finish adding SOPS-nix
This commit is contained in:
parent
2ff4e6678b
commit
863b3d68cd
3 changed files with 9 additions and 25 deletions
|
|
@ -34,7 +34,7 @@ in {
|
||||||
};
|
};
|
||||||
imports = [
|
imports = [
|
||||||
inputs.catppuccin.nixosModules.catppuccin
|
inputs.catppuccin.nixosModules.catppuccin
|
||||||
# ./tailscale.nix
|
./tailscale.nix
|
||||||
../../home
|
../../home
|
||||||
../../home/gui
|
../../home/gui
|
||||||
../../home/gui/gnome-calenar.nix
|
../../home/gui/gnome-calenar.nix
|
||||||
|
|
@ -47,6 +47,7 @@ in {
|
||||||
../themes.nix
|
../themes.nix
|
||||||
./detect-reboot-needed.nix
|
./detect-reboot-needed.nix
|
||||||
./kmscon.nix
|
./kmscon.nix
|
||||||
|
./ollama.nix
|
||||||
./systemd.nix
|
./systemd.nix
|
||||||
./systemd-primary.nix
|
./systemd-primary.nix
|
||||||
./auto-cpufreq.nix
|
./auto-cpufreq.nix
|
||||||
|
|
@ -94,14 +95,6 @@ in {
|
||||||
owner = "root";
|
owner = "root";
|
||||||
mode = "0444";
|
mode = "0444";
|
||||||
};
|
};
|
||||||
"smtp/smtp_server" = {
|
|
||||||
owner = "root";
|
|
||||||
mode = "0444";
|
|
||||||
};
|
|
||||||
"smtp/smtp_port" = {
|
|
||||||
owner = "root";
|
|
||||||
mode = "0444";
|
|
||||||
};
|
|
||||||
"tailscale/ts_api" = {
|
"tailscale/ts_api" = {
|
||||||
owner = "root";
|
owner = "root";
|
||||||
mode = "0400";
|
mode = "0400";
|
||||||
|
|
@ -213,8 +206,8 @@ in {
|
||||||
package = pkgs.mlocate;
|
package = pkgs.mlocate;
|
||||||
};
|
};
|
||||||
logind = {
|
logind = {
|
||||||
# lidSwitchDocked = "ignore";
|
lidSwitchDocked = "ignore";
|
||||||
# lidSwitchExternalPower = "ignore";
|
lidSwitchExternalPower = "ignore";
|
||||||
settings = {
|
settings = {
|
||||||
Login = {
|
Login = {
|
||||||
HandleLidSwitchDocked = "ignore";
|
HandleLidSwitchDocked = "ignore";
|
||||||
|
|
@ -276,25 +269,18 @@ in {
|
||||||
users = {
|
users = {
|
||||||
root = {
|
root = {
|
||||||
initialPassword = "changeme";
|
initialPassword = "changeme";
|
||||||
|
openssh.authorizedKeys.keys = [config.sops.secrets."users/root_sshauth".path];
|
||||||
};
|
};
|
||||||
don = {
|
don = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
initialPassword = "changeme";
|
initialPassword = "changeme";
|
||||||
description = "Don Harper";
|
description = "Don Harper";
|
||||||
extraGroups = ["networkmanager" "wheel" "scanner" "lp" "video" "mlocate" "disk"];
|
extraGroups = ["networkmanager" "wheel" "scanner" "lp" "video" "mlocate" "disk"];
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [config.sops.secrets."users/don_sshauth".path];
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd8AdVbQQ/Fmw+b9mI8EMYqIoRkwmSwAOtmlte3incL don@loki"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
zramSwap = {
|
|
||||||
enable = false;
|
|
||||||
memoryPercent = 25;
|
|
||||||
memoryMax = 2147483648;
|
|
||||||
};
|
|
||||||
|
|
||||||
# Allow unfree packages
|
# Allow unfree packages
|
||||||
nixpkgs = {
|
nixpkgs = {
|
||||||
config = {
|
config = {
|
||||||
|
|
@ -416,7 +402,7 @@ in {
|
||||||
from = "don@donharper.org";
|
from = "don@donharper.org";
|
||||||
host = "smtp.smtp2go.com";
|
host = "smtp.smtp2go.com";
|
||||||
user = "donharper.org";
|
user = "donharper.org";
|
||||||
passwordeval = "cat /home/don/.smtp_password.txt";
|
passwordeval = "cat ${config.sops.secrets."smtp/smtp_password".path}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Binary file not shown.
