noe/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

add keylime

Browse source
This commit is contained in:
41666 2023-12-23 02:39:15 -05:00
parent 6fdb1cd520
commit 2a50b2098e
7 changed files with 80 additions and 76 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
.sops.yaml
View file

@ -7,6 +7,7 @@ keys: &all
- &m_cider age1kjsga2kf95lu7p5stqr5d9p87jquyypnx97cycj6jvhsm9zkn93quexx4r
- &m_aerial age1jc6ghxfgxe3gx53xa55azxan447cfxaqfqeh5y5yzqapj7mw7ajql8kv02
- &m_blueberry age12p9lw3zgufcg7qx375t9lwtckzwgj0tkn2pt9uj3tnx9sn3ucqgsf5ctdd
- &m_keylime age1pvmyk2ukaaq0xqx6wcst4smlfh2l76camukfv03ykfr0qdhuce6quttryy
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
@ -47,3 +48,10 @@ creation_rules:
- *op_noe_2
- *op_noe_3
- *m_blueberry
- path_regex: secrets/keylime/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *op_noe
- *op_noe_2
- *op_noe_3
- *m_keylime

33
flake.nix
View file

@ -71,7 +71,7 @@
in import ./pkgs { inherit pkgs; } //
{
proxmox-lxc = inputs.nixos-generators.nixosGenerate {
inherit system;
inherit system pkgs;
modules = [
./nixos/templates/proxmox-lxc.nix
];
@ -117,35 +117,8 @@
# Main Desktop
aerial = mkNixos [ ./nixos/hosts/aerial ];
# 2015 MBP
#echo = mkNixos [ ./nixos/hosts/echo ];
# 2013 MBP
#who =
# Pi4B Xbox Hacking
#xxx = mkNixos [
# PlanetSide Stack
#watermelon =
# Akkoma (sapphic.engineer)
#pineapple =
# Web Services
#honeydew =
# Workers
#tangerine =
# Pi3B Audio Streamer
#audiofox =
# Router
#nekomata =
# just give me a machine THANKS
#lab =
# Keylime Lab
keylime = mkNixos [ ./nixos/hosts/keylime ];
};
darwinConfigurations = {

9
nixos/hosts/aerial/default.nix
View file

@ -26,9 +26,10 @@
fsType = "ext4";
};
networking.firewall.allowedTCPPorts = [ 42069 ];
environment.systemPackages = [
pkgs.python3
];
networking.firewall.allowedTCPPorts = [ 42069 8000 ];
networking.firewall.allowedUDPPorts = [ 42069 ];
}

10
nixos/hosts/keylime/default.nix Normal file
View file

@ -0,0 +1,10 @@
{...}: {
imports = [
../../templates/proxmox-lxc.nix
../../server.nix
../../features/podman.nix
];
networking.hostname = "keylime";
system.stateVersion = "24.05";
}

3
nixos/templates/proxmox-lxc.nix
View file

@ -1,9 +1,10 @@
{ pkgs, config, modulesPath, lib, ... }: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
../users/noe.nix
];
system.stateVersion = "24.05";
system.stateVersion = lib.mkDefault "24.05";
users.users.root.hashedPassword = "$y$j9T$kWYIRHrwP1uXV.l4vTJ67/$VGkvX09rzebYPWRI5vk0Z/IDo434bBaIqUutWp4l0L2";
users.users.root.openssh.authorizedKeys.keys = import ../users/noe-keys.nix;

2
nixos/users/noe.nix
View file

@ -7,6 +7,8 @@
openssh.authorizedKeys.keys = import ./noe-keys.nix;
};
programs.fish.enable = true;
environment.systemPackages = [ pkgs.nixos-rebuild ];
security.sudo.extraRules = [
{

89
secrets/default.yaml
View file

@ -13,74 +13,83 @@ sops:
- recipient: age1lq5q5g5qjsdcc3key0n6qytkc9z3qx3d3e96ap9zre2aqgvc9ujq82l9hd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBybGRCRUR0KzBweXBiOWlI
ZC90eHVsYlAyVzJDWVdhK0dzcHZTd0JJZVVBCmUzcGc0dHlCSTU0Zjc3OWhOSEMx
R2JQcHJaN2tYRklVbDhNbGdRWENBTmsKLS0tIHV2dVpZWHFXOGFNdXdWUjY4dlp3
Yk9RRDlJVWFUWFo4ZG1RTWluVmR3SWcKjG9iFgpXMUAddqv0Tmbh3Z644/lCj+lD
R2w4nxUcFJGG1NWIxA4QcdA4tw8lysH2vfegdCexlTGVJ3nqTl3dbw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrOFJVWUV4N2YvSkd3N0Z2
c3Z0N0tHV2ZYaG9NUmVDSkt3dG4xTHhMTFY0ClpsSHNJNzJqTE1tQW45YkR4SnFu
NnVBeTRjejhramovbmppTDZVZjBINGsKLS0tIERTbnhoTjRlMk4yMkF0ODZONEJT
c2VmMUpyTEpnT05WMGlwYjkvbnhxKzQKoGq8kIIMAU8z+BkxaMmT5bEFmoqGboJr
KUI14WF1RMEeIJv8dtGbOUEuvu18SZhtMDUjFv0QZiL71otGOjRAkQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1p0f62dwatt558sf5s4equdqwtg5m7lsnaytrf3xjnvmx3e0lqu4svtugyp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArSWltcUQ4YVFkSTdTQTd4
SU9yVVFVR1VINTV2OXJhNENtYkNGYmVKZ2w4CmlvdU1tN24vNHNzbFRFcW1rY2hI
RTZ4eUo0eXM1NGlIbDBoNmNzYjc1Z3MKLS0tIHJSZHE5MlZDOGhWV3RiZE5YWk16
ZHV5dlNaWEwzT3Fyb1RsRWdPUXJ6MzgKQCVmjEZWuWcROwUus6yrbi1Qqycs2ahR
BjdjFdjjeHp/3pPyDMW3TYE0xWgi56HYJTowJxXFVKzsMDB9PjKqvA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzSlNjUWM0SEQvVURjbzh5
TFBwNjNSWjZaVVErdnB6MGpodUpVdVlVRUdFCmdYYklEQXV4TDlDTnp1a3R0a3lR
aHdUYnhhaU9vdzhCNUlSNlY5dHptZXcKLS0tIFkyUHpNTGZGeHZJN2ttK2hYZmgw
eFVFdWVjUC9qYzZPVTlYNExyMVRHRHcKK8QO5IeiUkiymFKn8yWkIKdaZaPJyuQt
AFa8rzn2LHzNsRV5OJ9ivaKyXClqqZNizSVvp/O1BSr5P+PTrKqMmA==
-----END AGE ENCRYPTED FILE-----
- recipient: age13c5wv623jxjja5mjz7fajg9qqwvypzgsfqrs4tmk7rpgyzu7aufs4ul9f9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkOTlKK09ybnUyMG1tdGF2
U1BmNHBDdFRsWmlKK2pSNHh6VVJLSU52WWpRCk42UVFLbGV0Rmxha21uZkVXN2xJ
cUlkKzZ5MHNFc1crK0VMK0E2Ujl6TDAKLS0tIHBxSjJNNmd4VmxiTUgwcjBLR0Np
RlljdFdGS1p1bkNkT1ZwZk5mY1VRcWsKiZ8Aa9lxm/9DUEQjcnFHWZZNEH4X3yxd
8YkmaMAoR6fcwTaczAkMnYZCd6HUIBuOfyqFON4DU2iLsdtu8uCFlQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmZlRlQ09MVExpS2Z4cTZB
d3JHVkhiODY4VU5lOUppMDlCSkZQdUtrcURvCkFLM2JoUUR5UG5WTkErT2crSnBN
TnNUZlhvbExZSzgvanNLbkE5bExjbzgKLS0tIFdEVGlMSDEzN2l1S0s1Sk1hcEp1
WDRqMVB0a09TbzFlSWJ2SEtlZG1BOFUKZvrg+etZOvfqvEd0M5MU5Pjzg7Otmb/I
