diff --git a/.sops.yaml b/.sops.yaml index b602e71..cfb8166 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,7 +1,6 @@ keys: - &lander 4BE1257015580BAB9F4B9D5FCA5B1C34E649BF92 - &wodan age15m0pdv8mkt4aue8wjay9k4endyymtka5je3gc2t63dgamfzh9vts7774hh - - &heimdall age1qjl8ql869njgtrytle66ylnnvesxje4nt6jayfwru3ghh002nuzs683n3g - &db-01 age1a5zz4cyda0aqh0hgf8svpyh9ktwy6z5x3gnnu5ysvpvek9rn03csx7dyqn - &hosting-01 age18g4z53ykxzq35dsjq3a2np4f88xwat0kwtax229l3zn0ykhlpvqqy8fgtv - &hosting-02 age1hvrssz7k9akz66evj4kja53zvdtrss8k2ljxsh5myh2mru62sggqznlzrt @@ -12,14 +11,12 @@ creation_rules: key_groups: - age: - *wodan - - *heimdall pgp: - *lander - path_regex: hosts/common/optional/secrets.yam?l$ key_groups: - age: - *wodan - - *heimdall pgp: - *lander - path_regex: hosts/common/servers/secrets.yam?l$ @@ -53,6 +50,5 @@ creation_rules: key_groups: - age: - *wodan - - *heimdall pgp: - *lander diff --git a/flake.lock b/flake.lock index c157077..94d92be 100644 --- a/flake.lock +++ b/flake.lock @@ -414,22 +414,6 @@ "type": "github" } }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1757745802, - "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1757810152, @@ -603,7 +587,6 @@ "home-manager": "home-manager", "nixos-mailserver": "nixos-mailserver", "nixpkgs": "nixpkgs_2", - "nixpkgs-unstable": "nixpkgs-unstable", "nixvim": "nixvim", "sops-nix": "sops-nix", "tidalcycles": "tidalcycles" diff --git a/flake.nix b/flake.nix index 276d2f6..7522da9 100644 --- a/flake.nix +++ b/flake.nix @@ -1,10 +1,9 @@ { - description = "EscapeAngle's Nix config"; + description = "Your new nix config"; inputs = { # Nixpkgs nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; - nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Secrets sops-nix = { @@ -55,26 +54,8 @@ }@inputs: let inherit (self) outputs; - - # I only care about linux builds - systems = [ - "aarch64-linux" - "x86_64-linux" - ]; - - forAllSystems = nixpkgs.lib.genAttrs systems; in { - # custom pkgs - packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system}); - - formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra); - - overlays = import ./overlays { inherit inputs; }; - - nixosModules = import ./modules/nixos; - homeManagerModules = import ./modules/home-manager; - nixosConfigurations = { # Workstations wodan = nixpkgs.lib.nixosSystem { diff --git a/home/lander/global/secrets.yaml b/home/lander/global/secrets.yaml index 4fb0a0a..8e312aa 100644 --- a/home/lander/global/secrets.yaml +++ b/home/lander/global/secrets.yaml @@ -1,36 +1,31 @@ inuits-mail-pass: ENC[AES256_GCM,data:0MqpjT2mmKs9UiY=,iv:yFo08gU4jfocr8yOQKQPBl49lOeE1QZrdsdjjOxp0dE=,tag:o2mOPnNJM0EXvkRep5w92w==,type:str] sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] age: - recipient: age15m0pdv8mkt4aue8wjay9k4endyymtka5je3gc2t63dgamfzh9vts7774hh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhNlo3aFU5cnVUQVNxUDZ5 - SjY4VndITCtsOSsydkJrWjVJOWQ3aWR6OEZZClNwblVWemdQZTJmclcwSzBZV2xX - SXg4dTc1Wkh6NWtpWFhpdnAzZWw5YTgKLS0tIGFUdGtNT09oUlk4MVRNZEtFWVRW - K3BWWUdMcG9RVDBROS9sNmJJNkJUQWcK7bQPtL1Bbzm3DPclbxebByXRPlNNIh3f - xeH+tVOhPEW6BqjwH3s7GYKtmny+ZpF9ppP+KQjzDQKh7sdZtA9nDg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1qjl8ql869njgtrytle66ylnnvesxje4nt6jayfwru3ghh002nuzs683n3g - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzYWV5aE92eER3ZzZjOWE5 - M0FMazBmbzRkZ001TitsV3VCWDVRZldIckFNClQ1cm16bVg0QWVKc2RXdmNseTNW - d3lvbytHcGFLZFZzYjlkcDdYamlhbW8KLS0tIHZHK1c4cXg1S3Z2aTR4RjN5ZU5Z - SVJPeW1XM0RPWWI5L0wzSmFmNWRnZ3MKKbpkILPQB7dpzZQcU45g/4SfCdo8+UJK - 7hrCYeiae9zHu2CfrZqVMkCnAOpda8lL0INLNnrS9hDRNdk3LBLapQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnNjFaMmY0cE5QSWZyUmRh + VnB1cWJub1lZcWZhQjdJMlJCM0tjV1Eya1RVCjlHODZGQVF6R3N4WDd2dlk5WGRU + YlB5eEFDMFcyU1pvM2ZOZjB6dW5uaFkKLS0tIGRvaU1kS2RZc3E0YVUyNy9CSTA0 + Zm84S0dCNmtUeVJwd3JsZFZTZ0NJUjAKS4z1n4Tns76En2Hj+bzxKK9O/8xKvMIW + 7frvaBMIIXN2hZkaGbDladav4Z4h858Pr9QG9pSTvIDlVYnapWYyiw== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-09-05T06:11:39Z" mac: ENC[AES256_GCM,data:SVdNtwrN7MEtXMdWKLQXR9BRlRaYvOBRDLmoDZMkX3t3dlUMR5m5m/btpal1+nPkYjUk58q0hSGA94BREdDTpMYHmvr0V+tWnKsmE8j7r51plN1Dp/4sfgtZBgaqHD2IRDGLI4pW9GCg2fXIxB+BGC6GNU/ZAVbhB4bmzNfFqOY=,iv:ElCt+fJFSjsykoiIS9XO9ViaBJ02Oi169YnUeHiATPk=,tag:vR/KXyuRMnWtW9uXIHNwUw==,type:str] pgp: - - created_at: "2025-09-18T08:29:55Z" + - created_at: "2024-09-05T06:11:29Z" enc: |- -----BEGIN PGP MESSAGE----- - hF4DARdpY4woM6wSAQdAFEieEviKo3vWoXlyXVCr1dAzMVuVpTlNA1gOflXjz0Yw - utn0sKwCWxYVRjzUFNW07c2qsNJcttqXk8+/1NzvnXQDF6NxSm5JO7QKjsx/BTL7 - 0l4B4B1tHqBuNZluTQzKk8sffiqbumUlS5gAWtmxK5DhQ4edgz4aS1ZR2XDTPxBl - NddOSjNdUCUGy4+H/GOZgEdbAdhNdyy7Qj9ZiBxIDDjUDTJ0hhIOG+aEv5APrzXm - =J41I + hF4DARdpY4woM6wSAQdAGSK2AVRQnRUm4xQfA3XsO+PMCN9Gss9+jJOKD+npryYw + DcwFC5udj+M+XPa3Ggk5WK+vC5hkvUrvwsPqILqzJSv7aiSRqmDyoxTVcsVsIXEP + 