Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Kabbone:501f70f7301c66bd80187e0f7c60ad5cd8c29918
Branches Tags
Kabbone:main
Kabbone:dev
Kabbone:refactor
..
compare: Kabbone:015f316640f5fc1b7bca25bc0e577e38588fe311
Branches Tags
Kabbone:main
Kabbone:dev
Kabbone:refactor

No commits in common. "501f70f7301c66bd80187e0f7c60ad5cd8c29918" and "015f316640f5fc1b7bca25bc0e577e38588fe311" have entirely different histories.
501f70f730 ... 015f316640

22 changed files with 52 additions and 98 deletions
Show Stats Expand all files Collapse all files

2
hosts/configuration_desktop.nix
View File

@ -150,7 +150,7 @@
}; };
pcscd.enable = true; pcscd.enable = true;
yubikey-agent.enable = true; yubikey-agent.enable = true;
udev.packages = [ pkgs.yubikey-personalization pkgs.nitrokey-udev-rules ]; udev.packages = [ pkgs.yubikey-personalization ];
#flatpak.enable = true; # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up #flatpak.enable = true; # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up
# sudo flatpak uninstall --delete-data <app-id> (> flatpak list --app) - flatpak uninstall --unused # sudo flatpak uninstall --delete-data <app-id> (> flatpak list --app) - flatpak uninstall --unused
# List: # List:

6
hosts/desktop/default.nix
View File

@ -44,9 +44,9 @@
# enable = false; # enable = false;
# extraBackends = [ pkgs.sane-airscan ]; # extraBackends = [ pkgs.sane-airscan ];
# }; # };
# hardware = { hardware = {
# nitrokey.enable = true; nitrokey.enable = true;
# }; };
# environment = { # environment = {
# systemPackages = with pkgs; [ # systemPackages = with pkgs; [

10
modules/hardware/remoteBuilder.nix
View File

@ -1,4 +1,4 @@
{ pkgs, config, ... }: { pkgs, ... }:
{ {
users.users.nixremote = { # System User users.users.nixremote = { # System User
@ -11,15 +11,7 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILczsj4W1kFQaalFwaY+RJ4LEzNeFKD+itXB40Q2O59M nixremote@hades" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILczsj4W1kFQaalFwaY+RJ4LEzNeFKD+itXB40Q2O59M nixremote@hades"
]; ];
}; };
nix.settings.trusted-users = [ nix.settings.trusted-users = [
"nixremote" "nixremote"
]; ];
services.nix-serve.secretKeyFile = config.age.secrets."keys/nixservepriv".path;
age.secrets."keys/nixservepriv" = {
file = ../../secrets/keys/nixservepriv.age;
owner = "nixremote";
};
} }

8
modules/hardware/remoteClient.nix
View File

@ -15,14 +15,6 @@
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUVnbld5UVVVYSt2Y0hBS3g2ZWRiVGdxVzhwaCtNQ2lTNmZVd1lqWWNTK28gcm9vdEBoYWRlcwo=%"; publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUVnbld5UVVVYSt2Y0hBS3g2ZWRiVGdxVzhwaCtNQ2lTNmZVd1lqWWNTK28gcm9vdEBoYWRlcwo=%";
protocol = "ssh-ng"; protocol = "ssh-ng";
} ]; } ];
settings = {
trusted-public-keys = [
"hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII="
];
substituters = [
"ssh-ng://hades"
];
};
}; };
age.secrets."keys/nixremote" = { age.secrets."keys/nixremote" = {

8
modules/shell/zsh.nix
View File

@ -27,10 +27,10 @@
''; '';
initExtra = '' # Zsh theme initExtra = '' # Zsh theme
export GPG_TTY=$(tty) #export GPG_TTY=$(tty)
gpg-connect-agent updatestartuptty /bye >/dev/null #gpg-connect-agent updatestartuptty /bye >/dev/null
unset SSH_AGENT_PID #unset SSH_AGENT_PID
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh" #export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
# Spaceship # Spaceship
source ${pkgs.spaceship-prompt}/share/zsh/site-functions/prompt_spaceship_setup source ${pkgs.spaceship-prompt}/share/zsh/site-functions/prompt_spaceship_setup
autoload -U promptinit; promptinit autoload -U promptinit; promptinit

BIN
secrets/keys/nixremote.age
View File

Binary file not shown.

