From 042d02690170d5c1d6e1a18ad78bcf5962821d7c Mon Sep 17 00:00:00 2001 From: Jo Date: Wed, 25 Jun 2025 22:54:45 +0200 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20Add=20Dr.=20Frontend=20user=20for?= =?UTF-8?q?=20work,=20cleanup=20nixos=20modules?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .sops.yaml | 5 ++ homes/x86_64-linux/drfrontend/default.nix | 50 +++++++++++++++++++ .../drfrontend/secrets/wakatime.cfg | 19 +++++++ modules/nixos/users/default.nix | 3 -- systems/x86_64-nixos/puzzlevision/default.nix | 11 +++- 5 files changed, 84 insertions(+), 4 deletions(-) create mode 100644 homes/x86_64-linux/drfrontend/default.nix create mode 100644 homes/x86_64-linux/drfrontend/secrets/wakatime.cfg diff --git a/.sops.yaml b/.sops.yaml index 68f0d8b..7112fb7 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -23,3 +23,8 @@ creation_rules: key_groups: - age: - *jo + + - path_regex: homes/[^/]+/drfrontend/secrets/.*\.(yaml|env|json|cfg)$ + key_groups: + - age: + - *jo diff --git a/homes/x86_64-linux/drfrontend/default.nix b/homes/x86_64-linux/drfrontend/default.nix new file mode 100644 index 0000000..5ba3c81 --- /dev/null +++ b/homes/x86_64-linux/drfrontend/default.nix @@ -0,0 +1,50 @@ +{ + pkgs, + config, + ... +}: +{ + puzzlevision = { + themes.catppuccin.enable = true; + apps.zed.enable = true; + apps.firefox = { + enable = true; + extensions = [ + "uBlock0@raymondhill.net" + "ATBC@EasonWong" + "languagetool-webextension@languagetool.org" + "firefox-enpass@enpass.io" + "firefox@tampermonkey.net" + "wappalyzer@crunchlabz.com" + "{7a7a4a92-a2a0-41d1-9fd7-1e92480d612d}" + "{d49033ac-8969-488c-afb0-5cdb73957f41}" + ]; + }; + }; + + sops.secrets.wakatime-cfg = { + format = "binary"; + sopsFile = ./secrets/wakatime.cfg; + path = "${config.home.homeDirectory}/.wakatime.cfg"; + }; + + home.packages = with pkgs; [ + ## GENERAL + ghostty + teams-for-linux + enpass + youtube-music + + ## WEB + ungoogled-chromium + + ## EDITORS + jetbrains.phpstorm + + ## RUNTIMES and CLIs for development + bun + git + ]; + + home.stateVersion = "25.05"; +} diff --git a/homes/x86_64-linux/drfrontend/secrets/wakatime.cfg b/homes/x86_64-linux/drfrontend/secrets/wakatime.cfg new file mode 100644 index 0000000..a7c2224 --- /dev/null +++ b/homes/x86_64-linux/drfrontend/secrets/wakatime.cfg @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:UAADE/aH98MYyfxL3ZkZ06lHHTRmmRVuOhiqEyF6DP35sGTC7Mpqe++MTYBDFrD4Rraeao9T2tcu3sL22p9SW9jF7Y2L1YZ9zKKUyP2y+G8PN25GqXWaNwJQG/hxcKs8km448g==,iv:SkyBC+VkwccprAomhXUzdmSQuBDfFn22MKJwjV9ZSzo=,tag:m/uUcl9r3GW3QYCajoAhYw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1qcjcwh9tq8pzf2yr7m3hm2n3n3y5rlc30fpkr0eytju9w57ucgcsgcy79d", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5VmtTRHo4NWVuU2tiZTc5\nWUVyeU54ZmtZbi9uUWNablIxSm9aZ3hadjBnCmNiVlBXS2lEbE00VFl6QVRlQk92\nMFI0TVBMVDZiQXg3VzZTaVNEd2RROTQKLS0tIEg3aGwvWXgvVldGTjZFaS95dEVP\nUmZHaGFaNndDRWY5cXBJeGY4TVVqbTgKeFTClhSmX5IQ5+7DXk4HEwTAv4uB/HCl\nVeoKUNaTHme60hWE/J12B2PvxtRa+f6diDMFg11mQkPOZwyEcQWMpg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1ajkq0lalyc75tjhdtpx2yshw5y3wt85fwjy24luf69rvpavg33vqw6c3tc", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnK1NtOE9tZ0poRjdkOTBi\nbWFQbGovY1VvRDN4clJmRGdTSHlzQk5JSmtrCitSc3hnb21CMVVuclZ2YndIOWRk\naDduM3VadDBaWFRDRElZSWlUaXdUZGMKLS0tIEJOUEFoS3ZJQWtkNGFQNk1CdGxI\nSmRFQ25TSXY1S0FHQmhUbWNsT1Z2c2sKBTV2WEW+HynmrrPza8gsIQAK2V3HhYfJ\nrG6rjnzMONd+0Q6Z0KBqgoMfCTjWE9CBnm78DL16u9pRH3CwhpKabg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-05-22T18:30:26Z", + "mac": "ENC[AES256_GCM,data:/aZOXw2xgQ8UZG5TIWXwHZjlofa08WM2XpPhXUbf2qrx0yyhEyZrtibalCIDdUGgzaZjt8b+qrZqgNE9o+HCUNVX9fU9yCXRL1kpksz9e6HV4S+KIrdHnEFtuRt7r8nP29BotLYoP9KKbA57lL5SYJgPINHq11CAiQLU6A8W8YI=,iv:0zvQe2wRd/qKjrqinc9kgP8RSl47xxD0LofREiK8XOc=,tag:eWhtD/X3CPHTlEZPgp0cjA==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/modules/nixos/users/default.nix b/modules/nixos/users/default.nix index b5efd31..a4b2de2 100644 --- a/modules/nixos/users/default.nix +++ b/modules/nixos/users/default.nix @@ -61,9 +61,6 @@ in }; config = { - # TODO: fix this - #nix.settings.trusted-users = ["root" (lib.forEach cfg (username: toString username))]; - # Manage users declaratively and map userConfig to users.users by name; users.mutableUsers = false; users.users = lib.mapAttrs ( diff --git a/systems/x86_64-nixos/puzzlevision/default.nix b/systems/x86_64-nixos/puzzlevision/default.nix index ac5e4e5..8b96486 100644 --- a/systems/x86_64-nixos/puzzlevision/default.nix +++ b/systems/x86_64-nixos/puzzlevision/default.nix @@ -19,11 +19,20 @@ ]; }; + users.drfrontend = { + enable = true; + hashedPassword = "$6$mvK9bT756Aok54Vt$vBRnT66Vb3HL0Y5rEMJlHvKkvzVQ.KUciInTmW3FCBFT00IuFMpz3q9RhXPLTLMRPho65bTg9hMnFPb84I774."; + extraGroups = [ + "wheel" + "docker" + ]; + }; + archetypes.laptop.enable = true; }; networking.extraHosts = '' - 127.0.0.1 dev.bl-projekte.de + 127.0.0.1 dev.bl-projekte.de ''; # Configure 8GB SWAP partition