nyancat/flake
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

hosts: add dust

Browse source
This commit is contained in:
Guanran Wang 2024-07-24 00:14:27 +08:00
parent 5534ce1f48
commit dc166488f0
Signed by: nyancat
GPG key ID: 91F97D9ED12639CF
16 changed files with 624 additions and 61 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.sops.yaml
View file

@ -6,6 +6,7 @@ keys:
# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age' # nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
- &aristotle age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp - &aristotle age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp
- &blacksteel age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk - &blacksteel age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk
- &dust age193x79xx8snu82w3t3hax6nruuw57g7pduwnkpvzkzmd7fs5jvfrquqa3sl
- &lightsail-tokyo age1vw4kf5v8cfnhfhvl0eyvqzpvy9hpfv9enffvzyt95tx5mu7s5dxqjqw0fa - &lightsail-tokyo age1vw4kf5v8cfnhfhvl0eyvqzpvy9hpfv9enffvzyt95tx5mu7s5dxqjqw0fa
creation_rules: creation_rules:
- path_regex: hosts/blacksteel/secrets.yaml$ - path_regex: hosts/blacksteel/secrets.yaml$
@ -24,16 +25,19 @@ creation_rules:
- *guanranwang - *guanranwang
- *aristotle - *aristotle
- *blacksteel - *blacksteel
- *dust
- path_regex: nixos/profiles/opt-in/wireless/secrets.yaml$ - path_regex: nixos/profiles/opt-in/wireless/secrets.yaml$
key_groups: key_groups:
- age: - age:
- *guanranwang - *guanranwang
- *aristotle - *aristotle
- *blacksteel - *blacksteel
- *dust
- path_regex: secrets.yaml$ - path_regex: secrets.yaml$
key_groups: key_groups:
- age: - age:
- *guanranwang - *guanranwang
- *aristotle - *aristotle
- *blacksteel - *blacksteel
- *dust
- *lightsail-tokyo - *lightsail-tokyo

11
flake.lock
View file

@ -324,15 +324,16 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1721413321, "lastModified": 1721750544,
"narHash": "sha256-0GdiQScDceUrVGbxYpV819LHesK3szHOhJ09e6sgES4=", "narHash": "sha256-u0aiWIcd95vRQdGjia3X5V6tP618r68gbvjuaIwUBgw=",
"owner": "NixOS", "owner": "Guanran928",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "ab165a8a6cd12781d76fe9cbccb9e975d0fb634f", "rev": "d24b6083f8101c3b91d6327c06e5bb24f50f18ba",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "Guanran928",
"ref": "lenovo-thinkpad-x1-12th-gen",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"type": "github" "type": "github"
} }

3
flake.nix
View file

@ -52,7 +52,7 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixos-hardware = { nixos-hardware = {
url = "github:NixOS/nixos-hardware"; url = "github:Guanran928/nixos-hardware/lenovo-thinkpad-x1-12th-gen";
}; };
nixos-sensible = { nixos-sensible = {
url = "github:Guanran928/nixos-sensible"; url = "github:Guanran928/nixos-sensible";
@ -188,6 +188,7 @@
nixosConfigurations = { nixosConfigurations = {
"aristotle" = mkNixOS "x86_64-linux" [./hosts/aristotle]; "aristotle" = mkNixOS "x86_64-linux" [./hosts/aristotle];
"blacksteel" = mkNixOS "x86_64-linux" [./hosts/blacksteel]; "blacksteel" = mkNixOS "x86_64-linux" [./hosts/blacksteel];
"dust" = mkNixOS "x86_64-linux" [./hosts/dust];
}; };
### Darwin ### Darwin

10
hosts/aristotle/disko.nix
View file

@ -25,11 +25,11 @@ in {
mountOptions = ["defaults" "umask=007"]; mountOptions = ["defaults" "umask=007"];
}; };
}; };
"cryptedroot" = { "cryptroot" = {
end = "-16G"; end = "-16G";
content = { content = {
type = "luks"; type = "luks";
name = "cryptedroot"; name = "cryptroot";
settings = cryptSettings; settings = cryptSettings;
content = { content = {
type = "btrfs"; type = "btrfs";
@ -46,11 +46,11 @@ in {
}; };
}; };
}; };
"cryptedswap" = { "cryptswap" = {
end = "-16G"; size = "100%";
content = { content = {
type = "luks"; type = "luks";
name = "cryptedswap"; name = "cryptswap";
settings = cryptSettings; settings = cryptSettings;
content = { content = {
type = "swap"; type = "swap";

33
hosts/dust/anti-feature.nix Normal file
View file

@ -0,0 +1,33 @@
{lib, ...}: {
nixpkgs.config = {
allowAliases = false;
allowNonSource = false;
allowNonSourcePredicate = pkg:
lib.elem (lib.getName pkg) [
"adoptopenjdk-hotspot-bin"
"cargo-bootstrap"
"cef-binary"
"dart"
"osu-lazer-bin"
"rustc-bootstrap"
"rustc-bootstrap-wrapper"
"sof-firmware"
"temurin-bin"
];
allowUnfree = false;
allowUnfreePredicate = pkg:
lib.elem (lib.getName pkg) [
"fcitx5-pinyin-minecraft"
"fcitx5-pinyin-moegirl"
"libXNVCtrl"
"nvidia-x11"
"osu-lazer-bin"
"steam"
"steam-original"
"steam-run"
"xow_dongle-firmware"
];
};
}

170
hosts/dust/default.nix Normal file
View file

@ -0,0 +1,170 @@
{
lib,
pkgs,
...
}: {
imports = [
../../nixos/profiles/opt-in/mihomo
../../nixos/profiles/opt-in/wireless
./anti-feature.nix
./disko.nix
./hardware-configuration.nix
./impermanence.nix
./lanzaboote.nix
];
networking.hostName = "dust";
time.timeZone = "Asia/Shanghai";
system.stateVersion = "23.11";
home-manager.users.guanranwang = import ./home;
services.tailscale = {
enable = true;
openFirewall = true;
};
environment.systemPackages = with pkgs; [
yubikey-manager
localsend
];
networking.firewall.allowedTCPPorts = [53317];
networking.firewall.allowedUDPPorts = [53317];
programs.adb.enable = true;
programs.seahorse.enable = true;
programs.steam.enable = true;
programs.kdeconnect = {
enable = true;
package = pkgs.valent;
};
services.power-profiles-daemon.enable = true;
services.gvfs.enable = true;
services.gnome = {
gnome-keyring.enable = true;
gnome-online-accounts.enable = true;
sushi.enable = true;
};
# https://wiki.archlinux.org/title/Gamepad#Connect_Xbox_Wireless_Controller_with_Bluetooth
hardware.xone.enable = true; # via wired or wireless dongle
hardware.xpadneo.enable = true; # via Bluetooth
# yubikey
services.pcscd.enable = true;
services.udev.packages = [pkgs.yubikey-personalization];
fonts = {
enableDefaultPackages = false;
packages = with pkgs; [
(nerdfonts.override {
fonts = ["NerdFontsSymbolsOnly"];
})
(inter.overrideAttrs {
installPhase = ''
runHook preInstall
install -Dm644 -t $out/share/fonts/truetype/ InterVariable*.ttf
runHook postInstall
'';
})
(jetbrains-mono.overrideAttrs {
installPhase = ''
runHook preInstall
install -Dm644 -t $out/share/fonts/truetype/ fonts/variable/*.ttf
runHook postInstall
'';
})
(source-sans.overrideAttrs {
installPhase = ''
runHook preInstall
install -Dm444 VF/*.otf -t $out/share/fonts/variable
runHook postInstall
'';
})
(source-serif.overrideAttrs {
installPhase = ''
runHook preInstall
install -Dm444 VAR/*.otf -t $out/share/fonts/variable
runHook postInstall
'';
})
source-han-sans-vf-otf
source-han-serif-vf-otf
noto-fonts-color-emoji
];
fontconfig.defaultFonts = {
emoji = [
"Noto Color Emoji"
];
# Append emoji font for Qt apps, they might use the monochrome emoji
monospace = [
"JetBrains Mono"
"Source Han Sans SC VF"
"Symbols Nerd Font"
"Noto Color Emoji"
];
sansSerif = [
"Inter Variable"
"Source Han Sans SC VF"
"Noto Color Emoji"
];
serif = [
"Source Serif 4 Variable"
"Source Han Serif SC VF"
"Noto Color Emoji"
];
};
};
console = {
earlySetup = true;
keyMap = "dvorak";
};
services.greetd = {
enable = true;
settings.default_session.command = "${lib.getExe pkgs.greetd.tuigreet} --cmd sway";
};
# polkit
security.polkit.enable = true;
systemd.user.services.polkit-gnome-authentication-agent-1 = {
description = "polkit-gnome-authentication-agent-1";
wantedBy = ["graphical-session.target"];
wants = ["graphical-session.target"];
after = ["graphical-session.target"];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
};
};
security.pam.services.swaylock = {};
xdg.portal = {
enable = true;
xdgOpenUsePortal = true;
wlr.enable = true;
extraPortals = [pkgs.xdg-desktop-portal-gtk];
# https://gitlab.archlinux.org/archlinux/packaging/packages/sway/-/blob/main/sway-portals.conf
config."sway" = {
default = "gtk";
"org.freedesktop.impl.portal.ScreenCast" = "wlr";
"org.freedesktop.impl.portal.Screenshot" = "wlr";
"org.freedesktop.impl.portal.Inhibit" = "none";
};
};
### Removes debounce time
# https://www.reddit.com/r/linux_gaming/comments/ku6gth
environment.etc."libinput/local-overrides.quirks".text = ''
[Never Debounce]
MatchUdevType=mouse
ModelBouncingKeys=1
'';
}

80
hosts/dust/disko.nix Normal file
View file

@ -0,0 +1,80 @@
let
# compress-force: https://t.me/archlinuxcn_group/3054167
mountOptions = ["compress-force=zstd" "noatime"];
cryptSettings = {
allowDiscards = true;
bypassWorkqueues = true;
};
in {
disko.devices = {
disk = {
"one" = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
"esp" = {
size = "2G";
type = "EF00";
priority = -100;
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["defaults" "umask=007"];
};
};
"cryptroot" = {
end = "-16G";
content = {
type = "luks";
name = "cryptroot";
passwordFile = "/tmp/secret.key";
settings = cryptSettings;
content = {
type = "btrfs";
subvolumes = {
"/@nix" = {
mountpoint = "/nix";
inherit mountOptions;
};
"/@persist" = {
mountpoint = "/persist";
inherit mountOptions;
};
};
};
};
};
"cryptswap" = {
size = "100%";
content = {
type = "luks";
name = "cryptswap";
passwordFile = "/tmp/secret.key";
settings = cryptSettings;
content = {
type = "swap";
resumeDevice = true;
};
};
};
};
};
};
};
nodev = {
"/" = {
fsType = "tmpfs";
mountOptions = [
"defaults"
"size=2G"
"mode=755"
"nodev"
"nosuid"
];
};
};
};
}

34
hosts/dust/hardware-configuration.nix Normal file
View file

@ -0,0 +1,34 @@
{inputs, ...}: {
imports = [
inputs.nixpkgs.nixosModules.notDetected
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-12th-gen
];
services.hdapsd.enable = false;
services.thermald.enable = true;
security.rtkit.enable = true;
hardware.pulseaudio.enable = false;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
hardware.bluetooth = {
enable = true;
settings.General.FastConnectable = true;
};
boot.loader.timeout = 0;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
nixpkgs.hostPlatform = "x86_64-linux";
}

62
hosts/dust/home/default.nix Normal file
View file

@ -0,0 +1,62 @@
{
pkgs,
inputs,
...
}: {
imports =
[
./theme.nix
./xdg-mime.nix
]
++ map (n: ../../../home/applications/${n}) [
"fcitx5"
"firefox"
"foot"
"go"
"mpv"
"nautilus"
"nix"
"sway"
"thunderbird"
"ydict"
];
# https://wiki.archlinux.org/title/Fish#Start_X_at_login
programs.fish.loginShellInit = ''
if test -z "$DISPLAY" -a "$XDG_VTNR" = 1
exec sway
end
'';
home.packages =
(with pkgs; [
amberol
dconf-editor
file-roller
fractal
gnome-calculator
hyperfine
loupe
mousai
seahorse
(prismlauncher.override {
glfw = glfw-wayland-minecraft;
gamemodeSupport = false;
})
mumble
osu-lazer-bin
])
++ (with inputs.self.legacyPackages.${pkgs.stdenv.hostPlatform.system}.scripts; [
lofi
]);
home.sessionVariables = {
# https://github.com/ppy/osu-framework/pull/6292
"OSU_SDL3" = "1";
};
programs.mangohud.enable = true;
programs.obs-studio.enable = true;
services.ssh-agent.enable = true;
}

52
hosts/dust/home/theme.nix Normal file
View file

@ -0,0 +1,52 @@
{
pkgs,
config,
lib,
...
}: {
home.pointerCursor = {
name = "Adwaita";
package = pkgs.adwaita-icon-theme;
size = 24;
gtk.enable = true;
};
gtk = {
enable = true;
gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc";
gtk3.bookmarks = [
"file://${config.home.homeDirectory}/Documents/Projects/flake"
];
iconTheme = {
name = "Adwaita";
package = pkgs.adwaita-icon-theme;
};
theme = {
name = "Adwaita-dark";
package = pkgs.gnome-themes-extra;
};
};
dconf.settings = {
"org/gnome/desktop/interface" = {
"color-scheme" = "prefer-dark";
};
# Make GTK listen to fontconfig
"org/gnome/desktop/wm/preferences" = {
"titlebar-font" = "Sans Bold 11";
};
"org/gnome/desktop/interface" = {
"font-name" = "Sans 11";
"document-font-name" = "Sans 11";
"monospace-font-name" = "Monospace 10";
};
};
# ??? this commit broke nautilus's spacing ???
# https://github.com/nix-community/home-manager/commit/e9b9ecef4295a835ab073814f100498716b05a96
xdg.configFile."gtk-4.0/gtk.css".text = lib.mkForce config.gtk.gtk4.extraCss;
}

46
hosts/dust/home/xdg-mime.nix Normal file
View file

@ -0,0 +1,46 @@
{lib, ...}: {
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types
xdg.mimeApps = {
enable = true;
defaultApplications =
{
"inode/directory" = ["org.gnome.Nautilus.desktop"];
}
### Browser
// lib.genAttrs [
"text/html"
"x-scheme-handler/http"
"x-scheme-handler/https"
"x-scheme-handler/about"
"x-scheme-handler/unknown"
] (_n: ["firefox.desktop"])
### Audio player
// lib.genAttrs [
"audio/aac"
"audio/flac"
"audio/mpeg"
"audio/ogg"
"audio/wav"
] (_n: ["io.bassi.Amberol.desktop"])
### Image viewer
// lib.genAttrs [
"image/gif"
"image/jpeg"
"image/png"
"image/webp"
] (_n: ["org.gnome.Loupe.desktop"])
### Video player
// lib.genAttrs [
"video/mp4"
"video/mpeg"
"video/webm"
] (_n: ["mpv.desktop"])
### Code editor
// lib.genAttrs [
"text/css"
"text/html"
"text/javascript"
"text/plain"
] (_n: ["nvim.desktop"]);
};
}

46
hosts/dust/impermanence.nix Normal file
View file

@ -0,0 +1,46 @@
{lib, ...}: {
sops.age.sshKeyPaths = lib.mkForce ["/persist/etc/ssh/ssh_host_ed25519_key"];
fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/log"
"/var/lib"
"/etc/secureboot"
];
files = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
users.guanranwang = {
directories = [
"Desktop"
"Documents"
"Downloads"
"Music"
"Pictures"
"Videos"
#"Public"
#"Templates"
".ssh"
".mozilla/firefox"
".thunderbird"
".cache"
".local/share"
".local/state"
".config/gh"
".config/Mumble"
".config/fcitx5"
".config/obs-studio"
];
files = [
".config/sops/age/keys.txt"
];
};
};
}

7
hosts/dust/lanzaboote.nix Normal file
View file

@ -0,0 +1,7 @@
{pkgs, ...}: {
environment.systemPackages = [pkgs.sbctl];
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
}

39
nixos/profiles/opt-in/mihomo/secrets.yaml
View file

@ -15,29 +15,38 @@ sops:
- recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq - recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTaXJJdVlKb0lpa3pkZ0px YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAra2xDaFE5VW9McnhtOXlT
UGwveFAydHBUMzdXOU5ibHRBNmg1VllUVWxBCkh5SWQrQUhFSFA2NHA2WWhhYXhV Vmg2VnB1YThVSVNnbllRTzJPc25tRmtlMDNjCjU2M0VBSW5FNGhNbmg5V2k2b1ox
bFlteVVCM1M1VlRoakZ1UW1ENmJWM3cKLS0tIDdpZVo0Z2dQQ29DVnVOQU5kWkMy VW0zblJNUGhlTUs3Ukx1YkZWMDI4OVEKLS0tIDg1QzhwamdvU092UUxURWxRcDdx
N2djZElOQUtINXY5bGJKZFROK1VpZWcKMQY/1i3yvoKhDUdkmvQ0boVHzh9vta1Z cmFBcXJ0dTNwZVpoSGViOEp3RzN4ZkUKslf1N5CDAEhsQPeFlLay0rSbgd+4lhM+
hz9WY8aYIMsa0PY71FuBMklOfNtaPKbewx9XXfLDetFLQ7tmWnIzFg== Em9RFBbLadCCEDR+lNiqJjOH7VUdzhjxR/Bca2rp6XR1Rxl9828Rng==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp - recipient: age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmVzFrcWdBNlYvdWRzNVNr YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaeXJyTDRNTU94c2FjS284
T3YyQ3JBakRQcnd2MzMyNnN4Z3h0TkN3S1NvCmdCZnFaeVdFcCtoVzh6OGRnd2o3 eEZkSDRrZWo3MGRCOFJBM1F6TmgweFFud1VBCjIyNDdBRk51ZEpoR2tOSFFYMlVv
cVpxTCtpV1RYRjloUElLek9NcDlrMWsKLS0tIEdtZWVNUXY4VDAzSUxkUGhodjlJ Nm8vV1k4TDRiYXJ5ejlGaUZuYVhRMDQKLS0tIElyaDZPNmRsWDlFSjdyNVFqWERR
UHFlbi9JYTBVYWIyOGZ6SnBZcWo4K1kK9TkNUwrKIywSaXoExUaBb3y4L5Gg+2CT VVFFL2d6Y0ZzUTJuR2lnVHBEUWZKQ28K5WJFk6prLRNjGC/MeMOCihFPcnZhTKcv
0eI/CUL8LuYSSGeGRtypMPklHUQS4qV3UmXbnNSKctdLrNcDRperXg== JCOhFi/gOoADhHvDSjbbWdUevYgRyy46IrUorBGskgGjyzhADxWWpA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk - recipient: age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1MHd3Qjl1ODJzVWlwN3VB YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxQ2RoL0FVNGNJc0JqNTFD
L3ZFdVBPbmRzQUJBbWdiRUtqVzJYeVlHdkZJCit4YzExQ1UweXcrRkpVMEVKQlB3 U3YzbDQyV1d6V29MQ0V5aTlZdTkram1zM3c0CjA4QWdNV3lVTGx1NWZIZ2JWSnZP
NGt0VHE1alFvSkJGKzU5ZzM5akFwUG8KLS0tIGdvNS9ZYWU4TXM2Y1hVbjl2Z3cy NExOWVdkdDJLMjk3bWd2N3Qxc1ZTSVEKLS0tIFFXMWJhRVNoOCtFUm5IZktxOWJT
QStSb1FJb0xUUkV5cjg1Qk5ORDRQMzQKiTUdlCbgRX0zRPURsolB4O0dvxl9+lkn dVpNRFhtaWcwWTc5K2FIdkJIUlc4c2MKjhodQTFM68pEvIrpTOrr47UmtxW6bHGl
0cIBYnVxzSdlDj+TXnTR2zL2cqZg94cNaTz0qWk/kmkmgmqm80hZ7Q== 4df8a+KsHbTyf9JWdVQOeUyNO+LvxWTIbKC2S9PBXLVsGgDp0GM8jQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age193x79xx8snu82w3t3hax6nruuw57g7pduwnkpvzkzmd7fs5jvfrquqa3sl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMdnVPV0pNWDBQUFJDSVRZ
WXBlK3dpdmFZUmNDTkVWcmZ2Q0ZHUUc1VUJFCkszdFBWckltcTZRTVorTlljOGts
UjRrS3lvMmlpaStzTEUreUxUYWV2a2MKLS0tIC9EOUdhZWdJaWg4K1gvYXpnSDVt
UG9TTEV5R0R2bm5lUTAwSWlaelJFcW8KfBuQEVhkYJ74wYUjEcFYXFf9oWSSdkGR
Yu5lpV9UsjaiJxaD1Qp4xtNgMzzLW7q6surQGEReTDBbN1ZCx+S3Aw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-09T22:04:17Z" lastmodified: "2024-07-09T22:04:17Z"
mac: ENC[AES256_GCM,data:iKwYqxBllI8SydCUjyK2cJkcUKVj4CqjmfDSMNJtLwM6IWUoOScV4Pu0YJz0aui5F8nbyC92vdDwsE599GZMTWdCH20MeWEMo7pbkPFxxL1bY5BMCNNE3Tm354nz4ihmBXMB9aI1JRiSareV5yQ1v6lOxzDargDigMrPI/6DRfo=,iv:JRvJQ3YdFZsBstT55xKcCMGJODy42FImugHbwEbpV2I=,tag:go33lpTdouZoFk53g9FXTw==,type:str] mac: ENC[AES256_GCM,data:iKwYqxBllI8SydCUjyK2cJkcUKVj4CqjmfDSMNJtLwM6IWUoOScV4Pu0YJz0aui5F8nbyC92vdDwsE599GZMTWdCH20MeWEMo7pbkPFxxL1bY5BMCNNE3Tm354nz4ihmBXMB9aI1JRiSareV5yQ1v6lOxzDargDigMrPI/6DRfo=,iv:JRvJQ3YdFZsBstT55xKcCMGJODy42FImugHbwEbpV2I=,tag:go33lpTdouZoFk53g9FXTw==,type:str]

