foglar/nixos-config
foglar/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sops update and ssh fix

Browse Source
This commit is contained in:
foglar 2024-12-27 16:14:08 +01:00
parent 047d4fb2f4
commit 42789692ad
9 changed files with 61 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
TODO.md
View File

@ -7,18 +7,26 @@
- [x] cliphist manager fix - [x] cliphist manager fix
- [x] stylix theming to each module - [x] stylix theming to each module
- [x] rofi theme and other themes, where are colors setup declaratively - [x] rofi theme and other themes, where are colors setup declaratively
- [ ] enabling nvidia graphics and disabling it - [x] enabling nvidia graphics and disabling it
- [ ] modularity connected via configuration.nix file with home manager (disable gnome, gnome configuration will be disabled too) - [x] add zsh to my config
- [x] custom if else statements - [x] custom if else statements
- [x] move sops
- [x] figure out yubico authentication
- [x] options for YUBIKEY to make more sense and control
- [x] power profiles solution in waybar
- [x] auto-cpufreq
- [ ] modularity connected via configuration.nix file with home manager (disable gnome, gnome configuration will be disabled too)
- [ ] neovim - [ ] neovim
- [ ] librewolf and firefox fix - [ ] librewolf and firefox fix
- [ ] fix kde theme in stylix
- [x] move sops
- [ ] figure out yubico authentication
- [ ] graph of my system structure - [ ] graph of my system structure
- [x] add zsh to my config
- [ ] ?tryout starship?
- [ ] cleanup hyprland subtools (rofi, hyprlock, waybar) - [ ] cleanup hyprland subtools (rofi, hyprlock, waybar)
- [ ] auto-cpufreq
- [ ] modularize hyprland config into multiple files - [ ] modularize hyprland config into multiple files
- [ ] consider moving nh config helper into module - [ ] consider moving nh config helper into module
- [ ] make static background folder and figure out how to simply manage backgrounds across my devices
- [ ] NVIDIA options
- [ ] fix plasma manager and extend gnome configuration
- [ ] merge shell aliases
- [ ] update my home page and create new web
- [ ] fix kde theme in stylix
- [ ] ?tryout starship?

5
ginoza/configuration.nix
View File

@ -62,6 +62,11 @@
tor.enable = false; tor.enable = false;
virt-manager.enable = false; virt-manager.enable = false;
virtualbox.enable = false; virtualbox.enable = false;
yubikey = {
enable = false;
lock-on-remove = false;
notify = false;
};
}; };
# Basic programs to enable # Basic programs to enable

13
kogami/configuration.nix
View File

@ -66,7 +66,11 @@
tor.enable = true; tor.enable = true;
virt-manager.enable = true; virt-manager.enable = true;
virtualbox.enable = false; virtualbox.enable = false;
yubikey.enable = true; yubikey = {
enable = true;
lock-on-remove = false;
notify = true;
};
}; };
# Basic programs to enable # Basic programs to enable
@ -74,6 +78,13 @@
programs.wireshark.enable = true; programs.wireshark.enable = true;
programs.auto-cpufreq.enable = true; programs.auto-cpufreq.enable = true;
programs.ssh.extraConfig = ''
Host masaoka
HostName 192.168.8.140
User foglar
IdentityFile ~/.ssh/id_masaoka
'';
#services.twingate.enable = true; #services.twingate.enable = true;
# Allow unfree packages # Allow unfree packages

5
kogami/home.nix
View File

@ -1,7 +1,4 @@
{ {userSettings, ...}: {
userSettings,
...
}: {
# Home manager configuration # Home manager configuration
home.username = "${userSettings.username}"; home.username = "${userSettings.username}";
home.homeDirectory = "/home/${userSettings.username}"; home.homeDirectory = "/home/${userSettings.username}";

2
nixos/home/packages/tools/shell.nix
View File

@ -27,7 +27,7 @@
respawn = "clear; ${pkgs.pfetch}/bin/pfetch"; respawn = "clear; ${pkgs.pfetch}/bin/pfetch";
mkdir = "mkdir -p"; mkdir = "mkdir -p";
cat = "${pkgs.bat}/bin/bat --style plain"; cat = "${pkgs.bat}/bin/bat --style plain";
rasp = "s foglar@192.168.8.140"; rasp = "s masaoka";
hist = "history | awk '{for (i=2; i<=NF; i++) printf \$i\" \"; print \"\"}' | fzf | wl-copy"; hist = "history | awk '{for (i=2; i<=NF; i++) printf \$i\" \"; print \"\"}' | fzf | wl-copy";
cdx = "${pkgs.zoxide}/bin/zoxide query --interactive"; cdx = "${pkgs.zoxide}/bin/zoxide query --interactive";

11
nixos/system/packages.nix
View File

@ -1,7 +1,4 @@
{ {lib, ...}: {
lib,
...
}: {
imports = [ imports = [
./packages/docker.nix ./packages/docker.nix
./packages/podman.nix ./packages/podman.nix
@ -20,7 +17,11 @@
tor.enable = lib.mkDefault true; tor.enable = lib.mkDefault true;
virt-manager.enable = lib.mkDefault true; virt-manager.enable = lib.mkDefault true;
virtualbox.enable = lib.mkDefault true; virtualbox.enable = lib.mkDefault true;
yubikey.enable = lib.mkDefault false; yubikey = {
enable = lib.mkDefault false;
lock-on-remove = lib.mkDefault false;
notify = lib.mkDefault false;
};
}; };
sys.desktop.steamdeck.enable = lib.mkDefault false; sys.desktop.steamdeck.enable = lib.mkDefault false;
sys.security.sops.enable = lib.mkDefault true; sys.security.sops.enable = lib.mkDefault true;

6
nixos/system/packages/sops/secrets/secrets.yaml
View File

@ -3,6 +3,8 @@ kogami:
ginoza: ginoza:
password-hash: ENC[AES256_GCM,data:xqE0y3Z7+kasYFQLn4Wuo+/c9L8BEakf2HKgN5BsttC2iDuzYSvXrP8K6pe5Skdi5Aq0MVz9LixJFM3PBgLORL1C6k0iDSardw==,iv:bKL40h0rGNmnnkA7EieKAD5KyENXOiTNsTVH1V0B7HU=,tag:c1MsRuiOK/j2b0iKOyO8FQ==,type:str] password-hash: ENC[AES256_GCM,data:xqE0y3Z7+kasYFQLn4Wuo+/c9L8BEakf2HKgN5BsttC2iDuzYSvXrP8K6pe5Skdi5Aq0MVz9LixJFM3PBgLORL1C6k0iDSardw==,iv:bKL40h0rGNmnnkA7EieKAD5KyENXOiTNsTVH1V0B7HU=,tag:c1MsRuiOK/j2b0iKOyO8FQ==,type:str]
yubikey_id: ENC[AES256_GCM,data:ZyamX5gxoW4=,iv:4tW7muk6AaJf9VmXmFd6Ut63U27fFD8QgYSBx3RgOfw=,tag:IFlSiOffMyc33Rw1gxwCPA==,type:int] yubikey_id: ENC[AES256_GCM,data:ZyamX5gxoW4=,iv:4tW7muk6AaJf9VmXmFd6Ut63U27fFD8QgYSBx3RgOfw=,tag:IFlSiOffMyc33Rw1gxwCPA==,type:int]
ssh_keys:
masaoka: ENC[AES256_GCM,data:VNR1euaaG0wfDvuSbwqga86QC/yir/GJ1sZLT6mzu3DxrxjexXbXP0nO79+l7FRQENZEU/e/wZ+V8Pb+9Tw/whDOVYM3EgAgsuialdc7LAkaaGyRe47+PpPaN7n/O6pPBRGSApDVf0xsw1R95pmL2jsM7nzs6WiiC+yG5FM2VdSxkxVJPkABmQpMzjoMyuB6QlQGCU+Q/+cuOL/7tsW6JFyKu8snTXyQg3EKomR07ZpxcE8whbEfmxdZbiNFitNmsnaRLGqkyd9iVHfW5PlvfU9s0C0CWZPTw23okCpGjaUwnbHcKVWlb6b1qbQRRoHwqFIArqC44COY6zT50rPsbwjLvU0gozBMCRYmZtZtMFQ50NYn2mfEU/6ZTWS67EmjYHwyR6mxTM9TeLpgsYWIqewB1te87y1q5+/EFHUAba3iINx/P/yJUUVUS9B85eosMgQsn4sn+3iMq7aZbNQeDOLU78xwFZpxHYK8MXVSLZf0dwQHyyFAHPtfHSXKJc3sWqMOeRuB8L3Xdn+k2cJAOfHZb4AidYYdie37oFXaVjLyCBgtvZzVFGUTameByD46TU82kFDzgNxKBzBNpNK5xM6l1eyE1Xm6t1bH69RiWF5Hn2i2UQj2vm3ScTlHdOymLy/DRBpg9BuhkkxA6FoaM0Iw0c0EInvcj2HdBR8FhoknktwBZDU/+zWj4vEkEnvvDyBJ0UH4QkgMDast6f+STqdURGCJAB/rBJcbmvJTsDa7,iv:wI2fH8hCBopVz3rWXj8el0Uof3DeL0lkezqE6MeMJ/k=,tag:uKDGStJ96RRqxX1wdIzgaQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -18,8 +20,8 @@ sops:
T0cxV21SN0hJaFg3R3hpTjIxa3lJNVEKdIrR5XDHxpCojk2A1pxc4dYtSJRrObbY T0cxV21SN0hJaFg3R3hpTjIxa3lJNVEKdIrR5XDHxpCojk2A1pxc4dYtSJRrObbY
JS/nDgu74LugEchiOhuIJ7nh3MS5XBOmmt2GTHrqxZEZFoIykjIGug== JS/nDgu74LugEchiOhuIJ7nh3MS5XBOmmt2GTHrqxZEZFoIykjIGug==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-26T19:06:52Z" lastmodified: "2024-12-27T12:09:56Z"
mac: ENC[AES256_GCM,data:1n5O72DFe6dgvEfE6ZOAP1JR4TFZQAWeDYU/NLtisjoVliREcVmaZEM3vxDnrLueLFdNZ0jxu9fEjG0cnwUDkJNIeFyj8mhzY3bIC5LiSVriKPLGiJW3fMBsK6btJTa8OJ7xJsFIKgXpVHAgOit9ZBT24VnLZ9zFgWk84whR1eE=,iv:RaKCWl5zfKsD0502WVRv8Vx2+jGz3J7yhRkSzb/RFPM=,tag:JT2sKaoK7SCKCk1nWrHZMQ==,type:str] mac: ENC[AES256_GCM,data:AFNKn5oyHEwxKkLHh67le/02QaBitPipF1+BzvYdxQgHjTm5JCGn1yZZHmNDMIRAVTSECubWh1fvBiCVbkTSIGnYjXEb/Kw3732E+Cb4RYAPQRVkdJeg9h1ZwmdGUGajjZwCtnuuUl65ZMpW7njVHT0M+y91nWAQJ4CAbrAfAbw=,iv:2wmu+hBG3azJT+wrvlZPpdfqaEAbBCeDM0ncgfvhzOg=,tag:5PVBh6a/bsLV9YsXnPO5aw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.2 version: 3.9.2

9
nixos/system/packages/sops/sops.nix
View File

@ -18,6 +18,15 @@
neededForUsers = true; neededForUsers = true;
}; };
# SSH private keys
sops.secrets = {
"ssh_keys/masaoka" = {
path = "/home/${userSettings.username}/.ssh/id_masaoka";
owner = userSettings.username;
group = "users";
};
};
users.users.${userSettings.username}.hashedPasswordFile = "${config.sops.secrets."${userSettings.hostname}/password-hash".path}"; users.users.${userSettings.username}.hashedPasswordFile = "${config.sops.secrets."${userSettings.hostname}/password-hash".path}";
security.pam.yubico.id = security.pam.yubico.id =
[] []

9
nixos/system/packages/yubikey.nix
View File

@ -7,9 +7,8 @@
options = { options = {
program.yubikey = { program.yubikey = {
enable = lib.mkEnableOption "Enable YubiKey authentication"; enable = lib.mkEnableOption "Enable YubiKey authentication";
};
program.yubikey = {
lock-on-remove = lib.mkEnableOption "Lock the session when the YubiKey is removed"; lock-on-remove = lib.mkEnableOption "Lock the session when the YubiKey is removed";
notify = lib.mkEnableOption "Notify when the YubiKey is touched";
}; };
}; };
@ -47,6 +46,12 @@
enableSSHSupport = true; enableSSHSupport = true;
}; };
}) })
(lib.mkIf config.program.yubikey.notify {
programs.yubikey-touch-detector = {
enable = true;
libnotify = true;
};
})
(lib.mkIf config.program.yubikey.lock-on-remove { (lib.mkIf config.program.yubikey.lock-on-remove {
services.udev.extraRules = '' services.udev.extraRules = ''
ACTION=="remove",\ ACTION=="remove",\