swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: remove obsoletions

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-03-21 19:44:21 +01:00
parent f7bcd89aa2
commit ee7bbc7b0d
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
14 changed files with 155 additions and 141 deletions
Download patch file Download diff file Expand all files Collapse all files

140
SwarselSystems.org
View file

@ -807,6 +807,7 @@ My work machine. Built for more security, this is the gold standard of my config
#+begin_src nix :tangle hosts/nixos/nbl-imba-2/default.nix
{ self, inputs, pkgs, lib, ... }:
let
secretsDirectory = builtins.toString inputs.nix-secrets;
profilesPath = "${self}/profiles";
sharedOptions = {
isBtrfs = true;
@ -885,8 +886,8 @@ My work machine. Built for more security, this is the gold standard of my config
};
networking = {
hostName = "nbl-imba-2";
fqdn = "nbl-imba-2.imp.univie.ac.at";
hostName = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/worklaptop-hostname");
fqdn = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/worklaptop-fqdn");
firewall.enable = true;
};
@ -3083,7 +3084,7 @@ This program builds a configuration locally.
fi
local_keys=$(ssh-add -L || true)
pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/nbl-imba-2.pub)
pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/yubikey.pub)
read -ra pub_arr <<< "$pub_key"
cd .dotfiles
@ -3239,7 +3240,7 @@ This program sets up a new NixOS host locally.
fi
local_keys=$(ssh-add -L || true)
pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/nbl-imba-2.pub)
pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/yubikey.pub)
read -ra pub_arr <<< "$pub_key"
cd .dotfiles
@ -3768,7 +3769,7 @@ When adding a new entry here, do not forget to add it in the default output of t
let
additions = final: _: import "${self}/pkgs" { pkgs = final; inherit lib; };
modifications = final: prev: {
modifications = _: prev: {
vesktop = prev.vesktop.override {
withSystemVencord = true;
};
@ -4923,7 +4924,7 @@ We enable the use of =home-manager= as a NixoS module. A nice trick here is the
home-manager = lib.mkIf config.swarselsystems.withHomeManager {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = inputs; # used mainly for inputs.self
extraSpecialArgs = { inherit (inputs) self nix-secrets; };
};
}
#+end_src
@ -6535,11 +6536,11 @@ Here we just define some aliases for rebuilding the system, and we allow some in
enable = true;
};
users.users.swarsel.openssh.authorizedKeys.keyFiles = [
(self + /secrets/keys/ssh/nbl-imba-2.pub)
(self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub)
];
users.users.root.openssh.authorizedKeys.keyFiles = [
(self + /secrets/keys/ssh/nbl-imba-2.pub)
(self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub)
];
security.sudo.extraConfig = ''
@ -6718,10 +6719,10 @@ Here we just define some aliases for rebuilding the system, and we allow some in
};
# Switch using --impure as these credential files are not stored within the flake
# sops-nix is not supported for these which is why we need to resort to these
LastFM.ApiKey = builtins.readFile "${secretsDirectory}/navidrome/lastfm-secret";
LastFM.Secret = builtins.readFile "${secretsDirectory}/navidrome/lastfm-key";
Spotify.ID = builtins.readFile "${secretsDirectory}/navidrome/spotify-id";
Spotify.Secret = builtins.readFile "${secretsDirectory}/navidrome/spotify-secret";
LastFM.ApiKey = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/lastfm-secret");
LastFM.Secret = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/lastfm-key");
Spotify.ID = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/spotify-id");
Spotify.Secret = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/spotify-secret");
UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png";
UIWelcomeMessage = "~SwarselSound~";
};
@ -7525,7 +7526,11 @@ Here we just define some aliases for rebuilding the system, and we allow some in
:END:
#+begin_src nix :tangle profiles/nixos/server/syncthing.nix
{ lib, config, ... }:
{ lib, config, inputs, ... }:
let
secretsDirectory = builtins.toString inputs.nix-secrets;
workHostName = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/worklaptop-hostname");
in
{
config = lib.mkIf config.swarselsystems.server.syncthing {
@ -7554,7 +7559,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in
"sync (@oracle)" = {
id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB";
};
"nbl-imba-2" = {
"${workHostName}" = {
id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB";
};
};
@ -7563,7 +7568,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in
path = "/Vault/data/syncthing/Sync";
type = "receiveonly";
versioning = null;
devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ];
devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
id = "default";
};
"Obsidian" = {
@ -7573,7 +7578,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in
type = "simple";
params.keep = "5";
};
devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ];
devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
id = "yjvni-9eaa7";
};
"Org" = {
@ -7583,7 +7588,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in
type = "simple";
params.keep = "5";
};
devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ];
devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
id = "a7xnl-zjj3d";
};
"Vpn" = {
@ -7593,7 +7598,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in
type = "simple";
params.keep = "5";
};
devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ];
devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
id = "hgp9s-fyq3p";
};
"Documents" = {
@ -7603,12 +7608,12 @@ Here we just define some aliases for rebuilding the system, and we allow some in
type = "simple";
params.keep = "5";
};
devices = [ "magicant" "nbl-imba-2" ];
devices = [ "magicant" "${workHostName}" ];
id = "hgr3d-pfu3w";
};
# ".elfeed" = {
# path = "/Vault/data/syncthing/.elfeed";
# devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ];
# devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
# id = "h7xbs-fs9v1";
# };
};
@ -8229,7 +8234,7 @@ This smashes Atmosphere 1.3.2 on the switch, which is what I am currenty using.
Options that I need specifically at work. There are more options at [[#h:f0b2ea93-94c8-48d8-8d47-6fe58f58e0e6][Work]] (home-manager side).
#+begin_src nix :tangle profiles/nixos/optional/work.nix
{ self, pkgs, config, ... }:
{ self, lib, pkgs, config, ... }:
let
owner = "swarsel";
sopsFile = self + /secrets/work/secrets.yaml;
@ -8237,16 +8242,10 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9
{
sops = {
secrets = {
clad = {
vcuser = {
inherit owner sopsFile;
};
dcad = {
inherit owner sopsFile;
};
wsad = {
inherit owner sopsFile;
};
imbad = {
vcpw = {
inherit owner sopsFile;
};
};
@ -8255,14 +8254,8 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9
# boot.initrd.luks.yubikeySupport = true;
programs = {
zsh.shellInit = ''
export CLAD="$(cat ${config.sops.secrets.clad.path})"
export DCAD="$(cat ${config.sops.secrets.dcad.path})"
export GOVC_PASSWORD="$(cat ${config.sops.secrets.dcad.path})"
export WSAD="$(cat ${config.sops.secrets.wsad.path})"
export IMBAD="$(cat ${config.sops.secrets.imbad.path})"
export DCUSER="dc_adm_schwarzaeugl@IMP.UNIVIE.AC.AT"
export GOVC_USERNAME="dc_adm_schwarzaeugl@IMP.UNIVIE.AC.AT"
export PACKER_SSH_EXTRA_ARGS='"--scp-extra-args","'-O'"'
export VSPHERE_USER="$(cat ${config.sops.secrets.vcuser.path})"
export VSPHERE_PW="$(cat ${config.sops.secrets.vcpw.path})"
'';
browserpass.enable = true;
@ -11023,13 +11016,16 @@ Settinfs that are needed for the gpg-agent. Also we are enabling emacs support f
This service changes the screen hue at night. I am not sure if that really does something, but I like the color anyways.
#+begin_src nix :tangle profiles/home/common/gammastep.nix
_:
{ config, lib, nix-secrets, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
in
{
services.gammastep = {
services.gammastep = lib.mkIf (!config.swarselsystems.isPublic) {
