix-systems", - "repo": "default-linux", + "repo": "default", "type": "github" } }, @@ -1870,7 +1909,7 @@ "nixpkgs": [ "nixpkgs" ], - "systems": "systems_9" + "systems": "systems_10" }, "locked": { "lastModified": 1706521509, diff --git a/flake.nix b/flake.nix index ab8ebc253..02a9bd236 100755 --- a/flake.nix +++ b/flake.nix @@ -134,11 +134,11 @@ }; # Secrets, shhh - sops = { - url = "github:Mic92/sops-nix"; + agenix = { + url = "github:ryantm/agenix"; inputs = { nixpkgs.follows = "nixpkgs"; - nixpkgs-stable.follows = "nixpkgs"; + home-manager.follows = "home-manager"; }; }; diff --git a/flake/pkgs/default.nix b/flake/pkgs/default.nix index a535c3668..ea90d7bf5 100644 --- a/flake/pkgs/default.nix +++ b/flake/pkgs/default.nix @@ -1,4 +1,4 @@ -_: { +{ perSystem = { pkgs, inputs', @@ -7,7 +7,7 @@ _: { packages = let docs = pkgs.callPackage ../../docs {}; in { - # docs-md = docs.md; + docs-md = docs.md; docs-html = docs.html; lutgen-rs = pkgs.callPackage ./lutgen-rs.nix {}; diff --git a/flake/programs/devshell.nix b/flake/programs/devshell.nix index aa04a6b06..2ba3e19d7 100644 --- a/flake/programs/devshell.nix +++ b/flake/programs/devshell.nix @@ -25,6 +25,7 @@ deadnix # clean up unused nix code self'.formatter # nix formatter config.treefmt.build.wrapper # treewide formatter + inputs'.agenix.packages.agenix # secrets inputs'.deploy-rs.packages.deploy-rs # remote deployment ] ++ lib.optionals stdenv.isDarwin [inputs'.darwin.packages.darwin-rebuild]; diff --git a/flake/templates/default.nix b/flake/templates/default.nix index 9a6a52c2f..a87dcc298 100644 --- a/flake/templates/default.nix +++ b/flake/templates/default.nix @@ -1,4 +1,4 @@ -_: { +{ flake.templates = { c = { path = ./c; # C/C++ diff --git a/home/isabel/programs/cli/default.nix b/home/isabel/programs/cli/default.nix index befd2c7aa..7d6274b2e 100644 --- a/home/isabel/programs/cli/default.nix +++ b/home/isabel/programs/cli/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./shared.nix ./desktop.nix diff --git a/home/isabel/programs/cli/shared.nix b/home/isabel/programs/cli/shared.nix index a51cd4359..32e676c16 100644 --- a/home/isabel/programs/cli/shared.nix +++ b/home/isabel/programs/cli/shared.nix @@ -17,14 +17,15 @@ in { jq dconf wakatime - cached-nix-shell ] ++ optionals cfg.cli.modernShell.enable [ ripgrep - mods # ai tools nap # code sinppets glow # markdown preview + ] + ++ optionals stdenv.isLinux [ + cached-nix-shell ]; }; } diff --git a/home/isabel/programs/configs/cli/atuin.nix b/home/isabel/programs/configs/cli/atuin.nix index bfbe79a29..3953ff3b3 100644 --- a/home/isabel/programs/configs/cli/atuin.nix +++ b/home/isabel/programs/configs/cli/atuin.nix @@ -1,7 +1,7 @@ { + lib, config, osConfig, - lib, ... }: let inherit (lib) mkIf isModernShell; diff --git a/home/isabel/programs/configs/cli/default.nix b/home/isabel/programs/configs/cli/default.nix index a43f6597f..00c401ff6 100644 --- a/home/isabel/programs/configs/cli/default.nix +++ b/home/isabel/programs/configs/cli/default.nix @@ -1,10 +1,11 @@ -_: { +{ imports = [ ./shells ./atuin.nix ./bat.nix ./bellado.nix + ./direnv.nix ./eza.nix ./fzf.nix ./git.nix diff --git a/home/isabel/programs/configs/cli/direnv.nix b/home/isabel/programs/configs/cli/direnv.nix new file mode 100644 index 000000000..cf0873fa5 --- /dev/null +++ b/home/isabel/programs/configs/cli/direnv.nix @@ -0,0 +1,10 @@ +{ + lib, + pkgs, + ... +}: { + programs.direnv = lib.mkIf pkgs.stdenv.isDarwin { + enable = true; + nix-direnv.enable = true; + }; +} diff --git a/home/isabel/programs/configs/cli/git.nix b/home/isabel/programs/configs/cli/git.nix index 928f0da7c..a6a2c3df6 100644 --- a/home/isabel/programs/configs/cli/git.nix +++ b/home/isabel/programs/configs/cli/git.nix @@ -25,7 +25,7 @@ in { # github cli gh = { enable = true; - gitCredentialHelper.enable = false; # i use sops for this anyways + gitCredentialHelper.enable = false; # i use agenix for this anyways extensions = with pkgs; [ gh-cal # github activity stats in the CLI gh-dash # dashboard with pull requests and issues diff --git a/home/isabel/programs/configs/cli/hyfetch.nix b/home/isabel/programs/configs/cli/hyfetch.nix index a700a627d..a250cc3a4 100644 --- a/home/isabel/programs/configs/cli/hyfetch.nix +++ b/home/isabel/programs/configs/cli/hyfetch.nix @@ -1,9 +1,16 @@ -{pkgs, ...}: { +{ + lib, + pkgs, + ... +}: let + inherit (lib) ldTernary; +in { home.packages = [pkgs.hyfetch]; + xdg.configFile = { "neofetch/config.conf".text = '' print_info() { - prin " \n \n ╭───────┤ $(color 5) NixOS $(color 15)├───────╮" + prin " \n \n ╭───────┤ $(color 5)${ldTernary pkgs " NixOS" " MacOS"} $(color 15)├───────╮" info " " kernel info " " wm info " " shell @@ -34,10 +41,10 @@ separator="" image_backend="ascii" # ascii kitty iterm2 - image_source="/home/demeter/.config/neofetch/image.png" # auto /path/to/img /path/to/ascii + image_source=${ldTernary pkgs "/home/isabel/media/pictures" "/Users/isabel/Pictures"}/pfps/avatar # auto /path/to/img /path/to/ascii image_size="200px" # auto 00px 00% none - ascii_distro="NixOS_small" + ascii_distro=${ldTernary pkgs "NixOS" "Mac"}_small ascii_colors=(distro) ascii_bold="on" diff --git a/home/isabel/programs/configs/cli/shells/default.nix b/home/isabel/programs/configs/cli/shells/default.nix index 251a93b06..b096ac239 100644 --- a/home/isabel/programs/configs/cli/shells/default.nix +++ b/home/isabel/programs/configs/cli/shells/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./bash.nix # bash configurations ./fish.nix # fish configurations diff --git a/home/isabel/programs/configs/cli/shells/shellAlias.nix b/home/isabel/programs/configs/cli/shells/shellAlias.nix index 1468442f3..ecd979390 100644 --- a/home/isabel/programs/configs/cli/shells/shellAlias.nix +++ b/home/isabel/programs/configs/cli/shells/shellAlias.nix @@ -1,4 +1,4 @@ -_: { +{ # This configuration creates the shell aliases across: bash, zsh and fish home.shellAliases = { mkdir = "mkdir -pv"; # always create pearent directory diff --git a/home/isabel/programs/configs/cli/shells/zsh.nix b/home/isabel/programs/configs/cli/shells/zsh.nix index 329476028..9ef0a0a66 100644 --- a/home/isabel/programs/configs/cli/shells/zsh.nix +++ b/home/isabel/programs/configs/cli/shells/zsh.nix @@ -3,7 +3,7 @@ enable = pkgs.stdenv.isDarwin; enableAutosuggestions = true; - enableCompletion = true; + # enableCompletion = true; syntaxHighlighting.enable = true; dotDir = ".config/zsh"; diff --git a/home/isabel/programs/configs/cli/starship.nix b/home/isabel/programs/configs/cli/starship.nix index 8927126e2..43690e73f 100644 --- a/home/isabel/programs/configs/cli/starship.nix +++ b/home/isabel/programs/configs/cli/starship.nix @@ -1,7 +1,7 @@ { + lib, config, osConfig, - lib, ... }: { programs.starship = { @@ -50,7 +50,7 @@ ".config" = " "; }; os = { - disabled = true; + # disabled = true; style = "bold white"; format = "[$symbol]($style)"; }; diff --git a/home/isabel/programs/configs/cli/tealdear.nix b/home/isabel/programs/configs/cli/tealdear.nix index 3db8adedb..c52922463 100644 --- a/home/isabel/programs/configs/cli/tealdear.nix +++ b/home/isabel/programs/configs/cli/tealdear.nix @@ -1,11 +1,9 @@ { - osConfig, lib, + osConfig, ... -}: let - acceptedTypes = ["desktop" "laptop" "wsl" "lite" "hybrid"]; -in { - config = lib.mkIf ((lib.isAcceptedDevice osConfig acceptedTypes) && lib.isModernShell osConfig) { +}: { + config = lib.mkIf (lib.isModernShell osConfig) { programs.tealdeer = { enable = true; settings = { @@ -13,7 +11,8 @@ in { compact = false; use_pager = true; }; - updates.auto_update = true; + + updates.auto_update = false; }; }; }; diff --git a/home/isabel/programs/configs/default.nix b/home/isabel/programs/configs/default.nix index 7c622c7a3..14658bdd0 100644 --- a/home/isabel/programs/configs/default.nix +++ b/home/isabel/programs/configs/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./cli # command line interface app confurations ./editors # text editor / IDE configurations diff --git a/home/isabel/programs/configs/gui/bars/default.nix b/home/isabel/programs/configs/gui/bars/default.nix index 70dea7518..0bab01c46 100644 --- a/home/isabel/programs/configs/gui/bars/default.nix +++ b/home/isabel/programs/configs/gui/bars/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./ags ./eww diff --git a/home/isabel/programs/configs/gui/browsers/default.nix b/home/isabel/programs/configs/gui/browsers/default.nix index f4d7c836c..edef0d834 100644 --- a/home/isabel/programs/configs/gui/browsers/default.nix +++ b/home/isabel/programs/configs/gui/browsers/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./chromium.nix ./schizofox.nix diff --git a/home/isabel/programs/configs/gui/default.nix b/home/isabel/programs/configs/gui/default.nix index 2f3400378..f5561da4d 100644 --- a/home/isabel/programs/configs/gui/default.nix +++ b/home/isabel/programs/configs/gui/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./bars ./browsers diff --git a/home/isabel/programs/configs/gui/discord.nix b/home/isabel/programs/configs/gui/discord.nix index f7c12109c..1c3c524a0 100644 --- a/home/isabel/programs/configs/gui/discord.nix +++ b/home/isabel/programs/configs/gui/discord.nix @@ -1,28 +1,33 @@ { - osConfig, lib, pkgs, + osConfig, ... -}: let - inherit (osConfig.modules.system) video; - acceptedTypes = ["laptop" "desktop" "hybrid"]; -in { - config = lib.mkIf ((lib.isAcceptedDevice osConfig acceptedTypes) && osConfig.modules.programs.gui.enable && video.enable) { - home.packages = with pkgs; [ - ((discord.override { - nss = pkgs.nss_latest; +}: { + config = lib.mkIf osConfig.modules.programs.gui.discord.enable { + home.packages = + lib.ldTernary pkgs + [ + ((pkgs.discord.override { + nss = pkgs.nss_latest; + withOpenASAR = true; + withVencord = true; + withTTS = false; + }) + .overrideAttrs (old: { + libPath = old.libPath + ":${pkgs.libglvnd}/lib"; + nativeBuildInputs = old.nativeBuildInputs ++ [pkgs.makeWrapper]; + + postFixup = '' + wrapProgram $out/opt/Discord/Discord --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform=wayland}}" + ''; + })) + ] + [ + (pkgs.discord.override { withOpenASAR = true; withVencord = true; - withTTS = false; }) - .overrideAttrs (old: { - libPath = old.libPath + ":${pkgs.libglvnd}/lib"; - nativeBuildInputs = old.nativeBuildInputs ++ [pkgs.makeWrapper]; - - postFixup = '' - wrapProgram $out/opt/Discord/Discord --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform=wayland}}" - ''; - })) - ]; + ]; }; } diff --git a/home/isabel/programs/configs/gui/fileMangers/default.nix b/home/isabel/programs/configs/gui/fileMangers/default.nix index 1feef033f..a4c958210 100644 --- a/home/isabel/programs/configs/gui/fileMangers/default.nix +++ b/home/isabel/programs/configs/gui/fileMangers/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./dolphin.nix ./nemo.nix diff --git a/home/isabel/programs/configs/gui/launchers/default.nix b/home/isabel/programs/configs/gui/launchers/default.nix index 88576e251..4edbaf345 100644 --- a/home/isabel/programs/configs/gui/launchers/default.nix +++ b/home/isabel/programs/configs/gui/launchers/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./rofi ./wofi diff --git a/home/isabel/programs/configs/gui/terminals/default.nix b/home/isabel/programs/configs/gui/terminals/default.nix index 0762905b2..64a909b90 100644 --- a/home/isabel/programs/configs/gui/terminals/default.nix +++ b/home/isabel/programs/configs/gui/terminals/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./wezterm diff --git a/home/isabel/programs/configs/gui/terminals/wezterm/wezterm.lua b/home/isabel/programs/configs/gui/terminals/wezterm/wezterm.lua index de9e8bc04..755dab6db 100644 --- a/home/isabel/programs/configs/gui/terminals/wezterm/wezterm.lua +++ b/home/isabel/programs/configs/gui/terminals/wezterm/wezterm.lua @@ -12,7 +12,9 @@ require("bar").apply_to_config(config) if utils.is_linux() then config.window_background_opacity = 0.90 -else +elseif utils.is_darwin() then + config.window_background_opacity = 0.95 +elseif utils.is_windows() then config.window_background_image = "C:\\Users\\Isabel\\Pictures\\wallpapers\\wallhaven-qzp8dr.png" config.window_background_image_hsb = { brightness = 0.03, -- make the bg darker so we can see what we are doing diff --git a/home/isabel/programs/configs/gui/zathura.nix b/home/isabel/programs/configs/gui/zathura.nix index b3c7621b5..91307e52e 100644 --- a/home/isabel/programs/configs/gui/zathura.nix +++ b/home/isabel/programs/configs/gui/zathura.nix @@ -4,7 +4,7 @@ osConfig, ... }: { - config = lib.mkIf (osConfig.modules.programs.gui.zathura.enable) { + config = lib.mkIf osConfig.modules.programs.gui.zathura.enable { xdg.configFile."zathura/catppuccin-mocha".source = pkgs.fetchurl { url = "https://raw.githubusercontent.com/catppuccin/zathura/main/src/catppuccin-mocha"; hash = "sha256-/HXecio3My2eXTpY7JoYiN9mnXsps4PAThDPs4OCsAk="; diff --git a/home/isabel/programs/configs/tui/default.nix b/home/isabel/programs/configs/tui/default.nix index af81e156b..d6d9445fc 100644 --- a/home/isabel/programs/configs/tui/default.nix +++ b/home/isabel/programs/configs/tui/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./btop.nix ./lazygit.nix diff --git a/home/isabel/programs/default.nix b/home/isabel/programs/default.nix index 8e5d13299..dc4bb1e8f 100644 --- a/home/isabel/programs/default.nix +++ b/home/isabel/programs/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./cli # command line applications ./configs # app confiurations diff --git a/home/isabel/programs/gui/default.nix b/home/isabel/programs/gui/default.nix index 55494359e..f8e1f81c0 100644 --- a/home/isabel/programs/gui/default.nix +++ b/home/isabel/programs/gui/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./gaming diff --git a/home/isabel/programs/scripts/default.nix b/home/isabel/programs/scripts/default.nix index f9d5e26d6..08fe300ec 100644 --- a/home/isabel/programs/scripts/default.nix +++ b/home/isabel/programs/scripts/default.nix @@ -8,6 +8,7 @@ home = { sessionPath = [ "${config.home.homeDirectory}/.local/bin" + "/etc/profiles/per-user/isabel/bin" # needed for darwin ]; file = { diff --git a/home/isabel/programs/wm/default.nix b/home/isabel/programs/wm/default.nix index 9eaefe30f..95a372367 100644 --- a/home/isabel/programs/wm/default.nix +++ b/home/isabel/programs/wm/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ #./i3 ./hyprland diff --git a/home/isabel/services/default.nix b/home/isabel/services/default.nix index 859966c66..294dd83e6 100644 --- a/home/isabel/services/default.nix +++ b/home/isabel/services/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./shared # Always on services ./wayland # wayland-only services diff --git a/home/isabel/services/shared/default.nix b/home/isabel/services/shared/default.nix index 54da257a3..d0ef6a6f6 100644 --- a/home/isabel/services/shared/default.nix +++ b/home/isabel/services/shared/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./kdeconnect.nix ./nextcloud.nix diff --git a/home/isabel/services/shared/nextcloud.nix b/home/isabel/services/shared/nextcloud.nix index 9e2eaac44..bcd0085d2 100644 --- a/home/isabel/services/shared/nextcloud.nix +++ b/home/isabel/services/shared/nextcloud.nix @@ -7,7 +7,7 @@ inherit (lib) mkIf isAcceptedDevice mkGraphicalService; acceptedTypes = ["desktop" "laptop" "hybrid"]; in { - config = mkIf (isAcceptedDevice osConfig acceptedTypes) { + config = mkIf (isAcceptedDevice osConfig acceptedTypes && pkgs.stdenv.isLinux) { home.packages = [pkgs.nextcloud-client]; systemd.user.services.nextcloud = mkGraphicalService { diff --git a/home/isabel/services/shared/rnnoise.nix b/home/isabel/services/shared/rnnoise.nix index 70a76c366..f839ea7a5 100644 --- a/home/isabel/services/shared/rnnoise.nix +++ b/home/isabel/services/shared/rnnoise.nix @@ -10,7 +10,7 @@ acceptedTypes = ["desktop" "laptop" "lite" "hybrid"]; in { - config = mkIf (isAcceptedDevice osConfig acceptedTypes) { + config = mkIf (isAcceptedDevice osConfig acceptedTypes && pkgs.stdenv.isLinux) { xdg.configFile."pipewire/pipewire.conf.d/99-input-denoising.conf" = { source = json.generate "99-input-denoising.conf" { "context.modules" = [ diff --git a/home/isabel/services/wayland/default.nix b/home/isabel/services/wayland/default.nix index dd1e033f2..c8708064b 100644 --- a/home/isabel/services/wayland/default.nix +++ b/home/isabel/services/wayland/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./screenlock ]; diff --git a/home/isabel/services/wayland/screenlock/default.nix b/home/isabel/services/wayland/screenlock/default.nix index af38921d0..9322c41b6 100644 --- a/home/isabel/services/wayland/screenlock/default.nix +++ b/home/isabel/services/wayland/screenlock/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./gtklock.nix ./swaylock.nix diff --git a/home/isabel/system/default.nix b/home/isabel/system/default.nix index 083ed5459..284e0aa9a 100644 --- a/home/isabel/system/default.nix +++ b/home/isabel/system/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./env.nix ./gpg.nix diff --git a/home/isabel/system/gpg.nix b/home/isabel/system/gpg.nix index 9cce86bab..a6b8bc828 100644 --- a/home/isabel/system/gpg.nix +++ b/home/isabel/system/gpg.nix @@ -1,16 +1,13 @@ { lib, pkgs, - inputs, config, osConfig, ... }: let inherit (osConfig.modules.system) video; in { - imports = [inputs.sops.homeManagerModules.sops]; - - services.gpg-agent = { + services.gpg-agent = lib.mkIf pkgs.stdenv.isLinux { enable = true; enableBashIntegration = config.programs.bash.enable; enableFishIntegration = config.programs.fish.enable; @@ -30,8 +27,6 @@ in { # Allow manually restarting gpg-agent if it fails systemd.user.services.gpg-agent.Unit.RefuseManualStart = lib.mkForce false; - sops.gnupg.home = config.programs.gpg.homedir; - programs.gpg = { enable = true; homedir = "${config.xdg.dataHome}/gnupg"; diff --git a/home/isabel/system/ssh.nix b/home/isabel/system/ssh.nix index 9f900e7cb..65392effa 100644 --- a/home/isabel/system/ssh.nix +++ b/home/isabel/system/ssh.nix @@ -1,4 +1,4 @@ -_: { +{ # {pkgs, ...