diff options
| author | Preston Pan <ret2pop@gmail.com> | 2025-09-21 20:34:58 -0700 |
|---|---|---|
| committer | Preston Pan <ret2pop@gmail.com> | 2025-09-21 20:34:58 -0700 |
| commit | 11d99a0715cf201a660e33d911c953313fec3796 (patch) | |
| tree | ad5b7a880d65e06025f7d34a8eb05c0e7e82ef9e /nix | |
| parent | 2f6ede5394f46892957369708c14fe6b1c7d6f81 (diff) | |
add support for managing secrets with gnu stow
Diffstat (limited to 'nix')
| -rw-r--r-- | nix/modules/home/user.nix | 11 | ||||
| -rw-r--r-- | nix/modules/home/zsh.nix | 1 | ||||
| -rw-r--r-- | nix/modules/impermanence.nix | 1 | ||||
| -rw-r--r-- | nix/systems/continuity/default.nix | 5 | ||||
| -rw-r--r-- | nix/systems/installer/default.nix | 4 |
5 files changed, 16 insertions, 6 deletions
diff --git a/nix/modules/home/user.nix b/nix/modules/home/user.nix index 6602232..59a11bf 100644 --- a/nix/modules/home/user.nix +++ b/nix/modules/home/user.nix @@ -53,7 +53,8 @@ torsocks tor-browser # For transfering secrets onto new system - magic-wormhole + magic-wormhole stow + # fonts nerd-fonts.iosevka noto-fonts noto-fonts-cjk-sans noto-fonts-emoji fira-code font-awesome_6 victor-mono (aspellWithDicts @@ -116,6 +117,14 @@ nixos-rebuild --sudo --ask-sudo-password --target-host "$1" switch --flake $HOME #!/bin/bash nix run github:nix-community/nixos-anywhere -- --generate-hardware-config nixos-generate-config $HOME/monorepo/nix/systems/spontaneity/hardware-configuration.nix --flake $HOME/monorepo/nix#spontaneity --target-host "$1" '') + (writeShellScriptBin "secrets" + '' +#!/bin/bash +cd "$HOME/secrets" +git pull # repo is over LAN +stow */ # manage secrets with gnu stow +cd "$HOME" + '') ] else [ pfetch diff --git a/nix/modules/home/zsh.nix b/nix/modules/home/zsh.nix index 78f2cc6..6753547 100644 --- a/nix/modules/home/zsh.nix +++ b/nix/modules/home/zsh.nix @@ -21,6 +21,7 @@ }; shellAliases = { + clone-secrets = "git clone ssh://\"$1\"/home/preston/secrets \"$HOME/secrets\""; get-channel-id = "yt-dlp --print \"%(channel_id)s\" --playlist-end 1 \"$1\""; se = "sops edit"; f = "vim $(fzf)"; diff --git a/nix/modules/impermanence.nix b/nix/modules/impermanence.nix index 6305bc5..5a74f6e 100644 --- a/nix/modules/impermanence.nix +++ b/nix/modules/impermanence.nix @@ -84,6 +84,7 @@ ".mozilla" ".bitmonero" ".config" + ".crypto" { directory = ".gnupg"; mode = "0700"; } { directory = ".ssh"; mode = "0700"; } { directory = ".local/share/keyrings"; mode = "0700"; } diff --git a/nix/systems/continuity/default.nix b/nix/systems/continuity/default.nix index 2520712..ca3b5bc 100644 --- a/nix/systems/continuity/default.nix +++ b/nix/systems/continuity/default.nix @@ -6,7 +6,10 @@ ]; config = { monorepo = { - profiles.impermanence.enable = true; + profiles = { + impermanence.enable = true; + secureBoot = true; + }; vars = { device = "/dev/sda"; fileSystem = "btrfs"; diff --git a/nix/systems/installer/default.nix b/nix/systems/installer/default.nix index 6b63984..0341b0d 100644 --- a/nix/systems/installer/default.nix +++ b/nix/systems/installer/default.nix @@ -50,10 +50,6 @@ if [ "$(id -u)" -eq 0 ]; then exit 1 fi -gum style --border normal --margin "1" --padding "1 2" "Notice: if using full disk encryption, write to /tmp/secret.key first with your password." - -sleep 3 - cd "$HOME" ping -q -c1 google.com &>/dev/null && echo "online! Proceeding with the installation..." || nmtui |