Gabe/nix-config
1
0
Fork 0
Code Issues 12 Pull requests Projects Releases Packages Wiki Activity

inital steps into sops-nix. figured out ssh pubkey management.

Browse source
This commit is contained in:
Gabe Venberg 2024-05-31 21:05:06 -05:00
parent a04727757b
commit 3d9e197056
11 changed files with 117 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

8
hosts/archlaptop-vm/default.nix
View file

@ -1,11 +1,12 @@
{
inputs,
outputs,
configLib,
...
}:
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs outputs;};
specialArgs = {inherit inputs outputs configLib;};
# > Our main nixos configuration file <
modules = [
inputs.home-manager.nixosModules.home-manager
@ -19,6 +20,7 @@ inputs.nixpkgs.lib.nixosSystem {
({
config,
pkgs,
configLib,
...
}: {
host = {
@ -39,6 +41,9 @@ inputs.nixpkgs.lib.nixosSystem {
xkb.variant = "";
};
users.users.root.openssh.authorizedKeys.keys =
configLib.dirToStrings "${inputs.nix-secrets}/public-keys";
programs.zsh.enable = true;
environment.shells = with pkgs; [zsh];
# Define a user account. Don't forget to set a password with passwd.
@ -51,6 +56,7 @@ inputs.nixpkgs.lib.nixosSystem {
firefox
# thunderbird
];
openssh.authorizedKeys.keys=config.users.users.root.openssh.authorizedKeys.keys;
};
home-manager.users.${config.host.user} = {

4
hosts/home-personal.nix
View file

@ -1,16 +1,18 @@
{
inputs,
outputs,
configLib,
...
}:
inputs.home-manager.lib.homeManagerConfiguration {
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance
extraSpecialArgs = {inherit inputs outputs;};
extraSpecialArgs = {inherit inputs outputs configLib;};
modules = [
({
config,
pkgs,
lib,
configLib,
...
}: {
# machine specific options

4
hosts/home-workstation.nix
View file

@ -1,17 +1,19 @@
{
inputs,
outputs,
configLib,
...
}:
inputs.home-manager.lib.homeManagerConfiguration {
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance
extraSpecialArgs = {inherit inputs outputs;};
extraSpecialArgs = {inherit inputs outputs configLib;};
modules = [
inputs.nixvim.homeManagerModules.nixvim
({
config,
pkgs,
lib,
configLib,
...
}: {
# machine specific options

12
hosts/workstation-vm/default.nix
View file

@ -4,11 +4,12 @@
{
inputs,
outputs,
configLib,
...
}:
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs outputs;};
specialArgs = {inherit inputs outputs configLib;};
# > Our main nixos configuration file <
modules = [
inputs.home-manager.nixosModules.home-manager
@ -20,10 +21,13 @@ inputs.nixpkgs.lib.nixosSystem {
../../configs/nixos/nfsv2.nix
../../configs/nixos/i3
../../configs/nixos/common.nix
./secrets.nix
({
config,
pkgs,
lib,
inputs,
configLib,
...
}: {
host = {
@ -44,10 +48,15 @@ inputs.nixpkgs.lib.nixosSystem {
xkb.variant = "";
};
users.users.root.openssh.authorizedKeys.keys =
configLib.dirToStrings "${inputs.nix-secrets}/public-keys";
programs.zsh.enable = true;
environment.shells = with pkgs; [zsh];
# Define a user account. Don't forget to set a password with passwd.
users.mutableUsers = false;
users.users.${config.host.user} = {
hashedPasswordFile = config.sops.secrets.gv-password.path;
isNormalUser = true;
description = "Gabe Venberg";
shell = pkgs.zsh;
@ -56,6 +65,7 @@ inputs.nixpkgs.lib.nixosSystem {
firefox
# thunderbird
];
openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
};
home-manager.users.${config.host.user} = {

20
hosts/workstation-vm/secrets.nix Normal file
View file

@ -0,0 +1,20 @@
{
inputs,
config,
lib,
pkgs,
...
}: let
secretsDirectory = builtins.toString inputs.nix-secrets;
in {
imports = [
inputs.sops-nix.nixosModules.sops
];
sops = {
defaultSopsFile = "${secretsDirectory}/common.yaml";
validateSopsFiles = false;
secrets.gv-password={
neededForUsers=true;
};
};
}

4
hosts/wsl-workstation.nix
View file

@ -1,10 +1,11 @@
{
inputs,
outputs,
configLib,
}:
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs outputs;};
specialArgs = {inherit inputs outputs configLib;};
# > Our main nixos configuration file <
modules = [
inputs.home-manager.nixosModules.home-manager
@ -13,6 +14,7 @@ inputs.nixpkgs.lib.nixosSystem {
({
config,
pkgs,
configLib,
...
}: {
wsl.enable = true;