From a157ad4de2f8c51d49cce0a790bd081779056fa4 Mon Sep 17 00:00:00 2001 From: Mark Nipper Date: Sat, 12 Oct 2024 18:00:07 -0700 Subject: Add SOPS and wireless configuration for arrakis --- hosts/arrakis/default.nix | 23 ++++++++++++++++------- hosts/secrets/arrakis.yaml | 30 ++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 7 deletions(-) create mode 100644 hosts/secrets/arrakis.yaml (limited to 'hosts') diff --git a/hosts/arrakis/default.nix b/hosts/arrakis/default.nix index 3ae89c6..9be2392 100644 --- a/hosts/arrakis/default.nix +++ b/hosts/arrakis/default.nix @@ -49,19 +49,28 @@ hostId = "2ae4c89f"; hostName = "arrakis"; nftables.enable = true; + wireless = { + enable = true; + networks = { + "Crystal Palace" = { + pskRaw = "ext:psk_crystal_palace"; + }; + }; + secretsFile = "/run/secrets/wpa_supplicant"; + }; }; services.openssh.settings.X11Forwarding = true; services.xserver.videoDrivers = [ "nvidia" ]; - #sops = { - # age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - # defaultSopsFile = ../secrets/arrakis.yaml; + sops = { + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + defaultSopsFile = ../secrets/arrakis.yaml; - # secrets = { - # "nftables/ssh" = {}; - # }; - #}; + secrets = { + "wpa_supplicant" = {}; + }; + }; system.stateVersion = "23.11"; diff --git a/hosts/secrets/arrakis.yaml b/hosts/secrets/arrakis.yaml new file mode 100644 index 0000000..54b24f5 --- /dev/null +++ b/hosts/secrets/arrakis.yaml @@ -0,0 +1,30 @@ +wpa_supplicant: ENC[AES256_GCM,data:HHs6g3qaaeinVGgteExQvhE0CEC94WjJ0tV7pyI=,iv:6F+DYHieaWWo+V1F9yjwWT7PcdiIpH48nv1SUrFHePk=,tag:cpimCP+YNmCI+t+wpuXwHg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1mkqxkwse7hrnxtcgqe0wdzhhrxk55syx2wpcngemecz0d7hugsnqupw3de + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5UjB1Tk9rajRIVFJWc2Zo + SHZoaFN1ZTltaTBHOHZKZTNGQzk1UnBMSTFnCisrbDZHQTBETldnYmF5aGl0bE14 + aisxZEJYMzdYS0VoSmphT0FOeDZUb1EKLS0tIFp5L1Jjbnd3NXVwcmQ4RThtWDgv + ZXdGdkxHeXN2YkhyNHF4SFFWNS9NbzQKXG65eqAP0pCfXshk2gUFAfyOplcvTb6F + 0sboWmSBPwWi0ARKQHvOO0/Qu4AETRgUQHu/SJH0yc59mr9Nmhzwqg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBieDFPVE11OXRSOCs0Y3Q3 + QVBveUZNMTFmcHZWUSsxNXdLdG1KVmdYQlNnCnNlZndCekV5RmJLK0V6aDczYktG + TS9uWklmOFhyZy9Db0Z4ZnJEZ1liUHcKLS0tIDk1R3RuRVR3UUk0RU5yK1M1WDB2 + ejRLb2Vkd1B3QmxLSE1wUzgrazZJT0UKz1IQxYm7hagYtBsWTpk+f6/79ArRUgNL + MfhHMQAwuuXjBSmuFolyU3UoWnDYK6uGAv5nlTJxESqj5eQBafItSw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-10-13T00:57:02Z" + mac: ENC[AES256_GCM,data:5TPECBIcH0HaWiidl8SKYo7ztWowRmCHKWLWS/fGY0DCf60wVMe6U+ybyWguBhHyCjchS0lpOW73Yy+VRYgUZ6amtKdM5w/iD9OEwdW6QoFbveU88Dx+pgp4OLjYHI4nJeWAs1XkGUttEd9imd57UgAn5mlnQjozhHkKD2Xjz4I=,iv:iwAVxJ92lqT6zexMRDUs4BaonuIQbDjZyRy5Fm0/E0Y=,tag:T8tUILp8u/7j5zcSFlVpYg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 -- cgit v1.2.3