diff --git a/flake.nix b/flake.nix index fb09fd8..729e553 100644 --- a/flake.nix +++ b/flake.nix @@ -226,6 +226,15 @@ (commonConfig {}) ]; }; + "sencha" = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + home-manager.nixosModules.home-manager + agenix.nixosModules.default + ./machines/sencha + (commonConfig {}) + ]; + }; }; colmena = { meta = { diff --git a/machines/sencha/default.nix b/machines/sencha/default.nix new file mode 100644 index 0000000..316d35c --- /dev/null +++ b/machines/sencha/default.nix @@ -0,0 +1,41 @@ +{pkgs, ...}: { + imports = [./hardware.nix ../common/gui]; + + boot = { + kernelPackages = pkgs.linuxPackages_latest; + kernelParams = ["quiet" "splash"]; + }; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.initrd.luks.devices."luks-c1c666de-2c68-4d50-98f1-3974ef424ff3".device = "/dev/disk/by-uuid/c1c666de-2c68-4d50-98f1-3974ef424ff3"; + + hardware = {bluetooth.enable = true;}; + + networking = { + hostName = "sencha"; + networkmanager.enable = true; + firewall.enable = true; + }; + + services = { + blueman.enable = true; + openssh.enable = true; + pcscd.enable = true; + }; + + virtualisation.docker.enable = true; + + users.users.olheiser.isNormalUser = true; + users.users.jolheiser = { + extraGroups = ["wheel" "docker" "storage"]; + isNormalUser = true; + }; + + environment.systemPackages = with pkgs; [ + firefox + ]; + + system.stateVersion = "22.11"; +} diff --git a/machines/sencha/hardware.nix b/machines/sencha/hardware.nix new file mode 100644 index 0000000..096e4e1 --- /dev/null +++ b/machines/sencha/hardware.nix @@ -0,0 +1,42 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" "rtsx_usb_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/d1f561b1-bc50-4e34-9ca6-e973d2d9437a"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-75db2e03-a875-43ee-8ca8-70507b421641".device = "/dev/disk/by-uuid/75db2e03-a875-43ee-8ca8-70507b421641"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/A8A8-1D01"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/5c3eb124-674b-4315-890d-137275aab504"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index b2fb11a..0cf619b 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,11 +1,12 @@ let - jolheiser = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrPUqk9v7FE7OgMDaOMdlnItiXSDkmS+eU94RzQFiMS nix"; - matcha = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZxjkZLj/9xvmg1enK+B7k8qf6Px0j4kTZ2caQfYmB1 root@matcha"; - chai = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7PS9SJ+OVrUku9dPUQZigioy+r3VlFHVntsa/F7AdM root@chai"; - masala = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0bnlygiFqNwl0mHxcD+t78bTsn1NcHm6L2B4le4FtS root@nixos"; - dragonwell = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN32Cwxer2AOGvEqSqXSPp49gj1VtR7G2XmPnmXj6o53 root@dragonwell"; + jolheiser = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrPUqk9v7FE7OgMDaOMdlnItiXSDkmS+eU94RzQFiMS"; + matcha = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZxjkZLj/9xvmg1enK+B7k8qf6Px0j4kTZ2caQfYmB1"; + sencha = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJurjAMu4IXgpBwgUP0QvE2ySE5/Orn/yflkdWVvy6Am"; + chai = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7PS9SJ+OVrUku9dPUQZigioy+r3VlFHVntsa/F7AdM"; + masala = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0bnlygiFqNwl0mHxcD+t78bTsn1NcHm6L2B4le4FtS"; + dragonwell = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN32Cwxer2AOGvEqSqXSPp49gj1VtR7G2XmPnmXj6o53"; - all = [jolheiser matcha chai masala dragonwell]; + all = [jolheiser matcha sencha chai masala dragonwell]; in { "shared/ssh-config.age".publicKeys = all; "shared/ssh-config-work.age".publicKeys = all; diff --git a/secrets/shared/gist-pw.age b/secrets/shared/gist-pw.age index 50b30a7..ab8a09b 100644 --- a/secrets/shared/gist-pw.age +++ b/secrets/shared/gist-pw.age @@ -1,17 +1,18 @@ age-encryption.org/v1 --> ssh-ed25519 E8j6/g MoQ+KiKt+A1JLrO7Xdo/EUY1/RXgT02IT5KdDIrBFnI -ivOpO8f87yAm1k/1FL3qhiaS5G/eW7jYV19Mz5QoEXc --> ssh-ed25519 xUMv2w xht8LuQJaV0yhzvwbmYjUsgn3KdUqj8BtumeNRqrP10 -0WlxPmL1t8GqRMX+ll0nnDDPDDhEAOqkJFZKwwFYZ10 --> ssh-ed25519 jo1MPA XPE2K3xYt5ECbDQP5T5VMTsGkIg9awvvLflpPSc522E -G4xPLpMYsOz+5au7BaNk1n5naS5SWaxFKYue6f0gHWA --> ssh-ed25519 JBrabQ QFUSyS+N63P5XCJTbD32yfZ2GIh5J4A1YYL5T3CWDgg -i/+qf3N+/p/34jW4of+YaQzQZI/Glab91Gu540ePDI8 --> ssh-ed25519 f31uNA eP9MiIZQs8j6/PocSCyRvNUFQXdPZetJPjrz4ReZbwA -cV/u5ijihDRgpOF9PaV5oxzkTpuo972S+ekPzPs4LT4 --> vA-grease { -smNSOi0Et4PW98y+miaCzQtIJp4B+Z5mKMPKc4Vf8eU0q24RtCR8YryrVuxlF7WH -myDH7dBP3MGhltMuMpzi/9rQIYjmPol5BSjDjANVhrgj2E7hfPBw3DjcXKiSaZMW -YTOf ---- PcaNjf88InU5siJmdazbEPYDJd1YeTDVFkrYzZcsJgM -RQ){َŊ vZQ8#oRPYGw֋ h7 \ No newline at end of file +-> ssh-ed25519 E8j6/g wmOmVN/IOfp9tz1ygdCfGgaoQWCS7Xk6zMziXGLdImU +zwG/aHslBrylHAJ9IC5Y25id1GgTZuxzMr1F9e7WYOM +-> ssh-ed25519 xUMv2w VvMh9TxfZfSSN9iB6BDaOUyV2FgvQWj+oUEoi5jOzFI +AHlnXqzgAyFbXL8rgypA5Dv83xKMlbxtMFKKt5TA674 +-> ssh-ed25519 Cuo7gw I/c93mKH8DXsIOwE50GchLlPGC/HdwPJmgzR7YCOz14 +unK9udxesAbkrdseOF0dwtH4hdqSX12LobMTx9r3uC0 +-> ssh-ed25519 jo1MPA NF3tbxtJovgNKQrxPrbd/sI/mk6N/hO42s/xqklncV4 +J3j4m7kaDovwaGMvRfiBy3PwnDFNE9T2+VCzz3BhCSc +-> ssh-ed25519 JBrabQ gDu/pIE1R7GlghQ64JOc4zrga/vbit9H+A2qa5S+7Eo +AbxvIU3Ond734Nn2hy/H5fpl5ENwOoXDvY0FLHPRkjU +-> ssh-ed25519 f31uNA oUjeGgYTZ1QhyDgPEstR30MO9fzA5qloHOMRHdAy/C0 +hpbi4sH4m6ywV0k57KFwm8gd0RPxWfxyDHMaIbMn9Qo +-> kFQ^jK5-grease 0[_!