diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..4699b55 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,8 @@ +keys: + - &luca age1qu9y0dn5a704dggwmpaaurxqrhxm0qn8czgv5phka56y48sw7u8qkyn637 + +creation_rules: + - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - age: + - *luca diff --git a/nix/flake.lock b/nix/flake.lock index b86f5c1..506d50c 100644 --- a/nix/flake.lock +++ b/nix/flake.lock @@ -76,6 +76,38 @@ "type": "github" } }, + "flake-compat_2": { + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "revCount": 57, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -97,6 +129,21 @@ "type": "github" } }, + "nix-filter": { + "locked": { + "lastModified": 1731533336, + "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=", + "owner": "numtide", + "repo": "nix-filter", + "rev": "f7653272fd234696ae94229839a99b73c9ab7de0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "nix-filter", + "type": "github" + } + }, "nixos-wsl": { "inputs": { "flake-compat": "flake-compat", @@ -156,7 +203,8 @@ "nixos-wsl": "nixos-wsl", "nixpkgs": "nixpkgs_2", "sops-nix": "sops-nix", - "status-bar": "status-bar" + "status-bar": "status-bar", + "winapps": "winapps" } }, "sops-nix": { @@ -195,6 +243,44 @@ "type": "path" }, "parent": [] + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "winapps": { + "inputs": { + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils", + "nix-filter": "nix-filter", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756049206, + "narHash": "sha256-H1CB1nXPlwDL4VNGjR2+ovBwPdXPHe3xRc20d3VkPNU=", + "owner": "winapps-org", + "repo": "winapps", + "rev": "09288b135eee8ab8ca08d6170441c4c9b3d457b7", + "type": "github" + }, + "original": { + "owner": "winapps-org", + "repo": "winapps", + "type": "github" + } } }, "root": "root", diff --git a/nix/hosts/usahara/configuration.nix b/nix/hosts/usahara/configuration.nix index 7af9808..a40d817 100644 --- a/nix/hosts/usahara/configuration.nix +++ b/nix/hosts/usahara/configuration.nix @@ -54,7 +54,10 @@ users.users.luca = { isNormalUser = true; - extraGroups = [ "wheel" ]; + extraGroups = [ + "wheel" + "docker" + ]; packages = with pkgs; [ tree ]; diff --git a/nix/modules/commonPackages.nix b/nix/modules/commonPackages.nix index 99c9385..92743f7 100644 --- a/nix/modules/commonPackages.nix +++ b/nix/modules/commonPackages.nix @@ -56,11 +56,26 @@ openssl gnupg nixd + sops + yubikey-personalization + yubikey-manager + gnupg + (pass.withExtensions (exts: with exts; [ pass-import ])) ]; programs.nix-ld.enable = lib.mkDefault true; programs.zsh.enable = lib.mkDefault true; services.openssh.enable = lib.mkDefault true; hardware.enableAllFirmware = true; + sops.defaultSopsFile = ../../secrets/sops.yaml; + sops.age.sshKeyPaths = [ "/etc/ssh/id_ed25519" ]; + sops.secrets.win_pw = { }; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + pinentryPackage = pkgs.pinentry-gtk2; + }; + services.pcscd.enable = true; + services.udev.packages = with pkgs; [ yubikey-personalization ]; programs.neovim = lib.mkDefault { enable = true; diff --git a/nix/modules/desktop.nix b/nix/modules/desktop.nix index 719091c..3194bb7 100644 --- a/nix/modules/desktop.nix +++ b/nix/modules/desktop.nix @@ -50,7 +50,16 @@ htop lm_sensors fanctl + libnotify ]; + boot.kernelModules = [ + "iptables" + "iptable_nat" + ]; + virtualisation.docker = { + enable = true; + rootless.enable = true; + }; programs.hyprland = { enable = true; withUWSM = true; diff --git a/secrets/sops.yaml b/secrets/sops.yaml new file mode 100644 index 0000000..c1e39a9 --- /dev/null +++ b/secrets/sops.yaml @@ -0,0 +1,16 @@ +win_pw: ENC[AES256_GCM,data:TGsPs+6wFQ==,iv:7KTF9YuPGDRJE3zcZgt6WJVIKEOp1DkOckP6QY4c9Rk=,tag:kVzkKEuSoP3vEakQT46/aQ==,type:str] +sops: + age: + - recipient: age1qu9y0dn5a704dggwmpaaurxqrhxm0qn8czgv5phka56y48sw7u8qkyn637 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBReVNmSm82KzF1dHYrWlRj + ZnRLMU4yK2ZBQ0huRmNPL3NZV05lWXBaVG1vCm5vcFJOQ3hUeUMzUTI2TDd2TUJq + NGdVbEtncTdWczVjWWxWNFh2Z3g4Q28KLS0tIFBkUnlTdEZNZkszQi9yQTg5K0hl + RmQzN1Y2SUVlT1pGYXV0SW1vb0dHNDgKWchy7XFkxpGuhly4ZefRFZc6+oqcWJzI + HJqnVLiGI6jSKOXT7WV1d+g0Qt4zHGe9tquHxi4BNdxu81lNPVE3iQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-08-26T05:15:00Z" + mac: ENC[AES256_GCM,data:670OWObSti3BN4AigbDcRvwud/JH/lUzQeWnUXgaST//FIfX6fY293AN0GJ2+3+C+K4Jd80QYh0DThaagMeTBw9/uJTQ10sER7MeknlWzOxmBEBl0fbvHn/t5v6H1yZ4XtcNV8p3RSiSC93k3z2tI4ERLsDzqBGyzkHXZGww4hc=,iv:oq4DxQWzPb80XiCD2WYaRDkqHNeBNUDiKWEMzQSDD/w=,tag:jT3JFUcC8DmHCh4Y6L++Vg==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2