diff --git a/.sops.yaml b/.sops.yaml index da82094..4a67f83 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -6,6 +6,7 @@ keys: - &cert-store-age age1cws8uzhg9qyxpjnw9w0mvalvqu3ttnnrn5r3eeczk4wcj86vnqgslzmzjp - &ci age1w2e493eat3l42wj3hqg25ncrqttg52rdqc9y0z49sx86f4tqa3vsmg9zm6 - &forgejo age1sy2jzr85s4h0ncfucfl7hrczymmf8wng4m3g6jeduqx5g893jc9qzfznr8 + - &gaming age1n25te92l6p52zpujz72r0qqwmhx3qa2d2sw739h7sd50pj4ktums92gqzs - &idacloud age1ak099388vqd0hyfr6xa3jycstpnqqyqemklqufw9484l52xkxstsgl5qa2 - &nextcloud age1mxenttus0r7uva77t36hrn02vysmde5h4lspcytcma6cjkmqlvnqsk3lj0 - &vaultwarden age1d3dnansjhwtzj7pylk0nadg5jkqvzfe7zqs9rhx3yeerzwxyp4esxxsy7y @@ -21,12 +22,6 @@ creation_rules: - age: - *vili-bw - *lithium - - path_regex: ^secrets/users/vili.yaml$ - key_groups: - - age: - - *vili-bw - - *helium - - *lithium - path_regex: ^secrets/cert.yaml$ key_groups: - age: @@ -50,6 +45,11 @@ creation_rules: - age: - *vili-bw - *forgejo + - path_regex: ^secrets/gaming.yaml$ + key_groups: + - age: + - *vili-bw + - *gaming - path_regex: ^secrets/idacloud.yaml$ key_groups: - age: diff --git a/hosts/gaming/configuration.nix b/hosts/gaming/configuration.nix index 26c785a..0163fa2 100644 --- a/hosts/gaming/configuration.nix +++ b/hosts/gaming/configuration.nix @@ -1,4 +1,4 @@ -{ lib, ... }: +{ ... }: { imports = [ ../../shared/base.nix @@ -13,7 +13,4 @@ ../../servers/gaming-server.nix ]; - - users.users.vili.hashedPasswordFile = lib.mkForce null; - sops.secrets = lib.mkForce { }; } diff --git a/personal/programs/moonlight.nix b/personal/programs/moonlight.nix index fc240c2..87244f0 100644 --- a/personal/programs/moonlight.nix +++ b/personal/programs/moonlight.nix @@ -2,6 +2,5 @@ { environment.systemPackages = with pkgs; [ moonlight-qt - parsec-bin ]; } diff --git a/secrets/gaming.yaml b/secrets/gaming.yaml new file mode 100644 index 0000000..5805208 --- /dev/null +++ b/secrets/gaming.yaml @@ -0,0 +1,27 @@ +sunshine-state: ENC[AES256_GCM,data:2QiDLf7lEBL6u77FPsqy0CHQdRk+gkFb4/Agpv1yMSqicy7iy2uZ8JY41suNQ5uZlFWF7hJtvO9rCcmy5sSis0w3ZeCWYSCZXEMsqlqPo9VB32gbSBov1sdu334V9jc+sH0vuVno4NqsCKt7nvXopyB4ObaJSFX1KMluDCBvLD16S3GRAYS0xWpN/6GEk/fv2kpoiors1d7e5xQGNFlRmxbvmyAUfrBQPepy7OMhm+V/fM7I0bJJVsGoK9s3XKc0q5dm7cSmgOiCikDPMCXbEwTDl8tKwxceyaqGNrAqV9ohfK59UiWdDb7KJI6mpKr91EZhwa9gglr6EeMQw2bT0Hlz0yM2M2007mbEAKXiMVqkyCylPPGxACt3/d7HjHdJfeyywUirD+Fy9ZDWy/hxByYpA4biOyJ/tWR8filrtXdBPq2MXkl+shUaeDozfvmOrg0lJetEh+cK28WDwixU/NtvNdAAveSbv4JIHCdYx2yj4FXe9pLcGg8XAg/QM2EGKVQBsNUTXotUD1iHUtERiT6mtDGpjHryQZjkblsYAVWkyBhexcyyUwnkFR5ED7BFns8dn+SwCwQsLZN/KwqHDqQN4Wr/Qlh4i2K0/5T31cYwjY9wdlr8eXCiae7ukdihVxEKWLnJY5v9VZeMg4MIAJ7dMjUE9hrQbNVbTWMFJP5lQE6ouV9vERmAUVsCAYKIpiwVX6qQ7zFs4kSMyae3qWWB/YoTS0ut/KyVd/abD9zlMXdZfc2B3cSrIB/lYV1S3G0ii7/7eV5t1uBUysb86f82uNRkaqN7wRcVQcYojoFMG+IuflKRxpSQtNgD714gUu8Tghs4XTfSKH8xXVQntpVjb1fWEndfVX15slljLzwniZAuQKptzKVpc7DGw9gBGwowG9J8qeJtOeCnfawj0eQpEeF3iAxYwvFBjKmtYBLa591yDsFz+J5FS4DUceFXVJlKNEXCpAK3bqwEst1vaia8pN9FRkK65xUeYsp28PjQJJZXdrSgVGmZf9mK+tQ1a8ppP5P8cUV8ngS9aOGzORLCKZ3CglAR/xvxgJySUHVRy5ddRI8CmXStHLN4Cham9XuZImj3y5Wb5Apn8IkAgSM8LRDbsSKnREhfx6Y/vF02vTstJ4B5FsVcDrGhWwfwlI+xuemyNngeRbnTCBOMXuu8Q6V6ioIBGXj4QDWfKzcn+ozsHjwygb1egZQwiNYj2ZtKGEGuyo2G9uHP0V03LPntv3VpRP57sLcOKgywD5tyqtCxyXWgX/tGKfJbzgwchjE2yi+7ggweQUOQBCF9/fgWm1MW+57Y/5wLgNQfNWf1biWIsMom7on+8Xi7ASuukbZnyfVMIPKziAZzgatcZMvOxb3Ac7SfzFYdicRB3oeeUGRSekcLe/moB7xgD5hIzFUZhF4J0DY9Jo3/Zhs9APHjlNO2VnXhEDvxgD8005CNPi2mGpNiifB0fquNjnZWGJy+7R1Hnu7Eh+KBZSgc0PmZD6nQ/4QLdtxltiZYDBFkoUKLoujRc1sXesKLqzOfsSFwJF+EuJkytNFIdRvakV9yUCzBDMMV6L8J0hiPtg4bQyCWBYZz4x4GnmNaQ0YweLhkKa1h3eOw9nqp0jbQ2v6O4iDlcyr2PrbEA6CXdQoL610RRC2rxdnAzz0cgcJbaDMUI7vWcTILhZSNGXG0AT7hE2mLyfY1U7gk6MdkDVPUuNOrsrwdZZrWzkxIYDv0IBDV07JxkZBivanA07LxwlFiFebCYVJsSpLjz4NMYf1IJV33bMkN3tBtvfIJq3lfFqEHbcNmQk2r0t/Bnof2ImRg2BRdaf6LWdOw2enPsXXJV4Dt/1YvJJTr6qnYGQ2fXBwf/1uPK4ko7fwz1sp47ZsjmrhQjEyrMT2tFBkIKSOaE2Z9i5iJt7e3WTmv0mk5DcUO/pH9xFIhFT00DhaGG9XdgYnRtxt4/M/CSaK0aKhGgJiWOzFtWjnQbyMOFS6hyI0YP1R0W9PQuD4h2AOOlznOfkp5C5mPZKOJ1DB/WhDF8pcTG0clWy56ksnQQoXZMGWLi4FWOGO1dktu4+8uAtzwlilrZdgUsQA6m5Yd8I70ErDPQRcX8i9KU6S6vPsJqttSXla5pi+WmxkDuJzpj7VcAOpTbqxI/RbJPj147mes90duj7/Q4P+yYo5gLGYPVkZOuw50RRMV5bye2FH8JlVkKfyffYpHKNsCEtwfqMVHzo+BFlvV0dukt/HEmQhjW6rpkUN2Rh6uvDdk/UNNJs5WvvQ6dx9QDTd/EpcdpIMYjxgdaII+HBJPfMP3breYHYy/COMKhQCN6mZYWqGKmmid99IcT7+mjvJcNqV0NQcnQ7rIlvNTGZToyGcCuVwXlwr+a0B9epN8AUA6UvyyBoAbKtdU23bsRiCkFl1LCZKApVGjKsKW14y1omYB0ASDTtqn2COHfIQeDHfBrr4EFmaHArKd7rHh3Si/uACNmGfdHUpdaCu0PR/qSbbfFrPyd/wgsRQY3wfIUorMQVUdfhx2j2N5znjiAkSGVTVXcbPkIziipLeuBbY6xe/yvPKv09m