chore: comment out sops stuff - for now
This commit is contained in:
parent
3d5554a8bf
commit
6f7b69d96d
GPG key ID:
3065EA73A976D430
11 changed files with 152 additions and 31 deletions
6
.gitattributes
vendored
6
.gitattributes
vendored
|
|
@ -1,6 +0,0 @@
|
|||
*.otf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.jpg filter=lfs diff=lfs merge=lfs -text
|
||||
*.jpeg filter=lfs diff=lfs merge=lfs -text
|
||||
*.iso filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
3
.gitmodules
vendored
3
.gitmodules
vendored
|
|
@ -1,3 +0,0 @@
|
|||
[submodule "secrets"]
|
||||
path = secrets
|
||||
url = git@git.sr.ht:~sposito/secrets
|
||||
48
flake.lock
generated
48
flake.lock
generated
|
|
@ -67,11 +67,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1759169648,
|
||||
"narHash": "sha256-AfiSm9bNd9Kop85zOr1mL8vb5rA1gbwDQs+Z+Rlxdwc=",
|
||||
"lastModified": 1759967497,
|
||||
"narHash": "sha256-PYD473Ef3v5HNyLKyWroskX87fl6ntgKrzqm+R2Duqo=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "4ab62010bb7c67e300d937d5f17707dd6f00b314",
|
||||
"revCount": 2,
|
||||
"rev": "f0fa9781aef42ecbcb280b625632e5933ed04d9f",
|
||||
"revCount": 4,
|
||||
"type": "git",
|
||||
"url": "https://git.sr.ht/~sposito/icons"
|
||||
},
|
||||
|
|
@ -175,7 +175,45 @@
|
|||
"home-manager": "home-manager",
|
||||
"icons": "icons",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixvim": "nixvim"
|
||||
"nixvim": "nixvim",
|
||||
"secrets": "secrets",
|
||||
"sops-nix": "sops-nix"
|
||||
}
|
||||
},
|
||||
"secrets": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1760062596,
|
||||
"narHash": "sha256-nFyr+kOCo9PvdHa9JDTWtMRRqgfOqVUvBSfeyQzqDos=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "621da7663ad8f975b98b1cdd5756f361e4f4cc05",
|
||||
"revCount": 2,
|
||||
"type": "git",
|
||||
"url": "ssh://git@git.sr.ht/~sposito/secrets"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "ssh://git@git.sr.ht/~sposito/secrets"
|
||||
}
|
||||
},
|
||||
"sops-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1759635238,
|
||||
"narHash": "sha256-UvzKi02LMFP74csFfwLPAZ0mrE7k6EiYaKecplyX9Qk=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "6e5a38e08a2c31ae687504196a230ae00ea95133",
|
||||
"revCount": 1047,
|
||||
"type": "git",
|
||||
"url": "https://git.sr.ht/~sposito/sops-nix"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://git.sr.ht/~sposito/sops-nix"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
|
|
|
|||
12
flake.nix
12
flake.nix
|
|
@ -16,6 +16,14 @@
|
|||
url = "github:nix-community/nixvim";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
sops-nix = {
|
||||
url = "git+https://git.sr.ht/~sposito/sops-nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
secrets = {
|
||||
url = "git+ssh://git@git.sr.ht/~sposito/secrets";
|
||||
flake = false;
|
||||
};
|
||||
};
|
||||
|
||||
outputs =
|
||||
|
|
@ -56,6 +64,8 @@
|
|||
extraSpecialArgs = {
|
||||
inherit inputs outputs;
|
||||
icons = inputs.icons;
|
||||
sops = inputs.sops-nix;
|
||||
secrets = inputs.secrets;
|
||||
};
|
||||
modules = [
|
||||
./home-manager/home.nix
|
||||
|
|
@ -66,6 +76,8 @@
|
|||
extraSpecialArgs = {
|
||||
inherit inputs outputs;
|
||||
icons = inputs.icons;
|
||||
sops = inputs.sops-nix;
|
||||
secrets = inputs.secrets;
|
||||
};
|
||||
|
||||
modules = [
|
||||
|
|
|
|||
40
home-manager/backup.nix
Normal file
40
home-manager/backup.nix
Normal file
|
|
@ -0,0 +1,40 @@
|
|||
{ config, lib, pkgs, sops, secrets, ... }:
|
||||
|
||||
{
|
||||
# --- sops secret integration ---
|
||||
sops.secrets."rclone.conf" = {
|
||||
sopsFile = secrets + "/rclone.yaml";
|
||||
format = "yaml";
|
||||
};
|
||||
|
||||
# --- user service ---
|
||||
systemd.user.services."rclone-backup" = {
|
||||
Unit = {
|
||||
Description = "Encrypted rclone backup to Google Drive";
|
||||
After = [ "network-online.target" ];
|
||||
};
|
||||
|
||||
Service = {
|
||||
Type = "oneshot";
|
||||
ExecStart = ''
|
||||
${pkgs.rclone}/bin/rclone sync \
|
||||
/home/thiago/Documents \
|
||||
gcrypt:backup \
|
||||
--config ${config.sops.secrets."rclone.conf".path} \
|
||||
--log-file=${config.home.homeDirectory}/.local/share/rclone-backup.log \
|
||||
--log-level INFO
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
# --- timer (every 6 h) ---
|
||||
systemd.user.timers."rclone-backup" = {
|
||||
Unit.Description = "Periodic encrypted backup to Google Drive";
|
||||
Timer = {
|
||||
OnBootSec = "10m";
|
||||
OnUnitActiveSec = "6h";
|
||||
Persistent = true;
|
||||
};
|
||||
Install.WantedBy = [ "timers.target" ];
|
||||
};
|
||||
}
|
||||
|
|
@ -5,6 +5,7 @@
|
|||
}:
|
||||
{
|
||||
imports = [
|
||||
# ./backup.nix
|
||||
./custom.nix
|
||||
./gnome
|
||||
./icons.nix
|
||||
|
|
@ -130,4 +131,10 @@
|
|||
|
||||
systemd.user.startServices = "sd-switch";
|
||||
home.stateVersion = "25.11";
|
||||
|
||||
# sops configuration
|
||||
# sops = {
|
||||
# age.keyFile = "/home/thiago/.config/sops/age/keys.txt";
|
||||
# gnupg.home = "/home/thiago/.gnupg";
|
||||
# };
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,7 +2,8 @@
|
|||
{
|
||||
home.packages = [ icons.packages.${pkgs.system}.default ];
|
||||
|
||||
xdg.desktopEntries.kitty = {
|
||||
xdg.desktopEntries = {
|
||||
kitty = {
|
||||
name = "Kitty";
|
||||
exec = "kitty";
|
||||
icon = "${
|
||||
|
|
@ -14,4 +15,17 @@
|
|||
"TerminalEmulator"
|
||||
];
|
||||
};
|
||||
xterm = {
|
||||
name = "UXTerm";
|
||||
exec = "uxterm";
|
||||
icon = "${
|
||||
icons.packages.${pkgs.system}.default
|
||||
}/share/icons/hicolor/scalable/apps/custom/mini.xterm.svg";
|
||||
terminal = false;
|
||||
categories = [
|
||||
"System"
|
||||
"TerminalEmulator"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -93,7 +93,7 @@
|
|||
};
|
||||
|
||||
avahi = {
|
||||
enable = true;
|
||||
enable = false;
|
||||
nssmdns4 = true;
|
||||
openFirewall = true;
|
||||
extraConfig = ''
|
||||
|
|
|
|||
|
|
@ -1,21 +1,38 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
environment.systemPackages = [ pkgs.opensnitch-ui ];
|
||||
networking = {
|
||||
networkmanager.enable = true;
|
||||
|
||||
firewall = {
|
||||
enable = true;
|
||||
allowPing = true;
|
||||
allowedTCPPorts = [ 2375 4780 11470 25565 ];
|
||||
allowedUDPPorts = [ 3478 41641 8888 8899 ];
|
||||
allowedTCPPorts = [
|
||||
2375
|
||||
4780
|
||||
11470
|
||||
25565
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
3478
|
||||
41641
|
||||
8888
|
||||
8899
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
opensnitch = {
|
||||
enable = true;
|
||||
};
|
||||
tailscale = {
|
||||
enable = true;
|
||||
useRoutingFeatures = "client";
|
||||
extraUpFlags = [ "--accept-dns=false" "--reset" ];
|
||||
extraUpFlags = [
|
||||
"--accept-dns=false"
|
||||
"--reset"
|
||||
];
|
||||
};
|
||||
openssh.enable = true;
|
||||
# openssh.settings.X11Forwarding = true;
|
||||
|
|
@ -58,7 +75,10 @@
|
|||
services.docker.serviceConfig = {
|
||||
StandardOutput = "journal";
|
||||
StandardError = "journal";
|
||||
logFilterPatterns = [ ".*skip loading plugin.*" "skip plugin" ];
|
||||
logFilterPatterns = [
|
||||
".*skip loading plugin.*"
|
||||
"skip plugin"
|
||||
];
|
||||
};
|
||||
tmpfiles.rules = [
|
||||
"d /usr/local/share/polkit-1 0755 root root -"
|
||||
|
|
|
|||
1
secrets
1
secrets
|
|
@ -1 +0,0 @@
|
|||
Subproject commit b9fbd96fec611e4c85a129150a2d0e01242be6b2
|
||||
Loading…
Add table
Add a link
Reference in a new issue