feat: start migrating steveej-t14 and sj-vps-htz-0 to sops
This commit is contained in:
parent
6587a914e4
commit
b481126ae2
55 changed files with 877 additions and 452 deletions
|
|
@ -4,12 +4,11 @@
|
|||
enable = true;
|
||||
efiSupport = true;
|
||||
efiInstallAsRemovable = false;
|
||||
version = 2;
|
||||
};
|
||||
|
||||
boot.loader.systemd-boot.enable = false;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.tmpOnTmpfs = true;
|
||||
boot.tmp.useTmpfs = true;
|
||||
|
||||
# Workaround for nm-pptp to enforce module load
|
||||
boot.kernelModules = ["nf_conntrack_proto_gre" "nf_conntrack_pptp"];
|
||||
|
|
|
|||
|
|
@ -1,3 +1,17 @@
|
|||
{...}: {
|
||||
imports = [./boot.nix ./pkg.nix ./user.nix ./system.nix ./hw.nix];
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
repoFlake,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
./boot.nix
|
||||
./pkg.nix
|
||||
./system.nix
|
||||
./hw.nix
|
||||
|
||||
./user.nix
|
||||
|
||||
repoFlake.inputs.sops-nix.nixosModules.sops
|
||||
];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,7 +1,9 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
# these come in via nodeSpecialArgs and are expected to be defined for every node
|
||||
repoFlake,
|
||||
repoFlakeInputs',
|
||||
nodeFlake,
|
||||
packages',
|
||||
...
|
||||
|
|
@ -20,9 +22,12 @@
|
|||
home-manager.extraSpecialArgs = {
|
||||
inherit
|
||||
repoFlake
|
||||
repoFlakeInputs'
|
||||
packages'
|
||||
nodeFlake
|
||||
;
|
||||
|
||||
osConfig = config;
|
||||
};
|
||||
|
||||
nixpkgs.config = {
|
||||
|
|
|
|||
|
|
@ -3,13 +3,31 @@
|
|||
pkgs,
|
||||
...
|
||||
}: let
|
||||
passwords = import ../../../variables/passwords.crypt.nix;
|
||||
inherit (import ../../lib/default.nix {}) mkUser mkRoot;
|
||||
keys = import ../../../variables/keys.nix;
|
||||
inherit (import ../../lib/default.nix {inherit (pkgs) lib;}) mkUser;
|
||||
in {
|
||||
sops.secrets.sharedUsers-root = {
|
||||
sopsFile = ../../../../secrets/shared-users.yaml;
|
||||
neededForUsers = true;
|
||||
};
|
||||
|
||||
sops.secrets.sharedUsers-steveej = {
|
||||
sopsFile = ../../../../secrets/shared-users.yaml;
|
||||
neededForUsers = true;
|
||||
format = "yaml";
|
||||
};
|
||||
|
||||
users.mutableUsers = false;
|
||||
|
||||
users.extraUsers.root = mkRoot {};
|
||||
users.extraUsers.steveej = mkUser {uid = 1000;};
|
||||
users.extraUsers.root = {
|
||||
passwordFile = config.sops.secrets.sharedUsers-root.path;
|
||||
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
|
||||
};
|
||||
|
||||
users.extraUsers.steveej = mkUser {
|
||||
uid = 1000;
|
||||
passwordFile = config.sops.secrets.sharedUsers-steveej.path;
|
||||
};
|
||||
|
||||
security.pam.u2f.enable = true;
|
||||
security.pam.services.steveej.u2fAuth = true;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue