sstent/vmimages
1
0
Fork 0
mirror of https://github.com/sstent/vmimages.git synced 2025-12-06 06:01:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

sync

Browse Source
This commit is contained in:
sstent
2023-02-25 14:11:26 +00:00
parent 4f76414d98
commit f97dffa027
24 changed files with 158 additions and 524 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.sops.yaml
View File

@@ -3,6 +3,7 @@ keys:
- &STUPC_WSL_UBUNTU_2204 age1jvf8rd8krchw3ph0w2let8clvyuzcdhq2ug6sm7tx86refc2z5vq4w6lxr - &STUPC_WSL_UBUNTU_2204 age1jvf8rd8krchw3ph0w2let8clvyuzcdhq2ug6sm7tx86refc2z5vq4w6lxr
- &STUPC_WSL_NIXOS age1e0g0rrfdmp5f8f4xgkyp8zgxw2v5t3ldlm2t822xekdz0z6qj49q6aesuw - &STUPC_WSL_NIXOS age1e0g0rrfdmp5f8f4xgkyp8zgxw2v5t3ldlm2t822xekdz0z6qj49q6aesuw
- &GO3_WSL_NIXOS age187fdx6pc2559tjh03jrcwp6yj8whd70h666g8a0ptyr0z49tfcsssdx6au - &GO3_WSL_NIXOS age187fdx6pc2559tjh03jrcwp6yj8whd70h666g8a0ptyr0z49tfcsssdx6au
- &STU_ID age1r86w07gy3nm2ltkqx7wcv94wzneeqmqvcm88nzw4g902kdgwgvdqvjumrj
creation_rules: creation_rules:
- path_regex: secrets.yaml$ - path_regex: secrets.yaml$
key_groups: key_groups:
@@ -10,4 +11,5 @@ creation_rules:
- *adminkey - *adminkey
- *STUPC_WSL_UBUNTU_2204 - *STUPC_WSL_UBUNTU_2204
- *STUPC_WSL_NIXOS - *STUPC_WSL_NIXOS
- *GO3_WSL_NIXOS - *GO3_WSL_NIXOS
- *STU_ID

2
flake.nix
View File

@@ -65,7 +65,7 @@
extraSpecialArgs = { inherit inputs outputs; }; extraSpecialArgs = { inherit inputs outputs; };
modules = [ modules = [
# > Our main home-manager configuration file < # > Our main home-manager configuration file <
./home-manager/sstent.nix ./home-manager/users/sstent
]; ];
}; };
}; };

16
mods-old/home-manager/beets.nix → home-manager/beets.nix
View File

@@ -1,21 +1,6 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
home-manager.users."sstent" = {
# xdg.configFile."beets/discogs_token.test".source = "/run/secrets/discogs_json";
# xdg.configFile."beets/discogs_token.test".source = config.sops.secrets.discogs_json.path;
# xdg.configFile."beets/discogs_token.test".source = config.lib.file.mkOutOfStoreSymlink "${config.sops.secrets.discogs_json.path}";
# home.activation.afterWriteBoundary = {
# after = [ "writeBoundary" ];
# before = [];
# data = ''
# if [ ! -L "~/.config/beets/t3" ]; then
# echo "=> File doesn't exist"
# ln -s /run/secrets/discogs_json ~/.config/beets/discogs_token.json
# fi
# '';
# };
programs.beets = { programs.beets = {
enable = true; enable = true;
settings = { settings = {
@@ -162,6 +147,5 @@
}; };
}; };
};
} }

26
home-manager/global/default.nix
View File

@@ -0,0 +1,26 @@
{ inputs, lib, pkgs, config, outputs, ... }:
{
imports = [
] ++ (builtins.attrValues outputs.homeManagerModules);
nixpkgs = {
overlays = builtins.attrValues outputs.overlays;
config = {
allowUnfree = true;
allowUnfreePredicate = (_: true);
};
};
nix = {
package = lib.mkDefault pkgs.nix;
settings = {
experimental-features = [ "nix-command" "flakes" "repl-flake" ];
warn-dirty = false;
};
};
programs = {
home-manager.enable = true;
git.enable = true;
};
}

