init secrets
This commit is contained in:
parent
00ae5602b3
commit
f0c524a6ac
17
.sops.yaml
Normal file
17
.sops.yaml
Normal file
|
@ -0,0 +1,17 @@
|
|||
keys:
|
||||
- &makefu F7B8DCE46BC6B0A8F95477C8563B8DFE2A0E2029
|
||||
- &x_host age1hqe5hs2jz2fk5zvw346ajhwlagkheunacahpu42uruxu0nlnwy7qn9q5k6
|
||||
creation_rules:
|
||||
- path_regex: secrets/common.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *makefu
|
||||
- age:
|
||||
- *x_host
|
||||
# host secrets
|
||||
- path_regex: 1systems/x/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *makefu
|
||||
- age:
|
||||
- *x_host
|
|
@ -1,13 +1,14 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{ config, pkgs, lib, self, ... }:
|
||||
{
|
||||
imports =
|
||||
[
|
||||
|
||||
# ./x13
|
||||
# ./x230
|
||||
./x13
|
||||
|
||||
(self + "/2configs/default.nix")
|
||||
|
||||
## Common Hardware Components
|
||||
#<nix-ld/modules/nix-ld.nix>
|
||||
## <stockholm/makefu/2configs/hw/mceusb.nix>
|
||||
## <stockholm/makefu/2configs/hw/rtl8812au.nix>
|
||||
#<stockholm/makefu/2configs/hw/network-manager.nix>
|
||||
|
@ -222,34 +223,32 @@
|
|||
nixpkgs.config.allowUnfree = true;
|
||||
nixpkgs.config.oraclejdk.accept_license = true;
|
||||
|
||||
environment.systemPackages = [ xxx ];
|
||||
|
||||
# configure pulseAudio to provide a HDMI sink as well
|
||||
networking.firewall.enable = true;
|
||||
networking.firewall.allowedUDPPorts = [ 665 26061 1514 ];
|
||||
networking.firewall.trustedInterfaces = [ "vboxnet0" "enp0s25" ];
|
||||
|
||||
# krebs.build.host = config.krebs.hosts.x;
|
||||
krebs.build.host = config.krebs.hosts.x;
|
||||
|
||||
#krebs.tinc.retiolum.connectTo = lib.mkForce [ "gum" ];
|
||||
#krebs.tinc.retiolum.extraConfig = "AutoConnect = no";
|
||||
|
||||
# environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; };
|
||||
#state = [
|
||||
# "/home/makefu/stockholm"
|
||||
# "/home/makefu/.ssh/"
|
||||
# "/home/makefu/.zsh_history"
|
||||
# "/home/makefu/.bash_history"
|
||||
# "/home/makefu/bin"
|
||||
# "/home/makefu/.gnupg"
|
||||
# "/home/makefu/.imapfilter"
|
||||
# "/home/makefu/.mutt"
|
||||
# "/home/makefu/docs"
|
||||
# "/home/makefu/notes"
|
||||
# "/home/makefu/.password-store"
|
||||
# "/home/makefu/.secrets-pass"
|
||||
# "/home/makefu/.config/syncthing"
|
||||
#];
|
||||
state = [
|
||||
"/home/makefu/stockholm"
|
||||
"/home/makefu/.ssh/"
|
||||
"/home/makefu/.zsh_history"
|
||||
"/home/makefu/.bash_history"
|
||||
"/home/makefu/bin"
|
||||
"/home/makefu/.gnupg"
|
||||
"/home/makefu/.imapfilter"
|
||||
"/home/makefu/.mutt"
|
||||
"/home/makefu/docs"
|
||||
"/home/makefu/notes"
|
||||
"/home/makefu/.password-store"
|
||||
"/home/makefu/.secrets-pass"
|
||||
"/home/makefu/.config/syncthing"
|
||||
];
|
||||
|
||||
# services.syncthing.user = lib.mkForce "makefu";
|
||||
# services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";
|
||||
|
|
1
1systems/flake-x/result
Symbolic link
1
1systems/flake-x/result
Symbolic link
|
@ -0,0 +1 @@
|
|||
/nix/store/svjw1v86maxhw6l7wy6s1p7rsxm7582i-nixos-vm
|
|
@ -1,15 +1,18 @@
|
|||
{ pkgs, lib, ... }:
|
||||
{ pkgs, lib, nixos-hardware, self, ... }:
|
||||
# new zfs deployment
|
||||
{
|
||||
imports = [
|
||||
./zfs.nix
|
||||
./input.nix
|
||||
./disk.nix
|
||||
./battery.nix
|
||||
<stockholm/makefu/2configs/hw/bluetooth.nix>
|
||||
<nixos-hardware/lenovo/thinkpad/l14/amd> # close enough
|
||||
# <stockholm/makefu/2configs/hw/tpm.nix>
|
||||
<stockholm/makefu/2configs/hw/ssd.nix>
