john/jsl-home
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: john:main
Branches Tags
john:main john:restic john:sops john:split-graphical john:dev
john:v3 john:v2 john:v1
...
compare: john:c648e45a23d49f66dd851b6606115bf46abda3c1
Branches Tags
john:restic john:sops john:split-graphical john:dev john:main
john:v3 john:v2 john:v1

25 Commits
main ... c648e45a23

Author SHA1 Message Date
John Lancaster
c648e45a23 added test script 2025-07-28 20:34:37 -05:00
John Lancaster
b31f045d45 scripts 2025-07-28 20:29:29 -05:00
John Lancaster
b477744d9b fixes 2025-07-28 19:55:01 -05:00
John Lancaster
e31c9b911d sops key working 2025-07-28 19:20:40 -05:00
John Lancaster
29a1ee26cf base sort of working 2025-07-28 17:43:45 -05:00
John Lancaster
2b2e4ca76a multiple config files 2025-07-28 13:51:42 -05:00
John Lancaster
9542980896 resticprofile build works 2025-07-28 13:18:45 -05:00
John Lancaster
706e9ee95f added uv 2025-07-07 18:02:13 -05:00
John Lancaster
2ebdda4ab4 secret change 2025-07-07 01:15:08 -05:00
John Lancaster
be5a15f3d4 moved sops stuff into sops.nix 2025-07-07 01:10:11 -05:00
John Lancaster
cc396c2daf actually enabled sops 2025-07-07 01:04:48 -05:00
John Lancaster
1fe7f9b901 redid path 2025-07-07 00:53:56 -05:00
John Lancaster
5f3d3a224a fixed inputs for sops 2025-07-07 00:31:27 -05:00
John Lancaster
7eb20ee07d started secrets file 2025-07-07 00:24:22 -05:00
John Lancaster
460f0d132d added sops 2025-07-07 00:22:25 -05:00
John Lancaster
5d5b15fb63 singular lib.optional 2025-07-06 23:59:40 -05:00
John Lancaster
92067f8b69 using mkMerge now 2025-07-06 23:54:22 -05:00
John Lancaster
cc21dcdc92 added sublime and joplin options 2025-07-06 23:47:05 -05:00
John Lancaster
ac9e58ede6 fixed pathss 2025-07-06 23:11:25 -05:00
John Lancaster
be57ba16dd made plugin sciprt optional 2025-07-06 23:08:07 -05:00
John Lancaster
2fd6a2c04a moved keys 2025-07-06 23:07:54 -05:00
John Lancaster
09e941abbd broke out common logic 2025-07-06 21:52:22 -05:00
John Lancaster
e21c901e94 moved options together 2025-07-06 21:42:40 -05:00
John Lancaster
ce738ae612 started splitting up graphical programs because some of them don't really work well on ubuntu 2025-07-06 21:39:41 -05:00
John Lancaster
ddf5bcaeee updated module example 2025-07-06 19:37:15 -05:00
17 changed files with 322 additions and 68 deletions
Expand all files Collapse all files

9
.sops.yaml Normal file
View File

@@ -0,0 +1,9 @@
keys:
- &john-p14s age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy
- &john-pc age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt
creation_rules:
- path_regex: secrets.yaml$
key_groups:
- age:
- *john-p14s
- *john-pc

