Finalize gaming VM impermanence
This commit is contained in:
parent
964a5fd5dc
commit
da8208415a
7 changed files with 109 additions and 66 deletions
12
.sops.yaml
12
.sops.yaml
|
@ -6,6 +6,7 @@ keys:
|
|||
- &cert-store-age age1cws8uzhg9qyxpjnw9w0mvalvqu3ttnnrn5r3eeczk4wcj86vnqgslzmzjp
|
||||
- &ci age1w2e493eat3l42wj3hqg25ncrqttg52rdqc9y0z49sx86f4tqa3vsmg9zm6
|
||||
- &forgejo age1sy2jzr85s4h0ncfucfl7hrczymmf8wng4m3g6jeduqx5g893jc9qzfznr8
|
||||
- &gaming age1n25te92l6p52zpujz72r0qqwmhx3qa2d2sw739h7sd50pj4ktums92gqzs
|
||||
- &idacloud age1ak099388vqd0hyfr6xa3jycstpnqqyqemklqufw9484l52xkxstsgl5qa2
|
||||
- &nextcloud age1mxenttus0r7uva77t36hrn02vysmde5h4lspcytcma6cjkmqlvnqsk3lj0
|
||||
- &vaultwarden age1d3dnansjhwtzj7pylk0nadg5jkqvzfe7zqs9rhx3yeerzwxyp4esxxsy7y
|
||||
|
@ -21,12 +22,6 @@ creation_rules:
|
|||
- age:
|
||||
- *vili-bw
|
||||
- *lithium
|
||||
- path_regex: ^secrets/users/vili.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *vili-bw
|
||||
- *helium
|
||||
- *lithium
|
||||
- path_regex: ^secrets/cert.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
|
@ -50,6 +45,11 @@ creation_rules:
|
|||
- age:
|
||||
- *vili-bw
|
||||
- *forgejo
|
||||
- path_regex: ^secrets/gaming.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *vili-bw
|
||||
- *gaming
|
||||
- path_regex: ^secrets/idacloud.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, ... }:
|
||||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
../../shared/base.nix
|
||||
|
@ -13,7 +13,4 @@
|
|||
|
||||
../../servers/gaming-server.nix
|
||||
];
|
||||
|
||||
users.users.vili.hashedPasswordFile = lib.mkForce null;
|
||||
sops.secrets = lib.mkForce { };
|
||||
}
|
||||
|
|
|
@ -2,6 +2,5 @@
|
|||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
moonlight-qt
|
||||
parsec-bin
|
||||
];
|
||||
}
|
||||
|
|
27
secrets/gaming.yaml
Normal file
27
secrets/gaming.yaml
Normal file
|
@ -0,0 +1,27 @@
|
|||
sunshine-state: ENC[AES256_GCM,data:2QiDLf7lEBL6u77FPsqy0CHQdRk+gkFb4/Agpv1yMSqicy7iy2uZ8JY41suNQ5uZlFWF7hJtvO9rCcmy5sSis0w3ZeCWYSCZXEMsqlqPo9VB32gbSBov1sdu334V9jc+sH0vuVno4NqsCKt7nvXopyB4ObaJSFX1KMluDCBvLD16S3GRAYS0xWpN/6GEk/fv2kpoiors1d7e5xQGNFlRmxbvmyAUfrBQPepy7OMhm+V/fM7I0bJJVsGoK9s3XKc0q5dm7cSmgOiCikDPMCXbEwTDl8tKwxceyaqGNrAqV9ohfK59UiWdDb7KJI6mpKr91EZhwa9gglr6EeMQw2bT0Hlz0yM2M2007mbEAKXiMVqkyCylPPGxACt3/d7HjHdJfeyywUirD+Fy9ZDWy/hxByYpA4biOyJ/tWR8filrtXdBPq2MXkl+shUaeDozfvmOrg0lJetEh+cK28WDwixU/NtvNdAAveSbv4JIHCdYx2yj4FXe9pLcGg8XAg/QM2EGKVQBsNUTXotUD1iHUtERiT6mtDGpjHryQZjkblsYAVWkyBhexcyyUwnkFR5ED7BFns8dn+SwCwQsLZN/KwqHDqQN4Wr/Qlh4i2K0/5T31cYwjY9wdlr8eXCiae7ukdihVxEKWLnJY5v9VZeMg4MIAJ7dMjUE9hrQbNVbTWMFJP5lQE6ouV9vERmAUVsCAYKIpiwVX6qQ7zFs4kSMyae3qWWB/YoTS0ut/KyVd/abD9zlMXdZfc2B3cSrIB/lYV1S3G0ii7/7eV5t1uBUysb86f82uNRkaqN7wRcVQcYojoFMG+IuflKRxpSQtNgD714gUu8Tghs4XTfSKH8xXVQntpVjb1fWEndfVX15slljLzwniZAuQKptzKVpc7DGw9gBGwowG9J8qeJtOeCnfawj0eQpEeF3iAxYwvFBjKmtYBLa591yDsFz+J5FS4DUceFXVJlKNEXCpAK3bqwEst1vaia8pN9FRkK65xUeYsp28PjQJJZXdrSgVGmZf9mK+tQ1a8ppP5P8cUV8ngS9aOGzORLCKZ3CglAR/xvxgJySUHVRy5ddRI8CmXStHLN4Cham9XuZImj3y5Wb5Apn8IkAgSM8LRDbsSKnREhfx6Y/vF02vTstJ4B5FsVcDrGhWwfwlI+xuemyNngeRbnTCBOMXuu8Q6V6ioIBGXj4QDWfKzcn+ozsHjwygb1egZQwiNYj2ZtKGEGuyo2G9uHP0V03LPntv3VpRP57sLcOKgywD5tyqtCxyXWgX/tGKfJbzgwchjE2yi+7ggweQUOQBCF9/fgWm1MW+57Y/5wLgNQfNWf1biWIsMom7on+8Xi7ASuukbZnyfVMIPKziAZzgatcZMvOxb3Ac7SfzFYdicRB3oeeUGRSekcLe/moB7xgD5hIzFUZhF4J0DY9Jo3/Zhs9APHjlNO2VnXhEDvxgD8005CNPi2mGpNiifB0fquNjnZWGJy+7R1Hnu7Eh+KBZSgc0PmZD6nQ/4QLdtxltiZYDBFkoUKLoujRc1sXesKLqzOfsSFwJF+EuJkytNFIdRvakV9yUCzBDMMV6L8J0hiPtg4bQyCWBYZz4x4GnmNaQ0YweLhkKa1h3eOw9nqp0jbQ2v6O4iDlcyr2PrbEA6CXdQoL610RRC2rxdnAzz0cgcJbaDMUI7vWcTILhZSNGXG0AT7hE2mLyfY1U7gk6MdkDVPUuNOrsrwdZZrWzkxIYDv0IBDV07JxkZBivanA07LxwlFiFebCYVJsSpLjz4NMYf1IJV33bMkN3tBtvfIJq3lfFqEHbcNmQk2r0t/Bnof2ImRg2BRdaf6LWdOw2enPsXXJV4Dt/1YvJJTr6qnYGQ2fXBwf/1uPK4ko7fwz1sp47ZsjmrhQjEyrMT2tFBkIKSOaE2Z9i5iJt7e3WTmv0mk5DcUO/pH9xFIhFT00DhaGG9XdgYnRtxt4/M/CSaK0aKhGgJiWOzFtWjnQbyMOFS6hyI0YP1R0W9PQuD4h2AOOlznOfkp5C5mPZKOJ1DB/WhDF8pcTG0clWy56ksnQQoXZMGWLi4FWOGO1dktu4+8uAtzwlilrZdgUsQA6m5Yd8I70ErDPQRcX8i9KU6S6vPsJqttSXla5pi+WmxkDuJzpj7VcAOpTbqxI/RbJPj147mes90duj7/Q4P+yYo5gLGYPVkZOuw50RRMV5bye2FH8JlVkKfyffYpHKNsCEtwfqMVHzo+BFlvV0dukt/HEmQhjW6rpkUN2Rh6uvDdk/UNNJs5WvvQ6dx9QDTd/EpcdpIMYjxgdaII+HBJPfMP3breYHYy/COMKhQCN6mZYWqGKmmid99IcT7+mjvJcNqV0NQcnQ7rIlvNTGZToyGcCuVwXlwr+a0B9epN8AUA6UvyyBoAbKtdU23bsRiCkFl1LCZKApVGjKsKW14y1omYB0ASDTtqn2COHfIQeDHfBrr4EFmaHArKd7rHh3Si/uACNmGfdHUpdaCu0PR/qSbbfFrPyd/wgsRQY3wfIUorMQVUdfhx2j2N5znjiAkSGVTVXcbPkIziipLeuBbY6xe/yvPKv09m0TjDipaQyomVMaLQ7CAZa3S9Ll/57Fu9RmFaIPx7XeWDKIfk7Q7nEUWPtX2/Mdc7WucMUi/jmFC8LX1XqDEFpSEIHIyahpY7HD+oPMd4XFHf9tiYLAyhy4KvyODbYgc7pjWo6conhSDdWBT8doOD0tnXEYwcy0rNPTb3sh0l24IKBlVGq0sDisZhW9fTlDjiHiG3ZFUiX7KzmMDmngcyjzMOs/o+rSZrogCn6V0abX6rOQ9eaansPofgfD4eCSiVtkHfLTn+EDZG829UhzmZSfs4VWCOuc0COPNdbXebUW0P3hJzMXj/80Z8u4JPohP2KLMD1VTjlaZB/LSIviUM/aTOaIw1+PmBaQ4SBDsaukUfFLqPuQ6YDJUWn6N5t2ir0TEDWF78my9KPeBaymH/oqTYwuHpl6r+7P8oXHV4V6hp1tTr00oeIpgqOjauyHysIU/weu9MHZHwdTw48LpeYYPJlcag+VG72212wmOBI4CuRr+hMyXR9/44NpMeJNEka7gD+0kx/p5IePfRAXN/Ox+7XQOn40LYmhL9cqmXrW2zi5Tn1FWF/x+1AluNwWrUI6j1JmoZ7nL/ErViWH97/w0ThX4Bkb/ESIbXtIv6e+XeJY6e+f5kLNmojFrclOOldS9NQMdDcM3MI1sAMS0w01MkqVLWy0J0iUzrkucAa9bPBz2phUAL6Q4LNfCsPNk/V+t1j/TgojeEn1i3xV3iYn3FogNZ7++i30abfFUXd5k2qKJ18a8kmF0bJd5MKJZmwc/UueUfDa7RKUGvtPdIAN9251+M3XbuDq8evn4s/6MP55vzdGey6CY+HL8ebdM/z8t6xRCaxZKDorbdLoCTYAq3/OjRl3rM7VGD1UWm+iKVr1BthS+2LP5OeTM5McYhM9SKHyhtROT4uSdDHlUBqFZ6aaSitEGgOTqQbDCgpsBJznQJR6yGREcdM,iv:6Zg5Mvxx+aAzphTnBKKcO0fEaUd5tPCtBjI3+VxWmzo=,tag:d414uFwsD+VyVkXi0wkrgg==,type:str]
|
||||
sunshine-cakey: ENC[AES256_GCM,data:I8dak9ee7tNPYFU0izubtDd6dUg6ozqJFlkDcPrTKHAMfcb6Roy87m69T++6MzfGnMqGvRWlN6G6q5hdh0xk0HBS4TpApdiDj+B+OlMSAUAmaIF+SqM9Vo23Wi6QuMHS0VOFH4cSdabhcSMwIr2b1NLqA+sAHD7t9gxPFDDgjPSw/0Lepw9P2SY21MEWuQkwovvrHwvTw7GKmUHukDjH35bbGx4qRo7cNv71Xl1CkthMRq0gAmbWB9fnTQaaC9ImRBHFy6ZhLQpi0yiG3M+z0aDx779IojIG0E+BGEUKYD9RhdljYa9jlcruETZEExx6v2D6JscR+/8i5OJdqdPasA3lrOKQqZTdzoXoCzrNS7Mwpp2aNeyKlsNCJ2iXLvN70wZBf/y5C7lEoNEQS1xBMiIyNLAunZVR6oS5/AvQNvugbqlL9hr8yvj1U5SoBulhZor+s/0ss4Dbg2vCowCeAVveB4L1a8cC5Wh+JxmWiG0z2eveCchyNI255P6qdhduULmblPCcLupbJkWNFL2RQRl4WTdQtQ15KisD0/xle1Vu0OncgqYO3uCOsfy60ayuUDUWn+wNGH61sTRY98SPXawaDCGKkyE6vJluUVIzGokWBM5BYzdF4Zii/N4/ehxPXnKE69LcBOrvXKCvd0igC1wteJJlGAQmjjQdL36+sm0M+9G1QY/b0e1Dto4bpdwZKTYba6kaL8LT2FGO7WgCy/WPiEm8z2/0P4pRdYXtKU8BprPj5jN+qaqlWF5c4ZbLndBAAFZYLmEe1j2z4wmS8/g2EM6jHMWRePLYdB022F2uMTJizX2baFO68UnAO7YJGE43TI3D8XLTsPbhmfrKjbmMT5lRa1bRBpyMWFAOqGQYhX0DXNLAOMVjrqsKaLgKZxXTtuHEYXZLPKehQoJWSpm+9a8jtoLdyC85n0YTMAHv3r34xlqDOvNdrTSyJD7rRqsn6uVd1cPo+/hRZ0QEiGU43ALZf78pV7xNVZ3cOiUQi0Tbwuiz/gPcaJGeiNVC8oCGcJVPFre8lGOx+xUmLNPz0s+oDIVurPqoTd1EykzI99OtKyYInkx7qMeJ7Sb8cnYAnBDKSSdD0DsP6xGrssEVp/TxBR9Y97ZCnUoOEswIK/KHwIrwNKsU7WlbKCTvgc8tZUfUhgnRHzn/KCbZ1GEUrqmRq4BDnzLvNtKBhqQnR9MbOiFMuXNF2lUovwS5T56vuhnV9110qoXx4ynhj4B/QlGWpw2slTC7JiyMIxuBmZmETWainuD8dlO2riPx0D93pL8/skmWTVXMTIMFQdJGJePPf+k1y4Q0a72lxEnQOIWXVZDJUq93TQKnmJFM/Fjkydgf3ouqvDZ+H/S/lQHMHQeF0i/NebgUZXxflKWQpbTuw2i4ggkPoZY8ZLkV7VjYiOnDbtLqN3V8f4viCbSqlQauES9M1Dny8IL3jl5I0DJf7MOP/oKwGHcgWo0QHLGfX/qEdwxGlT8ctobDCsMdiKmQAo9Oq8EMH6CF+Y/cdnzTJQgdqu+qLlWQoZBhBz0MegYI07niBmcHUKK4CGEcVr1ZgrfTMuaL5Z3LJ3CZxbWPaddaFk1408cGTr7/h6cyc8d7jFU0sNgzL65kIBGZilwOECXBLthP2g+HmNkChqGwKOCM9f9jLTM29NS1+SjMZkaVpzsbbswqVhT/YcOrWvxPaQCZkSzDu5hl+FE/UJEv8aR14EUMWtZpFFpbWAwpUbPeVojA6IvSkHafy9lZBPXfPG+9B578tnDJnagHF8+QGzmyOKJvrRgEPvLTByemJqwgzxBg9KuUBSy7jXxjsMp3zhH1O2/aozyMMf1J3nxDxgIudMWYvoz0Sx69VABmMDzXYoc5y1y2cyq4UbE5cS6DRQcKCEeKmx4MYX+0Hl4eWcdHjmHePgB5LIJapoBtun/4o9w7d7d3SOQ/IUgaoQhijZ3UqK7oXPDEl/mEJ21GgV0vmtN33J71NWOt1M9MnGXOnme5wQ68e81bfRWBTJLeRZJtLGIZK/GmAwElc83EW66gIOv94y9NaHNvQKPkuBscjP1bYepcQnnj0K4vo3UNpLMChyuMx7b3mPWTeg3zgTfRv84mjtc7nrqQF9xPPVUolrxldAUgV4Iu9NDQqIRox99lKYEEHTzDX8ATbp+KJazA5lPYtVwZdYOJ1rmJlEn0ezzppOtnv9bW2sUfYDH8pOgzHgwleei3kuUu0x1U/5ujMCO/cm+ajOAZteH3F3FsAzNqiF2kBTp6ZuKWmWF5K9Y1,iv:4vTey4Dw05LWusi9xyWo/nb9O4yWdvn3qlYbfSbn8f4=,tag:kMVj6iqDAXhiRfuHNNCULQ==,type:str]
|
||||
sunshine-cacert: ENC[AES256_GCM,data:jSCBbWzUs+Euck/ybsSxeqUCbi5rLBipKSjPKXzFjJZ3QvHJMqQ05ienYoZUMvXN3cqdjtPyUGsfu++J25ztAkzVIi5EKOg++SCWkAjriIlPlgfKNuUxihrmshaj/BZg5/TBBa/kzBw9G/CEQ2kbL8QbzVxcx7bTFj/hj8F6UpsPKQcq5+VcbrGfj5SueF5kstl1PrLB8WciN02LtCbSYz3K6YwZNJJgpIHEEa2H+xcdBjajpxHzwshJpWGK8Ob8p8vRtSDesXffrN0nffe6b8X11x6SsOHtWX/Wrh4IKsgZd63R2rEYN/nDdaNsPTinT3vfPh7JRar6IbHVp5qAo2aywI1pEQy9leDqSO0V4/y+udsBbUiOoSW2e9Do1O+49PUroYhRS1eAHEGLHiApg1dleuXclhKv1VLumLNj4MCiTwomPbj9PXLMswZkJ3Nlk5QwHH3eUMx18zRplUsgA69jscOLeupDe1jKUx8OKOAiBEUEBoGSG8Yv8GrSL7fdLx63OFa0wDmE3lNWWIAuTDCe/y6qbfLYcE9IVt2Pm0ADjuN2kxkgTM6n/YdCrVMrot14QxI2cCBcsOYQOVSWNEQ0gTmMdNiDPUiImFbTJ7oo3KhMsvF9gbDma//9apk5+YP2JQCqbwBl6ZxuDY32Yzu7TADSpHK3Ib9YsI9/7bf47jIFxVKGIaxTPrXxfzoTaE3hK61YQyDRPCBSvgg8PAZRWZG1eKSwIZMq5MqC3rJz52XifbfQ3bTIpQX3J2bZ/T24Ic7GiIkk6EgBFlAiMUzm2YSC/DqCxg7G3eimNiv24XJD0QIHpRHJrAfgVOInfgbqE1q1Ay3zpNRLlNi9uinIQ4gwgi8AsgWK050kYAk2KeIa4LMlvI8Di/vFHzHnDIPjjBFjPAwMGLIq+xRoYjqI7nZz1U2yaEAxauir0/m5Lxg8RgptCqArD047TeHgYZGSYQodJ+Xere+4abc70bxHVaG+ehG94PS4vy7rNg5DgV5Xz0XaSRLBevjYgMoDR1D/LHjGKve/cL9dQxrBkMG2+JrXw8C7fIOHgVA/Uj22FAvRwtJZubRtG4158TsAM+2O7qK/HVg/fUFNZ9ONA69pD3e4mNGBY0fDko3npME7VmFi9KN9tHWgcD1+sMfxavQvnizJquv5zfg4qW00WukmmjKBiWQUyb+RNfJBwuL8NPmCANRDLnOELqoI1iFMovZM6ERNR7CFyrTxi0WF5lLvDBiKSidI1TWre8YvZ/cHf62xvC139LPszNJRSlHisSHy7UwjnR6wFmsrkE3G4XOJYlk7Dra2uruDA5BZQV4EpftWh5BJOD3xHYghhAoyKq++/iYHTN9ubrDEcNewOg+4hogTqtkIXQc8LMO9,iv:Kku8jh+M3J/3IMFCA+Zw6fqfNlAJ2uPQsRR3WjmGdvQ=,tag:apNqFguaLQWpM4CZD2r5Lw==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1pvkuvcc38pke3euzsjzpgp6s6v3jykug2e69rplytdy7gxntm5jsraxhvp
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2cVc1b2xCL3R4SjdwZnhN
|
||||
MG5QTzgvbmMwQnV2d3ZyaU5qOVFXS0pqL21JCnN2VWg1aFI5dXFIRHpZVGFKenpE
|
||||
RUJja09odmhmeVp3aHlqTUgwd0xZamsKLS0tIE9aekVBRjhLZzVJU1NTVU4xVEV5
|
||||
U2c0YzlXdlFiNDFyYXlac3g4UnRMajQKtFu3UUQmJ4ky9hqMTQ8kpHfnpn8k73d5
|
||||
nCZxzBBmkoELHo+IQgZ671UJVHyU9YlZBdnby7Yv0HJklgu/ClByVg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1n25te92l6p52zpujz72r0qqwmhx3qa2d2sw739h7sd50pj4ktums92gqzs
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxdityNVhTdkVZZVk2MS82
|
||||
ckRmREhlU0Z3b0lJcExYSExuS3dqSWJ3YkNVClNGeDdncmZNSHIrd3U3Y3drOEFv
|
||||
d1RCaW8ycGUrR0xEQ3h0VVFjU1RId00KLS0tIHRpTEU0cG8xSEJ0M2Q5a2tBNU9P
|
||||
azE5WmsxcEdKNzBmN3lEOC9LZnlIaEUKvTOnDeKmteqGhDzLhXyxVzkP9qBHSJnQ
|
||||
2I7Tu77qBvjtcD7G7r+ldVT9KGdWiwdQQeH9PCqN+WxYXtZ2rRWqPg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-07-04T21:45:11Z"
|
||||
mac: ENC[AES256_GCM,data:gwP9rbeYB/Q3mYhrcq9mh+Q/2IRDvXcbRtNmVbQnBdV6HAVMFDh2yUQ5GU7vUYUfGx9M+Iu8gG/DSyLet3c2pi1fEeWDCTTU46GOkn5DL4PYmHwf4Mqhq+Tq7ag/Cwlz7EKKu67sJAqfm2EX+8xE4Nyxxs4SWrnpEceuk/FU85U=,iv:zAYbkoByoPYlROlzPpiOYkf7nAkt8dFbdqWbedBDIzs=,tag:7D7CHx9CXHzmX/cFcZTlKQ==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
|
@ -1,34 +0,0 @@
|
|||
vili-password: ENC[AES256_GCM,data:SG0UVgXOrbLJZ8dj1NeuBL0QulIeZRfoD5o/QF57avce7nxlU1RLnQfZe9fsW9IqnfiAQkYNcQ3B/m36VBy87DJosRVT0dcizg==,iv:536A1+NVuvg18uh+7oEEUYJ8PM+g62boNCKCUpg0GJo=,tag:J9YL+fdK4gE7g58nSgBRcw==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1pvkuvcc38pke3euzsjzpgp6s6v3jykug2e69rplytdy7gxntm5jsraxhvp
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2eUJjQWtrcGxEWnFZamRx
|
||||
QTFhOTdmaGt3cEhSYThFMjlrbkV2WTdwcFdjCkJpdmNtUkRsM1pGQ000V0N4d0Nk
|
||||
d0lLWmdWTytKTWtKbFNNYmpvSXRsd3MKLS0tIGY0MEI3TWlKZFkwQy9RUmNrSkVJ
|
||||
MUVDUmladjJrZVZXS2MvKzJGUTZscVUKk510+IUsO4yq7ZH8aOvl+C0WzlYRGdzv
|
||||
TzKXvPAZHI8BL+YMAjNj1gFNo9NK7jkklP8/0w7+ThrpHu6/IKzKZA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1xp02dggk2e6csvxg2q5nfts4tjhd05vthrcvvk2l67m3tgs3vugqshg24q
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaRGNBY2RHb1RCdTNRZjhL
|
||||
UnlodVBYWHFjUFowK1dNWEdXWkZJN0luUFhnCitSa05TSEY2NW9MM3dIQmRpOG9p
|
||||
OVovcGxXT3UzMStXQ1FkNGJRTEZnaEUKLS0tIGcxYlFhRlR1Y1ZnOWlIMlh4bmwy
|
||||
dUlnN2RKRmxQamxjV0VoTFA5V1NEMUEKctraZulYSWKoUAy/47uq5s24obqQHvNZ
|
||||
dxGaVmjZpPmNyUw7UcamRTdbdPHi4u2F5VmEPBK9YroDWryrL4k73A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1yrfr0q72nqa842t0mzckeemfww28qzcd3wqmrd8mvzwvgpzssvlq9ruzlk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKQVFab0lTalV5MFI2dUY2
|
||||
