sync

hosts/common/configuration.nix

@@ -0,0 +1,100 @@
+# This is your system's configuration file.
+# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
+
+{ inputs, outputs, lib, config, pkgs, ... }: {
+  # You can import other NixOS modules here
+  imports = [
+    # If you want to use modules your own flake exports (from modules/nixos):
+    # outputs.nixosModules.example
+
+    # Or modules from other flakes (such as nixos-hardware):
+    # inputs.hardware.nixosModules.common-cpu-amd
+    # inputs.hardware.nixosModules.common-ssd
+
+    # You can also split up your configuration and import pieces of it here:
+    # ./users.nix
+
+    # Import your generated (nixos-generate-config) hardware configuration
+    ./hardware-configuration.nix
+  ];
+
+  nixpkgs = {
+    # You can add overlays here
+    overlays = [
+      # Add overlays your own flake exports (from overlays and pkgs dir):
+      outputs.overlays.additions
+      outputs.overlays.modifications
+      outputs.overlays.unstable-packages
+
+      # You can also add overlays exported from other flakes:
+      # neovim-nightly-overlay.overlays.default
+
+      # Or define it inline, for example:
+      # (final: prev: {
+      #   hi = final.hello.overrideAttrs (oldAttrs: {
+      #     patches = [ ./change-hello-to-hi.patch ];
+      #   });
+      # })
+    ];
+    # Configure your nixpkgs instance
+    config = {
+      # Disable if you don't want unfree packages
+      allowUnfree = true;
+    };
+  };
+
+  nix = {
+    # This will add each flake input as a registry
+    # To make nix3 commands consistent with your flake
+    registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
+
+    # This will additionally add your inputs to the system's legacy channels
+    # Making legacy nix commands consistent as well, awesome!
+    nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
+
+    settings = {
+      # Enable flakes and new 'nix' command
+      experimental-features = "nix-command flakes";
+      # Deduplicate and optimize nix store
+      auto-optimise-store = true;
+    };
+  };
+
+  # FIXME: Add the rest of your current configuration
+
+  # TODO: Set your hostname
+  networking.hostName = "your-hostname";
+
+  # TODO: This is just an example, be sure to use whatever bootloader you prefer
+  boot.loader.systemd-boot.enable = true;
+
+  # TODO: Configure your system-wide user settings (groups, etc), add more users as needed.
+  users.users = {
+    # FIXME: Replace with your username
+    your-username = {
+      # TODO: You can set an initial password for your user.
+      # If you do, you can skip setting a root password by passing '--no-root-passwd' to nixos-install.
+      # Be sure to change it (using passwd) after rebooting!
+      initialPassword = "correcthorsebatterystaple";
+      isNormalUser = true;
+      openssh.authorizedKeys.keys = [
+        # TODO: Add your SSH public key(s) here, if you plan on using SSH to connect
+      ];
+      # TODO: Be sure to add any other groups you need (such as networkmanager, audio, docker, etc)
+      extraGroups = [ "wheel" ];
+    };
+  };
+
+  # This setups a SSH server. Very important if you're setting up a headless system.
+  # Feel free to remove if you don't need it.
+  services.openssh = {
+    enable = true;
+    # Forbid root login through SSH.
+    permitRootLogin = "no";
+    # Use keys only. Remove if you want to SSH using password (not recommended)
+    passwordAuthentication = false;
+  };
+
+  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
+  system.stateVersion = "22.11";
+}

hosts/common/default.nix

@@ -0,0 +1,32 @@
+# This file (and the global directory) holds config that i use on all hosts
+{ lib, inputs, outputs, pkgs, ... }:
+{
+  imports = [
+    inputs.home-manager.nixosModules.home-manager
+    ./sops.nix
+   ] ++ (builtins.attrValues outputs.nixosModules);
+
+  system.stateVersion = "22.11";
+
+  home-manager = {
+    useUserPackages = true;
+    extraSpecialArgs = { inherit inputs outputs; };
+  };
+
+  nixpkgs = {
+    #overlays = builtins.attrValues outputs.overlays;
+    config = {
+      allowUnfree = true;
+    };
+  };
+
+  programs.fuse.userAllowOther = true;
+  
+    # nixpkgs.overlays = overlays;
+  # Enable nix flakes
+  nix.package = pkgs.nixFlakes;
+  nix.extraOptions = ''
+    experimental-features = nix-command flakes
+  '';
+
+}

hosts/common/mnt-public.nix

@@ -0,0 +1,10 @@
+{ lib, inputs, outputs, ... }:
+{
+
+    fileSystems."/mnt/Public" = {
+        device = "//192.168.1.109/Public";
+        fsType = "cifs";
+        # options = ["uid=0,gid=1000"];
+        options = ["guest" "uid=1000"];
+    };
+}

hosts/common/secrets.yaml

@@ -0,0 +1,57 @@
+hello: ENC[AES256_GCM,data:YCv2DmmbLK0J/bfIETFAigdBYNA4ngz/hjxurUenY+8X0k/nFfPFMYo2T2SJgek=,iv:EwMz6ZkRZrPkGLUmTEkAVaqFXpBLP3Ur4A7buPOlmyE=,tag:9mKTqjVawZBXDxx1iUx65Q==,type:str]
+example_key: ENC[AES256_GCM,data:nFMTN2mxDyCuWTB3CQ==,iv:1C2I7tSW15sGOdfiL1GvIOmCUeH5QgNI3zUWUBiqz3U=,tag:M3jaoS71WOTRe7JH2IFoow==,type:str]
+#ENC[AES256_GCM,data:kmiX4PQr6LCSeIAnaWg5Vg==,iv:bYDdcMQyfKWgw6nqMaVTRPdKaukinOVifRcissdN7EI=,tag:An6CITxn5+g2DH2yxRKnnw==,type:comment]
+example_array:
+    - ENC[AES256_GCM,data:ZvYNnG3Eth6u2INUF9A=,iv:iBhi9av/b2XrgEElTttgsr4GEsyprJ1/3DN18dDpvW8=,tag:mEeilFezrMWVJ8zFsIRTaA==,type:str]
+    - ENC[AES256_GCM,data:BA3E0wZv2TD1nJ4QoTY=,iv:mK2500yAbmmviq2/HuGPS71Adqxk/dZbyZvIH9bREhY=,tag:J2nVJSO5SNlg0LbupzyzkQ==,type:str]
+example_number: ENC[AES256_GCM,data:ovijNr8tbyQ8Ww==,iv:02UHA0FDiYsM1WiostcpNjhp8Fz6zvVgq2ccfrSicI0=,tag:1a2flzhBtFUaohl8CTUCRQ==,type:float]
+example_booleans:
+    - ENC[AES256_GCM,data:4Jnx+Q==,iv:jRAv486sWUtSXaDGQhUNq6ol/9Sjj71g1a9oemYbCT4=,tag:QSk3a0psmzdIKSDppvHLlg==,type:bool]
+    - ENC[AES256_GCM,data:kRIyTMI=,iv:57H3OtVIROJVfSRu+eLY1BEYmTWAcnRJqMn5ewYii+4=,tag:RzUieLUjdkK8r9qXwgozgg==,type:bool]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1jvqe2j70h97844nkz34z9k4epx3uahx50cx75ss8mty2dnxlrf7qqv9a0g
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVFoyWHJ5bURYSlRPenhw
+            dUxBcUJFQW15L25xSmdIVFNjNGMvQlNhSkFZCmFXWGIyUVBhT2ZPRUVOcWF5WWlC
+            Sm5ra1ZxMWVrcllPQWFBbEhPOTNoOWMKLS0tIHgyaFd1NU9jMHVRRHZLaHlUZFpV
+            c1VPdzhyOElhdnNWNGJtQVYwdGlzSDQKVKEr5ZPTUS3VPY+ywsmJaqGtQs/vH+ll
+            w0dyVelfdqaaZixBqZi+3D5IkL3g4Tx88R498YhgS1GJZDchf33itg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1jvf8rd8krchw3ph0w2let8clvyuzcdhq2ug6sm7tx86refc2z5vq4w6lxr
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NUlOVHhzVEU4L0RVeTM4
+            RzJXRGxRSkFIbXlHRkZhY2xOV0sxVmNIOENVCm5zUVRJRG9HaU1qMlkxcDVpM29t
+            ZGczOE4yeTdubjU1TzFyZlRLLysvMFkKLS0tIDlIajVwcktRNHl5YlVNeVBpVTlB
+            TEQzZ1dqc3crNFcyK3RMSGtJN2ZTQzQKPX5QRpyq+snJq7BFeIuibls0JT87DxSM
+            dfWALls+0GJ3p+iRGxCZvPEsD+1b21V1Ky9nPGsD3yr+IURJOkw/4g==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1e0g0rrfdmp5f8f4xgkyp8zgxw2v5t3ldlm2t822xekdz0z6qj49q6aesuw
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUcXFMajNoVHY3YlowQmtN
+            eEt4QWMrUE9reTJhYmRrKzFkNDRqenM5TVNzCjh1bUR1K1FVaDF0Q1FLbHV4RWs4
+            bmhwdGtGazRIK3c4b3hjcnQyMlJIRGMKLS0tIEhqSXdrZEg5Q3BiUHl2b1JOTVZK
+            OU50RmdKY0w5OVI1akFHR0N6OUlScTgKSqYdXlXoLaOZLTVC83qXydvGBxOHctzf
+            Cdfmj674Ih4kqzFcM+0yFtOb574fAkaeU9fH58uoZ97Y8HNlLUHSAA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age187fdx6pc2559tjh03jrcwp6yj8whd70h666g8a0ptyr0z49tfcsssdx6au
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSZ2VIQXV3RndKUDNhZEVY
+            RlNNWnkyUFYyd01TYVR2UXR2QS9OeWkwVEdNCkhwakdXYkhkZlc2TXNtQ1pvYUFY
+            UUZMSUlNWXZxN21DQVhzTXNqTSthcE0KLS0tIEdsRHVQV0RudUppNXdEb1lyRDVQ
+            NVRURnUyUFA4OC80K2NqWDNlcW1nSVkKJDwadryzf4gpv+Ije54EL4XCiJh8DCVa
+            Kw9VPkU6WbpT8DMEUkvaydVhJm9QkT7XVAPd8xNh/INsCWhMHZsD2g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-02-25T04:46:09Z"
+    mac: ENC[AES256_GCM,data:J/BYh7T+5uXVE3BHj6uQ/o1c3p9B+M5oqBD6v8qxirEAlfCtMcciE93nXF0Gx9fln4rD3tt6YU24oT6/546F2TrWViAamRTDiyACs0gCbE+W7kp0AdcpjlBj4rL4pyYUGwDXZfLXKLpVWztx2O0XwIwoRX+FhjEpvkVvmy/6Acg=,iv:A5xEdkvuD9IO7QL7ZMtdSsxXP6NThgmBwquF14T/HGg=,tag:SzrscVaBPIg+gbMuwMcROA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3