70
README.md
View File

@@ -40,42 +40,54 @@ nhmu
```nix ```nix
{ {
description = "Home Manager configuration of john"; description = "John's system flake";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
home-manager = { jsl-home = {
url = "github:nix-community/home-manager"; url = "git+https://gitea.john-stream.com/john/jsl-home?ref=dev";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
john-home-config = {
url = "path:/home/john/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
}; };
outputs = outputs = { self, nixpkgs, ... }@inputs:
{ nixpkgs, ... }@inputs: let
let system = "x86_64-linux";
system = "x86_64-linux"; nixosSystem = nixpkgs.lib.nixosSystem;
pkgs = nixpkgs.legacyPackages.${system}; hostName = "john-p14s";
homeManagerConfiguration = inputs.home-manager.lib.homeManagerConfiguration; in
jslDefault = inputs.john-home-config.homeManagerModules.default; {
userName = "john"; nixosConfigurations.${hostName} = nixosSystem {
in specialArgs =
{ {
homeConfigurations."${userName}" = homeManagerConfiguration { inherit inputs;
inherit pkgs; inherit system;
modules = [
jslDefault {
user = "${userName}";
# Add any additional configuration here
}
./home.nix
# Add other home manager modules here
];
}; };
modules = [
./hardware-configuration.nix
./configuration.nix
inputs.jsl-home.nixosModules.default
{
stateVersion = "24.05";
user = "john";
root = true;
ssh = true;
profile = "personal";
enableShell = true;
_1password = true;
docker = true;
graphical = {
steam = true;
vscode = true;
};
extraImports = [
./home-manager/john.nix
./home-manager/gnome.nix
./home-manager/ssh.nix
];
}
];
}; };
};
} }
``` ```

35
flake.nix
View File

@@ -12,6 +12,10 @@
url = "github:nix-community/nixGL"; url = "github:nix-community/nixGL";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = { self, nixpkgs, ... }@inputs: outputs = { self, nixpkgs, ... }@inputs:
@@ -22,12 +26,15 @@
# These will get applied to both the configured user and the root user (if enabled) # These will get applied to both the configured user and the root user (if enabled)
userOptions = config: { userOptions = config: {
openssh.authorizedKeys.keyFiles = lib.optionals config.ssh [ ./personal_keys ]; openssh.authorizedKeys = lib.mkIf config.ssh (lib.mkMerge [
(lib.mkIf (config.profile == "personal") { keyFiles = [ ./keys/personal ]; })
(lib.mkIf (config.profile == "work") { keyFiles = [ ./keys/work ]; })
]);
shell = lib.mkIf config.enableShell pkgs.zsh; shell = lib.mkIf config.enableShell pkgs.zsh;
}; };
mkhomeManagerModules = config: [ mkhomeManagerModules = config: [
self.homeManagerModules.default (self.homeManagerModules.default inputs)
# { inherit (config) extraImports; } # { inherit (config) extraImports; }
{ {
user = config.user; user = config.user;
@@ -38,7 +45,6 @@
_1password = config._1password; _1password = config._1password;
docker = config.docker; docker = config.docker;
graphical = config.graphical; graphical = config.graphical;
steam = config.steam;
} }
] ++ config.extraImports; ] ++ config.extraImports;
@@ -46,7 +52,9 @@
{ {
lib = { inherit mkhomeManagerModules; }; lib = { inherit mkhomeManagerModules; };
homeManagerModules.default = { ... }: { imports = [ ./homeManagerModules ]; }; homeManagerModules.default = inputs: {
imports = [ ./homeManagerModules ];
};
nixosModules.default = { config, ... }: { nixosModules.default = { config, ... }: {
imports = [ imports = [
@@ -54,14 +62,17 @@
inputs.home-manager.nixosModules.default inputs.home-manager.nixosModules.default
]; ];
nix.settings.trusted-users = [ "root" "@wheel" ]; nix.settings.trusted-users = [ "root" "@wheel" ];
users.users.${config.user} = { users.users.${config.user} = lib.mkMerge [
isNormalUser = true; {
description = "John Lancaster"; isNormalUser = true;
extraGroups = [] description = "John Lancaster";
++ lib.optionals config.root [ "wheel" ] extraGroups = []
++ lib.optionals config.docker [ "docker" ] ++ lib.optional config.root "wheel"
++ lib.optionals config.networking.networkmanager.enable [ "networkmanager" ]; ++ lib.optional config.docker "docker"
} // userOptions config; ++ lib.optional config.networking.networkmanager.enable "networkmanager";
}
(userOptions config)
];
users.users.root = lib.mkIf config.root (userOptions config); users.users.root = lib.mkIf config.root (userOptions config);
security.sudo-rs = lib.mkIf config.root { security.sudo-rs = lib.mkIf config.root {

