diff --git a/.sops.yaml b/.sops.yaml index 263a152c..540c3533 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -2,19 +2,21 @@ keys: - &kat CD8CE78CB0B3BDD4 # https://inskip.me/pubkey.asc - &mew 65BD3044771CB6FB - &yukari age1n4kdchmkk3rfkaknxhveqr2ftprdpgwckutt23y6u8639lazzuks77tgav +- &koishi age1nr0qds8w3gldmdvhwu0p6w2ys8f4sd0h3xy94h9dsafjzttaypxquzmswc creation_rules: - path_regex: terraform_secrets.yaml$ shamir_threshold: 1 key_groups: - pgp: - *kat -- path_regex: roles/[^/]+/secrets\.yaml$ +- path_regex: nixos/profiles/[^/]+/.*\.yaml$ shamir_threshold: 1 key_groups: - pgp: - *kat age: - *yukari + - *koishi - path_regex: systems/.*\.yaml$ shamir_threshold: 1 key_groups: @@ -22,6 +24,7 @@ creation_rules: - *kat age: - *yukari + - *koishi - path_regex: cluster/cluster.tfvars.sops$ shamir_threshold: 1 key_groups: diff --git a/home/environments/xfce/konawall.nix b/home/environments/xfce/konawall.nix index e53a8aa5..1d3e6521 100644 --- a/home/environments/xfce/konawall.nix +++ b/home/environments/xfce/konawall.nix @@ -34,7 +34,7 @@ in { Restart = "on-failure"; RestartSec = "1s"; }; - Install = {WantedBy = ["xfce4-session.target"];}; + Install = {WantedBy = ["graphical-session.target"];}; }; xdg.configFile = { "konawall/config.toml".source = (pkgs.formats.toml {}).generate "konawall-config" konawallConfig; diff --git a/home/profiles/graphical/media.nix b/home/profiles/graphical/media.nix index 1374ebb2..7930bded 100644 --- a/home/profiles/graphical/media.nix +++ b/home/profiles/graphical/media.nix @@ -13,7 +13,6 @@ in { paused ]; config = { - gpu-context = "wayland"; profile = "gpu-hq"; hwdec = "auto"; vo = "gpu"; diff --git a/nixos/profiles/gaming/minecraft.nix b/nixos/profiles/gaming/minecraft.nix new file mode 100644 index 00000000..787bc89f --- /dev/null +++ b/nixos/profiles/gaming/minecraft.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: { + programs.java = { + enable = true; + }; + environment.systemPackages = with pkgs; [ + ]; +} diff --git a/nixos/profiles/graphical/restic.nix b/nixos/profiles/graphical/restic.nix new file mode 100644 index 00000000..74ea70fa --- /dev/null +++ b/nixos/profiles/graphical/restic.nix @@ -0,0 +1,30 @@ +{ config, ... }: { + sops.secrets.restic-password-file = { + sopsFile = ./restic.yaml; + }; + services.restic.backups = { + ${config.networking.hostName} = { + paths = [ + "/home/kat/Documents" + "/home/kat/Pictures" + ]; + exclude = [ + ]; + extraOptions = [ + "sftp.command='ssh u401227@u401227.your-storagebox.de -i /home/kat/.ssh/id_ed25519 -s sftp'" + ]; + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 2" + "--keep-monthly 6" + ]; + initialize = true; + passwordFile = config.sops.secrets.restic-password-file.path; + repository = "sftp:u401227@u401227.your-storagebox.de:/restic/koishi"; + timerConfig = { + OnCalendar = "00:05"; + RandomizedDelaySec = "5h"; + }; + }; + }; +} \ No newline at end of file diff --git a/nixos/profiles/graphical/restic.yaml b/nixos/profiles/graphical/restic.yaml new file mode 100644 index 00000000..56c604d4 --- /dev/null +++ b/nixos/profiles/graphical/restic.yaml @@ -0,0 +1,51 @@ +restic-password-file: ENC[AES256_GCM,data:6rBPtLlyIV1r+2mGpbFltnj0U0ByB9pqTfYVt8NiQ2w=,iv:sA51mpIzaWkK2KIrpCNVOwT282JiOntZlGMeL3sBAJs=,tag:XB7n+eZzZBFxr9HSpsvgcA==,type:str] +sops: + shamir_threshold: 1 + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1n4kdchmkk3rfkaknxhveqr2ftprdpgwckutt23y6u8639lazzuks77tgav + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwY0tnc2VsNDVKNVkzTlVi + RjBKcC9ncDdUWjBLaU5yRTBaNnNST1V5a3hRCmFhcStyN1dYN3VOaC9UU0hMdTZx + dUdOS1VzWHA2ZUVpemFaMWYrcktPM1EKLS0tIG5hNVk2ZFBIcDhjbFpIQk5YNHpR + TXFkYS9EVHhNNU1pUjZ4SWhadXpTMTgKNjLD330DoQzNUds3hnzfjOHLsSKSsYSX + KT1DSFbeCz5XqUujoMVMOYy6TJq9SuljvOfnXgN38/xvtf9r7469xg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1nr0qds8w3gldmdvhwu0p6w2ys8f4sd0h3xy94h9dsafjzttaypxquzmswc + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1ZEUzWTE5aUVISWRSZGlR + c0Jpd2xwQzhGalBDVVM1b1IxK2czTUlqY1RFCnV2eHFyWm9ldDFkWm8raVJsQXdo + cjllWlJ3aktHdVI0TnBkVXZEWDRtZ00KLS0tIFBjOXMxSjhVZ01RZDJFcFp1ckFv + MUFHTDdyK2hyNjNVZytMaG9OV2ZLdTQKzwfsilRf6qzcvX9fc4mGWRiDzceZd52v + o00QSoB5lsHnD61k+i7D2dho2S8UUUHX3+XhqS2nTuwB9dDA8blFLA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-04-14T16:40:54Z" + mac: ENC[AES256_GCM,data:DYC3dHgLxhDa3Uf7vqWCYjfPUyuQ3XNY998kcJQ4aSkYWCjqSDSjLaw90hghm7on/zh7RGfzAlVre96PCIiKhyJxKr9EbeyAvj9juRO+c49KFR+1hKzNyMm2v+LzlM0hLvkAosuri/UDmy21+Phvyx28oNP7xtQTcbYNGUHOaFY=,iv:ITe9B0JHq4IH2Nf1oIA8+E4UHkVLP0EU0wh+YwEt1zQ=,tag:qj9jfxgYcIYKB4pFSsdgZg==,type:str] + pgp: + - created_at: "2024-04-14T16:40:41Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA82M54yws73UAQ//dA33V4PcTq9q560TK3U99205tuhTmsM2Il/A+g60EVvQ + i3qmLbLw2YrZvMnlLTCmOtI2+zMm0mlSif/8gzZJFQvDB3nWu2kTDQ+X/esOmBNp + U7ZAbx9n/IwRuda3wCouKD8tnxAID3t7EsXSBOuVAGvgqPjtqSKGV0j++u6l9NlB + cKlHGz1dFwVKE89arV6/GOZAAEYZhy+TxvTkllEn+nC+6F386JvCVpngwJFPX1wb + cyoiBvU3c6IQSZbbPj/w6j83oVY2IqG1FJzFD0MfqUqD1f2arPRrWCT7RrLheRWk + nhI941WqclLugxOEgEdivaS7Ok6+dKmDdJ9Qh0D9+0snwlH+W+DPPyIthcGHW2hf + sn+i61IviPmmdZZaOsU20p7GZkhbKVFpbj92NO5ke7agrRxnCznIfeWjUkJ0Ilmi + Tctn/5f6wcrV171w5iVxnjsQ+Rfm+JNQadXGi1xlwR7EvpoRUMPP+gk/2XH2EWeb + Nk2bey2ewadXxcyxtIdXX5CPepVl60/2O6M9EqNmrCzZRXt4FPVoweHE4sxibCCK + gifPKlNtEmf4LjkxDIb9MA1AjQIJLQ0iZdMUI9z7CAP/mr+vG3GU8jau66bC0j1o + k1sDVJ3tEsRX/aK4UOLDFdEXMmz+/tsN5oPStbiT0MglfnNLGMppZsCIxvarXtzS + XgHJ0erGefVRyoH/lh8Hb4+jx5eEAZjZ9+9AkWTF24PV4Rqu+Z+qCOcyKGCx2Ng1 + ApZIcNE4i5wGlpLfD7Z8WxJqsoQjU76ucZ4NZCECl/g8p3CHKOhEf26NFKJF8yM= + =KOfW + -----END PGP MESSAGE----- + fp: CD8CE78CB0B3BDD4 + unencrypted_suffix: _unencrypted + version: 3.8.1