thiago/nix-conf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: comment out sops stuff - for now

Browse source
This commit is contained in:
Thiago Sposito 2025-10-12 18:53:39 -03:00
parent 3d5554a8bf
commit 6f7b69d96d
Signed by: thiago
GPG key ID: 3065EA73A976D430
11 changed files with 152 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.gitattributes vendored
View file

@ -1,6 +0,0 @@
*.otf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.jpg filter=lfs diff=lfs merge=lfs -text
*.jpeg filter=lfs diff=lfs merge=lfs -text
*.iso filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text

3
.gitmodules vendored
View file

@ -1,3 +0,0 @@
[submodule "secrets"]
path = secrets
url = git@git.sr.ht:~sposito/secrets

48
flake.lock generated
View file

@ -67,11 +67,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1759169648, "lastModified": 1759967497,
"narHash": "sha256-AfiSm9bNd9Kop85zOr1mL8vb5rA1gbwDQs+Z+Rlxdwc=", "narHash": "sha256-PYD473Ef3v5HNyLKyWroskX87fl6ntgKrzqm+R2Duqo=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "4ab62010bb7c67e300d937d5f17707dd6f00b314", "rev": "f0fa9781aef42ecbcb280b625632e5933ed04d9f",
"revCount": 2, "revCount": 4,
"type": "git", "type": "git",
"url": "https://git.sr.ht/~sposito/icons" "url": "https://git.sr.ht/~sposito/icons"
}, },
@ -175,7 +175,45 @@
"home-manager": "home-manager", "home-manager": "home-manager",
"icons": "icons", "icons": "icons",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixvim": "nixvim" "nixvim": "nixvim",
"secrets": "secrets",
"sops-nix": "sops-nix"
}
},
"secrets": {
"flake": false,
"locked": {
"lastModified": 1760062596,
"narHash": "sha256-nFyr+kOCo9PvdHa9JDTWtMRRqgfOqVUvBSfeyQzqDos=",
"ref": "refs/heads/main",
"rev": "621da7663ad8f975b98b1cdd5756f361e4f4cc05",
"revCount": 2,
"type": "git",
"url": "ssh://git@git.sr.ht/~sposito/secrets"
},
"original": {
"type": "git",
"url": "ssh://git@git.sr.ht/~sposito/secrets"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1759635238,
"narHash": "sha256-UvzKi02LMFP74csFfwLPAZ0mrE7k6EiYaKecplyX9Qk=",
"ref": "refs/heads/master",
"rev": "6e5a38e08a2c31ae687504196a230ae00ea95133",
"revCount": 1047,
"type": "git",
"url": "https://git.sr.ht/~sposito/sops-nix"
},
"original": {
"type": "git",
"url": "https://git.sr.ht/~sposito/sops-nix"
} }
}, },
"systems": { "systems": {

12
flake.nix
View file

@ -16,6 +16,14 @@
url = "github:nix-community/nixvim"; url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
sops-nix = {
url = "git+https://git.sr.ht/~sposito/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
secrets = {
url = "git+ssh://git@git.sr.ht/~sposito/secrets";
flake = false;
};
}; };
outputs = outputs =
@ -56,6 +64,8 @@
extraSpecialArgs = { extraSpecialArgs = {
inherit inputs outputs; inherit inputs outputs;
icons = inputs.icons; icons = inputs.icons;
sops = inputs.sops-nix;
secrets = inputs.secrets;
}; };
modules = [ modules = [
./home-manager/home.nix ./home-manager/home.nix
@ -66,6 +76,8 @@
extraSpecialArgs = { extraSpecialArgs = {
inherit inputs outputs; inherit inputs outputs;
icons = inputs.icons; icons = inputs.icons;
sops = inputs.sops-nix;
secrets = inputs.secrets;
}; };
modules = [ modules = [

40
home-manager/backup.nix Normal file
View file

@ -0,0 +1,40 @@
{ config, lib, pkgs, sops, secrets, ... }:
{
# --- sops secret integration ---
sops.secrets."rclone.conf" = {
sopsFile = secrets + "/rclone.yaml";
format = "yaml";
};
# --- user service ---
systemd.user.services."rclone-backup" = {
Unit = {
Description = "Encrypted rclone backup to Google Drive";
After = [ "network-online.target" ];
};
Service = {
Type = "oneshot";
ExecStart = ''
${pkgs.rclone}/bin/rclone sync \
/home/thiago/Documents \
gcrypt:backup \
--config ${config.sops.secrets."rclone.conf".path} \
--log-file=${config.home.homeDirectory}/.local/share/rclone-backup.log \
--log-level INFO
'';
};
};
# --- timer (every 6 h) ---
systemd.user.timers."rclone-backup" = {
Unit.Description = "Periodic encrypted backup to Google Drive";
Timer = {
OnBootSec = "10m";
OnUnitActiveSec = "6h";
Persistent = true;
};
Install.WantedBy = [ "timers.target" ];
};
}

