thiago/nix-conf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add sops, nitrokey support, update deps

Browse source 
* add `.sops.yaml`, secrets, pgp keys
* add nitrokey + smartcard pkgs, udev rules
* update flake inputs
* comment out ollama-cuda
This commit is contained in:
Thiago Sposito 2025-09-24 00:48:23 -03:00
parent 0f49cae653
commit 2a8494b24b
Signed by: thiago
GPG key ID: 3065EA73A976D430
9 changed files with 31 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.sops.yaml Normal file
View file

@ -0,0 +1,6 @@
creation_rules:
- path_regex: secrets/.*$
key_groups:
- pgp:
- "B18A04BEE8CC097A9A1F692D459A665D838AC3F3"
- "F7508C2BD420864F27996BF4D1C47EF7DDD3DF93"

18
flake.lock generated
View file

@ -46,11 +46,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1758375677, "lastModified": 1758676806,
"narHash": "sha256-BLtD+6qWz7fQjPk2wpwyXQLGI0E30Ikgf2ppn2nVadI=", "narHash": "sha256-XhSTUBFOtuumxAUVxTVD5k7nE/FgK11YUxAgzNQcmLU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "edc7468e12be92e926847cb02418e649b02b59dd", "rev": "676c0159ed51d10489a249ecdc61e115c2a90d03",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -90,11 +90,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1758277210, "lastModified": 1758427187,
"narHash": "sha256-iCGWf/LTy+aY0zFu8q12lK8KuZp7yvdhStehhyX1v8w=", "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8eaee110344796db060382e15d3af0a9fc396e0e", "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -114,11 +114,11 @@
"systems": "systems_2" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1758405527, "lastModified": 1758665797,
"narHash": "sha256-3OMGX/chlzLpL7OMjXUfcI+xGu5GMeldCnBQ5kM9lZE=", "narHash": "sha256-RIN05AhWIFCXL2OOXGoFdF/k8Q6OBhi/WcRtsYuTF5Q=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "fd0c42355026185678e93bca152cbdb3b1a67563", "rev": "0c15f88f1fc01c8799c5ce2a432fadc47f20e307",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
home-manager/home.nix
View file

@ -35,9 +35,11 @@
libinput libinput
nerd-fonts.fira-code nerd-fonts.fira-code
nil nil
nitrokey-app2
nixd nixd
nixpkgs-fmt nixpkgs-fmt
nixfmt-rfc-style nixfmt-rfc-style
nodejs_20
nordic nordic
obsidian obsidian
pinentry-curses pinentry-curses

2
home-manager/nixstation.nix
View file

@ -11,7 +11,6 @@
pkg: pkg:
builtins.elem (lib.getName pkg) [ builtins.elem (lib.getName pkg) [
"code-cursor" "code-cursor"
"ollama-cuda"
"steam-original" "steam-original"
"steam-run" "steam-run"
"steam" "steam"
@ -20,7 +19,6 @@
home.packages = with pkgs; [ home.packages = with pkgs; [
heroic heroic
ollama-cuda
steam steam
]; ];
} }

1
home-manager/zsh.nix
View file

@ -17,6 +17,7 @@
initContent = '' initContent = ''
eval "$(direnv hook zsh)" eval "$(direnv hook zsh)"
export GPG_TTY=$(tty) export GPG_TTY=$(tty)
export EDITOR="nvim -n -c 'set noswapfile nobackup nowritebackup'"
''; '';
shellAliases = { shellAliases = {

2
hosts/Nixbook/default.nix
View file

@ -89,8 +89,6 @@
defaultSession = "gnome"; defaultSession = "gnome";
}; };
udev.packages = [ pkgs.libwacom ];
avahi = { avahi = {
enable = true; enable = true;
nssmdns4 = true; nssmdns4 = true;

2
hosts/Nixstation/default.nix
View file

@ -90,7 +90,7 @@
gdm.wayland = true; gdm.wayland = true;
defaultSession = "gnome"; defaultSession = "gnome";
}; };
udev.packages = [ pkgs.libwacom ];
avahi = { avahi = {
enable = true; enable = true;
nssmdns4 = true; nssmdns4 = true;

13
hosts/common/default.nix
View file

@ -16,17 +16,22 @@
value.source = value.flake; value.source = value.flake;
}) config.nix.registry; }) config.nix.registry;
systemPackages = with pkgs; [ systemPackages = with pkgs; [
ccid
exfat exfat
file file
fuse3 fuse3
gcsfuse gcsfuse
git git
gnupg gnupg
hidapi
home-manager home-manager
keymapp keymapp
libnitrokey
libusb1
opensc opensc
pciutils pciutils
pcsc-safenet pcsc-safenet
pcsclite
pcsctools pcsctools
pkcs11helper pkcs11helper
rclone rclone
@ -45,7 +50,7 @@
nixPath = [ "/etc/nix/path" ]; nixPath = [ "/etc/nix/path" ];
settings = { settings = {
download-buffer-size = "512MiB"; download-buffer-size = "512M";
experimental-features = "nix-command flakes"; experimental-features = "nix-command flakes";
auto-optimise-store = true; auto-optimise-store = true;
}; };
@ -65,10 +70,14 @@
pcscd.enable = true; pcscd.enable = true;
# xserver.displayManager.sessionCommands = # xserver.displayManager.sessionCommands =
# "${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 64 = Alt_L'"; # "${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 64 = Alt_L'";
udev.packages = [
pkgs.libwacom
pkgs.nitrokey-udev-rules
];
}; };
users.groups.scard = { }; users.groups.scard = { };
time.timeZone = "America/Sao_Paulo"; time.timeZone = "America/Sao_Paulo";
users.defaultUserShell = pkgs.zsh; users.defaultUserShell = pkgs.zsh;
} }

1
secrets Submodule

@ -0,0 +1 @@
Subproject commit b9fbd96fec611e4c85a129150a2d0e01242be6b2