a0h2SlBLTWhXVGtPY01LMTloRUtUNytrVFdJCnVjQnphYzRSQ1p1WjB2dS90c29J
|
||||
bFZkNnF6a2xiWlhTdHA1K0xKbGFNb0UKLS0tIGFlWHlSaUkrMXh1RjNaMzNUYm9F
|
||||
U1VaZERTNndxc1hVbm04eDVzdW9Wa28KqO3N6dMLny3liCEc5Rh3+jjw56ghajTj
|
||||
u5n33jEko8u+Li9v7nHAVqdzw9WDrPdwJz00xc4tGYewRHW+s16qxg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-06-21T12:17:55Z"
|
||||
mac: ENC[AES256_GCM,data:iHPaSftY2MFHgg+426dlTtTPWbL3AO84ND1CHViJ81bUm9CYTKlLGU23ocKVJRzPy85BhOGh2R4uURP1dvQ3BiFWGK3B2t8xtg1vTz5jSgQkvWr5RRiDLOvHWb4cT4O5cI8MHkLtYAl1ungdZj+uCIIw9unzDD+HpjlOlCaf8C0=,iv:HFZfxCBQEB0G7oalRkNFykeJ3+9xssUJN5oB/j1Z3xI=,tag:PabtyU0ZvSRWlmz7y35uMA==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
|
@ -1,33 +1,56 @@
|
|||
{ pkgs, ... }:
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
systemd.tmpfiles.settings."vili-home"."/home/vili".d = {
|
||||
user = "vili";
|
||||
group = "users";
|
||||
mode = "0700";
|
||||
systemd.tmpfiles.settings."vili-home" = {
|
||||
"/home/vili".d = {
|
||||
user = "vili";
|
||||
group = "users";
|
||||
mode = "0700";
|
||||
};
|
||||
"/home/vili/.local".d = {
|
||||
user = "vili";
|
||||
group = "users";
|
||||
mode = "0755";
|
||||
};
|
||||
"/home/vili/.local/share".d = {
|
||||
user = "vili";
|
||||
group = "users";
|
||||
mode = "0755";
|
||||
};
|
||||
};
|
||||
environment.persistence."/persist" = {
|
||||
users.vili = {
|
||||
directories = [
|
||||
{
|
||||
directory = ".parsec";
|
||||
mode = "0755";
|
||||
directory = ".cache";
|
||||
mode = "u=rwx,g=rx,o=rx";
|
||||
}
|
||||
{
|
||||
directory = ".parsec-persistent";
|
||||
mode = "0755";
|
||||
}
|
||||
{
|
||||
directory = ".config/sunshine";
|
||||
mode = "0755";
|
||||
directory = ".local/share/feral-interactive";
|
||||
mode = "u=rwx,g=rx,o=rx";
|
||||
}
|
||||
".local/share/Steam"
|
||||
{
|
||||
directory = ".local/share/vulkan";
|
||||
mode = "u=rwx,g=rx,o=rx";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
parsec-bin
|
||||
];
|
||||
sops.secrets = {
|
||||
sunshine-state = {
|
||||
sopsFile = ../secrets/gaming.yaml;
|
||||
owner = config.users.users."vili".name;
|
||||
};
|
||||
sunshine-cakey = {
|
||||
sopsFile = ../secrets/gaming.yaml;
|
||||
owner = config.users.users."vili".name;
|
||||
};
|
||||
sunshine-cacert = {
|
||||
sopsFile = ../secrets/gaming.yaml;
|
||||
owner = config.users.users."vili".name;
|
||||
};
|
||||
};
|
||||
|
||||
programs.steam = {
|
||||
enable = true;
|
||||
|
@ -38,6 +61,25 @@
|
|||
enable = true;
|
||||
autoStart = true;
|
||||
openFirewall = true;
|
||||
settings = {
|
||||
sunshine_name = "NixOS";
|
||||
address_family = "both";
|
||||
credentials_file = config.sops.secrets.sunshine-state.path;
|
||||
pkey = config.sops.secrets.sunshine-cakey.path;
|
||||
cert = config.sops.secrets.sunshine-cacert.path;
|
||||
file_state = config.sops.secrets.sunshine-state.path;
|
||||
};
|
||||
applications = {
|
||||
env = {
|
||||
PATH = "$(PATH):$(HOME)/.local/bin";
|
||||
};
|
||||
apps = [
|
||||
{
|
||||
name = "Desktop";
|
||||
image-path = "desktop.png";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,9 +1,17 @@
|
|||
{ config, lib, ... }:
|
||||
{
|
||||
sops.secrets.vili-password = {
|
||||
sopsFile = ../../secrets/${config.networking.hostName}/vili.yaml;
|
||||
neededForUsers = true;
|
||||
};
|
||||
sops.secrets =
|
||||
lib.mkIf
|
||||
(builtins.elem config.networking.hostName [
|
||||
"helium"
|
||||
"lithium"
|
||||
])
|
||||
{
|
||||
vili-password = {
|
||||
sopsFile = ../../secrets/${config.networking.hostName}/vili.yaml;
|
||||
neededForUsers = true;
|
||||
};
|
||||
};
|
||||
|
||||
users.users.vili = {
|
||||
isNormalUser = true;
|
||||
|
@ -16,7 +24,11 @@
|
|||
"audio"
|
||||
];
|
||||
openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
|
||||
hashedPasswordFile = lib.mkDefault config.sops.secrets.vili-password.path;
|
||||
hashedPasswordFile =
|
||||
if builtins.hasAttr "vili-password" config.sops.secrets then
|
||||
config.sops.secrets.vili-password.path
|
||||
else
|
||||
null;
|
||||
};
|
||||
|
||||
users.groups.vili.gid = 1000;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue