sync

hosts/common/configuration.nix

@@ -1,100 +0,0 @@
-# This is your system's configuration file.
-# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
-
-{ inputs, outputs, lib, config, pkgs, ... }: {
-  # You can import other NixOS modules here
-  imports = [
-    # If you want to use modules your own flake exports (from modules/nixos):
-    # outputs.nixosModules.example
-
-    # Or modules from other flakes (such as nixos-hardware):
-    # inputs.hardware.nixosModules.common-cpu-amd
-    # inputs.hardware.nixosModules.common-ssd
-
-    # You can also split up your configuration and import pieces of it here:
-    # ./users.nix
-
-    # Import your generated (nixos-generate-config) hardware configuration
-    ./hardware-configuration.nix
-  ];
-
-  nixpkgs = {
-    # You can add overlays here
-    overlays = [
-      # Add overlays your own flake exports (from overlays and pkgs dir):
-      outputs.overlays.additions
-      outputs.overlays.modifications
-      outputs.overlays.unstable-packages
-
-      # You can also add overlays exported from other flakes:
-      # neovim-nightly-overlay.overlays.default
-
-      # Or define it inline, for example:
-      # (final: prev: {
-      #   hi = final.hello.overrideAttrs (oldAttrs: {
-      #     patches = [ ./change-hello-to-hi.patch ];
-      #   });
-      # })
-    ];
-    # Configure your nixpkgs instance
-    config = {
-      # Disable if you don't want unfree packages
-      allowUnfree = true;
-    };
-  };
-
-  nix = {
-    # This will add each flake input as a registry
-    # To make nix3 commands consistent with your flake
-    registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
-
-    # This will additionally add your inputs to the system's legacy channels
-    # Making legacy nix commands consistent as well, awesome!
-    nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
-
-    settings = {
-      # Enable flakes and new 'nix' command
-      experimental-features = "nix-command flakes";
-      # Deduplicate and optimize nix store
-      auto-optimise-store = true;
-    };
-  };
-
-  # FIXME: Add the rest of your current configuration
-
-  # TODO: Set your hostname
-  networking.hostName = "your-hostname";
-
-  # TODO: This is just an example, be sure to use whatever bootloader you prefer
-  boot.loader.systemd-boot.enable = true;
-
-  # TODO: Configure your system-wide user settings (groups, etc), add more users as needed.
-  users.users = {
-    # FIXME: Replace with your username
-    your-username = {
-      # TODO: You can set an initial password for your user.
-      # If you do, you can skip setting a root password by passing '--no-root-passwd' to nixos-install.
-      # Be sure to change it (using passwd) after rebooting!
-      initialPassword = "correcthorsebatterystaple";
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [
-        # TODO: Add your SSH public key(s) here, if you plan on using SSH to connect
-      ];
-      # TODO: Be sure to add any other groups you need (such as networkmanager, audio, docker, etc)
-      extraGroups = [ "wheel" ];
-    };
-  };
-
-  # This setups a SSH server. Very important if you're setting up a headless system.
-  # Feel free to remove if you don't need it.
-  services.openssh = {
-    enable = true;
-    # Forbid root login through SSH.
-    permitRootLogin = "no";
-    # Use keys only. Remove if you want to SSH using password (not recommended)
-    passwordAuthentication = false;
-  };
-
-  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
-  system.stateVersion = "22.11";
-}

hosts/common/default.nix

@@ -11,6 +11,11 @@
   home-manager = {
     useUserPackages = true;
     extraSpecialArgs = { inherit inputs outputs; };
+              sharedModules = [
+                inputs.sops-nix.homeManagerModules.sops
+              ];
+
+
   };
 
   nixpkgs = {
@@ -21,7 +26,8 @@
   };
 
   programs.fuse.userAllowOther = true;
-  
+  security.sudo.wheelNeedsPassword = false;
+
     # nixpkgs.overlays = overlays;
   # Enable nix flakes
   nix.package = pkgs.nixFlakes;

hosts/common/mnt-public.nix

@@ -7,4 +7,25 @@
         # options = ["uid=0,gid=1000"];
         options = ["guest" "uid=1000"];
     };
-}
+}
+
+
+
+# { lib, pkgs, config, ... }:
+# with lib;
+
+# let cfg = config.services.ssh-proxy;
+# in {
+#   options.services.ssh-proxy = {
+#     enable = mkOption {
+#       type = types.bool;
+#       default = false;
+#       description = ''
+#         Enable Mnt Public for WSL
+#       '';
+#     };
+#   };
+
+#   config = mkIf cfg.enable {
+
+#   }

hosts/common/secrets.yaml

@@ -1,4 +1,4 @@
-hello: ENC[AES256_GCM,data:YCv2DmmbLK0J/bfIETFAigdBYNA4ngz/hjxurUenY+8X0k/nFfPFMYo2T2SJgek=,iv:EwMz6ZkRZrPkGLUmTEkAVaqFXpBLP3Ur4A7buPOlmyE=,tag:9mKTqjVawZBXDxx1iUx65Q==,type:str]
+sstent_password: ENC[AES256_GCM,data:WBVW5fBqfKqI,iv:v/MHSgaCM5F2++OPbidVF75UH6fJeWJlj5PaZhZRiTU=,tag:9CNHHvQBHUmVhZ29bo8dOg==,type:str]
 example_key: ENC[AES256_GCM,data:nFMTN2mxDyCuWTB3CQ==,iv:1C2I7tSW15sGOdfiL1GvIOmCUeH5QgNI3zUWUBiqz3U=,tag:M3jaoS71WOTRe7JH2IFoow==,type:str]
 #ENC[AES256_GCM,data:kmiX4PQr6LCSeIAnaWg5Vg==,iv:bYDdcMQyfKWgw6nqMaVTRPdKaukinOVifRcissdN7EI=,tag:An6CITxn5+g2DH2yxRKnnw==,type:comment]
 example_array:
@@ -50,8 +50,8 @@ sops:
             NVRURnUyUFA4OC80K2NqWDNlcW1nSVkKJDwadryzf4gpv+Ije54EL4XCiJh8DCVa
             Kw9VPkU6WbpT8DMEUkvaydVhJm9QkT7XVAPd8xNh/INsCWhMHZsD2g==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-02-25T04:46:09Z"
-    mac: ENC[AES256_GCM,data:J/BYh7T+5uXVE3BHj6uQ/o1c3p9B+M5oqBD6v8qxirEAlfCtMcciE93nXF0Gx9fln4rD3tt6YU24oT6/546F2TrWViAamRTDiyACs0gCbE+W7kp0AdcpjlBj4rL4pyYUGwDXZfLXKLpVWztx2O0XwIwoRX+FhjEpvkVvmy/6Acg=,iv:A5xEdkvuD9IO7QL7ZMtdSsxXP6NThgmBwquF14T/HGg=,tag:SzrscVaBPIg+gbMuwMcROA==,type:str]
+    lastmodified: "2023-02-25T12:39:29Z"
+    mac: ENC[AES256_GCM,data:s/GL2GLHc40rJpi8E1mf8O3WMr0wl8M2E4wYlmf42U4Jzta3dXADieBPm/Ezb8Gz3PHehtsmpn7xqJR4eIg7f6aAA5+Twcq3yRrHdALrjiW9c2sK8zso4JrRLGhXvCXqbYyFh5qXl1QmOX7dndVEvgWu3GGLe2FY1UMUhgbn6Dc=,iv:64NAs7pT0CvRJ/3/NYgml0G3sYx2L9spvjDBFl9srws=,tag:X8Eeqo2K+fnQ1hOHuNU9zw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3

hosts/common/user-sstent.nix

@@ -1,10 +1,15 @@
 { inputs, lib, config, ... }:
 {
 
+  sops.secrets.sstent_password = {
+    #sopsFile = ./secrets.yaml;
+    neededForUsers = true;
+  };
 
     users.users = {
       sstent = {
-        initialPassword = "farscape5";
+        # initialPassword = "farscape5";
+        passwordFile = config.sops.secrets.sstent_password.path;
         isNormalUser = true;
         openssh.authorizedKeys.keys = [
           "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+D4o3mL4BQsRr0UIhB1hn0brSTIJ9Lr0m2fMMVGF3tIuEihnmwGTeAX78q5/bmoo4gZy7G+CHal54S1lY8LY1KvmIDCpPJ8848HvLbTiTX3qZ7Mjaav+Ox9eHMwX+7zkPwdhfP8TDvmNe12j1GEKBhAm+FhdBQCbEV7cbm1SkX0+WBGoVvI2qbRm1RF0mOuTAmO3Lr2YeAcKJ21YxwNMv1Qrj7oxGYH9rLHLNwZ/0soIdTC9cikl4DHyvCs4HRYcVw36uuCVc/AyIT2GeETRapAQr8nzT89Haa1IThgZ9ztjSsSSOtrUhxatlMIfTIpVjl/gWq7GLfqd/ei/evTal sstent@StuPC"

hosts/wsl2/default.nix

@@ -3,6 +3,7 @@
   imports = [
     ../common
     ../common/mnt-public.nix
+    ../common/user-sstent.nix
       inputs.nixos-wsl.nixosModules.wsl
   ];
 
@@ -22,18 +23,6 @@
     # docker-desktop.enable = true;
   };
   
-  # environment.systemPackages = [
-  #   pkgs.socat
-  #   pkgs.npiperelay
-  #   #pkgs.wsl-ssh-agent-relay
-  # ];
-
-  # nixpkgs.config.packageOverrides = pkgs:
-  #   with pkgs; rec {
-  #     npiperelay = callPackage ../../pkgs/npiperelay { };
-  #     #wsl-ssh-agent-relay = callPackage ../../pkgs/wsl-ssh-agent-relay { };
-  #   };
-
    systemd.services.nixs-wsl-systemd-fix = {
     description = "Fix the /dev/shm symlink to be a mount";
     unitConfig = {