Eclypsed/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Eclypsed:f4b3ac54ef6d7db78df4946a56e228bdbac3cd6f
Branches Tags
Eclypsed:main Eclypsed:demo
..
compare: Eclypsed:main
Branches Tags
Eclypsed:main Eclypsed:demo

4 Commits
f4b3ac54ef ... main

Author SHA1 Message Date
Eclypsed
35fd66ce80 Updated waybar with hyprpicker widget 2025-12-21 22:31:19 -05:00
Eclypsed
71d2a9c177 Added hardware profiles for nvidia && intel 2025-12-21 22:29:59 -05:00
Eclypsed
a2034dc4f2 Updated Hyprlock 2025-12-21 15:07:26 -05:00
Eclypsed
388af355bb Added agenix-rekey 2025-12-21 00:36:01 -05:00
23 changed files with 386 additions and 121 deletions
Expand all files Collapse all files

169
flake.lock generated
View File

@@ -23,6 +23,30 @@
"type": "github" "type": "github"
} }
}, },
"agenix-rekey": {
"inputs": {
"devshell": "devshell",
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1759699908,
"narHash": "sha256-kYVGY8sAfqwpNch706Fy2+/b+xbtfidhXSnzvthAhIQ=",
"owner": "oddlama",
"repo": "agenix-rekey",
"rev": "42362b12f59978aabf3ec3334834ce2f3662013d",
"type": "github"
},
"original": {
"owner": "oddlama",
"repo": "agenix-rekey",
"type": "github"
}
},
"aquamarine": { "aquamarine": {
"inputs": { "inputs": {
"hyprutils": [ "hyprutils": [
@@ -146,6 +170,27 @@
"type": "github" "type": "github"
} }
}, },
"devshell": {
"inputs": {
"nixpkgs": [
"agenix-rekey",
"nixpkgs"
]
},
"locked": {
"lastModified": 1728330715,
"narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
"owner": "numtide",
"repo": "devshell",
"rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"elephant": { "elephant": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -184,6 +229,22 @@
} }
}, },
"flake-compat": { "flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1747046372, "lastModified": 1747046372,
@@ -199,7 +260,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_2": { "flake-compat_3": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1751685974, "lastModified": 1751685974,
@@ -216,6 +277,27 @@
} }
}, },
"flake-parts": { "flake-parts": {
"inputs": {
"nixpkgs-lib": [
"agenix-rekey",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
@@ -233,7 +315,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_2": { "flake-parts_3": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"nur", "nur",
@@ -254,7 +336,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_3": { "flake-parts_4": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"nvf", "nvf",
@@ -275,7 +357,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_4": { "flake-parts_5": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"stylix", "stylix",
@@ -331,6 +413,28 @@
} }
}, },
"gitignore": { "gitignore": {
"inputs": {
"nixpkgs": [
"agenix-rekey",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"hyprland", "hyprland",
@@ -500,7 +604,7 @@
"hyprutils": "hyprutils", "hyprutils": "hyprutils",
"hyprwayland-scanner": "hyprwayland-scanner_2", "hyprwayland-scanner": "hyprwayland-scanner_2",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"pre-commit-hooks": "pre-commit-hooks", "pre-commit-hooks": "pre-commit-hooks_2",
"systems": "systems_4", "systems": "systems_4",
"xdph": "xdph" "xdph": "xdph"
}, },
@@ -743,7 +847,7 @@
}, },
"mango": { "mango": {
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
"scenefx": "scenefx" "scenefx": "scenefx"
}, },
@@ -889,7 +993,7 @@
}, },
"nur": { "nur": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_3",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
@@ -935,8 +1039,8 @@
}, },
"nvf": { "nvf": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_3",
"flake-parts": "flake-parts_3", "flake-parts": "flake-parts_4",
"mnw": "mnw", "mnw": "mnw",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
@@ -984,6 +1088,29 @@
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"gitignore": "gitignore", "gitignore": "gitignore",
"nixpkgs": [
"agenix-rekey",
"nixpkgs"
]
},
"locked": {
"lastModified": 1735882644,
"narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "a5a961387e75ae44cc20f0a57ae463da5e959656",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"pre-commit-hooks_2": {
"inputs": {
"flake-compat": "flake-compat_2",
"gitignore": "gitignore_2",
"nixpkgs": [ "nixpkgs": [
"hyprland", "hyprland",
"nixpkgs" "nixpkgs"
@@ -1006,6 +1133,7 @@
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"agenix-rekey": "agenix-rekey",
"elephant": "elephant", "elephant": "elephant",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"hyprdynamicmonitors": "hyprdynamicmonitors", "hyprdynamicmonitors": "hyprdynamicmonitors",
@@ -1069,7 +1197,7 @@
"base16-helix": "base16-helix", "base16-helix": "base16-helix",
"base16-vim": "base16-vim", "base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme", "firefox-gnome-theme": "firefox-gnome-theme",
"flake-parts": "flake-parts_4", "flake-parts": "flake-parts_5",
"gnome-shell": "gnome-shell", "gnome-shell": "gnome-shell",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
@@ -1282,6 +1410,27 @@
"type": "github" "type": "github"
} }
}, },
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"agenix-rekey",
"nixpkgs"
]
},
"locked": {
"lastModified": 1735135567,
"narHash": "sha256-8T3K5amndEavxnludPyfj3Z1IkcFdRpR23q+T0BVeZE=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "9e09d30a644c57257715902efbb3adc56c79cf28",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"walker": { "walker": {
"inputs": { "inputs": {
"elephant": [ "elephant": [

19
flake.nix
View File

@@ -21,6 +21,11 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
agenix-rekey = {
url = "github:oddlama/agenix-rekey";
inputs.nixpkgs.follows = "nixpkgs";
};
nvf = { nvf = {
url = "github:notashelf/nvf"; url = "github:notashelf/nvf";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@@ -60,7 +65,12 @@
}; };
outputs = outputs =
{ nixpkgs, ... }@inputs: {
self,
nixpkgs,
agenix-rekey,
...
}@inputs:
{ {
nixosConfigurations.vanta = nixpkgs.lib.nixosSystem { nixosConfigurations.vanta = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
@@ -68,11 +78,18 @@
inherit inputs; inherit inputs;
host = "vanta"; host = "vanta";
wallpaper = "twilight-village.png"; wallpaper = "twilight-village.png";
# Host public SSH key (e.g. /etc/ssh/ssh_host_ed25519_key.pub).
hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaDVBJdMDFL8r9NQCbaLe+DPHGhGzRv2N7+7m1/U8DP";
}; };
modules = [ modules = [
./modules/system ./modules/system
./hosts/vanta ./hosts/vanta
]; ];
}; };
agenix-rekey = agenix-rekey.configure {
userFlake = self;
nixosConfigurations = self.nixosConfigurations;
};
}; };
} }

1
hosts/vanta/default.nix
View File

@@ -6,5 +6,6 @@
imports = [ imports = [
inputs.nixos-hardware.nixosModules.framework-12th-gen-intel inputs.nixos-hardware.nixosModules.framework-12th-gen-intel
./hardware-configuration.nix ./hardware-configuration.nix
../../profiles/intel.nix
]; ];
} }

1
modules/home/hypr/hyprland.nix
View File

@@ -7,6 +7,7 @@
{ {
home.packages = with pkgs; [ home.packages = with pkgs; [
hyprpolkitagent hyprpolkitagent
hyprpicker
]; ];
# xdg.configFile."uwsm/env".source = # xdg.configFile."uwsm/env".source =

