swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: remove obsoletions

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-03-21 19:44:21 +01:00
parent f7bcd89aa2
commit ee7bbc7b0d
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
14 changed files with 155 additions and 141 deletions
Download patch file Download diff file Expand all files Collapse all files

140
SwarselSystems.org
View file

@ -807,6 +807,7 @@ My work machine. Built for more security, this is the gold standard of my config
#+begin_src nix :tangle hosts/nixos/nbl-imba-2/default.nix #+begin_src nix :tangle hosts/nixos/nbl-imba-2/default.nix
{ self, inputs, pkgs, lib, ... }: { self, inputs, pkgs, lib, ... }:
let let
secretsDirectory = builtins.toString inputs.nix-secrets;
profilesPath = "${self}/profiles"; profilesPath = "${self}/profiles";
sharedOptions = { sharedOptions = {
isBtrfs = true; isBtrfs = true;
@ -885,8 +886,8 @@ My work machine. Built for more security, this is the gold standard of my config
}; };
networking = { networking = {
hostName = "nbl-imba-2"; hostName = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/worklaptop-hostname");
fqdn = "nbl-imba-2.imp.univie.ac.at"; fqdn = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/worklaptop-fqdn");
firewall.enable = true; firewall.enable = true;
}; };
@ -3083,7 +3084,7 @@ This program builds a configuration locally.
fi fi
local_keys=$(ssh-add -L || true) local_keys=$(ssh-add -L || true)
pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/nbl-imba-2.pub) pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/yubikey.pub)
read -ra pub_arr <<< "$pub_key" read -ra pub_arr <<< "$pub_key"
cd .dotfiles cd .dotfiles
@ -3239,7 +3240,7 @@ This program sets up a new NixOS host locally.
fi fi
local_keys=$(ssh-add -L || true) local_keys=$(ssh-add -L || true)
pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/nbl-imba-2.pub) pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/yubikey.pub)
read -ra pub_arr <<< "$pub_key" read -ra pub_arr <<< "$pub_key"
cd .dotfiles cd .dotfiles
@ -3768,7 +3769,7 @@ When adding a new entry here, do not forget to add it in the default output of t
let let
additions = final: _: import "${self}/pkgs" { pkgs = final; inherit lib; }; additions = final: _: import "${self}/pkgs" { pkgs = final; inherit lib; };
modifications = final: prev: { modifications = _: prev: {
vesktop = prev.vesktop.override { vesktop = prev.vesktop.override {
withSystemVencord = true; withSystemVencord = true;
}; };
@ -4923,7 +4924,7 @@ We enable the use of =home-manager= as a NixoS module. A nice trick here is the
home-manager = lib.mkIf config.swarselsystems.withHomeManager { home-manager = lib.mkIf config.swarselsystems.withHomeManager {
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
extraSpecialArgs = inputs; # used mainly for inputs.self extraSpecialArgs = { inherit (inputs) self nix-secrets; };
}; };
} }
#+end_src #+end_src
@ -6535,11 +6536,11 @@ Here we just define some aliases for rebuilding the system, and we allow some in
enable = true; enable = true;
}; };
users.users.swarsel.openssh.authorizedKeys.keyFiles = [ users.users.swarsel.openssh.authorizedKeys.keyFiles = [
(self + /secrets/keys/ssh/nbl-imba-2.pub) (self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub) (self + /secrets/keys/ssh/magicant.pub)
]; ];
users.users.root.openssh.authorizedKeys.keyFiles = [ users.users.root.openssh.authorizedKeys.keyFiles = [
(self + /secrets/keys/ssh/nbl-imba-2.pub) (self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub) (self + /secrets/keys/ssh/magicant.pub)
]; ];
security.sudo.extraConfig = '' security.sudo.extraConfig = ''
@ -6718,10 +6719,10 @@ Here we just define some aliases for rebuilding the system, and we allow some in
}; };
# Switch using --impure as these credential files are not stored within the flake # Switch using --impure as these credential files are not stored within the flake
# sops-nix is not supported for these which is why we need to resort to these # sops-nix is not supported for these which is why we need to resort to these
LastFM.ApiKey = builtins.readFile "${secretsDirectory}/navidrome/lastfm-secret"; LastFM.ApiKey = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/lastfm-secret");
LastFM.Secret = builtins.readFile "${secretsDirectory}/navidrome/lastfm-key"; LastFM.Secret = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/lastfm-key");
Spotify.ID = builtins.readFile "${secretsDirectory}/navidrome/spotify-id"; Spotify.ID = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/spotify-id");
Spotify.Secret = builtins.readFile "${secretsDirectory}/navidrome/spotify-secret"; Spotify.Secret = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/spotify-secret");
UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png"; UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png";
UIWelcomeMessage = "~SwarselSound~"; UIWelcomeMessage = "~SwarselSound~";
}; };
@ -7525,7 +7526,11 @@ Here we just define some aliases for rebuilding the system, and we allow some in
:END: :END:
#+begin_src nix :tangle profiles/nixos/server/syncthing.nix #+begin_src nix :tangle profiles/nixos/server/syncthing.nix
{ lib, config, ... }: { lib, config, inputs, ... }:
let
secretsDirectory = builtins.toString inputs.nix-secrets;
workHostName = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/worklaptop-hostname");
in
{ {
config = lib.mkIf config.swarselsystems.server.syncthing { config = lib.mkIf config.swarselsystems.server.syncthing {
@ -7554,7 +7559,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in
"sync (@oracle)" = { "sync (@oracle)" = {
id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB";
}; };
"nbl-imba-2" = { "${workHostName}" = {
id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB"; id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB";
}; };
}; };
@ -7563,7 +7568,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in
path = "/Vault/data/syncthing/Sync"; path = "/Vault/data/syncthing/Sync";
type = "receiveonly"; type = "receiveonly";
versioning = null; versioning = null;
devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ]; devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
id = "default"; id = "default";
}; };
"Obsidian" = { "Obsidian" = {
@ -7573,7 +7578,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in
type = "simple"; type = "simple";
params.keep = "5"; params.keep = "5";
}; };
devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ]; devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
id = "yjvni-9eaa7"; id = "yjvni-9eaa7";
}; };
"Org" = { "Org" = {
@ -7583,7 +7588,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in
type = "simple"; type = "simple";
params.keep = "5"; params.keep = "5";
}; };
devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ]; devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
id = "a7xnl-zjj3d"; id = "a7xnl-zjj3d";
}; };
"Vpn" = { "Vpn" = {
@ -7593,7 +7598,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in
type = "simple"; type = "simple";
params.keep = "5"; params.keep = "5";
}; };
devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ]; devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
id = "hgp9s-fyq3p"; id = "hgp9s-fyq3p";
}; };
"Documents" = { "Documents" = {
@ -7603,12 +7608,12 @@ Here we just define some aliases for rebuilding the system, and we allow some in
type = "simple"; type = "simple";
params.keep = "5"; params.keep = "5";
}; };
devices = [ "magicant" "nbl-imba-2" ]; devices = [ "magicant" "${workHostName}" ];
id = "hgr3d-pfu3w"; id = "hgr3d-pfu3w";
}; };
# ".elfeed" = { # ".elfeed" = {
# path = "/Vault/data/syncthing/.elfeed"; # path = "/Vault/data/syncthing/.elfeed";
# devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ]; # devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
# id = "h7xbs-fs9v1"; # id = "h7xbs-fs9v1";
# }; # };
}; };
