From 4994ba4f77c5f6b7f1c1e893371eadacc082a3ee Mon Sep 17 00:00:00 2001 From: Polen Date: Mon, 28 Oct 2024 13:45:36 -0400 Subject: [PATCH] first config pi / attempt at sops --- devices/pi/configuration.nix | 60 +++++++++++++++++++++++++++++++++ devices/xps13/configuration.nix | 1 + flake.nix | 1 + secrets/secrets.yaml | 23 +++++++++++++ 4 files changed, 85 insertions(+) create mode 100644 devices/pi/configuration.nix create mode 100644 secrets/secrets.yaml diff --git a/devices/pi/configuration.nix b/devices/pi/configuration.nix new file mode 100644 index 0000000..3defff4 --- /dev/null +++ b/devices/pi/configuration.nix @@ -0,0 +1,60 @@ +{ inputs, config, pkgs, lib, ... }: + +let + user = "polen"; + password = "guest"; + SSID = "Cogeco-F710"; + SSIDpassword = "mypassword"; + interface = "wlan0"; + hostname = "pi"; +in { + # imports = [ + # inputs.sops-nix.nixosModules.ops + # ]; + + # sops.defaultSopsFile = ../../secrets/secrets.yaml; + # sops.defaultSopsFormat = "yaml"; + # sops.age.keyFile = "/home/polen/.config/sops/age/keys.txt"; + + boot = { + kernelPackages = pkgs.linuxKernel.packages.linux_rpi3; + initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ]; + loader = { + grub.enable = false; + generic-extlinux-compatible.enable = true; + }; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + }; + + networking = { + hostName = hostname; + wireless = { + enable = true; + networks."${SSID}".psk = SSIDpassword; + interfaces = [ interface ]; + }; + }; + + environment.systemPackages = with pkgs; [ nvim ]; + + services.openssh.enable = true; + + users = { + mutableUsers = false; + users."${user}" = { + isNormalUser = true; + password = password; + extraGroups = [ "wheel" ]; + }; + }; + + hardware.enableRedistributableFirmware = true; + system.stateVersion = "23.11"; +} diff --git a/devices/xps13/configuration.nix b/devices/xps13/configuration.nix index 7c20e7e..87937f7 100644 --- a/devices/xps13/configuration.nix +++ b/devices/xps13/configuration.nix @@ -73,6 +73,7 @@ ranger git home-manager + sops waybar mako diff --git a/flake.nix b/flake.nix index 1916d20..9851852 100644 --- a/flake.nix +++ b/flake.nix @@ -3,6 +3,7 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + inputs.sops-nix.url = "github:Mic92/sops-nix"; }; outputs = { nixpkgs, ... }@inputs: diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml new file mode 100644 index 0000000..d915753 --- /dev/null +++ b/secrets/secrets.yaml @@ -0,0 +1,23 @@ +home_ssid_password: ENC[AES256_GCM,data:HIa5aXWpKOplJEnoU7Zb,iv:iHlZacIaxQAU4R1tYa/pe3hSDZ362V5xzUS6Vzq+WrM=,tag:1KimN0cbHO4rsa8oEgodZQ==,type:str] +pi: + password: ENC[AES256_GCM,data:b0v9Y6WBhlBadiEvtA==,iv:xgQm/eDyOPQnTGN18OJhsJLnrRId08X+weuL1MaSxVA=,tag:ljIVNf3F9Wog6YIo8KoyoA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1x8qsd7kxxjvan4psvnvua3r0emljsnq07agxnu6jqw56ky8z6faqyjq0e3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRERMSmlNaW9IS2JnTjZ4 + R05QR0RiSDF5VEFKTnZxUFJhR2hLTEwrNVhVCk1XUFhSb0lnUzYrOUxTSVpCaHpI + MWFDc0k2QS9VQ3oyb1A1OHhJWW9MUFEKLS0tIHpRYWY0R1ZEVHhTR3BWV0JFZ255 + YVRBRytnc3VtM1NtbTNaN29DZjU0TmcKPrRqR+UbN/WjSCk15AVIlVW9dv8H+CLQ + /YJUKHsgMaspBDipyPL5YJX/jGNZYgRrOGepCaUGUMaGmd6yEnZBVg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-10-28T15:37:46Z" + mac: ENC[AES256_GCM,data:SlzSXZdB37Iohns3WDLeQ5tS25utXcCSjXYuGgK8NPz3E1IGVM7dwZoQ7A2n0SHw5+j9gDuw6aPEP7ediBwgS0882uzBBgCHNLZCDwVf3uAdn1CvqTT5DeXfjBufrziuxnLpYo3ajqwdh0j54ILkad5iltXiwlYkGK/qj/wYJTo=,iv:OKudO04rv66DE2vYPleOy377jVn+sRLIazbs2A8ywgQ=,tag:Zy6oyaZm+5ukH78fbm5rVA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1