From 947db560f06448fa66b9bc8623a4d1e2d8651f40 Mon Sep 17 00:00:00 2001 From: doloro Date: Sun, 21 Sep 2025 16:10:42 +0100 Subject: [PATCH] meows at you (nix) --- .gitignore | 1 + nix/.sops.yaml | 8 ++++++++ nix/configuration.nix | 29 ++++++++++++++++++--------- nix/flake.lock | 23 ++++++++++++++++++++- nix/flake.nix | 6 +++++- nix/nvim | 0 nix/secrets/users.yaml | 17 ++++++++++++++++ nvim/config/telescope-filebrowser.lua | 1 + 8 files changed, 74 insertions(+), 11 deletions(-) create mode 100644 nix/.sops.yaml create mode 100644 nix/nvim create mode 100644 nix/secrets/users.yaml diff --git a/.gitignore b/.gitignore index 7c54810..c444c8f 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ nix/result +nix/nixos.qcow2 diff --git a/nix/.sops.yaml b/nix/.sops.yaml new file mode 100644 index 0000000..18d75e4 --- /dev/null +++ b/nix/.sops.yaml @@ -0,0 +1,8 @@ +keys: + - &doloro-desktop age1ykcy2r4kk729e7adqxu8s24ujc60z5eux7ma0ca4ruzydwgm5p6qmdp838 +creation_rules: + - path_regex: secrets/.+\.(yaml|json|env|ini|bin)$ + key_groups: + - age: + - *doloro-desktop + diff --git a/nix/configuration.nix b/nix/configuration.nix index 0f18584..b36a828 100644 --- a/nix/configuration.nix +++ b/nix/configuration.nix @@ -19,6 +19,18 @@ # Configure network connections interactively with nmcli or nmtui. networking.networkmanager.enable = true; + sops = { + defaultSopsFile = ./secrets/users.yaml; + secrets = { + root-hashed_password = { + neededForUsers = true; + }; + doloro-hashed_password = { + neededForUsers = true; + }; + }; + }; + # Set your time zone. # time.timeZone = "Europe/Amsterdam"; @@ -57,15 +69,14 @@ # Enable touchpad support (enabled default in most desktopManager). # services.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - # users.users.alice = { - # isNormalUser = true; - # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - # packages = with pkgs; [ - # tree - # ]; - # }; + services.openssh.enable = true; + users.users.doloro = { + isNormalUser = true; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + packages = with pkgs; [ + tree + ]; + }; # programs.firefox.enable = true; diff --git a/nix/flake.lock b/nix/flake.lock index ecefe28..1b9c106 100644 --- a/nix/flake.lock +++ b/nix/flake.lock @@ -430,7 +430,28 @@ "home-manager": "home-manager", "hyprland": "hyprland", "nixpkgs": "nixpkgs_2", - "quickshell": "quickshell" + "quickshell": "quickshell", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758425756, + "narHash": "sha256-L3N8zV6wsViXiD8i3WFyrvjDdz76g3tXKEdZ4FkgQ+Y=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "e0fdaea3c31646e252a60b42d0ed8eafdb289762", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" } }, "systems": { diff --git a/nix/flake.nix b/nix/flake.nix index b5905df..91da7b5 100644 --- a/nix/flake.nix +++ b/nix/flake.nix @@ -13,6 +13,10 @@ url = "git+https://git.outfoxxed.me/outfoxxed/quickshell"; inputs.nixpkgs.follows = "nixpkgs"; }; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = @@ -36,7 +40,7 @@ # to pass through arguments to home.nix }; nixosConfigurations.nixos = nixpkgs.lib.nixosSystem { - modules = [ ./configuration.nix ]; + modules = [ ./configuration.nix inputs.sops-nix.nixosModules.sops ]; }; }; } diff --git a/nix/nvim b/nix/nvim new file mode 100644 index 0000000..e69de29 diff --git a/nix/secrets/users.yaml b/nix/secrets/users.yaml new file mode 100644 index 0000000..c78be4a --- /dev/null +++ b/nix/secrets/users.yaml @@ -0,0 +1,17 @@ +doloro-hashed_password: ENC[AES256_GCM,data:RYB/bSNTz1TeGucdFHrxxhOqvqQYvQS3lm44I1Lf3LIEVMXL5s41zxIw0S+JVdlq8I3oHDY4C3o5V4lu+8qAWMyIZYp/6Xp4cw==,iv:yOuKk95skNZ5z805vtoJwvyOdsh08BuyBSgXN+M4Ybo=,tag:QAFhUYuqHT6Spw/l4feY4g==,type:str] +root-hashed_password: ENC[AES256_GCM,data:vzVtz1Ht4XD+omdKjU/Zvoaftq8jKE4kxOjAGZTvoYI07hjItR2TSsYrLw0lwsxyJosfoyF3bVsZSFCuuN7njdchGMSSujZJhg==,iv:0av3n4fcGOHYQB4zidt/qn+blBSiDQ29LN15sVufLLs=,tag:nKKVDbCGxB7wDrMPAyJOaw==,type:str] +sops: + age: + - recipient: age1ykcy2r4kk729e7adqxu8s24ujc60z5eux7ma0ca4ruzydwgm5p6qmdp838 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJYU8wczhvZXVscnJiK1Q3 + WEdibmFLTHRjWmtoTXJmT1J1UFduaUJ6d2dvClZmNHZHYmpwZUR0MmVZeTBEZmxr + WE11TnlodmNqbEFwTUlPd1ZFc2tJTVkKLS0tIDZyMk5iZjFLWlpjOFZwTnNtcGpG + SUVwVjZ3MEhPRFJ0V25GYnNhL2ZSczQKHJbpKEyWBNnyBBXKHMz+WefSr/iMiCin + BftZDPEMaogAE+OIlSvTCDV5i8WMfPvt9laGI2pCNsPB/ke+WwXUUg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-09-21T15:03:11Z" + mac: ENC[AES256_GCM,data:8z442Ny6iTUXR/daGASDfwf7KfiQbVdMor1xwSakmcVk5gFCI3fxRyJKOMDfYxdPuxHLarDowm2VYy0ismlduxaMs/7nK05Ry0issEeHlt1SGWiHqnfcjTvaiVhgh7k43nUIDnY7Vxe6cumBGhyW1xSKH4B6jUweaZyjn9V/ZCk=,iv:YpRnYD/FDhreWQUBmx7bEWWPFgofWbHKo7CIO0obuiM=,tag:zxOBTfEP4GxMV2DrhvKTNA==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/nvim/config/telescope-filebrowser.lua b/nvim/config/telescope-filebrowser.lua index 79502c0..d3e4ecc 100644 --- a/nvim/config/telescope-filebrowser.lua +++ b/nvim/config/telescope-filebrowser.lua @@ -4,6 +4,7 @@ require("telescope").setup { theme = "ivy", -- disables netrw and use telescope-file-browser in its place hijack_netrw = true, + hidden = { file_browser = true, folder_browser = true }, mappings = { ["i"] = { -- your custom insert mode mappings