0TjDipaQyomVMaLQ7CAZa3S9Ll/57Fu9RmFaIPx7XeWDKIfk7Q7nEUWPtX2/Mdc7WucMUi/jmFC8LX1XqDEFpSEIHIyahpY7HD+oPMd4XFHf9tiYLAyhy4KvyODbYgc7pjWo6conhSDdWBT8doOD0tnXEYwcy0rNPTb3sh0l24IKBlVGq0sDisZhW9fTlDjiHiG3ZFUiX7KzmMDmngcyjzMOs/o+rSZrogCn6V0abX6rOQ9eaansPofgfD4eCSiVtkHfLTn+EDZG829UhzmZSfs4VWCOuc0COPNdbXebUW0P3hJzMXj/80Z8u4JPohP2KLMD1VTjlaZB/LSIviUM/aTOaIw1+PmBaQ4SBDsaukUfFLqPuQ6YDJUWn6N5t2ir0TEDWF78my9KPeBaymH/oqTYwuHpl6r+7P8oXHV4V6hp1tTr00oeIpgqOjauyHysIU/weu9MHZHwdTw48LpeYYPJlcag+VG72212wmOBI4CuRr+hMyXR9/44NpMeJNEka7gD+0kx/p5IePfRAXN/Ox+7XQOn40LYmhL9cqmXrW2zi5Tn1FWF/x+1AluNwWrUI6j1JmoZ7nL/ErViWH97/w0ThX4Bkb/ESIbXtIv6e+XeJY6e+f5kLNmojFrclOOldS9NQMdDcM3MI1sAMS0w01MkqVLWy0J0iUzrkucAa9bPBz2phUAL6Q4LNfCsPNk/V+t1j/TgojeEn1i3xV3iYn3FogNZ7++i30abfFUXd5k2qKJ18a8kmF0bJd5MKJZmwc/UueUfDa7RKUGvtPdIAN9251+M3XbuDq8evn4s/6MP55vzdGey6CY+HL8ebdM/z8t6xRCaxZKDorbdLoCTYAq3/OjRl3rM7VGD1UWm+iKVr1BthS+2LP5OeTM5McYhM9SKHyhtROT4uSdDHlUBqFZ6aaSitEGgOTqQbDCgpsBJznQJR6yGREcdM,iv:6Zg5Mvxx+aAzphTnBKKcO0fEaUd5tPCtBjI3+VxWmzo=,tag:d414uFwsD+VyVkXi0wkrgg==,type:str] +sunshine-cakey: ENC[AES256_GCM,data:I8dak9ee7tNPYFU0izubtDd6dUg6ozqJFlkDcPrTKHAMfcb6Roy87m69T++6MzfGnMqGvRWlN6G6q5hdh0xk0HBS4TpApdiDj+B+OlMSAUAmaIF+SqM9Vo23Wi6QuMHS0VOFH4cSdabhcSMwIr2b1NLqA+sAHD7t9gxPFDDgjPSw/0Lepw9P2SY21MEWuQkwovvrHwvTw7GKmUHukDjH35bbGx4qRo7cNv71Xl1CkthMRq0gAmbWB9fnTQaaC9ImRBHFy6ZhLQpi0yiG3M+z0aDx779IojIG0E+BGEUKYD9RhdljYa9jlcruETZEExx6v2D6JscR+/8i5OJdqdPasA3lrOKQqZTdzoXoCzrNS7Mwpp2aNeyKlsNCJ2iXLvN70wZBf/y5C7lEoNEQS1xBMiIyNLAunZVR6oS5/AvQNvugbqlL9hr8yvj1U5SoBulhZor+s/0ss4Dbg2vCowCeAVveB4L1a8cC5Wh+JxmWiG0z2eveCchyNI255P6qdhduULmblPCcLupbJkWNFL2RQRl4WTdQtQ15KisD0/xle1Vu0OncgqYO3uCOsfy60ayuUDUWn+wNGH61sTRY98SPXawaDCGKkyE6vJluUVIzGokWBM5BYzdF4Zii/N4/ehxPXnKE69LcBOrvXKCvd0igC1wteJJlGAQmjjQdL36+sm0M+9G1QY/b0e1Dto4bpdwZKTYba6kaL8LT2FGO7WgCy/WPiEm8z2/0P4pRdYXtKU8BprPj5jN+qaqlWF5c4ZbLndBAAFZYLmEe1j2z4wmS8/g2EM6jHMWRePLYdB022F2uMTJizX2baFO68UnAO7YJGE43TI3D8XLTsPbhmfrKjbmMT5lRa1bRBpyMWFAOqGQYhX0DXNLAOMVjrqsKaLgKZxXTtuHEYXZLPKehQoJWSpm+9a8jtoLdyC85n0YTMAHv3r34xlqDOvNdrTSyJD7rRqsn6uVd1cPo+/hRZ0QEiGU43ALZf78pV7xNVZ3cOiUQi0Tbwuiz/gPcaJGeiNVC8oCGcJVPFre8lGOx+xUmLNPz0s+oDIVurPqoTd1EykzI99OtKyYInkx7qMeJ7Sb8cnYAnBDKSSdD0DsP6xGrssEVp/TxBR9Y97ZCnUoOEswIK/KHwIrwNKsU7WlbKCTvgc8tZUfUhgnRHzn/KCbZ1GEUrqmRq4BDnzLvNtKBhqQnR9MbOiFMuXNF2lUovwS5T56vuhnV9110qoXx4ynhj4B/QlGWpw2slTC7JiyMIxuBmZmETWainuD8dlO2riPx0D93pL8/skmWTVXMTIMFQdJGJePPf+k1y4Q0a72lxEnQOIWXVZDJUq93TQKnmJFM/Fjkydgf3ouqvDZ+H/S/lQHMHQeF0i/NebgUZXxflKWQpbTuw2i4ggkPoZY8ZLkV7VjYiOnDbtLqN3V8f4viCbSqlQauES9M1Dny8IL3jl5I0DJf7MOP/oKwGHcgWo0QHLGfX/qEdwxGlT8ctobDCsMdiKmQAo9Oq8EMH6CF+Y/cdnzTJQgdqu+qLlWQoZBhBz0MegYI07niBmcHUKK4CGEcVr1ZgrfTMuaL5Z3LJ3CZxbWPaddaFk1408cGTr7/h6cyc8d7jFU0sNgzL65kIBGZilwOECXBLthP2g+HmNkChqGwKOCM9f9jLTM29NS1+SjMZkaVpzsbbswqVhT/YcOrWvxPaQCZkSzDu5hl+FE/UJEv8aR14EUMWtZpFFpbWAwpUbPeVojA6IvSkHafy9lZBPXfPG+9B578tnDJnagHF8+QGzmyOKJvrRgEPvLTByemJqwgzxBg9KuUBSy7jXxjsMp3zhH1O2/aozyMMf1J3nxDxgIudMWYvoz0Sx69VABmMDzXYoc5y1y2cyq4UbE5cS6DRQcKCEeKmx4MYX+0Hl4eWcdHjmHePgB5LIJapoBtun/4o9w7d7d3SOQ/IUgaoQhijZ3UqK7oXPDEl/mEJ21GgV0vmtN33J71NWOt1M9MnGXOnme5wQ68e81bfRWBTJLeRZJtLGIZK/GmAwElc83EW66gIOv94y9NaHNvQKPkuBscjP1bYepcQnnj0K4vo3UNpLMChyuMx7b3mPWTeg3zgTfRv84mjtc7nrqQF9xPPVUolrxldAUgV4Iu9NDQqIRox99lKYEEHTzDX8ATbp+KJazA5lPYtVwZdYOJ1rmJlEn0ezzppOtnv9bW2sUfYDH8pOgzHgwleei3kuUu0x1U/5ujMCO/cm+ajOAZteH3F3FsAzNqiF2kBTp6ZuKWmWF5K9Y1,iv:4vTey4Dw05LWusi9xyWo/nb9O4yWdvn3qlYbfSbn8f4=,tag:kMVj6iqDAXhiRfuHNNCULQ==,type:str] +sunshine-cacert: ENC[AES256_GCM,data:jSCBbWzUs+Euck/ybsSxeqUCbi5rLBipKSjPKXzFjJZ3QvHJMqQ05ienYoZUMvXN3cqdjtPyUGsfu++J25ztAkzVIi5EKOg++SCWkAjriIlPlgfKNuUxihrmshaj/BZg5/TBBa/kzBw9G/CEQ2kbL8QbzVxcx7bTFj/hj8F6UpsPKQcq5+VcbrGfj5SueF5kstl1PrLB8WciN02LtCbSYz3K6YwZNJJgpIHEEa2H+xcdBjajpxHzwshJpWGK8Ob8p8vRtSDesXffrN0nffe6b8X11x6SsOHtWX/Wrh4IKsgZd63R2rEYN/nDdaNsPTinT3vfPh7JRar6IbHVp5qAo2aywI1pEQy9leDqSO0V4/y+udsBbUiOoSW2e9Do1O+49PUroYhRS1eAHEGLHiApg1dleuXclhKv1VLumLNj4MCiTwomPbj9PXLMswZkJ3Nlk5QwHH3eUMx18zRplUsgA69jscOLeupDe1jKUx8OKOAiBEUEBoGSG8Yv8GrSL7fdLx63OFa0wDmE3lNWWIAuTDCe/y6qbfLYcE9IVt2Pm0ADjuN2kxkgTM6n/YdCrVMrot14QxI2cCBcsOYQOVSWNEQ0gTmMdNiDPUiImFbTJ7oo3KhMsvF9gbDma//9apk5+YP2JQCqbwBl6ZxuDY32Yzu7TADSpHK3Ib9YsI9/7bf47jIFxVKGIaxTPrXxfzoTaE3hK61YQyDRPCBSvgg8PAZRWZG1eKSwIZMq5MqC3rJz52XifbfQ3bTIpQX3J2bZ/T24Ic7GiIkk6EgBFlAiMUzm2YSC/DqCxg7G3eimNiv24XJD0QIHpRHJrAfgVOInfgbqE1q1Ay3zpNRLlNi9uinIQ4gwgi8AsgWK050kYAk2KeIa4LMlvI8Di/vFHzHnDIPjjBFjPAwMGLIq+xRoYjqI7nZz1U2yaEAxauir0/m5Lxg8RgptCqArD047TeHgYZGSYQodJ+Xere+4abc70bxHVaG+ehG94PS4vy7rNg5DgV5Xz0XaSRLBevjYgMoDR1D/LHjGKve/cL9dQxrBkMG2+JrXw8C7fIOHgVA/Uj22FAvRwtJZubRtG4158TsAM+2O7qK/HVg/fUFNZ9ONA69pD3e4mNGBY0fDko3npME7VmFi9KN9tHWgcD1+sMfxavQvnizJquv5zfg4qW00WukmmjKBiWQUyb+RNfJBwuL8NPmCANRDLnOELqoI1iFMovZM6ERNR7CFyrTxi0WF5lLvDBiKSidI1TWre8YvZ/cHf62xvC139LPszNJRSlHisSHy7UwjnR6wFmsrkE3G4XOJYlk7Dra2uruDA5BZQV4EpftWh5BJOD3xHYghhAoyKq++/iYHTN9ubrDEcNewOg+4hogTqtkIXQc8LMO9,iv:Kku8jh+M3J/3IMFCA+Zw6fqfNlAJ2uPQsRR3WjmGdvQ=,tag:apNqFguaLQWpM4CZD2r5Lw==,type:str] +sops: + age: + - recipient: age1pvkuvcc38pke3euzsjzpgp6s6v3jykug2e69rplytdy7gxntm5jsraxhvp + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2cVc1b2xCL3R4SjdwZnhN + MG5QTzgvbmMwQnV2d3ZyaU5qOVFXS0pqL21JCnN2VWg1aFI5dXFIRHpZVGFKenpE + RUJja09odmhmeVp3aHlqTUgwd0xZamsKLS0tIE9aekVBRjhLZzVJU1NTVU4xVEV5 + U2c0YzlXdlFiNDFyYXlac3g4UnRMajQKtFu3UUQmJ4ky9hqMTQ8kpHfnpn8k73d5 + nCZxzBBmkoELHo+IQgZ671UJVHyU9YlZBdnby7Yv0HJklgu/ClByVg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1n25te92l6p52zpujz72r0qqwmhx3qa2d2sw739h7sd50pj4ktums92gqzs + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxdityNVhTdkVZZVk2MS82 + ckRmREhlU0Z3b0lJcExYSExuS3dqSWJ3YkNVClNGeDdncmZNSHIrd3U3Y3drOEFv + d1RCaW8ycGUrR0xEQ3h0VVFjU1RId00KLS0tIHRpTEU0cG8xSEJ0M2Q5a2tBNU9P + azE5WmsxcEdKNzBmN3lEOC9LZnlIaEUKvTOnDeKmteqGhDzLhXyxVzkP9qBHSJnQ + 2I7Tu77qBvjtcD7G7r+ldVT9KGdWiwdQQeH9PCqN+WxYXtZ2rRWqPg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-07-04T21:45:11Z" + mac: ENC[AES256_GCM,data:gwP9rbeYB/Q3mYhrcq9mh+Q/2IRDvXcbRtNmVbQnBdV6HAVMFDh2yUQ5GU7vUYUfGx9M+Iu8gG/DSyLet3c2pi1fEeWDCTTU46GOkn5DL4PYmHwf4Mqhq+Tq7ag/Cwlz7EKKu67sJAqfm2EX+8xE4Nyxxs4SWrnpEceuk/FU85U=,iv:zAYbkoByoPYlROlzPpiOYkf7nAkt8dFbdqWbedBDIzs=,tag:7D7CHx9CXHzmX/cFcZTlKQ==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/secrets/users/vili.yaml b/secrets/users/vili.yaml deleted file mode 100644 index 0a47517..0000000 --- a/secrets/users/vili.yaml +++ /dev/null @@ -1,34 +0,0 @@ -vili-password: ENC[AES256_GCM,data:SG0UVgXOrbLJZ8dj1NeuBL0QulIeZRfoD5o/QF57avce7nxlU1RLnQfZe9fsW9IqnfiAQkYNcQ3B/m36VBy87DJosRVT0dcizg==,iv:536A1+NVuvg18uh+7oEEUYJ8PM+g62boNCKCUpg0GJo=,tag:J9YL+fdK4gE7g58nSgBRcw==,type:str] -sops: - age: - - recipient: age1pvkuvcc38pke3euzsjzpgp6s6v3jykug2e69rplytdy7gxntm5jsraxhvp - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2eUJjQWtrcGxEWnFZamRx - QTFhOTdmaGt3cEhSYThFMjlrbkV2WTdwcFdjCkJpdmNtUkRsM1pGQ000V0N4d0Nk - d0lLWmdWTytKTWtKbFNNYmpvSXRsd3MKLS0tIGY0MEI3TWlKZFkwQy9RUmNrSkVJ - MUVDUmladjJrZVZXS2MvKzJGUTZscVUKk510+IUsO4yq7ZH8aOvl+C0WzlYRGdzv - TzKXvPAZHI8BL+YMAjNj1gFNo9NK7jkklP8/0w7+ThrpHu6/IKzKZA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1xp02dggk2e6csvxg2q5nfts4tjhd05vthrcvvk2l67m3tgs3vugqshg24q - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaRGNBY2RHb1RCdTNRZjhL - UnlodVBYWHFjUFowK1dNWEdXWkZJN0luUFhnCitSa05TSEY2NW9MM3dIQmRpOG9p - OVovcGxXT3UzMStXQ1FkNGJRTEZnaEUKLS0tIGcxYlFhRlR1Y1ZnOWlIMlh4bmwy - dUlnN2RKRmxQamxjV0VoTFA5V1NEMUEKctraZulYSWKoUAy/47uq5s24obqQHvNZ - dxGaVmjZpPmNyUw7UcamRTdbdPHi4u2F5VmEPBK9YroDWryrL4k73A== - -----END AGE ENCRYPTED FILE----- - - recipient: age1yrfr0q72nqa842t0mzckeemfww28qzcd3wqmrd8mvzwvgpzssvlq9ruzlk - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKQVFab0lTalV5MFI2dUY2 - a0h2SlBLTWhXVGtPY01LMTloRUtUNytrVFdJCnVjQnphYzRSQ1p1WjB2dS90c29J - bFZkNnF6a2xiWlhTdHA1K0xKbGFNb0UKLS0tIGFlWHlSaUkrMXh1RjNaMzNUYm9F - U1VaZERTNndxc1hVbm04eDVzdW9Wa28KqO3N6dMLny3liCEc5Rh3+jjw56ghajTj - u5n33jEko8u+Li9v7nHAVqdzw9WDrPdwJz00xc4tGYewRHW+s16qxg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-06-21T12:17:55Z" - mac: ENC[AES256_GCM,data:iHPaSftY2MFHgg+426dlTtTPWbL3AO84ND1CHViJ81bUm9CYTKlLGU23ocKVJRzPy85BhOGh2R4uURP1dvQ3BiFWGK3B2t8xtg1vTz5jSgQkvWr5RRiDLOvHWb4cT4O5cI8MHkLtYAl1ungdZj+uCIIw9unzDD+HpjlOlCaf8C0=,iv:HFZfxCBQEB0G7oalRkNFykeJ3+9xssUJN5oB/j1Z3xI=,tag:PabtyU0ZvSRWlmz7y35uMA==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.2 diff --git a/servers/gaming-server.nix b/servers/gaming-server.nix index fc637c3..a1f8887 100644 --- a/servers/gaming-server.nix +++ b/servers/gaming-server.nix @@ -1,33 +1,56 @@ -{ pkgs, ... }: +{ config, pkgs, ... }: { - systemd.tmpfiles.settings."vili-home"."/home/vili".d = { - user = "vili"; - group = "users"; - mode = "0700"; + systemd.tmpfiles.settings."vili-home" = { + "/home/vili".d = { + user = "vili"; + group = "users"; + mode = "0700"; + }; + "/home/vili/.local".d = { + user = "vili"; + group = "users"; + mode = "0755"; + }; + "/home/vili/.local/share".d = { + user = "vili"; + group = "users"; + mode = "0755"; + }; }; environment.persistence."