caandt/nix-conf
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

nas

Browse source
This commit is contained in:
caandt 2025-01-19 00:44:22 -05:00
parent 3a377e24c9
commit b52df5381d
8 changed files with 104 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
flake.lock
View file

@ -153,7 +153,28 @@
"home-manager": "home-manager", "home-manager": "home-manager",
"nix-gaming": "nix-gaming", "nix-gaming": "nix-gaming",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1736203741,
"narHash": "sha256-eSjkBwBdQk+TZWFlLbclF2rAh4JxbGg8az4w/Lfe7f4=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "c9c88f08e3ee495e888b8d7c8624a0b2519cb773",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
} }
}, },
"umu": { "umu": {

5
flake.nix
View file

@ -20,6 +20,10 @@
url = "github:nix-community/disko/latest"; url = "github:nix-community/disko/latest";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = { outputs = {
@ -60,6 +64,7 @@
extraSpecialArgs = { extraSpecialArgs = {
inherit pkgs-stable; inherit pkgs-stable;
inherit (inputs) nix-gaming; inherit (inputs) nix-gaming;
inherit inputs;
}; };
modules = [(users + "/${user}")]; modules = [(users + "/${user}")];
}; };

3
overlays/default.nix
View file

@ -26,6 +26,9 @@
in in
lib.strings.concatLines (front ++ [add] ++ back); lib.strings.concatLines (front ++ [add] ++ back);
}); });
cifs-utils = super.cifs-utils.overrideAttrs (old: {
buildInputs = lib.lists.remove pkgs.libcap old.buildInputs;
});
}) })
]; ];
} }

24
secrets/secrets.yaml Normal file
View file

@ -0,0 +1,24 @@
passwd: ENC[AES256_GCM,data:EjAHralQJxmJPfgjI8V+NW7gF/ylhLTXagyUacZv8xfNTgJWUAwyPcOKgE51HeadmjNEGpmRXIo/rp1+EL45PixlptbGyZxE8w==,iv:WDgq3oJxO8QrdHGciOPYqkuxp0Lfr71ngJGyfSHk3WQ=,tag:e29oOHkh3N1VmorkN0ERIg==,type:str]
root-passwd: ENC[AES256_GCM,data:RzcEEkT7D04IbVXYWGVcFT8lCUdFZf6lTW8WSMdFwroR+MbOSvxlTOuSWFUDsdGv77qTtLLpoJty4UDA1b/GflWgfIXzgDikXA==,iv:Be8xs0A+TDzDb9v9YeAjYSRiLY6EtGnYOLD3NjF17CA=,tag:WO3Er83DFGGdKYHUy0C8Ng==,type:str]
pool-credentials: ENC[AES256_GCM,data:2UGj0yUOxYKQJ8CI23StzJGXiNB2iVPNrMMPX6LrZI2CmM/SFCJsD4HpwR9VTz3k7m65u4lxtb65hyiB5vtNMb2aUdMy2CqPuKoJBFWh/pfEP2TbkdzNZ3QuOLJ7Mw5QCr6k6VaqFwgFp2c=,iv:QfW23ZU2N+IAHDJ0c5BrvOUDe/7Wy23RgQqRoUf4ok8=,tag:Haie91E+Qn1OHtry4RneCg==,type:str]
porkbun-credentials: ENC[AES256_GCM,data:ibWhIr3I9IS4Z3HWHknw6/AWkAf0YyOws61LEVrYf/+HggWEC3lxU05VCccMN8zL015WpzyG6yXMMUB09I8PWHdNsBa92b/dAdXbILVnCnP6/oWBRVSUKYZzcSjguqRU/MFk94sRofUsanvx7YMFwbDl4KlEoM1EV//A+Y4gGXbPZv4l0x+85Dv7V73N0l6QiJe0qb4qNtFUDYxYVWGWJ1mR6MuQzq6hWKwYxYMgobU0,iv:yhwRlny3Eschrwxyi8QFTSuoKBXExgOYb7uPUQ+/hFA=,tag:NdC5c6LNEg0YD+uVeOlx6g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1qungny635ytez93dnyeay5d2puej4udl0e5fkx3e46zsq5ru7yqqstjx8s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsYjdVaUsyTzNVak1JbnZa
SkN0Q1poMnBTQzJCanJlYjY5M1R0c3A2TVNrCjlMekJhaFROQW81VlRtMDJVQVpS
YnZCeVZVZDJJUzVDNHRialgzQXJ5K0kKLS0tIDNLODZQb3hCaWptK1I0b2V6dDFC
T3hKakprd2t4K0lyb0hiL2lUSUJCYzQK7xb0tVxsIPUax4T1b/+srVWChQD7yoRc
fYKq1uzXfJWqnn+i4UsSJVu/FThhDF6SlhlGS7f4UBxiR6KkLvAHvg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-08T17:31:32Z"
mac: ENC[AES256_GCM,data:nGyJ5PnM7z53fMZq0yu4ywAGZD5EmjxMxDNBgliiZw1pj0e8yqWHkHSqOTHyL+jLPNPnbsIOTwGmL/dJxc+bJXvS0h850chBaDSCtrRJCYQCqwZZUNtD5ikpGA5VZBIskrTeyNy2NaKwMEz/R7ALnOOqYzRcyAyDQOsGvG5PXXQ=,iv:vZJmNVAxYmrhZ+kblMk9cIDpAytOTYiQIFgKWsKbjV0=,tag:LpJ6Q9QO+LJvxYtanD2ZSA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

