organization p2

2025-06-08 18:47:39 -06:00
parent 8a02320f12
commit 5593b85524
10 changed files with 48 additions and 22 deletions
--- a/config/jawz.nix
+++ b/config/jawz.nix
@@ -0,0 +1,104 @@
+{ config, ... }:
+let
+  inherit (config.networking) hostName;
+in
+{
+  sops.secrets =
+    let
+      baseDir = ".ssh/ed25519";
+      keyConfig = file: {
+        sopsFile = ../secrets/keys.yaml;
+        owner = config.users.users.jawz.name;
+        inherit (config.users.users.jawz) group;
+        path = "/home/jawz/${file}";
+      };
+    in
+    {
+      jawz-password.neededForUsers = true;
+      "private_keys/age" = keyConfig "${baseDir}_age";
+      "public_keys/age" = keyConfig "${baseDir}_age.pub";
+      "private_keys/${hostName}" = keyConfig "${baseDir}_${hostName}";
+      "git_private_keys/${hostName}" = keyConfig "${baseDir}_git";
+      "syncthing_keys/${hostName}" = keyConfig ".config/syncthing/key.pem";
+      "syncthing_certs/${hostName}" = keyConfig ".config/syncthing/cert.pem";
+    };
+
+  home-manager.users.jawz.home.file.".librewolf/.stignore".source = ../dotfiles/stignore;
+  services.syncthing = {
+    enable = true;
+    user = "jawz";
+    group = "users";
+    overrideDevices = true;
+    overrideFolders = true;
+    key = config.sops.secrets."syncthing_keys/${hostName}".path;
+    cert = config.sops.secrets."syncthing_certs/${hostName}".path;
+    settings = {
+      devices = {
+        server.id = "BG6PF7S-KATABWO-7WAZFMX-6YO7IS3-WQTMR3M-VSOSV7V-HFFMNNH-BFX2EQ4";
+        miniserver.id = "HDYEGIR-GFU7ONK-MOOJUFH-N3L3XHX-SXWN3FI-O23K6LD-BJENQK5-VIPV2AT";
+        workstation.id = "4E4KJ6M-MSTNBVF-D7CNHDW-DUTB3VR-SXKZ4NH-ZKAOMF5-V24JECJ-4STSZAA";
+        galaxy.id = "UAZ5YDV-YUFBXOY-QMS6S6R-WPIIKZI-4OPPW5L-G4OVUPO-YW5KFYY-YASRAAV";
+      };
+      folders = {
+        cache = {
+          path = "~/Downloads/cache/";
+          ignorePerms = false;
+          devices = [ "galaxy" ];
+        };
+        gdl = {
+          path = "~/.config/jawz/";
+          ignorePerms = false;
+          devices = [
+            "server"
+            "miniserver"
+            "workstation"
+          ];
+        };
+        librewolf = {
+          path = "~/.librewolf/";
+          ignorePerms = false;
+          copyOwnershipFromParent = true;
+          type = if config.networking.hostName == "workstation" then "sendonly" else "receiveonly";
+          devices = [
+            "server"
+            "miniserver"
+            "workstation"
+          ];
+        };
+        notes = {
+          path = "~/Documents/";
+          ignorePerms = false;
+          devices = [ "galaxy" ];
+        };
+      };
+    };
+  };
+  users.users.jawz = {
+    uid = 1000;
+    linger = true;
+    isNormalUser = true;
+    hashedPasswordFile = config.sops.secrets.jawz-password.path;
+    extraGroups = [
+      "wheel"
+      "networkmanager"
+      "scanner"
+      "lp"
+      "piracy"
+      "kavita"
+      "video"
+      "docker"
+      "libvirt"
+      "rslsync"
+      "plugdev"
+      "bluetooth"
+    ];
+    openssh.authorizedKeys.keyFiles = [
+      ../secrets/ssh/ed25519_deacero.pub
+      ../secrets/ssh/ed25519_workstation.pub
+      ../secrets/ssh/ed25519_server.pub
+      ../secrets/ssh/ed25519_miniserver.pub
+      ../secrets/ssh/ed25519_galaxy.pub
+      ../secrets/ssh/ed25519_phone.pub
+    ];
+  };
+}