/persist" = { users.vili = { directories = [ { - directory = ".parsec"; - mode = "0755"; + directory = ".cache"; + mode = "u=rwx,g=rx,o=rx"; } { - directory = ".parsec-persistent"; - mode = "0755"; - } - { - directory = ".config/sunshine"; - mode = "0755"; + directory = ".local/share/feral-interactive"; + mode = "u=rwx,g=rx,o=rx"; } ".local/share/Steam" + { + directory = ".local/share/vulkan"; + mode = "u=rwx,g=rx,o=rx"; + } ]; }; }; - environment.systemPackages = with pkgs; [ - parsec-bin - ]; + sops.secrets = { + sunshine-state = { + sopsFile = ../secrets/gaming.yaml; + owner = config.users.users."vili".name; + }; + sunshine-cakey = { + sopsFile = ../secrets/gaming.yaml; + owner = config.users.users."vili".name; + }; + sunshine-cacert = { + sopsFile = ../secrets/gaming.yaml; + owner = config.users.users."vili".name; + }; + }; programs.steam = { enable = true; @@ -38,6 +61,25 @@ enable = true; autoStart = true; openFirewall = true; + settings = { + sunshine_name = "NixOS"; + address_family = "both"; + credentials_file = config.sops.secrets.sunshine-state.path; + pkey = config.sops.secrets.sunshine-cakey.path; + cert = config.sops.secrets.sunshine-cacert.path; + file_state = config.sops.secrets.sunshine-state.path; + }; + applications = { + env = { + PATH = "$(PATH):$(HOME)/.local/bin"; + }; + apps = [ + { + name = "Desktop"; + image-path = "desktop.png"; + } + ]; + }; }; } diff --git a/shared/users/vili.nix b/shared/users/vili.nix index 4441e8c..4d398b5 100644 --- a/shared/users/vili.nix +++ b/shared/users/vili.nix @@ -1,9 +1,17 @@ { config, lib, ... }: { - sops.secrets.vili-password = { - sopsFile = ../../secrets/${config.networking.hostName}/vili.yaml; - neededForUsers = true; - }; + sops.secrets = + lib.mkIf + (builtins.elem config.networking.hostName [ + "helium" + "lithium" + ]) + { + vili-password = { + sopsFile = ../../secrets/${config.networking.hostName}/vili.yaml; + neededForUsers = true; + }; + }; users.users.vili = { isNormalUser = true; @@ -16,7 +24,11 @@ "audio" ]; openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys; - hashedPasswordFile = lib.mkDefault config.sops.secrets.vili-password.path; + hashedPasswordFile = + if builtins.hasAttr "vili-password" config.sops.secrets then + config.sops.secrets.vili-password.path + else + null; }; users.groups.vili.gid = 1000;