enable = true;
provider = "manual";
latitude = 48.210033;
longitude = 16.363449;
latitude = lib.strings.trim (builtins.readFile "${secretsDirectory}/home/gammastep-latitude");
longitude = lib.strings.trim (builtins.readFile "${secretsDirectory}/home/gammastep-longitude");
};
}
#+end_src
@ -11165,7 +11161,13 @@ The rest of the settings is at [[#h:fb3f3e01-7df4-4b06-9e91-aa9cac61a431][gaming
The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]. Here, I am setting up the different firefox profiles that I need for the SSO sites that I need to access at work as well as a few ssh shorthands.
#+begin_src nix :tangle profiles/home/optional/work.nix :noweb yes
{ self, config, pkgs, lib, ... }:
{ self, config, pkgs, lib, nix-secrets, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
dcUser = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/dc-user");
clUser = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cl-user");
wsUser = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/ws-user");
in
{
home.packages = with pkgs; [
stable.teams-for-linux
@ -11200,14 +11202,20 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
};
};
stylix.targets.firefox.profileNames = [
"dc"
"cl"
"ws"
];
programs = {
git.userEmail = "leon.schwarzaeugl@imba.oeaw.ac.at";
git.userEmail = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/git-email");
zsh = {
shellAliases = {
dssh = "ssh -l dc_adm_schwarzaeugl";
cssh = "ssh -l cl_adm_schwarzaeugl";
wssh = "ssh -l ws_adm_schwarzaeugl";
dssh = "ssh -l ${dcUser}";
cssh = "ssh -l ${clUser}";
wssh = "ssh -l ${wsUser}";
};
cdpath = [
"~/Documents/Work"
@ -11224,42 +11232,42 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
ssh = {
matchBlocks = {
"uc" = {
hostname = "uc.clip.vbc.ac.at";
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-prod");
user = "stack";
};
"uc.stg" = {
hostname = "uc.staging.clip.vbc.ac.at";
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-stg");
user = "stack";
};
"uc.staging" = {
hostname = "uc.staging.clip.vbc.ac.at";
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-stg");
user = "stack";
};
"uc.dev" = {
hostname = "uc.dev.clip.vbc.ac.at";
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-dev");
user = "stack";
};
"cbe" = {
hostname = "cbe.vbc.ac.at";
user = "dc_adm_schwarzaeugl";
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cbe-prod");
user = dcUser;
};
"cbe.stg" = {
hostname = "cbe.staging.clip.vbc.ac.at";
user = "dc_adm_schwarzaeugl";
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cbe-stg");
user = dcUser;
};
"cbe.staging" = {
hostname = "cbe.staging.clip.vbc.ac.at";
user = "dc_adm_schwarzaeugl";
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cbe-stg");
user = dcUser;
};
"*.vbc.ac.at" = {
user = "dc_adm_schwarzaeugl";
user = dcUser;
};
};
};
firefox = {
profiles = {
dc_adm = lib.recursiveUpdate
dc = lib.recursiveUpdate
{
id = 1;
settings = {
@ -11267,7 +11275,7 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
};
}
config.swarselsystems.firefox;
cl_adm = lib.recursiveUpdate
cl = lib.recursiveUpdate
{
id = 2;
settings = {
@ -11275,7 +11283,7 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
};
}
config.swarselsystems.firefox;
ws_adm = lib.recursiveUpdate { id = 3; } config.swarselsystems.firefox;
ws = lib.recursiveUpdate { id = 3; } config.swarselsystems.firefox;
};
};
@ -11430,23 +11438,23 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
in
{
firefox_dc = {
name = "Firefox (dc_adm)";
name = "Firefox (dc)";
genericName = "Firefox dc";
exec = "firefox -p dc_adm";
exec = "firefox -p dc";
inherit terminal categories icon;
};
firefox_ws = {
name = "Firefox (ws_adm)";
name = "Firefox (ws)";
genericName = "Firefox ws";
exec = "firefox -p ws_adm";
exec = "firefox -p ws";
inherit terminal categories icon;
};
firefox_cl = {
name = "Firefox (cl_adm)";
name = "Firefox (cl)";
genericName = "Firefox cl";
exec = "firefox -p cl_adm";
exec = "firefox -p cl";
inherit terminal categories icon;
};

