From ec45f12c12941c93cb6ae2eab42e14c8b659a59d Mon Sep 17 00:00:00 2001 From: Lilith Date: Thu, 21 Aug 2025 23:08:07 +0200 Subject: [PATCH] refactor --- .sops.yaml | 5 + flake.nix | 11 ++ hosts/lilith-lab/default.nix | 13 +++ hosts/lilith-lab/hardware-configuration.nix | 119 ++++++++++++++++++++ hosts/lilith-lab/secrets/default.yaml | 36 ++++++ hosts/lilith-pad/default.nix | 1 + hosts/lilith-pad/secrets/default.yaml | 11 +- hosts/lilith-pc/default.nix | 1 + hosts/lilith-pc/secrets/default.yaml | 11 +- system/core/audio.nix | 9 -- system/core/default.nix | 2 - system/core/fonts.nix | 8 +- system/core/input.nix | 4 - system/core/users.nix | 5 + system/optional/audio.nix | 14 +++ system/optional/default.nix | 1 + 16 files changed, 217 insertions(+), 34 deletions(-) create mode 100644 hosts/lilith-lab/default.nix create mode 100644 hosts/lilith-lab/hardware-configuration.nix create mode 100644 hosts/lilith-lab/secrets/default.yaml delete mode 100644 system/core/audio.nix delete mode 100644 system/core/input.nix create mode 100644 system/optional/audio.nix diff --git a/.sops.yaml b/.sops.yaml index 41c909ae..bc1b7e25 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -2,6 +2,7 @@ keys: - &lilith 35FA53C3B39A778CBD0F0ADD0A0316EDDEDCA368 - &lilith-pad age1mqw75xvd2gnhx2wsmkr8yctegjfym6xkypwjh82s3yws2glk4vms3cxqaz - &lilith-pc age1pyav93usza3s363g56687yxh9jmp364w32gs77le7t0cgg7jveyq4zcl6v + - &lilith-lab age1aqks8n6temvwfnqqk8pua56du4xz8krz8edmslg69pu8hpkla96q5hfxp6 creation_rules: - path_regex: hosts/lilith-pad/secrets/.+$ key_groups: @@ -11,6 +12,10 @@ creation_rules: key_groups: - pgp: [ *lilith ] age: [ *lilith-pc ] + - path_regex: hosts/lilith-lab/secrets/.+$ + key_groups: + - pgp: [ *lilith ] + age: [ *lilith-lab ] - path_regex: secrets/.+$ key_groups: - pgp: [ *lilith ] diff --git a/flake.nix b/flake.nix index 2031e096..d076bd43 100644 --- a/flake.nix +++ b/flake.nix @@ -89,6 +89,17 @@ overlays = [ nur.overlays.default zen-browser.overlay + + (final: prev: { + jellyseerr = prev.jellyseerr.overrideAttrs (old: { + src = prev.fetchFromGitHub { + owner = "0-Pierre"; + repo = "jellyseer"; + rev = "0cc1391b7016ded828670d4525417b59029db351"; + hash = ""; + }; + }); + }) ]; }; diff --git a/hosts/lilith-lab/default.nix b/hosts/lilith-lab/default.nix new file mode 100644 index 00000000..58560763 --- /dev/null +++ b/hosts/lilith-lab/default.nix @@ -0,0 +1,13 @@ +{ lib, pkgs, ... }: +let + mkHostOverride = lib.mkOverride 75; +in +{ + system.stateVersion = "24.05"; + + nfs.host.enable = true; + + hardware.graphics.extraPackages = [ pkgs.rocmPackages.clr.icd ]; + environment.systemPackages = [ pkgs.rocmPackages.clr.icd ]; + boot.kernelModules = [ "amdgpu" ]; +} diff --git a/hosts/lilith-lab/hardware-configuration.nix b/hosts/lilith-lab/hardware-configuration.nix new file mode 100644 index 00000000..e10b8fab --- /dev/null +++ b/hosts/lilith-lab/hardware-configuration.nix @@ -0,0 +1,119 @@ +{ + config, + lib, + modulesPath, + ... +}: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "sd_mod" + "bcache" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/0bb16b1d-eda8-4874-a79d-946888cf1c54"; + fsType = "btrfs"; + options = [ "subvol=root" ]; + }; + + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/0bb16b1d-eda8-4874-a79d-946888cf1c54"; + fsType = "btrfs"; + options = [ "subvol=nix" ]; + }; + + fileSystems."/data" = { + device = "/dev/disk/by-uuid/24022169-8d46-4684-9682-cfbd88e75e86"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/202B-F8D9"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; + + fileSystems."/data/share" = { + device = "/dev/disk/by-uuid/24022169-8d46-4684-9682-cfbd88e75e86"; + fsType = "btrfs"; + options = [ + "subvol=share" + "compress=zstd" + "noatime" + ]; + }; + + fileSystems."/data/sync" = { + device = "/dev/disk/by-uuid/24022169-8d46-4684-9682-cfbd88e75e86"; + fsType = "btrfs"; + options = [ + "subvol=sync" + "compress=zstd" + "noatime" + ]; + }; + + fileSystems."/data/media" = { + device = "/dev/disk/by-uuid/24022169-8d46-4684-9682-cfbd88e75e86"; + fsType = "btrfs"; + options = [ + "subvol=media" + "compress=zstd" + "noatime" + ]; + }; + + fileSystems."/data/backups" = { + device = "/dev/disk/by-uuid/24022169-8d46-4684-9682-cfbd88e75e86"; + fsType = "btrfs"; + options = [ + "subvol=backups" + "compress=zstd" + "noatime" + ]; + }; + + fileSystems."/data/.snapshots" = { + device = "/dev/disk/by-uuid/24022169-8d46-4684-9682-cfbd88e75e86"; + fsType = "btrfs"; + options = [ + "subvol=.snapshots" + "compress=zstd" + "noatime" + ]; + }; + + fileSystems."/data/torrent" = { + device = "/dev/disk/by-uuid/24022169-8d46-4684-9682-cfbd88e75e86"; + fsType = "btrfs"; + options = [ + "subvol=torrent" + "compress=zstd" + "noatime" + ]; + }; + + swapDevices = [ { device = "/dev/disk/by-uuid/b28e36ee-9a4d-4811-9ee6-6262881abb24"; } ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wg0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/lilith-lab/secrets/default.yaml b/hosts/lilith-lab/secrets/default.yaml new file mode 100644 index 00000000..f86ee03e --- /dev/null +++ b/hosts/lilith-lab/secrets/default.yaml @@ -0,0 +1,36 @@ +user: + password: ENC[AES256_GCM,data:0VEVhqf0R/fduL2mX+3MQkZakCbX2mDWTzLyaWjaDbFyZphLsHThFHuh3Zm0wH+6LedwJXpbaUYsxXgwlV2F82dZ2J0aotVY2A==,iv:d23Exq0N9oBLhPVA1OrfQ9TT5Iyr53lnWrsof3rB8Bs=,tag:JeOakCtfczjxzo9JHnHzlQ==,type:str] + ssh: + public: ENC[AES256_GCM,data:Nnxczf9a4vdFxd4r7JsFJU0kMG6jqm4eOiVHK4J0cbbHWCthaOvy0x6BjAjzqMpnRrEB0DrvPMxfCesr39yLlCYa26mNYx86AT5vi8taOGRg,iv:XLeEi0Oe7eoUHZBU5TvdxhU02aP2V1VtrnJ3V1Ckznk=,tag:fV+V2S2MOyb64HkTQP3mBw==,type:str] + private: ENC[AES256_GCM,data:Yk+YHVeVBYfl0W+BbauYeuQmNR+MV9G7u5cuVthsC2oNIE8RFUfZ2oj4bzAJsPfzdHIl/gYatbw6N8gxwJLtc4PzapunKtWsCMPdmYKvtvZOvijXsrIZI0u8zf+HzZOVf+QAr0oSTos4CWcskRKl5Ue1dRs3Y6oJfnlj12s3unRMhGSYMq0k+6HZnuiBqAndPLI+YVMH8hQ22r6KBc6kmv+DLKf8saQ+E0oow4lPb9lLu2i1HIWA5s2pghOBWvagq9bOSXFx6L6gydOUdYWUsQPbgylBcd5CSZ1OdULzIFkwavqalwhp4qdhyPKqGKQ0HLypuRe5dgvr1TN92lSrsxqHNDDHTt5JyWiBq3PrXRO7pSZQtT9Sa9/nLia6QS2RTqos7nca1qOIrAGbRCLO3VZ6G2zRk9q0HKjXqR/+I7Hh5loLNAZ1BeRNYfEPEqBdlx2ma2aGFrPYtTWg6EDCXNY0Mh81PSgWEyEDdenVi4nhHSESejkcUyv02Qg4sZDpZn4WAJGi6AKY6ZbF88RIDpbMV5rIwNgqxGSeLyRP6zs=,iv:s91jTBGApdhK6oIfUtndkup6GGpdh3+DTNPfDEFkYoQ=,tag:3VeT0kk7X3OIg/ar6RTh9Q==,type:str] + authorized: ENC[AES256_GCM,data:5iYSZu5UW2H4kcorzgLPDhwdk2chZtgTwf/knK9BwXsB6s6LRow3QrOWck79hTmmtLDaieoYK75xadINJyKbnFjpUqlZQq/fgOZRIXubLD82eYxZze0xcbXTZEPtif40bXlYpBCtj1FP67KHFobRKPdsTLZ8e5LXNQldSCxi8vWT+0ufoYkETT9y91T/XuLUAC6JkDvD75KIHleXmJCxCK0T,iv:Xu9Bofy//LymRNbfupucR6TKsTwMy/TouJFtlN0YcuE=,tag:cpM/IM/y0zWEtA6dm0bKvg==,type:str] +syncthing: + cert.pem: ENC[AES256_GCM,data:IolcFf/jq3I6P2t/NdvW/vxKJlqzdtijFREYxXKn+Or0H1CSPTlu2VgGbvRNYt8m5TB0psPbjYHgPsteTaedW52rPqJ/ap8SRx2oo7mCmPhG88zdvsuv4QOPuTGM5Qtp1SOrOd313QE2U6SvqZNrdbaNLtCajX6qGoh0V552MTrMJvT0RtN/LKWWCL4SJxTg+9fF3rmmC4pNYNRoDAXSKWvJ7idKSzmL6F95MDyG4LGBZLcA43u/JORsNq/OdGOy2Bh7MFL+dqZTarj3jz/Reqmz72E9b8n7d8DcO5sP4niEmYtWYz/VVZZW0xuCqIrBs10VNLgBmoqwQNeBr9FqqhJ5P7G9IRN/paIV7mR3h4c/YNhd1qF4r9JHNU9+3pM9sbKZQfDzs95uOxFl1JdjImI1NMpsfoZRroL6oD9aCE50FxTgWLJh397wqcU91QuL5DkCAEvQ1nbYQ++jVlJKjVzU8pdpeF/QqLGxVJEquQPR9HBeH4H3fSRPwXXPM2JrlB1afnDs8ReZbEMIpLKp3X+FAS0RdB437N0p17Sels60k6F6MygyIxhX15IOPn1UPqqhIidk89OQtRmNaEGhsnKW/qHOKD1bFE23SAovOTXWRP+IvzuntM3HtKKqPbCslp21eKrnzNL2b7+ex7LFl59Qe5zW0ZUGOvOrSPm/MhRs+QW56LK0wKZzqwLT6Gw9mxLbwyogq+1HjLHXbHLnBY7K8MDeG4DhtSkitl6XBjnjnzWk1zR+XFm1xy97hbci+F/eQU6e1UVN1jXTplgsKapj19riIFSdsTzlj8L4+osvaptGKGMwbtnGUvY2OZlWCMQJAkU791D1pYI4UVPjFQWp3SLt74fS/OP5DfIArvy0Di8bpM1nH8mxPqsWnikW0xKGfrXAWZIeJGhVGKjBBP3AR0OJO5CoXKjIOJTxXAf45Z+CEN1cNp9j77C95+/ipECZUTswPEiFq40xs9ZX/mYMGBMz9h2U8p0qS048BSS4A/Q1bfGOToP/GX3wXDNoFhuu7z9hhS4YV9vOnSpVGedls2VsPQ==,iv:p1XFi45xRDqQCBl5MEXVKyzpFbBfu3EDavgMtnh50qY=,tag:fY67X6MytyFJYDlAVYaQYg==,type:str] + key.pem: ENC[AES256_GCM,data:W0wf7O+U+Hhci/EVkgA31CpeqkBZ39+gsu+pd5H/lZz0L3ap73/BhE5D/NMbhRDFIALTphN/lP99GuZi+1T9ug2xcKG/VSRR1YSE/6Z/3z1mXAIWPigvJ5ZcVjmTqFc0i/TLN7yrpKnZmabcE26ELbYiCupsJHguwDqv96jUdqwluoeZbIueAN8GfBxGSTNPa9YlXoV6vbR5QmByF4t5yKlFMc5ESueCZKc+i0MFCMTlDTQKW9GKfa+r/HCxKzhSPjey7cxvla7R4ShYg3DpwMsIEwc/VEJ2ifco6VHyGf526ccvUT57VtBNXPWs3NKYC5LV+pxrS7wy7APdld6J1OMcCyMuraLM+rQBMx09JYCy8GikNXw78SpP7mNrMdZ/,iv:OpT3xlvSgLl3h9D5cRMm6B8n0RRTPcu5TrsRKAuhHck=,tag:jsNZUtIiNAkEc76/qGEKAQ==,type:str] +sops: + age: + - recipient: age1aqks8n6temvwfnqqk8pua56du4xz8krz8edmslg69pu8hpkla96q5hfxp6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPTXlVbzJYK1dsN3FMVmdF + RkVFUHl4TDJUSUZqT3pGRUJBcStrS056SXkwCjl4dUhmU0dUd1ZLci9aa1Y5Rk1J + R1JSMGFXUSswWmJHazRKUkZ2ZnFldVEKLS0tIDN0aStpYjM0UTA2WkZmdVRIL2xj + Q0lSZ2J3cHM1Zjc3TXMwWDlnaHdWazAKo64uQ1arscAhF4gbq3ly8mCNPzSDPWql + F+75SNZB24Vet5HNf0lsjZw6Iz5xiF43w05/yrSKg49cqAuij+PiCw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-08-21T19:26:01Z" + mac: ENC[AES256_GCM,data:tZ+hsckQrJlZfVgaFIDcffBH6TNlfZ7nEUQyd+sspaVEuOBGhruBdrAFVWWensooEOoKzHLAeh0L0ryVF1X5w09zoMZvs2hPvQ9GUBJh5U6WjnFGhfqo8MhYwOW4cKuia7dO6PYqVUhRmRdCN6vbmNWmNKsNkGmxveFd7LQA3oM=,iv:uVdd7yBhAE2GIcV3sLETCowXcPV43/e3OkXgzPKUJGg=,tag:KjktUqIOlRbYOKiY6pWeNQ==,type:str] + pgp: + - created_at: "2025-08-21T19:07:51Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DCgMW7d7co2gSAQdA1e42JyqSPuDNXvgnMNhFOgN22sdRpOa4odHFgxJEcmkw + 7JomN1eWP0ye6DSHqt4cRMT44DFJdg9ChWOfRWYx5T/QwCa2jvjF29xXS7UPOo9g + 0l4BqNwnQpvbqQIpEhDxh+qB3cstWlUwHb5afT13geUwcHIz4WOEb0wwXOxNLPBM + c9AIo7q93Ermj14aXK+hveSTZ9vAI8wYUcDGZigZEZH8DhnCxFNUF5q9g6MLlJs7 + =SQjn + -----END PGP MESSAGE----- + fp: 35FA53C3B39A778CBD0F0ADD0A0316EDDEDCA368 + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/hosts/lilith-pad/default.nix b/hosts/lilith-pad/default.nix index 3e2f0f70..775e8ebd 100644 --- a/hosts/lilith-pad/default.nix +++ b/hosts/lilith-pad/default.nix @@ -5,6 +5,7 @@ in { system.stateVersion = "24.11"; + audio.enable = true; desktop.enable = true; home-manager.users."lilith".desktop.touchSupport = true; diff --git a/hosts/lilith-pad/secrets/default.yaml b/hosts/lilith-pad/secrets/default.yaml index 5bcd728e..df341104 100644 --- a/hosts/lilith-pad/secrets/default.yaml +++ b/hosts/lilith-pad/secrets/default.yaml @@ -3,14 +3,11 @@ user: ssh: public: ENC[AES256_GCM,data:4bA7PVMd8UY1D93A85S6yPIIbAt4FfbQN72lOZ3Pf+su4MGQvz9UcN6a+b+p/Qo8us4sjXutfdPiv5qDEnsDvc0uuS9R8avSw/vqzfF4rQ7NAn59/fjAJwcaPwwTqsTiBXFhcOs=,iv:qZKApe16ElXdw8MOePyvo1wqpXnTD651w0122omu+ik=,tag:P9fxALfO74yK8aSazgX68g==,type:str] private: ENC[AES256_GCM,data:INtOHRiH+lTGH6zTtjzO/VoYsNRVFBDaWpTjAnHEv+YgXAslHTF7AvFoM9XKvjLCe3x3celD8r4yd//vof6WRuGpr4foIN09CXS0VO0fEkcNo224ajNc+FGEUNzeWjCqDW8Jvlyq7tEE+ywjVM4MF/IeyHM3Oh93gTprq+ZjzXYfXuqElVzlcLJaOGIAXmqWqUtzmGh7xx2TXfapkCi8oHm3cx7/A8FG7kBxyCcJ/3aIzrWZo5zHdts8l+qB5hc86vwHVZ3WVBfuXKpTaXCzQHRRaw7vaIP5O2V8bpU8p56TxYDl9N8GrbF5S38AxwtW+FHZKLXD33I3uQk4qztpvT8AvStnMM4x2D8JIhWN7LYmbMFuJng5UfzwLveIVPl5MIHAtVvk2W/QTw/5+kbqHIud3UWv5o/vbnm8l88q5WlO0U9CgRmV0FPTK/hdEj+tEUR6AzFi/Ea6Qiv0BGVGLOHWYszfXzKA1mss+MteR9k+PQqx4wsQM9nWnMOTQGf99RMyeHG1u68gsKy55dvEMXx0lo2iUcdBttVHZaUP5baiOhr6VS74rBxpeLBN03Vzj6A6fG1b2u6V5vSZ6sC1MFlgL1gjwLzGlqi3thVAV9g=,iv:CHie+Sns7HefRwBqdo2Gw1UexHS+W1y6t4etbHA//5Y=,tag:X3U1+wHVzRBUOl8sNo8jtg==,type:str] + authorized: "" syncthing: cert.pem: ENC[AES256_GCM,data:zVGfurUvMA28jtWqBBHmlz+ujHGd9/ogZYLL1AMb8njzi5BJZHW0+QaHhLqjw7BKNs9CDmpIhIytvkY9WFoQ6zJe477ndXr7lPDdpoLkEDCZKXypVjAOuqHXTXJ44RI6hU87347bq2BP1Ph9847hryA4iWicdhYLj0SrFcQVu2MnGWJZ75k1eUqELjgT6rqmR7jzRs0Z4mGaGRwrG1Bi76mkfrOe0SVV6iE8Kk3U3iYDcqraWbS3Y3Fdr+UgPuK7uJ5RO5MFMjS1CHmUvo+K/tgcH74r2NS7FQBHnG5Ec0MMW1r08W5odd93oAJUC/PWYUW4giSahp1G+GyGMO3NSmTMW5PJ524I8izRRVg2jO9usv6ukxC9oUV4DIz9kpj9yVnHA7MJCw6yJTveLQMumYxKyorQUxkPDAyYty56D56mOnaxgRT7GsDkuj6VJ5aujqvzUq1f7bwxe43g75IY5BQpzWOufsCvnGt76dmZw3+gdsw4noQEv+Hm3FOvLnBA8H0hzDAtIs0Yy4GdviZj0687ZqAdM8y6+hOvC6UxSm5OkplCAi2E5yte5OS6csvMWR2atT6D13jZFU3PL7aIw0Z8y2Gx/jVlr68UHOn6jvonQzc2+fZmcQJL8aHW6jsDroIYHbl98OAFg+WE/Yp/lV3ffczhfzoH25qL8AHiHXwsBPOVkkpFSBxrNO2XFeDIEkl73amjCvkM1X3AxHBTgCgK2Y2kkvpwOiwUQdt5/YcLGgIWkpHpPDfGiqOkkMsWZbGcGPQtkUnhu16ul4+NUFDwiE2CYaw5+cPpdLq8DWv//V0iKcHP4jinYM+ZaUIh1loupdinhGKIeX+xNFcf9kB6dcdjR7TliN7gb5ekynSxjHM3i3EFp47bhkMbQpLVzOKZ8vgeb/eVU+t97lPNxhioHAeRPwIoxq8lnLHhY7p7AN0gzsfOeDKz2BuxaaFI0DCg63aJC2nHpvy+5lWtWYto6rUB2q4JTA9oKm6RLDcDaYTLfpQtM9sdH9N5TDsCukPVm+e6gr9AbjG8IFt9QUGb0UxzkqY20bI=,iv:XIhlEi02Il+RdKPjqRIPCg1ooij8ipTbbUZlupijTVg=,tag:7mU3OWolhHxtsN6rHs8vIQ==,type:str] key.pem: ENC[AES256_GCM,data:fo8ejY1p+oBwy4L5WiecLQLkwKVdVEi7fzKb8/ACD+7qKXMk+MChW1MeUrFjWCHtHIdw3Ld7SrCmEC/3cqL87aFiZFBOv/cV4Jkvy1kEmZLuKo8wM5Vn+7Ec4WVDAbqhiT5MEgaWHdSgmv2kvkeUnH4LJSx9uohRTgKlO0eIqY9aXO5PqZEPLuHvvTrUi1OCvadaAsKHx3yqTm2tuqK7mPzOL2A4WLQRMKSlQIbzgTz2CShql8D6/crzIAoQVnXf+/KbqzRw3NKtIzQA0aSx1tA4DjPSugWkx+sqjUShYOfZ8Rnbto5/Nbmk4QTaCkvsOli4lazGAKmPtMVBXfbFvZUXiZ/QoawVmsw1MMCCtaRpV7cEAKHJCZ+lRA4CUoJm,iv:JQHPAdW1gJxpZaBcY/BdRBweEYAAj0ZWwAeHFR4J5zo=,tag:i5VWdxTu+Wez3poflwGiog==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1mqw75xvd2gnhx2wsmkr8yctegjfym6xkypwjh82s3yws2glk4vms3cxqaz enc: | @@ -21,8 +18,8 @@ sops: OW5yTndZYU16NTYrdDZRUjZJS25VbEUKmD4HAa0e2p8SRw5mlzgh+ByFqCDhj8wv QumEed0Hb9jve8aO8K9MEayxi5jIULFYuYWD8D1RF/74UGrgBTAykA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-15T23:51:41Z" - mac: ENC[AES256_GCM,data:ey5F1mZf8Ndm+9hJo38X6dhD6cVZ1T+YjtHSQsCjzpT9va8/zmsic5VMS5rlxCsR7TtiJG+sN6xQ9rsvQjE/mCSb8raQTCRa0XufpO7Yqekwyi8fOWdVf6tBIbdSOkJDARD4AVmmGRZWpTHAX2oMnH/rYT0+MOZQ6Q6LQ7lumq8=,iv:6hntrUy0jlkdp5MIV6GNvGbNYFrcOgKoWaIU/vORg88=,tag:7rcHIuubqZk1RlppgXYiZQ==,type:str] + lastmodified: "2025-08-21T19:26:27Z" + mac: ENC[AES256_GCM,data:9Tbo8TQVEUXEA+9OpIO0odlxyd7f6asflpauBv4ntlSZrAsn4fg2xsypFP8KW/nw9pcqcF4BmTcWNgnvl/rJI2da6qRshDiiupv2w1U5vOYASwUaQCM2SXIdPkjLMqWD8bJYxHOBTSFp7yJCgx64U1voUm5beQcjU/pear18mcc=,iv:tyTKrp3kFFqhT3R1QD3ka4rsxrzK+HWM1BpAH/ZBBaM=,tag:tdTn6PGqzbGdyWvDr0ANsg==,type:str] pgp: - created_at: "2025-03-15T23:51:35Z" enc: |- @@ -37,4 +34,4 @@ sops: -----END PGP MESSAGE----- fp: 3586D8D6689B9C9ECD598C588712A0F317C37175 unencrypted_suffix: _unencrypted - version: 3.9.2 + version: 3.10.2 diff --git a/hosts/lilith-pc/default.nix b/hosts/lilith-pc/default.nix index 38f950a3..eb883b3b 100644 --- a/hosts/lilith-pc/default.nix +++ b/hosts/lilith-pc/default.nix @@ -5,6 +5,7 @@ in { system.stateVersion = "24.11"; + audio.enable = true; desktop.enable = true; gaming.enable = true; nfs.client.enable = true; diff --git a/hosts/lilith-pc/secrets/default.yaml b/hosts/lilith-pc/secrets/default.yaml index fc890eac..eacccf93 100644 --- a/hosts/lilith-pc/secrets/default.yaml +++ b/hosts/lilith-pc/secrets/default.yaml @@ -3,14 +3,11 @@ user: ssh: public: ENC[AES256_GCM,data:DYYGLTFvmZa/bvAo0dvHiL9jt6cfSeZZN5Omo3af1lHhOfQYapqm7DXOf6xBn0HNr32L4gFEpE+2IquUaPUtY48nsC+PiuFSp1x/73/sjOCZdcTkGh7ehwZ4PECN3goIBw==,iv:Q4YZSMQhuIuiuiN94aHk2pwForVESEHhXjDAGTAhvR0=,tag:dFFBjKqIwn75m8GaXosjMQ==,type:str] private: ENC[AES256_GCM,data:DHRNPGp2BRPuZ5mATxIsuKsKIjVo+hrzX+L+yZUWc/7xjjpMnlloZ7LCqlP4vXzJAEcolqwpnOLNM796WHtxO5I4HiK9R7p6EDfOGYor62RnhQ4YT7Rc75hWX0vX3dAsvd8/sAYcZMCxVAtCoc4c+UGHdNnh+0Nl6uWO5teakOGPnMqk+Wz1GI//quKxUWs9oRLrZ+093XqTjigcVJ8NcnYDl5RE46HLcgJOp8ii9PeSOI2XM2L6wSWpAO0E3OlAm3z0hTWUcvfIwKzWpkA132JCZJrQtNNsqez0ZBFJQkaaImRDi9y/jT6YInuDhc8gVct04oOda3qKxrm+JWXGOt7HkK54NQFouZbN6e3JZIQaMzz5jPhT/muPs6EsSudorcved/eoyR+rU2Yxn087EVRzqZUZXj3rZpCKWV9rZq8jzOd+g8P7pK1LyUqc98UqSigMdxYwcB6fp/iX7ZcG7wmoRNXbaXXhN1ksY36NqUSNtv5xrF95/THgxwFB6QgY6l+L/7bKblkeLGp1T4MeNSLjHku/0wKCF9fmBiGXTB3evyWlXA42WDJG1SZMS5vT89WV1FiIfsbW6WgYdtMrASxlsDE3qS5TSrUGfjA6+vY=,iv:B6PahG+KL0tuDVS+tF6qOvRJKqyDbKbH/4Qm9Ig7vw4=,tag:Xo0yBa0/fyc3zUzrf3w1LA==,type:str] + authorized: ENC[AES256_GCM,data:YQaf0bIuSrODiORXZsLPR5N3iteOdhgu/y1eNKGKjzn+Ko+kn8FfJYS6ON+PDC2oJXiopF+GHHWu3Rjew+5KL7osg40CB1daFUxtT9orYIr0,iv:dek8bzKcLgCtKbfTIAteA/bqc53GijmyDbnikKtZSIg=,tag:/NB6UnF+ufF1FZfnJZW+wg==,type:str] syncthing: cert.pem: ENC[AES256_GCM,data:2a+d67lXxj3Vo0JyJO1xjnrXbPj9qN4CrJn+oyr7PLrNwnsWuAkH1dIMcEvWqL1jENc+Joqkt9ksqXP0QFSDPtM30UZGgTUh7XeFH3D1iUroBBDqmCdYK41au4Y5LIaNSpW8eBaNGKHTh1jMV1aJqjcssfyVcRpI6D6etZQ0pQSb1AhVtiNE2Gkt1+10BK0B5IxmAu4FYe7fIKFAfyoQolW3JnHRO7JTILIumSS7w2LHll7ZHVZ6U1jh96awua1CpsbYM3LdZWyDcPfD9NQLAerO/woNnPoCHttVZxMvUKtfNWfgnOcX0sXaliVF1q0J3VsXHCOEB40b3flp0omTFrMGJecQua0qp0mFQzkTbgiu53tHypF2EOheJVdAZMv6hmeqL1yHhWGXvq12USwH6mvrUu9eI6/7cKIv3HXyD0mdT3BMC8eSzWagtwPMBf1tXFSeKUm+U6MpaSMq9XA0lCDQlGA+vNz2jusaUoQI1fj6NuqzKaBAJsbGVSWSN2rzBIXwL8w/PhjcULqNHaBHXUjSVWtSAmp9uYgG8zce2FZaR5LbqvJKYJpQKpAQCmk9lJ44CrE9EL6u1z1gyvMQtRyCGTZ5gTgHgRO67uM7/USoMlNFfGIitovEpSJZbPTa7biXCqCvXWDLAcxwMrJl3EpZ/w8VP1NFuXj8JUOh+NbzBvvwkVZQHxQaj6auOQoUwoPmYR8xjXQATBCklQytw1WTqJJOVNwNu45Q9hOzh2JjI2vPHkVYVrhdkskOWvEZMkK5zYZ22lI/9hxxufLUlG2qoUj9to0ACXLZihMdaQdemnGPFQ7VbNdQdSBeqOn7Q6MJ4VMfceZ/7MJRzyP3rSyCsab4Gq5GkNHU5RHlu7t429OBzFTb4gEpRIkXCiewndtbkW87RRoAuw3YLpc8nSF148nLxhlJpqp5YcvVca8DEluLvE0nKT2xyEPc6TrYrxI8vXBF8QGBJgNQ3xyLWoobOFBPFRh/CtF8OBcf2T6Q+qpNzaawG8fAz6FCLd2Qn1zjrZmRYAuFkKTLmhCZ5GQdBkwFLAIZxGw=,iv:FBTiEZfBxMURQT0B3razM4pQ4cz7xGzsjZ7b8FjbhIU=,tag:UMx6Q6Vy8yaTPk2IOrPuUA==,type:str] key.pem: ENC[AES256_GCM,data:66pGKtg2NZajHYKfUsm9fgItbeBeXf6pfsuBOhFkwhFM1AMATwRu1WEHQjD754Z5CC04vQhLONgwbTze6R+1mJJ3wEHjgrTA7v+agSgFfyQLZMV8YRH8eIbG4BLcr9afO84ahqZcWAH/ldFhZeC90nepHK2Lz0+zVIvKsGOPM45OU6Yypjr8FVTVinRr0yJpBgOciJTsZtFqnU2TFJxRoZuOTnTCrO2Kywg+rk1c7augAi30iljZx6Nfi24pBCrcwMeSkiT6uyAhkgiJH6XiIT3V7S/++krsijiTKqV2gqj6zgnE2aUQpinxTSMSj3V9+Hs9AMHdubjV+wb0Tm78m2Hev5iJ0f2gpVufadFCAjcy1ZPttfjBoZ26lOlKF16V,iv:0ewtb+t8woztUvr7XPE0gr94X97hnOaT0LomsmA3dQ0=,tag:0OBaQNkfrd3WQI9JBq15Ug==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1mqw75xvd2gnhx2wsmkr8yctegjfym6xkypwjh82s3yws2glk4vms3cxqaz enc: | @@ -21,8 +18,8 @@ sops: cFV0ZkliUHpKdEsyU0dEQUdNZ0kzb0UKSHUzMLKwB0s2CimzsIbktvng7dDReOzT ygaLq22ZrYvb1etPyroaJA1M5hzNo2VnCMVqa7vUbu/5ZHVLxW9n6Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-08T18:44:51Z" - mac: ENC[AES256_GCM,data:vDBK+lb0A9y8cgcHYpqA5DBxFlwS0hVk9NQgzKKqeRp+oSIRR0AlaLOJZbxEfZT4YXrQzMAIkIGTOs6Oz0Hn4aG04F+LPT/4N/d0lGacscQtuhpn+CdYpXpaCJ2YjbK+EoXCpparhmxSo15BOnHAGYiP2VEL/MmwvU7QS6+Ke4c=,iv:TzPiDgZsW91aK3gexVDz/xP3OTGlCSCgZ6VKvJB1TZc=,tag:f8TIqs8Z7PuaF5NtzjP3gA==,type:str] + lastmodified: "2025-08-21T19:25:06Z" + mac: ENC[AES256_GCM,data:MyUPAGFMhDALKcnZSHfThL2vQjA7twVStiZh5/YiCniBgQ9xcmQD4qgvUICHEmc4jS7kzZKJPWUGHVBIXHCSeK4uqHz8ApTpBdwpWW5+CZXKeQy8MRtQWq1p8ZhC5oTzaXZiBbmo74x4BL+26JltFPGCN7+NWsF7Kw/8bfCN7Ks=,iv:0SRJyoiQdotOZMY9sQc/dVvuOaCCx0ohj8ePZSjApHA=,tag:JOFwuyfkaiBaC+TS4a8NLw==,type:str] pgp: - created_at: "2024-06-07T11:56:01Z" enc: |- @@ -37,4 +34,4 @@ sops: -----END PGP MESSAGE----- fp: 3586D8D6689B9C9ECD598C588712A0F317C37175 unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.10.2 diff --git a/system/core/audio.nix b/system/core/audio.nix deleted file mode 100644 index 888fa8d7..00000000 --- a/system/core/audio.nix +++ /dev/null @@ -1,9 +0,0 @@ -{...}: { - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; -} diff --git a/system/core/default.nix b/system/core/default.nix index 6ba79ddf..14c2202c 100644 --- a/system/core/default.nix +++ b/system/core/default.nix @@ -1,7 +1,6 @@ { pkgs, ... }: { imports = [ - ./audio.nix ./bluetooth.nix ./boot.nix ./btrfs.nix @@ -17,7 +16,6 @@ ./power.nix ./users.nix ./zsh.nix - ./input.nix ./virtualization.nix ]; diff --git a/system/core/fonts.nix b/system/core/fonts.nix index 93fc7434..335da5bf 100644 --- a/system/core/fonts.nix +++ b/system/core/fonts.nix @@ -1,6 +1,4 @@ -{ pkgs, ...}: { - fonts.packages = with pkgs; [ - nerd-fonts.jetbrains-mono - twemoji-color-font - ]; +{ pkgs, ... }: +{ + fonts.packages = with pkgs; [ nerd-fonts.jetbrains-mono ]; } diff --git a/system/core/input.nix b/system/core/input.nix deleted file mode 100644 index 2c5378c2..00000000 --- a/system/core/input.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ ... }: -{ - services.ratbagd.enable = true; -} diff --git a/system/core/users.nix b/system/core/users.nix index b5230a16..c261b99c 100644 --- a/system/core/users.nix +++ b/system/core/users.nix @@ -13,6 +13,8 @@ in "networkmanager" ]; hashedPasswordFile = config.sops.secrets."user/password".path; + + # openssh.authorizedKeys.keyFiles = [ config.sops.secrets."user/ssh/authorized" ]; }; nixremote = { @@ -41,6 +43,9 @@ in path = "/home/lilith/.ssh/id_ed25519.pub"; owner = "lilith"; }; + "user/ssh/authorized" = { + sopsFile = ../../hosts/${host}/secrets/default.yaml; + }; "ssh/nixremote/private" = { sopsFile = ../../secrets/default.yaml; path = "/root/.ssh/nixremote"; diff --git a/system/optional/audio.nix b/system/optional/audio.nix new file mode 100644 index 00000000..b6d72b01 --- /dev/null +++ b/system/optional/audio.nix @@ -0,0 +1,14 @@ +{ config, lib, ... }: +{ + options.audio.enable = lib.mkEnableOption "Audio"; + + config = lib.mkIf config.audio.enable { + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + }; +} diff --git a/system/optional/default.nix b/system/optional/default.nix index dd275fcc..705a8255 100644 --- a/system/optional/default.nix +++ b/system/optional/default.nix @@ -1,6 +1,7 @@ { ... }: { imports = [ + ./audio.nix ./nfs.nix ./desktop.nix ./gaming.nix