diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..fc3ffcc --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,11 @@ +keys: + - &macintosh age1z7ysc378s6rymamdawzav4jg5scl0ufg0lfgx7zuyh234lsnfsrqw9s0cn + - &newton age162v5365xrnzm9tlxy4w3e6fqds7k3h029qezvl73z6rs5skcn9hs7vml45 + - &lisa age14shnplzdf2uatzd7wkvnquqw00zjfly3404ak5lqevajanzdw5qqedjw0y +creation_rules: + - path_regex: secrets/[^/]+\.yaml$ + key_groups: + - age: + - *macintosh + - *newton + - *lisa diff --git a/base.nix b/base.nix index d6d0d1d..a290ce6 100644 --- a/base.nix +++ b/base.nix @@ -1,10 +1,15 @@ -{ config, pkgs, ... }: +{ config, pkgs, sops-nix, ... }: { - imports = [ ./users/julien.nix ]; + imports = [ + ./users/julien.nix + ]; luj.nix.enable = true; + sops.defaultSopsFile = ./secrets/secrets.yaml; + sops.age.sshKeyPaths = [ "/home/julien/.ssh/id_ed25519"]; + time.timeZone = "Europe/Paris"; i18n.defaultLocale = "en_US.UTF-8"; console = { diff --git a/machines/macintosh/home-julien.nix b/machines/macintosh/home-julien.nix index 7be37e8..3c3a87a 100644 --- a/machines/macintosh/home-julien.nix +++ b/machines/macintosh/home-julien.nix @@ -20,12 +20,14 @@ neomutt htop evince + brightnessctl wireguard mosh signal-desktop flameshot ctags ungoogled-chromium + networkmanagerapplet ]; diff --git a/users/julien.nix b/users/julien.nix index 6c1dbd6..35021a0 100644 --- a/users/julien.nix +++ b/users/julien.nix @@ -1,10 +1,15 @@ { config, pkgs, lib, ... }: { + + users.mutableUsers = false; + sops.secrets.user-julien-password.neededForUsers = true; + users.users.julien = { isNormalUser = true; home = "/home/julien"; - extraGroups = [ "wheel" ]; + extraGroups = [ "wheel" "keys"]; shell = pkgs.fish; + passwordFile = config.sops.secrets.user-julien-password.path; openssh.authorizedKeys.keyFiles = [ (pkgs.fetchurl { url = "https://github.com/JulienMalka.keys"; @@ -13,5 +18,5 @@ ]; }; - nix.allowedUsers = [ "julien" ]; + nix.allowedUsers = [ "lol" "julien" ]; }