diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 00000000..1f240db8 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,7 @@ +keys: + - &albert D98BBC6C9A27324654C2D8C464F6C4EB46C4543A +creation_rules: + - path_regex: secrets/[^/]+\.yaml$ + key_groups: + - pgp: + - *albert \ No newline at end of file diff --git a/README.md b/README.md index dde36c95..4b153700 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ Repo for nix configuration files # Theming * To change system-wide themes, you need to change the following: 1. `desktops/gnome.nix` - Change the imports at the bottom. - 2. `users/albert/dconf.nix` - Change the theme variants in the following: + 2. `users/albert/gnome-dconf.nix` - Change the theme variants in the following: * `org/gnome/shell/extensions/nightthemeswitcher/gtk-variants` * `org/gnome/shell/extensions/nightthemeswitcher/icon-variants` * `org/gnome/shell/extensions/nightthemeswitcher/shell-variants` diff --git a/flake.nix b/flake.nix index 45d5a646..84ecaa57 100644 --- a/flake.nix +++ b/flake.nix @@ -17,7 +17,7 @@ lanzaboote.inputs.nixpkgs.follows = "stable-nixpkgs"; # Firefox Overlay - moz_overlay.url = "github:mozilla/nixpkgs-mozilla"; + # moz_overlay.url = "github:mozilla/nixpkgs-mozilla"; # Nix User Repository nur.url = "github:nix-community/NUR"; @@ -68,9 +68,9 @@ home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.users.albert = import ./users/albert/home.nix; - home-manager.users.root = import ./users/root/home.nix; + home-manager.users.root = import ./users/root/home.nix; nixpkgs.overlays = [ - moz_overlay.overlay + # moz_overlay.overlay nur.overlay ]; } diff --git a/keys/users/albert.gpg b/keys/users/albert.gpg new file mode 100644 index 00000000..e9dad43e --- /dev/null +++ b/keys/users/albert.gpg @@ -0,0 +1,73 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGEuKeIBEACiklPWFZHWa07mRjBn0Xg8lcH4OxS8eOHilaEi/h87L6lD+HHp +NMkXvuKIH8KxlA662vJqEubH7w8OdMXmO4HrJYvVGGin7naAZZBV2HKx5Aj2flEY +dmQi0j7S79nGXJaa4tZsnkSHHifdmItQThQbAZY+MGEeLqHdoac64EHjscTjO/uy +/HwrY7sCqaH7tQet/HNp3KHNSR8vVYi8pAhhEnlVUEafSTmGLF8Ec6hX/zW0DBDB +LwPTUKnRJH2jxKXLC+IABw2P5JxPi09kyJqv8F841lsPMwL+SSRSjrJ10WKRMh6S +fa1u2VNhaOk2Te88c/aQpet3Ed9Qq/SdtSTnc6g/cHoIxJyIZghzDLBNahLMJmMH +QwR9RmZV2a1axvqIeVZ7Y27IKYBM1jmBPKA41edvnq5yV1MgKFyYsLBvixp5JXDB +6LVrTiR0cItHezyVzbpLp5cmgc3Oo+ntXO8nKswYqb3R9PrtJMpWHW/BMdQg7vhD +DKbXk+mjn+dT+CpDuanyPjhqk2x5LLCAzSCCnbvFlj5ooBMebzwtV1kv7UGaDpLm +Kiyo6zvGlKDMnGCVWwkoyp6fpYFCGQKK2MDmZET67tfReADG796T4KiQGqj5Km/q +LOX49z48c8eEHIPerfmDyGBQRaW84dqadRqNQ5IVlp4VyiojARv89vecFQARAQAB +tCVBbGJlcnQgSi4gQ29wZWxhbmQgPGFsYmVydEBzeXNjdGwuaW8+iQIwBBMBCgAa +BAsJCAcCFQoCFgECGQEFgmEuKeICngECmwMACgkQZPbE60bEVDoTuxAAoLUULaXd +00PfDAL7S1sFlaIcXcLJXFSMo1BtrpNgZePgYBv09eRwQPJ2zkUcxGspvmuGPRWY +DKgfI50OygLoEdAQaOKQUTv8ZtWl+Ji7Xp1N1X+teZ2aN3oDeOBvpDmOVhIDanGK +rUCrU7MsCNXFh3GmHKdoKRMiz7YCBDctfcdVUuSSgzZmmliDFw5Llx25eX2La72Y +5pTsxIYTRSvrYHZiyUpmvu3fh8YP3+ZYmOHY73G8Jk88EFIZgEEZLGxWjUFt39Ng +b5dBgGmN6mYY1lvy6EDLyEapjSJolsMRMRN55Xpe0+SwGUpvj17RO5Quk8ccuJB9 +6WTvJFYUxtiJ4GGm0HS9OWkrsQKGAHLxDuB+FpvbbwKkV4iSia1tEOhAdp3DD+lm +eaUV+WCqe2H2sz0cwVEQHjo2jxe955ycnXlsSqSRZz/jFP3nE0VH0zvSF2XtLLbq +18fqH0wduoe+zVViG18g/bNfVJ9cy7M2xZdjHFT9gV++VwvMybfQ7Otwi/aJ1LGF +M29eWMGTS4XaE1I/LPSqsu5mettJ7/uiCLeGhc/j1qTKb4A0dKEab+ScULDsQSek +bl/Ea7H5lUGlbllH3PgiMtocGZccmGfk5qyyK24W4r2vAGrTM3M3QWhc9Tk1bwCT +wLWkivpkaAFtQ0upA9a6M+NsukAdzHxTe425Ag0EYS4p4gEQALZDK/wZpvr85okZ +vDkUOkxlWtUJ30XaigTw5gDb2J6/FNCVjPCSTv+CNP+utbpjDTUyYVGShVLyMsuh +N2Dn890rOlUbxmc8gnmIS3cZ/veJ+CG/HAxvwk1HOhN4RkXNKwtP/OpM5jvPSCh2 +Ym10agLE3GDzP17uXQw1bvqNGInlD8toipY9KCLs7i6g2ZbnBgOmvxvNZDVhN+El +7N9xhJuvMj+5U63R6MbG0vTR3qr31TnPzB4QArcqE/eoHEk0P6v63dpnoge+l0pj +To96F1u7ZWM+aHH1u7bhKIKQArESak0HQaNQrdT7y+1nlIJ0+4ea/RyWo430O74C +i+A3fyJ+EfFfRekveCGoF/N4aWemq+VeYDimNYshJ/4XBMaJ6UCySvyd45KVzC6+ +cyetQ9rINVHgdcyxbMOJKUfCqV+2PHU7jsZmVpmlZvFuWbO7Rf4x2fBUFl8Wivfd +ZFBSt+fvqSz/HC9blZ7CSKmUugCCb5KWcKe32ZbW/OphsYSGgJIiRqlJYMj8kiQu +Wao0YnYrxas1Rhz93C77cHO6kopEMcPjXUriAMsYIURwb/anzsO65DLZjtzbIPmm +mNrqjevmc1lk42GBsrTOo5JkxluVFsWlxqUu+j5OJwLJAQ4GV7fquld4WFAU2Xbs +sTMtPEF1thLKWSFwqZi/rNA3GiaVABEBAAGJAh8EGAEKAAkFgmEuKeICmwwACgkQ +ZPbE60bEVDqKtw//dqBgaGs1K8hNM7fw6L77ZuV5tHluVnNN1kDv7DOavAnsKY4X +7+ONLGFN041jqomfZEGRyE2IxMgPFeFz8hDogOH8keaSbxAQzoe3yRC40Eap/tyn +vx9WKLr2ALzTRt660uc/GelNM7IdHmWB7qTo6F5qs8gTttOZIsoTXdUZrpZBgyit +TwpZ1G+uYH81C8TxXchC06xEC1r43bB4Fgfru09IzzjToyfBryntVywj6Rr6qLI3 +PSFmwzXQLuNsj8ndvA1NnxYR0hWVXLukQLLUgMl92z9tyrtUlvqc2bccfLORoPh5 +AvnZbxMcOptDy/iMHVJI0+p0C5rnXYuehDn0WpsfMH3Lgbek5trfBXQY9ClHa77d +Y7VnXzJ+zqTFw2rh22o8CTTEho6cKPjF96DAiRl+YOhR15sPOC3bD9EXm55EPirQ +6DzTGVnYnjrMg1w98m7H3ZvoElelER33Fusg42G+2zZlCYDGKKkAO76SSv7qaybs +/riZvZ2j0mJr6bDAGTtuGbs5TaviB6e88OhdYDLXWL2xqylX7TMy7lHRefpTCRpB +13E5zaPS1sWkKho9wRn5JhISWtDsyk0Ikeq2uiu+oZUeg7nSHglm0id8KvHGNWt6 +cEOhKQTPfolUiyTnLoO5FxxxqQftbEWgwfNIhvEHmUTaAgZdEbjquY8qEhm5Ag0E +YS4p4gEQAJn5uSp0dBjyJenD1SKLiuWqLzNuhjaQm26cuc08m7oVpGWQeriToaMo +d5Vr2Ay6HJjVDyIUucGdhi2OEj/gQVSoDNhnp/TvafB8npt88rmeAX+ass7Fiapq +PdN/5mS2pMiDAf5ISAeYFKjb0Gltsl0CLcclbrXPD//4DFVQkhvtLp6TMtpSrkrk +atrT0Wo2yCzwHLIyP6Lksl8lZuRETye476bU8L9GXn0CSW5n5fmhe5WJGmgE+9OK +mlNHLt+VmjD7tiA3G4Wofrk56H4ur3ESdECCQ36HH4sKvqZeWkjewGZEX+KQUZN0 +Efidgx4v7rVPPU9/Iljbu1EyQsSlKq4rFZH43lZwQL4MuXyNN5WfGexn266R0lTv +xNhsamYOljAI1/n9E4C1I8sc+i4C7jYjcA39kWD07N6SgHsreo6ca0nQPV6sDrAL +heVtSbm01FxNMuBDKBN9xwzTDPuI12HuY/C4QF+EId+iMpIPrxBRAFYIUBPevDjk +d9IFkZFAgFaVr/o68pZ651JeOefRZXC2fAWvO+UueMx+vpQyj2+I7sn65JEnvJbU +kSrK8F9QzakkSyQJLof21x+IeX+pg6gjQSeODKIrIGonudkUcAcfMYC4Hb4VKPYS +WyqF2V72KwJ6IS14CcLpi1u1Jdxely038Fj2RhAqLhuf1AmOLW7JABEBAAGJAh8E +GAEKAAkFgmEuKeICmyAACgkQZPbE60bEVDoPLA//V4HETF7ymTMAWyQk6agOdwD6 +q8i1qc4SXPqAlMFXfQfmh+Z1te5kl3jeB3JWpzNdh+0XUeh2FkTf/YGq7j8yvcVk +d1Yr0iQ58ieUkepR1/jm5Sx89OiJOWnudJO5y1a9/UMjK1+SqyO3jprngVu0VMpK +EKWEI4SKbqIjw65GxFv1GGvrUlGQ6E4ggsOKrplRqbDTHViVXyAa+cnkjetZwP/K +3GmIBgvGijrqDNcocrsfKd2pP7Kj1ajqrUZ4kQDiuSvKvfesbFcPaRM6LiDp0wvi +up7fD2FUWpq6+Jt7J65GaiF69oJjM4k25T3tphF5tc0ijyKAD0krRn/iqfPxVWEr +jlzSodZMjcvCX92fRj64VT/GPKsavVghHEnsJJNQkRaXGtxDQ873HG0VMKuEsQIv +qwQD160uVw2x7EGhQo4MQA6tqN1c3AbL0LblXs+Zb+QqPpXbbsHYTOayfS2qulmP +CbatjQwwkI0jp+GukOVX1DPLdjeKe5H/otaI4uXLoavQ3fUTIj/YiesJBLjhedLh +2FgBN7uzW9dRbHv/1Tu3oQYRlUKL6rGjVY37BNXg2dpdiuJ1OtaSvV5YM14dYr3x +iVwyWso7rlXF/zGRI8HEBe3yNGUQ1D4iNuuY3CnRRaPwYhvqsoO6XxMtUX14G136 +08J1IgWoIIjZCf5SFlE= +=CwCE +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/shell.nix b/shell.nix new file mode 100644 index 00000000..66b6fe17 --- /dev/null +++ b/shell.nix @@ -0,0 +1,37 @@ +# shell.nix +with import {}; +let + sops-nix = builtins.fetchTarball { + url = "https://github.com/Mic92/sops-nix/archive/master.tar.gz"; + }; +in +mkShell { + # imports all files ending in .asc/.gpg + sopsPGPKeyDirs = [ + "${toString ./.}/keys/hosts" + "${toString ./.}/keys/users" + ]; + # Also single files can be imported. + #sopsPGPKeys = [ + # "${toString ./.}/keys/users/mic92.asc" + # "${toString ./.}/keys/hosts/server01.asc" + #]; + + # This hook can also import gpg keys into its own seperate + # gpg keyring instead of using the default one. This allows + # to isolate otherwise unrelated server keys from the user gpg keychain. + # By uncommenting the following lines, it will set GNUPGHOME + # to .git/gnupg. + # Storing it inside .git prevents accedentially commiting private keys. + # After setting this option you will also need to import your own + # private key into keyring, i.e. using a a command like this + # (replacing 0000000000000000000000000000000000000000 with your fingerprint) + # $ (unset GNUPGHOME; gpg --armor --export-secret-key 0000000000000000000000000000000000000000) | gpg --import + #sopsCreateGPGHome = true; + # To use a different directory for gpg dirs set sopsGPGHome + #sopsGPGHome = "${toString ./.}/../gnupg"; + + nativeBuildInputs = [ + (pkgs.callPackage sops-nix {}).sops-import-keys-hook + ]; +} \ No newline at end of file diff --git a/users/albert/dconf.nix b/users/albert/gnome-dconf.nix similarity index 100% rename from users/albert/dconf.nix rename to users/albert/gnome-dconf.nix diff --git a/users/albert/home.nix b/users/albert/home.nix index 2178e791..3bd947bf 100644 --- a/users/albert/home.nix +++ b/users/albert/home.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { home.stateVersion = "23.05"; imports = [ - ./dconf.nix + ./gnome-dconf.nix ../../common/dotfiles/git.nix ../../common/dotfiles/neovim.nix ../../common/dotfiles/bash.nix