diff options
| -rw-r--r-- | .sops.yaml | 6 | ||||
| -rw-r--r-- | flake.nix | 2 | ||||
| -rw-r--r-- | hosts/arrakis/default.nix | 23 | ||||
| -rw-r--r-- | hosts/secrets/arrakis.yaml | 30 |
4 files changed, 53 insertions, 8 deletions
@@ -14,6 +14,7 @@ # sops updatekeys file.yaml keys: + - &arrakis age1mkqxkwse7hrnxtcgqe0wdzhhrxk55syx2wpcngemecz0d7hugsnqupw3de - &darkstar age1z6g6etwcer433v97lwjrruetdh9fswkgjh9w702wzdc2ydvy5q8ssrfy9r - &ginaz age1900zc5caephklavvjxp0g4qqvyqlzg3sux69y9p092g3d3qck3kqz62reh - &nipsy age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va @@ -23,6 +24,11 @@ creation_rules: key_groups: - age: - *nipsy + - path_regex: ^hosts/secrets/arrakis.yaml$ + key_groups: + - age: + - *arrakis + - *nipsy - path_regex: ^hosts/secrets/darkstar.yaml$ key_groups: - age: @@ -41,7 +41,7 @@ home-manager.users.root = import ./home/root/arrakis.nix; home-manager.users.nipsy = import ./home/nipsy/arrakis.nix; } - #sops-nix.nixosModules.sops + sops-nix.nixosModules.sops ]; }; diff --git a/hosts/arrakis/default.nix b/hosts/arrakis/default.nix index 3ae89c6..9be2392 100644 --- a/hosts/arrakis/default.nix +++ b/hosts/arrakis/default.nix @@ -49,19 +49,28 @@ hostId = "2ae4c89f"; hostName = "arrakis"; nftables.enable = true; + wireless = { + enable = true; + networks = { + "Crystal Palace" = { + pskRaw = "ext:psk_crystal_palace"; + }; + }; + secretsFile = "/run/secrets/wpa_supplicant"; + }; }; services.openssh.settings.X11Forwarding = true; services.xserver.videoDrivers = [ "nvidia" ]; - #sops = { - # age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - # defaultSopsFile = ../secrets/arrakis.yaml; + sops = { + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + defaultSopsFile = ../secrets/arrakis.yaml; - # secrets = { - # "nftables/ssh" = {}; - # }; - #}; + secrets = { + "wpa_supplicant" = {}; + }; + }; system.stateVersion = "23.11"; diff --git a/hosts/secrets/arrakis.yaml b/hosts/secrets/arrakis.yaml new file mode 100644 index 0000000..54b24f5 --- /dev/null +++ b/hosts/secrets/arrakis.yaml @@ -0,0 +1,30 @@ +wpa_supplicant: ENC[AES256_GCM,data:HHs6g3qaaeinVGgteExQvhE0CEC94WjJ0tV7pyI=,iv:6F+DYHieaWWo+V1F9yjwWT7PcdiIpH48nv1SUrFHePk=,tag:cpimCP+YNmCI+t+wpuXwHg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1mkqxkwse7hrnxtcgqe0wdzhhrxk55syx2wpcngemecz0d7hugsnqupw3de + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5UjB1Tk9rajRIVFJWc2Zo + SHZoaFN1ZTltaTBHOHZKZTNGQzk1UnBMSTFnCisrbDZHQTBETldnYmF5aGl0bE14 + aisxZEJYMzdYS0VoSmphT0FOeDZUb1EKLS0tIFp5L1Jjbnd3NXVwcmQ4RThtWDgv + ZXdGdkxHeXN2YkhyNHF4SFFWNS9NbzQKXG65eqAP0pCfXshk2gUFAfyOplcvTb6F + 0sboWmSBPwWi0ARKQHvOO0/Qu4AETRgUQHu/SJH0yc59mr9Nmhzwqg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBieDFPVE11OXRSOCs0Y3Q3 + QVBveUZNMTFmcHZWUSsxNXdLdG1KVmdYQlNnCnNlZndCekV5RmJLK0V6aDczYktG + TS9uWklmOFhyZy9Db0Z4ZnJEZ1liUHcKLS0tIDk1R3RuRVR3UUk0RU5yK1M1WDB2 + ejRLb2Vkd1B3QmxLSE1wUzgrazZJT0UKz1IQxYm7hagYtBsWTpk+f6/79ArRUgNL + MfhHMQAwuuXjBSmuFolyU3UoWnDYK6uGAv5nlTJxESqj5eQBafItSw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-10-13T00:57:02Z" + mac: ENC[AES256_GCM,data:5TPECBIcH0HaWiidl8SKYo7ztWowRmCHKWLWS/fGY0DCf60wVMe6U+ybyWguBhHyCjchS0lpOW73Yy+VRYgUZ6amtKdM5w/iD9OEwdW6QoFbveU88Dx+pgp4OLjYHI4nJeWAs1XkGUttEd9imd57UgAn5mlnQjozhHkKD2Xjz4I=,iv:iwAVxJ92lqT6zexMRDUs4BaonuIQbDjZyRy5Fm0/E0Y=,tag:T8tUILp8u/7j5zcSFlVpYg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 |