27
secrets/keys/nixservepriv.age
View File

@ -1,27 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 Xp6AuQ 6zWeAuAxt6YI5JdPep5QqfWfTRWJi3T49vb75URi8SY
IjcXC5MKPYGErpGhpeHMcgaugrVHyFg3z6TN0vhvGH8
-> ssh-rsa VtjGpQ
Ii3fw9b5i1T5fJL+3PXczo5EW1iE/Jp/pEQ8qpCUc+9dX6n/x6uz8IblSVYWNQnc
0TPAmvZlXN9zAL9yL9fIsZDK0ZF9GoSlHVYt+OM+NMeNBqqkpue8jgSLd6RFO5vH
ReSO605+latKouNHS/g4qg0XPE5AZrRRGL/UFRS890ZrMFvQfyB5NARrWrtl6O9C
jugBjgVXRJvp62Ky1qfTYHSSs9C7Ckxl84DlMHfVMx4i00VA7JA8dg2wUJE00VZW
LmYNQ0EOfO+BBeBrY1rFg+phBmnpZKGoIV1GVio0dA5cOAVYslSwin+jeGAvsqz7
+7rJtSx/4IlRFfAy47jrT6tIaBW04iVAJN3UXqKcIR4ULUUL5295jNHzgUzzcBCC
q52pzFsT3VcTvzOfcHBMxkHIeWXznqWe06qrtPnzz2PknBJ4VSlw6kObX25VZqn6
tsKFB7qXON9zKH5iB80N1KkG7fc+8geMJP8ZG3rk/49Bj4gczVwUuMDaGKqAZ0rH
hGYTuQPxE0xS38maxMl+KH3hwYACJYWhpLqSEDFmNFhmK2QgMeCryZGn8+j+qmr6
TTuSFym1cSnlhA9e8B3WmLqoibkOl17N0dj6D/nUPdZQ9BHujDPnt9Ghjm1Y9Jg1
yE4Fk6Jg8aS3+pwQMOLgEY9x3jTWdouco4Kgy+f7yoM
-> piv-p256 grR75w A/5q4DtKLFiSs1sURKgDw9rnUetNPyjIKefB/VZN9tcD
xsd3JeqDR8GiH/dBe/zkobnhCQFZ5vxuRVf+fgWavt4
-> piv-p256 RQguQQ Au3E8BcyQy9WvSwo89K/y1mQNu1YR+aXa/om3rYzyYoe
ka0MIRZiyEwhEGlF4dRUyU/lUkz1yJLzi4gla+6T6i4
-> 93`-grease uYKu~(\x b ,k k`N
eu7veI1qvOSizB6N8yf4G4YK1qwo8R4+j/JZrKK9EGndICKyJ0r7VX4jzfZuxPfz
EIUoI5j1Ze6JGz4Sveq2+TARFXFjOiVyhNR0JXBJ60TEtjj7sddZgEluuJSQqODv
--- JbSd2VGwQKDJil/9g4vfQonVymxogwnOeKY6I/55RfE
ÈNx¡¤GÛ5_<EFBFBD>ùFÆ!§˜kFÍ×·Óá
QÿV(í¦ƒ‰nù[ñthI®Ä'% Î<>œÞÔoSQÑë†]ô±D<02>D'Zâ᯹/i1éø./'<27>¹ámžüˆ
lÖÚ¾mY|”fÙ†OÃé݃šÎèq?̬¾“°Ãa¶äò€SCÿt^†™Ó•

4
secrets/secrets.nix
View File

@ -38,9 +38,6 @@ let
jupiter jupiter
steamdeck steamdeck
]; ];
buildServer = [
hades
];
in in
{ {
"services/postgresql/initScript.age".publicKeys = servers ++ users; "services/postgresql/initScript.age".publicKeys = servers ++ users;
@ -58,5 +55,4 @@ in
"services/gitea/mailerPassword.age".publicKeys = servers ++ users; "services/gitea/mailerPassword.age".publicKeys = servers ++ users;
"services/woodpecker/environment.age".publicKeys = servers ++ users; "services/woodpecker/environment.age".publicKeys = servers ++ users;
"keys/nixremote.age".publicKeys = buildClients ++ users; "keys/nixremote.age".publicKeys = buildClients ++ users;
"keys/nixservepriv.age".publicKeys = buildServer ++ users;
} }

BIN
secrets/services/coturn/static-auth.age
View File

Binary file not shown.

BIN
secrets/services/gitea/databasePassword.age
View File

Binary file not shown.

BIN
secrets/services/gitea/mailerPassword.age
View File

Binary file not shown.

BIN
secrets/services/matrix/mautrix-signal.age
View File

Binary file not shown.

BIN
secrets/services/matrix/mautrix-telegram.age
View File

Binary file not shown.

BIN
secrets/services/matrix/mautrix-whatsapp.age
View File

Binary file not shown.

BIN
secrets/services/matrix/signal-registration.age
View File

Binary file not shown.

BIN
secrets/services/matrix/synapse.age
View File

Binary file not shown.

BIN
secrets/services/matrix/telegram-registration.age
View File

Binary file not shown.

BIN
secrets/services/matrix/whatsapp-registration.age
View File

Binary file not shown.

43
secrets/services/nextcloud/adminpassFile.age
View File

@ -1,23 +1,24 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ WtmJzAU0LpM3+meYwlydkBJ9+GEOrT3aD2fKZuTIdWI -> ssh-ed25519 neExcQ uxF7XBZs30Y7MnsPqgqZK8U0RypsU3ZSkEGPs3z6MWo
5Bt3tu+IF3646Vp3No5vOqCJfqpTL1SO2AUNLSAeapc U38OQUsd4+JAhSoNlm8Bq4vYjLIlxbtEPRNryTId7qw
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
F/OrwpSkP/jCHEmodbTFC8KCklgjl8CJ8R2xbtdEofrs24vf8s5ELRvj3fwNb2B8 WX552pdtAV7QTsG5PP1r+EPsao0Q+sBUFOVsGCI2zLQJM5m8UGjIJqsNu3xQMsbL
qv3h5ZV09Xe/eifPYyE63/U7bUqnZ/ub+CNv3A24Jn1VSiXRxok9MLFaNfmrLxNO f67taemm3FVuSlfZ4+O0NP2T16FH6lVF5gLidCTyvvY1r1LJ3bUKrkvgVsdH4TYZ
72hKvKQmg8DSEoxLnYwM5dPBxC8X2Q+yJ8o/9yGWpRBpSxLA9NESvllen37cJ3PS 5rCYggrAIQP7TEjs+/QsSdN079vxmmGAYKJXfcYVSF34CS0ZX+0MxW9n58E16aHP
5bcIPVm32xVHWbJ9WRqOOwZRLQCJvuNUFoYQgWxc1CYhbSSlGi8wPhV5tn+TEfyS ByNMm3K4uCnhvy8lX21/kZvlIIHtTfrjpY4pKET5vrpqYvNi5S9FH0fG1F7UmRmq
KnfuhAUUhOmx9a/GjBJQLn5xJyYrghAg2pfVcog9wsJzozeU+FnkwEjlg51lS0o2 +qNYX2MSoOK0IkxMbG8dsbYRBDITqgpdqGaT8b2yPdyOlUNu2P/Ao892hRiRdGqU
WkfyYVASJFylKbFLyLx8datN9UA4H8QDAqyCfuKWHOLZVxctl0ebxSf/1HN0zi0i bplIotAPid63+6rfX6pRw+zx/7QATDp+AZsBw+KHjpboF6smRcohH+BKVatr5sxC
jNY312WQ8vxAp1qU29FznHch0+lVsIO405ZQVA/hUV3evG3GsM6oprQALRaVLNi5 6fNQIkZZ0AGkXvfP4cbBX2JK/WxM37VUhsuXnLgamRu9dsZtfLxMNxuL5EBYhPM1
DCZb2JbJTZS5RUVOsickdM3Nrn6Ney5e7N1oup/QIZBYrx3tamgrrH93SIsSCXh8 3VSzpzR3dKuxXZA9VllxJOVaMWl2mOFlAlJsXMcM2AkxTPUdHym7RntiWhz3UQ1H
MTJCUclQVWZTVmtDqIC0Qqig6dK8mIoMCYKWk23sduDS8/O7SsynmPbtygoI0bIK /tp/LddV6DqSVff0Q3qopZVuocQm1YDl6omFxfrGhoY7vxmGZrGZ79SC+TXmKKxn
QVE+ktNbbD8ow4yBms/gGWJz0brM95TDoXsE5me6lbkhkRZwdYnJJP074cbZmOQi uxzM2s+uAzrmeZcPV4h6FrOMPMtIypUnXqUKMdtJXHlP7dw2DynxOeidAM5XHVGD
IpEt1H7vLxvQH/ucqlVTinSIyg9IS2Cws/FLKSmOY6g LUKZyeL/U1PFAWxhxJhbZqGWK22oT94DQGl2wYDR7WU
-> piv-p256 grR75w Ar7XlPFZhFXD7EGVV1qpgatYzXtxv+iW4K7j+j51A4Ff -> piv-p256 grR75w AjdWi5E2CDMoTeXhua6CDa1T69jZYCZtDVzYqIip8SPG
BgL570FWX3jzf1IMQtETYbdy6GSipYv7nFugSO8OypM VxA4E27nD9omkx33BcdnC7CFUIKjYJhYcn3+ZhXoYgc
-> piv-p256 RQguQQ AxSpkZbv//1jfTX6M2IlSpLJTmmdkzUOBAvC3RjGIfWr -> piv-p256 RQguQQ A66b5yIOS6X1KpBwwSIt6/0kscRCijqp7C5OdZzyVFC0
qJrDWnxNsrdgJ5WEIEjUAxZavktd6OB14d75fAARC/c G3EuJyFbhulryG3e5mtdjcYH8rRWOezcItF9Cy+IL+s
-> ;2:g1-grease ^fnN2 ^dvdl ]6Q^` -> V-grease !w
oBULpqmsbh+nnxtU7v1Iqj9RSLvwVgGau5ZHTN0daUOqcMLOHJ1L4FNUqLS8Gq8s
--- iHDyRW0hc6S1eq54cBN1MrDJEKzVKl9PEMtw+v1kIgI yABHEWs+qsE6mfRikZEkVfVxRhHT/sfBuEDAmE7Y+W273SA
ŰCĆ®Ť_;hÁ0‡•@”.Bđdđˇ"żű<C5BC>bt}S'V F•3Ďt --- XeiNeiAn+Szcr8/NGWxhBJ7HUU5lWPdcKBo4+7/hTqY
モセ<EFBFBD>M<EFBFBD>#ミ澀lァ U43Bl /<2F><6i9Srマ88<38>

42
secrets/services/nextcloud/dbpassFile.age
View File

@ -1,23 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ eRTtVIiKoO9AZQ9yRD4q9T/lVGSbdfS6ZgA51Ml6qXc -> ssh-ed25519 neExcQ QSnzAUi67z3/qQsAHp9fPxbuFDv6aZCG1z7tYlTCcBI
w4f14e0CznYvbSUV9wH9WE4we2ZaThM1PwFrcG+6HkE Yqcvkenx+0FsPJaKbIL3kMrXhelekH5PndA8QUVofR4
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
mZxOedvPF5L7aw7JjqAAUNfvjcHrl6w/75qkOgCXzcZh3EzcG+IuIUE8kYwBt/I/ S8z2t5QES+GiaY+aC09IpA4gyQddLLa8kY6zG9Yda9TECTAYkND05QwA+QwAS/QF
GxCb3/97fPt1sJfvosytyD0tlv2+Jw+N+PHHroYaoWEGnYbG1YFDuvnRu4viJXyi O6cr4/jXaAFddz1PtGrVX6eL1nZKZHweSt9zmH7zjnKmtJN9ltPyzrmt7TYAkm1J
1DEVT50mn9SrBW3fKGRqajoSkeCMCn6QmVC07/ULB5GnxU2Pn8LspgV7CLOuCPOK Shw4O6PNGggRpsHx8YGnUZZzAhVKY9GmGR/dYg67uDEoPqcRJLCInRoDV42Pgsx9
PtBYJFOmP/HqgX6YNo3hQ2YzQMeqXepRhD/ph/o53j5FdVBznR1LCcjKm7/XyyCp G0z+qJkzOn6WH/pQHHSWklJlLe3co7dKE0IFu81UMV60XyDxYhdSWCHQroLNrEM+
VLp+J+7tjlIDoby/3OoDTEs5hq0+TXa/GbR4Lka80YJOeHcmR/YTD4ZZTo+Ia1cV aBD7CruvgfyXRvDcdlCQMHMz/9jbvPRQ1tYrooN8dnrHM7Eht8M45Q1/zn6YkEgw
/DZU08WqvF22Cl3hIpeEH6pzmsQOrMhuKrAOHb0pZV5WdToL9BAHqMljSdVWRnjs TmoRlD1ymoAh6Taxxb2CEcFar8mQPGlxDI7b8/QN6dyTDaJevt+fCpUc10AAAQEs
6w1eLs1zaFTMuW0p+1oWsENrnP3ZrmTZFgBt2Mh6caz8J8gIcVnwoHiNnb7YqHL+ 5aV86DUX4fYZDTP2JUmGmd026nLfWLxstoAOThmOSAvcS+dFEmUaHCTYq9vyfbds
3eljflFx0RFuZT0ElRChleex4CpVaYMyJK4A48w7ZCyozZU5Bw3zB75zBhC175RU /blAV6Nco9th23YWlEUlJSzcjtUX8fhBZqCm8RIOWsFeIuK+xzfqJ+HX3KERyZ4s
mk+nYdgZk9N3RaGq1LPmvQyT+MlPm7mNm8i890waKAt5/aHRJWm93rR8U6pdDvoo 5a1oXVEXJ0J2fzAMPwK1/fXFGezuIE+J4ck0mlPAGKdsqEK2I1PmzhG91/2k9pVV
m/Tvy2GUsijPKf0aslQbythORklVbd8oCdAEriVytTvMBgVVFILELZgfkC1Xshus 6QtUQ5weOC4lppaB72ClYnWjslPlnkmLO2y5QlHQGRPIpKPrl8BEa/e1QssPuvoH
fOshVaW6SzzjFo05bMag+Jy0xvssNsAtYXASNpppU1Y vMkhjERtrcolB41YPmTQ5yAARbDUEXfX4DegCNAGBVY
-> piv-p256 grR75w AplHuSHuZrF5Css3ni2ERR1BzgwXyRJvx6IYTfGlyqwN -> piv-p256 grR75w AnIgXEWvwFlTTBSbhr6JgitRNbxbD8KgVY3pIECu/OV/
cSdgdziCAqF0g+md3SccEYdXr2ToWjkgFsgELD1+9ok su+kmQmrHfE6oDDLb66mSqyhOfdaQ9sdCFCMQN+PT/Y
-> piv-p256 RQguQQ ArMD6UvO+SpTynXaYhu0/R3wv9vr+H9ItjJ6745tCldl -> piv-p256 RQguQQ AiQNSkHb9OUEjyzsixyr8bcL2BldWZqhBHArs8V4MW/m
V1+uCejnDgUA6Nul0Ep6p9ZfmxTWxPQI+FCAXpjvDoQ Q6M/F9EnaQvw7U37gw74WEWKz8zTum6ItzRkWYJibrs
-> )-grease -> 2#!RA#-grease ; <K &L M%?]C=k
GkM9VaOPQsWVdWXolVrlPay6CQ VDGyfy7y8i12A2hs8fSKKIs
--- 73KeTR/c+AeTO+DQo7gjDD0QIen4hYCcnPG6b3hlUQg --- tY/xBbBKiJ07CvmaqLL4twwTHLB3kDKk4aE5O/qdAQI
WťšuµeKpç”éŽ>•f©·ŐâĺÇMŇ iAŤZ”ŐŁ/ľ:…â·Ď«Axm2¶ Ňś)˛©S…B Òžj #˜IF:r<72>%ðt?­í¬és<{^¬³ã6Ì­ÃÚëØŒ ÈaQñeÏÜý}×´N”

BIN
secrets/services/postgresql/initScript.age
View File

Binary file not shown.

BIN
secrets/services/woodpecker/environment.age
View File

Binary file not shown.