itsscb/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ft/adds cifs shares and sops credentials

Browse Source
This commit is contained in:
itsscb 2024-05-08 23:21:30 +02:00
parent c652dcd89a
commit e44aa41378
6 changed files with 154 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.sops.yaml Normal file
View File

@ -0,0 +1,7 @@
keys:
- &primary age18ykeuqsrxyn5x6ygprupksuh9nhkzn47ju3krjge3ywfy3d8jgyq3zgmsc
creation_rules:
- path_regex: secrets/secrets.yaml$
key_groups:
- age:
- *primary

40
flake.lock generated
View File

@ -190,6 +190,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": {
"locked": {
"lastModified": 1714858427,
"narHash": "sha256-tCxeDP4C1pWe2rYY3IIhdA40Ujz32Ufd4tcrHPSKx2M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b980b91038fc4b09067ef97bbe5ad07eecca1e76",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 0, "lastModified": 0,
@ -207,7 +223,29 @@
"home-manager": "home-manager", "home-manager": "home-manager",
"hyprland": "hyprland", "hyprland": "hyprland",
"hyprland-plugins": "hyprland-plugins", "hyprland-plugins": "hyprland-plugins",
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1715035358,
"narHash": "sha256-RY6kqhpCPa/q3vbqt3iYRyjO3hJz9KZnshMjbpPon8o=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "893e3df091f6838f4f9d71c61ab079d5c5dedbd1",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
} }
}, },
"systems": { "systems": {

4
flake.nix
View File

@ -10,6 +10,10 @@
inputs.hyprland.follows = "hyprland"; inputs.hyprland.follows = "hyprland";
}; };
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
# hyprlock = { # hyprlock = {
# url = "github:hyprwm/hyprlock"; # url = "github:hyprwm/hyprlock";
# inputs.hyprland.follows = "hyprland"; # inputs.hyprland.follows = "hyprland";

63
hosts/default/configuration.nix
View File

@ -9,9 +9,16 @@
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
inputs.home-manager.nixosModules.default inputs.home-manager.nixosModules.default
# <home-manager/nixos> inputs.sops-nix.nixosModules.sops
]; ];
sops.validateSopsFiles = false;
sops.defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
sops.defaultSopsFormat = "yaml";
sops.age.keyFile = "/home/itsscb/.config/sops/age/keys.txt";
sops.secrets."nas" = {};
# Bootloader. # Bootloader.
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
@ -71,12 +78,24 @@
}; };
users.groups.fsc = {
gid = 1010;
};
# Define a user account. Don't forget to set a password with passwd. # Define a user account. Don't forget to set a password with passwd.
users.users.itsscb = { users.users.itsscb = {
isNormalUser = true; isNormalUser = true;
uid = 1000;
description = "itsscb"; description = "itsscb";
extraGroups = [ "networkmanager" "wheel" ]; extraGroups = [ "networkmanager" "wheel" "fsc"];
packages = with pkgs; [
];
};
users.users."k.sc"= {
isNormalUser = true;
uid = 1001;
description = "k.sc";
extraGroups = [ "networkmanager" "fsc"];
packages = with pkgs; [ packages = with pkgs; [
]; ];
}; };
@ -85,7 +104,6 @@
nerdfonts nerdfonts
]; ];
programs = { programs = {
@ -121,6 +139,8 @@
variables = { variables = {
EDITOR = "hx"; EDITOR = "hx";
}; };
}; };
hardware = { hardware = {
@ -145,6 +165,8 @@ home-manager = {
xdg.portal.enable = true; xdg.portal.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
age
sops
curl curl
waybar waybar
(waybar.overrideAttrs (oldAttrs: { (waybar.overrideAttrs (oldAttrs: {
@ -155,7 +177,16 @@ home-manager = {
libnotify libnotify
swww swww
broot
jq
poppler
fzf
dolphin dolphin
breeze-icons
# cifs-utils
networkmanagerapplet networkmanagerapplet
alacritty alacritty
xdg-desktop-portal-gtk xdg-desktop-portal-gtk
@ -197,6 +228,32 @@ home-manager = {
atomix atomix
]); ]);
fileSystems = {
"/mnt/home" = {
device = "//192.168.128.2/Cloud_Privat";
fsType = "cifs";
label = "HOME";
options = let
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user";
in ["${automount_opts},credentials=${config.sops.secrets."nas".path},uid=1000,gid=1010"];
};
"/mnt/scan" = {
device = "//192.168.128.2/scan";
fsType = "cifs";
options = let
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user";
in ["${automount_opts},credentials=${config.sops.secrets."nas".path},uid=1000,gid=1010"];
};
"/mnt/shared" = {
device = "//192.168.128.2/shared";
fsType = "cifs";
options = let
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user";
in ["${automount_opts},credentials=${config.sops.secrets."nas".path},uid=1000,gid=1010"];
};
};
programs.nix-ld.enable = true; programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [ programs.nix-ld.libraries = with pkgs; [

45
hosts/default/home.nix
View File

@ -110,30 +110,31 @@
}; };
}; };
# dconf = { dconf = {
# enable = true; enable = true;
# settings."org/gnome/desktop/interface".color-scheme = "prefer-dark"; settings."org/gnome/desktop/interface".color-scheme = "prefer-dark";
# settings."org/gnome/desktop/screensaver" = { settings."org/gnome/desktop/screensaver" = {
# picture-uri = "file:///etc/nixos/dotfiles/hypr/rust.png"; picture-uri = "file:///etc/nixos/dotfiles/hypr/rust.png";
# picture-uri-dark = "file:///etc/nixos/dotfiles/hypr/rust.png"; picture-uri-dark = "file:///etc/nixos/dotfiles/hypr/rust.png";
# settings."org/gnome/desktop/peripherals/touchpad".tap-to-click = true; };
# settings."org/gnome/desktop/background".picture-uri-dark = "file:///run/current-system/sw/share/backgrounds/gnome/keys-d.jpg"; settings."org/gnome/desktop/peripherals/touchpad".tap-to-click = true;
# settings."org/gnome/desktop/background".picture-uri = "file:///run/current-system/sw/share/backgrounds/gnome/keys-l.jpg"; settings."org/gnome/desktop/background".picture-uri-dark = "file:///run/current-system/sw/share/backgrounds/gnome/keys-d.jpg";
# settings."org/gnome/desktop/background".primary-color = "#aaaaaa"; settings."org/gnome/desktop/background".picture-uri = "file:///run/current-system/sw/share/backgrounds/gnome/keys-l.jpg";
# settings."org/gnome/desktop/background".secondary-color = "#000000"; settings."org/gnome/desktop/background".primary-color = "#aaaaaa";
# settings."org/gnome/desktop/interface".show-battery-percentage = true; settings."org/gnome/desktop/background".secondary-color = "#000000";
# settings."org/gnome/settings-daemon/plugins/media-keys".home = ["<Super>e"]; settings."org/gnome/desktop/interface".show-battery-percentage = true;
# settings."org/gnome/settings-daemon/plugins/media-keys".control-center= ["<Super>i"]; settings."org/gnome/settings-daemon/plugins/media-keys".home = ["<Super>e"];
# settings."org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".binding= "<Super>t"; settings."org/gnome/settings-daemon/plugins/media-keys".control-center= ["<Super>i"];
# settings."org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".command= "gnome-terminal"; settings."org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".binding= "<Super>t";
# settings."org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".name= "gt1"; settings."org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".command= "gnome-terminal";
settings."org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".name= "gt1";
# settings."org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".binding= "<Control><Alt>t"; settings."org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".binding= "<Control><Alt>t";
# settings."org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".command= "gnome-terminal"; settings."org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".command= "gnome-terminal";
# settings."org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".name= "gt2"; settings."org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".name= "gt2";
# settings."org/gnome/settings-daemon/plugins/media-keys".custom-keybindings= ["/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/" "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"]; settings."org/gnome/settings-daemon/plugins/media-keys".custom-keybindings= ["/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/" "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"];
# }; };
home.packages = [ home.packages = [
]; ];
wayland.windowManager.hyprland.enable = true; wayland.windowManager.hyprland.enable = true;

21
secrets/secrets.yaml Normal file
View File

@ -0,0 +1,21 @@
nas: ENC[AES256_GCM,data:JIb5+hJg7XdnDoCD3wH++6mX8YBmSEeiFdB8iuHZXhGC4OKo8eJWaIs=,iv:fG0EFEDvriHf9IeDaiYJZojB3I+FJhQQXU4Z49CmTU0=,tag:5UAcQ0IH4+B1OE2p1RkeDw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18ykeuqsrxyn5x6ygprupksuh9nhkzn47ju3krjge3ywfy3d8jgyq3zgmsc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIZVRiblpGdDlOMjRhc3hl
WUxGL1k5bWh4N1MvaUxqZnZ5NHFSY2theGtnClc4NnFyazlYYTVZOFFTQnhXVWZN
MW5sb1ptbnBlZXJiSXd5SmdKbElsV3cKLS0tIDBqb3paVDlqSWtKK2lhNCtPam10
bTFXejdDWldUaUQyaUE0My9UQm1RencKyKM5CyU2qIygoM+9ZmvxfTW6DIn2HTf8
9GHcmPnwRnIOPreuS5H1zGHnq4A5OJo6/ToLLabiAqSFbd5+W8EPkQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-08T21:16:29Z"
mac: ENC[AES256_GCM,data:x3pl9lvklsuf730s5EEDuiYulmbsKlrKdid2tuH1HFgTYRcvzEwXaOEWj9HQ27gT3UcVuQflwo8YEFW7GGs27jYHDyy3FeTcuoagNZvlxlVS5MBTjN4nAYU2sq2ykE8yZanORwLgE3vuQFyXE9416K+ZbcybpmRTLRZ0xxW4+yw=,iv:2BvL8DboJbgFHkgRXglW7LCk73AeFf1CdNxiDu/FGb8=,tag:2FaNkwrkP1B9AdPzs+35CA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1