first commit

2025-12-31 12:01:37 +01:00
commit 3b06ef4418
16 changed files with 400 additions and 0 deletions
--- a/hosts/common/global/default.nix
+++ b/hosts/common/global/default.nix
@@ -0,0 +1,7 @@
+{
+  inputs,
+  outputs,
+  ...
+}: {
+
+}
--- a/hosts/common/users/dwessels/default.nix
+++ b/hosts/common/users/dwessels/default.nix
@@ -0,0 +1,41 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}: let
+  ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
+in {
+  users.mutableUsers = false;
+  users.users.dwessels = {
+    isNormalUser = true;
+    shell = pkgs.fish;
+    extraGroups = ifTheyExist [
+      "audio"
+      "deluge"
+      "docker"
+      "git"
+      "i2c"
+      "libvirtd"
+      "mysql"
+      "network"
+      "plugdev"
+      "video"
+      "wheel"
+      "wireshark"
+   ];
+   hashedPasswordFile = config.sops.secrets.dwessels-password.path;
+  };
+
+  sops.secrets.dwessels-password = {
+    sopsFile = ../../secrets.yaml;
+    neededForUsers = true;
+  };
+
+  home-manager.users.dwessels = import ../../../../home/dwessels/${config.networking.hostName}.nix;
+
+  security.pam.services = {
+    swaylock = {};
+    hyprlock = {};
+  };
+}
--- a/hosts/common/users/secrets.yaml
+++ b/hosts/common/users/secrets.yaml
@@ -0,0 +1,17 @@
+dwessels-password: ENC[AES256_GCM,data:5FIfaQxiCOWT/uaf,iv:KyYcbVYyzC6lj4B4SOKtAgLLDIuB1HPbszBf654USSc=,tag:ndZ6BWqMAWeGv/y+htLizw==,type:str]
+sops:
+    age:
+        - recipient: age1yubikey1qvztykl49tq9njv2qhaqs9lm43mpfjkrgjlddhyp9tu6mgngxzg8v7v9rql
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IDgwUnBpQSBBN0JXQW5Q
+            bzhUUjNtdmp6MUFjcG1UMlBaa2RNUDlYalJpOEdxNUhjQ3FHNQpEWE1idHp6ZFc1
+            VmdGUFRHNmZ5VHhyRzRHOCt0dmZMeEUyb1A4OE9yWm5nCi0tLSBhaU80aEJMZWxE
+            dkd5cnNYb3VNUFM0aGE3cUdsZDFORTNha2Z3UTZ6dWlFChMForXFy2Z0vq/ba0Fb
+            vlWRL14GHg2LinIyS1+2z8KwYfEp2mkIhg1y8/j+uraqFH2HQEM/3TOzTg9D/7Dw
+            JoQ=
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-12-30T23:40:22Z"
+    mac: ENC[AES256_GCM,data:4czv8j8VZ7WsU1cpULCgZDazoeI5f9vtrK8fuP2Y4y/H1HG1iRPq8TsEvB7Y5xIdXc8ZF9ff6r30KaNgt0IYBrPNoEZhsymiF7nsck43uPE51Utlhk/T1epJ7uvPYnLppSIGq6Gtzm2rlgiTGpM+H3KAC/0x+1bfz5WGcdSnr1w=,iv:liApOUtDkGBc3ct5A6k9EDafzODQxBzW7x1dREtGJJU=,tag:jPgQ+15821z5ENLS7ruljw==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0