From 277779202db400ebabbb9102b9358e0d68a8ea73 Mon Sep 17 00:00:00 2001 From: foglar Date: Thu, 26 Dec 2024 15:29:36 +0100 Subject: [PATCH] sops and user in own modules --- leanix/configuration.nix | 7 ------ nixos/home/desktop/hyprland/hyprland.nix | 1 + nixos/system/packages.nix | 2 ++ .../system/packages/sops}/.sops.yaml | 0 .../packages/sops}/secrets/secrets.yaml | 0 nixos/system/packages/sops/sops.nix | 23 +++++++++++++++++++ nixos/system/settings/desktops.nix | 1 + nixos/system/settings/user.nix | 11 +++++++++ nixos/system/system.nix | 2 ++ zenith/configuration.nix | 20 +--------------- 10 files changed, 41 insertions(+), 26 deletions(-) rename {zenith => nixos/system/packages/sops}/.sops.yaml (100%) rename {zenith => nixos/system/packages/sops}/secrets/secrets.yaml (100%) create mode 100644 nixos/system/packages/sops/sops.nix create mode 100644 nixos/system/settings/user.nix diff --git a/leanix/configuration.nix b/leanix/configuration.nix index c171ca6..2b1526d 100644 --- a/leanix/configuration.nix +++ b/leanix/configuration.nix @@ -23,13 +23,6 @@ }; }; - # User configuration - users.users.${userSettings.username} = { - isNormalUser = true; - description = "${userSettings.username}"; - extraGroups = ["wheel"]; - }; - # Bootloader boot.loader.systemd-boot.enable = true; diff --git a/nixos/home/desktop/hyprland/hyprland.nix b/nixos/home/desktop/hyprland/hyprland.nix index 019a063..0b32366 100644 --- a/nixos/home/desktop/hyprland/hyprland.nix +++ b/nixos/home/desktop/hyprland/hyprland.nix @@ -38,6 +38,7 @@ services.network-manager-applet.enable = true; services.dunst.enable = true; + programs.hyprlock.enable = true; home.sessionVariables = { diff --git a/nixos/system/packages.nix b/nixos/system/packages.nix index 4e90f74..9c3fe1a 100644 --- a/nixos/system/packages.nix +++ b/nixos/system/packages.nix @@ -6,6 +6,7 @@ ./packages/tor.nix ./packages/virtual-machines.nix ./packages/yubikey.nix + ./packages/sops/sops.nix ]; program = { @@ -19,6 +20,7 @@ yubikey.enable = lib.mkDefault false; }; sys.desktop.steamdeck.enable = lib.mkDefault false; + sys.security.sops.enable = lib.mkDefault true; programs.kdeconnect.enable = lib.mkDefault true; programs.wireshark.enable = lib.mkDefault true; } diff --git a/zenith/.sops.yaml b/nixos/system/packages/sops/.sops.yaml similarity index 100% rename from zenith/.sops.yaml rename to nixos/system/packages/sops/.sops.yaml diff --git a/zenith/secrets/secrets.yaml b/nixos/system/packages/sops/secrets/secrets.yaml similarity index 100% rename from zenith/secrets/secrets.yaml rename to nixos/system/packages/sops/secrets/secrets.yaml diff --git a/nixos/system/packages/sops/sops.nix b/nixos/system/packages/sops/sops.nix new file mode 100644 index 0000000..3a52736 --- /dev/null +++ b/nixos/system/packages/sops/sops.nix @@ -0,0 +1,23 @@ +{ + lib, + config, + userSettings, + ... +}: { + options = { + sys.security.sops.enable = lib.mkEnableOption "Enable SOPS"; + }; + + config = lib.mkIf config.sys.security.sops.enable { + sops.defaultSopsFile = ./secrets/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/home/${userSettings.username}/.config/sops/age/keys.txt"; + + sops.secrets."zenith/password-hash" = { + neededForUsers = true; + }; + + users.users.${userSettings.username}.hashedPasswordFile = "${config.sops.secrets."${userSettings.hostname}/password-hash".path}"; + }; +} diff --git a/nixos/system/settings/desktops.nix b/nixos/system/settings/desktops.nix index 905fed5..f9b49a6 100644 --- a/nixos/system/settings/desktops.nix +++ b/nixos/system/settings/desktops.nix @@ -60,6 +60,7 @@ }; services.udisks2.enable = true; + services.power-profiles-daemon.enable = true; security = { polkit.enable = true; diff --git a/nixos/system/settings/user.nix b/nixos/system/settings/user.nix new file mode 100644 index 0000000..8e44583 --- /dev/null +++ b/nixos/system/settings/user.nix @@ -0,0 +1,11 @@ +{userSettings, ...}: { + # User configuration + users.users.${userSettings.username} = { + isNormalUser = true; + description = "${userSettings.username}"; + extraGroups = ["wheel"]; + #! User Hashed password is stored in SOPS + #! and is set in the module configuration + #! file ../packages/sops/sops.nix + }; +} diff --git a/nixos/system/system.nix b/nixos/system/system.nix index 51f77f7..9a99537 100644 --- a/nixos/system/system.nix +++ b/nixos/system/system.nix @@ -10,6 +10,8 @@ ./settings/loginManager.nix ./settings/style.nix ./settings/default-applications.nix + + ./settings/user.nix ]; sys = { diff --git a/zenith/configuration.nix b/zenith/configuration.nix index 7f01ce3..60a3a53 100644 --- a/zenith/configuration.nix +++ b/zenith/configuration.nix @@ -3,7 +3,6 @@ pkgs, pkgs-stable, userSettings, - config, ... }: { imports = [ @@ -17,15 +16,6 @@ nix.settings.experimental-features = ["nix-command" "flakes"]; programs.nix-ld.dev.enable = true; - sops.defaultSopsFile = ./secrets/secrets.yaml; - sops.defaultSopsFormat = "yaml"; - - sops.age.keyFile = "/home/foglar/.config/sops/age/keys.txt"; - - sops.secrets."zenith/password-hash" = { - neededForUsers = true; - }; - # Home manager home-manager = { extraSpecialArgs = {inherit inputs pkgs pkgs-stable userSettings;}; @@ -39,20 +29,12 @@ ]; }; - # User configuration - users.users.${userSettings.username} = { - isNormalUser = true; - description = "${userSettings.username}"; - extraGroups = ["wheel"]; - hashedPasswordFile = "${config.sops.secrets."zenith/password-hash".path}"; - }; - # Bootloader boot.loader.systemd-boot.enable = true; # Environment variables environment.sessionVariables = { - FLAKE = "/home/${userSettings.username}/dotfiles"; + FLAKE = "/home/${userSettings.username}/.dotfiles"; }; # System level configuration