@ -8229,7 +8234,7 @@ This smashes Atmosphere 1.3.2 on the switch, which is what I am currenty using.
Options that I need specifically at work. There are more options at [[#h:f0b2ea93-94c8-48d8-8d47-6fe58f58e0e6][Work]] (home-manager side). Options that I need specifically at work. There are more options at [[#h:f0b2ea93-94c8-48d8-8d47-6fe58f58e0e6][Work]] (home-manager side).
#+begin_src nix :tangle profiles/nixos/optional/work.nix #+begin_src nix :tangle profiles/nixos/optional/work.nix
{ self, pkgs, config, ... }: { self, lib, pkgs, config, ... }:
let let
owner = "swarsel"; owner = "swarsel";
sopsFile = self + /secrets/work/secrets.yaml; sopsFile = self + /secrets/work/secrets.yaml;
@ -8237,16 +8242,10 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9
{ {
sops = { sops = {
secrets = { secrets = {
clad = { vcuser = {
inherit owner sopsFile; inherit owner sopsFile;
}; };
dcad = { vcpw = {
inherit owner sopsFile;
};
wsad = {
inherit owner sopsFile;
};
imbad = {
inherit owner sopsFile; inherit owner sopsFile;
}; };
}; };
@ -8255,14 +8254,8 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9
# boot.initrd.luks.yubikeySupport = true; # boot.initrd.luks.yubikeySupport = true;
programs = { programs = {
zsh.shellInit = '' zsh.shellInit = ''
export CLAD="$(cat ${config.sops.secrets.clad.path})" export VSPHERE_USER="$(cat ${config.sops.secrets.vcuser.path})"
export DCAD="$(cat ${config.sops.secrets.dcad.path})" export VSPHERE_PW="$(cat ${config.sops.secrets.vcpw.path})"
export GOVC_PASSWORD="$(cat ${config.sops.secrets.dcad.path})"
export WSAD="$(cat ${config.sops.secrets.wsad.path})"
export IMBAD="$(cat ${config.sops.secrets.imbad.path})"
export DCUSER="dc_adm_schwarzaeugl@IMP.UNIVIE.AC.AT"
export GOVC_USERNAME="dc_adm_schwarzaeugl@IMP.UNIVIE.AC.AT"
export PACKER_SSH_EXTRA_ARGS='"--scp-extra-args","'-O'"'
''; '';
browserpass.enable = true; browserpass.enable = true;
@ -11023,13 +11016,16 @@ Settinfs that are needed for the gpg-agent. Also we are enabling emacs support f
This service changes the screen hue at night. I am not sure if that really does something, but I like the color anyways. This service changes the screen hue at night. I am not sure if that really does something, but I like the color anyways.
#+begin_src nix :tangle profiles/home/common/gammastep.nix #+begin_src nix :tangle profiles/home/common/gammastep.nix
_: { config, lib, nix-secrets, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
in
{ {
services.gammastep = { services.gammastep = lib.mkIf (!config.swarselsystems.isPublic) {
enable = true; enable = true;
provider = "manual"; provider = "manual";
latitude = 48.210033; latitude = lib.strings.trim (builtins.readFile "${secretsDirectory}/home/gammastep-latitude");
longitude = 16.363449; longitude = lib.strings.trim (builtins.readFile "${secretsDirectory}/home/gammastep-longitude");
}; };
} }
#+end_src #+end_src
@ -11165,7 +11161,13 @@ The rest of the settings is at [[#h:fb3f3e01-7df4-4b06-9e91-aa9cac61a431][gaming
The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]. Here, I am setting up the different firefox profiles that I need for the SSO sites that I need to access at work as well as a few ssh shorthands. The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]. Here, I am setting up the different firefox profiles that I need for the SSO sites that I need to access at work as well as a few ssh shorthands.
#+begin_src nix :tangle profiles/home/optional/work.nix :noweb yes #+begin_src nix :tangle profiles/home/optional/work.nix :noweb yes
{ self, config, pkgs, lib, ... }: { self, config, pkgs, lib, nix-secrets, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
dcUser = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/dc-user");
