Update Ophanim and add sops.
This commit is contained in:
parent
79b05baecf
commit
ec93123f4d
GPG key ID:
C0F1D326C7626543
5 changed files with 61 additions and 7 deletions
|
|
@ -2,7 +2,7 @@ keys:
|
|||
- &admins 1F2EA6D9A57A9BE5A7F3AA035BEBEE4EE57DC7E2
|
||||
- &lilim age1w3uhx6han0frfvg2t3t3wnwnzpkplzeyhun0dmqpkqwscmzlz4ms3elug4
|
||||
- &marid age10vw4q40dq0tk9xzexeyn7cl6qka0hz7mfkmhv9g322k0u4dacd5sq8gg67
|
||||
- &ophanim age19j87dhkpgrjc5hghwh0njkt6fdgr6tg90hvxrhlrfqa063cwxepq32a23m
|
||||
- &ophanim age1u386j7v4yrxm6psykfk4wyy5ay2ugcfcemve2msfwv0klnf3x34stz34du
|
||||
creation_rules:
|
||||
- path_regex: machines/Lilim/[^/]+.yaml$
|
||||
key_groups:
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
{ pkgs, ... }:
|
||||
{ nixpkgs, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||
[ "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
|
||||
];
|
||||
|
||||
boot = {
|
||||
|
|
@ -12,7 +12,6 @@
|
|||
extraModulePackages = [ ];
|
||||
loader.grub = {
|
||||
enable = true;
|
||||
version = 2;
|
||||
device = "/dev/sda"; # or "nodev" for efi only
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ in {
|
|||
"server"
|
||||
];
|
||||
services = [
|
||||
"fail2ban"
|
||||
"acme"
|
||||
"gitea"
|
||||
# "hydra"
|
||||
"mailserver"
|
||||
|
|
@ -41,8 +41,8 @@ in {
|
|||
firewall = {
|
||||
enable = true;
|
||||
allowPing = false;
|
||||
allowedUDPPorts = [ 22 80 443 ];
|
||||
allowedTCPPorts = [ 80 443 ];
|
||||
allowedUDPPorts = [ 22 80 443 7776 ];
|
||||
allowedTCPPorts = [ 80 443 7776 ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
44
machines/Ophanim/secrets.yaml
Normal file
44
machines/Ophanim/secrets.yaml
Normal file
|
|
@ -0,0 +1,44 @@
|
|||
users:
|
||||
derped:
|
||||
password: ENC[AES256_GCM,data:XpUNgLLdbzS31XaZm0PbZ6Q/6sDP66YP97VIOV7/ixExFSpJW0gfwIiHuj7ROCeAi8lqcKAnAcTuflUx378HUFtaZ9lSE9GQ26sWcrx9/PYOX0bYnn8nE7S7gVQgf83fIlrK,iv:duZ+xAg/6KgCjEYQbxV4Uhi6RbRhsWW/bHMnlDHzc0M=,tag:iN8uDzDmh7QAMO3ZYiYFLA==,type:str]
|
||||
mail: ENC[AES256_GCM,data:hEQBzZ4IN9BmwA4s/wDUTFiKyuHl/iVep/xJT5fyOfTaQUPuBMWspDsdEG5g/h1dFf5ujHts2+rcWZiZTjiZbrqCj2/Ivsbqy5xG28VztGPh7M7439TMIq6LrgVUaNVmKxU7,iv:KosKUgGPYicjFSR9njgI/NGSQwBkZR46c6DKyiJITp4=,tag:XIC70j6adWTvvKJJojifPg==,type:str]
|
||||
services:
|
||||
gitea:
|
||||
dbPass: ENC[AES256_GCM,data:Td8oYUkIPi0xDgepRW4LNTLpWRbGYin4VT8gxGP6fAIADaX2F3pf5g==,iv:pTUvtCkpSZXQLheHfOEKLivervrsCc/lHqXbZ1ennGY=,tag:LcEGyoZNigEYXEHp2lCgDQ==,type:str]
|
||||
hydra:
|
||||
secretKey: ENC[AES256_GCM,data:TkAFImyj7ESA72aPjUTvUwTVzZ3KpXNdw41Bk2yGOJrNRiP3aA/+iK45BzJdeAssc5evZyvhFE+JE4ovOSuaWUz4YFH/TH41N5dkhSmPTND+hU6u24rv/gTcCH9BH/8uvFOnWCBmkKmFopE=,iv:NSCINUwyNCRMsGNjwfO/P1nMpYDQLxt448W2AfCBmLI=,tag:pfMpTExIabCmsHOiOIf6Qg==,type:str]
|
||||
nextcloud:
|
||||
adminPass: ENC[AES256_GCM,data:OEqdKKwpDdnlFA5mTOTaow==,iv:DFHIYqqNNBzmtE+ZbXy1ga2UQyQ9YXE+jYprdEJwYjI=,tag:Rc1viogmOxaK9d60lmGlgg==,type:str]
|
||||
dbPass: ENC[AES256_GCM,data:6x6efRMiBvIt44SrZANwEGe3iZn3U+ZvY6bdOS/q3Olymm+kEwY+cQ==,iv:aJEADtgIbUu1ewV4MjDvepzoJ6nlFG3J4JgVonPNWfM=,tag:2Sgj1dmr8WcahKnpo3nTSg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1u386j7v4yrxm6psykfk4wyy5ay2ugcfcemve2msfwv0klnf3x34stz34du
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4MnhBVzREYkdEMXYrbG5F
|
||||
Tkh5dUk1Z3pvbFU2b29ScHRreUg4Y0poTFdjClFOQzg2aGF5dUtLdFV1Rm5Rb0ZX
|
||||
cGZDYW9YQWFOa0l6cGFKaFZxVk9PaWcKLS0tIHN2M3puV2V1YzBWd2YvdEdMYTJl
|
||||
Mzh6aFZKM2k3TTZveWRPc2ZkKzNvYm8KpNozbSJDJ3Yd2FsR0krsPXsn1beIyniD
|
||||
0tJNmBFphav57LDQrYz5D+J4pMKKQI1P/USCPDDu1km2dJF/RJzeJQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-09-10T12:32:05Z"
|
||||
mac: ENC[AES256_GCM,data:uJ5Wi9vYGLB/Z3QHHS5nxFkn1CtxR/wkk/wwYZiL1LWa3w/ZeeBy7L3Kq1i8FIYET3i2cHeeimDYLWtl3xQIEH9FF1fXeTKFMMOh2NTWZC6ZdtRnVtPJapHYaCieBd8R0dga+KE2WzFBjwKiYu6OW+nD8W7tBqbSy0lXAY1WyFU=,iv:QdXhTubQAmuR4bLSPwZcECIuNTPYLoKzVfpfx7e3VJY=,tag:G78fxo87AdRUcNG48RLAPg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-09-10T17:32:58Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4DVbZwA9DOvl8SAQdAJ4Qrf8O6xL6S/cFQVN03zFsAimcaj0i4k1XQt1Nu/Q8w
|
||||
08L6kBtYMw6PdEMJ0Tm+wqS/cB+kL5xQRGH6a05hbYoSDJdApO7Ur7r4RWS1r4cL
|
||||
1GgBCQIQT7t2XPbZ7g8EzhIDDffm4JXi0D7oIoeAnpbnad3ao2YUA2hTFTX025FY
|
||||
dK1kIPCqA4cET+vqM9W3qq1DSKr+YoMrycWyUntwk9TSpy6pmMw4OII8yKnccoNR
|
||||
LkjqppMzPP/4OQ==
|
||||
=+ryG
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 1F2EA6D9A57A9BE5A7F3AA035BEBEE4EE57DC7E2
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
11
machines/Ophanim/sops.nix
Normal file
11
machines/Ophanim/sops.nix
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
{ config, lib, ... }:
|
||||
|
||||
{
|
||||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
age = {
|
||||
keyFile = "/var/lib/sops-nix/key.txt";
|
||||
generateKey = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
Loading…
Reference in a new issue