i've locked myself out

2025-03-02 21:30:47 +02:00
parent f14623365c
commit 604cd9315d
10 changed files with 75 additions and 20 deletions
--- a/hosts/sarien/configuration.nix
+++ b/hosts/sarien/configuration.nix
@ -13,6 +13,7 @@
    ./programs.nix
    ./stylix.nix
    ./users.nix
+    ./sops.nix
  ];

  desktop = {
--- a/hosts/sarien/hardware-conf.nix
+++ b/hosts/sarien/hardware-conf.nix
@ -69,6 +69,10 @@
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

+  services.thermald.enable = true;
+  services.upower.enable = true;
+  powerManagement.powertop.enable = true;
+
  services.udev.extraHwdb = ''
    evdev:input:b0011v0001p0001eAB83*
      KEYBOARD_KEY_d5=sysrq
--- a/hosts/sarien/sops.nix
+++ b/hosts/sarien/sops.nix
@ -0,0 +1,24 @@
+{inputs, ...}: let
+  secretsPath = builtins.toString inputs.mysecrets;
+in {
+  imports = [
+    inputs.sops-nix.nixosModules.sops
+  ];
+
+  sops = {
+    age = {
+      sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
+      keyFile = "/var/lib/sops-nix/key.txt";
+      generateKey = true;
+    };
+    defaultSopsFile = "${secretsPath}/secrets.yaml";
+    secrets = {
+      "user-password-hashed" = {};
+      "ssh-private-sarien-user" = {
+        path = "/home/user/.ssh/id_ed25519";
+        mode = "0400";
+        owner = "user";
+      };
+    };
+  };
+}
--- a/hosts/sarien/stylix.nix
+++ b/hosts/sarien/stylix.nix
@ -12,7 +12,7 @@
  ];
  stylix = {
    enable = true;
-    base16Scheme = "${pkgs.base16-schemes}/share/themes/onedark.yaml";
+    base16Scheme = "${pkgs.base16-schemes}/share/themes/tomorrow-night.yaml";
    polarity = "dark";
    cursor = {
      package = pkgs.google-cursor;
@ -20,10 +20,10 @@
      size = 24;
    };
    image = builtins.fetchurl {
-      url = "https://w.wallhaven.cc/full/57/wallhaven-573e81.png";
-      name = "wallhaven-573e81";
-      sha256 = "1ygsmmzk6icnvkr18s2r3mqh2kmigwb1424chji730cjhm8zc3cx";
-    }; # ../../wallpapers/wallhaven-jxmo1y.jpg;
+      url = "https://w.wallhaven.cc/full/9m/wallhaven-9mwzwk.jpg";
+      name = "wallhaven-9mwzwk";
+      sha256 = "0pj2k30mfhqr02dzdj40z62awmy58s5gg5mm4xzxiialclbd5n8d";
+    };
    opacity.terminal = 0.9;
    fonts = {
      sizes = {
--- a/hosts/sarien/users.nix
+++ b/hosts/sarien/users.nix
@ -1,15 +1,24 @@
-{pkgs, ...}: {
+{
+  inputs,
+  config,
+  pkgs,
+  ...
+}: let
+  sopSec = config.sops.secrets;
+  secrets = inputs.mysecrets;
+in {
  nix.settings.trusted-users = ["user"];
+  users.mutableUsers = false;
  users.users = {
    user = {
+      hashedPasswordFile = sopSec."user-password-hashed".path;
      isNormalUser = true;
      extraGroups = ["wheel" "video" "libvirtd" "dialout"];
      shell = pkgs.fish;
+      openssh.authorizedKeys.keyFiles = [
+        "${secrets}/ssh/id_ed25519_sarien_user.pub"
+        "${secrets}/ssh/id_ed25519_eldrid_user.pub"
+      ];
    };
-    # work = {
-    #   isNormalUser = true;
-    #   extraGroups = ["video"];
-    #   shell = pkgs.nushell;
-    # };
  };
 }
--- a/hosts/sarien/users/user/flatpak.nix
+++ b/hosts/sarien/users/user/flatpak.nix
@ -4,6 +4,7 @@
  ];
  services.flatpak = {
    enable = true;
+    uninstallUnmanaged = true;
    remotes = [
      {
        name = "flathub";
--- a/hosts/sarien/users/user/home-configuration.nix
+++ b/hosts/sarien/users/user/home-configuration.nix
@ -1,5 +1,6 @@
 {inputs, ...}: {
  imports = with inputs; [
+    nix-index-database.hmModules.nix-index
    self.homeModules.desktop
    self.homeModules.programs
    ./programs.nix
--- a/hosts/sarien/users/user/programs.nix
+++ b/hosts/sarien/users/user/programs.nix
@ -7,6 +7,7 @@

  console.yazi.enable = true;

+  stylix.targets.fzf.enable = false;
  programs = {
    bat.enable = true;
    btop = {
@ -15,7 +16,13 @@
    };
    eza.enable = true;
    fd.enable = true;
-    fzf.enable = true;
+    fzf = {
+      enable = true;
+      defaultOptions = ["--color=16"];
+    };
+    pay-respects.enable = true;
+    nix-index.enable = true;
+    nix-index-database.comma.enable = true;
    gitui.enable = true;
    git = {
      enable = true;
@ -38,6 +45,7 @@
  editor = {
    helix.enable = true;
    neve.enable = true;
+    zed.enable = true;
  };

  home.packages = with pkgs; [
@ -45,14 +53,16 @@
    flatpak # flatpak cli
    trashy # trash cli
    procs # ps in rust
+    ouch # archive manager in runt
    dust # du in rust
    fend # calc in rust
+    moar # better pager
    tree # tree util
    rbw # bitwarden cli in rust
-    zip # zip util
+    pinentry-qt # pinentry for rbw
    vial # qmk keyboard configuring app
-    unzip # unzip util
    waycheck # check wayland protocols
    virt-manager # libvirt gui
  ];
+  systemd.user.settings.Manager.DefaultEnvironment.PAGER = "moar";
 }