Initial universe setup
This commit is contained in:
parent
a82dd9710b
commit
446c8c869b
|
@ -52,3 +52,7 @@ creation_rules:
|
|||
- age:
|
||||
- *nathan
|
||||
- *tounge
|
||||
- path_regex: secrets/universe
|
||||
key_groups:
|
||||
- age:
|
||||
- *nathan
|
||||
|
|
10
flake.nix
10
flake.nix
|
@ -159,6 +159,16 @@
|
|||
extraModules = [ ./machines/tounge/configuration.nix ];
|
||||
};
|
||||
|
||||
universe = makeNixosSystem {
|
||||
system = "aarch64-linux";
|
||||
hostName = "universe";
|
||||
extraModules = [
|
||||
./machines/universe/configuration.nix
|
||||
"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
|
||||
({ pkgs, ... }: { sdImage.compressImage = false; })
|
||||
];
|
||||
};
|
||||
|
||||
perception = makeNixosSystem {
|
||||
system = "x86_64-linux";
|
||||
hostName = "perception";
|
||||
|
|
|
@ -0,0 +1,67 @@
|
|||
{ config, lib, pkgs, inputs, ... }:
|
||||
|
||||
{
|
||||
# Setup hardware
|
||||
imports = [ inputs.nixos-hardware.nixosModules.raspberry-pi-4 ];
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-label/NIXOS_SD";
|
||||
fsType = "ext4";
|
||||
options = [ "noatime" ];
|
||||
};
|
||||
};
|
||||
# Sops setup for this machine
|
||||
sops.secrets = {
|
||||
# "borg-ssh-key" = {
|
||||
# sopsFile = ../../secrets/tounge/borg.yaml;
|
||||
# format = "yaml";
|
||||
# };
|
||||
# "borg-password" = {
|
||||
# sopsFile = ../../secrets/tounge/borg.yaml;
|
||||
# format = "yaml";
|
||||
# };
|
||||
"wifi" = {
|
||||
sopsFile = ../../secrets/universe/wifi;
|
||||
format = "binary";
|
||||
};
|
||||
};
|
||||
# Setup system configuration
|
||||
nathan = {
|
||||
services = {
|
||||
borg = {
|
||||
enable = false;
|
||||
extraExcludes = [ "/var/lib/docker" "/var/log" ];
|
||||
passwordFile = config.sops.secrets."borg-password".path;
|
||||
sshKey = config.sops.secrets."borg-ssh-key".path;
|
||||
};
|
||||
};
|
||||
config = {
|
||||
setupGrub = false;
|
||||
userUid = "1001";
|
||||
nix = {
|
||||
autoUpdate = true;
|
||||
autoGC = true;
|
||||
};
|
||||
harden = false;
|
||||
virtualization = { docker = true; };
|
||||
};
|
||||
};
|
||||
# Configure networking
|
||||
networking = {
|
||||
domain = "mccarty.io";
|
||||
useDHCP = true;
|
||||
wireless = {
|
||||
environmentFile = config.sops.secrets."wifi".path;
|
||||
networks = { "Apollo" = { psk = "@PSK_WIFI@"; }; };
|
||||
};
|
||||
# Open ports in firewall
|
||||
firewall = {
|
||||
allowedTCPPorts = [ ];
|
||||
allowedUDPPorts = [ ];
|
||||
};
|
||||
};
|
||||
|
||||
# Setup home manager
|
||||
home-manager.users.nathan = import ./home.nix;
|
||||
|
||||
}
|
|
@ -0,0 +1,3 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{ }
|
|
@ -0,0 +1,20 @@
|
|||
{
|
||||
"data": "ENC[AES256_GCM,data:3WmVihQjC4qhLb92jgGx0Bw+CsAZXzkiJ3LDAhc=,iv:ncxPR7HwiuGUsD8nJIuYy9Y/8yZYIwn/68NL4mYpDzA=,tag:sTDgX6nYxTdobePAAjwnEQ==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPa3V6UURQODB3QU9ad2RR\nTElJd0xxb3BMbEJyRWVyb0RjbUw4QUZkVHhRCjA4ZjA1Q3lvM3dVdDJ0NjMxOVpr\nNkNQSmNnSHBiNVc0M0FYUXBMVXArZG8KLS0tIERrRlV6QzFabmVrUzVMdG1ob1NB\nc1dyV0s5c09hWmdhcW9xM1ltSTVBNTAK+MxyzBmwT19bMVRTl0/0y1/RIQFOFwJD\nExKflegKylhEIlSmUub1PP7qf2+AVi8mzEUufpr19hdWOY0U8h0kBA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2023-08-05T17:26:29Z",
|
||||
"mac": "ENC[AES256_GCM,data:cBvQSQG17NmUZE+Yoh81w2Mn9OpJig93pLM6JcixY1mR9478K3KuXMSc4GzkGMlslWC4LoyZWd9BEGkY6WqRpBD+qkRmwFt3rTy6YB/mZZ2sPfpP3p4VA6Z4Wb5mHHfIvD4G/HHhIRo8wt0IpSQrwCUNwKrdbPApQhYEh5qnzig=,iv:gELvtkE18TMJeg1nS9wamNdutUeKKgI+ub15s9eHqvo=,tag:guO4p6AcE5BsO3Oyi7sB4g==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.7.3"
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue