unexplrd/nixos-blueprint
2
2
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

flake.lock: update mysecrets

Browse Source 
hosts/dunamis/configuration.nix: add dnscrypt
hosts/dunamis/sops.nix: add another ssh key
hosts/dunamis/users/user/home-configuration.nix: import sops.nix
hosts/dunamis/users/user/sops.nix: link public keys
modules/home/desktop/niri/default.nix: redo layout string insertion

Signed-off-by: unexplrd <unexplrd@linerds.us>
This commit is contained in:
unexplrd
2025-03-17 16:05:23 +02:00
parent a0d70778a4
commit 88db51d7a1
6 changed files with 377 additions and 367 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
flake.lock generated
View File

@ -968,11 +968,11 @@
"mysecrets": { "mysecrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1741087081, "lastModified": 1742222377,
"narHash": "sha256-ms5PD6kSBXT/rYKJkq4hFCPIkTQfURHOoEagBhz+19o=", "narHash": "sha256-Yte1I7I7Zf4eeeIvHgRGNElTUdKEke5L3O3VlAFNxkc=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "1b15f763e44502b6afcc526ae4a04eeae0424de2", "rev": "aa1b7e2fb86c6c9f4557bcbe4071b7da0f3bef6f",
"revCount": 8, "revCount": 10,
"type": "git", "type": "git",
"url": "ssh://gitea@gitea.linerds.us/unexplrd/nix-secrets" "url": "ssh://gitea@gitea.linerds.us/unexplrd/nix-secrets"
}, },

8
hosts/dunamis/configuration.nix
View File

@ -62,6 +62,14 @@
fwupd.enable = true; fwupd.enable = true;
openssh.enable = true; openssh.enable = true;
syncthing.openDefaultPorts = true; syncthing.openDefaultPorts = true;
dnscrypt-proxy2 = {
enable = true;
settings = {
require_dnssec = true;
server_names = ["mullvad-doh"];
bootstrap_resolvers = ["9.9.9.11:53" "9.9.9.9:53"];
};
};
opensnitch = { opensnitch = {
enable = false; enable = false;
settings = { settings = {

5
hosts/dunamis/sops.nix
View File

@ -24,6 +24,11 @@ in {
mode = "0400"; mode = "0400";
owner = "user"; owner = "user";
}; };
"ssh-private-uni" = {
path = "/home/user/.ssh/id_uni_ed25519";
mode = "0400";
owner = "user";
};
}; };
}; };
} }

1
hosts/dunamis/users/user/home-configuration.nix
View File

@ -5,6 +5,7 @@
self.homeModules.programs self.homeModules.programs
./programs.nix ./programs.nix
./flatpak.nix ./flatpak.nix
./sops.nix
]; ];
desktop.niri.enable = true; desktop.niri.enable = true;
home = { home = {

30
hosts/dunamis/users/user/sops.nix
View File

@ -1,20 +1,26 @@
{inputs, ...}: let {inputs, ...}: let
secretsPath = builtins.toString inputs.mysecrets; secretsPath = builtins.toString inputs.mysecrets;
in { in {
imports = with inputs; [ # imports = with inputs; [
sops-nix.homeManagerModules.sops # sops-nix.homeManagerModules.sops
]; # ];
# sops = {
# age.keyFile = "/var/lib/sops-nix/key.txt";
sops = { # defaultSopsFile = "${secretsPath}/secrets.yaml";
age.keyFile = "/var/lib/sops-nix/key.txt"; # validateSopsFiles = false;
defaultSopsFile = "${secretsPath}/secrets.yaml"; # secrets = {
validateSopsFiles = false; # "ssh/private/dunamis-user" = {
# path = "/home/user/.ssh/id_ed25519";
secrets = { # };
"ssh/private/dunamis-user" = { # };
path = "/home/user/.ssh/id_ed25519"; home.file."id_ed25519_pub" = {
}; source = "${secretsPath}/ssh/user/id_dunamis_ed25519.pub";
target = ".ssh/id_ed25519.pub";
}; };
home.file."id_uni_ed25519_pub" = {
source = "${secretsPath}/ssh/user/id_uni_ed25519.pub";
target = ".ssh/id_uni_ed25519.pub";
}; };
} }

