diff --git a/flake.nix b/flake.nix index dfb3474..e255b99 100644 --- a/flake.nix +++ b/flake.nix @@ -103,11 +103,10 @@ devShells = { bun = import ./hosts/common/shells/bun { inherit pkgs; }; go = import ./hosts/common/shells/go { inherit pkgs; }; - java17 = import ./hosts/common/shells/java17 { inherit pkgs; }; + java = import ./hosts/common/shells/java { inherit pkgs; }; nix = import ./hosts/common/shells/nix { inherit pkgs; }; nodejs = import ./hosts/common/shells/nodejs { inherit pkgs; }; python = import ./hosts/common/shells/python { inherit pkgs; }; - sas = import ./hosts/common/shells/sas { inherit pkgs; }; }; formatter = pkgs.nixfmt-rfc-style; diff --git a/hosts/common/shells/java/default.nix b/hosts/common/shells/java/default.nix new file mode 100644 index 0000000..7ac151d --- /dev/null +++ b/hosts/common/shells/java/default.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: +pkgs.mkShell { + packages = with pkgs; [ jdk ]; + + shellHook = '' + export JAVA_HOME=${pkgs.jdk.home} + ''; +} diff --git a/hosts/common/shells/java17/default.nix b/hosts/common/shells/java17/default.nix deleted file mode 100644 index f6902e3..0000000 --- a/hosts/common/shells/java17/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, ... }: -pkgs.mkShell { - packages = with pkgs; [ - jdk17 - ]; - - shellHook = '' - export JAVA_HOME=${pkgs.jdk17.home} - ''; -} diff --git a/hosts/common/shells/sas/default.nix b/hosts/common/shells/sas/default.nix deleted file mode 100644 index c528f1e..0000000 --- a/hosts/common/shells/sas/default.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ pkgs, ... }: -pkgs.mkShell { - packages = with pkgs; [ - go - gopls - go-tools - golangci-lint - golangci-lint-langserver - jdk17 - ]; - - shellHook = '' - if git rev-parse --is-inside-work-tree &> /dev/null; then - TOP="$(git rev-parse --show-toplevel)" - if ! grep -q "^\.go$" "$TOP/.gitignore" "$TOP/.git/info/exclude"; then echo ".go" >> "$TOP/.git/info/exclude"; fi - if ! grep -q "^\.gradle$" "$TOP/.gitignore" "$TOP/.git/info/exclude"; then echo ".gradle" >> "$TOP/.git/info/exclude"; fi - else - TOP="$(pwd)" - fi - - export GOPATH="$TOP/.go" - export GOPROXY=goproxy.unx.sas.com - export GONOSUMDB=*.sas.com,sassoftware.io - export JAVA_HOME="${pkgs.jdk17.home}" - export GRADLE_USER_HOME="$TOP/.gradle" - mkdir -p "$GRADLE_USER_HOME" && cp -f ~/.gradle/gradle.properties "$GRADLE_USER_HOME/gradle.properties" - ''; -} diff --git a/hosts/eirene/default.nix b/hosts/eirene/default.nix index 9548057..0f0a434 100644 --- a/hosts/eirene/default.nix +++ b/hosts/eirene/default.nix @@ -2,10 +2,11 @@ { imports = [ ../../lib + inputs.disko.nixosModules.disko (import ./format.nix { device = "/dev/disk/by-id/nvme-SAMSUNG_MZVL22T0HBLB-00BL2_S64RNE0R602762"; }) - ./hardware.nix - ./display.nix + ./hardware + ../common/configs/system/bluetooth ../common/configs/system/boot ../common/configs/system/brightnessctl @@ -43,6 +44,7 @@ ../common/configs/system/users ../common/configs/system/wget ../common/configs/system/zsh + ./users/nick ]; diff --git a/hosts/eirene/hardware.nix b/hosts/eirene/hardware/default.nix similarity index 93% rename from hosts/eirene/hardware.nix rename to hosts/eirene/hardware/default.nix index c980609..ae58d1b 100644 --- a/hosts/eirene/hardware.nix +++ b/hosts/eirene/hardware/default.nix @@ -1,5 +1,9 @@ { pkgs, lib, ... }: { + imports = [ + ./display.nix + ]; + # https://github.com/NixOS/nixos-hardware/tree/master/lenovo/legion/16achg6 hardware = { enableAllFirmware = true; @@ -58,7 +62,7 @@ powerManagement.enable = true; - systemd.services.powertop.postStart = builtins.readFile ./configs/system/scripts/mouse.sh; + systemd.services.powertop.postStart = builtins.readFile ./scripts/mouse.sh; services = { xserver.videoDrivers = [ "nvidia" ]; @@ -85,7 +89,7 @@ gestures.workspace_swipe_distance = 600; }; - programs.zsh.loginExtra = lib.mkBefore (builtins.readFile ./configs/system/scripts/card.sh); + programs.zsh.loginExtra = lib.mkBefore (builtins.readFile ./scripts/card.sh); } ]; } diff --git a/hosts/eirene/display.nix b/hosts/eirene/hardware/display.nix similarity index 100% rename from hosts/eirene/display.nix rename to hosts/eirene/hardware/display.nix diff --git a/hosts/eirene/configs/system/scripts/card.sh b/hosts/eirene/hardware/scripts/card.sh similarity index 100% rename from hosts/eirene/configs/system/scripts/card.sh rename to hosts/eirene/hardware/scripts/card.sh diff --git a/hosts/eirene/configs/system/scripts/mouse.sh b/hosts/eirene/hardware/scripts/mouse.sh similarity index 100% rename from hosts/eirene/configs/system/scripts/mouse.sh rename to hosts/eirene/hardware/scripts/mouse.sh diff --git a/hosts/eirene/users/nick/configs/console/git/default.nix b/hosts/eirene/users/nick/configs/console/git/default.nix new file mode 100644 index 0000000..86c8827 --- /dev/null +++ b/hosts/eirene/users/nick/configs/console/git/default.nix @@ -0,0 +1,28 @@ +{ + user ? throw "user argument is required", + home ? throw "home argument is required", +}: +{ ... }: +{ + home-manager.users.${user} = { + sops.secrets = { + "git/credentials" = { + sopsFile = ../../../../../../../secrets/personal/secrets.yaml; + path = "${home}/.config/git/credentials"; + }; + "git/cookies" = { + sopsFile = ../../../../../../../secrets/personal/secrets.yaml; + path = "${home}/.config/git/cookies"; + }; + }; + + programs.ssh.matchBlocks = { + "github.com" = { + hostname = "github.com"; + user = "git"; + identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; + extraOptions.StrictHostKeyChecking = "no"; + }; + }; + }; +} diff --git a/hosts/eirene/users/nick/configs/console/syncthing/default.nix b/hosts/eirene/users/nick/configs/console/syncthing/default.nix new file mode 100644 index 0000000..5816ff8 --- /dev/null +++ b/hosts/eirene/users/nick/configs/console/syncthing/default.nix @@ -0,0 +1,17 @@ +{ + user ? throw "user argument is required", + home ? throw "home argument is required", +}: +{ ... }: +{ + home-manager.users.${user}.services.syncthing.settings.folders = { + official = { + label = "Official"; + path = "${home}/Documents/Official"; + devices = [ + "amalthea" + "ganymede" + ]; + }; + }; +} diff --git a/hosts/eirene/users/nick/configs/gui/obsidian/default.nix b/hosts/eirene/users/nick/configs/gui/obsidian/default.nix new file mode 100644 index 0000000..84080a8 --- /dev/null +++ b/hosts/eirene/users/nick/configs/gui/obsidian/default.nix @@ -0,0 +1,22 @@ +{ + user ? throw "user argument is required", + home ? throw "home argument is required", +}: +{ ... }: +{ + home-manager.users.${user} = { + programs.obsidian.vaults."Documents/Obsidian/master".enable = true; + + services.syncthing.settings.folders.obsidian = { + label = "Obsidian"; + path = "${home}/Documents/Obsidian"; + devices = [ + "amalthea" + "ganymede" + ]; + }; + + home.file."Documents/Obsidian/.stignore".source = + ../../../../../../common/configs/user/gui/obsidian/config/.stignore; + }; +} diff --git a/hosts/eirene/users/nick/default.nix b/hosts/eirene/users/nick/default.nix index 2edb272..50b9d94 100644 --- a/hosts/eirene/users/nick/default.nix +++ b/hosts/eirene/users/nick/default.nix @@ -8,6 +8,7 @@ in { imports = [ ../../../common/configs/user/options.nix + (import ../../../common/configs/user/console/android { inherit user home; }) (import ../../../common/configs/user/console/bashmount { inherit user home; }) (import ../../../common/configs/user/console/bluetooth { inherit user home; }) @@ -40,6 +41,7 @@ in (import ../../../common/configs/user/console/xdg { inherit user home; }) (import ../../../common/configs/user/console/yt-dlp { inherit user home; }) (import ../../../common/configs/user/console/zsh { inherit user home; }) + (import ../../../common/configs/user/gui/astal { inherit user home; }) (import ../../../common/configs/user/gui/bluetooth { inherit user home; }) (import ../../../common/configs/user/gui/brightnessctl { inherit user home; }) @@ -71,6 +73,11 @@ in (import ../../../common/configs/user/gui/wev { inherit user home; }) (import ../../../common/configs/user/gui/x11 { inherit user home; }) (import ../../../common/configs/user/gui/xdg { inherit user home; }) + + (import ./configs/console/git { inherit user home; }) + (import ./configs/console/syncthing { inherit user home; }) + + (import ./configs/gui/obsidian { inherit user home; }) ]; # echo "password" | mkpasswd -s @@ -101,60 +108,16 @@ in }; sops.secrets = { - "git/credentials" = { + "ssh/personal/key" = { sopsFile = ../../../../secrets/personal/secrets.yaml; - path = "${home}/.config/git/credentials"; + path = "${home}/.ssh/ssh_personal_ed25519_key"; }; - "git/cookies" = { - sopsFile = ../../../../secrets/personal/secrets.yaml; - path = "${home}/.config/git/cookies"; - }; - - "ssh/personal/git/key" = { - sopsFile = ../../../../secrets/personal/secrets.yaml; - path = "${home}/.ssh/ssh_git_personal_ed25519_key"; - }; - "ssh/personal/git/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; + "ssh/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; "gpg/personal/key".sopsFile = ../../../../secrets/personal/secrets.yaml; "gpg/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; }; - programs = { - ssh.matchBlocks = { - "github.com" = { - hostname = "github.com"; - user = "git"; - identityFile = "${home}/.ssh/ssh_git_personal_ed25519_key"; - extraOptions.StrictHostKeyChecking = "no"; - }; - }; - - obsidian.vaults."Documents/Obsidian/master".enable = true; - }; - theme.wallpaper = ../../../../static/wallpapers/clouds.png; - - services.syncthing.settings.folders = { - obsidian = { - label = "Obsidian"; - path = "${home}/Documents/Obsidian"; - devices = [ - "amalthea" - "ganymede" - ]; - }; - official = { - label = "Official"; - path = "${home}/Documents/Official"; - devices = [ - "amalthea" - "ganymede" - ]; - }; - }; - - home.file."Documents/Obsidian/.stignore".source = - ../../../common/configs/user/gui/obsidian/config/.stignore; }; } diff --git a/hosts/elara/configs/git/default.nix b/hosts/elara/configs/git/default.nix new file mode 100644 index 0000000..5d83038 --- /dev/null +++ b/hosts/elara/configs/git/default.nix @@ -0,0 +1,21 @@ +{ ... }: +{ + sops.secrets."ssh/sas/key" = { + sopsFile = ../../../../secrets/sas/secrets.yaml; + path = "/root/.ssh/ssh_sas_ed25519_key"; + }; + + programs.ssh.extraConfig = '' + Host github.com + User git + HostName github.com + IdentityFile /root/.ssh/ssh_sas_ed25519_key + StrictHostKeyChecking no + + Host gitlab.sas.com + User git + HostName gitlab.sas.com + IdentityFile /root/.ssh/ssh_sas_ed25519_key + StrictHostKeyChecking no + ''; +} diff --git a/hosts/elara/default.nix b/hosts/elara/default.nix index 14130b0..07acf61 100644 --- a/hosts/elara/default.nix +++ b/hosts/elara/default.nix @@ -2,14 +2,15 @@ { imports = [ ../../lib + inputs.disko.nixosModules.disko (import ./format.nix { device = "/dev/disk/by-id/ata-Samsung_SSD_990_EVO_1TB_S7GCNL0XA04998F"; }) - ./hardware.nix + ./hardware # elara runs on an external drive on eirene - ../eirene/hardware.nix - ../eirene/display.nix + ../eirene/hardware + ../common/configs/system/bluetooth ../common/configs/system/boot ../common/configs/system/brightnessctl @@ -47,36 +48,17 @@ ../common/configs/system/users ../common/configs/system/wget ../common/configs/system/zsh - ./configs/system/globalprotect-remote-connect + + ./configs/git + ./configs/globalprotect-remote-connect + ./users/nikara ]; networking.hostName = "elara"; i18n.defaultLocale = "en_US.UTF-8"; - sops = { - defaultSopsFile = ./secrets/secrets.yaml; - - # Required for building private SAS packages - secrets."ssh/sas/git/key" = { - sopsFile = ../../secrets/sas/secrets.yaml; - path = "/root/.ssh/ssh_git_sas_ed25519_key"; - }; - }; - - programs.ssh.extraConfig = '' - Host github.com - User git - HostName github.com - IdentityFile /root/.ssh/ssh_git_sas_ed25519_key - StrictHostKeyChecking no - - Host gitlab.sas.com - User git - HostName gitlab.sas.com - IdentityFile /root/.ssh/ssh_git_sas_ed25519_key - StrictHostKeyChecking no - ''; + sops.defaultSopsFile = ./secrets/secrets.yaml; environment.impermanence.device = config.disko.devices.disk.usb.content.partitions.root.content.name; diff --git a/hosts/elara/hardware.nix b/hosts/elara/hardware/default.nix similarity index 100% rename from hosts/elara/hardware.nix rename to hosts/elara/hardware/default.nix diff --git a/hosts/elara/users/nikara/configs/console/git/default.nix b/hosts/elara/users/nikara/configs/console/git/default.nix new file mode 100644 index 0000000..790ce64 --- /dev/null +++ b/hosts/elara/users/nikara/configs/console/git/default.nix @@ -0,0 +1,45 @@ +{ + user ? throw "user argument is required", + home ? throw "home argument is required", +}: +{ ... }: +{ + home-manager.users.${user} = { + sops.secrets = { + # Personal + "git/credentials" = { + sopsFile = ../../../../../../../secrets/personal/secrets.yaml; + path = "${home}/.config/git/credentials"; + }; + "git/cookies" = { + sopsFile = ../../../../../../../secrets/personal/secrets.yaml; + path = "${home}/.config/git/cookies"; + }; + }; + + programs.ssh.matchBlocks = { + # Personal + "github.com/karaolidis" = { + hostname = "github.com"; + user = "git"; + identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; + extraOptions.StrictHostKeyChecking = "no"; + }; + + # SAS + "github.com" = { + hostname = "github.com"; + user = "git"; + identityFile = "${home}/.ssh/ssh_sas_ed25519_key"; + extraOptions.StrictHostKeyChecking = "no"; + }; + + "gitlab.sas.com" = { + hostname = "gitlab.sas.com"; + user = "git"; + identityFile = "${home}/.ssh/ssh_sas_ed25519_key"; + extraOptions.StrictHostKeyChecking = "no"; + }; + }; + }; +} diff --git a/hosts/elara/users/nikara/configs/console/go/default.nix b/hosts/elara/users/nikara/configs/console/go/default.nix new file mode 100644 index 0000000..24acc83 --- /dev/null +++ b/hosts/elara/users/nikara/configs/console/go/default.nix @@ -0,0 +1,29 @@ +{ + user ? throw "user argument is required", + home ? throw "home argument is required", +}: +{ pkgs, ... }: +{ + environment.persistence."/cache"."${home}/.local/share/go" = { }; + + home-manager.users.${user} = { + programs.go = { + enable = true; + goPath = "${home}/.local/share/go"; + }; + + home = { + packages = with pkgs; [ + gopls + go-tools + golangci-lint + golangci-lint-langserver + ]; + + sessionVariables = { + GOPROXY = "goproxy.unx.sas.com"; + GONOSUMDB = "*.sas.com,sassoftware.io"; + }; + }; + }; +} diff --git a/hosts/elara/users/nikara/configs/console/java/default.nix b/hosts/elara/users/nikara/configs/console/java/default.nix new file mode 100644 index 0000000..e6fd028 --- /dev/null +++ b/hosts/elara/users/nikara/configs/console/java/default.nix @@ -0,0 +1,27 @@ +{ + user ? throw "user argument is required", + home ? throw "home argument is required", +}: +{ pkgs, ... }: +{ + environment.persistence."/cache"."${home}/.local/share/gradle" = { }; + + home-manager.users.