g9P/+p6OKX550ronEAhpaeYi+lHhb9XTFOFDgIEyo2jJR5LWswF26g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1f5cqspxexkl8f42v5ne47mx6xmm4v00lafdlslq9g79a508e4p9qrku72s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4Ti9aZ3NtWVRyWGVKRS8v
RU11b1Y4ejF2NFZHR05HdjdWQStoRDNQWG5zCk40VzM5K2lTK3l6V3piTTV3NWxW
eVFqa1NXRm5VOE5BMGtSY0dKcnVVc00KLS0tIFRUNnBIeGpIQm9TUkZnRjV1VXlX
MDhYS2p4NWIwaFBmOVBXaHh3a1pWeHcKdgYOPDBJQBLjhXEYi4HiRgA47+TGEGob
AikvcVfKEFlgbKZvbKp48PP14Go8gfsNT0fC3qkFmUlgLXUw1VOE8g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArVHhzLzUxbjRtcDl4S0tq
MDlNZ3F3RkRvbEZZUkJWRkgrTVlJYUxsbEdJCldsZE96L0NnRmMrcWZRVjkwKy82
bWhuVnRVTE9jNlJZQVdVUmNTb3ZyQTAKLS0tIEN5Tk5kelBMTzIvdDZrVGlPenVW
Q1pDNFcrVytLSXNhU2pTRUxRS1NYblEKCvqyd9VcIrF9KhDMw2oq/zbyY97Xupe/
E+6JIaMJnQzc/voS6l6Tyi1MaIzK2wrW8CXs6BaFi6ED5egVZB/DYg==
-----END AGE ENCRYPTED FILE-----
- recipient: age14vsmekuppm4xhp4rthhv9jjgzfv45v39a0q8dsgg6yusw0pjkvaqnr9kq8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmS045d3hhVFNjS3JRYzEz
elJxLzg0MGhNdDhzMEJGY3J4L2Y3WUJ2ZFhzCmUwQnNUd0gxY0FXZ2MyUEdDTUpS
VVAvN0hDcmt1OHArREI5U0N6L29tNTQKLS0tIDlSWFA0Z3VURDROYVl1cGdaaXMw
U0dUSkVWZ282WE9xaGM0WHpYa09rdUUK9irphEREhmUw3pEKUH7nBuIOBhwSOsoH
xXMN/sQuBumqsLIXvAvV51P5b0uHwkDUQ+MndL7HiX9JxfYYGS72tA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQRENnQmxqdllpWG96WlRB
S1EzaVUzN0VTSkI3dWlwMWlXc1F1MThMdEJZClppRGpydnVVcEQ3bi9qeWtyYmtv
Z1ppNlN6aVA1K1N4WCtIckFqandTVUkKLS0tIGVPaDRoL2Z3REFFTE16L251YVBK
eGVmcU5TdEhLZDJHdmRMUHBvRENGVEkKiDbRJg9lEKl2WQUuBb+7CZdqlMH+mLsl
gw+POKQqmqZy/CdTzCwHiwiml+c/lp5yaWOR+bsBRfMZeaoDjJGKBg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1kjsga2kf95lu7p5stqr5d9p87jquyypnx97cycj6jvhsm9zkn93quexx4r
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhNTAwN3JvRGI4aWxFZFhL
OGFYL1h4Ym1SdzU1UVNyN0plTzNJWERNajJBCmg0S3dtVmEvcFp2KzEvVTdOUDhI
VzZWVld1K29qKzN5VURORlpla0xuQ28KLS0tIE02Q0pSZ21MRG5sc2xDVWxEaVR0
M3A2RUZ2Z3U1SytQK01LeGZzbXB5cjAKN4DHBI3dkKeoYFq1bh6CuV1Avc1Ild6y
FRtXv7rUb4/sPhgGbIi7OuLxaeiztkJABjBSJ7cXUI2TLF9zXu3Y8Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpdEI0N09rSGJnR2ZZd1JO
eFhPZk1iVEorbFRVTFB1SnJ4dzZMOXh4MGpnClkwQnJzeitBUFo2cTBMVGU1RU92
cTVqZFIydUdYc2piaWF4N3dEVXVyQlEKLS0tIDcxMXg3T2orRmNQb1JSS2ZNdTZL
NWdJbFp2cE9saHdBUWxKMVM2UVdSZE0K6oYxfy/dwd54nvTA9eO3rfpejZKwTBI1
