caperren/nixos-configs
1
0
Fork 0
mirror of https://github.com/caperren/nixos-configs.git synced 2025-12-30 11:04:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #23 from caperren/sops-testing

Browse Source 
sops-nix functional, and providing encrypted token for test cluster
This commit is contained in:
Corwin Perren
2025-12-13 16:22:29 -08:00
committed by GitHub
parent b16e7664b0 1fe9c9c9cf
commit 4dd1207568
16 changed files with 387 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
.sops.yaml Normal file
View File

@@ -0,0 +1,60 @@
keys:
- &admin_users:
- &caperren age1xjnkqv32a5nqftw6pqthapnzmgjl4lnqfpxy9utqm56yzm2mvfhqzch648
- &systems:
- &personal:
- &cap_slim7 age1a5aqj3jr3rqpjet9a7y077ak0ymstjjdnyfgn5m2ad4l2yuxr4aqym7d3d
- &cap_nr200p age1g45zy9m5g4e20cjejgd3x40722rlddgkmhtddrl8wyf63kt5kg7s9ke390
- &cluster:
- &cap_clust_01 age1649y4antwgfe4fu02eppnx5gr0yc3g4lj4kwd6v9guxgxgj06y9qk7l4wl
- &cap_clust_02 age1k085uuy4fv9rfpy0ne6zl9fq0j05a4fykqe26psx2ngxqrcxcu5sksxa9u
- &cap_clust_03 age1tpeqfhc4n7swpgzx6qfdfxanx0uqh7nksr7eksnvjea70n8vaf5sntxu2l
- &cap_clust_04 age1pux20jlyzdexztdmm3lelzn2mslxhuahae4wjy74hkxfytslsfpqj708e2
- &cap_clust_05 age1f5039syajzz75s9lkdzwnv2dsvlcp69puuaucgwt05sqjdl7hels25nsfr
- &cap_clust_06 age19m6f3xtkdf3gwxqxgp9w9gyla4hk24f85l2tyjx6dxu0akzux3cs657dhz
- &cap_clust_07 age1en6vdtxspam9s3nmsyfrcrxzrzu4t9v72ztqyekpzsc35rd06a2sza7ehw
- &cap_clust_08 age1vujvq5rdzppkkdhkwyhnl6xhuvm8s5yf2wc8ke05m8jwrdwsdf0qfx5w4r
- &cap_clust_09 age1uyuudfya8etgztlt6hlssr9hkstyyhg65wdq3pj9rud2czzkaqqssg7yvp
creation_rules:
- path_regex: users/caperren/secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *caperren
- *cap_slim7
- *cap_nr200p
- path_regex: secrets/default.yaml$
key_groups:
- age:
- *caperren
- *cap_slim7
- *cap_nr200p
- *cap_clust_01
- *cap_clust_02
- *cap_clust_03
- *cap_clust_04
- *cap_clust_05
- *cap_clust_06
- *cap_clust_07
- *cap_clust_08
- *cap_clust_09
- path_regex: secrets/cluster.yaml$
key_groups:
- age:
- *caperren
- *cap_slim7
- *cap_nr200p
- *cap_clust_01
- *cap_clust_02
- *cap_clust_03
- *cap_clust_04
- *cap_clust_05
- *cap_clust_06
- *cap_clust_07
- *cap_clust_08
- *cap_clust_09
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *caperren
- *cap_slim7
- *cap_nr200p

33
flake.nix
View File

@@ -5,8 +5,13 @@
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager";
url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs";
};
};
@@ -15,6 +20,7 @@
{
self,
nixpkgs,
sops-nix,
home-manager,
nixos-hardware,
...
@@ -22,75 +28,92 @@
{
nixosConfigurations.cap-clust-01 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-01/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-02 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-02/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-03 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-03/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-04 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-04/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-05 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-05/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-06 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-06/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-07 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-07/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-08 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-08/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-09 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-09/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-slim7 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
};
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-slim7/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
nixos-hardware.nixosModules.lenovo-legion-16arha7
];
@@ -98,9 +121,11 @@
nixosConfigurations.cap-nr200p = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-nr200p/configuration.nix
inputs.home-manager.nixosModules.default
sops-nix.nixosModules.sops
];
};
};

