diff --git a/.sops.yaml b/.sops.yaml deleted file mode 100644 index b9340d2..0000000 --- a/.sops.yaml +++ /dev/null @@ -1,13 +0,0 @@ -keys: - - &users: - - &irl age1uhp600xemepn27l0vxnt7hmuvk53wmw5peh9d3wy4ma2apsympmqxm8jxq - - &hosts: - - &homeserver age1y9v37jc3kxuygw042qrsvseac5krhh3skp88ewlqlja00uslpyss62e4nd -creation_rules: - - path_regex: secrets.yaml$ - key_groups: - - age: - - *irl - - *homeserver - - diff --git a/flake.lock b/flake.lock index 6331e3b..042f8d1 100644 --- a/flake.lock +++ b/flake.lock @@ -110,22 +110,6 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1744868846, - "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nur": { "inputs": { "flake-parts": "flake-parts", @@ -154,26 +138,7 @@ "flake-utils": "flake-utils", "home-manager": "home-manager", "nixpkgs": "nixpkgs", - "nur": "nur", - "sops-nix": "sops-nix" - } - }, - "sops-nix": { - "inputs": { - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1749592509, - "narHash": "sha256-VunQzfZFA+Y6x3wYi2UE4DEQ8qKoAZZCnZPUlSoqC+A=", - "owner": "mic92", - "repo": "sops-nix", - "rev": "50754dfaa0e24e313c626900d44ef431f3210138", - "type": "github" - }, - "original": { - "owner": "mic92", - "repo": "sops-nix", - "type": "github" + "nur": "nur" } }, "systems": { diff --git a/flake.nix b/flake.nix index aa859b4..9caea5f 100644 --- a/flake.nix +++ b/flake.nix @@ -16,10 +16,6 @@ url = "github:nix-community/NUR"; inputs.nixpkgs.follows = "nixpkgs"; }; - sops-nix = { - url = "github:mic92/sops-nix"; - inputs.nix.follows = "nixpkgs"; - }; }; outputs = { @@ -28,7 +24,6 @@ flake-utils, home-manager, nur, - sops-nix, ... }@inputs: let diff --git a/home/irl.nix b/home/irl.nix index fe7490e..45a0460 100644 --- a/home/irl.nix +++ b/home/irl.nix @@ -17,7 +17,6 @@ in if lib.strings.hasSuffix "darwin" pkgs.system then "/Users/irl" else "/home/irl"; home.stateVersion = "25.05"; home.packages = with pkgs; [ - age fish neofetch rust-analyzer diff --git a/nixos/common.nix b/nixos/common.nix index f670c0e..d3cae09 100644 --- a/nixos/common.nix +++ b/nixos/common.nix @@ -1,30 +1,8 @@ -{ - pkgs, - config, - sops-nix, - ... -}: +{ pkgs, ... }: { - imports = [ - sops-nix.nixosModules.sops - ]; - nix.settings.experimental-features = "nix-command flakes"; - sops = { - defaultSopsFile = ../secrets.yaml; - validateSopsFiles = false; - - age = { - sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - keyFile = "/var/lib/sops-nix/key.txt"; - generateKey = true; - }; - - secrets.irl-password.neededForUsers = true; - }; - time.timeZone = "Europe/London"; i18n.defaultLocale = "en_GB.UTF-8"; @@ -41,12 +19,9 @@ LC_TIME = "en_GB.UTF-8"; }; - users.mutableUsers = false; - users.users.irl = { isNormalUser = true; description = "irl"; - hashedPasswordFile = config.sops.secrets.irl-password.path; extraGroups = [ "networkmanager" "wheel" diff --git a/nixos/hosts/homeserver/default.nix b/nixos/hosts/homeserver/default.nix index 76e28e9..efcb458 100644 --- a/nixos/hosts/homeserver/default.nix +++ b/nixos/hosts/homeserver/default.nix @@ -18,42 +18,8 @@ networking.hostName = "homeserver"; networking.networkmanager.enable = true; - users.groups.media = { }; - users.users.media = { - group = "media"; - isNormalUser = true; - }; - services.xserver.xkb.layout = "us"; - services.audiobookshelf = { - enable = true; - group = "media"; - host = "0.0.0.0"; - openFirewall = true; - port = 8000; - user = "media"; - }; - - services.avahi = { - enable = true; - publish = { - enable = true; - addresses = true; - workstation = true; - }; - }; - - services.calibre-server = { - enable = true; - extraFlags = [ "--enable-local-write" ]; - group = "media"; - libraries = [ "/srv/books" ]; - openFirewall = true; - port = 8585; - user = "media"; - }; - services.openssh = { enable = true; settings.PasswordAuthentication = false; diff --git a/secrets.yaml b/secrets.yaml deleted file mode 100644 index 57d61a2..0000000 --- a/secrets.yaml +++ /dev/null @@ -1,25 +0,0 @@ -irl-password: ENC[AES256_GCM,data:8DcPiZ9Ui40MaOaPJ5XmZI3M7XDqLtBqJKLEUnolMYuNoa6dDBF/IicokQO6zvNVw0G2DPVQwbKzgEaWtvnj+5rXm+QbyEVIKw==,iv:+qsf6VzsMzAj6A5B6TCQ/ZaYDt0EiZYwQ7gZg0sw2TM=,tag:3Xi5bSJ7rYEUUVIDuynHag==,type:str] -sops: - age: - - recipient: age1uhp600xemepn27l0vxnt7hmuvk53wmw5peh9d3wy4ma2apsympmqxm8jxq - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRZmJkMlpoN2RRUEVVUCtS - cVl4T0grTit5TGtGUEM2MTlBRnQ2OWlWaEVrClErVm5uRzQySzNDM3J6dDFQY2U0 - cjlVS1NpTzdBQzgvSHJndmlxMWRmbUkKLS0tIHBtTkhSU1BTZHhMaXdZT0xiWWZD - ZXlLNjAzSVkxZWtDRjlUMHV5bnJXK3MKNGKAW7iq/Qfo1dAt3Zxjzu+PsjdtaYPG - a5Zvnazkm2dmuajldII/+xk4r/JewBZmeWdd37n2lUpbSisgcw0X5A== - -----END AGE ENCRYPTED FILE----- - - recipient: age1y9v37jc3kxuygw042qrsvseac5krhh3skp88ewlqlja00uslpyss62e4nd - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiQTcxWkphbngrK3RMaEZF - UHU4ZURiVmNZdDhoR1l5YWVDZ1YvdlZWbndJCnRZd0tmR2lXcnA0V0dRaDZzZkg5 - YitPd01mbFc1VHVyTDl3Sk9UTGptclEKLS0tIEtWb0VNZWFLUmNZRDh3S0N4WmN0 - SlVKUDZWVEp2YmR4V3ArRW1GR1lXeTAKRJoawuTKrgrz6qeOSTmYLXO6n66QNPLA - C5UI4yB0WLeRxdqxU84a3rS2ZjgTh22RR0WwRe6siOaKOdS1G96DXw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-06-13T17:56:08Z" - mac: ENC[AES256_GCM,data:YjTPJ69gNE3MOxUq8X1H4ucqiJxIwRFBBLz0pu6nJgx64XDKe96qeiy7NLAnyJuzOgXpZxb6bm+ecf4E288Bq5NyqpWyrICXC37mSMMXTIoi+HZMHk/GYOAezfCHCBzJBKlJjTZhmslF1zu/4jGtUf/VTOCm+WTPDTUjVkzvwJ8=,iv:vsiDWLir7b/DmOgJFs9iuNxJxJAipdriP/XSPbm4MKU=,tag:aBXeQdetTepLNj/kl45McQ==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.2