\wZ9 !Hr @E +XAb/4Yy9qqDJSrL37tR3rrtXDK6hPhzPEEtZVES9M/wxsA +--- a7kumv2O/NXVjxCPegwthcJM0H7Z/4rRCE7liF4qGn8 +da ++RhD ?܇/z v2J:w^C \ No newline at end of file diff --git a/secrets/shared/git-send-email.age b/secrets/shared/git-send-email.age index 84c7d8d..632cac1 100644 Binary files a/secrets/shared/git-send-email.age and b/secrets/shared/git-send-email.age differ diff --git a/secrets/shared/irc-pw.age b/secrets/shared/irc-pw.age index 8bef121..4cc17df 100644 --- a/secrets/shared/irc-pw.age +++ b/secrets/shared/irc-pw.age @@ -1,16 +1,18 @@ age-encryption.org/v1 --> ssh-ed25519 E8j6/g d1zXFjUit7YPN55uV8l2k3CVDFcKIdKBlSAwmUHY+nw -Y+W5puz47ItyxU6eMYh/2C/s+Qs+CWfA+80tp14ZiZY --> ssh-ed25519 xUMv2w /pGFstD9CQoIfQ++vK4xsacup4DmJLrAbJc8DhbPyG0 -BT9/wTt4UYUPQJL/ZJXNVBfAUUykiyXt2Pc2FQe9Dm4 --> ssh-ed25519 jo1MPA +GG0hnR/eBw122D4dZvbMcsIfQitviv2UUv3I4yiYAs -KCsDTbnfxRyY8xXBtaEg9GHMF0eHrF9Ss5OgSSQWDq8 --> ssh-ed25519 JBrabQ KGZMHVVEwuGMkEqa5wM4/cZo7A9lnbySp1Sn2bA3wi4 -NlPafvcnBfs1S0iDKqG0zAg7/grGI3VVkWOWhFF5iHQ --> ssh-ed25519 f31uNA tEh1lMZ5BM/T1kuAJS3a9uirZ37atm+SRoDFHlOnKBA -ip6L5nl7gXVD7UqkwFVfUWpUM0htLnVmBHIFUtnK5K4 --> Gh,!h[-grease Bqfg 5Mp&F< * -mxpybjNX ---- TyFKdTP94CXHZg3iL0zb+OdKWLB1FbPwMXaNEkzdAHM -<6anOQ^YPq2j -zFgc \ No newline at end of file +-> ssh-ed25519 E8j6/g ULhSVxSexfROyh7t/qo4LlBmVaRb116JzL9HsKAmLiE +Cva3JJ1W6Lgfj+O/QNxEWMpYbCFiTuTc+X5xZZw54uY +-> ssh-ed25519 xUMv2w F9mWX2Nd01z56bo1NgtKq++u9b5flpF5qE5ihBbn5GU +urQudyxjM9Fk71bKTol6aY8KnTD8hyAlv4561cfbo6I +-> ssh-ed25519 Cuo7gw xK29blvGUDpc+nIwIBeWzrvVWb3lOT6e5ocLl+1IvxM +z+ZIHcU8DIhwwxkBG/MKc/fzslmiOkVLv+8mDKewI9o +-> ssh-ed25519 jo1MPA ElgoPZ5citinilxgl7gf5yVc3tTWaSxFyH9YdKZaUmQ +prdCBsRnpe4dlyl3dqcVRlnPBmaJMLL67GEdS5+J7O0 +-> ssh-ed25519 JBrabQ nW6N7fkIoP1wiY722YfHtL4nQY64syVIXao6jmwte1c +hrCuAFPRw9G9LXXMv9ne1fAs2jdG2yUsKCZc2mhrD84 +-> ssh-ed25519 f31uNA 37JlfsoGmzT+I88zASArfvotLOMBypejraBqs5gvURY +MDG7OlRguH20EuqMnpf3Z+6/ue4MDymmEbMtcS2LgBQ +-> 0u~Nv{E^-grease +NDxjcP11XXW/aWYh38yiOGOrmXkuO2pXVLIWi8YCTTSQxkQ76dzfV9uGP2qieaap +YFqg01EjxSyDkjo +--- MVu78w96WIW6Id6ef3k03fexGFPUVUHJ+hsel4egZe0 +!`^iz=6{VkD m[ 6׀Ol \ No newline at end of file diff --git a/secrets/shared/spotify.age b/secrets/shared/spotify.age index 8367be4..dc8bfdd 100644 Binary files a/secrets/shared/spotify.age and b/secrets/shared/spotify.age differ diff --git a/secrets/shared/ssh-config-work.age b/secrets/shared/ssh-config-work.age index 05ab033..b1136f4 100644 Binary files a/secrets/shared/ssh-config-work.age and b/secrets/shared/ssh-config-work.age differ diff --git a/secrets/shared/ssh-config.age b/secrets/shared/ssh-config.age index 82cbe73..1a94737 100644 Binary