clUser = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cl-user");
wsUser = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/ws-user");
in
{ {
home.packages = with pkgs; [ home.packages = with pkgs; [
stable.teams-for-linux stable.teams-for-linux
@ -11200,14 +11202,20 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
}; };
}; };
stylix.targets.firefox.profileNames = [
"dc"
"cl"
"ws"
];
programs = { programs = {
git.userEmail = "leon.schwarzaeugl@imba.oeaw.ac.at"; git.userEmail = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/git-email");
zsh = { zsh = {
shellAliases = { shellAliases = {
dssh = "ssh -l dc_adm_schwarzaeugl"; dssh = "ssh -l ${dcUser}";
cssh = "ssh -l cl_adm_schwarzaeugl"; cssh = "ssh -l ${clUser}";
wssh = "ssh -l ws_adm_schwarzaeugl"; wssh = "ssh -l ${wsUser}";
}; };
cdpath = [ cdpath = [
"~/Documents/Work" "~/Documents/Work"
@ -11224,42 +11232,42 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
ssh = { ssh = {
matchBlocks = { matchBlocks = {
"uc" = { "uc" = {
hostname = "uc.clip.vbc.ac.at"; hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-prod");
user = "stack"; user = "stack";
}; };
"uc.stg" = { "uc.stg" = {
hostname = "uc.staging.clip.vbc.ac.at"; hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-stg");
user = "stack"; user = "stack";
}; };
"uc.staging" = { "uc.staging" = {
hostname = "uc.staging.clip.vbc.ac.at"; hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-stg");
user = "stack"; user = "stack";
}; };
"uc.dev" = { "uc.dev" = {
hostname = "uc.dev.clip.vbc.ac.at"; hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-dev");
user = "stack"; user = "stack";
}; };
"cbe" = { "cbe" = {
hostname = "cbe.vbc.ac.at"; hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cbe-prod");
user = "dc_adm_schwarzaeugl"; user = dcUser;
}; };
"cbe.stg" = { "cbe.stg" = {
hostname = "cbe.staging.clip.vbc.ac.at"; hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cbe-stg");
user = "dc_adm_schwarzaeugl"; user = dcUser;
}; };
"cbe.staging" = { "cbe.staging" = {
hostname = "cbe.staging.clip.vbc.ac.at"; hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cbe-stg");
user = "dc_adm_schwarzaeugl"; user = dcUser;
}; };
"*.vbc.ac.at" = { "*.vbc.ac.at" = {
user = "dc_adm_schwarzaeugl"; user = dcUser;
}; };
}; };
}; };
firefox = { firefox = {
profiles = { profiles = {
dc_adm = lib.recursiveUpdate dc = lib.recursiveUpdate
{ {
id = 1; id = 1;
settings = { settings = {
@ -11267,7 +11275,7 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
}; };
} }
config.swarselsystems.firefox; config.swarselsystems.firefox;
cl_adm = lib.recursiveUpdate cl = lib.recursiveUpdate
{ {
id = 2; id = 2;
settings = { settings = {
@ -11275,7 +11283,7 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
}; };
} }
config.swarselsystems.firefox; config.swarselsystems.firefox;
ws_adm = lib.recursiveUpdate { id = 3; } config.swarselsystems.firefox; ws = lib.recursiveUpdate { id = 3; } config.swarselsystems.firefox;
}; };
}; };
@ -11430,23 +11438,23 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
in in
{ {
firefox_dc = { firefox_dc = {
name = "Firefox (dc_adm)"; name = "Firefox (dc)";
genericName = "Firefox dc"; genericName = "Firefox dc";
exec = "firefox -p dc_adm"; exec = "firefox -p dc";
inherit terminal categories icon; inherit terminal categories icon;
}; };
firefox_ws = { firefox_ws = {
name = "Firefox (ws_adm)"; name = "Firefox (ws)";
genericName = "Firefox ws"; genericName = "Firefox ws";
exec = "firefox -p ws_adm"; exec = "firefox -p ws";
inherit terminal categories icon; inherit terminal categories icon;
}; };
firefox_cl = { firefox_cl = {
name = "Firefox (cl_adm)"; name = "Firefox (cl)";
genericName = "Firefox cl"; genericName = "Firefox cl";
exec = "firefox -p cl_adm"; exec = "firefox -p cl";
inherit terminal categories icon; inherit terminal categories icon;
}; };

