diff --git a/home-manager/common/software/cli/atuin.nix b/home-manager/common/software/cli/atuin.nix index e8eb38dc..762fb5b2 100644 --- a/home-manager/common/software/cli/atuin.nix +++ b/home-manager/common/software/cli/atuin.nix @@ -1,4 +1,4 @@ -{ ... }: { +{ config, ... }: { programs.atuin = { enable = true; enableBashIntegration = true; @@ -7,12 +7,13 @@ enableZshIntegration = true; settings = { auto_sync = true; - sync_frequency = "0"; + sync_frequency = "1m"; sync_address = "https://atuin.sysctl.io"; search_mode = "prefix"; secrets_filter = true; - session_path = "/run/secrets/atuin/session"; - key_path = "/run/secrets/atuin/key"; + key_path = config.sops.secrets.atuin_key.path; }; }; + + sops.secrets.atuin_key.sopsFile = ../../../../secrets/secrets.yaml; } diff --git a/home-manager/common/software/cli/bash.nix b/home-manager/common/software/cli/bash.nix index fa8bac68..3d3ab27f 100644 --- a/home-manager/common/software/cli/bash.nix +++ b/home-manager/common/software/cli/bash.nix @@ -2,34 +2,6 @@ # Configure BASH exports # https://nix-community.github.io/home-manager/options.html - # https://github.com/justjanne/powerline-go - # https://nix-community.github.io/home-manager/options.html#opt-programs.powerline-go.enable - programs.powerline-go = { - enable = false; - # https://github.com/justjanne/powerline-go#customization - settings = { - hostname-only-if-ssh = true; - cwd-max-depth = 2; - condensed = false; - theme = "default"; - # valid choices: default, low-contrast, gruvbox, solarized-dark16, solarized-light16 - # theme = "gruvbox"; - }; - modules = [ - "venv" - "user" - "host" - "ssh" - "cwd" - "nix-shell" - "perms" - "git" - "docker" - "exit" - "root" - ]; - }; - programs.bash = { enable = true; enableCompletion = true; diff --git a/home-manager/default.nix b/home-manager/default.nix index 3dd67a42..36a55804 100644 --- a/home-manager/default.nix +++ b/home-manager/default.nix @@ -9,6 +9,9 @@ # Theming inputs.stylix.homeManagerModules.stylix ../stylix + + # Secrets + inputs.sops-nix.homeManagerModules.sops ] ++ lib.optional (builtins.isString desktop) ./common/software/gui # GUI packages ++ lib.optional (builtins.isString desktop) ./common/desktops/${desktop} # Machine-agnostic desktop configs diff --git a/home-manager/small.nix b/home-manager/small.nix index e81a4dbc..36b442f1 100644 --- a/home-manager/small.nix +++ b/home-manager/small.nix @@ -16,6 +16,9 @@ # Theming inputs.stylix.homeManagerModules.stylix ../stylix + + # Secrets + inputs.sops-nix.homeManagerModules.sops ] ++ lib.optional (builtins.isString desktop) ./common/software/gui # GUI packages ++ lib.optional (builtins.isString desktop) ./common/desktops/${desktop} # Machine-agnostic desktop configs diff --git a/home-manager/users/albert/default.nix b/home-manager/users/albert/default.nix index 56000418..05535038 100644 --- a/home-manager/users/albert/default.nix +++ b/home-manager/users/albert/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: { +{ ... }: { programs.git = { userName = "albert"; userEmail = "albert@sysctl.io"; @@ -15,6 +15,13 @@ SOPS_PGP_FP = "D98BBC6C9A27324654C2D8C464F6C4EB46C4543A"; }; + sops = { + gnupg.home = "~/.gnupg/"; + gnupg.sshKeyPaths = []; + # defaultSymlinkPath = "/run/user/1000/secrets"; + # defaultSecretsMountPoint = "/run/user/1000/secrets.d"; + }; + accounts = { email = { accounts."sysctl" = { @@ -53,4 +60,4 @@ }; }; }; -} \ No newline at end of file +} diff --git a/nixos/hosts/nixos-rpi4-img/default.nix b/nixos/hosts/nixos-rpi4-img/default.nix index 47f9f9da..d6022551 100644 --- a/nixos/hosts/nixos-rpi4-img/default.nix +++ b/nixos/hosts/nixos-rpi4-img/default.nix @@ -6,7 +6,7 @@ networking.hostName = "nixos-rpi4-img"; networking.firewall.allowedTCPPorts = [ 22 ]; - # Allow passworded ssh + # Allow passworded ssh for setup services.openssh = { enable = true; openFirewall = false; diff --git a/nixos/users/albert/default.nix b/nixos/users/albert/default.nix index c039bb97..2306a07b 100644 --- a/nixos/users/albert/default.nix +++ b/nixos/users/albert/default.nix @@ -31,15 +31,4 @@ in { # Make this user trusted nix.settings.trusted-users = [ "albert" ]; - - sops.secrets."atuin/key" = { - owner = "albert"; - sopsFile = ../../../secrets/secrets.yaml; - }; - sops.secrets."atuin/session" = { - owner = "albert"; - sopsFile = ../../../secrets/secrets.yaml; - }; - - } diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index cbd383f7..37f1423d 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -2,17 +2,15 @@ services: promtail: ENC[AES256_GCM,data:NULM4o3ujFnx+/NKjMRQ5bi/nFViSNPjg0bmVlBDSt/1GWwxozHqeFwbbqC+cAOGRZvd3J5daqlB95nsPaBxrw==,iv:o2hvumFBQlkBrBV6qJrt9t3TF8oLiF3dByuILCandwE=,tag:CZbx+Ls5R8yrbBQMs1uewg==,type:str] telegraf: ENC[AES256_GCM,data:o8zXVQ42vV4dDg3rljBE5xmSRQDorj6/CCtzbo6gr+fxnF37MPpH+0MJfQrZEzY=,iv:z2gotp149hfl0mWBhiWWbNtU8v+L6gdv5EqkqgwF9s8=,tag:hkmtMds+iQ97pYwU9QubpQ==,type:str] forgejo_token: ENC[AES256_GCM,data:vAH8v82+WI/P0HhtLDfrK66B3u2H49XA1AglfL1LthM6Dm+znBlx4QaFmNk3ag==,iv:/jqtUejqNC9f9kXdUqxl1+LaxKsjXSZdU+I0u+ssmdQ=,tag:+2oWh6sgc7R1PXYxIz3oVQ==,type:str] -atuin: - session: ENC[AES256_GCM,data:CLsn+XQUurOOB1dWsfrRHeywXA13A59itrBlrJEiWZ0=,iv:33W2RBNk9iV+qvm6+mUE8TBrhxSWswAr8QhTJ0QXgFk=,tag:Sco2pCpo3Wu9/2WdNPVD6A==,type:str] - key: ENC[AES256_GCM,data:BOVygUPKXe9fjhULNoz3r6bOzcPtY30ZGWCmzvv9Tyq8iwsdMa5TgZ9z+dDP6huq6LdOHcFdYScDvKZiExFENDx34vdVyfqENRFgYw==,iv:vwbwNy3BKgEZEFRRqyIVffWTJkAAoVtHur5augO18ds=,tag:ZegtmTqOsL0EpV47wxRWVg==,type:str] +atuin_key: ENC[AES256_GCM,data:pSRdTZG59hGKvG2zj0VU9oudugW7q3qz7JfN0r5Zts6DKB1sTszWKRKTODGdhKsoBs3WIWUfJbi7MixRk7ttrJDySWyFZMPYUDgn3g==,iv:B6/DN/akNliFVAhN4Hwk2BvwVStcbtRHRZi/SUkIEzY=,tag:kOwmgKaCQrGupJBiEWiC0g==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: [] - lastmodified: "2024-04-28T07:46:51Z" - mac: ENC[AES256_GCM,data:Kg+lZaMrtYxmjthnPhtXonGf+EAqVRs+MT5d+bNU99wVItrbj690R8B7vA1hjflwhWN3oeodNUHWHracpMeQ1l2YtQW0jU1fJajoM6p9bDzcpEjw9+/Zjv0UJaiwy8fH4zN1UsfujZVxxXBuG7G7D9/kSPx8ngoRyS9Md/UG+I0=,iv:lTv9WGM/0UEpt4/QV1vYCAOYkdfbLdAa7FLqZ0mAVSA=,tag:c61zoO2oDkjjJsK7WtiWQw==,type:str] + lastmodified: "2024-04-28T11:40:09Z" + mac: ENC[AES256_GCM,data:0nfSYSCUKe4G5977jBuM8eQK531CkoA+rlrWGU6Dy8ukXkDCY3uG7nozKrbWgKFsiK22anfiHedcZbJ10tPvPGJK1WGiY26049cYoaDCCGGeZWS04YhbMomvNDRj2sqnj7NNcveJeLTThSSrkzv1f/KSSlnnuB8V3YjlrdX5D00=,iv:P4b+QtAz5QRwZfSONrg7YV7PhSZuTNrAfDJNxpq4gYk=,tag:JR4FZv8FMFCyHKJ4Pz6i5Q==,type:str] pgp: - created_at: "2024-04-28T00:33:16Z" enc: |-