From 976e7ef271b4b9e494dc962be054d7c79d677715 Mon Sep 17 00:00:00 2001 From: Doloro1978 Date: Wed, 24 Dec 2025 16:28:55 +0000 Subject: [PATCH] wip: laptop work --- .sops.yaml | 2 +- hosts/doloro-laptop/nixos.nix | 106 ++++++++++++++++++----- modules/quickshell/quickshell/.qmlls.ini | 1 + secrets/users.yaml | 22 ++--- 4 files changed, 96 insertions(+), 35 deletions(-) create mode 120000 modules/quickshell/quickshell/.qmlls.ini diff --git a/.sops.yaml b/.sops.yaml index 9743ae2..c76a0b3 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -5,4 +5,4 @@ creation_rules: path_regex: secrets/.*\.yaml$ # Applies to all files in the secrets/ directory age: - "age1ykcy2r4kk729e7adqxu8s24ujc60z5eux7ma0ca4ruzydwgm5p6qmdp838" # pc - - "age1uguylmrm4wjuwcp7pjncgwg2ufa9vkac00um54pxjxhcg3yhfcasd4u96f" # laptop + - "age1exzngtk4d9vcsmcq6ap5xx3ca9qacqjkrv86ymged7msx9z6vfyqsf5sjq" # laptop diff --git a/hosts/doloro-laptop/nixos.nix b/hosts/doloro-laptop/nixos.nix index bd1e1b4..c1b911c 100644 --- a/hosts/doloro-laptop/nixos.nix +++ b/hosts/doloro-laptop/nixos.nix @@ -2,24 +2,74 @@ # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). -{ config, lib, pkgs, ... }: - { - + config, + lib, + inputs, + pkgs, + nix-meow, + ... +}: +let + sops = inputs.sops-nix; +in +{ + imports = [ + inputs.sops-nix.nixosModules.sops + ]; + modules = { + fish.enable = true; + greetd.enable = true; + stylix.enable = true; + steam.enable = false; + Hyprland.enable = true; + wivrn.enable = false; + }; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + boot.kernelPackages = pkgs.linuxPackages_latest; networking.hostName = "doloro-nixos-laptop"; # Define your hostname. + security.rtkit.enable = true; # Configure network connections interactively with nmcli or nmtui. networking.networkmanager.enable = true; # Set your time zone. - time.timeZone = "Europe/Amsterdam"; - -nix.settings.experimental-features = [ "nix-command" "flakes" ]; + time.timeZone = "Europe/London"; + nix.settings = { + substituters = [ + "https://nix-community.cachix.org" + "https://cache.nixos.org/" + "https://attic.scug.io/pkgs" + ]; + trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "pkgs:+sRbfiZMMX5R3PuAPtIRz/emowDoGZNpozibrnrAvuc=" + ]; + experimental-features = [ + "flakes" + "nix-command" + ]; + trusted-users = [ + "doloro" + ]; + }; + hardware.graphics = { + enable = true; + }; + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = true; + PermitRootLogin = "prohibit-password"; + }; + }; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaa6Z5qtBSLEz+A4fQGYPfkOISsRQlmKkVbcx2zxML7" + ]; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; @@ -35,9 +85,6 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; # Enable the X11 windowing system. services.xserver.enable = true; - - - # Configure keymap in X11 # services.xserver.xkb.layout = "us"; # services.xserver.xkb.options = "eurosign:e,caps:escape"; @@ -48,21 +95,36 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; # Enable sound. # services.pulseaudio.enable = true; # OR - # services.pipewire = { - # enable = true; - # pulse.enable = true; - # }; + + sops = { + defaultSopsFile = builtins.toPath "${nix-meow.flakeRoot}/secrets/users.yaml"; + secrets = { + root-hashed_password = { + neededForUsers = true; + }; + doloro-hashed_password = { + neededForUsers = true; + }; + }; + }; + services.pipewire = { + enable = true; + pulse.enable = true; + }; services.libinput.