dev.fron.io rc / 5380d32
meta: move secrets to mercury Tony Olagbaiye 8 months ago
83 changed file(s) with 115 addition(s) and 110 deletion(s). Raw diff Collapse all Expand all
55 ; (locate-dominating-file buffer-file-name ".dir-locals.el")))
66 (compile-command . "env TERM=dumb nix run -vv '.#delta' --show-trace")
77 (eval . (setq projectile-project-compilation-cmd
8 "env TERM=dumb if nix build -vv --show-trace '' if ./result '' git push"))
8 "env TERM=dumb nix build -vv --show-trace && ./result && git push"))
99 )))
+0
-4
.git-crypt/.gitattributes less more
0 # Do not edit this file. To specify the files to encrypt, create your own
1 # .gitattributes file in the directory where your files are.
2 * !filter !diff
3 *.gpg binary
.git-crypt/keys/default/0/4C904255E20CA032C7C4A47A7420820577A31D11.gpg less more
Binary diff not shown
00 .gitattributes !filter !diff
1 .hg/** filter=git-crypt diff=git-crypt
2 secrets/** filter=git-crypt diff=git-crypt
3 legacy/** filter=git-crypt diff=git-crypt
22 .direnv/
33 .#
44 .git
5 .hg
0 { config, pkgs, lib, ... }:
0 { config, pkgs, lib, usr, ... }:
11
22 let
33 hostAddress = "10.8.0.1";
1212
1313 config =
1414 { config, stdenv, ... }:
15
15
1616 {
17 imports = [
17 _module.args = { inherit usr; };
18
19 imports = [
1820 ../modules/services/hydroxide
1921 ../profiles/services/hydroxide
2022 ];
0 { config, pkgs, lib, domains, fetchPullRequest, ... }:
0 { config, pkgs, lib, usr, ... }:
11
22 let
33 cfg = config.services.mastodon;
55 hostAddress = "10.6.0.1";
66 localAddress = "10.6.0.2";
77
8 twitterCfg = with import ../secrets/mastodon.twitter.nix; {
8 twitterCfg = with usr.secrets.mastodon.twitter; {
99 inherit key crt;
1010 keyFile = pkgs.writeText "selfsigned.key" key;
1111 crtFile = pkgs.writeText "selfsigned.crt" crt;
5050 services.mastodon.automaticMigrations = false;
5151 services.mastodon.extraConfig = {
5252 EMAIL_DOMAIN_WHITELIST = lib.concatStringsSep "|" [
53 domains.home
54 #domains.wife
53 usr.secrets.domains.home
54 #usr.secrets.domains.wife
5555 ];
5656 ALTERNATE_DOMAINS = lib.concatStringsSep "," [
57 "mastodon.${domains.srvc}"
58 "microblog.${domains.srvc}"
59 "ublog.${domains.srvc}"
57 "mastodon.${usr.secrets.domains.srvc}"
58 "microblog.${usr.secrets.domains.srvc}"
59 "ublog.${usr.secrets.domains.srvc}"
6060 ];
61 WEB_DOMAIN = "u.${domains.srvc}";
61 WEB_DOMAIN = "u.${usr.secrets.domains.srvc}";
6262 };
63 services.mastodon.localDomain = domains.srvc;
63 services.mastodon.localDomain = usr.secrets.domains.srvc;
6464 services.mastodon.redis = {
6565 createLocally = true;
6666 };
7070 };
7171 services.mastodon.smtp = {
7272 createLocally = true;
73 fromAddress = "mastodon@${domains.srvc}";
73 fromAddress = "mastodon@${usr.secrets.domains.srvc}";
7474 };
7575 services.mastodon.configureNginx = true;
76 services.mastodon.package = with fetchPullRequest {
76 services.mastodon.package = with usr.fetchPullRequest {
7777 id = 78810;
7878 sha256 = "1d2927gwvjh1l2jajvfk4l6q3dsgwi7iq8kndiff06yqi203hv8s";
7979 }; mastodon;
