From c31864133e7c94dba30fd3702604b08821be0d6b Mon Sep 17 00:00:00 2001 From: Sean Kovacs Date: Thu, 2 Apr 2026 19:17:01 -0400 Subject: [PATCH 1/3] alien: add some windows compat programs --- system/hosts/alien/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/system/hosts/alien/default.nix b/system/hosts/alien/default.nix index 424e6b6..db709fe 100644 --- a/system/hosts/alien/default.nix +++ b/system/hosts/alien/default.nix @@ -9,6 +9,11 @@ ddcutil mangohud openrgb + p7zip + protontricks + zenity + wineWow64Packages.stable + wineWow64Packages.waylandFull ]; # enable ddcutil From fab570dd29cf58e6fd1f75c2be62ee451c45125f Mon Sep 17 00:00:00 2001 From: Sean Kovacs Date: Thu, 2 Apr 2026 19:36:49 -0400 Subject: [PATCH 2/3] many changes: prepare to allow multiple users --- flake.nix | 52 +++++------------- home/hosts/vm-generic/default.nix | 11 ---- home/{ => sckova}/apps/default.nix | 0 home/{ => sckova}/apps/discord.nix | 0 home/{ => sckova}/apps/firefox.nix | 0 .../apps/firefox_css/theme/hide.css | 0 .../apps/firefox_css/theme/theme-new.css | 0 .../apps/firefox_css/theme/theme.css | 0 .../apps/firefox_css/userChrome.css | 0 home/{ => sckova}/apps/mpv.nix | 0 home/{ => sckova}/apps/vencord.nix | 0 home/{ => sckova}/apps/vscode.nix | 0 home/sckova/default.nix | 8 +++ home/{ => sckova}/games/default.nix | 0 home/{ => sckova}/games/minecraft.nix | 0 home/{ => sckova}/games/morrowind.nix | 0 home/{ => sckova}/hosts/alien/default.nix | 0 home/{ => sckova}/hosts/peach/default.nix | 0 home/{ => sckova}/services/default.nix | 0 home/{ => sckova}/services/gtk.nix | 0 home/{ => sckova}/services/qt.nix | 0 home/{ => sckova}/services/systemd.nix | 0 home/{ => sckova}/terminal/btop.conf | 0 home/{ => sckova}/terminal/btop.nix | 0 home/{ => sckova}/terminal/default.nix | 0 home/{ => sckova}/terminal/fish.nix | 0 .../terminal/fish_functions/fish-prompt.fish | 0 .../terminal/fish_functions/kitty-ssh.fish | 0 .../terminal/fish_functions/nix-shell.fish | 0 home/{ => sckova}/terminal/kitty.nix | 0 home/{ => sckova}/terminal/neovim.nix | 0 home/{ => sckova}/tiling/default.nix | 0 home/{ => sckova}/tiling/niri.nix | 0 home/{ => sckova}/tiling/noctalia.nix | 4 +- home/{ => sckova}/tiling/wallpaper.nix | 0 options.nix | 14 ++--- system/default.nix | 33 +++--------- system/games/default.nix | 37 +++++++++++++ system/hosts/alien/default.nix | 6 +-- system/hosts/peach/default.nix | 3 +- system/hosts/vm-generic/default.nix | 17 ------ system/torrenting/default.nix | 53 ------------------- 42 files changed, 80 insertions(+), 158 deletions(-) delete mode 100644 home/hosts/vm-generic/default.nix rename home/{ => sckova}/apps/default.nix (100%) rename home/{ => sckova}/apps/discord.nix (100%) rename home/{ => sckova}/apps/firefox.nix (100%) rename home/{ => sckova}/apps/firefox_css/theme/hide.css (100%) rename home/{ => sckova}/apps/firefox_css/theme/theme-new.css (100%) rename home/{ => sckova}/apps/firefox_css/theme/theme.css (100%) rename home/{ => sckova}/apps/firefox_css/userChrome.css (100%) rename home/{ => sckova}/apps/mpv.nix (100%) rename home/{ => sckova}/apps/vencord.nix (100%) rename home/{ => sckova}/apps/vscode.nix (100%) create mode 100644 home/sckova/default.nix rename home/{ => sckova}/games/default.nix (100%) rename home/{ => sckova}/games/minecraft.nix (100%) rename home/{ => sckova}/games/morrowind.nix (100%) rename home/{ => sckova}/hosts/alien/default.nix (100%) rename home/{ => sckova}/hosts/peach/default.nix (100%) rename home/{ => sckova}/services/default.nix (100%) rename home/{ => sckova}/services/gtk.nix (100%) rename home/{ => sckova}/services/qt.nix (100%) rename home/{ => sckova}/services/systemd.nix (100%) rename home/{ => sckova}/terminal/btop.conf (100%) rename home/{ => sckova}/terminal/btop.nix (100%) rename home/{ => sckova}/terminal/default.nix (100%) rename home/{ => sckova}/terminal/fish.nix (100%) rename home/{ => sckova}/terminal/fish_functions/fish-prompt.fish (100%) rename home/{ => sckova}/terminal/fish_functions/kitty-ssh.fish (100%) rename home/{ => sckova}/terminal/fish_functions/nix-shell.fish (100%) rename home/{ => sckova}/terminal/kitty.nix (100%) rename home/{ => sckova}/terminal/neovim.nix (100%) rename home/{ => sckova}/tiling/default.nix (100%) rename home/{ => sckova}/tiling/niri.nix (100%) rename home/{ => sckova}/tiling/noctalia.nix (99%) rename home/{ => sckova}/tiling/wallpaper.nix (100%) create mode 100644 system/games/default.nix delete mode 100644 system/hosts/vm-generic/default.nix delete mode 100644 system/torrenting/default.nix diff --git a/flake.nix b/flake.nix index e7d4f3b..85670e8 100644 --- a/flake.nix +++ b/flake.nix @@ -72,14 +72,6 @@ ... }: let - # All systems we want to support for the generic VM - # to run the vm: - # nixos-rebuild build-vm --flake ~/nix#$(nix eval --raw --impure --expr 'builtins.currentSystem') - supportedSystems = [ - "x86_64-linux" - "aarch64-linux" - ]; - # Shared config for all package sets pkgConfig = { allowUnfree = true; @@ -139,11 +131,6 @@ "root" "sckova" ]; - - # Increase file descriptor limit for builds - # sandbox = "relaxed"; - # extra-sandbox-paths = [ ]; - # build-users-group = "nixbld"; }; gc = { @@ -170,9 +157,10 @@ ]; }; } + ./options.nix ./system ./system/searxng - ./system/torrenting + ./system/games ./system/widevine ./system/shell/fish.nix ./system/tailscale @@ -189,12 +177,13 @@ imports = [ ./home ./options.nix - ./home/apps - ./home/games - ./home/hosts/${hostname} - ./home/services - ./home/terminal - ./home/tiling + ./home/sckova + ./home/sckova/apps + ./home/sckova/games + ./home/sckova/hosts/${hostname} + ./home/sckova/services + ./home/sckova/terminal + ./home/sckova/tiling ]; }; sharedModules = [ @@ -238,8 +227,8 @@ home.username = user; home.homeDirectory = "/home/${user}"; modules = [ - ./home - ./home/hosts/${hostname}.nix + ./home/${user} + ./home/${user}/hosts/${hostname}.nix home-manager.homeModules.home-manager niri.homeModules.default noctalia.homeModules.noctalia @@ -266,14 +255,7 @@ } ]; }; - } - // nixpkgs.lib.genAttrs supportedSystems ( - system: - mkNixosSystem { - hostname = "vm-generic"; - inherit system; - } - ); + }; homeConfigurations = { peach = mkHomeConfig { @@ -286,14 +268,6 @@ hostname = "alien"; system = "x86_64-linux"; }; - } - // nixpkgs.lib.genAttrs supportedSystems ( - system: - mkHomeConfig { - user = "sckova"; - hostname = "vm-generic"; - inherit system; - } - ); + }; }; } diff --git a/home/hosts/vm-generic/default.nix b/home/hosts/vm-generic/default.nix deleted file mode 100644 index 6572e4a..0000000 --- a/home/hosts/vm-generic/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - config, - pkgs, - ... -}: -{ - colors = { - scheme = "catppuccin-mocha"; - accent = "base0B"; - }; -} diff --git a/home/apps/default.nix b/home/sckova/apps/default.nix similarity index 100% rename from home/apps/default.nix rename to home/sckova/apps/default.nix diff --git a/home/apps/discord.nix b/home/sckova/apps/discord.nix similarity index 100% rename from home/apps/discord.nix rename to home/sckova/apps/discord.nix diff --git a/home/apps/firefox.nix b/home/sckova/apps/firefox.nix similarity index 100% rename from home/apps/firefox.nix rename to home/sckova/apps/firefox.nix diff --git a/home/apps/firefox_css/theme/hide.css b/home/sckova/apps/firefox_css/theme/hide.css similarity index 100% rename from home/apps/firefox_css/theme/hide.css