${user} = { + programs = { + java = { + enable = true; + package = pkgs.jdk17; + }; + + gradle = { + enable = true; + home = "${home}/.local/share/gradle"; + }; + }; + + sops.secrets."artifactory" = { + sopsFile = ../../../../../../../secrets/sas/secrets.yaml; + path = "${home}/.local/share/gradle/gradle.properties"; + }; + }; +} diff --git a/hosts/elara/users/nikara/configs/console/jsonify/default.nix b/hosts/elara/users/nikara/configs/console/jsonify/default.nix new file mode 100644 index 0000000..b2ea85d --- /dev/null +++ b/hosts/elara/users/nikara/configs/console/jsonify/default.nix @@ -0,0 +1,8 @@ +{ + user ? throw "user argument is required", + home ? throw "home argument is required", +}: +{ pkgs, ... }: +{ + home-manager.users.${user}.home.packages = [ (pkgs.callPackage ./package.nix { }) ]; +} diff --git a/hosts/elara/users/nikara/configs/console/jsonify/package.nix b/hosts/elara/users/nikara/configs/console/jsonify/package.nix new file mode 100644 index 0000000..982fb64 --- /dev/null +++ b/hosts/elara/users/nikara/configs/console/jsonify/package.nix @@ -0,0 +1,22 @@ +{ pkgs, ... }: +pkgs.buildGoModule rec { + pname = "jsonify"; + version = "0.1.6"; + + src = fetchGit { + url = "git@github.com:sas-institute-rnd-internal/polaris-jsonify.git"; + ref = "main"; + rev = "7b8f8a0f0b3c1bbfb7f814c5a3dae5f696ca38e3"; + }; + + preBuild = '' + rm -rf sage + ''; + + installPhase = '' + mkdir -p $out/bin + cp "$GOPATH/bin/polaris-jsonify" $out/bin/jsonify + ''; + + vendorHash = "sha256-sJ3Jc7ZC+1s3m5nH6WtXsGVZfLEW7CZAcNtstUpc9M4="; +} diff --git a/hosts/elara/users/nikara/configs/console/klog/default.nix b/hosts/elara/users/nikara/configs/console/klog/default.nix new file mode 100644 index 0000000..b2ea85d --- /dev/null +++ b/hosts/elara/users/nikara/configs/console/klog/default.nix @@ -0,0 +1,8 @@ +{ + user ? throw "user argument is required", + home ? throw "home argument is required", +}: +{ pkgs, ... }: +{ + home-manager.users.${user}.home.packages = [ (pkgs.callPackage ./package.nix { }) ]; +} diff --git a/hosts/elara/users/nikara/configs/console/klog/package.nix b/hosts/elara/users/nikara/configs/console/klog/package.nix new file mode 100644 index 0000000..9171ac6 --- /dev/null +++ b/hosts/elara/users/nikara/configs/console/klog/package.nix @@ -0,0 +1,13 @@ +{ pkgs, ... }: +pkgs.buildGoModule rec { + pname = "klog"; + version = "0.6.2"; + + src = fetchGit { + url = "git@gitlab.sas.com:convoy/devops/klog.git"; + ref = "master"; + rev = "17629fe278dd23e12bd6f17ee9db0d2fde37bc6c"; + }; + + vendorHash = ""; +} diff --git a/hosts/elara/users/nikara/configs/console/kubernetes/default.nix b/hosts/elara/users/nikara/configs/console/kubernetes/default.nix new file mode 100644 index 0000000..11f0fed --- /dev/null +++ b/hosts/elara/users/nikara/configs/console/kubernetes/default.nix @@ -0,0 +1,23 @@ +{ + user ? throw "user argument is required", + home ? throw "home argument is required", +}: +{ ... }: +{ + home-manager.users.${user} = { + sops.secrets = { + "kubeconfig/d90270" = { + sopsFile = ../../../../../../../secrets/sas/secrets.yaml; + path = "${home}/.kube/d90270"; + }; + "kubeconfig/d90271" = { + sopsFile = ../../../../../../../secrets/sas/secrets.yaml; + path = "${home}/.kube/d90271"; + }; + "kubeconfig/d90272" = { + sopsFile = ../../../../../../../secrets/sas/secrets.yaml; + path = "${home}/.kube/d90272"; + }; + }; + }; +} diff --git a/hosts/elara/users/nikara/configs/gui/obsidian/default.nix b/hosts/elara/users/nikara/configs/gui/obsidian/default.nix new file mode 100644 index 0000000..1203d35 --- /dev/null +++ b/hosts/elara/users/nikara/configs/gui/obsidian/default.nix @@ -0,0 +1,8 @@ +{ + user ? throw "user argument is required", + home ? throw "home argument is required", +}: +{ ... }: +{ + home-manager.users.