Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Feat: Add encryption through agenix | ene | 2023-02-18 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are other alternatives: * [This blog post about NixOs secret encryption](https://xeiaso.net/blog/nixos-encrypted-secrets-2021-01-20) * Directly to agenix: * A [rewrite in rust](https://github.com/yaxitech/ragenix) * A dead (?) [rewrite in rust](https://github.com/cole-h/agenix-cli) * An implementation of Sops for nix: [Sops-nix](https://github.com/Mic92/sops-nix) * See the [NixOs wiki entry](https://nixos.wiki/wiki/Comparison_of_secret_managing_schemes) for further options. Reasons for agenix: I mostly just ruled other options out, until this was the only real thing: * The blog post was created in a time, where tools like agenix where not available, and it (very simplified) just shows, how to implement a basic version of agenix * The rewrite are both in itself interesting, but lack community support, this is however subject to change, and thus a migration to a rewrite might be feasible in the future. * Sops seems like a really nice thing, with support for nearly all relevant encryption options, but the documentation for sops-nix seems rather lack-luster for me, so I decided to stay with agenix, especially because I should not need the extra encryption options. * And lastly most of the option on the wiki page need excessive manual intervention on every reboot (maybe because the were written with servers in mind), but I would like to be able to deploy once and then never have to think about secret management. So you see, I mostly just used what seemed to be the easiest for my situation right now, and agenix works rather well. If there weren't one big downside, I would really like it: Encrypting a file with age — which is what agenix uses under the hood — requires a key, which in the case of agenix is the public ssh key. Being asymmetric encryption, the decryption requires the private key, which is in my case stored in an ssh-agent, feed directly from KeepassXC. And this is where the problem lives, I want to be able to decrypt the secrets (obviously), and this only works if I copy the private key to a file, which, whilst being a manual process, completely breaks the point behind using an ssh-agent with KeepassXC integration in the first place. There are however open Issues on both the rage an agenix issue trackers, so the hope of fixing this is still there. | ||
* | Feat(home-manager): Add local packages | ene | 2023-02-17 |
| | |||
* | Chore: Add todo file | ene | 2023-02-17 |
| | |||
* | Feat(services): Add snapper config for the persistent volume | ene | 2023-02-17 |
| | |||
* | Fix(system): Rework some btrfs subvolume names and add lazyatime | ene | 2023-02-17 |
| | | | | | | The lazyatime mount setting should increase the performance somewhat, especially because I don't really need atime. Thought using noatime might make this setting completely useless, so it might get removed again. | ||
* | Fix(users): Change home of soispha to /home/soispha | ene | 2023-02-17 |
| | | | | | This puts the home directory in the tempfs part of the filesystem, so all, not explicitly specified directories, will be restored upon reboot. | ||
* | Feat(services): Use default.nix files | ene | 2023-02-17 |
| | |||
* | Feat(home-manager): Move configs in their own directory | ene | 2023-02-17 |
| | |||
* | Feat(impermanence): Add full stack tempfs | ene | 2023-02-16 |
| | |||
* | Feat: Add impersistent for persistent files and dirs | ene | 2023-02-16 |
| | |||
* | Feat(nix): Add settings | ene | 2023-02-15 |
| | |||
* | Fix(yambar): Remove typos | ene | 2023-02-15 |
| | |||
* | Fix(zsh): Remove typos | ene | 2023-02-15 |
| | |||
* | Fix(home-manager): Fix Typos | ene | 2023-02-15 |
| | |||
* | Feat(home-manager): Add zsh | ene | 2023-02-15 |
| | |||
* | Feat(home-manager): Add yambar | ene | 2023-02-15 |
| | |||
* | Feat(home-manager): Add swaylock | ene | 2023-02-15 |
| | |||
* | Feat(home-manager): Add swayidle | ene | 2023-02-15 |
| | |||
* | Fix(ssh): Delete reference configuration | ene | 2023-02-15 |
| | |||
* | Fix(home-manager): Declare the configs directly in Nix | ene | 2023-02-13 |
| | |||
* | Fix(home-manager): Update rclone to use the correct file | ene | 2023-02-13 |
| | |||
* | Feat(home-manager): Add ssh | ene | 2023-02-12 |
| | |||
* | Feat(home-manager): Add river | ene | 2023-02-12 |
| | |||
* | Feat(home-manager): Add rclone | ene | 2023-02-12 |
| | |||
* | Feat(home-manager): Add python xdg-settings | ene | 2023-02-12 |
| | |||
* | Fix(home-manager): Improve Firefox configuration | ene | 2023-02-12 |
| | |||
* | Fix(home-manager): Import home-manager correctly | ene | 2023-02-12 |
| | |||
* | Feat(home-manager): Make the home configuration better | ene | 2023-02-11 |
| | |||
* | Fix: Rename host for clarity and import home-manager | ene | 2023-02-11 |
| | |||
* | Fix: Remove typo from home-manager directory name | ene | 2023-02-11 |
| | |||
* | Fix: Import the configurations | ene | 2023-02-11 |
| | |||
* | Fix: Comment infinite recursion causing lines | ene | 2023-02-11 |
| | | | | | I will probably use a module for persistent file systems, so commenting this seems the best option for now. | ||
* | Feat: Switch to default.nix | ene | 2023-02-11 |
| | |||
* | Feat(home-manager): Add firefox config | ene | 2023-02-11 |
| | |||
* | Feat(home-manger): Add mpd | ene | 2023-02-07 |
| | |||
* | Feat(home-manger): Add mako configurations | ene | 2023-02-07 |
| | |||
* | Feat(home-manger): Add support for lf | ene | 2023-02-07 |
| | |||
* | Feat(home-manger): Add support for less | ene | 2023-02-07 |
| | |||
* | Feat(home-manager): Add latexindent | ene | 2023-02-07 |
| | |||
* | Feat(home-manager): Add support for keepassxc | ene | 2023-02-07 |
| | |||
* | Feat(home-manager): Add gtk configurations | ene | 2023-02-07 |
| | |||
* | Feat(home-manger): Add grades config support | ene | 2023-02-07 |
| | |||
* | Feat(home-manager): Add git support | ene | 2023-02-07 |
| | |||
* | Feat(home-manager): Add support for gammastep | ene | 2023-02-07 |
| | |||
* | Feat(home-manager): Add cups support | ene | 2023-02-07 |
| | |||
* | Feat(home-manager): Add alacritty support | ene | 2023-02-07 |
| | |||
* | Fix(Zsh): Use -R with less | ene | 2023-02-07 |
| | |||
* | Fix(home-manager): Use the same nixpkgs version | ene | 2023-02-07 |
| | |||
* | Feat: Mounted .config as tempfs | ene | 2023-02-05 |
| | | | | | This should make it easier to ensure, that all configs files are saved in home-manger. | ||
* | Feat: Switch to Default.nix files | ene | 2023-02-05 |
| | | | | This make the imported path somewhat shorter. |