1
system/configuration.nix
View file

@ -29,6 +29,7 @@
man-pages man-pages
man-pages-posix man-pages-posix
home-manager home-manager
sops
]; ];
documentation.dev.enable = true; documentation.dev.enable = true;

8
system/default.nix
View file

@ -1,4 +1,8 @@
{lib, ...}: { {
inputs,
lib,
...
}: {
imports = [ imports = [
./audio.nix ./audio.nix
./bash.nix ./bash.nix
@ -6,10 +10,12 @@
./configuration.nix ./configuration.nix
./display.nix ./display.nix
./locale.nix ./locale.nix
./mnt.nix
./plasma.nix ./plasma.nix
./security.nix ./security.nix
./virt.nix ./virt.nix
../overlays ../overlays
inputs.sops-nix.nixosModules.sops
]; ];
options.u = { options.u = {
has = { has = {

29
system/mnt.nix Normal file
View file

@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}: {
environment.systemPackages = [pkgs.cifs-utils];
security.wrappers."mount.cifs" = {
program = "mount.cifs";
source = "${lib.getBin pkgs.cifs-utils}/bin/mount.cifs";
owner = "root";
group = "root";
setuid = true;
};
fileSystems."/mnt/pool" = {
device = "//komikan/pool";
fsType = "cifs";
options = [
"noauto"
"x-systemd.device-timeout=5s"
"x-systemd.mount-timeout=5s"
"user"
"users"
"credentials=${config.sops.secrets.pool-credentials.path}"
"uid=1000"
"gid=100"
];
};
}

14
system/security.nix
View file

@ -1,4 +1,4 @@
{...}: { {config, ...}: {
security.doas = { security.doas = {
enable = true; enable = true;
extraRules = [ extraRules = [
@ -18,4 +18,16 @@
enable = true; enable = true;
allowAnyUser = true; allowAnyUser = true;
}; };
sops.defaultSopsFile = ../secrets/secrets.yaml;
sops.defaultSopsFormat = "yaml";
sops.age.keyFile = "/home/ahnwuoa/.config/sops/age/keys.txt";
sops.secrets = {
passwd = {};
root-passwd = {};
pool-credentials = {
uid = 1000;
};
porkbun-credentials = {};
};
users.users.root.hashedPasswordFile = config.sops.secrets.root-passwd.path;
} }