diff --git a/.sops.yaml b/.sops.yaml index d930bf4..bce9d68 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,6 +1,6 @@ --- keys: - - &system_hetznix01 age1a652ev7gekx4aj589s8fd27ul9j5ugpdwg7pxhmqcwdjwwq9gf2qv38um9 + - &system_hetznix01 age1rd55wsu0hhvxk25tm69d9h57z0z0u6556x4ypg09muj3vh4yqs5qaw23nu - &system_nixnuc age1g24zhwvgenpc4wqejt63thvgd4rn5x9n7nnwwme7dm83nfqpp93se2vmq4 - &system_rainbow_planet age15xlw5vnnjdx2ypz6rq0mqcywuaj3yx8y6lrgf95satafqf7y4qus6rv6ck - &user_airpuppet age1awdf9h0avajf57cudx0rjfmxu2wlxw8wf3sa7yvfk8rp4j6taecsu74x77 diff --git a/modules/hosts/nixos/hetznix01/default.nix b/modules/hosts/nixos/hetznix01/default.nix index 825f697..ab489c6 100644 --- a/modules/hosts/nixos/hetznix01/default.nix +++ b/modules/hosts/nixos/hetznix01/default.nix @@ -2,6 +2,10 @@ imports = [ ./hardware-configuration.nix ./disk-config.nix + # Added post-install + ./sops.nix + ./nginx.nix + ./tailscale.nix ]; system.stateVersion = "24.05"; diff --git a/modules/hosts/nixos/hetznix01/hardware-configuration.nix b/modules/hosts/nixos/hetznix01/hardware-configuration.nix index f8f026a..f3eff9f 100644 --- a/modules/hosts/nixos/hetznix01/hardware-configuration.nix +++ b/modules/hosts/nixos/hetznix01/hardware-configuration.nix @@ -4,16 +4,15 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod" ]; + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } + diff --git a/modules/hosts/nixos/hetznix01/secrets.yaml b/modules/hosts/nixos/hetznix01/secrets.yaml index 543ee2e..84f41a5 100644 --- a/modules/hosts/nixos/hetznix01/secrets.yaml +++ b/modules/hosts/nixos/hetznix01/secrets.yaml @@ -1,23 +1,22 @@ -local_git_config: ENC[AES256_GCM,data:/1FaGgxRJT01Xg3NYvcGfTaqxklv3PtoBdVN/H7+Mhlxwed5O++leUA=,iv:VKjkzqH8ayRE9hgNrqwSSx4RKCBYVkUkPtA1dvnkfvA=,tag:lfgezmDGQ/yVfLypLBanYA==,type:str] -local_private_env: "" -tailscale_key: ENC[AES256_GCM,data:yiAug7VEfZ5jROEg3NVmZcfdbfUxBZk2duM6mG/BVXKuAYj4u0SB1HtMCmvX6nr7P3y3YyuqiLw6,iv:bN5xbBOPWJfH+DxcHp2ODLm95jyzUwjSkKynPmvQvnY=,tag:8b/0hnNH7T64xBFMkXRjeQ==,type:str] +local_git_config: ENC[AES256_GCM,data:BulcGoJ85+BA3maqbMewUdaNOl3feaJMq/4yZL8Y8SLOHqzmA/DUO7k=,iv:V7wpSiEQpt7AhKd+MUyGqTsO6YZovpkj+AaqpLnfRM0=,tag:7f3fFzQX3bpjokVPnUKDPQ==,type:str] +local_private_env: ENC[AES256_GCM,data:OFcCaE9/hpd6JIoUTTxg0pEFL3rkUE3G+JzP/wjFXpa/AJa2Rr0Kv42Pu+iwgPMWgcpp50ChjVxGvbceNQ==,iv:I2LyWwvdMdE4wKLb3udLVMu3jFsvYR1ruZvaVt9GG7c=,tag:tBPmlNr0iNdLRU1GIRV2mg==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: - - recipient: age1a652ev7gekx4aj589s8fd27ul9j5ugpdwg7pxhmqcwdjwwq9gf2qv38um9 + - recipient: age1rd55wsu0hhvxk25tm69d9h57z0z0u6556x4ypg09muj3vh4yqs5qaw23nu enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2NFBqRFNnSmJCK0ZPYUR5 - SXRXRDhaMmVCbGFVUWxoYkhPbUczdHBJdkZvClcxcE5IUnMvN0tHbllNU3hwMTY1 - SXlhUHFJd3JCYU5MVDB2UnJPaW5xYncKLS0tIENqd3N1dnZ1NFltQ1pOSjA2dU5N - VUIzR0FqbFNvOXAzREZtdDJNTWhjYUEKYfA5s8PRVbefoOefKLs7NiHUd6fYZ62I - ZwUi9YZt+zHxBxxFFMpduSSd5q50Qz+CMBNQHv2CPOBcGeFjToiDxg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5ejVRcmRBR3p6N2V1anZp + RkEwVTBWR09TazdNTnZ3YWlUUU9IOUordDNjClJmdU9sUkttaktTOTR4WldFWXFs + WkQ4a1dWaGJmVE40YmovQWJSRS8rTjQKLS0tIERBQ2wxNGc0Um9IQ2FPOU1jTDhZ + WkI4ejBaODI0d0tjWHpTT3VWTXNyaXcKMDtvHN4gcZqBNslyC+NwYW05zgs8QuPV + W6EktAz+xu6kx5BJbli5GkUFmj52AtEGIqZ1Sr4a0pKQACC87XcTQA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-06T02:07:39Z" - mac: ENC[AES256_GCM,data:JWLLdojUJlI0SDdT8Yg0pj03Jmc7eCJL8GHPtXOfw28vcqlK2tnR/yWLI+MClFVu+o4vrV9HZv+41VItqAkeMjBlgAYib9JgTwtkiECZz8o6i8FXEk09Qkml9WKyKrAU1Og/+gt3y1MUSzrmGgg8YkM3YVv7nyGr8lZ0nf/rWb8=,iv:rYtawgUgxsXCY4OHbLW6l2X/x1f+C7X22MoYVlfHIaw=,tag:pdACJHoe56N1lllrFoyHow==,type:str] + lastmodified: "2024-06-15T20:39:04Z" + mac: ENC[AES256_GCM,data:S24sEsBGp/NXShp6XzNSiLMgN5NbX1EbHuxpcOhtye6e0ZzIj9vTzh2VQ61ALaAI1O/CD5MawDy0NfDjk9Rzo5yk0zf3VTaP0QydIOlph7eTAMNPbC7jGXZS1DF1cGaQnKyNTx8iMJZeqvF4Ymfi5j8G+5aAWiMa8qfYWQeo2KU=,iv:JXccbPWqKh/CRUwb+BSQrPZc8LaHguOj/5qFNowKT6E=,tag:rd+sSPKlkJyrp0zqK1mb5Q==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/modules/system/common/secrets.yaml b/modules/system/common/secrets.yaml index c5749fb..37c75ad 100644 --- a/modules/system/common/secrets.yaml +++ b/modules/system/common/secrets.yaml @@ -72,8 +72,8 @@ sops: ZlBVMUJmWml3dkQ3OTN1ZmF1N0hXNHcKnLOSViooQmhU5yE754VHIBYNRVikgptc 3bXDiOlkjBbxGru3bnn+vUUJ3n+QdZoAnCgdL7D2/Me3HVrAW5M5LA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-07T00:55:24Z" - mac: ENC[AES256_GCM,data:5GaItFbHP8Qj8Dev5a0kkI7VFovvW5STaI7MPaZibHWCB2Xvcw50ZjKPRVVx6yqsnjz6zf3H2h/siowq/eAvvKJ5gltbof4NAxcCqjcOrqpUaeFT1ykG2SMznX8OezUyH6K7KmFgSFgYv3F/5JhoQOIClJs4NmQIBxUf7afY9KQ=,iv:oJhBRcyyL5zBc324tyyTYF2i1a0Q+CkOxwg4HbyUXkA=,tag:kK9/bQIO/VioSpmxC7P+XA==,type:str] + lastmodified: "2024-06-15T20:40:25Z" + mac: ENC[AES256_GCM,data:ErxmmCLDQM0CvUR5xvUt9OxORC9/1seWIdCNk1ZVbC7VouxuDmSgqmsb+W7Y69wqwJrRhg4JTwcUs/uo9A1IIpSoSpfHyz4NWI41kusRJmimR6UznEFRfaLDSUDkYB5YXValRiQTXDvHjRoeJyvyjArsE3DSUws3wx3KqqpFT7g=,iv:Evh58pQ1l9YZAQo1USoCSWyM9EFGm0POxMOKVxuw44g=,tag:mVY0GUtVJ8Ur8SubJ3jlvg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1