From d79fe97b7e7c602faf61ecc64ba2170082a12a36 Mon Sep 17 00:00:00 2001 From: Luna Simons Date: Fri, 27 Feb 2026 17:03:35 +0100 Subject: [PATCH] chore: initialized project --- .envrc | 1 + .gitignore | 5 + .sops.yaml | 8 + flake.lock | 373 +++++++++++++++++++++++++++ flake.nix | 74 ++++++ modules/flake-module.nix | 13 + modules/services/resonite-server.nix | 76 ++++++ modules/top-level.nix | 3 + roles/device/default.nix | 11 + roles/device/firewall.nix | 3 + roles/device/secrets.nix | 14 + roles/device/sudo.nix | 6 + roles/device/users.nix | 5 + roles/flake-module.nix | 1 + roles/headless/access.nix | 13 + roles/headless/bootloader.nix | 3 + roles/headless/default.nix | 7 + roles/top-level.nix | 1 + systems/flake-module.nix | 34 +++ systems/rena/default.nix | 24 ++ systems/rena/disko.nix | 69 +++++ systems/rena/hardware.nix | 7 + systems/rena/secrets.yaml | 22 ++ users/bddvlpr.nix | 13 + 24 files changed, 786 insertions(+) create mode 100644 .envrc create mode 100644 .gitignore create mode 100644 .sops.yaml create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 modules/flake-module.nix create mode 100644 modules/services/resonite-server.nix create mode 100644 modules/top-level.nix create mode 100644 roles/device/default.nix create mode 100644 roles/device/firewall.nix create mode 100644 roles/device/secrets.nix create mode 100644 roles/device/sudo.nix create mode 100644 roles/device/users.nix create mode 100644 roles/flake-module.nix create mode 100644 roles/headless/access.nix create mode 100644 roles/headless/bootloader.nix create mode 100644 roles/headless/default.nix create mode 100644 roles/top-level.nix create mode 100644 systems/flake-module.nix create mode 100644 systems/rena/default.nix create mode 100644 systems/rena/disko.nix create mode 100644 systems/rena/hardware.nix create mode 100644 systems/rena/secrets.yaml create mode 100644 users/bddvlpr.nix diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..3550a30 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use flake diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6076383 --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +/.direnv +/.gcroots + +result +*.qcow2 diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..e5dc5d1 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,8 @@ +keys: + - &user_bddvlpr age16aazmlnarycwuk3a9e5sr55e2354sydn9qd5c6edhly9rq9k693s43txeq + +creation_rules: + - path_regex: systems/rena/[^/]+\.yaml$ + key_groups: + - age: + - *user_bddvlpr diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..6517a71 --- /dev/null +++ b/flake.lock @@ -0,0 +1,373 @@ +{ + "nodes": { + "colmena": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "nixpkgs" + ], + "stable": [ + "nixpkgs-stable" + ] + }, + "locked": { + "lastModified": 1762034856, + "narHash": "sha256-QVey3iP3UEoiFVXgypyjTvCrsIlA4ecx6Acaz5C8/PQ=", + "owner": "zhaofengli", + "repo": "colmena", + "rev": "349b035a5027f23d88eeb3bc41085d7ee29f18ed", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "colmena", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768920986, + "narHash": "sha256-CNzzBsRhq7gg4BMBuTDObiWDH/rFYHEuDRVOwCcwXw4=", + "owner": "nix-community", + "repo": "disko", + "rev": "de5708739256238fb912c62f03988815db89ec9a", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "hardware": { + "locked": { + "lastModified": 1768736227, + "narHash": "sha256-qgGq7CfrYKc3IBYQ7qp0Z/ZXndQVC5Bj0N8HW9mS2rM=", + "owner": "nixos", + "repo": "nixos-hardware", + "rev": "d447553bcbc6a178618d37e61648b19e744370df", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixos-hardware", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "impermanence", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768598210, + "narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "c47b2cc64a629f8e075de52e4742de688f930dc6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "impermanence": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768835187, + "narHash": "sha256-6nY0ixjGjPQCL+/sUC1B1MRiO1LOI3AkRSIywm3i3bE=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "0d633a69480bb3a3e2f18c080d34a8fa81da6395", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "colmena", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729742964, + "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, + "nix-vm-test": { + "inputs": { + "nixpkgs": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1769079217, + "narHash": "sha256-R6qzhu+YJolxE2vUsPQWWwUKMbAG5nXX3pBtg8BNX38=", + "owner": "Enzime", + "repo": "nix-vm-test", + "rev": "58c15f78947b431d6c206e0966500c7e9139bd2f", + "type": "github" + }, + "original": { + "owner": "Enzime", + "ref": "pr-105-latest", + "repo": "nix-vm-test", + "type": "github" + } + }, + "nixos-anywhere": { + "inputs": { + "disko": [ + "disko" + ], + "flake-parts": [ + "flake-parts" + ], + "nix-vm-test": "nix-vm-test", + "nixos-images": "nixos-images", + "nixos-stable": "nixos-stable", + "nixpkgs": [ + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1769770278, + "narHash": "sha256-Y3arBMoSpRi+mzZtZZZ54XCuUAt1s3INqz3gc16eqv0=", + "owner": "scanbie", + "repo": "nixos-anywhere", + "rev": "5542240bfaaa9e2a9c957834967d5dbd230150b2", + "type": "github" + }, + "original": { + "owner": "scanbie", + "repo": "nixos-anywhere", + "type": "github" + } + }, + "nixos-images": { + "inputs": { + "nixos-stable": [ + "nixos-anywhere", + "nixos-stable" + ], + "nixos-unstable": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1766770015, + "narHash": "sha256-kUmVBU+uBUPl/v3biPiWrk680b8N9rRMhtY97wsxiJc=", + "owner": "nix-community", + "repo": "nixos-images", + "rev": "e4dba54ddb6b2ad9c6550e5baaed2fa27938a5d2", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-images", + "type": "github" + } + }, + "nixos-stable": { + "locked": { + "lastModified": 1769318308, + "narHash": "sha256-Mjx6p96Pkefks3+aA+72lu1xVehb6mv2yTUUqmSet6Q=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "1cd347bf3355fce6c64ab37d3967b4a2cb4b878c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1768564909, + "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1765674936, + "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1768773494, + "narHash": "sha256-XsM7GP3jHlephymxhDE+/TKKO1Q16phz/vQiLBGhpF4=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "77ef7a29d276c6d8303aece3444d61118ef71ac2", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-25.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "colmena": "colmena", + "disko": "disko", + "flake-parts": "flake-parts", + "hardware": "hardware", + "impermanence": "impermanence", + "nixos-anywhere": "nixos-anywhere", + "nixpkgs": "nixpkgs", + "nixpkgs-stable": "nixpkgs-stable", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768863606, + "narHash": "sha256-1IHAeS8WtBiEo5XiyJBHOXMzECD6aaIOJmpQKzRRl64=", + "owner": "mic92", + "repo": "sops-nix", + "rev": "c7067be8db2c09ab1884de67ef6c4f693973f4a2", + "type": "github" + }, + "original": { + "owner": "mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768158989, + "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..0377a0b --- /dev/null +++ b/flake.nix @@ -0,0 +1,74 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; + nixpkgs-stable.url = "github:nixos/nixpkgs?ref=nixos-25.11"; + + hardware.url = "github:nixos/nixos-hardware"; + flake-parts.url = "github:hercules-ci/flake-parts"; + + impermanence = { + url = "github:nix-community/impermanence"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + colmena = { + url = "github:zhaofengli/colmena"; + inputs = { + nixpkgs.follows = "nixpkgs"; + stable.follows = "nixpkgs-stable"; + }; + }; + + sops-nix = { + url = "github:mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + nixos-anywhere = { + url = "github:scanbie/nixos-anywhere"; + inputs = { + nixpkgs.follows = "nixpkgs"; + flake-parts.follows = "flake-parts"; + disko.follows = "disko"; + }; + }; + }; + + outputs = + { flake-parts, ... }@inputs: + flake-parts.lib.mkFlake { inherit inputs; } { + systems = [ + "aarch64-darwin" + "aarch64-linux" + "x86_64-darwin" + "x86_64-linux" + ]; + + imports = [ + ./modules/flake-module.nix + ./roles/flake-module.nix + ./systems/flake-module.nix + ]; + + perSystem = + { pkgs, inputs', ... }: + { + formatter = pkgs.nixfmt-tree; + + devShells.default = pkgs.mkShell { + packages = with pkgs; [ + inputs'.colmena.packages.colmena + inputs'.nixos-anywhere.packages.nixos-anywhere + jq + nixos-anywhere + sops + ]; + }; + }; + }; +} diff --git a/modules/flake-module.nix b/modules/flake-module.nix new file mode 100644 index 0000000..36e38c9 --- /dev/null +++ b/modules/flake-module.nix @@ -0,0 +1,13 @@ +{ lib, ... }: +{ + flake.nixosModules = + let + allModules = import ./top-level.nix; + in + lib.listToAttrs ( + map (module: { + name = lib.removeSuffix ".nix" (baseNameOf module); + value = import module; + }) allModules + ); +} diff --git a/modules/services/resonite-server.nix b/modules/services/resonite-server.nix new file mode 100644 index 0000000..67bd0ab --- /dev/null +++ b/modules/services/resonite-server.nix @@ -0,0 +1,76 @@ +{ + config, + pkgs, + lib, + ... +}: +let + cfg = config.services.resonite-server; + + settingsFormat = pkgs.formats.json { }; + settingsFile = settingsFormat.generate "config.json" cfg.settings; +in +{ + options.services.resonite-server = { + enable = lib.mkEnableOption "Resonite headless server"; + + settings = lib.mkOption { + type = settingsFormat.type; + default = { }; + example = { }; + description = '' + The configuration to run on startup. + Read for details. + ''; + }; + + environment = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = { }; + example = { + STEAM_BRANCH = "headless"; + TZ = "Etc/UTC"; + }; + description = '' + Environment variables passed to the Resonite container. + Check for more information. + ''; + }; + + environmentFiles = lib.mkOption { + type = lib.types.listOf lib.types.path; + default = [ ]; + example = [ + "/run/secrets/resonite-credentials" + ]; + description = "Environment files for the Resonite container."; + }; + }; + + config = lib.mkIf cfg.enable { + services.resonite-server.environment = { + STEAM_BRANCH = "headless"; + CONFIG_FILE = "config.json"; + TZ = "Etc/UTC"; + }; + + virtualisation.oci-containers = { + backend = lib.mkDefault "podman"; + + containers.resonite-server = { + image = "ghcr.io/voxelbonecloud/resonite-headless-docker:main"; + pull = "newer"; + + inherit (cfg) environment environmentFiles; + + user = "0"; + + volumes = [ + "${settingsFile}:/Config/config.json:ro" + "resonite-server-logs:/Logs" + "resonite-server-mods:/RML" + ]; + }; + }; + }; +} diff --git a/modules/top-level.nix b/modules/top-level.nix new file mode 100644 index 0000000..0a51477 --- /dev/null +++ b/modules/top-level.nix @@ -0,0 +1,3 @@ +[ + ./services/resonite-server.nix +] diff --git a/roles/device/default.nix b/roles/device/default.nix new file mode 100644 index 0000000..95cf29a --- /dev/null +++ b/roles/device/default.nix @@ -0,0 +1,11 @@ +{ inputs, ... }: +{ + imports = [ + inputs.disko.nixosModules.disko + ./firewall.nix + ./secrets.nix + ./sudo.nix + ./users.nix + ] + ++ import ../../modules/top-level.nix; +} diff --git a/roles/device/firewall.nix b/roles/device/firewall.nix new file mode 100644 index 0000000..09045f4 --- /dev/null +++ b/roles/device/firewall.nix @@ -0,0 +1,3 @@ +{ + networking.firewall.enable = true; +} diff --git a/roles/device/secrets.nix b/roles/device/secrets.nix new file mode 100644 index 0000000..544d537 --- /dev/null +++ b/roles/device/secrets.nix @@ -0,0 +1,14 @@ +{ + inputs, + config, + lib, + ... +}: +let + hostSecretsFile = ../../systems + "${config.networking.hostName}/secrets.yaml"; +in +{ + imports = [ inputs.sops-nix.nixosModules.sops ]; + + sops.defaultSopsFile = lib.mkIf (builtins.pathExists hostSecretsFile) hostSecretsFile; +} diff --git a/roles/device/sudo.nix b/roles/device/sudo.nix new file mode 100644 index 0000000..afe1192 --- /dev/null +++ b/roles/device/sudo.nix @@ -0,0 +1,6 @@ +{ + security.sudo = { + enable = true; + wheelNeedsPassword = false; + }; +} diff --git a/roles/device/users.nix b/roles/device/users.nix new file mode 100644 index 0000000..d7d0f0f --- /dev/null +++ b/roles/device/users.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ../../users/bddvlpr.nix + ]; +} diff --git a/roles/flake-module.nix b/roles/flake-module.nix new file mode 100644 index 0000000..ffcd441 --- /dev/null +++ b/roles/flake-module.nix @@ -0,0 +1 @@ +{ } diff --git a/roles/headless/access.nix b/roles/headless/access.nix new file mode 100644 index 0000000..abd0fba --- /dev/null +++ b/roles/headless/access.nix @@ -0,0 +1,13 @@ +{ + services.openssh = { + enable = true; + openFirewall = true; + + settings = { + KbdInteractiveAuthentication = false; + PasswordAuthentication = false; + UseDns = false; + X11Forwarding = false; + }; + }; +} diff --git a/roles/headless/bootloader.nix b/roles/headless/bootloader.nix new file mode 100644 index 0000000..2f5433b --- /dev/null +++ b/roles/headless/bootloader.nix @@ -0,0 +1,3 @@ +{ + boot.loader.systemd-boot.enable = true; +} diff --git a/roles/headless/default.nix b/roles/headless/default.nix new file mode 100644 index 0000000..64586d4 --- /dev/null +++ b/roles/headless/default.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ../device + ./access.nix + ./bootloader.nix + ]; +} diff --git a/roles/top-level.nix b/roles/top-level.nix new file mode 100644 index 0000000..ffcd441 --- /dev/null +++ b/roles/top-level.nix @@ -0,0 +1 @@ +{ } diff --git a/systems/flake-module.nix b/systems/flake-module.nix new file mode 100644 index 0000000..9389637 --- /dev/null +++ b/systems/flake-module.nix @@ -0,0 +1,34 @@ +{ self, inputs, ... }: +let + makeHost = + class: + { name, ... }: + { + imports = [ + ./${name}/default.nix + ./${name}/hardware.nix + ./${name}/disko.nix + ]; + + deployment = { + targetHost = name; + targetUser = null; + }; + + networking.hostName = name; + }; +in +{ + flake = { + colmenaHive = inputs.colmena.lib.makeHive { + meta = { + nixpkgs = import inputs.nixpkgs-stable { system = "x86_64-linux"; }; + specialArgs = { inherit self inputs; }; + }; + + rena = makeHost "nixos"; + }; + + nixosConfigurations = self.colmenaHive.nodes; + }; +} diff --git a/systems/rena/default.nix b/systems/rena/default.nix new file mode 100644 index 0000000..a15bd9a --- /dev/null +++ b/systems/rena/default.nix @@ -0,0 +1,24 @@ +{ + imports = [ + ../../roles/headless + ../../modules/services/resonite-server.nix + ]; + + boot.swraid.mdadmConf = '' + MAILADDR luna@bddvlpr.com + ''; + + # sops.secrets = { + # "resonite/steam/username" = { }; + # "resonite/steam/password" = { }; + # "resonite/steam/branch-password" = { }; + # "resonite/username" = { }; + # "resonite/password" = { }; + # }; + + # services.resonite-server = { + # enable = true; + # }; + + system.stateVersion = "25.11"; +} diff --git a/systems/rena/disko.nix b/systems/rena/disko.nix new file mode 100644 index 0000000..ed1e676 --- /dev/null +++ b/systems/rena/disko.nix @@ -0,0 +1,69 @@ +{ + disko.devices = { + disk = { + alpha = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "2G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "defaults" ]; + }; + }; + mdadm = { + size = "100%"; + content = { + type = "mdraid"; + name = "raid0"; + }; + }; + }; + }; + }; + + bravo = { + type = "disk"; + device = "/dev/nvme1n1"; + content = { + type = "gpt"; + partitions = { + mdadm = { + size = "100%"; + content = { + type = "mdraid"; + name = "raid0"; + }; + }; + }; + }; + }; + }; + + mdadm = { + raid0 = { + type = "mdadm"; + level = 0; + content = { + type = "gpt"; + partitions = { + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/systems/rena/hardware.nix b/systems/rena/hardware.nix new file mode 100644 index 0000000..ed45ed5 --- /dev/null +++ b/systems/rena/hardware.nix @@ -0,0 +1,7 @@ +{ + hardware = { + enableRedistributableFirmware = true; + + cpu.amd.updateMicrocode = true; + }; +} diff --git a/systems/rena/secrets.yaml b/systems/rena/secrets.yaml new file mode 100644 index 0000000..c464431 --- /dev/null +++ b/systems/rena/secrets.yaml @@ -0,0 +1,22 @@ +resonite: + steam: + username: ENC[AES256_GCM,data:0HVTz1jYuXCpMjFZ,iv:0ZM3IkD0uH97ubdOWYx/LO7znmr2Ujg4YxbUF97IECM=,tag:SnySRKGJrwwarzuOY8c08g==,type:str] + password: ENC[AES256_GCM,data:47kE8sf2CA8+ziIkj0gjyw==,iv:XOoOZGXJVkiNOeDcqt6xCM/NQoJHjapnG+DY+z+eJ9s=,tag:KeMragy7rWe1CcVI1x0Okg==,type:str] + branch-password: ENC[AES256_GCM,data:4Fi9NY+Zul/kGH4OhQ==,iv:n5DSLbUHyA7aGUUINws6wsoMMxqLaaGC0VLHkZPDTB0=,tag:A3uxs6uG8UD5sLpQO/msGQ==,type:str] + username: ENC[AES256_GCM,data:NN7XvPmUKfs=,iv:e+b8TUq+Qd+sE2hmzOTfoLFS76QU5cCJ7YiHNesD5eY=,tag:kinAFRtRavVW0GlQBPBlnQ==,type:str] + password: ENC[AES256_GCM,data:1oimmii6d9xj0CY/Ja8=,iv:ne6H4CjaWFT+cNY+bHNniHvl1CqOE9wiWiO/t+aSXQc=,tag:sfeiTBmFUjRFlycIfvnigg==,type:str] +sops: + age: + - recipient: age16aazmlnarycwuk3a9e5sr55e2354sydn9qd5c6edhly9rq9k693s43txeq + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArWlEyNVNodUtFelQ3MFls + d0QwVC9hWVhhb2xNQy9YRXdJWjFTdXNyM0U4Cklid0VManlvWlptL3l0Vy9ZOFh1 + MGRvREgySElDZWlhbHYvc3dSYlpJS2cKLS0tIG14bGtYUVMxT291Ym15eG9PbkVN + VStSTmZ1TXlReGZmWlU2UHVzbVJmWXMKXhCPWqVrkIOSJWqtYDeAhYEdIubjLN+a + dCOodAxrty2fNj9HJdHXkbRazlGY1e4mp5LxNrAM+WAYIFUnTIqC1Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-02-27T15:18:00Z" + mac: ENC[AES256_GCM,data:bxwGVuMr78vRgEBsKzdYAYNDSD/UHZoKwwLgmOavz1BLJe0tpoaFY5TCPjREsupIL9YLyzq50M3cTX0y3qXOJ042j6tVedd4wCJ9eZf4ynvNkdKFT2Q3CrNCMmtfl12npywnpQsnSYhxm0YwaTPt/6/HEb+S91Gfsxe3D5YhKi4=,iv:yNxk3vEBUN1adjWnUE4Q8tEOEZZ0/AdZ0rmvmtMQgtw=,tag:dnDMakWxYAmn3z6akHcntQ==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/users/bddvlpr.nix b/users/bddvlpr.nix new file mode 100644 index 0000000..76a2ffb --- /dev/null +++ b/users/bddvlpr.nix @@ -0,0 +1,13 @@ +{ + users.users.bddvlpr = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgZVPZ2+cqT1seskNMDRtb8x+W6XkJBl9w8ZkqzkWP8 bddvlpr@kiwi" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBtNqtIZtEaty6EAPwKQj5s0AxUfaJaCrQYeEaWFtqM/ bddvlpr@strawberry" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdRlPLeVFbEwSszVTzYsN08c+k+jBYAzHJPLsKPm6Jg bddvlpr@lychee" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQD+D84uxNORR9bqVYRe5d9rvpyBG/3n7WWOUWLT/oP bddvlpr@pear" + ]; + }; +}