steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

feat(firefox): only set all profiles for steveej; nix fmt

Browse source
This commit is contained in:
steveej 2025-06-05 16:51:51 +02:00
parent aa1aa835d4
commit 1083d0e717
36 changed files with 709 additions and 1201 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nix/home-manager/profiles/sway-desktop.nix
View file

@ -217,7 +217,7 @@ in
window.commands = [
{
command = "border pixel 0, floating enable, fullscreen disable, move absolute position 0 0";
criteria.app_id= "flameshot";
criteria.app_id = "flameshot";
}
];
};

120
nix/home-manager/programs/firefox.nix
View file

@ -329,65 +329,67 @@ in
enable = true;
package = pkgs.firefox;
profiles = mkProfiles {
"personal" = mkProfile {
id = 0;
isDefault = true;
color = colors.blue;
};
"comms" = mkProfile {
id = 1;
color = colors.blue;
};
"admin" = mkProfile {
id = 2;
color = colors.blue;
};
"infra" = mkProfile {
id = 3;
color = colors.blue;
};
"finance" = mkProfile {
id = 4;
color = colors.yellow;
};
"business-admin" = mkProfile {
id = 5;
color = colors.teal;
};
"business-comms" = mkProfile {
id = 6;
color = colors.teal;
};
"business-dev" = mkProfile {
id = 7;
color = colors.teal;
};
"holo-dev" = mkProfile {
id = 8;
color = colors.green;
};
"holo-infra" = mkProfile {
id = 9;
color = colors.green;
};
"holo-comms" = mkProfile {
id = 10;
color = colors.green;
};
"justyna" = mkProfile {
id = 11;
color = colors.pink;
};
"justyna-office" = mkProfile {
id = 12;
color = colors.pink;
};
"tech-research" = mkProfile {
id = 13;
color = colors.purple;
};
};
profiles =
lib.filterAttrs (_: v: config.home.username == "steveej" || (v.isDefault or false))
(mkProfiles {
"personal" = mkProfile {
id = 0;
isDefault = true;
color = colors.blue;
};
"comms" = mkProfile {
id = 1;
color = colors.blue;
};
"admin" = mkProfile {
id = 2;
color = colors.blue;
};
"infra" = mkProfile {
id = 3;
color = colors.blue;
};
"finance" = mkProfile {
id = 4;
color = colors.yellow;
};
"business-admin" = mkProfile {
id = 5;
color = colors.teal;
};
"business-comms" = mkProfile {
id = 6;
color = colors.teal;
};
"business-dev" = mkProfile {
id = 7;
color = colors.teal;
};
"holo-dev" = mkProfile {
id = 8;
color = colors.green;
};
"holo-infra" = mkProfile {
id = 9;
color = colors.green;
};
"holo-comms" = mkProfile {
id = 10;
color = colors.green;
};
"justyna" = mkProfile {
id = 11;
color = colors.pink;
};
"justyna-office" = mkProfile {
id = 12;
color = colors.pink;
};
"tech-research" = mkProfile {
id = 13;
color = colors.purple;
};
});
# policies = {
# # search via policy. the other one doesn't always work because of schema version mismatch

