From 66fca9da44bc67ae5c7e1c9d8905117c7fb7b604 Mon Sep 17 00:00:00 2001 From: Richie Cahill Date: Fri, 29 Dec 2023 13:23:05 -0500 Subject: [PATCH 01/11] made configuration.nix for jeeves-jr --- systems/jeeves-jr/configuration.nix | 54 +++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 systems/jeeves-jr/configuration.nix diff --git a/systems/jeeves-jr/configuration.nix b/systems/jeeves-jr/configuration.nix new file mode 100644 index 0000000..cd7c14e --- /dev/null +++ b/systems/jeeves-jr/configuration.nix @@ -0,0 +1,54 @@ +{ pkgs, ... }: +{ + time.timeZone = "America/New_York"; + console.keyMap = "us"; + networking.hostId = "1beb3026"; + + boot = { + zfs.extraPools = [ "ZFS-primary" ]; + filesystem = "zfs"; + useSystemdBoot = true; + }; + + virtualisation = { + docker = { + enable = true; + recommendedDefaults = true; + logDriver = "local"; + daemon."settings" = { + experimental = true; + exec-opts = [ "native.cgroupdriver=systemd" ]; + log-opts = { + max-size = "10m"; + max-file = "5"; + }; + data-root = "/var/lib/docker"; + }; + storageDriver = "overlay2"; + }; + + podman = { + enable = true; + recommendedDefaults = true; + }; + }; + + environment.systemPackages = with pkgs; [ + docker-compose + ]; + + services = { + nfs.server.enable = true; + + openssh.ports = [ 352 ]; + smartd.enable = true; + zfs = { + trim.enable = true; + autoScrub.enable = true; + }; + }; + + networking.firewall.enable = false; + + system.stateVersion = "23.05"; +} From 066a9f134e620a108b97bfbffe2328913e0c0bc3 Mon Sep 17 00:00:00 2001 From: Richie Cahill Date: Fri, 29 Dec 2023 13:32:20 -0500 Subject: [PATCH 02/11] added jeeves-jr constructSystem and richie user --- flake.nix | 15 +++++++++++++-- users/richie/default.nix | 8 ++++++++ users/richie/home.nix | 39 +++++++++++++++++++++++++++++++++++++++ users/richie/secrets.yaml | 0 4 files changed, 60 insertions(+), 2 deletions(-) create mode 100644 users/richie/default.nix create mode 100644 users/richie/home.nix create mode 100644 users/richie/secrets.yaml diff --git a/flake.nix b/flake.nix index 671b182..6a2b0be 100644 --- a/flake.nix +++ b/flake.nix @@ -69,9 +69,10 @@ }; in { - photon = constructSystem { - hostname = "photon"; + jeeves-jr = constructSystem { + hostname = "jeeves-jr"; users = [ + "richie" "alice" "dennis" ]; @@ -80,6 +81,16 @@ palatine-hill = constructSystem { hostname = "palatine-hill"; users = [ + "richie" + "alice" + "dennis" + ]; + }; + + photon = constructSystem { + hostname = "photon"; + users = [ + "richie" "alice" "dennis" ]; diff --git a/users/richie/default.nix b/users/richie/default.nix new file mode 100644 index 0000000..aaac176 --- /dev/null +++ b/users/richie/default.nix @@ -0,0 +1,8 @@ +{ pkgs, lib, config, name, ... }: +import ../default.nix { + inherit pkgs lib config name; + publicKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtRuAqeERMet9sFh1NEkG+pHLq/JRAAGDtv29flXF59 Richie@tmmworkshop.com Desktop" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJSlv8ujrMpr8qjpX2V+UBXSP5FGhM1l+/5aGnfb2MV Richie@tmmworkshop.com Laptop" + ]; +} diff --git a/users/richie/home.nix b/users/richie/home.nix new file