kaas
This commit is contained in:
Chris Kruining
parent
cfb9d086b8
commit
7e6beb208d
9 changed files with 147 additions and 38 deletions
54
.sops.yml
54
.sops.yml
|
|
@ -1,8 +1,60 @@
|
||||||
keys:
|
keys:
|
||||||
- &primary age10c5hmykkduvy75yvqfnchm5lcesr5puarhkwp4l7xdwpykdm397q6xdxuy
|
- &primary age10c5hmykkduvy75yvqfnchm5lcesr5puarhkwp4l7xdwpykdm397q6xdxuy
|
||||||
|
- home:
|
||||||
|
- &chris age
|
||||||
|
- system:
|
||||||
|
- &aule age
|
||||||
|
- &mandos age
|
||||||
|
- &manwe age10c5hmykkduvy75yvqfnchm5lcesr5puarhkwp4l7xdwpykdm397q6xdxuy
|
||||||
|
- &melkor age
|
||||||
|
- &orome age
|
||||||
|
- &tulkas age
|
||||||
|
- &varda age
|
||||||
|
- &yavanna age
|
||||||
|
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: secrets/secrets.yml$
|
- path_regex: secrets/secrets.ya?ml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *primary
|
- *primary
|
||||||
|
|
||||||
|
#===================================================================
|
||||||
|
# HOSTS
|
||||||
|
#===================================================================
|
||||||
|
- path_regex: systems/x64_86-linux/aule/secrets.yaml$
|
||||||
|
age: *aule
|
||||||
|
|
||||||
|
- path_regex: systems/x64_86-linux/mandos/secrets.yaml$
|
||||||
|
age: *mandos
|
||||||
|
|
||||||
|
- path_regex: systems/x64_86-linux/manwe/secrets.yaml$
|
||||||
|
age: *manwe
|
||||||
|
|
||||||
|
- path_regex: systems/x64_86-linux/melkor/secrets.yaml$
|
||||||
|
age: *melkor
|
||||||
|
|
||||||
|
- path_regex: systems/x64_86-linux/orome/secrets.yaml$
|
||||||
|
age: *orome
|
||||||
|
|
||||||
|
- path_regex: systems/x64_86-linux/tulkas/secrets.yaml$
|
||||||
|
age: *tulkas
|
||||||
|
|
||||||
|
- path_regex: systems/x64_86-linux/varda/secrets.yaml$
|
||||||
|
age: *varda
|
||||||
|
|
||||||
|
- path_regex: systems/x64_86-linux/yavanna/secrets.yaml$
|
||||||
|
age: *yavanna
|
||||||
|
|
||||||
|
#===================================================================
|
||||||
|
# USERS
|
||||||
|
#===================================================================
|
||||||
|
- path_regex: homes/x64_86-linux/chris@\w+/secrets.ya?ml$
|
||||||
|
age: chris
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -18,4 +18,5 @@ nix build .#install-isoConfigurations.minimal
|
||||||
|
|
||||||
- [dafitt/dotfiles](https://github.com/dafitt/dotfiles/)
|
- [dafitt/dotfiles](https://github.com/dafitt/dotfiles/)
|
||||||
- [khaneliman/khanelinix](https://github.com/khaneliman/khanelinix)
|
- [khaneliman/khanelinix](https://github.com/khaneliman/khanelinix)
|
||||||
|
- [alex007sirois/nix-config](https://github.com/alex007sirois/nix-config) (justfile)
|
||||||
- [hmajid2301/nixicle](https://gitlab.com/hmajid2301/nixicle) (the GOAT, he did what I am aiming for!)
|
- [hmajid2301/nixicle](https://gitlab.com/hmajid2301/nixicle) (the GOAT, he did what I am aiming for!)
