kevin/dotfiles
1
0
Fork 0
mirror of https://github.com/Unkn0wnCat/dotfiles.git synced 2025-05-31 07:16:09 +02:00
Code Issues Projects Releases Wiki Activity

Add setup for kevin-pc

Browse source
This commit is contained in:
Kevin Kandlbinder 2023-02-28 13:49:28 +01:00
parent a1290306de
commit e003c79799
Signed by: kevin
GPG key ID: 1460B586646E180D
7 changed files with 180 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

62
home-manager/kevin/home.nix
View file

@ -46,10 +46,70 @@
discord discord
element-desktop element-desktop
vscode vscode
thunderbird thunderbird-bin
vlc vlc
gimp gimp
blender blender
libreoffice-fresh libreoffice-fresh
yt-dlp
yarn
nodejs
neofetch
inkscape
jetbrains.goland
jetbrains.idea-ultimate
gnomeExtensions.gsconnect
]; ];
home.language = {
base = "en_US";
address = "de_DE";
measurement = "de_DE";
monetary = "de_DE";
name = "de_DE";
paper = "de_DE";
telephone = "de_DE";
time = "de_DE";
};
home.sessionVariables = {
LD_LIBRARY_PATH = "/var/run/current-system/sw/lib";
};
home.sessionPath = [ "$HOME/.local/bin" ];
home.shellAliases = {
".." = "cd ..";
"..." = "cd ../..";
"svim" = "sudo vim";
};
manual.html.enable = true;
manual.manpages.enable = true;
nix.settings = {
sandbox = true;
};
nixpkgs.config = {
allowUnfree = true;
};
programs.aria2.enable = true;
programs.obs-studio = {
enable = true;
plugins = [ ];
};
programs.watson = {
enable = true;
};
services.nextcloud-client = {
enable = true;
startInBackground = true;
};
} }

9
nixos/.sops.yaml
View file

@ -1,14 +1,21 @@
keys: keys:
- &admin_kevin age1tyq4g2hfuy7ffl8lycl3yj6saxyk56z4xlmtz7krlq7djx6l7f9snd56q6 - &admin_kevin age1tyq4g2hfuy7ffl8lycl3yj6saxyk56z4xlmtz7krlq7djx6l7f9snd56q6
- &target_kevin-tp age17963wrexn2ahn0j39sg6h00wc7q7p4spt64yexg5tzk48x7vyv4sz47c0s - &target_kevin-tp age17963wrexn2ahn0j39sg6h00wc7q7p4spt64yexg5tzk48x7vyv4sz47c0s
- &target_kevin-pc age18zsr2dzd23g4x4dsqw5jzn64x7tsezqs72vj2d4hg7r9kxqxuyts69a7zj
creation_rules: creation_rules:
- path_regex: kevin-tp/secrets/[^/]+\.yaml$ - path_regex: kevin-tp/secrets/[^/]+\.yaml$
key_groups: key_groups:
- age: - age:
- *admin_kevin - *admin_kevin
- *target_kevin-tp - *target_kevin-tp
- path_regex: kevin-pc/secrets/[^/]+\.yaml$
key_groups:
- age:
- *admin_kevin
- *target_kevin-pc
- path_regex: shared/secrets/[^/]+\.yaml$ - path_regex: shared/secrets/[^/]+\.yaml$
key_groups: key_groups:
- age: - age:
- *admin_kevin - *admin_kevin
- *target_kevin-tp - *target_kevin-tp
- *target_kevin-pc

7
nixos/flake-module.nix
View file

@ -42,9 +42,14 @@ in
kevin-tp = nixpkgs.lib.nixosSystem { kevin-tp = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = defaultModules ++ homeManagerSetup ++ [ modules = defaultModules ++ homeManagerSetup ++ [
inputs.home-manager.nixosModules.home-manager
./kevin-tp/configuration.nix ./kevin-tp/configuration.nix
]; ];
}; };
kevin-pc = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = defaultModules ++ homeManagerSetup ++ [
./kevin-pc/configuration.nix
];
};
}; };
} }