124
modules/home/hypr/hyprlock.nix
View File

@@ -3,106 +3,104 @@
wallpaper, wallpaper,
... ...
}: }:
let
primary-monitor = "eDP-1";
text-color = "rgba(${config.lib.stylix.colors.base0F}FF)";
entry-background-color = "rgba(${config.lib.stylix.colors.base0F}11)";
entry-border-color = "rgba(${config.lib.stylix.colors.base0F}55)";
font-family = "Rubik Light";
in
{ {
programs.hyprlock = { programs.hyprlock = {
enable = true; enable = true;
settings = { settings = with config.lib.stylix.colors; {
general = { general = {
hide_cursor = true; hide_cursor = true;
}; };
background = [ background = [
{ {
path = "${config.xdg.userDirs.extraConfig.XDG_WALLPAPERS_DIR}/${wallpaper}"; path = "${config.xdg.userDirs.extraConfig.XDG_WALLPAPERS_DIR}/${wallpaper}";
blur_size = 4;
blur_passes = 3; blur_passes = 3;
} }
]; ];
input-field = [ input-field = [
{ rec {
monitor = primary-monitor;
size = "250, 50"; size = "250, 50";
outline_thickness = 2; outline_thickness = 3;
dots_size = 0.1; dots_size = 0.25;
dots_spacing = 0.3; dots_spacing = 0.4;
outer_color = entry-border-color; outer_color = "rgba(${base0F}55)";
inner_color = entry-background-color; capslock_color = outer_color;
font_color = text-color; numlock_color = outer_color;
bothlock_color = outer_color;
inner_color = "rgba(${base0F}11)";
font_color = "rgba(${base0F}ff)";
fade_on_empty = true; fade_on_empty = true;
placeholder_text = "<i>Password...</i>";
position = "0, 20"; position = "0, -60";
halign = "center"; halign = "center";
valign = "center"; valign = "center";
} }
]; ];
label = [ label = [
# Hours
{ {
# Caps Lock Warning text = "cmd[update:1000] echo \"<b><big> $(date +\"%H\") </big></b>\"";
monitor = primary-monitor; color = "rgb(${base0F})";
text = "cmd[update:250] check-capslock"; font_size = 112;
color = text-color; font_family = "GeistMono Nerd Font";
font_size = 13; position = "0, 350";
font_family = font-family;
position = "0, -25";
halign = "center"; halign = "center";
valign = "center"; valign = "center";
} }
{
# Clock
monitor = primary-monitor;
text = "$TIME";
color = text-color;
font_size = 65;
font_family = font-family;
position = "0, 300"; # Minutes
{
text = "cmd[update:1000] echo \"<b><big> $(date +\"%M\") </big></b>\"";
color = "rgb(${base0F})";
font_size = 112;
font_family = "GeistMono Nerd Font";
position = "0, 220";
halign = "center"; halign = "center";
valign = "center"; valign = "center";
} }
{
# Date
monitor = primary-monitor;
text = "cmd[update:5000] date +\"%A, %B %d\"";
color = text-color;
font_size = 17;
font_family = font-family;
position = "0, 240"; # Day of the Week
{
text = "cmd[update:18000000] echo \"<b><big> \"$(date +'%A')\" </big></b>\"";
color = "rgb(${base0F})";
font_size = 22;
font_family = "JetBrainsMono Nerd Font";
position = "0, 115";
halign = "center"; halign = "center";
valign = "center"; valign = "center";
} }
# Date
{ {
# User text = "cmd[update:18000000] echo \"<b> \"$(date +'%d %b')\" </b>\"";
monitor = primary-monitor; color = "rgb(${base0F})";
text = " $USER"; font_size = 18;
color = text-color; font_family = "JetBrainsMono Nerd Font";
outline_thickness = 2; position = "0, 85";
dots_size = 0.2; # Scale of input-field height, 0.2 - 0.8 halign = "center";
dots_spacing = 0.2; # Scale of dots' absolute size, 0.0 - 1.0 valign = "center";
dots_center = true; }
font_size = 20;
font_family = font-family; # Temperature
position = "0, 50"; {
text = "cmd[update:18000000] echo \"<b>Feels like<big> $(curl -s 'wttr.in?format=%t' | tr -d '+') </big></b>\"";
color = "rgb(${base0F})";
font_size = 18;
font_family = "GeistMono Nerd Font";
position = "0, 40";
halign = "center"; halign = "center";
valign = "bottom"; valign = "bottom";
} }
{
# Status
monitor = primary-monitor;
text = "cmd[update:5000] hyprlock-status";
color = text-color;
font_size = 14;
font_family = font-family;
position = "30, -30"; # Caps Lock Warning
halign = "left"; {
valign = "top"; text = "cmd[update:250] check-capslock";
color = "rgb(${base0F})";
font_size = 13;
font_family = "JetBrainsMono Nerd Font";
position = "0, -120";
halign = "center";
valign = "center";
} }
]; ];
}; };

1
modules/home/packages.nix
View File

@@ -10,6 +10,7 @@
sqlitebrowser sqlitebrowser
drawio drawio
check-capslock check-capslock
wl-clipboard-rs
# Libre Office # Libre Office
libreoffice-qt libreoffice-qt

