From 924986757891bcb5df04fb2c2c7236315818a622 Mon Sep 17 00:00:00 2001 From: Dark Steveneq Date: Mon, 30 Mar 2026 23:07:52 +0000 Subject: [PATCH] Kurin working --- .sops.yaml | 13 +++++++++++++ flake.lock | 17 +++++++++++++++++ flake.nix | 9 ++++++++- secrets/kurin.yaml | 18 ++++++++++++++++++ systems/kurin/configuration.nix | 6 ++---- 5 files changed, 58 insertions(+), 5 deletions(-) create mode 100644 .sops.yaml diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..8e87bed --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,13 @@ +keys: + - &kurin age1spq4mrrnkmw67l4jqz54gfxmhvdh77mjcd34eak7sqy4jfsklg0s67h88h + - &sircu age1xwysc3c85qds08hyuhkr7gaxc6pd2je4fw33xvgn379vdagqhs9sl3d263 + +creation_rules: + - path_regex: secrets/kurin.yaml + key_groups: + - age: + - *kurin + - path_regex: secrets/sircu.yaml + key_groups: + - age: + - *sircu diff --git a/flake.lock b/flake.lock index e758b1e..7698471 100644 --- a/flake.lock +++ b/flake.lock @@ -134,6 +134,22 @@ "type": "github" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1774777275, + "narHash": "sha256-qogBiYFq8hZusDPeeKRqzelBAhZvREc7Cl+qlewGUCg=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "b8f81636927f1af0cca812d22c876bad0a883ccd", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1773821835, @@ -196,6 +212,7 @@ "catppuccin": "catppuccin", "firefox-addons": "firefox-addons", "home-manager": "home-manager", + "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", "nvf": "nvf", "sops-nix": "sops-nix", diff --git a/flake.nix b/flake.nix index 55bf7df..135e5ba 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,7 @@ { inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; @@ -51,11 +52,17 @@ system = "aarch64-linux"; inherit specialArgs; modules = [ - inputs.sops-nix.nixosModules.sops + (inputs.nixos-hardware + "/raspberry-pi/4") + (nixpkgs + "/nixos/modules/installer/sd-card/sd-image-aarch64.nix") ./systems/kurin/configuration.nix ]; }; }; + + sd = { + kurin = self.nixosConfigurations.kurin.config.system.build.sdImage; + }; + }; } diff --git a/secrets/kurin.yaml b/secrets/kurin.yaml index e69de29..68180b4 100644 --- a/secrets/kurin.yaml +++ b/secrets/kurin.yaml @@ -0,0 +1,18 @@ +users_dark_password: ENC[AES256_GCM,data:geIhGFBco6ECyhJWxkrHG1LXeZwMOAqn1YA6wN9VqEsQlyf4tbQd770/8QIRmzsJczDK9MBE4Bmju0/t0tsYpwXYN83Hbn3CaQ==,iv:qXTM951fjaO6BSlgWAhTN2h5yAld7bZIIOsVKeMsF4k=,tag:y1X8DrFfPCImfF9OiZN8rA==,type:str] +wireless_passwords: + - ENC[AES256_GCM,data:fnUZUu5GIIbYx3+YZGV/XenJjyqi,iv:p3qPlUFK4rqO5NG2CIAz0KpaC4iAF6+/KhXTofmkwqM=,tag:NYsKC2q7RGCnva/KIFZoWg==,type:str] +sops: + age: + - recipient: age1spq4mrrnkmw67l4jqz54gfxmhvdh77mjcd34eak7sqy4jfsklg0s67h88h + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaZDZ1VUdwQThBRVMzWUdy + c1YyR0RyYjJqT1JPL2wyMGlSTjZsOXZRMHdJCmJmNkVtMmVRNUJRcHV2a281Wnpn + RXpPK04yMjZ1TWZidk1PWGhJTnZ5cFEKLS0tIEtZc3JOMTJDL25lVFZlWEJUNHJW + cFdjVEF3VWpyVnkvejFRbW9PZXRSS00K8JlIQCFSSD6/Gt+XtAliKnUaOTlhWf0K + /i6pIwiY6pF3Ls1GvhWM1Ztbmo4SQq+ywVccb0OCSndF7kEdtjP38Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-03-30T22:56:42Z" + mac: ENC[AES256_GCM,data:IshpKiTJ+EAzbihZEcdKdGUsvNhRUYtya/lsT2vwoeC7eecLsnYKLG7z6+SMKCYd1ToYYxe96iVqQAZ5Px16QDd6rlK8riOjD7+QK3VrIC/p4nTx9K9OjfCj76D5cLHh2XBObIUfv1210DmVT7NuTtfJg9mX8tVs+nC7z73JDpA=,iv:IFy7ZC0vWBTw4FItUwYRNVPEKh+VoT74fRLFTqBO9oY=,tag:FtuLYuI/2EtUvbpRwnLvgA==,type:str] + unencrypted_suffix: _unencrypted + version: 3.12.2 diff --git a/systems/kurin/configuration.nix b/systems/kurin/configuration.nix index 20865ff..c1d44d0 100644 --- a/systems/kurin/configuration.nix +++ b/systems/kurin/configuration.nix @@ -2,10 +2,11 @@ { imports = [ + inputs.sops-nix.nixosModules.sops ../../modules/base ../../modules/development ../../modules/server - ./hardware-configuration.nix + #./hardware-configuration.nix ]; networking.hostName = "kurin"; @@ -15,9 +16,6 @@ # }; # Secrets - imports = [ - inputs.sops-nix.nixosModules.sops - ]; sops = { defaultSopsFile = ../../secrets/kurin.yaml;