16
homeManagerModules/default.nix
View File

@@ -6,6 +6,7 @@
./ghostty.nix ./ghostty.nix
./git.nix ./git.nix
./shell.nix ./shell.nix
./sops.nix
./ssh.nix ./ssh.nix
./vscode.nix ./vscode.nix
@@ -52,7 +53,7 @@
lazygit lazygit
btop btop
yazi yazi
sops uv
(writeShellScriptBin "nhmu" '' (writeShellScriptBin "nhmu" ''
nix flake update --flake ~/.config/home-manager nix flake update --flake ~/.config/home-manager
nix run home-manager -- switch --flake ~/.config/home-manager --impure nix run home-manager -- switch --flake ~/.config/home-manager --impure
@@ -62,15 +63,10 @@
# # parentheses. Maybe you want to install Nerd Fonts with a limited number of # # parentheses. Maybe you want to install Nerd Fonts with a limited number of
# # fonts? # # fonts?
# (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; })
] ++ lib.optionals config.graphical [ ]
discord ++ lib.optional config.graphical.discord discord
spotify ++ lib.optional config.graphical.joplin joplin-desktop
sublime4 ++ lib.optional config.graphical.sublime sublime4;
joplin-desktop
] ++ lib.optionals config._1password [
_1password-cli
gh # GitHub CLI with 1Password integration
];
# Home Manager can also manage your environment variables through # Home Manager can also manage your environment variables through
# 'home.sessionVariables'. These will be explicitly sourced when using a # 'home.sessionVariables'. These will be explicitly sourced when using a

6
homeManagerModules/ghostty.nix
View File

@@ -1,6 +1,6 @@
{ config, pkgs, lib, nixgl, ... }: { config, pkgs, lib, nixgl, ... }:
{ {
home.sessionVariables = lib.mkIf (config.enableShell && config.graphical) { home.sessionVariables = lib.mkIf (config.enableShell && config.graphical.ghostty) {
TERMINAL = "ghostty"; TERMINAL = "ghostty";
}; };
@@ -9,7 +9,7 @@
nixGL.defaultWrapper = "mesa"; nixGL.defaultWrapper = "mesa";
nixGL.installScripts = [ "mesa" ]; nixGL.installScripts = [ "mesa" ];
programs.ghostty = lib.mkIf (config.enableShell && config.graphical) { programs.ghostty = lib.mkIf (config.enableShell && config.graphical.ghostty) {
enable = true; enable = true;
enableZshIntegration = true; enableZshIntegration = true;
package = config.lib.nixGL.wrap pkgs.ghostty; package = config.lib.nixGL.wrap pkgs.ghostty;
@@ -52,7 +52,7 @@
}; };
# https://github.com/ghostty-org/ghostty/discussions/3763#discussioncomment-11699970 # https://github.com/ghostty-org/ghostty/discussions/3763#discussioncomment-11699970
xdg.desktopEntries."com.mitchellh.ghostty" = lib.mkIf (config.enableShell && config.graphical) { xdg.desktopEntries."com.mitchellh.ghostty" = lib.mkIf (config.enableShell && config.graphical.ghostty) {
name = "Ghostty"; name = "Ghostty";
type = "Application"; type = "Application";
comment = "A terminal emulator"; comment = "A terminal emulator";

46
homeManagerModules/restic/flake.nix Normal file
View File

@@ -0,0 +1,46 @@
{
description = "Flake packaging resticprofile with a Home Manager module for programs.resticprofile";
inputs = {
nixpkgs.url = "nixpkgs/nixos-unstable"; # Use latest Nixpkgs for Go package build
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, nixpkgs, home-manager }:
let
systems = [ "x86_64-linux" "aarch64-linux" ];
# Define a function to build the resticprofile package for a given system:
resticprofilePkg = { pkgs, lib, ... }:
pkgs.buildGoModule rec {
pname = "resticprofile";
version = "0.31.0";
src = pkgs.fetchFromGitHub {
owner = "creativeprojects";
repo = "resticprofile";
rev = "v${version}";
sha256 = "sha256-ezelvyroQG1EW3SU63OVHJ/T4qjN5DRllvPIXnei1Z4="; # source tarball hash
};
vendorHash = "sha256-M9S6F/Csz7HnOq8PSWjpENKm1704kVx9zDts1ieraTE="; # Correct vendor hash
goPackagePath = "github.com/creativeprojects/resticprofile";
doCheck = false; # Disable tests due to sandboxed build environment
meta = with lib; {
description = "Configuration profiles manager and scheduler for restic backup";
homepage = "https://creativeprojects.github.io/resticprofile/";
license = licenses.gpl3Only;
maintainers = [ ]; # (Add yourself or skip)
};
};
in {
# Provide the package for all supported systems:
packages = nixpkgs.lib.genAttrs systems (system:
let pkgs = import nixpkgs { inherit system; };
in { resticprofile = resticprofilePkg { inherit pkgs; lib = pkgs.lib; }; }
);
# Provide the Home Manager module
homeManagerModules = {
resticprofile = import ./resticprofile.nix;
};
};
}