5
hosts/nixos/nbl-imba-2/default.nix
View file

@ -1,5 +1,6 @@
{ self, inputs, pkgs, lib, ... }:
let
secretsDirectory = builtins.toString inputs.nix-secrets;
profilesPath = "${self}/profiles";
sharedOptions = {
isBtrfs = true;
@ -78,8 +79,8 @@ in
};
networking = {
hostName = "nbl-imba-2";
fqdn = "nbl-imba-2.imp.univie.ac.at";
hostName = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/worklaptop-hostname");
fqdn = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/worklaptop-fqdn");
firewall.enable = true;
};

2
overlays/default.nix
View file

@ -3,7 +3,7 @@
let
additions = final: _: import "${self}/pkgs" { pkgs = final; inherit lib; };
modifications = final: prev: {
modifications = _: prev: {
vesktop = prev.vesktop.override {
withSystemVencord = true;
};

11
profiles/home/common/gammastep.nix
View file

@ -1,9 +1,12 @@
_:
{ config, lib, nix-secrets, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
in
{
services.gammastep = {
services.gammastep = lib.mkIf (!config.swarselsystems.isPublic) {
enable = true;
provider = "manual";
latitude = 48.210033;
longitude = 16.363449;
latitude = lib.strings.trim (builtins.readFile "${secretsDirectory}/home/gammastep-latitude");
longitude = lib.strings.trim (builtins.readFile "${secretsDirectory}/home/gammastep-longitude");
};
}

62
profiles/home/optional/work.nix
View file

@ -1,4 +1,10 @@
{ self, config, pkgs, lib, ... }:
{ self, config, pkgs, lib, nix-secrets, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
dcUser = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/dc-user");
clUser = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cl-user");
wsUser = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/ws-user");
in
{
home.packages = with pkgs; [
stable.teams-for-linux
@ -33,14 +39,20 @@
};
};
stylix.targets.firefox.profileNames = [
"dc"
"cl"
"ws"
];
programs = {
git.userEmail = "leon.schwarzaeugl@imba.oeaw.ac.at";
git.userEmail = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/git-email");
zsh = {
shellAliases = {
dssh = "ssh -l dc_adm_schwarzaeugl";
cssh = "ssh -l cl_adm_schwarzaeugl";
wssh = "ssh -l ws_adm_schwarzaeugl";
dssh = "ssh -l ${dcUser}";
cssh = "ssh -l ${clUser}";
wssh = "ssh -l ${wsUser}";
};
cdpath = [
"~/Documents/Work"
@ -57,42 +69,42 @@
ssh = {
matchBlocks = {
"uc" = {
hostname = "uc.clip.vbc.ac.at";
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-prod");
user = "stack";
};
"uc.stg" = {
hostname = "uc.staging.clip.vbc.ac.at";
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-stg");
user = "stack";
};
"uc.staging" = {
hostname = "uc.staging.clip.vbc.ac.at";
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-stg");
user = "stack";
};
"uc.dev" = {
hostname = "uc.dev.clip.vbc.ac.at";
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-dev");
user = "stack";
};
"cbe" = {
hostname = "cbe.vbc.ac.at";
user = "dc_adm_schwarzaeugl";
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cbe-prod");
user = dcUser;
};
"cbe.stg" = {
hostname = "cbe.staging.clip.vbc.ac.at";
user = "dc_adm_schwarzaeugl";
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cbe-stg");
user = dcUser;
};
"cbe.staging" = {
hostname = "cbe.staging.clip.vbc.ac.at";
user = "dc_adm_schwarzaeugl";
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cbe-stg");
user = dcUser;
};
"*.vbc.ac.at" = {
user = "dc_adm_schwarzaeugl";
user = dcUser;
};
};
};
firefox = {
profiles = {
dc_adm = lib.recursiveUpdate
dc = lib.recursiveUpdate
{
id = 1;
settings = {
@ -100,7 +112,7 @@
};
}
config.swarselsystems.firefox;
cl_adm = lib.recursiveUpdate
cl = lib.recursiveUpdate
{
id = 2;
settings = {
@ -108,7 +120,7 @@
};
}
config.swarselsystems.firefox;
ws_adm = lib.recursiveUpdate { id = 3; } config.swarselsystems.firefox;
ws = lib.recursiveUpdate { id = 3; } config.swarselsystems.firefox;
};
};
@ -263,23 +275,23 @@
in
{
firefox_dc = {
name = "Firefox (dc_adm)";
name = "Firefox (dc)";
genericName = "Firefox dc";
exec = "firefox -p dc_adm";
exec = "firefox -p dc";
inherit terminal categories icon;
};
firefox_ws = {
name = "Firefox (ws_adm)";
name = "Firefox (ws)";
genericName = "Firefox ws";
exec = "firefox -p ws_adm";
exec = "firefox -p ws";
inherit terminal categories icon;
};
firefox_cl = {
name = "Firefox (cl_adm)";
name = "Firefox (cl)";
genericName = "Firefox cl";
exec = "firefox -p cl_adm";
exec = "firefox -p cl";
inherit terminal categories icon;
};

