first config pi / attempt at sops

2024-10-28 13:45:36 -04:00 · 2024-10-28 13:45:36 -04:00 · 4994ba4f77
commit 4994ba4f77
parent 71ec2a349f
4 changed files with 85 additions and 0 deletions
--- a/devices/pi/configuration.nix
+++ b/devices/pi/configuration.nix
@ -0,0 +1,60 @@
+{ inputs, config, pkgs, lib, ... }:
+
+let
+  user = "polen";
+  password = "guest";
+  SSID = "Cogeco-F710";
+  SSIDpassword = "mypassword";
+  interface = "wlan0";
+  hostname = "pi";
+in {
+	# imports = [
+	# 	inputs.sops-nix.nixosModules.ops
+	# ];
+
+	# sops.defaultSopsFile = ../../secrets/secrets.yaml;
+	# sops.defaultSopsFormat = "yaml";
+	# sops.age.keyFile = "/home/polen/.config/sops/age/keys.txt";
+
+  boot = {
+    kernelPackages = pkgs.linuxKernel.packages.linux_rpi3;
+    initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ];
+    loader = {
+      grub.enable = false;
+      generic-extlinux-compatible.enable = true;
+    };
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-label/NIXOS_SD";
+      fsType = "ext4";
+      options = [ "noatime" ];
+    };
+  };
+
+  networking = {
+    hostName = hostname;
+    wireless = {
+      enable = true;
+      networks."${SSID}".psk = SSIDpassword;
+      interfaces = [ interface ];
+    };
+  };
+
+  environment.systemPackages = with pkgs; [ nvim ];
+
+  services.openssh.enable = true;
+
+  users = {
+    mutableUsers = false;
+    users."${user}" = {
+      isNormalUser = true;
+      password = password;
+      extraGroups = [ "wheel" ];
+    };
+  };
+
+  hardware.enableRedistributableFirmware = true;
+  system.stateVersion = "23.11";
+}
--- a/devices/xps13/configuration.nix
+++ b/devices/xps13/configuration.nix
@ -73,6 +73,7 @@
    ranger
    git
    home-manager
+		sops

    waybar
    mako
--- a/flake.nix
+++ b/flake.nix
@ -3,6 +3,7 @@

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+		inputs.sops-nix.url = "github:Mic92/sops-nix";
  };

  outputs = { nixpkgs, ... }@inputs:
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@ -0,0 +1,23 @@
+home_ssid_password: ENC[AES256_GCM,data:HIa5aXWpKOplJEnoU7Zb,iv:iHlZacIaxQAU4R1tYa/pe3hSDZ362V5xzUS6Vzq+WrM=,tag:1KimN0cbHO4rsa8oEgodZQ==,type:str]
+pi:
+    password: ENC[AES256_GCM,data:b0v9Y6WBhlBadiEvtA==,iv:xgQm/eDyOPQnTGN18OJhsJLnrRId08X+weuL1MaSxVA=,tag:ljIVNf3F9Wog6YIo8KoyoA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1x8qsd7kxxjvan4psvnvua3r0emljsnq07agxnu6jqw56ky8z6faqyjq0e3
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRERMSmlNaW9IS2JnTjZ4
+            R05QR0RiSDF5VEFKTnZxUFJhR2hLTEwrNVhVCk1XUFhSb0lnUzYrOUxTSVpCaHpI
+            MWFDc0k2QS9VQ3oyb1A1OHhJWW9MUFEKLS0tIHpRYWY0R1ZEVHhTR3BWV0JFZ255
+            YVRBRytnc3VtM1NtbTNaN29DZjU0TmcKPrRqR+UbN/WjSCk15AVIlVW9dv8H+CLQ
+            /YJUKHsgMaspBDipyPL5YJX/jGNZYgRrOGepCaUGUMaGmd6yEnZBVg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-10-28T15:37:46Z"
+    mac: ENC[AES256_GCM,data:SlzSXZdB37Iohns3WDLeQ5tS25utXcCSjXYuGgK8NPz3E1IGVM7dwZoQ7A2n0SHw5+j9gDuw6aPEP7ediBwgS0882uzBBgCHNLZCDwVf3uAdn1CvqTT5DeXfjBufrziuxnLpYo3ajqwdh0j54ILkad5iltXiwlYkGK/qj/wYJTo=,iv:OKudO04rv66DE2vYPleOy377jVn+sRLIazbs2A8ywgQ=,tag:Zy6oyaZm+5ukH78fbm5rVA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1