mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

cleanup

Browse Source
This commit is contained in:
mjallen18
2025-07-28 11:06:32 -05:00
parent 5ae3f1a9ef
commit 6f5e592d8c
22 changed files with 95 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
checks/pre-commit-hooks/default.nix
View File

@@ -14,7 +14,9 @@ pre-commit-hooks-nix.lib.${pkgs.system}.run {
treefmt = { treefmt = {
enable = lib.mkForce true; enable = lib.mkForce true;
settings.fail-on-change = lib.mkForce false; settings.fail-on-change = lib.mkForce false;
packageOverrides.treefmt = inputs.treefmt-nix.lib.mkWrapper pkgs ../../treefmt.nix; packageOverrides.treefmt = inputs.treefmt-nix.lib.mkWrapper pkgs (
lib.snowfall.fs.get-file "treefmt.nix"
);
}; };
}; };
} }

6
homes/aarch64-darwin/mattjallen@macbook-pro/default.nix
View File

@@ -22,12 +22,6 @@ let
]; ];
in in
{ {
# imports = [
# ../../modules/home/defaults.nix
# ../../modules/home/git.nix
# ../../modules/home/shell.nix
# ../../modules/home/vscode.nix
# ];
# Home Manager needs a bit of information about you and the # Home Manager needs a bit of information about you and the
# paths it should manage. # paths it should manage.
home = { home = {

6
homes/aarch64-linux/matt@pi4/default.nix
View File

@@ -11,12 +11,6 @@ let
}; };
in in
{ {
imports = [
../../../modules/home/home
../../../modules/home/programs/git
../../../modules/home/programs/zsh
];
home.username = "matt"; home.username = "matt";
sops = { sops = {

2
modules/home/programs/btop/default.nix
View File

@@ -2,7 +2,7 @@
with lib; with lib;
let let
cfg = config.mjallen.programs.btop; cfg = config.mjallen.programs.btop;
nord = import ../../desktop/theme/nord.nix; nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];

2
modules/home/programs/kitty/default.nix
View File

@@ -2,7 +2,7 @@
with lib; with lib;
let let
cfg = config.mjallen.programs.kitty; cfg = config.mjallen.programs.kitty;
nord = import ../../desktop/theme/nord.nix; nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];

4
modules/home/programs/kitty/options.nix
View File

@@ -15,13 +15,13 @@ with lib;
}; };
size = mkOption { size = mkOption {
type = with types; int; type = with types; int;
default = 8; default = 12;
}; };
}; };
theme = mkOption { theme = mkOption {
type = types.attrs; type = types.attrs;
default = import ../../desktop/theme/nord.nix; default = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
}; };
}; };
} }

2
modules/home/programs/mako/default.nix
View File

@@ -2,7 +2,7 @@
with lib; with lib;
let let
cfg = config.mjallen.programs.mako; cfg = config.mjallen.programs.mako;
nord = import ../../desktop/theme/nord.nix; nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];

2
modules/home/programs/nwg-dock/default.nix
View File

@@ -7,7 +7,7 @@
with lib; with lib;
let let
cfg = config.mjallen.programs.nwg-dock; cfg = config.mjallen.programs.nwg-dock;
nord = import ../../desktop/theme/nord.nix; nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];

2
modules/home/programs/nwg-drawer/default.nix
View File

@@ -7,7 +7,7 @@
with lib; with lib;
let let
cfg = config.mjallen.programs.nwg-drawer; cfg = config.mjallen.programs.nwg-drawer;
nord = import ../../desktop/theme/nord.nix; nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];

2
modules/home/programs/waybar/default.nix
View File

@@ -2,7 +2,7 @@
with lib; with lib;
let let
cfg = config.mjallen.programs.waybar; cfg = config.mjallen.programs.waybar;
nord = import ../../desktop/theme/nord.nix; nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
defaultOpacity = "opacity: 0.85;"; defaultOpacity = "opacity: 0.85;";
defaultBorderRadius = "border-radius: 1rem;"; defaultBorderRadius = "border-radius: 1rem;";

2
modules/home/programs/wlogout/default.nix
View File

@@ -2,7 +2,7 @@
with lib; with lib;
let let
cfg = config.mjallen.programs.wlogout; cfg = config.mjallen.programs.wlogout;
nord = import ../../desktop/theme/nord.nix; nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];

2
modules/home/programs/wofi/default.nix
View File

@@ -2,7 +2,7 @@
with lib; with lib;
let let
cfg = config.mjallen.programs.wofi; cfg = config.mjallen.programs.wofi;
nord = import ../../desktop/theme/nord.nix; nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];

1
modules/nixos/homeassistant/default.nix
View File

@@ -93,6 +93,7 @@ in
pkgs.${namespace}.ha-icloud3 pkgs.${namespace}.ha-icloud3
pkgs.${namespace}.ha-mail-and-packages pkgs.${namespace}.ha-mail-and-packages
pkgs.${namespace}.ha-nanokvm pkgs.${namespace}.ha-nanokvm
pkgs.${namespace}.ha-openhasp
pkgs.${namespace}.ha-overseerr pkgs.${namespace}.ha-overseerr
pkgs.${namespace}.ha-petlibro pkgs.${namespace}.ha-petlibro
pkgs.${namespace}.ha-wyzeapi pkgs.${namespace}.ha-wyzeapi

14
modules/nixos/sops/default.nix
View File

@@ -1,4 +1,8 @@
{ lib, ... }: { lib, ... }:
let
defaultSops = (lib.snowfall.fs.get-file "secrets/pi4-secrets.yaml");
# sharedSops = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
in
{ {
# Permission modes are in octal representation (same as chmod), # Permission modes are in octal representation (same as chmod),
# the digits represent: user|group|others # the digits represent: user|group|others
@@ -15,7 +19,7 @@
# Either the group id or group name representation of the secret group # Either the group id or group name representation of the secret group
# It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration # It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration
sops = { sops = {
defaultSopsFile = (lib.snowfall.fs.get-file "secrets/secrets.yaml"); defaultSopsFile = defaultSops;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# ------------------------------ # ------------------------------
@@ -28,27 +32,27 @@
# SSH keys # SSH keys
# ------------------------------ # ------------------------------
# "ssh-keys-public/desktop-nixos" = { # "ssh-keys-public/desktop-nixos" = {
# sopsFile = ../../secrets/secrets.yaml; # sopsFile = sharedSops;
# mode = "0644"; # mode = "0644";
# owner = config.users.users."${user}".name; # owner = config.users.users."${user}".name;
# group = config.users.users."${user}".group; # group = config.users.users."${user}".group;
# restartUnits = [ "sshd.service" ]; # restartUnits = [ "sshd.service" ];
# }; # };
# "ssh-keys-private/desktop-nixos" = { # "ssh-keys-private/desktop-nixos" = {
# sopsFile = ../../secrets/secrets.yaml; # sopsFile = sharedSops;
# mode = "0600"; # mode = "0600";
# owner = config.users.users."${user}".name; # owner = config.users.users."${user}".name;
# group = config.users.users."${user}".group; # group = config.users.users."${user}".group;
# restartUnits = [ "sshd.service" ]; # restartUnits = [ "sshd.service" ];
# }; # };
# "ssh-keys-public/desktop-nixos-root" = { # "ssh-keys-public/desktop-nixos-root" = {
# sopsFile = ../../secrets/secrets.yaml; # sopsFile = sharedSops;
# path = "/root/.ssh/id_ed25519.pub"; # path = "/root/.ssh/id_ed25519.pub";
# mode = "0600"; # mode = "0600";
# restartUnits = [ "sshd.service" ]; # restartUnits = [ "sshd.service" ];
# }; # };
# "ssh-keys-private/desktop-nixos-root" = { # "ssh-keys-private/desktop-nixos-root" = {
# sopsFile = ../../secrets/secrets.yaml; # sopsFile = sharedSops;
# path = "/root/.ssh/id_ed25519"; # path = "/root/.ssh/id_ed25519";
# mode = "0600"; # mode = "0600";
# restartUnits = [ "sshd.service" ]; # restartUnits = [ "sshd.service" ];

30
packages/ha-openhasp/default.nix Normal file
View File

@@ -0,0 +1,30 @@
{
buildHomeAssistantComponent,
fetchFromGitHub,
# pkgs,
# namespace,
...
}:
buildHomeAssistantComponent rec {
owner = "HASSwitchPlate";
domain = "openHASP";
version = "0.7.6";
src = fetchFromGitHub {
owner = owner;
repo = "openHASP-custom-component";
rev = version;
hash = "sha256-UvUowCgfay9aRV+iC/AQ9vvJzhGZbH+/1kVjxPFBKcI=";
};
# propagatedBuildInputs = [
# pkgs.${namespace}.pyoverseerr
# ];
meta = {
changelog = "https://github.com/HASSwitchPlate/openHASP-custom-component/releases/tag/${version}";
description = "This custom component simplifies synchronization of objects on one or more openHASP";
homepage = "https://github.com/HASSwitchPlate/openHASP-custom-component";
maintainers = [ ];
};
}

12
systems/aarch64-linux/pi4/sops.nix
View File

@@ -1,10 +1,12 @@
{ config, lib, ... }: { config, lib, ... }:
let let
user = "matt"; user = "matt";
defaultSops = (lib.snowfall.fs.get-file "secrets/pi4-secrets.yaml");
sharedSops = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
in in
{ {
sops = { sops = {
defaultSopsFile = lib.mkForce ../../../secrets/pi4-secrets.yaml; defaultSopsFile = lib.mkForce defaultSops;
# age = { # age = {
# generateKey = true; # generateKey = true;
# sshKeyPaths = [ "/etc/ssd/ssh_host_ed25519_key" ]; # sshKeyPaths = [ "/etc/ssd/ssh_host_ed25519_key" ];
@@ -16,7 +18,7 @@ in
# ------------------------------ # ------------------------------
secrets = { secrets = {
"wifi" = { "wifi" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = sharedSops;
}; };
"pi4/matt-password" = { "pi4/matt-password" = {
neededForUsers = true; neededForUsers = true;
@@ -30,21 +32,21 @@ in
# ------------------------------ # ------------------------------
"ssh-keys-public/pi4" = { "ssh-keys-public/pi4" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = sharedSops;
mode = "0644"; mode = "0644";
owner = config.users.users."${user}".name; owner = config.users.users."${user}".name;
group = config.users.users."${user}".group; group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ]; restartUnits = [ "sshd.service" ];
}; };
"ssh-keys-private/pi4" = { "ssh-keys-private/pi4" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = sharedSops;
mode = "0600"; mode = "0600";
owner = config.users.users."${user}".name; owner = config.users.users."${user}".name;
group = config.users.users."${user}".group; group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ]; restartUnits = [ "sshd.service" ];
}; };
"ssh-keys-public/pi5" = { "ssh-keys-public/pi5" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = sharedSops;
neededForUsers = true; neededForUsers = true;
mode = "0600"; mode = "0600";
owner = config.users.users.root.name; owner = config.users.users.root.name;

10
systems/aarch64-linux/pi5/sops.nix
View File

@@ -1,10 +1,12 @@
{ config, lib, ... }: { config, lib, ... }:
let let
user = "matt"; user = "matt";
defaultSops = (lib.snowfall.fs.get-file "secrets/pi5-secrets.yaml");
sharedSops = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
in in
{ {
sops = { sops = {
defaultSopsFile = lib.mkForce ../../../secrets/pi5-secrets.yaml; defaultSopsFile = lib.mkForce defaultSops;
# age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; # age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
age.keyFile = "/home/matt/.config/sops/age/keys.txt"; age.keyFile = "/home/matt/.config/sops/age/keys.txt";
@@ -13,7 +15,7 @@ in
# ------------------------------ # ------------------------------
secrets = { secrets = {
"wifi" = { "wifi" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = sharedSops;
}; };
"pi5/matt-password" = { "pi5/matt-password" = {
neededForUsers = true; neededForUsers = true;
@@ -27,14 +29,14 @@ in
# ------------------------------ # ------------------------------
"ssh-keys-public/pi5" = { "ssh-keys-public/pi5" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = sharedSops;
mode = "0644"; mode = "0644";
owner = config.users.users."${user}".name; owner = config.users.users."${user}".name;
group = config.users.users."${user}".group; group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ]; restartUnits = [ "sshd.service" ];
}; };
"ssh-keys-private/pi5" = { "ssh-keys-private/pi5" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = sharedSops;
mode = "0600"; mode = "0600";
owner = config.users.users."${user}".name; owner = config.users.users."${user}".name;
group = config.users.users."${user}".group; group = config.users.users."${user}".group;

43
systems/x86_64-linux/desktop/specialisations/hyprland/default.nix
View File

@@ -1,17 +1,4 @@
{ lib, namespace, ... }: { lib, namespace, ... }:
let
# Displays
# displayLeft = {
# input = "DP-1";
# resolution = "3840x2160";
# refreshRate = "240.00000";
# };
# displayRight = {
# input = "DP-2";
# resolution = "3840x2160";
# refreshRate = "240.00000";
# };
in
{ {
specialisation.hyprland.inheritParentConfig = true; specialisation.hyprland.inheritParentConfig = true;
specialisation.hyprland.configuration = { specialisation.hyprland.configuration = {
@@ -19,36 +6,6 @@ in
${namespace} = { ${namespace} = {
desktop = { desktop = {
hyprland.enable = true; hyprland.enable = true;
# primaryDisplay = "DP-1";
# wallpaper = [
# "${displayLeft.input}, /run/wallpaper.jpg"
# "${displayRight.input}, /run/wallpaper.jpg"
# ];
# monitor = [
# "${displayLeft.input},${displayLeft.resolution}@${displayLeft.refreshRate},0x0,1,bitdepth,10,cm,hdr,sdrbrightness,1.2,sdrsaturation,0.98"
# "${displayRight.input},${displayRight.resolution}@${displayRight.refreshRate},3840x0,1,bitdepth,10,cm,hdr,sdrbrightness,1.5,sdrsaturation,0.98"
# ];
# workspace = [
# "name:firefox, monitor:${displayRight.input}, default:false, special, class:(.*firefox.*)"
# "name:discord, monitor:${displayRight.input}, default:true, special, title:(.*vesktop.*), title:(.*Apple Music.*)"
# "name:steam, monitor:${displayLeft.input}, default:false, special, class:(.*[Ss]team.*)"
# ];
# windowRule = [
# "size 2160 7680, tag:horizonrdp"
# ];
# extraConfig = ''
# exec-once = nm-applet
# exec-once = [silent] firefox
# exec-once = [silent] vesktop
# exec-once = [silent] chromium --app="https://music.apple.com"
# exec-once = [silent] steam
# '';
# };
gnome.enable = lib.mkForce false; gnome.enable = lib.mkForce false;
}; };
}; };

6
systems/x86_64-linux/desktop/specialisations/hyprland/home/default.nix
View File

@@ -30,7 +30,7 @@ in
"${displayLeft.input},${displayLeft.resolution}@${displayLeft.refreshRate},0x0,1,bitdepth,10,cm,hdr,sdrbrightness,1.2,sdrsaturation,0.98" "${displayLeft.input},${displayLeft.resolution}@${displayLeft.refreshRate},0x0,1,bitdepth,10,cm,hdr,sdrbrightness,1.2,sdrsaturation,0.98"
"${displayRight.input},${displayRight.resolution}@${displayRight.refreshRate},3840x0,1,bitdepth,10,cm,hdr,sdrbrightness,1.5,sdrsaturation,0.98" "${displayRight.input},${displayRight.resolution}@${displayRight.refreshRate},3840x0,1,bitdepth,10,cm,hdr,sdrbrightness,1.5,sdrsaturation,0.98"
]; ];
workspace = [ workspace = [
"name:firefox, monitor:${displayRight.input}, default:false, special, class:(.*firefox.*)" "name:firefox, monitor:${displayRight.input}, default:false, special, class:(.*firefox.*)"
"name:discord, monitor:${displayRight.input}, default:true, special, title:(.*vesktop.*), title:(.*Apple Music.*)" "name:discord, monitor:${displayRight.input}, default:true, special, title:(.*vesktop.*), title:(.*Apple Music.*)"
@@ -94,13 +94,13 @@ in
"clock" "clock"
"custom/weather" "custom/weather"
]; ];
extraModules = { extraModules = {
"custom/lights" = { "custom/lights" = {
tooltip = false; tooltip = false;
exec = "waybar-hass --get_light light.living_room_lights"; exec = "waybar-hass --get_light light.living_room_lights";
interval = "once"; interval = "once";
format = "{text}";#"󱉓"; format = "{text}"; # "󱉓";
on-click = "waybar-hass --toggle_light light.living_room_lights"; on-click = "waybar-hass --toggle_light light.living_room_lights";
return-type = "json"; return-type = "json";
}; };

24
systems/x86_64-linux/nas/sops.nix
View File

@@ -1,6 +1,8 @@
{ config, lib, ... }: { config, lib, ... }:
let let
user = "nix-apps"; user = "nix-apps";
defaultSops = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
sharedSops = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
in in
{ {
# Permission modes are in octal representation (same as chmod), # Permission modes are in octal representation (same as chmod),
@@ -18,7 +20,7 @@ in
# Either the group id or group name representation of the secret group # Either the group id or group name representation of the secret group
# It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration # It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration
sops = { sops = {
defaultSopsFile = lib.mkForce ../../../secrets/nas-secrets.yaml; defaultSopsFile = lib.mkForce defaultSops;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# ------------------------------ # ------------------------------
@@ -33,7 +35,7 @@ in
}; };
"wifi" = { "wifi" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = sharedSops;
}; };
# ------------------------------ # ------------------------------
@@ -55,12 +57,12 @@ in
# ------------------------------ # ------------------------------
"ssh-keys-public/jallen-nas-root" = { "ssh-keys-public/jallen-nas-root" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = sharedSops;
path = "/root/.ssh/id_ed25519.pub"; path = "/root/.ssh/id_ed25519.pub";
mode = "0640"; mode = "0640";
}; };
"ssh-keys-private/jallen-nas-root" = { "ssh-keys-private/jallen-nas-root" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = sharedSops;
path = "/root/.ssh/id_ed25519"; path = "/root/.ssh/id_ed25519";
mode = "0600"; mode = "0600";
}; };
@@ -199,37 +201,37 @@ in
# ------------------------------ # ------------------------------
"secureboot/GUID" = { "secureboot/GUID" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = sharedSops;
path = "/etc/secureboot/GUID"; path = "/etc/secureboot/GUID";
mode = "0640"; mode = "0640";
}; };
"secureboot/keys/db-key" = { "secureboot/keys/db-key" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = sharedSops;
path = "/etc/secureboot/keys/db/db.key"; path = "/etc/secureboot/keys/db/db.key";
mode = "0640"; mode = "0640";
}; };
"secureboot/keys/db-pem" = { "secureboot/keys/db-pem" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = sharedSops;
path = "/etc/secureboot/keys/db/db.pem"; path = "/etc/secureboot/keys/db/db.pem";
mode = "0640"; mode = "0640";
}; };
"secureboot/keys/KEK-key" = { "secureboot/keys/KEK-key" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = sharedSops;
path = "/etc/secureboot/keys/KEK/KEK.key"; path = "/etc/secureboot/keys/KEK/KEK.key";
mode = "0640"; mode = "0640";
}; };
"secureboot/keys/KEK-pem" = { "secureboot/keys/KEK-pem" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = sharedSops;
path = "/etc/secureboot/keys/KEK/KEK.pem"; path = "/etc/secureboot/keys/KEK/KEK.pem";
mode = "0640"; mode = "0640";
}; };
"secureboot/keys/PK-key" = { "secureboot/keys/PK-key" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = sharedSops;
path = "/etc/secureboot/keys/PK/PK.key"; path = "/etc/secureboot/keys/PK/PK.key";
mode = "0640"; mode = "0640";
}; };
"secureboot/keys/PK-pem" = { "secureboot/keys/PK-pem" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = sharedSops;
path = "/etc/secureboot/keys/PK/PK.pem"; path = "/etc/secureboot/keys/PK/PK.pem";
mode = "0640"; mode = "0640";
}; };

3
systems/x86_64-linux/nuc/default.nix
View File

@@ -1,5 +1,4 @@
{ {
config,
lib, lib,
namespace, namespace,
... ...
@@ -10,8 +9,6 @@
./networking.nix ./networking.nix
./users.nix ./users.nix
./sops.nix ./sops.nix
# ../../modules/homeassistant/homeassistant.nix
]; ];
security.tpm2 = { security.tpm2 = {

22
systems/x86_64-linux/nuc/sops.nix
View File

@@ -1,4 +1,8 @@
{ lib, ... }: { lib, ... }:
let
defaultSops = (lib.snowfall.fs.get-file "secrets/nuc-secrets.yaml");
sharedSops = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
in
{ {
# Permission modes are in octal representation (same as chmod), # Permission modes are in octal representation (same as chmod),
# the digits represent: user|group|others # the digits represent: user|group|others
@@ -15,7 +19,7 @@
# Either the group id or group name representation of the secret group # Either the group id or group name representation of the secret group
# It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration # It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration
sops = { sops = {
defaultSopsFile = lib.mkForce ../../../secrets/nuc-secrets.yaml; defaultSopsFile = lib.mkForce defaultSops;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# ------------------------------ # ------------------------------
@@ -24,7 +28,7 @@
secrets = { secrets = {
"wifi" = { "wifi" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = sharedSops;
}; };
# ------------------------------ # ------------------------------
@@ -32,37 +36,37 @@
# ------------------------------ # ------------------------------
"secureboot/GUID" = { "secureboot/GUID" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = sharedSops;
path = "/etc/secureboot/GUID"; path = "/etc/secureboot/GUID";
mode = "0640"; mode = "0640";
}; };
"secureboot/keys/db-key" = { "secureboot/keys/db-key" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = sharedSops;
path = "/etc/secureboot/keys/db/db.key"; path = "/etc/secureboot/keys/db/db.key";
mode = "0640"; mode = "0640";
}; };
"secureboot/keys/db-pem" = { "secureboot/keys/db-pem" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = sharedSops;
path = "/etc/secureboot/keys/db/db.pem"; path = "/etc/secureboot/keys/db/db.pem";
mode = "0640"; mode = "0640";
}; };
"secureboot/keys/KEK-key" = { "secureboot/keys/KEK-key" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = sharedSops;
path = "/etc/secureboot/keys/KEK/KEK.key"; path = "/etc/secureboot/keys/KEK/KEK.key";
mode = "0640"; mode = "0640";
}; };
"secureboot/keys/KEK-pem" = { "secureboot/keys/KEK-pem" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = sharedSops;
path = "/etc/secureboot/keys/KEK/KEK.pem"; path = "/etc/secureboot/keys/KEK/KEK.pem";
mode = "0640"; mode = "0640";
}; };
"secureboot/keys/PK-key" = { "secureboot/keys/PK-key" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = sharedSops;
path = "/etc/secureboot/keys/PK/PK.key"; path = "/etc/secureboot/keys/PK/PK.key";
mode = "0640"; mode = "0640";
}; };
"secureboot/keys/PK-pem" = { "secureboot/keys/PK-pem" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = sharedSops;
path = "/etc/secureboot/keys/PK/PK.pem"; path = "/etc/secureboot/keys/PK/PK.pem";
mode = "0640"; mode = "0640";
}; };