unexplrd/nixos-blueprint
2
2
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

more sops + eldrid

Browse Source
This commit is contained in:
unexplrd
2025-03-02 20:53:08 +02:00
parent 0a710faa55
commit f14623365c
8 changed files with 63 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
flake.lock generated
View File

@ -544,14 +544,17 @@
"mysecrets": {
"flake": false,
"locked": {
"lastModified": 1740932567,
"narHash": "sha256-2PfJuyVEUh/4xGTx8MwPFNq3po/TTkDyWz3RJC3JfJc=",
"path": "/home/user/nix-secrets",
"type": "path"
"lastModified": 1740938097,
"narHash": "sha256-3wKuEorlAQPRjF03q2co7/mUIAMoqSfDr3Wf0Ipl/+s=",
"ref": "refs/heads/main",
"rev": "7a7a965f15ec332625a9a21b5229e076db21f224",
"revCount": 5,
"type": "git",
"url": "ssh://gitea@gitea.linerds.us/unexplrd/nix-secrets"
},
"original": {
"path": "/home/user/nix-secrets",
"type": "path"
"type": "git",
"url": "ssh://gitea@gitea.linerds.us/unexplrd/nix-secrets"
}
},
"neve": {

2
flake.nix
View File

@ -39,7 +39,7 @@
url = "github:abenz1267/walker";
inputs.nixpkgs.follows = "nixpkgs";
};
mysecrets.url = "path:/home/user/nix-secrets";
mysecrets.url = "git+ssh://gitea@gitea.linerds.us/unexplrd/nix-secrets";
mysecrets.flake = false;
};

19
hosts/eldrid/configuration.nix
View File

@ -2,6 +2,7 @@
{
pkgs,
inputs,
config,
...
}: {
imports = with inputs; [
@ -13,13 +14,29 @@
./programs.nix
./stylix.nix
./users.nix
./sops.nix
];
desktop = {
hyprland.enable = true;
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix = {
settings.experimental-features = ["nix-command" "flakes"];
distributedBuilds = true;
settings.builders-use-substitutes = true;
buildMachines = [
{
hostName = "dunamis";
sshUser = "remotebuild";
system = "x86_64-linux";
sshKey = config.sops.secrets."ssh-private-eldrid-rmbuild".path;
supportedFeatures = ["nixos-test" "big-parallel" "kvm" "benchmark"];
publicHostKey = builtins.readFile "${inputs.mysecrets}/ssh/ssh_host_ed25519_dunamis.base64";
}
];
};
system.stateVersion = "25.05";
time.timeZone = "Europe/Kyiv";

3
hosts/eldrid/programs.nix
View File

@ -10,8 +10,9 @@
clean.extraArgs = "--keep-since 7d --keep 3";
flake = "/home/user/.config/nixos";
};
programs.fish.enable = true;
environment.systemPackages = with pkgs; [
helix
nushell
# nushell
];
}

25
hosts/eldrid/sops.nix Normal file
View File

@ -0,0 +1,25 @@
{inputs, ...}: let
secretsPath = builtins.toString inputs.mysecrets;
in {
imports = [
inputs.sops-nix.nixosModules.sops
];
sops = {
age = {
sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
defaultSopsFile = "${secretsPath}/secrets.yaml";
secrets = {
"user-password-hashed" = {};
"ssh-private-eldrid-rmbuild" = {};
"ssh-private-eldrid-user" = {
path = "/home/user/.ssh/id_ed25519";
mode = "0400";
owner = "user";
};
};
};
}

8
hosts/eldrid/stylix.nix
View File

@ -12,14 +12,18 @@
];
stylix = {
enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/helios.yaml";
base16Scheme = "${pkgs.base16-schemes}/share/themes/tomorrow-night.yaml";
polarity = "dark";
cursor = {
package = pkgs.google-cursor;
name = "GoogleDot-Blue";
size = 24;
};
image = ../../wallpapers/wallhaven-d5qlwj.jpg;
image = builtins.fetchurl {
url = "https://w.wallhaven.cc/full/9m/wallhaven-9mwzwk.jpg";
name = "wallhaven-9mwzwk";
sha256 = "0pj2k30mfhqr02dzdj40z62awmy58s5gg5mm4xzxiialclbd5n8d";
};
opacity.terminal = 0.9;
fonts = {
sizes = {

2
hosts/eldrid/users.nix
View File

@ -4,7 +4,7 @@
user = {
isNormalUser = true;
extraGroups = ["wheel" "video" "libvirtd" "dialout"];
shell = pkgs.nushell;
shell = pkgs.fish;
};
# work = {
# isNormalUser = true;

2
hosts/eldrid/users/user/programs.nix
View File

@ -1,6 +1,6 @@
{pkgs, ...}: {
shell = {
nushell.enable = true;
fish.enable = true;
oh-my-posh.enable = true;
};