41
nixos/kevin-pc/configuration.nix Normal file
View file

@ -0,0 +1,41 @@
{ config, pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
../modules/gnome.nix
../modules/pipewire.nix
../modules/avahi.nix
../modules/firewall/kde-connect.nix
../modules/firewall/syncthing.nix
../modules/firewall/wireguard.nix
../modules/yubikey.nix
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.initrd.secrets = {
"/crypto_keyfile.bin" = null;
};
boot.initrd.luks.devices."luks-376a84ea-47d8-494b-aeb4-507ebac2c0fe".device = "/dev/disk/by-uuid/376a84ea-47d8-494b-aeb4-507ebac2c0fe";
boot.initrd.luks.devices."luks-376a84ea-47d8-494b-aeb4-507ebac2c0fe".keyFile = "/crypto_keyfile.bin";
time.hardwareClockInLocalTime = true;
programs.steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
};
networking.hostName = "kevin-pc";
networking.hostId = "5dbf8235";
system.stateVersion = "23.05"; # No touchy. Locks defaults.
}

41
nixos/kevin-pc/hardware-configuration.nix Normal file
View file

@ -0,0 +1,41 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" "wl" ];
boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/d14a7c48-1e05-4754-8250-200b32cb107f";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-981ee52d-7517-422c-9697-c070f288b3b3".device = "/dev/disk/by-uuid/981ee52d-7517-422c-9697-c070f288b3b3";
fileSystems."/boot/efi" =
{ device = "/dev/disk/by-uuid/1503-2535";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/f80d8d89-96e5-4653-92fa-49f740eaf1c1"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

1
nixos/modules/gnome.nix
View file

@ -8,5 +8,6 @@
environment.systemPackages = [ environment.systemPackages = [
pkgs.gnome.gnome-tweaks pkgs.gnome.gnome-tweaks
pkgs.gnome.dconf-editor pkgs.gnome.dconf-editor
pkgs.gnome.gnome-tweaks
]; ];
} }