8686 virtualHosts."${cfg.localDomain}" = {
8787 #enableACME = lib.mkForce false;
8888 serverAliases = [
89 "u.${domains.srvc}"
90 domains.srvc
89 "u.${usr.secrets.domains.srvc}"
90 usr.secrets.domains.srvc
9191 "localhost"
9292 "127.0.0.1"
9393 localAddress
104104 networking.extraHosts = ''${localAddress} twitter.com'';
105105
106106 security.acme.acceptTerms = true;
107 security.acme.email = "ssl@${domains.home}";
107 security.acme.email = "ssl@${usr.secrets.domains.home}";
108108 security.pki.certificates = [ twitterCfg.crt ];
109109
110110 boot.enableContainers = true;
131131 systemd.services.twitterpub = {
132132 serviceConfig = let
133133 configToml = pkgs.writeText "twitterpub.toml" ''
134 Domain = "tw.${domains.srvc}"
134 Domain = "tw.${usr.secrets.domains.srvc}"
135135 Listen = ":443"
136136 TLS = true
137137 CertFile = "${twitterCfg.crtFile}"
0 { config, pkgs, lib, domains, flake, ... }:
0 { config, pkgs, lib, usr, flake, ... }:
11
22 let
33 hostAddress = "10.7.0.1";
3232 };
3333 services.matrix-synapse = rec {
3434 enable = true;
35 server_name = "sn.${domains.srvc}";
35 server_name = "sn.${usr.secrets.domains.srvc}";
3636 enable_registration = true;
37 inherit (import ../secrets/matrix.synapse.nix) registration_shared_secret;
38 public_baseurl = "https://matrix.${domains.srvc}/";
39 tls_certificate_path = "/var/lib/acme/${domains.srvc}/fullchain.pem";
40 tls_private_key_path = "/var/lib/acme/${domains.srvc}/key.pem";
37 inherit (usr.secrets.matrix.synapse) registration_shared_secret;
38 public_baseurl = "https://matrix.${usr.secrets.domains.srvc}/";
39 tls_certificate_path = "/var/lib/acme/${usr.secrets.domains.srvc}/fullchain.pem";
40 tls_private_key_path = "/var/lib/acme/${usr.secrets.domains.srvc}/key.pem";
4141 database_type = "psycopg2";
4242 database_args = {
4343 user = "matrix-synapse";
8484 services.matrix-construct = {
8585 enable = true;
8686 useScreen = false;
87 server = "cs.${domains.srvc}";
87 server = "cs.${usr.secrets.domains.srvc}";
8888 package = pkgs.matrix-construct.overrideAttrs (_: {
8989 doInstallCheck = true;
9090 });
33 emacs-loader.steam = {
44 demand = true;
55 config = let
6 creds = import ../secrets/steam.credentials.nix;
6 creds = usr.secrets.steam.credentials;
77 in ''
88 (setq steam-username "${creds.user}")
99 '';
0 { config, lib, usr, pkgs, domains, ... }:
0 { config, lib, usr, pkgs, ... }:
11
22 {
33 emacs-loader.weechat = {
55 package = epkgs: epkgs.weechat-patched;
66 after = [ "tracking" ];
77 config = let
8 creds = import ../secrets/weechat.credentials.nix;
8 creds = usr.secrets.weechat.credentials;
99 in ''
1010 (setq weechat-auto-monitor-buffers t
1111 weechat-completing-read-function 'weechat--try-ivy
2424 (defun bqv/weechat (&rest args)
2525 "Connect to WeeChat [zeta]."
2626 (interactive)
27 (weechat-connect "zeta.${domains.home}" 6697 "${creds.password}" 'ssl))
27 (weechat-connect "zeta.${usr.secrets.domains.home}" 6697 "${creds.password}" 'ssl))
2828 (defun bqv/weechat-local (&rest args)
2929 "Connect to WeeChat [localhost]."
3030 (interactive)
182182 },
183183 "original": {
184184 "owner": "sahib",
185 "ref": "develop",
185186 "repo": "brig",
186187 "type": "github"
187188 }
12511252 "ref": "giara-init",
12521253 "repo": "nixpkgs",
12531254 "type": "github"
1255 }
1256 },
1257 "priv": {
1258 "locked": {
1259 "narHash": "sha256-vmpSosScfx/E0gvm3CxwJO/E0YREDr8j2rNDndkhomk=",
1260 "ref": "default",
1261 "rev": "8c4f4cdd8167ba4bf4d02d96d9ee5ba4d2b15dae",
1262 "revCount": 5,
1263 "type": "hg",
1264 "url": "ssh://bao@delta/../../srv/hg/nixpriv"
1265 },
1266 "original": {
1267 "type": "hg",
1268 "url": "ssh://bao@delta/../../srv/hg/nixpriv"
12541269 }
12551270 },
12561271 "prompt-bar": {
15381553 "pr93659": "pr93659",
15391554 "pr96368": "pr96368",
15401555 "pr99188": "pr99188",
1556 "priv": "priv",
15411557 "prompt-toolkit": "prompt-toolkit",
15421558 "rel1803": "rel1803",
15431559 "rel1809": "rel1809",
77 description = "A highly structured configuration database.";
88
99 inputs = {
10 priv.url = "hg+ssh://bao@delta/../../srv/hg/nixpriv";
11
1012 master.url = "github:nixos/nixpkgs/master"; #|.
1113 staged.url = "github:nixos/nixpkgs/staging"; #| |-- Nix
1214 small.url = "github:nixos/nixpkgs/nixos-unstable-small"; #| |-- pkgs
119121 giara = { url = "git+https://gitlab.gnome.org/world/giara"; flake = false; };
120122 ini2json = { url = "github:anubisss/ini2json"; flake = false; };
121123 mfs-replace-root = { url = "github:hsanjuan/mfs-replace-root"; flake = false; };
122 brig = { url = "github:sahib/brig"; flake = false; };
124 brig = { url = "github:sahib/brig/develop"; flake = false; };
123125 };
124126
125127 outputs = inputs: with builtins; let
574576 megabytes = k: k * 1024;
575577 gigabytes = m: m * 1024;
576578 };
579 inherit (inputs.self.lib) secrets;
580 fetchPullRequest = fetchPullRequestForSystem system;
577581 };
578582
579583 modulesFor = hostName: appendModules: let
580584 specialArgs = {
581585 inherit usr;
582586 flake = inputs.self;
587
583588 fetchPullRequest = fetchPullRequestForSystem system;
584
585 domains = import ./secrets/domains.nix;
586 hosts = import ./secrets/hosts.nix;
589 inherit (inputs.self.lib.secrets) hosts domains;
587590
588591 modules = systemModules ++ [
589592 { _module.args = specialArgs; }
773776 (builtins.readFile /etc/nix/nix.conf)}
774777 experimental-features = nix-command flakes ca-references
775778 print-build-logs = true
776 access-tokens = "github.com=${(import ./secrets/git.github.nix).oauth-token}"
779 access-tokens = "github.com=${inputs.self.lib.secrets.git.github.oauth-token}"
777780 '';
778781 in linkFarm "nix-conf-dir" ( [
779782 { name = "nix.conf"; path = writeText "flakes-nix.conf" nixConf; }
789792 inherit inputs channels config allSystems inputMap patchNixpkgs;
790793 patchedPkgs = patchNixpkgs (channels.modules.legacyPackages.x86_64-linux);
791794
792 #$ git config secrets.providers "nix eval --raw .#lib.secrets"
793 secrets = import ./secrets { inherit lib; };
795 #$ git config secrets.providers "nix eval --raw .#lib.textFilter"
796 textFilter = with inputs.priv.lib.textFilter; join { inherit lib; } list;