|
||||||
21
flake.lock
generated
21
flake.lock
generated
|
|
@ -67,6 +67,26 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"disko": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1753140376,
|
||||||
|
"narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "disko",
|
||||||
|
"rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "disko",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"erosanix": {
|
"erosanix": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-compat": "flake-compat",
|
"flake-compat": "flake-compat",
|
||||||
|
|
@ -881,6 +901,7 @@
|
||||||
},
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
|
"disko": "disko",
|
||||||
"erosanix": "erosanix",
|
"erosanix": "erosanix",
|
||||||
"fenix": "fenix",
|
"fenix": "fenix",
|
||||||
"firefox": "firefox",
|
"firefox": "firefox",
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,11 @@
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
disko = {
|
||||||
|
url = "github:nix-community/disko";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
|
|
||||||
home-manager = {
|
home-manager = {
|
||||||
url = "github:nix-community/home-manager";
|
url = "github:nix-community/home-manager";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
|
||||||
4
justfile
4
justfile
|
|
@ -15,3 +15,7 @@ install profile host:
|
||||||
--flake .#{{profile}} \
|
--flake .#{{profile}} \
|
||||||
--generate-hardware-config nixos-generate-config ./hardware-configuration.nix \
|
--generate-hardware-config nixos-generate-config ./hardware-configuration.nix \
|
||||||
{{host}}
|
{{host}}
|
||||||
|
|
||||||
|
[doc('builds the configuration for the host')]
|
||||||
|
build host:
|
||||||
|
nh os build . -H {{host}}
|
||||||
|
|
@ -15,10 +15,10 @@ in
|
||||||
nix = {
|
nix = {
|
||||||
package = pkgs.nixVersions.latest;
|
package = pkgs.nixVersions.latest;
|
||||||
|
|
||||||
extraOptions = "experimental-features = nix-command flakes";
|
extraOptions = "experimental-features = nix-command flakes pipe-operators";
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
experimental-features = [ "nix-command" "flakes" ];
|
experimental-features = [ "nix-command" "flakes" "pipe-operators" ];
|
||||||
allowed-users = [ "@wheel" ];
|
allowed-users = [ "@wheel" ];
|
||||||
trusted-users = [ "@wheel" ];
|
trusted-users = [ "@wheel" ];
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -13,10 +13,11 @@ in
|
||||||
environment.systemPackages = with pkgs; [ sops ];
|
environment.systemPackages = with pkgs; [ sops ];
|
||||||
|
|
||||||
sops = {
|
sops = {
|
||||||
|
age.keyFile = "/home/.sops-key.age";
|
||||||
|
|
||||||
defaultSopsFile = ../../../../secrets/secrets.yaml;
|
defaultSopsFile = ../../../../secrets/secrets.yaml;
|
||||||
defaultSopsFormat = "yaml";
|
defaultSopsFormat = "yaml";
|
||||||
|
|
||||||
age.keyFile = "/home/";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
@ -1,34 +1,59 @@
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ config, lib, pkgs, modulesPath, inputs, ... }:
|
||||||
let
|
let
|
||||||
inherit (lib.modules) mkDefault;
|
inherit (lib.modules) mkDefault;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
# TODO :: Implement disko at some point
|
imports = [
|
||||||
|
inputs.disko.nixosModules.disko
|
||||||
|
];
|
||||||
|
|
||||||
swapDevices = [];
|
config = {
|
||||||
|
swapDevices = [];
|
||||||
|
|
||||||
boot.supportedFilesystems = [ "nfs" ];
|
boot.supportedFilesystems = [ "nfs" ];
|
||||||
|
|
||||||
fileSystems = {
|
disko.devices = {
|
||||||
"/" = {
|
disk = {
|
||||||
device = "/dev/disk/by-label/nixos";
|
main = {
|
||||||
fsType = "ext4";
|
device = "/dev/nvme0";
|
||||||
|
type = "disk";
|
||||||
|
content = {
|
||||||
|
type = "gpt";
|
||||||
|
partitions = {
|
||||||
|
ESP = {
|
||||||
|
size = "100M";
|
||||||
|
type = "EF00";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "vfat";
|
||||||
|
mountpoint = "/boot";
|
||||||
|
mountOptions = [ "umask=0077" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
root = {
|
||||||
|
size = "100%";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "ext4";
|
||||||
|
mountpoint = "/";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
"/boot" = {
|
fileSystems = {
|
||||||
device = "/dev/disk/by-label/boot";
|
"/home/chris/media" = {
|
||||||
fsType = "vfat";
|
device = "ulmo:/";
|
||||||
options = [ "fmask=0022" "dmask=0022" ];
|
fsType = "nfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
"/home/chris/media" = {
|
"/home/chris/mandos" = {
|
||||||
device = "ulmo:/";
|
device = "mandos:/";
|
||||||
fsType = "nfs";
|
fsType = "nfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
"/home/chris/mandos" = {
|
|
||||||
device = "mandos:/";
|
|
||||||
fsType = "nfs";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,15 +11,15 @@ sops:
|
||||||
azure_kv: []
|
azure_kv: []
|
||||||
hc_vault: []
|
hc_vault: []
|
||||||
age:
|
age:
|
||||||
- recipient: age10c5hmykkduvy75yvqfnchm5lcesr5puarhkwp4l7xdwpykdm397q6xdxuy
|
- recipient: age10c5hmykkduvy75yvqfnchm5lcesr5puarhkwp4l7xdwpykdm397q6xdxuy
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpeHZXWkZ2andYSytmYWpR
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpeHZXWkZ2andYSytmYWpR
|
||||||
ckttNVJZaWxDK2ZwME1iY2wrWFNwR0hzWUNFCjVSaWpmTHkzdHpPNjhueTQ5ZUEz
|
ckttNVJZaWxDK2ZwME1iY2wrWFNwR0hzWUNFCjVSaWpmTHkzdHpPNjhueTQ5ZUEz
|
||||||
YW1BcnIwU1hsb2lodk1QcHJvTUdrVVUKLS0tIFNpWlBqb2pOWDVLV0FvU1FUODJB
|
YW1BcnIwU1hsb2lodk1QcHJvTUdrVVUKLS0tIFNpWlBqb2pOWDVLV0FvU1FUODJB
|
||||||
dTg0QXZuSkJXV3ZRSUlKcktDNElia28KKZ62gTVpeiz1CfK7awURrPZ7zAYx9vfR
|
dTg0QXZuSkJXV3ZRSUlKcktDNElia28KKZ62gTVpeiz1CfK7awURrPZ7zAYx9vfR
|
||||||
Ajxk0cw1gleE6EU2iIlLOWtmyZbcNk1X32a+otXijlH8fDGtoxA97Q==
|
Ajxk0cw1gleE6EU2iIlLOWtmyZbcNk1X32a+otXijlH8fDGtoxA97Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2025-03-09T11:37:49Z"
|
lastmodified: "2025-03-09T11:37:49Z"
|
||||||
mac: ENC[AES256_GCM,data:ZEqJc6slPb3YMR9kn/jFImjkQQIT3KyUK3qE3JMty+IAAr9GT8r+rHOwku4TOwL6YzON6L5vkUQFFKnOz9GiJuGkStc6AbML4SfOlRDsaFU4kwO+27UvDBYRqi6iHtJ2pu/uD4wELVhdbElxHvFlCjtgqBWaWmlXw3ATjkiZnik=,iv:zJNM/TqNfBO/mr8ZK/I/FfXwknyn9YpJ0eo4EpHSJvQ=,tag:G4FLx/Hwknq5hYEb8SWQLg==,type:str]
|
mac: ENC[AES256_GCM,data:ZEqJc6slPb3YMR9kn/jFImjkQQIT3KyUK3qE3JMty+IAAr9GT8r+rHOwku4TOwL6YzON6L5vkUQFFKnOz9GiJuGkStc6AbML4SfOlRDsaFU4kwO+27UvDBYRqi6iHtJ2pu/uD4wELVhdbElxHvFlCjtgqBWaWmlXw3ATjkiZnik=,iv:zJNM/TqNfBO/mr8ZK/I/FfXwknyn9YpJ0eo4EpHSJvQ=,tag:G4FLx/Hwknq5hYEb8SWQLg==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
Loading…
Add table
Add a link
Reference in a new issue