DBvGgb+CWLWRk1MflQYlWyHgCbdD9ogkVMZAZNH9SXNfc1qtgUNwww==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jc6ghxfgxe3gx53xa55azxan447cfxaqfqeh5y5yzqapj7mw7ajql8kv02
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4WW94Tyt6SFJGRmRKeWVM
aTBiTmNvWGd0Kys2a2Z5ZEZUVXdwTkp2Qm4wCmR4b2lYRkFxU2xVOHNjQThRWmpN
VlFlaXBDUVBIL0NuM1JtZlBHNnNZdXMKLS0tIDBvcVVrZjRYVnpjaGhPZWc3Tnhv
Y1ZMRnoyL0UvM0c2VDh3OUNGcUc1ZDAKaYP5I7bNU4wDqkOy2IccCKa8RIwtsZzZ
F+K2zAR0/AqbpmQqSluSc43bIMl/e8Gq0odbH7ed4zVaSEberAclVA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIWEZjN0d5VjRTeCtyck9t
Rysyd01OR1NYQ3o5R1pVTlZpbzdCV0liVGtNCi9TYllCT1lqQzFQUy95TVl5UFZI
SkRZRFpBSjR6R0tOQUNuNW8waTBOSzAKLS0tIGJDQUpkM3MzQ293d0hDRVFMMnRE
cnA2TFlVVWdubWI0MC8raHVLYlFuNFkK9GrFQVNPLEMFCBYtZIQFrdZkcwMez/PJ
TZZjEmn6jsUH9KBHQIB4I+L+XWlIQJDLMhTRQ+n3X+GbYA+IFVTtZw==
-----END AGE ENCRYPTED FILE-----
- recipient: age12p9lw3zgufcg7qx375t9lwtckzwgj0tkn2pt9uj3tnx9sn3ucqgsf5ctdd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvREhUMlNaRFhndTdQR2Q3
cWhPZUt4cm50QkpsdUJ5QlVvV1lTWW1KcUJvCkRFVEJnTGRmZUtzQ3NJRGZ3dlkx
M2lTeGVJZFl0WkZjYmVJb0luc2JmVHMKLS0tIGV1WVFGcXFuMWJ1VnBLN0FrczNT
ZHRkQkVhZWFZU2t6Y1Q1dStnc3dLbDQKMmqepjfhwaSDZ1RDl+KpTPAmSG5WcY4k
CDPJZfQeXGJtVKyqRI7jIrGe1REFiN3eUZUVVoSr0tEc/1hNyKtJ7Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCbXdRb2ZLWCtzOHVWRWdi
MTExQ1d4YWRNcVlWY1lTRmZvNExlcXE5aFVvCm1RR1B0Vk9LbUZiWFljRFdBcWxM
MjE0NC9wbUFCanZ6QXU2elVzeGVaYTAKLS0tIEZjYjRpcjRmM3kxdXp1bjNVN1hk
RDJQbDU4OVFjYSsrc3pnWnZqb3FFOUEKIrOroDZMQ/rQ/iTSksLxqeSKXinvU3Rs
Mcf6jmSW8jp9Zv16+ZgKGGXT04WNaG8y3a063+T1HYz6kO3ixouAcA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1pvmyk2ukaaq0xqx6wcst4smlfh2l76camukfv03ykfr0qdhuce6quttryy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBObG1wSktGTXlJTnBsN0tG
NkhVMmwvUG1lczlmaWhzZllzeXljbC92TG5zCkcxdElSSlhDSTQySllFWkRqdXFu
eDA2cXZtUGJsdkNrV3dLVVpZYllvZWsKLS0tIHYzalYzNWIzUDNGY2pLWTkreTFY
WE9Eem4yMVJwVVJuRC94cVJSNHVzODgKAiEMY3apoqHQxEOMw1MFvZMZsnUw9ESB
fSkAHnX6GduUXioH24pDTqYJuOoJwiCd9qrg89wJSnAwLs6m1Lw2Kg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-17T20:21:39Z"
mac: ENC[AES256_GCM,data:IbpBloPeCvdYqloShrSvAIUzjCk+/1+Gl4+LbyKGnO9GUadlwJTyA/WDWiCkdmyFqqpMclD4Kq4CDYK341pSjyNdbfO2nIWU7/k+T7MaGoOzCJZhK/ysZjn7uUeNpkRNBJMht7VYGc6V4iEvJ835z4VAfnTb51mBz+Ytjpk6K+c=,iv:+RVwgp3btRyi1fCjPcMPZ5Du+3RlCkwFNqjFGrS+5zE=,tag:fpNwqMS6CH6pgd2QmaWggA==,type:str]