Add secrets for laptop

.sops.yaml

@@ -1,11 +1,16 @@
 keys:
   - &admin_ankaa age1079fszreaakwf6xnwu9kra8xcsp4e8q8ed3y99yrhjnz9n3t9pnsj05m97
+  - &admin_alpheratz age1gdtjn3jgvvvspa86q3lnklflnvyf3s75y2rw23l7nk7hwcsfpg7qkq7msr
   - &server_diphda age1rxqyz6watg05r3rzlme7grpgfgezhlt535gdl7psqys2ec8eegmqchfk4d
 creation_rules:
   - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
     key_groups:
     - age:
       - *admin_ankaa
+  - path_regex: secrets/alpheratz/[^/]+\.(yaml|json|env|ini)$
+    key_groups:
+    - age:
+      - *admin_alpheratz
   - path_regex: secrets/diphda/[^/]+\.(yaml|json|env|ini)$
     key_groups:
     - age:

flake.lock

@@ -2,8 +2,8 @@
   "nodes": {
     "currentSystem": {
       "locked": {
-        "lastModified": 1718580560,
+        "lastModified": 1717805060,
-        "narHash": "sha256-M69Hx8goDX65ZC/F7ENITsGr3XYBCSsa4B+vDOnOGXs=",
+        "narHash": "sha256-jgZROz6KZg2bOy4PGGd/vzpmn7v22+C+2Ivwfk26OXo=",
         "path": "/etc/nixos/hostname",
         "type": "path"
       },

flake.nix

@@ -106,7 +106,6 @@
 
             networking = {
                 wireguard.enable = true;
-                nameservers = [ "192.168.0.100" ];
             };
 
 
@@ -143,7 +142,6 @@
 
             networking = {
                 wireguard.enable = true;
-                nameservers = [ "192.168.0.100" ];
             };
         };
 

hosts/alpheratz/dotfiles/fish/config.fish

@@ -1,13 +1,41 @@
 if status is-interactive
-    ### Local environment variables
+    fish_add_path "/home/eesim/.cargo/bin/"
+
+    set fish_greeting
+
+    set fish_cursor_default block
+    set fish_cursor_insert line
+    set fish_cursor_replace_one	underscore
+    set fish_cursor_replace underscore
+    set fish_cursor_external line
+    set fish_cursor_visual block
+
+    function fish_mode_prompt
+    end
+
+    ### Local environment variables
+    set -x DENO_INSTALL "/home/eesim/.deno"
+
+    direnv hook fish | source
+
+end
+
+if status is-login
+
+    # SSH settings
+    eval (ssh-agent -c)
+    ssh-add /home/eesim/.ssh/id_ed25519
+
+    # Set environment variables in /etc/profile.d/
+    # exec bash -c "test -e /etc/profile && source /etc/profile"
+
+    # Disable GTK portal
+    set -x GTK_USE_PORTAL "0"
+
+
+    # Java fix
+    set -x _JAVA_AWT_WM_NONREPARENTING "1"
 
-    set -g fish_greeting
-    set -g fish_cursor_default block
-    set -g fish_cursor_insert line
-    set -g fish_cursor_replace_one underscore
-    set -g fish_cursor_replace underscore
-    set -g fish_cursor_external line
-    set -g fish_cursor_visual block
 
 end
 
@@ -15,33 +43,3 @@ if test (tty) = "/dev/tty1"
     sway
 end
 
-if status is-login
-
-    ### Environment Variables
-
-    # Set nvim to default editor
-    set -x SUDO_EDITOR = "/usr/bin/nvim"
-
-    # Set R library location
-    set -x R_LIBS_USER = "/home/eesim/.local/lib/R"
-
-    # Disable GTK portal
-    set -x GTK_USE_PORTAL=0
-
-    # Wayland environment variables
-    set -x XDG_CURRENT_DESKTOP = "sway"
-    set -x XDG_CURRENT_SESSION = "sway"
-    set -x XDG_SESSION_TYPE = "wayland"
-    set -x ELECTRON_OZONE_PLATFORM_HINT = "auto"
-    set -x QT_QPA_PLATFORM = "wayland;xcb"
-    set -x SDL_VIDEODRIVER = "wayland,x11"
-
-    # Java fix
-    set -x _JAVA_AWT_WM_NONREPARENTING = "1"
-
-    ### Themes
-    set -x QT_QPA_PLATFORMTHEME = "qt5ct"
-
-    ### Start fish
-    exec fish
-end

hosts/alpheratz/system.nix

@@ -22,6 +22,14 @@
         };
     };
 