23
modules/home/waybar/default.nix
View File

@@ -1,13 +1,6 @@
{ {
... ...
}: }:
let
separator_blank = {
format = "";
interval = "once";
tooltip = false;
};
in
{ {
programs.waybar = { programs.waybar = {
enable = true; enable = true;
@@ -20,7 +13,7 @@ in
margin-right = 10; margin-right = 10;
margin-top = 5; margin-top = 5;
fixed-center = true; fixed-center = true;
reload_style_on_change = true; reload_style_on_change = false;
"hyprland/workspaces" = import ./modules/hyprland-workspaces.nix { }; "hyprland/workspaces" = import ./modules/hyprland-workspaces.nix { };
"custom/menu" = import ./modules/menu.nix { }; "custom/menu" = import ./modules/menu.nix { };
@@ -38,12 +31,19 @@ in
"battery" = import ./modules/battery.nix { full-at = 80; }; # Change this to come from the TLP setting "battery" = import ./modules/battery.nix { full-at = 80; }; # Change this to come from the TLP setting
"clock" = import ./modules/clock.nix { }; "clock" = import ./modules/clock.nix { };
"custom/power" = import ./modules/power.nix { }; "custom/power" = import ./modules/power.nix { };
"custom/separator#blank" = separator_blank; "custom/hyprpicker" = import ./modules/hyprpicker.nix { };
"custom/separator#blank" = {
format = "";
interval = "once";
tooltip = false;
};
modules-left = [ modules-left = [
"custom/menu" "custom/menu"
"custom/separator#blank" "custom/separator#blank"
"clock" "clock"
"custom/separator#blank"
"custom/hyprpicker"
]; ];
modules-center = [ modules-center = [
@@ -57,6 +57,8 @@ in
"custom/separator#blank" "custom/separator#blank"
"wireplumber" "wireplumber"
"custom/separator#blank" "custom/separator#blank"
"battery"
"custom/separator#blank"
"custom/power" "custom/power"
]; ];
@@ -71,7 +73,6 @@ in
}; };
} }
]; ];
# style = ./style.css;
style = '' style = ''
@define-color base00 #192435; /* Darkest background (night sky / deep shadows) */ @define-color base00 #192435; /* Darkest background (night sky / deep shadows) */
@define-color base01 #243449; /* Slightly lighter background */ @define-color base01 #243449; /* Slightly lighter background */
@@ -131,7 +132,9 @@ in
} }
#wireplumber, #wireplumber,
#battery,
#custom-power, #custom-power,
#custom-hyprpicker,
#clock { #clock {
color: @base05; color: @base05;
} }

2
modules/home/waybar/modules/battery.nix
View File

@@ -13,7 +13,7 @@
format = "{icon} {capacity}%"; format = "{icon} {capacity}%";
format-charging = " {capacity}%"; format-charging = " {capacity}%";
format-plugged = "󱘖 {capacity}%"; format-plugged = "󱘖 {capacity}%";
format-full = "{icon} Full"; format-full = "{icon} {capacity}%";
format-icons = [ format-icons = [
"󰂎" "󰂎"
"󰁺" "󰁺"

7
modules/home/waybar/modules/hyprpicker.nix Normal file
View File

@@ -0,0 +1,7 @@
{
...
}:
{
format = "󰏘";
on-click = "hyprpicker | tr -d '\\n' | wl-copy";
}

32
modules/system/agenix.nix
View File

@@ -1,20 +1,42 @@
{ {
inputs, inputs,
config,
pkgs, pkgs,
lib,
host,
hostPubkey ? null,
... ...
}: }:
{ {
imports = [ imports = [
inputs.agenix.nixosModules.default inputs.agenix.nixosModules.default
inputs.agenix-rekey.nixosModules.default
]; ];
environment.systemPackages = [ environment.systemPackages = [
inputs.agenix.packages.${pkgs.stdenv.hostPlatform.system}.default # CLI Tool # agenix-rekey's CLI tool replaces standard agenix's
inputs.agenix-rekey.packages.${pkgs.stdenv.hostPlatform.system}.default
]; ];
age.secrets = { age = {
tailscale-auth.file = ../../secrets/tailscale-auth.age; # Need to explicitly set identity paths because OpenSSH daemon is disabled
eclypsecloud-eclypse.file = ../../secrets/eclypsecloud-eclypse.age; # but the host keys are still generated via services.openssh.generateHostKeys = true
eclypse-password.file = ../../secrets/eclypse-password.age; identityPaths = map (key: key.path) config.services.openssh.hostKeys;
rekey = {
masterIdentities = [ "${inputs.self}/secrets/age-yubikey-identity-d9ed335b.pub" ];
storageMode = "local";
localStorageDir = ../../. + "/secrets/rekeyed/${host}";
}
# We only set the hostPubkey if one is supplied. For new hosts the pub key will not
# exist until it is generated after the first rebuild. Runtime decryption will fail
# but then the ssh host key will be generated in /etc/ssh and can be supplied
// lib.optionalAttrs (hostPubkey != null) {
inherit hostPubkey;
};
secrets = {
tailscale-auth.rekeyFile = ../../secrets/tailscale-auth.age;
eclypsecloud-eclypse.rekeyFile = ../../secrets/eclypsecloud-eclypse.age;
eclypse-password.rekeyFile = ../../secrets/eclypse-password.age;
};
}; };
} }