0l4BXgG9tcQMTu5SjVkeVi5YrS+4GPjmSGXUm83BcJ27CHHv9coGu7wb53KotC2N + xBNBWLrhn37jXovF2EFAMI/CBXU6svqDKYoFHXZpW06LLw/F7EgKd2zHReRVHuwj + =ETqP -----END PGP MESSAGE----- fp: 4BE1257015580BAB9F4B9D5FCA5B1C34E649BF92 unencrypted_suffix: _unencrypted diff --git a/hosts/common/global/secrets.yaml b/hosts/common/global/secrets.yaml index bf8b724..edd1931 100644 --- a/hosts/common/global/secrets.yaml +++ b/hosts/common/global/secrets.yaml @@ -1,36 +1,31 @@ inuits-mail-pass: ENC[AES256_GCM,data:FgZZfDIPcJc4Vn4=,iv:e5yq7bi6peOrf7eehi0860eEY9dFYFjuVOmGOyxSAKY=,tag:V/hY/9zW5Z7NqhW2fzdt2A==,type:str] sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] age: - recipient: age15m0pdv8mkt4aue8wjay9k4endyymtka5je3gc2t63dgamfzh9vts7774hh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0L0tNblo0dFNPVitHZ09p - ZisrQ0ZEbDh3dUZNd3lZYUg5eXNiQytnbVE0CmhJb2tDTUFEeW1jRnhrbnFuaGtm - SE1SMzRKY2JFZ05wMUdyclk1dVJvdzAKLS0tIExsbTFBSmc0L0RXVlhEc2xzKzdW - eEpDL2IvdlVSRWljZGFIMDVWdXdiUjgKsGY7+Qc2baHCuTeqDokf0rxBOWaFdzbL - aDXMGXRMeBWGMMOkKzMNl6+PZOSv4SpwuGYYRoArWpp5AAN0oqeqXw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1qjl8ql869njgtrytle66ylnnvesxje4nt6jayfwru3ghh002nuzs683n3g - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5WkZvT1BCV2tsU2JLN2xV - SW1vOU5tdUVzbjFzYXJ5VElyZnhtd0VyV2tnCjJqNEhmanRQUFliQlJWR1Uvc2R6 - TjBMcFhpZm5qU0dETVNJV2I1K09URE0KLS0tIG0wRXN0ek9TUk8wdWJxMUdkOEcx - dXBrM2JSUmlsTk42Rkg4UnRZejNBVUkK7M3m6+h+bcVufwNYTV6aXGiv7CxpR/KZ - xPtQXAUX+pGff3Vu6oAT0aYHJbaGbeapNVGtvPSXfl6T5JVUFW74tg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3amZHakdya085QjRCVWN5 + OWM0OWh2OVBpYmxYTWVXdXkyck9iVFVJd2dVCk1zU2x0eFNPRmpUcUFTMWpBaHQz + a0ZzTEF0TUlkTmpXV1VEN1JaTHQyY3cKLS0tIEttMmE4UGlIU05oNFR3RnZiNkNU + Q3UyUzRBZW9YNjlVdDF4akRjcEd5K2MK2c3KfLBgnorRQGvW0AcnJmZTc0rJ9BKi + fFuBpIU5GWyd4BvNMF30ChEfJr/CQ3Zh3YEowquVajtBlUGt32nePw== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-08-29T14:26:20Z" mac: ENC[AES256_GCM,data:4yvj8696SpXsEucOShKjMKIiFcq7L0B6KpH6CFw3aIFslMKa1Wa8aQp64F9pF9grWi9LcXG6btL/iOhPvDXeW1VRwtckzuzhFnI+PMuxJmYVNZHvDkUNBpshCI3BvRzEixpqtwXq36AXtrPoHC39ieQy8EIxpJjMksCODyZyBms=,iv:JcbMRmJwEoRgSx1n9Gb6RzMzZvb/3UiEyk3lBvhYF8I=,tag:BKPx2ZTRkNWRNljkrVyoCA==,type:str] pgp: - - created_at: "2025-09-18T08:29:31Z" + - created_at: "2024-08-29T13:58:05Z" enc: |- -----BEGIN PGP MESSAGE----- - hF4DARdpY4woM6wSAQdA+SKggTeVF9E89UzFdgRopXtmDcaVuc9oKKzDlWDpBAsw - qbMTw5nN9TejyZtA6Vs0p48xpSARhtOWiMo/MPfTjtqtYk8/2M7ZCnbqQKLYR23e - 