Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

more separation

Browse Source
This commit is contained in:
Nathan
2026-04-23 16:03:32 -05:00
parent 779310fb2c
commit 250c949bd6
10 changed files with 105 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.sops.yaml
View File

@@ -27,3 +27,9 @@ creation_rules:
- *laptop - *laptop
- *homebox - *homebox
- *android - *android
- path_regex: users/.*/secrets.yaml$
key_groups:
- age:
- *laptop
- *homebox
- *android

21
modules/features/home-manager.nix Normal file
View File

@@ -0,0 +1,21 @@
{ inputs, ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: {
imports = [
inputs.home-manager.nixosModules.default
];
config = {
programs.fuse.userAllowOther = true;
home-manager = {
backupFileExtension = "backup";
useUserPackages = true;
sharedModules = [];
};
};
};
}

27
modules/features/locale.nix Normal file
View File

@@ -0,0 +1,27 @@
{ ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: {
config = {
time.timeZone = lib.mkDefault "America/Chicago";
i18n = lib.mkDefault {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
};
};
}

21
modules/features/nix.nix Normal file
View File

@@ -0,0 +1,21 @@
{ inputs, ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: {
config = {
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
channel.enable = false;
settings = {
experimental-features = [ "nix-command" "flakes" ];
substituters = lib.mkIf config.programs.hyprland.enable ["https://hyprland.cachix.org"];
trusted-substituters = lib.mkIf config.programs.hyprland.enable ["https://hyprland.cachix.org"];
trusted-public-keys = lib.mkIf config.programs.hyprland.enable ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
};
};
};
};
}

43
modules/features/default.nix → modules/features/remoteBuilds.nix
View File

@@ -1,6 +1,6 @@
{ inputs, ... }: { { inputs, ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: { flake.nixosModules.remoteBuilds = { config, lib, ... }: {
imports = [ imports = [
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
@@ -9,18 +9,13 @@
config = { config = {
nix = { nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
channel.enable = false;
settings = { settings = {
experimental-features = [ "nix-command" "flakes" ];
builders-use-substitutes = (config.sops.secrets ? "remoteBuildKey"); builders-use-substitutes = (config.sops.secrets ? "remoteBuildKey");
substituters = lib.mkIf config.programs.hyprland.enable ["https://hyprland.cachix.org"];
trusted-substituters = lib.mkIf config.programs.hyprland.enable ["https://hyprland.cachix.org"];
trusted-public-keys = lib.mkIf config.programs.hyprland.enable ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
}; };
distributedBuilds = lib.mkDefault (config.sops.secrets ? "remoteBuildKey"); distributedBuilds = lib.mkDefault (config.sops.secrets ? "remoteBuildKey");
buildMachines = lib.mkIf (config.sops.secrets ? "remoteBuildKey") [ buildMachines = lib.mkIf (config.sops.secrets ? "remoteBuildKey") [
{ {
hostName = "esotericbytes.com"; hostName = "esotericbytes.com";
@@ -35,6 +30,7 @@
systems = [ "x86_64-linux" "aarch64-linux" ]; systems = [ "x86_64-linux" "aarch64-linux" ];
} }
]; ];
}; };
users.users."remote-builder" = lib.mkIf (builtins.any users.users."remote-builder" = lib.mkIf (builtins.any
@@ -46,9 +42,9 @@
}; };
sops.templates."remote-builder" = lib.mkIf (builtins.any sops.templates."remote-builder" = lib.mkIf (builtins.any
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null) (x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
(builtins.attrNames config.sops.secrets) (builtins.attrNames config.sops.secrets)
) { ) {
content = builtins.concatStringsSep ''''\n'' (builtins.map content = builtins.concatStringsSep ''''\n'' (builtins.map
(y: config.sops.placeholder.${y}) (y: config.sops.placeholder.${y})
(builtins.filter (builtins.filter
@@ -64,33 +60,6 @@
age.keyFile = "/var/lib/sops/age/keys.txt"; age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFormat = "yaml"; defaultSopsFormat = "yaml";
}; };
programs.fuse.userAllowOther = true;
home-manager = {
backupFileExtension = "backup";
useUserPackages = true;
sharedModules = [];
};
time.timeZone = lib.mkDefault "America/Chicago";
i18n = lib.mkDefault {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
}; };
}; };
} }

