diff --git a/.sops.yaml b/.sops.yaml index bc7943e..98c69aa 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -3,7 +3,7 @@ keys: - &tux age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4 - &hosts - - &sirius age18hepvvp3nw9ram6usxc8rvpxed2pye0knqx0zutqgxeu35k745vqyxfphz + - &sirius age1maxsx5tq2h3d92rfyl8ekcdan5gu5cpch4qs3c56cu7qag02xgvs3h0gqc - &arcturus age1huqa3hc7wcxk4dpelrzny437nzrx4fnll3d8g9ahznzk268yju5qufapxy creation_rules: diff --git a/modules/hosts/sirius/config.nix b/modules/hosts/sirius/config.nix index ac28808..34c3f2f 100644 --- a/modules/hosts/sirius/config.nix +++ b/modules/hosts/sirius/config.nix @@ -17,8 +17,38 @@ ]; tnix = { - boot.secure-boot.enable = true; - boot.impermanence.enable = true; + boot = { + secure-boot.enable = true; + + impermanence = { + enable = true; + + home = { + directories = [ + ".cache/awww" + ".config/BraveSoftware" + ".config/zed" + ".config/Vencord" + ".config/vesktop" + ".config/sops" + ".config/obs-studio" + ".config/easyeffects" + ".config/DankMaterialShell" + ".local/share/nvim" + ".local/share/opencode" + ".local/share/zsh" + ".local/share/zoxide" + ".local/state/lazygit" + ".local/share/vicinae" + ]; + + files = [ + ".wakatime.cfg" + ]; + }; + }; + }; + networking.openssh.enable = true; virtualisation = { diff --git a/modules/hosts/sirius/hardware.nix b/modules/hosts/sirius/hardware.nix index 484b468..d5b41df 100644 --- a/modules/hosts/sirius/hardware.nix +++ b/modules/hosts/sirius/hardware.nix @@ -18,22 +18,6 @@ boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = { - device = "/dev/disk/by-uuid/d856ed98-6841-4cbf-89be-e08c6f48b9ea"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/7FE1-55C5"; - fsType = "vfat"; - options = [ - "fmask=0077" - "dmask=0077" - ]; - }; - - swapDevices = [ { device = "/dev/disk/by-uuid/69794aa5-51a9-4816-8d45-7791505165d4"; } ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction diff --git a/modules/hosts/sirius/secrets.yaml b/modules/hosts/sirius/secrets.yaml index e74d526..5119f56 100644 --- a/modules/hosts/sirius/secrets.yaml +++ b/modules/hosts/sirius/secrets.yaml @@ -1,29 +1,29 @@ -tux-password: ENC[AES256_GCM,data:EJFFMc0W1YvCLINg4kETlUbqMYSfRTsiRuoB5MybaVwl7bbBXyPFo/MspFFMXpAqSPrzRAPaM8Lxk9ndbjt7gZpSu1dPThq36Q==,iv:zn3UUMOcW09u6KTz87tDr1wfmsLMKIRBDpLfQhg0p14=,tag:AOs7NASXeo98mNKqsYP3Ww==,type:str] -gemini-api-key: ENC[AES256_GCM,data:Ehj/rDrYKqMcA8b49K7WGjWqTqnrphfFaT2H9dxSw3KyQNEbyTHG,iv:6Av7LlS5VT+9nLMlSfTjmiMx0pp44BPQW3mNmLi+uIE=,tag:Eta0moveaDoBL52DktPF+w==,type:str] -openrouter-api-key: ENC[AES256_GCM,data:v0wOsERSPpYnogfpbFqo1gQvOJlECKHHliIk3IXtQ3A043cK+X846qI9/MM3DSkvlFDTyc63Si8/zPuh3MGCsMrXxRmHCILDmA==,iv:C4Qk+23Vv0Q+Tl+BjwzS7aSUkQtY+mgLWfx8lprJ4CE=,tag:DhcVXKQxxBqvlr7lc5MRlg==,type:str] -opencode-go-api-key: ENC[AES256_GCM,data:34aVZvk6zHnh6iOKHZVvLT0qt3IFR9yu8fuVh7lubHL3YNdifbFoW/jJ3FIKWqU9HvTFhO6opIYI9h5Zpip+TbagLg==,iv:xQbeP8P0QutSC9iCRDeCupBYaJrDronl7RqNPJADkjw=,tag:upco9ewspSqJdV+aKqVnwA==,type:str] -vicinae-json: ENC[AES256_GCM,data:utkOJg/x89+AjQlc8WZ8Z0SmZET4yR16J6MgQ/LYt7galvHT9ybzjV3R7FoBG5GLNQYHAM13pc2290pJ3apivyodlFNBqoyuuDYP0t+HgHuOH67P6YXUHR5ROYRvW2GAZm/AcMrlHwCMUmgUtf4mXttskvqyuxQrIYhi0nfNa1mVY3df2x7RF+cJGWPLDF4K8YI5sFE4ctkLfREGI40OCGM0An0PJliwrFXgRZvYd5gohT1XAS/dEemB4uegGUJ6To/1KD2kI1tzsETflTPzrkSEcMt1MtDEjGKI+qdTSZQU2H66nqQ8TJKvR6WxnvXUR69vjgTSsPZ7Sk78gI1sbXe2cSc48lrP5Z1o7dqO0A==,iv:7REKeCdIQGXZWjuiTpZRpzG4wu3/+pO003gX62r5CRc=,tag:dWXji9Ub41dEKP4FXRodSg==,type:str] +tux-password: ENC[AES256_GCM,data:JWQVd2MYX2U4UP4II62ixG9hWI5MtgHAFhl8aCmyrYPl1H/ig9ZYqfTiggJsOoXM9CUHmhUTrSWw7xRvbzztBrC7L4ABcWPbrQ==,iv:wY/RNJs7XaCsHHNX2MLBqzAgDCSo4rht10oiKrUlTHo=,tag:DcADVtEJs2KCeNS6AhO0SQ==,type:str] +gemini-api-key: ENC[AES256_GCM,data:Y9YgXp/tB3Q1Rb5YMsZLgWCq+bdeIjsXAVeO3Yh7nZ8MwDH7d5De,iv:FIXxJCn6JDYsHIoNn8f8Un3z9ZPVbxdjR48Ux88poRg=,tag:bMJ4i69HTspnhzsrsxkbrw==,type:str] +openrouter-api-key: ENC[AES256_GCM,data:HfZgZz4NyCLLM9woTZp2I6JGOlVcFblw2OMjx8k0TG5ZU2ycBCF6bKqp3wFibUxXcHy+nIfjI82fkLeSyIaGILRLYCJCc8BHKw==,iv:umUcn8MRaj7JXo6IFrGMXOu+jsFSCEikMxsQxfaFS/Q=,tag:l2s61C4EpJoKv8cc9nYGFA==,type:str] +opencode-go-api-key: ENC[AES256_GCM,data:BGERcZg5Jpnznc4cXeYFMhPk9kKBkd9GvIuQBV9TW3JE1utgrLLYK6mKNCQqrEStRFiO2jUUnBm3opUNL4SuEHFLpw==,iv:fgFAwx6z9yruK27PvAJX/Q2CS9gU+LJ5zMUK/f/rzpo=,tag:BPu3M+jppPB8sLoLmfuY/Q==,type:str] +vicinae-json: ENC[AES256_GCM,data:JjxolEgS6uakqR4eHOx3VyrOO5kaL4dj1jcEiLWsrktCU32UB7OmP1kJEVomA1rZjODpFHL89+FRpcNFspTFrc365WlANE81RLg/M2Ja1MiLYaDFNcBGtqMX9Yc1muor53Xl7t+rTSvDIj1oE1L7xPPcjCLfwC5QDzJjCBWj9FhCxnU5BwvoJNv9vgA6xnkzAOYSPZK/ihULMD0DxyqOUEa5ECGX62OPM9Gbr7jEviaItYzOOxaRs/yQVqizodGGl/BcK6fPqvOYSxip9ABYRVSI9ZvysY7ofAkeX91ardPwVG5VvEYfxZwBvGFjV7ZfTzVkK+BiUUNrvciAETHqwkjHftPpfJjxWsgLr8lbOA==,iv:HjDE/sqVDnxeww7r2upxH57rc1+LpuMKnhhyGXoc1Ms=,tag:d2kZeWkg17eVoNACIQ3Q9A==,type:str] sops: age: - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyblpIWjNqeVBXWnFlSGxw - WXhPYlFDNVV2QktKQ2dKdEgxY0dnR2JuRUdRCk5ZNTc0RGpZOG5SRCtRQ0JsdkZt - ZEZQSWswa1FTRU04Ky9vWDdOTWdZRncKLS0tIFg2SkJFK1JDVk5Uc2VJTzYyWk1h - cFpmZ0h5SGJtd2JJR05CMkJISnBtbmcKLGKreXlu3YU6KsV8lTVnPYyn33BL2D0z - tMpXdTw0hVilpmpZXjwnvV/3OvN6WybXydxaPOjKODBWIKpVxRthBQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQNGdHcDc4bTFkR0EyZlUr + eXovR1lyeTZJTDg5R281MFFuMHVwOXZXYzNvCkpIT1g3K05WUUswaEVjVVJWQkJq + V20xODdoWlJMY3ZCcGo0czU1TXZFRE0KLS0tIGNTeXV2Mld2STRmRnFaM1MzT3Nk + Z0JwWWR0STUybjVhSXdDR3NiKzV1eDQK22HmMuyqYaR/eGuALkAPB1Y5bN2KwIt3 + pamM8vbnjB//hXoyrv4vsoDk9WzLGFGjgiw2qsM2HQgzQqtrwF1/1A== -----END AGE ENCRYPTED FILE----- - - recipient: age18hepvvp3nw9ram6usxc8rvpxed2pye0knqx0zutqgxeu35k745vqyxfphz + - recipient: age1maxsx5tq2h3d92rfyl8ekcdan5gu5cpch4qs3c56cu7qag02xgvs3h0gqc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWTWQ0OHhnN1p3dTBLeGxp - N05yOUVicnYxU3NETlRQUVgrcWJlMEl3blhZCkl0OGhCN25KTEJaWGNpOVRJUDRX - bENKSDN3Z1Fab3lLLzVNMXlrSm5ZVTgKLS0tIHlycjZJUllsb0xvczFKMVFKaldD - UGpKTHZTT2JZU0xaTHhhRjk2bEhaU1EKutUEk+TMTATHEoM9+MOdkUnIoBMeeDfu - +GGKvInVKkAOtujBtSMj+xM8AEcfaHAFtwTgP/HEk3Hu6v7gp14oew== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1N3ZBd1pHODFtZkZxaHNP + OXlXUzVFS0ZIam1IWVkxNldOdTEwY0s4aUNZCjVlcnF1aXJxUUlQSXhteXJ6OU1W + L0crZzJOaHF2SnVhWVZnVEdqRlR0cjgKLS0tIFlFWHhaR3U2QTNxRGZRMnk3cmll + M3JocWZJeXFxenhXOENBVWpvNkd3bm8KqhNLzCyEAI643jGWpZF/uTchHmBj8ozU + HtpOzKsshif66D0XOHeJQfQamJI4TyKsj3Sk3j9rstsLmN2lxTRGHg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-05-07T23:53:28Z" - mac: ENC[AES256_GCM,data:AGccISYxtma2i44KcG3y2pYP+toL/NC9crTR26M+BZs0lh0fbWxJyfOQITOaPo7VQb0nhgPDJm6M9oRvIQUYawOBMpPr1BtLfen3nKbs6cspQERZAEPv/vU98Vm0hGHbjjxteq5wX2eRjuCGRhthYJ0ppDE26QNEDesNpXH92mo=,iv:sDBjBFY4CFuSpU1HAfissqUB/7+K1VUWXhhGvF5xJNk=,tag:nNgYFMKs3/d5ZMOlJ08Amg==,type:str] + lastmodified: "2026-05-09T08:43:42Z" + mac: ENC[AES256_GCM,data:kvavZmpCHF2A4tjPAwbb9lD0y0WtoYi6Ci7vAhcgWRq4fG8nSyJMd9vXItGp5Cc+120R3bWiQmaJpINYLMi2KJF8gIy7aZqXMZgHuQEdxMWR6XhdIGvjSAd31z5leLEXT2/lHwKYhVd0dZmIA2wRbvj9qF6lW9EnuRYUltROdMg=,iv:qRs2VELIa4rszmeJUCbDvpHr7N6iMhr1r2Ddxktot2k=,tag:4Q/utZ06K3E9at+cIVkcwQ==,type:str] unencrypted_suffix: _unencrypted version: 3.12.2