NixOS on Steam Deck OLED

2024-03-02 15:10:23 -08:00 · 2024-03-02 15:10:23 -08:00 · 4dedb233de
commit 4dedb233de
parent 0863fa0dfb
23 changed files with 375 additions and 108 deletions
--- a/common/.sops.yaml
+++ b/common/.sops.yaml
@ -3,6 +3,7 @@ keys:
  - &comet age18e4ttr7k6r7j662a6pvgrvsptuhsvffq70z4westqs3gfx7804fq0ewfaa
  - &macronova age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra
  - &nebula age1vyq4xceveer87xt506yl59lh82dmeuagzlmnk87augfvqry7vqaq5hwy33
+  - &protostar age1m5jnjmed343uwpgeta4nkxjhwescsa6dfswx30e4rwm0yxcf753qr0ljkw
  - &singularity age15cp5p76q7vhwg9v8u98dpshrmtengghmm7yn5ckfk0yz694q3g6qajywwu
 creation_rules:
  - path_regex: secrets.yaml$
@ -16,4 +17,5 @@ creation_rules:
    - age:
      - *comet
      - *macronova
+      - *protostar
      - *singularity
--- a/common/auths.yaml
+++ b/common/auths.yaml
@ -15,29 +15,38 @@ sops:
        - recipient: age18e4ttr7k6r7j662a6pvgrvsptuhsvffq70z4westqs3gfx7804fq0ewfaa
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqVnJ0T3dQM1g3UllYVTZN
-            bkhON2RRTElDMUtBaTFhRkpTWHorbnVOdkFRCjl5cWM2NmtPRzdlT1pRaXNmOXND
-            RTBlT3ZmYW1sQlkyOXRNek5BS0lySVUKLS0tIERKM201ZzFZZHgrZjVPQTA1SWh2
-            Y2ljQzNBQnhwdzlEZGJLVFZreWJkN3cK90kk2p+kOag2IaY0QWbiUVerfq18TNax
-            4ashMrFV5trh0Uq+/9Nob2MqSTVbmIC3UtP4m7x1j1TzpDuT+nEzPA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnVlNDQW5WVFppcEZJanc5
+            VDlZMG5xWmoyalB0bzVrRGpHOGRkcmlETVMwCis2TjA0dUMycG9UNldQenZnUDhW
+            S0FGWnpuZXRMUjd0V2FMeXpiVjFMNWsKLS0tIHMzaG9wUEVEVm5UM0Rob09MNFJq
+            eEFicGFNajFiRXF6d2xEQjc0VGVsVDAK5wj9siWRiV7FD6bO5YATpOCidEOJGjO0
+            fa98Sv/HNJdYXx4wR0yWgIdqVFs+2z+Q4aaOzKdySBcxJjqLAvnZlw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1sy52xwldc7puckze2kcax7csc2nrg049y9nt2qd0ltvghckms5nq2d25ra
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4cnJybjArb0ZtZkFyUjln
-            cDVGbVdJcFpRdVRUd1lkMkJuME5vS2tBZjFnCldXODdiaFQzb1JHZHJycUNtMUo5
-            L3E5c1VZL3lYOXZDVUxsaEMwcXJJRXMKLS0tIHlQcmVjcVBZcTFwV2dZM1UrWlN0
-            Q0hMWlVWSmtqa083dTBzT252UjRGMWMK0lxWqBpx0zvH6HkGjatBS4rv9/7+0ZLr
-            5m0kWm9bOQXhpy26IljNnx4nbMSuSO/bmLnVIst62pLFkHq+SjoYAQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDRVpBb2p1dlhHNlVLKzYw
+            ck83MllqU2dYWEhEUVlFSGZhSEFaV284U0dnClRkUTRZbmJTN0ZrSmVBTXFtS3lh
+            aEhJQWJTc094aHNlT2x4M3F1SFl4ZWcKLS0tIGtWbDBURjRkbmQrT0NlVUZjbnl3
+            M1NRbVdqbzZ3Sy9xdlArbExSMzBKSHcKvmimpsvrNL1ogQ3jROJgD7b8dFgNCvd5
+            xWS2gbnTo3g+hhouHM4pko8nlT2BY3f0L4IiLfJZ0j7tWx0Kvaz/xA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1m5jnjmed343uwpgeta4nkxjhwescsa6dfswx30e4rwm0yxcf753qr0ljkw
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOTDF0ZG1tVmF6YkxBUTJD
+            cnIzK0Q2WFJzZzNKLzZDM2VzOS9wOEw0OWprCnR4ZlpTdFc5YjRPdklYNzlHVTZY
+            bVFMRWhwVGJNN0Jwd0JlMjR2cHE4RUEKLS0tIHF1R2xFMFQrYm1wbXgwN29BLzZO
+            OFppTU5wdGJkRTN0cDRQK2VNelJwbnMKLuNccIhf2RbNbfYR+jTUdN/RAh1fQExS
+            Bqm4F3/PID+gdljxHDSS7mN7VZ+884nrInE8U5TCqREe5HSnwLStfg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age15cp5p76q7vhwg9v8u98dpshrmtengghmm7yn5ckfk0yz694q3g6qajywwu
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyYWxtTWxad0V6cklxZm8y
-            Wmh0dld6Y0FPRVU4Zk5pN1hsT1hRWmhha3gwCkFISjlEK1QxaVBPcVVPWXZmdk1m
-            Ymw1UHhveTN1R0VDdXJYRHNvczcxQTQKLS0tIFN1UDdqYXNGY29QS0pMYmJac055
-            VHRRUnRpQzE3L0V4OVpGM0krOW9KWVUK3c8IH6tD2f8WKFm+yeVF3hP/UFvr4n1/
-            rqTt3cILSurq62MjtzU/F4+FC9/Le5j1xlDh075EuH+M/ewm65POSw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjUndRMWFDaE1PS0lLY1N0
+            Nlk3bTQrR0lGV0ovUDd5cWlReEZWajdkbHhRCmJUODczdkhzNXV3YllBU2VxUmFI
+            bUdVUGpYcjFnYlRBMjJvRVd6bjlUMmMKLS0tIHN4cXJHeTZzTlEreTg1NWpxQ2dM
+            UnlUY25pOGJ2T1VoTW0yeTFEL2NNTVUKHFdlBryccJAKz26+oECG8tx/FvhZEe0E
+            MBRoWFu+LHaAUgaOKEBMUHZKzY7Q+TahAsdsy+VErmRkI6i/Hh10ww==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2023-11-28T05:25:46Z"
    mac: ENC[AES256_GCM,data:e6p67apo/byZ1dNhvHqcbcUOnTFInoL9t2RGki8Wd114w+1IZxfPAmXzvoea3txXWnrvCuuZBVD+RglcWjbkvE54J8YfACgRN5+93NLWVVHrgbwL7WiI+W+rpzUqiWxByD72ee9rvG1dehAEAT0QEARVehIHpPK8F9/i/a3F+IA=,iv:rjtqpbKe4FyrX4RdVMwyqkCDMSP1rUaZoC9U9CAlzR0=,tag:4KSAB5eooNTdd/2ff9zL5Q==,type:str]
--- a/common/default.nix
+++ b/common/default.nix
@ -2,9 +2,9 @@

 {
  imports = with inputs; [
-    home-manager.nixosModules.home-manager
+    home-manager.nixosModules.default
    nh.nixosModules.default
-    sops-nix.nixosModules.sops
+    sops-nix.nixosModules.default
  ] ++ [
    ./constants.nix
    ./secrets.nix
--- a/common/users.nix
+++ b/common/users.nix
@ -75,6 +75,22 @@ in

  programs.fish.enable = true;

+  services = {
+    openssh = {
+      hostKeys = [{
+        comment = "host@${config.networking.hostName}";
+        path = "/etc/ssh/host";
+        rounds = 100;
+        type = "ed25519";
+      }];
+      settings = {
+        PasswordAuthentication = false;
+        KbdInteractiveAuthentication = false;
+      };
+    };
+    resolved.enable = true;
+  };
+
  sops.secrets.${usrPwdFile}.neededForUsers = true;

  users = {