2
profiles/nixos/common/home-manager.nix
View file

@ -3,6 +3,6 @@
home-manager = lib.mkIf config.swarselsystems.withHomeManager {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = inputs; # used mainly for inputs.self
extraSpecialArgs = { inherit (inputs) self nix-secrets; };
};
}

24
profiles/nixos/optional/work.nix
View file

@ -1,4 +1,4 @@
{ self, pkgs, config, ... }:
{ self, lib, pkgs, config, ... }:
let
owner = "swarsel";
sopsFile = self + /secrets/work/secrets.yaml;
@ -6,16 +6,10 @@ in
{
sops = {
secrets = {
clad = {
vcuser = {
inherit owner sopsFile;
};
dcad = {
inherit owner sopsFile;
};
wsad = {
inherit owner sopsFile;
};
imbad = {
vcpw = {
inherit owner sopsFile;
};
};
@ -24,14 +18,8 @@ in
# boot.initrd.luks.yubikeySupport = true;
programs = {
zsh.shellInit = ''
export CLAD="$(cat ${config.sops.secrets.clad.path})"
export DCAD="$(cat ${config.sops.secrets.dcad.path})"
export GOVC_PASSWORD="$(cat ${config.sops.secrets.dcad.path})"
export WSAD="$(cat ${config.sops.secrets.wsad.path})"
export IMBAD="$(cat ${config.sops.secrets.imbad.path})"
export DCUSER="dc_adm_schwarzaeugl@IMP.UNIVIE.AC.AT"
export GOVC_USERNAME="dc_adm_schwarzaeugl@IMP.UNIVIE.AC.AT"
export PACKER_SSH_EXTRA_ARGS='"--scp-extra-args","'-O'"'
export VSPHERE_USER="$(cat ${config.sops.secrets.vcuser.path})"
export VSPHERE_PW="$(cat ${config.sops.secrets.vcpw.path})"
'';
browserpass.enable = true;
@ -52,7 +40,7 @@ in
};
virtualisation = {
docker.enable = true;
docker.enable = lib.mkIf (!config.virtualisation.podman.dockerCompat) true;
spiceUSBRedirection.enable = true;
libvirtd = {
enable = true;

10
profiles/nixos/server/navidrome.nix
View file

@ -39,7 +39,7 @@ in
enable = true;
openFirewall = true;
settings = {
LogLevel = "error";
LogLevel = "debug";
Address = "127.0.0.1";
Port = 4040;
MusicFolder = "/Vault/Eternor/Musik";
@ -59,10 +59,10 @@ in
};
# Switch using --impure as these credential files are not stored within the flake
# sops-nix is not supported for these which is why we need to resort to these
LastFM.ApiKey = builtins.readFile "${secretsDirectory}/navidrome/lastfm-secret";
LastFM.Secret = builtins.readFile "${secretsDirectory}/navidrome/lastfm-key";
Spotify.ID = builtins.readFile "${secretsDirectory}/navidrome/spotify-id";
Spotify.Secret = builtins.readFile "${secretsDirectory}/navidrome/spotify-secret";
LastFM.ApiKey = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/lastfm-secret");
LastFM.Secret = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/lastfm-key");
Spotify.ID = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/spotify-id");
Spotify.Secret = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/spotify-secret");
UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png";
UIWelcomeMessage = "~SwarselSound~";
};

4
profiles/nixos/server/ssh.nix
View file

@ -4,11 +4,11 @@
enable = true;
};
users.users.swarsel.openssh.authorizedKeys.keyFiles = [
(self + /secrets/keys/ssh/nbl-imba-2.pub)
(self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub)
];
users.users.root.openssh.authorizedKeys.keyFiles = [
(self + /secrets/keys/ssh/nbl-imba-2.pub)
(self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub)
];
security.sudo.extraConfig = ''

20
profiles/nixos/server/syncthing.nix
View file

@ -1,4 +1,8 @@
{ lib, config, ... }:
{ lib, config, inputs, ... }:
let
secretsDirectory = builtins.toString inputs.nix-secrets;
workHostName = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/worklaptop-hostname");
in
{
config = lib.mkIf config.swarselsystems.server.syncthing {
@ -27,7 +31,7 @@
"sync (@oracle)" = {
id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB";
};
"nbl-imba-2" = {
"${workHostName}" = {
id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB";
};
};
@ -36,7 +40,7 @@
path = "/Vault/data/syncthing/Sync";
type = "receiveonly";
versioning = null;
devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ];
devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
id = "default";
};
"Obsidian" = {
@ -46,7 +50,7 @@
type = "simple";
params.keep = "5";
};
devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ];
devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
id = "yjvni-9eaa7";
};
"Org" = {
@ -56,7 +60,7 @@
type = "simple";
params.keep = "5";
};
devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ];
devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
id = "a7xnl-zjj3d";
};
"Vpn" = {
@ -66,7 +70,7 @@
type = "simple";
params.keep = "5";
};
devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ];
devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
id = "hgp9s-fyq3p";
};
"Documents" = {
@ -76,12 +80,12 @@
type = "simple";
params.keep = "5";
};
devices = [ "magicant" "nbl-imba-2" ];
devices = [ "magicant" "${workHostName}" ];
id = "hgr3d-pfu3w";
};
# ".elfeed" = {
# path = "/Vault/data/syncthing/.elfeed";
# devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ];
# devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
# id = "h7xbs-fs9v1";
# };
};

2
scripts/swarsel-install.sh
View file

@ -115,7 +115,7 @@ else
fi
local_keys=$(ssh-add -L || true)
pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/nbl-imba-2.pub)
pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/yubikey.pub)
read -ra pub_arr <<< "$pub_key"
cd .dotfiles

2
scripts/swarsel-rebuild.sh
View file

@ -67,7 +67,7 @@ else
fi
local_keys=$(ssh-add -L || true)
pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/nbl-imba-2.pub)
pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/yubikey.pub)
read -ra pub_arr <<< "$pub_key"
cd .dotfiles

0
secrets/keys/ssh/nbl-imba-2.pub → secrets/keys/ssh/yubikey.pub
View file

12
secrets/work/secrets.yaml
View file

@ -1,7 +1,5 @@
clad: ENC[AES256_GCM,data:pE/sks9TK6acHwAjNLD0SdRHj6b2ZMkge2w=,iv:aJESPMVXdK1iJ7ItZYZMTcWGgAwTWuMB4d78OlqFbYY=,tag:AtLY/myOjpE6fbQpatfgGg==,type:str]
dcad: ENC[AES256_GCM,data:advwwnnNSD53JaWwi3zlLbUTx515xw==,iv:4/B9Vr/IaV0HJUC73snbOeF9FvhCKvgp3CcK7GWh6uA=,tag:69yEWNJEjYnYWNTzXSBJmg==,type:str]
wsad: ENC[AES256_GCM,data:yNL4Ql93sr9PcK0mMihArl2FhATFAzZF1Fy6fgbykeDU,iv:qet1Aba9PkXpFUmTqFVifAN4EKw5BpOxhKxXnHeJYkU=,tag:AJSMdOky0HYEgdS5B/PAcw==,type:str]
imbad: ENC[AES256_GCM,data:/8bq5AtzsZrbXOLY73K2ie9R4GNEAA==,iv:EZHUbS58y1NVM6wkzlmxvWaDMjjWU0VU+9nrGmt9fcw=,tag:axFWhsQ7w1DOHN4yOoF1og==,type:str]
vcuser: ENC[AES256_GCM,data:M2LmjWGI6boQtOdTZz3dZ9Qb,iv:/KAC1RF0bqviHzPFP8F8GlX32f/8Qp07iXz2Yz5UO5o=,tag:rYzeylJIWtoQrSGy8OZqQg==,type:str]
vcpw: ENC[AES256_GCM,data:bgqPbdJMVZXPWXiNsr9GxFRE1Q==,iv:5HuagCnNWLBvw7Z+nmLhCfMFV6b9mOd+afqCBUvWjNc=,tag:LfMOFvQZtNUh+7z6a+mpZA==,type:str]
sops:
kms: []
gcp_kms: []
@ -17,8 +15,8 @@ sops:
Z0dpTnpXcnRub2NWU21PblBtUnBXTnMKfmW5I2G+XhXEi8ssdnlavppxhgI4G56B
555YBJ8mLRXKINtd37nUyfydEUYiM4zUbTFlJ+83VVF//+4KUeOCYw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-17T08:36:23Z"
mac: ENC[AES256_GCM,data:gVfvTcYIzp4xdmAE14VzdVyef1f7KYykWcoehSc6nkkKNEg7+wjkcsrGoJvE4lbx64IahOJLEzD5aL695RzV32uFz+V+juQVvPW9rZIwz8Y62LYN+Vnowa4VfANPQ7uuUVrk29GPOHfwII5SJWOJcddQwu1XOX1VabIqq9ZweMw=,iv:+HXbFohCMJGytoKbTZ+aR3Lo7bg7O1Wgy2R3KiLv9hE=,tag:dSxMKKqwF4HMW/PtL6ALGw==,type:str]
lastmodified: "2025-03-21T17:17:55Z"
mac: ENC[AES256_GCM,data:6jF3PUfhVaLe1pIlCYlGHOqXhetWij1WijaSt63x/9m81QIcPlrlihpL3jN6d8P57PpnQU0ZHk6vwotmzDH3fsqiYzBaNK7oPuJFQotnm1eHR2NVLCO8zQLY47XN2kjuOSl6N2WNociux0oiOssw5BTFym0uInDlX9Lt9+/YlHI=,iv:J40e5Aoi++2oTrx7JpUL8HdVumWrnLRDsbBfp8YjzCA=,tag:jiHu4mG5PLrrB3FGekpKYw==,type:str]
pgp:
- created_at: "2024-12-17T11:38:28Z"
enc: |-
@ -52,4 +50,4 @@ sops:
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.9.1
version: 3.9.4