diff --git a/hosts/virgil/configuration.nix b/hosts/virgil/configuration.nix index 4e5f599..f91a3c3 100644 --- a/hosts/virgil/configuration.nix +++ b/hosts/virgil/configuration.nix @@ -8,6 +8,7 @@ ./disko.nix ./hardware-configuration.nix ./vfio.nix + ./secrets.nix ../../modules/nixos/networking/default.nix ../../modules/nixos/virtualization/default.nix ../../modules/nixos/common.nix @@ -21,10 +22,6 @@ xwayland.enable = true; }; - environment.systemPackages = with pkgs; [ - protonup-ng - ]; - boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "virgil"; diff --git a/hosts/virgil/hardware-configuration.nix b/hosts/virgil/hardware-configuration.nix index 13b326b..e98cde2 100644 --- a/hosts/virgil/hardware-configuration.nix +++ b/hosts/virgil/hardware-configuration.nix @@ -77,6 +77,19 @@ "noatime" ]; }; + fileSystems."/mnt/rclone" = { + device = "virgilbackups:"; + fsType = "rclone"; + options = [ + "nodev" + "nofail" + "allow_other" + "args2env" + "config=/home/tulg/.config/rclone.conf" + "x-systemd.automount" + "x-systemd.idle-timeout=60" + ]; + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/hosts/virgil/secrets.nix b/hosts/virgil/secrets.nix index 9459f65..81889ca 100644 --- a/hosts/virgil/secrets.nix +++ b/hosts/virgil/secrets.nix @@ -1,9 +1,11 @@ { age = { - secrets = { - secret1 = { - file ../../modules/secrets/secret1.age; - }; - }; + secrets = { + rclone = { + file = ../../modules/secrets/rclone.age; + owner = "tulg"; + path = "/home/tulg/.config/rclone.conf"; + }; + }; }; -} \ No newline at end of file +} diff --git a/modules/nixos/common.nix b/modules/nixos/common.nix index 30dac87..3c2a99b 100644 --- a/modules/nixos/common.nix +++ b/modules/nixos/common.nix @@ -11,6 +11,7 @@ qdirstat moonlight-qt amdgpu_top + rclone ]; nixpkgs.config.allowUnfree = true; nix.settings.experimental-features = ["nix-command" "flakes"]; diff --git a/modules/secrets/rclone.age b/modules/secrets/rclone.age new file mode 100644 index 0000000..5f19eae --- /dev/null +++ b/modules/secrets/rclone.age @@ -0,0 +1,25 @@ +age-encryption.org/v1 +-> ssh-ed25519 IVY22Q xHJM3cCir4ODwnj9mUmUxPXM2z3TuUM91tcJ/3i/Jjc +LjU+n5fXTK+mU967M1430ZNOX1ticPd36a8eLxMIbYI +-> ssh-rsa e5531A +N6epPpeNUE2++sLSvanavdKJ3KOj8u7Yz097V91QAyEixryH3RnYZzNNwlMwj1wp +4arPl7QPD1T9JO7C5kO3SfYAjsn0KcdFg+wy0orQNVdG6mOGs8NyB9cPgHQV/a3P +wSy5ZABQn9fbrX/J3RE/3jFFkB4jxajbnUvod5vC1sRB81kxKphjYqux1n61k77g +brT1D9xQp5Llsp8jLfc1DOHnPfLfHqSeAE+E7ZWlpMjCbeAOfNDGP399fCnJyzao +ZXcbpDclfqtnMoRojF3qxKJUVBFhXeenF4r/hvqn0oEiHVS5fg7CNq0P0Ja+1dNB +yAQieWkLhsoHTyPKvKgbyg +-> ssh-rsa zhyJXA +xyKQLnbTmrN0/RuALFp0NbuVRGbccb5bjpXcfCds0xzguFCgmzBUK4gy7Yt8JKJp +fCVs85akrMhVsyLuIcZWKOOUalTf9XXGiIpzu0nHZb+q4yWyFLxAQgcMMWlMUmPv +FhJEshYpmayi151fKrFsskm6BVJaislEr9vhYjIX+SmAoFarJoVHqWtk5ZFFLnDI +Ch3LDO56weCDWTkRSbkh95jMV/ZXN9eIvCLvKUk+OW/o+loOIj2/xDKwNN1k1RDT +d7UdwEzdiy3WZ8t8oQWRzWA504vaxcLGLvu1u+5Y9+bbDi8R5tu9Kk8fE9icI2Vt +ilMEhyj60Im/bUjhS6MQ7FvzlMdG7WMVxQ2teMsBYmTA4Frxd5oOJ/7fxLp2/qXI +ZS/zjIYu0d3D3VrcCDQRSqHMeHiVO8fc0GlJ6AqeqoRxgHUgas7ppFDo6egy1qn8 +FEW92oBtRM1elpnNRsaj211M3HI3Dz11fy5AgthrF1v3RkuLW8GpnbeeKRpbBUs/ +j1jvsb9CYNeOw4NETCRDxcVzWaHNItpvZKjgTCGxObFEYe6o8zZV4J+qRT1ztmor +rkJPlDMmhMVVLuj4r77fx3tHzGncjz5lPG63oapWw+/o1McqqT/mhFOX1SsAaUEe +O0oZK3vlEnoT4k1EpAQ6HuGzkM1D3roLKe/g1HLGSb4 +--- H5k54i7k0OkL/9oNNcvAoMgJhLiw5axODX6UrtX2IuA +=+5\+^RcQJpOQ \ No newline at end of file diff --git a/modules/secrets/secret1.age b/modules/secrets/secret1.age index 1af17b8..33ffbaf 100644 --- a/modules/secrets/secret1.age +++ b/modules/secrets/secret1.age @@ -1,15 +1,15 @@ age-encryption.org/v1 --> ssh-rsa zhyJXA -QWPXpf6VLS5jEGjF/rmy7qREO38yTWlknR4P3AqP7J0iFQf7G9jBDPtVj8EP51SQ -1/PUu9bL0AZEwGkJA7wFFo39DWXXTfDsGPaHIdNOQFFbNqnxD7FhVkIJ2zDfS6Vc -E0aKdzI9ATJUzUxaE3Cfro377Rs5LNjc5psBrs0WRFr7apVPiMRuVbHTjXkCv22t -1o9wJiWtDehnzRRBtzOL2bs9NhW1vqIUcnw5RLlRD/731tvtIqCd+V9tccvHMTrY -d4sndTcwQp9w7pnBZSJHdrAVeTAmanhBfz7OZyV3PIFy4bUZ+MEt7kZ5yk2O/C/L -YKm3qtzKZfEJtIB33xZUQKSBlc+MQUTRzzOB22L9p6cXLZiHfcxU6S6klohAGM66 -sn+NdtSMIdOYoFUGgbf1gpfrVYQ+77E6BGzHkCt8jnLmxDELrer24fZeegyB08su -5c+/7P/H/F9zZS4MHkfvg5Zk9XOE3HA8omavBguAmXhfgRnBo8ZDTlJLT2lyHAu4 -fOGtQY8dFW8vxTJ8P9EblWQ0+qTrkMndDsEVF2Am/BMJGF269RGYXpBJD941Xctw -y2edNd5u55jHyFvUJV3UMJotux8NLxJ9PXMd9s1DKRVxOzBXpEtKKuTssi78h+N8 -dSV+OFCdMroGKVqY4Aca+q+sEA7ZyOMsVE7b+Sz9djk ---- 9mFY3pDvEQI6l8LsBvHyq/UTo711RqFpXB9mhHQZ4/4 -.'?O"vsb䤄|.CUm'RT ?oZD~!+ǰp \ No newline at end of file +-> ssh-rsa SjbrYA +ZBnK3Lx1E3gdPMMHSrH8tjXQZNSZDIsxZe/BR1jkEgKSynlkbYc8okcUu2t5E6kl +rwgyNgCiv+gLDKQM18EqSXQRU/vjciSEE0IGPMniZz44fp7awqFicALHaeq0XRG6 +GgU1iQQHVqZUhkdHCf+GLUoYxTOOVHk8ZOxRX2DrUuE1viOHBMfwqbBQfEnx4/gK +vUVaFjMj2weTW1kjGfZkwm2VqIoAPfNZXoq/szQAtE3dkNfb0bfxWd0QFfnBK2hg +tfMIuWjvh/ywnm+p7L+EzkC2x8N3xYqoQoWhGwvBD7euCppyWJ5pKxLGhtqdyxRd +S2Dx6Dt3GNTKwJZzl/UETGfEIfbQmCLW9qJOjU5XKZoG+EtRWkGv8EEpwwmmP6rH +OmkH/Kv5TagucF04sTmKWZXxQNvR/t7/SvHPoC0Kln32ePXQSo86g5kmtGPBEQdi +jYg+9UCE52uGyjp8YbWbE7LBdrITlgKx85fygmHiLYsT3ovwRmteAFWEa5aqjoqn +7mm3CNd13ACpMfL/tlGPVcJsElApFQC3uCbvIWXyRjuin/3TtafHTTSwOWyVSN1R +5/TXcFbjZrvT0NvjLheuBE7lP5vKPc7vhev5+2tyQr78leeQOpdUpJbOMlRDlJ0z +CqHfxPsemHUULClr4A8ZqdGu80WW075yYXHnQb/hSLw +--- 8jUF+CxushW0CgeiKcVPiDU2phPh+fh9wL8D1zFI/eo +daZRX }9w>d4wsUVZ0/2 \ No newline at end of file diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index c8ee9b8..86dfd54 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -1,5 +1,10 @@ let + #host = builtins.readFile /etc/ssh/ssh_host_ed25519_key.pub; + virgil = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBO53bnR6q2BHO+LKPEpaZBTpVLsX0YkFlt67aq9VxHj"; + kittykat = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf7NDr7NmzGzpwHaqVdcdC0CgEI5p+SLoq3gXLD3q3y1iaMQk71YO8PpPoDi4uepqZvPZFNbprI6JRbOjlli7+WMMfXu7ra5+dikBxzkedTikSuc4Bes3Z4J+rSE5X290o+dDL4z+LZ8sKDTKYiGCQQ9ETc6sX+5DjcgQfPiLPk/dxY76obD7w8t8cFxGzCOOWnQKwX7moBdIPSMLOb/HdMG3E5pwadgZlwmhJ3atKt5cDxsPYa9QKfqN3bccRR99Zk5Ry8UucPHBpm/QBui62j9pDLlFGjSq0zybtpqq72CvP9LRxgwWhGXt0WmeHD6/fuyGANR+8YfpA8u6x5CQ9"; tulg = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand"; in { - "secret1.age".publicKeys = [tulg]; + "secret1.age".publicKeys = [virgil kittykat tulg]; + + "rclone.age".publicKeys = [virgil kittykat tulg]; }