38
homeManagerModules/restic/profiles/base.nix Normal file
View File

@@ -0,0 +1,38 @@
{ lib, config, ... }:
{
base = {
repository = "local:/mnt/backup";
password-file = "${config.xdg.configHome}/resticprofile/password.txt";
status-file = "{{ .ConfigDir }}/backup-status.json";
retention = {
after-backup = true;
keep-last = "10";
keep-hourly = "8";
keep-daily = "14";
keep-weekly = "8";
};
backup = {
verbose = true;
exclude = [
".vscode-server"
".cache"
".venv"
".pyenv"
"data/postgres"
"build"
"__pycache__"
"*.log"
"*.egg-info"
"*.csv"
"*.m4a"
];
schedule-permission = "user";
schedule-priority = "background";
check-after = true;
};
prune = {
schedule-permission = "user";
schedule-lock-wait = "1h";
};
};
}

68
homeManagerModules/restic/resticprofile.nix Normal file
View File

@@ -0,0 +1,68 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkEnableOption mkOption mkPackageOption mkIf types;
cfg = config.programs.resticprofile;
yamlFormat = pkgs.formats.yaml { };
baseProfile = import ./profiles/base.nix { inherit lib config; };
profiles = lib.recursiveUpdate baseProfile cfg.profiles;
in {
options.programs.resticprofile = {
enable = mkEnableOption "Enable resticprofile (Restic backup profile manager)";
package = mkPackageOption pkgs "resticprofile" { };
# Multiple configuration files support
profiles = mkOption {
type = types.attrsOf yamlFormat.type;
default = { };
description = ''
Multiple configuration files for resticprofile. Each attribute name
becomes a YAML file under `$XDG_CONFIG_HOME/resticprofile/`.
'';
example = {
common = {
repository = "local:/backup";
passwordFile = "password.txt";
includes = [ "common.yaml" ];
backup = {
source = [ "/home/user/Documents" ];
schedule = "12:30";
};
forget = {
keep-daily = 7;
keep-weekly = 4;
keep-monthly = 6;
};
};
};
};
};
config = mkIf cfg.enable (
let
resticprofileCmd = ''
${cfg.package}/bin/resticprofile --config "${config.xdg.configHome}/resticprofile/profiles.yaml"
'';
in {
# Add a script to manually unschedule and reschedule all resticprofiles
home.packages = [
cfg.package
(pkgs.writeShellScriptBin "rp" ''
set -e
sudo ${cfg.package}/bin/resticprofile --config "${config.xdg.configHome}/resticprofile/profiles.yaml" $@
'')
(pkgs.writeShellScriptBin "rps" ''
set -e
rp unschedule --all
rp schedule --all
'')
(pkgs.writeShellScriptBin "rp-test" "rp run-schedule backup@default --dry-run")
];
xdg.configFile."resticprofile/profiles.yaml".source = yamlFormat.generate "profiles" {
version = "2";
profiles = profiles;
};
}
);
}

4
homeManagerModules/shell.nix
View File

@@ -38,7 +38,9 @@
}; };
shellAliases.ls = "${pkgs.eza}/bin/eza -lgos type --no-time"; shellAliases.ls = "${pkgs.eza}/bin/eza -lgos type --no-time";
initContent = lib.mkIf config._1password '' initContent = lib.mkIf config._1password ''
source ${config.home.homeDirectory}/.config/op/plugins.sh if [ -f "${config.home.homeDirectory}/.config/op/plugins.sh" ]; then
source ${config.home.homeDirectory}/.config/op/plugins.sh
fi
''; '';
}; };
} }

