diff --git a/flake.nix b/flake.nix index 85fe2f4..380de29 100644 --- a/flake.nix +++ b/flake.nix @@ -68,6 +68,7 @@ home-manager.nixosModules.home-manager inputs.disko.nixosModules.disko stylix.nixosModules.stylix + agenix.nixosModules.default ./modules/home-manager/stylix.nix { home-manager = { @@ -92,6 +93,7 @@ home-manager.nixosModules.home-manager inputs.disko.nixosModules.disko stylix.nixosModules.stylix + agenix.nixosModules.default ./modules/home-manager/stylix.nix { home-manager = { @@ -115,6 +117,7 @@ ./hosts/beatrice/configuration.nix home-manager.nixosModules.home-manager inputs.disko.nixosModules.disko + agenix.nixosModules.default stylix.nixosModules.stylix ./modules/home-manager/stylix.nix { diff --git a/hosts/virgil/configuration.nix b/hosts/virgil/configuration.nix index 4e5f599..f91a3c3 100644 --- a/hosts/virgil/configuration.nix +++ b/hosts/virgil/configuration.nix @@ -8,6 +8,7 @@ ./disko.nix ./hardware-configuration.nix ./vfio.nix + ./secrets.nix ../../modules/nixos/networking/default.nix ../../modules/nixos/virtualization/default.nix ../../modules/nixos/common.nix @@ -21,10 +22,6 @@ xwayland.enable = true; }; - environment.systemPackages = with pkgs; [ - protonup-ng - ]; - boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "virgil"; diff --git a/hosts/virgil/hardware-configuration.nix b/hosts/virgil/hardware-configuration.nix index 13b326b..e98cde2 100644 --- a/hosts/virgil/hardware-configuration.nix +++ b/hosts/virgil/hardware-configuration.nix @@ -77,6 +77,19 @@ "noatime" ]; }; + fileSystems."/mnt/rclone" = { + device = "virgilbackups:"; + fsType = "rclone"; + options = [ + "nodev" + "nofail" + "allow_other" + "args2env" + "config=/home/tulg/.config/rclone.conf" + "x-systemd.automount" + "x-systemd.idle-timeout=60" + ]; + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/hosts/virgil/secrets.nix b/hosts/virgil/secrets.nix new file mode 100644 index 0000000..81889ca --- /dev/null +++ b/hosts/virgil/secrets.nix @@ -0,0 +1,11 @@ +{ + age = { + secrets = { + rclone = { + file = ../../modules/secrets/rclone.age; + owner = "tulg"; + path = "/home/tulg/.config/rclone.conf"; + }; + }; + }; +} diff --git a/modules/home-manager/stylix.nix b/modules/home-manager/stylix.nix index 29873c4..42f2295 100644 --- a/modules/home-manager/stylix.nix +++ b/modules/home-manager/stylix.nix @@ -14,7 +14,6 @@ nerd-fonts.jetbrains-mono nerd-fonts.iosevka ]; - stylix = { enable = true; diff --git a/modules/nixos/common.nix b/modules/nixos/common.nix index 30dac87..3c2a99b 100644 --- a/modules/nixos/common.nix +++ b/modules/nixos/common.nix @@ -11,6 +11,7 @@ qdirstat moonlight-qt amdgpu_top + rclone ]; nixpkgs.config.allowUnfree = true; nix.settings.experimental-features = ["nix-command" "flakes"]; diff --git a/modules/secrets/rclone.age b/modules/secrets/rclone.age new file mode 100644 index 0000000..5f19eae --- /dev/null +++ b/modules/secrets/rclone.age @@ -0,0 +1,25 @@ +age-encryption.org/v1 +-> ssh-ed25519 IVY22Q xHJM3cCir4ODwnj9mUmUxPXM2z3TuUM91tcJ/3i/Jjc +LjU+n5fXTK+mU967M1430ZNOX1ticPd36a8eLxMIbYI +-> ssh-rsa e5531A +N6epPpeNUE2++sLSvanavdKJ3KOj8u7Yz097V91QAyEixryH3RnYZzNNwlMwj1wp +4arPl7QPD1T9JO7C5kO3SfYAjsn0KcdFg+wy0orQNVdG6mOGs8NyB9cPgHQV/a3P +wSy5ZABQn9fbrX/J3RE/3jFFkB4jxajbnUvod5vC1sRB81kxKphjYqux1n61k77g +brT1D9xQp5Llsp8jLfc1DOHnPfLfHqSeAE+E7ZWlpMjCbeAOfNDGP399fCnJyzao +ZXcbpDclfqtnMoRojF3qxKJUVBFhXeenF4r/hvqn0oEiHVS5fg7CNq0P0Ja+1dNB +yAQieWkLhsoHTyPKvKgbyg +-> ssh-rsa zhyJXA +xyKQLnbTmrN0/RuALFp0NbuVRGbccb5bjpXcfCds0xzguFCgmzBUK4gy7Yt8JKJp +fCVs85akrMhVsyLuIcZWKOOUalTf9XXGiIpzu0nHZb+q4yWyFLxAQgcMMWlMUmPv +FhJEshYpmayi151fKrFsskm6BVJaislEr9vhYjIX+SmAoFarJoVHqWtk5ZFFLnDI +Ch3LDO56weCDWTkRSbkh95jMV/ZXN9eIvCLvKUk+OW/o+loOIj2/xDKwNN1k1RDT +d7UdwEzdiy3WZ8t8oQWRzWA504vaxcLGLvu1u+5Y9+bbDi8R5tu9Kk8fE9icI2Vt +ilMEhyj60Im/bUjhS6MQ7FvzlMdG7WMVxQ2teMsBYmTA4Frxd5oOJ/7fxLp2/qXI +ZS/zjIYu0d3D3VrcCDQRSqHMeHiVO8fc0GlJ6AqeqoRxgHUgas7ppFDo6egy1qn8 +FEW92oBtRM1elpnNRsaj211M3HI3Dz11fy5AgthrF1v3RkuLW8GpnbeeKRpbBUs/ +j1jvsb9CYNeOw4NETCRDxcVzWaHNItpvZKjgTCGxObFEYe6o8zZV4J+qRT1ztmor +rkJPlDMmhMVVLuj4r77fx3tHzGncjz5lPG63oapWw+/o1McqqT/mhFOX1SsAaUEe +O0oZK3vlEnoT4k1EpAQ6HuGzkM1D3roLKe/g1HLGSb4 +--- H5k54i7k0OkL/9oNNcvAoMgJhLiw5axODX6UrtX2IuA +=ÖÀ+áÐ5\¼Ã+¬•–Á<ÞTyzËñ3˜C¥ù÷%ý¡Wh=cºªfé˜h™t§/ÐZ*«ü­´Væ0`]ø}Î’ßK»#bjíš½®1é=LôhG<öž}–®ÏÚÙÂ7ž-¾Só* ·zPéŸá´Ó +>¢^RcQãJpOQ„™ \ No newline at end of file diff --git a/modules/secrets/secret1.age b/modules/secrets/secret1.age new file mode 100644 index 0000000..33ffbaf --- /dev/null +++ b/modules/secrets/secret1.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> ssh-rsa SjbrYA +ZBnK3Lx1E3gdPMMHSrH8tjXQZNSZDIsxZe/BR1jkEgKSynlkbYc8okcUu2t5E6kl +rwgyNgCiv+gLDKQM18EqSXQRU/vjciSEE0IGPMniZz44fp7awqFicALHaeq0XRG6 +GgU1iQQHVqZUhkdHCf+GLUoYxTOOVHk8ZOxRX2DrUuE1viOHBMfwqbBQfEnx4/gK +vUVaFjMj2weTW1kjGfZkwm2VqIoAPfNZXoq/szQAtE3dkNfb0bfxWd0QFfnBK2hg +tfMIuWjvh/ywnm+p7L+EzkC2x8N3xYqoQoWhGwvBD7euCppyWJ5pKxLGhtqdyxRd +S2Dx6Dt3GNTKwJZzl/UETGfEIfbQmCLW9qJOjU5XKZoG+EtRWkGv8EEpwwmmP6rH +OmkH/Kv5TagucF04sTmKWZXxQNvR/t7/SvHPoC0Kln32ePXQSo86g5kmtGPBEQdi +jYg+9UCE52uGyjp8YbWbE7LBdrITlgKx85fygmHiLYsT3ovwRmteAFWEa5aqjoqn +7mm3CNd13ACpMfL/tlGPVcJsElApFQC3uCbvIWXyRjuin/3TtafHTTSwOWyVSN1R +5/TXcFbjZrvT0NvjLheuBE7lP5vKPc7vhev5+2tyQr78leeQOpdUpJbOMlRDlJ0z +CqHfxPsemHUULClr4A8ZqdGu80WW075yYXHnQb/hSLw +--- 8jUF+CxushW0CgeiKcVPiDU2phPh+fh9wL8D1zFI/eo +ê€Õda„ûÝçüZâƒR‡XÍã }¥9ÿw>dÁ4wðÆsïÇUäóVZ0ª/‡2ý \ No newline at end of file diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix new file mode 100644 index 0000000..86dfd54 --- /dev/null +++ b/modules/secrets/secrets.nix @@ -0,0 +1,10 @@ +let + #host = builtins.readFile /etc/ssh/ssh_host_ed25519_key.pub; + virgil = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBO53bnR6q2BHO+LKPEpaZBTpVLsX0YkFlt67aq9VxHj"; + kittykat = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf7NDr7NmzGzpwHaqVdcdC0CgEI5p+SLoq3gXLD3q3y1iaMQk71YO8PpPoDi4uepqZvPZFNbprI6JRbOjlli7+WMMfXu7ra5+dikBxzkedTikSuc4Bes3Z4J+rSE5X290o+dDL4z+LZ8sKDTKYiGCQQ9ETc6sX+5DjcgQfPiLPk/dxY76obD7w8t8cFxGzCOOWnQKwX7moBdIPSMLOb/HdMG3E5pwadgZlwmhJ3atKt5cDxsPYa9QKfqN3bccRR99Zk5Ry8UucPHBpm/QBui62j9pDLlFGjSq0zybtpqq72CvP9LRxgwWhGXt0WmeHD6/fuyGANR+8YfpA8u6x5CQ9"; + tulg = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand"; +in { + "secret1.age".publicKeys = [virgil kittykat tulg]; + + "rclone.age".publicKeys = [virgil kittykat tulg]; +}