rename to home/sckova/apps/firefox_css/theme/hide.css diff --git a/home/apps/firefox_css/theme/theme-new.css b/home/sckova/apps/firefox_css/theme/theme-new.css similarity index 100% rename from home/apps/firefox_css/theme/theme-new.css rename to home/sckova/apps/firefox_css/theme/theme-new.css diff --git a/home/apps/firefox_css/theme/theme.css b/home/sckova/apps/firefox_css/theme/theme.css similarity index 100% rename from home/apps/firefox_css/theme/theme.css rename to home/sckova/apps/firefox_css/theme/theme.css diff --git a/home/apps/firefox_css/userChrome.css b/home/sckova/apps/firefox_css/userChrome.css similarity index 100% rename from home/apps/firefox_css/userChrome.css rename to home/sckova/apps/firefox_css/userChrome.css diff --git a/home/apps/mpv.nix b/home/sckova/apps/mpv.nix similarity index 100% rename from home/apps/mpv.nix rename to home/sckova/apps/mpv.nix diff --git a/home/apps/vencord.nix b/home/sckova/apps/vencord.nix similarity index 100% rename from home/apps/vencord.nix rename to home/sckova/apps/vencord.nix diff --git a/home/apps/vscode.nix b/home/sckova/apps/vscode.nix similarity index 100% rename from home/apps/vscode.nix rename to home/sckova/apps/vscode.nix diff --git a/home/sckova/default.nix b/home/sckova/default.nix new file mode 100644 index 0000000..f507113 --- /dev/null +++ b/home/sckova/default.nix @@ -0,0 +1,8 @@ +{ + # the user to activate + userOptions = { + name = "Sean Kovacs"; + username = "sckova"; + email = "kovacsmillio@gmail.com"; + }; +} diff --git a/home/games/default.nix b/home/sckova/games/default.nix similarity index 100% rename from home/games/default.nix rename to home/sckova/games/default.nix diff --git a/home/games/minecraft.nix b/home/sckova/games/minecraft.nix similarity index 100% rename from home/games/minecraft.nix rename to home/sckova/games/minecraft.nix diff --git a/home/games/morrowind.nix b/home/sckova/games/morrowind.nix similarity index 100% rename from home/games/morrowind.nix rename to home/sckova/games/morrowind.nix diff --git a/home/hosts/alien/default.nix b/home/sckova/hosts/alien/default.nix similarity index 100% rename from home/hosts/alien/default.nix rename to home/sckova/hosts/alien/default.nix diff --git a/home/hosts/peach/default.nix b/home/sckova/hosts/peach/default.nix similarity index 100% rename from home/hosts/peach/default.nix rename to home/sckova/hosts/peach/default.nix diff --git a/home/services/default.nix b/home/sckova/services/default.nix similarity index 100% rename from home/services/default.nix rename to home/sckova/services/default.nix diff --git a/home/services/gtk.nix b/home/sckova/services/gtk.nix similarity index 100% rename from home/services/gtk.nix rename to home/sckova/services/gtk.nix diff --git a/home/services/qt.nix b/home/sckova/services/qt.nix similarity index 100% rename from home/services/qt.nix rename to home/sckova/services/qt.nix diff --git a/home/services/systemd.nix b/home/sckova/services/systemd.nix similarity index 100% rename from home/services/systemd.nix rename to home/sckova/services/systemd.nix diff --git a/home/terminal/btop.conf b/home/sckova/terminal/btop.conf similarity index 100% rename from home/terminal/btop.conf rename to home/sckova/terminal/btop.conf diff --git a/home/terminal/btop.nix b/home/sckova/terminal/btop.nix similarity index 100% rename from home/terminal/btop.nix rename to home/sckova/terminal/btop.nix diff --git a/home/terminal/default.nix b/home/sckova/terminal/default.nix similarity index 100% rename from home/terminal/default.nix rename to home/sckova/terminal/default.nix diff --git a/home/terminal/fish.nix b/home/sckova/terminal/fish.nix similarity index 100% rename from