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. - # users.users.alice = { - # isNormalUser = true; - # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - # packages = with pkgs; [ - # tree - # ]; - # }; + users.users.doloro = { + isNormalUser = true; + shell = pkgs.fish; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + packages = with pkgs; [ + tree + ]; + # initialPassword = "sex"; + hashedPasswordFile = config.sops.secrets."doloro-hashed_password".path; + }; # programs.firefox.enable = true; @@ -70,6 +132,7 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; # You can use https://search.nixos.org/ to find more packages (and options). environment.systemPackages = with pkgs; [ vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + git wget ]; @@ -83,8 +146,6 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; # List services that you want to enable: - services.openssh.enable = true; - # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; @@ -115,4 +176,3 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; system.stateVersion = "25.11"; # Did you read the comment? } - diff --git a/modules/quickshell/quickshell/.qmlls.ini b/modules/quickshell/quickshell/.qmlls.ini new file mode 120000 index 0000000..cc46dc2 --- /dev/null +++ b/modules/quickshell/quickshell/.qmlls.ini @@ -0,0 +1 @@ +/run/user/1000/quickshell/vfs/cd26284dcbf5c20ad2cc36cbb6547fb4/.qmlls.ini \ No newline at end of file diff --git a/secrets/users.yaml b/secrets/users.yaml index 081b8f0..268219a 100644 --- a/secrets/users.yaml +++ b/secrets/users.yaml @@ -6,20 +6,20 @@ sops: - recipient: age1ykcy2r4kk729e7adqxu8s24ujc60z5eux7ma0ca4ruzydwgm5p6qmdp838 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJektlZ3JVYmFqYS9Zd09Q - V1FVdTdVMjd2UUF5WHB5L2dOeXFlWml0cFNNCkduTVlwV0ZtTHg0cjV1N0hzeCto - Ym4xSVVERTdGcjRoUG5IcW42MmJTTm8KLS0tIHdXbkpzVFBzdUFQTjlDMVRBaG40 - UFV6dUVUM0gzQmFoT21qK0crdENiK2cKeNBxr8ac9X7BOhNqnOrnoPsBPdf56WwH - zltXIxMVEZcEL6ggU7on/swIhEZAW0uJyhfQiVzI4M1XvLBu+PiTqg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBWlVIU0pRSGZuRGlOeTdU + dnd1T1RrUTFOYUNVMWUwc25mdU1CZzc4d0hrCkFObERLdlR4QWovV1p3dDR5RHVt + RW5YRnJZakhLY05BUjUrOG53TTZKT2sKLS0tIFZlWmVSVzJtS1JRa0hncUV4elRq + Z1k5VHE1ZlVxVDN1YlJDMG50elNNdzAK+SfOCYdEEqLJFuXCxkbQ2QGmwAGgAMMD + xA8dLWq2Ur0/CzUaW4Y8uN83uh/o04sJuR+0N+kYzPZabDCxiy3ibQ== -----END AGE ENCRYPTED FILE----- - - recipient: age1e6vws55p0g23qzthm4qa93hpt6lqmck6670gkygph0sc0j7my4uq5wqjfh + - recipient: age1exzngtk4d9vcsmcq6ap5xx3ca9qacqjkrv86ymged7msx9z6vfyqsf5sjq enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLckMvUGtVUU9Jb1lIOUE3 - UHdKZmVpcDBnSXZTTTB0ZER0VGRWUldmQkFNCkJTcVZEcjg4RXJlS08wcHpCZEoz - ZW9wU1JmVE5yeU5TVi8rTzFpOUNnUzQKLS0tIDI3OTdQZndkYWlycVhFY2RxNHhv - cDJzRjhUTzFmYVBUZ0NUSDV3MmZ1MWcKfSE7eQD0sh9Ag2S3TfYoUjH1772nGErX - P6GugohgWxQNXAptiyAzhAEys/2SHQ0lfI9tP2vfX0dQYPf1foGDDA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1MlF2Y3VSKzJIa3pCQUM5 + bWhsN2dON0RHaU9DcnYycFBWQlZXMEJOdVRRCjA2MDhMWS9tS0hoV0s5L1BEaEtH + Wis0SXBHWWFnTDM1b1V3ZHdhVTVvSFUKLS0tIFc0OVZtOWxscW5wdGlya3Z2WGU0 + bVJ1ZWNTSkIvcGM0V1hrY3YrbDdLNkUKmKoEuTGE9OtkpHIR8xBl7JxIgnhu4LE1 + FQvk9axOtaE/WrwR8oKOtg+1c1a8uidXEK9IerNby7NGVQUE/KsFJA== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-12-23T21:31:15Z" mac: ENC[AES256_GCM,data:iNr37OmqniV2cmyDZSrP+N6Ni7lxFeFkwOM1CknVZ9Bl8nW7UE8dmKOzzK/Lt9YZi6KPzld1RnOqZIKWXY8dpr+XAStUQsxQOOQbeuZqTchJgCYIdRAViDJeFtIY3m4Vubtk7PllFwVk6b6Fb6hZT1Clj15gW1EZLDols9nIdX0=,iv:GEFc+7PR3cEe5OPAq5TF//cZp7IJ0E9lOuiAYA02QnQ=,tag:ORo1UxBzm5s87r0mM8qJ4g==,type:str]