|
|
@ -9,8 +9,6 @@ users:
|
||||||
#ENC[AES256_GCM,data:wPhrf7k=,iv:2HQ4jzpjasLF1gZCfVCGv30xajhBUzhAXsi9s5Cy9JM=,tag:aCM86v27N+TAGVrxbuO5tg==,type:comment]
|
#ENC[AES256_GCM,data:wPhrf7k=,iv:2HQ4jzpjasLF1gZCfVCGv30xajhBUzhAXsi9s5Cy9JM=,tag:aCM86v27N+TAGVrxbuO5tg==,type:comment]
|
||||||
smtp:
|
smtp:
|
||||||
smtp_password: ENC[AES256_GCM,data:YP3NqVQjuWPyCuTgmxBwSw==,iv:1eyDvHplyh9pKfdY795ndJzzl1LLFudYZB2eqkjYmlw=,tag:Jvb9escI5pNorDmIiXuFrw==,type:str]
|
smtp_password: ENC[AES256_GCM,data:YP3NqVQjuWPyCuTgmxBwSw==,iv:1eyDvHplyh9pKfdY795ndJzzl1LLFudYZB2eqkjYmlw=,tag:Jvb9escI5pNorDmIiXuFrw==,type:str]
|
||||||
smtp_server: ENC[AES256_GCM,data:Mkya/PLitKQXnUyRBM1N9g==,iv:Q+6Fi32v+8Z4YtrsgLelw9PRsA+WfElfYwYjxnUHfhM=,tag:muCZ/zmoAzLZ1+qWQiXPHg==,type:str]
|
|
||||||
smtp_port: ENC[AES256_GCM,data://oT,iv:6fGj9npq+JsB2o6fG33uWJpVgoihqVxaLeOAGiv51T0=,tag:BVhhmptrJjljKFxQ4J0sXw==,type:str]
|
|
||||||
#ENC[AES256_GCM,data:SFZglQQ16U0jDBTmBuxHH2TGFRt9rOxZTzc=,iv:MnzSRM4bte5WACvlTDSVTqFTBJMFFv8l8e7p1lu/bZE=,tag:v6JKaBu6dl+1jrK0VmpPBg==,type:comment]
|
#ENC[AES256_GCM,data:SFZglQQ16U0jDBTmBuxHH2TGFRt9rOxZTzc=,iv:MnzSRM4bte5WACvlTDSVTqFTBJMFFv8l8e7p1lu/bZE=,tag:v6JKaBu6dl+1jrK0VmpPBg==,type:comment]
|
||||||
tailscale:
|
tailscale:
|
||||||
ts_api: ENC[AES256_GCM,data:mchei6FdVpcn7A2m/1D/e7RbZ8YLdte2lZ1b8M1e6C5NqzzDzRSNS7Wne2bm7szPe6nzeDGVZZ/jp5WR26M=,iv:/DZsAk+W+Ev+ZS7XNvLbNXCARL9YjUgvrae5bUppWBY=,tag:Uj8FT/gCpO4XmMRDykz8ZA==,type:str]
|
ts_api: ENC[AES256_GCM,data:mchei6FdVpcn7A2m/1D/e7RbZ8YLdte2lZ1b8M1e6C5NqzzDzRSNS7Wne2bm7szPe6nzeDGVZZ/jp5WR26M=,iv:/DZsAk+W+Ev+ZS7XNvLbNXCARL9YjUgvrae5bUppWBY=,tag:Uj8FT/gCpO4XmMRDykz8ZA==,type:str]
|
||||||
|
|
@ -25,7 +23,7 @@ sops:
|
||||||
em9ZMDljK2tXVnVDN1Q2UnYrZWVwblEKE/z1PQsld/r4AEWFyUgt6zNf7QfcLNYh
|
em9ZMDljK2tXVnVDN1Q2UnYrZWVwblEKE/z1PQsld/r4AEWFyUgt6zNf7QfcLNYh
|
||||||
Btn5qGBPYizmYzAwleNOq5PDINUAlfT9fTfU6QBdRYkarbVjqDV6Pg==
|
Btn5qGBPYizmYzAwleNOq5PDINUAlfT9fTfU6QBdRYkarbVjqDV6Pg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2025-11-13T00:39:12Z"
|
lastmodified: "2025-11-13T20:50:08Z"
|
||||||
mac: ENC[AES256_GCM,data:uhMuODBQLyx6Ae18npzmptsX1HzVY7cmx8pZ5cUcYJb7VlVjgYMc6rp4UKozd4y8lGnKtQWaiUvsR8RFiueLsd/vLuNjI48qXmezluBoXFlqkCPuDBzZIFnWfo4omqfY9kZs3fafNfAW7GSrQOE5wP9xNdNO0dUkMs8QF93/SeA=,iv:/+3iBJpCZ2ujvF4kZ0wOIb1FkN9WE8P5ftnfrC7J4t0=,tag:W6JqByfgpxue1LvQAomsrw==,type:str]
|
mac: ENC[AES256_GCM,data:+pKY3n9B2nJCYuaGKD9abxQPS2sWALStnQLmbR1UVsIbimDmTaqh6bVbyAaY08MGi7s8oEejaixbeR3fyRUO1Unx23Xu89vHg7x+XQMfty3/AnGCROjFmMv2/1WAONi8U9cNKwTVnLfABse0nO8y7X2Bk/KXfaxG+Wcd2y5K8Nw=,iv:E2bY/lV23VEM72DTLAwD9qVACWRk01nbUc6KHda9Sn8=,tag:KdI2sS4EPbp85LoY1lcygQ==,type:str]
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.11.0
|
version: 3.11.0
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue