bertof/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Secrets

Browse source
This commit is contained in:
Filippo Berto 2025-10-01 15:49:39 +02:00
parent 03ce19bbcf
commit 7c1625d365
3 changed files with 32 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

22
flake.nix
View file

@ -260,18 +260,18 @@
]; ];
}; };
# sif = inputs.nixpkgs-u.lib.nixosSystem { sif = inputs.nixpkgs-u.lib.nixosSystem {
# system = "x86_64-linux"; system = "x86_64-linux";
# modules = [ modules = [
# inputs.nixos-hardware.nixosModules.common-cpu-intel inputs.nixos-hardware.nixosModules.common-cpu-intel
# inputs.nixos-hardware.nixosModules.common-pc-ssd inputs.nixos-hardware.nixosModules.common-pc-ssd
# self.nixosModules.mainModules self.nixosModules.mainModules
# ./instances/sif/hardware-configuration.nix ./instances/sif/hardware-configuration.nix
# ./instances/sif/configuration.nix ./instances/sif/configuration.nix
# { home-manager.users.bertof = import ./instances/sif/hm.nix; } { home-manager.users.bertof = import ./instances/sif/hm.nix; }
# ]; ];
# }; };
odin = inputs.nixpkgs-u.lib.nixosSystem { odin = inputs.nixpkgs-u.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";

27
instances/sif/hardware-configuration.nix
View file

@ -26,25 +26,28 @@
extraModulePackages = [ ]; extraModulePackages = [ ];
}; };
fileSystems = { fileSystems = {
"/" = { "/" =
device = "/dev/disk/by-uuid/80a5d8d9-c083-43cf-b7f9-8afdbc26628e"; { device = "/dev/disk/by-uuid/c3e09b0e-d2bc-4e28-a96e-5de7f4c10539";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@root" ]; options = [ "subvol=@root" ];
}; };
"/nix" = {
device = "/dev/disk/by-uuid/80a5d8d9-c083-43cf-b7f9-8afdbc26628e"; "/home" =
fsType = "btrfs"; { device = "/dev/disk/by-uuid/c3e09b0e-d2bc-4e28-a96e-5de7f4c10539";
options = [ "subvol=@nix" ];
};
"/home" = {
device = "/dev/disk/by-uuid/80a5d8d9-c083-43cf-b7f9-8afdbc26628e";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@home" ]; options = [ "subvol=@home" ];
}; };
"/boot" = {
device = "/dev/disk/by-uuid/5BD2-463F"; "/nix" =
{ device = "/dev/disk/by-uuid/c3e09b0e-d2bc-4e28-a96e-5de7f4c10539";
fsType = "btrfs";
options = [ "subvol=@nix" ];
};
"/boot" =
{ device = "/dev/disk/by-uuid/2E59-DAA6";
fsType = "vfat"; fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" "noatime" ]; options = [ "fmask=0022" "dmask=0022" ];
}; };
}; };

9
secrets/secrets.nix
View file

@ -1,10 +1,11 @@
let let
bertof_odin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC3W3Btk1qtLHU69aFwseDuKU6PJMA+NxVXJXiRNhDce bertof@odin"; # bertof_odin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC3W3Btk1qtLHU69aFwseDuKU6PJMA+NxVXJXiRNhDce bertof@odin";
bertof_thor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKT+D5QE4TkgoKw5IvSYpvnvIIRM87RBePHce1Aaz3xJ bertof@thor"; bertof_thor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKT+D5QE4TkgoKw5IvSYpvnvIIRM87RBePHce1Aaz3xJ bertof@thor";
bertof_sif = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK+e756v7ZKk4c0/juDhKtqnYumEWXNnrMRXi3oQQJQA bertof@sif";
devUsers = [ devUsers = [
bertof_thor bertof_thor
bertof_odin bertof_sif
]; ];
baldur = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZKc/X9TsoN3UbEJUa0PIx96RGYoDEzDlZPZb0ctwTN"; baldur = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZKc/X9TsoN3UbEJUa0PIx96RGYoDEzDlZPZb0ctwTN";
@ -13,6 +14,7 @@ let
loki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICeomEH/27XFlOjQ/GTO2mo8qPMHTbzLIsX0dloxXfhb"; loki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICeomEH/27XFlOjQ/GTO2mo8qPMHTbzLIsX0dloxXfhb";
odin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP8bfOYmFN+KRjnAOdt9IazGeaRKm5tvGyblHD7MUhtr"; odin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP8bfOYmFN+KRjnAOdt9IazGeaRKm5tvGyblHD7MUhtr";
thor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJbMiGx/QZ/RKgad3UNyEzgLfqRU0zBo8n0AU3s244Zw"; thor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJbMiGx/QZ/RKgad3UNyEzgLfqRU0zBo8n0AU3s244Zw";
sif = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINohU3qJcAdtx0jbqttqepXDeV+fTBlrTizeMmUwhVsP root@sif";
systems = [ systems = [
baldur baldur
@ -20,6 +22,7 @@ let
heimdall heimdall
loki loki
odin odin
sif
thor thor
]; ];
in in
@ -39,7 +42,7 @@ in
"spotify_password.age".publicKeys = devUsers ++ systems; "spotify_password.age".publicKeys = devUsers ++ systems;
"thor_wg_priv.age".publicKeys = devUsers ++ [ thor ]; "thor_wg_priv.age".publicKeys = devUsers ++ [ thor ];
"wg_psk.age".publicKeys = devUsers ++ systems; "wg_psk.age".publicKeys = devUsers ++ systems;
"rclone_bertof.age".publicKeys = devUsers ++ [ thor odin heimdall baldur ]; "rclone_bertof.age".publicKeys = devUsers ++ [ baldur heimdall odin sif thor ];
"rclone_tiziano.age".publicKeys = devUsers ++ [ odin ]; "rclone_tiziano.age".publicKeys = devUsers ++ [ odin ];
"ollama.age".publicKeys = devUsers ++ [ thor ]; "ollama.age".publicKeys = devUsers ++ [ thor ];
"heimdall-gitlab-runner-nix.age".publicKeys = devUsers ++ [ heimdall ]; "heimdall-gitlab-runner-nix.age".publicKeys = devUsers ++ [ heimdall ];