ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

more stuff

Browse source
This commit is contained in:
RingOfStorms (Josh) 2024-09-28 17:22:24 -05:00
parent 921a59a30e
commit d5001107b0
6 changed files with 51 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
hosts/_common/ragenix.nix
View file

@ -31,6 +31,10 @@ in
file = /${settings.secretsDir}/nix2bitbucket.age; file = /${settings.secretsDir}/nix2bitbucket.age;
owner = settings.user.username; owner = settings.user.username;
}; };
nix2gitjosh = {
file = /${settings.secretsDir}/nix2gitjosh.age;
owner = settings.user.username;
};
nix2h001 = { nix2h001 = {
file = /${settings.secretsDir}/nix2h001.age; file = /${settings.secretsDir}/nix2h001.age;
owner = settings.user.username; owner = settings.user.username;

2
hosts/joe/configuration.nix
View file

@ -26,7 +26,7 @@
# test # test
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
34733 # sshd 5173 # test
]; ];
# machine specific configuration # machine specific configuration

30
secrets/nix2gitjosh.age Normal file
View file

@ -0,0 +1,30 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBqNTlD
T0xiZkUwRHNuRkVsUjR0UEo4SDljY2Q4V1E3dVRjK05KNS9KbVdFClRsZEh1RTE0
eFNRZ2p4Y0hsUmw5SWJCTm8zUmwxeDVMTWZpRUNYYXpYK1EKLT4gc3NoLWVkMjU1
MTkgSmh2TCtRIForNlAxdjhmMTQ4SndkYjU4VXY2NkJRYlZhWlY1am5rakVPNzVY
STJsVjQKRlEyZTBKMjR0Zm9vK25wQVJZN29DM1BMTzNmczN4b3FTdlhkdTVzbFlU
cwotPiBzc2gtZWQyNTUxOSBTcENqQlEgbWthZElDWk8vQTdtQXI0WG9JOUllSUw0
Z1drZXBsdE93UlljSGV3RlRRRQpyMC95ZlordEt3MHczcHExZFgvRmZyUWdYS1d6
ckpSSGErWXlOdXh2K0JBCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBuKzlJeTBkdk9j
WVBaUzhtNU85TUVjMm5HaFk5Z05XdG5DT3V3U3l1L2k4Ckc2bTJRVzdQR05LZVhw
QzJTSHpMRDlYK0Y0dWlUaDNNR1ZKem5ZUnQ2ZkEKLT4gc3NoLWVkMjU1MTkgWHpm
bWFRIElPWGFFUDJBeFFHTm1XV0cwTml4Ui9BdVpkVWZ5b2xXNnVEeUx6bVVlVDAK
ZGsxUGxBWjh6UnlBdmd6amx2RStSUmR2QkRmYWVGeDdwRzFCOE5mR3dQWQotPiBz
c2gtZWQyNTUxOSBSNSt4ZncgSnFOdEpXYyszUExmTmkzQ2k4ek5SUCttRW00QVhr
bm9NRzFTRXd6MG1URQplb0xOeHNBSk5xS0E5UU5yelprNWJuTGFNQTVqbGlOVFR5
SHhoRmZLVUpzCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBzZU9raW5BbFVlYnpLYTVS
ZkMzdEdjcW8yT3JTWHEwQm1nZStRMFdqT0RRCllDMFJFaG1QS1k2WUxBd2thdEYv
U1VPU2xqS3ZXeFVkUDhEbHk2cUxhdXcKLT4galUuOSotZ3JlYXNlIG17fjUyKiBW
b2FvcHxOIGxBRHJhRTMKSXlrWgotLS0gVFIyRkgvM2xnT0dzOXp4czVydnBpMUpL
QkFsNEk2ajJKSFFOWk9jS0lMRQrtEhNnuBfnV9FOAc1MMG98x1PWPR1zpEetfW72
7DlOXzxYKb6tNr8IWQuXXR/7fIKp+KKR7vTZyDF6VsuBXBnJQ7WVtNr+6SRodUHL
lBNsnqvzFnTOILj9m5WQ6ufuWcuHc89J6eM/82qc8p3Pk7EkEO/i29q6oiJ5cSI+
jR8f9sdsqwio0EMXQSF7gypfBhOB0grdcws92VEj5GtDfAyRl632SWqxdw16o6dR
S+YhRAdH80mJTFlNzGLYqVXKAiqh0IG2FET1hLhwgm87ug0ZQfbNs2yvvErw9/1A
oWUvEO6RWfTONRpZ5zWTZY9jb3FnFQqtKSB1zt/eAetkDi2gq47oelDroa4jyM3h
ZOe9X8/YsyDalBATNQwYbTDALac3Ybb1nq+CrQf+rrPEgcL9JFLzy4cU+uSxs7gv
cMtKukM2luHqkX3JQw+X5mvj27UTcqGCeTYr3D4kXwZWaj0kjPkmMPrnkuIrBesp
7LlfoXvnpf8EkQjeBRhyk+PNk7GyNqWlGMRekzvSr4060f0CC+bOG//9y6/2Plan
2kKMvF+Ymwtfa05/GE5uL/E6Pg==
-----END AGE ENCRYPTED FILE-----

8
secrets/secrets.nix
View file

@ -18,7 +18,10 @@ let
]; ];
in in
{ {
## To make a new secret: `ragenix --editor=vi -v -e FILE.age` add file below and in the ragenix.nix file ## To make a new secret:
# - FIRST add file below that you want to create
# - cd to the secrets directory here
# - `ragenix --editor=vi -v -e FILE.age` add file below and in the ragenix.nix file
# #
# TODO come up with a rotate method/encrypt the device keys better. This isn't very secure feeling to me the way I am doing this now. If anyone gains access to any one of my devices, then my secrets are no longer secret. This is not a good model. # TODO come up with a rotate method/encrypt the device keys better. This isn't very secure feeling to me the way I am doing this now. If anyone gains access to any one of my devices, then my secrets are no longer secret. This is not a good model.
@ -29,6 +32,9 @@ in
"nix2bitbucket.age" = { "nix2bitbucket.age" = {
inherit publicKeys; inherit publicKeys;
}; };
"nix2gitjosh.age" = {
inherit publicKeys;
};
# Server keys # Server keys
"nix2h001.age" = { "nix2h001.age" = {
inherit publicKeys; inherit publicKeys;

4
users/_common/home_manager/ssh.nix
View file

@ -11,6 +11,10 @@
"bitbucket.org" = { "bitbucket.org" = {
identityFile = age.secrets.nix2bitbucket.path; identityFile = age.secrets.nix2bitbucket.path;
}; };
"git.joshuabell.xyz" = {
identityFile = age.secrets.nix2gitjosh.path;
port = 3032;
};
# PERSONAL DEVICES # PERSONAL DEVICES
"joe" = { "joe" = {
identityFile = age.secrets.nix2joe.path; identityFile = age.secrets.nix2joe.path;

5
users/josh/nix_modules/lua.nix Normal file
View file

@ -0,0 +1,5 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ lua ];
}