home/terminal/fish.nix rename to home/sckova/terminal/fish.nix diff --git a/home/terminal/fish_functions/fish-prompt.fish b/home/sckova/terminal/fish_functions/fish-prompt.fish similarity index 100% rename from home/terminal/fish_functions/fish-prompt.fish rename to home/sckova/terminal/fish_functions/fish-prompt.fish diff --git a/home/terminal/fish_functions/kitty-ssh.fish b/home/sckova/terminal/fish_functions/kitty-ssh.fish similarity index 100% rename from home/terminal/fish_functions/kitty-ssh.fish rename to home/sckova/terminal/fish_functions/kitty-ssh.fish diff --git a/home/terminal/fish_functions/nix-shell.fish b/home/sckova/terminal/fish_functions/nix-shell.fish similarity index 100% rename from home/terminal/fish_functions/nix-shell.fish rename to home/sckova/terminal/fish_functions/nix-shell.fish diff --git a/home/terminal/kitty.nix b/home/sckova/terminal/kitty.nix similarity index 100% rename from home/terminal/kitty.nix rename to home/sckova/terminal/kitty.nix diff --git a/home/terminal/neovim.nix b/home/sckova/terminal/neovim.nix similarity index 100% rename from home/terminal/neovim.nix rename to home/sckova/terminal/neovim.nix diff --git a/home/tiling/default.nix b/home/sckova/tiling/default.nix similarity index 100% rename from home/tiling/default.nix rename to home/sckova/tiling/default.nix diff --git a/home/tiling/niri.nix b/home/sckova/tiling/niri.nix similarity index 100% rename from home/tiling/niri.nix rename to home/sckova/tiling/niri.nix diff --git a/home/tiling/noctalia.nix b/home/sckova/tiling/noctalia.nix similarity index 99% rename from home/tiling/noctalia.nix rename to home/sckova/tiling/noctalia.nix index a083222..b88701c 100644 --- a/home/tiling/noctalia.nix +++ b/home/sckova/tiling/noctalia.nix @@ -348,7 +348,7 @@ animationDisabled = false; animationSpeed = 1; autoStartAuth = false; - avatarImage = "/home/sckova/.face"; + avatarImage = "/home/${config.userOptions.username}/.face"; boxRadiusRatio = 1; clockFormat = "hh\\nmm"; clockStyle = "custom"; @@ -559,7 +559,7 @@ wallpaper = { automationEnabled = false; - directory = "/home/sckova/.local/share/wallpaper"; + directory = "/home/${config.userOptions.username}/.local/share/wallpaper"; enableMultiMonitorDirectories = false; enabled = false; fillColor = "#1e1e2e"; diff --git a/home/tiling/wallpaper.nix b/home/sckova/tiling/wallpaper.nix similarity index 100% rename from home/tiling/wallpaper.nix rename to home/sckova/tiling/wallpaper.nix diff --git a/options.nix b/options.nix index 0f62b2b..94e6dfa 100644 --- a/options.nix +++ b/options.nix @@ -19,24 +19,24 @@ userOptions = { name = lib.mkOption { type = lib.types.str; - readOnly = true; + readOnly = false; default = "Sean Kovacs"; }; username = lib.mkOption { type = lib.types.str; - readOnly = true; + readOnly = false; default = "sckova"; }; + email = lib.mkOption { + type = lib.types.str; + readOnly = false; + default = "kovacsmillio@gmail.com"; + }; hostname = lib.mkOption { type = lib.types.str; readOnly = true; default = config.system.name; }; - email = lib.mkOption { - type = lib.types.str; - readOnly = true; - default = "kovacsmillio@gmail.com"; - }; fontSans = { name = lib.mkOption { type = lib.types.str; diff --git a/system/default.nix b/system/default.nix index e6a4f03..c6c6b5f 100755 --- a/system/default.nix +++ b/system/default.nix @@ -7,6 +7,13 @@ ... }: { + # the user to activate + userOptions = { + name = "Sean Kovacs"; + username = "sckova"; + email = "kovacsmillio@gmail.com"; + }; + boot = { plymouth.enable = true; plymouth.logo = "${pkgs.nixos-icons}/share/icons/hicolor/64x64/apps/nix-snowflake-white.png"; @@ -49,19 +56,6 @@ }; programs = { - gamescope = { - enable = true; - capSysNice = false; - args = [ - "--output-width 3840" - "--nested-width 3840" - "--output-height 2160" - "--nested-height 2160" - "--expose-wayland" - "--fullscreen" - ]; - }; - gamemode.enable = true; gnupg.agent = { enable = true; enableSSHSupport = true; @@ -107,7 +101,7 @@ services = { displayManager = { autoLogin.enable = true; - autoLogin.user = "sckova"; + autoLogin.user = config.userOptions.username; defaultSession = "niri"; sddm.enable = true; sddm.wayland.enable = true; @@ -128,17 +122,6 @@ upower.enable = true; power-profiles-daemon.enable = true; openssh.enable = true; - ananicy = { - enable = true; - package = pkgs.ananicy-cpp; - rulesProvider = pkgs.ananicy-cpp; - extraRules = [ - { - "name" = "gamescope"; - "nice" = -20; - } - ]; - }; }; environment.systemPackages = with pkgs; [ diff --git a/system/games/default.nix b/system/games/default.nix new file mode 100644 index 0000000..cbe1d88 --- /dev/null +++ b/system/games/default.nix @@ -0,0 +1,37 @@ +{ + config, + pkgs, + lib, + ... +}: +{ + programs = { + gamescope = { + enable = true; + capSysNice = false; + args = [ + "--output-width 3840" + "--nested-width 3840" + "--output-height 2160" + "--nested-height 2160" + "--expose-wayland" + "--fullscreen" + ]; + }; + gamemode.enable = true; + }; + + services = { + ananicy = { + enable = true; + package = pkgs.ananicy-cpp; + rulesProvider = pkgs.ananicy-cpp; + extraRules = [ + { + "name" = "gamescope"; + "nice" = -20; + } + ]; + }; + }; +} diff --git a/system/hosts/alien/default.nix b/system/hosts/alien/default.nix index db709fe..7ba7577 100644 --- a/system/hosts/alien/default.nix +++ b/system/hosts/alien/default.nix @@ -17,7 +17,7 @@ ]; # enable ddcutil - users.users.sckova.extraGroups = [ "i2c" ]; + users.users.${config.userOptions.username}.extraGroups = [ "i2c" ]; boot.extraModulePackages = [ config.boot.kernelPackages.ddcci-driver ]; boot.kernelModules = [ "i2c-dev" @@ -78,7 +78,7 @@ # i don't even remember what this does or why i added it systemd.tmpfiles.rules = [ "L+ /var/lib/qemu/firmware - - - - ${pkgs.qemu}/share/qemu/firmware" - "d /mnt/storage 0775 sckova users - -" + "d /mnt/storage 0775 ${config.userOptions.username} users - -" ]; services.factorio = { @@ -90,6 +90,6 @@ # bind = "[::]"; # support IPv6 game-name = "kova's minecraft"; game-password = "ThisIsASuperSecurePasswordThatNobodyWillGuess"; - admins = [ "sckova" ]; + admins = [ config.userOptions.username ]; }; } diff --git a/system/hosts/peach/default.nix b/system/hosts/peach/default.nix index 8c9f53e..22394cc 100644 --- a/system/hosts/peach/default.nix +++ b/system/hosts/peach/default.nix @@ -1,4 +1,5 @@ { + config, pkgs, lib, ... @@ -46,7 +47,7 @@ in setSocketVariable = true; }; }; - users.users.sckova.extraGroups = [ "docker" ]; + users.users.${config.userOptions.username}.extraGroups = [ "docker" ]; hardware.asahi = { enable = true; diff --git a/system/hosts/vm-generic/default.nix b/system/hosts/vm-generic/default.nix deleted file mode 100644 index ef46a45..0000000 --- a/system/hosts/vm-generic/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ ... }: -{ - home-manager.users.sckova = { - imports = [ ]; - }; - - services.spice-vdagentd.enable = true; - - virtualisation.vmVariant = { - virtualisation = { - memorySize = 8192; - cores = 6; - }; - }; - - security.sudo.wheelNeedsPassword = false; -} diff --git a/system/torrenting/default.nix b/system/torrenting/default.nix deleted file mode 100644 index 2a59d85..0000000 --- a/system/torrenting/default.