secrets hidden / ready to be public
This commit is contained in:
parent
41131223bb
commit
ea715d7924
6 changed files with 86 additions and 14 deletions
9
.sops.yaml
Normal file
9
.sops.yaml
Normal file
|
|
@ -0,0 +1,9 @@
|
||||||
|
keys:
|
||||||
|
- &xps13 age1x8qsd7kxxjvan4psvnvua3r0emljsnq07agxnu6jqw56ky8z6faqyjq0e3
|
||||||
|
- &pi age1y2s7ah49jmhd8n05q7tw0gjcnv3390s0uxp3ewjqueekq7a7rvdqzytgd2
|
||||||
|
creation_rules:
|
||||||
|
- path_regex: secrets/secrets.yaml$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *xps13
|
||||||
|
- *pi
|
||||||
4
Makefile
4
Makefile
|
|
@ -1,2 +1,6 @@
|
||||||
build-pi-image:
|
build-pi-image:
|
||||||
nix build .#nixosConfigurations.pi.config.system.build.sdImage --print-out-paths
|
nix build .#nixosConfigurations.pi.config.system.build.sdImage --print-out-paths
|
||||||
|
|
||||||
|
# Doest work yet
|
||||||
|
rebuild-pi:
|
||||||
|
nixos-rebuild switch --flake .#pi --target-host polen@192.168.1.241 --use-remote-sudo
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,6 @@
|
||||||
|
|
||||||
let
|
let
|
||||||
user = "polen";
|
user = "polen";
|
||||||
password = "password";
|
|
||||||
hostname = "pi";
|
hostname = "pi";
|
||||||
in {
|
in {
|
||||||
boot = {
|
boot = {
|
||||||
|
|
@ -22,12 +21,20 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sops.defaultSopsFile = ../../secrets/secrets.yaml;
|
||||||
|
sops.defaultSopsFormat = "yaml";
|
||||||
|
sops.age.keyFile = "/home/polen/.config/sops/age/keys.txt";
|
||||||
|
|
||||||
|
sops.secrets.pi_user_pass.neededForUsers = true;
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
networkmanager.enable = true;
|
networkmanager.enable = true;
|
||||||
wireless.enable = false;
|
wireless.enable = false;
|
||||||
hostName = hostname;
|
hostName = hostname;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
nix.settings.trusted-users = [ "polen" ];
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
neovim
|
neovim
|
||||||
tmux
|
tmux
|
||||||
|
|
@ -45,7 +52,7 @@ in {
|
||||||
mutableUsers = false;
|
mutableUsers = false;
|
||||||
users."${user}" = {
|
users."${user}" = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
password = password;
|
hashedPasswordFile = config.sops.secrets.pi_user_pass.path;
|
||||||
extraGroups = [ "wheel" "docker" ];
|
extraGroups = [ "wheel" "docker" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
54
flake.lock
generated
54
flake.lock
generated
|
|
@ -16,9 +16,61 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixpkgs-stable": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1730602179,
|
||||||
|
"narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "release-24.05",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs_2": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1730272153,
|
||||||
|
"narHash": "sha256-B5WRZYsRlJgwVHIV6DvidFN7VX7Fg9uuwkRW9Ha8z+w=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "2d2a9ddbe3f2c00747398f3dc9b05f7f2ebb0f53",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixpkgs-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": "nixpkgs"
|
"nixpkgs": "nixpkgs",
|
||||||
|
"sops-nix": "sops-nix"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"sops-nix": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": "nixpkgs_2",
|
||||||
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1730883027,
|
||||||
|
"narHash": "sha256-pvXMOJIqRW0trsW+FzRMl6d5PbsM4rWfD5lcKCOrrwI=",
