diff --git a/.git-age.yaml b/.git-age.yaml index 1ed230cddb2e4fc0c3979b5e34dd45a006e3fa9a..36c769fd90e28f28c855e7abd135a5c3d27da87a 100644 --- a/.git-age.yaml +++ b/.git-age.yaml @@ -1,3 +1,7 @@ +apps/gui/firefox/work.nix: + - age105cm5awxxegyrqthh4vhnxzr0tdy86q8uq52wkkjacfkutp2vprqwseak7 +machines/common/cifs.nix: + - age105cm5awxxegyrqthh4vhnxzr0tdy86q8uq52wkkjacfkutp2vprqwseak7 machines/dragonwell/dex.nix: - age105cm5awxxegyrqthh4vhnxzr0tdy86q8uq52wkkjacfkutp2vprqwseak7 machines/dragonwell/tandoor.nix: diff --git a/.gitattributes b/.gitattributes index c835046eef15d7f0ad36fcd0466be024cd56cfe3..ff02440df104657da34644e4225841b4b12904af 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,4 +1,6 @@ # Age +apps/gui/firefox/work.nix filter=git-age diff=git-age +machines/common/cifs.nix filter=git-age diff=git-age machines/dragonwell/dex.nix filter=git-age diff=git-age machines/dragonwell/vikunja.nix filter=git-age diff=git-age machines/dragonwell/tandoor.nix filter=git-age diff=git-age diff --git a/apps/gui/firefox/work.nix b/apps/gui/firefox/work.nix new file mode 100644 index 0000000000000000000000000000000000000000..fc2c87127ddde3b2d81e309551aecd503287ae84 Binary files /dev/null and b/apps/gui/firefox/work.nix differ diff --git a/apps/gui/tiny.nix b/apps/gui/tiny.nix index e6113b5ea642ba7ade00ddea7c35f94e2b57c59a..4abf7285e9c6e01f30aa7c6d6a48e8ae260719e7 100644 --- a/apps/gui/tiny.nix +++ b/apps/gui/tiny.nix @@ -1,4 +1,4 @@ -{config, ...}: { +{ programs.tiny = { enable = true; settings = { @@ -14,7 +14,7 @@ join = ["#gitea" "#gitea-devel"]; sasl = { username = "jolheiser"; password = { - command = "cat ${config.age.secrets.irc-pw.path}"; + command = "cat /run/agenix/irc-pw"; }; }; } diff --git a/apps/nogui/default.nix b/apps/nogui/default.nix index 577b92009a60224469547f1618489331482b9d49..a9d66d88a4471af18fac50c87c20c7db9739f37d 100644 --- a/apps/nogui/default.nix +++ b/apps/nogui/default.nix @@ -62,7 +62,7 @@ xdg.configFile."gist/config.yaml".text = '' username: jolheiser imports = [ -{ + imports = [ domain: gist.jojodev.com ''; diff --git a/apps/nogui/git.nix b/apps/nogui/git.nix index 1778e592fd110fb31bc0bfd99182eb41116d7d27..d0f0bf6b58d103943e6b0cb839078b6f2623250f 100644 --- a/apps/nogui/git.nix +++ b/apps/nogui/git.nix @@ -65,7 +65,7 @@ }; includes = [ { }; - insteadOf = prefix: domain: { + enable = true; } { condition = "gitdir:~/ndlegis/"; diff --git a/apps/nogui/ssh.nix b/apps/nogui/ssh.nix index 86c957d573a428ef023a34b0eb321b6de5079ae4..ddfd17d20469831ac3f3358f168673c248f45cd8 100644 --- a/apps/nogui/ssh.nix +++ b/apps/nogui/ssh.nix @@ -1,8 +1,9 @@ -{config, ...}: { +{ programs.ssh = { enable = true; includes = [ - config.age.secrets.ssh-config.path + "/run/agenix/ssh-config" + "/run/agenix/ssh-config-work" ]; }; } diff --git a/flake.lock b/flake.lock index e7a8533e3a69a4c870c06ece149140842aca8f03..2b25d2436e72dde9aa0f7d054cda2ed77ca937a5 100644 --- a/flake.lock +++ b/flake.lock @@ -6,17 +6,17 @@ "darwin": [], "home-manager": [], "nixpkgs": [ "nixpkgs" - ], + "inputs": { { }, "locked": { -{ + "nodes": { "agenix": { + "flake": false, { - "inputs": { "owner": "ryantm", "repo": "agenix", - "rev": "1381a759b205dff7a6818733118d02253340fd5e", + "rev": "13ac9ac6d68b9a0896e3d43a082947233189e247", "type": "github" }, "original": { @@ -42,7 +42,7 @@ } }, "flake-utils": { "inputs": { - "agenix": { +{ }, "locked": { "lastModified": 1694529238, @@ -212,11 +212,11 @@ "nixpkgs" ] }, "locked": { - "lastModified": 1712265168, + "lastModified": 1699390779, - "narHash": "sha256-Ax5PlgIre37jgpSbzzeSOXxjc4hZGXvyDhhlzmcsNwA=", + "narHash": "sha256-KOeRnuJm+iUpY16+ahJeePw0Bwxov7bZYwOOgNgZmOs=", "ref": "refs/heads/main", - "rev": "b0c9047f739a25ec23969d2dfb4882aaf24b0ab5", + "rev": "20a5d8a2ee8a8f5b6a8d0212a2eb5c9fb623750c", - "revCount": 16, + "revCount": 12, "type": "git", "url": "https://git.jolheiser.com/helix.drv.git" }, @@ -232,13 +232,13 @@ "nixpkgs" ] }, "locked": { - "lastModified": 1712212014, + "lastModified": 1711122977, - ], "nodes": { + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "owner": "nix-community", "repo": "home-manager", + "flake": false, ], - "darwin": [], "type": "github" }, "original": { @@ -285,26 +285,47 @@ } }, "nixpkgs": { "locked": { + "lastModified": 1710827359, + "lastModified": 1696426674, { "systems": "systems" + "darwin": [], { + "locked": { + "rev": "5710127d9693421e78cca4f74fac2db6d67162b1", + "type": "github" }, { + ], +{ "darwin": [], }, + "inputs": { + }, "nodes": { { + "nixpkgs" + } + "nodes": { { + "lastModified": 1696426674, "agenix": { { + "nodes": { + "lastModified": 1681648924, + "narHash": "sha256-pzi3HISK8+7mpEtv08Yr80wswyHKsz+RP1CROG1Qf6s=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "f294325aed382b66c7a188482101b0f336d1d7db", +{ "nixpkgs" }, "original": { "owner": "nixos", }, - "inputs": { + "nodes": { - }, "nodes": { + "revCount": 3, "type": "github" } }, @@ -359,6 +379,7 @@ "home-manager": "home-manager", "jolheiser-nur": "jolheiser-nur", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", + "nixpkgs-py39": "nixpkgs-py39", "nur": "nur", "resume": "resume", "tclip": "tclip", @@ -370,21 +391,6 @@ "wsl": "wsl" } }, "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_2": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", diff --git a/flake.nix b/flake.nix index ddaf734346adc6a4bb6a32158311ce88face8b1a..5a9af83672e0bebeff44cba87080bf22a6df2e42 100644 --- a/flake.nix +++ b/flake.nix @@ -4,6 +4,7 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; flake-utils.url = "github:numtide/flake-utils"; # Only expressed here to use for followers + nixpkgs-py39.url = "github:nixos/nixpkgs/f294325aed382b66c7a188482101b0f336d1d7db"; home-manager = { url = "github:nix-community/home-manager"; @@ -98,6 +99,7 @@ nixpkgs, home-manager, nixos-hardware, agenix, + nixpkgs-py39, wsl, ... } @ inputs: let @@ -126,6 +128,10 @@ pkgs = import nixpkgs { inherit overlays system; config.allowUnfree = true; }; + userSecret = path: { + file = path; + owner = username; + }; commonConfig = {config, ...}: { config = { nixpkgs.overlays = overlays; @@ -134,89 +140,192 @@ nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; { + nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; home-manager = { { + wsl, + darwin.follows = ""; inputs.nixpkgs.follows = "nixpkgs"; { + } @ inputs: let - inputs.nixpkgs.follows = "nixpkgs"; + file = ./secrets/shared/spotify.age; + home-manager.follows = ""; description = "jolheiser's nixos config"; - inputs.nixpkgs.follows = "nixpkgs"; + home-manager.follows = ""; - inputs.nixpkgs.follows = "nixpkgs"; + home-manager.follows = ""; inputs = { - inputs.nixpkgs.follows = "nixpkgs"; + home-manager.follows = ""; nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; - inputs.nixpkgs.follows = "nixpkgs"; + home-manager.follows = ""; flake-utils.url = "github:numtide/flake-utils"; # Only expressed here to use for followers - inputs.nixpkgs.follows = "nixpkgs"; + home-manager.follows = ""; home-manager = { - inputs.nixpkgs.follows = "nixpkgs"; + home-manager.follows = ""; url = "github:nix-community/home-manager"; - inputs.nixpkgs.follows = "nixpkgs"; + home-manager.follows = ""; inputs.nixpkgs.follows = "nixpkgs"; { + (_: prev: { + }; + }; + }; + }; +{ { + home-manager = { { { + home-manager = { description = "jolheiser's nixos config"; { + home-manager = { { + home-manager = { inputs = { { + gomodinit = inputs.gomodinit.packages.${prev.system}.default; + nixpkgs.overlays = [ + (_: _: { + py39 = import nixpkgs-py39 {inherit (pkgs) system;}; + }) + nixos-hardware.url = "github:nixos/nixos-hardware/master"; + age.secrets = { + netrc = { + file = ./secrets/work/netrc.age; + owner = username; + nixos-hardware.url = "github:nixos/nixos-hardware/master"; nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; }; + + nixos-hardware.url = "github:nixos/nixos-hardware/master"; flake-utils.url = "github:numtide/flake-utils"; # Only expressed here to use for followers { + url = "github:nix-community/home-manager"; home-manager = { { + commonConfig = {config, ...}: { + nixos-hardware.url = "github:nixos/nixos-hardware/master"; url = "github:nix-community/home-manager"; }; - inputs.nixpkgs.follows = "nixpkgs"; + { + "electron-25.9.0" { + inputs.nixpkgs.follows = "nixpkgs"; { + commonConfig = {config, ...}: { { + inputs.nixpkgs.follows = "nixpkgs"; { { + { + inputs.nixpkgs.follows = "nixpkgs"; description = "jolheiser's nixos config"; { + nurpkgs = prev; + }; + }) + ]; + inputs.nixpkgs.follows = "nixpkgs"; { + system = "x86_64-linux"; + inputs.nixpkgs.follows = "nixpkgs"; { + in { { + inputs.nixpkgs.follows = "nixpkgs"; inputs = { { + "jolheiser" = home-manager.lib.homeManagerConfiguration { { - nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; + inherit pkgs; + inherit username; { + agenix.homeManagerModules.age home-manager.follows = ""; + inputs = { { + { + ./apps/gui { - home-manager = { + url = "github:nix-community/NixOS-WSL"; + jolheiser-nur = { { + "jolheiser" = home-manager.lib.homeManagerConfiguration { + inherit pkgs; + modules = commonModules; { + home-manager = { + "work" = home-manager.lib.homeManagerConfiguration { + inherit pkgs; + modules = + commonModules + ++ [ + { + jolheiser-nur = { url = "github:nix-community/home-manager"; + (_: _: { + py39 = import nixpkgs-py39 {inherit (pkgs) system;}; + description = "jolheiser's nixos config"; agenix = { - inputs.nixpkgs.follows = "nixpkgs"; + description = "jolheiser's nixos config"; { + description = "jolheiser's nixos config"; + description = "jolheiser's nixos config"; inputs = { + git.package = pkgs.gitSVN; + firefox.profiles.default.bookmarks = [(import ./apps/gui/firefox/work.nix)]; }; + description = "jolheiser's nixos config"; { + flake-utils.url = "github:numtide/flake-utils"; # Only expressed here to use for followers + nixos-hardware.url = "github:nixos/nixos-hardware/master"; + }; + }; + url = "github:ryantm/agenix"; -{ url = "git+https://git.jolheiser.com/nur.git"; + home-manager = { url = "github:ryantm/agenix"; + nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; description = "jolheiser's nixos config"; + inputs = { + workModules + ++ [ + url = "git+https://git.jolheiser.com/nur.git"; inputs.nixpkgs.follows = "nixpkgs"; + nixos-hardware.url = "github:nixos/nixos-hardware/master"; }; + "earlgrey" = nixpkgs.lib.nixosSystem { { + url = "git+https://git.jolheiser.com/jolheiser.com.git"; + description = "jolheiser's nixos config"; + inputs = { + description = "jolheiser's nixos config"; { + url = "github:nix-community/home-manager"; + ++ [ + ./machines/earlgrey + ]; + }; + "masala" = nixpkgs.lib.nixosSystem { + inherit system; + modules = + workModules + ++ [ + description = "jolheiser's nixos config"; url = "git+https://git.jolheiser.com/helix.drv.git"; + ./machines/masala + ]; + }; "matcha" = nixpkgs.lib.nixosSystem { inherit system; modules = [ + agenix.nixosModules.default ./machines/matcha commonConfig ]; @@ -218,6 +333,7 @@ "genmaicha" = nixpkgs.lib.nixosSystem { inherit system; modules = [ nixos-hardware.nixosModules.framework-13-7040-amd + agenix.nixosModules.default ./machines/genmaicha commonConfig ]; @@ -225,6 +341,7 @@ }; "sencha" = nixpkgs.lib.nixosSystem { inherit system; modules = [ + agenix.nixosModules.default ./machines/sencha commonConfig ]; diff --git a/justfile b/justfile index b51e32c04b0058c3f4d5b97644add7d84d3ee05f..1638805a0c9e2b8f3fc235f898a6a3fb99203f3d 100644 --- a/justfile +++ b/justfile @@ -13,7 +13,9 @@ @just rebuild switch {{args}} hm: @home-manager switch --flake . - @systemctl --user start agenix.service + +work: + @home-manager switch --flake '.#work' # Rebuild the current machine for next boot boot *args: diff --git a/machines/chai/default.nix b/machines/chai/default.nix new file mode 100644 index 0000000000000000000000000000000000000000..40565d5addc095faf0207c57867f7c0bea0c9768 --- /dev/null +++ b/machines/chai/default.nix @@ -0,0 +1,72 @@ +{pkgs, ...}: let + username = "jolheiser"; +in { + imports = [./hardware.nix ../common/gui]; + + boot = { + kernelPackages = pkgs.linuxPackages_latest; + kernelParams = ["quiet" "splash"]; + loader.efi.canTouchEfiVariables = true; + loader.systemd-boot.enable = true; + initrd.systemd.enable = true; + }; + + hardware = {bluetooth.enable = true;}; + + networking = { + hostName = "chai"; + networkmanager.enable = true; + firewall.enable = true; + }; + + boot.initrd.luks.devices = { + "luks-83586073-35f8-438d-9203-99f1e966c2ca" = { + device = "/dev/disk/by-uuid/83586073-35f8-438d-9203-99f1e966c2ca"; + keyFile = "/crypto_keyfile.bin"; + }; + }; + + services = { + blueman.enable = true; + pcscd.enable = true; + openssh = { + enable = true; + settings = {X11Forwarding = true;}; + }; + globalprotect.enable = true; + printing = { + enable = true; + drivers = [pkgs.hplip]; + }; + }; + + virtualisation.docker.enable = true; + + users.users."${username}" = { + extraGroups = ["wheel" "docker"]; + isNormalUser = true; + }; + + environment.systemPackages = with pkgs; [ + globalprotect-openconnect + jetbrains.pycharm-professional + jetbrains.idea-ultimate + jetbrains.datagrip + libxcrypt + py39.python39 + py39.python39Packages.virtualenv + py39.python39Packages.psycopg2 + py39.python39Packages.wheel + py39.python39Packages.setuptools + py39.python39Packages.pip + python3Packages.twine + subversion + teams-for-linux + xorg.xauth + + # Flake overlay + jolheiser.nur.prospect-mail + ]; + + system.stateVersion = "22.11"; +} diff --git a/machines/chai/hardware.nix b/machines/chai/hardware.nix new file mode 100644 index 0000000000000000000000000000000000000000..d6aaec73129f2ff6bb9694f9e8d14c9f7130bfa3 --- /dev/null +++ b/machines/chai/hardware.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + modulesPath, + ... +}: { + imports = [(modulesPath + "/installer/scan/not-detected.nix") ../common/cifs.nix]; + + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/b8a0cc98-5882-4b69-a8cb-375726767606"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-bd0a4998-266e-4aae-8f20-89561a2fa169".device = "/dev/disk/by-uuid/bd0a4998-266e-4aae-8f20-89561a2fa169"; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/5531-69DC"; + fsType = "vfat"; + }; + + swapDevices = [{device = "/dev/disk/by-uuid/eb7acf5d-e5db-45fa-8691-8ef5641cde68";}]; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = + lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/machines/common/cifs.nix b/machines/common/cifs.nix new file mode 100644 index 0000000000000000000000000000000000000000..49f834c76bcb97a6599d94e2d3099034a6681f48 Binary files /dev/null and b/machines/common/cifs.nix differ diff --git a/machines/earlgrey/default.nix b/machines/earlgrey/default.nix new file mode 100644 index 0000000000000000000000000000000000000000..5cba3994a98496754b7cc8f7227dbe63a199ee18 --- /dev/null +++ b/machines/earlgrey/default.nix @@ -0,0 +1,65 @@ +{pkgs, ...}: let + username = "jolheiser"; +in { + imports = [./hardware.nix ../common/gui]; + + boot = { + kernelPackages = pkgs.linuxPackages_latest; + kernelParams = ["quiet" "splash"]; + loader.efi.canTouchEfiVariables = true; + loader.systemd-boot.enable = true; + initrd.systemd.enable = true; + }; + + hardware = {bluetooth.enable = true;}; + + networking = { + hostName = "earlgrey"; + networkmanager.enable = true; + firewall.enable = true; + }; + + services = { + blueman.enable = true; + pcscd.enable = true; + openssh = { + enable = true; + settings = {X11Forwarding = true;}; + }; + globalprotect.enable = true; + printing = { + enable = true; + drivers = [pkgs.hplip]; + }; + }; + + virtualisation.docker.enable = true; + + users.users."${username}" = { + extraGroups = ["wheel" "docker"]; + isNormalUser = true; + }; + + environment.systemPackages = with pkgs; [ + globalprotect-openconnect + jetbrains.pycharm-professional + jetbrains.idea-ultimate + jetbrains.datagrip + libxcrypt + py39.python39 + py39.python39Packages.virtualenv + py39.python39Packages.psycopg2 + py39.python39Packages.wheel + py39.python39Packages.setuptools + py39.python39Packages.pip + python3Packages.twine + subversion + teams-for-linux + xorg.xauth + + # Flake overlay + jolheiser.nur.prospect-mail + ]; + + system.stateVersion = "22.11"; +} diff --git a/machines/earlgrey/hardware.nix b/machines/earlgrey/hardware.nix new file mode 100644 index 0000000000000000000000000000000000000000..956ce789db191da3100a3258600b3c4e6630c7ef --- /dev/null +++ b/machines/earlgrey/hardware.nix @@ -0,0 +1,44 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ../common/cifs.nix + ]; + + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/e2274508-9989-4f6b-9bcf-a0d246f292f9"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-1121cd25-7c4c-47ee-b04a-2cab0cd251ea".device = "/dev/disk/by-uuid/1121cd25-7c4c-47ee-b04a-2cab0cd251ea"; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/86CA-6DF6"; + fsType = "vfat"; + }; + + swapDevices = []; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp197s0f4u1u4.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/machines/masala/default.nix b/machines/masala/default.nix new file mode 100644 index 0000000000000000000000000000000000000000..71862f6e8e1c1128df798b795ca6e9215f6db5d4 --- /dev/null +++ b/machines/masala/default.nix @@ -0,0 +1,34 @@ +{pkgs, ...}: let + username = "jolheiser"; +in { + imports = [../common/gui]; + + networking.hostName = "masala"; + + wsl = { + enable = true; + defaultUser = username; + startMenuLaunchers = true; + }; + + users.users."${username}" = { + extraGroups = ["wheel" "docker"]; + isNormalUser = true; + }; + + services.openssh.enable = true; + + environment.systemPackages = with pkgs; [ + libxcrypt + py39.python39 + py39.python39Packages.virtualenv + py39.python39Packages.psycopg2 + py39.python39Packages.wheel + py39.python39Packages.setuptools + py39.python39Packages.pip + python3Packages.twine + subversion + ]; + + system.stateVersion = "23.11"; +} diff --git a/secrets/personal/dex-tailscale.age b/secrets/personal/dex-tailscale.age index 126c2e80f7aabd778dee4d1a18afbb1273253097..1f45c0f0a2696da1d72b8304388334bcb13780ea 100644 --- a/secrets/personal/dex-tailscale.age +++ b/secrets/personal/dex-tailscale.age @@ -1,8 +1,16 @@ age-encryption.org/v1 +-> ssh-ed25519 E8j6/g HFKa0iZ+3BjzgXcWImvZ8pDxqSXaU3ArmfUzHSDWUAc +LcyBupbwCAdyLLoDDpGSSUvTwVsl6dfWKsWuG58FKR4 +-> ssh-ed25519 f31uNA en9whJKk3OymAdjK4t6cAK9ll1rOw0H+MFyJ459zNQk +age-encryption.org/v1 -> ssh-ed25519 E8j6/g QWZGgeu5+89wRzWH31D1GdNuhrNyyKsKqv/b4Kkyn2s +age-encryption.org/v1 3vYwTYDVOMyiNeE+NtNPyplmGiknjyTQvln2DRxUPg0 +age-encryption.org/v1 -> ssh-ed25519 f31uNA NVB2C1IjxvB25uA+PdB9lmNgmPQ16wSRl8lS0Wp4Tzg +age-encryption.org/v1 Fe7BCcnb+1HzJ43Iq+YtHCI/i2m7TT5xO1rZwb9yZ70 +age-encryption.org/v1 --- 4Fmm3sQzE/funn3yI79REu1SVRzgUMQ1r8bUaNgVYZE +age-encryption.org/v1 ΍ -,F/~ŔTDِۨt`)9+xy~+ \ No newline at end of file diff --git a/secrets/personal/dex-tandoor.age b/secrets/personal/dex-tandoor.age index 764061e9a96a34c1c32a34424abc7e190b9f0b48..f93a15f59ad8bb38cc61dd888f5b21a46f45af9c 100644 --- a/secrets/personal/dex-tandoor.age +++ b/secrets/personal/dex-tandoor.age @@ -1,7 +1,17 @@ age-encryption.org/v1 +-> ssh-ed25519 E8j6/g KP8adYt7yepYjV1WCWB2k37H11nZS0syTPO6PVucDQ4 +nd9usbx1lF7W2NoRyBmdU+TkYw42yPc5+YLHPvFgf1U +-> ssh-ed25519 f31uNA 7VqN325Bduh25YchTA9x4fTSRd41a2YaVvDdLpwLpDQ +CqwaGdHTEgYBMAPu90iepQ49xYaWHG0FgstoW26nvx8 +age-encryption.org/v1 -> ssh-ed25519 E8j6/g npvjWOaLtdQ8shF6rkXfUlXXf1MAe/pvPBPIPY9R1XY +age-encryption.org/v1 gO6lr8kHN7fOQb5NXaybFqhghx5VqcK0LaHCVvlsdvs +age-encryption.org/v1 -> ssh-ed25519 f31uNA qrbvpL4AuM1wPSR2Qc9VKSpO4Ho0WgpmOIThWvotBCQ +age-encryption.org/v1 Q1oMS4SAxzqb1vQffM4dpsnlXP1M2fZ5nYYIpyB9uoA +age-encryption.org/v1 --- ESb6mxdTZnHs053UowTuWZRn+W+QlOeVM8/kL1VWSgw +age-encryption.org/v1 HDݭD֢wokGEJ-_up!!B \ No newline at end of file diff --git a/secrets/personal/dex-vikunja.age b/secrets/personal/dex-vikunja.age index fdcdfa10e6423a11b1827ab53939cb1b350f9c4c..f75958233664861cecf08fcbd7dd78b7bc7f841b 100644 Binary files a/secrets/personal/dex-vikunja.age and b/secrets/personal/dex-vikunja.age differ diff --git a/secrets/personal/dex.age b/secrets/personal/dex.age index afde76e712eaecda1252e887cbe5d7ff4dfb8e65..72bd5e53b142b1d5efe407efd3a6f263e9a8a14f 100644 Binary files a/secrets/personal/dex.age and b/secrets/personal/dex.age differ diff --git a/secrets/personal/restic-env.age b/secrets/personal/restic-env.age index 8ca40dc79344a0a11f2b07a33dc206c005415d58..52128ca4c7b4fa974c14a301fd1ee4f534e75a66 100644 Binary files a/secrets/personal/restic-env.age and b/secrets/personal/restic-env.age differ diff --git a/secrets/personal/restic-pass.age b/secrets/personal/restic-pass.age index 1a2664a6f90d67687dafe515b905611a78e6e7c6..50ed4610ddca908e1fc4e3eb19c1855918f7a56d 100644 --- a/secrets/personal/restic-pass.age +++ b/secrets/personal/restic-pass.age @@ -1,7 +1,15 @@ age-encryption.org/v1 +-> ssh-ed25519 E8j6/g 8G6eRsnRs0V6UU0haRdsrDTdIPPkCs4Za28QPIggNDo +MUrKL5W5C+jp3Wf9YTqcTnPlDPd6K1ehOQpvistc9FA +-> ssh-ed25519 f31uNA WbcuiNfaVxct1uZnMi9ZLcmNkTrcovcnrnRn4P1wHm8 +IWwi8uZjA5k0kr07/SlC1GOzV85XjvHJqeTzWX4CWA8 +age-encryption.org/v1 -> ssh-ed25519 E8j6/g c3mP+3muM3Nk+CR8X2GRdVDgc88Y5FHblV7EzxaYF08 +age-encryption.org/v1 dVEE+rQ6Y7ki9Uyr+8B3xYRZtO9VeGWwFboasp5ycqg +age-encryption.org/v1 -> ssh-ed25519 f31uNA Xq8QkBgX9mpIkenoJQCt+hyg/AVf/kwkVMJnOxqEARM +age-encryption.org/v1 tkte19pOr+Lb2lk1BVQibsC8d8k38oKwllx6cySVtt0 +age-encryption.org/v1 --- geKlgkUKw/FYhJNqGSZmXoTSTfRQR+dlz7fq5WzL7SU -l,ٗWL4VEb6Y8 \ No newline at end of file diff --git a/secrets/personal/restic-repo.age b/secrets/personal/restic-repo.age index 08d2997d2f7a326a5d729e5a8dc95cb8d9b79060..82a027c3ab1e6f2fd4277bb02b5fc11987869b2d 100644 --- a/secrets/personal/restic-repo.age +++ b/secrets/personal/restic-repo.age @@ -1,7 +1,13 @@ age-encryption.org/v1 +-> ssh-ed25519 E8j6/g L2TQVwvaNnDgtoMP2klK3Pm1onPHkrUcVyDPeazf40E +m+2GyVEhMUpTjjr32XQ8yDHqYXH0RkcfgBDabJOhlvs +-> ssh-ed25519 f31uNA pM1tWU+3vVjkA/ybV+iafuuddC0eC3LbXIA2igUleXg +FRsEBdFUufRg3VFvlUfb8BYlUVvwo30y3ran/2XnuEw +age-encryption.org/v1 -> ssh-ed25519 E8j6/g vLXo/gyZOwGUJyLHIqcrpCmvLmbFpgrFHBRLmqzyiwg +age-encryption.org/v1 ha7V1vSM3r5Y0PQyeNL01wqqvSuMOWfwbdZjJSMpzhk +age-encryption.org/v1 -> ssh-ed25519 f31uNA NGUshv3FTRw4kARWfLgSqp2EbLvPnm638rKAULFLZlY +age-encryption.org/v1 3owquk+she5gB+cjdpPYdIFlz+RtA25RbwxIGftD6BI ---- MZfK5Wquy6pyOWuQdRYa9y46X8lD1ndOeXqkImvIDpM -e7kUWsm7ߨ㗛Dd\(1ܪdj$$N^Јi.b*}(2$%B[5So1A徱+#c \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index c093580fc902e2b42fe68da9616f19ffb5405634..1b7aeb09affd3550c190cdd41065157347b2d3ca 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -3,16 +3,24 @@ jolheiser = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrPUqk9v7FE7OgMDaOMdlnItiXSDkmS+eU94RzQFiMS"; matcha = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZxjkZLj/9xvmg1enK+B7k8qf6Px0j4kTZ2caQfYmB1"; genmaicha = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhyzwMV0eoS8RSAcUvLkPhbXoR9/06cLoBmUVyb9DTw"; sencha = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJurjAMu4IXgpBwgUP0QvE2ySE5/Orn/yflkdWVvy6Am"; + chai = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7PS9SJ+OVrUku9dPUQZigioy+r3VlFHVntsa/F7AdM"; + earlgrey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJDcKxHqsnW9IMTfMQLPR2113acjm5Zi3IbZWfEDb7f"; + masala = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDltwsOkqNsP0Gia32jzUUzohzMYpE9uSwxBqJoG2Vd"; dragonwell = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN32Cwxer2AOGvEqSqXSPp49gj1VtR7G2XmPnmXj6o53"; - all = [jolheiser matcha genmaicha sencha dragonwell]; + all = [jolheiser matcha genmaicha sencha chai earlgrey masala dragonwell]; in { "shared/cachix.age".publicKeys = all; "shared/ssh-config.age".publicKeys = all; + "shared/ssh-config-work.age".publicKeys = all; "shared/spotify.age".publicKeys = all; "shared/irc-pw.age".publicKeys = all; "shared/gist-pw.age".publicKeys = all; "shared/git-send-email.age".publicKeys = all; + "work/netrc.age".publicKeys = [jolheiser chai earlgrey masala]; + "work/pip.conf.age".publicKeys = [jolheiser chai earlgrey masala]; + "work/pypirc.age".publicKeys = [jolheiser chai earlgrey masala]; + "work/cifs.age".publicKeys = [jolheiser chai earlgrey masala]; "personal/restic-env.age".publicKeys = [jolheiser dragonwell]; "personal/restic-pass.age".publicKeys = [jolheiser dragonwell]; "personal/restic-repo.age".publicKeys = [jolheiser dragonwell]; diff --git a/secrets/shared/cachix.age b/secrets/shared/cachix.age index d8429a870b8d16a08be9ab8536f9adf41cc45149..36c7b4928c64a723e44c782cf248208bc7f2bacf 100644 Binary files a/secrets/shared/cachix.age and b/secrets/shared/cachix.age differ diff --git a/secrets/shared/gist-pw.age b/secrets/shared/gist-pw.age index 6e0eb99c00a6de509b77671b1e29e1c64225d860..33346f0352553d6f21989944e4cfd4caaa5f5b57 100644 Binary files a/secrets/shared/gist-pw.age and b/secrets/shared/gist-pw.age differ diff --git a/secrets/shared/git-send-email.age b/secrets/shared/git-send-email.age index f51619ef3907bb00d74c519e7ec085604a9eecb5..65f9ad9c9ba348fb8f6760ea26de4bb5de10b264 100644 --- a/secrets/shared/git-send-email.age +++ b/secrets/shared/git-send-email.age @@ -1,18 +1,33 @@ age-encryption.org/v1 +-> ssh-ed25519 E8j6/g ZO1sXWN09kkwwq7W1RacMU1i+pHnqJPn+0zzt8xOijo +zeB0CTfvqWBaAGBHsedgSjZInCazJy0Wls69gfnewus +-> ssh-ed25519 xUMv2w qIl3oCXCQduMPUnIogNh/9LxvLsfNvAH5OsIjrYX+ik +vmE8/Ga6UE76RofNRV5Uh3DZNq3wLEg1GPWBfZcd1vk +-> ssh-ed25519 ph+d2g hMZORq51DcIMrXZjY6CIhj8lmb7HvWX1Xl55PDJldHE -> ssh-ed25519 E8j6/g EKCyCihc4z2NLVAiBRbZ1uH1FwPUAeGW68XhfXpJGF8 +-> ssh-ed25519 Cuo7gw YKT3pk32+aQaNHrY1hH7EOv1HHLCkDtepdUY3eiKfTc +9n9zV9bQ7DC+92IzAXXCDbt1UKBY5hOnCCUFcpYiTQ0 +-> ssh-ed25519 E8j6/g EKCyCihc4z2NLVAiBRbZ1uH1FwPUAeGW68XhfXpJGF8 GD7M0zuA9hChzMmk2JEv+QX3MKQJFJZiv51xtLr+gtQ +-> ssh-ed25519 E8j6/g EKCyCihc4z2NLVAiBRbZ1uH1FwPUAeGW68XhfXpJGF8 -> ssh-ed25519 xUMv2w bhsKkj43DxtvK3NaEZK65fBdS+xnc1DqiiE0PIUQTnI +-> ssh-ed25519 E8j6/g EKCyCihc4z2NLVAiBRbZ1uH1FwPUAeGW68XhfXpJGF8 RPe/s7Mp1d+Lw3bLJZb6BRYW/NiOEy2AYwFHaWo621s +-> ssh-ed25519 E8j6/g EKCyCihc4z2NLVAiBRbZ1uH1FwPUAeGW68XhfXpJGF8 -> ssh-ed25519 