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - users.users.sckova.extraGroups = [ "qbittorrent" ]; - services = { - qbittorrent = { - enable = false; - serverConfig = { - Preferences = { - Advanced.useSystemIconTheme = true; - General = { - CloseToTray = false; - CloseToTrayNotified = true; - ExitConfirm = false; - Locale = "en"; - }; - WebUI = { - Address = "*"; - Enabled = true; - Port = 9697; - UseUPnP = false; - }; - BitTorrent = { - SessionGlobalDLSpeedLimit = 0; - GlobalUPSpeedLimit = 0; - Port = 42578; - QueueingSystemEnabled = false; - SSL.Port = 63114; - StartPaused = false; - }; - }; - }; - }; - flaresolverr = { - enable = true; - port = 8191; - }; - prowlarr = { - enable = true; - settings = { - server = { - urlbase = "localhost"; - port = 9696; - bindaddress = "*"; - }; - }; - }; - }; -} From 330087d4ffc6814314fa300960c160d0a692fe21 Mon Sep 17 00:00:00 2001 From: Sean Kovacs Date: Fri, 3 Apr 2026 10:30:18 -0400 Subject: [PATCH 3/3] add sops-nix --- .sops.yaml | 17 +++++++++++++ flake.lock | 21 ++++++++++++++++ flake.nix | 13 ++++++++-- home/sckova/default.nix | 2 ++ home/sckova/services/systemd.nix | 16 ++++-------- home/sckova/terminal/default.nix | 1 + home/sckova/terminal/neovim.nix | 2 +- secrets/secrets.yaml | 42 ++++++++++++++++++++++++++++++++ sops-example.yaml | 7 ++++++ sops.nix | 16 ++++++++++++ system/default.nix | 3 +++ system/searxng/default.nix | 10 +++----- 12 files changed, 130 insertions(+), 20 deletions(-) create mode 100644 .sops.yaml create mode 100644 secrets/secrets.yaml create mode 100644 sops-example.yaml create mode 100644 sops.nix diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..29d2689 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,17 @@ +# This example uses YAML anchors which allows reuse of multiple keys +# without having to repeat yourself. +# Also see https://github.com/Mic92/dotfiles/blob/d6114726d859df36ccaa32891c4963ae5717ef7f/nixos/.sops.yaml +# for a more complex example. +keys: + - &admin_sckova 7622FD7E6AB9F1E9D2CEFE2700F325187C68651A + - &user_sckova age1k9zp37p9sejvpvwu688t7jkl8utkugrsch7a9ahufpq7uhj609gqsd3wka + - &host_peach age1dx9rwrkhqj8sfr8vdfsgrqjwqefzmgtugsp6ykklpudfw4hcnuyqx9x20e + +creation_rules: + - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - pgp: + - *admin_sckova + age: + - *user_sckova + - *host_peach diff --git a/flake.lock b/flake.lock index 8713751..e30e694 100644 --- a/flake.lock +++ b/flake.lock @@ -483,9 +483,30 @@ "noctalia": "noctalia", "nur": "nur", "openmw": "openmw", + "sops-nix": "sops-nix", "tt-schemes": "tt-schemes" } }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1774910634, + "narHash": "sha256-B+rZDPyktGEjOMt8PcHKYmgmKoF+GaNAFJhguktXAo0=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "19bf3d8678fbbfbc173beaa0b5b37d37938db301", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 85670e8..55809e3 100644 --- a/flake.nix +++ b/flake.nix @@ -17,6 +17,11 @@ flake = false; }; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; @@ -63,6 +68,7 @@ apple-silicon, base16, tt-schemes, + sops-nix, home-manager, niri, noctalia, @@ -151,13 +157,13 @@ "podman" "pipewire" ]; - hashedPassword = "$6$bvwRUFaJNMpH8rm3$FGDWFN6tBScJ/2DynAjnlZE8JRfyADN78d6c4GawxpAjyNLNE/AjQzMA09tLRqpKX7WnN5PIUZLAm2bT9/RbG0"; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCn/eXMq04vcXNqGVzlZOw2C2dQYBqzWsoigdFW09XqC2WPaGljbAIayzaD7Q1tIlPGGy10+nipAXAk1CHAnrQ2KSg4v/SwFphF48V3joeQmideC4vo0EIQEQibbMtj3oFezqRcRZINl/1hr4t0myZ3zkoTjh3HCkqJEMGUdArDMEVPA5mwcKSLsyshW9LMG/3C9YKKPU1/lVsoeDkj8AVZA0srhkApuRKF0IVu8KoPd6ldvSWgpQ1iuQ+MEMSeOUJytieBkzeY9zEVePaQ86oIMDUzqq8OTN37RyShiJKPskKyj12rJI2eFtI/viGaj8P6/yvKqMp3F4kAsPAuvMLLAIYCNa+139rDpkkIKB6lVtgq0jnJGRywaYXGIRyExNcVAr8I9wrNnNN2M4whVeYBxfLMzKZ+VvfK39AaGvnzPuFDLqUC87sN4c/1KZQo+TCtlaxcYvqowWylw5JHUt8uwFcO/dUebQxxAv8EdyPZGJ/54y19PsTbu9KyxSc2gIU= sckova" ]; }; } ./options.nix + ./sops.nix ./system ./system/searxng ./system/games @@ -167,8 +173,8 @@ ./system/hosts/${hostname} ./hardware/${hostname} niri.nixosModules.niri + sops-nix.nixosModules.sops home-manager.nixosModules.home-manager - noctalia.nixosModules.default { home-manager = { useGlobalPkgs = true; @@ -177,6 +183,7 @@ imports = [ ./home ./options.nix + ./sops.nix ./home/sckova ./home/sckova/apps ./home/sckova/games @@ -187,6 +194,7 @@ ]; }; sharedModules = [ + sops-nix.homeManagerModules.sops base16.nixosModule ( { config, ... }: @@ -205,6 +213,7 @@ }; }; } + noctalia.nixosModules.default ] ++ extraModules; }; diff --git a/home/sckova/default.nix b/home/sckova/default.nix index f507113..6513c7e 100644 --- a/home/sckova/default.nix +++ b/home/sckova/default.nix @@ -5,4 +5,6 @@ username = "sckova"; email = "kovacsmillio@gmail.com"; }; + + sops.age.keyFile = "/home/sckova/.config/sops/age/keys.txt"; } diff --git a/home/sckova/services/systemd.nix b/home/sckova/services/systemd.nix index 5e1d681..ab47600 100644 --- a/home/sckova/services/systemd.nix +++ b/home/sckova/services/systemd.nix @@ -1,7 +1,6 @@ { config, pkgs, - lib, ... }: { @@ -11,16 +10,11 @@ XCURSOR_PATH = config.userOptions.cursor.path; }; - xdg.configFile."rclone/synology.conf".text = '' + sops.templates."synology.conf".content = '' [synology] - type = sftp - user = sckova + type = smb host = nas.taila30609.ts.net - key_file = ~/.ssh/key - shell_type = unix - root = home - md5sum_command = "${pkgs.coreutils}/bin/md5sum"; - sha1sum_command = "${pkgs.coreutils}/bin/sha1sum"; + pass = ${config.sops.placeholder.rclone_synology} ''; systemd.user.services.synology-mount = { @@ -48,11 +42,11 @@ # Mount rclone in foreground ${pkgs.rclone}/bin/rclone \ - --config=$HOME/.config/rclone/synology.conf \ + --config=${config.sops.templates."synology.conf".path} \ --ignore-checksum \ --log-level INFO \ --rc --rc-serve \ - mount "synology:" "$HOME/Synology" + mount "synology:home" "$HOME/Synology" ''}"; ExecStop = "/run/wrappers/bin/fusermount -uz %h/Synology/%i"; StandardOutput = "journal"; diff --git a/home/sckova/terminal/default.nix b/home/sckova/terminal/default.nix index e87624e..a230d8d 100644 --- a/home/sckova/terminal/default.nix +++ b/home/sckova/terminal/default.nix @@ -66,6 +66,7 @@ }; core.pager = "${pkgs.bat}/bin/bat"; commit.gpgsign = true; + init.defaultBranch = "main"; }; }; bat = { diff --git a/home/sckova/terminal/neovim.nix b/home/sckova/terminal/neovim.nix index 4284b61..3610d8e 100644 --- a/home/sckova/terminal/neovim.nix +++ b/home/sckova/terminal/neovim.nix @@ -5,7 +5,7 @@ ... }: { - home.sessionVariables.EDITOR = lib.mkForce "kitty nvim"; + home.sessionVariables.EDITOR = lib.mkForce "nvim"; programs.nixvim = { enable = true; diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml new file mode 100644 index 0000000..7d9466c --- /dev/null +++ b/secrets/secrets.yaml @@ -0,0 +1,42 @@ +#ENC[AES256_GCM,data:TggQPAlRHvMKs5nMF7arHHoXjj6+1c0n1DuIS5UFXuRob9E2AHn3JCObcPW/IH0JOcg=,iv:PFDAr1ZQMu158TglCPFqK548LfOtYHT+7zon83JN8IY=,tag:72fhZeqDG7yK+pv1k330zA==,type:comment] +searxng_secret: ENC[AES256_GCM,data:j/PY84sAXdcP/WaekjhT+wYDa1Q9OBWchrAUKpW7ygSEMqbiIx5i/bmjyqjifnZqKvy/hgF/SA2ZbFKsQ5jjpQ==,iv:8Sv9WTjO+Vkrgmd+V6l7vdMPPtjBVkWfeG/DRsbhQYE=,tag:jc3HWlyAUUmkzZMnv8Kbmw==,type:str] +#ENC[AES256_GCM,data:HBJEtuvZUeUD51q8/d+d6lQ4Yke1RfHDqo4P9l21mbvF2rrHp0KRNH0=,iv:cNpmj145TKmF/bNQN3wFeAXoqWkLxu0bqvEhydRQZcs=,tag:x02R5lfpYUMZw3eSRA5MIA==,type:comment] +rclone_synology: ENC[AES256_GCM,data:2k9aYyXMDDYt740VUUvvTSUQ+ybK3PIkBetqw5wmCXYEumk=,iv:J3ZFY3iX7OHoriJNHbmCYHglwNeh+T1UP9q608wAXGU=,tag:QmyVZQiQzBhoB9jkOiruhw==,type:str] +#ENC[AES256_GCM,data:CvsKAAXJQWM8t5bc0eInokZr,iv:YpEJYqyDNGydfrUBoLeUyJsnai/jMAo0PojRmpVPmN8=,tag:9DoQE+Wic5OnWcGIZNFsIg==,type:comment] +sckova_password: ENC[AES256_GCM,data:JgXq8TyCGI072g==,iv:kPme4bkmAfj+np32LoAcDWoQA2qFnTdqnyTSwB2TvBk=,tag:hAPQ+dWW+7QstyEdvSvpGw==,type:str] +sops: + age: + - recipient: age1k9zp37p9sejvpvwu688t7jkl8utkugrsch7a9ahufpq7uhj609gqsd3wka + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtK09BZUN6aUhIQ0oyOU9N + UW5SWXJoUEJ1U2NLNnl3UjFFajd1U3MwUnpvCjhYa1RES3RSTTVURVU2bVp5b3A1 + dWVxRHQ1bGh5QUlxRmNhSXRnUDRUa1EKLS0tIHlnUFZDem9mdWFVNDNCQjM0OWND + OGF4VjkyTGt5ckl1T2RLRm8rUFUxQlUKSviKzkL/JLy/JTaKXCi5+hr5Cy6dtu+S + qOhPWCFcNVM6TaJnFNEik6r39E0+C6qmkzdxN1KLjLYzg+DEcxAOnA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1dx9rwrkhqj8sfr8vdfsgrqjwqefzmgtugsp6ykklpudfw4hcnuyqx9x20e + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzeW5WcG5jY3loVUl0RG9o + RUxKWmtLcnF3djE2MEoxMTVtVlNJMkJFNmpBCnhjL25TaUl1ZHpIK3c3OW5lcFNS + MFg2eXRPVjRxUHdiMEVrNCs5SGhWMjQKLS0tIHVscFNybnROUTQrRlRYa3FuWkhs + RFExdjVKRi9aMFNWQzBORmFyanNVdWMKUcQ3h7pCLCIi7PaITuAGxv3qLyypDHhY + 1HqXGNP82Xyu4coc6jWQ85dMvRfMkYar6zDNvJmPqHptiHfbDFcVTw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-04-03T13:51:22Z" + mac: ENC[AES256_GCM,data:jQtzEZWE6csGTQE939UAl3xA6ecqLD4aGRqw7KF7GqW0w3FTfC59uel1xM2Nl91Bg42TzYsO9WB3rox5daFAcUgoQE0TNMAbH+w/vkVc3NoJHrWQlV69j8zUAAiNgbAx30l1MIjLS/zJ6Xlt+jkj4FtPfK0d84V/O2KwCBAJ+uM=,iv:+u3muRmMuZJUcUNHJDOqzytxgK60YxxmawwQeUTm9aU=,tag:mR8lTA7dgfOqYqUvCAuYFQ==,type:str] + pgp: + - created_at: "2026-04-03T02:14:12Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DrD+TWkWMG9QSAQdAE1QnXASnQihE7xyQxHo48Dq5VBVG15vuyhPDeEPJsEsw + /oG3t56luiap+vilspLHdxzILvyHQfPpkEOlGvI4TD19t3gIKCOKDTHxMk8BW6p8 + 0lwBgKcqEZdEIHDj84CnG/6/9uK9ycuWiFN4PoTlrE10j+WVnFod1qHLV4ixbomE + kY50t/LrML5Q/oiqUrUk6h9+QrNPfpJ2ei06vpy23PYzrs43MLbAScWvyu9H+A== + =j6c/ + -----END PGP MESSAGE----- + fp: 7622FD7E6AB9F1E9D2CEFE2700F325187C68651A + unencrypted_suffix: _unencrypted + version: 3.12.2 diff --git a/sops-example.yaml b/sops-example.yaml new file mode 100644 index 0000000..23baaf7 --- /dev/null +++ b/sops-example.yaml @@ -0,0 +1,7 @@ +# nix-shell -p openssl --run 'openssl rand -hex 32' +searxng_secret: +# echo 'secretpassword' | rclone obscure - +rclone_synology: +# sckova's password +sckova_password: + diff --git a/sops.nix b/sops.nix new file mode 100644 index 0000000..73c5fe1 --- /dev/null +++ b/sops.nix @@ -0,0 +1,16 @@ +{ + config, + lib, + pkgs, + ... +}: +{ + sops = { + defaultSopsFile = ./secrets/secrets.yaml; + defaultSopsFormat = "yaml"; + secrets = { + searxng_secret = { }; + rclone_synology = { }; + }; + }; +} diff --git a/system/default.nix b/system/default.nix index c6c6b5f..0f96e81 100755 --- a/system/default.nix +++ b/system/default.nix @@ -14,6 +14,9 @@ email = "kovacsmillio@gmail.com"; }; + sops.secrets.sckova_password.neededForUsers = true; + users.users.sckova.hashedPasswordFile = config.sops.secrets.sckova_password.path; + boot = { plymouth.enable = true; plymouth.logo = "${pkgs.nixos-icons}/share/icons/hicolor/64x64/apps/nix-snowflake-white.png"; diff --git a/system/searxng/default.nix b/system/searxng/default.nix index 9aed6d4..e908f80 100644 --- a/system/searxng/default.nix +++ b/system/searxng/default.nix @@ -1,21 +1,19 @@ { lib, - pkgs, config, ... }: { + sops.templates."searxng.env".content = '' + SEARXNG_SECRET=${config.sops.placeholder.searxng_secret} + ''; services.searx = { enable = true; redisCreateLocally = true; + environmentFile = config.sops.templates."searxng.env".path; settings = { server = { - secret_key = lib.removeSuffix "\n" ( - builtins.readFile ( - pkgs.runCommand "gen-key" { buildInputs = [ pkgs.openssl ]; } "openssl rand -hex 32 > $out" - ) - ); port = 5364; bind_address = "127.0.0.1"; };