From c9e0dd11489ab6ec2a9040f8403aff90fb12d012 Mon Sep 17 00:00:00 2001 From: xqtc Date: Fri, 8 Nov 2024 18:54:49 +0100 Subject: [PATCH] some hacking --- .sops.yaml | 2 + flake.lock | 19 +++++---- flake.nix | 1 + home/modules/nixvim.nix | 1 - hosts/x86_64-linux/yosai/default.nix | 5 +++ secrets.yaml | 59 ++++++++++++++++------------ 6 files changed, 51 insertions(+), 36 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index f0f8c30..2d580dd 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -6,6 +6,7 @@ keys: - &beleth age1xf86ak2hu5efux42au4x7wlxqpxqpuld7kd6nnr2qzhl662wy3vq940d4p - &lilith age13704a3s08stwndvduk2qsqmkg703utsn96ak3gzexggvrdx3cpxsrlx92n - &alastor age1cjglrl2qg7ursfradsspat4gz50pqgdj2dcjqngwx5rrf7el83mqj5vf4h + - &yosai age182mmgwl4w0qffsvjx0v200g3hp5xu478zrkcfvadzhz6u5aqmuvsswmr6z creation_rules: - path_regex: secrets.yaml$ @@ -16,3 +17,4 @@ creation_rules: - *beleth - *lilith - *alastor + - *yosai diff --git a/flake.lock b/flake.lock index 2cf9189..e3af3ff 100644 --- a/flake.lock +++ b/flake.lock @@ -106,7 +106,6 @@ "locked": { "lastModified": 1712250545, "narHash": "sha256-HfJfLMciW1Xmu6rQDDNAHCWWvAJDXS3F8eBvYRIygB8=", - "ref": "refs/heads/main", "rev": "577d8da6d17dad5f847795582ebf813f3c5c04a7", "revCount": 1159, "type": "git", @@ -125,11 +124,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1730952203, - "narHash": "sha256-iLs5wy7AyF7+vhnRyWZuQQRl1oX0YNF/yCS/nFxFr9Q=", + "lastModified": 1731038603, + "narHash": "sha256-4eJQfKZnMwy7Y2bFHqw/mpZjsPWrXfITmgTLPGmfl/w=", "owner": "rycee", "repo": "nur-expressions", - "rev": "045b65b4a6812498a04df7704cbf1550bdf125ae", + "rev": "674763b3eb6f0bdfa1f987984711bd3f33efc7bf", "type": "gitlab" }, "original": { @@ -638,11 +637,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1731021573, - "narHash": "sha256-+mkGFp2FrO/HA4YO2ZnDVGOMsAKoDs67CmF7SVi7E5E=", + "lastModified": 1731063671, + "narHash": "sha256-G9isy07QuQNW3omD6MNzz6RyrwvCRffUvad+X6Nwzx4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "68ed257875da2037398cc7bcf3071ee1494c52ee", + "rev": "6011527ff3414becb450a595b23273bc2fab1e32", "type": "github" }, "original": { @@ -936,11 +935,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1731008979, - "narHash": "sha256-yN1NxvmqV8UltLkqYBWTeZNgpD/eyh/7LM58caHiEfE=", + "lastModified": 1731047660, + "narHash": "sha256-iyp51lPWEQz4c5VH9bVbAuBcFP4crETU2QJYh5V0NYA=", "owner": "Mic92", "repo": "sops-nix", - "rev": "fe63071416471abdab06caa234122932a7c4b980", + "rev": "60e1bce1999f126e3b16ef45f89f72f0c3f8d16f", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index de7837c..3e8db58 100644 --- a/flake.nix +++ b/flake.nix @@ -39,6 +39,7 @@ }; firefox-addons.url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + #nixpkgs-nixvim.url = "github:NixOS/nixpkgs/fbd188864020b9a1226d35b9df1fe465e1f378c1"; nixvim = { url = "github:nix-community/nixvim"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/home/modules/nixvim.nix b/home/modules/nixvim.nix index 7b6e399..83f3435 100644 --- a/home/modules/nixvim.nix +++ b/home/modules/nixvim.nix @@ -13,7 +13,6 @@ opts = { colorcolumn = "80"; }; - # extraPlugins = with pkgs.vimPlugins; [headlines-nvim]; extraPlugins = with pkgs.vimPlugins; [ aerial-nvim ]; diff --git a/hosts/x86_64-linux/yosai/default.nix b/hosts/x86_64-linux/yosai/default.nix index f1e62da..d265719 100644 --- a/hosts/x86_64-linux/yosai/default.nix +++ b/hosts/x86_64-linux/yosai/default.nix @@ -34,6 +34,11 @@ programs.dconf.enable = true; + security.pam.services.swaylock = {}; + + services.udev.packages = [pkgs.yubikey-personalization]; + services.pcscd.enable = true; + networking.hostName = "yosai"; # Define your hostname. # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. diff --git a/secrets.yaml b/secrets.yaml index 9b8b1d8..d9ef6fb 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -19,47 +19,56 @@ sops: - recipient: age1jmqdy4ntgmunnh485qcvxg9yvc2rcvrwf8nq0jg8n4c5al7sza2qq3c80d enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBidmh4azUxcDNIVlZIelF0 - dVYyWWluZThjOUVyWWp1WERWVmRPSzJVT2gwClBTVlArb0lUVXk4MWdXM0pKYU1B - ZklqWHFsMGVnYTNmaFJFOVk1ZU02emMKLS0tIDJFODZXcXpzc0daSVdMblEyNjJn - d1BHQW5HVi92VWtMZGM5SDJvRi9LY0kK2B1mQt5c/WJpCGH01PIKdt4oZKsbwG3F - P6J/Cghl5qFn6uCS2NFvFRGvPLZ/TvoREWdI5kznpLKQkYkQ+mTiOQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVGlqQVBIWkZHZlBHbjUw + L3JaSk5odVg5eWZPK2NSSkdIaXM3NjdPWlV3CkhxcmNsMm1JWnNsczVmMUxKRDhM + cVNIQTMwd0ErdFZ0Ykp6QXhTREtFeG8KLS0tIE52K21WakRpOTBjRVJtd2lIajl4 + bVNjVGMyWGYwOHp6ZkJkdlhmRDAyQXMKOjhJyV7vL7Lyh9WlGpCOxQHDKtkDAhZx + FtEQti4Ch70fqiCdVtBPKkT5/6IVcxrsZtit+OJcsnvMWSGLhQCuOQ== -----END AGE ENCRYPTED FILE----- - recipient: age1lznc3dadzpc7vllpvnpdf8samadleep7sxfg0dnpzwl0nngzdv7suu73rh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQZXg0STZIbVFEZ2hpM2lB - VmRaaEJ0ZmNOV1NkdE9MQWhBTCtzSTJBZkE4CkZwazgzdWNETmF0V2s1c1c4djFR - TkZ5T1dKdnZWSmZBSHprRXhDOVp0cEEKLS0tIEFVQ05MSXRYU2J0U2ZPcUJYcjky - VU0wZlJCam9TcDF3bzg4RHFmM2R1WTgK3LaiOOTl+MoqGvbm7Q4Dmw22//qlAyHC - y0cclA26+HXUq+RhyE8FS/O7fRENufUqIKTurjioxhikfRYg7dWEtA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXT0JjRm16M1lJWFBhZ3Bs + RkVkcHJuQmVic0E2UmhnNHFEYzVMWnBQMFYwCmoxQXM0MlV6VysrQTVLVWZZRjQ3 + alRjYlBmTkFpaWo4OGtVeVdRTWdVSXcKLS0tIGFxR0ZNSjdSU0FtaDYvN1I3Vlg4 + N0xSQU50NUtQY2hPeDJyS1VGOHYzOTgKxhAcU1ivpPZooB4KQ5fKE4qTCdkF5sez + HKm2ooNGClmsw4hBrVFjV6+YXwSOTZC9HzjuTNZEbCqhrezS8KKsMA== -----END AGE ENCRYPTED FILE----- - recipient: age1xf86ak2hu5efux42au4x7wlxqpxqpuld7kd6nnr2qzhl662wy3vq940d4p enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3UU5HNi8zTXB0S3NYcjFx - S3pXYUdOcWNWVEJPMGNmK2phTm9KZjA3QkZRCkFud3JWOHhJMGpBcm53cU1YczJ1 - UHlMN0ZiemtIQ2xzNXR4V0tOejhvOGsKLS0tIDFmRlNQaVlEbXlCSUU1ZkZ2QkhW - V3dsNWxPV2t1S0V3VXp3eklnbnRYUkUKgRIzCxvJldGFv5SKD2xVEX35ix4UYmlX - 4cB96eg4ro3JITGSG69B4ENQkA5jqdTXHRZRXTff9aqeMphJvHgCAQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyRDg4Qi83VUp5WnlVYTl0 + UWVGTnZhOVZqcHJzdDRrdzFlNlIzWlVXZHl3ClBFUFgwK1UyQUdTZVMwTlMrSFZC + VmFrOThLVEJqNVV5aU5yKzhkMmRNREkKLS0tIHREL0d4Yk5ZUkN3MlQvdkdYa2ZE + VlZwY2YyT2MxSGQyaVVTYXdXdDN2WU0KSx3EV/IGylQmbfBKv3lVDbgqho4n/yqh + oaKmjI/mL4x8ckDLQ7GxnH8XwEuGaZS3cSUO/OUjk4UgFC6FY1dPzg== -----END AGE ENCRYPTED FILE----- - recipient: age13704a3s08stwndvduk2qsqmkg703utsn96ak3gzexggvrdx3cpxsrlx92n enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxbmg2VnQ5ckdBa0F4RkZC - VEp5S1BLR1FVRUJmbmFUUHNhWWFkMXpzelNVCm5aNFN2Z2hWdk5FTEdzQWw3V0VU - K29Bc0IwaGlrSjA4WmpmSWNUN01XakUKLS0tIHF3MEs2SkxtTmdZOTJMQjh3OGJs - dSs3WEkvb3UrQVlndmtnVGszQml4cTgKgrjhyskecDjNvvfy+Qi/nahvYEEkFVoz - UGsxH/JNVXY2VUh1JI3x2qdCRrbTz8iSvLdbnGdB09Upoj9AboPkHA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1OTBVVzN3V2VEU245SS9O + WTZGanNDSUVsM3VqYUZVc2Z4ZmZXS2xsVVJBCkhKY0RNS1IvYWRFdS8zZFpyWEJZ + dit0TXRqb01xVmFLQ21JMm1oT0haY2MKLS0tIGpYY09JZkorc0VJemVXcFVvZitx + QUNhU0FPU2xvTC95dk9aVkNPNDdNelEK/nPBxNdWWwhOVMjKS/IxLuGXBdRVJcAg + VRGpNqDFjpmf7IMGEmGvH77NPGbg89DTuOg6xnNEDkbc522k4vuIVw== -----END AGE ENCRYPTED FILE----- - recipient: age1cjglrl2qg7ursfradsspat4gz50pqgdj2dcjqngwx5rrf7el83mqj5vf4h enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBNjJ2aXgwOUtpVzFwU1la - N09kblN1WHZIYi9FaXVzY1VCRTJmdkVZWDFzClJFM3c4R0kzYU1GWmpyR0Eyalgw - VVl6NTNJZzJkdm5uR3NGcGh0Qm1KV1UKLS0tIDBUL0VDNUswc2t0T2dyZHNSellV - a2ZHZmQ0dEVMZFlJRENmU2lGejFuMzAKOO3kTP/VWRYn5CrwPyjUIGS7kjxPvNYZ - HMt+cCG9FYeJdqPpHWiM0TeHYUG0h7XlltIMg7KhE4Qj/GARegmuZQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeE9RMndsc1BZeG5OUHZE + ZkJ2eTlIS0s1TExub1dOV1BUSHFONFViVmd3CjR6d015M2Mra25LQTEwOVRjQTF4 + MGVEdTZXMzNOZXFHaTdXR2c3NTluWk0KLS0tIFg2MW10UW05Wm1iQUdsWVB1cGZr + c1NmQzVtRmtQMy85TURoMkQ5QUN6VDQKe3TxnxA/aMqml/9Dt38J/ThhLdPJFObR + wE4UITAKmeelt3tAIl5Da+jZp1dSCYIulwDla280KXgmJg3rJbHKxQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age182mmgwl4w0qffsvjx0v200g3hp5xu478zrkcfvadzhz6u5aqmuvsswmr6z + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2RGtGeEpBYkthVFcvcDBO + Slhob1R3c0pabVVsT1dTL3A1T0hQSjZpV1IwCms1YXI4c0xlOXBQME9pTTZZZHpI + eTA3dDBGWnMxT01qamhOS2o4U2VhZGMKLS0tIE1kMTNRUmdOdjI4ZElRK3pzdkpO + VGtmR3doRnppdVVXMVhsZXpQZWZISlkKSS7vbqi2XCewPlYNTpkHiJmoL9vOKH6y + uO0HiakJeBuxji7v40hyBtTYsdJcm/TtCZeGk/NwGW8GBGe3LCd29g== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-11-02T00:28:02Z" mac: ENC[AES256_GCM,data:RUNKE1JPIOO+LTOXWSIPTBl7/lJBcjjwl1GtVB4NOBMkdVOCVZlAm/HNqm8Wwupv8J5MFaf7DBjpJXu0COWOZ+/GEoVI4cuvsUeyYClOONdY90+9ymbKoxdYue7CM6WjKuCGDDYDpthPvAaxeWOKs4bRTyJqU5f05S/d++0hJZE=,iv:wMksKbpnnX4ET2CZ4YkmRv9g8NBaSydq+H3XpK08OOw=,tag:P+/N77yYr9SBByu5YbZeWw==,type:str]