don/NixOS-Configs
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Activity

finish adding SOPS-nix

Browse source
This commit is contained in:
Don Harper 2025-11-17 19:21:14 -06:00
parent 2ff4e6678b
commit 863b3d68cd
3 changed files with 9 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

28
hosts/workstation/default.nix
View file

@ -34,7 +34,7 @@ in {
};
imports = [
inputs.catppuccin.nixosModules.catppuccin
# ./tailscale.nix
./tailscale.nix
../../home
../../home/gui
../../home/gui/gnome-calenar.nix
@ -47,6 +47,7 @@ in {
../themes.nix
./detect-reboot-needed.nix
./kmscon.nix
./ollama.nix
./systemd.nix
./systemd-primary.nix
./auto-cpufreq.nix
@ -94,14 +95,6 @@ in {
owner = "root";
mode = "0444";
};
"smtp/smtp_server" = {
owner = "root";
mode = "0444";
};
"smtp/smtp_port" = {
owner = "root";
mode = "0444";
};
"tailscale/ts_api" = {
owner = "root";
mode = "0400";
@ -213,8 +206,8 @@ in {
package = pkgs.mlocate;
};
logind = {
# lidSwitchDocked = "ignore";
# lidSwitchExternalPower = "ignore";
lidSwitchDocked = "ignore";
lidSwitchExternalPower = "ignore";
settings = {
Login = {
HandleLidSwitchDocked = "ignore";
@ -276,25 +269,18 @@ in {
users = {
root = {
initialPassword = "changeme";
openssh.authorizedKeys.keys = [config.sops.secrets."users/root_sshauth".path];
};
don = {
isNormalUser = true;
initialPassword = "changeme";
description = "Don Harper";
extraGroups = ["networkmanager" "wheel" "scanner" "lp" "video" "mlocate" "disk"];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd8AdVbQQ/Fmw+b9mI8EMYqIoRkwmSwAOtmlte3incL don@loki"
];
openssh.authorizedKeys.keys = [config.sops.secrets."users/don_sshauth".path];
};
};
};
zramSwap = {
enable = false;
memoryPercent = 25;
memoryMax = 2147483648;
};
# Allow unfree packages
nixpkgs = {
config = {
@ -416,7 +402,7 @@ in {
from = "don@donharper.org";
host = "smtp.smtp2go.com";
user = "donharper.org";
passwordeval = "cat /home/don/.smtp_password.txt";
passwordeval = "cat ${config.sops.secrets."smtp/smtp_password".path}";
};
};
};

BIN
hosts/workstation/tailscale.nix
View file

Binary file not shown.

6
secrets.yaml
View file

@ -9,8 +9,6 @@ users:
#ENC[AES256_GCM,data:wPhrf7k=,iv:2HQ4jzpjasLF1gZCfVCGv30xajhBUzhAXsi9s5Cy9JM=,tag:aCM86v27N+TAGVrxbuO5tg==,type:comment]
smtp:
smtp_password: ENC[AES256_GCM,data:YP3NqVQjuWPyCuTgmxBwSw==,iv:1eyDvHplyh9pKfdY795ndJzzl1LLFudYZB2eqkjYmlw=,tag:Jvb9escI5pNorDmIiXuFrw==,type:str]
smtp_server: ENC[AES256_GCM,data:Mkya/PLitKQXnUyRBM1N9g==,iv:Q+6Fi32v+8Z4YtrsgLelw9PRsA+WfElfYwYjxnUHfhM=,tag:muCZ/zmoAzLZ1+qWQiXPHg==,type:str]
smtp_port: ENC[AES256_GCM,data://oT,iv:6fGj9npq+JsB2o6fG33uWJpVgoihqVxaLeOAGiv51T0=,tag:BVhhmptrJjljKFxQ4J0sXw==,type:str]
#ENC[AES256_GCM,data:SFZglQQ16U0jDBTmBuxHH2TGFRt9rOxZTzc=,iv:MnzSRM4bte5WACvlTDSVTqFTBJMFFv8l8e7p1lu/bZE=,tag:v6JKaBu6dl+1jrK0VmpPBg==,type:comment]
tailscale:
ts_api: ENC[AES256_GCM,data:mchei6FdVpcn7A2m/1D/e7RbZ8YLdte2lZ1b8M1e6C5NqzzDzRSNS7Wne2bm7szPe6nzeDGVZZ/jp5WR26M=,iv:/DZsAk+W+Ev+ZS7XNvLbNXCARL9YjUgvrae5bUppWBY=,tag:Uj8FT/gCpO4XmMRDykz8ZA==,type:str]
@ -25,7 +23,7 @@ sops:
em9ZMDljK2tXVnVDN1Q2UnYrZWVwblEKE/z1PQsld/r4AEWFyUgt6zNf7QfcLNYh
Btn5qGBPYizmYzAwleNOq5PDINUAlfT9fTfU6QBdRYkarbVjqDV6Pg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-13T00:39:12Z"
mac: ENC[AES256_GCM,data:uhMuODBQLyx6Ae18npzmptsX1HzVY7cmx8pZ5cUcYJb7VlVjgYMc6rp4UKozd4y8lGnKtQWaiUvsR8RFiueLsd/vLuNjI48qXmezluBoXFlqkCPuDBzZIFnWfo4omqfY9kZs3fafNfAW7GSrQOE5wP9xNdNO0dUkMs8QF93/SeA=,iv:/+3iBJpCZ2ujvF4kZ0wOIb1FkN9WE8P5ftnfrC7J4t0=,tag:W6JqByfgpxue1LvQAomsrw==,type:str]
lastmodified: "2025-11-13T20:50:08Z"
mac: ENC[AES256_GCM,data:+pKY3n9B2nJCYuaGKD9abxQPS2sWALStnQLmbR1UVsIbimDmTaqh6bVbyAaY08MGi7s8oEejaixbeR3fyRUO1Unx23Xu89vHg7x+XQMfty3/AnGCROjFmMv2/1WAONi8U9cNKwTVnLfABse0nO8y7X2Bk/KXfaxG+Wcd2y5K8Nw=,iv:E2bY/lV23VEM72DTLAwD9qVACWRk01nbUc6KHda9Sn8=,tag:KdI2sS4EPbp85LoY1lcygQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0