7
home-manager/home.nix
View file

@ -5,6 +5,7 @@
}: }:
{ {
imports = [ imports = [
# ./backup.nix
./custom.nix ./custom.nix
./gnome ./gnome
./icons.nix ./icons.nix
@ -130,4 +131,10 @@
systemd.user.startServices = "sd-switch"; systemd.user.startServices = "sd-switch";
home.stateVersion = "25.11"; home.stateVersion = "25.11";
# sops configuration
# sops = {
# age.keyFile = "/home/thiago/.config/sops/age/keys.txt";
# gnupg.home = "/home/thiago/.gnupg";
# };
} }

36
home-manager/icons.nix
View file

@ -2,16 +2,30 @@
{ {
home.packages = [ icons.packages.${pkgs.system}.default ]; home.packages = [ icons.packages.${pkgs.system}.default ];
xdg.desktopEntries.kitty = { xdg.desktopEntries = {
name = "Kitty"; kitty = {
exec = "kitty"; name = "Kitty";
icon = "${ exec = "kitty";
icons.packages.${pkgs.system}.default icon = "${
}/share/icons/hicolor/scalable/apps/custom/kitty.svg"; icons.packages.${pkgs.system}.default
terminal = false; }/share/icons/hicolor/scalable/apps/custom/kitty.svg";
categories = [ terminal = false;
"System" categories = [
"TerminalEmulator" "System"
]; "TerminalEmulator"
];
};
xterm = {
name = "UXTerm";
exec = "uxterm";
icon = "${
icons.packages.${pkgs.system}.default
}/share/icons/hicolor/scalable/apps/custom/mini.xterm.svg";
terminal = false;
categories = [
"System"
"TerminalEmulator"
];
};
}; };
} }

2
hosts/Nixstation/default.nix
View file

@ -93,7 +93,7 @@
}; };
avahi = { avahi = {
enable = true; enable = false;
nssmdns4 = true; nssmdns4 = true;
openFirewall = true; openFirewall = true;
extraConfig = '' extraConfig = ''

28
hosts/common/network.nix
View file

@ -1,21 +1,38 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
environment.systemPackages = [ pkgs.opensnitch-ui ];
networking = { networking = {
networkmanager.enable = true; networkmanager.enable = true;
firewall = { firewall = {
enable = true; enable = true;
allowPing = true; allowPing = true;
allowedTCPPorts = [ 2375 4780 11470 25565 ]; allowedTCPPorts = [
allowedUDPPorts = [ 3478 41641 8888 8899 ]; 2375
4780
11470
25565
];
allowedUDPPorts = [
3478
41641
8888
8899
];
}; };
}; };
services = { services = {
opensnitch = {
enable = true;
};
tailscale = { tailscale = {
enable = true; enable = true;
useRoutingFeatures = "client"; useRoutingFeatures = "client";
extraUpFlags = [ "--accept-dns=false" "--reset" ]; extraUpFlags = [
"--accept-dns=false"
"--reset"
];
}; };
openssh.enable = true; openssh.enable = true;
# openssh.settings.X11Forwarding = true; # openssh.settings.X11Forwarding = true;
@ -58,7 +75,10 @@
services.docker.serviceConfig = { services.docker.serviceConfig = {
StandardOutput = "journal"; StandardOutput = "journal";
StandardError = "journal"; StandardError = "journal";
logFilterPatterns = [ ".*skip loading plugin.*" "skip plugin" ]; logFilterPatterns = [
".*skip loading plugin.*"
"skip plugin"
];
}; };
tmpfiles.rules = [ tmpfiles.rules = [
"d /usr/local/share/polkit-1 0755 root root -" "d /usr/local/share/polkit-1 0755 root root -"

0
hosts/husky → hosts/husky.nix
View file

1
secrets

@ -1 +0,0 @@
Subproject commit b9fbd96fec611e4c85a129150a2d0e01242be6b2