From f14623365c7ebc6eea0d7eb540dfbbf17c10b445 Mon Sep 17 00:00:00 2001
From: unexplrd <unexplrd@linerds.us>
Date: Sun, 2 Mar 2025 20:53:08 +0200
Subject: [PATCH] more sops + eldrid

---
 flake.lock                           | 15 +++++++++------
 flake.nix                            |  2 +-
 hosts/eldrid/configuration.nix       | 19 ++++++++++++++++++-
 hosts/eldrid/programs.nix            |  3 ++-
 hosts/eldrid/sops.nix                | 25 +++++++++++++++++++++++++
 hosts/eldrid/stylix.nix              |  8 ++++++--
 hosts/eldrid/users.nix               |  2 +-
 hosts/eldrid/users/user/programs.nix |  2 +-
 8 files changed, 63 insertions(+), 13 deletions(-)
 create mode 100644 hosts/eldrid/sops.nix

diff --git a/flake.lock b/flake.lock
index f2ec3e7..5a567e2 100644
--- a/flake.lock
+++ b/flake.lock
@@ -544,14 +544,17 @@
     "mysecrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1740932567,
-        "narHash": "sha256-2PfJuyVEUh/4xGTx8MwPFNq3po/TTkDyWz3RJC3JfJc=",
-        "path": "/home/user/nix-secrets",
-        "type": "path"
+        "lastModified": 1740938097,
+        "narHash": "sha256-3wKuEorlAQPRjF03q2co7/mUIAMoqSfDr3Wf0Ipl/+s=",
+        "ref": "refs/heads/main",
+        "rev": "7a7a965f15ec332625a9a21b5229e076db21f224",
+        "revCount": 5,
+        "type": "git",
+        "url": "ssh://gitea@gitea.linerds.us/unexplrd/nix-secrets"
       },
       "original": {
-        "path": "/home/user/nix-secrets",
-        "type": "path"
+        "type": "git",
+        "url": "ssh://gitea@gitea.linerds.us/unexplrd/nix-secrets"
       }
     },
     "neve": {
diff --git a/flake.nix b/flake.nix
index 5a10dea..3e81b04 100644
--- a/flake.nix
+++ b/flake.nix
@@ -39,7 +39,7 @@
       url = "github:abenz1267/walker";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-    mysecrets.url = "path:/home/user/nix-secrets";
+    mysecrets.url = "git+ssh://gitea@gitea.linerds.us/unexplrd/nix-secrets";
     mysecrets.flake = false;
   };
 
diff --git a/hosts/eldrid/configuration.nix b/hosts/eldrid/configuration.nix
index d3c9b7f..fc53041 100644
--- a/hosts/eldrid/configuration.nix
+++ b/hosts/eldrid/configuration.nix
@@ -2,6 +2,7 @@
 {
   pkgs,
   inputs,
+  config,
   ...
 }: {
   imports = with inputs; [
@@ -13,13 +14,29 @@
     ./programs.nix
     ./stylix.nix
     ./users.nix
+    ./sops.nix
   ];
 
   desktop = {
     hyprland.enable = true;
   };
 
-  nix.settings.experimental-features = ["nix-command" "flakes"];
+  nix = {
+    settings.experimental-features = ["nix-command" "flakes"];
+    distributedBuilds = true;
+    settings.builders-use-substitutes = true;
+    buildMachines = [
+      {
+        hostName = "dunamis";
+        sshUser = "remotebuild";
+        system = "x86_64-linux";
+        sshKey = config.sops.secrets."ssh-private-eldrid-rmbuild".path;
+        supportedFeatures = ["nixos-test" "big-parallel" "kvm" "benchmark"];
+        publicHostKey = builtins.readFile "${inputs.mysecrets}/ssh/ssh_host_ed25519_dunamis.base64";
+      }
+    ];
+  };
+
   system.stateVersion = "25.05";
 
   time.timeZone = "Europe/Kyiv";
diff --git a/hosts/eldrid/programs.nix b/hosts/eldrid/programs.nix
index 3abc859..9cbccdc 100644
--- a/hosts/eldrid/programs.nix
+++ b/hosts/eldrid/programs.nix
@@ -10,8 +10,9 @@
     clean.extraArgs = "--keep-since 7d --keep 3";
     flake = "/home/user/.config/nixos";
   };
+  programs.fish.enable = true;
   environment.systemPackages = with pkgs; [
     helix
-    nushell
+    # nushell
   ];
 }
diff --git a/hosts/eldrid/sops.nix b/hosts/eldrid/sops.nix
new file mode 100644
index 0000000..e1d6b29
--- /dev/null
+++ b/hosts/eldrid/sops.nix
@@ -0,0 +1,25 @@
+{inputs, ...}: let
+  secretsPath = builtins.toString inputs.mysecrets;
+in {
+  imports = [
+    inputs.sops-nix.nixosModules.sops
+  ];
+
+  sops = {
+    age = {
+      sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
+      keyFile = "/var/lib/sops-nix/key.txt";
+      generateKey = true;
+    };
+    defaultSopsFile = "${secretsPath}/secrets.yaml";
+    secrets = {
+      "user-password-hashed" = {};
+      "ssh-private-eldrid-rmbuild" = {};
+      "ssh-private-eldrid-user" = {
+        path = "/home/user/.ssh/id_ed25519";
+        mode = "0400";
+        owner = "user";
+      };
+    };
+  };
+}
diff --git a/hosts/eldrid/stylix.nix b/hosts/eldrid/stylix.nix
index 1546c18..26af5d3 100644
--- a/hosts/eldrid/stylix.nix
+++ b/hosts/eldrid/stylix.nix
@@ -12,14 +12,18 @@
   ];
   stylix = {
     enable = true;
-    base16Scheme = "${pkgs.base16-schemes}/share/themes/helios.yaml";
+    base16Scheme = "${pkgs.base16-schemes}/share/themes/tomorrow-night.yaml";
     polarity = "dark";
     cursor = {
       package = pkgs.google-cursor;
       name = "GoogleDot-Blue";
       size = 24;
     };
-    image = ../../wallpapers/wallhaven-d5qlwj.jpg;
+    image = builtins.fetchurl {
+      url = "https://w.wallhaven.cc/full/9m/wallhaven-9mwzwk.jpg";
+      name = "wallhaven-9mwzwk";
+      sha256 = "0pj2k30mfhqr02dzdj40z62awmy58s5gg5mm4xzxiialclbd5n8d";
+    };
     opacity.terminal = 0.9;
     fonts = {
       sizes = {
diff --git a/hosts/eldrid/users.nix b/hosts/eldrid/users.nix
index 18d4cb4..f92dbe9 100644
--- a/hosts/eldrid/users.nix
+++ b/hosts/eldrid/users.nix
@@ -4,7 +4,7 @@
     user = {
       isNormalUser = true;
       extraGroups = ["wheel" "video" "libvirtd" "dialout"];
-      shell = pkgs.nushell;
+      shell = pkgs.fish;
     };
     # work = {
     #   isNormalUser = true;
diff --git a/hosts/eldrid/users/user/programs.nix b/hosts/eldrid/users/user/programs.nix
index fcc38f6..c586b0d 100644
--- a/hosts/eldrid/users/user/programs.nix
+++ b/hosts/eldrid/users/user/programs.nix
@@ -1,6 +1,6 @@
 {pkgs, ...}: {
   shell = {
-    nushell.enable = true;
+    fish.enable = true;
     oh-my-posh.enable = true;
   };