meows at you (nix)

2025-09-21 16:10:42 +01:00
parent 2281bf2a7b
commit 947db560f0
8 changed files with 74 additions and 11 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 nix/result
+nix/nixos.qcow2
--- a/nix/.sops.yaml
+++ b/nix/.sops.yaml
@@ -0,0 +1,8 @@
+keys:
+  - &doloro-desktop age1ykcy2r4kk729e7adqxu8s24ujc60z5eux7ma0ca4ruzydwgm5p6qmdp838 
+creation_rules:
+  - path_regex: secrets/.+\.(yaml|json|env|ini|bin)$
+    key_groups:
+    - age:
+      - *doloro-desktop
+
--- a/nix/configuration.nix
+++ b/nix/configuration.nix
@@ -19,6 +19,18 @@
  # Configure network connections interactively with nmcli or nmtui.
  networking.networkmanager.enable = true;

+	sops = {
+      defaultSopsFile = ./secrets/users.yaml;
+      secrets = {
+        root-hashed_password = {
+          neededForUsers = true;
+        };
+        doloro-hashed_password = {
+          neededForUsers = true;
+        };
+		};
+	};
+
  # Set your time zone.
  # time.timeZone = "Europe/Amsterdam";

@@ -57,15 +69,14 @@

  # Enable touchpad support (enabled default in most desktopManager).
  # services.libinput.enable = true;
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  # users.users.alice = {
-  #   isNormalUser = true;
-  #   extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
-  #   packages = with pkgs; [
-  #     tree
-  #   ];
-  # };
+	services.openssh.enable = true;
+  users.users.doloro = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+    packages = with pkgs; [
+      tree
+    ];
+  };

  # programs.firefox.enable = true;

--- a/nix/flake.lock
+++ b/nix/flake.lock
@@ -430,7 +430,28 @@
        "home-manager": "home-manager",
        "hyprland": "hyprland",
        "nixpkgs": "nixpkgs_2",
-        "quickshell": "quickshell"
+        "quickshell": "quickshell",
+        "sops-nix": "sops-nix"
+      }
+    },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1758425756,
+        "narHash": "sha256-L3N8zV6wsViXiD8i3WFyrvjDdz76g3tXKEdZ4FkgQ+Y=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "e0fdaea3c31646e252a60b42d0ed8eafdb289762",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
      }
    },
    "systems": {
--- a/nix/flake.nix
+++ b/nix/flake.nix
@@ -13,6 +13,10 @@
 			url = "git+https://git.outfoxxed.me/outfoxxed/quickshell";
 			inputs.nixpkgs.follows = "nixpkgs";
 		};
+		sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
  };

  outputs =
@@ -36,7 +40,7 @@
        # to pass through arguments to home.nix
      };
 			nixosConfigurations.nixos = nixpkgs.lib.nixosSystem {
-      	modules = [ ./configuration.nix ];
+      	modules = [ ./configuration.nix inputs.sops-nix.nixosModules.sops ];
    	};
    };
 }
--- a/nix/nvim
+++ b/nix/nvim
--- a/nix/secrets/users.yaml
+++ b/nix/secrets/users.yaml
@@ -0,0 +1,17 @@
+doloro-hashed_password: ENC[AES256_GCM,data:RYB/bSNTz1TeGucdFHrxxhOqvqQYvQS3lm44I1Lf3LIEVMXL5s41zxIw0S+JVdlq8I3oHDY4C3o5V4lu+8qAWMyIZYp/6Xp4cw==,iv:yOuKk95skNZ5z805vtoJwvyOdsh08BuyBSgXN+M4Ybo=,tag:QAFhUYuqHT6Spw/l4feY4g==,type:str]
+root-hashed_password: ENC[AES256_GCM,data:vzVtz1Ht4XD+omdKjU/Zvoaftq8jKE4kxOjAGZTvoYI07hjItR2TSsYrLw0lwsxyJosfoyF3bVsZSFCuuN7njdchGMSSujZJhg==,iv:0av3n4fcGOHYQB4zidt/qn+blBSiDQ29LN15sVufLLs=,tag:nKKVDbCGxB7wDrMPAyJOaw==,type:str]
+sops:
+    age:
+        - recipient: age1ykcy2r4kk729e7adqxu8s24ujc60z5eux7ma0ca4ruzydwgm5p6qmdp838
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJYU8wczhvZXVscnJiK1Q3
+            WEdibmFLTHRjWmtoTXJmT1J1UFduaUJ6d2dvClZmNHZHYmpwZUR0MmVZeTBEZmxr
+            WE11TnlodmNqbEFwTUlPd1ZFc2tJTVkKLS0tIDZyMk5iZjFLWlpjOFZwTnNtcGpG
+            SUVwVjZ3MEhPRFJ0V25GYnNhL2ZSczQKHJbpKEyWBNnyBBXKHMz+WefSr/iMiCin
+            BftZDPEMaogAE+OIlSvTCDV5i8WMfPvt9laGI2pCNsPB/ke+WwXUUg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-09-21T15:03:11Z"
+    mac: ENC[AES256_GCM,data:8z442Ny6iTUXR/daGASDfwf7KfiQbVdMor1xwSakmcVk5gFCI3fxRyJKOMDfYxdPuxHLarDowm2VYy0ismlduxaMs/7nK05Ry0issEeHlt1SGWiHqnfcjTvaiVhgh7k43nUIDnY7Vxe6cumBGhyW1xSKH4B6jUweaZyjn9V/ZCk=,iv:YpRnYD/FDhreWQUBmx7bEWWPFgofWbHKo7CIO0obuiM=,tag:zxOBTfEP4GxMV2DrhvKTNA==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.10.2
--- a/nvim/config/telescope-filebrowser.lua
+++ b/nvim/config/telescope-filebrowser.lua
@@ -4,6 +4,7 @@ require("telescope").setup {
      theme = "ivy",
      -- disables netrw and use telescope-file-browser in its place
      hijack_netrw = true,
+			hidden = { file_browser = true, folder_browser = true },
      mappings = {
        ["i"] = {
          -- your custom insert mode mappings