WIP: Add new configuration for rin

.sops.yaml

@@ -2,10 +2,18 @@ keys:
   - &tlater 535B61015823443941C744DD12264F6BBDFABA89
   - &yui 71132A2D171E79E6A20E81E6C33BC9C8C67C5948
   - &ren 4F82D975EFA78365B552A8B7A0FEFBBAE3259F52
+  - &tlater-famedly E3A01E05CDB7D42E9909 B9394D863FBF16FE6D51
+  - &rin age1qne0ry5pxn4pfqzney9hxy9dedst02qtvfrmnf2p7dhr560mgcusg3tpz6
 
 creation_rules:
   - key_groups:
       - pgp:
           - *tlater
           - *yui
           - *ren
+  - path_regex: secrets/work/[^/]+\.(yaml|json|env|ini)$
+    key_groups:
+      - pgp:
+          - *tlater-famedly
+        age:
+          - *rin

flake.nix

@@ -73,7 +73,7 @@
         system = "x86_64-linux";
         modules = [
           ./nixos-config
-          ./nixos-config/yui
+          ./nixos-config/hosts/yui
         ];
 
         specialArgs.flake-inputs = inputs;
@@ -83,7 +83,17 @@
         system = "x86_64-linux";
         modules = [
           ./nixos-config
-          ./nixos-config/ren
+          ./nixos-config/hosts/ren
+        ];
+
+        specialArgs.flake-inputs = inputs;
+      };
+
+      rin = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          ./nixos-config
+          ./nixos-config/hosts/rin
         ];
 
         specialArgs.flake-inputs = inputs;
@@ -127,11 +137,13 @@
     devShells.x86_64-linux.default = let
       inherit (sops-nix.packages.x86_64-linux) sops-init-gpg-key sops-import-keys-hook;
       inherit (self.packages.x86_64-linux) commit-nvfetcher;
+      inherit (nixpkgs.legacyPackages.x86_64-linux) nvchecker;
       home-manager-bin = home-manager.packages.x86_64-linux.default;
     in
       nixpkgs.legacyPackages.x86_64-linux.mkShell {
         packages = [
           nvfetcher.packages.x86_64-linux.default
+          nvchecker
           commit-nvfetcher
           home-manager-bin
           sops-init-gpg-key

home-config/config/applications/graphical/firefox.nix

@@ -1,4 +1,5 @@
 {
+  lib,
   config,
   pkgs,
   flake-inputs,
@@ -21,107 +22,116 @@
   settings-file = runCommandNoCC "firefox-settings" {} ''
     cat '${firefox-ui-fix}/user.js' '${settings}' > $out
   '';
-in {
-  xdg.configFile."tridactyl/tridactylrc".text = ''
-    source ${tlaterpkgs.tridactyl-emacs}/share/tridactyl/emacs_bindings
-    # Remove the update function; Really don't want this since it's nix-packaged
-    comclear emacs-bindings-update
-    # Remove annoying pre-defined "searchurls" - duckduckgo is just better
-    jsb Object.keys(tri.config.get("searchurls")).reduce((prev, u) => prev.then(_ => tri.config.set("searchurls", u, null)), Promise.resolve())
-  '';
 
-  home.file.".mozilla/firefox/tlater/chrome/icons" = {
-    source = "${firefox-ui-fix}/icons";
-  };
+  thirdParty = config.programs.firefox.enableThirdPartyRepositories;
+in {
+  options.programs.firefox.enableThirdPartyRepositories = lib.mkEnableOption "third party repositories";
 
-  programs.firefox = {
-    enable = true;
-    package = pkgs.firefox.override {
-      nativeMessagingHosts = [
-        pkgs.tridactyl-native
-      ];
-    };
-    profiles."tlater" = {
-      extensions = with pkgs.nur.repos.rycee.firefox-addons; [
-        aria2-integration
-        buster-captcha-solver
-        clearurls
-        decentraleyes
-        indie-wiki-buddy
-        keepassxc-browser
-        libredirect
-        no-pdf-download
-        react-devtools
-        reduxdevtools
-        tridactyl
-        ublock-origin
+  config = {
+    programs.firefox = {
+      enable = true;
+      package = lib.mkIf thirdParty (pkgs.firefox.override {
+        nativeMessagingHosts = [
+          pkgs.tridactyl-native
+        ];
+      });
+      profiles."tlater" = {
+        extensions = with pkgs.nur.repos.rycee.firefox-addons;
+          lib.mkIf thirdParty [
+            aria2-integration
+            buster-captcha-solver
+            clearurls
+            decentraleyes
+            indie-wiki-buddy
+            keepassxc-browser
+            libredirect
+            no-pdf-download
+            react-devtools
+            reduxdevtools
+            tridactyl
+            ublock-origin
 
-        # # Missing:
-        # cloudhole
-        # devtools-adb-extension
-        # firefox-sticky-window-containers
-        # warframe-reliquary-prime
-      ];
+            # # Missing:
+            # cloudhole
+            # devtools-adb-extension
+            # firefox-sticky-window-containers
+            # warframe-reliquary-prime
+          ];
 
-      userChrome =
-        builtins.readFile "${firefox-ui-fix}/css/leptonChrome.css";
-      userContent =
-        builtins.readFile "${firefox-ui-fix}/css/leptonContent.css";
-      settings = {
-        # Re-bind ctrl to super (would interfere with tridactyl otherwise)
-        "ui.key.accelKey" = 91;
+        userChrome =
+          lib.mkIf thirdParty
+          (builtins.readFile "${firefox-ui-fix}/css/leptonChrome.css");
+        userContent =
+          lib.mkIf thirdParty
+          (builtins.readFile "${firefox-ui-fix}/css/leptonContent.css");
+        settings = {
+          # Re-bind ctrl to super (would interfere with tridactyl otherwise)
+          "ui.key.accelKey" = 91;
 
-        # Keep the reader button enabled at all times; really don't
-        # care if it doesn't work 20% of the time, most websites are
-        # crap and unreadable without this
-        "reader.parse-on-load.force-enabled" = true;
+          # Keep the reader button enabled at all times; really don't
+          # care if it doesn't work 20% of the time, most websites are
+          # crap and unreadable without this
+          "reader.parse-on-load.force-enabled" = true;
 
-        # Hide the "sharing indicator", it's especially annoying
-        # with tiling WMs on wayland
-        "privacy.webrtc.legacyGlobalIndicator" = false;
+          # Hide the "sharing indicator", it's especially annoying
+          # with tiling WMs on wayland
+          "privacy.webrtc.legacyGlobalIndicator" = false;
 
-        # Actual settings
-        "app.shield.optoutstudies.enabled" = false;
-        "app.update.auto" = false;
-        "browser.bookmarks.restore_default_bookmarks" = false;
-        "browser.contentblocking.category" = "strict";
-        "browser.ctrlTab.recentlyUsedOrder" = false;
-        "browser.discovery.enabled" = false;
-        "browser.laterrun.enabled" = false;
-        "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" =
-          false;
-        "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" =
-          false;
-        "browser.newtabpage.activity-stream.feeds.snippets" = false;
-        "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned" = "";
-        "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines" = "";
-        "browser.newtabpage.activity-stream.section.highlights.includePocket" =
-          false;
-        "browser.newtabpage.activity-stream.showSponsored" = false;
-        "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
-        "browser.newtabpage.pinned" = false;
-        "browser.protections_panel.infoMessage.seen" = true;
-        "browser.quitShortcut.disabled" = true;
-        "browser.shell.checkDefaultBrowser" = false;
-        "browser.ssb.enabled" = true;
-        "browser.toolbars.bookmarks.visibility" = "never";
-        "browser.urlbar.placeholderName" = "DuckDuckGo";
-        "browser.urlbar.suggest.openpage" = false;
-        "datareporting.policy.dataSubmissionEnable" = false;
-        "datareporting.policy.dataSubmissionPolicyAcceptedVersion" = 2;
-        "dom.security.https_only_mode" = true;
-        "dom.security.https_only_mode_ever_enabled" = true;
-        "extensions.getAddons.showPane" = false;
-        "extensions.htmlaboutaddons.recommendations.enabled" = false;
-        "extensions.pocket.enabled" = false;
-        "identity.fxaccounts.enabled" = false;
-        "privacy.trackingprotection.enabled" = true;
-        "privacy.trackingprotection.socialtracking.enabled" = true;
+          # Actual settings
+          "app.shield.optoutstudies.enabled" = false;
+          "app.update.auto" = false;
+          "browser.bookmarks.restore_default_bookmarks" = false;
+          "browser.contentblocking.category" = "strict";
+          "browser.ctrlTab.recentlyUsedOrder" = false;
+          "browser.discovery.enabled" = false;
+          "browser.laterrun.enabled" = false;
+          "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" =
+            false;
+          "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" =
+            false;
+          "browser.newtabpage.activity-stream.feeds.snippets" = false;
+          "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned" = "";
+          "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines" = "";
+          "browser.newtabpage.activity-stream.section.highlights.includePocket" =
+            false;
+          "browser.newtabpage.activity-stream.showSponsored" = false;
+          "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
+          "browser.newtabpage.pinned" = false;
+          "browser.protections_panel.infoMessage.seen" = true;
+          "browser.quitShortcut.disabled" = true;
+          "browser.shell.checkDefaultBrowser" = false;
+          "browser.ssb.enabled" = true;
+          "browser.toolbars.bookmarks.visibility" = "never";
+          "browser.urlbar.placeholderName" = "DuckDuckGo";
+          "browser.urlbar.suggest.openpage" = false;
+          "datareporting.policy.dataSubmissionEnable" = false;
+          "datareporting.policy.dataSubmissionPolicyAcceptedVersion" = 2;
+          "dom.security.https_only_mode" = true;
+          "dom.security.https_only_mode_ever_enabled" = true;
+          "extensions.getAddons.showPane" = false;
+          "extensions.htmlaboutaddons.recommendations.enabled" = false;
+          "extensions.pocket.enabled" = false;
+          "identity.fxaccounts.enabled" = false;
+          "privacy.trackingprotection.enabled" = true;
+          "privacy.trackingprotection.socialtracking.enabled" = true;
+        };
       };
     };
-  };
 