ph+d2g k8XRPSnnoGUSv9XwJuak/58OKkM5YU02z5gqqaTeHFc +-> ssh-ed25519 E8j6/g EKCyCihc4z2NLVAiBRbZ1uH1FwPUAeGW68XhfXpJGF8 HCavoYTWGtwpa4ks4lbmDXlUgMW/1UAJD11DDAIpUH8 +-> ssh-ed25519 E8j6/g EKCyCihc4z2NLVAiBRbZ1uH1FwPUAeGW68XhfXpJGF8 -> ssh-ed25519 Cuo7gw Jafczm8V39xIZY3nS9OMNLnVnTvbB1D/P1mK07FSiQc +-> ssh-ed25519 E8j6/g EKCyCihc4z2NLVAiBRbZ1uH1FwPUAeGW68XhfXpJGF8 2ifBGz9HTrXGEj8fsfVwlo+2p5vguPfHImpmDvlnNqs -age-encryption.org/v1 +GD7M0zuA9hChzMmk2JEv+QX3MKQJFJZiv51xtLr+gtQ -age-encryption.org/v1 +GD7M0zuA9hChzMmk2JEv+QX3MKQJFJZiv51xtLr+gtQ age-encryption.org/v1 -age-encryption.org/v1 +GD7M0zuA9hChzMmk2JEv+QX3MKQJFJZiv51xtLr+gtQ -> ssh-ed25519 E8j6/g EKCyCihc4z2NLVAiBRbZ1uH1FwPUAeGW68XhfXpJGF8 -age-encryption.org/v1 +GD7M0zuA9hChzMmk2JEv+QX3MKQJFJZiv51xtLr+gtQ GD7M0zuA9hChzMmk2JEv+QX3MKQJFJZiv51xtLr+gtQ -age-encryption.org/v1 +GD7M0zuA9hChzMmk2JEv+QX3MKQJFJZiv51xtLr+gtQ -> ssh-ed25519 xUMv2w bhsKkj43DxtvK3NaEZK65fBdS+xnc1DqiiE0PIUQTnI +™N=PKڈaX+ |7%{ҵ4 ssh-ed25519 E8j6/g KsxAe6APMEcXUPMbuRxbdnZOwI9RYZfGtcsjBa1Zw1w +PUD5yWZhyDKglSKqQI2naYyWghNHCAX1+6zFtFm3rbU +-> ssh-ed25519 jo1MPA n/47VcYbxc8PXWp9ojHqndHZx9+lGX+ZYzyBn5johQ4 +VLlK88iztE78ZyAXctkxebOYQaIsR5YR2XAXTVTDfIg +-> ssh-ed25519 RqjBDA QEBalTZhf7bYvjKup5rjIMdbzarQ/KxPPznCr1OGr1I +IQ82Z/0AlZkdTG3XUEiLEKJ9acUAp3LGRj9Xihf7oZg +-> ssh-ed25519 eyVEZQ XIeYz+BBM3Xrjup2DtpcebrH2OA4EkhVgR097RCANS8 +NST1VSTdhHHbE1Jv4A/rMQ/X9hvEam+E/5iAjVpHDSo +-> D[-grease q& k' OC(uVqZ 2 +PFO2wKgnpoqhBVE6w19l1puBQrZ+8p6ial3KyTAlL0Cp1S+zv2PXEdvtpOTEh8EN +F6qSPDT95Vw3ZSiPuxyiViYCM50frQ +--- KQLcya1WW6duDWve9dwU/0JWr2+0soL8EUDIEjUBaSE +cй1"ɭ=g: .+wb^AOd u"6\^o ,$X]q*[xE \ No newline at end of file diff --git a/secrets/work/netrc.age b/secrets/work/netrc.age new file mode 100644 index 0000000000000000000000000000000000000000..9db4c57f7277f0b5f9c2d86dcae750521de2c569 --- /dev/null +++ b/secrets/work/netrc.age @@ -0,0 +1,14 @@ +age-encryption.org/v1 +-> ssh-ed25519 E8j6/g XNekqB8IluL0bwSKawwWZLM9xPgDXXvFGFImXhxupic ++LBspn84xqRv9Jsa+H3gLJZNGWE9lsFhVcoUllIGtYI +-> ssh-ed25519 jo1MPA PEcjnR7QhqcjARicpeMagvQMRX1Xhc4puGn07bmkMwE +0rIMuM1McW6lO9mt00krt3+OxpRv0+HXltHzkBBKP2A +-> ssh-ed25519 RqjBDA bMrSJvi7XfsNdEbTM4Qz38xB1ydx10EEyXGThqqRUiQ +FJQwSRYGx7ZcuynYl7Rebb52EtDrdZP6sQIfB9pMfx0 +-> ssh-ed25519 eyVEZQ zG+7GBK66PMEzhpuovR0sRPsTxW5RwRfQchmlZSTZXQ +4PeSJavY8qloTKkAxKeyj5CJ3V1T9ZHErIiKrIkFFMk +-> h=Z`uj-grease kB `'Rp +wX/7XK6SQm9T +--- FHh1BPVtevPq9TPDYpMPf2Kr2qhToYzwlqFgc7mW3is ++sq{JV Yb̌% UI4/pA~ *MVsƝHRIWFj#ԩ+70+ +q|}Ua?!EKr581 [2ծtf/h27V6M߹8F<~ \ No newline at end of file diff --git a/secrets/work/pip.conf.age b/secrets/work/pip.conf.age new file mode 100644 index 0000000000000000000000000000000000000000..c7758d4c9bd93db09449019d3d5ffafd4846b0b8 Binary files /dev/null and b/secrets/work/pip.conf.age differ diff --git a/secrets/work/pypirc.age b/secrets/work/pypirc.age new file mode 100644 index 0000000000000000000000000000000000000000..67d3fc72b0bc6fc6d2121e34812e857df7668ac0 --- /dev/null +++ b/secrets/work/pypirc.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> ssh-ed25519 E8j6/g CKfTTzFK5Pjb/DrVL7ulcrp62ti7ESLGWbBEol8ponQ +b4MRznI24V6rB+oUlM+B7Ke3h51fFr86GmxbMLcA/tE +-> ssh-ed25519 jo1MPA iT7/rm3cLhdXlXNY/xOCyTtDDDrtzpk3a3pRaoDl5x8 +CNrJkpi7x+Cb74qzvZtQkChuCReBTN0SIzlfk8OwAkI +-> ssh-ed25519 RqjBDA OafDrW17YQuLmKUckM4E8SKzt5PjFsXkxEq8EwtR7TQ ++G61h1ZNG6MC1sspSeMqQ4m0o+u/oAAZgHd03iy6IW4 +-> ssh-ed25519 eyVEZQ /HBYk64o3PIfwcHXXcMpEhOIPbACk6g+Kv7lGlEAsUY +VjTaG1LJzdUVZuH9tAgPsMbbt+6etGXiGqrokZ18QdY +-> lP10'%iD-grease 41plOv (&H]Y: 9\2_oD +expQamj2QeknWnGY +--- i6/+l0strfGNFzXHIPlOhfWgZFMRSnXZNjzauiXzEtc +24Oh kEE$4 4Mc&.dS9?K 9Vy^s\X0.˗wNkL+baݟQRś8BP]mV +VW~ܕgE|AbŲSk F+?wYUĤҮ9yKZt6OʏMsDˑB[ +>H4Wjxa Eߊ`T8b9 \ No newline at end of file