diff --git a/config/secrets/secrets.nix b/config/secrets/secrets.nix index 8c3145a..4e07d3e 100644 --- a/config/secrets/secrets.nix +++ b/config/secrets/secrets.nix @@ -15,4 +15,5 @@ in { "services/invidious/password-database.age".publicKeys = default; "services/wakapi/password-salt.env.age".publicKeys = default; "system/password-root.age".publicKeys = default; + "system/password-winston.age".publicKeys = default; } diff --git a/config/secrets/system/password-winston.age b/config/secrets/system/password-winston.age new file mode 100644 index 0000000..4602b35 --- /dev/null +++ b/config/secrets/system/password-winston.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> piv-p256 ML6NcA Ahvh4LS3HPgfsYXd3rg6Pv8fh8YfebpV5uZxGB1PGqDU +c2gaWpi0jw8rTABSp8dQjoVGr8XrfL3RNF7tTnY+0zU +-> ssh-ed25519 zj2A2A 7LVJCgK9qXKrG78rAoAYHrUHL4dWEmqltoGdMWIKtGE +xpLhCbxmnWb8RQhX6uWp5b7DZHfC+axrk+8Pu15eAo8 +--- 078hR/qMmp09Tpps7iYREHu2zLs34ggO1jrsgGm3ZOo +r^RѰ.ܪZX|,i_(EM\)pu hAp%teaZz{68'إ +5 ro6t>ٺ jo[C؛cgZ%tfTV \ No newline at end of file diff --git a/config/users.nix b/config/users.nix index f5adb0d..f8af7fb 100644 --- a/config/users.nix +++ b/config/users.nix @@ -2,13 +2,39 @@ config, pkgs, ... -}: { +}: let + keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILm0O46zW/XfVOSwz0okRWYeOAg+wCVkCtCAoVTpZsOh"]; +in { i18n.defaultLocale = "en_US.UTF-8"; users.mutableUsers = false; users.users.root = { - openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILm0O46zW/XfVOSwz0okRWYeOAg+wCVkCtCAoVTpZsOh"]; hashedPasswordFile = config.age.secrets."system/password-root".path; + openssh.authorizedKeys.keys = keys; shell = pkgs.bash; }; + + users.users.winston = { + extraGroups = ["wheel"]; + hashedPasswordFile = config.age.secrets."system/password-winston".path; + isNormalUser = true; + openssh.authorizedKeys.keys = keys; + }; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + users.winston = { + home.stateVersion = "23.11"; + programs.fish = { + enable = true; + plugins = [ + { + name = "plugin-git"; + src = pkgs.fishPlugins.plugin-git.src; + } + ]; + }; + }; + }; } diff --git a/flake.lock b/flake.lock index 9f3bc02..25c0047 100644 --- a/flake.lock +++ b/flake.lock @@ -82,6 +82,27 @@ "type": "github" } }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1706981411, + "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "652fda4ca6dafeb090943422c34ae9145787af37", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-23.11", + "repo": "home-manager", + "type": "github" + } + }, "nixinate": { "inputs": { "nixpkgs": [ @@ -167,6 +188,7 @@ "agenix": "agenix", "flake-parts": "flake-parts", "flake-utils": "flake-utils", + "home-manager": "home-manager", "nixinate": "nixinate", "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", diff --git a/flake.nix b/flake.nix index 7b99a1c..c7e8d9f 100644 --- a/flake.nix +++ b/flake.nix @@ -27,6 +27,7 @@ ./config ./modules inputs.agenix.nixosModules.default + inputs.home-manager.nixosModules.home-manager inputs.valheim-server.nixosModules.default inputs.vscode-server.nixosModules.default ]; @@ -75,6 +76,10 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + home-manager = { + url = "github:nix-community/home-manager/release-23.11"; + inputs.nixpkgs.follows = "nixpkgs"; + }; flake-parts = { url = "github:hercules-ci/flake-parts";