63
home-manager/home.nix
View File

@@ -1,63 +0,0 @@
# This is your home-manager configuration file
# Use this to configure your home environment (it replaces ~/.config/nixpkgs/home.nix)
{ inputs, outputs, lib, config, pkgs, ... }: {
# You can import other home-manager modules here
imports = [
# If you want to use modules your own flake exports (from modules/home-manager):
# outputs.homeManagerModules.example
# Or modules exported from other flakes (such as nix-colors):
# inputs.nix-colors.homeManagerModules.default
# You can also split up your configuration and import pieces of it here:
# ./nvim.nix
];
nixpkgs = {
# You can add overlays here
overlays = [
# Add overlays your own flake exports (from overlays and pkgs dir):
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.unstable-packages
# You can also add overlays exported from other flakes:
# neovim-nightly-overlay.overlays.default
# Or define it inline, for example:
# (final: prev: {
# hi = final.hello.overrideAttrs (oldAttrs: {
# patches = [ ./change-hello-to-hi.patch ];
# });
# })
];
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
# Workaround for https://github.com/nix-community/home-manager/issues/2942
allowUnfreePredicate = (_: true);
};
};
# TODO: Set your username
home = {
username = "your-username";
homeDirectory = "/home/your-username";
};
# Add stuff for your user as you see fit:
# programs.neovim.enable = true;
# home.packages = with pkgs; [ steam ];
# Enable home-manager and git
programs.home-manager.enable = true;
programs.git.enable = true;
# Nicely reload system units when changing configs
systemd.user.startServices = "sd-switch";
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
home.stateVersion = "22.11";
}

75
home-manager/sstent.nix → home-manager/users/sstent/default.nix
View File

@@ -3,13 +3,28 @@
{ inputs, outputs, lib, config, pkgs, ... }: { { inputs, outputs, lib, config, pkgs, ... }: {
imports = [ imports = [
./global ../../global
../../beets.nix
]; ];
home.username = "sstent"; home.username = "sstent";
home.homeDirectory = "/home/sstent"; home.homeDirectory = "/home/sstent";
home.stateVersion = "23.05"; home.stateVersion = "23.05";
sops = {
age.sshKeyPaths = [ "/home/sstent/.ssh/" ];
defaultSopsFile = ./secrets.yaml;
secrets.test = {
# sopsFile = ./secrets.yml.enc; # optionally define per-secret files
# %r gets replaced with a runtime directory, use %% to specify a '%'
# sign. Runtime dir is $XDG_RUNTIME_DIR on linux and $(getconf
# DARWIN_USER_TEMP_DIR) on darwin.
path = "%r/test.txt";
};
};
# Let Home Manager install and manage itself. # Let Home Manager install and manage itself.
programs.home-manager.enable = true; programs.home-manager.enable = true;
home.packages = with pkgs; [ home.packages = with pkgs; [
@@ -74,23 +89,6 @@ programs = {
export PATH=$PATH:/bin #Fix for wslpath export PATH=$PATH:/bin #Fix for wslpath
''; '';
}; };
# zsh = {
# enable = true;
# shellAliases = {
# ll = "ls -l";
# update = "sudo nixos-rebuild switch";
# };
# # history = {
# # size = 10000;
# # path = "${config.xdg.dataHome}/zsh/history";
# # };
# oh-my-zsh = {
# enable = true;
# plugins = [ "git" "thefuck" ];
# theme = "robbyrussell";
# };
# };
git = { git = {
enable = true; enable = true;
@@ -107,47 +105,8 @@ programs = {
}; };
}; };
# systemd.user = {
# startServices = true;
# services.ssh-proxy = {
# Unit = { Description = "WSL Proxy"; };
# Service = {
# ExecStart = "${pkgs.writeShellScript "start-proxy" ''
# set -x
# ${pkgs.coreutils}/bin/rm -f /home/sstent/.ssh/wsl-ssh-agent.sock
# ${pkgs.util-linux}/bin/setsid ${pkgs.socat}/bin/socat UNIX-LISTEN:/home/sstent/.ssh/wsl-ssh-agent.sock,fork EXEC:"${pkgs.npiperelay}/bin/npiperelay.exe -ei -s //./pipe/openssh-ssh-agent",nofork
# ''}";
# };
# #Install = { WantedBy = [ "default.target" ]; };
# };
# };
} }
# homeage = {
# # Absolute path to identity (created not through home-manager)
# identityPaths = [ "~/.ssh/id_ed25519" ];
# # "activation" if system doesn't support systemd
# installationType = "systemd";
# file."pijulsecretkey" = {
# # Path to encrypted file tracked by the git repository
# source = ./secretkey.json.age;
# symlinks = [ "${config.xdg.configHome}/pijul/secretkey.json" ];
# copies = [ "${config.xdg.configHome}/no-symlink-support/secretkey.json" ];
# };
# };
# imports = [ homeage.homeManagerModules.homeage ];
# }; ### endf home-manager
#######If Gnome #######If Gnome
# config = lib.mkIf config.mymods.gnome.enable { # config = lib.mkIf config.mymods.gnome.enable {
# programs.bash.enable = true; # programs.bash.enable = true;