24
homeManagerModules/sops.nix Normal file
View File

@@ -0,0 +1,24 @@
{ inputs, config, pkgs, lib, ... }:
let
sopsConfigPath = "${config.home.homeDirectory}/.config/home-manager/jsl-home/.sops.yaml";
sopsSecretsPath = "${config.home.homeDirectory}/.config/home-manager/jsl-home/keys/secrets.yaml";
in
{
imports = [
inputs.sops-nix.homeManagerModules.sops
];
sops = {
# It's also possible to use a ssh key, but only when it has no password:
age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
defaultSopsFile = ../keys/secrets.yaml;
defaultSopsFormat = "yaml";
};
home.packages = with pkgs; [
(writeShellScriptBin "edit-secrets" ''
sops --config ${sopsConfigPath} ${sopsSecretsPath}
'')
sops
age
];
programs.zsh.shellAliases.sops = lib.mkIf config.enableShell "sops --config ${sopsConfigPath}";
}

8
homeManagerModules/ssh.nix
View File

@@ -8,6 +8,14 @@
''; '';
matchBlocks = lib.mkMerge [ matchBlocks = lib.mkMerge [
(lib.mkIf (config.profile == "personal") { (lib.mkIf (config.profile == "personal") {
"ad-nix" = {
hostname = "192.168.1.201";
user = "appdaemon";
};
"docs" = {
hostname = "192.168.1.110";
user = "root";
};
"panoptes" = { "panoptes" = {
hostname = "192.168.1.107"; hostname = "192.168.1.107";
user = "panoptes"; user = "panoptes";

2
homeManagerModules/vscode.nix
View File

@@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
programs.vscode = lib.mkIf config.graphical { programs.vscode = lib.mkIf config.graphical.vscode {
enable = true; enable = true;
package = pkgs.vscode; package = pkgs.vscode;
profiles.default.extensions = with pkgs.vscode-extensions; [ profiles.default.extensions = with pkgs.vscode-extensions; [