}: { # home.packages = with pkgs; [cloudflared]; programs = { @@ -13,7 +13,7 @@ _: { template = base // { - identityFile = "~/.ssh/nixos"; + identityFile = "~/.ssh/id_ed25519"; }; in { # git clients @@ -54,23 +54,8 @@ _: { "hydra" = template // { - hostname = "192.168.86.3"; + hostname = "10.82.7.9"; }; - - /* - "alpha" = { - hostname = "192.168.86.4"; - user = "isabel"; - identityFile = "~/.ssh/alpha"; - }; - - "alpha-remote" = { - hostname = "ssh.isabelroses.com"; - user = "isabel"; - identityFile = "~/.ssh/alpha"; - proxyCommand = "cloudflared access ssh --hostname %h"; - }; - */ }; }; }; diff --git a/home/isabel/system/xdg.nix b/home/isabel/system/xdg.nix index 56d75ac27..2be76e3aa 100644 --- a/home/isabel/system/xdg.nix +++ b/home/isabel/system/xdg.nix @@ -1,7 +1,7 @@ { lib, - config, pkgs, + config, ... }: let inherit (pkgs.stdenv) isLinux; @@ -57,7 +57,7 @@ template = import lib.template.xdg "home-manager"; in { - home.packages = with pkgs; [xdg-utils]; + home.packages = with pkgs; lib.mkIf isLinux [xdg-utils]; xdg = { enable = true; @@ -66,8 +66,8 @@ in { dataHome = "${config.home.homeDirectory}/.local/share"; stateHome = "${config.home.homeDirectory}/.local/state"; - userDirs = { - enable = isLinux; + userDirs = lib.mkIf isLinux { + enable = true; createDirectories = true; documents = "${config.home.homeDirectory}/documents"; diff --git a/home/isabel/themes/default.nix b/home/isabel/themes/default.nix index b065750e4..b614cfc17 100644 --- a/home/isabel/themes/default.nix +++ b/home/isabel/themes/default.nix @@ -4,9 +4,4 @@ ./qt.nix ./global.nix ]; - - config.catppuccin = { - flavour = "mocha"; - accent = "sapphire"; - }; } diff --git a/home/isabel/themes/global.nix b/home/isabel/themes/global.nix index 047352e98..e16b2cfb8 100644 --- a/home/isabel/themes/global.nix +++ b/home/isabel/themes/global.nix @@ -1,18 +1,25 @@ { - osConfig, + lib, + pkgs, inputs, + osConfig, ... }: let cfg = osConfig.modules.style; in { imports = [inputs.catppuccin.homeManagerModules.catppuccin]; - # pointer / cursor theming - home.pointerCursor = { - name = cfg.pointerCursor.name; - package = cfg.pointerCursor.package; - size = cfg.pointerCursor.size; - gtk.enable = true; - x11.enable = true; + config = { + catppuccin = { + flavour = "mocha"; + accent = "sapphire"; + }; + + # pointer / cursor theming + home.pointerCursor = lib.mkIf pkgs.stdenv.isLinux { + inherit (cfg.pointerCursor) name package size; + gtk.enable = true; + x11.enable = true; + }; }; } diff --git a/home/isabel/themes/gtk.nix b/home/isabel/themes/gtk.nix index 99705d7a1..48b9a0e93 100644 --- a/home/isabel/themes/gtk.nix +++ b/home/isabel/themes/gtk.nix @@ -1,6 +1,6 @@ { - pkgs, lib, + pkgs, config, osConfig, ... @@ -8,11 +8,10 @@ inherit (lib) mkIf boolToNum; inherit (osConfig.modules) device; cfg = osConfig.modules.style; - sys = osConfig.modules.system; acceptedTypes = ["laptop" "desktop" "hybrid" "lite"]; in { - config = mkIf (builtins.elem device.type acceptedTypes && sys.video.enable) { + config = mkIf (builtins.elem device.type acceptedTypes && pkgs.stdenv.isLinux) { xdg.systemDirs.data = let schema = pkgs.gsettings-desktop-schemas; in ["${schema}/share/gsettings-schemas/${schema.name}"]; diff --git a/home/isabel/themes/qt.nix b/home/isabel/themes/qt.nix index c8ca79670..889a61972 100644 --- a/home/isabel/themes/qt.nix +++ b/home/isabel/themes/qt.nix @@ -1,17 +1,16 @@ { - pkgs, lib, + pkgs, osConfig, ... }: let inherit (lib) mkIf optionals; inherit (osConfig.modules) device; - sys = osConfig.modules.system; cfg = osConfig.modules.style; acceptedTypes = ["laptop" "desktop" "hybrid" "lite"]; in { - config = mkIf (builtins.elem device.type acceptedTypes && sys.video.enable) { + config = mkIf (builtins.elem device.type acceptedTypes && pkgs.stdenv.isLinux) { xdg.configFile = { "kdeglobals".source = cfg.qt.kdeglobals.source; diff --git a/hosts/default.nix b/hosts/default.nix index cb3a01baf..cce1b0e5b 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -8,7 +8,7 @@ # modules modulePath = ../modules; # the base module path - # base modules, are the base of this system configuration and are shared across all systems (so the basics) + # base modules, is the base of this system configuration and are shared across all systems (so the basics) base = modulePath + /base; # profiles module, these are sensible defaults for given hardware sets @@ -19,19 +19,18 @@ # hardware profiles laptop = hardwareProfilesPath + /laptop; # for laptop type configurations - # desktop = hardwareProfilesPath + /desktop; # for desktop type configurations + desktop = hardwareProfilesPath + /desktop; # for desktop type configurations server = [(hardwareProfilesPath + /server) headless]; # for server type configurations wsl = [(hardwareProfilesPath + /wsl) headless]; # for wsl systems # meta profiles workstation = metaProfilesPath + /workstation; # for server type configurations headless = metaProfilesPath + /headless; # for headless systems - darwin = metaProfilesPath + /darwin; # for darwin systems (macOS) # home-manager homes = ../home; # home-manager configurations - # a list of shared modules + # a list of shared modules, that means they need to be in almost all configs shared = [base homes]; # extra specialArgs that are on all machines @@ -58,7 +57,7 @@ in system = "x86_64-linux"; modules = [ - # desktop + desktop workstation ] ++ concatLists [shared]; @@ -85,7 +84,7 @@ in host = "tatsumaki"; inherit withSystem; system = "aarch64-darwin"; - modules = [workstation] ++ concatLists [darwin shared]; + modules = concatLists [shared]; specialArgs = sharedArgs; } ]) diff --git a/hosts/lilith/nix.nix b/hosts/lilith/nix.nix index bd1ebb2f0..98eddc275 100644 --- a/hosts/lilith/nix.nix +++ b/hosts/lilith/nix.nix @@ -1,4 +1,4 @@ -_: { +{ nix = { settings = { experimental-features = ["nix-command" "flakes" "repl-flake"]; diff --git a/hosts/luz/mount.nix b/hosts/luz/mount.nix index 7d0139e55..f81f59ded 100644 --- a/hosts/luz/mount.nix +++ b/hosts/luz/mount.nix @@ -1,4 +1,4 @@ -_: { +{ fileSystems."/srv/storage" = { device = "/dev/disk/by-id/scsi-0HC_Volume_37980392"; fsType = "ext4"; diff --git a/hosts/luz/services.nix b/hosts/luz/services.nix index eb20cefd1..2ccb7996f 100644 --- a/hosts/luz/services.nix +++ b/hosts/luz/services.nix @@ -1,9 +1,10 @@ -_: { +{ modules.services = { vaultwarden.enable = true; isabelroses-website.enable = true; vikunja.enable = true; kanidm.enable = true; + mailserver.enable = true; networking = { nginx.enable = true; @@ -24,11 +25,6 @@ _: { nextcloud.enable = true; }; - mailserver = { - enable = true; - rspamd-web.enable = false; - }; - monitoring = { grafana.enable = true; prometheus.enable = true; diff --git a/hosts/tatsumaki/default.nix b/hosts/tatsumaki/default.nix index 2c956d072..54f88e03a 100644 --- a/hosts/tatsumaki/default.nix +++ b/hosts/tatsumaki/default.nix @@ -1,58 +1,9 @@ { config.modules = { - device = { - type = ""; - cpu = ""; - gpu = null; - monitors = []; - hasTPM = true; - hasBluetooth = true; - hasSound = false; - }; + device.type = "laptop"; system = { mainUser = "isabel"; - - boot = { - plymouth.enable = false; - loader = "none"; - secureBoot = false; - enableKernelTweaks = false; - initrd.enableTweaks = false; - loadRecommendedModules = false; - tmpOnTmpfs = false; - }; - - fs = []; - video.enable = true; - sound.enable = true; - bluetooth.enable = true; - printing.enable = false; - yubikeySupport.enable = true; - - security = { - fixWebcam = false; - auditd.enable = false; - }; - - networking = { - optimizeTcp = true; - - wirelessBackend = "none"; - - tailscale = { - enable = false; - isClient = false; - }; - }; - - virtualization = { - enable = false; - docker.enable = false; - qemu.enable = false; - podman.enable = false; - distrobox.enable = false; - }; }; environment = { @@ -61,7 +12,17 @@ }; programs = { - agnostic.git.signingKey = "7AFB9A49656E69F7"; + agnostic = { + git.signingKey = "5A87C993E20D89A1"; + + editors = { + neovim.enable = true; + vscode.enable = false; + micro.enable = false; + }; + + wine.enable = false; + }; cli = { enable = true; @@ -71,17 +32,50 @@ tui.enable = true; gui = { - enable = true; + enable = false; - kdeconnect.enable = false; + zathura.enable = false; + discord.enable = true; - terminals.wezterm.enable = true; + kdeconnect = { + enable = false; + indicator.enable = false; + }; - zathura.enable = true; - }; + launchers = { + rofi.enable = false; + wofi.enable = false; + }; - defaults = { - terminal = "wezterm"; + bars = { + ags.enable = false; + eww.enable = false; + waybar.enable = false; + }; + + browsers = { + chromium = { + enable = false; + ungoogled = false; + }; + + firefox = { + enable = false; + schizofox = false; + }; + }; + + terminals = { + kitty.enable = false; + alacritty.enable = false; + wezterm.enable = true; + }; + + fileManagers = { + thunar.enable = false; + dolphin.enable = false; + nemo.enable = false; + }; }; }; }; diff --git a/lib/builders.nix b/lib/builders.nix index f890f6278..28a32a6ed 100644 --- a/lib/builders.nix +++ b/lib/builders.nix @@ -35,16 +35,18 @@ target = ldTernary pkgs "nixosConfigurations" "darwinConfigurations"; mod = getModuleType pkgs; + + # depending on the base operating system we can only use some options therfore these + # options means that we can limit these options to only those given operating systems + hostOs = ldTernary pkgs "${self}/modules/linux" "${self}/modules/darwin"; in { ${target}.${args.host} = mkSystem' { inherit system; modules = [ + hostOs "${self}/hosts/${args.host}" - inputs.home-manager.${mod}.home-manager - inputs.sops.${mod}.sops - {config.modules.system.hostname = args.host;} ] ++ args.modules or []; diff --git a/lib/validators.nix b/lib/validators.nix index 808513107..1a2972b7a 100644 --- a/lib/validators.nix +++ b/lib/validators.nix @@ -13,7 +13,7 @@ # assert if the device is wayland-ready by checking sys.video and env.isWayland options # `(lib.isWayland config)` where config is in scope # `isWayland osConfig` -> true - isWayland = conf: conf.modules.system.video.enable && conf.modules.environment.isWayland; + isWayland = conf: conf.modules.environment.isWayland; # ifOneEnabled takes a parent option and 3 child options and checks if at least one of them is enabled # `ifOneEnabled config.modules.services "service1" "service2" "service3"` diff --git a/modules/base/host/activation/default.nix b/modules/base/activation/default.nix similarity index 100% rename from modules/base/host/activation/default.nix rename to modules/base/activation/default.nix diff --git a/modules/base/default.nix b/modules/base/default.nix index dba0fc302..f0dd091c7 100644 --- a/modules/base/default.nix +++ b/modules/base/default.nix @@ -1,9 +1,11 @@ { imports = [ - ./host # host configurations - ./gaming # super cool procrastinations related things - ./options # options module, these allow for quick configuration - ./secrets # shhh - ./services # allows for per-system system services to be enabled + ./activation # activation system for nixos-rebuild + ./environment # basic system enviroment configuration i.e. shell aliases and environment variables + ./nix # all nix related configurations + ./options # options that occur on all systems + ./users # users of the machine + + ./secrets.nix # shhh ]; } diff --git a/modules/base/host/os/environment/aliases.nix b/modules/base/environment/aliases.nix similarity index 100% rename from modules/base/host/os/environment/aliases.nix rename to modules/base/environment/aliases.nix diff --git a/modules/base/environment/default.nix b/modules/base/environment/default.nix new file mode 100644 index 000000000..bb04c78ee --- /dev/null +++ b/modules/base/environment/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./aliases.nix # shell aliases + ./vars.nix # environment variables + ]; +} diff --git a/modules/base/host/os/environment/vars.nix b/modules/base/environment/vars.nix similarity index 94% rename from modules/base/host/os/environment/vars.nix rename to modules/base/environment/vars.nix index 70b945d7d..16ea76e4c 100644 --- a/modules/base/host/os/environment/vars.nix +++ b/modules/base/environment/vars.nix @@ -7,7 +7,7 @@ variables = { EDITOR = "nvim"; - VISUAL = "vscodium"; + VISUAL = "vscode"; SUDO_EDITOR = "nvim"; SYSTEMD_PAGERSECURE = "true"; diff --git a/modules/base/host/nix/system.nix b/modules/base/host/nix/system.nix deleted file mode 100644 index 78a1dc61a..000000000 --- a/modules/base/host/nix/system.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - lib, - pkgs, - ... -}: let - inherit (lib) mkDefault ldTernary; -in { - system = { - autoUpgrade.enable = false; - stateVersion = ldTernary pkgs (mkDefault "23.05") (mkDefault 4); - }; -} diff --git a/modules/base/host/nix/default.nix b/modules/base/nix/default.nix similarity index 100% rename from modules/base/host/nix/default.nix rename to modules/base/nix/default.nix diff --git a/modules/base/host/nix/environment.nix b/modules/base/nix/environment.nix similarity index 100% rename from modules/base/host/nix/environment.nix rename to modules/base/nix/environment.nix diff --git a/modules/base/host/nix/nix.nix b/modules/base/nix/nix.nix similarity index 90% rename from modules/base/host/nix/nix.nix rename to modules/base/nix/nix.nix index 4b7101789..33cfeeb1d 100644 --- a/modules/base/host/nix/nix.nix +++ b/modules/base/nix/nix.nix @@ -1,7 +1,6 @@ { lib, pkgs, - config, inputs, ... }: let @@ -21,24 +20,12 @@ in { # We love legacy support (for now) nixPath = ldTernary pkgs (attrValues (mapAttrs (k: v: "${k}=${v.outPath}") flakeInputs)) (mkForce (mapAttrs (_: v: v.outPath) flakeInputs)); - # Make builds run with a low priority, keeping the system fast - daemonCPUSchedPolicy = "idle"; - daemonIOSchedClass = "idle"; - daemonIOSchedPriority = 7; - # set up garbage collection to run daily, and removing packages after 3 days gc = { automatic = true; - dates = "Mon *-*-* 03:00"; options = "--delete-older-than 3d"; }; - # automatically optimize /nix/store by removing hard links - optimise = { - automatic = true; - dates = ["04:00"]; - }; - settings = { # specify the path to the nix registry flake-registry = "/etc/nix/registry.json"; @@ -57,10 +44,9 @@ in { # let the system decide the number of max jobs max-jobs = "auto"; # build inside sandboxed environments - sandbox = true; + sandbox = pkgs.stdenv.isLinux; # supported system features system-features = ["nixos-test" "kvm" "recursive-nix" "big-parallel"]; - extra-platforms = config.boot.binfmt.emulatedSystems; # continue building derivations even if one fails keep-going = true; # show more log lines for failed builds, as this happens alot and is useful @@ -84,8 +70,6 @@ in { http-connections = 50; # whether to accept nix configuration from a flake without prompting accept-flake-config = true; - # execute builds inside cgroups - use-cgroups = true; # build from source if the build fails from a binary source # fallback = true; diff --git a/modules/base/host/nix/nixpkgs.nix b/modules/base/nix/nixpkgs.nix similarity index 100% rename from modules/base/host/nix/nixpkgs.nix rename to modules/base/nix/nixpkgs.nix diff --git a/modules/base/nix/system.nix b/modules/base/nix/system.nix new file mode 100644 index 000000000..adcadf681 --- /dev/null +++ b/modules/base/nix/system.nix @@ -0,0 +1,9 @@ +{ + lib, + pkgs, + ... +}: let + inherit (lib) mkDefault ldTernary; +in { + system.stateVersion = ldTernary pkgs (mkDefault "23.05") (mkDefault 4); +} diff --git a/modules/base/options/changed.nix b/modules/base/options/changed.nix deleted file mode 100644 index e5c9ce295..000000000 --- a/modules/base/options/changed.nix +++ /dev/null @@ -1,43 +0,0 @@ -{lib, ...