✨ Finish sops-nix configuration, update README and more

2025-09-09 20:30:05 +00:00 · 2025-05-22 02:08:17 +02:00 · 2025-05-22 02:08:17 +02:00 · d7a1a9ffbd
commit d7a1a9ffbd
parent 6dc0e02a92
12 changed files with 111 additions and 17 deletions
--- a/modules/flake/default.nix
+++ b/modules/flake/default.nix
@ -1,11 +1,11 @@
 {
  imports = [
-    # Exposes nixosModules and homeModules on flake outputs.
-    ./modules.nix
-
    # Automagically imports libs from "/lib/lib-name" and exposes them to the `flake.lib` output.
    ./lib.nix

+    # Exposes nixosModules and homeModules on flake outputs.
+    ./modules.nix
+
    # Automagically imports systems from "/systems/arch-classname/system-name".
    ./systems.nix
  ];
--- a/modules/home/app/zed/default.nix
+++ b/modules/home/app/zed/default.nix
@ -3,7 +3,6 @@
  pkgs,
  self,
  config,
-  osConfig,
  ...
 }: let
  inherit (lib) mkEnableOption mkIf;
@ -16,12 +15,6 @@ in {
  };

  config = mkIf cfg.enable {
-    sops.secrets.wakatime-cfg = {
-      format = "binary";
-      sopsFile = "${self.outPath}/x86_64-nixos/${osConfig.networking.hostname}/secrets/wakatime.cfg";
-      path = "/home/${config.home.homeDirectory}/.wakatime.cfg";
-    };
-
    home.packages = with pkgs; [
      alejandra
    ];
--- a/modules/home/security/sops/default.nix
+++ b/modules/home/security/sops/default.nix
@ -1,5 +1,5 @@
 {config, ...}: {
  sops = {
-    age.keyFile = "/home/${config.home.username}/.sops-nix/key.txt";
+    age.keyFile = "/home/${config.home.username}/sops-nix/key.txt";
  };
 }
--- a/modules/nixos/archetypes/workstation/default.nix
+++ b/modules/nixos/archetypes/workstation/default.nix
@ -14,6 +14,11 @@ in {
  };

  config = mkIf cfg.enable {
+    environment.sessionVariables = {
+      MOZ_ENABLE_WAYLAND = "1"; # Firefox native Wayland support
+      NIXOS_OZONE_WL = "1"; # Native Wayland in Chromium and Electron based applications
+    };
+
    ${namespace} = {
      # Basic system functionality
      system = {
--- a/modules/nixos/system/nix/default.nix
+++ b/modules/nixos/system/nix/default.nix
@ -38,6 +38,8 @@ in {
      package = mkIf cfg.use-lix pkgs.lix; # Enable LIX
    };

+    nixpkgs.config.allowUnfree = true;
+
    # Dynamic libraries for unpackaged programs
    programs.nix-ld = mkIf cfg.use-nixld {
      enable = true;
--- a/modules/nixos/users/default.nix
+++ b/modules/nixos/users/default.nix
@ -21,6 +21,7 @@
      isSystemUser = self.lib.mkBool false "Whether this user is considered a system user.";
      initialPassword = self.lib.mkOpt (types.nullOr types.str) null "Plaintext insecure initial user password, only recommended for testing.";
      password = self.lib.mkOpt (types.nullOr types.str) null "Plaintext insecure user password, only recommended for testing.";
+      hashedPasswordFile = self.lib.mkOpt (types.nullOr types.str) null "Secure, hashed user password stored in a separate file, recommended for production.";
      extraGroups = self.lib.mkOpt (types.listOf types.str) [] "List of additional groups this user belongs to.";
    };
  };
@ -48,6 +49,7 @@ in {
    users.users = lib.mapAttrs (username: userConfig:
      mkIf userConfig.enable {
        name = username;
+        hashedPasswordFile = userConfig.hashedPasswordFile;
        inherit (userConfig) isNormalUser isSystemUser initialPassword password extraGroups;
      })
    cfg;