diff --git a/README.md b/README.md index 0f961b8..526062c 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,7 @@ This is my personal nix config. - `hardware/` configuration for various hardware components - `.nix` commonly required configuration for `` - `/` configuration for `` + - `[microvms/]` configuration for microvms. This is optional even for existing microvms, since they can also be defined in-place. - `secrets/` Local secrets for this host. Still theoretically accessible by other hosts, but owned by this one. - `local.nix.age` Repository-wide local secrets. Decrypted on import via `builtins.extraBuiltins.rageImportEncrypted`. - `[host.pub]` This host's public key. Used for agenix rekeying if it exists. @@ -102,10 +103,10 @@ all commands using these extra parameters, or permanently add the following the 2. Run all commands with `--option plugin-files "$NIX_PLUGINS"/lib/nix/plugins --option extra-builtins-file ./nix/extra-builtins.nix` or permantently - ```ini - plugin-files = /lib/nix/plugins - extra-builtins-file = /path/to/nix-config/nix/extra-builtins.nix - ``` + ```ini + plugin-files = /lib/nix/plugins + extra-builtins-file = /path/to/nix-config/nix/extra-builtins.nix + ``` ## Misc diff --git a/hosts/common/core/issue.nix b/hosts/common/core/issue.nix index d089afa..ba51081 100644 --- a/hosts/common/core/issue.nix +++ b/hosts/common/core/issue.nix @@ -1,4 +1,5 @@ let + # IP addresses: ${"${interface} \e{halfbright}\4{${interface}}\e{reset} \e{halfbright}\6{${interface}}\e{reset}"} issue_text = '' \d \t This is \e{cyan}\n\e{reset} [\e{lightblue}\l\e{reset}] (\s \m \r) diff --git a/secrets/global.nix.age b/secrets/global.nix.age index 9cce0ec..34c4d44 100644 Binary files a/secrets/global.nix.age and b/secrets/global.nix.age differ diff --git a/users/myuser/default.nix b/users/myuser/default.nix index 73a72bd..f08e8c5 100644 --- a/users/myuser/default.nix +++ b/users/myuser/default.nix @@ -5,12 +5,12 @@ stateVersion, ... }: let - inherit (config.repo.secrets.global) myuser; + myuser = config.repo.secrets.global.myuser.name; in { users.groups.${myuser}.gid = config.users.users.${myuser}.uid; users.users.${myuser} = { uid = 1000; - hashedPassword = "$6$YogAnKRz8qW2Gz.I$chgMKKrpPAfV0WuGN6ChOgUJistpCzFsHOT6mhHyj07mwI1kSfDJvnMB13frMvkpv2aGpXHVH.yxk5fYHeeET/"; + inherit (config.repo.secrets.global.myuser) hashedPassword; createHome = true; group = myuser; extraGroups = diff --git a/users/root/default.nix b/users/root/default.nix index a342de0..d58697f 100644 --- a/users/root/default.nix +++ b/users/root/default.nix @@ -6,7 +6,7 @@ ... }: { users.users.root = { - hashedPassword = "$6$EBo/CaxB.dQoq2W8$lo2b5vKgJlLPdGGhEqa08q3Irf1Zd1PcFBCwJOrG8lqjwbABkn1DEhrMh1P3ezwnww2HusUBuZGDSMa4nvSQg1"; + inherit (config.repo.secrets.global.root) hashedPassword; openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5Uq+CDy5Pmt3If5M6d8K/Q7HArU6sZ7sgoj3T521Wm"]; shell = pkgs.zsh; }; @@ -20,6 +20,10 @@ inherit stateVersion; inherit (config.users.users.root) uid; username = config.users.users.root.name; + + packages = with pkgs; [ + wireguard-tools + ]; }; }; }