filepimp: init with secrets

2023-09-21 22:41:13 +02:00 · 2023-09-21 22:41:13 +02:00 · 0cc0d62327
parent 92bccb7713
commit 0cc0d62327
4 changed files with 66 additions and 10 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -7,6 +7,7 @@ keys:
  - &wbob_host age1fz3fm09mpur0r5pp43tyuzemkx3f0gfwtgfxj6usv28apq8pfc6qnw3z2s
  - &cake_host age12xhv7z8w3zaq2c0mf940a8afnardplye9fd6p2m5ynnck3k7vd7q00sqjy
  - &savarcast_host age1x98njnqerw9nw9pzud4h6tjqqtxdmw0ugqry8uehnflk24d023tqrsuf0f
+  - &filepimp_host age1x98njnqerw9nw9pzud4h6tjqqtxdmw0ugqry8uehnflk24d023tqrsuf0f
 creation_rules:
  - path_regex: secrets/common.yaml$
    key_groups:
@ -21,6 +22,12 @@ creation_rules:
      - *omo_host
      - *gum_host
  # host secrets
+  - path_regex: secrets/filepimp.yaml$
+    key_groups:
+    - pgp:
+      - *makefu
+      age:
+      - *filepimp_host
  - path_regex: secrets/x.yaml$
    key_groups:
    - pgp:
--- a/1systems/filepimp/config.nix
+++ b/1systems/filepimp/config.nix
@ -6,12 +6,12 @@ in {
  imports =
    [ # Include the results of the hardware scan.
      ./hw.nix
-      <stockholm/makefu>
-      <stockholm/makefu/2configs/home-manager>
-      <stockholm/makefu/2configs/fs/single-partition-ext4.nix>
-      <stockholm/makefu/2configs/smart-monitor.nix>
-      <stockholm/makefu/2configs/tinc/retiolum.nix>
-      <stockholm/makefu/2configs/filepimp-share.nix>
+      ../../2configs
+      ../../2configs/home-manager
+      ../../2configs/fs/single-partition-ext4.nix
+      ../../2configs/smart-monitor.nix
+      ../../2configs/tinc/retiolum.nix
+      ../../2configs/filepimp-share.nix
    ];

  krebs.build.host = config.krebs.hosts.filepimp;
--- a/flake.nix
+++ b/flake.nix
@ -38,10 +38,14 @@
    lanzaboote.url = "github:nix-community/lanzaboote/v0.3.0";
    lanzaboote.inputs.nixpkgs.follows = "nixpkgs";

-  };
-  description = "Flakes of makefu";
+    vscode-server.url = "github:nix-community/nixos-vscode-server";
+    vscode-server.inputs.nixpkgs.follows = "nixpkgs";

-  outputs = { self, nixpkgs, lanzaboote, disko, nixos-hardware, nix-ld, sops-nix, stockholm, home-manager, nix-writers, ...}@inputs: let
+  };
+  description = "Flake of makefu";
+
+  outputs = { self, nixpkgs, lanzaboote, disko, nixos-hardware, nix-ld,