}: let - inherit (lib) mkRenamedOptionModule mkRemovedOptionModule; -in { - imports = [ - # Renamed modules - (mkRenamedOptionModule ["modules" "usrEnv"] ["modules" "environment"]) - - (mkRenamedOptionModule ["modules" "system" "flakePath"] ["modules" "environment" "flakePath"]) - - (mkRenamedOptionModule ["modules" "programs" "git"] ["modules" "programs" "agnostic" "git"]) - (mkRenamedOptionModule ["modules" "programs" "editors"] ["modules" "programs" "agnostic" "editors"]) - - (mkRenamedOptionModule ["modules" "programs" "bars"] ["modules" "programs" "gui" "bars"]) - (mkRenamedOptionModule ["modules" "programs" "browser"] ["modules" "programs" "gui" "browsers"]) - (mkRenamedOptionModule ["modules" "programs" "fileManagers"] ["modules" "programs" "gui" "fileManagers"]) - (mkRenamedOptionModule ["modules" "programs" "launchers"] ["modules" "programs" "gui" "launchers"]) - (mkRenamedOptionModule ["modules" "programs" "zathura"] ["modules" "programs" "gui" "zathura"]) - (mkRenamedOptionModule ["modules" "programs" "terminals"] ["modules" "programs" "gui" "terminals"]) - - (mkRenamedOptionModule ["modules" "programs" "defaults" "loginManager"] ["modules" "environment" "loginManager"]) - - (mkRenamedOptionModule ["modules" "services" "forgejo"] ["modules" "services" "dev" "forgejo"]) - (mkRenamedOptionModule ["modules" "services" "vscode-server"] ["modules" "services" "dev" "vscode-server"]) - (mkRenamedOptionModule ["modules" "services" "plausible"] ["modules" "services" "dev" "plausible"]) - (mkRenamedOptionModule ["modules" "services" "wakapi"] ["modules" "services" "dev" "wakapi"]) - - (mkRenamedOptionModule ["modules" "services" "searxng"] ["modules" "services" "media" "searxng"]) - (mkRenamedOptionModule ["modules" "services" "matrix"] ["modules" "services" "media" "matrix"]) - (mkRenamedOptionModule ["modules" "services" "jellyfin"] ["modules" "services" "media" "jellyfin"]) - (mkRenamedOptionModule ["modules" "services" "photoprism"] ["modules" "services" "media" "photoprism"]) - (mkRenamedOptionModule ["modules" "services" "nextcloud"] ["modules" "services" "media" "nextcloud"]) - - (mkRenamedOptionModule ["modules" "services" "nginx"] ["modules" "services" "networking" "nginx"]) - (mkRenamedOptionModule ["modules" "services" "headscale"] ["modules" "services" "networking" "headscale"]) - (mkRenamedOptionModule ["modules" "services" "cloudflared"] ["modules" "services" "networking" "cloudflared"]) - - # Removed modules - (mkRemovedOptionModule ["modules" "services" "smb"] "not used anymore") - (mkRemovedOptionModule ["modules" "services" "miniflux"] "not used anymore") - (mkRemovedOptionModule ["modules" "services" "dns"] "not used anymore") - (mkRemovedOptionModule ["modules" "services" "cyberchef"] "pkg dropped") - ]; -} diff --git a/modules/base/options/default.nix b/modules/base/options/default.nix index dd8d3d569..cfbf313b1 100644 --- a/modules/base/options/default.nix +++ b/modules/base/options/default.nix @@ -2,11 +2,9 @@ imports = [ ./device ./programs + ./themes ./services ./system - ./themes ./environment - - ./changed.nix ]; } diff --git a/modules/base/options/device/default.nix b/modules/base/options/device/default.nix index aa3fbd64b..96595ae88 100644 --- a/modules/base/options/device/default.nix +++ b/modules/base/options/device/default.nix @@ -1,6 +1,10 @@ -{ - imports = [ - ./capabilities.nix - ./hardware.nix - ]; +{lib, ...}: let + inherit (lib) mkOption types; +in { + options.modules.device = { + type = mkOption { + type = types.enum ["laptop" "desktop" "server" "hybrid" "wsl" "lite" "vm"]; + default = ""; + }; + }; } diff --git a/modules/base/options/programs/default.nix b/modules/base/options/programs/default.nix index 8b3e757ea..2ce7501ed 100644 --- a/modules/base/options/programs/default.nix +++ b/modules/base/options/programs/default.nix @@ -41,6 +41,7 @@ in { enable = mkEnableOption "Enable GUI programs"; zathura.enable = mkEnableOption "Enable zathura PDF reader"; + discord.enable = mkEnableOption "Enable the discord client"; kdeconnect = { enable = mkEnableOption "Enable kdeconnect"; diff --git a/modules/base/options/services/default.nix b/modules/base/options/services/default.nix index 2bff84769..83052a9d3 100644 --- a/modules/base/options/services/default.nix +++ b/modules/base/options/services/default.nix @@ -1,5 +1,5 @@ {lib, ...}: let - inherit (lib) mkEnableOption mkOption types mkMerge mapAttrs; + inherit (lib) mkEnableOption mkOption types mapAttrs; rdomain = "isabelroses.com"; @@ -52,13 +52,7 @@ in { domain = "sso.${rdomain}"; }; - mailserver = { - domain = "mail.${rdomain}"; - - extraConfig = { - rspamd-web.enable = mkEnableOption "Enable rspamd web ui"; - }; - }; + mailserver.domain = "mail.${rdomain}"; } // { dev = mapAttrs mkServiceOption { diff --git a/modules/base/options/system/default.nix b/modules/base/options/system/default.nix index f413a80df..4505e2f75 100644 --- a/modules/base/options/system/default.nix +++ b/modules/base/options/system/default.nix @@ -3,34 +3,19 @@ config, ... }: let - inherit (lib) mkOption mkEnableOption optionals types; + inherit (lib) mkOption optionals types; in { imports = [ ./activation.nix - ./boot.nix - ./emulation.nix - ./encryption.nix - ./networking.nix - ./printing.nix - ./security.nix - ./virtualization.nix ]; - config.warnings = - (optionals (config.modules.system.fs == []) [ - '' - You have not added any filesystems to be supported by your system. You may end up with an unbootable system! + config.warnings = optionals (config.modules.system.users == []) [ + '' + You have not added any users to be supported by your system. You may end up with an unbootable system! - Consider setting {option}`config.modules.system.fs` in your configuration - '' - ]) - ++ (optionals (config.modules.system.users == []) [ - '' - You have not added any users to be supported by your system. You may end up with an unbootable system! - - Consider setting {option}`config.modules.system.users` in your configuration - '' - ]); + Consider setting {option}`config.modules.system.users` in your configuration + '' + ]; options.modules.system = { mainUser = mkOption { @@ -52,38 +37,5 @@ in { type = types.str; description = "The name of the device for the system"; }; - - autoLogin = mkOption { - type = types.bool; - default = false; - description = '' - Whether to enable passwordless login. This is generally useful on systems with - FDE (Full Disk Encryption) enabled. It is a security risk for systems without FDE. - ''; - }; - - fs = mkOption { - type = with types; listOf str; - default = ["vfat" "ext4"]; - description = '' - A list of filesystems available supported by the system - it will enable services based on what strings are found in the list. - - It would be a good idea to keep vfat and ext4 so you can mount USBs. - ''; - }; - - yubikeySupport = { - enable = mkEnableOption "yubikey support"; - deviceType = mkOption { - type = with types; nullOr (enum ["NFC5" "nano"]); - default = null; - description = "A list of devices to enable Yubikey support for"; - }; - }; - - sound.enable = mkEnableOption "Does the device have sound and its related programs be enabled"; - video.enable = mkEnableOption "Does the device allow for graphical programs"; - bluetooth.enable = mkEnableOption "Should the device load bluetooth drivers and enable blueman"; }; } diff --git a/modules/base/secrets.nix b/modules/base/secrets.nix new file mode 100644 index 000000000..e449ed9ac --- /dev/null +++ b/modules/base/secrets.nix @@ -0,0 +1,207 @@ +{ + lib, + self, + pkgs, + config, + inputs, + inputs', + ... +}: let + inherit (lib) mkIf mkMerge ldTernary; + inherit (config.modules) services; + inherit (pkgs.stdenv) isDarwin; + + inherit (config.modules) device; + inherit (config.modules.system) mainUser; + homeDir = config.home-manager.users.${mainUser}.home.homeDirectory; + sshDir = homeDir + "/.ssh"; + + userGroup = ldTernary pkgs "users" "admin"; + + mkSecret = cond: { + file, + path, + owner ? "root", + group ? ldTernary pkgs "root" "admin", + mode ? "400", + }: + mkIf cond { + file = "${self}/secrets/${file}"; + inherit path owner group mode; + }; +in { + imports = [inputs.agenix.nixosModules.default]; + + environment.systemPackages = [inputs'.agenix.packages.default]; + + age = { + identityPaths = [ + "/etc/ssh/ssh_host_ed25519_key" + "${sshDir}/id_ed25519" + ]; + + secretsDir = mkIf isDarwin "/private/tmp/agenix"; + secretsMountPoint = mkIf isDarwin "/private/tmp/agenix.d"; + + secrets = mkMerge [ + { + git-credentials = mkSecret true { + file = "git-credentials.age"; + path = homeDir + "/.git-credentials"; + owner = mainUser; + group = userGroup; + }; + + wakatime = mkSecret true { + file = "wakatime.age"; + path = homeDir + "/.config/wakatime/.wakatime.cfg"; + owner = mainUser; + group = userGroup; + }; + + # git ssh keys + gh-key = mkSecret true { + file = "gh-key.age"; + path = sshDir + "/github"; + owner = mainUser; + group = userGroup; + }; + gh-key-pub = mkSecret true { + file = "gh-key-pub.age"; + path = sshDir + "/github.pub"; + owner = mainUser; + group = userGroup; + }; + aur-key = mkSecret true { + file = "aur-key.age"; + path = sshDir + "/aur"; + owner = mainUser; + group = userGroup; + }; + aur-key-pub = mkSecret true { + file = "aur-key-pub.age"; + path = sshDir + "/aur.pub"; + owner = mainUser; + group = userGroup; + }; + + # ORACLE vps' + openvpn-key = mkSecret true { + file = "openvpn-key.age"; + path = sshDir + "/openvpn"; + owner = mainUser; + group = userGroup; + }; + amity-key = mkSecret true { + file = "amity-key.age"; + path = sshDir + "/amity"; + owner = mainUser; + group = userGroup; + }; + + # All nixos machines + nixos-key = mkSecret true { + file = "nixos-key.age"; + path = sshDir + "/id_ed25519"; + owner = mainUser; + group = userGroup; + }; + nixos-key-pub = mkSecret true { + file = "nixos-key-pub.age"; + path = sshDir + "/id_ed25519.pub"; + owner = mainUser; + group = userGroup; + }; + } + + # server + (mkIf (builtins.elem device.type ["server" "hybrid"]) { + cloudflared-hydra = mkSecret services.networking.cloudflared.enable { + file = "cloudflared-hydra.age"; + owner = "cloudflared"; + group = "cloudflared"; + }; + + cloudflare-cert-api = mkIf services.networking.nginx.enable { + file = "cloudflare-cert-api.age"; + owner = "nginx"; + group = "nginx"; + }; + + # mailserver + mailserver-isabel = mkSecret true {file = "mailserver-isabel.age";}; + mailserver-vaultwarden = mkSecret true {file = "mailserver-vaultwarden.age";}; + mailserver-database = mkSecret true {file = "mailserver-database.age";}; + mailserver-grafana = mkSecret true {file = "mailserver-grafana.age";}; + mailserver-git = mkSecret true {file = "mailserver-git.age";}; + mailserver-noreply = mkSecret true {file = "mailserver-noreply.age";}; + mailserver-spam = mkSecret true {file = "mailserver-spam.age";}; + + mailserver-grafana-nohash = mkSecret services.monitoring.grafana.enable { + file = "mailserver-grafana-nohash.age"; + owner = "grafana"; + group = "grafana"; + }; + + mailserver-git-nohash = mkSecret services.dev.forgejo.enable { + file = "mailserver-git-nohash.age"; + owner = "forgejo"; + group = "forgejo"; + }; + + vikunja-env = mkSecret services.vikunja.enable { + file = "vikunja-env.age"; + owner = "vikunja-api"; + group = "vikunja-api"; + }; + + nextcloud-passwd = mkSecret services.media.nextcloud.enable { + file = "nextcloud-passwd.age"; + owner = "nextcloud"; + group = "nextcloud"; + }; + + # vaultwarden + vaultwarden-env = mkSecret { + file = "vaultwarden-env.age"; + }; + + # matrix + matrix = mkSecret services.media.matrix.enable { + file = "matrix.age"; + owner = "matrix-synapse"; + }; + + # plausable + plausible-key = mkSecret services.dev.plausible.enable { + file = "plausible-key.age"; + owner = "plausible"; + group = "plausible"; + }; + + plausible-admin = mkSecret services.dev.plausible.enable { + file = "plausible-admin.age"; + owner = "plausible"; + group = "plausible"; + }; + + #wakapi + wakapi = mkSecret services.dev.wakapi.enable { + file = "wakapi.age"; + owner = "wakapi"; + group = "wakapi"; + }; + + wakapi-mailer = mkSecret services.dev.wakapi.enable { + file = "wakapi-mailer.age"; + owner = "wakapi"; + group = "wakapi"; + }; + + mongodb-passwd = mkSecret services.database.mongodb.enable { + file = "mongodb-passwd.age"; + }; + }) + ]; + }; +} diff --git a/modules/base/secrets/default.nix b/modules/base/secrets/default.nix deleted file mode 100644 index 0c1fee36e..000000000 --- a/modules/base/secrets/default.nix +++ /dev/null @@ -1,157 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - inherit (lib) mkIf; - inherit (config.modules) services; -in { - environment.systemPackages = with pkgs; [sops age]; - - sops = { - defaultSopsFile = ./secrets.yaml; - age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; - # age.keyFile = "/home/${config.modules.system.mainUser}/.config/sops/age/keys.txt"; - - secrets = let - inherit (config.modules.system) mainUser; - homeDir = config.home-manager.users.${mainUser}.home.homeDirectory; - sshDir = homeDir + "/.ssh"; - in { - # server - cloudflared-hydra = mkIf services.networking.cloudflared.enable { - owner = "cloudflared"; - group = "cloudflared"; - }; - - cloudflare-cert-api = mkIf services.networking.nginx.enable { - owner = "nginx"; - group = "nginx"; - }; - - # mailserver - rspamd-web = {}; - mailserver-isabel = {}; - mailserver-vaultwarden = {}; - mailserver-database = {}; - mailserver-grafana = {}; - mailserver-git = {}; - mailserver-noreply = {}; - mailserver-spam = {}; - - mailserver-grafana-nohash = mkIf services.monitoring.grafana.enable { - owner = "grafana"; - group = "grafana"; - }; - - mailserver-git-nohash = mkIf services.dev.forgejo.enable { - owner = "forgejo"; - group = "forgejo"; - }; - - vikunja-env = mkIf services.vikunja.enable { - owner = "vikunja-api"; - group = "vikunja-api"; - }; - - nextcloud-passwd = mkIf services.media.nextcloud.enable { - owner = "nextcloud"; - group = "nextcloud"; - }; - - # vaultwarden - vaultwarden-env = {}; - - # matrix - matrix = mkIf services.media.matrix.enable { - owner = "matrix-synapse"; - mode = "400"; - }; - - # plausable - plausible-key = mkIf services.dev.plausible.enable { - owner = "plausible"; - group = "plausible"; - }; - - plausible-admin = mkIf services.dev.plausible.enable { - owner = "plausible"; - group = "plausible"; - }; - - #wakapi - wakapi = mkIf services.dev.wakapi.enable { - owner = "wakapi"; - group = "wakapi"; - }; - - wakapi-mailer = mkIf services.dev.wakapi.enable { - owner = "wakapi"; - group = "wakapi"; - }; - - mongodb-passwd = mkIf services.database.mongodb.enable { - mode = "400"; - }; - - # users passwords - user-isabel-password = { - neededForUsers = true; - }; - user-root-password = { - neededForUsers = true; - }; - - # user - git-credentials = { - path = homeDir + "/.git-credentials"; - owner = mainUser; - group = "users"; - }; - - wakatime = { - path = homeDir + "/.config/wakatime/.wakatime.cfg"; - owner = mainUser; - }; - - # git ssh keys - gh-key = { - path = sshDir + "/github"; - owner = mainUser; - }; - gh-key-pub = { - path = sshDir + "/github.pub"; - owner = mainUser; - }; - aur-key = { - path = sshDir + "/aur"; - owner = mainUser; - }; - aur-key-pub = { - path = sshDir + "/aur.pub"; - owner = mainUser; - }; - - # ORACLE vps' - openvpn-key = { - path = sshDir + "/openvpn"; - owner = mainUser; - }; - amity-key = { - path = sshDir + "/amity"; - owner = mainUser; - }; - - # All nixos machines - nixos-key = { - path = sshDir + "/nixos"; - owner = mainUser; - }; - nixos-key-pub = { - path = sshDir + "/nixos.pub"; - owner = mainUser; - }; - }; - }; -} diff --git a/modules/base/secrets/secrets.yaml b/modules/base/secrets/secrets.yaml deleted file mode 100644 index 9f1785ff7..000000000 --- a/modules/base/secrets/secrets.yaml +++ /dev/null @@ -1,81 +0,0 @@ -user-isabel-password: ENC[AES256_GCM,data:I9g1icFw1qKV,iv:U6DFAO9IdsRGOFMMbwRYIdPRzPknHMfx+VfvSwVtAX0=,tag:F5Ay+7jkhjAIA2ABerkAJA==,type:str] -user-root-password: ENC[AES256_GCM,data:h3DnDLiVXqSl,iv:beL33NS7cCEH0aPfUZnflC7ACAj4G4YbjNWstdbFeFw=,tag:Z/pTgkiKOAvAp5l1+u50/g==,type:str] -cloudflare-cert-api: ENC[AES256_GCM,data:EcLTn8xqcLozobygjS8olYzFgfFqZnOnCfdQKr1zYTaRDAmj/hUqYJPx+sBKDCrsnf872alQVk/c0UozFUdaUvtVG332F+QNXsMv4qEs++GWsjOSxw27TYb4kXCSEWut6acyS/MA2/5/OXovZuCB2I8=,iv:xIcmfFTPgPqm3f70oki9WhYhHqdpZ4xJXLGYDkSko6Y=,tag:m9IdHT2KXKztQSLDcl29Ow==,type:str] -cloudflared-hydra: ENC[AES256_GCM,data:fwEHZEjRgacNcIU/bySMgfWeDqzmazX8WqUAcM44nyF6WV2CDudAt3u/CXQfybRWKky3+t4k6whr2uLv8n+HHL+T/0jRyxxv/dgeABqLwAVTU6rJPuxqssiFJwVxoRO3piqWywgLAmwC5EiwVa6ihB9zKEiT7WuBA3vgwEEWfATOyw75qbRuRKQF67zBt11y8C6UGR60KZ1BSPQCxT6rhplf,iv:WVk2an3QoIoyfu5iKvm/MfiEAsMGD/wlDweWg6J8+rA=,tag:19UbSbBfoYhNeQkdUFmc0A==,type:str] -mailserver-isabel: ENC[AES256_GCM,data:F6E/E2c4WHq/AqQUwj9APqi/h+oYV/AO5iPqAWuNW/wLnz0Q/CoV9yWmNS3AX5bh6bxNsEU+OG6zv2UBkQ==,iv:dp3/jYDVnh5rLu3xVJhPPz+nn5nd2p/fXOESEfU7PhE=,tag:Oko8pys4z6o+yu3y19vvOg==,type:str] -mailserver-git: ENC[AES256_GCM,data:hAgPrD/Kx9AViKfIvkT7tJosecEcuwUD9BFOmTxFF/MCgHQ0nULxKBxJwYMRIqNDLp1+dnLXqRIn2vrYvQ==,iv:2J4MT5DjYBrVvA1ahpr4I43EhwWsRmrg/sjM3LJ4zgo=,tag:6QDGPdKN8tzYE8EMvx0rkw==,type:str] -mailserver-git-nohash: ENC[AES256_GCM,data:zLippsArlPEStftuTUkIlga2SE1vljvqhNKx9KNw+dSb,iv:NKIO5zCBmjOtKY27vgwDr1T595tG/yabhXUoY3+KMgg=,tag:TmppqcrE4F1InU8bMMJZOg==,type:str] -mailserver-grafana: ENC[AES256_GCM,data:iI+sPSbo+hzfMRb7upTu58KhGimgDhNdaaeuZ5OHO33ocrRxABEPvAWTEBgChM7BefRf+Q1GneDGUc3/bg==,iv:G2RoTJDrU5U4MjhvRvswVH2Qr1mlixbA95+I3/SSKN8=,tag:5mApTyuxL/TeIWzve6mBHA==,type:str] -mailserver-grafana-nohash: ENC[AES256_GCM,data:VhohV4NT067/0hxAYP9UL7yTUxMRk+13bPz2ldaDl66U,iv:kFQofK7DcLdfENriwVoKneSMFG5GQf1ZAk2YlGkUuN4=,tag:bPHMhJWc8SMMRNjqPEVtwQ==,type:str] -mailserver-vaultwarden: ENC[AES256_GCM,data:Em8ySOWAPujlGhbhagt8z3LkzyE37DAgkIhHamoS03wFZd1XwqzsNJ3IC3A42QQgZY98w7SlbdOnhgcAMw==,iv:89CEiOM7zaaH5tzNPE423P3CXlFyc8QT7eW9o9FIdUk=,tag:VKTfcHbAAqylWMdE2JG8mg==,type:str] -mailserver-noreply: ENC[AES256_GCM,data:+u9QMiGUBIKtPHKpM9+959sJ41G0SLuacholRfxITviTSZUXK+Ia56AD+wBJcPPH+J9lA18PXct2nVjPqQ==,iv:oZ4mc9U9jWhK67VcTNIKlF5QNojL5vFJGHScxfXMKY0=,tag:BkDxM0zpGTmxjYOuhY/k6g==,type:str] -mailserver-spam: ENC[AES256_GCM,data:Zos33zMH/NOkKrJE/h0dU9bjQhO7/yKKqOai9CbKG97568EH+acztq93r0/mFb2dNkW0qCXunwEYCHE3pg==,iv:DMNjRCg84DjZKVuVEZUuLaLP0N7ijo4avA10uvEX4IE=,tag:DAy+QplkAzP+7hPnzVibuw==,type:str] -mailserver-database: ENC[AES256_GCM,data:c5eLqjuCKFdCBo9g0HwH6A==,iv:sKKrC3p0NvRhIH9tMkaDYOHzQJdVuCFjxFbtfD6eDaA=,tag:3/FJtkiZwFyWL2nAeMkuqQ==,type:str] -rspamd-web: ENC[AES256_GCM,data:noI6VXDs1PBS0vWwcJvE+eARx2NJ8xebuHwmqwLlishAYymOhNmhu25mu1fY,iv:LailZzS9QaWt3EX/MCLIm0hkfNjO1QM/4nTB4m61uaI=,tag:D0DopsCZZV9YU1W7yiUYYg==,type:str] -nextcloud-passwd: ENC[AES256_GCM,data:Mil71UXHEEewXcKFD2Kq5yyDRsYkaY08sEA9ZVD45DYw,iv:DrHx5A/DKrX6FldwJ91cpdUnExNmiRJ479baIzjE2lw=,tag:NGqMpd6h0Sd3a/h4IFXKvA==,type:str] -plausible-key: ENC[AES256_GCM,data:PtVEtsppdZ9n7gI5R05bX54DcNLWZckCZIRA94/kppSGaN/SzpCPpi8SrKVMog96+j2c1QGkQwITtNbvZOyycQI=,iv:dAoKGl9Iz7z1ojBSNsNlA6WjRxwozEXRB8LX0L+igUA=,tag:G3ie3QmY98YP7asGk4SekQ==,type:str] -plausible-admin: ENC[AES256_GCM,data:59RbiuIV5POpJBakxfwvkD4=,iv:q2j9Lv0WzC0Xv/TglFHHeJik7DuKvzykYDyS1Gtun90=,tag:jBH+9HCntnUDY6o1stYrEg==,type:str] -vaultwarden-env: ENC[AES256_GCM,data:rKuDPLcEJV/4kSarq7B2m5Fv6NTsYYvR5BY4vTABXGBKRIZBkSOqfnHwtY1isJzTga+NgSLjBnxVkkpdL/5+nApGYW1bbpLQPnJgkGAidVxsEmUV/LwQwxR/1wTH9N34PjnfdYcd63TQxr154+Z0QS8KGxse2XpZ/RXV578k7/Q6qUcho+5j9dXcUv4/cNMePgUpg5ptDjEN/Rgw+lH0rllQroMFxu2J9O1glldRPKutRNYh72GUWo1K9WQ+rc1vkmJx+aRCaBWCEPpQu/BoJHA3FdczDTcW+2s4uJdU9caEyVlTn06/dXSBUofn/g3vY3k+dYTLNItv4JS+jFCH7ZRdKF8GA5tGAJvhGoYj5IkHZ5OkGygbYPm5qVVwBAO0Tz8RpQmUkp7oHfd+0VJRlpCxm/vm+qiHPSEY2q3nKfHBEpRazraKJdvs/HVvw0frgDsbvNzXpbC/RwofaLcR6xu9vGQci/S6Zg8gU1rHNn2RpngbrqR53QAz3BeUSSYoFxfOa/YOxT4b3I2orZaLNhZaZfIbeRly2GSEFfO5Ukcygym4XqTNomKozWoh2zsCCqMFxWxqSuckvWRzKcf+KbmyqV5wq5qVhE9clyGWvh3N1sUjZJKiGxgaeFEQUKTFT0NH2cwpL8e6s7ci+vtOJiKgXQhwfr+mCH/34A==,iv:1NO/S+DOQIH8vl38vKTyapnG1Pll6s3sC8VB97/pl+w=,tag:iGv2hpoFU6rDQRrM0mvHVg==,type:str] -vikunja-env: ENC[AES256_GCM,data:byKZ5OX8MxWKFl+/QQpvcCXBGVznhtFwCqRFSgi7hc/id7mb+uHW5MAOzmxcVrl60q5rH7P5w4+Xg9I1KQ==,iv:hyEsXWiDzf4DyXIoCRSPbpqJzjUcoGMyxeS9U7PuUhc=,tag:RNALCUQZmI+9seTZI9JcTw==,type:str] -wakapi: ENC[AES256_GCM,data:QxhlkfzZWo9cb2wmon0iOOXF8o4/FsmTwnGDnOhcpYOnqV2Q6M8aOR1yQS7GY3z5HM/EcRRAJJVmx7wlORRaFXE=,iv:PzSyPwqi93qo0yIuBYRo4jthm7SOrUdSQ5yhS5DvAxk=,tag:wZPhRMXrHTFmkOzghxE4bw==,type:str] -wakapi-mailer: ENC[AES256_GCM,data:ktd4V5J2WjpzI1x5ilk18y699E/baBgR8PWLoOrEaH55Bsc07GmQTsl2Zz4NtK28a9nlgaDfRg==,iv:Ddck0gaZ5HmTu8D8ATuzUyueBq8z3AHJPbCfCybpC8A=,tag:d12nppR1AWTT+VX9FL05sg==,type:str] -wakatime: ENC[AES256_GCM,data:0nHHW4TktVUlH0kKOkmcovcKnMRP7lPh8dMLKU2l9POIEue8mDGx9K2q2s8aYFFXWq0BqlEsOyqrLN6U4qST9VU6QQdnNbB+JsIrxTmBaDGSY4JcnO5AN4IYwIakcloouPpOPBNVuA==,iv:QfiJAGT3comACfaF8NgrP5LfiPLu4L8/jAyg7EGPnDk=,tag:RAld8MJ4jCcjYO8Mbnwzcw==,type:str] -docker-hub: ENC[AES256_GCM,data:fuMuI2vwcOElrmD1icaxyrKtNo7DNhlNDRLUcguQNMEkSCZAJA==,iv:URXqNMfT80rBiWmPawFXdAH8HPYSRZQbwOFiYeNy6ts=,tag:p4hzrh5lOeAicQ8Fb1JNKg==,type:str] -matrix: ENC[AES256_GCM,data:G/XwV1Atfi89Hg+r/UMaOe55MNb1DYvzTCOHKx9oEDm0iy9Xpk47xxe+XCFEyAbOQH4QbTYu6jktmAAf+sNLLrv+leBUbKj+u0c4u6Q0jVAstXzNpFsONvKuQTuM,iv:sgfQ+CZudsUYRs8/IxdS3BbWSjoKF0Ju9HUfKxRUpQ0=,tag:xfdTxTpxXInXdxSVGS5DdQ==,type:str] -mongodb-passwd: ENC[AES256_GCM,data:RYA9TqZKYbdDug==,iv:PnG+qEcuVG+k7W4tEHOvDZgqYy5x0Gswz6zLlu8xsIc=,tag:WLHEGgvP40GE+oIcTCiXuw==,type:str] -git-credentials: ENC[AES256_GCM,data:VhCpMKBR8KSX5QE0nw7bjXIGeLPlHdZudyjM9QvENbc+czpvTEylZ9b+UbdoK6dArAotvZiAPl8aehuJzm4eMw4FH+wDphMLx+HHeQlTEWNKDDE69zHXndkCa10LUx5XJLS3q2JeUSNlvthHGyGgm0nS6g82UHa4Rqbz846MPfqUro3r/JmdU1ZqyeAMCqjfFjNBNb+0mL7A+l/E,iv:S2hUe3a38Wqw9zkAv54WGZN7DXR5itni3PJ1x2tf0bg=,tag:k5v1ZnBiTKtEF610eAWvjg==,type:str] -gh-key: ENC[AES256_GCM,data:3Hs3F1Sgy9CoMW4KYKw4WzZ1kSw6K4VcK2udEK5L8UrDv7CEWMJZfulw5MYWHwk6zAf92CIJlHyGs6l1aoBlIKwXTyzX+tNAx8r5E6NXjoPx8N2tKu1eTkrAyqOD0/4jfVMrRLgl/wm4g2RJLotT0p4wjaFzkiWd5jh8DNIY6kf3XcAkoxoYbzhbNmBun2PH3IEeZZexO/sRpcGsjoWFJOoJOnZVUG1ZimmzT6WZaRQnHBI1q0FFXtb9YN6jpWS//Df/2o3zvhH4mv5zZktKuyr9mSrWtLxJRmI8lxmN7FnSrIoww76aqFAhjmiXZx4LFGXZ89cFaA0cmfNCe4FrYFjzzhzHJG2bIelwHY6p+6ymcfoT6UBJtYSjDhiGtVLUP3/eJpBdJu6GxfU/RvF1eW8HMmHjL1XGGL+ROrXK/zjWbzwOnfuWgPYiulbaKa5FuKgASEH+I7Xl/fIYXu1lj+Ah6Ct8Gr01TOWYcefBrLYbpiT8q/Ul9Wyoqh9fcc1dnVZz3aeojEnY/eK7WhI3LqRLaCoCz1Nw4gihbzylTsN7osw=,iv:+HGtiO3f0NQ75VXTFuOekuR8FiFiit8I2F+oZLkQc/o=,tag:laEAY9t9nWGumxU2PPglvg==,type:str] -gh-key-pub: ENC[AES256_GCM,data:ZRq+bA7NgwmeTNB19HPO02SvCGgLPO4kSae3L9JggdxB18NZwcOofqQVKkZFXoLzsdd1hQ/QksaNGVLfxrxrZs31+Kc8jhH9CnVWa8EwTGCKAgnfoElRn1ukEEd9HIhJm+cPnZLWpg==,iv:S8OgurnzaO2HkjYXHYFgBZByjWv4mKWVlz/RgyK1Gow=,tag:txtv6Rz00T1ejWtawIczYA==,type:str] -aur-key: ENC[AES256_GCM,data:TIRq0jM51YH43q1Xmjo7apc1il0eIM1R6pdWK9bgD0C1H5tUIhQ9/kMXZvqk6OfKHV5o1LkUVVgPjPCqMJadQuUNwb4YOI+j0Yom8zxLqX+PX4ywGURNn6vkHS1NB1UqQ67ScSZGPuimhlpVeehUcp+V5k57N/A2cmxCKIJq42ThvO+QzKKTdy7fihD0rB/u8PQDdHurlFzW4VVB2LaVFsCjOYxTPJWoa0Cb6tp/znoiT3uV/YyjVB+aAiFW1obhkZ+kG4OKfZxlBISaD6OBuI3e89IkkaqgIkQK8pcW8PpaQSOYhUBeRXGTcG6e7zqOIQcHu4vdYySJzBDFWZdSR91ZfmYv/1tUqzSMDDe+m4CoGS1wZSN//M1x448pNXOEqsnNfa/oa7w8/uP0FqqXzM1IqRbdK6Nb2t/jaRaxrKgIMhYuTTmOrgHqMVUzgM7dC+DuVjzG1EY+3ViNwCD0NLeL7tY9Lq7TnPny094QRhdKWw5H6bt8n0+OFlkXWCA+a81DUbFcGiQQQh1KGih8NxNjPux23R1QvRzuNljHx4sI8zlu7uY7fYwRQ+lSfWfOZMJFH6Jee6pdRQpqhikoPgd7z/Ot4S59C6en66EMD1dQE3bSEROtxZKg2zZ2yaxzQW6DafPUf7Y6ZCz3iQC4XLbQU3Gxao68x/MzXUgp1YdrxdsEPmj4kxFlQleGdR9X1sBMQatlUxNrqu48BWGIJA5ArvYOzj52KVkEtgIzSeRyqHJOqNa9Ght+q+d0zgOQuWInHx+kEIwe5c/fmoSx2fLTU9cG+6lDt23kEbucC3BQ4SiNLIqnQP3VN33KpCoEAYuOqIBt6oE5FsoLYzd+mIpiwxq2S9dXrCSq+ACNRCL4hMwNoquOfXgTS5mhZykjigqXmylXJwOyY2sQBdWNizYJthhdaGo3dH+WnxMc5G7YYD6UnNDQHRpixqE6YTk3qKw3B1f08iYJv6OJUfSo17Py+eDshXM+kU1qX9W1s+ua9HItHJfLIGdzDFdW6I1sYrzEVMBtnWsPlWh0oOhGVf3u4gNUBv1XbB2YBQqDyzH3+h1iM0mT5mXMPblrMXkCS9h5LdQPU0c7agfcL1R+ZktgX/KCzQsrmBPUdPHeEsZOgS9hJC6+eFZciJo/0vIXGlQMxyTr3uzTp4iQ1pryORlZrLAp3wNb6jWrg45OAw+R/s/3KaCSug4tbKbF+SPCWbj+dHv8vS3xXUxl60cmWvkPezQ8NRUkdFVcDNvF4lTxydq1aG3jE/sau0TR4igQCHRQMzW9eH6YOgxifGOm4eCkzh77zqdTsiF8IIqoOx5FwTRgrfpUH9YeRitgoxr6Nlq5bbDT1uogHKBRndKj8GL4mywfNdtpvW0HqKBrfl8hilTqohxfMOLB9SjxtqeJh3OACYUdYnblpz/kfTwhQt8sLpi42iKkjNzYjrA0ZxJe7oB6GF8lZdhNyQfxsQu7tF+t+sWQ4KJrLRSqcqf8WbeRnVRQDxWvRK6gIhk8cLIb1lTDewP+AJSObReWv/buxOxTYfxK7O9blJs0MaI4KAeORJ6mlXr8MrDY768HednLB7JHcK5RqD5F1JRPvQFvgc/ssePkukhBVDvb3J0+HYP5rwP9B23NJ/eJoBkVlHnxHOk8Zo3HnE6slfqmxN2gWD6/Z63fxW6twjG0Jk/S4jDgU99iFiyRYsiinoTJrBr1cSXM3YOA4Ji0AK0RTWdpGNhHxC9oZ23AUVe6vsEAMWF2hLkF9nA+re9cDqJ84kuhJyhshjrpGvRZHR6wTnTd13zgAqfne6o4Y5YfYXIQNG6DqbJdGOdcQU9Q5ZEsLbyF8LylduNKzmye5er7t4uLX0GvHmyVESUkZcXPr3jYftAT9TBr2TWCAP0jv2zXXmvZBtmUcce+ynA+uT/im0CVPizAe+xuCkNIkxpBGus4dPpkDtm68++amoSSl8pZ/x4EnKOLbsPMMrBrD5o8fkKx6xxk3KnayoIGAeo/d61MzbLIhKjKeEKpE5/f+x9FWNKOwf6uo0vhRYVHV6TWDmGymwG/o8zKQylpEDPoBbDXMFvAvJMXouPIWqfVc/15fKVoKD3E8OfdX5c9ZWAy9QT3JmGC6HFhUhaDZ8Jc1ymKj7BIi4eGPaD3Ch3crDC+APGfpUKWzduHYT0ckU/ZYWxdXOh8u8VOb2S8zTozBmHYRheYa1BfJn1gxuCpW+JGwlgMwyoFY10jiYUbtWhwsUurcx45RrPI2YhypGwmPn6vPtPgT1n3bv5uMH7bdWuhFwoc9JixWU2c5fMRtfzkjo7jgrbg3CLI+D6vQ0Chpo0pk7H4TRWt43HUAJmy5usk0JVM/aGWlGJIA1gZ5Qy27BDvJ71dvpkUcgPEeOibw8i5D45xOeQbQdROCtqBDFFSayAquqTGn4IDe5elg9a9XYsiCKdM3IQSbENB4YRIxYzzWhlcGgMYrn22Ld4QwNgJ+Fa4Z8fJLhvu25zcGOj5O/B9RsEWczSkZOnqeWojc3P8t8rbWpRcwFSiym+99nHD7sxVITuwzDlB8HKC8c+ngW8KHG5H5joRj0R2J7MJ0otILpBXtABnMli6KQdCuShVJDUvD7mXqUxjDNgu97w9blYe6Bkoj2DxBDz6jZSxOFTNtys5hIy/6adyWPtUJHIjv2SLtZnYICNnazANShX/ZpP2dyTT5p44psTpHNbn8aaIs1USOILZvpM09uhcqxSDzdFGt3q5MoqHLuCcEn/adUOsmmIFX3d6+bzsphLvoB7FqlMbJvcYWe+qG05q1z5k9wZFfgAk3TmUHL13TouG3IxS898Cd4xQcC9fzSET0Xx6IVwaZj5JFnGiI82sN5Qs9pZajqdCZsUt8nYZx1nRNUFtq/2+WxAjBwq4lI4AHwGjMonNkRBzIxqd+iEzL0fT84OTY/utG2Jl44ND5+HWazxSugFTn2KyQgq4GmuYkhP/DQU8HfTh/E6bB46JqMTnMx0DW1V9yZ55MVhE46+iUvbDYYYOYZKIXHGQFSk5u6rPj2ymB7cd7e1xIdf6liPboDfXopwARZUmpPuMEz4N0UWxUOqQOXfAZjVtqpUrw8t484S1Y8oSeOEiaEpf1RAxg9m4AlSQqyoSHnuyByqLwlzLlIfmag3HEJ54bJ6Wqn5xGPqF1EQImXbsgSO99TEH1zqzaJiFwffX81zOJPw0bTa6awVl++qaUYmW+4FqqXyU6cbQnytxRzln4xD3YfATV38OkozaYOzQPoKnLGn5MULmNbV+MAtByZ+n33VMot+h4i2h+ooywivEgEmJvO2d1/KzvAx1JGQKQQJM9FiUpHpWO8T22xvO31dRmAKsjCKmbc79TplvtS4gzXCYOZAEBqG/Nrr6guXKQW/sO1Hl2kYyPR9uMgiiNOECU0xTdClVh9ZFWN12NP9uD0IYB5Bt2lxhAvXrHHmieaJW7P5xLfUFkWZ3I9JMhHYPnw==,iv:G2jBHk+Csw2eSxzkR4DlhPr/a8/UmaSjtG4W0Wyy+G0=,tag:h4Y2vZXc3ueE7WnPdosyNQ==,type:str] -aur-key-pub: ENC[AES256_GCM,data:TVxb4JXLKh2CZpOEF5a0C0rHV5+/Vfu9xHlIjNHxX0U5knCthF/aokUxkUiFXnlZzEAyG3ahBrkK5ydtSBK4t3iX4A7br9DA9EruMqgREg4gg554FD9r5lgJRHnnZGtsKwjfZRtwzSo87SKKVYetPkRe6qgyjd/+JR79QBgRMQa9rr/Ra3GWU26Aebv7SCI9y4ZHjRVGX/2vsyDAcvp1m45WZUqpwxR9EMR/smBho98bbXFZfjTX1AvaaUxfPSl/g1UumW27hcC8niYN5alafF+cSAMgKglEFJK6r81AwdQi2A8HcomsmzETXBoOGDULaym+IVOkrdeHhb2NV5rzZWalfHdmBcRYS+2xv15dIseUMYdAv96fbAKJEFECCP4iLPd1XRWNuQ9tZgbT1kvCGb6yrVA8bVq7+Wf2SEwfVWavG9kaSH5jd4biAq10qHQCLyxcuT4tJldTW4mn6M9UWcdbhQRqiZIW0dyPk7tJk5e0+g6rSTFz9mjrZBimyGKM6onEQbAMo02QiOjqTV5qgC+JLedzFIY7awRJZ93ZpqhAtvYwV8iF70MZRBusMu5Lu5Sa2krIucmRTSuAN+rPoTiECFdYHTCyKTTjgZzhD5FyqjfQcXJQXMk6Wpik6f1qYNGLw2UTVi4gJnPL2K39nmpa0O9zFD9y0c5Wge1WeiCIw0p2xiIiCWzVYj+Md6p6HDnfHS7BwDpwdz+OnELeNemA+JaKnvD+V56RJ4cxiQ==,iv:LjnzmxFrJXNYKL9kTZdIGRYV4sEyQoBl7qw5qxOc4h4=,tag:O7p+Oj6a7t0csUeaNKVenQ==,type:str] -openvpn-key: ENC[AES256_GCM,data:lVGh4IVQcQ42DYOxwiaNqecON+VO+ci1fqsjOHrpFgWJbRl4vopO1D4dAFNRw4LEkwmJ+HWsG7q+N+gaz6Xkhsvo2Wj0q+NEN2uq6TcFcj+cdEstH6v4Thzy5LQ5LM42wXCNofVD92IL2Ty6xJF9KamqqR3i5IrgarbO+E9WrmrHafg0akVfEWil4TpAKcBvAOfVlzsO95Brg4aqH4lH24dnr2rWBJ6neaBc/CbYL4H+t40ZPI79vXPuhXAGiUDwxeRxN8feh7R6gIA56lKVvXuctUSEa1PHJcvGbaLkP311hxj9YFCkRWzEpZ7eO3Zr+dj/dOXPTQWWT+V+NHSkCUNYGTHdz5J6+ZuNQr2+h43wiFmoU8OW2KHs4m9rhydbaOKOUcjjt10+AM7Rj0zLklgiBCELJLrR4/TLfrX7goiDYaewhzEGz/reoxYJy/euNS114sOOvj9uCCBCdgHeQv4U9dKS49Q3DDgTA04idmKssDJeT/UT4C/IypwcopNgHBJSrehshNuI8aRSFPIjidXtAJvwQQcljpG/5Yc+lPaOVr9L5920A+n1A3sI2LVKeOfgLCw4jUdhhmTOLLkYepTlI1zv/dwMIQK+0gGe4zMZSHSWGSn1Sw5wl13D9l5WrlBwjg9bNYqp5YikR3lnhX5c0pSxakDHEk9jMANew57HHf5TtW+o5yy1fwZBKZF2kO+7yfpbE2Xh/teH15WRQqwF/1esTKrkxM5cqMi0stPpocExWUlsGDJO81qU9EJ4/W6nyn1E2ZzK5kUNAQgvgxbF1U2NjF/ipdvVkdudqGxz6ueWIMFOY2GBa+/VR1ic4PKYkRRSsnhJkIDdv1v60DBMBbENyZ6+7GR36TcLim4K2sj72bCGgfEVRRiwzyV5WZcWLzBtXa7lCkCAowrvaI0LG6FRp19XZMFbPpNl679h2gZCWp/OhWJaEh6pM6VCd55xsGhNuw5mtPoFKmp0RCza3tC9+Pqmsh/0NC2fKT2C+6qYXTGeOyozvevUOSRbYNb9R9IzNa9OeLur9LEu/cJsOzj/ixHMWYnvC1EzLn1RM/XQ+X/qMYwi5HJPrnlj/mIBX83qiLMHdK2/yFNrds7t0dPbdSEfKmrhsgxIbrAb8/khq6qBDVUypsDwmKiL5AE/ZNPLWWp1o3iHomHuRv98PO+vEWOfCGlQQhwLKls7IVPvGp4/+TpgX5QGYDlp1jT8IHuSh0XfcFTCAxZw8jRJ9pUuGaMNjgcuBd8ffxL1Xe8MLMyXKbjUhiAzLgsOAmJ1LN5LcAfBOJQYZxTCtYclggkmQ8QGh3xMfYiYDo+q1wBGX8ab5GpjdGyj7US4CYoV/WzDpXlJkCXNr/cYoJnCu0AQlX4f78NNVvav95R9H3f3YiZsAhNhhufieQN82XM355cu1L2+hzOV/HIhjEznA9SbxVg4R6MyZ9wlQH2R6bw1M1Vjfo2BPvVZWvNLDfVIgnbfspS99bkZa++jNorpFygIbN+DQBJcYldBIKWGA6t3C8DRiNqU0yX5Cs4HKN4ghsAmgP5i+SDP1ujXgbuA7LIcEQkAJeUp3TpTQKkLn3+Jt8BIiTYjlUcLYdLE2W1HXnbp2Zjg4qLE6P8P8kK6RhdtX/01SFyqz/JUUY0DH0XMOW5+f0RYG0O8SAH5Y2iRQJ47inBR4wZZcFxs6+58waHmUNeN9/xpMiUG8VvqAzbz+LUJkyKO9gGcuv9Azi4MA/zxtOXeGGJQcOguYr7YIZpfuTOV9qOxJIveCE40OQAyItIVhJqltmouX6gQUSkaE/snNVxCFomJSIZO8ydbC//j3A1srGJYSri6efFqbuFYjWP/onv8ReQGkz6XxRo0093pPnZMK6VEHNSILuA+bK+cnw5h4r24GflyQucTCDDUKUwKEbH+hkntXTpDGDs0QyO0bZur3QXic2cp7vtvwrCwe8HKsi0bnI5VZiYPwM/alVhx5gtvIcl4vx7OVivE0s+9D6XY6Se6eAQvIfbHNE3bXhaVlb+XOpD1rclzdyB2EmMYBdg9ZKpbLTcQnlR09D+o/KqWSs8wuKd2FC+uSt7wtjkiVSUjh3t/qJFnavPRgUeyvGLGzI00wbSlELOaJYbQknEOABajQd/Yu05J5qyQx921awLmlJzYuWcZO13ZsRbFhwq2rSUM6LQ3lqz8LHh+SRnno1T3rzC2OPQ47cyubEPMqHfe/NDNwcdeFLR7sSlU+MIckavbTQg=,iv:8Ek15PJjFVW56VYt9WmirUnbkyE7tVMsP8s0tvaQ1Ic=,tag:Z6yQ+NVtRVS3AN8zZ7bZ7g==,type:str] -nixos-key: ENC[AES256_GCM,data:4Kc3+lG9GAK/R9aPRbYi3DJo5ShIYu3o2vFVO7pMrjkmouMQxht8mFXMxUeQhWAjuaoM/jYvQgxsw43zEnRZkuglPP+sYDFi5QOvSaZRgCg9wY25S2CXqdZz3FUCuPOUKbcVITm1ceuOzizs2lfIF/sVvJqoNTCquGp1dWagMTWRS+6bk5EfS31QwUowrYSF0ZzKTdhQl+LwBlEMA4LMLzh6ysh7lwoP4Pp3r04iVHhU9g1gKVm6gQiOKOPbTKtDDDqAZp6wISjdVFFloXwl3A8PkPJrn78pI1kEwPvggfhh+jNmGBETrvE5ZrSGo6l1wsDApJxsFAnuaKI1j6PSb2r2yzX9Vo7i9H6qezHJxyUZnH2rwuCTzF7bOwlLiXyD8UMszM9xOA2AxN0MIacxD+++Igf05ic9sG1qwxCxZd6NESx7ql2jfosuVQxTWYqvfHsQbi+fAEXSP1VjxjEGl+enRFIWDBu85pVMdNafyufL6AmFqeW+nZGyN0W8rq3SStiq3KQM6L8HRtOywMOY31WDLSvKPpw1CCrgcrVCpMk7iY4=,iv:lP/eFvhmvQD59EPGwjsOtlJKd5LBGOLWorDUyOZtvIo=,tag:m2KV3yteR25YDzBkIvPxgQ==,type:str] -nixos-key-pub: ENC[AES256_GCM,data:acX32b9Bf3AuB12CmJNvgnjtuB6LKFVA2/BDibh2rLkWZTv5HPRYPnDPtOhJQt2GbSUm3hFHGBbpI24lrwVIhdnaFIK/Rohx+w/bzI88chL9OVDK4+KkvAP5fzh++wlYaH/duOiCrA==,iv:zTPPpnmTxtHW4ULvACUaQpz9CJa185zg/Rx2O2cR8Tw=,tag:ohxfADTMfaLLI1e8VRqfpQ==,type:str] -amity-key: ENC[AES256_GCM,data:Bz7FB+Gzb6qBTvCL/1c5dcxIiWf7t+DAXTcEIQHgPSQtjVKnnK0Xrv9aL+EOJ51n82v2XX27XW58hLG7mYAWi3XPtf1fbFKDsdvFB/GGkqojLoDju6y0GHOUWsX1ZelEoCcKtpe7ucmeW+LLGOzQhCoNCUWPQwoGWy7KHtv9pikqOY8SH5OhJpjVhw/91smfMhSRMl4jJEeU2A0+xngFuk4YH76wfTrG7uRbXFX8Ml5kF5N7bnhP39Onet1Cnv8bjdxvpjKiXTOUmVSM1q4RsTjGC7DmlXRi952Ar7bGIN5vmo2F1rhPydnD7d9Gw2clvwbjjxED/m/A1q6PPlYTkm4bAIX9Hz/gKyR29skQTvMMjZ5cSd+ai1pv1UQohwEhcY5L+ROzY+MrxW2VgUV2IeCjDnj5TZ1NZscNEoyUJQJr97AJ285cxokijPHDIS76VKYUYFvQvK70jONDtSIzn3WznGQXkujR3eCKReLovCB5CQ6xW3tIxsVddsDnXV4yby+Fzf1LRpOcZZISN0P29Uk2690I9uPOvHsQcBtMjVBNqBO5P0i1WiAnIlngjJxW+3G/RSdz+8Nz2kRsyNXiVd9hYbPb8KbF/hXr3Mw76EfKOHeqwhAyBVK4SPQX0ZMnCU9odoiY02uZURrONuAHIBZeeuCQ1Me//h/w7qYTKiFFJuz0VwtJrYNXpmhL0xrwWt8ZHqVwsMHJgMHV5FH8DEdoMfxvUXLKmEXwgqYFF+Zl2tyanuhcbH+yO6+bagYfS1EcC7XUy8gBXNyb0mVzcTP0QYAb8dtWrGRNTvmy9jO4pEaSy/uyJLDj/NwiR3tR70b9Z6S2SF1HgFiV1YVt4cq3es5SX1k3bqAZo0w3E6KiZZwS0ahxB+Gf5P9leS5d1nfDZ7Zktv49vPbNLl295AWSNoS7orVyNpAX39ihH/X8Zg+XwCd5NdwLpwS3GTvbPCg8lc+gNDqZ9fOmXHJvsKyq8wGCnjMpGTP5LQ/WisqzyYiY1QpWhLukzNUG6vRDMWPMEDoKOMLS26NZHTcPBFPVIru8O49FK7A2MdANyiOiZOeR0dsoAWrMN8+sGSGxcmcBWt9jENHyLtk+b9Vz13xr868jfzVpBol62ExPpbVbbLaCb5o0ppnDcGSVvY5aMIVjiqoJfasegNeR4gNwqKKwX9fWXZFvQsaKZIx6/CvUfU27qT6p0krlVfza4UjwVZZ9IGZgVqFwho9g9xvh+VmD6kxagcDI2uQ88bLgQbijfWqOTn/uEy/13IWt5cDZs1wu/38eZA+l+HEVgi1v4ruxXkGoAzKxOan956cDFPyRFHSs9yyH+dmld74TO+1l4JhflTw2H3+xOyD/gP4q2bjcxoSjhe9JXabh1M3iCtjVWt3exg43e3ZPP/0lnfAqy9fOYAkWGuStLfyw1dsqhiasH4zJez+rHIENR3L2GupbSSyeQJJ5H9MZQAkCh4GrrEKmEXAFoQhSLZeLmGH/itSsiG0o+/P+CwQKHtMnuz13ek4H42joyh7DEvJSDBxipTvmDFrTfLd0oelkiMAge8MkSc7yBUAstfuyzPtibpUdBrvZipDrGAFMSB3DorKn+A7cckZqqWORHlSCmDjxbTDPH5sARI5jaX17iMiRzai5cKwVA2j9V7A5zqPrqMnJB8pnVAcWlRmgtK7tkCW2qRKOOQJ1TOUZuIUwM2wOzkePGJaB95WeRjXUmQ0vjOl/+q/9qD2iW95eY3iePgU69MMYBlPWdeRkYjMaKXG6Yy66Z41WEYGTOeKNfHcrJOEZECOaZQHhdk7t3SnUd2MZQtVEo/FejjS3MGi+hXy8tICtrJlvqEmPqjCCeBxHsvgcPbTqB8x0vjGGNreZyAoAV4EzvqfG/x1xR4Vrm2NN0WhZz3iX0lPBY8eWTmhF9tV7gPToN4G+WVK18uXdMzNerrstBF0L5pW9H9fI7WPFC3kxRDI0NEK7DJsn8Lal0b69ddzhXIxM9S49g/tdng3dhzhJje1oBw9SdEH+G6DRVJMS1AdVrwBoxOHCuMnHTeSnslx2Q5q1ljNTP6zWcuz0n3lcfcfB80p+q1BNPn6fIMPoWG5hwU4wnebU7qN/HVUsBqGCw1pHf72cOeqkxWXKFzS3PR1iz9D3rFqpcgOiJfdBoZiXcDmfzFD5MHBpbViUOEnc9RNq2eFi6PmvNrZAqZlRqgQKhOz0F/NyEQ6RKp9akrwJV+iCDXf1l6YZNV2zcEYc/OaWUNFoBa9aQREIqwwbMZOPgALL7lsi7dzJZDxagoqKY9xhNUwoF6DC6i9kkJOpJsu9DThvB+LYfnTk3ZklA9ZjisBMM1K5OVPz9shwpMp5DuHCOGCjJoD9EdBiCSdLA0gzdtwyxD4ZhC972OfLBNtvCRI6AHf/0AyYc1tANHVJoiaq+DAhZ0lExJdTps1/tXjDyoQYMBEUlRL2ys6+6tleD89zL2tyiJDkUgrNkLDB9RSSqClPRJ/mMNoFuPCCgi8O8Cdswumry1G/IN7S0m5igWEq6Dj1p3IEZ1BZOSmLB1C/rrJPbbF5Zux0cRYhOWrbSJiULyNExUIU1KActqxvWpaRLg982kbDqtjj3Tiv6DU4mZfM9bthDPxypFr3CPfwa3t/TRECFpbxB0pGRmbrhdCAipLq63OWBqI7iRILZY/361/V7B8VHdUoM9U+8SccpNlaqSIVRgLintCH5FPNTqQMMDzHrJ4BaHdpT8RUBhC0yKV+EymqrrDVdJJKhriEsUCOAgEhtsaZ9gawm/c5RGWQ5+heshVccXQ0N3TiA+RsGLjqOcfQmfFG+Hz61QvoN4Ml5WtdMlqj1H80/5SiPnsaJu5P+Z3WLrbc2xMtfE2shMbyaziP3wVm3fjIA3pPvEvMthfYdH8iy2Na67Wn1P21DE3ZGBaGOYWvuQkEBJ6Hl8+HajMc7Jr/WtMRweJbBKQcsgo5YHmrJzfCSSkZdqC1WYIpfdU+JHwDPYg6dANWy348fOBVoAlIgtamehbjhY1y2aODFHCxSjdpeABB9acRu4FQMnWRDQ8oA/H+AbxlxHPXYC+PfN2jo7nbXOr1fYf4MY19gMTdgXVe6AYTBHAUZS/5JgRIE7Ey/WEbzMsgelWTiPkrGVDywqYkUshQVmxPr9uSV731UThY4G5pWFLgBpRYfdBfQ4xel0hv7pZ9+41t7gC6Y4L5C/EahLb3N+m7uyrTHbjXvGSWOhe4dNZHoKwfFVWs7UcZ5C9dksk6qcm/U7dHKZmS2lIaqnObljXCDwVB20/cgVGkK53q2Cza6krAI3mACmeXXwfAkN/unhGczoZfX0AF95mjoy8AJqg7Dkc5nIzwySLLz0r46HgWayEI1ns7nOQTtGNTXJ4bV2LdN++uLsj613qkF5dYBB64OfoN4f6ouyitho8VUm/q/++L/DuuUNKy2p5WsXeTF8SZbaHelNtCgGtebt7KsX4CHg==,iv:NChjfu1SEfJ+Ls0SsPJEcGl0nzxyfq4Nmvz9S0nyspM=,tag:XYC1jLbcTnjbbBTsnPe3Xg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1w98qzycsw5jk9hpy4yg5ld05qqdvs2vxctdypx0tqppvxrk579yshzctus - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0akVlb1RaTUtVWnRKMDB2 - dy9tUEZlRjc2ZzFkVC81NGo2ZmtHNmlIQWtNCkcvaDBuamRPVHpzK0tyVCtXQlk3 - WFdYc3RNcWxnQmljL0JKN2VhdUMxbXMKLS0tIFhKWmVpdGVrV1VtQnFpcm9iN1FO - WWc2bWgzVU1MTjc2T1dvYldvUGRyd3MKgo9Kl/TLLEeBgN6ewUc70vmG5U/1Hiiw - YcvAnyOwh3DKkGasjMIje9JlsIuSdNlW+rELYE+63BLbmBFONJji0w== - -----END AGE ENCRYPTED FILE----- - - recipient: age1dfcv3m85krzqya9tsft5hwrapl3zq35ry6zrt8gy92afcyrrau6q879rfc - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvTVZVTkNFZTU3WkhRRkll - Wko0Y0Y1bWtiWUorQlNHc291Q2lFakNLeXg0CjV2S2dIamRNbzRjR0F4K0U0WDRw - ai82VXcwSkVCKzFFdU9qc2hNdHowck0KLS0tIHlDWVJUanB2dERqMC9EbTdJUzNs - ZDZ6UllCaVVPL2JjTUE1eWVSOVpnbzQKbLOObnGXp0XVuBqzuI5t/isNxzTNNEV+ - J8BVF0+7i2RM0Kwu9sndzpnD1VNTVUHx+R14P3f0NyynvEqegHBXKA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1c28zh0wrj567uzhj8echy684srjgcpksj0c6m0rhjx09wcxgtp8sxdyw4q - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFMllvQ3BhRnpEbWRQYjd6 - U1Q5QUg3bDJGWmRIZEhVSTFIQ3ArRldObDNFClBISW95R0lOd09SdjdYWVQ3MDgw - blh4UU95clZJTWp6ZFZ5Z2NQNk5DeVkKLS0tIEZXYXNoNVhNMW1sckc2V2RwbWhW - MkJ3MTZYRHU0R2dKR1pFa1pzU3gzejQKnN3N42Ac/OlNo8E7dllYIO7Ak4BLAA19 - G8t5DL3l+H1f0vG5ujOGWLmSwsvV4EyH5YHYTUDyHKO85EfxWwbDZw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1e9thqqupjlm6hfpjjwamt9rzyxuuqrrpd5vtxj0mxnpaec4lk5vqwf09zl - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVVEZraHdjWjRaZjJ2U0Za - OUNLVEN2ZXB5WjJoVnZqdUI2Z1ZhRlNCTldzCnVFZ3VQclZkWVRpWGpLZ1g4eDIv - V084MEkzTHRjLzBOZGFUTS94Tnh6eW8KLS0tIGZtSWRiSE5ud1p2TDVlRy94ekxw - V09ZQjhzbFN6ZnNINnBvWGpRMVIvQWsK0uuPy+td3JMr8afMCTOhgq9cj8X2pDcf - obRx+ZcVZaAXevhHq9bBhISJGAK1Y1kxyskjaEktaFua9UloPharaA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-02T20:40:40Z" - mac: ENC[AES256_GCM,data:jMMZvF37rGTP4iP/bZOH1LCZXDBICmeH2z1zN4sIbpA9jRefXzl88CMYFcEWz7qgSMe0WTskP8tNA2I9ON/0htlD6g8ija2dq6207LdF7D5vKZIxoW7I9X8GfweWRy7/I8x8ZDv66lBdS6D5UjVfmTcTB/1BQqc9YAk7sGNxbFE=,iv:4kWoRNhlNLFsvNuVLEWUBZ2UH+9kHPrrX0TWIaekNwE=,tag:tnnUN0zIvEmqwMl7DmYf2A==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/modules/base/host/os/users/default.nix b/modules/base/users/default.nix similarity index 91% rename from modules/base/host/os/users/default.nix rename to modules/base/users/default.nix index b86fadff8..b35022a71 100644 --- a/modules/base/host/os/users/default.nix +++ b/modules/base/users/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./isabel.nix ./root.nix diff --git a/modules/base/host/os/users/isabel.nix b/modules/base/users/isabel.nix similarity index 77% rename from modules/base/host/os/users/isabel.nix rename to modules/base/users/isabel.nix index 6392639c9..cf913154e 100644 --- a/modules/base/host/os/users/isabel.nix +++ b/modules/base/users/isabel.nix @@ -4,24 +4,23 @@ lib, ... }: let - inherit (lib) ldTernary mkIf ifTheyExist; - inherit (pkgs.stdenv) isLinux; + inherit (lib) ldTernary ifTheyExist; keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQDiHbMSinj8twL9cTgPOfI6OMexrTZyHX27T8gnMj2 isabel@isabelroses.com"]; in { - boot.initrd.network.ssh.authorizedKeys = mkIf isLinux keys; + # boot.initrd.network.ssh.authorizedKeys = mkIf isLinux keys; users.users.isabel = { openssh.authorizedKeys.keys = keys; home = ldTernary pkgs "/home/isabel" "/Users/isabel"; - shell = ldTernary pkgs pkgs.fish pkgs.zsh; + shell = pkgs.fish; } // ( ldTernary pkgs { isNormalUser = true; uid = 1000; - hashedPasswordFile = config.sops.secrets.user-isabel-password.path; + initialPassword = "changeme"; extraGroups = [ "wheel" diff --git a/modules/base/host/os/users/root.nix b/modules/base/users/root.nix similarity index 73% rename from modules/base/host/os/users/root.nix rename to modules/base/users/root.nix index 335d0be38..0e6d7f447 100644 --- a/modules/base/host/os/users/root.nix +++ b/modules/base/users/root.nix @@ -1,11 +1,10 @@ { lib, pkgs, - config, ... }: { users.users.root = lib.mkIf pkgs.stdenv.isLinux { - hashedPasswordFile = config.sops.secrets.user-root-password.path; + initialPassword = "changeme"; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQDiHbMSinj8twL9cTgPOfI6OMexrTZyHX27T8gnMj2" diff --git a/modules/profiles/meta/darwin/brew/default.nix b/modules/darwin/brew/default.nix similarity index 94% rename from modules/profiles/meta/darwin/brew/default.nix rename to modules/darwin/brew/default.nix index 2531c7119..4a71e8d1e 100644 --- a/modules/profiles/meta/darwin/brew/default.nix +++ b/modules/darwin/brew/default.nix @@ -15,8 +15,6 @@ cleanup = "zap"; }; - # TODO: put pkgs here - # Applications to install from Mac App Store using mas. # You need to install all these Apps manually first so that your apple account have records for them. # otherwise Apple Store will refuse to install them. @@ -25,7 +23,6 @@ taps = [ "homebrew/bundle" - "homebrew/cask" ]; # `brew install` diff --git a/modules/profiles/meta/darwin/brew/environment.nix b/modules/darwin/brew/environment.nix similarity index 100% rename from modules/profiles/meta/darwin/brew/environment.nix rename to modules/darwin/brew/environment.nix diff --git a/modules/profiles/meta/darwin/config.nix b/modules/darwin/config.nix similarity index 85% rename from modules/profiles/meta/darwin/config.nix rename to modules/darwin/config.nix index 82ef68507..fb65f1aa5 100644 --- a/modules/profiles/meta/darwin/config.nix +++ b/modules/darwin/config.nix @@ -14,20 +14,20 @@ dock = { autohide = true; - autohide-delay = 0; # autohide delay - autohide-time-modifier = 0; # autohide animation duration + autohide-delay = null; # autohide delay + autohide-time-modifier = null; # autohide animation duration show-recents = false; # disable recent apps # customize Hot Corners - wvous-tl-corner = 2; # top-left - Mission Control - wvous-tr-corner = 13; # top-right - Lock Screen - wvous-bl-corner = 3; # bottom-left - Application Windows - wvous-br-corner = 4; # bottom-right - Desktop + # wvous-tl-corner = 2; # top-left - Mission Control + # wvous-tr-corner = 13; # top-right - Lock Screen + # wvous-bl-corner = 3; # bottom-left - Application Windows + # wvous-br-corner = 4; # bottom-right - Desktop }; finder = { _FXShowPosixPathInTitle = true; # show full path in finder title - FXRemoveOldTrashItems = true; # remove items from trash after 30 days + # FXRemoveOldTrashItems = true; # remove items from trash after 30 days AppleShowAllExtensions = true; # show all file extensions AppleShowAllFiles = true; # show hidden files FXEnableExtensionChangeWarning = false; # disable warning when changing file extension @@ -42,7 +42,7 @@ NSGlobalDomain = { "com.apple.swipescrolldirection" = false; # enable natural scrolling "com.apple.sound.beep.feedback" = 0; # disable beep sound when pressing volume up/down key - "com.apple.sound.beep.volume" = 0; # disable beep sound + "com.apple.sound.beep.volume" = null; # disable beep sound "com.apple.keyboard.fnState" = true; # use function keys as standard function keys AppleInterfaceStyle = "Dark"; # dark mode AppleKeyboardUIMode = 3; # Mode 3 enables full keyboard control. diff --git a/modules/profiles/meta/darwin/default.nix b/modules/darwin/default.nix similarity index 69% rename from modules/profiles/meta/darwin/default.nix rename to modules/darwin/default.nix index e1054e5f6..16ba88320 100644 --- a/modules/profiles/meta/darwin/default.nix +++ b/modules/darwin/default.nix @@ -1,10 +1,12 @@ { imports = [ ./brew # homebrew the package manager + ./hardware # hardware config - i.e. keyboard ./services # services exclusive to nix-darwin ./config.nix # native nix-darwin configuration ./non-native.nix # functionality not provided by nix-darwin ./security.nix # security settings + ./nix.nix # nix settings that can only be applied to nix-darwin ]; } diff --git a/modules/profiles/meta/darwin/hardware/default.nix b/modules/darwin/hardware/default.nix similarity index 100% rename from modules/profiles/meta/darwin/hardware/default.nix rename to modules/darwin/hardware/default.nix diff --git a/modules/profiles/meta/darwin/hardware/keyboard.nix b/modules/darwin/hardware/keyboard.nix similarity index 95% rename from modules/profiles/meta/darwin/hardware/keyboard.nix rename to modules/darwin/hardware/keyboard.nix index f6504dda6..4029aec92 100644 --- a/modules/profiles/meta/darwin/hardware/keyboard.nix +++ b/modules/darwin/hardware/keyboard.nix @@ -2,7 +2,7 @@ # keyboard settings is not very useful on macOS # the most important thing is to remap option key to alt key globally, # but it's not supported by macOS yet. - system.defaults.keyboard = { + system.keyboard = { enableKeyMapping = true; # enable key mapping so that we can use `option` as `control` # NOTE: do NOT support remap capslock to both control and escape at the same time diff --git a/modules/profiles/meta/darwin/hardware/trackpad.nix b/modules/darwin/hardware/trackpad.nix similarity index 56% rename from modules/profiles/meta/darwin/hardware/trackpad.nix rename to modules/darwin/hardware/trackpad.nix index 9fef4b490..9a74f7248 100644 --- a/modules/profiles/meta/darwin/hardware/trackpad.nix +++ b/modules/darwin/hardware/trackpad.nix @@ -2,6 +2,6 @@ system.defaults.trackpad = { Clicking = true; # enable tap to click TrackpadRightClick = true; # enable two finger right click - TrackpadThreeFingerDrag = true; # enable three finger drag + TrackpadThreeFingerDrag = false; # enable three finger drag, disabled so I can swap workspaces with 3 fingers }; } diff --git a/modules/darwin/nix.nix b/modules/darwin/nix.nix new file mode 100644 index 000000000..dcb3ea17f --- /dev/null +++ b/modules/darwin/nix.nix @@ -0,0 +1,12 @@ +{ + nix = { + gc.interval = { + Hour = 3; + Minute = 15; + }; + + settings.extra-platforms = ["aarch64-darwin" "x86-64-darwin"]; + }; + + services.nix-daemon.enable = true; +} diff --git a/modules/profiles/meta/darwin/non-native.nix b/modules/darwin/non-native.nix similarity index 91% rename from modules/profiles/meta/darwin/non-native.nix rename to modules/darwin/non-native.nix index 9422502ce..628fe575f 100644 --- a/modules/profiles/meta/darwin/non-native.nix +++ b/modules/darwin/non-native.nix @@ -40,7 +40,7 @@ askForPasswordDelay = 0; }; "com.apple.screencapture" = { - location = "~/media/pictures/screenshots"; + location = "~/Pictures/screenshots"; type = "png"; }; "com.apple.AdLib" = { @@ -50,8 +50,8 @@ "com.apple.ImageCapture".disableHotPlug = true; }; - loginwindow = { - GuestEnabled = false; # disable guest user - SHOWFULLNAME = true; # show full name in login window - }; + # loginwindow = { + # GuestEnabled = false; # disable guest user + # SHOWFULLNAME = true; # show full name in login window + # }; } diff --git a/modules/profiles/meta/darwin/security.nix b/modules/darwin/security.nix similarity index 100% rename from modules/profiles/meta/darwin/security.nix rename to modules/darwin/security.nix diff --git a/modules/profiles/meta/darwin/services/default.nix b/modules/darwin/services/default.nix similarity index 100% rename from modules/profiles/meta/darwin/services/default.nix rename to modules/darwin/services/default.nix diff --git a/modules/profiles/meta/darwin/services/yabai.nix b/modules/darwin/services/yabai.nix similarity index 97% rename from modules/profiles/meta/darwin/services/yabai.nix rename to modules/darwin/services/yabai.nix index ae5988f7c..71bf53b0c 100644 --- a/modules/profiles/meta/darwin/services/yabai.nix +++ b/modules/darwin/services/yabai.nix @@ -5,7 +5,7 @@ enable = true; enableScriptingAddition = true; - logFile = "/var/tmp/yabai.log"; + # logFile = "/var/tmp/yabai.log"; config = { auto_balance = "off"; diff --git a/modules/base/host/default.nix b/modules/linux/default.nix similarity index 56% rename from modules/base/host/default.nix rename to modules/linux/default.nix index 1dedc7c2c..689402540 100644 --- a/modules/base/host/default.nix +++ b/modules/linux/default.nix @@ -1,13 +1,15 @@ -_: { +{ imports = [ - ./activation # activation system for nixos-rebuild + ./gaming # super cool procrastinations related things ./hardware # hardware - bluetooth etc. + ./options # options, for quick configuration ./os # system configurations ./security # keeping the system safe - ./nix # all nix related configurations + ./services # allows for per-system system services to be enabled ./emulation.nix # emulation setup ./encryption.nix # keeping my stuff hidden from you strange people + ./nix.nix # nix settings for nixos only systems ./virtualization.nix # docker, QEMU, waydroid etc. ]; } diff --git a/modules/base/host/emulation.nix b/modules/linux/emulation.nix similarity index 100% rename from modules/base/host/emulation.nix rename to modules/linux/emulation.nix diff --git a/modules/base/host/encryption.nix b/modules/linux/encryption.nix similarity index 100% rename from modules/base/host/encryption.nix rename to modules/linux/encryption.nix diff --git a/modules/base/gaming/default.nix b/modules/linux/gaming/default.nix similarity index 96% rename from modules/base/gaming/default.nix rename to modules/linux/gaming/default.nix index a91902b91..6e46520de 100644 --- a/modules/base/gaming/default.nix +++ b/modules/linux/gaming/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./gamemode.nix # cool scripts, and programs to imporve gaming preformance ./steam.nix # steam, the gaming platform diff --git a/modules/base/gaming/gamemode.nix b/modules/linux/gaming/gamemode.nix similarity index 100% rename from modules/base/gaming/gamemode.nix rename to modules/linux/gaming/gamemode.nix diff --git a/modules/base/gaming/steam.nix b/modules/linux/gaming/steam.nix similarity index 100% rename from modules/base/gaming/steam.nix rename to modules/linux/gaming/steam.nix diff --git a/modules/base/host/hardware/bluetooth/default.nix b/modules/linux/hardware/bluetooth/default.nix similarity index 100% rename from modules/base/host/hardware/bluetooth/default.nix rename to modules/linux/hardware/bluetooth/default.nix diff --git a/modules/base/host/hardware/cpu/amd/default.nix b/modules/linux/hardware/cpu/amd/default.nix similarity index 100% rename from modules/base/host/hardware/cpu/amd/default.nix rename to modules/linux/hardware/cpu/amd/default.nix diff --git a/modules/base/host/hardware/cpu/default.nix b/modules/linux/hardware/cpu/default.nix similarity index 89% rename from modules/base/host/hardware/cpu/default.nix rename to modules/linux/hardware/cpu/default.nix index b31716f06..76473400c 100644 --- a/modules/base/host/hardware/cpu/default.nix +++ b/modules/linux/hardware/cpu/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./amd ./intel diff --git a/modules/base/host/hardware/cpu/intel/default.nix b/modules/linux/hardware/cpu/intel/default.nix similarity index 100% rename from modules/base/host/hardware/cpu/intel/default.nix rename to modules/linux/hardware/cpu/intel/default.nix diff --git a/modules/base/host/hardware/default.nix b/modules/linux/hardware/default.nix similarity index 97% rename from modules/base/host/hardware/default.nix rename to modules/linux/hardware/default.nix index f1b91f7d4..57c073d5c 100644 --- a/modules/base/host/hardware/default.nix +++ b/modules/linux/hardware/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./cpu # cpu specific options ./gpu # gpu specific options diff --git a/modules/base/host/hardware/gpu/amd/default.nix b/modules/linux/hardware/gpu/amd/default.nix similarity index 100% rename from modules/base/host/hardware/gpu/amd/default.nix rename to modules/linux/hardware/gpu/amd/default.nix diff --git a/modules/base/host/hardware/gpu/default.nix b/modules/linux/hardware/gpu/default.nix similarity index 91% rename from modules/base/host/hardware/gpu/default.nix rename to modules/linux/hardware/gpu/default.nix index 38140c588..da3bdfdd9 100644 --- a/modules/base/host/hardware/gpu/default.nix +++ b/modules/linux/hardware/gpu/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./intel ./nvidia diff --git a/modules/base/host/hardware/gpu/intel/default.nix b/modules/linux/hardware/gpu/intel/default.nix similarity index 100% rename from modules/base/host/hardware/gpu/intel/default.nix rename to modules/linux/hardware/gpu/intel/default.nix diff --git a/modules/base/host/hardware/gpu/nvidia/default.nix b/modules/linux/hardware/gpu/nvidia/default.nix similarity index 100% rename from modules/base/host/hardware/gpu/nvidia/default.nix rename to modules/linux/hardware/gpu/nvidia/default.nix diff --git a/modules/base/host/hardware/media/default.nix b/modules/linux/hardware/media/default.nix similarity index 90% rename from modules/base/host/hardware/media/default.nix rename to modules/linux/hardware/media/default.nix index c643c2a3a..e031047cf 100644 --- a/modules/base/host/hardware/media/default.nix +++ b/modules/linux/hardware/media/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./video ./sound diff --git a/modules/base/host/hardware/media/sound/default.nix b/modules/linux/hardware/media/sound/default.nix similarity index 100% rename from modules/base/host/hardware/media/sound/default.nix rename to modules/linux/hardware/media/sound/default.nix diff --git a/modules/base/host/hardware/media/video/default.nix b/modules/linux/hardware/media/video/default.nix similarity index 100% rename from modules/base/host/hardware/media/video/default.nix rename to modules/linux/hardware/media/video/default.nix diff --git a/modules/base/host/hardware/tmp/default.nix b/modules/linux/hardware/tmp/default.nix similarity index 100% rename from modules/base/host/hardware/tmp/default.nix rename to modules/linux/hardware/tmp/default.nix diff --git a/modules/base/host/hardware/yubikey/default.nix b/modules/linux/hardware/yubikey/default.nix similarity index 100% rename from modules/base/host/hardware/yubikey/default.nix rename to modules/linux/hardware/yubikey/default.nix diff --git a/modules/linux/nix.nix b/modules/linux/nix.nix new file mode 100644 index 000000000..99b1ed4d3 --- /dev/null +++ b/modules/linux/nix.nix @@ -0,0 +1,25 @@ +{config, ...}: { + config = { + # automatically optimize /nix/store by removing hard links + nix.settings = { + # Make builds run with a low priority, keeping the system fast + daemonCPUSchedPolicy = "idle"; + daemonIOSchedClass = "idle"; + daemonIOSchedPriority = 7; + + nix.gc.dates = "Mon *-*-* 03:00"; + + # execute builds inside cgroups + use-cgroups = true; + + optimise = { + automatic = true; + dates = ["04:00"]; + }; + + extra-platforms = config.boot.binfmt.emulatedSystems; + }; + + system.autoUpgrade.enable = false; + }; +} diff --git a/modules/linux/options/default.nix b/modules/linux/options/default.nix new file mode 100644 index 000000000..f1f56fc55 --- /dev/null +++ b/modules/linux/options/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./device + ./system + ]; +} diff --git a/modules/base/options/device/capabilities.nix b/modules/linux/options/device/capabilities.nix similarity index 100% rename from modules/base/options/device/capabilities.nix rename to modules/linux/options/device/capabilities.nix diff --git a/modules/linux/options/device/default.nix b/modules/linux/options/device/default.nix new file mode 100644 index 000000000..aa3fbd64b --- /dev/null +++ b/modules/linux/options/device/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./capabilities.nix + ./hardware.nix + ]; +} diff --git a/modules/base/options/device/hardware.nix b/modules/linux/options/device/hardware.nix similarity index 87% rename from modules/base/options/device/hardware.nix rename to modules/linux/options/device/hardware.nix index a8c5fb3ba..35326226c 100644 --- a/modules/base/options/device/hardware.nix +++ b/modules/linux/options/device/hardware.nix @@ -2,11 +2,6 @@ inherit (lib) mkOption types; in { options.modules.device = { - type = mkOption { - type = types.enum ["laptop" "desktop" "server" "hybrid" "wsl" "lite" "vm"]; - default = ""; - }; - cpu = mkOption { type = types.nullOr (types.enum ["intel" "vm-intel" "amd" "vm-amd"]); default = null; diff --git a/modules/base/options/system/boot.nix b/modules/linux/options/system/boot.nix similarity index 100% rename from modules/base/options/system/boot.nix rename to modules/linux/options/system/boot.nix diff --git a/modules/linux/options/system/default.nix b/modules/linux/options/system/default.nix new file mode 100644 index 000000000..3bd4280fb --- /dev/null +++ b/modules/linux/options/system/default.nix @@ -0,0 +1,60 @@ +{ + lib, + config, + ... +}: let + inherit (lib) mkOption mkEnableOption optionals types; +in { + imports = [ + ./boot.nix + ./emulation.nix + ./encryption.nix + ./networking.nix + ./printing.nix + ./security.nix + ./virtualization.nix + ]; + + config.warnings = optionals (config.modules.system.fs == []) [ + '' + You have not added any filesystems to be supported by your system. You may end up with an unbootable system! + + Consider setting {option}`config.modules.system.fs` in your configuration + '' + ]; + + options.modules.system = { + autoLogin = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable passwordless login. This is generally useful on systems with + FDE (Full Disk Encryption) enabled. It is a security risk for systems without FDE. + ''; + }; + + fs = mkOption { + type = with types; listOf str; + default = ["vfat" "ext4"]; + description = '' + A list of filesystems available supported by the system + it will enable services based on what strings are found in the list. + + It would be a good idea to keep vfat and ext4 so you can mount USBs. + ''; + }; + + yubikeySupport = { + enable = mkEnableOption "yubikey support"; + deviceType = mkOption { + type = with types; nullOr (enum ["NFC5" "nano"]); + default = null; + description = "A list of devices to enable Yubikey support for"; + }; + }; + + sound.enable = mkEnableOption "Does the device have sound and its related programs be enabled"; + video.enable = mkEnableOption "Does the device allow for graphical programs"; + bluetooth.enable = mkEnableOption "Should the device load bluetooth drivers and enable blueman"; + }; +} diff --git a/modules/base/options/system/emulation.nix b/modules/linux/options/system/emulation.nix similarity index 100% rename from modules/base/options/system/emulation.nix rename to modules/linux/options/system/emulation.nix diff --git a/modules/base/options/system/encryption.nix b/modules/linux/options/system/encryption.nix similarity index 100% rename from modules/base/options/system/encryption.nix rename to modules/linux/options/system/encryption.nix diff --git a/modules/base/options/system/networking.nix b/modules/linux/options/system/networking.nix similarity index 100% rename from modules/base/options/system/networking.nix rename to modules/linux/options/system/networking.nix diff --git a/modules/base/options/system/printing.nix b/modules/linux/options/system/printing.nix similarity index 100% rename from modules/base/options/system/printing.nix rename to modules/linux/options/system/printing.nix diff --git a/modules/base/options/system/security.nix b/modules/linux/options/system/security.nix similarity index 100% rename from modules/base/options/system/security.nix rename to modules/linux/options/system/security.nix diff --git a/modules/base/options/system/virtualization.nix b/modules/linux/options/system/virtualization.nix similarity index 100% rename from modules/base/options/system/virtualization.nix rename to modules/linux/options/system/virtualization.nix diff --git a/modules/base/host/os/boot/default.nix b/modules/linux/os/boot/default.nix similarity index 94% rename from modules/base/host/os/boot/default.nix rename to modules/linux/os/boot/default.nix index c48141432..2580dd618 100644 --- a/modules/base/host/os/boot/default.nix +++ b/modules/linux/os/boot/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./generic ./loader diff --git a/modules/base/host/os/boot/generic/default.nix b/modules/linux/os/boot/generic/default.nix similarity index 100% rename from modules/base/host/os/boot/generic/default.nix rename to modules/linux/os/boot/generic/default.nix diff --git a/modules/base/host/os/boot/loader/default.nix b/modules/linux/os/boot/loader/default.nix similarity index 91% rename from modules/base/host/os/boot/loader/default.nix rename to modules/linux/os/boot/loader/default.nix index 699cef089..9afa04d1f 100644 --- a/modules/base/host/os/boot/loader/default.nix +++ b/modules/linux/os/boot/loader/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./grub ./systemd-boot diff --git a/modules/base/host/os/boot/loader/grub/default.nix b/modules/linux/os/boot/loader/grub/default.nix similarity index 100% rename from modules/base/host/os/boot/loader/grub/default.nix rename to modules/linux/os/boot/loader/grub/default.nix diff --git a/modules/base/host/os/boot/loader/none/default.nix b/modules/linux/os/boot/loader/none/default.nix similarity index 100% rename from modules/base/host/os/boot/loader/none/default.nix rename to modules/linux/os/boot/loader/none/default.nix diff --git a/modules/base/host/os/boot/loader/systemd-boot/default.nix b/modules/linux/os/boot/loader/systemd-boot/default.nix similarity index 100% rename from modules/base/host/os/boot/loader/systemd-boot/default.nix rename to modules/linux/os/boot/loader/systemd-boot/default.nix diff --git a/modules/base/host/os/boot/plymouth/default.nix b/modules/linux/os/boot/plymouth/default.nix similarity index 100% rename from modules/base/host/os/boot/plymouth/default.nix rename to modules/linux/os/boot/plymouth/default.nix diff --git a/modules/base/host/os/boot/secure-boot/default.nix b/modules/linux/os/boot/secure-boot/default.nix similarity index 100% rename from modules/base/host/os/boot/secure-boot/default.nix rename to modules/linux/os/boot/secure-boot/default.nix diff --git a/modules/base/host/os/default.nix b/modules/linux/os/default.nix similarity index 89% rename from modules/base/host/os/default.nix rename to modules/linux/os/default.nix index 16a63e313..dd0f4edf4 100644 --- a/modules/base/host/os/default.nix +++ b/modules/linux/os/default.nix @@ -8,6 +8,5 @@ ./networking # networking ./programs # common programs ./services # common services - ./users # who is on the system ]; } diff --git a/modules/base/host/os/display/default.nix b/modules/linux/os/display/default.nix similarity index 95% rename from modules/base/host/os/display/default.nix rename to modules/linux/os/display/default.nix index e90f4b7b1..9e05fce1b 100644 --- a/modules/base/host/os/display/default.nix +++ b/modules/linux/os/display/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./wayland diff --git a/modules/base/host/os/display/portals.nix b/modules/linux/os/display/portals.nix similarity index 100% rename from modules/base/host/os/display/portals.nix rename to modules/linux/os/display/portals.nix diff --git a/modules/base/host/os/display/wayland/default.nix b/modules/linux/os/display/wayland/default.nix similarity index 97% rename from modules/base/host/os/display/wayland/default.nix rename to modules/linux/os/display/wayland/default.nix index 71b2dbd5b..d0208841b 100644 --- a/modules/base/host/os/display/wayland/default.nix +++ b/modules/linux/os/display/wayland/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./environment.nix # configuration for the environment ./hyprland.nix # hyprland specific environment configuration diff --git a/modules/base/host/os/display/wayland/environment.nix b/modules/linux/os/display/wayland/environment.nix similarity index 100% rename from modules/base/host/os/display/wayland/environment.nix rename to modules/linux/os/display/wayland/environment.nix diff --git a/modules/base/host/os/display/wayland/hyprland.nix b/modules/linux/os/display/wayland/hyprland.nix similarity index 100% rename from modules/base/host/os/display/wayland/hyprland.nix rename to modules/linux/os/display/wayland/hyprland.nix diff --git a/modules/base/host/os/display/wayland/services.nix b/modules/linux/os/display/wayland/services.nix similarity index 100% rename from modules/base/host/os/display/wayland/services.nix rename to modules/linux/os/display/wayland/services.nix diff --git a/modules/base/host/os/environment/console.nix b/modules/linux/os/environment/console.nix similarity index 100% rename from modules/base/host/os/environment/console.nix rename to modules/linux/os/environment/console.nix diff --git a/modules/base/host/os/environment/default.nix b/modules/linux/os/environment/default.nix similarity index 69% rename from modules/base/host/os/environment/default.nix rename to modules/linux/os/environment/default.nix index 774547151..815ec4abe 100644 --- a/modules/base/host/os/environment/default.nix +++ b/modules/linux/os/environment/default.nix @@ -1,11 +1,9 @@ -_: { +{ imports = [ - ./aliases.nix # shell aliases ./console.nix # changes to the console ./etc.nix # misc ./locale.nix # locale settings ./packages.nix # packages ./paths.nix # paths - ./vars.nix # environment variables ]; } diff --git a/modules/base/host/os/environment/etc.nix b/modules/linux/os/environment/etc.nix similarity index 98% rename from modules/base/host/os/environment/etc.nix rename to modules/linux/os/environment/etc.nix index 496795af5..3ff4d37da 100644 --- a/modules/base/host/os/environment/etc.nix +++ b/modules/linux/os/environment/etc.nix @@ -1,4 +1,4 @@ -_: { +{ # https://github.com/NixOS/nixpkgs/issues/72394#issuecomment-549110501 # the service is enabled by default, but this is not set. so by default, you will seee the error # why? diff --git a/modules/base/host/os/environment/locale.nix b/modules/linux/os/environment/locale.nix similarity index 100% rename from modules/base/host/os/environment/locale.nix rename to modules/linux/os/environment/locale.nix diff --git a/modules/base/host/os/environment/packages.nix b/modules/linux/os/environment/packages.nix similarity index 100% rename from modules/base/host/os/environment/packages.nix rename to modules/linux/os/environment/packages.nix diff --git a/modules/base/host/os/environment/paths.nix b/modules/linux/os/environment/paths.nix similarity index 100% rename from modules/base/host/os/environment/paths.nix rename to modules/linux/os/environment/paths.nix diff --git a/modules/base/host/os/fs/default.nix b/modules/linux/os/fs/default.nix similarity index 100% rename from modules/base/host/os/fs/default.nix rename to modules/linux/os/fs/default.nix diff --git a/modules/base/host/os/misc/default.nix b/modules/linux/os/misc/default.nix similarity index 100% rename from modules/base/host/os/misc/default.nix rename to modules/linux/os/misc/default.nix diff --git a/modules/base/host/os/misc/documentation.nix b/modules/linux/os/misc/documentation.nix similarity index 100% rename from modules/base/host/os/misc/documentation.nix rename to modules/linux/os/misc/documentation.nix diff --git a/modules/base/host/os/misc/realtime.nix b/modules/linux/os/misc/realtime.nix similarity index 100% rename from modules/base/host/os/misc/realtime.nix rename to modules/linux/os/misc/realtime.nix diff --git a/modules/base/host/os/networking/blocker.nix b/modules/linux/os/networking/blocker.nix similarity index 100% rename from modules/base/host/os/networking/blocker.nix rename to modules/linux/os/networking/blocker.nix diff --git a/modules/base/host/os/networking/default.nix b/modules/linux/os/networking/default.nix similarity index 100% rename from modules/base/host/os/networking/default.nix rename to modules/linux/os/networking/default.nix index 992b8eb56..17511c74b 100644 --- a/modules/base/host/os/networking/default.nix +++ b/modules/linux/os/networking/default.nix @@ -14,8 +14,8 @@ in { ./firewall ./blocker.nix - ./ssh.nix ./optimise.nix + ./ssh.nix ./tailscale.nix ./tcpcrypt.nix ]; diff --git a/modules/base/host/os/networking/firewall/default.nix b/modules/linux/os/networking/firewall/default.nix similarity index 100% rename from modules/base/host/os/networking/firewall/default.nix rename to modules/linux/os/networking/firewall/default.nix diff --git a/modules/base/host/os/networking/firewall/fail2ban.nix b/modules/linux/os/networking/firewall/fail2ban.nix similarity index 100% rename from modules/base/host/os/networking/firewall/fail2ban.nix rename to modules/linux/os/networking/firewall/fail2ban.nix diff --git a/modules/base/host/os/networking/optimise.nix b/modules/linux/os/networking/optimise.nix similarity index 100% rename from modules/base/host/os/networking/optimise.nix rename to modules/linux/os/networking/optimise.nix diff --git a/modules/base/host/os/networking/ssh.nix