22
modules/home/desktop/niri/default.nix
View File

@ -389,7 +389,7 @@ in {
down = "e"; down = "e";
up = "i"; up = "i";
right = "o"; right = "o";
niriConfig = '' in ''
environment { environment {
DISPLAY ":123" DISPLAY ":123"
QT_QPA_PLATFORM "wayland" QT_QPA_PLATFORM "wayland"
@ -405,13 +405,15 @@ in {
keyboard { keyboard {
xkb { xkb {
layout "us,ua" layout "us,ua"
// variant "colemak_dh," ${
options "grp:menu_toggle" if hostname == "dunamis"
then "// variant \"colemak_dhm,\""
else "variant \"colemak_dhm,\""
}
} }
repeat-delay 200 repeat-delay 200
repeat-rate 50 repeat-rate 50
track-layout "global" track-layout "global"
} }
touchpad { touchpad {
// off // off
@ -431,15 +433,9 @@ in {
accel-profile "flat" accel-profile "flat"
// scroll-method "no-scroll" // scroll-method "no-scroll"
} }
/-touch {
off
}
warp-mouse-to-focus warp-mouse-to-focus
// focus-follows-mouse // focus-follows-mouse
} }
output "eDP-1" { output "eDP-1" {
// off // off
scale 1.2 scale 1.2
@ -653,7 +649,6 @@ in {
Alt+XF86MonBrightnessUp allow-when-locked=true { spawn "brightnessctl" "s" "5%+" "-d" "${keyboard}::kbd_backlight"; } Alt+XF86MonBrightnessUp allow-when-locked=true { spawn "brightnessctl" "s" "5%+" "-d" "${keyboard}::kbd_backlight"; }
Alt+XF86MonBrightnessDown allow-when-locked=true { spawn "brightnessctl" "s" "5%-" "-d" "${keyboard}::kbd_backlight"; } Alt+XF86MonBrightnessDown allow-when-locked=true { spawn "brightnessctl" "s" "5%-" "-d" "${keyboard}::kbd_backlight"; }
Mod+Left { focus-column-left; } Mod+Left { focus-column-left; }
Mod+Down { focus-window-or-workspace-down; } Mod+Down { focus-window-or-workspace-down; }
Mod+Up { focus-window-or-workspace-up; } Mod+Up { focus-window-or-workspace-up; }
@ -711,7 +706,6 @@ in {
Mod+WheelScrollLeft { focus-column-left; } Mod+WheelScrollLeft { focus-column-left; }
Mod+Ctrl+WheelScrollRight { move-column-right; } Mod+Ctrl+WheelScrollRight { move-column-right; }
Mod+Ctrl+WheelScrollLeft { move-column-left; } Mod+Ctrl+WheelScrollLeft { move-column-left; }
Mod+Shift+WheelScrollDown { focus-column-right; } Mod+Shift+WheelScrollDown { focus-column-right; }
Mod+Shift+WheelScrollUp { focus-column-left; } Mod+Shift+WheelScrollUp { focus-column-left; }
Mod+Ctrl+Shift+WheelScrollDown { move-column-right; } Mod+Ctrl+Shift+WheelScrollDown { move-column-right; }
@ -778,10 +772,6 @@ in {
Mod+Ctrl+Shift+9 { move-column-to-workspace 9; } Mod+Ctrl+Shift+9 { move-column-to-workspace 9; }
} }
''; '';
in
if hostname != "dunamis"
then (builtins.replaceStrings ["// variant \"colemak_dh,\""] ["variant \"colemak_dh,\""] niriConfig)
else niriConfig;
}; };
}; };
programs.waybar = { programs.waybar = {