jsw/NiksOS
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

encryption bitch

Browse source
This commit is contained in:
Jurn Wubben 2025-03-28 00:10:28 +01:00
parent 63ca6ec886
commit 5fd055f04c
11 changed files with 168 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

146
flake.lock generated
View file

@ -1,5 +1,26 @@
{ {
"nodes": { "nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1736955230,
"narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"base16": { "base16": {
"inputs": { "inputs": {
"fromYaml": "fromYaml" "fromYaml": "fromYaml"
@ -67,6 +88,28 @@
"type": "github" "type": "github"
} }
}, },
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"firefox-gnome-theme": { "firefox-gnome-theme": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -172,7 +215,7 @@
}, },
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1731533236,
@ -190,7 +233,7 @@
}, },
"flake-utils_2": { "flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems_4" "systems": "systems_5"
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1731533236,
@ -330,6 +373,27 @@
} }
}, },
"home-manager": { "home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"stylix", "stylix",
@ -367,7 +431,7 @@
}, },
"naersk": { "naersk": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_5"
}, },
"locked": { "locked": {
"lastModified": 1739824009, "lastModified": 1739824009,
@ -412,8 +476,8 @@
"nixcord": { "nixcord": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs_2",
"systems": "systems", "systems": "systems_2",
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
@ -432,16 +496,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1737003892, "lastModified": 1703013332,
"narHash": "sha256-RCzJE9wKByLCXmRBp+z8LK9EgdW+K+W/DXnJS4S/NVo=", "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ae06b9c2d83cb5c8b12d7d0e32692e93d1379713", "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixpkgs-unstable", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -474,6 +538,22 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1737003892,
"narHash": "sha256-RCzJE9wKByLCXmRBp+z8LK9EgdW+K+W/DXnJS4S/NVo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ae06b9c2d83cb5c8b12d7d0e32692e93d1379713",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1735554305, "lastModified": 1735554305,
"narHash": "sha256-zExSA1i/b+1NMRhGGLtNfFGXgLtgo+dcuzHzaWA6w3Q=", "narHash": "sha256-zExSA1i/b+1NMRhGGLtNfFGXgLtgo+dcuzHzaWA6w3Q=",
@ -489,7 +569,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1741516043, "lastModified": 1741516043,
"narHash": "sha256-Hv0S630U4GVZBM1Q+NCEwyN5ct7cic+8r6qLIaUaVqI=", "narHash": "sha256-Hv0S630U4GVZBM1Q+NCEwyN5ct7cic+8r6qLIaUaVqI=",
@ -505,7 +585,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1741516043, "lastModified": 1741516043,
"narHash": "sha256-Hv0S630U4GVZBM1Q+NCEwyN5ct7cic+8r6qLIaUaVqI=", "narHash": "sha256-Hv0S630U4GVZBM1Q+NCEwyN5ct7cic+8r6qLIaUaVqI=",
@ -518,7 +598,7 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs_5": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1742707865, "lastModified": 1742707865,
"narHash": "sha256-RVQQZy38O3Zb8yoRJhuFgWo/iDIDj0hEdRTVfhOtzRk=", "narHash": "sha256-RVQQZy38O3Zb8yoRJhuFgWo/iDIDj0hEdRTVfhOtzRk=",
@ -534,7 +614,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_6": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1740367490, "lastModified": 1740367490,
"narHash": "sha256-WGaHVAjcrv+Cun7zPlI41SerRtfknGQap281+AakSAw=", "narHash": "sha256-WGaHVAjcrv+Cun7zPlI41SerRtfknGQap281+AakSAw=",
@ -599,7 +679,7 @@
"nixpkgs" "nixpkgs"
], ],
"nmd": "nmd", "nmd": "nmd",
"systems": "systems_3" "systems": "systems_4"
}, },
"locked": { "locked": {
"lastModified": 1741477095, "lastModified": 1741477095,
@ -617,10 +697,11 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"hm": "hm", "hm": "hm",
"nixcord": "nixcord", "nixcord": "nixcord",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_4",
"nvf": "nvf", "nvf": "nvf",
"somcli": "somcli", "somcli": "somcli",
"stylix": "stylix" "stylix": "stylix"
@ -652,7 +733,7 @@
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_2",
"naersk": "naersk", "naersk": "naersk",
"nixpkgs": "nixpkgs_5" "nixpkgs": "nixpkgs_6"
}, },
"locked": { "locked": {
"lastModified": 1743031501, "lastModified": 1743031501,
@ -679,10 +760,10 @@
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_3",
"git-hooks": "git-hooks", "git-hooks": "git-hooks",
"gnome-shell": "gnome-shell", "gnome-shell": "gnome-shell",
"home-manager": "home-manager", "home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_6", "nixpkgs": "nixpkgs_7",
"nur": "nur", "nur": "nur",
"systems": "systems_5", "systems": "systems_6",
"tinted-foot": "tinted-foot", "tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty", "tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes", "tinted-schemes": "tinted-schemes",
@ -713,8 +794,9 @@
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "systems", "owner": "nix-systems",
"type": "indirect" "repo": "default",
"type": "github"
} }
}, },
"systems_2": { "systems_2": {
@ -727,9 +809,8 @@
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-systems", "id": "systems",
"repo": "default", "type": "indirect"
"type": "github"
} }
}, },
"systems_3": { "systems_3": {
@ -777,6 +858,21 @@
"type": "github" "type": "github"
} }
}, },
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tinted-foot": { "tinted-foot": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -861,7 +957,7 @@
}, },
"treefmt-nix": { "treefmt-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1737103437, "lastModified": 1737103437,

2
flake.nix
View file

@ -46,5 +46,7 @@
nixcord.url = "github:kaylorben/nixcord"; nixcord.url = "github:kaylorben/nixcord";
somcli.url = "github:jsw08/somcli"; somcli.url = "github:jsw08/somcli";
agenix.url = "github:ryantm/agenix";
}; };
} }

2
hosts/default.nix
View file

@ -9,8 +9,10 @@
specialArgs = {inherit inputs self;}; specialArgs = {inherit inputs self;};
modules = [ modules = [
inputs.hm.nixosModules.home-manager inputs.hm.nixosModules.home-manager
inputs.agenix.nixosModules.default
../system ../system
../secrets
]; ];
in { in {
flake = let flake = let

1
hosts/laptop/default.nix
View file

@ -11,7 +11,6 @@
desktop = true; desktop = true;
portable = true; portable = true;
neovim = true; neovim = true;
server = true;
}; };
home-manager.users.jsw.wayland.windowManager.hyprland.settings.monitor = ["eDP-1,2880x1920@120,0x0,1.5,vrr,1"]; home-manager.users.jsw.wayland.windowManager.hyprland.settings.monitor = ["eDP-1,2880x1920@120,0x0,1.5,vrr,1"];

6
secrets/default.nix Normal file
View file

@ -0,0 +1,6 @@
{
age.secrets = {
transferSh.file = ./transfer-sh.age;
password.file = ./password.age;
};
}

5
secrets/password.age Normal file
View file

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 GQzYWA T2tf/5zlOEUtq3E9hcOfGfV3T0SoJi9fPu3wO3gSqnQ
uiu/dIhoCfQG5NGzrkmqgndPOety048r6muc+x7M3Ks
--- kn3Gvkl870rhV0Nf6EURV2kMWEzx5WMqJ2QZisgeCfI
ì‰Î Ôxú¢UÂyò½ƒŸ#ç’:&1Sß<>åo/¹Ò3å[Û&ï͵¡¹Úêª+@ ©G¬é~+Ù,oMøQ¬æÄ<C3A6>BÖ6ÍwÔ'€X9¹+üz|ñ$¯Þ<C2AF>úίXž,ý'ÝŠ-<2D>ÊU„Pë¹jJNÛbYÿÊð<C38A>ðÄ[ûpŒÁξ'Ofk#Ê>íK×û

8
secrets/secrets.nix Normal file
View file

@ -0,0 +1,8 @@
let
laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHB3qkRCskSMiAs2kLTsG+ruESK4h1pP1FHm+rVnKWx4";
systems = [laptop];
in {
"transfer-sh.age".publicKeys = systems;
"password.age".publicKeys = systems;
}

5
secrets/transfer-sh.age Normal file
View file

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 GQzYWA xjixbP+i0eov3HgpjCdBJuboEZ39ZTrfL1UgSewMQ3Y
ByXb8aKlgNaWeeUmCTppYN1h4gEPO5dvvXexxAN70AY
--- PJkB6ivTLCMx4ny0olODmbZDsppm7LKJLHorowjxtEI
ä<>üÉC\y¯Ñ>¯?È\á„€h{TæŸmvìƼýs­ŒþZ³¯µâb«¡tõxÝC¿%×ÁQt»

11
system/core/defaultPackages.nix
View file

@ -1,3 +1,10 @@
{pkgs,...}: { {
environment.defaultPackages = [pkgs.neovim]; # Still have to be able to edit configs. pkgs,
inputs,
...
}: {
environment.defaultPackages = [
pkgs.neovim
inputs.agenix.packages.${pkgs.system}.default
]; # Still have to be able to edit configs.
} }

8
system/core/users.nix
View file

@ -1,8 +1,12 @@
{pkgs, ...}: { {
config,
pkgs,
...
}: {
users.users.jsw = { users.users.jsw = {
isNormalUser = true; isNormalUser = true;
shell = pkgs.fish; shell = pkgs.fish;
initialPassword = "changeme"; hashedPasswordFile = config.age.secrets.password.path;
extraGroups = [ extraGroups = [
"libvirtd" "libvirtd"
"NetworkManager" "NetworkManager"

5
system/server/transfer-sh.nix
View file

@ -3,11 +3,14 @@
enable = config.niksos.server; enable = config.niksos.server;
settings = { settings = {
PURGE_DAYS = 7; PURGE_DAYS = 7;
MAX_UPLOAD_SIZE = 4 * 1000 * 1000; # 2gb MAX_UPLOAD_SIZE = 4 * 1000 * 1000; # 4gb
# CORS_DOMAINS = "transfer.jsw.tf"; #FIXME: open it to the world wide web. # CORS_DOMAINS = "transfer.jsw.tf"; #FIXME: open it to the world wide web.
BASEDIR = "/var/lib/transfer.sh"; BASEDIR = "/var/lib/transfer.sh";
LISTENER = ":9000"; LISTENER = ":9000";
HTTP_AUTH_USER = "jsw";
EMAIL_CONTACT = "jurnwubben@gmail.com";
}; };
secretFile = config.age.secrets.transferSh.path;
}; };
systemd.services.transfer-sh.serviceConfig = { systemd.services.transfer-sh.serviceConfig = {
StateDirectory = "transfer.sh"; StateDirectory = "transfer.sh";