pi sops
This commit is contained in:
mjallen18
@@ -1,12 +1,16 @@
|
||||
# See https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
|
||||
keys:
|
||||
- &matt age157jemphjzg6zmk373vpccuguyw6e75qnkqmz8pcnn2yue85p939swqqhy0
|
||||
- &matt_pi4 age13g9a4d4jrvckfddpgn8sm4kjtzajr67le56pfdg78ktr5pd09phq32j89u
|
||||
- &desktop age1jv8ap5zwa49ftv0gg7wqf5ps0e68uuwxe2fekjsn0zkyql964unqyc58rf
|
||||
- &jallen-nas age1mn2afyp9my7y7hcyzum0wdwt49zufnkt8swnyy8pj30cwzs4zvgsthj0lt
|
||||
- &pi4 age1llgz23hxtcmfmmfgaffyfr4rcvwv39ntxlj57frdp7t5ct68e9ssn2jhvy
|
||||
creation_rules:
|
||||
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
|
||||
key_groups:
|
||||
- age:
|
||||
- *matt
|
||||
- *matt_pi4
|
||||
- *desktop
|
||||
- *jallen-nas
|
||||
- *jallen-nas
|
||||
- *pi4
|
||||
10
hosts/pi4/adguard.nix
Normal file
10
hosts/pi4/adguard.nix
Normal file
@@ -0,0 +1,10 @@
|
||||
{ ... }:
|
||||
{
|
||||
services.adguard = {
|
||||
enable = true;
|
||||
allowDHCP = true;
|
||||
port = 3000;
|
||||
openFirewall = true;
|
||||
mutableSettings = true;
|
||||
};
|
||||
}
|
||||
19
hosts/pi4/boot.nix
Normal file
19
hosts/pi4/boot.nix
Normal file
@@ -0,0 +1,19 @@
|
||||
{ pkgs, lib, ... }:
|
||||
{
|
||||
boot = {
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
initrd.availableKernelModules = [
|
||||
"xhci_pci"
|
||||
"usbhid"
|
||||
"usb_storage"
|
||||
];
|
||||
# We're using EFI so enable systemd-boot
|
||||
loader = {
|
||||
systemd-boot.enable = true;
|
||||
generic-extlinux-compatible.enable = lib.mkForce false;
|
||||
};
|
||||
# kernelParams = [
|
||||
# "snd_bcm2835.enable_hdmi=1"
|
||||
# ];
|
||||
};
|
||||
}
|
||||
@@ -8,7 +8,7 @@ let
|
||||
user = "matt";
|
||||
password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
|
||||
SSID = "Joey's Jungle 5G";
|
||||
SSIDpassword = "kR8v&3Qd";#config.sops.templates."wifi-password".content;
|
||||
SSIDpassword = config.sops.templates."wifi-password".content;
|
||||
interface = "wlan0";
|
||||
timezone = "America/Chicago";
|
||||
hostname = "pi4";
|
||||
@@ -16,6 +16,7 @@ in
|
||||
{
|
||||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
./boot.nix
|
||||
./hardware-configuration.nix
|
||||
./impermanence.nix
|
||||
./sops.nix
|
||||
@@ -31,34 +32,18 @@ in
|
||||
|
||||
nix.settings.trusted-users = [ "@wheel" ];
|
||||
|
||||
boot = {
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
initrd.availableKernelModules = [
|
||||
"xhci_pci"
|
||||
"usbhid"
|
||||
"usb_storage"
|
||||
];
|
||||
loader = {
|
||||
systemd-boot.enable = true;
|
||||
generic-extlinux-compatible.enable = lib.mkForce false;
|
||||
};
|
||||
# kernelParams = [
|
||||
# "snd_bcm2835.enable_hdmi=1"
|
||||
# ];
|
||||
};
|
||||
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
enable = false;
|
||||
desktopManager = {
|
||||
budgie.enable = true;
|
||||
budgie.enable = false;
|
||||
};
|
||||
displayManager = {
|
||||
lightdm.enable = true;
|
||||
lightdm.enable = false;
|
||||
};
|
||||
};
|
||||
|
||||
services.ups-monitor = {
|
||||
enable = true;
|
||||
enable = false;
|
||||
};
|
||||
|
||||
# hardware = {
|
||||
|
||||
@@ -20,6 +20,7 @@
|
||||
];
|
||||
files = [
|
||||
"/etc/machine-id"
|
||||
{ file = "/etc/nix/id_rsa"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
|
||||
];
|
||||
};
|
||||
|
||||
|
||||
Reference in New Issue
Block a user