mirror of
https://github.com/Gerg-L/nixos.git
synced 2025-12-10 00:43:56 -05:00
added sops for all three systems
This commit is contained in:
parent
1742726d84
commit
e6f83f6997
13 changed files with 207 additions and 28 deletions
|
|
@ -2,6 +2,7 @@ inputs: {
|
|||
pkgs,
|
||||
settings,
|
||||
self,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
|
|
@ -13,8 +14,8 @@ inputs: {
|
|||
(import ./zfs inputs)
|
||||
(import ./minecraft.nix inputs)
|
||||
];
|
||||
system.stateVersion = "23.05";
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
localModules = {
|
||||
X11Programs = {
|
||||
sxhkd.enable = true;
|
||||
|
|
@ -80,6 +81,10 @@ inputs: {
|
|||
firewall.enable = true;
|
||||
};
|
||||
#user managment
|
||||
sops.secrets = {
|
||||
root.neededForUsers = true;
|
||||
gerg.neededForUsers = true;
|
||||
};
|
||||
users = {
|
||||
mutableUsers = false;
|
||||
users = {
|
||||
|
|
@ -92,7 +97,7 @@ inputs: {
|
|||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAuO/3IF+AjH8QjW4DAUV7mjlp2Mryd+1UnpAUofS2yA gerg@gerg-phone"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc gerg@gerg-windows"
|
||||
];
|
||||
initialHashedPassword = "$6$hgiDFHEMVEA39Snj$Huxf2a/yd/gSO2ZwntxI5Z65c1kCf35lvbkA61knP5i5NLPuIy4cybBBv9lnd24LVR9sfi9Tss96VQdsGCQhq1";
|
||||
passwordFile = config.sops.secrets.gerg.path;
|
||||
};
|
||||
"root" = {
|
||||
uid = 0;
|
||||
|
|
@ -101,7 +106,7 @@ inputs: {
|
|||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAuO/3IF+AjH8QjW4DAUV7mjlp2Mryd+1UnpAUofS2yA gerg@gerg-phone"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc gerg@gerg-windows"
|
||||
];
|
||||
initialHashedPassword = "$6$KV00qSRKyx1hpZjX$kwzWN4UuQxHSFwA4vYtRTcYecQyR.Qelvvcr90ZfZ4y.LISUcx2PDHH9/7REwsoAHD./KlAnwlsm1hxeLoGpl/";
|
||||
passwordFile = config.sops.secrets.root.path;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@ _: {...}: {
|
|||
hostBridge = "bridge0";
|
||||
localAddress = "192.168.1.10/24";
|
||||
localAddress6 = "2605:59c8:252e:500:200:ff:fe00:10/64";
|
||||
bindMounts."/mnt/minecraft" = {
|
||||
bindMounts."/persist/minecraft" = {
|
||||
mountPoint = "/minecraft";
|
||||
hostPath = "/mnt/minecraft";
|
||||
hostPath = "/persist/minecraft";
|
||||
isReadOnly = false;
|
||||
};
|
||||
config = {pkgs, ...}: let
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
_: {
|
||||
pkgs,
|
||||
settings,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
#discord bot stuff
|
||||
|
|
@ -12,9 +12,10 @@ _: {
|
|||
after = ["NetworkManager-wait-online.service"];
|
||||
script = "parrot";
|
||||
serviceConfig = {
|
||||
EnvironmentFile = "/home/${settings.username}/saveme/.env";
|
||||
EnvironmentFile = config.sops.secrets.discordenv.path;
|
||||
Restart = "on-failure";
|
||||
RestartSec = "30s";
|
||||
};
|
||||
};
|
||||
sops.secrets.discordenv = {};
|
||||
}
|
||||
|
|
|
|||
23
systems/gerg-desktop/secrets.yaml
Normal file
23
systems/gerg-desktop/secrets.yaml
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
discordenv: ENC[AES256_GCM,data:2p39yDXSVpNlCpoffnG6HxHsRoBjPsC0r3QwCisKHbxXFi94poLEF1i4H56NNhRkIZdsJlOFFHgmQd6GGLilTzdGSbnDwFV1vbqKhG2XYuei0ES4W1juvuigycfnPLsk3ZQnq/+TL09WSyQk+tyLCcILUgqL8B75J34=,iv:4ClckaNwsLig1rt9WeagJDixD54SReLCfG4SHyAjs+I=,tag:xPhyzl9Q5kobuhSMAfkIcg==,type:str]
|
||||
root: ENC[AES256_GCM,data:3gGH5gjXBvZwkGyDA+AoqBwIQtWNkfreH/42xvkZlB8wM9g/lpJCeQ6EG2dkJTUv10h6Ym9m8AeRB5dreCmUo4HG6wS8+A7HLg==,iv:sKVcxn3DpIuv2qEwIedGFLlatr1tMTRC0L+fr//0T0c=,tag:wDJz3jYLTN3L2o7ZHWepJg==,type:str]
|
||||
gerg: ENC[AES256_GCM,data:0d+dAgbvaJ2X1QDSMteElbhJMy2lYcpOv0av+BBnIX7rrL8qZ/eGG9rrd9QXmEDIPxKyKwOcBbhYUaBsYHfwRRVP6LXH50V2eA==,iv:JzUNNL9m4hBrvFzSN6iQW/gmAiwvUbxOA73Q6TGPDb0=,tag:BclDA30EUFjpceopRN+nUg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1xghz0ea7dap38fukk053nmse5gd0jhdn8gvsfpvs6sfmgg33m4gs606nx9
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSGc4emRNTlYvb293cUQw
|
||||
ajRaNmg5U0xuWHkwR0ZVQ2YzNFZ1UXlVWHg4ClZEam12cUVMZ0pabWgxcUlmUHdw
|
||||
TVlXOGlWcmZJSDdRQ3RtVnFMWWovZE0KLS0tIEExY3lISy92ODJ1TlNpUlNWbnRZ
|
||||
aDhTUE96bUJHRUZ3N1NaWkhtbDhRVFEKYDGFkjPtHefXdAOxwUQjsoPXDIG/0uxL
|
||||
lpTayh67qFmVsmWE8it6sPKgjNF1+UnP3aelAOOoa+53CePPrER5lw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-03-07T22:30:32Z"
|
||||
mac: ENC[AES256_GCM,data:6MV0ATHKAcgm6jRZ7KiGQo8Y4xlTWMoyROqyLTy+a895o9H/K+x+X1eGdFFdcBxTvN90njz0Bh3/MjkzM36UKyYLSeXMSpDFKwVKgT6qK+rWyn3s+fIIZA3tiR//tRLqA04H0JaieMjVqK/ns7UQx92NU7bC3KTo0dKy26mWfWQ=,iv:XhSNXgmPV1bOXL8ZtppJ/nipIYOUElYbVuZ32/hsAIA=,tag:V3XM3sP9FtwKWZuYdoAmEQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
Loading…
Add table
Add a link
Reference in a new issue