tstarr/dotfiles
1
0
Fork 0
mirror of https://github.com/starr-dusT/dotfiles.git synced 2025-05-19 10:56:05 -07:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: tstarr:a815d65d26ba059d33ff81c72fe3e7841b0bee79
Branches Tags
tstarr:master
tstarr:v23.05
..
compare: tstarr:e12ed0f124bda6d916c74941d4f881ab83bfaa04
Branches Tags
tstarr:master
tstarr:v23.05

No commits in common. "a815d65d26ba059d33ff81c72fe3e7841b0bee79" and "e12ed0f124bda6d916c74941d4f881ab83bfaa04" have entirely different histories.
a815d65d26 ... e12ed0f124

20 changed files with 65 additions and 120 deletions
Show Stats Expand all files Collapse all files

4
home/private_dot_ssh/config.tmpl
View File

@ -1,10 +1,6 @@
Host github.com Host github.com
AddKeysToAgent yes AddKeysToAgent yes
IdentityFile /run/agenix/git/github_personal IdentityFile /run/agenix/git/github_personal
Host fm2120.rsync.net
AddKeysToAgent yes
IdentityFile /run/agenix/borg/rsync/id_rsa
{{ if eq .chezmoi.hostname "kestrel" }} {{ if eq .chezmoi.hostname "kestrel" }}
Host torus Host torus
AddKeysToAgent yes AddKeysToAgent yes

1
provision/hosts/bulwark/configuration.nix
View File

@ -46,6 +46,7 @@
nipr.enable = true; nipr.enable = true;
ssh.enable = true; ssh.enable = true;
terminal.enable = true; terminal.enable = true;
secrets.enable = true;
wireguard-client.enable = false; wireguard-client.enable = false;
}; };
}; };

1
provision/hosts/default/backup.nix
View File

@ -3,7 +3,6 @@
services.borgmatic.enable = true; services.borgmatic.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
borgbackup # Deduplicating backup program borgbackup # Deduplicating backup program
tree
(pkgs.writeScriptBin "stop-docker-containers" '' (pkgs.writeScriptBin "stop-docker-containers" ''
#!/bin/sh #!/bin/sh
[ -e /tmp/docker_images ] && rm /tmp/docker_images [ -e /tmp/docker_images ] && rm /tmp/docker_images

3
provision/hosts/default/configuration.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, user, lib, inputs, ... }: { config, pkgs, user, lib, ... }:
{ {
nix = { nix = {
package = pkgs.nixFlakes; package = pkgs.nixFlakes;
@ -46,7 +46,6 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
cowsay # A program which generates ASCII pictures of a cow with a message cowsay # A program which generates ASCII pictures of a cow with a message
inputs.agenix.packages.x86_64-linux.default
]; ];
# Did you read the comment? # Did you read the comment?

2
provision/hosts/default/default.nix
View File

@ -1,4 +1,4 @@
{ ... }: { ... }:
{ {
imports = [ ./git.nix ./backup.nix ./configuration.nix ./home-configuration.nix ]; imports = [ ./backup.nix ./configuration.nix ./home-configuration.nix ];
} }

15
provision/hosts/default/git.nix
View File

@ -1,15 +0,0 @@
{ config, pkgs, user, lib, ... }:
{
environment.systemPackages = with pkgs; [
git # Version control system for tracking changes in source code during software development.
git-annex # Manages files with git, without checking the file contents into git.
lazygit # Terminal-based GUI for git, making it easier to use and visualize git repositories.
];
age.secrets."git/github_personal" = {
file = ../../secrets/git/github_personal.age;
owner = "${user}";
group = "users";
};
}

38
provision/hosts/kestrel/backup.nix
View File

@ -1,47 +1,9 @@
{ config, pkgs, user, lib, ... }: { config, pkgs, user, lib, ... }:
{ {
age.secrets."ssh/torus/id_ed25519.pub" = {
file = ../../secrets/ssh/torus/id_ed25519.pub.age;
owner = "${user}";
group = "users";
};
age.secrets."ssh/kestrel/id_ed25519" = {
file = ../../secrets/ssh/kestrel/id_ed25519.age;
owner = "${user}";
group = "users";
};
age.secrets."ssh/kestrel/id_ed25519.pub" = {
file = ../../secrets/ssh/kestrel/id_ed25519.pub.age;
owner = "${user}";
group = "users";
};
age.secrets."borg/rsync/id_rsa" = {
file = ../../secrets/borg/rsync/id_rsa.age;
owner = "${user}";
group = "users";
};
age.secrets."borg/rsync/id_rsa.pub" = {
file = ../../secrets/borg/rsync/id_rsa.pub.age;
owner = "${user}";
group = "users";
};
# Password-less logins for backup # Password-less logins for backup
users.users."${user}".openssh.authorizedKeys.keyFiles = [ users.users."${user}".openssh.authorizedKeys.keyFiles = [
config.age.secrets."ssh/torus/id_ed25519.pub".path config.age.secrets."ssh/torus/id_ed25519.pub".path
]; ];
# Password-less login for root
programs.ssh.extraConfig = ''
Host torus
AddKeysToAgent yes
IdentityFile /run/agenix/ssh/kestrel/id_ed25519
Host fm2120.rsync.net
AddKeysToAgent yes
IdentityFile /run/agenix/borg/rsync/id_rsa
'';
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /store 0775 ${user} users -" "d /store 0775 ${user} users -"
]; ];

1
provision/hosts/kestrel/configuration.nix
View File

@ -61,6 +61,7 @@
}; };
system = { system = {
nipr.enable = true; nipr.enable = true;
secrets.enable = true;
ssh.enable = true; ssh.enable = true;
terminal.enable = true; terminal.enable = true;
wireguard-client = { wireguard-client = {

1
provision/hosts/shivan/configuration.nix
View File

@ -49,6 +49,7 @@
}; };
system = { system = {
nipr = true; nipr = true;
secrets.enable = true;
ssh.enable = true; ssh.enable = true;
terminal.enable = true; terminal.enable = true;
wireguard-client.enable = false; wireguard-client.enable = false;

44
provision/hosts/torus/backup.nix
View File

@ -1,50 +1,8 @@
{ config, pkgs, user, lib, ... }: { config, pkgs, user, lib, ... }:
{ {
age.secrets."ssh/kestrel/id_ed25519.pub" = { # Password-less logins for backup
file = ../../secrets/ssh/kestrel/id_ed25519.pub.age;
owner = "${user}";
group = "users";
};
age.secrets."ssh/torus/id_ed25519" = {
file = ../../secrets/ssh/torus/id_ed25519.age;
owner = "${user}";
group = "users";
};
age.secrets."ssh/torus/id_ed25519.pub" = {
file = ../../secrets/ssh/torus/id_ed25519.pub.age;
owner = "${user}";
group = "users";
};
age.secrets."borg/torus/password" = {
file = ../../secrets/borg/torus/password.age;
owner = "${user}";
group = "users";
};
age.secrets."borg/rsync/id_rsa" = {
file = ../../secrets/borg/rsync/id_rsa.age;
owner = "${user}";
group = "users";
};
age.secrets."borg/rsync/id_rsa.pub" = {
file = ../../secrets/borg/rsync/id_rsa.pub.age;
owner = "${user}";
group = "users";
};
# Password-less login for user
users.users."${user}".openssh.authorizedKeys.keyFiles = [ users.users."${user}".openssh.authorizedKeys.keyFiles = [
config.age.secrets."ssh/kestrel/id_ed25519.pub".path config.age.secrets."ssh/kestrel/id_ed25519.pub".path
]; ];
# Password-less login for root
programs.ssh.extraConfig = ''
Host kestrel
AddKeysToAgent yes
IdentityFile /run/agenix/ssh/torus/id_ed25519
Host fm2120.rsync.net
AddKeysToAgent yes
IdentityFile /run/agenix/borg/rsync/id_rsa
'';
} }

1
provision/hosts/torus/configuration.nix
View File

@ -102,6 +102,7 @@
system = { system = {
terminal.enable = true; terminal.enable = true;
ssh.enable = true; ssh.enable = true;
secrets.enable = true;
}; };
}; };

2
provision/modules/desktop/gnome.nix
View File

@ -183,7 +183,7 @@ in {
screensaver = []; screensaver = [];
}; };
"org/gnome/settings-daemon/plugins/power" = { "org/gnome/settings-daemon/plugins/power" = {
sleep-inactive-ac-type = "blank"; sleep-inactive-ac-type = "suspend";
sleep-inactive-battery-type = "suspend"; sleep-inactive-battery-type = "suspend";
sleep-inactive-ac-timeout = 2700; sleep-inactive-ac-timeout = 2700;
sleep-inactive-battery-timeout = 2700; sleep-inactive-battery-timeout = 2700;

11
provision/modules/gaming/emulation.nix
View File

@ -21,16 +21,5 @@ in {
]; ];
}) })
]; ];
age.secrets."emu/switch/prod.keys" = {
file = ../../secrets/emu/switch/prod.keys.age;
owner = "${user}";
group = "users";
};
age.secrets."emu/switch/title.keys" = {
file = ../../secrets/emu/switch/title.keys.age;
owner = "${user}";
group = "users";
};
}; };
} }

2
provision/modules/system/default.nix
View File

@ -1,4 +1,4 @@
{ ... }: { ... }:
{ {
imports = [ ./nipr.nix ./ssh.nix ./terminal.nix ./wireguard-client.nix ]; imports = [ ./nipr.nix ./secrets.nix ./ssh.nix ./terminal.nix ./wireguard-client.nix ];
} }

53
provision/modules/system/secrets.nix Normal file
View File

@ -0,0 +1,53 @@
{ config, lib, pkgs, user, inputs, ... }:
let cfg = config.modules.system.secrets;
in {
options.modules.system.secrets.enable = lib.mkEnableOption "secrets";
config = lib.mkIf cfg.enable {
environment.systemPackages = [
inputs.agenix.packages.x86_64-linux.default
];
# git secrets
age.secrets."git/github_personal" = {
file = ../../secrets/git/github_personal.age;
owner = "${user}";
group = "users";
};
# ssh secrets
age.secrets."ssh/kestrel/id_ed25519" = {
file = ../../secrets/ssh/kestrel/id_ed25519.age;
owner = "${user}";
group = "users";
};
age.secrets."ssh/kestrel/id_ed25519.pub" = {
file = ../../secrets/ssh/kestrel/id_ed25519.pub.age;
owner = "${user}";
group = "users";
};
age.secrets."ssh/torus/id_ed25519" = {
file = ../../secrets/ssh/torus/id_ed25519.age;
owner = "${user}";
group = "users";
};
age.secrets."ssh/torus/id_ed25519.pub" = {
file = ../../secrets/ssh/torus/id_ed25519.pub.age;
owner = "${user}";
group = "users";
};
# emu secrets
age.secrets."emu/switch/prod.keys" = {
file = ../../secrets/emu/switch/prod.keys.age;
owner = "${user}";
group = "users";
};
age.secrets."emu/switch/title.keys" = {
file = ../../secrets/emu/switch/title.keys.age;
owner = "${user}";
group = "users";
};
};
}

3
provision/modules/system/terminal.nix
View File

@ -6,6 +6,9 @@ in {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git # Version control system for tracking changes in source code during software development.
git-annex # Manages files with git, without checking the file contents into git.
lazygit # Terminal-based GUI for git, making it easier to use and visualize git repositories.
killall # Command-line utility to terminate processes by name. killall # Command-line utility to terminate processes by name.
pciutils # Utilities for inspecting and manipulating devices connected to the PCI bus. pciutils # Utilities for inspecting and manipulating devices connected to the PCI bus.
chezmoi # Manages your dotfiles across multiple machines, ensuring consistency and version control. chezmoi # Manages your dotfiles across multiple machines, ensuring consistency and version control.

BIN
provision/secrets/borg/rsync/id_rsa.age
View File

Binary file not shown.

BIN
provision/secrets/borg/rsync/id_rsa.pub.age
View File

Binary file not shown.

BIN
provision/secrets/borg/torus/password.age
View File

Binary file not shown.

3
provision/secrets/secrets.nix
View File

@ -21,8 +21,5 @@ in
"ssh/kestrel/id_ed25519.pub.age".publicKeys = users ++ systems; "ssh/kestrel/id_ed25519.pub.age".publicKeys = users ++ systems;
"ssh/torus/id_ed25519.age".publicKeys = [ tstarr_torus ] ++ systems; "ssh/torus/id_ed25519.age".publicKeys = [ tstarr_torus ] ++ systems;
"ssh/torus/id_ed25519.pub.age".publicKeys = users ++ systems; "ssh/torus/id_ed25519.pub.age".publicKeys = users ++ systems;
"borg/torus/password.age".publicKeys = [ tstarr_torus ] ++ systems;
"borg/rsync/id_rsa.age".publicKeys = users ++ systems;
"borg/rsync/id_rsa.pub.age".publicKeys = users ++ systems;
} }