-  home.file.".mozilla/firefox/${config.programs.firefox.profiles.tlater.path}/user.js" = {
-    source = settings-file;
+    home.file.".mozilla/firefox/${config.programs.firefox.profiles.tlater.path}/user.js" =
+      lib.mkIf thirdParty
+      {source = settings-file;};
+
+    xdg.configFile."tridactyl/tridactylrc" = lib.mkIf thirdParty {
+      text = ''
+        source ${tlaterpkgs.tridactyl-emacs}/share/tridactyl/emacs_bindings
+        # Remove the update function; Really don't want this since it's nix-packaged
+        comclear emacs-bindings-update
+        # Remove annoying pre-defined "searchurls" - duckduckgo is just better
+        jsb Object.keys(tri.config.get("searchurls")).reduce((prev, u) => prev.then(_ => tri.config.set("searchurls", u, null)), Promise.resolve())
+      '';
+    };
+
+    home.file.".mozilla/firefox/tlater/chrome/icons" = lib.mkIf thirdParty {source = "${firefox-ui-fix}/icons";};
   };
 }

home-config/config/personal/default.nix

@@ -4,6 +4,7 @@
   ];
 
   home.packages = with pkgs; [prismlauncher];
+  programs.firefox.enableThirdPartyRepositories = true;
 
   programs.git = {
     userEmail = "tm@tlater.net";

home-config/config/shell/default.nix

@@ -15,6 +15,7 @@
     fd
     ouch
     ripgrep
+    screen
   ];
 
   programs.ssh.enable = true;

home-config/config/work/famedly.nix

@@ -1,26 +1,42 @@
 {
+  lib,
+  flake-inputs,
+  ...
+}: {
   programs.git = {
     userEmail = "t.maat@famedly.com";
 
     signing = {
-      key = "";
+      key = "0x4D863FBF16FE6D51";
       signByDefault = true;
     };
 
     # For magit
     extraConfig.github.user = "famedly-tlater";
   };
 
+  home.packages = with pkgs; [
+    bitwarden
+    pre-commit
+  ];
+
+  home.file.".ssh/famedly-tlater.pub".source = "${flake-inputs.self}/keys/famedly-tlater.pub";
+
   programs.ssh.matchBlocks = {
     "*" = {
       identitiesOnly = true;
       identityFile = "~/.ssh/famedly-tlater.pub";
     };
   };
 
-  programs.firefox.webapps = {
-    discord.enable = false;
-    whatsapp.enable = false;
-    element.enable = false;
+  programs.firefox = {
+    enableThirdPartyRepositories = false;
+
+    # Disable the webapps that shouldn't be on a work computer
+    webapps = {
+      discord.enable = lib.mkForce false;
+      whatsapp.enable = lib.mkForce false;
+      element.enable = lib.mkForce false;
+    };
   };
 }

home-config/hosts/rin/default.nix

@@ -0,0 +1,13 @@
+{
+  imports = [
+    ../../config
+    ../../config/applications/graphical
+    ../../config/applications/tty
+    ../../config/desktop
+    ../../config/services
+    ../../config/shell
+    ../../config/xdg-settings.nix
+
+    ../../config/work/famedly.nix
+  ];
+}

keys/famedly-tlater.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFtWLp6Hoqr3izbm+J7PUOLLI+6xoZ05T/7jMJITjrQH openpgp:0x4991CF06

nixos-config/default.nix

@@ -10,7 +10,6 @@
 
     ./greeter
     ./sway.nix
-    ./wireguard.nix
     ./yubikey.nix
     ../modules
   ];
@@ -46,11 +45,6 @@
   };
 
   sops = {
-    gnupg = {
-      home = "/var/lib/sops";
-      sshKeyPaths = [];
-    };
-
     defaultSopsFile = "/etc/sops/secrets.yaml";
     validateSopsFiles = false;
   };

nixos-config/ren/default.nix → nixos-config/hosts/ren/default.nix

@@ -6,7 +6,8 @@
     ./hardware-configuration.nix
     ./nixos-hardware-precursor.nix
     ./disko.nix
-    ../networks/personal.nix
+    ../../networks/personal.nix
+    ../../wireguard.nix
   ];
 
   home-manager.users.tlater = import "${flake-inputs.self}/home-config/hosts/personal-desktop.nix";