797 inherit (inputs.priv.lib) secrets;
794798 };
795799
796800 hydraJobs = rec {
797 tarball = forAllSystems ({ system, pkgs, key ? toString ./secrets/keys/git, ... }:
798 pkgs.runCommandLocal "nixrc" rec {
799 src = builtins.storePath inputs.self.outPath;
800 buildInputs = [ src pkgs.git pkgs.git-crypt ];
801 outputs = [ "out" "tgz" ];
802 } ''
803 git clone --depth=1 file://$src $out && cd $out
804 git-crypt unlock ${key}
805 tar cvz $out > $tgz
806 '');
807801 deployment = forAllSystems ({ system, ... }:
808 (import "${tarball}/configuration.nix" {}).defaultPackage.${system}
802 inputs.self.defaultPackage.${system}
809803 );
810804 };
811805 };
232232 hnix
233233 ];
234234
235 environment.etc."nix/id_zeta.ed25519".source = ../../secrets/keys/nix/id_zeta.ed25519;
235 environment.etc."nix/id_zeta.ed25519".source = "${usr.secrets.keyDir}/nix/id_zeta.ed25519";
236236 environment.etc."nix/id_zeta.ed25519".mode = "0400";
237 environment.etc."ssh/ssh_host_rsa_key".source = ../../secrets/keys/deltassh/ssh_host_rsa_key;
237 environment.etc."ssh/ssh_host_rsa_key".source = "${usr.secrets.keyDir}/deltassh/ssh_host_rsa_key";
238238 environment.etc."ssh/ssh_host_rsa_key".mode = "0400";
239 environment.etc."ssh/ssh_host_rsa_key.pub".source = ../../secrets/keys/deltassh/ssh_host_rsa_key.pub;
240 environment.etc."ssh/ssh_host_ed25519_key".source = ../../secrets/keys/deltassh/ssh_host_ed25519_key;
239 environment.etc."ssh/ssh_host_rsa_key.pub".source = "${usr.secrets.keyDir}/deltassh/ssh_host_rsa_key.pub";
240 environment.etc."ssh/ssh_host_ed25519_key".source = "${usr.secrets.keyDir}/deltassh/ssh_host_ed25519_key";
241241 environment.etc."ssh/ssh_host_ed25519_key".mode = "0400";
242 environment.etc."ssh/ssh_host_ed25519_key.pub".source = ../../secrets/keys/deltassh/ssh_host_ed25519_key.pub;
243 environment.etc."ssh/ssh_host_dsa_key".source = ../../secrets/keys/deltassh/ssh_host_dsa_key;
242 environment.etc."ssh/ssh_host_ed25519_key.pub".source = "${usr.secrets.keyDir}/deltassh/ssh_host_ed25519_key.pub";
243 environment.etc."ssh/ssh_host_dsa_key".source = "${usr.secrets.keyDir}/deltassh/ssh_host_dsa_key";
244244 environment.etc."ssh/ssh_host_dsa_key".mode = "0400";
245 environment.etc."ssh/ssh_host_dsa_key-cert.pub".source = ../../secrets/keys/deltassh/ssh_host_dsa_key-cert.pub;
246 environment.etc."ssh/ssh_host_dsa_key.pub".source = ../../secrets/keys/deltassh/ssh_host_dsa_key.pub;
247 environment.etc."ssh/ssh_host_ecdsa_key".source = ../../secrets/keys/deltassh/ssh_host_ecdsa_key;
245 environment.etc."ssh/ssh_host_dsa_key-cert.pub".source = "${usr.secrets.keyDir}/deltassh/ssh_host_dsa_key-cert.pub";
246 environment.etc."ssh/ssh_host_dsa_key.pub".source = "${usr.secrets.keyDir}/deltassh/ssh_host_dsa_key.pub";
247 environment.etc."ssh/ssh_host_ecdsa_key".source = "${usr.secrets.keyDir}/deltassh/ssh_host_ecdsa_key";
248248 environment.etc."ssh/ssh_host_ecdsa_key".mode = "0400";
249 environment.etc."ssh/ssh_host_ecdsa_key-cert.pub".source = ../../secrets/keys/deltassh/ssh_host_ecdsa_key-cert.pub;
