From 0cc0d623270626889da90a1a83533db544466044 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 21 Sep 2023 22:41:13 +0200 Subject: [PATCH] filepimp: init with secrets --- .sops.yaml | 7 ++++++ 1systems/filepimp/config.nix | 12 +++++----- flake.nix | 13 +++++++---- secrets/filepimp.yaml | 44 ++++++++++++++++++++++++++++++++++++ 4 files changed, 66 insertions(+), 10 deletions(-) create mode 100644 secrets/filepimp.yaml diff --git a/.sops.yaml b/.sops.yaml index 3832056..8574a02 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -7,6 +7,7 @@ keys: - &wbob_host age1fz3fm09mpur0r5pp43tyuzemkx3f0gfwtgfxj6usv28apq8pfc6qnw3z2s - &cake_host age12xhv7z8w3zaq2c0mf940a8afnardplye9fd6p2m5ynnck3k7vd7q00sqjy - &savarcast_host age1x98njnqerw9nw9pzud4h6tjqqtxdmw0ugqry8uehnflk24d023tqrsuf0f + - &filepimp_host age1x98njnqerw9nw9pzud4h6tjqqtxdmw0ugqry8uehnflk24d023tqrsuf0f creation_rules: - path_regex: secrets/common.yaml$ key_groups: @@ -21,6 +22,12 @@ creation_rules: - *omo_host - *gum_host # host secrets + - path_regex: secrets/filepimp.yaml$ + key_groups: + - pgp: + - *makefu + age: + - *filepimp_host - path_regex: secrets/x.yaml$ key_groups: - pgp: diff --git a/1systems/filepimp/config.nix b/1systems/filepimp/config.nix index 3edfffb..418aad1 100644 --- a/1systems/filepimp/config.nix +++ b/1systems/filepimp/config.nix @@ -6,12 +6,12 @@ in { imports = [ # Include the results of the hardware scan. ./hw.nix - - - - - - + ../../2configs + ../../2configs/home-manager + ../../2configs/fs/single-partition-ext4.nix + ../../2configs/smart-monitor.nix + ../../2configs/tinc/retiolum.nix + ../../2configs/filepimp-share.nix ]; krebs.build.host = config.krebs.hosts.filepimp; diff --git a/flake.nix b/flake.nix index f89c115..5aaf119 100644 --- a/flake.nix +++ b/flake.nix @@ -38,10 +38,14 @@ lanzaboote.url = "github:nix-community/lanzaboote/v0.3.0"; lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; - }; - description = "Flakes of makefu"; + vscode-server.url = "github:nix-community/nixos-vscode-server"; + vscode-server.inputs.nixpkgs.follows = "nixpkgs"; - outputs = { self, nixpkgs, lanzaboote, disko, nixos-hardware, nix-ld, sops-nix, stockholm, home-manager, nix-writers, ...}@inputs: let + }; + description = "Flake of makefu"; + + outputs = { self, nixpkgs, lanzaboote, disko, nixos-hardware, nix-ld, + sops-nix, stockholm, home-manager, nix-writers, vscode-server, ...}@inputs: let inherit (nixpkgs) lib; in { nixosModules = @@ -53,7 +57,7 @@ (lib.attrNames (builtins.readDir ./3modules)))); overlays.default = import ./5pkgs/default.nix; - nixosConfigurations = lib.genAttrs [ "mrdavid" "x" "cake" "tsp" "wbob" "omo" "gum" "savarcast" ] (host: nixpkgs.lib.nixosSystem rec { + nixosConfigurations = lib.genAttrs [ "filepimp" "mrdavid" "x" "cake" "tsp" "wbob" "omo" "gum" "savarcast" ] (host: nixpkgs.lib.nixosSystem rec { # TODO inject the system somewhere else system = if host == "cake" then "aarch64-linux" else "x86_64-linux"; specialArgs = { @@ -101,6 +105,7 @@ stockholm.nixosModules.urlwatch self.nixosModules.default + vscode-server.nixosModules.default #self.nixosModules.krebs (./1systems + "/${host}/config.nix") ]; diff --git a/secrets/filepimp.yaml b/secrets/filepimp.yaml new file mode 100644 index 0000000..a2d1aef --- /dev/null +++ b/secrets/filepimp.yaml @@ -0,0 +1,44 @@ +retiolum.ed25519_key.priv: ENC[AES256_GCM,data:g7LcQGS7GN8b3QxOtu14kF8Js/LCSSqMgnJFy7iLUc86Bu0hg+U3OzieIUMZnnWSZUItWGTNI12NOwyU+nwaSJxNEZCBAoqbeDrgQeGjhQquLddZrC9GHEQzTDhDpBEJBGRWCQuvcGr3cQy7lc/wRfl41sDB1gwieY8xVMsmccfN5NteuEVJEitrwM9uR9aF1+SWF18tzvp7K6IDAXW63+qyfSk6+eBWkbFCbnkqLeBQWrBPQmDq1b8pchmpKUcOrZo5wpd/hx8=,iv:3aAdU+ybx5vc6/Xmb1VkLQI260YgBqfqjTj7yxrHo3Q=,tag:67KTiBENs3Dw9S7GBS3v1g==,type:str] +retiolum.rsa_key.priv: ENC[AES256_GCM,data:Slq0kHwNE52lmzr5FazPbn3GKGnWDyUtCmOhbAChvcEWzI4+DhBDuTh1wKASjcSdXLxoIMWmEUjLqeYwfspvn9r3zPGpN0GWpJ4fIkqdElGXvZ/r2aiABqN9Ga9cIZf0oFL1A9F5e/L/Sbqjz43niAgRJM/qq/xff7M6GNGvB3/epuOyLUKejmgPqe0mQXQBtws7Kvh8OLaJQnMG2gFA9pq7wVY2KLmDdiELdjT8RlJSl5S4SFf3m0LuptSveC/FKmymch9NVoRFg5tewBRVvgH6kK/VAFrsfPjl1WRF00L3/1bBDuFOxq7fd1wEAc42vRRkTPoSilALDylmkPhd+XRGGKvTRoTodeApZhtu5B1ipHdEhtmkKOA2LTdkuGQ/leS+TnreEC3YpZL77GYBdDndpzT1BODWRcarkOObPJddglxnfYjTwdFmrD8FYWuBoYnJzSacuDyDO+1qCUAu6NRA0YGXIc7S1CvySQIC858zgCAbKZrs5nomvZPbE+dpSNNgE4anehVfWpNGxdd23eMZEiNIkJUmStXoEk8c3QdpZPvO+DofXhlFcDqvKGHW/Gf+1pAJBNQ1nWCIzoY+FPvUSzPkYpgq0wsMhb1xhXO5U65873bj3AnvUyS12+cJCGvPRKdUwc7JQpzjEw3pLme2uSKINqs7VO5BA8A56LU+bQnDxZnCQtf7UmDdLJSMGWzHgWGZsybXMQzD8eLw5cIF4R4GC04AkAVTDi5AM3TZq/eT3icR7R7DdNTsNQeQkTv5kVqWtf2kIW5ZyP7vwSGGvt03kk5wk45/Xl+wv7gx+eqeISuUCOrAFzyFOCdNokemQlvH2ILj3adgo7zr0Zkww1pHO5ZoMCEq7r/PW1JQLZYcxqnk+XqIBobGHx9nAy4hPRfYYncwA89yCJAW+pajr1ZlPmogr1Os4jBBt0olpuykYMfWJffcM45d4OuK65zyFCwFe5zSx8yypZJIh9yGAN0HW1E2BHRfa3iBXkNaKc5iE3lz0ULOjcbnIU7eKeeHgsJctx5iYjxSY1sVTbxzRo+1jS+fKeuNPa9qW51rMi7Hcp/0WeXLPwdIt7X1fjBQ9aJ5XFgUIcwMI1loIganag0BtwmqSG7uJFHlfITX42189bMvhzncSQsclsDoqB6s1q3bmmf5s+QasNwCetQPn4kkexmy29jwg8PRObEFatCgduDkNKjh9kuNDmiAU6chv0iPnt8qKZXUNvHefCUnF6NBQOaCUMCwKohx00HKhNyiOwkR5l6kpeDp7vgty8RMeLyVkxOPSM2CfKJNmLoaGCc38hdLDTXeBWkJANQwBkIn9G1SCyeYWJKjt2HLr9yzyrf3c+Qh428brsIXJdScXhGdTz/ELsWgHzBb3gsJ66OAnCHvu1qRIsm10FWvyDsquxe3HjQz8WSY1BcIEo4YlTIiwhTmPLygjHKkCXVJv9kLYSS+SuUtnafvxYYhLlruA2DbUMAxi6leyYl2gIH3L+03CeYDY0fcRtp2k4dG1x/MgbvNAHQUcg+4gr9ImgRq/WxkHYd4TFC6fUEALZGGindP/W0Ip+f9s5fEhRomkikEVQ9+67jN7RRy+1rwXl38uT2fkbco458BeyUpeD6X0SX4ESts7F7iZ1n/5KKzTHkGR5iQFUyRtXrOAvwMp2iTSz+qzdBoloipbUAEnYSP73OK0//Rh/H+jtycTjK8JHUU+zhoIiQclGBuGNze25+/6hVu17GGIF06bMN8huQ+IUuNogM/227KkUq7NgI9CuDfiy5YzSY2wtmV8yWk4TE2ZjrM6IP6iz8Kj15ydUJ0ivGLaS7uhrxEqvElAeW9mwKfUKxxul71MSGeidE42K7zygLNi6INI0pf3tOhkuZeBxqFwn0L0kDVc1YAM46Tu7BDLtuvIomftEQzIlLJQM0faLKl8MBDgvw53L+cKCJCxDQYok2fwx2dH80Xqm5pNjoFWRytRcz2tk/czEXXcTM2twOpApbIFRUi7fUnSJMk9wNOV17G9fN68Zt8+wiPyIPmj2QsqXRxKAepSXyEH5VGg3d6t/7BFuwM0BIWFwW2cbNw+PbH5Ppi2ACpX3tf6mEOsJbdrEfa+yRBzGR4b/1zbp/xJwSrMrfCq/WA/oKH3cGjDes+2/XfWfw/NeTDQP/wHMCTvqIyU0Ku34ri+iN2sHrxlGIPz/33XK2QC9c2XmZsmIAqqMBMbFZy0pnWs30Czxv3BQ4ELQ==,iv:tSQmA147RKKfiwnNOM3D+aqhd/EoZ2b+WCaxcL1BBhU=,tag:l6jpC4yrNQ9vbZD7xi4+TQ==,type:str] +retiolum.rsa_key.pub: ENC[AES256_GCM,data:RpNxJQxJkf8tw3m0tDKG8Du5M45sodfwtwwuacgOilsg22IPVZ+lfBtQeNR5R2psqEPmPBFi/4y6OTQlI97o5EZKQgAnpKetXlTuOVQaWjgRLYims+KCR+9C/sGYXDZvZCs5x+n+jTiFtCoppLAprW1XgEPmBuoh4u+pnKnu+RRQNgWIP10BPz3Vi6NmE0B+GNz5s4pQnNgkHhM20jrWgLa+S2A/VCfpeKOjrg3sOreZ1/fcNzB7J2/71vywjE0zt2jHCQ3MPT0EGX3NNYNxg6lQxUHlZc0wl8hUlSLMCBQInmdcWerMXWrYpImQmV7zW8wRq+4BiO0LVvNVrZwW33YhTxFQdpzakAPoAFmBXfEVVuAqRNFjvrmHmtwHnTKi4N2rhbY1luiy6d6LoiORqAbdv1ZY4K0zO+1lcHAYIhQ/wqb8YbMklJieweB0o202jCds/Nkf4QPoLkZaVgSSpNHxA8dFu4EiL3cGguZON5z+K5WeGk4kgpQWmuLCXeCPhXxbdBscfYxjHgET05FlSsFRc1pEVnUxFxPOW2sBzeK5JU4kXUBlG/3C,iv:x3S2vAwdmlzmhn4Hxrsaf+SykK3gi7RmGImUl2kR+KA=,tag:7qEj2TLXvGm5ma3tV5u4vQ==,type:str] +sambacred: ENC[AES256_GCM,data:2D+ykHX6IuBzWfW6rzv/uOcb43FY6NjNljHZFYS0rYd/DUEdNB1Ay0jN5b5fmXa16Q==,iv:n2ECPLH8ODyltL91s3WubfVGzBMy0/dxbrx2yHaLRMg=,tag:3xkUeu2wyHUrpkD587IGWg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1x98njnqerw9nw9pzud4h6tjqqtxdmw0ugqry8uehnflk24d023tqrsuf0f + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxV2NRcGZXcXNwVVNMbHNh + M1FUMkc4TXREdThMMGZ2NkFBdVMvcEFaQUV3Cm85WHlhenBXajVRN0RvTnh1Skgv + NnJ1b3orTTRVd2p2QzdVRk9ycEMvOHMKLS0tIEpRS0xybisyU3YvTnk3aWJHWVk5 + NEp0SG91am9oMGhIVEM3Rm4xZWw3OWMKhDxmEO0c/kj+SRhoJhB30txsddtlTPAw + 9ruWXnIlOiBgxsbrTqC9JWDglYl8qV6xhWSMnhkqA7dh/pMSKykKqA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-09-21T20:30:35Z" + mac: ENC[AES256_GCM,data:L6qCecYAmgA6onal+O5M5OYzbEV4S1ol3KcIRSqdrcuhj8vC37EbW1uvRTq0P0vXC7hw9AFrRgbEpjVKiVTSkAU4kmGIY6dP7e88t5VdTQ5k2AIdCqDTXjqvKlDo/A/SneUgxq9yABngdHaT6xfT6YAPZAMHg1NkMwQ22w3fa/s=,iv:yNif70Sy+oBnPvl6FOu535b5gn7gIP0sKVdq/g+AYY0=,tag:0VxdZ5hhcdcVqsnWwI3SWQ==,type:str] + pgp: + - created_at: "2023-09-21T20:30:02Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA9JutVRDNegnAQ/9GInwub6EPJlUlSMCq7DdhryygmL1UvtYxuD/idcWWJG4 + F/ARipjQIG9M2shLhBm5pWhqCMRJNsPSSAvKcJpDXke2lU3ihjcEYCjgu22lfJPv + x95gXpzShvVyUpFdKZ0+hLrJqtT24XS1eJ1S/5dCkNb/ADfgTfbFx8ZYNkDJaKky + lF9Bbt/YKPAJJg4lcBOb0VMK1Nu0FYgpbTo78HQ2p42PA20iQzacqGPtQPRiufvf + XJnUXHawEz+LvnjsfUVq8mBS9IODju0ULeDKnAwgp/sj02rW74ivAwH+lcI87YzV + 7z+Em33OmZqAjU9w+wwGXG87bq5OpOJafcGOTNyTEK2eO6+drBNbtp+MG/97o3LB + ANOEsiXtUFAlCoOfhkzfsYEhoHggHXKQHuiWbap5wwRfXrhI8d510bUK/zNXFy0n + 9/8PE7uhFUjuKXQga2qq8SH0uvYICchOOIo8jtZ1ZmAxkkFvQBnSnNlS7hgwxh3u + HDyapa0lDorZKAcSj5qt9hgaAZp81cO0IxkG/gjKDGvy0cnjVxQVmv/Vk3JB+4Wo + 4eX2GD0Ywp23fndCoEgl0qTHcNc4pTbejTF7Y36sj2uvySz4mUUVatHueSn/zQv+ + PE2hXsBkDe8jQvfd1Bj6k6GkvqpWfLT1qr5/yaCovlVcCyYcX1W+0N/IzxOsLOXS + UQEBK+VxlpqLuGyS1iKJmQwQ9HiA/ZqCvEeu8b5cGTZLURaJY5+zfEXt/NfEtgFG + d7ROgdESX38PsEyt+m60fUcECOKblHw+YBBB47jjdEEjIA== + =txlR + -----END PGP MESSAGE----- + fp: F7B8DCE46BC6B0A8F95477C8563B8DFE2A0E2029 + unencrypted_suffix: _unencrypted + version: 3.7.3