34
nixos/shared/secrets/passwords.yaml
View file

@ -1,4 +1,5 @@
password_kevin: ENC[AES256_GCM,data:I1v/s/sCqEDdh2tivcxJouWw1X0aXmVVbk5/3cEaJZ1HlOnKhe4mFJgMq4a1foBI6hHhAudjnuwJJwdNFjLnyYb/TOzoTtyXjLKNC3A4kgU+Nl1fDg1B3zFuR4YjcIo5/GV1LuCzJrbZPA==,iv:PcZJOuAY0drEZZSfNca8g4h29PSPAdO91DbxPLHdOek=,tag:QGoO4GqIxADHQsGShvEvdQ==,type:str] password_kevin: ENC[AES256_GCM,data:I1v/s/sCqEDdh2tivcxJouWw1X0aXmVVbk5/3cEaJZ1HlOnKhe4mFJgMq4a1foBI6hHhAudjnuwJJwdNFjLnyYb/TOzoTtyXjLKNC3A4kgU+Nl1fDg1B3zFuR4YjcIo5/GV1LuCzJrbZPA==,iv:PcZJOuAY0drEZZSfNca8g4h29PSPAdO91DbxPLHdOek=,tag:QGoO4GqIxADHQsGShvEvdQ==,type:str]
demo: ENC[AES256_GCM,data:FgsPXA==,iv:KCNG+G3k3Dd4TuBbIqw8ZU8rU2WhN/Tp2PH3x668kNY=,tag:euL1OXbNDLr4HjirLR7lbA==,type:bool]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -8,23 +9,32 @@ sops:
- recipient: age1tyq4g2hfuy7ffl8lycl3yj6saxyk56z4xlmtz7krlq7djx6l7f9snd56q6 - recipient: age1tyq4g2hfuy7ffl8lycl3yj6saxyk56z4xlmtz7krlq7djx6l7f9snd56q6
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Y2FJS2JOUU42ek8wQThu YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxeVQyZi9vWjk2WW4xK3Vy
VWtHRWNMcXB0dFpmTFJ2b1NiTjdkU3l3OHhVCm5hR1VHQURndEJGT1BiTUZFM1hH V04zVTAweHFrZW9XZHZ3ZkZsRmJMUGhPMGo4Cjc5MkZDMFo1ZHJaRzlqTWNSYVBQ
dGdIcnV5L3pPOHhnZzFmZVM3OGp2dFEKLS0tIEM4L0x1aGxOV2dpUTdCYlFCOWhi QVF3NDZ5RGRwYmJRWW9HUm1OS0M4TlUKLS0tIEozelFXWUdta3E3WU43dERmTGxP
MExVTG12bFNXRHdXVThJZ1V2YlIrUlkKrhokMJmFimyuzg1vi/fiiP8XjtKGtxf8 YkZoSlliblVGKzUzQUtQRmJlbytnb2cKnY+6xKzKfCr+9UzEL+ELd8bnbIqjIjaJ
5Usgxglk4o0ElsDryOfFdLJ6YJY78I3dyHzuXWhjbs8toTks/sGSkQ== 9El1Ch8H6Z0Wv0VU3mop3++2ljs62Y7K4qgRvMnADP5wX7VE6ThtPg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17963wrexn2ahn0j39sg6h00wc7q7p4spt64yexg5tzk48x7vyv4sz47c0s - recipient: age17963wrexn2ahn0j39sg6h00wc7q7p4spt64yexg5tzk48x7vyv4sz47c0s
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKb2JBc2RRV3Fwa3RJb3Mx YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDc1BsaUx2OWE3eUx5ckVs
WTlob3plakJBWEJGamNYYUpiclRmd2JySkdnCm9kNGZMQm53cSttNUhhV2xRenJR SDM5WGV6UTZoMk01YUcySEZORXh0ZUZ4VUVRCmxNNFVhRWVBcTVHTDcxZE5XbGVO
OGV5RFV4M25MV0lPQ3BrTmxtQVVlV2MKLS0tIGFDelg2T2JCME9VS2lkYVE1d1lX akZQYXllSnQ3U0k4ZUJZSTNTSlJYNFUKLS0tIFczVGdCdEIzUEJtRFZ0MVFvRzZV
d3FDUFBaLzB4OWRQZkdTaFhJZUZiMGMK1CikqlTxoc2H6nXdWZJUhAy54S8I7yiw czNKcGxDNXlqcVB1bkZ5K2VCR3FvcFUKug+0PR4p5e87WdFHtpYbvjph4H5vftz9
8CzEU3K4s01Hnoj3vhQtXtxIqd2kIqilLlo6QVdb9cbFeMTsUOMqaw== D7YnwbMqwGAHoNBwE9zsxl6KPinql+DCpZBd4O8P4jwQ3pvu/rLoiQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-02-27T14:15:06Z" - recipient: age18zsr2dzd23g4x4dsqw5jzn64x7tsezqs72vj2d4hg7r9kxqxuyts69a7zj
mac: ENC[AES256_GCM,data:ROjkbNrmEn0Hj6KeDW2S8gZ47FherNpy7Lta493QWonfAvFEPdY2nJOa3sVs3maTVzDzmFGqJCLGAO/iyeQqjcdCWtQ/lDqz0MZkzXPLViCRzJrDqp3qBk8pflm8drfsVD+mdYDQ5Alg8ffg/S1F+o+jyKzd94no6pI/m6DJNOI=,iv:9XEMpQ4eO70C1CHrqzbmS8CJvRZtG1WEVd3gfv6DKT0=,tag:ewOuZv/EYXdr2iTaFx8Mag==,type:str] enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDRmkvSHFaaFV1eGVpd1Jr
dUh2UWUxdmVIQVFJKzNab0N0djg5Wi92VjFnClRvMDBiVUNHeWtNUHdJazJxR2lB
MS9OZTNiTlFCZG1tWFdoSGZRV2hRZTQKLS0tIHBIbXBZVzJkYzUvTVFpMDd2d0x3
dGZQQUdxVUN4d3NVVlVMbmt1SnJTQ1kKbzh0vaSeAxUPdj3fLpZFm3APsFwE+i7C
ZzT89bMLeYw9q7FSwLluHR3yfMJanFObpoAs0mH5xFZVad+D5h9GcQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-02-28T12:38:04Z"
mac: ENC[AES256_GCM,data:cy//wjzt4xHPAj0ghDZG5lKZx3fEy7J5UnmIdbztWnWbCfTLS/oxb00qjiJDyquHC5aeKTEXtDrCSWnQF12ya+9i6V0yQJ4CQdkgJ2nFMBj736wVtFHhZCDgbdsAoe7LzQTvyXT1v2HDKUFkNvSry6zsSFDym51vv0oFrTNkfUI=,iv:Y3lWB0DPS6vF+X4QitpXTSkR2ADQ8iuvF9B22ktZnew=,tag:Jr1AmEH8BvgR+O5ZkV8/VA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.7.3