first config pi / attempt at sops

2024-10-28 13:45:36 -04:00 · 2024-10-28 13:45:36 -04:00 · 4994ba4f77
commit 4994ba4f77
parent 71ec2a349f
4 changed files with 85 additions and 0 deletions
--- a/devices/pi/configuration.nix
+++ b/devices/pi/configuration.nix
@ -0,0 +1,60 @@
 { inputs, config, pkgs, lib, ... }:
 let
  user = "polen";
  password = "guest";
  SSID = "Cogeco-F710";
  SSIDpassword = "mypassword";
  interface = "wlan0";
  hostname = "pi";
 in {
 	# imports = [
 	# 	inputs.sops-nix.nixosModules.ops
 	# ];
 	# sops.defaultSopsFile = ../../secrets/secrets.yaml;
 	# sops.defaultSopsFormat = "yaml";
 	# sops.age.keyFile = "/home/polen/.config/sops/age/keys.txt";
  boot = {
    kernelPackages = pkgs.linuxKernel.packages.linux_rpi3;
    initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ];
    loader = {
      grub.enable = false;
      generic-extlinux-compatible.enable = true;
    };
  };
  fileSystems = {
    "/" = {
      device = "/dev/disk/by-label/NIXOS_SD";
      fsType = "ext4";
      options = [ "noatime" ];
    };
  };
  networking = {
    hostName = hostname;
    wireless = {
      enable = true;
      networks."${SSID}".psk = SSIDpassword;
      interfaces = [ interface ];
    };
  };
  environment.systemPackages = with pkgs; [ nvim ];
  services.openssh.enable = true;
  users = {
    mutableUsers = false;
    users."${user}" = {
      isNormalUser = true;
      password = password;
      extraGroups = [ "wheel" ];
    };
  };
  hardware.enableRedistributableFirmware = true;
  system.stateVersion = "23.11";
 }
--- a/devices/xps13/configuration.nix
+++ b/devices/xps13/configuration.nix
@ -73,6 +73,7 @@
    ranger
    git
    home-manager
 		sops
    waybar
    mako
--- a/flake.nix
+++ b/flake.nix
@ -3,6 +3,7 @@
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
 		inputs.sops-nix.url = "github:Mic92/sops-nix";
  };
  outputs = { nixpkgs, ... }@inputs:
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@ -0,0 +1,23 @@
 home_ssid_password: ENC[AES256_GCM,data:HIa5aXWpKOplJEnoU7Zb,iv:iHlZacIaxQAU4R1tYa/pe3hSDZ362V5xzUS6Vzq+WrM=,tag:1KimN0cbHO4rsa8oEgodZQ==,type:str]
 pi:
    password: ENC[AES256_GCM,data:b0v9Y6WBhlBadiEvtA==,iv:xgQm/eDyOPQnTGN18OJhsJLnrRId08X+weuL1MaSxVA=,tag:ljIVNf3F9Wog6YIo8KoyoA==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1x8qsd7kxxjvan4psvnvua3r0emljsnq07agxnu6jqw56ky8z6faqyjq0e3
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRERMSmlNaW9IS2JnTjZ4
            R05QR0RiSDF5VEFKTnZxUFJhR2hLTEwrNVhVCk1XUFhSb0lnUzYrOUxTSVpCaHpI
            MWFDc0k2QS9VQ3oyb1A1OHhJWW9MUFEKLS0tIHpRYWY0R1ZEVHhTR3BWV0JFZ255
            YVRBRytnc3VtM1NtbTNaN29DZjU0TmcKPrRqR+UbN/WjSCk15AVIlVW9dv8H+CLQ
            /YJUKHsgMaspBDipyPL5YJX/jGNZYgRrOGepCaUGUMaGmd6yEnZBVg==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-10-28T15:37:46Z"
    mac: ENC[AES256_GCM,data:SlzSXZdB37Iohns3WDLeQ5tS25utXcCSjXYuGgK8NPz3E1IGVM7dwZoQ7A2n0SHw5+j9gDuw6aPEP7ediBwgS0882uzBBgCHNLZCDwVf3uAdn1CvqTT5DeXfjBufrziuxnLpYo3ajqwdh0j54ILkad5iltXiwlYkGK/qj/wYJTo=,iv:OKudO04rv66DE2vYPleOy377jVn+sRLIazbs2A8ywgQ=,tag:Zy6oyaZm+5ukH78fbm5rVA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1