|
||||
# <stockholm/makefu/2configs/hw/xmm7360.nix>
|
||||
|
||||
(self + "/2configs/hw/bluetooth.nix")
|
||||
(self + "/2configs/hw/tpm.nix")
|
||||
(self + "/2configs/hw/ssd.nix")
|
||||
# (self + "/2configs/hw/xmm7360.nix")
|
||||
|
||||
nixos-hardware.nixosModules.lenovo-thinkpad-l14-amd
|
||||
|
||||
];
|
||||
boot.zfs.requestEncryptionCredentials = true;
|
||||
networking.hostId = "f8b8e0a2";
|
||||
|
@ -24,9 +27,7 @@
|
|||
hardware.opengl.extraPackages = [ pkgs.amdvlk pkgs.rocm-opencl-icd pkgs.rocm-opencl-runtime ];
|
||||
# For 32 bit applications
|
||||
hardware.opengl.driSupport32Bit = true;
|
||||
hardware.opengl.extraPackages32 = with pkgs; [
|
||||
driversi686Linux.amdvlk
|
||||
];
|
||||
hardware.opengl.extraPackages32 = with pkgs; [ driversi686Linux.amdvlk ];
|
||||
# is required for amd graphics support ( xorg wont boot otherwise )
|
||||
#boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
boot.kernelPackages = lib.mkForce pkgs.linuxPackages;
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
{ disk ? "/dev/sda", ... }: {
|
||||
{ ... }:
|
||||
let
|
||||
disk = "/dev/nvme0n1";
|
||||
in {
|
||||
disko.devices = {
|
||||
disk = {
|
||||
nvme = {
|
||||
|
|
|
@ -1,13 +1,9 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
with lib;
|
||||
{
|
||||
imports = [
|
||||
{
|
||||
users.users =
|
||||
mapAttrs (_: h: { hashedPassword = h; })
|
||||
(import <secrets/hashedPasswords.nix>);
|
||||
}
|
||||
./secrets/user-passwords.nix
|
||||
./editor/vim.nix
|
||||
./binary-cache/nixos.nix
|
||||
./minimal.nix
|
||||
|
@ -16,9 +12,7 @@ with import <stockholm/lib>;
|
|||
|
||||
# users are super important
|
||||
users.users = {
|
||||
root = {
|
||||
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
|
||||
};
|
||||
root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
|
||||
makefu = {
|
||||
uid = 9001;
|
||||
group = "users";
|
||||
|
@ -27,10 +21,10 @@ with import <stockholm/lib>;
|
|||
isNormalUser = true;
|
||||
useDefaultShell = true;
|
||||
extraGroups = [ "wheel" ];
|
||||
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
|
||||
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
|
||||
};
|
||||
};
|
||||
nix.settings.trusted-users = [ config.krebs.build.user.name ];
|
||||
# nix.settings.trusted-users = [ config.krebs.build.user.name ];
|
||||
nix.settings.experimental-features = [ "flakes" "nix-command" ];
|
||||
|
||||
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages;
|
||||
|
@ -39,13 +33,12 @@ with import <stockholm/lib>;
|
|||
|
||||
krebs = {
|
||||
enable = true;
|
||||
|
||||
dns.providers.lan = "hosts";
|
||||
# dns.providers.lan = "hosts";
|
||||
build.user = config.krebs.users.makefu;
|
||||
};
|
||||
|
||||
|
||||
boot.tmpOnTmpfs = true;
|
||||
boot.tmp.useTmpfs = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
jq
|
||||
|
@ -91,6 +84,6 @@ with import <stockholm/lib>;
|
|||
defaults.email = "letsencrypt@syntax-fehler.de";
|
||||
acceptTerms = true;
|
||||
};
|
||||
system.stateVersion = lib.mkDefault "20.03";
|
||||
system.stateVersion = lib.mkDefault "23.05";
|
||||
services.postgresql.package = pkgs.postgresql_14;
|
||||
}
|
||||
|
|
|
@ -14,6 +14,7 @@ in
|
|||
#};
|
||||
};
|
||||
programs.dconf.enable = true;
|
||||
|
||||
home-manager.users.${mainUser}.dconf = {
|
||||
enable = true;
|
||||
settings = {
|
||||
|
|
|
@ -7,14 +7,13 @@
|
|||
# the only true timezone (even after the the removal of DST)
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
networking.hostName = lib.mkIf (lib.hasAttr "host" config.krebs.build) config.krebs.build.host.name;
|
||||
# networking.hostName = lib.mkIf (lib.hasAttr "host" config.krebs.build) config.krebs.build.host.name;
|
||||
|
||||
# we use gpg if necessary (or nothing at all)
|
||||
programs.ssh.startAgent = false;
|
||||
|
||||
# all boxes look the same
|
||||
nix.settings.sandbox = true;
|
||||
nix.settings.cores = 0; # until https://github.com/NixOS/nixpkgs/pull/50440 is in stable
|
||||
# we configure users via nix
|
||||
users.mutableUsers = false;
|
||||
|
||||
|
|
14
2configs/secrets/user-passwords.nix
Normal file
14
2configs/secrets/user-passwords.nix
Normal file
|
@ -0,0 +1,14 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
sops.defaultSopsFile = ../../secrets/common.yaml;
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
|
||||
sops.secrets = {
|
||||
"passwd/makefu".neededForUsers = true;
|
||||
"passwd/root".neededForUsers = true;
|
||||
};
|
||||
users.users = {
|
||||
makefu.passwordFile = config.sops.secrets."passwd/makefu".path;
|
||||
root.passwordFile = config.sops.secrets."passwd/root".path;
|
||||
};
|
||||
}
|
|
@ -1,25 +1,26 @@
|
|||
{ lib }:
|
||||
{ lib, ... }:
|
||||
# krebs emulation layer
|
||||
{
|
||||
options = with lib.types;{
|
||||
krebs.hosts = mkOption {
|
||||
default = {};
|
||||
type = attrsOf anything;
|
||||
};
|
||||
options = with lib; with types;{
|
||||
#krebs.enable = mkEnableOption "krebs";
|
||||
#krebs.hosts = mkOption {
|
||||
# default = {};
|
||||
# type = attrsOf anything;
|
||||
#};
|
||||
krebs.build = mkOption {
|
||||
default = {};
|
||||
type = attrsOf anything;
|
||||
};
|
||||
krebs.users = mkOption {
|
||||
default = {};
|
||||
type = attrsOf anything;
|
||||
};
|
||||
#krebs.users = mkOption {
|
||||
# default = {};
|
||||
# type = attrsOf anything;
|
||||
#};
|
||||
};
|
||||
config = {
|
||||
users.makefu = {
|
||||
krebs.users.makefu = {
|
||||
name = "makefu";
|
||||
mail = "makefu@x.r";
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@x";
|
||||
};
|
||||
}
|
||||
};
|
||||
}
|
||||
|
|
200
flake.lock
Normal file
200
flake.lock
Normal file
|
@ -0,0 +1,200 @@
|
|||
{
|
||||
"nodes": {
|
||||
"disko": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1686222354,
|
||||
"narHash": "sha256-dtqnAwzucKZv54dTrLetIXhOavUrCsdqOe+JtFH9riE=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "5d9f362aecd7a4c2e8a3bf2afddb49051988cab9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-parts": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1685662779,
|
||||
"narHash": "sha256-cKDDciXGpMEjP1n6HlzKinN0H+oLmNpgeCTzYnsA2po=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "71fb97f0d875fd4de4994dfb849f2c75e17eb6c3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"home-manager": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1686391840,
|
||||
"narHash": "sha256-5S0APl6Mfm6a37taHwvuf11UHnAX0+PnoWQbsYbMUnc=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "0144ac418ef633bfc9dbd89b8c199ad3a617c59f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-ld": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"utils": "utils"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1682533818,
|
||||
"narHash": "sha256-2Fzjk3jL7rlyLjPKWy05zU8SGm04M3mbzohk51vkw3Y=",
|
||||
"owner": "Mic92",
|
||||
"repo": "nix-ld",
|
||||
"rev": "29f15b1f7e37810689974ef169496c51f6403a1b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "Mic92",
|
||||
"repo": "nix-ld",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-writers": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1677612737,
|
||||
"narHash": "sha256-UaCKZ4PbMZU6UZH7XNFcjRtd5jheswl66rjZDBfQgp8=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "66a1f6833464bbb121b6d94247ad769f277351f8",
|
||||
"revCount": 39,
|
||||
"type": "git",
|
||||
"url": "https://cgit.krebsco.de/nix-writers"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://cgit.krebsco.de/nix-writers"
|
||||
}
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1686217350,
|
||||
"narHash": "sha256-Nb9b3m/GEK8jyFsYfUkXGsqj6rH05GgJ2QWcNNbK7dw=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "e4b34b90f27696ec3965fa15dcbacc351293dc67",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1686331006,
|
||||
"narHash": "sha256-hElRDWUNG655aqF0awu+h5cmDN+I/dQcChRt2tGuGGU=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "85bcb95aa83be667e562e781e9d186c57a07d757",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-23.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"disko": "disko",
|
||||
"flake-parts": "flake-parts",
|
||||
"home-manager": "home-manager",
|
||||
"nix-ld": "nix-ld",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"sops-nix": "sops-nix",
|
||||
"stockholm": "stockholm"
|
||||
}
|
||||
},
|
||||
"sops-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs-stable": []
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1685848844,
|
||||
"narHash": "sha256-Iury+/SVbAwLES76QJSiKFiQDzmf/8Hsq8j54WF2qyw=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "a522e12ee35e50fa7d902a164a9796e420e6e75b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"stockholm": {
|
||||
"inputs": {
|
||||
"nix-writers": "nix-writers",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1686400260,
|
||||
"narHash": "sha256-nW2GqH3yYZl5XRYHN4MpaaO4r01GNEMSPjklJmdIUic=",
|
||||
"path": "/home/makefu/stockholm-flakes",
|
||||
"type": "path"
|
||||
},
|
||||
"original": {
|
||||
"path": "/home/makefu/stockholm-flakes",
|
||||
"type": "path"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"locked": {
|
||||
"lastModified": 1667395993,
|
||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
"version": 7
|
||||
}
|
75
flake.nix
Normal file
75
flake.nix
Normal file
|
@ -0,0 +1,75 @@
|
|||
{
|
||||
inputs = {
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
|
||||
|
||||
sops-nix.url = "github:Mic92/sops-nix";
|
||||
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
||||
sops-nix.inputs.nixpkgs-stable.follows = "";
|
||||
|
||||
nixos-hardware.url = "github:NixOS/nixos-hardware";
|
||||
|
||||
home-manager.url = "github:nix-community/home-manager";
|
||||
home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
disko.url = "github:nix-community/disko";
|
||||
disko.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
flake-parts.url = "github:hercules-ci/flake-parts";
|
||||
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
|
||||
|
||||
nix-ld.url = "github:Mic92/nix-ld";
|
||||
nix-ld.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
# stockholm.url = "git+https://cgit.lassul.us/stockholm?ref=flakeify";
|
||||
stockholm.url = "path:///home/makefu/stockholm-flakes";
|
||||
stockholm.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
};
|
||||
description = "Flakes of makefu";
|
||||
|
||||
outputs = { self, nixpkgs, disko, nixos-hardware, nix-ld, sops-nix, stockholm, ...}@inputs: let
|
||||
|