b/modules/linux/os/networking/ssh.nix similarity index 100% rename from modules/base/host/os/networking/ssh.nix rename to modules/linux/os/networking/ssh.nix diff --git a/modules/base/host/os/networking/tailscale.nix b/modules/linux/os/networking/tailscale.nix similarity index 100% rename from modules/base/host/os/networking/tailscale.nix rename to modules/linux/os/networking/tailscale.nix diff --git a/modules/base/host/os/networking/tcpcrypt.nix b/modules/linux/os/networking/tcpcrypt.nix similarity index 100% rename from modules/base/host/os/networking/tcpcrypt.nix rename to modules/linux/os/networking/tcpcrypt.nix diff --git a/modules/base/host/os/programs/default.nix b/modules/linux/os/programs/default.nix similarity index 100% rename from modules/base/host/os/programs/default.nix rename to modules/linux/os/programs/default.nix diff --git a/modules/base/host/os/services/default.nix b/modules/linux/os/services/default.nix similarity index 100% rename from modules/base/host/os/services/default.nix rename to modules/linux/os/services/default.nix diff --git a/modules/base/host/os/services/systemd.nix b/modules/linux/os/services/systemd.nix similarity index 100% rename from modules/base/host/os/services/systemd.nix rename to modules/linux/os/services/systemd.nix diff --git a/modules/base/host/os/services/zram.nix b/modules/linux/os/services/zram.nix similarity index 100% rename from modules/base/host/os/services/zram.nix rename to modules/linux/os/services/zram.nix diff --git a/modules/base/host/security/apparmor.nix b/modules/linux/security/apparmor.nix similarity index 100% rename from modules/base/host/security/apparmor.nix rename to modules/linux/security/apparmor.nix diff --git a/modules/base/host/security/auditd.nix b/modules/linux/security/auditd.nix similarity index 100% rename from modules/base/host/security/auditd.nix rename to modules/linux/security/auditd.nix diff --git a/modules/base/host/security/clamav.nix b/modules/linux/security/clamav.nix similarity index 100% rename from modules/base/host/security/clamav.nix rename to modules/linux/security/clamav.nix diff --git a/modules/base/host/security/default.nix b/modules/linux/security/default.nix similarity index 98% rename from modules/base/host/security/default.nix rename to modules/linux/security/default.nix index 527820596..d0d8070da 100644 --- a/modules/base/host/security/default.nix +++ b/modules/linux/security/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./apparmor.nix # apparmor ./auditd.nix # auditd diff --git a/modules/base/host/security/kernel.nix b/modules/linux/security/kernel.nix similarity index 100% rename from modules/base/host/security/kernel.nix rename to modules/linux/security/kernel.nix diff --git a/modules/base/host/security/pam.nix b/modules/linux/security/pam.nix similarity index 100% rename from modules/base/host/security/pam.nix rename to modules/linux/security/pam.nix diff --git a/modules/base/host/security/polkit.nix b/modules/linux/security/polkit.nix similarity index 100% rename from modules/base/host/security/polkit.nix rename to modules/linux/security/polkit.nix diff --git a/modules/base/host/security/selinux.nix b/modules/linux/security/selinux.nix similarity index 100% rename from modules/base/host/security/selinux.nix rename to modules/linux/security/selinux.nix diff --git a/modules/base/host/security/sudo.nix b/modules/linux/security/sudo.nix similarity index 100% rename from modules/base/host/security/sudo.nix rename to modules/linux/security/sudo.nix diff --git a/modules/base/host/security/virtualization.nix b/modules/linux/security/virtualization.nix similarity index 96% rename from modules/base/host/security/virtualization.nix rename to modules/linux/security/virtualization.nix index f3e3107ea..a9c3d3119 100644 --- a/modules/base/host/security/virtualization.nix +++ b/modules/linux/security/virtualization.nix @@ -1,4 +1,4 @@ -_: { +{ security.virtualisation = { # flush the L1 data cache before entering guests flushL1DataCache = "always"; diff --git a/modules/base/services/databases/default.nix b/modules/linux/services/databases/default.nix similarity index 95% rename from modules/base/services/databases/default.nix rename to modules/linux/services/databases/default.nix index 14262f1f9..ceadfd49c 100644 --- a/modules/base/services/databases/default.nix +++ b/modules/linux/services/databases/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./influxdb.nix ./mongodb.nix diff --git a/modules/base/services/databases/influxdb.nix b/modules/linux/services/databases/influxdb.nix similarity index 100% rename from modules/base/services/databases/influxdb.nix rename to modules/linux/services/databases/influxdb.nix diff --git a/modules/base/services/databases/mongodb.nix b/modules/linux/services/databases/mongodb.nix similarity index 83% rename from modules/base/services/databases/mongodb.nix rename to modules/linux/services/databases/mongodb.nix index 932d8ac5c..c3da462bc 100644 --- a/modules/base/services/databases/mongodb.nix +++ b/modules/linux/services/databases/mongodb.nix @@ -1,7 +1,7 @@ { - config, lib, pkgs, + config, ... }: let inherit (lib) mkIf; @@ -13,7 +13,7 @@ in { enable = true; package = pkgs.mongodb; enableAuth = true; - initialRootPassword = config.sops.secrets.mongodb-passwd.path; + initialRootPassword = config.age.secrets.mongodb-passwd.path; #bind_ip = cfg.host; extraConfig = '' operationProfiling.mode: all diff --git a/modules/base/services/databases/mysql.nix b/modules/linux/services/databases/mysql.nix similarity index 100% rename from modules/base/services/databases/mysql.nix rename to modules/linux/services/databases/mysql.nix diff --git a/modules/base/services/databases/postgresql.nix b/modules/linux/services/databases/postgresql.nix similarity index 100% rename from modules/base/services/databases/postgresql.nix rename to modules/linux/services/databases/postgresql.nix diff --git a/modules/base/services/databases/redis.nix b/modules/linux/services/databases/redis.nix similarity index 100% rename from modules/base/services/databases/redis.nix rename to modules/linux/services/databases/redis.nix diff --git a/modules/base/services/default.nix b/modules/linux/services/default.nix similarity index 97% rename from modules/base/services/default.nix rename to modules/linux/services/default.nix index 4a3aca5c9..344e75c2f 100644 --- a/modules/base/services/default.nix +++ b/modules/linux/services/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./databases ./dev diff --git a/modules/base/services/dev/atuin.nix b/modules/linux/services/dev/atuin.nix similarity index 100% rename from modules/base/services/dev/atuin.nix rename to modules/linux/services/dev/atuin.nix diff --git a/modules/base/services/dev/default.nix b/modules/linux/services/dev/default.nix similarity index 100% rename from modules/base/services/dev/default.nix rename to modules/linux/services/dev/default.nix diff --git a/modules/base/services/dev/forgejo.nix b/modules/linux/services/dev/forgejo.nix similarity index 97% rename from modules/base/services/dev/forgejo.nix rename to modules/linux/services/dev/forgejo.nix index 3d0200071..7de6ff50a 100644 --- a/modules/base/services/dev/forgejo.nix +++ b/modules/linux/services/dev/forgejo.nix @@ -32,7 +32,6 @@ in { systemd.services = { forgejo = { - after = ["sops-nix.service"]; preStart = let inherit (config.services.forgejo) stateDir; in @@ -51,7 +50,7 @@ in { stateDir = "/srv/storage/forgejo/data"; lfs.enable = true; - mailerPasswordFile = config.sops.secrets.mailserver-git-nohash.path; + mailerPasswordFile = config.age.secrets.mailserver-git-nohash.path; settings = { server = { diff --git a/modules/base/services/dev/plausible.nix b/modules/linux/services/dev/plausible.nix similarity index 88% rename from modules/base/services/dev/plausible.nix rename to modules/linux/services/dev/plausible.nix index bf0d99462..3909a68ce 100644 --- a/modules/base/services/dev/plausible.nix +++ b/modules/linux/services/dev/plausible.nix @@ -22,14 +22,14 @@ in { baseUrl = "https://${cfg.domain}"; disableRegistration = true; - secretKeybaseFile = config.sops.secrets.plausible-key.path; + secretKeybaseFile = config.age.secrets.plausible-key.path; }; adminUser = { activate = true; name = "isabel"; email = "isabel@${cfg.domain}"; - passwordFile = config.sops.secrets.plausible-admin.path; + passwordFile = config.age.secrets.plausible-admin.path; }; database.postgres = { diff --git a/modules/base/services/dev/wakapi.nix b/modules/linux/services/dev/wakapi.nix similarity index 90% rename from modules/base/services/dev/wakapi.nix rename to modules/linux/services/dev/wakapi.nix index 444dd2165..f96b84b82 100644 --- a/modules/base/services/dev/wakapi.nix +++ b/modules/linux/services/dev/wakapi.nix @@ -30,8 +30,8 @@ in { host = "/run/postgresql"; }; - passwordSaltFile = config.sops.secrets.wakapi.path; - smtpPasswordFile = config.sops.secrets.wakapi-mailer.path; + passwordSaltFile = config.age.secrets.wakapi.path; + smtpPasswordFile = config.age.secrets.wakapi-mailer.path; settings = { app.avatar_url_template = "https://www.gravatar.com/avatar/{email_hash}.png"; diff --git a/modules/base/services/kanidm.nix b/modules/linux/services/kanidm.nix similarity index 100% rename from modules/base/services/kanidm.nix rename to modules/linux/services/kanidm.nix diff --git a/modules/base/services/mailserver.nix b/modules/linux/services/mailserver.nix similarity index 90% rename from modules/base/services/mailserver.nix rename to modules/linux/services/mailserver.nix index b81b71252..06e06bf35 100644 --- a/modules/base/services/mailserver.nix +++ b/modules/linux/services/mailserver.nix @@ -24,13 +24,6 @@ in { # required for roundcube networking.firewall.allowedTCPPorts = [80 443]; - systemd.services = let - template = {after = ["sops-nix.service"];}; - in { - roundcube = template; - mailserver = template; - }; - mailserver = { enable = true; openFirewall = true; @@ -77,7 +70,7 @@ in { loginAccounts = { "isabel@${rdomain}" = { - hashedPasswordFile = config.sops.secrets.mailserver-isabel.path; + hashedPasswordFile = config.age.secrets.mailserver-isabel.path; aliases = [ "isabel" "isabelroses" @@ -96,27 +89,27 @@ in { "git@${rdomain}" = { aliases = ["git" "git@${rdomain}"]; - hashedPasswordFile = config.sops.secrets.mailserver-git.path; + hashedPasswordFile = config.age.secrets.mailserver-git.path; }; "vaultwarden@${rdomain}" = { aliases = ["vaultwarden" "bitwarden" "bitwarden@${rdomain}"]; - hashedPasswordFile = config.sops.secrets.mailserver-vaultwarden.path; + hashedPasswordFile = config.age.secrets.mailserver-vaultwarden.path; }; "grafana@${rdomain}" = { aliases = ["grafana" "monitor" "monitor@${rdomain}"]; - hashedPasswordFile = config.sops.secrets.mailserver-grafana.path; + hashedPasswordFile = config.age.secrets.mailserver-grafana.path; }; "noreply@${rdomain}" = { aliases = ["noreply"]; - hashedPasswordFile = config.sops.secrets.mailserver-noreply.path; + hashedPasswordFile = config.age.secrets.mailserver-noreply.path; }; "spam@${rdomain}" = { aliases = ["spam" "shush" "shush@${rdomain}" "stfu" "stfu@${rdomain}"]; - hashedPasswordFile = config.sops.secrets.mailserver-spam.path; + hashedPasswordFile = config.age.secrets.mailserver-spam.path; }; }; diff --git a/modules/base/services/media/default.nix b/modules/linux/services/media/default.nix similarity index 100% rename from modules/base/services/media/default.nix rename to modules/linux/services/media/default.nix diff --git a/modules/base/services/media/jellyfin.nix b/modules/linux/services/media/jellyfin.nix similarity index 100% rename from modules/base/services/media/jellyfin.nix rename to modules/linux/services/media/jellyfin.nix diff --git a/modules/base/services/media/matrix.nix b/modules/linux/services/media/matrix.nix similarity index 98% rename from modules/base/services/media/matrix.nix rename to modules/linux/services/media/matrix.nix index 1ea69047b..03b68bd04 100644 --- a/modules/base/services/media/matrix.nix +++ b/modules/linux/services/media/matrix.nix @@ -62,7 +62,7 @@ in { matrix-synapse = { enable = true; - extraConfigFiles = [config.sops.secrets.matrix.path]; + extraConfigFiles = [config.age.secrets.matrix.path]; settings = { withJemalloc = true; enable_registration = true; diff --git a/modules/base/services/media/nextcloud.nix b/modules/linux/services/media/nextcloud.nix similarity index 96% rename from modules/base/services/media/nextcloud.nix rename to modules/linux/services/media/nextcloud.nix index c6620451c..966410de1 100644 --- a/modules/base/services/media/nextcloud.nix +++ b/modules/linux/services/media/nextcloud.nix @@ -50,7 +50,7 @@ in { config = { adminuser = "isabel"; - adminpassFile = config.sops.secrets.nextcloud-passwd.path; + adminpassFile = config.age.secrets.nextcloud-passwd.path; # database dbtype = "pgsql"; diff --git a/modules/base/services/media/photoprism.nix b/modules/linux/services/media/photoprism.nix similarity index 100% rename from modules/base/services/media/photoprism.nix rename to modules/linux/services/media/photoprism.nix diff --git a/modules/base/services/monitoring/default.nix b/modules/linux/services/monitoring/default.nix similarity index 94% rename from modules/base/services/monitoring/default.nix rename to modules/linux/services/monitoring/default.nix index 7e1b1a8fa..b1926a91a 100644 --- a/modules/base/services/monitoring/default.nix +++ b/modules/linux/services/monitoring/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./grafana diff --git a/modules/base/services/monitoring/grafana/dashboards.nix b/modules/linux/services/monitoring/grafana/dashboards.nix similarity index 100% rename from modules/base/services/monitoring/grafana/dashboards.nix rename to modules/linux/services/monitoring/grafana/dashboards.nix diff --git a/modules/base/services/monitoring/grafana/dashboards/uptime-02.json b/modules/linux/services/monitoring/grafana/dashboards/uptime-02.json similarity index 100% rename from modules/base/services/monitoring/grafana/dashboards/uptime-02.json rename to modules/linux/services/monitoring/grafana/dashboards/uptime-02.json diff --git a/modules/base/services/monitoring/grafana/default.nix b/modules/linux/services/monitoring/grafana/default.nix similarity index 97% rename from modules/base/services/monitoring/grafana/default.nix rename to modules/linux/services/monitoring/grafana/default.nix index bee7266b7..6ffe2a3e3 100644 --- a/modules/base/services/monitoring/grafana/default.nix +++ b/modules/linux/services/monitoring/grafana/default.nix @@ -42,7 +42,7 @@ in { enabled = true; user = mailer; - password = "$__file{" + config.sops.secrets.mailserver-grafana-nohash.path + "}"; + password = "$__file{" + config.age.secrets.mailserver-grafana-nohash.path + "}"; host = "${config.modules.services.mailserver.domain}:465"; from_address = mailer; diff --git a/modules/base/services/monitoring/loki.nix b/modules/linux/services/monitoring/loki.nix similarity index 100% rename from modules/base/services/monitoring/loki.nix rename to modules/linux/services/monitoring/loki.nix diff --git a/modules/base/services/monitoring/prometheus.nix b/modules/linux/services/monitoring/prometheus.nix similarity index 100% rename from modules/base/services/monitoring/prometheus.nix rename to modules/linux/services/monitoring/prometheus.nix diff --git a/modules/base/services/monitoring/uptime-kuma.nix b/modules/linux/services/monitoring/uptime-kuma.nix similarity index 100% rename from modules/base/services/monitoring/uptime-kuma.nix rename to modules/linux/services/monitoring/uptime-kuma.nix diff --git a/modules/base/services/networking/cloudflared.nix b/modules/linux/services/networking/cloudflared.nix similarity index 85% rename from modules/base/services/networking/cloudflared.nix rename to modules/linux/services/networking/cloudflared.nix index 59a1fd2a0..bb54b6745 100644 --- a/modules/base/services/networking/cloudflared.nix +++ b/modules/linux/services/networking/cloudflared.nix @@ -12,7 +12,7 @@ in { enable = true; tunnels.${config.networking.hostName} = { - credentialsFile = "${config.sops.secrets.cloudflared-hydra.path}"; + credentialsFile = "${config.age.secrets.cloudflared-hydra.path}"; default = "http_status:404"; # example of jellyfin diff --git a/modules/base/services/networking/default.nix b/modules/linux/services/networking/default.nix similarity index 94% rename from modules/base/services/networking/default.nix rename to modules/linux/services/networking/default.nix index deb48c367..ad5ed6331 100644 --- a/modules/base/services/networking/default.nix +++ b/modules/linux/services/networking/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./cloudflared.nix ./headscale.nix diff --git a/modules/base/services/networking/headscale.nix b/modules/linux/services/networking/headscale.nix similarity index 100% rename from modules/base/services/networking/headscale.nix rename to modules/linux/services/networking/headscale.nix diff --git a/modules/base/services/networking/nginx.nix b/modules/linux/services/networking/nginx.nix similarity index 93% rename from modules/base/services/networking/nginx.nix rename to modules/linux/services/networking/nginx.nix index b0b9108ad..d85f05f34 100644 --- a/modules/base/services/networking/nginx.nix +++ b/modules/linux/services/networking/nginx.nix @@ -19,7 +19,7 @@ in { "*.${cfg.domain}" ]; dnsProvider = "cloudflare"; - credentialsFile = config.sops.secrets."cloudflare-cert-api".path; + credentialsFile = config.age.secrets."cloudflare-cert-api".path; }; }; }; diff --git a/modules/base/services/vaultwarden.nix b/modules/linux/services/vaultwarden.nix similarity index 85% rename from modules/base/services/vaultwarden.nix rename to modules/linux/services/vaultwarden.nix index b100a9d31..d12eb0e0d 100644 --- a/modules/base/services/vaultwarden.nix +++ b/modules/linux/services/vaultwarden.nix @@ -10,18 +10,15 @@ in { config = mkIf cfg.enable { # this forces the system to create backup folder - systemd.services = { - vaultwarden.after = ["sops-nix.service"]; - backup-vaultwarden.serviceConfig = { - User = "root"; - Group = "root"; - }; + systemd.services.backup-vaultwarden.serviceConfig = { + User = "root"; + Group = "root"; }; services = { vaultwarden = { enable = true; - environmentFile = config.sops.secrets.vaultwarden-env.path; + environmentFile = config.age.secrets.vaultwarden-env.path; backupDir = "/srv/storage/vaultwarden/backup"; config = { DOMAIN = "https://${cfg.domain}"; diff --git a/modules/base/services/vikunja.nix b/modules/linux/services/vikunja.nix similarity index 96% rename from modules/base/services/vikunja.nix rename to modules/linux/services/vikunja.nix index 89a2277a6..58970bdc7 100644 --- a/modules/base/services/vikunja.nix +++ b/modules/linux/services/vikunja.nix @@ -24,7 +24,7 @@ in { frontendHostname = cfg.domain; frontendScheme = "https"; - environmentFiles = [config.sops.secrets.vikunja-env.path]; + environmentFiles = [config.age.secrets.vikunja-env.path]; database = { type = "postgres"; diff --git a/modules/base/services/website.nix b/modules/linux/services/website.nix similarity index 100% rename from modules/base/services/website.nix rename to modules/linux/services/website.nix diff --git a/modules/base/host/virtualization.nix b/modules/linux/virtualization.nix similarity index 100% rename from modules/base/host/virtualization.nix rename to modules/linux/virtualization.nix diff --git a/modules/profiles/hardware/desktop/default.nix b/modules/profiles/hardware/desktop/default.nix new file mode 100644 index 000000000..0967ef424 --- /dev/null +++ b/modules/profiles/hardware/desktop/default.nix @@ -0,0 +1 @@ +{} diff --git a/modules/profiles/hardware/laptop/default.nix b/modules/profiles/hardware/laptop/default.nix index 912a7e93e..093f22984 100644 --- a/modules/profiles/hardware/laptop/default.nix +++ b/modules/profiles/hardware/laptop/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./power diff --git a/modules/profiles/hardware/server/default.nix b/modules/profiles/hardware/server/default.nix index fd666d096..14812ea03 100644 --- a/modules/profiles/hardware/server/default.nix +++ b/modules/profiles/hardware/server/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./users ]; diff --git a/modules/profiles/hardware/server/users/default.nix b/modules/profiles/hardware/server/users/default.nix index c9e9e6d19..d8438c3ae 100644 --- a/modules/profiles/hardware/server/users/default.nix +++ b/modules/profiles/hardware/server/users/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./git.nix ]; diff --git a/modules/profiles/meta/workstation/default.nix b/modules/profiles/meta/workstation/default.nix index 21f2d8c6a..0abe3db90 100644 --- a/modules/profiles/meta/workstation/default.nix +++ b/modules/profiles/meta/workstation/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./programs ./services diff --git a/modules/profiles/meta/workstation/programs/default.nix b/modules/profiles/meta/workstation/programs/default.nix index 45944546c..ab8287909 100644 --- a/modules/profiles/meta/workstation/programs/default.nix +++ b/modules/profiles/meta/workstation/programs/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./ccache.nix ./cli.nix diff --git a/modules/profiles/meta/workstation/programs/flatpak.nix b/modules/profiles/meta/workstation/programs/flatpak.nix index f16aaab30..e84297687 100644 --- a/modules/profiles/meta/workstation/programs/flatpak.nix +++ b/modules/profiles/meta/workstation/programs/flatpak.nix @@ -1,4 +1,4 @@ -_: { +{ # enable flatpak services.flatpak.enable = true; diff --git a/modules/profiles/meta/workstation/services/default.nix b/modules/profiles/meta/workstation/services/default.nix index 65c768cb7..6daaf2b55 100644 --- a/modules/profiles/meta/workstation/services/default.nix +++ b/modules/profiles/meta/workstation/services/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./gnome.nix ./location.nix diff --git a/modules/profiles/meta/workstation/system/default.nix b/modules/profiles/meta/workstation/system/default.nix index 9b36398d8..e96058952 100644 --- a/modules/profiles/meta/workstation/system/default.nix +++ b/modules/profiles/meta/workstation/system/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./fonts.nix ./misc.nix diff --git a/secrets/amity-key.age b/secrets/amity-key.age new file mode 100644 index 000000000..25448aa2a Binary files /dev/null and b/secrets/amity-key.age differ diff --git a/secrets/aur-key-pub.age b/secrets/aur-key-pub.age new file mode 100644 index 000000000..2b4c64a19 Binary files /dev/null and b/secrets/aur-key-pub.age differ diff --git a/secrets/aur-key.age b/secrets/aur-key.age new file mode 100644 index 000000000..73971b618 Binary files /dev/null and b/secrets/aur-key.age differ diff --git a/secrets/cloudflare-cert-api.age b/secrets/cloudflare-cert-api.age new file mode 100644 index 000000000..1e961ada0 --- /dev/null +++ b/secrets/cloudflare-cert-api.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 95443g TXVm7VaD1VAUqUCLHsA2QlLmrX0VS1/TWu/nK8DzMR4 +mj1g7unJkHgYDbTiFgY0uF40gX0Cs4/8LfTqD+Euhmo +--- 4Kq3gMhLokY5iAGAuMBLx+gysqHjq1xPJqWECoVpZPw +phaJ%/Z]ͱw{l𓎿jnk#.fJ7 ==q~p+?π.d#zmcI$OVgsNGu0ԪV1c$?ث|(#ҰtG4?u9\Q/S]EݍAw9 \ No newline at end of file diff --git a/secrets/cloudflared-hydra.age b/secrets/cloudflared-hydra.age new file mode 100644 index 000000000..5d33cad4e --- /dev/null +++ b/secrets/cloudflared-hydra.age @@ -0,0 +1,6 @@ +age-encryption.org/v1 +-> ssh-ed25519 95443g dxnv9EdLo7PYU88HNGeBetUdRkSaPpPD1MtmhdSpqCc +7uoDi75+dRfuLFsDZM9e2om6hyHZoJRjKwnoAx5IcAc +--- ahbDLPlQ5nGinpqlVXUg0Hrq0nUoLxEIO7KwATMazZg +,!&."x_%%;JKK{@N_>x"en왕GWxK!ɰ0<jNX +'ƺuXS#&Xwz*ޤ!Ԭgv+rffR|+Y8P mZB}K'L˫aqDzkCg5Jj.@nj \ No newline at end of file diff --git a/secrets/gh-key-pub.age b/secrets/gh-key-pub.age new file mode 100644 index 000000000..5eed838bf --- /dev/null +++ b/secrets/gh-key-pub.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 95443g AFE4N+ZwRLrg5mEk4zD62bN7zW5dyNfoR1QIkMJxdls +pCFE1wzy+2XvgaaQBXZmQTfmgnYs4HSfxgYNGmQRpr8 +--- PyS1pgU26e8JP1bFIUSAz3ciLcL2QT/HCre8QwZ57hk +Ut(6kcg(#Ӈ0 ^S6^5J"ry4X|sٙsYAV^"eeA?M0J>u %ߴ{YrK# \ No newline at end of file diff --git a/secrets/gh-key.age b/secrets/gh-key.age new file mode 100644 index 000000000..afccd69e2 Binary files /dev/null and b/secrets/gh-key.age differ diff --git a/secrets/git-credentials.age b/secrets/git-credentials.age new file mode 100644 index 000000000..0fcee9f94 Binary files /dev/null and b/secrets/git-credentials.age differ diff --git a/secrets/mailserver-database.age b/secrets/mailserver-database.age new file mode 100644 index 000000000..99604d912 --- /dev/null +++ b/secrets/mailserver-database.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 95443g 39o46Lj9yYt7jdFrqSqCRj3aQY29t0j+oxnCECBpgWg +NlwDxI1L40tMX5BoNliTxH3DibtPsgq+jiivcT+CdCw +--- 4BxuANTTGfcHdOqBKY6OgGd+6dSwd3IXdMZHEQwZYpk +2xB"[lo 񒈺(bS\X}} \ No newline at end of file diff --git a/secrets/mailserver-git-nohash.age b/secrets/mailserver-git-nohash.age new file mode 100644 index 000000000..9e6159ca2 Binary files /dev/null and b/secrets/mailserver-git-nohash.age differ diff --git a/secrets/mailserver-git.age b/secrets/mailserver-git.age new file mode 100644 index 000000000..b0d284f08 --- /dev/null +++ b/secrets/mailserver-git.age @@ -0,0 +1,6 @@ +age-encryption.org/v1 +-> ssh-ed25519 95443g MUyXHBy061+f5ZlbOss4vAJOaj6/jzXO/HL5L8jcbyE +zopxAHqHKyTFGvRkugP+7ooJpjjb1zk0luQVE/pJOhI +--- G1nodqUpq9vt/FKe78Ksp3MOCBSL9pNPs80NocDuZks +?vq^5/oNƮ(7 ){8 Y1(fEifqծnGä] +0Ԇhω1W \ No newline at end of file diff --git a/secrets/mailserver-grafana-nohash.age b/secrets/mailserver-grafana-nohash.age new file mode 100644 index 000000000..2b1fbdf55 --- /dev/null +++ b/secrets/mailserver-grafana-nohash.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 95443g JbSY95NEUZM6L59tzBJ488tZaT2zGB1xWZoyfhgUlxU +UzVUqIQ9nU8OFui75IQ6WdN7dfUpcgvEC3p9b0nt9/E +--- cgC+SRBU0Dz7qbzBvsmk3NmdIwjgWFi7cOPGSmcvTgI +UFx7͔1=Mׅ듹&2%/HHn{{oyh(!ϸ6 \ No newline at end of file diff --git a/secrets/mailserver-grafana.age b/secrets/mailserver-grafana.age new file mode 100644 index 000000000..4729bf4df --- /dev/null +++ b/secrets/mailserver-grafana.age @@ -0,0 +1,6 @@ +age-encryption.org/v1 +-> ssh-ed25519 95443g 3KCGcEnLHfwX+5xO1M4iRS9xQj/QfVxX61u9Emw+b1A +kPPL8MjuFeezIRPY4GjbSShlgsk32rmSmPZCqs9d5kA +--- d6uVHLOKju2lltR8fnsoY9OrUoIWo/PR8aeVTTAxvmo +g#xO͆ɅDV)Y_$13Lyg˓Q(9LsQ$}l&"a + o W/ \ No newline at end of file diff --git a/secrets/mailserver-isabel.age b/secrets/mailserver-isabel.age new file mode 100644 index 000000000..5f08612b4 --- /dev/null +++ b/secrets/mailserver-isabel.age @@ -0,0 +1,6 @@ +age-encryption.org/v1 +-> ssh-ed25519 95443g CgWVkS16dyT/7bVB1vYKM29/J4mcOqmnnv8H7wuZwDA +D4eOOKhOjEjVYJd4BV12kG0ac0vLuPolii+aCrv/RoU +--- 1cRtUU8AhDo/kojT9ODffRPRjOURfXyRbi6d+ZbOhiE +y n/ߜ/P 4AϿRCz!Jg`vk xMsΰT\? +م =}mLKN蘂<>g(( \ No newline at end of file diff --git a/secrets/mailserver-noreply.age b/secrets/mailserver-noreply.age new file mode 100644 index 000000000..3221ae90e Binary files /dev/null and b/secrets/mailserver-noreply.age differ diff --git a/secrets/mailserver-spam.age b/secrets/mailserver-spam.age new file mode 100644 index 000000000..4aff8088d --- /dev/null +++ b/secrets/mailserver-spam.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 95443g bmraUWqvwy4Zeg5m2A+cOtrZx8kxLcRuOXitB9RCei8 +IA5eCTfdM6Kyf9xs7UV/BSTfNt263pck0VPSAXanv+Y +--- oxHK2KYWRhEko/dRCFz3Q+XOvyqhBSUHdbC4DSCDQ0Y +@Jվg ssh-ed25519 95443g am6hjrcWPE+HicnVMy1r2b6EoqvIqyuYGwkAoxYl1nU +UjmiB0IH7TOY9BfbxJ8EQGafG5NLDgwxb7BHGirmq8A +--- KiuG8Zl3eSF/6bVaCCENwZ52lVMTnNZiMx7oX877PqU +loV};v?Fz `%Fg 5^ 6!Y1Z"o>eO71ǖIPGHMLdbj5 \ No newline at end of file diff --git a/secrets/matrix.age b/secrets/matrix.age new file mode 100644 index 000000000..4143cee46 --- /dev/null +++ b/secrets/matrix.age @@ -0,0 +1,6 @@ +age-encryption.org/v1 +-> ssh-ed25519 95443g bDEqPtJ4ckQNmnN/KwR6ShUTaL05IIhSd4LO6MstS00 +25rO2ulvPt+OCEJcM/tXQNQakOhcbWLz50At0vqKc+8 +--- sfzb7nyGcdJJEVqcPmgurNDqeNbQ8czHxfiwDno5MQw +Yz3˼6vCWnr7:,;׫n-zpmG +q:z\mV˰6%qd|PeE@ sWiRЂ>iplMjԇwCh \ No newline at end of file diff --git a/secrets/mongodb-passwd.age b/secrets/mongodb-passwd.age new file mode 100644 index 000000000..2fb70af0b --- /dev/null +++ b/secrets/mongodb-passwd.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 95443g XdfwIb7csVkWM+CU3mjZU7PJS3otNSg+fm3taKf6oGU +57zzckUJTgqZLwAqOZwkqeIeRsyR34uzNr+WuQZc9IY +--- ATyfP6vcS3GlRnpNdzVx84gnH8gwZS/zE2SdvzWiN60 + 2]Ϊn}և[]=ǝdM0%+C)l \ No newline at end of file diff --git a/secrets/nextcloud-passwd.age b/secrets/nextcloud-passwd.age new file mode 100644 index 000000000..cbfa5babe --- /dev/null +++ b/secrets/nextcloud-passwd.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 95443g cu8mc2HEMu34H3Y8sEEUEu7R7GvjpmLoYLjDdqIUHng +rVqV0qBsHqbLtyxD20/2h7PiHvqXt3gSZHrO0zlIF6c +--- BYBVSySVWltYhvqpT856Kf7vdqI9UtHdmV1aRZL+a9I +y*ߦMJ뤆hU"8_+ӓ}䴳9)b \ No newline at end of file diff --git a/secrets/nixos-key-pub.age b/secrets/nixos-key-pub.age new file mode 100644 index 000000000..969142cd2 --- /dev/null +++ b/secrets/nixos-key-pub.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 95443g pPYcfhHwxew/rTGXRRpuhGf+jpcZ2/TWkBguiqrEZzc +YTRt5S3zjSZ8smE8novV1I1xOFDECMqxlWsjTw6Xfs0 +--- 4lLXOuNHYi2Gzmaml7u7eAi4qZMQby41tECOJJGe8qg +ςVEmpY4!Mи{kކ0q&秕% B)kTxf{apaZ?%e)!ve_S1jl~Ŋ<"sea.X׶a3`&2[:X \ No newline at end of file diff --git a/secrets/nixos-key.age b/secrets/nixos-key.age new file mode 100644 index 000000000..e2926a5b9 Binary files /dev/null and b/secrets/nixos-key.age differ diff --git a/secrets/openvpn-key.age b/secrets/openvpn-key.age new file mode 100644 index 000000000..7a57afa4f Binary files /dev/null and b/secrets/openvpn-key.age differ diff --git a/secrets/plausible-admin.age b/secrets/plausible-admin.age new file mode 100644 index 000000000..cc9cdb0c1 --- /dev/null +++ b/secrets/plausible-admin.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 95443g rBVxCVpTXnV/aoagavEGoca+b4CBcOUIeZIuQN2PwWY +Sqe8T5P4mL3EEy+ESm9oT3rfgT1WzMvZ4pt3wDDJtpA +--- wQ8P1tt84mwBCgFh7dSkeujaZiDJbZzcoLqUZ0j8V1o +yĄ+zІ[v$A3rwǐqkaJJr^{wF'7eF \ No newline at end of file diff --git a/secrets/plausible-key.age b/secrets/plausible-key.age new file mode 100644 index 000000000..60a98f902 --- /dev/null +++ b/secrets/plausible-key.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 95443g sIOSOwhDLo42R3glFyiChWkCLPwrqFycSETDfemOwB0 +yuZvYs1SxywralnJkaKPk+iBgfPRZ156iks11YQJsyM +--- eT0+aFOw+TcQRKCak3KVOrjcYNyXA4JX+YzUI9RT3QA +~Rvw".4=D2 X=b`!4Ym*w$) w] (Q{X~SQ;G9f=&P \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 000000000..75d78b5ac --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,60 @@ +let + users.isabel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQDiHbMSinj8twL9cTgPOfI6OMexrTZyHX27T8gnMj2 isabel@isabelroses.com"; + + # hosts = { + # hydra = ""; + # }; + + default = [users.isabel]; +in { + "git-credentials.age".publicKeys = default; + "wakatime.age".publicKeys = default; + + # git ssh keys + "gh-key.age".publicKeys = default; + "gh-key-pub.age".publicKeys = default; + "aur-key.age".publicKeys = default; + "aur-key-pub.age".publicKeys = default; + + # ORACLE vps' + "openvpn-key.age".publicKeys = default; + "amity-key.age".publicKeys = default; + + # All nixos machines + "nixos-key.age".publicKeys = default; + "nixos-key-pub.age".publicKeys = default; + + # server + "cloudflared-hydra.age".publicKeys = default; + "cloudflare-cert-api.age".publicKeys = default; + + # mailserver + "mailserver-isabel.age".publicKeys = default; + "mailserver-vaultwarden.age".publicKeys = default; + "mailserver-database.age".publicKeys = default; + "mailserver-grafana.age".publicKeys = default; + "mailserver-git.age".publicKeys = default; + "mailserver-noreply.age".publicKeys = default; + "mailserver-spam.age".publicKeys = default; + + "mailserver-grafana-nohash.age".publicKeys = default; + "mailserver-git-nohash.age".publicKeys = default; + + "vikunja-env.age".publicKeys = default; + + "nextcloud-passwd.age".publicKeys = default; + + "vaultwarden-env.age".publicKeys = default; + + "matrix.age".publicKeys = default; + + # plausable + "plausible-key.age".publicKeys = default; + "plausible-admin.age".publicKeys = default; + + #wakapi + "wakapi.age".publicKeys = default; + "wakapi-mailer.age".publicKeys = default; + + "mongodb-passwd.age".publicKeys = default; +} diff --git a/secrets/vaultwarden-env.age b/secrets/vaultwarden-env.age new file mode 100644 index 000000000..8ce27b63e Binary files /dev/null and b/secrets/vaultwarden-env.age differ diff --git a/secrets/vikunja-env.age b/secrets/vikunja-env.age new file mode 100644 index 000000000..e8f228132 --- /dev/null +++ b/secrets/vikunja-env.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 95443g 555kZs29Oz1butxdINT6zYchcdjbLS7VVHGHOkN7WSo +RgBm+uEPNTc1djDgc/PlJyd8f2uG3CHMVtFEjC+fPSY +--- Gl6xkq+7HzkP5I5NSBWk4GkJWnloOPISLSIAQWm00nU +>9$H̝xg{Kgm2X8 RMft}ڦlܾRX651ճSn2w]rª ، \ No newline at end of file diff --git a/secrets/wakapi-mailer.age b/secrets/wakapi-mailer.age new file mode 100644 index 000000000..f525e4cca Binary files /dev/null and b/secrets/wakapi-mailer.age differ diff --git a/secrets/wakapi.age b/secrets/wakapi.age new file mode 100644 index 000000000..bf569f4a2 Binary files /dev/null and b/secrets/wakapi.age differ diff --git a/secrets/wakatime.age b/secrets/wakatime.age new file mode 100644 index 000000000..49fb0820c Binary files /dev/null and b/secrets/wakatime.age differ