66
home-manager/users/sstent/secrets.yaml Normal file
View File

@@ -0,0 +1,66 @@
test: ENC[AES256_GCM,data:MXrxw3LMjCGBi0FL2+dkD0X9Zy5rg+YwUJ5awXtHyU2THPT9FCq91GXE46w3Kw==,iv:TPdKm1OA3wkDpAsluNLkV4+UxcWJccrM4RxEwgZYdeY=,tag:6ZGgi7yj08ahYVDEDSTRdg==,type:str]
example_key: ENC[AES256_GCM,data:fdvxCEw8a7dIN7DEBQ==,iv:y48ctWttnKAmk17hv8LYghj/ls3Z6Pmf9uYM2Fa4k7U=,tag:GWQk49rU3w4KN+vXfsolTw==,type:str]
#ENC[AES256_GCM,data:lZfFV3V634IPjn1Hl4XbbQ==,iv:jsU7QrW4hpYDimllcHUsJI8as8eqvUUf9It5YB2qyR0=,tag:lGgki5ETk88DcWDoYCGLlw==,type:comment]
example_array:
- ENC[AES256_GCM,data:Uygqu3jmGb24gUd62fM=,iv:rxu8qWHlniR5QPwMISGTrX3f2fJvnpW0ot6JVdLmwbc=,tag:IFLRHU2nbceQMHL8BH+SGA==,type:str]
- ENC[AES256_GCM,data:QrYVdSUufPqh1Z4PdK4=,iv:Aa4g8erpPmYI480nPFHAZqm0To+kReHlYXX3ksBmtFg=,tag:BakZ4i0cfvCgee7uE/CijQ==,type:str]
example_number: ENC[AES256_GCM,data:dgBeAvtODesgKQ==,iv:r42I6isKq+1sAMUy9aHlSyEaCd6YgRNjxjUOv2PWgCg=,tag:tu9MvwnlI2PYHZAXoP1qBQ==,type:float]
example_booleans:
- ENC[AES256_GCM,data:A+CplA==,iv:+IurcetC1JzfbhTDdVZX4x3cqSQ+Pf14h4yyJNnb/+E=,tag:UKPcp6Ox52AcXheSGbfvKw==,type:bool]
- ENC[AES256_GCM,data:1VT8RWc=,iv:QWfC9a2W4XR6fQVWTmyv+blEgVswXQY4vRPLyL+ZCUg=,tag:sfF2WoBuDx2NhTPY/8wTIQ==,type:bool]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1jvqe2j70h97844nkz34z9k4epx3uahx50cx75ss8mty2dnxlrf7qqv9a0g
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3Rm41Q3UyUllMU3dMbk0y
Mi9Ndk1jRkNkNjVkUDdvYlVjTUh6R2dOTUFNClNHbzZZY05NVlhWZUNGK28wRG9T
dk5kUS90TXJmY0ROQk03VWhVTVpxQ28KLS0tIHV4NVpadW41eU1yRkF1eXVscHlp
czVmRmFtVUd6VDFHQkZJL3NTZUZFWFkKEuFAX+Ggwy8rpJBVeV1mLUXGw1gG9xor
a0qkRQ3VNiGtbmGD+Pra6tFKxEfs0q04qOa7sBuyNqwkmK2VJmlf2g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jvf8rd8krchw3ph0w2let8clvyuzcdhq2ug6sm7tx86refc2z5vq4w6lxr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3VGwwR1BBTlBPZkloS09N
dUFnc0Jaa08wS1N5V3JQd3pMSDk2cUp2WkVZCjIxcDIvRjNjVXJUY2l6dTl3amNL
UVFlVUtmcUtTN0hHakNxT04xeXZHMU0KLS0tIG9tQ0JhdThJRnFVZGVWbVJoUGR3
ZHRZeGVET09hV3NiWjFJamxOdklCSE0K2ceTz1Y7QS6eqbEpI9Z7nF5wsv/33+fX
eUYpAhdJVEe7ClSADJyQ/sZUwOdd2w2+YcpDBlRUD/z562BcxZtNww==
-----END AGE ENCRYPTED FILE-----
- recipient: age1e0g0rrfdmp5f8f4xgkyp8zgxw2v5t3ldlm2t822xekdz0z6qj49q6aesuw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYcENQM3RkSU5WVGtVeldW
VG42aFphRjJjRXZKN0tXZ3RHV1lrY3JMNWljCm9pUlZ0U2pGNUh1RVA4NktBVFhX
TFJsWUhHZ0dXTzNibFgyYnRWaEx1b2sKLS0tIG80QlRoOFliWFcxYWtrZnVkZU15
bHhPYkJQVzkxbmJ0dDVoaUVXK1I0akEKG5IaeRGUaxe9SUPl6JMVRrIu5zj4Uztx
c1rajIUsqdElRFZQaGIimXRYv63MJQrQnmDl6Q1VmoozDZTLbHW87g==
-----END AGE ENCRYPTED FILE-----
- recipient: age187fdx6pc2559tjh03jrcwp6yj8whd70h666g8a0ptyr0z49tfcsssdx6au
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSSHRKa2gzc0I4bENiakZR
RVVjVHc5bTI2UXBuZHNneXE3TkdMWHNWZEFBCjVPQm91V0Mzd2RTV3RSMnlkVXE0
WFA1VzNEdkJUUi9SMldxaVNyQ0tIVHMKLS0tIGZwbHRIdW43WkZ1VGZXTkhjMVJH
YXhVRlpXVC8zVHFVMUprdm1maFZXSDgK8wsMa8MX2cXcmLMLqsm1jg5VWQ9cMJgp
24uz6/KiXj2bKaKWilG1A+2bwEzaYr2/Nr/Oy5FOsNOQ4f070dDuyw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1r86w07gy3nm2ltkqx7wcv94wzneeqmqvcm88nzw4g902kdgwgvdqvjumrj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRnlTbjRxTUxDSjQ5T0Rk
K0JDeFNMaGJSL3V0RjdlZitKazFpTDFaUEg0Ckp5bVg3allyQmlJb3dReW42VXZ0
QzdDcFRRbW8yU21RQ3hYZGc3Mlk5M3MKLS0tIDNPR0o1ZXFEdkpTVjJ4cjZ4VWhl
YmJrOWxXZEtnZkVoRVh6WUlWcStrS1kK7pr+7ymzpr8hiKULpeojmzpadSCufiFQ
It7c2aVHslB8406U3oJ6k6wgMxIkcqIAaVfPklNir9rGAphSlCkVrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-02-25T14:11:19Z"
mac: ENC[AES256_GCM,data:ZQ6xfGZCkp/C+QVDQt9q6L6UNBxcVPhOhnUUVFmmMvH9qrt3vekhg3AIg5FmcNhOKEbZ9r+N0F+24EBZT4a0txnHUJQAHK1XC7iuKB44UpR1obrOKON8XN+Zl/tXvQkTjzo52MwiV/S8tOtmjiG+NTOUESbtQSBFIYSx2uAMQGk=,iv:5U3BIuom17XmbbsZ+mehzkRz88YM9KBctPm3WonePfY=,tag:22YMbAO22M5m8bimjsQOng==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

100
hosts/common/configuration.nix
View File

@@ -1,100 +0,0 @@
# This is your system's configuration file.
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
{ inputs, outputs, lib, config, pkgs, ... }: {
# You can import other NixOS modules here
imports = [
# If you want to use modules your own flake exports (from modules/nixos):
# outputs.nixosModules.example
# Or modules from other flakes (such as nixos-hardware):
# inputs.hardware.nixosModules.common-cpu-amd
# inputs.hardware.nixosModules.common-ssd
# You can also split up your configuration and import pieces of it here:
# ./users.nix
# Import your generated (nixos-generate-config) hardware configuration
./hardware-configuration.nix
];
nixpkgs = {
# You can add overlays here
overlays = [
# Add overlays your own flake exports (from overlays and pkgs dir):
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.unstable-packages
# You can also add overlays exported from other flakes:
# neovim-nightly-overlay.overlays.default
# Or define it inline, for example:
# (final: prev: {
# hi = final.hello.overrideAttrs (oldAttrs: {
# patches = [ ./change-hello-to-hi.patch ];
# });
# })
];
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
};
};
nix = {
# This will add each flake input as a registry
# To make nix3 commands consistent with your flake
registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
# This will additionally add your inputs to the system's legacy channels
# Making legacy nix commands consistent as well, awesome!
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
settings = {
# Enable flakes and new 'nix' command
experimental-features = "nix-command flakes";
# Deduplicate and optimize nix store
auto-optimise-store = true;
};
};
# FIXME: Add the rest of your current configuration
# TODO: Set your hostname
networking.hostName = "your-hostname";
# TODO: This is just an example, be sure to use whatever bootloader you prefer
boot.loader.systemd-boot.enable = true;
# TODO: Configure your system-wide user settings (groups, etc), add more users as needed.
users.users = {
# FIXME: Replace with your username
your-username = {
# TODO: You can set an initial password for your user.
# If you do, you can skip setting a root password by passing '--no-root-passwd' to nixos-install.
# Be sure to change it (using passwd) after rebooting!
initialPassword = "correcthorsebatterystaple";
isNormalUser = true;
openssh.authorizedKeys.keys = [
# TODO: Add your SSH public key(s) here, if you plan on using SSH to connect
];
# TODO: Be sure to add any other groups you need (such as networkmanager, audio, docker, etc)
extraGroups = [ "wheel" ];
};
};
# This setups a SSH server. Very important if you're setting up a headless system.
# Feel free to remove if you don't need it.
services.openssh = {
enable = true;
# Forbid root login through SSH.
permitRootLogin = "no";
# Use keys only. Remove if you want to SSH using password (not recommended)
passwordAuthentication = false;
};
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "22.11";
}