${user}.programs.obsidian.vaults."Documents/Obsidian/master".enable = true; +} diff --git a/hosts/elara/users/nikara/default.nix b/hosts/elara/users/nikara/default.nix index 29617ea..8be4244 100644 --- a/hosts/elara/users/nikara/default.nix +++ b/hosts/elara/users/nikara/default.nix @@ -37,6 +37,7 @@ in (import ../../../common/configs/user/console/wget { inherit user home; }) (import ../../../common/configs/user/console/xdg { inherit user home; }) (import ../../../common/configs/user/console/zsh { inherit user home; }) + (import ../../../common/configs/user/gui/astal { inherit user home; }) (import ../../../common/configs/user/gui/bluetooth { inherit user home; }) (import ../../../common/configs/user/gui/brightnessctl { inherit user home; }) @@ -66,9 +67,17 @@ in (import ../../../common/configs/user/gui/x11 { inherit user home; }) (import ../../../common/configs/user/gui/xdg { inherit user home; }) + (import ./configs/console/git { inherit user home; }) + (import ./configs/console/go { inherit user home; }) + (import ./configs/console/java { inherit user home; }) + (import ./configs/console/kubernetes { inherit user home; }) + + (import ./configs/gui/obsidian { inherit user home; }) + # Warning: the following imports use private SAS repositories. # You must build the system once with these imports commented out, # then uncomment them and rebuild the system once keys are provisioned. + (import ./configs/console/jsonify { inherit user home; }) ]; # echo "password" | mkpasswd -s @@ -100,80 +109,24 @@ in sops.secrets = { # Personal - "git/credentials" = { + "ssh/personal/key" = { sopsFile = ../../../../secrets/personal/secrets.yaml; - path = "${home}/.config/git/credentials"; + path = "${home}/.ssh/ssh_personal_ed25519_key"; }; - "git/cookies" = { - sopsFile = ../../../../secrets/personal/secrets.yaml; - path = "${home}/.config/git/cookies"; - }; - - "ssh/personal/git/key" = { - sopsFile = ../../../../secrets/personal/secrets.yaml; - path = "${home}/.ssh/ssh_git_personal_ed25519_key"; - }; - "ssh/personal/git/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; + "ssh/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; "gpg/personal/key".sopsFile = ../../../../secrets/personal/secrets.yaml; "gpg/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; # SAS - "ssh/sas/git/key" = { + "ssh/sas/key" = { sopsFile = ../../../../secrets/sas/secrets.yaml; - path = "${home}/.ssh/ssh_git_sas_ed25519_key"; + path = "${home}/.ssh/ssh_sas_ed25519_key"; }; - "ssh/sas/git/pass".sopsFile = ../../../../secrets/sas/secrets.yaml; + "ssh/sas/pass".sopsFile = ../../../../secrets/sas/secrets.yaml; "gpg/sas/key".sopsFile = ../../../../secrets/sas/secrets.yaml; "gpg/sas/pass".sopsFile = ../../../../secrets/sas/secrets.yaml; - - "kubeconfig/d90270" = { - sopsFile = ../../../../secrets/sas/secrets.yaml; - path = "${home}/.kube/d90270"; - }; - "kubeconfig/d90271" = { - sopsFile = ../../../../secrets/sas/secrets.yaml; - path = "${home}/.kube/d90271"; - }; - "kubeconfig/d90272" = { - sopsFile = ../../../../secrets/sas/secrets.yaml; - path = "${home}/.kube/d90272"; - }; - - "artifactory" = { - sopsFile = ../../../../secrets/sas/secrets.yaml; - path = "${home}/.gradle/gradle.properties"; - }; - }; - - programs = { - ssh.matchBlocks = { - # Personal - "github.com/karaolidis" = { - hostname = "github.com"; - user = "git"; - identityFile = "${home}/.ssh/ssh_git_personal_ed25519_key"; - extraOptions.StrictHostKeyChecking = "no"; - }; - - # SAS - "github.com" = { - hostname = "github.com"; - user = "git"; - identityFile = "${home}/.ssh/ssh_git_sas_ed25519_key"; - extraOptions.StrictHostKeyChecking = "no"; - }; - - "gitlab.sas.com" = { - hostname = "gitlab.sas.com"; - user = "git"; - identityFile = "${home}/.ssh/ssh_git_sas_ed25519_key"; - extraOptions.StrictHostKeyChecking = "no"; - }; - }; - - obsidian.vaults."Documents/Obsidian/master".enable = true; }; theme.wallpaper = ../../../../static/wallpapers/snow.jpg; diff --git a/hosts/installer/default.nix b/hosts/installer/default.nix index 21f998d..e071022 100644 --- a/hosts/installer/default.nix +++ b/hosts/installer/default.nix @@ -2,11 +2,13 @@ { imports = [ ../../lib + inputs.disko.nixosModules.disko (import ./format.nix { device = "/dev/disk/by-id/usb-SanDisk_Ultra_Trek_050133f0afb69de86a475ee8d2ad97e4916cce11764cffba9ab262d42a7d0d2f66460000000000000000000039b7a3b8ff990a109f5581078ea6e86a-0:0"; }) - ./hardware.nix + ./hardware + ../common/configs/system/boot ../common/configs/system/btop ../common/configs/system/btrfs @@ -34,6 +36,7 @@ ../common/configs/system/users ../common/configs/system/wget ../common/configs/system/zsh + ./users/nick ]; diff --git a/hosts/installer/hardware.nix b/hosts/installer/hardware/default.nix similarity index 100% rename from hosts/installer/hardware.nix rename to hosts/installer/hardware/default.nix diff --git a/hosts/installer/users/nick/configs/console/git/default.nix b/hosts/installer/users/nick/configs/console/git/default.nix new file mode 100644 index 0000000..86c8827 --- /dev/null +++ b/hosts/installer/users/nick/configs/console/git/default.nix @@ -0,0 +1,28 @@ +{ + user ? throw "user argument is required", + home ? throw "home argument is required", +}: +{ ... }: +{ + home-manager.users.${user} = { + sops.secrets = { + "git/credentials" = { + sopsFile = ../../../../../../../secrets/personal/secrets.yaml; + path = "${home}/.config/git/credentials"; + }; + "git/cookies" = { + sopsFile = ../../../../../../../secrets/personal/secrets.yaml; + path = "${home}/.config/git/cookies"; + }; + }; + + programs.ssh.matchBlocks = { + "github.com" = { + hostname = "github.com"; + user = "git"; + identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; + extraOptions.StrictHostKeyChecking = "no"; + }; + }; + }; +} diff --git a/hosts/installer/users/nick/default.nix b/hosts/installer/users/nick/default.nix index 17cd54c..0e7cd50 100644 --- a/hosts/installer/users/nick/default.nix +++ b/hosts/installer/users/nick/default.nix @@ -8,6 +8,7 @@ in { imports = [ ../../../common/configs/user/options.nix + (import ../../../common/configs/user/console/bashmount { inherit user home; }) (import ../../../common/configs/user/console/btop { inherit user home; }) (import ../../../common/configs/user/console/fastfetch { inherit user home; }) @@ -27,6 +28,8 @@ in (import ../../../common/configs/user/console/wget { inherit user home; }) (import ../../../common/configs/user/console/xdg { inherit user home; }) (import ../../../common/configs/user/console/zsh { inherit user home; }) + + (import ./configs/console/git { inherit user home; }) ]; # echo "password" | mkpasswd -s @@ -57,32 +60,14 @@ in }; sops.secrets = { - "git/credentials" = { + "ssh/personal/key" = { sopsFile = ../../../../secrets/personal/secrets.yaml; - path = "${home}/.config/git/credentials"; + path = "${home}/.ssh/ssh_personal_ed25519_key"; }; - "git/cookies" = { - sopsFile = ../../../../secrets/personal/secrets.yaml; - path = "${home}/.config/git/cookies"; - }; - - "ssh/personal/git/key" = { - sopsFile = ../../../../secrets/personal/secrets.yaml; - path = "${home}/.ssh/ssh_git_personal_ed25519_key"; - }; - "ssh/personal/git/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; + "ssh/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; "gpg/personal/key".sopsFile = ../../../../secrets/personal/secrets.yaml; "gpg/personal/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; }; - - programs.ssh.matchBlocks = { - "github.com" = { - hostname = "github.com"; - user = "git"; - identityFile = "${home}/.ssh/ssh_git_personal_ed25519_key"; - extraOptions.StrictHostKeyChecking = "no"; - }; - }; }; }