250 environment.etc."ssh/ssh_host_ecdsa_key.pub".source = ../../secrets/keys/deltassh/ssh_host_ecdsa_key.pub;
251 environment.etc."ssh/ssh_host_ed25519_key-cert.pub".source = ../../secrets/keys/deltassh/ssh_host_ed25519_key-cert.pub;
252 environment.etc."ssh/ssh_host_rsa_key-cert.pub".source = ../../secrets/keys/deltassh/ssh_host_rsa_key-cert.pub;
249 environment.etc."ssh/ssh_host_ecdsa_key-cert.pub".source = "${usr.secrets.keyDir}/deltassh/ssh_host_ecdsa_key-cert.pub";
250 environment.etc."ssh/ssh_host_ecdsa_key.pub".source = "${usr.secrets.keyDir}/deltassh/ssh_host_ecdsa_key.pub";
251 environment.etc."ssh/ssh_host_ed25519_key-cert.pub".source = "${usr.secrets.keyDir}/deltassh/ssh_host_ed25519_key-cert.pub";
252 environment.etc."ssh/ssh_host_rsa_key-cert.pub".source = "${usr.secrets.keyDir}/deltassh/ssh_host_rsa_key-cert.pub";
253253 environment.etc."ssh/ssh_revoked_keys".text = "";
254 environment.etc."ssh/ssh_user-ca.pub".source = ../../secrets/keys/deltassh/ssh_user-ca.pub;
255 environment.etc."ssh/ssh_host-ca.pub".source = ../../secrets/keys/deltassh/ssh_host-ca.pub;
254 environment.etc."ssh/ssh_user-ca.pub".source = "${usr.secrets.keyDir}/deltassh/ssh_user-ca.pub";
255 environment.etc."ssh/ssh_host-ca.pub".source = "${usr.secrets.keyDir}/deltassh/ssh_host-ca.pub";
256256 }
1010 iwd = {
1111 enable = useIwd;
1212 networks = lib.mkIf (useIwd)
13 (lib.mapAttrs (k: v: { passphrase = v.psk; }) (import ../../secrets/wifi.networks.nix));
13 (lib.mapAttrs (k: v: { passphrase = v.psk; }) usr.secrets.wifi.networks);
1414 };
15 networks = lib.mkIf (!useIwd)
16 (import ../../secrets/wifi.networks.nix);
15 networks = lib.mkIf (!useIwd) usr.secrets.wifi.networks;
1716
1817 interfaces = [ "wlp0s20f3" ];
1918 userControlled.enable = true;
0 { config, lib, pkgs, hosts, ... }:
0 { config, lib, pkgs, usr, hosts, ... }:
11
22 {
33 imports = [
1616 "Alpha CA" = {
1717 certAuthority = true;
1818 hostNames = [ "*" ];
19 publicKeyFile = ../../secrets/keys/deltassh/ssh_host-ca.pub;
19 publicKeyFile = "${usr.secrets.keyDir}/deltassh/ssh_host-ca.pub";
2020 };
2121 "delta" = {
2222 hostNames = [ "localhost" "127.0.0.1" "::1" ];
23 publicKeyFile = ../../secrets/keys/deltassh/ssh_host_ed25519_key.pub;
23 publicKeyFile = "${usr.secrets.keyDir}/deltassh/ssh_host_ed25519_key.pub";
2424 };
2525 "zeta" = {
2626 hostNames = [ hosts.wireguard.zeta ];
27 publicKeyFile = ../../secrets/keys/zetassh/ssh_host_ed25519_key.pub;
27 publicKeyFile = "${usr.secrets.keyDir}/zetassh/ssh_host_ed25519_key.pub";
2828 };
2929 };
3030 hostKeys = [
0 { config, pkgs, lib, domains, ... }:
0 { config, pkgs, lib, usr, domains, ... }:
11
22 {
33 imports = [
149149 name = "AndroidTV";
150150 host = "192.168.178.128";
151151 }];
152 tuya = import ../../secrets/hass.tuya.nix;
152 tuya = usr.secrets.hass.tuya;
153153 zeroconf = {};
154154 frontend = {};
155155 mobile_app = {};
0 { config, lib, pkgs, ... }:
0 { config, lib, pkgs, usr, ... }:
11
22 {
33 nix.systemFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
8686 experimental-features = nix-command flakes ca-references recursive-nix
