wip: laptop work

.sops.yaml

@@ -5,4 +5,4 @@ creation_rules:
     path_regex: secrets/.*\.yaml$          # Applies to all files in the secrets/ directory
     age:
       - "age1ykcy2r4kk729e7adqxu8s24ujc60z5eux7ma0ca4ruzydwgm5p6qmdp838" # pc
-      - "age1uguylmrm4wjuwcp7pjncgwg2ufa9vkac00um54pxjxhcg3yhfcasd4u96f" # laptop
+      - "age1exzngtk4d9vcsmcq6ap5xx3ca9qacqjkrv86ymged7msx9z6vfyqsf5sjq" # laptop

hosts/doloro-laptop/nixos.nix

@@ -2,24 +2,74 @@
 # your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
 
-{ config, lib, pkgs, ... }:
-
 {
-
+  config,
+  lib,
+  inputs,
+  pkgs,
+  nix-meow,
+  ...
+}:
+let
+  sops = inputs.sops-nix;
+in
+{
+  imports = [
+    inputs.sops-nix.nixosModules.sops
+  ];
+  modules = {
+    fish.enable = true;
+    greetd.enable = true;
+    stylix.enable = true;
+    steam.enable = false;
+    Hyprland.enable = true;
+    wivrn.enable = false;
+  };
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
+  boot.kernelPackages = pkgs.linuxPackages_latest;
 
   networking.hostName = "doloro-nixos-laptop"; # Define your hostname.
+  security.rtkit.enable = true;
 
   # Configure network connections interactively with nmcli or nmtui.
   networking.networkmanager.enable = true;
 
   # Set your time zone.
-  time.timeZone = "Europe/Amsterdam";
+  time.timeZone = "Europe/London";
-
-nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
+  nix.settings = {
+    substituters = [
+      "https://nix-community.cachix.org"
+      "https://cache.nixos.org/"
+      "https://attic.scug.io/pkgs"
+    ];
+    trusted-public-keys = [
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      "pkgs:+sRbfiZMMX5R3PuAPtIRz/emowDoGZNpozibrnrAvuc="
+    ];
+    experimental-features = [
+      "flakes"
+      "nix-command"
+    ];
+    trusted-users = [
+      "doloro"
+    ];
+  };
+  hardware.graphics = {
+    enable = true;
+  };
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = true;
+      PermitRootLogin = "prohibit-password";
+    };
+  };
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaa6Z5qtBSLEz+A4fQGYPfkOISsRQlmKkVbcx2zxML7"
+  ];
   # Configure network proxy if necessary
   # networking.proxy.default = "http://user:password@proxy:port/";
   # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
@@ -35,9 +85,6 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ];
   # Enable the X11 windowing system.
   services.xserver.enable = true;
 
-
-  
-
   # Configure keymap in X11
   # services.xserver.xkb.layout = "us";
   # services.xserver.xkb.options = "eurosign:e,caps:escape";
@@ -48,21 +95,36 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ];
   # Enable sound.
   # services.pulseaudio.enable = true;
   # OR
-  # services.pipewire = {
+
-  #   enable = true;
+  sops = {
-  #   pulse.enable = true;
+    defaultSopsFile = builtins.toPath "${nix-meow.flakeRoot}/secrets/users.yaml";
-  # };
+    secrets = {
+      root-hashed_password = {
+        neededForUsers = true;
+      };
+      doloro-hashed_password = {
+        neededForUsers = true;
+      };
+    };
+  };
+  services.pipewire = {
+    enable = true;
+    pulse.enable = true;
+  };
 
   services.libinput.enable = true;
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
-  # users.users.alice = {
+  users.users.doloro = {
-  #   isNormalUser = true;
+    isNormalUser = true;
-  #   extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+    shell = pkgs.fish;
-  #   packages = with pkgs; [
+    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
-  #     tree
+    packages = with pkgs; [
-  #   ];
+      tree
-  # };
+    ];
+    # initialPassword = "sex";
+    hashedPasswordFile = config.sops.secrets."doloro-hashed_password".path;
+  };
 
   # programs.firefox.enable = true;
 
@@ -70,6 +132,7 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ];
   # You can use https://search.nixos.org/ to find more packages (and options).
   environment.systemPackages = with pkgs; [
     vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+    git
     wget
   ];
 
@@ -83,8 +146,6 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
   # List services that you want to enable:
 
-  services.openssh.enable = true;
-
   # Open ports in the firewall.
   # networking.firewall.allowedTCPPorts = [ ... ];
   # networking.firewall.allowedUDPPorts = [ ... ];
@@ -115,4 +176,3 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ];
   system.stateVersion = "25.11"; # Did you read the comment?
 
 }
-

modules/quickshell/quickshell/.qmlls.ini

@@ -0,0 +1 @@
+/run/user/1000/quickshell/vfs/cd26284dcbf5c20ad2cc36cbb6547fb4/.qmlls.ini

secrets/users.yaml

@@ -6,20 +6,20 @@ sops:
         - recipient: age1ykcy2r4kk729e7adqxu8s24ujc60z5eux7ma0ca4ruzydwgm5p6qmdp838
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJektlZ3JVYmFqYS9Zd09Q
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBWlVIU0pRSGZuRGlOeTdU
-            V1FVdTdVMjd2UUF5WHB5L2dOeXFlWml0cFNNCkduTVlwV0ZtTHg0cjV1N0hzeCto
+            dnd1T1RrUTFOYUNVMWUwc25mdU1CZzc4d0hrCkFObERLdlR4QWovV1p3dDR5RHVt
-            Ym4xSVVERTdGcjRoUG5IcW42MmJTTm8KLS0tIHdXbkpzVFBzdUFQTjlDMVRBaG40
+            RW5YRnJZakhLY05BUjUrOG53TTZKT2sKLS0tIFZlWmVSVzJtS1JRa0hncUV4elRq
-            UFV6dUVUM0gzQmFoT21qK0crdENiK2cKeNBxr8ac9X7BOhNqnOrnoPsBPdf56WwH
+            Z1k5VHE1ZlVxVDN1YlJDMG50elNNdzAK+SfOCYdEEqLJFuXCxkbQ2QGmwAGgAMMD
-            zltXIxMVEZcEL6ggU7on/swIhEZAW0uJyhfQiVzI4M1XvLBu+PiTqg==
+            xA8dLWq2Ur0/CzUaW4Y8uN83uh/o04sJuR+0N+kYzPZabDCxiy3ibQ==
             -----END AGE ENCRYPTED FILE-----
-        - recipient: age1e6vws55p0g23qzthm4qa93hpt6lqmck6670gkygph0sc0j7my4uq5wqjfh
+        - recipient: age1exzngtk4d9vcsmcq6ap5xx3ca9qacqjkrv86ymged7msx9z6vfyqsf5sjq
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLckMvUGtVUU9Jb1lIOUE3
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1MlF2Y3VSKzJIa3pCQUM5
-            UHdKZmVpcDBnSXZTTTB0ZER0VGRWUldmQkFNCkJTcVZEcjg4RXJlS08wcHpCZEoz
+            bWhsN2dON0RHaU9DcnYycFBWQlZXMEJOdVRRCjA2MDhMWS9tS0hoV0s5L1BEaEtH
-            ZW9wU1JmVE5yeU5TVi8rTzFpOUNnUzQKLS0tIDI3OTdQZndkYWlycVhFY2RxNHhv
+            Wis0SXBHWWFnTDM1b1V3ZHdhVTVvSFUKLS0tIFc0OVZtOWxscW5wdGlya3Z2WGU0
-            cDJzRjhUTzFmYVBUZ0NUSDV3MmZ1MWcKfSE7eQD0sh9Ag2S3TfYoUjH1772nGErX
+            bVJ1ZWNTSkIvcGM0V1hrY3YrbDdLNkUKmKoEuTGE9OtkpHIR8xBl7JxIgnhu4LE1
-            P6GugohgWxQNXAptiyAzhAEys/2SHQ0lfI9tP2vfX0dQYPf1foGDDA==
+            FQvk9axOtaE/WrwR8oKOtg+1c1a8uidXEK9IerNby7NGVQUE/KsFJA==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2025-12-23T21:31:15Z"
     mac: ENC[AES256_GCM,data:iNr37OmqniV2cmyDZSrP+N6Ni7lxFeFkwOM1CknVZ9Bl8nW7UE8dmKOzzK/Lt9YZi6KPzld1RnOqZIKWXY8dpr+XAStUQsxQOOQbeuZqTchJgCYIdRAViDJeFtIY3m4Vubtk7PllFwVk6b6Fb6hZT1Clj15gW1EZLDols9nIdX0=,iv:GEFc+7PR3cEe5OPAq5TF//cZp7IJ0E9lOuiAYA02QnQ=,tag:ORo1UxBzm5s87r0mM8qJ4g==,type:str]