0l4B1PkPKPd3zA49sWSDM4QdDLK7GUxTrTorR/7NWKtmp7o5VtC9YMv0Nq1s6rn0 - q1+CoieqEDGBmcvOk5K9eRaqWCd5Gt4bsSOdrzAi2mWE+e0+VkNTzpsUKLZq1fFP - =7Bvu + hF4DARdpY4woM6wSAQdAwnsdN5NJNjxX8y4uZsQ7KCSSSjsUpN7uCuo634KQPyMw + uVb6m7wa3SfMy6ex6QZqvVDr8hIbFhmB7SwQ0EpcnK+axnMn8ni1fsfRY007+H0e + 0lwBZRErE5y+N+9P16FNnEJfnO2KxtrOIYgIPAeds1mFF6OmbUe5bnWBtl/U74nP + XfuG9segRf/1Alma43FlflacJ5koaxwItj8MSVwsG0YX//78O++h5Wy8JnC1QQ== + =wZyC -----END PGP MESSAGE----- fp: 4BE1257015580BAB9F4B9D5FCA5B1C34E649BF92 unencrypted_suffix: _unencrypted diff --git a/hosts/common/optional/secrets.yaml b/hosts/common/optional/secrets.yaml index 5362372..198807b 100644 --- a/hosts/common/optional/secrets.yaml +++ b/hosts/common/optional/secrets.yaml @@ -2,37 +2,32 @@ restic-environment: ENC[AES256_GCM,data:CkgRnXNGAsVlWWPj4pvADpNTPyufafaO745vySUB restic-password: ENC[AES256_GCM,data:BsJ7fkoeZHxGbKP7YGuD13s1feYWeVj+hg==,iv:vmpWp/vWBt2bw61p43HTp7fuTKOX4k7io/HGt4yPPo4=,tag:f3pfbcWqccKJ1fI00AyKLA==,type:str] restic-repository: ENC[AES256_GCM,data:GAm8+hE96byqeyIb9qQ7QCstBYd0j+WIXp69quZ/f8joH2fUst/Kxb18mOKQozlu6Q==,iv:VQYZmGv+fyyYWUeAQTNiwxhAwR6o0LRw2s6G4lYkkDQ=,tag:P0bAsB3Wp9Vw7YH73XspIg==,type:str] sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] age: - recipient: age15m0pdv8mkt4aue8wjay9k4endyymtka5je3gc2t63dgamfzh9vts7774hh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUWlLQXNWQnV5T1pJbGcy - R0lBY1M2WHVwU3BZeDk3QU4vckJhTUVhK1g4Cml0Mk50cDQwZlIwc2lxb0JwTGRK - YWRZWHZITGxsZFltbDBtb3AzVEx6S0EKLS0tIERvaUVheXl4NUlPS1pZNFlxQnVm - MlM1Ynord1JlWU1WYVJldDNXODdyTGMKyODudvM+gyGRaJgAcG+Fz1M5Ru7RfpPx - rIseYmLvyFjTqGQmXkV5oGwqq5jEZlJwBbxEjl9mHKRiYMjC//8Jtg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1qjl8ql869njgtrytle66ylnnvesxje4nt6jayfwru3ghh002nuzs683n3g - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTZERqL2Y0M0Nvdk1RbU5Q - VEJYRGFBR29mQ01pZjd3UE0xUjRUZEU2cGlBClhVc0xNSm1PME80eVJoc0FObk5T - djlWUis5MHRCbDRKMkFpRHA1TldUWmMKLS0tIGNRL0JwVW9DSXR4czhHYjlSZHJJ - Sm0wclJuU2pZTnVKM1pPMFdkQ3QycHcKTrZzAZsH1fuwUyS7eWBDhuYX42puSRvX - WD+tDdWWSBjUWOxgnA9x9c+eHvKvydK2Ztuo5yFX61b2uP9aMkrVTg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5Q1BObXBYUFhXdStEbWFa + Z29mZXp6NkJZbitZcjhibkl4UGlBazV2MGc4CklZSG82bU9oMUt1WUpUamt2QmpS + VDBqWHBQZGl0YUtXOTFSOThOeGk1YmMKLS0tIFJkSlhibVFwVnl0WHl4aUd4ajRm + RWRuU0tKTzNQb0hwZHZJYlhjZ2lJYkUK6T9iTfsfgajho1UUgcYTQa3ppT0CaoT7 + rVLOyhLGHZLoBkmAm0gTJ1SOFHOyYZMbRMvN2saSLgMIiCuvXm4eEg== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-01-13T17:47:53Z" mac: ENC[AES256_GCM,data:qKEbUu0/kt4eM7JXCOl73hJ3IuHr6kr3A7Y0xdXKZ0A/5Ex2F2dgLRTtmFeEMdmm77dYr6PLm8u+eQ+FmpuMb59+q1Y3k/IUpaQXfBJ6qtQCX5lOxJrE9VpR84OIDVQZ7pKclXuNfc6H+MKlGEbmVRnpdJrd6lWxIkpgwmBLBRc=,iv:xh6ywlS7sn/BVpYpej7mmxV/Be33wvQYn/8glbMLnrA=,tag:iIixjf9VZ6OuP5Pgw0w/WA==,type:str] pgp: - - created_at: "2025-09-18T08:29:44Z" + - created_at: "2025-01-13T15:15:34Z" enc: |- -----BEGIN PGP MESSAGE----- - hF4DARdpY4woM6wSAQdAhtZLnsE71OX18DaQHEW/BMpS/HtQyKCToYUxKgfmV1cw - Cq2OA4I2a/QN/uZeJVAkHjTrasTAK+g2AV5dKjQY2gnD0UXJFDgX9EtpjCPXnMWH - 0l4BNn+Alhf6CBs4k8WOVDV5+rtJRBrmfmMTutQ48279G0JNGEO1MrH8oC6uHzfF - 8SO4niqVL+jE6faaLlEktcVJUTs0HOHlmR7wmF5RHowgVbmYb6OJocv7cqgodhBR - =Dh78 + hF4DARdpY4woM6wSAQdAwVc6Y2JuSKZ+CfVXGcZwXGLPxd4qzYEYCXeVw6fUMn0w + 8nCY3GAdJR2doPeQFtakqulb6sNH+sA2eGSUS1B+MQ7HpxkungLAbWI0wpFYwnfw + 0lwB5Zz4+rRkhPTqQNudTSBHX018kR5/A6/jLslox6vaKesyPIFSMejJqFp3hmHu + 3QoK0HNLTCgmUw4OZsYtgPLw00KxDYNbUN6JY9H/MOuBT3Uwe4y8HXlffPXr1w== + =Csbt -----END PGP MESSAGE----- fp: 4BE1257015580BAB9F4B9D5FCA5B1C34E649BF92 unencrypted_suffix: _unencrypted diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix deleted file mode 100644 index d1e01d6..0000000 --- a/modules/home-manager/default.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - # my-module = import ./my-module.nix; -} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix deleted file mode 100644 index a0e873d..0000000 --- a/modules/nixos/default.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - # my-module = import ./my-module.nix -} diff --git a/overlays/default.nix b/overlays/default.nix deleted file mode 100644 index 888f545..0000000 --- a/overlays/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ inputs, ... }: -{ - # Import custom packages - additions = final: _prev: import ../pkgs final.pkgs; - - # Add modifications here: - modifications = final: prev: { - # example = prev.example.overrideAttrs (oldAttrs: rec { - # ... - # }); - }; - - # add nixpkgs unstable (accessible through pkgs.unstable) - unstable-packages = final: _prev: { - unstable = import inputs.nixpkgs-unstable { - system = final.system; - config.allowUnfree = true; - }; - }; -} diff --git a/pkgs/default.nix b/pkgs/default.nix deleted file mode 100644 index ff4e7fb..0000000 --- a/pkgs/default.nix +++ /dev/null @@ -1,3 +0,0 @@ -pkgs: { - # example = pkgs.callPackage ./example { }; -}