5
hosts/cap-clust-01/configuration.nix
View File

@@ -6,7 +6,12 @@
# Host Groups
../../modules/host-groups/cluster.nix
# Application Groups
../../modules/application-groups/k3s-primary.nix
];
# sops.secrets.k3s_token.sopsFile = ../../secrets/cluster.yaml;
networking.hostName = "cap-clust-01";
}

3
hosts/cap-clust-02/configuration.nix
View File

@@ -6,6 +6,9 @@
# Host Groups
../../modules/host-groups/cluster.nix
# Application Groups
../../modules/application-groups/k3s-secondary.nix
];
networking.hostName = "cap-clust-02";

3
hosts/cap-clust-03/configuration.nix
View File

@@ -6,6 +6,9 @@
# Host Groups
../../modules/host-groups/cluster.nix
# Application Groups
../../modules/application-groups/k3s-secondary.nix
];
networking.hostName = "cap-clust-03";

11
modules/application-groups/k3s-primary.nix Normal file
View File

@@ -0,0 +1,11 @@
{ config, pkgs, ... }:
{
sops.secrets.k3s_token.sopsFile = ../../secrets/cluster.yaml;
services.k3s = {
enable = true;
role = "server";
tokenFile = config.sops.secrets.k3s_token.path;
clusterInit = true;
};
}

11
modules/application-groups/k3s-secondary.nix Normal file
View File

@@ -0,0 +1,11 @@
{ config, pkgs, ... }:
{
sops.secrets.k3s_token.sopsFile = ../../secrets/cluster.yaml;
services.k3s = {
enable = true;
role = "server"; # Or "agent" for worker only nodes
tokenFile = config.sops.secrets.k3s_token.path;
serverAddr = "https://cap-clust-01:6443";
};
}

2
modules/application-groups/system-utilities.nix
View File

@@ -32,11 +32,13 @@
imagemagick
iotop
jq
k3s
kdePackages.qt6ct
killall
kitty
swappy
lf
mesa-demos
minicom
ncdu
networkmanager

14
modules/system/home-manager-settings.nix
View File

@@ -1,5 +1,11 @@
{ config, pkgs, ... }:
{ inputs, ... }:
{
home-manager.useGlobalPkgs = true;
home-manager.backupFileExtension = "bkp";
}
home-manager = {
useGlobalPkgs = true;
backupFileExtension = "bkp";
sharedModules = [
inputs.sops-nix.homeManagerModules.sops
];
};
}

10
modules/system/security.nix
View File

@@ -1,5 +1,15 @@
{ pkgs, config, ... }:
{
environment.systemPackages = with pkgs; [
sops
age
];
sops = {
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = ../../secrets/default.yaml;
};
security.sudo = {
enable = true;
extraRules = [

115
secrets/cluster.yaml Normal file
View File

@@ -0,0 +1,115 @@
k3s_token: ENC[AES256_GCM,data:UANQ7DzasppB8ZPtGY9wR9lhU+VpTjJE,iv:cvEiUt7zG4Joyd1gkaqi848ES7aPf7VoYc4zDwLKEDQ=,tag:j4EU/srhEL0+nQGhETuerA==,type:str]
sops:
age:
- recipient: age1xjnkqv32a5nqftw6pqthapnzmgjl4lnqfpxy9utqm56yzm2mvfhqzch648
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSTWNzM0RMMXpDZnZHSEFz
U01jN1FPTFJ6YzBMQlhQMEpSZ0NTNCtteWk4CmhyU1ZTeE1wMzAxRWszS0NKeVpL
dmw3TGlvdG80TVVXUWVTYTVHMzcwajgKLS0tIFMraXVmTS9zSkFzRGZjZlhzR1lj
eDRubW5hWnQzdjVzRytWTW44Y2xoU2MKA2yvOK0DfKSj6U7094a9+4t7E6nFGD+5
p8XlMAkroS8RhdwBi//xn5I05/iJMKJikaeclvsNlvLV5b/GkCE3nw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1a5aqj3jr3rqpjet9a7y077ak0ymstjjdnyfgn5m2ad4l2yuxr4aqym7d3d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5RzZSTFNPMkprTk00SjBv
WTdvcVFuU0hPZ2hteWsrOXp3TTlGdXBvb1FRCjlCbitacFJpV1l3YXMvU0xMMm5Q
TjJwR3JtQk9Rbmc1S2J5OVF0WXBRQ1EKLS0tIHBHdzFlN21FZHFoRjc3cHlSZ2FK
YnBOOU5Bejl6MjB6MDliZWpPeTdFRncKRXH8gKhKVcSxja+dhIrPBNeeV8rJatSJ
+ZlHQL3109Ya/V6Aq9AtEypmLld9Ech7AGMCePNLYvc6DYkDE9bJDA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1g45zy9m5g4e20cjejgd3x40722rlddgkmhtddrl8wyf63kt5kg7s9ke390
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2eFE4bWRPQitrVDN4Y21J
TUJyd214L1JMazNiUzJEb29FTmRORkJmR1QwCjIrVzZ5WllDbGNCd1c0Q09XVDFm
UjhudDNCZ1BWSmpmbHkvWjROMnpkb3cKLS0tIFhzdlpiTFRPMFM5Nm1DcVN3djVB
SWZtVWNvRVdweWVxZVlQL1k1QVdESXMKc6OdFAyEvxhf5xyBFfiZajgUkwlfMMMJ
4KqoZGTmh+4GTedJDAKClKce1TEQTKrf1ePP+5HhcSKOoPTolMh/Sw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1649y4antwgfe4fu02eppnx5gr0yc3g4lj4kwd6v9guxgxgj06y9qk7l4wl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUUt4ZCtrU2djKzRkN2h2
bHpVSk15M2lTVjRrTi9aVmpETjV3UUN6TWlrCk5rdytrYWoxTmJDQmJITVRMa0ZV
UGc3dzhsQlM3T29BenY4VlRqbmdvd2sKLS0tIE9HVmxBMnZOMnUvdFcyNGRjTm1o
V29UVXRKWUhERkYwZ0NsOUZna1ErcWsK3ya1FW0WPKrZ4gMVx9M1eAgj6lQiv++M