39
nixos/profiles/opt-in/wireless/secrets.yaml
View file

@ -10,29 +10,38 @@ sops:
- recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq - recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtSktSV1ByUnF2TGJaMzh3 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDcjYwbmRlU1R2aFplS1JR
a3RoaHptWHF1MjdsUFc5R2pySEFYa1IzQVE0CjZoUkVhaktldDJvL2dmRjdGa1B5 THp6NkZlY1k2YndoNTVZMW11elZYVWdjQkdzCjg0a2kxKzlXeVFWaXBKOHEwNGlU
MEtoUHpoaENNUVRtS3B4aXJQMHNCT2sKLS0tIGd5dEt0RWpkd3ZPVGkvM1JWWUdh RHZVSy9FdjZMNUZJNExnMGhHS0ozR3cKLS0tIDlXY25BSEcyeW1Bd01oSEVqN21s
ZDBtRFJTMlZmUmtlNVc3ZW5oa3V0WGsKcqjqj+oPnGxAzeWpPYSpBBfS9GhN+O4/ S3hTeDBzZm1ydyt0aDRjSDRUYkYvd00KLjKQwdG2+DqxG9HgyK0pseXlBbT9HgBT
Mt9NT1LWfiUDhxz5GYmcLKe1tRNXpGeG02HcY65WgcVd1Y7n4mMJRA== tonVZuTIsY4vIbo2sRS9IHBru0LvGPP/Lu9YGmw8I39EOG1b0IMNSg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp - recipient: age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZnRDOHZ1MWViV0dhS3JO YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2d2FPN0ZiMDZIZ0VkVExR
dmY2N2lyVHUxNmZnMStpcFMwbzMyZXBaaEJZCjZqWk0rOEdnMVNLTVRHMDNzUm5u RERNcE5GN1Z4ZktPZDBXekhYSVM1cWRkbWxZCndOMnhsdHlWcVFMeUtIYkcvbk5W
OFZTV2ZGTFQ5QlQrM3gzNUhQQ2xXMkEKLS0tIGUzeTEwZmYxekQ0cTJrU2Vhb3Zp bHpFQ1RocVR5NWp3VGhmKzRWWDdtMm8KLS0tIDgxZlY3VjVBSmgyaGRXVmozRnM0
M2FjUFFrREphODFQUm1kRlJNOGRpTTQKF7k5/oPjoILtFEf2sO6nnF0Ar6ebTN3r dDBqdnFJUURhdFJVdm5MNDBZL3h0MkkKEQv9tegnMhokwLbFj7NR7iJ2aXjGjuN4
TdXYtTek0sIlSdYfVSxLmhiymz2mKi7TKPcKH6POmp0uuVX8HFEAJg== VIsC/5VMikoVEo/xLeBp8E6qII99WRO+PpK4o4M5Soi+Mc7zpmKjRQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk - recipient: age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6eWIvamwrRGthdzlYRmJm YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMS1REa294Z3NJQTB3U0RB
SjNQTG92TzlvckJCMTM3SytHdUVodVJFYkVJCmRLSjg5TGF4RkZ1WitRNVVrSlNT d241M1Z4TWNGdkJCbzJhRkxiSitEaGlzUWdrCjNHSWZqWHBRRTJ1OG9aTWM5ek40
ZnQ5TnRPTGI5Uk1vaWpvMWh2NHR4NmsKLS0tIFRtbm5Kemo1WVMyMFZ3SDAwdDBn Y3IyWUFON3diYzJZSVNSNlNrZUN1ckkKLS0tIFliNm9iTUhnMTNsdy8rbks0ZWpx
dEN1cEJFZU82bVFRVlVqcTIzckRHQjgKHgRyq4UOcZyiFnK9fq1NLtxRktFCs3V8 Q0xpTGtKTERPc3NvRUxHMDlwcjlkQ2sKK/ZFGqI4r68NL48wK4BR0Ho8MGQoeBQQ
EQhl+CPWTRZTZkttJ5MclGlvTNbiH3Iy9syKns6qvOw75wqtXIdIWQ== yfYZvlzt5iGRswKWB9F6vgGlIdRkOrnOJVq83Wvp2tJWUxzIWbGsQg==
-----END AGE ENCRYPTED FILE-----
- recipient: age193x79xx8snu82w3t3hax6nruuw57g7pduwnkpvzkzmd7fs5jvfrquqa3sl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwMmx0ODNBT3BLRU9Yck1w
Sk8yOTRnSUd6ejJDZmhuNncxcTdtditSd0c0CjFOcll2azdOWjhMRnAyaXdvcVE0
S0dndHFqRXcrbHRaSC9YWkNuNkt0TkkKLS0tIDdMQUFjRmlndWFKMUJZTzI5Wk1M
bnpNdWVlTyt4SWUybUE4YWJNWE9Pd1kKpqBrRvQ82HFT68OuDFzpxPaUSevNgtLs
5K/Q94ySySwvC01PJmyiynWS4fqm8Ve7uXiVLJYbgaJzVL5nExTYpA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-10T08:37:51Z" lastmodified: "2024-07-10T08:37:51Z"
mac: ENC[AES256_GCM,data:M892yzbmOSiDdifD1kRreBR/+JwMneIZjvCXC90osBogFEmUtf9W6M3xeYmbTobgE/chy9O9yn6CVDt9OucU+sT7o2oUpbOHVulJnwstBuUJGQAEwhyolQP5YRiGRxQzdPG6dqLUkKlsi44pm4dNtDLHFPE0j1wA0PD1fhrH4Y0=,iv:P+ne5UD5F62NW0xYndCDEzR0e7qo0COwDY0iNb2bKUo=,tag:uZfOsrZuSMYdY2zqFhqiyw==,type:str] mac: ENC[AES256_GCM,data:M892yzbmOSiDdifD1kRreBR/+JwMneIZjvCXC90osBogFEmUtf9W6M3xeYmbTobgE/chy9O9yn6CVDt9OucU+sT7o2oUpbOHVulJnwstBuUJGQAEwhyolQP5YRiGRxQzdPG6dqLUkKlsi44pm4dNtDLHFPE0j1wA0PD1fhrH4Y0=,iv:P+ne5UD5F62NW0xYndCDEzR0e7qo0COwDY0iNb2bKUo=,tag:uZfOsrZuSMYdY2zqFhqiyw==,type:str]

49
secrets.yaml
View file

@ -9,38 +9,47 @@ sops:
- recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq - recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoRDVuSHNpQzMzb1gxaXB4 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXckNJVXZjSWgvRWZhejBD
aEs5SEpyeFdKMExIYnZMdTdIZi9JbXY2aHlzCmN5Um81VnF3TXpOcW1IbFBnTWY3 S0dIRHVoN1ZOL2Y1Y3JpYTE5UmIxeWxIVkFZCkZJTy9TTWJ1eXYzSXZUcDBhTWho
VHVQTmM3Zm5rOGx1UDhRRnBPZTZpRlEKLS0tIFV1am5VVXJiODdFT0RIQW9wNlVM TkZMZlkyVzQ3QysyRlVIRW1TdS9ISG8KLS0tIHRDdVRJSVhJNmFYS09IWENzdThO
OWhuQmMrT2dId3U1RGtoamZyNElvSzAKqOOQB3oMulmSTFbiJenpucju+djFUY1t WUpvU0RlVWoyeUFxZ1N6YkNBQk5lRUEKnQwSMuIeeYY39HH0+zrU/tU4EMQsTZro
ldHjlbYF9ywbAckqFtYXGcbDDbD5iv8ZvulyhU2d73534rspOXzyWQ== wZpkYCyJ5+OgIN/WocqGIf8A52ctz19/Car3SNr8mTTpQfJj9H/6og==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp - recipient: age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoRitmZ0xSRmNRbTIwdjg2 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZSk90NGNVaXQyVFF6SE9X
aStiQnIzU1AyTzkxdE9UT0laQlkxNzh5RDAwClNDcitIa0FCVUxCRldyL1I4Rit1 SHkweE4rVlQ0QWNUODBjYWkvcE1qV1lQcFRZClMyc0FWV0FYUnIyL214VFFETDJ3
bE9MZjNlaXV6aU5UYjhEVzgrMExHNGcKLS0tIG43bE9CSTFGZG9ZSlhucVc1cWZV MUF0R0ZkSTJOekl0V1g3Y2dRSUx0QXcKLS0tIGlRVklJKzFPM0J1OUthbHFGV0xZ
T3cwdUYyQWhpM04ydTJhOWQ1NHZqTncK6kVvFDpmgT4fEv2NCerIr3y1iIfV9phv V2pSTEE3WjU0NjJSNkF3R2dtZ2hLUGcKOSSpHoST4SomzYPEeFA7rZ87lCniNQqW
fKHhtqeEmaon9Hp1hqBcQzB4+PuxA+AWSZ+wjffGa/aS+RsSt2FYdw== dNoFFUIsH90p4qAdw8BTE8+z75p46aSoBzNqZOxoLlGzH4UPzTFD6Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk - recipient: age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrMlR2WmM5cHl3SHRtZ08x YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYS0dneitmaU96cU5oS09J
SG42bzNQSmlaQXN6RFpxSkpPcDAwbnpDMWhnCm5tZkpocWswYWF4UmYzS1dINkJ0 YXkvb1hKQXJxcEdPSkU4cStHSnFQYWFudjAwCkdHTzlFN2lEbnRWTjhqZUkyT0FP
bExOZWpNNlN0WkNXU29UY05vRFVoNUEKLS0tIGRwaUJFNkoyV2pLeDZOd3FxYnIz Y0JXR2pnY0lmbHFDM3N5cW41RmdaV2cKLS0tIEJ2dVcvQi9GUDA4SnFVdGxGUHgy
eWpqWU12ekl0NWRQV2lIdzRIcmYvVlUKYO7EDTdyLzDjoSgSj7/p/uwjZrw2xWgp T1ViRnM4YXFSOHlsT25SS1U1cFBoZk0KIyUvPy+jmlojgm0yhiRUfWECDRM1E8zP
5474kRLJyPVjejTnnc3K1/za9Cp68tIsk/wC+bGflnXqrReNHyXq3Q== b8JThM2kJ5NjmvEmol8FnIBq/eyR6GyaBs5GTkuuDAvVHpxLqLh+fw==
-----END AGE ENCRYPTED FILE-----
- recipient: age193x79xx8snu82w3t3hax6nruuw57g7pduwnkpvzkzmd7fs5jvfrquqa3sl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCNktUSEY4TzVVYjFNRDV0
bzBCSzNad1BoRUNRbnJwRitVWU52aVBHK1UwCjlmWHRTSWRYZVBMeE5NYVpBVTdK
OXRJTlZSTGFISjRwL2xScGI3N2tocFUKLS0tIHAvVnZkdldUNkVNMFZOZVN6aFJ0
RlpXZkFkUWpDemJ0Wm04N0QrL0dVY0UKq6KGit+GvUC3Wl7/fT9cZa+DVvNSzLxu
/E1EXLoDEKx9ubai3wPv1Ebt3nCM3PHNSU1l239QJiLk3NfCDc2nwg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1vw4kf5v8cfnhfhvl0eyvqzpvy9hpfv9enffvzyt95tx5mu7s5dxqjqw0fa - recipient: age1vw4kf5v8cfnhfhvl0eyvqzpvy9hpfv9enffvzyt95tx5mu7s5dxqjqw0fa
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaWWxBUUVWOVZqbE5FUEt1 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSQVZQRnlNZm5JZVhFZ2Vr
ekdKaXRHdTdvWnR0R1BWMHlGMk5OQ1JTb1JJCkhWTDFpUEdneUR2UW9LVjdHN3VP NDl5VHBYcVNERW5lMTY5NS9ad0dkZVlqR2lzCkJadHFDeFdtRlprSTNCQ2s3bkRt
UE5WUzNJTWtreDQ2VEd2ZnFSdHJ5dDAKLS0tIEdsWlNIUDB2blBYTDdNaXN0YjBi SCtuQ0VneFMrTVptSTRJMXRvbk5iak0KLS0tIC9QMTkwa2ZrTERiQTdxV2xRdnNx
SC9YMFk4dUNOUDJYMXErck8yTmJmZmcKp66bHZTD6VitAOfzIr8VJr02+R9f5mxH NGNZVXlxMllGMUhNbXA1ZVBTcENxSm8K1BJtltsPjecKcQVDeLTDSY0GbFo1xa2P
c5n2CWurDsZsNTKk7pgxQo78ySyAG3rzvOqgK0NFesyHy9dRl8xHCQ== TYH7HmgLurykqOOhS2WnOSQZG36e2xaRutDsmdOWkSD2UI2YRBYlMQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-09T22:04:25Z" lastmodified: "2024-07-09T22:04:25Z"
mac: ENC[AES256_GCM,data:d8ml8uokaSlD/nJQVM732OoEXZB0a7dpq5Koq1/Nz8iW9xDmwvrWONRmI6EPHMHJ+vFXKS09iLBtaWRo83H1KPIEfN6slVY8wrVYychz38A/jXx3TWd1oh00otJpkmjzWfEbhYYB6K0D2lTP/rfu009b29OzBNbqcIfVrJRz4vQ=,iv:/PBfFIf+SZ4zmRdOba8NKV29JRWHzCGwK5Oo2EGq/90=,tag:5eHt2FPi+5uSNEd3GlFkcQ==,type:str] mac: ENC[AES256_GCM,data:d8ml8uokaSlD/nJQVM732OoEXZB0a7dpq5Koq1/Nz8iW9xDmwvrWONRmI6EPHMHJ+vFXKS09iLBtaWRo83H1KPIEfN6slVY8wrVYychz38A/jXx3TWd1oh00otJpkmjzWfEbhYYB6K0D2lTP/rfu009b29OzBNbqcIfVrJRz4vQ=,iv:/PBfFIf+SZ4zmRdOba8NKV29JRWHzCGwK5Oo2EGq/90=,tag:5eHt2FPi+5uSNEd3GlFkcQ==,type:str]