1
modules/hosts/homebox/configuration.nix
View File

@@ -13,6 +13,7 @@
avahi avahi
netbird netbird
openssh openssh
remoteBuilds
docker docker

2
modules/hosts/iso/configuration.nix
View File

@@ -37,8 +37,6 @@
]; ];
}; };
sops.defaultSopsFile = ./secrets.yaml;
users.users.nixos.enable = lib.mkForce false; users.users.nixos.enable = lib.mkForce false;
networking = { networking = {

1
modules/hosts/laptop/configuration.nix
View File

@@ -15,6 +15,7 @@
avahi avahi
netbird netbird
openssh openssh
remoteBuilds
]; ];
config = { config = {

7
modules/users/nathan/nathan.nix
View File

@@ -9,13 +9,16 @@
config = { config = {
sops.secrets."nathan/pass".neededForUsers = true; sops.secrets."nathan/pass" = {
neededForUsers = true;
sopsFile = ./secrets.yaml;
};
users.users.nathan = { users.users.nathan = {
shell = pkgs.zsh; shell = pkgs.zsh;
name = lib.mkDefault "nathan"; name = lib.mkDefault "nathan";
isNormalUser = lib.mkDefault true; isNormalUser = lib.mkDefault true;
#hashedPasswordFile = lib.mkIf (cfg.hashedPasswordFile != null) cfg.hashedPasswordFile; hashedPasswordFile = lib.mkDefault config.sops.secrets."nathan/pass".path;
extraGroups = [ "networkmanager" "docker" "libvirtd" "wheel" ]; extraGroups = [ "networkmanager" "docker" "libvirtd" "wheel" ];
openssh.authorizedKeys.keys = lib.mkMerge [ openssh.authorizedKeys.keys = lib.mkMerge [
(useWith (homebox ++ iso) [ (useWith (homebox ++ iso) [

17
modules/users/nathan/secrets.yaml Normal file
View File

@@ -0,0 +1,17 @@
nathan:
pass: ENC[AES256_GCM,data:0hmcbyTLbmadTAMoSeOgBmpqgtCKtfrY1EIxIUoxgo+3297+jZqcsSmhPlFKtbornezm+7uPRzaVRHyp2G0Ee6mG4FbzUfGYFg==,iv:F2aTS/BPPxTemu4vEy9H0FY0HUEBWaRFeaoMr8TJbmA=,tag:Ai90KJluCimR6OG5BtCnVQ==,type:str]
sops:
age:
- recipient: age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5cUF3YWY2STgwc1pzREJP
QndUajV6WUJFZEdtOGNOQ05Ua1hGM25IbzJJCjF3Z24rc0JwMSt5bnpIVDZ0ZGJG
ZE9LdEU3bXhsMUxEL0hlMTNTc0VkR0kKLS0tIHhWOGJocS94eWJUSXdtaldJSG50
TjZCN3RneGtJa0hLNU1yTUlLMDJpcEUKNvpcKkNXeRyFsn0CRjSKNb89l1864I6A
Yzijw0c0BVfivhn2wAyq0fYuw2rT+vIJdFUHvIgxkpkZFl4n/RucOQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-31T19:51:15Z"
mac: ENC[AES256_GCM,data:L4SK7iaPX3dPJTyl2RgSuqMcoFRm8q9k64TsroV3tT1uWn0J9XRBj9KXgGj/qLloQkgmZsmtct8w2x5tYYosh5k1+056/DeTD8l/Nw5339qKJppRjg6jYNtw02ZGPSNFQdmGNQU9NOOuT8Q94sl0mphwlYhFV1Tf1r/AoSg1ja8=,iv:/qEVdxOR8CDJ2plE8Ez9ML+u+lKPmsNfV0GyXgBbQRk=,tag:EyjdJzvuHXn+0+5hOk0dVg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2