mode 100644 index 0000000..51f0467 --- /dev/null +++ b/users/richie/home.nix @@ -0,0 +1,39 @@ +{ pkgs, ... }: + +{ + home.username = "richie"; + home.homeDirectory = "/home/richie"; + + home.packages = with pkgs; [ + # Rust packages + topgrade + trunk + wasm-pack + cargo-watch + #pkgs.cargo-tarpaulin + cargo-generate + cargo-audit + cargo-update + diesel-cli + # gitoxide currently broke 09182023 + gitoxide + tealdeer + helix + + # nix specific packages + nil + nixfmt + + # markdown + nodePackages.markdownlint-cli + + # doom emacs dependencies + fd + ripgrep + clang + ]; + + programs.zsh.enable = true; + + home.stateVersion = "23.11"; +} diff --git a/users/richie/secrets.yaml b/users/richie/secrets.yaml new file mode 100644 index 0000000..e69de29 From 60442534f2d5b8467a1c7d3d5aa3f9a8abc45d04 Mon Sep 17 00:00:00 2001 From: Richie Cahill Date: Fri, 29 Dec 2023 13:46:49 -0500 Subject: [PATCH 03/11] added hardware.nix --- systems/jeeves-jr/hardware.nix | 39 ++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 systems/jeeves-jr/hardware.nix diff --git a/systems/jeeves-jr/hardware.nix b/systems/jeeves-jr/hardware.nix new file mode 100644 index 0000000..5e39098 --- /dev/null +++ b/systems/jeeves-jr/hardware.nix @@ -0,0 +1,39 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/c59f7261-ebab-4cc9-8f1d-3f4c2e4b1971"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/7295-A442"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/9d4ef549-d426-489d-8332-0a49589c6aed"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} From 097cfa3f7d93cf1d24f172fdfe1fd32f1b73a6b4 Mon Sep 17 00:00:00 2001 From: Richie Cahill Date: Fri, 29 Dec 2023 13:53:36 -0500 Subject: [PATCH 04/11] updated .sops.yaml --- .sops.yaml | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/.sops.yaml b/.sops.yaml index bcf6d12..b623f8f 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -2,19 +2,31 @@ keys: # The PGP keys in keys/ - &admin_alice F63832C3080D6E1AC77EECF80B4245FFE305BC82 - &admin_dennis 8F79E6CD6434700615867480D11A514F5095BFA8 - + - &admin_richie 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3 + # Generate AGE keys from SSH keys with: # nix-shell -p ssh-to-age --run 'ssh some.ssh.wavelens.io cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age' - &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej - &photon age13aqs2mx66dmnyd74sygnwavufv6a4pwnvcqj4ud4l94jk0tjgu6ss57slw + - &jeeves-jr age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh # update keys by executing: sops updatekeys secrets.yaml creation_rules: + - path_regex: systems/jeeves-jr/secrets\.yaml$ + key_groups: + - pgp: + - *admin_alice + - *admin_dennis + - *admin_richie + age: + - *jeeves-jr + - path_regex: systems/palatine-hill/secrets\.yaml$ key_groups: - pgp: - *admin_alice - *admin_dennis + - *admin_richie age: - *palatine-hill @@ -23,6 +35,7 @@ creation_rules: - pgp: - *admin_alice - *admin_dennis + - *admin_richie age: - *photon @@ -31,6 +44,7 @@ creation_rules: - pgp: - *admin_alice age: + - *jeeves-jr - *palatine-hill - *photon @@ -39,5 +53,15 @@ creation_rules: - pgp: - *admin_dennis age: + - *jeeves-jr + - *palatine-hill + - *photon + + - path_regex: users/richie/secrets\.yaml$ + key_groups: + - pgp: + - *admin_richie + age: + - *jeeves-jr - *palatine-hill - *photon \ No newline at end of file From 60e12e0aaa9e5144cb7f51007f265eb8f062b568 Mon Sep 17 00:00:00 2001 From: Richie Cahill Date: Fri, 29 Dec 2023 14:07:14 -0500 Subject: [PATCH 05/11] added richie.asc --- keys/richie.asc | 67 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 keys/richie.asc diff --git a/keys/richie.asc b/keys/richie.asc new file mode 100644 index 0000000..7b60a0b --- /dev/null +++ b/keys/richie.asc @@ -0,0 +1,67 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGQ4gGgBEAC2s0Q4nQ5aTlpTg4u/Hl9gq56IAGoUW9wlgEoStHXyA1WziY2s +1pt45l4Q6kORswXoXv0ULTWBQAGponjY3l+HNm+B0XMr6EogjV/EP/UCyEi8zpqs +PaoJiB95s8rTsh+E7GzWR8KDhazOrGFY+QQOsTWEhLF8jkISd9aC05pf+WnKyxLC +wFjNFXRWUgPKyKPWIUd3SJP2IH6rSSkp7SMCAUiteQx2c43thnr4c/wcfGANKbFO +PhYrkTJKSqt38NoFtNB/Eo/MaVwdEnTMmeovF9sA2s0SLat8+FngSEcIXvL5UpA4 +K73+lOQUROWFju7LrIyOhksSZXyQvP+64PxfpbtHadH6wQ4Ckz0GYIYnDQ1q66dh +OKQq9efIlxb7ky47qXRMY8u6d2d4bceLM4a24lYajZ70HZTEF4hy5KCMd8DAmAzU +WLCkaz6SQVDsme60jH3Mavd18B8HZ1d5Vi75hNaylMRtq7o6IA60NnVXh07U+Zto +n8QOze0JqO/GaM7FzfijfsW670j//FSu5wUGnBYprBz7SFh2nCy/XPZYThtHtPbI +YeESs8WZtqkfs4RpmMkOKcTLNiTFXIsCqHIhR8lDnJl+skEMxg7L8FF2txph4ssU +BZ6dAbFy8KsH+2Sr2qfK0yHOVs37ymv+/WaxC0d+QpLAupRhzL+s2kIYGQARAQAB +tB9SaWNoaWUgPFJpY2hpZUB0bW13b3Jrc2hvcC5jb20+iQJOBBMBCAA4FiEEKfUB +fJXZ5gsbHoQHBysOC4MS3+MFAmQ4gGgCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgEC +F4AACgkQBysOC4MS3+PnKA//YUDZbuaas5MIWRqZsh02GEXVX4n727JP4iqZU4R0 +Cndq7KCl+8XJ9RqmpRZab1FhEj/DQZYisKvloMvBop4q1XLLkabaQF5NsbDvIQG6 +5TgbeSUmVWP6JS4Ka05FKIEwjKFS6ogbd1tscVs50zFWW+veewWMwwQF1mw+N5wx +LsnHRDIBPOj8Z+p07fyYlP2RMtqdjUqHOtDBiAvbFaXd1huEHd6H2bhnVLaxsJUf +EEGu92ND0GgW2tDrJIL+bNhZfsnHZEZPyruLZXcwW0JIyLf+sgob/iY0duDH1JDS +ty5tS3ke9O3Q56mPogHP7jlMwtVHzQQPlviVtNvYhRamb5hUDc9Qu9uXNM0HOWdg +MI5KE1xbdjz1OmymakfcfbVcSz1vu3k4XpqChiKt+psw8BnHGcguPchetkroCJcM +OLwnCoKH3TFxZfaZQGPDhHCGU484Nj1M/wHo9RcoWtrPWz+Y7W0U+47EdmGM1Vpl +9hIoXqjEWENz6Ph5DD0vxMptQPrRfmtLiJsWxAJRS9MH+ZWXxjJ2byKXiEHdR7la +Xgj8ejtzaZB04Ow9+zptFH6nwTygGGodcRkYYFtYSS7C46aihvMRLj68uHB2yC2b +zYutMtU6eregDaWiAeGycZcanGnU36JDifjaCF84oty6a3EpfdGCc9KkHk1Is+sR +TVe5Ag0EZDiAaAEQANy3ekveJexjqdhWmGjqF1rp90uWYJeVwg0Dlc621SNEzrfu +suC1BEHC2xdZz85yPbfdUPThAn/AmaMYlNIvzXmsGJdfIIsL7ZT+K6K+9ClbFhR8 +eIZZjhpSOMwLEfNroyZPcOwEua9bSr3mwU+i2ED+dCKcxG4/wAtmeK2PNOz0t0/F +umLHW9Zk8YZBVSq7sGZ77TBi7GHOVzR/3wWy0qXgVMSQXtmOoDCmd1B1pD/BOkBA +2iI4spRLiDPW3XVDeAGydYPPEIXtFax7ZCs4BhjT4witJ2110fddrAh6e48yU4Hn +ca5F+QD6hVvUgHmdM/9GMqYf2mMC8tqNQf33Ib148zIhtQN5OtDz/sce5Xj8rk0j +HUuZ3E0jViK72ZRnZD46CyIc99ZcLCAhsHZDaMTEDfWX8ToQzA+Ahyth0RMykwhX +6NPKvOw2VqRK+j6iyYvtDXLmcsR890dzHDJLfrJWCJ0scpeWFvlLkVhQaT3NEqEK +oUENBFf8zxfTQ7BksyV2ESTwu5xqfYeJ1g1FoTfL30+/W0003K7hoPQuU3ebj3wY +3mMrG0hgo0iM9wHk83WWt+fDYj09yptGWAgBQNOpRR/0EbwEd74C3UxZQtUmxwPz +YW2g1GWyEgtA76UJ00TuQHBGklcKtY0IbHKwjn7NwHbYWu67R7Le3+cj3LOVABEB +AAGJAjYEGAEIACAWIQQp9QF8ldnmCxsehAcHKw4LgxLf4wUCZDiAaAIbDAAKCRAH +Kw4LgxLf462sEACDweQr1ik35sbw3qlPn3b/d2UYBK+r8G3Pk1RhNra2rFtkRY8Y +rEAlFeYOCBplsyg8swIClPjKpqIEehMV4X2E0N6WpyPzuOgNP4OPAmJngUYM9uxr +kcVhYubgp2Hcxk5TkbvHIc31P5ItCl7UUYC3bXf32K5GVeOAxsZBS6elwdxlFteY +WKjkwoZklPPfce4ctG/phy8dnn+pFMFnyisFFp81R2P+ztdSDLm/U27d8g9cjcWK +mhZtGox4zf7250p+gIUnlnBdtXIWBaUFidha5qql0/iSsMrhu2m12XaLc5HiubYY +RNIHcCRitG0Qc/pWVjZAD/bqOTl4/M1AeN7qZ/8Y1II1tCdBZ1MGinKS/3aGjTn5 +RzvYrQeP7YTInyah7MpUTYoxI+VHHeD7hTy/y0GPZBtZ24B/s3ICuMemejILeI8M +aHj8FmBSXJ3dD8195QyONuQB5hNB3qGhc995KsDK3leCwJc3+MFLZPaEZnB+f+uo ++pdngVsKH2IAVOtJN+QULmuEFmiEGRAghJwxfA4M92Bn0jSa9KMyTsM41b3zdSVU +ipnn9FVX7RemSdF/z2SXAczwMLwVjai4j8b/U9O3oc0wrDF4QgrKKKIESlID/0Jf +QLwhRYHy03r2yENO9lEeTBaSF94HsN1UjrZtzpGx6QTGBohA2RrztXkosLgzBGWP +FicWCSsGAQQB2kcPAQEHQBlJ0lXDQnpcV7nR/MWPifi0WVTDPe0njjVIHNq/Z/xI +iQKtBBgBCAAgFiEEKfUBfJXZ5gsbHoQHBysOC4MS3+MFAmWPFicCGwIAgQkQBysO +C4MS3+N2IAQZFgoAHRYhBAA/2xaaamErUuSen5+R1096JyceBQJljxYnAAoJEJ+R +1096Jycejy0A/2BmBatOihlxnO1G0U5qy3eiFkzmYKhm9WEW+w461hjuAP40cTMS +xgnpUzUrsEs6+3Om7TLAa0VAqYLjA8NTVJs6AiPGEACuGgYn4uBzeXGLgHHUmLsY +25rOajs/zAZnQkMz1epMKJDZ658cIDKyjJ6mLkkBwHwARrMhb38AEphXgyuAtHMN +mEPRzABZutleW33KCk6zzVLyYVFBDWEI7hIFdNfJcJjXsDX0oGKB/oT5vlU25YgN +cBAC7q9PGfq/XkeFOz9j3UOXMuzTKmtrX28IiSPqk+IkzeL35otzrG1wsUPLDLRS +nlmwtnP4oQ50cUvTiDesk3QqPQn+2wPYakMydq7bvUcv/jakCADJq8Lsg4AmUxpQ +bZNj2Zu/j8g+0KYUTriuQpZHf+mjVoNzwxiDKobMvKNzyNrZwMnZhAcDnCXSHpZL +KnBcQGpsOjZicA9HodVRdU80DM46MSsncxAN+jwdHUOtCtONP059kF8JegwyevFS +1hY/6ZTMETtKckWbs2gMTEK48SXF3EQ2jMq8lbD9SccuEi6R19R5qiLwQBgUHawT +PcirlASclpR2zjLH1/MovxMFykCUUaQgGH0TjCe5X95Y7QdVgw6ocHkSFUsLN8V1 +L3UfOIobFFW6EuRg5urKpljoi20dYsAyorqye9q825RyuWa5oLDtqXshCuOzLy6O +BgnM2FIvUpxAFmlXlC9eG8bUChfqEakio68Iwl6LUQouDR9gprWcookZV716YBVC +/IKQxyKTQK+nas4pfaUhYw== +=in5n +-----END PGP PUBLIC KEY BLOCK----- From fbf7a9c3c49547f148d1655fd94d5dc5ff27aa7e Mon Sep 17 00:00:00 2001 From: Richie Cahill Date: Fri, 29 Dec 2023 14:18:27 -0500 Subject: [PATCH 06/11] added secrets.yaml fro richie --- users/richie/secrets.yaml | 60 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/users/richie/secrets.yaml b/users/richie/secrets.yaml index e69de29..48cc4c6 100644 --- a/users/richie/secrets.yaml +++ b/users/richie/secrets.yaml @@ -0,0 +1,60 @@ +richie: + user-password: ENC[AES256_GCM,data:gcQaaFXQJSXgYR6L,iv:rO7hXTuiCDt4UWnnYfQrhSBMrhU359tyCjSGFde60BA=,tag:yfbD+BItaMkZQ4balezzLA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvZ3lTRWRGb1FHSCtRR21u + ZldONWFsVUYyZGRmSHVkcXFNQzBEbW1IMFFvCnBVblJXdVZQdEhGSnhsbnRWZVVn + cyszaUszVlY1Y0c1NnlkZ20wSUtGNUkKLS0tIEhzRTV5alJHelI3c1NnbUVaOGZO + VEEyemgrVDhvQkhqQjdhYjlHaXd4MmsKW9XvJbDiJ4/eoPb4sGz6/fr7Hr7q3e+6 + UNoguO9UgbgXUMmjlBeRJwlMLu91eevct5pPyhrGsJYzar/3jnsnSA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2TEZwYkJrNjdzVmZDM0xO + REV0NEYvWmNJblNiTmJoOXhYQXNESmFDTVdRCkJYRU9GSk9qZnBiYTF0MEhPQ3hQ + YWNHQ3hPSEVqRnIyTUgxajRBWlZjRXcKLS0tIHVodFJ0RnhsVUwya29IdFFrS2FK + dmJ1MDZURzlzaUR4d29SSTc1SE5hVFkK+KKi1PiXNMa98otrLO87k3JmHSc37Dvv + IAZDB6umTlyYulfh1TQuC5GXXKEVBm8Bu3plk3Wi9uNoiC+nnXflBg== + -----END AGE ENCRYPTED FILE----- + - recipient: age13aqs2mx66dmnyd74sygnwavufv6a4pwnvcqj4ud4l94jk0tjgu6ss57slw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQem9YOTVhdzM0QzRVSWI2 + dERHMmR4Z1FMV0UyaE84S0RZdVhQOEhibVdBCmtCbnhkb3JPeUdrMDhVVXU1M01q + dTZpdmV5WjUyaENCNmxYUkMxVjdLWFEKLS0tIERHWFdSM2l0cUcrWHNGV1lTMkhj + Q0U1OUtUM1N4MGQyZnAwd1l5alVOSUUK9xe9xmC4zFpy7sukTzdHsQQjc3eFphXD + 2zx2PkAvHh5lN8k+ZRd9UvZG4olrIe9KwXfmIb+6i02HgVIhA94SWw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-12-29T19:13:11Z" + mac: ENC[AES256_GCM,data:47aPXQ6n7AvYuYpvhk7jWjeqQnjXsSShrcboiwLja5p+VIJsOUWYtNonq45Owtlo30eQE46wJK4IJLEl8AAdotYLrpqAb0d+ox4tZq/HgVRAqG7j7aLw846KpogTUeRHH577ieoWo82+70DT1+HIyO+qB44ZYuJ7TY3BUt0MX7Q=,iv:OxDzGBEr2xBiOvPl7iUK0mwsaqHrZ/pQVLdrdTSm9tM=,tag:/2vQLyL/WmR02kWO3GHGNA==,type:str] + pgp: + - created_at: "2023-12-29T19:12:08Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA29thaGx06tOAQ//bMYIEq2Iwerw6y06vvpC1GPCr+lqe96ascw8MRxzObYJ + DMW/ZK/BoTFDjIKcUfrKDUj/RU+qX2Q3YMYn5mzDWozLoquJLUDU9iMnD0hhjYmE + nayUvXH8r+mqqOA7hhhNoFim0QkVUNjdZaZ46k6iD6a3PYp1Hn/Lpc53kgnsYxxh + p/Qf5glo5IuShZAbgZHyLyj02YKTzPmItKX1Z5/nAx4oMjstv4eCABCauNM5QRoQ + f9HAUVJql3gce2CFbot28DG8zYwJKhcatfa2PjIYIb6xSpMg4VRCOM/UWRyqdes4 + C79QTovTE9+lbP3UBZXGPuHKwRrcbtLUIQYyujNrooXuymWAbzzrR8WmTHQRfuEt + ui6lwJzbxuRcnNF/fIZ2YUCRIlEzGkpJ3PvAqFBLT8Q3GuD8bVfcuulE4EwTTaYq + R/yRtOPRkXdYfLlc1WRzVSg/uRZyNSZXhMD+BUiXxDY1hdMnJ2Z9xBLB0fP+Edd7 + yGEbDO16EswZ4gJZviCPs4hWdB/kOKQAvREKomUBUN+d6uEgVGFM3y8xzLfqZUx9 + qHspGEpRxSJQruNt//hAFy8bQZCRaWS23Dn+YR95IiZKZIt4dipTaiZWRZXdN3TN + X18vR6fkbVLLlGzl5a/+PCV7N8tdPSD77IvgV3KzVG42XFG2CcJ1ut8l7zmmWTbS + XgHj8lYLbFh2cWBFb/F1dqnHeJ/tTSzTsqyn8jV8f7jKeieUBNMNHugTYDYzeY5j + bvrR4yhICJVYCVNaeRA04cFG0k3/krujqVJ2S5FDd3C25qdT5sJ2sBBcDman3hE= + =d8jh + -----END PGP MESSAGE----- + fp: 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3 + unencrypted_suffix: _unencrypted + version: 3.8.1 From 522b663fdf3abf79d3879c1890f262ea3d13fb30 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Fri, 29 Dec 2023 14:23:01 -0500 Subject: [PATCH 07/11] update keys Signed-off-by: ahuston-0 --- users/alice/secrets.yaml | 59 +++++++++++++++++++++++----------------- 1 file changed, 34 insertions(+), 25 deletions(-) diff --git a/users/alice/secrets.yaml b/users/alice/secrets.yaml index 5080118..d104a7b 100644 --- a/users/alice/secrets.yaml +++ b/users/alice/secrets.yaml @@ -6,45 +6,54 @@ sops: azure_kv: [] hc_vault: [] age: + - recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1di9UUkxaSVJLcmJyWlNw + LzE3R1RKQzd2QkwyV3JGYmF4M093WGpYRTBjCllKdk8rVmwxZEIzMjd1UkFNaFdO + aEJld3BxY25WWTU3R0VDZWlTdUtMb00KLS0tIDBUb2l6dUpOUE9wK1hTMzVFVzlX + NmxVTUkzdEtCMk12ZkN1Y0FwT2xad28K1mhtbCSVeLM6zHTSplvn5V7Jk01zRu0G + Mxsd+8RmdJx2mSyz+/XDQIwEL1626y5nlwoJFcNwx0mz+s0MPGJ6yA== + -----END AGE ENCRYPTED FILE----- - recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkZnlZNmFXVVFaSks5R0ds - SWtXTitBY1BmWHltVkxtanpaMkt5S1N4ZzBRCkpkQ2Z2Sld0U3BnVXIyZFNEUHdn - RDBaMklHZXk1VTk2ZUIxMGQrbkJZZ0kKLS0tIGVDQ2cxQ2d1TWptSUZCOW9BanlJ - UzNxS0I4NEdGcTNNdUcwamZTRDBXcVEKgin2jqp4tEBnKYnQF5Ki2Btt/+lP3zEJ - FlcK7rU3pe8AijwWx3Ybgzv/10/YOzDn6dL6MYwtB80ZFe6NOavBlQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtdWc1YVY3Mk5pSnNGL2Er + OWJWRWN4djN2NlhaRERRaEdqdlVpUkRvUkRnCms1dm80YVZjamZXTndMMFd0S3p6 + eGtWSlg4TGNzVk9GZFloNjFlbHF2QVkKLS0tIEdsUHJjNWtVQVpPT1M1SWt5ZVhY + SWcxei94Y1lReURjVjVDNWNSVEpRaHMK4TrinhjpUeeSfRYPiEyLRL7PsBcAevpU + bJorDQi64NeNxI8+yEVPQb+4Uewm5p8LqOFU9otWK6wTPwCRVSmueg== -----END AGE ENCRYPTED FILE----- - recipient: age13aqs2mx66dmnyd74sygnwavufv6a4pwnvcqj4ud4l94jk0tjgu6ss57slw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrUTN1UHlpeXBxYWtUQis0 - MDZFc3BPai9xWmVVWkRxdjNYNlo2R3IzbUNjCncyRlczNTdXcnpMMkxzdU5BTEs3 - NDVGb3ROL2xaWUthUDA5Y3V2c0Z4a1UKLS0tIEJYSHN3eEFBQ2JkK2tJZld5Y3Fz - aVZVTnBGNGpadFdVOFlTdkZ3TDJmSjAKF1d47FC7hCdLbqfzqK5LqB3xfMCpEU8R - XThuRWwRHWKqmG19K5GMaHMZp9sYVMW8dVPh/LG/3gbiMploUDmK0w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0VW1WUEw0eDlzTkpXdHd5 + R0tXUXJYRG1WeWIxQXUxVGU5NmcyTjd5dzNNCnoxdVpnbThtUFlpN1lSYjdYWHZQ + UitHd3ExTnZlUWgyZVNTUEdvSmczRzQKLS0tIEVZUml0ejJVOUlJb3RUVGx0V2hJ + THdwZG9QQ01mamYrclhHT2dQUXhIWTQK9fxQV7RDYij2aCdfgCufUToWgoais1KI + UQ7bPV0ZPhaBX4h2Q7kUk7FJwK5aGAsoBxf4KW4V78tSbz+XIyd3JQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2023-12-29T14:45:28Z" mac: ENC[AES256_GCM,data:kyE+9X3l0PjzcOsau1X1LmqSFpMLnQrQKldDVM/rrA/Hct+qP0iiapV6529HpCFOkguwtjD/V0d3XC/WlUnFubK2JPUBbYH/1Wa7xJhM577bENKhztTOCpQZGSREdyhEqpXiz6jf+a3ch50AMDY773meKf/1+y76NVBVPv5Cc7E=,iv:W0nvCEbF/kVoOM892EBrINWe/+2ts3jPLBa3Tjm4ULE=,tag:rcMVaWgmwIEXzCBzstfKmQ==,type:str] pgp: - - created_at: "2023-12-28T18:03:08Z" + - created_at: "2023-12-29T19:22:00Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA84hNUGIgI/nAQ/+OTWLMMznF7u83v2fDUjvRtG6Zf5dR1wsJjeYUFZzxQoF - wJwKPbOPNP4HuEIbvXANFfuuUEZNwq+czUPSPqjmeEjf3DfE/JcIzQ8J6AP7Q2b4 - OstgK5MGKo9/IXrIDUK2fRuwGaXKyq/TG2fP10ljTlXzMlfm9OZA71QPZYBpwtSe - 1lR3gDIpha1yYTQP0STsnusvQkbNyKHNiIwjmkitjgdkreLPqhXlfwievcYcwOCp - 8UKAqAWJIQVZfHAZJzDWcmnWPK+wR2/pjNKklgYLcSn961o5GMu+6Z64pP3c9BXh - GRogv1f3bvH1aDcP+cB0eaQCyDLFkWKbRgBWubyCGJbJFovzpHNmcYkrlwNmGXoe - 9yrUICQB52gMOSSNCIM39T/yWLOV9O/ga20BUwaoR4duvFNrxktmJXGBGMCfhR2p - y74vVhm54Lqw5hwW54eLq14qQzOGhDIyeuuboFGm2BAYgdp4gUmOqTDMWS8Vt1lU - oKJOEeT83h2cxXnb0hJ6IWLyEns37+/aB4LWIvnQOgq8yaYEVI4JksKsM+cLVQVZ - V3FKWZBTNvCZd6jiWjZdfd3q+Q9QbSQEg1DrKwNXQuF9DMrxg+3xyzQVMYpRbGKr - pfB6u1CB6jw/NdajgCyHLJN44QELfcWhqriLWP7uEz9jl8di5g5NCP0l+agJjNzS - XgEaZapnHWm3E2v+1IQ8xrMdTl9t/cRLtIG71Y+rz3DH6jtixNv9pZn7BNqdeKlR - K1wloUtBbLjgHwDvPIGiUB+dcrHPo2OQTVO5bgax8mAyKuPDKQBLjLsWn2+H6eI= - =8fVd + hQIMA84hNUGIgI/nARAAkukuQibWzzEQYmvp9z3f7wUq2vDAhAfE247gNaNwJknx + sY39C48o6VelCC2aD0VJ3X39t9aUzgKKF5+QEmyM1FMi/ulU5OoLvsAz1SkxaA0Q + QDYbCzwzVPNIxjcrdeLnj3GRM47ji9mpsLDWPOuA6ugDE2pp9epOnK9xddPRQs9J + /sEaYprJypETj2Dt9kUsjbm1vWkxtrMb4Zuop1gJ6p6LazeM01GkmGGf1UzkLYAk + 69QK8QF7S93QBXZvZe1xlsabGbd06yZU1AsSVdsd1rp0RxW2gwhYF9OPTwbyCnGh + zisT7nB0iPja9ZR2KMAWCgUi4A3xafYpJQg5HOvqrpFT90lKeP9aLm0fGMnB4dwc + 5BbT7VK8qI8yHSqtfGexbY9Q0lBIKu5Gx18oFi15RPkqwGisaBtUsSH+OADF4xei + Khhhvzu3Ov+2F4rIIFXt3i+smhpYbpwhk3RLNf0rZ8P3SqsnOnY7mgX1KflIt1Mu + tVisPtW2mCHl/iZEdlG9N/0TIBQ0cmUyxqFoLO0aTWWmOAjcU6YC5Iwmc0zktTvC + MD+82NGWzc8CbhjtXEXGv5BTQTCFSTe+Ptr8gJscuIeD8SbRTZmdt9rh9s3asiOz + /xJveWDLeBOR9hkr/ArzmLOd/H1E+Wca9wVZ9ZyuTgp6MPapHrMug6aMO39i/MbS + XgFPlJy8Ouu9F2R3nDhHaz4GDrtSfQibZ4AcchIQPq3tEJSn6IeC46zkNnHY4msL + N0Py3gaPolxCEMMtWNyxL4PqfVBXVV8S47ztae6OPC/21Cc9RPxA81gIqwctDSU= + =Xf3o -----END PGP MESSAGE----- fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82 unencrypted_suffix: _unencrypted From 4b93a75b0590b806f48cc8ad04ccce0162536f47 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Fri, 29 Dec 2023 14:25:01 -0500 Subject: [PATCH 08/11] add instructions Signed-off-by: ahuston-0 --- .sops.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.sops.yaml b/.sops.yaml index b623f8f..c4ed2b1 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -10,6 +10,9 @@ keys: - &photon age13aqs2mx66dmnyd74sygnwavufv6a4pwnvcqj4ud4l94jk0tjgu6ss57slw - &jeeves-jr age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh +# add new users by executing: sops users//secrets.yaml +# then have someone already in the repo run the below +# # update keys by executing: sops updatekeys secrets.yaml creation_rules: - path_regex: systems/jeeves-jr/secrets\.yaml$ @@ -64,4 +67,4 @@ creation_rules: age: - *jeeves-jr - *palatine-hill - - *photon \ No newline at end of file + - *photon From 4d336ef7a345f7ffd3c379256da9cb74810867ac Mon Sep 17 00:00:00 2001 From: Richie Cahill Date: Fri, 29 Dec 2023 14:48:16 -0500 Subject: [PATCH 09/11] removed invaled pool name --- systems/jeeves-jr/configuration.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/systems/jeeves-jr/configuration.nix b/systems/jeeves-jr/configuration.nix index cd7c14e..68b4cec 100644 --- a/systems/jeeves-jr/configuration.nix +++ b/systems/jeeves-jr/configuration.nix @@ -5,7 +5,8 @@ networking.hostId = "1beb3026"; boot = { - zfs.extraPools = [ "ZFS-primary" ]; + # TODO add pool name + zfs.extraPools = [ ]; filesystem = "zfs"; useSystemdBoot = true; }; From 91e3cb92b5928b07362bb44ab7d692f23d6da294 Mon Sep 17 00:00:00 2001 From: Dennis Wuitz Date: Fri, 29 Dec 2023 21:01:19 +0100 Subject: [PATCH 10/11] update secrets --- systems/jeeves-jr/secrets.yaml | 73 ++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 systems/jeeves-jr/secrets.yaml diff --git a/systems/jeeves-jr/secrets.yaml b/systems/jeeves-jr/secrets.yaml new file mode 100644 index 0000000..99abe5f --- /dev/null +++ b/systems/jeeves-jr/secrets.yaml @@ -0,0 +1,73 @@ +hello: ENC[AES256_GCM,data:y98ZcYZQSYP8GBFysKvD292lU1EPa0o/wV7EHPLelIIHl8bWE5Lz27KUsCnzNQ==,iv:zU9zBeNyAyiLs30ftxrATG/X/U7Z7euLqjDKmg0Lh7Y=,tag:MG61sKRBEvE7T/oWO3rGpA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDc0JiUzQvWlZoTk5yN1Y4 + WVdiVE96YzdFOUJmcENDN0YwajVQbWFtclFBCmMyc0J1aWIwYi9hZlk2aXNNbjJa + WXk4UWowV05MMkR6dWw4VTZlYXM3d1UKLS0tIGxXTEpRZUpMdEphN09XczVLajhB + Q2lVZndGa3p6ZWlBSzBJNlVEZmpuTFUKykfMMUhiVnpyU+Wuo+eHFrjfNjeq3byA + ktvpewY946v/rUBiyruaaOdCmL0U0Metc+m8gzTdbuTsM7EuY+cTyA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-12-29T20:01:04Z" + mac: ENC[AES256_GCM,data:9tUmPHyKY42lT1EfbDK7Es9MIdiR5A0rs/ST89baJMANGIN+oKQzkzDujG2WM8hxvgApl/GuIdy5ZBNZlUM0iYxFUd2a0UBDyjw+xTzWIuQr2/TuI8/cOgp04Kk+M9wNlLzE/dJAXsaqBo0EaHpfwKo/3/J53UfiIZrOtAZv+Qg=,iv:E79aJdvhkG2PfsO06QQa2Pzs3yiSHDARpZtM+uxiZJE=,tag:UwEcwBm22Ep2U2mhDgpQ0w==,type:str] + pgp: + - created_at: "2023-12-29T20:00:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQILA84hNUGIgI/nAQ/4/do2eDz0KPLhCY7MH0HCyf9m2tZXvOy7+2pqYxdrKtwP + H5+3O9R3iobBfksnaW8bTU2WK5t7OP4SlKYAeBi0uHoWVt8w/RcrZmVaItOlrDHA + 4ER64Izuc9ih6Ug/SOGvkE2NymUpPgsJ6YHyQESy8JdETr1swNOemlbgOYXgg1h2 + T7hLdEKQtnYNLMMsO8jZOcPlbCGM0PXZQrWN67kXlWJwkx6qls6XmuXDvAofIQ2C + +GiaR6RDrsa9eofe34TT/FJG2IlAfPnE1sCcy9EYgU+nw6xwMCNn/d7qMqMDZGw/ + xRMmnH5ujULsAohZFvCnmZue2BXkhSRrsuLePs4edOS1gm97qaPHQUv3vmDTCpWY + 581K0CaauIHq9Gz8zK999jJNFG0Hmi4w9nRajErC8QvzIymgvzbsJHXkVjzYJjT2 + NYZ3D/YKbu7zyt3EYLZ0wtHysjdYD9PUsg16X5XxNUV7EHGhUt6mpX+P/h13ZSMq + uwog7ByMUG70cQwqLpJFL40rFpq5mlK4JnonVN0+0PWy7LGxYM8q2WvylP6SDiZy + 3EqaqMlAwQsNO+7YStk7IonxoWZ6ff7fD8MtKZ/faBjmSzYsjl7F6o5HUd7APtV/ + /HMjbauqHomCoWEyfDNiDKu2lla1MM/wUEacgvpYbW5BAlZoxUtO1MXDRDpIKNJc + AR99EIS9Q1KBmfuzqHuIMrRBy4iHg1nHyvtj/Zh/2AjetnQgdDc5skPuHRL/Bo/2 + V8PrlL8j1AHrdL4id31drlLQS4zA0QiJj1gDT1fJgInSU29vPed3ZGDCKCU= + =BkkQ + -----END PGP MESSAGE----- + fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82 + - created_at: "2023-12-29T20:00:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DqDJbhoEBo+ISAQdApXkJrfSY9LoDQLwRS8ZVY63huJelc3KtOVccvM64kxUw + zhXvuT0ZGQA4PwpvZYK1NOu+T73S5khrbIDe9QzTveyKt6zOqxwK6tn22bs3DLAk + 1GYBCQIQKypNWKA8hJina5Dng/h/qA0ZmRJaAJJmQA/1uRFi582CpE+fzBsCjmNQ + 1x2YgfPRHobReKl0khPml7hMmLbdcVvaJ9vIb/gluazT1htu6Ozox/zEwHweUZmX + xozdi1jGYcw= + =n5SU + -----END PGP MESSAGE----- + fp: 8F79E6CD6434700615867480D11A514F5095BFA8 + - created_at: "2023-12-29T20:00:57Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA29thaGx06tOARAAmhgBXtcqr5bttn6DLFBqNWaLX34FgjTjHlogiKgX3WTv + ZOluzpxbS7jylBHC0cnbgjz9vWEgg3LVzglrlOHl35SX/E09eBn/qs8I7na3o+7K + WdmJG7j3VtYdNyu4BULjGmAUIZE75/aSiIPnIDR3PwKpY6LtKI/jhs69hhmiZ+2r + M3Q91Kk4M7CsqBMUXxFFUOD7r8ZlKfsAn80gpdb/pN8gp0U1pp5JkT9Kz2WjJkzK + /vf/5f7+/8OA/WFbuY488LVSuckHvGGDXjrmoLA78/agYaH1J6qTvar5eCvIetu9 + wU9cm6ieztHMOV0Nok46gYWWaKQkH6jmAVneYLAsvBm7QxEJGLlFGF5pUsniqx4A + PtDIw9EmKNnumnsHyfR+8qOgG/4/8AqPklEo9Dxsqcjj++EEvHN2lE9BwdqVNSw9 + ZHJ9DXhPKjwq7VD7jvBeElituUzvPb5aPruTL2AxjQ3h0cMj/QmegO5FtBDpRpnN + TpW2FGuayueEgJSV3YJVTJUwmtxgTkL2SMHgW80I7pAq85O4fKETIAR97DCEDPrH + jgI/EEjJg+PlfuAaqo2kgVgYyE6DVkDbIKgF2k8VNFX7XBmnN7xB4apVKx8nJXc+ + l7AbJiJy89giQpYWGE5A8fBrYMbvexLMfeKYtZR7t82gkNxOoKBOl0F2T+Ol+L7S + XAGgZuN612AlW9QhZCgjwIxFPK+MR2ff9hIZBVPqx4F45/Gooqxw1iCyitQwlgqL + bpTlKyuZbrgTVekV9vxnYhms6Uvyys1V9bUrKGgpV+9YS4Zfzh+5fN8wQ8Pw + =HVMH + -----END PGP MESSAGE----- + fp: 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3 + unencrypted_suffix: _unencrypted + version: 3.8.1 From 55b37120ec8e173d70c36d283d96431aa4eff5af Mon Sep 17 00:00:00 2001 From: Richie Cahill Date: Fri, 29 Dec 2023 15:02:48 -0500 Subject: [PATCH 11/11] added zpool name --- systems/jeeves-jr/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/jeeves-jr/configuration.nix b/systems/jeeves-jr/configuration.nix index 68b4cec..c836585 100644 --- a/systems/jeeves-jr/configuration.nix +++ b/systems/jeeves-jr/configuration.nix @@ -6,7 +6,7 @@ boot = { # TODO add pool name - zfs.extraPools = [ ]; + zfs.extraPools = [ "Main" ]; filesystem = "zfs"; useSystemdBoot = true; };