1
modules/system/fonts.nix
View File

@@ -10,6 +10,7 @@
nerd-fonts.fira-code nerd-fonts.fira-code
nerd-fonts.jetbrains-mono nerd-fonts.jetbrains-mono
nerd-fonts.symbols-only nerd-fonts.symbols-only
nerd-fonts.geist-mono
rubik rubik
]; ];
}; };

5
modules/system/security.nix
View File

@@ -1,4 +1,5 @@
{ {
pkgs,
... ...
}: }:
{ {
@@ -7,6 +8,10 @@
yubikey-touch-detector.enable = true; yubikey-touch-detector.enable = true;
}; };
environment.systemPackages = with pkgs; [
age-plugin-yubikey
];
services = { services = {
yubikey-agent.enable = true; yubikey-agent.enable = true;
}; };

10
modules/system/services.nix
View File

@@ -52,14 +52,10 @@
upower.enable = true; upower.enable = true;
# Enable the OpenSSH daemon. (Look into Fail2Ban in the future) # Disable SSH daemon but generate host keys anyway for secret rekeying
openssh = { openssh = {
enable = true; enable = false;
settings = { generateHostKeys = true;
PasswordAuthentication = false;
PermitRootLogin = "prohibit-password";
AllowUsers = [ "eclypse" ];
};
}; };
system76-scheduler.settings.cfsProfiles.enable = true; system76-scheduler.settings.cfsProfiles.enable = true;

17
profiles/intel.nix Normal file
View File

@@ -0,0 +1,17 @@
{
pkgs,
...
}:
{
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
intel-ocl
intel-vaapi-driver
vpl-gpu-rt
libvdpau-va-gl
libva-vdpau-driver
];
};
}

42
profiles/nvidia.nix Normal file
View File

@@ -0,0 +1,42 @@
{
config,
...
}:
{
# Enable OpenGL
hardware.graphics.enable = true;
# Load nvidia driver for Xorg and Wayland
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = true;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the Nvidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 513.43.04+
open = false;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
}

7
secrets/age-yubikey-identity-d9ed335b.pub Normal file
View File

@@ -0,0 +1,7 @@
# Serial: 27501992, Slot: 1
# Name: agenix-rekey-alpha
# Created: Sat, 20 Dec 2025 06:01:41 +0000
# PIN policy: Once (A PIN is required once per session, if set)
# Touch policy: Always (A physical touch is required for every decryption)
# Recipient: age1yubikey1qvq48l020xg9xtt5epdpnzp3kvkm2vvc57357p58pyfq557a8q8hv84c82e
AGE-PLUGIN-YUBIKEY-14ZJ6XQVZM8KNXKCT2PKLW

BIN
secrets/eclypse-password.age
View File

Binary file not shown.

BIN
secrets/eclypsecloud-eclypse.age
View File

Binary file not shown.

8
secrets/rekeyed/vanta/40b96312f0efd258467853db2ff842cb-tailscale-auth.age Normal file
View File

@@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 7p4RPw HgBYYM/VqZ4KN4V4TrGmk86wPRhDgM+VaXfa3VlODRM
OdM//HvJTzB7/jw+c+6euiYz9ptUf/z22tzJSgxTD+w
-> B%P@9-grease
Zgr76aiZDhCWBdnbxoOptAfEuM1RWw1bN4rsUCec4VP0cDN856bCtaQjnWWbSTvv
YPHtmw
--- obv+bg63dTlnoke3tQdkAizcAqsYG2sUjYBZrhGZG68
(2<><04>$<24>Y@<40><>i<EFBFBD>7<EFBFBD>j<EFBFBD><02><>ar<61>7<EFBFBD>X$U<><0E>~<7E><>|<7C><>'<14><><EFBFBD>oo`<60><><EFBFBD><EFBFBD><11>DƆ{<7B>#<23>%<25><<m<>O)V<><56>2C<17><!<21>e<EFBFBD>ݺ(24<01><05><>~<7E><>

