finish adding SOPS-nix

2025-11-17 19:21:14 -06:00 · 2025-11-17 19:21:14 -06:00 · 863b3d68cd
commit 863b3d68cd
parent 2ff4e6678b
3 changed files with 9 additions and 25 deletions
--- a/hosts/workstation/default.nix
+++ b/hosts/workstation/default.nix
@ -34,7 +34,7 @@ in {
  };
  imports = [
    inputs.catppuccin.nixosModules.catppuccin
-    # ./tailscale.nix
+    ./tailscale.nix
    ../../home
    ../../home/gui
    ../../home/gui/gnome-calenar.nix
@ -47,6 +47,7 @@ in {
    ../themes.nix
    ./detect-reboot-needed.nix
    ./kmscon.nix
+    ./ollama.nix
    ./systemd.nix
    ./systemd-primary.nix
    ./auto-cpufreq.nix
@ -94,14 +95,6 @@ in {
        owner = "root";
        mode = "0444";
      };
-      "smtp/smtp_server" = {
-        owner = "root";
-        mode = "0444";
-      };
-      "smtp/smtp_port" = {
-        owner = "root";
-        mode = "0444";
-      };
      "tailscale/ts_api" = {
        owner = "root";
        mode = "0400";
@ -213,8 +206,8 @@ in {
      package = pkgs.mlocate;
    };
    logind = {
-      # lidSwitchDocked = "ignore";
-      # lidSwitchExternalPower = "ignore";
+      lidSwitchDocked = "ignore";
+      lidSwitchExternalPower = "ignore";
      settings = {
        Login = {
          HandleLidSwitchDocked = "ignore";
@ -276,25 +269,18 @@ in {
    users = {
      root = {
        initialPassword = "changeme";
+        openssh.authorizedKeys.keys = [config.sops.secrets."users/root_sshauth".path];
      };
      don = {
        isNormalUser = true;
        initialPassword = "changeme";
        description = "Don Harper";
        extraGroups = ["networkmanager" "wheel" "scanner" "lp" "video" "mlocate" "disk"];
-        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd8AdVbQQ/Fmw+b9mI8EMYqIoRkwmSwAOtmlte3incL don@loki"
-        ];
+        openssh.authorizedKeys.keys = [config.sops.secrets."users/don_sshauth".path];
      };
    };
  };

-  zramSwap = {
-    enable = false;
-    memoryPercent = 25;
-    memoryMax = 2147483648;
-  };
-
  # Allow unfree packages
  nixpkgs = {
    config = {
@ -416,7 +402,7 @@ in {
        from = "don@donharper.org";
        host = "smtp.smtp2go.com";
        user = "donharper.org";
-        passwordeval = "cat /home/don/.smtp_password.txt";
+        passwordeval = "cat ${config.sops.secrets."smtp/smtp_password".path}";
      };
    };
  };
--- a/hosts/workstation/tailscale.nix
+++ b/hosts/workstation/tailscale.nix