TSZmVJfUMyV1OATtg3MSDFqsppN/i7+aQAP2D0G1fzG30/1qYwCsHA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k085uuy4fv9rfpy0ne6zl9fq0j05a4fykqe26psx2ngxqrcxcu5sksxa9u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMQUVpUW5CTEFGUVlSeVJa
QVNpUE9uaFV0eWxyQjhjcUFXOTVqN1JwTm1vCmE5dmVuZnFpeWRXbnh4V0J6eHF2
R3l5ZFhTSitzSnFYbXEvbGoyY2R6WFEKLS0tIEwwWWcydmhPdW1wL083NVJncmF3
U3lPYm9EZFRUWVhualFNZHhVU1JlQzgKsc4y+hfdGB3WW+NpzvA0RH54Zc46j3zt
2Pak/SdxiMnHfF0cw9EP/xrGJ15IUUWvDmRu+om0fEMjg+OBOKLXXQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tpeqfhc4n7swpgzx6qfdfxanx0uqh7nksr7eksnvjea70n8vaf5sntxu2l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmamp3Uk40ZGRJQW1MUVJS
SUlabWx3Zkd1b0xLMFQ5Y3hUelk1RU1HYW5FCnQ4bG5qRnhQRnlmTm13WXdYUWg5
ZUVvRlRaN0NSSWhJV002N2pBL28yQXcKLS0tIEQ3bmJnUHNEUThvM2MvQUlDaUV3
ZXd2T1RmM0l4YzZKaGkrRXc4VXBRVnMKnCp42FU0vQOb9VN/+DbsmNHvZc8lH+Rh
skZvMvTHgpMWTdhHYFWub+CIXZfUrJfy/vSWBvDw6c81r4p1l+Jyfw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1pux20jlyzdexztdmm3lelzn2mslxhuahae4wjy74hkxfytslsfpqj708e2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNHNsYjJoTlhRcUJ5UnZw
eU9tVW9zVW5XRFR2ZUNaKzlieUNmdDNCS1JFCjVJaGoxdFArU09GMXpYMVdZaVk0
TXpKUHo1cEdXZnpCNXpyRHJnYmRldWMKLS0tIFBnSktZWmp3M2NJbVAwTy94bnVx
YVlwaEZ0Z09aNFo0OCt1dUxpYzdiZEUKDHKAZYVC9ON48i9p5DZDopgm9afSg069
m3mq5d+aBZIrnSdwgIuvyPJH+L8clIUXcJ47QH9ML/4MsFk+d4xvpA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1f5039syajzz75s9lkdzwnv2dsvlcp69puuaucgwt05sqjdl7hels25nsfr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0bm15TmhpRXg5V05qWmRn
UExicGhXZ0ZWNUxPTUM3OEV2U1JveGRUQ1RVCkpaMXZwVUxiT0pQRkFFSjBMRnFw
RnJJalBrSTR5V3IvUnU2a2hWSmM0ajAKLS0tIDJ6ZWpiVlBBdDBxWnhZT2lyRi81
dCtqV1ZwQVlHWFgvTkN4eTZmSG5XMzgKKAPm8crJXBvCAIgTCcpLBi74Fq/AT7Uo
SREKHWpC3pLtNyfgHuEhm3lCYmyZyxTsZFd/2ezAjqtQZAf29EEUjg==
-----END AGE ENCRYPTED FILE-----
- recipient: age19m6f3xtkdf3gwxqxgp9w9gyla4hk24f85l2tyjx6dxu0akzux3cs657dhz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvbVhvQlZDWXhmMXpnaDBk
YUFwMkhwRDlkMXhjS1NJSVR3QWhBNDY2c0VFCklMaTBaKzQvRjdLQjFlelpkY2Ra
R0E3NjNVV1pPOG02WnhLdHhqRytPdlkKLS0tIFBFQlpWL0FEUWNGOThzNW1RdG9S
V2lSdVpweWZKM3VYZ01hclV4ZENZbTQKMQ3/EZk82q4oGnFJb49+X5uQzuTji8qV
K61/vy40g/1f8wgpJwjvGCHx7VyzsBp4lhXiLODMIW6ubp5kAU4r9A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1en6vdtxspam9s3nmsyfrcrxzrzu4t9v72ztqyekpzsc35rd06a2sza7ehw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuVVJSRmZucDc1Vk5HZ0py
NS9BcDlLRkpyYitmd0hZdlVOaFgxS3JyR1ZJCkVBajVBTjlWamNMNFYza2xWaitx
V2loazBmaE5kVWRoVWwvR2NQa3Mwb1EKLS0tIFZYNGNRc00rUGlDT2tGUFlCcDc3
aFB3SmpjVFVBc3lPWmMyM29URHpaUzQKguiKNjvJayezQ2tAqmFSgA8tY/6tx1Pb
OeB5cBtSyXfdZhL8HGYAqiIph9zbO3NId7icJsZ11YTW6XHHr1P7gw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vujvq5rdzppkkdhkwyhnl6xhuvm8s5yf2wc8ke05m8jwrdwsdf0qfx5w4r
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1aDJ5UkM1WENoUDZOUld3
ZXpTdWJjQzVhNEI4RGs4UlhyVytBcmcwbUdBCkxhNnlzSm5yS21zVVNoSmc3VmJF
REE1YXpFSWtPcVhzMnFGckpLZUxQR2cKLS0tIE5DWGFKNUxRZnpFNGpMS0xxVVhq
OWIwRXBXMmxHN09pZVcyNElQZVhFWUUKAN0Yd2/RB0ZjE0BGZnVY+bCSEQXVpZrS
DwsxXlldtJLVebLxthPaXcPI4UmUFYSPFYWDPijjxQ7gbRYnOsV1eA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1uyuudfya8etgztlt6hlssr9hkstyyhg65wdq3pj9rud2czzkaqqssg7yvp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNaVNQeVd3c0JKakhEWWE0
ZDNjUitGaUVxM3h0UjF4Z2ZVR0w2L2xKTlRzCjhVVERodmpFVXF6Tnp5N011Tk9J
TVR2akpwRlBKOEs0T3loa0p1cGU5c1EKLS0tIEh5TGYrZ0c3MjQ0bDlsb3J6UGls
VWRsQy9BeU1rTmUxd0xwZHA2MjMrZmcKPI2g7B4Ylmbq1Z6WHAhdDx43oB/OeIKY
MKpwZ985JUrxwwiM0UC9DfNYaM9ScUf4l3qHFPHjh+N899rf7nW3zA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-13T09:05:22Z"
mac: ENC[AES256_GCM,data:Jg/J4ulZtAI7Kfeb8/ccmG3hV+2TF/5kTcwNRr6llVORVBZ0cGeJz5TvhqwHsSf3TRwgzS50RHWtbJ//TadWrYbf+EInV92mT+ybVO/p6ek0jiqRV9Kto697YnjjtMG1uJcIazWhShT4UTg6PNlAtRzBA3759tnw2aj0hCNH9QE=,iv:hu1m3GdLiwyVZDrlh/p63hGCaJgXIHuVnxzPKskj9Io=,tag:NW+d9m+eTgkb9Uea5aurSw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0

115
secrets/default.yaml Normal file
View File

@@ -0,0 +1,115 @@
default: ENC[AES256_GCM,data:hblL4UM//g==,iv:pu+XlfdZl8XZFk16iwV5juImHosUfOhZJ54UAzi9iwo=,tag:8h2ybkmNoqUT85L2JfXLrA==,type:str]
sops:
age:
- recipient: age1xjnkqv32a5nqftw6pqthapnzmgjl4lnqfpxy9utqm56yzm2mvfhqzch648
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJWUtjYmxwWVJtekY5RTcz
Yno1M0Z6RnRYRkowRmVWMWVTNWRTc0RWWWprCjlRZ0dVYnkzaU1CTmljR2VxVDZX
a1lzNUNCb0FrdGhvcUV1NTUxa0RRMG8KLS0tIG9PVWMzbHA4Q2YrbTQ2cWFpTU1F
NE9TN3QyNEZEM1BoeFFSRHZqUmF0TlkKSvm5PXarwX2/034Y2LThEVQWgGm4emWU
abvCD566vlA+MZdRx0CUo1S8xqXDse9inAwroPs3nZ2TabtvCAqNGA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1a5aqj3jr3rqpjet9a7y077ak0ymstjjdnyfgn5m2ad4l2yuxr4aqym7d3d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4Y2J5a1V5Q1U0eVZPOGlB
R2dBcElMQ0kwQUJCTkJuT0J2Tm9ETVlNcUYwCm0wbndXdFBZUllRZm5zdEVEczl4
b1NYVXFqVlhTb0R5YTZSUnBlMGNYSkUKLS0tIGJXOUNYV0NNZUlnd3I2OUhjSCs0
QzA3SXcwQmI4WE5qTElVWFhmRVhyN28KE2br0ZBj8dUep8O6hf0W1mrOXTDhTq/X
xR6zx93tpGdqg+jT0BS+7GMaxj4jM5VMmrTYQrIZc0g9ah34AbFT6g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1g45zy9m5g4e20cjejgd3x40722rlddgkmhtddrl8wyf63kt5kg7s9ke390
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyQzl1MWtYczd5aEpacFNZ
elpwaC90d2xTWUFJeGdMTjkxSVhZTUU4a3hnCnFOZ1ViS0hqbW45aU0vajh5NjVv
VmNYcmNGT21lMDl4QnljOS9oSHNpTjAKLS0tIGpndTNQU21PSVU1UzErTjFtOVYw
ZU1IRWdacUtKeEloQjM0TFU3Q1A0OUkKiFY+UfTgGtPuQBuHfmRKEVV6nyi7ggLT
x81Gl5COm0zCuXJuQw5FQutFXnYRC/9ndlNpO1HmrDHnEDp1osdNqg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1649y4antwgfe4fu02eppnx5gr0yc3g4lj4kwd6v9guxgxgj06y9qk7l4wl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSUnFJVWNYYlNLSk1xbFYy
WGlBYzZHYVc5USt2eXNKdzlabWhYMWExZTFvCmZTeTJxWVhISWt5cjBwT3gvcnJ6
QzNRL0lFUGcraURLVnBGQXpXUzFiVG8KLS0tIEpobkwvaHBRU0FjQ3NIWDc2bWRj
ZWpwYURSc2dGTzJGaWgrWDRKZlRDZzQK0BZeC4JAbP8sHVy48O5rTyojRIkL8SUe
JPTYEa/wIDWOgp9Kkxa6QwVMr061pdEnIF6pal2efJjtvS0Q8JaegQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k085uuy4fv9rfpy0ne6zl9fq0j05a4fykqe26psx2ngxqrcxcu5sksxa9u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQVzUwSkQrTGhBQ1VVR25D
ZU5BY1NnUVVhVTJ2VUxPTWpqVXNhQWhpc0dnCk5EQ3JYdmUvQWo3QzdqcXVaN2Q4
ODFIeVhZWFAwV0hvUm5UTyt3VEZ3NFUKLS0tIElZL2NqQTY0dGJzVjJNWEh2U0pp
Nk94MldCTnZQRG00S1NGZWlsbmxLencKkeUHuYFIwQYdAAwfBcJ4F/1oR8mQfK9t
ka9WdGJZ+w2UDU0zOdkaD01lnqHenV/MhkzQ+SYnFEETDNLWt+OkwQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tpeqfhc4n7swpgzx6qfdfxanx0uqh7nksr7eksnvjea70n8vaf5sntxu2l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWdktET3FCUmw2TVhSWXcv
MTlHYlR2KzhPS2ZrdHA5ekcxZVZSc1JNM3lVCndQZUFKTFJFZG1GVWJvWllobGJU
eERoSmFMZWh5ZmZHM3Z3UWc5aVpab0EKLS0tIFIrdkdyaHg1NFVpM1JGWlBSWWpu
N0Q4YzZCbmd6bUc0U3FaZ3lLNUJOTXMKHC/emqz88i9dq+rWaw7Lh92pdu2D1aDD
K7G4d5AgRuSZxPWxwQMGTsCS3arsex0KrxdWE2ksZYTwVdi5CU3zTA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1pux20jlyzdexztdmm3lelzn2mslxhuahae4wjy74hkxfytslsfpqj708e2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM1BWd08zNFNPdTlUa1Vt
TzBJcDNIbHl3aXFUMXpkMmE1ajVwVFcrUVZBCkFDUnEyRktNRDlLdmFZT3Y0cVNT
UCtQQmhjT2hvbWdSOGh1WkMxcFFBWGMKLS0tIE1NQ3AraGVxVUxvZUVDOC9NY2xE
UHJZOWp6RmU2SFR4bU5hTDJnbHo5Rk0K/6Loz0GabBTy1VxePYwiuDtFCiDniGTv
RP7SKgMbN0SUjeaXwTmksC9DmfhWzXwDJqh/n/cNrtE2yuKR2AGzQA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1f5039syajzz75s9lkdzwnv2dsvlcp69puuaucgwt05sqjdl7hels25nsfr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6d1lFaGxEOElxYjBVV2w5
dVJyUnNveklTbXJQSzA4UlVHYTlWZUUyVlIwCnRwS1RTejAzNllHdWVaYU5tZXhq
bzZVcnpjYXBhWFFnWjY1cFhQZ0JuZ3cKLS0tIE1zYWlJTTV2VWRma2JjWlRZZ2Ro
NitqbEFuUENKaDZWY2dVRU9tWUF4b1kKAZAVyohLFZPMC0O6AF7GUXaE/8Q9bF2s
o1rS/8Cg0KqmalQ992wSMjUj1Z0y+najuaF6Kp9r2Q+6b9IVe7HQFA==
-----END AGE ENCRYPTED FILE-----
- recipient: age19m6f3xtkdf3gwxqxgp9w9gyla4hk24f85l2tyjx6dxu0akzux3cs657dhz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzN01Db01QMVdudC9idjBm
N3B4a3hUR2ZNYUQzL3RVVlQvelFFNUZFTlhFCnpaMDFpcVpkcThFanJRcEVxOFNP
cC9xL29MVTd0R1FUQzMzazVoNDUvMkkKLS0tIEVYRTlZSkVUcmZIVWJ2dmlBVGxq
R0E2MmdSZDFPTG9WMmhzT0dRYWRkclkK6Hg6rNuEhWb1PLA8z5l2YPDBMXxo0VwA
GrpQjbrcFKXTxOpi9FU5m1Dy0HSkEkUnmcFiVr98g6xJwWQjp9Xduw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1en6vdtxspam9s3nmsyfrcrxzrzu4t9v72ztqyekpzsc35rd06a2sza7ehw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoQ0tJRDYzMDQvdVBDZ1ZD
NjJyc2x4NFhhd3oycjRxSFZhaHZTN25kc1NFCldvMy9IWUNadzRNWFh0QVQrczhB
aFhyd1d3cWlad3RCWVN0VWQzNkU5eWsKLS0tIDZSbmxLbnNTYmJhL0l6L1JwRWFN
ZUQ4cVlyL3VYQ0RFdHgvalFnWnU1Z1EKTkQZ14qvVykxfkD1smBd7aXzqji4sUGi
dI0PoKWAy4rqVbNMsNTOutNk8KMxJG+d9Qw947W2O7fA2XIY7/hnug==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vujvq5rdzppkkdhkwyhnl6xhuvm8s5yf2wc8ke05m8jwrdwsdf0qfx5w4r
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiQnNCR2w4YjlzUSt5bDE3
c0VMWmQ4M00zMVErd21DYnlPb0JtelFDeml3CjNGV1ZJMVZOTFNpT1RSc3FXV0No
d25GUGVzTi9WWlVDeWRzd3BDOXNHb1UKLS0tIHFVdVRRb2l4YjlaY0NlUFpiRmxs
aE91WkxSYittL2Y5aWZBUFpYS0tzR28KK7B4TLpgtcRj8zttl/oHaYuedm2r8LDd
6C/cMrD+hQEb45OiDcn4V1L444vwbAZJvzgoiQWem6+1Wvepqe+P0A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1uyuudfya8etgztlt6hlssr9hkstyyhg65wdq3pj9rud2czzkaqqssg7yvp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmbjJKSGlLbFBCd011bHBG
emM4MVJCKy9UejY3M0E4VWFKTDFUeGZQQkVFCk1ZTkpUYm5adVZOU1hpR0xqOUdi
ZXppQ3lFdlBxQWdRdW9TbUFkcDJFbG8KLS0tIEhycFp1WGRCVUxBVzJRamptYnli
dW1YMTBIa202Tkp3WC9KRUhTckFCMUEKgUhihP1CN+kNOcbtfsr/gofI0tVzMVwo
4aQPOxmvp3gyKdvPtUUTxJ3QrZ3laAHcVmsxPjEPnaAjfmGSUZh/YQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-13T11:02:46Z"
mac: ENC[AES256_GCM,data:roAByCemPPNz6kkAX1nOL/TU3p2Jv67paQKlouek40FEf5cwVRMmygKDhs1vV8ZO4Ot0xGjXwiq+ylD0aSzbzvdcD/gG+cZ67XpqcW7CQMMtCrQ3Rt+U7q4rxyUeR55VxJdusjwtPp8qPVutKNJlebOUdBgaSKzDzwbnRppDUxk=,iv:PZVwlU3uUO+hHisHaoQAAfcBR2jlB0UHSU7ZFRXYfPo=,tag:0hPLfuSoSLRR1LiOWHFpfQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0

6
users/caperren/caperren.nix
View File

@@ -25,8 +25,8 @@ in
"wheel"
];
openssh.authorizedKeys.keys = [
sshDesktopPubkey
sshLaptopPubkey
sshDesktopPubkey
sshLaptopPubkey
];
};
@@ -58,6 +58,8 @@ in
};
};
programs.ssh.enable = true;
# Assets/scripts
home.file.".config/streamdeck-ui/icons".source = ./dotfiles/streamdeck/icons;
home.file.".config/hypr/scripts".source = ./dotfiles/.config/hypr/scripts;

5
users/caperren/dotfiles/hyprland/cap-slim7/hyprland.conf
View File

@@ -6,4 +6,7 @@ source = ~/.config/hypr/hyprland-common.conf
# Application launch
exec-once = brightnessctl -sd platform::kbd_backlight set 1
exec-once = brightnessctl -s set 30%
exec-once = brightnessctl -s set 30%
# Privacy
exec-once = sleep 10 && ls /dev/video1 &> /dev/null && notify-send "Laptop Webcam Enabled" "Please disable if not being used." -t 20000

7
users/caperren/dotfiles/kanshi/cap-slim7/config
View File

@@ -5,16 +5,17 @@ profile builtin_only {
}
profile bedroom_desk {
# Top left to right
##### Top left to right
output "Dell Inc. DELL P2411H F8NDP11G0DVU" enable position 0,1280
output "Acer Technologies CB292CU 2217018D42410" enable position 1920,0 transform 90
output "Dell Inc. DELL P2411H F8NDP097114U" enable position 3000,1280
# Bottom left to right
##### Bottom left to right
output "Aculab Ltd Digital Unknown" enable transform 270 position 0,2360
# Primary monitor, which wayland doesn't have a concept of
output "Hewlett Packard HP Z27n CNK7311DRR" enable position 1440,2560
output "Aculab Ltd QHD270 Unknown" enable transform 90 position 4000,2360
# Far bottom right (laptop itself)
##### Far bottom right (laptop itself)
output "BOE 0x0A9B Unknown" enable position 5440,2360 adaptive_sync on
}

2
users/caperren/dotfiles/streamdeck/.streamdeck_ui.json
View File

@@ -179,7 +179,7 @@
"icon": "/home/caperren/.config/streamdeck-ui/icons/btop-logo.png",
"keys": "",
"write": "",
"command": "bash -c \"kitty --single-instance --detach bash -c 'kitten @ launch --type=window --title btop btop ; kitten @ launch --type=window --title nvtop nvtop'\"",
"command": "kitty -e btop",
"brightness_change": 0,
"switch_page": 0,
"switch_state": 0,