|
||||||
|
"owner": "Mic92",
|
||||||
|
"repo": "sops-nix",
|
||||||
|
"rev": "c5ae1e214ff935f2d3593187a131becb289ea639",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "Mic92",
|
||||||
|
"repo": "sops-nix",
|
||||||
|
"type": "github"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -3,9 +3,10 @@
|
||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||||
|
sops-nix.url = "github:Mic92/sops-nix";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = {nixpkgs, ...} @ inputs: {
|
outputs = {nixpkgs, sops-nix ,...} @ inputs: {
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
default = nixpkgs.lib.nixosSystem {
|
default = nixpkgs.lib.nixosSystem {
|
||||||
specialArgs = {inherit inputs;};
|
specialArgs = {inherit inputs;};
|
||||||
|
|
@ -21,6 +22,7 @@
|
||||||
modules = [
|
modules = [
|
||||||
"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix"
|
"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix"
|
||||||
./devices/pi/configuration.nix
|
./devices/pi/configuration.nix
|
||||||
|
sops-nix.nixosModules.sops
|
||||||
{
|
{
|
||||||
sdImage.compressImage = false;
|
sdImage.compressImage = false;
|
||||||
nixpkgs.overlays = [
|
nixpkgs.overlays = [
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,4 @@
|
||||||
home_ssid_password: ENC[AES256_GCM,data:HIa5aXWpKOplJEnoU7Zb,iv:iHlZacIaxQAU4R1tYa/pe3hSDZ362V5xzUS6Vzq+WrM=,tag:1KimN0cbHO4rsa8oEgodZQ==,type:str]
|
pi_user_pass: ENC[AES256_GCM,data:X5u07UvEov5eYWks,iv:SPDFU01/5WThCSZjj1pExNZENhmIG2W6LvHfpPH5TS0=,tag:z5bhJ2TrX6Bevd40O1nPxg==,type:str]
|
||||||
pi:
|
|
||||||
password: ENC[AES256_GCM,data:b0v9Y6WBhlBadiEvtA==,iv:xgQm/eDyOPQnTGN18OJhsJLnrRId08X+weuL1MaSxVA=,tag:ljIVNf3F9Wog6YIo8KoyoA==,type:str]
|
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
|
@ -10,14 +8,14 @@ sops:
|
||||||
- recipient: age1x8qsd7kxxjvan4psvnvua3r0emljsnq07agxnu6jqw56ky8z6faqyjq0e3
|
- recipient: age1x8qsd7kxxjvan4psvnvua3r0emljsnq07agxnu6jqw56ky8z6faqyjq0e3
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRERMSmlNaW9IS2JnTjZ4
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxN2ZzTUpSeWRWejVxVm4y
|
||||||
R05QR0RiSDF5VEFKTnZxUFJhR2hLTEwrNVhVCk1XUFhSb0lnUzYrOUxTSVpCaHpI
|
dzF3MU9DOTBTZUF0Y3I2SUVURGZCZDBqTVV3ClNwL29hejN2OFdVaHk2TEppNWFj
|
||||||
MWFDc0k2QS9VQ3oyb1A1OHhJWW9MUFEKLS0tIHpRYWY0R1ZEVHhTR3BWV0JFZ255
|
V3NYcEM4RHNyWUszWFlLa2pXa2FyVmsKLS0tIExOL254cGh4RkJDandqZzJ2RjRi
|
||||||
YVRBRytnc3VtM1NtbTNaN29DZjU0TmcKPrRqR+UbN/WjSCk15AVIlVW9dv8H+CLQ
|
b3AxOTd2VmdHdXd5c3NNTkJoYW12bUUKbX199Z7jI6nornm0erzm7dSQ+XuxAnXb
|
||||||
/YJUKHsgMaspBDipyPL5YJX/jGNZYgRrOGepCaUGUMaGmd6yEnZBVg==
|
glw60TnUSnLUWIHTTx/jVSRR4uO5I6FzxUUfVJ2BMOn/eUNa5BJ70A==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-10-28T15:37:46Z"
|
lastmodified: "2024-11-07T04:04:03Z"
|
||||||
mac: ENC[AES256_GCM,data:SlzSXZdB37Iohns3WDLeQ5tS25utXcCSjXYuGgK8NPz3E1IGVM7dwZoQ7A2n0SHw5+j9gDuw6aPEP7ediBwgS0882uzBBgCHNLZCDwVf3uAdn1CvqTT5DeXfjBufrziuxnLpYo3ajqwdh0j54ILkad5iltXiwlYkGK/qj/wYJTo=,iv:OKudO04rv66DE2vYPleOy377jVn+sRLIazbs2A8ywgQ=,tag:Zy6oyaZm+5ukH78fbm5rVA==,type:str]
|
mac: ENC[AES256_GCM,data:7UGKhfZg3SNg1f74nQiax4F7CB8NC12uIpTlQDtb8d1iiu5AdPZHwzlkpXbzkIp26g61pI8qXcvdjmToWjaWzsbUZ2Mo8/HEzOtV8HzxAeQFAyYBhIFAS0q0WzN/yijI7fQeHKnhZ/YCUuHQAZ94bBBSnkVTVOKf6mR7Pu1klr4=,iv:DzOwKxrcJse6yyOw+l7+wgEGBI36HWnebLE7js4VRiE=,tag:BIR67kZzZJZo+Kfie4wIvw==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue