SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 14:01:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: SebastianStork:c8db179bda254cb03b9c713e2bf4e690f3475051
Branches Tags
SebastianStork:main
SebastianStork:develop
..
compare: SebastianStork:435a70a4e926cc646ff1095c967409c3eda125d2
Branches Tags
SebastianStork:main
SebastianStork:develop

No commits in common. "c8db179bda254cb03b9c713e2bf4e690f3475051" and "435a70a4e926cc646ff1095c967409c3eda125d2" have entirely different histories.
c8db179bda ... 435a70a4e9

6 changed files with 13 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

6
flake-parts/install-anywhere.nix
View file

@ -8,7 +8,9 @@ _: {
runtimeInputs = [
pkgs.sops
pkgs.ssh-to-age
pkgs.bitwarden-cli
pkgs.jq
];
text = ''
@ -38,10 +40,10 @@ _: {
sed -i -E "s|(agePublicKey\s*=\s*\")[^\"]*(\";)|\1$new_age_key\2|" "hosts/$host/default.nix"
echo "==> Updating SOPS secrets..."
if BW_SESSION="$(bw unlock --raw || bw login --raw)"; then
if BW_SESSION="$(bw login --raw)"; then
export BW_SESSION
fi
SOPS_AGE_KEY="$(bw get notes 'admin age-key')"
SOPS_AGE_KEY="$(bw get item 'admin age-key' | jq -r '.notes')"
export SOPS_AGE_KEY
SOPS_CONFIG="$(nix build .#sops-config --print-out-paths)"
export SOPS_CONFIG

9
flake-parts/sops.nix
View file

@ -47,12 +47,15 @@
pkgs.ssh-to-age
];
nativeBuildInputs = [ pkgs.bitwarden-cli ];
nativeBuildInputs = [
pkgs.bitwarden-cli
pkgs.jq
];
shellHook = ''
if BW_SESSION="$(bw unlock --raw || bw login --raw)"; then
if BW_SESSION="$(bw login --raw)"; then
export BW_SESSION
fi
SOPS_AGE_KEY="$(bw get notes 'admin age-key')"
SOPS_AGE_KEY="$(bw get item 'admin age-key' | jq -r '.notes')"
export SOPS_AGE_KEY
SOPS_CONFIG="${self'.packages.sops-config}"
export SOPS_CONFIG

4
hosts/laptop/default.nix
View file

@ -36,10 +36,6 @@
enable = true;
ssh.enable = true;
};
nebula.node = {
enable = true;
address = "10.254.250.3";
};
syncthing = {
enable = true;
deviceId = "Q4YPD3V-GXZPHSN-PT5X4PU-FBG4GX2-IASBX75-7NYMG75-4EJHBMZ-4WGDDAP";

6
hosts/laptop/keys/nebula.crt
View file

@ -1,6 +0,0 @@
-----BEGIN NEBULA CERTIFICATE V2-----
MIGloD+ABmxhcHRvcKEHBAUK/voDGIUEaUsu2oYEayh99IcgFUP+GVuq3tcsxWoM
TgOEhDMlEFpe1AjCbmBFMjtzRWiCIDQsjID+DOXgSXkAkkIySZqpe8qDwc/RSe9/
rUqoGr07g0DDH0+/63YpveHA2JKKvl8T5/1kPm2Tp4SKLLy6i5g01dw4QSwaRGlW
nrPxsi9gbci2Jdw2AiOZmshHA7tJOpoL
-----END NEBULA CERTIFICATE V2-----

3
hosts/laptop/keys/nebula.pub
View file

@ -1,3 +0,0 @@
-----BEGIN NEBULA X25519 PUBLIC KEY-----
NCyMgP4M5eBJeQCSQjJJmql7yoPBz9FJ73+tSqgavTs=
-----END NEBULA X25519 PUBLIC KEY-----