7
secrets/rekeyed/vanta/853ffda11ae0836ce38bb5da13840b31-eclypse-password.age Normal file
View File

@@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 7p4RPw FdmJ1odfweTU4HWPTeWuEcoIUq1V4ke28BWmlNNdNHg
9qi5QQHociRgSzZ97HifRDf+/Hh0cCZJzFsobpP1cpU
-> 4pq5-grease
yKZUs4lQM6BQgsyzMn3T1pvUt393/NvcRe7KwuTCDCU
--- N7NO5Ps2SG3SFNNnNNvYUSGgA0b5Dk7H6+x0rt6JtXA
Dl<EFBFBD>]e p<>(F0i3<<3C><><EFBFBD><EFBFBD><EFBFBD>Sm<53>E<7F>Eh<45><01><>S<EFBFBD>eX<><0F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>V$0<>Ŝ<EFBFBD><C59C><EFBFBD>c`<60><>%<25><><EFBFBD><EFBFBD><EFBFBD>Q<EFBFBD><51><EFBFBD><17>7&<26>X, <0B><>Lo<4C><6F>?QQ+<2B>~|%{<7B><><EFBFBD>-V<>%H<>):ց]Kx<4B><78>K<EFBFBD><4B>NX<4E><58>6<EFBFBD><36>ۦejO<><4F>#X<><58>

BIN
secrets/rekeyed/vanta/881aa01f75dfd34827ffdc11d7c11533-eclypsecloud-eclypse.age Normal file
View File

Binary file not shown.

19
secrets/secrets.nix
View File

@@ -1,19 +0,0 @@
# This file is NOT imported into the nix configuration, it is just for the agenix CLI
let
# System public ssh keys (/etc/ssh/)
vanta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaDVBJdMDFL8r9NQCbaLe+DPHGhGzRv2N7+7m1/U8DP";
in
{
# Tailscale auth key need to be up to date with a valid auth key in the tailscale
# dashboard. Single-use keys expire after a single machine connects, and even
# reusable keys expire after 90 days.
# Update tailscale-auth.age with `agenix -e tailscale-auth.age -i /path/to/private-ssh-key`
# Note: Only devices with the below public keys are allowed to edit tailscale-auth.age
"tailscale-auth.age".publicKeys = [ vanta ]; # Devices allowed to join the tailnet;
# Devices that can connect to EclypseCloud with the eclypse user.
"eclypsecloud-eclypse.age".publicKeys = [ vanta ];
# Devices that have the eclypse user
"eclypse-password.age".publicKeys = [ vanta ];
}

12
secrets/tailscale-auth.age
View File

@@ -1,6 +1,8 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 7p4RPw 7GuZj43+NoyPXf//ZLM99vossbJXOpDQSkBi3w51Wl8 -> piv-p256 2e0zWw ApoXPsP2VGfJnOt+dDk7DfssOkbM/3vkn4jwSfxD4UAj
FTMjlyml+T87LQffffY2AJL5IhTAJF2QlfFvhvZpvOs jtn4DCA/EyrTl9DW1hs84yd3RgVuDU77ggM218HiUdc
--- iONf8B3bUxXtCiv0EAv5QO0ZyhE5A6YfRbcxUr/awFg -> *E(-grease Ull1npy_ >F7 *?
<EFBFBD><0E><><EFBFBD>Tw<54><77>J`<60>~B IM+85AtRNlMrFgqk/uAG
<EFBFBD><11>;<3B>lOh<4F><68>{2<>?<3F><>P<EFBFBD><50>F>@m<>o<><6F>c<EFBFBD><1C>~X<>3<EFBFBD>@.g<0E>ھ<EFBFBD>eK<65><18>V7zphS<68><53>د6<D8AF><36>.W<><57>O@F  --- nxCTKF6R3E/qaTTgr7jZdz4ZLRE15NsJpyKHizEJnPw
<EFBFBD>><3E>"l<><6C><EFBFBD><14><>r<>sN<4E><7F>V*F<>I<7F>|<0E><>0X<30>8<EFBFBD><38>
<EFBFBD><EFBFBD> |P<><50><EFBFBD><1C>F<EFBFBD> <0C><>D<EFBFBD>\x<>Z<EFBFBD><5A>P<EFBFBD><50>]<5D>ʧ<EFBFBD>t-"n<>m<EFBFBD><6D><EFBFBD><EFBFBD><EFBFBD>&<26><>|<7C> %<25><><EFBFBD><EFBFBD><EFBFBD>