From 9c3a56c7cc19c42fad83a33855b7804eec4ba613 Mon Sep 17 00:00:00 2001 From: Christoph Schmatzler Date: Wed, 7 Jan 2026 21:01:24 +0000 Subject: [PATCH] calendar to derek --- .sops.yaml | 2 ++ flake.nix | 2 +- hosts/{tahani => derek}/calendar.nix | 2 +- hosts/derek/default.nix | 47 ++++++++++++++++++++++++++ hosts/derek/disk-config.nix | 37 ++++++++++++++++++++ hosts/derek/hardware-configuration.nix | 18 ++++++++++ hosts/derek/secrets.nix | 9 +++++ hosts/tahani/default.nix | 1 - hosts/tahani/secrets.nix | 7 +--- overlays/sonoscli.nix | 24 +++++++++++++ profiles/packages.nix | 4 ++- secrets/derek-icloud-password | 35 +++++++++++++++++++ secrets/tahani-icloud-password | 30 ---------------- 13 files changed, 178 insertions(+), 40 deletions(-) rename hosts/{tahani => derek}/calendar.nix (92%) create mode 100644 hosts/derek/default.nix create mode 100644 hosts/derek/disk-config.nix create mode 100644 hosts/derek/hardware-configuration.nix create mode 100644 hosts/derek/secrets.nix create mode 100644 overlays/sonoscli.nix create mode 100644 secrets/derek-icloud-password delete mode 100644 secrets/tahani-icloud-password diff --git a/.sops.yaml b/.sops.yaml index 3c7ef13..0651c2d 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -4,6 +4,7 @@ keys: - &host_mindy age1dqt3znmzcgghsjjzzax0pf0eyu95h0p7kaf5v988ysjv7fl7lumsatl048 - &host_jason age1ez6j3r5wdp0tjy7n5qzv5vfakdc2nh2zeu388zu7a80l0thv052syxq5e2 - &host_chidi age1tlymdmaukhwupzrhszspp26lgd8s64rw4vu9lwc7gsgrjm78095s9fe9l3 + - &host_derek age1h537hhl5qgew5sswjp7xf7d4j4aq0gg9s5flnr8twm2smnqyudhqmum8uy creation_rules: - path_regex: secrets/[^/]+$ key_groups: @@ -13,3 +14,4 @@ creation_rules: - *host_mindy - *host_jason - *host_chidi + - *host_derek diff --git a/flake.nix b/flake.nix index 8974fd6..ba9dfd4 100644 --- a/flake.nix +++ b/flake.nix @@ -46,7 +46,7 @@ inherit (constants) user; darwinHosts = ["chidi" "jason"]; - nixosHosts = ["michael" "tahani"]; + nixosHosts = ["derek" "michael" "tahani"]; overlays = import ./overlays {inherit inputs;}; nixpkgsConfig = hostPlatform: { diff --git a/hosts/tahani/calendar.nix b/hosts/derek/calendar.nix similarity index 92% rename from hosts/tahani/calendar.nix rename to hosts/derek/calendar.nix index 8749054..91b34d2 100644 --- a/hosts/tahani/calendar.nix +++ b/hosts/derek/calendar.nix @@ -25,7 +25,7 @@ type = "caldav"; url = "https://caldav.icloud.com/"; userName = "christoph@schmatzler.com"; - passwordCommand = ["cat" "/run/secrets/tahani-icloud-password"]; + passwordCommand = ["cat" "/run/secrets/derek-icloud-password"]; }; local = { diff --git a/hosts/derek/default.nix b/hosts/derek/default.nix new file mode 100644 index 0000000..1bf56e0 --- /dev/null +++ b/hosts/derek/default.nix @@ -0,0 +1,47 @@ +{ + inputs, + user, + hostname, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + (modulesPath + "/profiles/qemu-guest.nix") + ./disk-config.nix + ./hardware-configuration.nix + ./secrets.nix + ../../profiles/core.nix + ../../profiles/fail2ban.nix + ../../profiles/nixos.nix + ../../profiles/openssh.nix + ../../profiles/tailscale.nix + inputs.disko.nixosModules.disko + inputs.sops-nix.nixosModules.sops + ]; + + networking.hostName = hostname; + + home-manager.users.${user} = { + imports = [ + ../../profiles/bash.nix + ../../profiles/bat.nix + ../../profiles/direnv.nix + ../../profiles/eza.nix + ../../profiles/fish.nix + ../../profiles/fzf.nix + ../../profiles/git.nix + ../../profiles/home.nix + ../../profiles/jjui.nix + ../../profiles/jujutsu.nix + ../../profiles/lazygit.nix + ../../profiles/neovim + ../../profiles/ripgrep.nix + ../../profiles/ssh.nix + ../../profiles/starship.nix + ../../profiles/zoxide.nix + ./calendar.nix + inputs.nixvim.homeModules.nixvim + ]; + }; +} diff --git a/hosts/derek/disk-config.nix b/hosts/derek/disk-config.nix new file mode 100644 index 0000000..c851874 --- /dev/null +++ b/hosts/derek/disk-config.nix @@ -0,0 +1,37 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; + }; + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/derek/hardware-configuration.nix b/hosts/derek/hardware-configuration.nix new file mode 100644 index 0000000..e9ba45b --- /dev/null +++ b/hosts/derek/hardware-configuration.nix @@ -0,0 +1,18 @@ +{ + lib, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + + networking.useDHCP = lib.mkDefault true; +} diff --git a/hosts/derek/secrets.nix b/hosts/derek/secrets.nix new file mode 100644 index 0000000..fd0e7de --- /dev/null +++ b/hosts/derek/secrets.nix @@ -0,0 +1,9 @@ +{user, ...}: { + sops.secrets = { + derek-icloud-password = { + sopsFile = ../../secrets/derek-icloud-password; + format = "binary"; + owner = user; + }; + }; +} diff --git a/hosts/tahani/default.nix b/hosts/tahani/default.nix index d7b4c23..2be601a 100644 --- a/hosts/tahani/default.nix +++ b/hosts/tahani/default.nix @@ -43,7 +43,6 @@ ../../profiles/zk.nix ../../profiles/zoxide.nix ../../profiles/zsh.nix - ./calendar.nix inputs.nixvim.homeModules.nixvim ]; diff --git a/hosts/tahani/secrets.nix b/hosts/tahani/secrets.nix index e215524..1171210 100644 --- a/hosts/tahani/secrets.nix +++ b/hosts/tahani/secrets.nix @@ -1,13 +1,8 @@ -{user, ...}: { +{...}: { sops.secrets = { tahani-paperless-password = { sopsFile = ../../secrets/tahani-paperless-password; format = "binary"; }; - tahani-icloud-password = { - sopsFile = ../../secrets/tahani-icloud-password; - format = "binary"; - owner = user; - }; }; } diff --git a/overlays/sonoscli.nix b/overlays/sonoscli.nix new file mode 100644 index 0000000..f9c2447 --- /dev/null +++ b/overlays/sonoscli.nix @@ -0,0 +1,24 @@ +{inputs}: final: prev: { + sonoscli = prev.buildGoModule rec { + pname = "sonoscli"; + version = "0.1.0"; + + src = prev.fetchFromGitHub { + owner = "steipete"; + repo = "sonoscli"; + rev = "v${version}"; + hash = "sha256-9ouRJ0Rr+W5Kx9BltgW29Jo1Jq7Hb/un4XBkq+0in9o="; + }; + + vendorHash = "sha256-hocnLCzWN8srQcO3BMNkd2lt0m54Qe7sqAhUxVZlz1k="; + + subPackages = ["cmd/sonos"]; + + meta = with prev.lib; { + description = "Control SONOS speakers from your terminal"; + homepage = "https://github.com/steipete/sonoscli"; + license = licenses.mit; + mainProgram = "sonos"; + }; + }; +} diff --git a/profiles/packages.nix b/profiles/packages.nix index 865d334..cee2870 100644 --- a/profiles/packages.nix +++ b/profiles/packages.nix @@ -10,6 +10,7 @@ with pkgs; alejandra ast-grep bun + uv colmena delta devenv @@ -55,6 +56,7 @@ with pkgs; ] ++ lib.optionals stdenv.isLinux [ gcc15 - lm_sensors ghostty.terminfo + lm_sensors + sonoscli ] diff --git a/secrets/derek-icloud-password b/secrets/derek-icloud-password new file mode 100644 index 0000000..8ccb139 --- /dev/null +++ b/secrets/derek-icloud-password @@ -0,0 +1,35 @@ +{ + "data": "ENC[AES256_GCM,data:l7jYCSQE0BwYOoIMHgGOmMrWz5s=,iv:4TugFnfmzoeroq6SfRLD36gSSBHGVT6CxQE4Pyp1Ibc=,tag:HOTLlXGab05u+qREtyxAeg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1njjegjjdqzfnrr54f536yl4lduqgna3wuv7ef6vtl9jw5cju0grsgy62tm", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFTmVlZmxIMGFBbE1RYkNN\nbTh1NG5BK1JCTlZ1MzBtSS9NRXRVM3phN3lrCm9qSlpEQjFGZTBsME9ndXhYdHZv\ncW1oek5hU1pjQXhzT0cvTks3VEozdHcKLS0tIG1TUWJKSE1KRVlXMVdydjBhY1ZS\nWXRhNFA2aHZTT2pud0ZXOFpjVldKYjgKYyH7k0BW/sf3vDQLPaZoB2VHoyKmCkWy\nwTolEp4vkuzZld4KPdDW4jYL8kt8Fwa8TNlPKMUOvY0gt82pbJ1MAA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age187jl7e4k9n4guygkmpuqzeh0wenefwrfkpvuyhvwjrjwxqpzassqq3x67j", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5Y2ZpWlhXUll4WUxheENj\nRjlwK2dJUjBOU1lhV1dKWFhiMlJiQ0Q2Q0VrCnJac0ppdm9URW14TUwrVUdwN2x4\ncUgxSGRTM09ORUk0VXhUcVBxS1Z2a0EKLS0tIGhOSmc2L3FKOXdqdG5Da210aXF4\nZ2h0dW45K2dlZGJQMmxneE1IbXMvWmsKkBfh09E6o2uvNegq5pZgUBWOYjREDDyg\nHEgV7G4cWJBPpBFwS1gLGyRZ0TWrmoXCqF8I22BMG6tq94AGrKqFzg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1dqt3znmzcgghsjjzzax0pf0eyu95h0p7kaf5v988ysjv7fl7lumsatl048", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCc1B0Ylo5K1poUXpkcFZk\neGJSQmNBVU00RTdLcTNBRUN2N3cySFE0cUdVCjNmZlpGM0VUOWdvbVQ3U1BoRWJ1\na3kwK3JxQ0IrZ0NUaW5sTmZlWmd4MncKLS0tIHozZ29UbTNPZDBjTUl3WlB2YmFs\nS0IrN3lLK2YyM0ROTERtQlppbjVOdWMKtpLveHYL4RfEpCBLt4c4R/NVg1QF+if1\nz26bWNQseIsPtlIk4GImJZhUhbr3sDY81gcl7sd8XGpze7EAVM262g==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1ez6j3r5wdp0tjy7n5qzv5vfakdc2nh2zeu388zu7a80l0thv052syxq5e2", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBySmdCaVRYV2RjOFR4dFVx\nYmd1VlRzQmUwR1RwcTNJdTlxQnFFZXVscnlFCnRVOWQwa3VVUUlHQTF0WHBXb0FL\nMEViVXVDeWJLZnBLdWlUZTZFQVFqYlUKLS0tIHBGdXdPM2tOdzR0Qm5UT2F6dnNF\nTytWcXNYMEJSTU8xOExMK1MwQUNhdk0KVBbrhhwh+Yup+CW3Y+q9RoQ3XFjBfTLb\nzDbCZBhNx9HP7Q8mlndYPkJc3aGfpKxHpaniBLqzDKNKJ5OE4kzY3Q==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1tlymdmaukhwupzrhszspp26lgd8s64rw4vu9lwc7gsgrjm78095s9fe9l3", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtVnl0ckE1REtQbW8ybEtF\nWG1VNkFtMUVlNk04SnIySVFvM2pkV1dTMTNNCkV6R2NzQzM4WXRIdzJrVEo4L2FX\nQ1dmV2YwNHdMMVJUNmZWRktvK2s1dUUKLS0tIE5nUXNack5meUFzcWxhOTNGLzdG\naGlVYURRK2hLK0lNNm4wYTUrdXptLzAKZgN1tY1G3Jso1+CT0LQQ4I49CgdCECpe\n1wRdgaWI8P4ep2S7QO3Vu+MuoyOgVgGJdG/HzsEAAqJ0XMSBWpeFXg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1h537hhl5qgew5sswjp7xf7d4j4aq0gg9s5flnr8twm2smnqyudhqmum8uy", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3YnVBeGl5akg2b3BidW5m\nMjBnWWxReTFoNTBYVm83ZkhtSHUvTmtNSGxzCk5XcmVJZ0hpRURIT09teHFzOURt\nK25JSFJCNU5mb2k4ZHBTU0Q0emFtYWMKLS0tIEtqMlFNckZmQk15Z0xoT1BrUWgv\nN0VJT1RjOG1ZOVU1UklKTm5TUEhLQmsKP03juyke7ZmLGx+BHE596d18TWVLFuUV\nP1pK0QlwtRL0l/6r7l4hXN9gJ8JU+zO5NTcLtvvHdSL188q3TX//UQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-01-07T19:19:41Z", + "mac": "ENC[AES256_GCM,data:SnMD9+jpySE35ylbHInXfsIQ/Nq6FBpunlhgJSOnYCQLE9vGc5Rtkg8cYlqFBz82Ukjk2EJafKcjDgBgTx6+JcYC8idM7yCpqyJaTx9p0nr6+p46ozqrL8lm4qF+yJRK997RjfRStLE2JsLN0SRSBFTDL0yPB6mFc/BncywVVZ0=,iv:fJ0kpgysw8eHbIIrtdyUXwWYvHyOa6kJ1wW+6NvBTxY=,tag:cqyY6qmEa0HF6u61v9VZJw==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.11.0" + } +} diff --git a/secrets/tahani-icloud-password b/secrets/tahani-icloud-password deleted file mode 100644 index 636fcad..0000000 --- a/secrets/tahani-icloud-password +++ /dev/null @@ -1,30 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:l7jYCSQE0BwYOoIMHgGOmMrWz5s=,iv:4TugFnfmzoeroq6SfRLD36gSSBHGVT6CxQE4Pyp1Ibc=,tag:HOTLlXGab05u+qREtyxAeg==,type:str]", - "sops": { - "age": [ - { - "recipient": "age1njjegjjdqzfnrr54f536yl4lduqgna3wuv7ef6vtl9jw5cju0grsgy62tm", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXeDlULyt1RVBlUUJpdVgv\nRHdTd2MvNUNFZytZQzVTSE9UVlVXN3Njd0h3CngwbkIxM2lpNnFndVFKQ0twQ0x1\nd2NqVXJuYzh6K3BKTUgwVmM1YUMxVnMKLS0tIHZ1V3o5OU1Bd3dnajgrTmpzY3hM\nSXJuUExNR2Q3ZGd6M1ZISVRualhOUU0Kr0V+/GGGHQOWnso1YwCzy2EFedbQLY+f\nWOPA0J4UPRRFArN2JLdI7A4T98xPytksskYvoZGTCtUkYh4csuSDQw==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age187jl7e4k9n4guygkmpuqzeh0wenefwrfkpvuyhvwjrjwxqpzassqq3x67j", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHYVJqc3E5bmtOYmZ0T0Fq\nODUxeWxrZVZqeVN1cDNjaTlCN2tWT0hQMGcwCmMrMjY0djhDWVRhenA2Y3BWYzI4\najJaU3Q3OEJKcVBKSm9oK1VZR2YzYWsKLS0tIEx4cmlKZkpURGFrT2ROSWN1VURS\nWHExb0tCNDBQd25NVHM4V0g2N1dkaTAKiGsU5cxLVbES5Hg6RUyAyvJUZuy/g3nO\nbLeSzTrZrXvJxjUbTjlYjGNR612oshnWojY6czPgsXYS4odOAoRpDQ==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1dqt3znmzcgghsjjzzax0pf0eyu95h0p7kaf5v988ysjv7fl7lumsatl048", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIYks0dTlCVUJDUW1SR3Ba\nVUNIWERuRExWUlRRMGJGa3F1L0hsRk0xV2gwCmUvWWlmU09vK0IxNGVSeWRESFFU\nTW5pdmM4UnlPZW5yOXUxYlJrNDFCa3cKLS0tIHFVQllSVE12OExON1pHd0l1NzU5\nRUpCNmlDQTIvcndJczZFWVFvLzhyZTQKU/ulWhsCcOZhxgHmmUxfnSsSZVB/Fy3i\n2639UfDFjSWDtI74yMxIyK29Q+GtcgHt+R4U0SdciIN2gE8Fsc9Tbw==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1ez6j3r5wdp0tjy7n5qzv5vfakdc2nh2zeu388zu7a80l0thv052syxq5e2", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4eUM4MlV2QnRyRG9ZekNI\nYnZReVVjK3dtTk01ajhqeFVaQVU0NmxOSzNjCm1RcEt3OEZ6a1RQZlBLK0VvT3ZE\naHcyd3VFOElwRXJyNmZPcGxwbGIzSmsKLS0tIGVXcjUzZ1BIbEgwS0J4cy9GZTg0\nU015THBsaXpFWk1ldno0cmxZTldrQXcKGsfU/j2MqdJWrqRWxun85LcuqIyHanMB\nyCbGED5aiDoQPz59P7vabTuMDDFw/fnDO4Qv0ktGvi1lQbsLAvrZUw==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1tlymdmaukhwupzrhszspp26lgd8s64rw4vu9lwc7gsgrjm78095s9fe9l3", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5amk2NVBhbWMyZ3JwNytL\nNmJ6MEdxZXNzanl0Q25zWlZCUWVTRU9jNEVFCnozTWExQk02OUIwMWVpcVB4OHdw\nKzI1dGNOdEFEa1pGT0dUZjR1VEFPMlEKLS0tIFozeStWeE9pR3FZdXRybUFUSUVU\nZ0JjYWJRNGZqNldrMkU4U3c3OHdGSjAKaxeKuIFEfAd393CIvPk2Jg8tMI4GvsTJ\nSVEVsTWILH3bgPimATfE5nRxzLiWyGVsG4QjYAn02uXobW5Aan0wkw==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2026-01-07T19:19:41Z", - "mac": "ENC[AES256_GCM,data:SnMD9+jpySE35ylbHInXfsIQ/Nq6FBpunlhgJSOnYCQLE9vGc5Rtkg8cYlqFBz82Ukjk2EJafKcjDgBgTx6+JcYC8idM7yCpqyJaTx9p0nr6+p46ozqrL8lm4qF+yJRK997RjfRStLE2JsLN0SRSBFTDL0yPB6mFc/BncywVVZ0=,iv:fJ0kpgysw8eHbIIrtdyUXwWYvHyOa6kJ1wW+6NvBTxY=,tag:cqyY6qmEa0HF6u61v9VZJw==,type:str]", - "version": "3.11.0" - } -}