8787 preallocate-contents = true
8888 print-build-logs = true
89 access-tokens = "github.com=${(import ../secrets/git.github.nix).oauth-token}"
89 access-tokens = "github.com=${usr.secrets.git.github.oauth-token}"
9090 '';
9191
9292 binaryCaches = [
0 { config, lib, pkgs, inputs, hosts, ... }:
0 { config, lib, pkgs, usr, inputs, hosts, ... }:
11
22 let
33 cfg = config.services.ipfs;
44
5 clusterSecrets = import ../../../secrets/ipfs.cluster.nix;
5 clusterSecrets = usr.secrets.ipfs.cluster;
66
77 mfs-replace-root = pkgs.buildGo114Module {
88 name = "mfs-replace-root";
125125 settings = {
126126 cluster.secret = clusterSecrets.secret;
127127 cluster.peer_addresses = let
128 inherit (import ../../../secrets/ipfs.repo.nix) proxyPeerID;
128 inherit (usr.secrets.ipfs.repo) proxyPeerID;
129129 in [
130130 "/ip4/${hosts.wireguard.delta}/tcp/9096/p2p/${proxyPeerID.delta}"
131131 "/ip4/${hosts.wireguard.zeta }/tcp/9096/p2p/${proxyPeerID.zeta }"
0 { config, lib, pkgs, domains, hosts, ... }:
0 { config, lib, pkgs, usr, domains, hosts, ... }:
11
22 {
33 systemd.services.traefik.serviceConfig.LimitNPROC = lib.mkForce null; # Ridiculous and broken
177177 middlewares = {
178178 redirect-nixrc = {
179179 redirectRegex = let
180 gitcreds = import ../../../secrets/git.github.nix;
180 gitcreds = usr.secrets.git.github;
181181 in {
182182 permanent = false;
183183 regex = "^(https?)://rc.${domains.home}/(.*)";
0 { config, lib, hosts, ... }:
0 { config, lib, usr, hosts, ... }:
11
22 let
3 pubkeys = import ../../../secrets/wireguard.pubkeys.nix;
3 pubkeys = usr.secrets.wireguard.pubkeys;
44
55 network = 24;
66 peers = {
7171
7272 secrets.files = {
7373 wireguard = {
74 file = ../../../secrets/keys/wireguard + "/${config.networking.hostName}.key";
74 file = usr.secrets.keyDir + "/wireguard/${config.networking.hostName}.key";
7575 #user = "root";
7676 #group = "root";
7777 };
0 { config, lib, pkgs, domains, ... }:
0 { config, lib, pkgs, usr, ... }:
11
22 {
33 services.hydroxide = {
44 enable = true;
5 userauths = lib.mapAttrs (_: u: u.auth) (import ../../../secrets/hydroxide.auth.nix);
5 userauths = lib.mapAttrs (_: u: u.auth) (usr.secrets.hydroxide.auth);
66 };
77 }
secrets/default.nix less more
Binary diff not shown
secrets/domains.nix less more
Binary diff not shown
secrets/emacs.user.nix less more
Binary diff not shown
secrets/git.github.nix less more
Binary diff not shown
secrets/git.user.nix less more
Binary diff not shown
secrets/hass.tuya.nix less more
Binary diff not shown
secrets/hosts.nix less more
Binary diff not shown
secrets/hydroxide.auth.nix less more
Binary diff not shown
secrets/ipfs.cluster.nix less more
Binary diff not shown
secrets/ipfs.repo.nix less more
Binary diff not shown
secrets/keys/deltassh/ssh_host-ca.pub less more
Binary diff not shown
secrets/keys/deltassh/ssh_host_dsa_key less more
Binary diff not shown
secrets/keys/deltassh/ssh_host_dsa_key-cert.pub less more
Binary diff not shown
secrets/keys/deltassh/ssh_host_dsa_key.pub less more
Binary diff not shown
secrets/keys/deltassh/ssh_host_ecdsa_key less more
Binary diff not shown
secrets/keys/deltassh/ssh_host_ecdsa_key-cert.pub less more
Binary diff not shown
secrets/keys/deltassh/ssh_host_ecdsa_key.pub less more
Binary diff not shown
secrets/keys/deltassh/ssh_host_ed25519_key less more
Binary diff not shown
secrets/keys/deltassh/ssh_host_ed25519_key-cert.pub less more
Binary diff not shown
secrets/keys/deltassh/ssh_host_ed25519_key.pub less more
Binary diff not shown
secrets/keys/deltassh/ssh_host_rsa_key less more
Binary diff not shown
secrets/keys/deltassh/ssh_host_rsa_key-cert.pub less more
Binary diff not shown
secrets/keys/deltassh/ssh_host_rsa_key.pub less more
Binary diff not shown
secrets/keys/deltassh/ssh_user-ca.pub less more
Binary diff not shown
secrets/keys/nix/id_zeta.ed25519 less more
Binary diff not shown
secrets/keys/wireguard/delta.key less more
Binary diff not shown
secrets/keys/wireguard/phi.key less more
Binary diff not shown
secrets/keys/wireguard/zeta.key less more
Binary diff not shown
secrets/keys/zetassh/ssh_host_dsa_key less more
Binary diff not shown
secrets/keys/zetassh/ssh_host_dsa_key-cert.pub less more
Binary diff not shown
secrets/keys/zetassh/ssh_host_dsa_key.pub less more
Binary diff not shown
secrets/keys/zetassh/ssh_host_ecdsa_key less more
Binary diff not shown
secrets/keys/zetassh/ssh_host_ecdsa_key-cert.pub less more
Binary diff not shown
secrets/keys/zetassh/ssh_host_ecdsa_key.pub less more
Binary diff not shown
secrets/keys/zetassh/ssh_host_ed25519_key less more
Binary diff not shown
secrets/keys/zetassh/ssh_host_ed25519_key-cert.pub less more
Binary diff not shown
secrets/keys/zetassh/ssh_host_ed25519_key.pub less more
Binary diff not shown
secrets/keys/zetassh/ssh_host_rsa_key less more
Binary diff not shown
secrets/keys/zetassh/ssh_host_rsa_key-cert.pub less more
Binary diff not shown
secrets/keys/zetassh/ssh_host_rsa_key.pub less more
Binary diff not shown
secrets/keys/zetassh/ssh_user-ca.pub less more
Binary diff not shown
secrets/leaf.password.nix less more
Binary diff not shown
secrets/mastodon.twitter.nix less more
Binary diff not shown
secrets/matrix.synapse.nix less more
Binary diff not shown
secrets/nyxt.autofill.nix less more
Binary diff not shown
secrets/rescue.nix less more
Binary diff not shown
secrets/root.password.nix less more
Binary diff not shown
secrets/spotify.credentials.nix less more
Binary diff not shown
secrets/steam.credentials.nix less more
Binary diff not shown
secrets/user.description.nix less more
Binary diff not shown
secrets/user.password.nix less more
Binary diff not shown
secrets/weechat.credentials.nix less more
Binary diff not shown
secrets/wifi.networks.nix less more
Binary diff not shown
secrets/wireguard.pubkeys.nix less more
Binary diff not shown
0 { config, pkgs, lib, flake, ... }:
0 { config, pkgs, lib, usr, flake, ... }:
11
22 {
33 imports = [
55 ];
66
77 environment.variables = {
8 GITHUB_TOKEN = (import ../secrets/git.github.nix).oauth-token;
8 GITHUB_TOKEN = usr.secrets.git.github.oauth-token;
99 };
1010
1111 services.dbus.packages = with pkgs; [ gnome3.dconf ];