9
hosts/laptop/secrets.json
View file

@ -14,9 +14,6 @@
"cert": "ENC[AES256_GCM,data:laxunEiRygs7Bq2TYCQSakI2piTb2Qwat+ltKT6bjd3RdZ7/HGJOkP+ogubH07VEzebL3KMUFzTL+q3Nuo39wzprktAtgX1bF46p2HEf5eIHwYwzPMOS7pKilCLX1zNpwS9jEcjrIzI1pv2Qc7XhE7N2nzEEu8lJt+n3xKzSuQZo9hhHcQI/WjuI+8dSDkLGi3QgyVj8XB0eAixprjNU5G3aEG79v+qamTDMJz91joH1yhyU71cxsZNRDSElIRnZnGUD04VrHBqkaU5JEv5LTOnvrId8V3KoIEAZiWTkWq/NQIKkjo7BPzTb3P6yAAvCisIwnpuPT6tILCCVycvJ7q0wAJAgJqf8jJhyuLXf+6vhT6e7XvuItJratMoDO1ncMJ4u44i9713XBl5bUM9QJ4PirtbRxrJ9HqaujOiBLiPc5oFYxvOr/e6K59aBsnDS/KsO3rNbe5SBttbP5LLvq6/ZhlvUls6SifLp9isr1hbEAKk9C43LNzjxv7DxpaPsauagUX3yBkT9qftgzMBO6yF0t0K1N2y5Zj0vDGK2wPz9sJWL0FAVLG7eiknEhdAEVDWNCySqy6en7vYTLGZbstTNmHUvTzAGe7ckw+0VsFMgpRYyFHWKJ9v8CUGomcgIr7uix4rJPgVRGq5qthWjPLmVNXwgz5D6Y+I5vS/UGaLs1LFKR3lzuHWUo3d3wO5TQXfEr1Gfu/ZnZlGPNhtBEeV616oa0/5WYG3yND77Ipvt77ZY5TNNhWJtqyUlu6xiRS3QpmpPl8MiCHnTJSf9WzkOQAVzjJkaVRODSp12NP8IAmXCc/6vGosLDuJkH9JWj1gxkrN00nryPCHYcDgGGeLl/gHVCovHPAzAvW3s32JNHAMZvOS0T6n/8LmuiigV4cAtTxgb4dYphGVT9M/IBUjVwADdSR5GsSjcng6BVwNMlhcirArdgpmqzwzpHbchrQ7waBWPwBWhxjMqsSu9IjEg6hakMg+A1nyH+7kB2YR6ewkXYP2lcO6RUzg45R1T+ri/HApeT+6eucPhnm/VXqBkQahQjrf1Rrg=,iv:W82k3U5tBcGfuSsrY/4RpQmpbw2jYn8NuXKRluB3fyg=,tag:iM+WSkSE/LjEA+rlp1GGkQ==,type:str]",
"key": "ENC[AES256_GCM,data:C7IWbdaPNYa/TmqOK0BbU5xTk+0EbF3CrWHXYLFW4XdbvAzprITW/xD0jJhCBd/jTnWdmoEdbwdLF4BnYYXhBZcyMZALtfT5sKMk82vAoasTvZLDqBxm0CIA5npXjw+OhpI5a031BNXHaFBoN7cmfwZWmzEN9BwgHwlpExKGDXY/NWThTYp6b2HhWujCA5dTMTrrFOzxu/Wmh3Zv7GhYnnRhtCNONWzKMlSehlSC4R6ERrBG2khxXoPbyerwhhmPSpKbsnknPYcc4hkU4MuSF5zbgD/1m0PMVmSDBY3z1N7WwKO8dqcKETzyaqQ8fjiLuChT85q+mzz/btyXqOJi6pmV6vAcsNIogEMZ4E9va1TbD7vkESruIPrhf5XB1HVx,iv:4GFnhwE+Bp6JmqV6w3s7kd9usNh5eFAKqGR6vk5SSVA=,tag:lrvxVWVG2WBLVrLehao8ng==,type:str]"
},
"nebula": {
"host-key": "ENC[AES256_GCM,data:bj+rc2zDOWvQODR7fggh9IfVbqhKx0ejTT519ZRrrwJuQWCqno4g2LC9CvD1fStktl3jqtKtvP5XM4PkNRCtzTVmyQaQ7XJDQpUHd4O6o6mLOJFa4Hr72PGSTU/5cyALe/28sLIDLR183U1se3tPbSykZWt8OJA/eA2LXNuumw==,iv:jpMP9Asa0xaTvm+kaMim9CuGkje4gdTn5es6l/52Y1A=,tag:NsRz9Svswa2soH7YINPQ6w==,type:str]"
},
"sops": {
"age": [
{
@ -28,9 +25,9 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPM1k5U2pCM0JkKytwSE16\nek1zdVVuQjdKS1MyZ29xSUZkK1FId2JVZ0dFCng5bjV3SGlGRHdvaHkvWnNQcWpk\ndGlMbWl6STdERmtHeXVMYTJ6NjQzSU0KLS0tIFBza3d4eVlsVHB3YS9ySUNFMjUx\neUkwQlExdGNwWU1hbHlzS0RkS3NLbFkKLiP/N/5jOnsQhRCOkZ/BieX3OLJOq82e\ngp57skqFeG0k22sPpbgOS0Uz7jckv7/C3kFpuwXQGpEHdzp3QZ+Owg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-12-23T23:35:27Z",
"mac": "ENC[AES256_GCM,data:+4U7yeb/0mDHuVz/DcGzg3whECVm3HJChE/T1NNJKCkbc1lkdIfLvI7p68IBe5QtkTsGtm2pGqJn8ztbOCAJJ1feoZyHMdcDqGbJG+IpDSrPRdmwqvey5CGtrGgIdgW0vZUMCCywmbASzEmsVoFvOzBp5GAxeJsJZRuPU8ditRc=,iv:dkqg3210wXfVAjXPmXYkerLJX14muxeKPMKU65PrKMc=,tag:TPbzWHamgoVBbAyshiRahg==,type:str]",
"lastmodified": "2025-10-11T15:48:45Z",
"mac": "ENC[AES256_GCM,data:vhDLrAXe7RuLiHREyjV2LVkPzRqOpQ1LCOKW1Rd0UWVRxo0NY2UeZ5gSEFRDLAeJ/mQZcJkXS89GFnLlIoniN44xAesEq/G0KC58oTioQ25GGbmWMkjsGihJ3L0ydwmckURFSBQloP7Oa1DcSllUljZ67e5kDBXnoTtfyWy2rWg=,iv:8GXxKP6YR0wH3/5AN5VUPRCxdv5pzqgxdYOkYU1ICe0=,tag:mGc45QcR0ljkI/ifR5u4sg==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.11.0"
"version": "3.10.2"
}
}