diff --git a/hosts/workstation/default.nix b/hosts/workstation/default.nix index e800380..65ac42c 100644 --- a/hosts/workstation/default.nix +++ b/hosts/workstation/default.nix @@ -34,7 +34,7 @@ in { }; imports = [ inputs.catppuccin.nixosModules.catppuccin - # ./tailscale.nix + ./tailscale.nix ../../home ../../home/gui ../../home/gui/gnome-calenar.nix @@ -47,6 +47,7 @@ in { ../themes.nix ./detect-reboot-needed.nix ./kmscon.nix + ./ollama.nix ./systemd.nix ./systemd-primary.nix ./auto-cpufreq.nix @@ -94,14 +95,6 @@ in { owner = "root"; mode = "0444"; }; - "smtp/smtp_server" = { - owner = "root"; - mode = "0444"; - }; - "smtp/smtp_port" = { - owner = "root"; - mode = "0444"; - }; "tailscale/ts_api" = { owner = "root"; mode = "0400"; @@ -213,8 +206,8 @@ in { package = pkgs.mlocate; }; logind = { - # lidSwitchDocked = "ignore"; - # lidSwitchExternalPower = "ignore"; + lidSwitchDocked = "ignore"; + lidSwitchExternalPower = "ignore"; settings = { Login = { HandleLidSwitchDocked = "ignore"; @@ -276,25 +269,18 @@ in { users = { root = { initialPassword = "changeme"; + openssh.authorizedKeys.keys = [config.sops.secrets."users/root_sshauth".path]; }; don = { isNormalUser = true; initialPassword = "changeme"; description = "Don Harper"; extraGroups = ["networkmanager" "wheel" "scanner" "lp" "video" "mlocate" "disk"]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd8AdVbQQ/Fmw+b9mI8EMYqIoRkwmSwAOtmlte3incL don@loki" - ]; + openssh.authorizedKeys.keys = [config.sops.secrets."users/don_sshauth".path]; }; }; }; - zramSwap = { - enable = false; - memoryPercent = 25; - memoryMax = 2147483648; - }; - # Allow unfree packages nixpkgs = { config = { @@ -416,7 +402,7 @@ in { from = "don@donharper.org"; host = "smtp.smtp2go.com"; user = "donharper.org"; - passwordeval = "cat /home/don/.smtp_password.txt"; + passwordeval = "cat ${config.sops.secrets."smtp/smtp_password".path}"; }; }; }; diff --git a/hosts/workstation/tailscale.nix b/hosts/workstation/tailscale.nix index 517ad8d..d43a5f1 100644 Binary files a/hosts/workstation/tailscale.nix and b/hosts/workstation/tailscale.nix differ diff --git a/secrets.yaml b/secrets.yaml index 4530cdf..8ef827e 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -9,8 +9,6 @@ users: #ENC[AES256_GCM,data:wPhrf7k=,iv:2HQ4jzpjasLF1gZCfVCGv30xajhBUzhAXsi9s5Cy9JM=,tag:aCM86v27N+TAGVrxbuO5tg==,type:comment] smtp: smtp_password: ENC[AES256_GCM,data:YP3NqVQjuWPyCuTgmxBwSw==,iv:1eyDvHplyh9pKfdY795ndJzzl1LLFudYZB2eqkjYmlw=,tag:Jvb9escI5pNorDmIiXuFrw==,type:str] - smtp_server: ENC[AES256_GCM,data:Mkya/PLitKQXnUyRBM1N9g==,iv:Q+6Fi32v+8Z4YtrsgLelw9PRsA+WfElfYwYjxnUHfhM=,tag:muCZ/zmoAzLZ1+qWQiXPHg==,type:str] - smtp_port: ENC[AES256_GCM,data://oT,iv:6fGj9npq+JsB2o6fG33uWJpVgoihqVxaLeOAGiv51T0=,tag:BVhhmptrJjljKFxQ4J0sXw==,type:str] #ENC[AES256_GCM,data:SFZglQQ16U0jDBTmBuxHH2TGFRt9rOxZTzc=,iv:MnzSRM4bte5WACvlTDSVTqFTBJMFFv8l8e7p1lu/bZE=,tag:v6JKaBu6dl+1jrK0VmpPBg==,type:comment] tailscale: ts_api: ENC[AES256_GCM,data:mchei6FdVpcn7A2m/1D/e7RbZ8YLdte2lZ1b8M1e6C5NqzzDzRSNS7Wne2bm7szPe6nzeDGVZZ/jp5WR26M=,iv:/DZsAk+W+Ev+ZS7XNvLbNXCARL9YjUgvrae5bUppWBY=,tag:Uj8FT/gCpO4XmMRDykz8ZA==,type:str] @@ -25,7 +23,7 @@ sops: em9ZMDljK2tXVnVDN1Q2UnYrZWVwblEKE/z1PQsld/r4AEWFyUgt6zNf7QfcLNYh Btn5qGBPYizmYzAwleNOq5PDINUAlfT9fTfU6QBdRYkarbVjqDV6Pg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-11-13T00:39:12Z" - mac: ENC[AES256_GCM,data:uhMuODBQLyx6Ae18npzmptsX1HzVY7cmx8pZ5cUcYJb7VlVjgYMc6rp4UKozd4y8lGnKtQWaiUvsR8RFiueLsd/vLuNjI48qXmezluBoXFlqkCPuDBzZIFnWfo4omqfY9kZs3fafNfAW7GSrQOE5wP9xNdNO0dUkMs8QF93/SeA=,iv:/+3iBJpCZ2ujvF4kZ0wOIb1FkN9WE8P5ftnfrC7J4t0=,tag:W6JqByfgpxue1LvQAomsrw==,type:str] + lastmodified: "2025-11-13T20:50:08Z" + mac: ENC[AES256_GCM,data:+pKY3n9B2nJCYuaGKD9abxQPS2sWALStnQLmbR1UVsIbimDmTaqh6bVbyAaY08MGi7s8oEejaixbeR3fyRUO1Unx23Xu89vHg7x+XQMfty3/AnGCROjFmMv2/1WAONi8U9cNKwTVnLfABse0nO8y7X2Bk/KXfaxG+Wcd2y5K8Nw=,iv:E2bY/lV23VEM72DTLAwD9qVACWRk01nbUc6KHda9Sn8=,tag:KdI2sS4EPbp85LoY1lcygQ==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0