filepimp: init with secrets
This commit is contained in:
parent
92bccb7713
commit
0cc0d62327
|
@ -7,6 +7,7 @@ keys:
|
||||||
- &wbob_host age1fz3fm09mpur0r5pp43tyuzemkx3f0gfwtgfxj6usv28apq8pfc6qnw3z2s
|
- &wbob_host age1fz3fm09mpur0r5pp43tyuzemkx3f0gfwtgfxj6usv28apq8pfc6qnw3z2s
|
||||||
- &cake_host age12xhv7z8w3zaq2c0mf940a8afnardplye9fd6p2m5ynnck3k7vd7q00sqjy
|
- &cake_host age12xhv7z8w3zaq2c0mf940a8afnardplye9fd6p2m5ynnck3k7vd7q00sqjy
|
||||||
- &savarcast_host age1x98njnqerw9nw9pzud4h6tjqqtxdmw0ugqry8uehnflk24d023tqrsuf0f
|
- &savarcast_host age1x98njnqerw9nw9pzud4h6tjqqtxdmw0ugqry8uehnflk24d023tqrsuf0f
|
||||||
|
- &filepimp_host age1x98njnqerw9nw9pzud4h6tjqqtxdmw0ugqry8uehnflk24d023tqrsuf0f
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: secrets/common.yaml$
|
- path_regex: secrets/common.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
|
@ -21,6 +22,12 @@ creation_rules:
|
||||||
- *omo_host
|
- *omo_host
|
||||||
- *gum_host
|
- *gum_host
|
||||||
# host secrets
|
# host secrets
|
||||||
|
- path_regex: secrets/filepimp.yaml$
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *makefu
|
||||||
|
age:
|
||||||
|
- *filepimp_host
|
||||||
- path_regex: secrets/x.yaml$
|
- path_regex: secrets/x.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- pgp:
|
- pgp:
|
||||||
|
|
|
@ -6,12 +6,12 @@ in {
|
||||||
imports =
|
imports =
|
||||||
[ # Include the results of the hardware scan.
|
[ # Include the results of the hardware scan.
|
||||||
./hw.nix
|
./hw.nix
|
||||||
<stockholm/makefu>
|
../../2configs
|
||||||
<stockholm/makefu/2configs/home-manager>
|
../../2configs/home-manager
|
||||||
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
|
../../2configs/fs/single-partition-ext4.nix
|
||||||
<stockholm/makefu/2configs/smart-monitor.nix>
|
../../2configs/smart-monitor.nix
|
||||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
../../2configs/tinc/retiolum.nix
|
||||||
<stockholm/makefu/2configs/filepimp-share.nix>
|
../../2configs/filepimp-share.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.filepimp;
|
krebs.build.host = config.krebs.hosts.filepimp;
|
||||||
|
|
13
flake.nix
13
flake.nix
|
@ -38,10 +38,14 @@
|
||||||
lanzaboote.url = "github:nix-community/lanzaboote/v0.3.0";
|
lanzaboote.url = "github:nix-community/lanzaboote/v0.3.0";
|
||||||
lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
|
lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
};
|
vscode-server.url = "github:nix-community/nixos-vscode-server";
|
||||||
description = "Flakes of makefu";
|
vscode-server.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
outputs = { self, nixpkgs, lanzaboote, disko, nixos-hardware, nix-ld, sops-nix, stockholm, home-manager, nix-writers, ...}@inputs: let
|
};
|
||||||
|
description = "Flake of makefu";
|
||||||
|
|
||||||
|
outputs = { self, nixpkgs, lanzaboote, disko, nixos-hardware, nix-ld,
|
||||||
|
sops-nix, stockholm, home-manager, nix-writers, vscode-server, ...}@inputs: let
|
||||||
inherit (nixpkgs) lib;
|
inherit (nixpkgs) lib;
|
||||||
in {
|
in {
|
||||||
nixosModules =
|
nixosModules =
|
||||||
|
@ -53,7 +57,7 @@
|
||||||
(lib.attrNames (builtins.readDir ./3modules))));
|
(lib.attrNames (builtins.readDir ./3modules))));
|
||||||
|
|
||||||
overlays.default = import ./5pkgs/default.nix;
|
overlays.default = import ./5pkgs/default.nix;
|
||||||
nixosConfigurations = lib.genAttrs [ "mrdavid" "x" "cake" "tsp" "wbob" "omo" "gum" "savarcast" ] (host: nixpkgs.lib.nixosSystem rec {
|
nixosConfigurations = lib.genAttrs [ "filepimp" "mrdavid" "x" "cake" "tsp" "wbob" "omo" "gum" "savarcast" ] (host: nixpkgs.lib.nixosSystem rec {
|
||||||
# TODO inject the system somewhere else
|
# TODO inject the system somewhere else
|
||||||
system = if host == "cake" then "aarch64-linux" else "x86_64-linux";
|
system = if host == "cake" then "aarch64-linux" else "x86_64-linux";
|
||||||
specialArgs = {
|
specialArgs = {
|
||||||
|
@ -101,6 +105,7 @@
|
||||||
stockholm.nixosModules.urlwatch
|
stockholm.nixosModules.urlwatch
|
||||||
|
|
||||||
self.nixosModules.default
|
self.nixosModules.default
|
||||||
|
vscode-server.nixosModules.default
|
||||||
#self.nixosModules.krebs
|
#self.nixosModules.krebs
|
||||||
(./1systems + "/${host}/config.nix")
|
(./1systems + "/${host}/config.nix")
|
||||||
];
|
];
|
||||||
|
|
44
secrets/filepimp.yaml
Normal file
44
secrets/filepimp.yaml
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
retiolum.ed25519_key.priv: ENC[AES256_GCM,data:g7LcQGS7GN8b3QxOtu14kF8Js/LCSSqMgnJFy7iLUc86Bu0hg+U3OzieIUMZnnWSZUItWGTNI12NOwyU+nwaSJxNEZCBAoqbeDrgQeGjhQquLddZrC9GHEQzTDhDpBEJBGRWCQuvcGr3cQy7lc/wRfl41sDB1gwieY8xVMsmccfN5NteuEVJEitrwM9uR9aF1+SWF18tzvp7K6IDAXW63+qyfSk6+eBWkbFCbnkqLeBQWrBPQmDq1b8pchmpKUcOrZo5wpd/hx8=,iv:3aAdU+ybx5vc6/Xmb1VkLQI260YgBqfqjTj7yxrHo3Q=,tag:67KTiBENs3Dw9S7GBS3v1g==,type:str]
|
||||||
|
retiolum.rsa_key.priv: ENC[AES256_GCM,data:Slq0kHwNE52lmzr5FazPbn3GKGnWDyUtCmOhbAChvcEWzI4+DhBDuTh1wKASjcSdXLxoIMWmEUjLqeYwfspvn9r3zPGpN0GWpJ4fIkqdElGXvZ/r2aiABqN9Ga9cIZf0oFL1A9F5e/L/Sbqjz43niAgRJM/qq/xff7M6GNGvB3/epuOyLUKejmgPqe0mQXQBtws7Kvh8OLaJQnMG2gFA9pq7wVY2KLmDdiELdjT8RlJSl5S4SFf3m0LuptSveC/FKmymch9NVoRFg5tewBRVvgH6kK/VAFrsfPjl1WRF00L3/1bBDuFOxq7fd1wEAc42vRRkTPoSilALDylmkPhd+XRGGKvTRoTodeApZhtu5B1ipHdEhtmkKOA2LTdkuGQ/leS+TnreEC3YpZL77GYBdDndpzT1BODWRcarkOObPJddglxnfYjTwdFmrD8FYWuBoYnJzSacuDyDO+1qCUAu6NRA0YGXIc7S1CvySQIC858zgCAbKZrs5nomvZPbE+dpSNNgE4anehVfWpNGxdd23eMZEiNIkJUmStXoEk8c3QdpZPvO+DofXhlFcDqvKGHW/Gf+1pAJBNQ1nWCIzoY+FPvUSzPkYpgq0wsMhb1xhXO5U65873bj3AnvUyS12+cJCGvPRKdUwc7JQpzjEw3pLme2uSKINqs7VO5BA8A56LU+bQnDxZnCQtf7UmDdLJSMGWzHgWGZsybXMQzD8eLw5cIF4R4GC04AkAVTDi5AM3TZq/eT3icR7R7DdNTsNQeQkTv5kVqWtf2kIW5ZyP7vwSGGvt03kk5wk45/Xl+wv7gx+eqeISuUCOrAFzyFOCdNokemQlvH2ILj3adgo7zr0Zkww1pHO5ZoMCEq7r/PW1JQLZYcxqnk+XqIBobGHx9nAy4hPRfYYncwA89yCJAW+pajr1ZlPmogr1Os4jBBt0olpuykYMfWJffcM45d4OuK65zyFCwFe5zSx8yypZJIh9yGAN0HW1E2BHRfa3iBXkNaKc5iE3lz0ULOjcbnIU7eKeeHgsJctx5iYjxSY1sVTbxzRo+1jS+fKeuNPa9qW51rMi7Hcp/0WeXLPwdIt7X1fjBQ9aJ5XFgUIcwMI1loIganag0BtwmqSG7uJFHlfITX42189bMvhzncSQsclsDoqB6s1q3bmmf5s+QasNwCetQPn4kkexmy29jwg8PRObEFatCgduDkNKjh9kuNDmiAU6chv0iPnt8qKZXUNvHefCUnF6NBQOaCUMCwKohx00HKhNyiOwkR5l6kpeDp7vgty8RMeLyVkxOPSM2CfKJNmLoaGCc38hdLDTXeBWkJANQwBkIn9G1SCyeYWJKjt2HLr9yzyrf3c+Qh428brsIXJdScXhGdTz/ELsWgHzBb3gsJ66OAnCHvu1qRIsm10FWvyDsquxe3HjQz8WSY1BcIEo4YlTIiwhTmPLygjHKkCXVJv9kLYSS+SuUtnafvxYYhLlruA2DbUMAxi6leyYl2gIH3L+03CeYDY0fcRtp2k4dG1x/MgbvNAHQUcg+4gr9ImgRq/WxkHYd4TFC6fUEALZGGindP/W0Ip+f9s5fEhRomkikEVQ9+67jN7RRy+1rwXl38uT2fkbco458BeyUpeD6X0SX4ESts7F7iZ1n/5KKzTHkGR5iQFUyRtXrOAvwMp2iTSz+qzdBoloipbUAEnYSP73OK0//Rh/H+jtycTjK8JHUU+zhoIiQclGBuGNze25+/6hVu17GGIF06bMN8huQ+IUuNogM/227KkUq7NgI9CuDfiy5YzSY2wtmV8yWk4TE2ZjrM6IP6iz8Kj15ydUJ0ivGLaS7uhrxEqvElAeW9mwKfUKxxul71MSGeidE42K7zygLNi6INI0pf3tOhkuZeBxqFwn0L0kDVc1YAM46Tu7BDLtuvIomftEQzIlLJQM0faLKl8MBDgvw53L+cKCJCxDQYok2fwx2dH80Xqm5pNjoFWRytRcz2tk/czEXXcTM2twOpApbIFRUi7fUnSJMk9wNOV17G9fN68Zt8+wiPyIPmj2QsqXRxKAepSXyEH5VGg3d6t/7BFuwM0BIWFwW2cbNw+PbH5Ppi2ACpX3tf6mEOsJbdrEfa+yRBzGR4b/1zbp/xJwSrMrfCq/WA/oKH3cGjDes+2/XfWfw/NeTDQP/wHMCTvqIyU0Ku34ri+iN2sHrxlGIPz/33XK2QC9c2XmZsmIAqqMBMbFZy0pnWs30Czxv3BQ4ELQ==,iv:tSQmA147RKKfiwnNOM3D+aqhd/EoZ2b+WCaxcL1BBhU=,tag:l6jpC4yrNQ9vbZD7xi4+TQ==,type:str]
|
||||||
|
retiolum.rsa_key.pub: ENC[AES256_GCM,data:RpNxJQxJkf8tw3m0tDKG8Du5M45sodfwtwwuacgOilsg22IPVZ+lfBtQeNR5R2psqEPmPBFi/4y6OTQlI97o5EZKQgAnpKetXlTuOVQaWjgRLYims+KCR+9C/sGYXDZvZCs5x+n+jTiFtCoppLAprW1XgEPmBuoh4u+pnKnu+RRQNgWIP10BPz3Vi6NmE0B+GNz5s4pQnNgkHhM20jrWgLa+S2A/VCfpeKOjrg3sOreZ1/fcNzB7J2/71vywjE0zt2jHCQ3MPT0EGX3NNYNxg6lQxUHlZc0wl8hUlSLMCBQInmdcWerMXWrYpImQmV7zW8wRq+4BiO0LVvNVrZwW33YhTxFQdpzakAPoAFmBXfEVVuAqRNFjvrmHmtwHnTKi4N2rhbY1luiy6d6LoiORqAbdv1ZY4K0zO+1lcHAYIhQ/wqb8YbMklJieweB0o202jCds/Nkf4QPoLkZaVgSSpNHxA8dFu4EiL3cGguZON5z+K5WeGk4kgpQWmuLCXeCPhXxbdBscfYxjHgET05FlSsFRc1pEVnUxFxPOW2sBzeK5JU4kXUBlG/3C,iv:x3S2vAwdmlzmhn4Hxrsaf+SykK3gi7RmGImUl2kR+KA=,tag:7qEj2TLXvGm5ma3tV5u4vQ==,type:str]
|
||||||
|
sambacred: ENC[AES256_GCM,data:2D+ykHX6IuBzWfW6rzv/uOcb43FY6NjNljHZFYS0rYd/DUEdNB1Ay0jN5b5fmXa16Q==,iv:n2ECPLH8ODyltL91s3WubfVGzBMy0/dxbrx2yHaLRMg=,tag:3xkUeu2wyHUrpkD587IGWg==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1x98njnqerw9nw9pzud4h6tjqqtxdmw0ugqry8uehnflk24d023tqrsuf0f
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxV2NRcGZXcXNwVVNMbHNh
|
||||||
|
M1FUMkc4TXREdThMMGZ2NkFBdVMvcEFaQUV3Cm85WHlhenBXajVRN0RvTnh1Skgv
|
||||||
|
NnJ1b3orTTRVd2p2QzdVRk9ycEMvOHMKLS0tIEpRS0xybisyU3YvTnk3aWJHWVk5
|
||||||
|
NEp0SG91am9oMGhIVEM3Rm4xZWw3OWMKhDxmEO0c/kj+SRhoJhB30txsddtlTPAw
|
||||||
|
9ruWXnIlOiBgxsbrTqC9JWDglYl8qV6xhWSMnhkqA7dh/pMSKykKqA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2023-09-21T20:30:35Z"
|
||||||
|
mac: ENC[AES256_GCM,data:L6qCecYAmgA6onal+O5M5OYzbEV4S1ol3KcIRSqdrcuhj8vC37EbW1uvRTq0P0vXC7hw9AFrRgbEpjVKiVTSkAU4kmGIY6dP7e88t5VdTQ5k2AIdCqDTXjqvKlDo/A/SneUgxq9yABngdHaT6xfT6YAPZAMHg1NkMwQ22w3fa/s=,iv:yNif70Sy+oBnPvl6FOu535b5gn7gIP0sKVdq/g+AYY0=,tag:0VxdZ5hhcdcVqsnWwI3SWQ==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2023-09-21T20:30:02Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA9JutVRDNegnAQ/9GInwub6EPJlUlSMCq7DdhryygmL1UvtYxuD/idcWWJG4
|
||||||
|
F/ARipjQIG9M2shLhBm5pWhqCMRJNsPSSAvKcJpDXke2lU3ihjcEYCjgu22lfJPv
|
||||||
|
x95gXpzShvVyUpFdKZ0+hLrJqtT24XS1eJ1S/5dCkNb/ADfgTfbFx8ZYNkDJaKky
|
||||||
|
lF9Bbt/YKPAJJg4lcBOb0VMK1Nu0FYgpbTo78HQ2p42PA20iQzacqGPtQPRiufvf
|
||||||
|
XJnUXHawEz+LvnjsfUVq8mBS9IODju0ULeDKnAwgp/sj02rW74ivAwH+lcI87YzV
|
||||||
|
7z+Em33OmZqAjU9w+wwGXG87bq5OpOJafcGOTNyTEK2eO6+drBNbtp+MG/97o3LB
|
||||||
|
ANOEsiXtUFAlCoOfhkzfsYEhoHggHXKQHuiWbap5wwRfXrhI8d510bUK/zNXFy0n
|
||||||
|
9/8PE7uhFUjuKXQga2qq8SH0uvYICchOOIo8jtZ1ZmAxkkFvQBnSnNlS7hgwxh3u
|
||||||
|
HDyapa0lDorZKAcSj5qt9hgaAZp81cO0IxkG/gjKDGvy0cnjVxQVmv/Vk3JB+4Wo
|
||||||
|
4eX2GD0Ywp23fndCoEgl0qTHcNc4pTbejTF7Y36sj2uvySz4mUUVatHueSn/zQv+
|
||||||
|
PE2hXsBkDe8jQvfd1Bj6k6GkvqpWfLT1qr5/yaCovlVcCyYcX1W+0N/IzxOsLOXS
|
||||||
|
UQEBK+VxlpqLuGyS1iKJmQwQ9HiA/ZqCvEeu8b5cGTZLURaJY5+zfEXt/NfEtgFG
|
||||||
|
d7ROgdESX38PsEyt+m60fUcECOKblHw+YBBB47jjdEEjIA==
|
||||||
|
=txlR
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: F7B8DCE46BC6B0A8F95477C8563B8DFE2A0E2029
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.7.3
|
Loading…
Reference in a new issue