5
hosts/nixos/nbl-imba-2/default.nix
View file

@ -1,5 +1,6 @@
{ self, inputs, pkgs, lib, ... }: { self, inputs, pkgs, lib, ... }:
let let
secretsDirectory = builtins.toString inputs.nix-secrets;
profilesPath = "${self}/profiles"; profilesPath = "${self}/profiles";
sharedOptions = { sharedOptions = {
isBtrfs = true; isBtrfs = true;
@ -78,8 +79,8 @@ in
}; };
networking = { networking = {
hostName = "nbl-imba-2"; hostName = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/worklaptop-hostname");
fqdn = "nbl-imba-2.imp.univie.ac.at"; fqdn = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/worklaptop-fqdn");
firewall.enable = true; firewall.enable = true;
}; };

2
overlays/default.nix
View file

@ -3,7 +3,7 @@
let let
additions = final: _: import "${self}/pkgs" { pkgs = final; inherit lib; }; additions = final: _: import "${self}/pkgs" { pkgs = final; inherit lib; };
modifications = final: prev: { modifications = _: prev: {
vesktop = prev.vesktop.override { vesktop = prev.vesktop.override {
withSystemVencord = true; withSystemVencord = true;
}; };

11
profiles/home/common/gammastep.nix
View file

@ -1,9 +1,12 @@
_: { config, lib, nix-secrets, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
in
{ {
services.gammastep = { services.gammastep = lib.mkIf (!config.swarselsystems.isPublic) {
enable = true; enable = true;
provider = "manual"; provider = "manual";
latitude = 48.210033; latitude = lib.strings.trim (builtins.readFile "${secretsDirectory}/home/gammastep-latitude");
longitude = 16.363449; longitude = lib.strings.trim (builtins.readFile "${secretsDirectory}/home/gammastep-longitude");
}; };
} }

62
profiles/home/optional/work.nix
View file

@ -1,4 +1,10 @@
{ self, config, pkgs, lib, ... }: { self, config, pkgs, lib, nix-secrets, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
dcUser = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/dc-user");
clUser = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cl-user");
wsUser = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/ws-user");
in
{ {
home.packages = with pkgs; [ home.packages = with pkgs; [
stable.teams-for-linux stable.teams-for-linux
@ -33,14 +39,20 @@
}; };
}; };
stylix.targets.firefox.profileNames = [
"dc"
"cl"
"ws"
];
programs = { programs = {
git.userEmail = "leon.schwarzaeugl@imba.oeaw.ac.at"; git.userEmail = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/git-email");
zsh = { zsh = {
shellAliases = { shellAliases = {
dssh = "ssh -l dc_adm_schwarzaeugl"; dssh = "ssh -l ${dcUser}";
cssh = "ssh -l cl_adm_schwarzaeugl"; cssh = "ssh -l ${clUser}";
wssh = "ssh -l ws_adm_schwarzaeugl"; wssh = "ssh -l ${wsUser}";
}; };
cdpath = [ cdpath = [
"~/Documents/Work" "~/Documents/Work"
@ -57,42 +69,42 @@
ssh = { ssh = {
matchBlocks = { matchBlocks = {
"uc" = { "uc" = {
hostname = "uc.clip.vbc.ac.at"; hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-prod");
user = "stack"; user = "stack";
}; };
"uc.stg" = { "uc.stg" = {
hostname = "uc.staging.clip.vbc.ac.at"; hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-stg");
user = "stack"; user = "stack";
}; };
"uc.staging" = { "uc.staging" = {
hostname = "uc.staging.clip.vbc.ac.at"; hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-stg");
user = "stack"; user = "stack";
}; };
"uc.dev" = { "uc.dev" = {
hostname = "uc.dev.clip.vbc.ac.at"; hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-dev");
user = "stack"; user = "stack";
}; };
"cbe" = { "cbe" = {
hostname = "cbe.vbc.ac.at"; hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cbe-prod");
user = "dc_adm_schwarzaeugl"; user = dcUser;
}; };
"cbe.stg" = { "cbe.stg" = {
hostname = "cbe.staging.clip.vbc.ac.at"; hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cbe-stg");
user = "dc_adm_schwarzaeugl"; user = dcUser;
}; };
"cbe.staging" = { "cbe.staging" = {
hostname = "cbe.staging.clip.vbc.ac.at"; hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cbe-stg");
user = "dc_adm_schwarzaeugl"; user = dcUser;
}; };
"*.vbc.ac.at" = { "*.vbc.ac.at" = {
user = "dc_adm_schwarzaeugl"; user = dcUser;
}; };
}; };
}; };
firefox = { firefox = {
profiles = { profiles = {
dc_adm = lib.recursiveUpdate dc = lib.recursiveUpdate
{ {
id = 1; id = 1;
settings = { settings = {
@ -100,7 +112,7 @@
}; };
} }
config.swarselsystems.firefox; config.swarselsystems.firefox;
cl_adm = lib.recursiveUpdate cl = lib.recursiveUpdate
{ {
id = 2; id = 2;
settings = { settings = {
@ -108,7 +120,7 @@
}; };
} }
config.swarselsystems.firefox; config.swarselsystems.firefox;
ws_adm = lib.recursiveUpdate { id = 3; } config.swarselsystems.firefox; ws = lib.recursiveUpdate { id = 3; } config.swarselsystems.firefox;
}; };
}; };
@ -263,23 +275,23 @@
in in
{ {
firefox_dc = { firefox_dc = {
name = "Firefox (dc_adm)"; name = "Firefox (dc)";
genericName = "Firefox dc"; genericName = "Firefox dc";
exec = "firefox -p dc_adm"; exec = "firefox -p dc";
inherit terminal categories icon; inherit terminal categories icon;
}; };
firefox_ws = { firefox_ws = {
name = "Firefox (ws_adm)"; name = "Firefox (ws)";
genericName = "Firefox ws"; genericName = "Firefox ws";
exec = "firefox -p ws_adm"; exec = "firefox -p ws";
inherit terminal categories icon; inherit terminal categories icon;
}; };
firefox_cl = { firefox_cl = {
name = "Firefox (cl_adm)"; name = "Firefox (cl)";
genericName = "Firefox cl"; genericName = "Firefox cl";
exec = "firefox -p cl_adm"; exec = "firefox -p cl";
inherit terminal categories icon; inherit terminal categories icon;
}; };

2
profiles/nixos/common/home-manager.nix
View file

@ -3,6 +3,6 @@
home-manager = lib.mkIf config.swarselsystems.withHomeManager { home-manager = lib.mkIf config.swarselsystems.withHomeManager {
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
extraSpecialArgs = inputs; # used mainly for inputs.self extraSpecialArgs = { inherit (inputs) self nix-secrets; };
}; };
} }

24
profiles/nixos/optional/work.nix
View file

@ -1,4 +1,4 @@
{ self, pkgs, config, ... }: { self, lib, pkgs, config, ... }:
let let
owner = "swarsel"; owner = "swarsel";
sopsFile = self + /secrets/work/secrets.yaml; sopsFile = self + /secrets/work/secrets.yaml;
@ -6,16 +6,10 @@ in
{ {
sops = { sops = {
secrets = { secrets = {
clad = { vcuser = {
inherit owner sopsFile; inherit owner sopsFile;
}; };
dcad = { vcpw = {
inherit owner sopsFile;
};
wsad = {
inherit owner sopsFile;
};
imbad = {
inherit owner sopsFile; inherit owner sopsFile;
}; };
}; };
@ -24,14 +18,8 @@ in
# boot.initrd.luks.yubikeySupport = true; # boot.initrd.luks.yubikeySupport = true;
programs = { programs = {
zsh.shellInit = '' zsh.shellInit = ''
export CLAD="$(cat ${config.sops.secrets.clad.path})" export VSPHERE_USER="$(cat ${config.sops.secrets.vcuser.path})"
export DCAD="$(cat ${config.sops.secrets.dcad.path})" export VSPHERE_PW="$(cat ${config.sops.secrets.vcpw.path})"
export GOVC_PASSWORD="$(cat ${config.sops.secrets.dcad.path})"
export WSAD="$(cat ${config.sops.secrets.wsad.path})"
export IMBAD="$(cat ${config.sops.secrets.imbad.path})"
export DCUSER="dc_adm_schwarzaeugl@IMP.UNIVIE.AC.AT"
export GOVC_USERNAME="dc_adm_schwarzaeugl@IMP.UNIVIE.AC.AT"
export PACKER_SSH_EXTRA_ARGS='"--scp-extra-args","'-O'"'
''; '';
browserpass.enable = true; browserpass.enable = true;
@ -52,7 +40,7 @@ in
}; };
virtualisation = { virtualisation = {
docker.enable = true; docker.enable = lib.mkIf (!config.virtualisation.podman.dockerCompat) true;
spiceUSBRedirection.enable = true; spiceUSBRedirection.enable = true;
libvirtd = { libvirtd = {
enable = true; enable = true;

10
profiles/nixos/server/navidrome.nix
View file

@ -39,7 +39,7 @@ in
enable = true; enable = true;
openFirewall = true; openFirewall = true;
settings = { settings = {
LogLevel = "error"; LogLevel = "debug";
Address = "127.0.0.1"; Address = "127.0.0.1";
Port = 4040; Port = 4040;
MusicFolder = "/Vault/Eternor/Musik"; MusicFolder = "/Vault/Eternor/Musik";
@ -59,10 +59,10 @@ in
}; };
# Switch using --impure as these credential files are not stored within the flake # Switch using --impure as these credential files are not stored within the flake
# sops-nix is not supported for these which is why we need to resort to these # sops-nix is not supported for these which is why we need to resort to these
LastFM.ApiKey = builtins.readFile "${secretsDirectory}/navidrome/lastfm-secret"; LastFM.ApiKey = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/lastfm-secret");
LastFM.Secret = builtins.readFile "${secretsDirectory}/navidrome/lastfm-key"; LastFM.Secret = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/lastfm-key");
Spotify.ID = builtins.readFile "${secretsDirectory}/navidrome/spotify-id"; Spotify.ID = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/spotify-id");
Spotify.Secret = builtins.readFile "${secretsDirectory}/navidrome/spotify-secret"; Spotify.Secret = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/spotify-secret");
UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png"; UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png";
UIWelcomeMessage = "~SwarselSound~"; UIWelcomeMessage = "~SwarselSound~";
}; };

4
profiles/nixos/server/ssh.nix
View file

@ -4,11 +4,11 @@
enable = true; enable = true;
}; };
users.users.swarsel.openssh.authorizedKeys.keyFiles = [ users.users.swarsel.openssh.authorizedKeys.keyFiles = [
(self + /secrets/keys/ssh/nbl-imba-2.pub) (self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub) (self + /secrets/keys/ssh/magicant.pub)
]; ];
users.users.root.openssh.authorizedKeys.keyFiles = [ users.users.root.openssh.authorizedKeys.keyFiles = [
(self + /secrets/keys/ssh/nbl-imba-2.pub) (self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub) (self + /secrets/keys/ssh/magicant.pub)
]; ];
security.sudo.extraConfig = '' security.sudo.extraConfig = ''

20
profiles/nixos/server/syncthing.nix
View file

@ -1,4 +1,8 @@
{ lib, config, ... }: { lib, config, inputs, ... }:
let
secretsDirectory = builtins.toString inputs.nix-secrets;
workHostName = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/worklaptop-hostname");
in
{ {
config = lib.mkIf config.swarselsystems.server.syncthing { config = lib.mkIf config.swarselsystems.server.syncthing {
@ -27,7 +31,7 @@
"sync (@oracle)" = { "sync (@oracle)" = {
id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB";
}; };
"nbl-imba-2" = { "${workHostName}" = {
id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB"; id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB";
}; };
}; };
@ -36,7 +40,7 @@
path = "/Vault/data/syncthing/Sync"; path = "/Vault/data/syncthing/Sync";
type = "receiveonly"; type = "receiveonly";
versioning = null; versioning = null;
devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ]; devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
id = "default"; id = "default";
}; };
"Obsidian" = { "Obsidian" = {
@ -46,7 +50,7 @@
type = "simple"; type = "simple";
params.keep = "5"; params.keep = "5";
}; };
devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ]; devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
id = "yjvni-9eaa7"; id = "yjvni-9eaa7";
}; };
"Org" = { "Org" = {
@ -56,7 +60,7 @@
type = "simple"; type = "simple";
params.keep = "5"; params.keep = "5";
}; };
devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ]; devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
id = "a7xnl-zjj3d"; id = "a7xnl-zjj3d";
}; };
"Vpn" = { "Vpn" = {
@ -66,7 +70,7 @@
type = "simple"; type = "simple";
params.keep = "5"; params.keep = "5";
}; };
devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ]; devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
id = "hgp9s-fyq3p"; id = "hgp9s-fyq3p";
}; };
"Documents" = { "Documents" = {
@ -76,12 +80,12 @@
type = "simple"; type = "simple";
params.keep = "5"; params.keep = "5";
}; };
devices = [ "magicant" "nbl-imba-2" ]; devices = [ "magicant" "${workHostName}" ];
id = "hgr3d-pfu3w"; id = "hgr3d-pfu3w";
}; };
# ".elfeed" = { # ".elfeed" = {
# path = "/Vault/data/syncthing/.elfeed"; # path = "/Vault/data/syncthing/.elfeed";
# devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ]; # devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
# id = "h7xbs-fs9v1"; # id = "h7xbs-fs9v1";
# }; # };
}; };

2
scripts/swarsel-install.sh
View file

@ -115,7 +115,7 @@ else
fi fi
local_keys=$(ssh-add -L || true) local_keys=$(ssh-add -L || true)
pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/nbl-imba-2.pub) pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/yubikey.pub)
read -ra pub_arr <<< "$pub_key" read -ra pub_arr <<< "$pub_key"
cd .dotfiles cd .dotfiles

2
scripts/swarsel-rebuild.sh
View file

@ -67,7 +67,7 @@ else
fi fi
local_keys=$(ssh-add -L || true) local_keys=$(ssh-add -L || true)
pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/nbl-imba-2.pub) pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/yubikey.pub)
read -ra pub_arr <<< "$pub_key" read -ra pub_arr <<< "$pub_key"
cd .dotfiles cd .dotfiles