0
personal_keys → keys/personal
View File

36
keys/secrets.yaml Normal file
View File

@@ -0,0 +1,36 @@
restic_password:
john_ubuntu: ENC[AES256_GCM,data:Q4lUaFFDgoK9k4kQj7hSVKaFDGW0T+6V+OpFU5R528R3EKM7YJMgcFX+sK3mWl9XA4/6E1GeINpIqOpx+FP5Cf/8qt9sXBXCmXXSYdA4IH3RS6a1NkcIVjsTMvpn4q/fslCeYN4LB+r4pBGmdca105miqVun8J69cZGwjZ+wuxrMAP+mdnHdSUPycjNWJJzmEa3waQsygAi4A5cAN5sigOPBxe2pCTh/FEKoTgWmzHGJvcjrzuL6wNOpQrkMWwTsHCtbe9dyMP/fQpoBgYDT4W9Rd4XHhbrooje+g3x48EL1rkRIVVNRavpRUih/mjcdJGzzJ6jZmLLcc1f7SZIKZht7f+ZcdZl3rKQB+WanZgK/KAgKBRCrbIk2eeBZwkcRSw5kmGFU7x0azdIipJYj+3KHHQS5S2VW4j2tQG74xK3qaNJcSMjpKmdI1dHcPf0x2ILaDDV9Ts0H4GTOB2zO9iGy7x2tdPd4tugxxk5rr5rphTZL3lgUf0Ri/qMkJh9I8CsjUdvRycHeIEUZPmEVaIqJC2jrd2pBslis5VWD/6PHQBCob07d1fcpIYox4YXM3GcLg3OxiD8nZ7DTzGRMhciZtTKKWbBT8qzPud4ZQvDkT5l+XOpeM13wXFIMa13CwOzYeyWjycED0VQ/i3XRw9+9lg3cosfxaPdaFtv4MjV7Od62G/UJw3OxaQOHM2y24N+Q0pSBoTdDAFwDCH/kcqZji6ZrVTu4Rad8opcILJJcqC+pjegDvBtUdDz+G3/dFiS6m8RYIRb7qB5yEX/lCgzlECmRS2XP8uraNJ5NN8rtk0gdBtaI9/78YyAjLLGkjIcIR4uJA5buCZBR9jIdqf4f52fowbx18VPrwFXN2mYX6mPsKbDmaz0ILHq/I9n8bS/KM7gIQmTw/RAUwnmL4IRu8zHn6nmIqj6d8AkjYx7s6pG8OF8LgfhqZT7tdPKCd+n/HnYn1fZGSw26zHzPd4nKnVV1e3NYvX6CVwVycerGs9elOKtOI8GsrWYyXzJbfC+nWxbHKI/t6sxyzTBrHPR4r6l/CchQF+SfBs5aELKExe7h325qBB2y6EFdkbxTj1tPGqxttp9xJB1LUyNtwsEAkpD44JNqPxZCYHQbeVE3Oo3TYtRUSVWREc1WNIsfSG/anScYUhDEah9YyIdiG+O71QqegunusLoxmpF2rQtx7shtAvJV3skDBB0tFDoQyIV+yPo7kPV0D7Ig+Ba+mk5ASJrT9DXZ53Q2CCTLAuslU4MP7g22RX8rU3s2hFJq8m7wvMwpqa9Tr6O38i1wX4PhG1VRMM8EIlMQnLWWKmni6NbOYiRxFYJMioxH5SyE4ODQYXy5YIuLoRsX8VR6UqJ1GZb7sJf3M1aPOFOHzTN9hnziTRRe1KCMoBrAghrqhvL1VRr9X5PYMxnjBh6o0d5YTN0WOGD2iEVbCzqxFXcxQZBBp4KyNAAhFhGNw8WUp/rVoyCYn7+OEYFspY4FmGMTYhvxbq5LEptXeQgOP2ggBkqsw8sYP9oj1cb4kzBNv8M7nR9kM1EqvZpFV47phoTbBeMY4DZOJodkASFVM5/7ijWy/M9rtWMFMCXKURKkAQJRFADs0KqMJ5osnFFnubX7vKgK736XXF4+wIQuuHqEsYDZ90ftInxq8sYRnb2FZ0EV4yc8qqnz++fjwrAA5EV+zhL6l6hum1zL8JkUJ1ICKZ905If6nIeoul8MY3B1Cz4W+osN2Wtl8OeJ2t3iZx3wk/unVa8uDZH1owu47He68e2V8vpYxOaW4/hLyy/XuL5DukETrhRjC+7GbEaKaCwoA2UwAdqU,iv:N8ek+tp16WiZgjTDxXb0CRXH+MbLsl/oZ/OwcOoVRO0=,tag:uIzCSX0R/EObF/RdWxj64w==,type:str]
hello: ENC[AES256_GCM,data:g/YDwjNQLs4pFRzFO3nwcbmeJd6tMLNNhhnSsAFyOQ8U8yjjUoCReDvrqpqBXIP1T9B80qyBVzxBY2bAYg==,iv:YdiJdG1ZjA95DGArtfaF1E8LomqW6oHCLmoSLQvwP+k=,tag:/ipWczAvhcjw5Jv7nvMF8A==,type:str]
example_key: ENC[AES256_GCM,data:cLLYEiJbKg60ANK/h+kG,iv:1yrJt5JhbDP/9/Wb2l93fjwQF1hxERnxjPZ6qF4S/Bw=,tag:wbboaGylFJRSj4/TB+RCZg==,type:str]
#ENC[AES256_GCM,data:c0Ay18GCW/gowNHmF67TMg==,iv:T+FN8xaVilVSETMQztl6lmpLqnGiyrXhJvWsO+dBdd0=,tag:1D6TkngB116dOeCAX85djg==,type:comment]
example_array:
- ENC[AES256_GCM,data:yUJ7p5VfyQUANjbuz48=,iv:XTGb97tMV3mkPwNyKetSflLLlE31g9UgMPcelMPpNZ0=,tag:j5muB72Ogc/gtenvsWvpbQ==,type:str]
- ENC[AES256_GCM,data:8eQ2clCNBxPfdycPMOo=,iv:C9iT+wJH9ENJShNYo3IGceRwHyrlU6LUE7jpc+72KOw=,tag:YTbZqYJVMUoTRqD2ujTOvg==,type:str]
example_number: ENC[AES256_GCM,data:LhABh/RtBsdKAg==,iv:JGYFnixDNZUIRKJcuaenvO8D60T+Jvx/R7SWxbIPXsM=,tag:+1b/aj3x1yfQZ2j4OM5dcg==,type:float]
example_booleans:
- ENC[AES256_GCM,data:pGnelw==,iv:KAayJZ8px4Qupv0NfapSQ6valrVKndEtCb3U4MTmK/U=,tag:lkl+zBgkEMbFQjNssxYQjg==,type:bool]
- ENC[AES256_GCM,data:Vqqfp2w=,iv:SC1DS7G9/lHYtA6PPRbVsi/ZhyNUYvRjXxHIqCxqEPA=,tag:9hv6F1rP7xSd08KCKkuiLQ==,type:bool]
sops:
age:
- recipient: age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoWkxDSnlNT2Vua1ZXWC8r
SU9UMnhaVXVEVlZGL3dtYTBJSzNGbHVaSTJNCm9ZTFM3RndpRktUcWhwZk1Fc2dk
ZGtoWXdoOWVyK1F0YStSS3dsMkg2R28KLS0tIFkrdVFZNlVxRjhPaWdMZXl2elV3
TVpyTzFsNFNmd3FNU0tlMnlTOHNTQWsKfKdN4epZokF74bCNr9+jxulZJFBQM83P
quMhl+H85My8jAsEeC9CW7y2jdNPJkfk9gHun4ozoW8U7o6y5RLfJg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSakZRUnkraWtId2h3eUhB
REpkUHhYMm1MSmtFU2pvd1BpQ0xRTTlCWkZJCkxrTm1sdDBqclJ3RHR6VkllOFpo
ZXRtS2lsazRDS2lyRnZmT3FTTjJ6WUUKLS0tIExxNlFoeDhHQ3l5a1VvUHNRWUdw
Mms2UEhFSU82UWR5Z1VvU25qenJUQm8KtQeZDIfJIczm1l8ql/WmVEf8KI9dg0vw
9rNSjtBkEttVd21zUSOziG4513abllE8NFTkAc1z3HacuXpHTBnd5A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-29T00:12:59Z"
mac: ENC[AES256_GCM,data:5dQiEDyfeIYJt/l1wWH8y5cQm7+PqnUDwezCmyP7nvXs0z1lupYOHV62L5hqeQb7AELi4TriOokra4XdhHfr/QnI9capnYV6qTQrfvBE0EKsUQlxTmE6EnnTQuOWQy1iL8XgM3toEIH2mW2QNwme9k3fF/gGA8bL9t0+OEYGasU=,iv:kVDSFTHQG95rDfkp8sWJnxRQ5Wd9BjfPEzmuMm+alY0=,tag:3KFmBgW6pEEBFkOa14brDw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

0
work_keys → keys/work
View File

26
nixosModules/options.nix
View File

@@ -60,15 +60,19 @@
description = "Whether to enable docker stuff"; description = "Whether to enable docker stuff";
}; };
options.graphical = lib.mkOption { options.graphical =
type = lib.types.bool; let
default = false; boolOption = lib.mkOption {
description = "Whether this system has a graphical environment"; type = lib.types.bool;
}; default = false;
};
options.steam = lib.mkOption { in
type = lib.types.bool; {
default = false; discord = boolOption;
description = "Whether this system has Steam installed"; ghostty = boolOption;
}; joplin = boolOption;
steam = boolOption;
sublime = boolOption;
vscode = boolOption;
};
} }

2
nixosModules/steam.nix
View File

@@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
programs.steam = lib.mkIf config.steam { programs.steam = lib.mkIf config.graphical.steam {
enable = true; enable = true;
gamescopeSession.enable = true; gamescopeSession.enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play