||||
|
||||
in {
|
||||
nixosModules =
|
||||
let
|
||||
inherit (nixpkgs) lib;
|
||||
in builtins.listToAttrs
|
||||
(map
|
||||
(name: {name = lib.removeSuffix ".nix" name; value = import (./3modules + "/${name}");})
|
||||
(lib.filter
|
||||
(name: name != "default.nix" && !lib.hasPrefix "." name)
|
||||
(lib.attrNames (builtins.readDir ./3modules))));
|
||||
|
||||
nixosConfigurations.x = nixpkgs.lib.nixosSystem rec {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = {
|
||||
inherit (inputs) nixos-hardware self stockholm;
|
||||
pkgs = import nixpkgs {
|
||||
inherit system;
|
||||
config.allowUnfree = true;
|
||||
overlays = [(self: super: { stockholm.lib = stockholm.lib; })] ;
|
||||
};
|
||||
};
|
||||
modules = [
|
||||
disko.nixosModules.disko
|
||||
nix-ld.nixosModules.nix-ld
|
||||
sops-nix.nixosModules.sops
|
||||
|
||||
stockholm.nixosModules.krebs
|
||||
stockholm.nixosModules.hosts
|
||||
stockholm.nixosModules.users
|
||||
stockholm.nixosModules.build
|
||||
stockholm.nixosModules.dns
|
||||
stockholm.nixosModules.kartei
|
||||
stockholm.nixosModules.sitemap
|
||||
|
||||
self.nixosModules.state
|
||||
#self.nixosModules.krebs
|
||||
./1systems/flake-x/config.nix
|
||||
];
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
}
|
34
secrets/common.yaml
Normal file
34
secrets/common.yaml
Normal file
|
@ -0,0 +1,34 @@
|
|||
passwd:
|
||||
makefu: ENC[AES256_GCM,data:Z3b+aYQtENF0g/iSpQRSy2lxh2qToT7YfHDVDOPfpVaiSPdoFA0jEyWQ0Vk70AVNMQa7wPrXjbMLKdfTmnS7mKzc9Ivjr8gA9lSfcs3L8MY+Y0fSAtuoPJncIcvt1uL+pLUvSow7hHWg8A==,iv:H9RS2U6WjCIJ2GySw2QdXm4538wvTgVYVU3/hNEUCME=,tag:RT3OK41TZgmOtNEFz19Eug==,type:str]
|
||||
root: ENC[AES256_GCM,data:nxxIQPFgZu8YyI8HASuO0Tj7ABWxnqcPOztSGEk0R6YZCYMeOeoTgyH2/Wa325ul3iry8vnDsbBa+2S2Y0b+oV/wnPgIoa7LKjHYlIseCArB/LD9+oi8XRkJbsQSISEmoMyobmYc5SysNg==,iv:wkMyMkeL8hrTIG9PUrqwBnrUY92U9OotkP9rz9zKs5A=,tag:xiazIbBkR8505qrOsWn26Q==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2023-06-10T17:34:46Z"
|
||||
mac: ENC[AES256_GCM,data:0Fyw+XASLLE2MhvJJ0mR0zvdu2YiGv2Ud4Fq34/RdRCx0+S+9qhwQbe93M6F7ZN4udeHQj4Nory3dg3nJlABQY2DDS3BXhA9OX7SR8p5SJ9uKWNwhpavBXPBgzU381NJNB+2KX/KByszkGRJ4DS8QQ5ELWn+9guLdvPPitAjbs8=,iv:wTzFPC+I4g3CDU6lqS9GBHHdYmAAqUCf2nTjJDAdSO4=,tag:OnByw19WU0cOx6lHvJcq6Q==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-06-10T17:32:09Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA9JutVRDNegnARAAm0iApGGZ3oT5K1WbIgbTSglPpyOl92GYojEh+0w0AU/1
|
||||
6+s2uSBO/7/fIRFOObLeK0TojHX2rJhwD6Q6+M7A2Lei3RYURZvwjL0A5IhTCBUd
|
||||
pYIsGrEURshz7yOVKiqrTnjIWxfmkBjCIeukLbhKyW+mMD2O1WhDloUnCHtviXNa
|
||||
W8S8TTnRg9r36hUYjnP7tp9PWAmJZpcP8QpGoeYJwxQN9/Yp9czg70X5pcTz9IXO
|
||||
MIgXMKFgj/ShfMgKdUjI8N80IG+b8DOQWpkVJGduUJd2JT5TpFKIuqLpbMbnKGhz
|
||||
Jso4s6cV9ZX+ZC/NId46idAlhODBiiEd8lKydq8uYh/W4UcRqz4q7nYtyb541cWz
|
||||
hNVO4DRDWGW2U7dabhmtHHaNB1OxzbeRh3+xto7pMkxCGXZ9NX5D+ARgDagTEW+6
|
||||
D7aqqxH6gykoZdDKd8u22iJVEoHdqRcoFUXNtr4ETIpjzzMWvOqhwe8CcdA6ySjF
|
||||
Pm27TpCKVEJOWTWEz0/AaQhdBz6WLI7W5ldaFDOt3f7/OTxzg8GApGwDyXydWKHl
|
||||
2/kn9pbGhgvYjTSfK17NwhSQicQznRjXR7XMv1Vh6vs7IeMEZ/eUFJkGSLyxquza
|
||||
Fa7+2gJL/cA1x2Vh81h3bb0QxELM/RnV+mpdpNAIlxlQxU4uq+lw5iJTJrr58mHS
|
||||
UQHaIaiBd21CACz79Yb0TgJTSSjoYVgv7bbYk1KMfk6hlegF2FN7txe4RHVs7yVi
|
||||
Myv/27m1bKuwlrXqbxbzvy8hF845y7WUd6T0UEBkBTxKFw==
|
||||
=i/3A
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F7B8DCE46BC6B0A8F95477C8563B8DFE2A0E2029
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
Loading…
Reference in a new issue