update

2024-08-06 18:44:43 +02:00 · 2024-08-06 18:44:43 +02:00 · fa41b2eb5e
parent 043206d30a
commit fa41b2eb5e
12 changed files with 129 additions and 163 deletions
--- a/common/components/packages-base.nix
+++ b/common/components/packages-base.nix
@ -20,5 +20,6 @@
    ffmpeg
    usbutils
    bat
+    dust
  ];
 }
--- a/crypto/ssh-keys.nix
+++ b/crypto/ssh-keys.nix
@ -9,9 +9,9 @@ rec {
  };

  host = {
-    enry = "enry ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCPPE7U87PZ4+BQrdJtPuD/ibf9ubyPAqcRJe6Lpc2D"; # host or user ?
-    phoenix = "phoenix ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN4Guf38dhoseOjx30w/Tk4Snp2ltJuk/gvpoyRWKUtt";
-    stuff = "stuff ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFwMDyMq2eQ5IckD4sUIMN5+O73hkyajz61I3XYbp5vt";
-    yaseen = "yaseen ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFXu/iFf6yhi6A0f6Lvp+wyltMHq1YgxZan5OdCKP9gE";
+    enry = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCPPE7U87PZ4+BQrdJtPuD/ibf9ubyPAqcRJe6Lpc2D"; # host or user ?
+    phoenix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN4Guf38dhoseOjx30w/Tk4Snp2ltJuk/gvpoyRWKUtt";
+    stuff = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFwMDyMq2eQ5IckD4sUIMN5+O73hkyajz61I3XYbp5vt";
+    yaseen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFXu/iFf6yhi6A0f6Lvp+wyltMHq1YgxZan5OdCKP9gE";
  };
 }
--- a/crypto/wifi.age
+++ b/crypto/wifi.age
--- a/flake.lock
+++ b/flake.lock
@ -1,24 +1,51 @@
 {
  "nodes": {
-    "flake-utils": {
+    "agenix": {
      "inputs": {
+        "darwin": "darwin",
+        "home-manager": "home-manager",
+        "nixpkgs": [
+          "stable"
+        ],
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1710146030,
-        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "lastModified": 1722339003,
+        "narHash": "sha256-ZeS51uJI30ehNkcZ4uKqT4ZDARPyqrHADSKAwv5vVCU=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "3f1dae074a12feb7327b4bf43cbac0d124488bb7",
        "type": "github"
      },
      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
+        "owner": "ryantm",
+        "repo": "agenix",
        "type": "github"
      }
    },
-    "flake-utils_2": {
+    "darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1700795494,
+        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
      "inputs": {
        "systems": "systems_2"
      },
@ -36,7 +63,46 @@
        "type": "github"
      }
    },
+    "flake-utils_2": {
+      "inputs": {
+        "systems": "systems_3"
+      },
+      "locked": {
+        "lastModified": 1710146030,
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1703113217,
+        "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "home-manager_2": {
      "inputs": {
        "nixpkgs": [
          "stable"
@ -59,11 +125,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1722087241,
-        "narHash": "sha256-2ShmEaFi0kJVOEEu5gmlykN5dwjWYWYUJmlRTvZQRpU=",
+        "lastModified": 1722651103,
+        "narHash": "sha256-IRiJA0NVAoyaZeKZluwfb2DoTpBAj+FLI0KfybBeDU0=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "8c50662509100d53229d4be607f1a3a31157fa12",
+        "rev": "a633d89c6dc9a2a8aae11813a62d7c58b2c0cc51",
        "type": "github"
      },
      "original": {
@ -107,7 +173,8 @@
    },
    "root": {
      "inputs": {
-        "home-manager": "home-manager",
+        "agenix": "agenix",
+        "home-manager": "home-manager_2",
        "nixpkgs": "nixpkgs",
        "stable": "stable",
        "tildefriends": "tildefriends",
@ -116,11 +183,11 @@
    },
    "stable": {
      "locked": {
-        "lastModified": 1722087241,
-        "narHash": "sha256-2ShmEaFi0kJVOEEu5gmlykN5dwjWYWYUJmlRTvZQRpU=",
+        "lastModified": 1722651103,
+        "narHash": "sha256-IRiJA0NVAoyaZeKZluwfb2DoTpBAj+FLI0KfybBeDU0=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "8c50662509100d53229d4be607f1a3a31157fa12",
+        "rev": "a633d89c6dc9a2a8aae11813a62d7c58b2c0cc51",
        "type": "github"
      },
      "original": {
@ -160,6 +227,21 @@
        "type": "github"
      }
    },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
    "tildefriends": {
      "inputs": {
        "flake-utils": "flake-utils",
--- a/flake.nix
+++ b/flake.nix
@ -22,6 +22,11 @@

    # nixos-conf-editor.url = "github:snowfallorg/nixos-conf-editor";
    # nix-software-center.url = "github:snowfallorg/nix-software-center";
+    
+    agenix = {
+      url = "github:ryantm/agenix";
+      inputs.nixpkgs.follows = "stable";
+    };
  };

  outputs = {
@ -35,6 +40,7 @@
    # nixos-conf-editor,
    # nix-software-center,
    tildefriends,
+    agenix,
    ...
  } @ inputs: let
    inherit (self) outputs;
@ -76,14 +82,6 @@
        ];
      };

-      new-phoenix = stable.lib.nixosSystem {
-        system = "x86_64-linux";
-        specialArgs = {inherit inputs outputs;};
-        modules = [
-          ./hosts/new-phoenix/configuration.nix
-        ];
-      };
-
      theseus = stable.lib.nixosSystem {
        system = "x86_64-linux";
        specialArgs = {inherit inputs outputs;};
--- a/home/tasia/home.nix
+++ b/home/tasia/home.nix
@ -31,7 +31,6 @@
        ".config/btop/btop.conf".source = ../../dotfiles/btop.conf;
        # ".gitconfig".source = ../../dotfiles/.gitconfig;

-
        ".librewolf/librewolf.overrides.cfg".source = ../../dotfiles/librewolf.overrides.cfg;
      };

--- a/hosts/new-phoenix/configuration.nix
+++ b/hosts/new-phoenix/configuration.nix
@ -1,57 +0,0 @@
-{
-  pkgs,
-  lib,
-  ...
-}: let
-  sshKeys = import ../../crypto/ssh-keys.nix;
-in {
-  imports = [
-    ./hardware-configuration.nix
-    ../../common/base.nix
-
-    ../../common/locales/en.nix
-    ../../common/locales/fr-keymap.nix
-
-    ../../common/hardware/intel-cpu.nix
-    ../../common/hardware/ssd.nix
-    ../../common/hardware/btrfs.nix
-
-    ../../common/services/syncthing.nix
-
-    ../../home/tasia-but-old-username/home.nix
-  ];
-
-  networking = {
-    hostName = "phoenix";
-
-    firewall.allowedTCPPorts = [
-      8384 # syncthing web UI
-      12345 # tildefriends
-      13378 # audiobookshelf
-    ];
-    firewall.allowedUDPPorts = [
-      12345 # tildefriends
-    ];
-  };
-
-  users.users.user.openssh.authorizedKeys.keys = [
-    sshKeys.tasia.yaseen
-  ];
-
-  services.btrfs.autoScrub.fileSystems = lib.mkForce ["/" "/data"];
-
-  virtualisation.docker.enable = true;
-
-  services.syncthing = {
-    dataDir = lib.mkForce "/home/user";
-    configDir = lib.mkForce "/data/sync/configuration/";
-    guiAddress = "0.0.0.0:8384";
-  };
-
-  environment.systemPackages = with pkgs; [
-    #
-  ];
-
-  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
-  system.stateVersion = "23.05";
-}
--- a/hosts/new-phoenix/hardware-configuration.nix
+++ b/hosts/new-phoenix/hardware-configuration.nix
@ -1,55 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}: {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
-
-  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "sd_mod"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = [];
-  boot.extraModulePackages = [];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/469da268-3ac1-4591-9209-26c89afb2e59";
-    fsType = "btrfs";
-    options = ["subvol=@"];
-  };
-
-  boot.initrd.luks.devices."luks-06613ddd-abd6-409e-9a33-889cb9d15d11".device = "/dev/disk/by-uuid/06613ddd-abd6-409e-9a33-889cb9d15d11";
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/E398-A9BF";
-    fsType = "vfat";
-  };
-
-  fileSystems."/data" = {
-    device = "/dev/disk/by-uuid/648ae2f4-bd2e-4315-b12f-72733f92d2e0";
-    fsType = "btrfs";
-  };
-
-  boot.initrd.luks.devices."539c1a57-e6d0-4ff0-927a-8f0d4aa4c9c7".device = "/dev/disk/by-uuid/539c1a57-e6d0-4ff0-927a-8f0d4aa4c9c7";
-
-  fileSystems."/home" = {
-    device = "/dev/disk/by-uuid/469da268-3ac1-4591-9209-26c89afb2e59";
-    fsType = "btrfs";
-    options = ["subvol=@home"];
-  };
-
-  swapDevices = [];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}
--- a/hosts/phoenix/configuration.nix
+++ b/hosts/phoenix/configuration.nix
@ -8,22 +8,14 @@ in {
  imports = [
    ./hardware-configuration.nix
    ../../common/base.nix
-    ../../common/full-install.nix

    ../../common/locales/en.nix
    ../../common/locales/fr-keymap.nix

    ../../common/hardware/intel-cpu.nix
-    ../../common/hardware/amd-gpu.nix
    ../../common/hardware/ssd.nix
    ../../common/hardware/btrfs.nix
-    ../../common/hardware/latest-kernel.nix

-    ../../common/components/de/sddm.nix
-    ../../common/components/de/plasma6.nix
-
-    ../../common/programs/steam.nix
-    ../../common/services/adguardhome.nix
    ../../common/services/syncthing.nix

    ../../home/tasia-but-old-username/home.nix
@ -32,17 +24,14 @@ in {
  networking = {
    hostName = "phoenix";

-    firewall = {
-      enable = true;
-      allowedTCPPorts = [
-        8080 # ?
+    firewall.allowedTCPPorts = [
+      8384 # syncthing web UI
+      # 12345 # tildefriends
+      # 13378 # audiobookshelf
+    ];
+    firewall.allowedUDPPorts = [
      12345 # tildefriends
-        13378 # audiobookshelf
    ];
-      allowedUDPPorts = [
-        8080 # ?
-      ];
-    };
  };

  users.users.user.openssh.authorizedKeys.keys = [
@ -54,11 +43,11 @@ in {
  # services.vedirect-reader.enable = true;

  virtualisation.docker.enable = true;
-  services.flatpak.enable = false;

  services.syncthing = {
    dataDir = lib.mkForce "/home/user";
    configDir = lib.mkForce "/data/sync/configuration/";
+    guiAddress = "0.0.0.0:8384";
  };

  environment.systemPackages = with pkgs; [
--- a/hosts/stuff/configuration.nix
+++ b/hosts/stuff/configuration.nix
@ -44,7 +44,7 @@ in {
    enableKwallet = true;
  };

-  services.printing.drivers = [ pkgs.cnijfilter2 ];
+  services.printing.drivers = [pkgs.cnijfilter2];

  environment.systemPackages = with pkgs; [
    # Additional system packages here
--- a/hosts/yaseen/configuration.nix
+++ b/hosts/yaseen/configuration.nix
@ -48,6 +48,7 @@ in {

    # Personal modules
    # ../../modules/nixos/tildefriends.nix
+    inputs.agenix.nixosModules.default
  ];

  # RGB Keyboard backight
@ -111,6 +112,9 @@ in {
    logseq
    nix-tree
    android-studio
+    lutris
+
+    inputs.agenix.packages.x86_64-linux.default
  ];

  fonts.packages = with pkgs; [
@ -162,7 +166,7 @@ in {
    ];
  };

-  services.printing.drivers = [ pkgs.cnijfilter2 ];
+  services.printing.drivers = [pkgs.cnijfilter2];

  services.ollama = {
    enable = true;
--- a/secrets.nix
+++ b/secrets.nix
@ -0,0 +1,5 @@
+let
+  sshKeys = import ./crypto/ssh-keys.nix;
+in {
+  "crypto/wifi.age".publicKeys = [sshKeys.host.yaseen sshKeys.tasia.yaseen];
+}