diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..971baf8 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,60 @@ +keys: + - &admin_users: + - &caperren age1xjnkqv32a5nqftw6pqthapnzmgjl4lnqfpxy9utqm56yzm2mvfhqzch648 + - &systems: + - &personal: + - &cap_slim7 age1a5aqj3jr3rqpjet9a7y077ak0ymstjjdnyfgn5m2ad4l2yuxr4aqym7d3d + - &cap_nr200p age1g45zy9m5g4e20cjejgd3x40722rlddgkmhtddrl8wyf63kt5kg7s9ke390 + - &cluster: + - &cap_clust_01 age1649y4antwgfe4fu02eppnx5gr0yc3g4lj4kwd6v9guxgxgj06y9qk7l4wl + - &cap_clust_02 age1k085uuy4fv9rfpy0ne6zl9fq0j05a4fykqe26psx2ngxqrcxcu5sksxa9u + - &cap_clust_03 age1tpeqfhc4n7swpgzx6qfdfxanx0uqh7nksr7eksnvjea70n8vaf5sntxu2l + - &cap_clust_04 age1pux20jlyzdexztdmm3lelzn2mslxhuahae4wjy74hkxfytslsfpqj708e2 + - &cap_clust_05 age1f5039syajzz75s9lkdzwnv2dsvlcp69puuaucgwt05sqjdl7hels25nsfr + - &cap_clust_06 age19m6f3xtkdf3gwxqxgp9w9gyla4hk24f85l2tyjx6dxu0akzux3cs657dhz + - &cap_clust_07 age1en6vdtxspam9s3nmsyfrcrxzrzu4t9v72ztqyekpzsc35rd06a2sza7ehw + - &cap_clust_08 age1vujvq5rdzppkkdhkwyhnl6xhuvm8s5yf2wc8ke05m8jwrdwsdf0qfx5w4r + - &cap_clust_09 age1uyuudfya8etgztlt6hlssr9hkstyyhg65wdq3pj9rud2czzkaqqssg7yvp +creation_rules: + - path_regex: users/caperren/secrets/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - age: + - *caperren + - *cap_slim7 + - *cap_nr200p + - path_regex: secrets/default.yaml$ + key_groups: + - age: + - *caperren + - *cap_slim7 + - *cap_nr200p + - *cap_clust_01 + - *cap_clust_02 + - *cap_clust_03 + - *cap_clust_04 + - *cap_clust_05 + - *cap_clust_06 + - *cap_clust_07 + - *cap_clust_08 + - *cap_clust_09 + - path_regex: secrets/cluster.yaml$ + key_groups: + - age: + - *caperren + - *cap_slim7 + - *cap_nr200p + - *cap_clust_01 + - *cap_clust_02 + - *cap_clust_03 + - *cap_clust_04 + - *cap_clust_05 + - *cap_clust_06 + - *cap_clust_07 + - *cap_clust_08 + - *cap_clust_09 + - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - age: + - *caperren + - *cap_slim7 + - *cap_nr200p \ No newline at end of file diff --git a/flake.nix b/flake.nix index deb9953..9bb69e3 100644 --- a/flake.nix +++ b/flake.nix @@ -5,8 +5,13 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + home-manager = { - url = "github:nix-community/home-manager"; + url = "github:nix-community/home-manager/release-25.11"; inputs.nixpkgs.follows = "nixpkgs"; }; }; @@ -15,6 +20,7 @@ { self, nixpkgs, + sops-nix, home-manager, nixos-hardware, ... @@ -22,75 +28,92 @@ { nixosConfigurations.cap-clust-01 = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; + specialArgs = { inherit inputs; }; modules = [ ./hosts/cap-clust-01/configuration.nix + sops-nix.nixosModules.sops inputs.home-manager.nixosModules.default ]; }; nixosConfigurations.cap-clust-02 = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; + specialArgs = { inherit inputs; }; modules = [ ./hosts/cap-clust-02/configuration.nix + sops-nix.nixosModules.sops inputs.home-manager.nixosModules.default ]; }; nixosConfigurations.cap-clust-03 = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; + specialArgs = { inherit inputs; }; modules = [ ./hosts/cap-clust-03/configuration.nix + sops-nix.nixosModules.sops inputs.home-manager.nixosModules.default ]; }; nixosConfigurations.cap-clust-04 = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; + specialArgs = { inherit inputs; }; modules = [ ./hosts/cap-clust-04/configuration.nix + sops-nix.nixosModules.sops inputs.home-manager.nixosModules.default ]; }; nixosConfigurations.cap-clust-05 = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; + specialArgs = { inherit inputs; }; modules = [ ./hosts/cap-clust-05/configuration.nix + sops-nix.nixosModules.sops inputs.home-manager.nixosModules.default ]; }; nixosConfigurations.cap-clust-06 = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; + specialArgs = { inherit inputs; }; modules = [ ./hosts/cap-clust-06/configuration.nix + sops-nix.nixosModules.sops inputs.home-manager.nixosModules.default ]; }; nixosConfigurations.cap-clust-07 = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; + specialArgs = { inherit inputs; }; modules = [ ./hosts/cap-clust-07/configuration.nix + sops-nix.nixosModules.sops inputs.home-manager.nixosModules.default ]; }; nixosConfigurations.cap-clust-08 = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; + specialArgs = { inherit inputs; }; modules = [ ./hosts/cap-clust-08/configuration.nix + sops-nix.nixosModules.sops inputs.home-manager.nixosModules.default ]; }; nixosConfigurations.cap-clust-09 = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; + specialArgs = { inherit inputs; }; modules = [ ./hosts/cap-clust-09/configuration.nix + sops-nix.nixosModules.sops inputs.home-manager.nixosModules.default ]; }; nixosConfigurations.cap-slim7 = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; - specialArgs = { - inherit inputs; - }; + specialArgs = { inherit inputs; }; modules = [ ./hosts/cap-slim7/configuration.nix + sops-nix.nixosModules.sops inputs.home-manager.nixosModules.default nixos-hardware.nixosModules.lenovo-legion-16arha7 ]; @@ -98,9 +121,11 @@ nixosConfigurations.cap-nr200p = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; + specialArgs = { inherit inputs; }; modules = [ ./hosts/cap-nr200p/configuration.nix inputs.home-manager.nixosModules.default + sops-nix.nixosModules.sops ]; }; }; diff --git a/hosts/cap-clust-01/configuration.nix b/hosts/cap-clust-01/configuration.nix index 628d33b..e3dad93 100644 --- a/hosts/cap-clust-01/configuration.nix +++ b/hosts/cap-clust-01/configuration.nix @@ -6,7 +6,12 @@ # Host Groups ../../modules/host-groups/cluster.nix + + # Application Groups + ../../modules/application-groups/k3s-primary.nix ]; +# sops.secrets.k3s_token.sopsFile = ../../secrets/cluster.yaml; + networking.hostName = "cap-clust-01"; } diff --git a/hosts/cap-clust-02/configuration.nix b/hosts/cap-clust-02/configuration.nix index 6b30a45..502faee 100644 --- a/hosts/cap-clust-02/configuration.nix +++ b/hosts/cap-clust-02/configuration.nix @@ -6,6 +6,9 @@ # Host Groups ../../modules/host-groups/cluster.nix + + # Application Groups + ../../modules/application-groups/k3s-secondary.nix ]; networking.hostName = "cap-clust-02"; diff --git a/hosts/cap-clust-03/configuration.nix b/hosts/cap-clust-03/configuration.nix index 837686d..118cb0c 100644 --- a/hosts/cap-clust-03/configuration.nix +++ b/hosts/cap-clust-03/configuration.nix @@ -6,6 +6,9 @@ # Host Groups ../../modules/host-groups/cluster.nix + + # Application Groups + ../../modules/application-groups/k3s-secondary.nix ]; networking.hostName = "cap-clust-03"; diff --git a/modules/application-groups/k3s-primary.nix b/modules/application-groups/k3s-primary.nix new file mode 100644 index 0000000..dbef2ba --- /dev/null +++ b/modules/application-groups/k3s-primary.nix @@ -0,0 +1,11 @@ +{ config, pkgs, ... }: +{ + sops.secrets.k3s_token.sopsFile = ../../secrets/cluster.yaml; + + services.k3s = { + enable = true; + role = "server"; + tokenFile = config.sops.secrets.k3s_token.path; + clusterInit = true; + }; +} diff --git a/modules/application-groups/k3s-secondary.nix b/modules/application-groups/k3s-secondary.nix new file mode 100644 index 0000000..138e846 --- /dev/null +++ b/modules/application-groups/k3s-secondary.nix @@ -0,0 +1,11 @@ +{ config, pkgs, ... }: +{ + sops.secrets.k3s_token.sopsFile = ../../secrets/cluster.yaml; + + services.k3s = { + enable = true; + role = "server"; # Or "agent" for worker only nodes + tokenFile = config.sops.secrets.k3s_token.path; + serverAddr = "https://cap-clust-01:6443"; + }; +} diff --git a/modules/application-groups/system-utilities.nix b/modules/application-groups/system-utilities.nix index 806474c..dc2f0fc 100644 --- a/modules/application-groups/system-utilities.nix +++ b/modules/application-groups/system-utilities.nix @@ -32,11 +32,13 @@ imagemagick iotop jq + k3s kdePackages.qt6ct killall kitty swappy lf + mesa-demos minicom ncdu networkmanager diff --git a/modules/system/home-manager-settings.nix b/modules/system/home-manager-settings.nix index cdad9dc..84819c4 100644 --- a/modules/system/home-manager-settings.nix +++ b/modules/system/home-manager-settings.nix @@ -1,5 +1,11 @@ -{ config, pkgs, ... }: +{ inputs, ... }: { - home-manager.useGlobalPkgs = true; - home-manager.backupFileExtension = "bkp"; -} \ No newline at end of file + home-manager = { + useGlobalPkgs = true; + backupFileExtension = "bkp"; + sharedModules = [ + inputs.sops-nix.homeManagerModules.sops + ]; + }; + +} diff --git a/modules/system/security.nix b/modules/system/security.nix index 4dbec27..a501dc2 100644 --- a/modules/system/security.nix +++ b/modules/system/security.nix @@ -1,5 +1,15 @@ { pkgs, config, ... }: { + environment.systemPackages = with pkgs; [ + sops + age + ]; + sops = { + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + + defaultSopsFile = ../../secrets/default.yaml; + }; + security.sudo = { enable = true; extraRules = [ diff --git a/secrets/cluster.yaml b/secrets/cluster.yaml new file mode 100644 index 0000000..f8cce39 --- /dev/null +++ b/secrets/cluster.yaml @@ -0,0 +1,115 @@ +k3s_token: ENC[AES256_GCM,data:UANQ7DzasppB8ZPtGY9wR9lhU+VpTjJE,iv:cvEiUt7zG4Joyd1gkaqi848ES7aPf7VoYc4zDwLKEDQ=,tag:j4EU/srhEL0+nQGhETuerA==,type:str] +sops: + age: + - recipient: age1xjnkqv32a5nqftw6pqthapnzmgjl4lnqfpxy9utqm56yzm2mvfhqzch648 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSTWNzM0RMMXpDZnZHSEFz + U01jN1FPTFJ6YzBMQlhQMEpSZ0NTNCtteWk4CmhyU1ZTeE1wMzAxRWszS0NKeVpL + dmw3TGlvdG80TVVXUWVTYTVHMzcwajgKLS0tIFMraXVmTS9zSkFzRGZjZlhzR1lj + eDRubW5hWnQzdjVzRytWTW44Y2xoU2MKA2yvOK0DfKSj6U7094a9+4t7E6nFGD+5 + p8XlMAkroS8RhdwBi//xn5I05/iJMKJikaeclvsNlvLV5b/GkCE3nw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1a5aqj3jr3rqpjet9a7y077ak0ymstjjdnyfgn5m2ad4l2yuxr4aqym7d3d + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5RzZSTFNPMkprTk00SjBv + WTdvcVFuU0hPZ2hteWsrOXp3TTlGdXBvb1FRCjlCbitacFJpV1l3YXMvU0xMMm5Q + TjJwR3JtQk9Rbmc1S2J5OVF0WXBRQ1EKLS0tIHBHdzFlN21FZHFoRjc3cHlSZ2FK + YnBOOU5Bejl6MjB6MDliZWpPeTdFRncKRXH8gKhKVcSxja+dhIrPBNeeV8rJatSJ + +ZlHQL3109Ya/V6Aq9AtEypmLld9Ech7AGMCePNLYvc6DYkDE9bJDA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1g45zy9m5g4e20cjejgd3x40722rlddgkmhtddrl8wyf63kt5kg7s9ke390 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2eFE4bWRPQitrVDN4Y21J + TUJyd214L1JMazNiUzJEb29FTmRORkJmR1QwCjIrVzZ5WllDbGNCd1c0Q09XVDFm + UjhudDNCZ1BWSmpmbHkvWjROMnpkb3cKLS0tIFhzdlpiTFRPMFM5Nm1DcVN3djVB + SWZtVWNvRVdweWVxZVlQL1k1QVdESXMKc6OdFAyEvxhf5xyBFfiZajgUkwlfMMMJ + 4KqoZGTmh+4GTedJDAKClKce1TEQTKrf1ePP+5HhcSKOoPTolMh/Sw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1649y4antwgfe4fu02eppnx5gr0yc3g4lj4kwd6v9guxgxgj06y9qk7l4wl + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUUt4ZCtrU2djKzRkN2h2 + bHpVSk15M2lTVjRrTi9aVmpETjV3UUN6TWlrCk5rdytrYWoxTmJDQmJITVRMa0ZV + UGc3dzhsQlM3T29BenY4VlRqbmdvd2sKLS0tIE9HVmxBMnZOMnUvdFcyNGRjTm1o + V29UVXRKWUhERkYwZ0NsOUZna1ErcWsK3ya1FW0WPKrZ4gMVx9M1eAgj6lQiv++M + TSZmVJfUMyV1OATtg3MSDFqsppN/i7+aQAP2D0G1fzG30/1qYwCsHA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1k085uuy4fv9rfpy0ne6zl9fq0j05a4fykqe26psx2ngxqrcxcu5sksxa9u + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMQUVpUW5CTEFGUVlSeVJa + QVNpUE9uaFV0eWxyQjhjcUFXOTVqN1JwTm1vCmE5dmVuZnFpeWRXbnh4V0J6eHF2 + R3l5ZFhTSitzSnFYbXEvbGoyY2R6WFEKLS0tIEwwWWcydmhPdW1wL083NVJncmF3 + U3lPYm9EZFRUWVhualFNZHhVU1JlQzgKsc4y+hfdGB3WW+NpzvA0RH54Zc46j3zt + 2Pak/SdxiMnHfF0cw9EP/xrGJ15IUUWvDmRu+om0fEMjg+OBOKLXXQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1tpeqfhc4n7swpgzx6qfdfxanx0uqh7nksr7eksnvjea70n8vaf5sntxu2l + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmamp3Uk40ZGRJQW1MUVJS + SUlabWx3Zkd1b0xLMFQ5Y3hUelk1RU1HYW5FCnQ4bG5qRnhQRnlmTm13WXdYUWg5 + ZUVvRlRaN0NSSWhJV002N2pBL28yQXcKLS0tIEQ3bmJnUHNEUThvM2MvQUlDaUV3 + ZXd2T1RmM0l4YzZKaGkrRXc4VXBRVnMKnCp42FU0vQOb9VN/+DbsmNHvZc8lH+Rh + skZvMvTHgpMWTdhHYFWub+CIXZfUrJfy/vSWBvDw6c81r4p1l+Jyfw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1pux20jlyzdexztdmm3lelzn2mslxhuahae4wjy74hkxfytslsfpqj708e2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNHNsYjJoTlhRcUJ5UnZw + eU9tVW9zVW5XRFR2ZUNaKzlieUNmdDNCS1JFCjVJaGoxdFArU09GMXpYMVdZaVk0 + TXpKUHo1cEdXZnpCNXpyRHJnYmRldWMKLS0tIFBnSktZWmp3M2NJbVAwTy94bnVx + YVlwaEZ0Z09aNFo0OCt1dUxpYzdiZEUKDHKAZYVC9ON48i9p5DZDopgm9afSg069 + m3mq5d+aBZIrnSdwgIuvyPJH+L8clIUXcJ47QH9ML/4MsFk+d4xvpA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1f5039syajzz75s9lkdzwnv2dsvlcp69puuaucgwt05sqjdl7hels25nsfr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0bm15TmhpRXg5V05qWmRn + UExicGhXZ0ZWNUxPTUM3OEV2U1JveGRUQ1RVCkpaMXZwVUxiT0pQRkFFSjBMRnFw + RnJJalBrSTR5V3IvUnU2a2hWSmM0ajAKLS0tIDJ6ZWpiVlBBdDBxWnhZT2lyRi81 + dCtqV1ZwQVlHWFgvTkN4eTZmSG5XMzgKKAPm8crJXBvCAIgTCcpLBi74Fq/AT7Uo + SREKHWpC3pLtNyfgHuEhm3lCYmyZyxTsZFd/2ezAjqtQZAf29EEUjg== + -----END AGE ENCRYPTED FILE----- + - recipient: age19m6f3xtkdf3gwxqxgp9w9gyla4hk24f85l2tyjx6dxu0akzux3cs657dhz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvbVhvQlZDWXhmMXpnaDBk + YUFwMkhwRDlkMXhjS1NJSVR3QWhBNDY2c0VFCklMaTBaKzQvRjdLQjFlelpkY2Ra + R0E3NjNVV1pPOG02WnhLdHhqRytPdlkKLS0tIFBFQlpWL0FEUWNGOThzNW1RdG9S + V2lSdVpweWZKM3VYZ01hclV4ZENZbTQKMQ3/EZk82q4oGnFJb49+X5uQzuTji8qV + K61/vy40g/1f8wgpJwjvGCHx7VyzsBp4lhXiLODMIW6ubp5kAU4r9A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1en6vdtxspam9s3nmsyfrcrxzrzu4t9v72ztqyekpzsc35rd06a2sza7ehw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuVVJSRmZucDc1Vk5HZ0py + NS9BcDlLRkpyYitmd0hZdlVOaFgxS3JyR1ZJCkVBajVBTjlWamNMNFYza2xWaitx + V2loazBmaE5kVWRoVWwvR2NQa3Mwb1EKLS0tIFZYNGNRc00rUGlDT2tGUFlCcDc3 + aFB3SmpjVFVBc3lPWmMyM29URHpaUzQKguiKNjvJayezQ2tAqmFSgA8tY/6tx1Pb + OeB5cBtSyXfdZhL8HGYAqiIph9zbO3NId7icJsZ11YTW6XHHr1P7gw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1vujvq5rdzppkkdhkwyhnl6xhuvm8s5yf2wc8ke05m8jwrdwsdf0qfx5w4r + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1aDJ5UkM1WENoUDZOUld3 + ZXpTdWJjQzVhNEI4RGs4UlhyVytBcmcwbUdBCkxhNnlzSm5yS21zVVNoSmc3VmJF + REE1YXpFSWtPcVhzMnFGckpLZUxQR2cKLS0tIE5DWGFKNUxRZnpFNGpMS0xxVVhq + OWIwRXBXMmxHN09pZVcyNElQZVhFWUUKAN0Yd2/RB0ZjE0BGZnVY+bCSEQXVpZrS + DwsxXlldtJLVebLxthPaXcPI4UmUFYSPFYWDPijjxQ7gbRYnOsV1eA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1uyuudfya8etgztlt6hlssr9hkstyyhg65wdq3pj9rud2czzkaqqssg7yvp + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNaVNQeVd3c0JKakhEWWE0 + ZDNjUitGaUVxM3h0UjF4Z2ZVR0w2L2xKTlRzCjhVVERodmpFVXF6Tnp5N011Tk9J + TVR2akpwRlBKOEs0T3loa0p1cGU5c1EKLS0tIEh5TGYrZ0c3MjQ0bDlsb3J6UGls + VWRsQy9BeU1rTmUxd0xwZHA2MjMrZmcKPI2g7B4Ylmbq1Z6WHAhdDx43oB/OeIKY + MKpwZ985JUrxwwiM0UC9DfNYaM9ScUf4l3qHFPHjh+N899rf7nW3zA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-12-13T09:05:22Z" + mac: ENC[AES256_GCM,data:Jg/J4ulZtAI7Kfeb8/ccmG3hV+2TF/5kTcwNRr6llVORVBZ0cGeJz5TvhqwHsSf3TRwgzS50RHWtbJ//TadWrYbf+EInV92mT+ybVO/p6ek0jiqRV9Kto697YnjjtMG1uJcIazWhShT4UTg6PNlAtRzBA3759tnw2aj0hCNH9QE=,iv:hu1m3GdLiwyVZDrlh/p63hGCaJgXIHuVnxzPKskj9Io=,tag:NW+d9m+eTgkb9Uea5aurSw==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/secrets/default.yaml b/secrets/default.yaml new file mode 100644 index 0000000..827123c --- /dev/null +++ b/secrets/default.yaml @@ -0,0 +1,115 @@ +default: ENC[AES256_GCM,data:hblL4UM//g==,iv:pu+XlfdZl8XZFk16iwV5juImHosUfOhZJ54UAzi9iwo=,tag:8h2ybkmNoqUT85L2JfXLrA==,type:str] +sops: + age: + - recipient: age1xjnkqv32a5nqftw6pqthapnzmgjl4lnqfpxy9utqm56yzm2mvfhqzch648 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJWUtjYmxwWVJtekY5RTcz + Yno1M0Z6RnRYRkowRmVWMWVTNWRTc0RWWWprCjlRZ0dVYnkzaU1CTmljR2VxVDZX + a1lzNUNCb0FrdGhvcUV1NTUxa0RRMG8KLS0tIG9PVWMzbHA4Q2YrbTQ2cWFpTU1F + NE9TN3QyNEZEM1BoeFFSRHZqUmF0TlkKSvm5PXarwX2/034Y2LThEVQWgGm4emWU + abvCD566vlA+MZdRx0CUo1S8xqXDse9inAwroPs3nZ2TabtvCAqNGA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1a5aqj3jr3rqpjet9a7y077ak0ymstjjdnyfgn5m2ad4l2yuxr4aqym7d3d + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4Y2J5a1V5Q1U0eVZPOGlB + R2dBcElMQ0kwQUJCTkJuT0J2Tm9ETVlNcUYwCm0wbndXdFBZUllRZm5zdEVEczl4 + b1NYVXFqVlhTb0R5YTZSUnBlMGNYSkUKLS0tIGJXOUNYV0NNZUlnd3I2OUhjSCs0 + QzA3SXcwQmI4WE5qTElVWFhmRVhyN28KE2br0ZBj8dUep8O6hf0W1mrOXTDhTq/X + xR6zx93tpGdqg+jT0BS+7GMaxj4jM5VMmrTYQrIZc0g9ah34AbFT6g== + -----END AGE ENCRYPTED FILE----- + - recipient: age1g45zy9m5g4e20cjejgd3x40722rlddgkmhtddrl8wyf63kt5kg7s9ke390 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyQzl1MWtYczd5aEpacFNZ + elpwaC90d2xTWUFJeGdMTjkxSVhZTUU4a3hnCnFOZ1ViS0hqbW45aU0vajh5NjVv + VmNYcmNGT21lMDl4QnljOS9oSHNpTjAKLS0tIGpndTNQU21PSVU1UzErTjFtOVYw + ZU1IRWdacUtKeEloQjM0TFU3Q1A0OUkKiFY+UfTgGtPuQBuHfmRKEVV6nyi7ggLT + x81Gl5COm0zCuXJuQw5FQutFXnYRC/9ndlNpO1HmrDHnEDp1osdNqg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1649y4antwgfe4fu02eppnx5gr0yc3g4lj4kwd6v9guxgxgj06y9qk7l4wl + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSUnFJVWNYYlNLSk1xbFYy + WGlBYzZHYVc5USt2eXNKdzlabWhYMWExZTFvCmZTeTJxWVhISWt5cjBwT3gvcnJ6 + QzNRL0lFUGcraURLVnBGQXpXUzFiVG8KLS0tIEpobkwvaHBRU0FjQ3NIWDc2bWRj + ZWpwYURSc2dGTzJGaWgrWDRKZlRDZzQK0BZeC4JAbP8sHVy48O5rTyojRIkL8SUe + JPTYEa/wIDWOgp9Kkxa6QwVMr061pdEnIF6pal2efJjtvS0Q8JaegQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1k085uuy4fv9rfpy0ne6zl9fq0j05a4fykqe26psx2ngxqrcxcu5sksxa9u + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQVzUwSkQrTGhBQ1VVR25D + ZU5BY1NnUVVhVTJ2VUxPTWpqVXNhQWhpc0dnCk5EQ3JYdmUvQWo3QzdqcXVaN2Q4 + ODFIeVhZWFAwV0hvUm5UTyt3VEZ3NFUKLS0tIElZL2NqQTY0dGJzVjJNWEh2U0pp + Nk94MldCTnZQRG00S1NGZWlsbmxLencKkeUHuYFIwQYdAAwfBcJ4F/1oR8mQfK9t + ka9WdGJZ+w2UDU0zOdkaD01lnqHenV/MhkzQ+SYnFEETDNLWt+OkwQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1tpeqfhc4n7swpgzx6qfdfxanx0uqh7nksr7eksnvjea70n8vaf5sntxu2l + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWdktET3FCUmw2TVhSWXcv + MTlHYlR2KzhPS2ZrdHA5ekcxZVZSc1JNM3lVCndQZUFKTFJFZG1GVWJvWllobGJU + eERoSmFMZWh5ZmZHM3Z3UWc5aVpab0EKLS0tIFIrdkdyaHg1NFVpM1JGWlBSWWpu + N0Q4YzZCbmd6bUc0U3FaZ3lLNUJOTXMKHC/emqz88i9dq+rWaw7Lh92pdu2D1aDD + K7G4d5AgRuSZxPWxwQMGTsCS3arsex0KrxdWE2ksZYTwVdi5CU3zTA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1pux20jlyzdexztdmm3lelzn2mslxhuahae4wjy74hkxfytslsfpqj708e2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM1BWd08zNFNPdTlUa1Vt + TzBJcDNIbHl3aXFUMXpkMmE1ajVwVFcrUVZBCkFDUnEyRktNRDlLdmFZT3Y0cVNT + UCtQQmhjT2hvbWdSOGh1WkMxcFFBWGMKLS0tIE1NQ3AraGVxVUxvZUVDOC9NY2xE + UHJZOWp6RmU2SFR4bU5hTDJnbHo5Rk0K/6Loz0GabBTy1VxePYwiuDtFCiDniGTv + RP7SKgMbN0SUjeaXwTmksC9DmfhWzXwDJqh/n/cNrtE2yuKR2AGzQA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1f5039syajzz75s9lkdzwnv2dsvlcp69puuaucgwt05sqjdl7hels25nsfr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6d1lFaGxEOElxYjBVV2w5 + dVJyUnNveklTbXJQSzA4UlVHYTlWZUUyVlIwCnRwS1RTejAzNllHdWVaYU5tZXhq + bzZVcnpjYXBhWFFnWjY1cFhQZ0JuZ3cKLS0tIE1zYWlJTTV2VWRma2JjWlRZZ2Ro + NitqbEFuUENKaDZWY2dVRU9tWUF4b1kKAZAVyohLFZPMC0O6AF7GUXaE/8Q9bF2s + o1rS/8Cg0KqmalQ992wSMjUj1Z0y+najuaF6Kp9r2Q+6b9IVe7HQFA== + -----END AGE ENCRYPTED FILE----- + - recipient: age19m6f3xtkdf3gwxqxgp9w9gyla4hk24f85l2tyjx6dxu0akzux3cs657dhz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzN01Db01QMVdudC9idjBm + N3B4a3hUR2ZNYUQzL3RVVlQvelFFNUZFTlhFCnpaMDFpcVpkcThFanJRcEVxOFNP + cC9xL29MVTd0R1FUQzMzazVoNDUvMkkKLS0tIEVYRTlZSkVUcmZIVWJ2dmlBVGxq + R0E2MmdSZDFPTG9WMmhzT0dRYWRkclkK6Hg6rNuEhWb1PLA8z5l2YPDBMXxo0VwA + GrpQjbrcFKXTxOpi9FU5m1Dy0HSkEkUnmcFiVr98g6xJwWQjp9Xduw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1en6vdtxspam9s3nmsyfrcrxzrzu4t9v72ztqyekpzsc35rd06a2sza7ehw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoQ0tJRDYzMDQvdVBDZ1ZD + NjJyc2x4NFhhd3oycjRxSFZhaHZTN25kc1NFCldvMy9IWUNadzRNWFh0QVQrczhB + aFhyd1d3cWlad3RCWVN0VWQzNkU5eWsKLS0tIDZSbmxLbnNTYmJhL0l6L1JwRWFN + ZUQ4cVlyL3VYQ0RFdHgvalFnWnU1Z1EKTkQZ14qvVykxfkD1smBd7aXzqji4sUGi + dI0PoKWAy4rqVbNMsNTOutNk8KMxJG+d9Qw947W2O7fA2XIY7/hnug== + -----END AGE ENCRYPTED FILE----- + - recipient: age1vujvq5rdzppkkdhkwyhnl6xhuvm8s5yf2wc8ke05m8jwrdwsdf0qfx5w4r + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiQnNCR2w4YjlzUSt5bDE3 + c0VMWmQ4M00zMVErd21DYnlPb0JtelFDeml3CjNGV1ZJMVZOTFNpT1RSc3FXV0No + d25GUGVzTi9WWlVDeWRzd3BDOXNHb1UKLS0tIHFVdVRRb2l4YjlaY0NlUFpiRmxs + aE91WkxSYittL2Y5aWZBUFpYS0tzR28KK7B4TLpgtcRj8zttl/oHaYuedm2r8LDd + 6C/cMrD+hQEb45OiDcn4V1L444vwbAZJvzgoiQWem6+1Wvepqe+P0A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1uyuudfya8etgztlt6hlssr9hkstyyhg65wdq3pj9rud2czzkaqqssg7yvp + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmbjJKSGlLbFBCd011bHBG + emM4MVJCKy9UejY3M0E4VWFKTDFUeGZQQkVFCk1ZTkpUYm5adVZOU1hpR0xqOUdi + ZXppQ3lFdlBxQWdRdW9TbUFkcDJFbG8KLS0tIEhycFp1WGRCVUxBVzJRamptYnli + dW1YMTBIa202Tkp3WC9KRUhTckFCMUEKgUhihP1CN+kNOcbtfsr/gofI0tVzMVwo + 4aQPOxmvp3gyKdvPtUUTxJ3QrZ3laAHcVmsxPjEPnaAjfmGSUZh/YQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-12-13T11:02:46Z" + mac: ENC[AES256_GCM,data:roAByCemPPNz6kkAX1nOL/TU3p2Jv67paQKlouek40FEf5cwVRMmygKDhs1vV8ZO4Ot0xGjXwiq+ylD0aSzbzvdcD/gG+cZ67XpqcW7CQMMtCrQ3Rt+U7q4rxyUeR55VxJdusjwtPp8qPVutKNJlebOUdBgaSKzDzwbnRppDUxk=,iv:PZVwlU3uUO+hHisHaoQAAfcBR2jlB0UHSU7ZFRXYfPo=,tag:0hPLfuSoSLRR1LiOWHFpfQ==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/users/caperren/caperren.nix b/users/caperren/caperren.nix index be3bde6..6637d7e 100644 --- a/users/caperren/caperren.nix +++ b/users/caperren/caperren.nix @@ -25,8 +25,8 @@ in "wheel" ]; openssh.authorizedKeys.keys = [ - sshDesktopPubkey - sshLaptopPubkey + sshDesktopPubkey + sshLaptopPubkey ]; }; @@ -58,6 +58,8 @@ in }; }; + programs.ssh.enable = true; + # Assets/scripts home.file.".config/streamdeck-ui/icons".source = ./dotfiles/streamdeck/icons; home.file.".config/hypr/scripts".source = ./dotfiles/.config/hypr/scripts; diff --git a/users/caperren/dotfiles/hyprland/cap-slim7/hyprland.conf b/users/caperren/dotfiles/hyprland/cap-slim7/hyprland.conf index 0e746fb..be138f4 100644 --- a/users/caperren/dotfiles/hyprland/cap-slim7/hyprland.conf +++ b/users/caperren/dotfiles/hyprland/cap-slim7/hyprland.conf @@ -6,4 +6,7 @@ source = ~/.config/hypr/hyprland-common.conf # Application launch exec-once = brightnessctl -sd platform::kbd_backlight set 1 -exec-once = brightnessctl -s set 30% \ No newline at end of file +exec-once = brightnessctl -s set 30% + +# Privacy +exec-once = sleep 10 && ls /dev/video1 &> /dev/null && notify-send "Laptop Webcam Enabled" "Please disable if not being used." -t 20000 \ No newline at end of file diff --git a/users/caperren/dotfiles/kanshi/cap-slim7/config b/users/caperren/dotfiles/kanshi/cap-slim7/config index 64359a7..c5ca0bf 100644 --- a/users/caperren/dotfiles/kanshi/cap-slim7/config +++ b/users/caperren/dotfiles/kanshi/cap-slim7/config @@ -5,16 +5,17 @@ profile builtin_only { } profile bedroom_desk { - # Top left to right + ##### Top left to right output "Dell Inc. DELL P2411H F8NDP11G0DVU" enable position 0,1280 output "Acer Technologies CB292CU 2217018D42410" enable position 1920,0 transform 90 output "Dell Inc. DELL P2411H F8NDP097114U" enable position 3000,1280 - # Bottom left to right + ##### Bottom left to right output "Aculab Ltd Digital Unknown" enable transform 270 position 0,2360 + # Primary monitor, which wayland doesn't have a concept of output "Hewlett Packard HP Z27n CNK7311DRR" enable position 1440,2560 output "Aculab Ltd QHD270 Unknown" enable transform 90 position 4000,2360 - # Far bottom right (laptop itself) + ##### Far bottom right (laptop itself) output "BOE 0x0A9B Unknown" enable position 5440,2360 adaptive_sync on } diff --git a/users/caperren/dotfiles/streamdeck/.streamdeck_ui.json b/users/caperren/dotfiles/streamdeck/.streamdeck_ui.json index 9aee6d7..4f098b3 100644 --- a/users/caperren/dotfiles/streamdeck/.streamdeck_ui.json +++ b/users/caperren/dotfiles/streamdeck/.streamdeck_ui.json @@ -179,7 +179,7 @@ "icon": "/home/caperren/.config/streamdeck-ui/icons/btop-logo.png", "keys": "", "write": "", - "command": "bash -c \"kitty --single-instance --detach bash -c 'kitten @ launch --type=window --title btop btop ; kitten @ launch --type=window --title nvtop nvtop'\"", + "command": "kitty -e btop", "brightness_change": 0, "switch_page": 0, "switch_state": 0,