3838 "adbusers" "dwarffs" "audit"
3939 "ipfs" "syncthing" "aria2"
4040 ];
41 } // import ../secrets/user.password.nix
42 // import ../secrets/user.description.nix;
41 } // usr.secrets.user.password
42 // usr.secrets.user.description;
4343
4444 home-manager.users.bao = let
4545 home-config = config.home-manager.users.bao;
0 { nixosConfig, config, lib, pkgs, hosts, domains, ... }:
0 { nixosConfig, config, lib, pkgs, usr, hosts, domains, ... }:
11
22 {
33 config = {
44 home.file.".config/nyxt/init.lisp".force = true;
55 home.file.".config/nyxt/init.lisp".text = let
6 secrets = import ../../../secrets/nyxt.autofill.nix;
6 secrets = usr.secrets.nyxt.autofill;
77 in ''
88 #+sbcl(declaim (sb-ext:muffle-conditions cl:warning)) ; my GOD sbcl is noisy
99
33 name = "early-init";
44 description = "Executed before initialization.";
55 text = let
6 secrets = import ../../../secrets/emacs.user.nix;
6 secrets = usr.secrets.emacs.user;
77 in ''
88 (setq debug-on-error t)
99
285285 name = "init";
286286 description = "Initialization script";
287287 text = let
288 secrets = import ../../../secrets/emacs.user.nix;
288 secrets = usr.secrets.emacs.user;
289289 in ''
290290 ${startup-pre}
291291
0 { config, pkgs, lib, ... }:
0 { config, pkgs, lib, usr, ... }:
11
22 {
33 imports = [
55 ];
66
77 environment.variables = {
8 GITHUB_TOKEN = (import ../secrets/git.github.nix).oauth-token;
8 GITHUB_TOKEN = usr.secrets.git.github.oauth-token;
99 };
1010
1111 services.dbus.packages = with pkgs; [ gnome3.dconf ];
1616 shell = pkgs.xonsh;
1717 isNormalUser = true;
1818 extraGroups = [ "wheel" "adbusers" ];
19 } // import ../secrets/leaf.password.nix;
19 } // usr.secrets.leaf.password;
2020
2121 home-manager.users.leaf = let
2222 home-config = config.home-manager.users.leaf;
0 { config, lib, pkgs, ... }:
0 { config, lib, pkgs, usr, ... }:
11
22 with lib; let
33 cfg = config.services.spotifyd;
1010 ];
1111
1212 services.spotifyd.settings = {
13 global = import ../../../secrets/spotify.credentials.nix;
13 global = usr.secrets.spotify.credentials;
1414 };
1515 };
1616 }
0 { usr, ... }:
1
02 {
13 users.users.root = {
2 } // import ../secrets/root.password.nix;
4 } // usr.secrets.root.password;
35
46 home-manager.users.root = {
57 imports = [
0 { config, lib, pkgs, domains, ... }:
0 { config, lib, pkgs, usr, domains, ... }:
11
22 with lib; let
33 cfg = config.programs.git;
1919 ];
2020
2121 programs.git = {
22 inherit (import ../../../secrets/git.user.nix) userName userEmail;
22 inherit (usr.secrets.git.user) userName userEmail;
2323
2424 package = pkgs.hiPrio pkgs.gitAndTools.gitFull;
2525 aliases = lib.mkForce { }; # We hate aliases
7575 };
7676 };
7777 github = {
78 inherit (import ../../../secrets/git.github.nix) user oauth-token;
78 inherit (usr.secrets.git.github) user oauth-token;
7979 };
8080
8181 format.pretty = "oneline";
106106 gitget = {
107107 root = "/srv/git";
108108 };
109 inherit (import ../../../secrets/git.github.nix) git-bug;
109 inherit (usr.secrets.git.github) git-bug;
110110 };
111111 };
112112 };