mirror of
https://github.com/foo-dogsquared/nixos-config.git
synced 2025-01-31 10:58:02 +00:00
hosts/ni: update config and store secrets
This commit is contained in:
Gabriel Arazas
parent
ef8580ebe6
commit
688bfb59c4
@ -17,6 +17,13 @@
|
|||||||
})
|
})
|
||||||
];
|
];
|
||||||
|
|
||||||
|
services.openssh.hostKeys = [{
|
||||||
|
path = config.sops.secrets.ssh-key.path;
|
||||||
|
type = "ed25519";
|
||||||
|
}];
|
||||||
|
sops.secrets.ssh-key.sopsFile = ./secrets/secrets.yaml;
|
||||||
|
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
||||||
|
|
||||||
boot.binfmt.emulatedSystems = [
|
boot.binfmt.emulatedSystems = [
|
||||||
"aarch64-linux"
|
"aarch64-linux"
|
||||||
"riscv64-linux"
|
"riscv64-linux"
|
||||||
@ -67,7 +74,9 @@
|
|||||||
];
|
];
|
||||||
|
|
||||||
# This is needed for shell integration and applying semantic zones.
|
# This is needed for shell integration and applying semantic zones.
|
||||||
environment.profiles = [ pkgs.wezterm ];
|
environment.extraInit = ''
|
||||||
|
source ${pkgs.wezterm}/etc/profiles.d/wezterm.sh
|
||||||
|
'';
|
||||||
|
|
||||||
# Enable Guix service.
|
# Enable Guix service.
|
||||||
services.guix-binary.enable = true;
|
services.guix-binary.enable = true;
|
||||||
@ -85,13 +94,6 @@
|
|||||||
longitude = 121.0;
|
longitude = 121.0;
|
||||||
};
|
};
|
||||||
|
|
||||||
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
|
||||||
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
|
||||||
# replicates the default behaviour.
|
|
||||||
networking.useDHCP = false;
|
|
||||||
networking.interfaces.enp1s0.useDHCP = true;
|
|
||||||
networking.interfaces.wlp2s0.useDHCP = true;
|
|
||||||
|
|
||||||
# Some programs need SUID wrappers, can be configured further or are
|
# Some programs need SUID wrappers, can be configured further or are
|
||||||
# started in user sessions.
|
# started in user sessions.
|
||||||
programs.mtr.enable = true;
|
programs.mtr.enable = true;
|
||||||
@ -109,12 +111,6 @@
|
|||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
system.stateVersion = "22.11"; # Yes! I read the comment!
|
||||||
# settings for stateful data, like file locations and database versions
|
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
|
||||||
# this value at the release version of the first install of this system.
|
|
||||||
# Before changing this value read the documentation for this option
|
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
|
||||||
system.stateVersion = "22.11"; # Did you read the comment?
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@
|
|||||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
|
|
||||||
boot.initrd.availableKernelModules =
|
boot.initrd.availableKernelModules =
|
||||||
[ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
|
[ "xhci_pci" "ahci" "nvme" "usb_storage" "uas" "sd_mod" ];
|
||||||
boot.initrd.kernelModules = [ ];
|
boot.initrd.kernelModules = [ ];
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
@ -24,6 +24,10 @@
|
|||||||
|
|
||||||
swapDevices = [{ label = "swap"; }];
|
swapDevices = [{ label = "swap"; }];
|
||||||
|
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.interfaces.enp1s0.useDHCP = true;
|
||||||
|
networking.interfaces.wlp2s0.useDHCP = true;
|
||||||
|
|
||||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault true;
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault true;
|
||||||
}
|
}
|
||||||
|
|||||||
1
hosts/ni/host-key.pub
Normal file
1
hosts/ni/host-key.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4X7YXsEmMW3jP2dfU9l/KrF9jUZqN0sVXSvkag8VFH root@ni
|
||||||
21
hosts/ni/secrets/secrets.yaml
Normal file
21
hosts/ni/secrets/secrets.yaml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
ssh-key: ENC[AES256_GCM,data:QKlQJCr4saNFHFBmbZBYnb0trwDaD+P925PRv0StcHjjT/eQVQijxGJRn4R73F0rChpB0YcnLsqn/mcgZzitzw0Q8MTREBNWYHITKl/VzTiOVhPdfD3hhlLMOVXRjtFwIk69iwheQeh9aGtRmin8MmbjZJHv7bczDuLeD5GtdL7G5Y8KPTF4BFOHFwLuUgL1vOG3wc+vWynFJ6W0t7umnBmcSHaIf2o8ZY2arGruHXsCJHVCtj9G5PS8SMBb1pGstiAXAdhd9rOhbHSYF0rqL841CkGnLL1hUrgNYTXNlEuss06exuYNEQq24GXRYdnMNizhNiWJxGiVC53masTWynryGdj0qRUvjqzzttLLer3w6wS4rA743vPvmlNnVrWauyoUtE9Z/EBLfh2gv2m+I6A8e7aAUyAqsI0e/zMbv0Mvm+Gv2veGHp1sX+PLF6MbQMDxMuax0ZNBgdidGqWAqBtKZ7buLQ5ckU43Js9/CaRB+qQ7VzTJ+amhtQPrlgILY+yQKheLribkSKRuw99p,iv:UaWomy2e/WE0jYAkblGoZDOEEPtQpaIiGawMh8q4Emk=,tag:kS1rafdiqkyMEbdPj+TdqA==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1dm9xugju4q5gx0zty8ckw655ea904c64gv9qw9fn3lu507ck8uzsag59y8
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5RTRLNUNQTHZkQTMzaTgv
|
||||||
|
b2VHQ0JqSDJ3M1VDd0tQaGtmSXZ0VnNSckJNCkNMOStmSW4rM1JhSElJUHN2dklj
|
||||||
|
S0ZRaC9XTmFtRWZvTndpT3BEM0U0NkkKLS0tIEVUYkIrbEhNblNWUnE2K2piSVI2
|
||||||
|
eEV0YWkyWHlIRmxhZjNYU3kzNlN3alkKDbMlrB1MkJ8145OcXyOhQLjLkKhrI/Vm
|
||||||
|
ba7etZO7hqWwajWgEhFGNexI6QuQwgUU3zIOc//zPp8P7nNySfWOww==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2022-07-18T13:08:34Z"
|
||||||
|
mac: ENC[AES256_GCM,data:Q3vlqrnYzjhdrqy6zWBTAU6IHM4rCmS+qdUrlyYezy5j3Sdw+y0EX9w4KCEiJ7c86QrxB+gfxgxYvyLBuXPEEoRqvf7xKIiwGXEs/vxif1W9nri3n14PAP/PdgjQqNCI1BVHAX276Mbkec8ipaFEClboV6d9904/18t9tqlFkx0=,iv:NlLzwp/pJ7X80A+EupaxNwrEP7iO4oFtOlhTQLjAies=,tag:Z3bgc2DhunF7iKF0GOoq2g==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.7.3
|
||||||
Loading…
Reference in New Issue
Block a user