diff options
| author | Mike Vink <mike1994vink@gmail.com> | 2023-10-16 23:16:01 +0200 |
|---|---|---|
| committer | Mike Vink <mike1994vink@gmail.com> | 2023-10-16 23:25:42 +0200 |
| commit | d885924961b3c4b3db76b78e603c0cc84ff88aae (patch) | |
| tree | c152dcd1e54806adfe9fdb13d8f4efad393f9317 /profiles/core | |
| parent | e5957fa18a322338b2f75afd62e32cdb84143236 (diff) | |
stuff
Diffstat (limited to 'profiles/core')
| -rw-r--r-- | profiles/core/configuration.nix | 25 | ||||
| -rw-r--r-- | profiles/core/secrets.nix | 35 |
2 files changed, 31 insertions, 29 deletions
diff --git a/profiles/core/configuration.nix b/profiles/core/configuration.nix index 5c3c270..e487fae 100644 --- a/profiles/core/configuration.nix +++ b/profiles/core/configuration.nix @@ -3,19 +3,25 @@ pkgs, ... }: { - users.users.mike = { + imports = [ (mkAliasOptionModule [ "ivi" ] [ "users" "users" ivi.username ]) ]; + + time.timeZone = "Europe/Amsterdam"; + users.users.${ivi.username} = { + uid = 1000; isNormalUser = true; + description = ivi.realName; extraGroups = ["wheel" "networkmanager" "docker" "transmission"]; + openssh.authorizedKeys.keys = ivi.sshKeys; }; security = { - sudo = { - wheelNeedsPassword = false; - extraConfig = '' - Defaults env_keep+="EDITOR" - Defaults env_keep+="SSH_CONNECTION SSH_CLIENT SSH_TTY" - Defaults env_keep+="http_proxy https_proxy" - ''; - }; + sudo = { + wheelNeedsPassword = false; + extraConfig = '' + Defaults env_keep+="EDITOR" + Defaults env_keep+="SSH_CONNECTION SSH_CLIENT SSH_TTY" + Defaults env_keep+="http_proxy https_proxy" + ''; + }; }; environment.systemPackages = with pkgs; [ man-pages @@ -35,7 +41,6 @@ usbutils ]; - nix.package = pkgs.nixUnstable; nix.extraOptions = '' experimental-features = nix-command flakes diff --git a/profiles/core/secrets.nix b/profiles/core/secrets.nix index c7a3ba5..15d6ee5 100644 --- a/profiles/core/secrets.nix +++ b/profiles/core/secrets.nix @@ -1,28 +1,25 @@ -{inputs,config,lib,pkgs,...}: with lib; { +{machine,inputs,config,lib,pkgs,...}: with lib; { imports = [ inputs.sops-nix.nixosModules.sops - (mkAliasOptionModule [ "secrets" ] [ "home-manager" "users" "mike" ]) # TODO: get username(s) from machine config + (mkAliasOptionModule [ "secrets" ] [ "home-manager" "users" "mike" ]) # TODO: get my username(s) from machine config ]; sops = { - gnupg = { - sshKeyPaths = []; - }; age.sshKeyPaths = []; - age.keyFile = "${config.hm.xdg.configHome}/sops/age/keys.txt"; + age.keyFile = mkIf (machine.hostname == "lemptop") "${config.hm.xdg.configHome}/sops/age/keys.txt"; - # secrets = mapAttrs' (name: _: let - # parts = splitString "." name; - # base = head parts; - # format = if length parts > 1 then elemAt parts 1 else "binary"; - # in - # { - # name = base; - # value = { - # sopsFile = "${inputs.self}/secrets/${name}"; - # inherit format; - # key = "lemptop"; # TODO: get actual hostname from somewhere - # }; - # }) (builtins.readDir "${inputs.self}/secrets"); # keep it out of the store + secrets = mapAttrs' (name: _: let + parts = splitString "." name; + base = head parts; + format = if length parts > 1 then elemAt parts 1 else "binary"; + in + { + name = base; + value = { + sopsFile = "${inputs.self}/secrets/${name}"; + inherit format; + key = machine.hostname; + }; + }) (builtins.readDir "${inputs.self}/secrets"); # keep it out of the store }; environment = { |