86
nix/os/containers/mailserver_secrets.yaml
View file

@ -7,47 +7,47 @@ dovecotSslServerCert: ENC[AES256_GCM,data:ylK0IIj2vdY0mXOqSgA5zYmFYGote/uMtDWy2r
dovecotSslServerKey: ENC[AES256_GCM,data:KYpQZbioLGrp/6R6j/c4uJhBpoDT2aj7UffQQug8Otzr/0rk51tavsjg4YRQGIv+ZpFYpWAuHbhW4O8AsRgpi0AX3hKsZICEdNubfK5zfd+SInXveaVFbHHjOuzcqftraUrqx9APu+omk4LlpxpWTbj/bAcRnRBn0C093AeJNi1giaCZd4NxmmkYqwYzrjUc6LYHvICEnjA87ZVpeOKE/6B2Ng5QWDKhZNmjy7YDXAk4DS+P2grLmoGvnz6ubtaypSzaKXYTFz/uxEvtCCPlIaJHm3Nz0i0j1rjX3S/w3c26zuIFtwCmAQzGnHyQwbx7ILwCXfnyQnpM7+R5+fxcYvcK2GEJyTGzg/JFa++TI1YO+wpknjzxK3Sa8aX0pUbx/TEjnY3+tRnx7YNuih2ZNZrPHy8uJJtO9Aef84Sq5vLQG5n1/ya0pVhjCbs1pgpeK/qT3ikLbkcJg6NxAq3hqqQdR4TTkZBwKLVfzcMXLDZB0GphhVvtO0W7afRCE+nA/FPDT2NN6WLD15cN5F8w6USi0iQlwFb+TE8nt1ghhoGmwCMx+lX1Bk/jdIlYtJ62T8+T3nRVJ6ZRlUa1rkbAADaWZVvLR2/ylaEkeYFo/CC6lUg4DWPCVoGFxaWaU+ZaIDjbiYcqGQFBwq8JZ44hAOyJQpb7N1zgDVyPh/xr+ukmjutFuu97FY55VTn+8eipRiR4TZpPRH+KvB/FmlLNaim76YZCRH9Dv2ENbz9fXpWv7P+yh06+ci9HKvjNAzR6NRr368tK2srEEhWzFv+nAsRetzc2VcfwNMcg5/mvlWHVZSmONXC5adEo/W5XgJgUnH/fkz5IRPY/1iteq8PTCPUkubzF+qT2+suzEDnvgXlaKsqHkrk+n8YySl+GRABnasmnBYdb8vboDM41ptw3PXDoL+l07o6KxTwPOWWl9BVNMT8VzL7gAl+dlxjkEUSqn53OrsYDluxefBa3c0rfvk8CCvOMjgLkagK9O+VavqJEo00zd3f0ZzMcIoRebuDzYILw3DTrG/qyLXGsRoybBr+qcuSVBzM5RnjcToFJO4W/0EIdH1drZmqHdNgSNwPPRSNCivrhV25syUCrTee/xkDVUr47z67pK/5Mh0ewlwq0hcl/dBoA0YP/PptntK0CHfistD8chNtdMk3PyzqSiFaDPQ3T4wdc3zTNUjXeQ5643k5weJXFPg4tUuCCa8HxUJHd5sLnNY0OaRBwh2SLkQlcXYFQDzVHSoVscR3tf+57L7aF2hVQT2QtJKdZQjOyMg5YK0UlVc3tkyPZzyjOVaP7eTCRKwXI1NminHmmy1ZzZ+w+8+oX8cfvE9HdbqDoDp0MnkicS0+5S0lZwkRWrjUx/gS4aMWLbCHUQHY8wm+fmyDLJ/oI4ukdUI5YLOutlCsIY+aotnVMoORgdd/EPeZVYJmci/pvMjPF9Eard0aD4rLA7z/HwGgc3VEGmNluE+20BXO3bFIqwa9tzMqzOJB0qglP35MjVGiUe6Svq13DAmSOnzN+WqcVbTMJG8J1bwKqvmaN8AEpO0zU94ZhHspUtGyQQ0D6sMsw9jqJ1WyLE7aXeFR6OHrpw3DC2mCpr/qX8QFsveeyB83Za2+CuVVi2sqGAKYzkwlUPkeuaxfBak0apwJsF2trT1uMvPOuIda8k4XhtYLxah2BDJZIoMqUVz2xcN4OuW8bdSX/lepsyZZO34VEQDLBa2dxCCHJmCKf6io/0YlswNKGDQh+DI935KTdqBnHSJ9IjvADQuu+K37aS0L9V0ZLXiM5SBQtbB7kQpHjvivq97ru7QpFqJf8HCl1vDs4gJ/NV+J0+CX6dQTQOtHvwxD2CPGiiSv40ycoJAcwiqTh5T+hRPtca6bSes/jGN5iQjfLCRbwvL/ItLLAK3F2cEIdKZnfhJkdEAIwWFLvR4R5I7ZcCK5GgKz5dPROup8BAONA8XxcJWXaXV0YkfEmCDbZYMFC7pcx4NAnGp881RyAaG/HlstBHHVagpP2fwZ8K0J/2KPillOq/Die+vNc2++hx4EuftvNkZhSd+7zIYNKHQd0M4Ea74flgmmW5lG73bE1BkhVd2DsgEDihH19/vJjFH4PxKINKp0ij4jMyq9w+WsGiUqSDaQz/MZJ8wjzaSjvmSj4qlOAitr/s3f041e77rMb0W2ieCtYEy7IsebIqIWgKn/crm5FhyUtBCPEqFZgAKS313bXUio8LktqXCrZjZ0ZG8DmQG6hnK4PstKlIUQoNuFnb8Bp1zDgY4i2hb6Zmu7NnqnOaJJTjSGwaZOav0oMousn67BuFtwoMaGp+OjCopZ3HPfg19usnjvWpOgccXWYlQc0HOlGXUq+otKlXtQwAjUvz50GmV+lY3t4rpCgqk+pj9iH62xuzDQ01FOXl+v3Ehnw97mNJk9YarueG0Hl/1f6dhwXnjeEv35LLyWUjQolOoYgycEkgQ/cCCOSm7zgK1VT0oTLFISai8IG0qDP9HCszteHZhp+y4bsXQfAJTY11QLr7hx9/nQmVlHksDN5Wsno4wbkT+D2xb5EaDU2RBqZfTVcbRBWRtAhQcRPxdaUXyI7oKEaFg8fvQZ8wK/Ae+L18ub+Latb5W69dUVT6I13tPleXDl1oen9BXzaX7sygSpY4lJoXlu+SCKyNTMrC36PrB39QUWosw03ZsiKT5xjgN5+1m32yv4cg8lAwNCR4xxShrnhSbZ328yifaAuTnSawZmUGBVxPx4glVcvNUOXW2UvVtmeKU0SG1E+UGBAq7/UfaadMM7BsjyaaKpBa/tXZTm0rn8UiFqujvgNjQ3F/3ybRdlO5d6eMI9Na+1gqg6qxYSGR0H0wAdPhtyGRxpumehAQGeMKd49Sg6jspaf3NAjjuZ0Yp+eJV9652WqVZ7xtCNqRURV353h+XPGR+ZZ9siHRDQ+NcbxPkfbHw0/RTvZvEIdaDi5+DLh6tgIxMEtOpwTlfFrOUDaIcmWvzk92VtBFuafvoGzTipryTnMszjCsUTvyEPN8jPd6r8UmOFGXF2aVNksmn/bI97i4s1kYLgY8XsEOyx+Q9pUTkTEMn2JWgnEcSOAtaX1ZskHnfueKzUPb+/YWb+z8SNCgnUqHqa42qBqwlhdshzYhhfKhEisUptirzzp1kcbyHrug5PzHxh8Qri2pjHxSHYQ5sjig6K6B1YEuHP6uo19fL6BdgGlhKroiOF/6TMAcE9V3+yqvDdsW/IC0QXLHIBKC7wlDgLc25ltGogD/76P6tViDAb6+HNSSXJO056Ovq0z2BrXhnq1AmWa99mVnOLJwafRWPZC,iv:XxnAsh6yx9gICi3N6oTttpGXvguGZImWNIMp9srDJLM=,tag:M9gFSD5PNIfoCLet6Vy6QA==,type:str]
hetznerDnsApiToken: ENC[AES256_GCM,data:JfL4Xg9TZu4Og35g0SwfrI1uxiqgdFa7p5AQcfiPwLY=,iv:yOak3uXX7CNglu8O2UW/1sOI7BGZxpRQAFJCvRbzU0Y=,tag:6orkQIy7BxACziLWpYoS5Q==,type:str]
sops:
age:
- recipient: age1tkvtkw62xy90xc5xdcq836wgyrwlwmdslh76cete5g98vvvhj34qvwdw0g
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArQjVya2RyY1MxQUxtTHdX
MGlZRWdxZ3VXb01KbCtTSkJMR3dkZkZ0UGw0CitXcldZT3NJWExYZG50QnowMVhV
WDBpc0VFYjZnZDJDSWhUcHFHTzBiYkUKLS0tIFlrMmlxUkNVZExSNGN4VlMxcUw1
VW8rSVdDcGZKcHpocjdqZldiaFpqRlUKfQNcKrI6PuyeFv06Es8NsHm8I7NzxJ1k
ir088kx66xcXeEiyA4DnIcAWG9O6HEVXXnSahAIE2jcupSSouDF3ug==
-----END AGE ENCRYPTED FILE-----
- recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0OGlqTEhtaGR2Yi8vTVcv
NUtvd0ptS3h5Rnd1RGNuYlY2bHMrUmpKWHhRCkJpYjloQWhSM0FsNlNYSVcvWktV
VkkvblAyRXBadUJjK3h3c2JJbDZHc0kKLS0tIEhMbVZsekM5VDRhbDB0KzdyK1li
dWdhSGtFN1oybGpIb294ZE0zcDFUaEkK/AyEXeVmiYk1/IZdkyNGN4bccMFx5+JE
BazBF2NkztUWnyhqRvyp0cBucx7h/HhRSzqxwSr20lvv8XpRPGh8Iw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-17T12:01:21Z"
mac: ENC[AES256_GCM,data:003nzaNWdXLscJy9XZcwAb93M9Eo3Bdg9s5MHHiv4/TitaaZE7VghWHKv5DrcoA0GGdN9SnIVqHd+o6OPVER91XLVxoiX7ixtlu1RIRfqdama3RRPtSki5wP5wPz6qF4vRBIKfrTpZK7thXLYs2NhCB9HJYljNhcgLtzEG5bWgY=,iv:tEP530Pij3bt3hc5PCYGjFFyPiKgo34dHm23Xtmrxt8=,tag:macr/U8R5+wktTBJ9OqI/w==,type:str]
pgp:
- created_at: "2025-06-05T09:49:08Z"
enc: |-
-----BEGIN PGP MESSAGE-----
age:
- recipient: age1tkvtkw62xy90xc5xdcq836wgyrwlwmdslh76cete5g98vvvhj34qvwdw0g
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArQjVya2RyY1MxQUxtTHdX
MGlZRWdxZ3VXb01KbCtTSkJMR3dkZkZ0UGw0CitXcldZT3NJWExYZG50QnowMVhV
WDBpc0VFYjZnZDJDSWhUcHFHTzBiYkUKLS0tIFlrMmlxUkNVZExSNGN4VlMxcUw1
VW8rSVdDcGZKcHpocjdqZldiaFpqRlUKfQNcKrI6PuyeFv06Es8NsHm8I7NzxJ1k
ir088kx66xcXeEiyA4DnIcAWG9O6HEVXXnSahAIE2jcupSSouDF3ug==
-----END AGE ENCRYPTED FILE-----
- recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0OGlqTEhtaGR2Yi8vTVcv
NUtvd0ptS3h5Rnd1RGNuYlY2bHMrUmpKWHhRCkJpYjloQWhSM0FsNlNYSVcvWktV
VkkvblAyRXBadUJjK3h3c2JJbDZHc0kKLS0tIEhMbVZsekM5VDRhbDB0KzdyK1li
dWdhSGtFN1oybGpIb294ZE0zcDFUaEkK/AyEXeVmiYk1/IZdkyNGN4bccMFx5+JE
BazBF2NkztUWnyhqRvyp0cBucx7h/HhRSzqxwSr20lvv8XpRPGh8Iw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-17T12:01:21Z"
mac: ENC[AES256_GCM,data:003nzaNWdXLscJy9XZcwAb93M9Eo3Bdg9s5MHHiv4/TitaaZE7VghWHKv5DrcoA0GGdN9SnIVqHd+o6OPVER91XLVxoiX7ixtlu1RIRfqdama3RRPtSki5wP5wPz6qF4vRBIKfrTpZK7thXLYs2NhCB9HJYljNhcgLtzEG5bWgY=,iv:tEP530Pij3bt3hc5PCYGjFFyPiKgo34dHm23Xtmrxt8=,tag:macr/U8R5+wktTBJ9OqI/w==,type:str]
pgp:
- created_at: "2025-06-05T09:49:08Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAw+OdhfgD3wfAQ/8DFSjoJYmO4+yvi4WT6mgrlzmAIvX0Ozch9XY+6DDOwiN
746QgI6FI5NpmayTbhddhL1J3tiWkzOyAMhxd8JVNDdZHDJ9lDMCq5s/6yYJZvst
qpoU2pjeYFc+ag+H7m8d5dIaR352aBlKw+MMGOvBinM+5qAWNWo1Vams/9HV3BAV
vsFKLSj3eo3/MjjzY3bPlfBwhkDnudzfVJXcY7GhbVVzaQKXosoGjMfCKvSQNMWr
z52P40pfkXx1nWUt79G4xcH/G+lCUlz93RmS89sLS+YrrjKGQc4xcYpqpNjy5Xdw
rz+nGuOsMKXqLuxYJVuiTcxN0agVily9BTifUYiJZfS9cpbMvLwTyUOcc64EVCKH
Gg0b5l5DhyUKKk3klzgeXTlj2zPhKjGVT2MnZShZRspfGfV6T7iP761YD4ucaExd
1+/cegyfeCNAykt4lD6ACeQXRLDs8rU2hUjpN3J6AemLW+Aj/ZnRVZWzgIvnDEEY
pyz/rAk5J6m7Q7909TcMuFg3j9ENeJZuRSwxwF0MRUYLZByKCH3QY9CE3mCh7Xni
p5znHpYaYqNIoiTmbBcxEx4mYRXUkorLTJXt4AO7zQB24ZReLDRsSzvrnQqyLIdA
b4pK2k2/L0Hagu2SZFvfhgw4qWZpIlgcoOVbe2dkmbIXMbjb8SuF/2jFwushALjS
XAG+iXYORCrvsuJoNjnQtSW0OGqYwuNNvWo2Ymyg2sA6CW+O6gsCZpZE0FKHcbl/
FxgecFBl+P6Dk4OOewie+E4cZWIq2uXQch8QPSk5huuyUms6VZI2fre83dMv
=mHmB
-----END PGP MESSAGE-----
fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
unencrypted_suffix: _unencrypted
version: 3.7.3
hQIMAw+OdhfgD3wfAQ/8DFSjoJYmO4+yvi4WT6mgrlzmAIvX0Ozch9XY+6DDOwiN
746QgI6FI5NpmayTbhddhL1J3tiWkzOyAMhxd8JVNDdZHDJ9lDMCq5s/6yYJZvst
qpoU2pjeYFc+ag+H7m8d5dIaR352aBlKw+MMGOvBinM+5qAWNWo1Vams/9HV3BAV
vsFKLSj3eo3/MjjzY3bPlfBwhkDnudzfVJXcY7GhbVVzaQKXosoGjMfCKvSQNMWr
z52P40pfkXx1nWUt79G4xcH/G+lCUlz93RmS89sLS+YrrjKGQc4xcYpqpNjy5Xdw
rz+nGuOsMKXqLuxYJVuiTcxN0agVily9BTifUYiJZfS9cpbMvLwTyUOcc64EVCKH
Gg0b5l5DhyUKKk3klzgeXTlj2zPhKjGVT2MnZShZRspfGfV6T7iP761YD4ucaExd
1+/cegyfeCNAykt4lD6ACeQXRLDs8rU2hUjpN3J6AemLW+Aj/ZnRVZWzgIvnDEEY
pyz/rAk5J6m7Q7909TcMuFg3j9ENeJZuRSwxwF0MRUYLZByKCH3QY9CE3mCh7Xni
p5znHpYaYqNIoiTmbBcxEx4mYRXUkorLTJXt4AO7zQB24ZReLDRsSzvrnQqyLIdA
b4pK2k2/L0Hagu2SZFvfhgw4qWZpIlgcoOVbe2dkmbIXMbjb8SuF/2jFwushALjS
XAG+iXYORCrvsuJoNjnQtSW0OGqYwuNNvWo2Ymyg2sA6CW+O6gsCZpZE0FKHcbl/
FxgecFBl+P6Dk4OOewie+E4cZWIq2uXQch8QPSk5huuyUms6VZI2fre83dMv
=mHmB
-----END PGP MESSAGE-----
fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
unencrypted_suffix: _unencrypted
version: 3.7.3