+    sops = {
+        defaultSopsFile = ../../secrets/alpheratz/secrets.yaml;
+        age.keyFile = "/home/eesim/.config/sops/age/keys.txt";
+
+        secrets."wireguard/private" = {};
+        secrets."wireguard/preshared" = {};
+    };
+
     # Use the systemd-boot EFI boot loader.
     boot.loader.systemd-boot.enable = true;
     boot.loader.systemd-boot.xbootldrMountPoint = "/boot";
@@ -30,30 +38,32 @@
 
     powerManagement.powertop.enable = true;
 
+    hardware.graphics.enable = true;
+
     fileSystems = {
         "/".options = [ "compress=zstd" ];
         "/home".options = [ "compress=zstd" ];
         "/nix".options = [ "compress=zstd" "noatime" ];
     };
 
-    # networking.wg-quick.interfaces = {
+    networking.wg-quick.interfaces = {
-    #     wg0 = {
+        wg0 = {
-    #         address = [ "10.6.0.5" ];
+            address = [ "10.0.0.2/32" ];
-    #         listenPort = 51820;
+            listenPort = 51820;
-    #         privateKeyFile = "/root/wireguard-keys/wg0/private";
+            privateKeyFile = "/run/secrets/wireguard/private";
-    #         dns = [ "10.2.0.100" ];
+            dns = [ "192.168.1.1" ];
+            autostart = false;
 
-    #         peers = [
+            peers = [
-    #             {
+                {
-    #                 publicKey = "pEWHugUnnhWXkJzCIhXryRRZMoCAuvAITDeP4ItenQk=";
+                    publicKey = "sWdXHlBqH+tAgSl0Tqr46sfKvgFN/vMDiuN08HjzaSg=";
-    #                 presharedKeyFile = "/root/wireguard-keys/wg0/preshared";
+                    presharedKeyFile = "/run/secrets/wireguard/preshared";
-    #                 allowedIPs = [ "10.2.0.0/24" "192.168.0.0/24" ];
+                    allowedIPs = [ "0.0.0.0/0" "::/0" ];
-    #                 endpoint = "simmer505.com:51820";
+                    endpoint = "simmer505.com:51820";
-    #                 persistentKeepalive = 25;
+                }
-    #             }
+            ];
-    #         ];
+        };
-    #     };
+    };
-    # };
 
     # Set your time zone.
     time.timeZone = "America/Chicago";

secrets/alpheratz/secrets.yaml

@@ -0,0 +1,23 @@
+wireguard:
+    private: ENC[AES256_GCM,data:Vii9We3fJBFCQNfek+fKqzy4jor2mhHz7KZhoWS9fuBbccz/DHPOnpzRhJQ=,iv:eDorsjazLZjIYsL+AP7YHoBY03ByywtmuRAG0KFonu0=,tag:z7b8NiGOgz0CrhFNalK4Qw==,type:str]
+    preshared: ENC[AES256_GCM,data:BK3CwQ9tZ0gqErPfOt896yH3K+7xDx6Vr+Xd0JMB+RYdugsGYluhldNM3aM=,iv:o9RhmlSCVwHPUi+JRNQF9bTACOwFaKmshfiD25C5QW8=,tag:DO9a2D2zY5rFQWHIR0PsfA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1gdtjn3jgvvvspa86q3lnklflnvyf3s75y2rw23l7nk7hwcsfpg7qkq7msr
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVUzZyL2hHT0ZKUUViMmNP
+            eXluSTFpOUlPdmVoS2VoTGNKcnhFUzFRbVVzCmU3aDQ0SElqdkxySnNYUzd6TmJy
+            QnkwSXAyT3BmUktBWVp5eGMyeXg5bXMKLS0tIGh1S1cwUGU3dW9xRS9iQzMxZnRF
+            ZytUUE9YZDZjcDFvU1lkRk5hYWJscTQKQrNSlwVHQVwN1QKkF7Hh5wbDWWSLfutm
+            l8YTbx1rHFxakK16+HXcmRleA+qvjlmpflbq+CyZQmIkwARazT7rUQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-06-24T00:52:56Z"
+    mac: ENC[AES256_GCM,data:4eHx1JEmFa9ugyjsJYYvIJ85EYQOsxThKtFzL9Aiw16NOl58B0CNFAwVSL1KryjjmsRxxDQoAFldkfpxzKuERoUPMsRlFXlNgApXqkaH2aJBH2VCFd7jBTvqALXgWv5Gjh8yTD3qySUAeWN8F44HjGg1cx8Poxp5xOPk5VlzyXA=,iv:LrjjSM8hC8ujfXM9W+rgGLo1muDR+CIo1UfnNJcr2TE=,tag:Oosqkn1XnEpnoNH31ghL5w==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1