files a/secrets/shared/ssh-config.age and b/secrets/shared/ssh-config.age differ diff --git a/secrets/work/cifs.age b/secrets/work/cifs.age index 35eb63b..b322859 100644 --- a/secrets/work/cifs.age +++ b/secrets/work/cifs.age @@ -1,12 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 E8j6/g h1UgF1wBEBym6mto99lHpxI5aTR/InLtB+qEgF6g7Uw -fFozoAaGXzxt9h8zjvIDoQbpcv3W24Cqc4gnJyGrQm0 --> ssh-ed25519 jo1MPA ijzgJKOkAo+sd3NYbWO1GrekE38UPvGwsfn9iDjgS2Y -cbWslYP3bDsmvxqI+brGSQorPCJ5sO/bzpb+x0IwzWY --> ssh-ed25519 JBrabQ 4cgUO/SGfRXeyV0qkt21wsbFR54AYW9YjcEtXZ2pFV4 -ZAo97dneSNnnESRT81aU+GqUBm6gBTPNWX8+fgZKDMY --> y-grease ;B]h /L C:g -pZ+TsXnyMnizg4nKhbxpLgZ0X8BVJDswBx6e8vfkzS+nsVkygyEgmmg ---- FtlGT7l/j/eprOGarSe+RasPBumhmf3frMOEppixw54 -j  BOp -XszHjٟ^4-^\,|L>{II|Vsv,U꾌B \ No newline at end of file +-> ssh-ed25519 E8j6/g JoEEhC3cHsaddOD/6wYur000ZXMtyUOBxx8OdwIh6nc +/YSVnJVTZPzU2hU3iy3ME1R66GzA7OQ3NWlgx7w7kkc +-> ssh-ed25519 jo1MPA Cft9zAzbd8p8+OyVLMTRQsI7b7/LZZYSWMQPDf2tTBE +oXBW+w8+4chm0Dj4HKX4J3EiFh50Gfsr5pCGbwNDx+w +-> ssh-ed25519 JBrabQ YDAu5lMYMkgT1TBCfy6GD4VKNjFwbokn+xvcTeVlaxg +TE/rEzwVr+FiR5jhdCGegOiQd0V2tKRjdhYrs5YnJAo +-> 1CVDqRl5-grease ` ssh-ed25519 E8j6/g Qz7+yH51tMzj1uY98P9MV0tXEf1DCSDCO2lIr/C5Bjc -1B8DKpZVzVQfevZ1xfalrpaM40hZiBjL3rKBOwmueE0 --> ssh-ed25519 jo1MPA ZsuqgFfcyKEZINlcqBqc3mnmtM8yE7Vh6dtj4i/D5TI -GAw5T8Mqd8LqGXtLZqJ+ADewL5H4wctHHbgIOZOZflg --> ssh-ed25519 JBrabQ Zvf0y/ZYm9ogPC0fZV+J/FCIyRrP48X4ccoVTeV5bFQ -uKIKyKDnrAdnDjPBP0oY3NktEBQK9O9VSAykFrjC+24 --> yC7d,N9-grease eFX(X HYK 7L:a -oj6ihhdnlM6qHEUSBecee/K563PIko1Krw8YNoO16cRHtt8y9w ---- i+jG579wY+HL4+iSuVU6naQJLiTbWonfzZvuJgyYl7o - UISFi & mrI!##{B%sM]k \eWJ ='+Jd@8\pz ~,1oSrn+ 2D=K֌PTY-S2Mփ"2 \ No newline at end of file +-> ssh-ed25519 E8j6/g uc5q95TtleinoAXuUQ5Z39TfZoJmgE57sl85Vulfzxw +Zu7qaT9GpW3m5ZIsp6A0E88kFcknMdJadgiQFADOUto +-> ssh-ed25519 jo1MPA YeTQvafosU8W0Ya8pc0b4+c6CeCvBWEKFwJnjfw0B1A +dwwllbDifpu1x9Rn6DsGHgbGqqOc7GZeDUEdiPye5jY +-> ssh-ed25519 JBrabQ 43n9QwF7MPXNVgsAntQxxzLzlyGhpv7ZfW2Yzvvn0iE +70i88nY8N5roLOz2e+Ke6AOcUQHp1gpSTI58It/zHws +-> d.rgT26Z-grease ![wAs= +1zKWBJ2kgSBiYgwiExmCdHomuhrZEIRxDLOFfxL4Ior5QHo5yC673WM8a0wvZ7N3 +jzZyOtIb6sg+yQmpjrcbYPYXLB9eIQ +--- roMl8ATpxg5/hZ3+VmxmWNx/VmRDBPWN7RZfVlI2c+c +3ƿ5pO{#xL IE<}"g'qWVW$U / |5$G|4m-bI԰؞FI;^"یFb0U`'ߛ7Zjm X)b\-sdX \ No newline at end of file diff --git a/secrets/work/pip.conf.age b/secrets/work/pip.conf.age index 5262b33..0929ea1 100644 Binary files a/secrets/work/pip.conf.age and b/secrets/work/pip.conf.age differ diff --git a/secrets/work/pypirc.age b/secrets/work/pypirc.age index 479a227..ea2d082 100644 Binary files a/secrets/work/pypirc.age and b/secrets/work/pypirc.age differ