0
secrets/keys/ssh/nbl-imba-2.pub → secrets/keys/ssh/yubikey.pub
View file

12
secrets/work/secrets.yaml
View file

@ -1,7 +1,5 @@
clad: ENC[AES256_GCM,data:pE/sks9TK6acHwAjNLD0SdRHj6b2ZMkge2w=,iv:aJESPMVXdK1iJ7ItZYZMTcWGgAwTWuMB4d78OlqFbYY=,tag:AtLY/myOjpE6fbQpatfgGg==,type:str] vcuser: ENC[AES256_GCM,data:M2LmjWGI6boQtOdTZz3dZ9Qb,iv:/KAC1RF0bqviHzPFP8F8GlX32f/8Qp07iXz2Yz5UO5o=,tag:rYzeylJIWtoQrSGy8OZqQg==,type:str]
dcad: ENC[AES256_GCM,data:advwwnnNSD53JaWwi3zlLbUTx515xw==,iv:4/B9Vr/IaV0HJUC73snbOeF9FvhCKvgp3CcK7GWh6uA=,tag:69yEWNJEjYnYWNTzXSBJmg==,type:str] vcpw: ENC[AES256_GCM,data:bgqPbdJMVZXPWXiNsr9GxFRE1Q==,iv:5HuagCnNWLBvw7Z+nmLhCfMFV6b9mOd+afqCBUvWjNc=,tag:LfMOFvQZtNUh+7z6a+mpZA==,type:str]
wsad: ENC[AES256_GCM,data:yNL4Ql93sr9PcK0mMihArl2FhATFAzZF1Fy6fgbykeDU,iv:qet1Aba9PkXpFUmTqFVifAN4EKw5BpOxhKxXnHeJYkU=,tag:AJSMdOky0HYEgdS5B/PAcw==,type:str]
imbad: ENC[AES256_GCM,data:/8bq5AtzsZrbXOLY73K2ie9R4GNEAA==,iv:EZHUbS58y1NVM6wkzlmxvWaDMjjWU0VU+9nrGmt9fcw=,tag:axFWhsQ7w1DOHN4yOoF1og==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -17,8 +15,8 @@ sops:
Z0dpTnpXcnRub2NWU21PblBtUnBXTnMKfmW5I2G+XhXEi8ssdnlavppxhgI4G56B Z0dpTnpXcnRub2NWU21PblBtUnBXTnMKfmW5I2G+XhXEi8ssdnlavppxhgI4G56B
555YBJ8mLRXKINtd37nUyfydEUYiM4zUbTFlJ+83VVF//+4KUeOCYw== 555YBJ8mLRXKINtd37nUyfydEUYiM4zUbTFlJ+83VVF//+4KUeOCYw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-17T08:36:23Z" lastmodified: "2025-03-21T17:17:55Z"
mac: ENC[AES256_GCM,data:gVfvTcYIzp4xdmAE14VzdVyef1f7KYykWcoehSc6nkkKNEg7+wjkcsrGoJvE4lbx64IahOJLEzD5aL695RzV32uFz+V+juQVvPW9rZIwz8Y62LYN+Vnowa4VfANPQ7uuUVrk29GPOHfwII5SJWOJcddQwu1XOX1VabIqq9ZweMw=,iv:+HXbFohCMJGytoKbTZ+aR3Lo7bg7O1Wgy2R3KiLv9hE=,tag:dSxMKKqwF4HMW/PtL6ALGw==,type:str] mac: ENC[AES256_GCM,data:6jF3PUfhVaLe1pIlCYlGHOqXhetWij1WijaSt63x/9m81QIcPlrlihpL3jN6d8P57PpnQU0ZHk6vwotmzDH3fsqiYzBaNK7oPuJFQotnm1eHR2NVLCO8zQLY47XN2kjuOSl6N2WNociux0oiOssw5BTFym0uInDlX9Lt9+/YlHI=,iv:J40e5Aoi++2oTrx7JpUL8HdVumWrnLRDsbBfp8YjzCA=,tag:jiHu4mG5PLrrB3FGekpKYw==,type:str]
pgp: pgp:
- created_at: "2024-12-17T11:38:28Z" - created_at: "2024-12-17T11:38:28Z"
enc: |- enc: |-
@ -52,4 +50,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097 fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.1 version: 3.9.4