From 8096a7cd4cefcc01f18399ec9aa75aaa0932bff9 Mon Sep 17 00:00:00 2001 From: Danilo Reyes Date: Sun, 16 Jun 2024 14:03:37 -0600 Subject: [PATCH] yt-dlp set to unstable + godot disabled --- .sops.yaml | 7 +++++++ base.nix | 18 +++++++++--------- flake.nix | 23 +++++++++++++--------- modules/apps/art.nix | 5 +++-- modules/scripts/download.nix | 27 +++++++++++++------------- overlay.nix | 1 + secrets/secrets.yaml | 37 ++++++++++++++++++++++++++++++++++++ 7 files changed, 85 insertions(+), 33 deletions(-) create mode 100644 .sops.yaml create mode 100644 secrets/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..88f84c7 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,7 @@ +keys: + - &primary age108r3re0uqhcqvrqsfc5mr2xd36e4drqulzgc7nzy59rkmpa87qgs0zjck0 +creation_rules: + - path_regex: secrets/secrets.yaml$ + key_groups: + - age: + - *primary diff --git a/base.nix b/base.nix index 071ed7a..c305a4c 100644 --- a/base.nix +++ b/base.nix @@ -1,6 +1,7 @@ -{ lib, pkgs, inputs, outputs, ... }: { +{ lib, pkgs, config, inputs, outputs, ... }: { imports = [ inputs.home-manager.nixosModules.home-manager + inputs.sops-nix.nixosModules.sops ./modules/apps.nix ./modules/dev.nix ./modules/shell.nix @@ -10,6 +11,12 @@ ./jawz.nix ]; system.stateVersion = "24.05"; + sops = { + defaultSopsFormat = "yaml"; + defaultSopsFile = ./secrets/secrets.yaml; + age.keyFile = + "${config.environment.variables.XDG_CONFIG_HOME}/sops/age/keys.txt"; + }; home-manager = { useUserPackages = true; useGlobalPkgs = true; @@ -69,14 +76,7 @@ "https://ai.cachix.org" "https://cache.lix.systems" ]; - trusted-public-keys = [ - "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" - "nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU=" - "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" - "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" - "ai.cachix.org-1:N9dzRK+alWwoKXQlnn0H6aUx0lU/mspIoz8hMvGvbbc=" - "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" - ]; + trusted-public-keys = config.sops.trusted-public-keys; }; }; documentation.enable = false; diff --git a/flake.nix b/flake.nix index 728f9f2..dd79d35 100644 --- a/flake.nix +++ b/flake.nix @@ -4,13 +4,18 @@ nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-24.05"; nixpkgs-unstable.url = "github:nixos/nixpkgs?ref=nixos-unstable"; nixpkgs-master.url = "github:nixos/nixpkgs?ref=master"; - home-manager.url = "github:nix-community/home-manager/release-24.05"; - home-manager.inputs.nixpkgs.follows = "nixpkgs"; + home-manager = { + url = "github:nix-community/home-manager/release-24.05"; + inputs.nixpkgs.follows = "nixpkgs"; + }; nix-gaming.url = "github:fufexan/nix-gaming"; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; - outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-master, home-manager, ... - }@inputs: + outputs = { self, nixpkgs, unstable, master, home-manager, ... }@inputs: let inherit (self) outputs; lib = nixpkgs.lib // home-manager.lib; @@ -21,14 +26,15 @@ config.allowUnfree = true; }; pkgs = makePkgs nixpkgs; - pkgsU = makePkgs nixpkgs-unstable; - pkgsM = makePkgs nixpkgs-master; + pkgsU = makePkgs unstable; + pkgsM = makePkgs master; in { inherit lib pkgs; formatter = pkgs.alejandra; nixosConfigurations = { workstation = lib.nixosSystem { inherit system; + specialArgs = { inherit inputs outputs; }; modules = [ ./hosts/workstation/configuration.nix ({ pkgs, ... }: { @@ -36,10 +42,10 @@ [ (import ./overlay.nix { inherit pkgs pkgsU pkgsM; }) ]; }) ]; - specialArgs = { inherit inputs outputs; }; }; miniserver = lib.nixosSystem { inherit system; + specialArgs = { inherit inputs outputs; }; modules = [ ./hosts/miniserver/configuration.nix ({ pkgs, ... }: { @@ -47,10 +53,10 @@ [ (import ./overlay.nix { inherit pkgs pkgsU pkgsM; }) ]; }) ]; - specialArgs = { inherit inputs outputs; }; }; server = lib.nixosSystem { inherit system; + specialArgs = { inherit inputs outputs; }; modules = [ ./hosts/server/configuration.nix ({ pkgs, ... }: { @@ -58,7 +64,6 @@ [ (import ./overlay.nix { inherit pkgs pkgsU pkgsM; }) ]; }) ]; - specialArgs = { inherit inputs outputs; }; }; }; }; diff --git a/modules/apps/art.nix b/modules/apps/art.nix index a33382f..8f707ac 100644 --- a/modules/apps/art.nix +++ b/modules/apps/art.nix @@ -14,9 +14,10 @@ blender # cgi animation and sculpting # drawpile # arty party with friends!! ]) ++ (if config.my.dev.gameDev.enable then - with pkgs; [ + with pkgs; + [ godot_4 # game development - gdtoolkit # gdscript language server + # gdtoolkit # gdscript language server ] else [ ]); diff --git a/modules/scripts/download.nix b/modules/scripts/download.nix index a349ad3..263d34b 100644 --- a/modules/scripts/download.nix +++ b/modules/scripts/download.nix @@ -2,19 +2,20 @@ imports = [ ./base.nix ]; options.my.units.download.enable = lib.mkEnableOption "enable"; config = let - download = pkgs.python3Packages.buildPythonApplication { - pname = "download"; - version = "2.5"; - src = ../../scripts/download/.; - buildInputs = [ pkgs.python3Packages.setuptools ]; - propagatedBuildInputs = with pkgs; [ - python3Packages.pyyaml - python3Packages.types-pyyaml - yt-dlp - gallery-dl - ffmpeg - ]; - }; + download = with pkgs; + python3Packages.buildPythonApplication { + pname = "download"; + version = "2.5"; + src = ../../scripts/download/.; + buildInputs = [ python3Packages.setuptools ]; + propagatedBuildInputs = [ + python3Packages.pyyaml + python3Packages.types-pyyaml + yt-dlp + gallery-dl + ffmpeg + ]; + }; in { home-manager.users.jawz = { xdg.configFile."gallery-dl/config.json".source = diff --git a/overlay.nix b/overlay.nix index f122493..e81fdc8 100644 --- a/overlay.nix +++ b/overlay.nix @@ -24,6 +24,7 @@ self: super: { planify = pkgsU.planify; gdtoolkit = pkgsU.gdtoolkit; gallery-dl = pkgsU.gallery-dl; + yt-dlp = pkgsU.yt-dlp; ns-usbloader = pkgsU.ns-usbloader; handbrake = super.handbrake.override { useGtk = true; }; discord = super.discord.override { withOpenASAR = true; }; diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml new file mode 100644 index 0000000..34bdd88 --- /dev/null +++ b/secrets/secrets.yaml @@ -0,0 +1,37 @@ +hello: ENC[AES256_GCM,data:iaYMiyeUzmYeYKXpMwKRT28Jp614HKdx7fsQ7QZxzuYc9zHuh00esynLJcd//Q==,iv:pmJxr3zfAgnoL14/0CFFKjMCjjU2EniKhYJovPhI9pY=,tag:Zsbz4uawFKlMcVsG5iSviA==,type:str] +example_key: ENC[AES256_GCM,data:a/Xa+wgU0+hckjy/mw==,iv:fVXKaFJAefrx4W5LntLh0zSexICELVgL0GH+u8Nkns4=,tag:3l6eFHpmvMf3mPw0crpsOA==,type:str] +#ENC[AES256_GCM,data:blkRYaXzJbMgAHcbGAT7NA==,iv:RzDaYK34wndqc8tWmMnbb/cijoM+slCFMCbAlIpMU+I=,tag:1+VLaYHikd2qr6HAS+/7hw==,type:comment] +example_array: + - ENC[AES256_GCM,data:p+8+4nOxubTUa4UdClY=,iv:DiBZKs/ppOtt8ctXJB9XFe1hirl50infq+QdQ1ZFavg=,tag:dqsE5MTsgFWRaox/6n/4dw==,type:str] + - ENC[AES256_GCM,data:NK9YAwFx0J/DtGuQ/Nk=,iv:ifrQsMlkdMU5qwec2B5XF3QMuYUB2U2wzeJt/GakIhA=,tag:1cOmYU3/gIk5rBST+h6Uag==,type:str] +example_number: ENC[AES256_GCM,data:8cHuCnIF0yIYAg==,iv:hOEsq9SxP8mLEEpqPISKKHomW62dr7aS3COUXRwW9LY=,tag:a7THeOCaocPMtWXhPshPuQ==,type:float] +example_booleans: + - ENC[AES256_GCM,data:xvwzFA==,iv:r4nQYEKz47MTq8kU04Yh7PDcxBzhdbxvjTTZlFrOEXc=,tag:PPCof/KCBDe1kESsnK9vdA==,type:bool] + - ENC[AES256_GCM,data:uPH/zyc=,iv:XN6e4CQtqwbmqw1UswQyrsQFmdgvIn8NXTJ0+b1j1Cs=,tag:NWD3rr0egicjpyu4gc0ZwQ==,type:bool] +trusted-public-keys: + - ENC[AES256_GCM,data:9xdBERP8TN2XbWoe21RCZeOKwiLj3dR5+0WZWi/PPq5ae6PZwa1xEroNb7MEvdrTsoXsGmaVZJenhPjr278cva9Lwtg=,iv:mjpt/5n1Yxu3r0Gnisv6LGpEBVEWiw1dvDJx3huk+VM=,tag:Z411S1ZDa800evWn+NofwA==,type:str] + - ENC[AES256_GCM,data:cx6kiqaE3cya6teZF95W98CL3P6YX9KP+Y0PO2SyJ4dlyuYfReOXgi1Lp3RE0LgXJAuuSpptmdzRzAKHcBJjluoP8d32/iCr,iv:oFW2P0eQKX3/LgN7rrirPo1yS+DSYUJCazmaRiqSU+g=,tag:/098SARlH1Dlrpi/vS7MKA==,type:str] + - ENC[AES256_GCM,data:bb9ZMY8TSkUBqNsQbO/fiBFYgshIiQRWsUGSSARcjCizSkk7HcgPyIa6cJv+iAH9LAY9IZaSIfsybq58qwk3Hg==,iv:rAtxfQOvpTmkxmUEMgOwrgtVnD7XPpux2gHXoYeiZig=,tag:EsFy6/+2oyDHneUbp3uH1Q==,type:str] + - ENC[AES256_GCM,data:fA+bUj8qi7S7JtYZXmvfLZ43EFnRNQ+h+an0lZJzKxVZuMjDtX9+cya4L+dyNOkoxkaMVjkWKNHSNLU9KD1zdX2MlkmCMGS3XdU=,iv:fEtdIfAj37FtkF2fOOkbK6R9mdW4bmFvOvUUdKWRp+k=,tag:Ae/3O4oQbGT0HG+vZUzOOg==,type:str] + - ENC[AES256_GCM,data:z7BwF2kncuzUXCYGPf6zhe0i/tXRBTHZBsIV2kyRRuO7AHLU1fiqES3tUKI8j5WHLB32X5kGa1AGCem1,iv:hVQUBuOqgxUmO7kiCaWabGm1ZwtXUFP3VqZIeHMatxM=,tag:nTWjPr0NyGvgT2reEzAmFA==,type:str] + - ENC[AES256_GCM,data:iaC+cFrmyrizcqabPQy3DiVeiZokwTYRzXRnSdS0BNrA8lcLAbVzb5MEp0zSiUW4hxH/mL5k+gJ36Lf4M8I=,iv:ndkJ4Q9qRWBOQ0vE9rg3FSTlUwwbC5e8NFWop28PW6M=,tag:ude21JgSneGKMkPWcsNpuw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age108r3re0uqhcqvrqsfc5mr2xd36e4drqulzgc7nzy59rkmpa87qgs0zjck0 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxSEhOcXkyM3FXcEJRbkw1 + ejZJcjFDNk9ZTmg5M0pTUVlUc2ExV0ZXREZRCndyaGpxRVdHZXhqOUE2ekh3RzRk + eXlOWUFCeWwxakxGKzZZWFZUaE1id0EKLS0tIGpHdUQ1b2UxWjMybjlyV1NyTnBV + Y2ZFdmtweS9UMHNxc1pxSml2NkJ0UVEKJZXvR1tjkYAb82kOzAc4W6zQZY8NY7FN + h1AZx5rL3KoyX+Pu6EZmjctQT8UN96r3mXen8gxbmGEUmTDGtijnhw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-16T03:08:02Z" + mac: ENC[AES256_GCM,data:6tDrf1YDLkSn5Y/juT/E+U2ZBdwWX1qyKlV9xkeUtJ/5UCVP+/NfZEuWgMQmhzMz5dRyw/FI2i4R5XjUmRPPT0Z8gQ4fKkrOD+ck/VCTefGKmTsws3h7tRr/31N40DZDvIWyDnFxuMoIgSWl+hd4h9b4as8YcCXwZp1nbdXuDZ8=,iv:tOxOLAsmurLMBaPY9GI0Aerv2CyMokFj2AKHo9KEv/I=,tag:uCho6pBiv8esAruakujyKA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1