+              sops-nix, stockholm, home-manager, nix-writers, vscode-server, ...}@inputs: let
      inherit (nixpkgs) lib;
  in {
    nixosModules =
@ -53,7 +57,7 @@
          (lib.attrNames (builtins.readDir ./3modules))));

    overlays.default = import ./5pkgs/default.nix;
-    nixosConfigurations = lib.genAttrs [ "mrdavid" "x" "cake" "tsp" "wbob" "omo" "gum" "savarcast" ] (host: nixpkgs.lib.nixosSystem rec {
+    nixosConfigurations = lib.genAttrs [ "filepimp" "mrdavid" "x" "cake" "tsp" "wbob" "omo" "gum" "savarcast" ] (host: nixpkgs.lib.nixosSystem rec {
      # TODO inject the system somewhere else
      system = if host == "cake" then  "aarch64-linux" else "x86_64-linux";
      specialArgs = {
@ -101,6 +105,7 @@
        stockholm.nixosModules.urlwatch

        self.nixosModules.default
+        vscode-server.nixosModules.default
        #self.nixosModules.krebs
        (./1systems + "/${host}/config.nix")
      ];
--- a/secrets/filepimp.yaml
+++ b/secrets/filepimp.yaml
@ -0,0 +1,44 @@
+retiolum.ed25519_key.priv: ENC[AES256_GCM,data:g7LcQGS7GN8b3QxOtu14kF8Js/LCSSqMgnJFy7iLUc86Bu0hg+U3OzieIUMZnnWSZUItWGTNI12NOwyU+nwaSJxNEZCBAoqbeDrgQeGjhQquLddZrC9GHEQzTDhDpBEJBGRWCQuvcGr3cQy7lc/wRfl41sDB1gwieY8xVMsmccfN5NteuEVJEitrwM9uR9aF1+SWF18tzvp7K6IDAXW63+qyfSk6+eBWkbFCbnkqLeBQWrBPQmDq1b8pchmpKUcOrZo5wpd/hx8=,iv:3aAdU+ybx5vc6/Xmb1VkLQI260YgBqfqjTj7yxrHo3Q=,tag:67KTiBENs3Dw9S7GBS3v1g==,type:str]
+retiolum.rsa_key.priv: ENC[AES256_GCM,data:Slq0kHwNE52lmzr5FazPbn3GKGnWDyUtCmOhbAChvcEWzI4+DhBDuTh1wKASjcSdXLxoIMWmEUjLqeYwfspvn9r3zPGpN0GWpJ4fIkqdElGXvZ/r2aiABqN9Ga9cIZf0oFL1A9F5e/L/Sbqjz43niAgRJM/qq/xff7M6GNGvB3/epuOyLUKejmgPqe0mQXQBtws7Kvh8OLaJQnMG2gFA9pq7wVY2KLmDdiELdjT8RlJSl5S4SFf3m0LuptSveC/FKmymch9NVoRFg5tewBRVvgH6kK/VAFrsfPjl1WRF00L3/1bBDuFOxq7fd1wEAc42vRRkTPoSilALDylmkPhd+XRGGKvTRoTodeApZhtu5B1ipHdEhtmkKOA2LTdkuGQ/leS+TnreEC3YpZL77GYBdDndpzT1BODWRcarkOObPJddglxnfYjTwdFmrD8FYWuBoYnJzSacuDyDO+1qCUAu6NRA0YGXIc7S1CvySQIC858zgCAbKZrs5nomvZPbE+dpSNNgE4anehVfWpNGxdd23eMZEiNIkJUmStXoEk8c3QdpZPvO+DofXhlFcDqvKGHW/Gf+1pAJBNQ1nWCIzoY+FPvUSzPkYpgq0wsMhb1xhXO5U65873bj3AnvUyS12+cJCGvPRKdUwc7JQpzjEw3pLme2uSKINqs7VO5BA8A56LU+bQnDxZnCQtf7UmDdLJSMGWzHgWGZsybXMQzD8eLw5cIF4R4GC04AkAVTDi5AM3TZq/eT3icR7R7DdNTsNQeQkTv5kVqWtf2kIW5ZyP7vwSGGvt03kk5wk45/Xl+wv7gx+eqeISuUCOrAFzyFOCdNokemQlvH2ILj3adgo7zr0Zkww1pHO5ZoMCEq7r/PW1JQLZYcxqnk+XqIBobGHx9nAy4hPRfYYncwA89yCJAW+pajr1ZlPmogr1Os4jBBt0olpuykYMfWJffcM45d4OuK65zyFCwFe5zSx8yypZJIh9yGAN0HW1E2BHRfa3iBXkNaKc5iE3lz0ULOjcbnIU7eKeeHgsJctx5iYjxSY1sVTbxzRo+1jS+fKeuNPa9qW51rMi7Hcp/0WeXLPwdIt7X1fjBQ9aJ5XFgUIcwMI1loIganag0BtwmqSG7uJFHlfITX42189bMvhzncSQsclsDoqB6s1q3bmmf5s+QasNwCetQPn4kkexmy29jwg8PRObEFatCgduDkNKjh9kuNDmiAU6chv0iPnt8qKZXUNvHefCUnF6NBQOaCUMCwKohx00HKhNyiOwkR5l6kpeDp7vgty8RMeLyVkxOPSM2CfKJNmLoaGCc38hdLDTXeBWkJANQwBkIn9G1SCyeYWJKjt2HLr9yzyrf3c+Qh428brsIXJdScXhGdTz/ELsWgHzBb3gsJ66OAnCHvu1qRIsm10FWvyDsquxe3HjQz8WSY1BcIEo4YlTIiwhTmPLygjHKkCXVJv9kLYSS+SuUtnafvxYYhLlruA2DbUMAxi6leyYl2gIH3L+03CeYDY0fcRtp2k4dG1x/MgbvNAHQUcg+4gr9ImgRq/WxkHYd4TFC6fUEALZGGindP/W0Ip+f9s5fEhRomkikEVQ9+67jN7RRy+1rwXl38uT2fkbco458BeyUpeD6X0SX4ESts7F7iZ1n/5KKzTHkGR5iQFUyRtXrOAvwMp2iTSz+qzdBoloipbUAEnYSP73OK0//Rh/H+jtycTjK8JHUU+zhoIiQclGBuGNze25+/6hVu17GGIF06bMN8huQ+IUuNogM/227KkUq7NgI9CuDfiy5YzSY2wtmV8yWk4TE2ZjrM6IP6iz8Kj15ydUJ0ivGLaS7uhrxEqvElAeW9mwKfUKxxul71MSGeidE42K7zygLNi6INI0pf3tOhkuZeBxqFwn0L0kDVc1YAM46Tu7BDLtuvIomftEQzIlLJQM0faLKl8MBDgvw53L+cKCJCxDQYok2fwx2dH80Xqm5pNjoFWRytRcz2tk/czEXXcTM2twOpApbIFRUi7fUnSJMk9wNOV17G9fN68Zt8+wiPyIPmj2QsqXRxKAepSXyEH5VGg3d6t/7BFuwM0BIWFwW2cbNw+PbH5Ppi2ACpX3tf6mEOsJbdrEfa+yRBzGR4b/1zbp/xJwSrMrfCq/WA/oKH3cGjDes+2/XfWfw/NeTDQP/wHMCTvqIyU0Ku34ri+iN2sHrxlGIPz/33XK2QC9c2XmZsmIAqqMBMbFZy0pnWs30Czxv3BQ4ELQ==,iv:tSQmA147RKKfiwnNOM3D+aqhd/EoZ2b+WCaxcL1BBhU=,tag:l6jpC4yrNQ9vbZD7xi4+TQ==,type:str]
+retiolum.rsa_key.pub: ENC[AES256_GCM,data:RpNxJQxJkf8tw3m0tDKG8Du5M45sodfwtwwuacgOilsg22IPVZ+lfBtQeNR5R2psqEPmPBFi/4y6OTQlI97o5EZKQgAnpKetXlTuOVQaWjgRLYims+KCR+9C/sGYXDZvZCs5x+n+jTiFtCoppLAprW1XgEPmBuoh4u+pnKnu+RRQNgWIP10BPz3Vi6NmE0B+GNz5s4pQnNgkHhM20jrWgLa+S2A/VCfpeKOjrg3sOreZ1/fcNzB7J2/71vywjE0zt2jHCQ3MPT0EGX3NNYNxg6lQxUHlZc0wl8hUlSLMCBQInmdcWerMXWrYpImQmV7zW8wRq+4BiO0LVvNVrZwW33YhTxFQdpzakAPoAFmBXfEVVuAqRNFjvrmHmtwHnTKi4N2rhbY1luiy6d6LoiORqAbdv1ZY4K0zO+1lcHAYIhQ/wqb8YbMklJieweB0o202jCds/Nkf4QPoLkZaVgSSpNHxA8dFu4EiL3cGguZON5z+K5WeGk4kgpQWmuLCXeCPhXxbdBscfYxjHgET05FlSsFRc1pEVnUxFxPOW2sBzeK5JU4kXUBlG/3C,iv:x3S2vAwdmlzmhn4Hxrsaf+SykK3gi7RmGImUl2kR+KA=,tag:7qEj2TLXvGm5ma3tV5u4vQ==,type:str]
+sambacred: ENC[AES256_GCM,data:2D+ykHX6IuBzWfW6rzv/uOcb43FY6NjNljHZFYS0rYd/DUEdNB1Ay0jN5b5fmXa16Q==,iv:n2ECPLH8ODyltL91s3WubfVGzBMy0/dxbrx2yHaLRMg=,tag:3xkUeu2wyHUrpkD587IGWg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1x98njnqerw9nw9pzud4h6tjqqtxdmw0ugqry8uehnflk24d023tqrsuf0f
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxV2NRcGZXcXNwVVNMbHNh
+            M1FUMkc4TXREdThMMGZ2NkFBdVMvcEFaQUV3Cm85WHlhenBXajVRN0RvTnh1Skgv
+            NnJ1b3orTTRVd2p2QzdVRk9ycEMvOHMKLS0tIEpRS0xybisyU3YvTnk3aWJHWVk5
+            NEp0SG91am9oMGhIVEM3Rm4xZWw3OWMKhDxmEO0c/kj+SRhoJhB30txsddtlTPAw
+            9ruWXnIlOiBgxsbrTqC9JWDglYl8qV6xhWSMnhkqA7dh/pMSKykKqA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-09-21T20:30:35Z"
+    mac: ENC[AES256_GCM,data:L6qCecYAmgA6onal+O5M5OYzbEV4S1ol3KcIRSqdrcuhj8vC37EbW1uvRTq0P0vXC7hw9AFrRgbEpjVKiVTSkAU4kmGIY6dP7e88t5VdTQ5k2AIdCqDTXjqvKlDo/A/SneUgxq9yABngdHaT6xfT6YAPZAMHg1NkMwQ22w3fa/s=,iv:yNif70Sy+oBnPvl6FOu535b5gn7gIP0sKVdq/g+AYY0=,tag:0VxdZ5hhcdcVqsnWwI3SWQ==,type:str]
+    pgp:
+        - created_at: "2023-09-21T20:30:02Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            wcFMA9JutVRDNegnAQ/9GInwub6EPJlUlSMCq7DdhryygmL1UvtYxuD/idcWWJG4
+            F/ARipjQIG9M2shLhBm5pWhqCMRJNsPSSAvKcJpDXke2lU3ihjcEYCjgu22lfJPv
+            x95gXpzShvVyUpFdKZ0+hLrJqtT24XS1eJ1S/5dCkNb/ADfgTfbFx8ZYNkDJaKky
+            lF9Bbt/YKPAJJg4lcBOb0VMK1Nu0FYgpbTo78HQ2p42PA20iQzacqGPtQPRiufvf
+            XJnUXHawEz+LvnjsfUVq8mBS9IODju0ULeDKnAwgp/sj02rW74ivAwH+lcI87YzV
+            7z+Em33OmZqAjU9w+wwGXG87bq5OpOJafcGOTNyTEK2eO6+drBNbtp+MG/97o3LB
+            ANOEsiXtUFAlCoOfhkzfsYEhoHggHXKQHuiWbap5wwRfXrhI8d510bUK/zNXFy0n
+            9/8PE7uhFUjuKXQga2qq8SH0uvYICchOOIo8jtZ1ZmAxkkFvQBnSnNlS7hgwxh3u
+            HDyapa0lDorZKAcSj5qt9hgaAZp81cO0IxkG/gjKDGvy0cnjVxQVmv/Vk3JB+4Wo
+            4eX2GD0Ywp23fndCoEgl0qTHcNc4pTbejTF7Y36sj2uvySz4mUUVatHueSn/zQv+
+            PE2hXsBkDe8jQvfd1Bj6k6GkvqpWfLT1qr5/yaCovlVcCyYcX1W+0N/IzxOsLOXS
+            UQEBK+VxlpqLuGyS1iKJmQwQ9HiA/ZqCvEeu8b5cGTZLURaJY5+zfEXt/NfEtgFG
+            d7ROgdESX38PsEyt+m60fUcECOKblHw+YBBB47jjdEEjIA==
+            =txlR
+            -----END PGP MESSAGE-----
+          fp: F7B8DCE46BC6B0A8F95477C8563B8DFE2A0E2029
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3