8
hosts/common/default.nix
View File

@@ -11,6 +11,11 @@
home-manager = { home-manager = {
useUserPackages = true; useUserPackages = true;
extraSpecialArgs = { inherit inputs outputs; }; extraSpecialArgs = { inherit inputs outputs; };
sharedModules = [
inputs.sops-nix.homeManagerModules.sops
];
}; };
nixpkgs = { nixpkgs = {
@@ -21,7 +26,8 @@
}; };
programs.fuse.userAllowOther = true; programs.fuse.userAllowOther = true;
security.sudo.wheelNeedsPassword = false;
# nixpkgs.overlays = overlays; # nixpkgs.overlays = overlays;
# Enable nix flakes # Enable nix flakes
nix.package = pkgs.nixFlakes; nix.package = pkgs.nixFlakes;

23
hosts/common/mnt-public.nix
View File

@@ -7,4 +7,25 @@
# options = ["uid=0,gid=1000"]; # options = ["uid=0,gid=1000"];
options = ["guest" "uid=1000"]; options = ["guest" "uid=1000"];
}; };
} }
# { lib, pkgs, config, ... }:
# with lib;
# let cfg = config.services.ssh-proxy;
# in {
# options.services.ssh-proxy = {
# enable = mkOption {
# type = types.bool;
# default = false;
# description = ''
# Enable Mnt Public for WSL
# '';
# };
# };
# config = mkIf cfg.enable {
# }

6
hosts/common/secrets.yaml
View File

@@ -1,4 +1,4 @@
hello: ENC[AES256_GCM,data:YCv2DmmbLK0J/bfIETFAigdBYNA4ngz/hjxurUenY+8X0k/nFfPFMYo2T2SJgek=,iv:EwMz6ZkRZrPkGLUmTEkAVaqFXpBLP3Ur4A7buPOlmyE=,tag:9mKTqjVawZBXDxx1iUx65Q==,type:str] sstent_password: ENC[AES256_GCM,data:WBVW5fBqfKqI,iv:v/MHSgaCM5F2++OPbidVF75UH6fJeWJlj5PaZhZRiTU=,tag:9CNHHvQBHUmVhZ29bo8dOg==,type:str]
example_key: ENC[AES256_GCM,data:nFMTN2mxDyCuWTB3CQ==,iv:1C2I7tSW15sGOdfiL1GvIOmCUeH5QgNI3zUWUBiqz3U=,tag:M3jaoS71WOTRe7JH2IFoow==,type:str] example_key: ENC[AES256_GCM,data:nFMTN2mxDyCuWTB3CQ==,iv:1C2I7tSW15sGOdfiL1GvIOmCUeH5QgNI3zUWUBiqz3U=,tag:M3jaoS71WOTRe7JH2IFoow==,type:str]
#ENC[AES256_GCM,data:kmiX4PQr6LCSeIAnaWg5Vg==,iv:bYDdcMQyfKWgw6nqMaVTRPdKaukinOVifRcissdN7EI=,tag:An6CITxn5+g2DH2yxRKnnw==,type:comment] #ENC[AES256_GCM,data:kmiX4PQr6LCSeIAnaWg5Vg==,iv:bYDdcMQyfKWgw6nqMaVTRPdKaukinOVifRcissdN7EI=,tag:An6CITxn5+g2DH2yxRKnnw==,type:comment]
example_array: example_array:
@@ -50,8 +50,8 @@ sops:
NVRURnUyUFA4OC80K2NqWDNlcW1nSVkKJDwadryzf4gpv+Ije54EL4XCiJh8DCVa NVRURnUyUFA4OC80K2NqWDNlcW1nSVkKJDwadryzf4gpv+Ije54EL4XCiJh8DCVa
Kw9VPkU6WbpT8DMEUkvaydVhJm9QkT7XVAPd8xNh/INsCWhMHZsD2g== Kw9VPkU6WbpT8DMEUkvaydVhJm9QkT7XVAPd8xNh/INsCWhMHZsD2g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-02-25T04:46:09Z" lastmodified: "2023-02-25T12:39:29Z"
mac: ENC[AES256_GCM,data:J/BYh7T+5uXVE3BHj6uQ/o1c3p9B+M5oqBD6v8qxirEAlfCtMcciE93nXF0Gx9fln4rD3tt6YU24oT6/546F2TrWViAamRTDiyACs0gCbE+W7kp0AdcpjlBj4rL4pyYUGwDXZfLXKLpVWztx2O0XwIwoRX+FhjEpvkVvmy/6Acg=,iv:A5xEdkvuD9IO7QL7ZMtdSsxXP6NThgmBwquF14T/HGg=,tag:SzrscVaBPIg+gbMuwMcROA==,type:str] mac: ENC[AES256_GCM,data:s/GL2GLHc40rJpi8E1mf8O3WMr0wl8M2E4wYlmf42U4Jzta3dXADieBPm/Ezb8Gz3PHehtsmpn7xqJR4eIg7f6aAA5+Twcq3yRrHdALrjiW9c2sK8zso4JrRLGhXvCXqbYyFh5qXl1QmOX7dndVEvgWu3GGLe2FY1UMUhgbn6Dc=,iv:64NAs7pT0CvRJ/3/NYgml0G3sYx2L9spvjDBFl9srws=,tag:X8Eeqo2K+fnQ1hOHuNU9zw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.7.3

