From 2a8494b24b89c417d27ac2ad0b51d44aefd22811 Mon Sep 17 00:00:00 2001 From: Thiago Sposito Date: Wed, 24 Sep 2025 00:48:23 -0300 Subject: [PATCH] feat: add sops, nitrokey support, update deps * add `.sops.yaml`, secrets, pgp keys * add nitrokey + smartcard pkgs, udev rules * update flake inputs * comment out ollama-cuda --- .sops.yaml | 6 ++++++ flake.lock | 18 +++++++++--------- home-manager/home.nix | 2 ++ home-manager/nixstation.nix | 2 -- home-manager/zsh.nix | 1 + hosts/Nixbook/default.nix | 2 -- hosts/Nixstation/default.nix | 2 +- hosts/common/default.nix | 13 +++++++++++-- secrets | 1 + 9 files changed, 31 insertions(+), 16 deletions(-) create mode 100644 .sops.yaml create mode 160000 secrets diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..87aec42 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,6 @@ +creation_rules: + - path_regex: secrets/.*$ + key_groups: + - pgp: + - "B18A04BEE8CC097A9A1F692D459A665D838AC3F3" + - "F7508C2BD420864F27996BF4D1C47EF7DDD3DF93" diff --git a/flake.lock b/flake.lock index 386d0a9..e0411cc 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ ] }, "locked": { - "lastModified": 1758375677, - "narHash": "sha256-BLtD+6qWz7fQjPk2wpwyXQLGI0E30Ikgf2ppn2nVadI=", + "lastModified": 1758676806, + "narHash": "sha256-XhSTUBFOtuumxAUVxTVD5k7nE/FgK11YUxAgzNQcmLU=", "owner": "nix-community", "repo": "home-manager", - "rev": "edc7468e12be92e926847cb02418e649b02b59dd", + "rev": "676c0159ed51d10489a249ecdc61e115c2a90d03", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1758277210, - "narHash": "sha256-iCGWf/LTy+aY0zFu8q12lK8KuZp7yvdhStehhyX1v8w=", + "lastModified": 1758427187, + "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8eaee110344796db060382e15d3af0a9fc396e0e", + "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46", "type": "github" }, "original": { @@ -114,11 +114,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1758405527, - "narHash": "sha256-3OMGX/chlzLpL7OMjXUfcI+xGu5GMeldCnBQ5kM9lZE=", + "lastModified": 1758665797, + "narHash": "sha256-RIN05AhWIFCXL2OOXGoFdF/k8Q6OBhi/WcRtsYuTF5Q=", "owner": "nix-community", "repo": "nixvim", - "rev": "fd0c42355026185678e93bca152cbdb3b1a67563", + "rev": "0c15f88f1fc01c8799c5ce2a432fadc47f20e307", "type": "github" }, "original": { diff --git a/home-manager/home.nix b/home-manager/home.nix index da8a45b..6785325 100644 --- a/home-manager/home.nix +++ b/home-manager/home.nix @@ -35,9 +35,11 @@ libinput nerd-fonts.fira-code nil + nitrokey-app2 nixd nixpkgs-fmt nixfmt-rfc-style + nodejs_20 nordic obsidian pinentry-curses diff --git a/home-manager/nixstation.nix b/home-manager/nixstation.nix index 6ccc693..2435dc9 100644 --- a/home-manager/nixstation.nix +++ b/home-manager/nixstation.nix @@ -11,7 +11,6 @@ pkg: builtins.elem (lib.getName pkg) [ "code-cursor" - "ollama-cuda" "steam-original" "steam-run" "steam" @@ -20,7 +19,6 @@ home.packages = with pkgs; [ heroic - ollama-cuda steam ]; } diff --git a/home-manager/zsh.nix b/home-manager/zsh.nix index ac8d7c9..8e778eb 100644 --- a/home-manager/zsh.nix +++ b/home-manager/zsh.nix @@ -17,6 +17,7 @@ initContent = '' eval "$(direnv hook zsh)" export GPG_TTY=$(tty) + export EDITOR="nvim -n -c 'set noswapfile nobackup nowritebackup'" ''; shellAliases = { diff --git a/hosts/Nixbook/default.nix b/hosts/Nixbook/default.nix index e2e08b3..1653cea 100644 --- a/hosts/Nixbook/default.nix +++ b/hosts/Nixbook/default.nix @@ -89,8 +89,6 @@ defaultSession = "gnome"; }; - udev.packages = [ pkgs.libwacom ]; - avahi = { enable = true; nssmdns4 = true; diff --git a/hosts/Nixstation/default.nix b/hosts/Nixstation/default.nix index ab95e7a..7f46a1c 100644 --- a/hosts/Nixstation/default.nix +++ b/hosts/Nixstation/default.nix @@ -90,7 +90,7 @@ gdm.wayland = true; defaultSession = "gnome"; }; - udev.packages = [ pkgs.libwacom ]; + avahi = { enable = true; nssmdns4 = true; diff --git a/hosts/common/default.nix b/hosts/common/default.nix index 2cdbf18..18cac84 100644 --- a/hosts/common/default.nix +++ b/hosts/common/default.nix @@ -16,17 +16,22 @@ value.source = value.flake; }) config.nix.registry; systemPackages = with pkgs; [ + ccid exfat file fuse3 gcsfuse git gnupg + hidapi home-manager keymapp + libnitrokey + libusb1 opensc pciutils pcsc-safenet + pcsclite pcsctools pkcs11helper rclone @@ -45,7 +50,7 @@ nixPath = [ "/etc/nix/path" ]; settings = { - download-buffer-size = "512MiB"; + download-buffer-size = "512M"; experimental-features = "nix-command flakes"; auto-optimise-store = true; }; @@ -65,10 +70,14 @@ pcscd.enable = true; # xserver.displayManager.sessionCommands = # "${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 64 = Alt_L'"; - + udev.packages = [ + pkgs.libwacom + pkgs.nitrokey-udev-rules + ]; }; users.groups.scard = { }; time.timeZone = "America/Sao_Paulo"; + users.defaultUserShell = pkgs.zsh; } diff --git a/secrets b/secrets new file mode 160000 index 0000000..b9fbd96 --- /dev/null +++ b/secrets @@ -0,0 +1 @@ +Subproject commit b9fbd96fec611e4c85a129150a2d0e01242be6b2