Configure DashVim for server

base/common_hardware.nix

@@ -33,9 +33,6 @@ in
 
       experimental-features = "nix-command flakes";
     };
-    extraOptions = ''
-      !include ${config.sops.secrets.access.path}
-    '';
   };
 
   # Enable sound with pipewire.
@@ -112,13 +109,4 @@ in
 
   swapDevices =
     [{ device = "/dev/disk/by-label/SWAP"; }];
-
-  sops = {
-    gnupg = {
-      home = "/home/${config.conf.username}/.gnupg";
-      sshKeyPaths = [ ];
-    };
-    defaultSopsFile = ../secrets/secrets.yaml;
-    secrets.access = { };
-  };
 }

flake.nix

@@ -72,10 +72,11 @@
       nixosConfigurations = (dashielib.build_systems [ "marmo" "overheating" "spaceship" ]) // {
         server = inputs.stable.lib.nixosSystem {
           specialArgs = {
-            inherit inputs; pkgs = stable;
+            inherit inputs; pkgs' = stable;
           };
           modules = [
             inputs.sops-nix.nixosModules.sops
+            (inputs.dashvim.nixosModules.dashvim { inherit pkgs; })
             ./hardware/server/configuration.nix
           ];
         };

hardware/server/configuration.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, unstable, ... }:
 let
   nextcloud_pw = (builtins.readFile /etc/nixos/nextcloud);
   forgejo_pw = (builtins.readFile /etc/nixos/dbpw/forgejo);
@@ -39,11 +39,11 @@ in
   users.users.dashie = {
     isNormalUser = true;
     extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
-    packages = with pkgs; [
-      neovim
-      fuse
-      ntfs3g
-      rsync
+    packages = [
+      unstable.neovim
+      pkgs.fuse
+      pkgs.ntfs3g
+      pkgs.rsync
     ];
     openssh.authorizedKeys.keyFiles = [
       /home/dashie/server.pub

lib/default.nix

@@ -11,7 +11,6 @@
             inherit inputs pkgs mod;
           };
           modules = [
-            inputs.sops-nix.nixosModules.sops
             inputs.home-manager.nixosModules.home-manager
             inputs.stylix.nixosModules.stylix
             ../base

programs/common.nix

@@ -36,6 +36,11 @@ in
       enable = true;
       enableFishIntegration = true;
     };
+  nix = {
+    extraOptions = ''
+      !include ${config.sops.secrets.access.path}
+    '';
+  };
 
   sops = {
     gnupg = {
@@ -47,6 +52,7 @@ in
     secrets.lab = { };
     secrets.${username} = { };
     secrets.nextcloud = { };
+    secrets.access = { };
   };
 
   systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];

secrets/secrets.yaml

@@ -13,15 +13,15 @@ matrix_server: ENC[AES256_GCM,data:fH+5kX6VyNUXzAmNkLEGf8KmhIWuTGsG3r0=,iv:B2lto
 mautrix_signal_server: ENC[AES256_GCM,data:xBHtTtf725wvSltd7EgP3u/GszsaKR1D/ng=,iv:KZorceuZJulvBYyOSKaFv0UxAgMzIuXnBSDmqeqZT80=,tag:k4Dqvq7n39q6rgfB9hB8/g==,type:str]
 mautrix_whatsapp_server: ENC[AES256_GCM,data:Ap5NZ9+kkusMTJlmiH2vxj2fkp1RZPSOM5s=,iv:/F3sP/7bw0uIualG8E+Mtxp60xW8OlHBBZCui887oaA=,tag:CawIZEpmbmxRYhq2fb1vDw==,type:str]
 mautrix_discord_server: ENC[AES256_GCM,data:8MU3URa52h0sDabl+6bYZ0z0ib/S8KzYb3k=,iv:uSqT0MsK1qcphyd+5xZZ8aDqxQhZX8mKBP+2tHHG04I=,tag:mdepj3ombSru96es+lFIQQ==,type:str]
-access: ENC[AES256_GCM,data:J7lIopyeMZIIoRLMahTXNMOu8dQ+ZO0/AkcJcXdLpUnGugJmFoqHuUE=,iv:J93hLNq+mZe6cqEk32c3gxkTN5hIeZ0kkUxSmoiexeI=,tag:k3qzx0gPafHd4/3BWi8X6w==,type:str]
+access: ENC[AES256_GCM,data:BHB8v/uVqj5Hn2J6OUHloxdbrc9EVq6mCz9n4rFKUPK5H6ajP9L+zWtxkPLgr6sljEL3fPdlYQUlRaSJTAeygQnuXzM=,iv:mFv4AGSG0ok658VK5HcRBcQpLLK7NM9QJj4FMCJMj4Q=,tag:G4SIkT4TfoR/lW+kZmygiA==,type:str]
 sops:
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-08-04T13:37:08Z"
-    mac: ENC[AES256_GCM,data:zP8fPzpMKzgEPTR2qRisPaZzYyBnYEw7zU22xwP0ZHdfhq/fwUNuduUe/sg7aoobKTMPLBKJ7ukoiHkBpglnPzPajbH0cikevFcqSP1/NuDGl/cyytVUlOuePI/8Lct2WgCDzYVW71RuObUk7yHzvnMoqvem7UYpjdE5niryiwg=,iv:lNkveEy08C2/qd4CI/jy47JJCGFlYxU1saBLrH6LnaU=,tag:SnUHbRNnl0FIDK2b5wolsw==,type:str]
+    lastmodified: "2024-08-04T14:17:56Z"
+    mac: ENC[AES256_GCM,data:cDusfY0990Q60IrprG8SEYwpGkrvfxIBt6qS/e5ikKqCTYpp9ei1BiecLPQ6U+6rgoRLWACGsq3idJI7cApVxqAfQcZXFjaxO5TxGKP8VyO//nhoPouT1iRfue1oref8D4P7cE/T2GzNFbDP0aUHXP0bBGo76TGLTzhkJ3Gzm7g=,iv:Va+WbAY4amrOUp+6pFtt8vf4jXxRF19oI3pD6I3dEuw=,tag:EfDeBf3S0ReetiWywLUiAQ==,type:str]
     pgp:
         - created_at: "2024-05-14T14:35:02Z"
           enc: |-