7
hosts/common/user-sstent.nix
View File

@@ -1,10 +1,15 @@
{ inputs, lib, config, ... }: { inputs, lib, config, ... }:
{ {
sops.secrets.sstent_password = {
#sopsFile = ./secrets.yaml;
neededForUsers = true;
};
users.users = { users.users = {
sstent = { sstent = {
initialPassword = "farscape5"; # initialPassword = "farscape5";
passwordFile = config.sops.secrets.sstent_password.path;
isNormalUser = true; isNormalUser = true;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+D4o3mL4BQsRr0UIhB1hn0brSTIJ9Lr0m2fMMVGF3tIuEihnmwGTeAX78q5/bmoo4gZy7G+CHal54S1lY8LY1KvmIDCpPJ8848HvLbTiTX3qZ7Mjaav+Ox9eHMwX+7zkPwdhfP8TDvmNe12j1GEKBhAm+FhdBQCbEV7cbm1SkX0+WBGoVvI2qbRm1RF0mOuTAmO3Lr2YeAcKJ21YxwNMv1Qrj7oxGYH9rLHLNwZ/0soIdTC9cikl4DHyvCs4HRYcVw36uuCVc/AyIT2GeETRapAQr8nzT89Haa1IThgZ9ztjSsSSOtrUhxatlMIfTIpVjl/gWq7GLfqd/ei/evTal sstent@StuPC" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+D4o3mL4BQsRr0UIhB1hn0brSTIJ9Lr0m2fMMVGF3tIuEihnmwGTeAX78q5/bmoo4gZy7G+CHal54S1lY8LY1KvmIDCpPJ8848HvLbTiTX3qZ7Mjaav+Ox9eHMwX+7zkPwdhfP8TDvmNe12j1GEKBhAm+FhdBQCbEV7cbm1SkX0+WBGoVvI2qbRm1RF0mOuTAmO3Lr2YeAcKJ21YxwNMv1Qrj7oxGYH9rLHLNwZ/0soIdTC9cikl4DHyvCs4HRYcVw36uuCVc/AyIT2GeETRapAQr8nzT89Haa1IThgZ9ztjSsSSOtrUhxatlMIfTIpVjl/gWq7GLfqd/ei/evTal sstent@StuPC"

13
hosts/wsl2/default.nix
View File

@@ -3,6 +3,7 @@
imports = [ imports = [
../common ../common
../common/mnt-public.nix ../common/mnt-public.nix
../common/user-sstent.nix
inputs.nixos-wsl.nixosModules.wsl inputs.nixos-wsl.nixosModules.wsl
]; ];
@@ -22,18 +23,6 @@
# docker-desktop.enable = true; # docker-desktop.enable = true;
}; };
# environment.systemPackages = [
# pkgs.socat
# pkgs.npiperelay
# #pkgs.wsl-ssh-agent-relay
# ];
# nixpkgs.config.packageOverrides = pkgs:
# with pkgs; rec {
# npiperelay = callPackage ../../pkgs/npiperelay { };
# #wsl-ssh-agent-relay = callPackage ../../pkgs/wsl-ssh-agent-relay { };
# };
systemd.services.nixs-wsl-systemd-fix = { systemd.services.nixs-wsl-systemd-fix = {
description = "Fix the /dev/shm symlink to be a mount"; description = "Fix the /dev/shm symlink to be a mount";
unitConfig = { unitConfig = {

22
mods-old/base.nix
View File

@@ -1,22 +0,0 @@
# This is your system's configuration file.
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
{ lib, config, pkgs, inputs, ... }: {
security.sudo.wheelNeedsPassword = false;
environment.systemPackages =
[ pkgs.cifs-utils];
users.users = {
sstent = {
initialPassword = "farscape5";
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+D4o3mL4BQsRr0UIhB1hn0brSTIJ9Lr0m2fMMVGF3tIuEihnmwGTeAX78q5/bmoo4gZy7G+CHal54S1lY8LY1KvmIDCpPJ8848HvLbTiTX3qZ7Mjaav+Ox9eHMwX+7zkPwdhfP8TDvmNe12j1GEKBhAm+FhdBQCbEV7cbm1SkX0+WBGoVvI2qbRm1RF0mOuTAmO3Lr2YeAcKJ21YxwNMv1Qrj7oxGYH9rLHLNwZ/0soIdTC9cikl4DHyvCs4HRYcVw36uuCVc/AyIT2GeETRapAQr8nzT89Haa1IThgZ9ztjSsSSOtrUhxatlMIfTIpVjl/gWq7GLfqd/ei/evTal sstent@StuPC"
];
extraGroups = [ "wheel" "video" ];
};
};
}

