1e2e2bdd35
grep -- '- &' .sops.yaml | cut -d'&' -f2 | grep _host | sed 's/_host//' | xargs -n2 clan secrets machines add
for i in secrets/*.yaml; do host=$(basename $i .yaml); clan secrets import-sops $i --machine $host --user makefu --prefix ${host}-;done
for i in secrets/*.yaml; do host=$(basename $i .yaml) ;clan secrets groups add-machine common "$host";done
28 lines
699 B
Nix
28 lines
699 B
Nix
{ config,nixpkgsPath, pkgs, lib, ... }:
|
|
{
|
|
krebs = {
|
|
enable = true;
|
|
|
|
dns.providers.lan = "hosts";
|
|
build.user = config.krebs.users.makefu;
|
|
};
|
|
imports = [
|
|
(nixpkgsPath + "/nixos/modules/profiles/minimal.nix")
|
|
(nixpkgsPath + "/nixos/modules/profiles/installation-device.nix")
|
|
];
|
|
|
|
# cifs-utils fails to cross-compile
|
|
# Let's simplify this by removing all unneeded filesystems from the image.
|
|
boot.supportedFilesystems = lib.mkForce [ "vfat" ];
|
|
|
|
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
|
|
|
|
|
|
users.users = {
|
|
root = {
|
|
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
|
|
};
|
|
};
|
|
services.openssh.enable = true;
|
|
}
|