unexplrd/nixos-blueprint
2
2
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

more sops + eldrid

Browse Source
This commit is contained in:
unexplrd
2025-03-02 20:53:08 +02:00
parent 0a710faa55
commit f14623365c
8 changed files with 63 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
flake.lock generated
View File

@ -544,14 +544,17 @@
"mysecrets": { "mysecrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1740932567, "lastModified": 1740938097,
"narHash": "sha256-2PfJuyVEUh/4xGTx8MwPFNq3po/TTkDyWz3RJC3JfJc=", "narHash": "sha256-3wKuEorlAQPRjF03q2co7/mUIAMoqSfDr3Wf0Ipl/+s=",
"path": "/home/user/nix-secrets", "ref": "refs/heads/main",
"type": "path" "rev": "7a7a965f15ec332625a9a21b5229e076db21f224",
"revCount": 5,
"type": "git",
"url": "ssh://gitea@gitea.linerds.us/unexplrd/nix-secrets"
}, },
"original": { "original": {
"path": "/home/user/nix-secrets", "type": "git",
"type": "path" "url": "ssh://gitea@gitea.linerds.us/unexplrd/nix-secrets"
} }
}, },
"neve": { "neve": {

2
flake.nix
View File

@ -39,7 +39,7 @@
url = "github:abenz1267/walker"; url = "github:abenz1267/walker";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
mysecrets.url = "path:/home/user/nix-secrets"; mysecrets.url = "git+ssh://gitea@gitea.linerds.us/unexplrd/nix-secrets";
mysecrets.flake = false; mysecrets.flake = false;
}; };

19
hosts/eldrid/configuration.nix
View File

@ -2,6 +2,7 @@
{ {
pkgs, pkgs,
inputs, inputs,
config,
... ...
}: { }: {
imports = with inputs; [ imports = with inputs; [
@ -13,13 +14,29 @@
./programs.nix ./programs.nix
./stylix.nix ./stylix.nix
./users.nix ./users.nix
./sops.nix
]; ];
desktop = { desktop = {
hyprland.enable = true; hyprland.enable = true;
}; };
nix.settings.experimental-features = ["nix-command" "flakes"]; nix = {
settings.experimental-features = ["nix-command" "flakes"];
distributedBuilds = true;
settings.builders-use-substitutes = true;
buildMachines = [
{
hostName = "dunamis";
sshUser = "remotebuild";
system = "x86_64-linux";
sshKey = config.sops.secrets."ssh-private-eldrid-rmbuild".path;
supportedFeatures = ["nixos-test" "big-parallel" "kvm" "benchmark"];
publicHostKey = builtins.readFile "${inputs.mysecrets}/ssh/ssh_host_ed25519_dunamis.base64";
}
];
};
system.stateVersion = "25.05"; system.stateVersion = "25.05";
time.timeZone = "Europe/Kyiv"; time.timeZone = "Europe/Kyiv";

3
hosts/eldrid/programs.nix
View File

@ -10,8 +10,9 @@
clean.extraArgs = "--keep-since 7d --keep 3"; clean.extraArgs = "--keep-since 7d --keep 3";
flake = "/home/user/.config/nixos"; flake = "/home/user/.config/nixos";
}; };
programs.fish.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
helix helix
nushell # nushell
]; ];
} }

25
hosts/eldrid/sops.nix Normal file
View File

@ -0,0 +1,25 @@
{inputs, ...}: let
secretsPath = builtins.toString inputs.mysecrets;
in {
imports = [
inputs.sops-nix.nixosModules.sops
];
sops = {
age = {
sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
defaultSopsFile = "${secretsPath}/secrets.yaml";
secrets = {
"user-password-hashed" = {};
"ssh-private-eldrid-rmbuild" = {};
"ssh-private-eldrid-user" = {
path = "/home/user/.ssh/id_ed25519";
mode = "0400";
owner = "user";
};
};
};
}

8
hosts/eldrid/stylix.nix
View File

@ -12,14 +12,18 @@
]; ];
stylix = { stylix = {
enable = true; enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/helios.yaml"; base16Scheme = "${pkgs.base16-schemes}/share/themes/tomorrow-night.yaml";
polarity = "dark"; polarity = "dark";
cursor = { cursor = {
package = pkgs.google-cursor; package = pkgs.google-cursor;
name = "GoogleDot-Blue"; name = "GoogleDot-Blue";
size = 24; size = 24;
}; };
image = ../../wallpapers/wallhaven-d5qlwj.jpg; image = builtins.fetchurl {
url = "https://w.wallhaven.cc/full/9m/wallhaven-9mwzwk.jpg";
name = "wallhaven-9mwzwk";
sha256 = "0pj2k30mfhqr02dzdj40z62awmy58s5gg5mm4xzxiialclbd5n8d";
};
opacity.terminal = 0.9; opacity.terminal = 0.9;
fonts = { fonts = {
sizes = { sizes = {

2
hosts/eldrid/users.nix
View File

@ -4,7 +4,7 @@
user = { user = {
isNormalUser = true; isNormalUser = true;
extraGroups = ["wheel" "video" "libvirtd" "dialout"]; extraGroups = ["wheel" "video" "libvirtd" "dialout"];
shell = pkgs.nushell; shell = pkgs.fish;
}; };
# work = { # work = {
# isNormalUser = true; # isNormalUser = true;

2
hosts/eldrid/users/user/programs.nix
View File

@ -1,6 +1,6 @@
{pkgs, ...}: { {pkgs, ...}: {
shell = { shell = {
nushell.enable = true; fish.enable = true;
oh-my-posh.enable = true; oh-my-posh.enable = true;
}; };