9
mods-old/default.nix
View File

@@ -1,9 +0,0 @@
{...}: {
imports = [
# New module organization
./gnome
./home-manager
./base.nix
./ssh.nix
];
}

9
mods-old/home-manager/default.nix
View File

@@ -1,9 +0,0 @@
{...}: {
imports = [
# New module organization
./sstent.nix
./beets.nix
# homeage.homeManagerModules.homeage
];
}

13
mods-old/home-manager/nicotine.nix
View File

@@ -1,13 +0,0 @@
{ lib, config, pkgs, ... }:
{
options.mymods.nicotine.enable = lib.mkEnableOption "Enable Nicotine";
# config.home-manager = lib.mkIf config.mymods.nicotine.enable {
# home.packages = with pkgs; [
# nicotine-plus
# ];
# xdg.configFile."nicotine/config.old".source = ./configs/nicotine;
# };
}

6
mods-old/modules-list.nix
View File

@@ -1,6 +0,0 @@
[
./gnome
./home-manager
./base.nix
./ssh.nix
]

2
modules/home-manager/ssh-proxy.nix
View File

@@ -29,7 +29,7 @@ in {
Unit = { Description = "WSL Proxy"; }; Unit = { Description = "WSL Proxy"; };
Service = { Service = {
ExecStart = "${pkgs.writeShellScript "start-proxy" '' ExecStart = "${pkgs.writeShellScript "start-proxy" ''
set -x # set -x
${pkgs.coreutils}/bin/rm -f /home/sstent/.ssh/wsl-ssh-agent.sock ${pkgs.coreutils}/bin/rm -f /home/sstent/.ssh/wsl-ssh-agent.sock
${pkgs.util-linux}/bin/setsid ${pkgs.socat}/bin/socat UNIX-LISTEN:/home/sstent/.ssh/wsl-ssh-agent.sock,fork EXEC:"${pkgs.npiperelay}/bin/npiperelay.exe -ei -s //./pipe/openssh-ssh-agent",nofork ${pkgs.util-linux}/bin/setsid ${pkgs.socat}/bin/socat UNIX-LISTEN:/home/sstent/.ssh/wsl-ssh-agent.sock,fork EXEC:"${pkgs.npiperelay}/bin/npiperelay.exe -ei -s //./pipe/openssh-ssh-agent",nofork
''}"; ''}";

0
mods-old/ssh.nix → modules/nixos/ssh.nix
View File

26
pkgs-old/wsl-ssh-agent-relay/default.nix
View File

@@ -1,26 +0,0 @@
{ lib, stdenv, pkgs }:
stdenv.mkDerivation rec {
name = "wsl-ssh-agent-relay";
version = "0.1";
src = ./wsl-ssh-agent-relay;
nativeBuildInputs = [pkgs.makeWrapper pkgs.dpkg];
# phases = ["installPhase" ];
unpackCmd = ''
# $curSrc is the variable that contains the path to our source.
mkdir wsl-ssh-agent-relay-src
# We rename the file here, because when nix adds files to the
# store it adds a hash, which obviously we don't want for our
# shell script.
cp $curSrc wsl-ssh-agent-relay-src/wsl-ssh-agent-relay
'';
installPhase = ''
install -Dm755 wsl-ssh-agent-relay $out/bin/wsl-ssh-agent-relay
wrapProgram $out/bin/wsl-ssh-agent-relay --prefix PATH : $out/bin
'';
}