86
nix/os/containers/webserver_secrets.yaml
View file

@ -9,47 +9,47 @@ FORGEJO_JWT_SECRET: ENC[AES256_GCM,data:nVz9x7+K+rBIZxuQP7o0WNFHUz89eR9cwBjfSAx9
FORGEJO_INTERNAL_TOKEN: ENC[AES256_GCM,data:EIono9HSyvp1nQM0ij3ln3IUXO4moFbRgVddeV0BZBXmZG05jdjZ1SIXo/BxoSmRKnjllR7P00CpajNM5zORldlsBId5oAYL5GZtY3/nmxeXucJidknuow22G7Z8wRJJGBdishbgQhmc,iv:1D93gTUF1+DUR8qLJgML+oUhvSslhxEjGnbBC/PWHXw=,tag:NZB+mwba4TzLcUANZLDRTw==,type:str]
FORGEJO_SECRET_KEY: ENC[AES256_GCM,data:CewYFZtcXKUD5/oSM0Q32rhw+urdA0eQhdYp8EFHUXxEtL6f5NWK6IOwIlMuEv1/FjtTWlqxWekOZpmxBRzwnw==,iv:qLyVB7Nc+rDbBoO5g82/vPdykwOATHCSDLhvS+fK9PM=,tag:4NMhUvKmrRd6qrcQq3R8wA==,type:str]
sops:
age:
- recipient: age1tkvtkw62xy90xc5xdcq836wgyrwlwmdslh76cete5g98vvvhj34qvwdw0g
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuTitidDZpWVJsZWxmWDFa
emdyTSszczVNbDhZSlVjeWRDMDdXQmg4QmpBCmNLZ0tob2hsRHhlTXY5VHZEY01T
MUtRdUxBM0lmeEo2OVBMdElrYVVvY1EKLS0tIHIwWllkQU9RRjF1U0F0OWdCKzlq
Y3ZxSWI3MUxQNEljNXlUSnlTdlpxazAKKjJYqcDsBzo6yOYDkgtBZntxhsHjqOyZ
yg5G8vtuOiDvPLvODzI/I9VupGyLwEkxaFc67bpg4u/1Cql7oaAADQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsdFg1cm9JTFFyUmYxb1ZP
WWtKTDE4bDBya3pWakJ0bFVkSnZvdExGMlNVCmo0N1BvNnV4MERUTjU2blUzbngv
VDduRWd2K1VlK1k2OWp6L0JhTERnOUEKLS0tIGV0aFZMTGRHNW5HUUhGRkYxNGMz
dHJwN0R1eHkyWXpiVDlRcldHT0gvV28KRiwauYvF4CCu5LeW7+kR3GSkZ+rpIbsC
JF9vV3rxbE9SdJ3nP6CyYQX7tQ6rbXtOKawq3k+z4zV/Dw7gYSNn5Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-16T12:28:51Z"
mac: ENC[AES256_GCM,data:nrd2czzJlBcFfwn6lzh4qqco+/XsU2J6BqvQqMtskh3mL4Xx25IAzxiCno0KlNGr6o4YsuZP5anOX9RvrDq76Us3JQ7pDi3iQGPhmg+SE9u3Rwqn1/3YConvdfPV2DNB+tuyG3UVoRqpA4d+HdcYjN9n1UKk54R6UdSm9UrA+zc=,iv:Juupyet09zUAMu7bmVxq+/Q0bXJAzR0wAyt6vKNns3w=,tag:owdUWuXrQcDdiWi+1geY9A==,type:str]
pgp:
- created_at: "2025-06-05T09:49:08Z"
enc: |-
-----BEGIN PGP MESSAGE-----
age:
- recipient: age1tkvtkw62xy90xc5xdcq836wgyrwlwmdslh76cete5g98vvvhj34qvwdw0g
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuTitidDZpWVJsZWxmWDFa
emdyTSszczVNbDhZSlVjeWRDMDdXQmg4QmpBCmNLZ0tob2hsRHhlTXY5VHZEY01T
MUtRdUxBM0lmeEo2OVBMdElrYVVvY1EKLS0tIHIwWllkQU9RRjF1U0F0OWdCKzlq
Y3ZxSWI3MUxQNEljNXlUSnlTdlpxazAKKjJYqcDsBzo6yOYDkgtBZntxhsHjqOyZ
yg5G8vtuOiDvPLvODzI/I9VupGyLwEkxaFc67bpg4u/1Cql7oaAADQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsdFg1cm9JTFFyUmYxb1ZP
WWtKTDE4bDBya3pWakJ0bFVkSnZvdExGMlNVCmo0N1BvNnV4MERUTjU2blUzbngv
VDduRWd2K1VlK1k2OWp6L0JhTERnOUEKLS0tIGV0aFZMTGRHNW5HUUhGRkYxNGMz
dHJwN0R1eHkyWXpiVDlRcldHT0gvV28KRiwauYvF4CCu5LeW7+kR3GSkZ+rpIbsC
JF9vV3rxbE9SdJ3nP6CyYQX7tQ6rbXtOKawq3k+z4zV/Dw7gYSNn5Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-16T12:28:51Z"
mac: ENC[AES256_GCM,data:nrd2czzJlBcFfwn6lzh4qqco+/XsU2J6BqvQqMtskh3mL4Xx25IAzxiCno0KlNGr6o4YsuZP5anOX9RvrDq76Us3JQ7pDi3iQGPhmg+SE9u3Rwqn1/3YConvdfPV2DNB+tuyG3UVoRqpA4d+HdcYjN9n1UKk54R6UdSm9UrA+zc=,iv:Juupyet09zUAMu7bmVxq+/Q0bXJAzR0wAyt6vKNns3w=,tag:owdUWuXrQcDdiWi+1geY9A==,type:str]
pgp:
- created_at: "2025-06-05T09:49:08Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAw+OdhfgD3wfAQ/8DIuNUO6tpyuG0j4Ros6MjHs1USkfY+2ntzqyugGe4OpA
cXLzXWGT7pCxE6bcd7FepG/Nln17219siP9PX1WqEl324GnKXjbAbczjnu/9ggeF
bUWBhKFwGivVXDfO8VusG0MN41tJMoDwAelaJdgnXnbAwHISJ20UzFtnTBx67ALs
5pqHzOf7uuY7eZbl79iEiBJ8Ecj/Y3yrcANbVXQtET7X5629nTMHuizFsym9fy0p
6elwdrJSGPlncWA/+wsec5WIxwOsrLoEz8rvFpZJo/YI4/5heiL6RmgqKODzAhFp
+PD/VoksJQ0lynzH2jBUKNte7UU5fyMAn9CEu0eY7sNRHpEKWjj/uPoWPkaV3JQ/
Au2YN9VV0qkyqYZ/6mU1L+Ukaci3kG/hJKM9MxXZ6rVEsuOnbuHPgW9jW/xogo38
/522CAF+NThKPWbiS/VDHyUsH+h2ubh9jGyFuesP/dNhXbc+6vkcIIBgfsb2IWt1
Fc2fvUlX9tpJYobk3PmyR88DHv4pXPkgIIEqW6JUHmkjdH+q82sGsRtni58eWUj6
DXn09tSpM3gu02wlqobca1qrOIKVsQJ/bHB4p6PRFoeqx6Yzfdy8h4WvT75PONGD
DGW7uLYo/ISb/SDgbclNw6vlYsI7ZFtYDTWxtCjrYXFBqRSMftgreRwhi8gU0rTS
XAFXAkIp4B0y8cfxofqJyDsZmil0gJraJpkz/Y0JA+jXlQ2jHlC03xoMZIn60RKn
XI91UY65PAyoQ0LROa/TRBFCLJarLFcCSeth4MhDq06f4spXYtCV9i+2HNBj
=bUJ6
-----END PGP MESSAGE-----
fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
unencrypted_suffix: _unencrypted
version: 3.8.1
hQIMAw+OdhfgD3wfAQ/8DIuNUO6tpyuG0j4Ros6MjHs1USkfY+2ntzqyugGe4OpA
cXLzXWGT7pCxE6bcd7FepG/Nln17219siP9PX1WqEl324GnKXjbAbczjnu/9ggeF
bUWBhKFwGivVXDfO8VusG0MN41tJMoDwAelaJdgnXnbAwHISJ20UzFtnTBx67ALs
5pqHzOf7uuY7eZbl79iEiBJ8Ecj/Y3yrcANbVXQtET7X5629nTMHuizFsym9fy0p
6elwdrJSGPlncWA/+wsec5WIxwOsrLoEz8rvFpZJo/YI4/5heiL6RmgqKODzAhFp
+PD/VoksJQ0lynzH2jBUKNte7UU5fyMAn9CEu0eY7sNRHpEKWjj/uPoWPkaV3JQ/
Au2YN9VV0qkyqYZ/6mU1L+Ukaci3kG/hJKM9MxXZ6rVEsuOnbuHPgW9jW/xogo38
/522CAF+NThKPWbiS/VDHyUsH+h2ubh9jGyFuesP/dNhXbc+6vkcIIBgfsb2IWt1
Fc2fvUlX9tpJYobk3PmyR88DHv4pXPkgIIEqW6JUHmkjdH+q82sGsRtni58eWUj6
DXn09tSpM3gu02wlqobca1qrOIKVsQJ/bHB4p6PRFoeqx6Yzfdy8h4WvT75PONGD
DGW7uLYo/ISb/SDgbclNw6vlYsI7ZFtYDTWxtCjrYXFBqRSMftgreRwhi8gU0rTS
XAFXAkIp4B0y8cfxofqJyDsZmil0gJraJpkz/Y0JA+jXlQ2jHlC03xoMZIn60RKn
XI91UY65PAyoQ0LROa/TRBFCLJarLFcCSeth4MhDq06f4spXYtCV9i+2HNBj
=bUJ6
-----END PGP MESSAGE-----
fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
unencrypted_suffix: _unencrypted
version: 3.8.1

42
nix/os/devices/elias-e525/user.nix
View file

@ -1,30 +1,36 @@
{ config, pkgs, ... }:
{ config, lib, ... }:
let
keys = import ../../../variables/keys.nix;
inherit (pkgs.callPackage ../../lib/default.nix { }) mkUser;
inherit (import ../../lib/default.nix { inherit lib config; }) mkUser deepMergeAttrsets;
in
{
sops.secrets.sharedUsers-elias = {
sopsFile = ../../../../secrets/shared-users.yaml;
neededForUsers = true;
format = "yaml";
};
deepMergeAttrsets [
sops.secrets.sharedUsers-justyna = {
sopsFile = ../../../../secrets/shared-users.yaml;
neededForUsers = true;
format = "yaml";
};
{
sops.secrets.sharedUsers-elias = {
sopsFile = ../../../../secrets/shared-users.yaml;
neededForUsers = true;
format = "yaml";
};
users.extraUsers.elias = mkUser {
sops.secrets.sharedUsers-justyna = {
sopsFile = ../../../../secrets/shared-users.yaml;
neededForUsers = true;
format = "yaml";
};
}
(mkUser {
username = "elias";
uid = 1001;
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
hashedPasswordFile = config.sops.secrets.sharedUsers-elias.path;
};
})
users.extraUsers.justyna = mkUser {
(mkUser {
username = "justyna";
uid = 1002;
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
hashedPasswordFile = config.sops.secrets.sharedUsers-justyna.path;
};
}
})
]

12
nix/os/devices/justyna-p300/boot.nix
View file

@ -1,12 +0,0 @@
{ lib, ... }:
{
boot.loader.grub.efiInstallAsRemovable = lib.mkForce false;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
boot.loader.grub.efiSupport = lib.mkForce false;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
# boot.initrd.availableKernelModules = stage1Modules;
boot.extraModprobeConfig = "";
}

14
nix/os/devices/justyna-p300/configuration.nix
View file

@ -1,14 +0,0 @@
{ ... }:
{
imports = [
../../profiles/common/configuration.nix
../../profiles/graphical/configuration.nix
../../profiles/graphical-gnome-xorg.nix
./system.nix
./hw.nix
./pkg.nix
./user.nix
./boot.nix
];
}

29
nix/os/devices/justyna-p300/default.nix
View file

@ -1,29 +0,0 @@
{
nodeName,
repoFlake,
nodeFlake,
...
}:
let
system = "x86_64-linux";
in
{
meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake;
packages' = repoFlake.packages.${system};
};
meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; };
${nodeName} = {
deployment.targetHost = nodeName;
deployment.replaceUnknownProfiles = false;
# deployment.allowLocalDeployment = true;
imports = [
nodeFlake.inputs.home-manager.nixosModules.home-manager
./configuration.nix
];
};
}

70
nix/os/devices/justyna-p300/flake.lock generated
View file

@ -1,70 +0,0 @@
{
"nodes": {
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1689977778,
"narHash": "sha256-lvz4hZO/EP6xLJQIrEdHdYWi/Uz49HCAownL5HZUy1M=",
"owner": "nix-community",
"repo": "disko",
"rev": "7b186e0f812a7c54a1fa86b8f7c0f01afecc69c2",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1687871164,
"narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.05",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1689885880,
"narHash": "sha256-2ikAcvHKkKh8J/eUrwMA+wy1poscC+oL1RkN1V3RmT8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "fa793b06f56896b7d1909e4b69977c7bf842b2f0",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"disko": "disko",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

13
nix/os/devices/justyna-p300/flake.nix
View file

@ -1,13 +0,0 @@
{
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
inputs.home-manager = {
url = "github:nix-community/home-manager/release-23.05";
inputs.nixpkgs.follows = "nixpkgs";
};
inputs.disko.url = "github:nix-community/disko";
inputs.disko.inputs.nixpkgs.follows = "nixpkgs";
outputs = _: { };
}

42
nix/os/devices/justyna-p300/hw.nix
View file

@ -1,42 +0,0 @@
{ nodeFlake, ... }:
{
imports = [ nodeFlake.inputs.disko.nixosModules.disko ];
disko.devices.disk.sda = {
device = "/dev/sda";
type = "disk";
content = {
type = "table";
format = "gpt";
partitions = [
{
name = "boot";
start = "0";
end = "1M";
part-type = "primary";
flags = [ "bios_grub" ];
}
{
name = "root";
start = "1M";
end = "100%";
part-type = "primary";
bootable = true;
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
subvolumes = {
# Subvolume name is different from mountpoint
"/rootfs" = {
mountpoint = "/";
};
"/nix" = {
mountOptions = [ "noatime" ];
};
};
};
}
];
};
};
}

72
nix/os/devices/justyna-p300/pkg.nix
View file

@ -1,72 +0,0 @@
{
pkgs,
lib,
packages',
...
}:
let
homeEnv = keyboard: {
imports = [
../../../home-manager/profiles/common.nix
../../../home-manager/configuration/graphical-gnome3.nix
../../../home-manager/programs/firefox.nix
../../../home-manager/programs/libreoffice.nix
../../../home-manager/programs/neovim.nix
];
home.keyboard = keyboard;
home.packages = with pkgs; [
dia
rustdesk
];
};
in
{
services.gnome = builtins.mapAttrs (_attr: value: lib.mkForce value) {
gnome-remote-desktop.enable = true;
};
services.printing.drivers = lib.mkForce (
with packages';
[
dcpj4110dwDriver
dcpj4110dwCupswrapper
]
);
services.printing.extraConf = ''
LogLevel debug
'';
home-manager.users.steveej = homeEnv {
layout = "en";
options = [ "nodeadkey" ];
variant = "altgr-intl";
};
home-manager.users.elias = homeEnv {
layout = "de";
options = [ ];
variant = "";
};
home-manager.users.justyna =
lib.attrsets.recursiveUpdate
(homeEnv {
layout = "de";
options = [ ];
variant = "";
})
{
services.syncthing.enable = true;
services.syncthing.tray = true;
home.packages = with pkgs; [ session-desktop ];
};
system.stateVersion = "21.11";
}

48
nix/os/devices/justyna-p300/system.nix
View file

@ -1,48 +0,0 @@
{ pkgs, lib, ... }:
let
passwords = import ../../../variables/passwords.crypt.nix;
in
{
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [
# iperf3
5201
];
networking.firewall.logRefusedConnections = false;
networking.usePredictableInterfaceNames = false;
services.fprintd.enable = true;
security.pam.services = {
login.fprintAuth = true;
sudo.fprintAuth = true;
};
time.timeZone = lib.mkForce passwords.timeZone.justyna;
services = {
xserver = {
layout = lib.mkForce "de";
xkbVariant = lib.mkForce "";
xkbOptions = lib.mkForce "";
displayManager.autoLogin.enable = true;
displayManager.autoLogin.user = lib.mkForce "justyna";
displayManager.gdm.enable = lib.mkForce true;
displayManager.lightdm.enable = lib.mkForce false;
desktopManager.gnome.enable = true;
};
# dbus.packages = [ pkgs.gnome3.dconf ];
# udev.packages = [ pkgs.gnome3.gnome-settings-daemon ];
};
security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
services.xserver.videoDrivers = [ "modesetting" ];
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
nix.gc = {
automatic = true;
};
}

30
nix/os/devices/justyna-p300/user.nix
View file

@ -1,30 +0,0 @@
{ config, pkgs, ... }:
let
keys = import ../../../variables/keys.nix;
inherit (pkgs.callPackage ../../lib/default.nix { }) mkUser;
in
{
sops.secrets.sharedUsers-elias = {
sopsFile = ../../../../secrets/shared-users.yaml;
neededForUsers = true;
format = "yaml";
};
sops.secrets.sharedUsers-justyna = {
sopsFile = ../../../../secrets/shared-users.yaml;
neededForUsers = true;
format = "yaml";
};
users.extraUsers.elias = mkUser {
uid = 1001;
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
passwordFile = config.sops.secrets.sharedUsers-elias.path;
};
users.extraUsers.justyna = mkUser {
uid = 1002;
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
passwordFile = config.sops.secrets.sharedUsers-justyna.path;
};
}

5
nix/os/devices/steveej-pa600/boot.nix
View file

@ -1,5 +0,0 @@
{ lib, ... }:
{
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
}

13
nix/os/devices/steveej-pa600/configuration.nix
View file

@ -1,13 +0,0 @@
{ ... }:
{
imports = [
../../profiles/common/configuration.nix
../../profiles/graphical/configuration.nix
../../modules/opinionatedDisk.nix
./system.nix
./hw.nix
./pkg.nix
./user.nix
];
}

23
nix/os/devices/steveej-pa600/hw.nix
View file

@ -1,23 +0,0 @@
_:
let
stage1Modules = [
"aesni_intel"
"kvm-intel"
"aes_x86_64"
"xhci_pci"
"hxci_hcd"
];
in
{
# TASK: new device
hardware.opinionatedDisk = {
enable = true;
encrypted = true;
diskId = "ata-TOSHIBA_MK1652GSX_Y8B9CL6XT";
};
# boot.initrd.availableKernelModules = stage1Modules;
boot.initrd.kernelModules = stage1Modules;
boot.extraModprobeConfig = "";
}

11
nix/os/devices/steveej-pa600/pkg.nix
View file

@ -1,11 +0,0 @@
{ pkgs, ... }:
{
nixpkgs.config.packageOverrides =
pkgs: with pkgs; {
inherit ((import ../../../default.nix { versionsPath = ./versions.nix; })) nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix {
inherit pkgs;
};
system.stateVersion = "20.09";
}

43
nix/os/devices/steveej-pa600/system.nix
View file

@ -1,43 +0,0 @@
{ pkgs, lib, ... }:
{
# TASK: new device
networking.hostName = "steveej-pa600"; # Define your hostname.
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [
# iperf3
5201
];
networking.firewall.logRefusedConnections = false;
networking.usePredictableInterfaceNames = false;
services.printing = {
enable = true;
drivers = with pkgs; [
hplip
mfcl3770cdw.driver
mfcl3770cdw.cupswrapper
];
};
services.fprintd.enable = true;
security.pam.services = {
login.fprintAuth = true;
sudo.fprintAuth = true;
};
security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
services.xserver.videoDrivers = [ "modesetting" ];
services.xserver.serverFlagsSection = ''
Option "BlankTime" "0"
Option "StandbyTime" "0"
Option "SuspendTime" "0"
Option "OffTime" "0"
'';
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
hardware.ledger.enable = true;
}

11
nix/os/devices/steveej-pa600/user.nix
View file

@ -1,11 +0,0 @@
{ pkgs, ... }:
let
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { inherit (pkgs) lib; }) mkUser;
in
{
users.extraUsers.steveej2 = mkUser {
uid = 1001;
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
};
}

29
nix/os/devices/steveej-pa600/versions.nix
View file

@ -1,29 +0,0 @@
let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-20.09";
rev = "e065200fc90175a8f6e50e76ef10a48786126e1c";
};
in
{
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = "2f47650c2f28d87f86ab807b8a339c684d91ec56";
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "cb7c39605051c7b268f8e0c5c47818a06b5d88c5";
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-20.09";
rev = "22f6736e628958f05222ddaadd7df7818fe8f59d";
};
}

37
nix/os/devices/steveej-pa600/versions.tmpl.nix
View file

@ -1,37 +0,0 @@
let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-20.09";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in
{
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '
' -%>'';
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-20.09";
rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '
' -%>'';
};
}

77
nix/os/lib/default.nix
View file

@ -1,43 +1,52 @@
{ lib, config }:
let
keys = import ../../variables/keys.nix;
deepMergeAttrsets =
listOfAttrsets: lib.foldl' (acc: cur: lib.recursiveUpdate acc cur) { } listOfAttrsets;
in
{
mkUser =
args:
lib.mkMerge [
{
isNormalUser = true;
extraGroups = [
"docker"
"podman"
"wheel"
"libvirtd"
"networkmanager"
"vboxusers"
"users"
"input"
"audio"
"video"
"cdrom"
"adbusers"
"dialout"
"cdrom"
"fuse"
"adbusers"
"scanner"
"lp"
"kvm"
];
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
inherit deepMergeAttrsets;
# TODO: investigate why this secret cannot be found
# openssh.authorizedKeys.keyFiles = [
# config.sops.secrets.sharedSshKeys-steveej.path
# ];
}
args
];
mkUser =
args@{ username, ... }:
{
users.users.${username} = deepMergeAttrsets [
{
isNormalUser = true;
extraGroups = [
"docker"
"podman"
"wheel"
"libvirtd"
"networkmanager"
"vboxusers"
"users"
"input"
"audio"
"video"
"cdrom"
"adbusers"
"dialout"
"cdrom"
"fuse"
"adbusers"
"scanner"
"lp"
"kvm"
];
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
# TODO: investigate why this secret cannot be found
# openssh.authorizedKeys.keyFiles = [
# config.sops.secrets.sharedSshKeys-steveej.path
# ];
}
(builtins.removeAttrs args [ "username" ])
];
home-manager.users.${username}.home.username = username;
};
disk = rec {
# TODO: verify the GPT PARTLABEL cap at 36 chars

36
nix/os/profiles/common/user.nix
View file

@ -1,6 +1,5 @@
{
config,
pkgs,
lib,
...
}:
@ -8,8 +7,7 @@ let
keys = import ../../../variables/keys.nix;
inherit
(import ../../lib/default.nix {
inherit (pkgs) lib;
inherit config;
inherit lib config;
})
mkUser
;
@ -37,13 +35,13 @@ in
# TODO: test if this works
installPassword = lib.mkOption {
default = "";
type = types.str;
default = null;
type = types.nullOr types.str;
};
};
config = lib.mkIf cfg.enable (
lib.mkMerge [
(lib.mkIf (cfg.installPassword == "") {
(lib.mkIf (cfg.installPassword == null) {
sops.secrets.sharedUsers-root = {
sopsFile = ../../../../secrets/shared-users.yaml;
neededForUsers = true;
@ -64,7 +62,7 @@ in
})
{
users.mutableUsers = cfg.installPassword != "";
users.mutableUsers = cfg.installPassword != null;
users.users.root = lib.mkMerge [
{ openssh.authorizedKeys.keys = keys.users.steveej.openssh; }
@ -74,20 +72,18 @@ in
(lib.mkIf (cfg.installPassword == "") { hashedPasswordFile = cfg.rootPasswordFile; })
];
users.users.steveej = lib.mkIf cfg.enableNonRoot (
mkUser (
lib.mkMerge [
{ uid = 1000; }
(lib.mkIf (cfg.installPassword != "") { password = cfg.installPassword; })
(lib.mkIf (cfg.installPassword == "") {
hashedPasswordFile = config.sops.secrets.sharedUsers-steveej.path;
})
]
)
);
}
(lib.mkIf cfg.enableNonRoot (mkUser {
username = "steveej";
uid = 1000;
password = cfg.installPassword;
hashedPasswordFile = lib.mkIf (
cfg.installPassword == null
) config.sops.secrets.sharedUsers-steveej.path;
}))
]
);
}

6
nix/os/profiles/graphical-gnome-xorg.nix
View file

@ -66,8 +66,8 @@
programs.seahorse.enable = true;
programs.dconf.enable = true;
environment.gnome.excludePackages =
(with pkgs; [
environment.gnome.excludePackages = with pkgs;
[
orca
gnome-photos
gnome-tour
@ -81,7 +81,7 @@
evince # document viewer
gnome-characters
totem # video player
]);
];
services.pipewire = {
audio.enable = true;

3
nix/os/snippets/nix-settings.nix
View file

@ -4,9 +4,6 @@
lib,
...
}:
let
pkgsUnstable = import nodeFlake.inputs.nixpkgs-unstable { inherit (pkgs) system config; };
in
{
nix.daemonCPUSchedPolicy = "idle";
nix.daemonIOSchedClass = "idle";