hosts/common/sops.nix

@@ -0,0 +1,17 @@
+{ inputs, lib, config, ... }:
+{
+  imports = [
+    inputs.sops-nix.nixosModules.sops
+  ];
+
+  sops = {
+  defaultSopsFile = ./secrets.yaml;
+  age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  secrets.discogs_json = { 
+  mode = "0440";
+  owner = config.users.users.sstent.name;
+  group = config.users.users.sstent.group;
+};
+};
+
+}

hosts/common/user-sstent.nix

@@ -0,0 +1,18 @@
+{ inputs, lib, config, ... }:
+{
+
+
+    users.users = {
+      sstent = {
+        initialPassword = "farscape5";
+        isNormalUser = true;
+        openssh.authorizedKeys.keys = [
+          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+D4o3mL4BQsRr0UIhB1hn0brSTIJ9Lr0m2fMMVGF3tIuEihnmwGTeAX78q5/bmoo4gZy7G+CHal54S1lY8LY1KvmIDCpPJ8848HvLbTiTX3qZ7Mjaav+Ox9eHMwX+7zkPwdhfP8TDvmNe12j1GEKBhAm+FhdBQCbEV7cbm1SkX0+WBGoVvI2qbRm1RF0mOuTAmO3Lr2YeAcKJ21YxwNMv1Qrj7oxGYH9rLHLNwZ/0soIdTC9cikl4DHyvCs4HRYcVw36uuCVc/AyIT2GeETRapAQr8nzT89Haa1IThgZ9ztjSsSSOtrUhxatlMIfTIpVjl/gWq7GLfqd/ei/evTal sstent@StuPC"
+        ];
+        extraGroups = [ "wheel" "video" ];
+      };
+    };
+
+#   home-manager.users.misterio = import home/${config.networking.hostName}.nix;
+
+}