180
pkgs-old/wsl-ssh-agent-relay/wsl-ssh-agent-relay
View File

@@ -1,180 +0,0 @@
#!/bin/bash
#### Add following lines to your shell rc file (.zshrc .bashrc)
# ${HOME}/.local/bin/wsl-ssh-agent-relay start
# export SSH_AUTH_SOCK=${HOME}/.ssh/wsl-ssh-agent.sock
# If you do not want the ssh agent relay require your ssh agent
# to be running at the time relay is started add the option -s
# to wsl-ssh-agent-relay.
# For debugging startup problems uncomment next line
exec 2> >(tee -a -i "$HOME/error.log")
#### Assuming ~/winhome links to %USERPROFILE on Windows side
RELAY_BIN="/mnt/c/ProgramData/chocolatey/bin/npiperelay.exe"
PIDFILE="${HOME}/.ssh/wsl-ssh-agent-relay.pid"
WSL_AGENT_SSH_SOCK="${HOME}/.ssh/wsl-ssh-agent.sock"
log() {
echo >&2 "$@"
}
is_pid_running() {
if [[ -z "$1" ]]; then
return 1
fi
ps -p "$1" >/dev/null
return $?
}
_cleanup() {
log "Cleaning up relay to ${WSL_AGENT_SSH_SOCK}..."
if is_pid_running "${SOCAT_WSL_AGENT_SSH_PID}"; then
kill -SIGTERM "${SOCAT_WSL_AGENT_SSH_PID}" || log "Failed."
fi
}
die() {
if [[ -n "$1" ]]; then
log "$1"
fi
log "Exiting."
exit 1
}
usage() {
log "Usage: wsl-ssh-agent-relay [OPTIONS] COMMAND"
log ""
log " SUMMARY: Relay Windows openssh named pipe to local SSH socket in order to integrate WSL2 and host."
log " To debug use foreground command"
log ""
log " OPTIONS:"
log " -h|--help this page"
log ""
log " -v|--verbose verbose mode"
log ""
log " -s|--skip-test skip ssh-agent communication test"
log ""
log " COMMAND: start, stop, foreground"
}
fg_opts() {
FG_OPTS=()
# Generate opts for passing it to foreground version
if [[ -n "$VERBOSE" ]]; then
FG_OPTS+=("-v")
fi
if [[ -n "$NO_COM_TEST" ]]; then
FG_OPTS+=("-c")
fi
}
main() {
POSITIONAL=()
VERBOSE=""
SKIP_SSH_TEST=""
while (($# > 0)); do
case "$1" in
-v | --verbose)
VERBOSE="ENABLED"
shift # shift once since flags have no values
;;
-s | --skip-test)
SKIP_SSH_TEST="TRUE"
shift
;;
-h | --help)
usage
exit 0
;;
*) # unknown flag/switch
POSITIONAL+=("$1")
shift
if [[ "${#POSITIONAL[@]}" -gt 1 ]]; then
usage
die
fi
;;
esac
done
set -- "${POSITIONAL[@]}" # restore positional params
if [[ -z "$VERBOSE" ]]; then
QUIET="QUIET"
fi
case "${POSITIONAL[0]}" in
start)
fg_opts
start-stop-daemon --start --oknodo --pidfile "${PIDFILE}" --name wsl-ssh-agent-r --make-pidfile --background --startas "$0" ${VERBOSE:+--verbose} ${QUIET:+--quiet} -- foreground "${FG_OPTS[@]}"
;;
stop)
start-stop-daemon --pidfile "${PIDFILE}" --stop --remove-pidfile ${VERBOSE:+--verbose} ${QUIET:+--quiet}
;;
status)
start-stop-daemon --pidfile "${PIDFILE}" --status ${VERBOSE:+--verbose} ${QUIET:+--quiet}
local result=$?
case $result in
0) log "$0 is running" ;;
1 | 3) log "$0 is not running" ;;
4) log "$0 unable to determine status" ;;
esac
return $result
;;
foreground)
relay
;;
*)
usage
die
;;
esac
}
relay() {
trap _cleanup EXIT
# [[ -f "${RELAY_BIN}" ]] || die "Unable to access ${RELAY_BIN}"
if pgrep -fx "^ssh-agent\s.+" >/dev/null; then
log "Killing previously started local ssh-agent..."
SSH_AGENT_PID="$(pidof ssh-agent)" ssh-agent -k >/dev/null 2>&1
fi
if [ -e "${WSL_AGENT_SSH_SOCK}" ]; then
log "WSL has been shutdown ungracefully, leaving garbage behind"
rm "${WSL_AGENT_SSH_SOCK}"
fi
socat UNIX-LISTEN:"\"${WSL_AGENT_SSH_SOCK}\"",fork EXEC:"\"\'${RELAY_BIN}\' -ei -s \'//./pipe/openssh-ssh-agent\'\"",nofork 1>/dev/null 2>&1 &
SOCAT_WSL_AGENT_SSH_PID="$!"
if ! is_pid_running "${SOCAT_WSL_AGENT_SSH_PID}"; then
log "Relay for ${SOCAT_WSL_AGENT_SSH_PID} failed"
return 1
fi
log "Relay is running with PID: ${SOCAT_WSL_AGENT_SSH_PID}"
if [[ -z "$SKIP_SSH_TEST" ]]; then
log -n "Polling remote ssh-agent..."
SSH_AUTH_SOCK="${WSL_AGENT_SSH_SOCK}" ssh-add -L >/dev/null 2>&1 || die "[$?] Failure communicating with ssh-agent"
log "OK"
fi
# Everything necessary checks, we are ready for actions
log "Entering wait..."
wait ${SOCAT_WSL_AGENT_SSH_PID}
}
main "$@"

2
shell.nix
View File

@@ -5,6 +5,6 @@
default = pkgs.mkShell { default = pkgs.mkShell {
# Enable experimental features without having to specify the argument # Enable experimental features without having to specify the argument
NIX_CONFIG = "experimental-features = nix-command flakes"; NIX_CONFIG = "experimental-features = nix-command flakes";
nativeBuildInputs = with pkgs; [ nix home-manager git ]; nativeBuildInputs = with pkgs; [ nix home-manager git ssh-to-age sops age ];
}; };
} }

4
test Normal file
View File

@@ -0,0 +1,4 @@
TEST
TEST
TEST