diff --git a/.sops.yaml b/.sops.yaml index 974a386..ee69f6c 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -22,6 +22,7 @@ keys: - &host_lupine-5 age199zkqq4jp4yc3d0hx2q0ksxdtp42xhmjsqwyngh8tswuck34ke3smrfyqu - &host_skrott age1lpkju2e053aaddpgsr4ef83epclf4c9tp4m98d35ft2fswr8p4tq2ua0mf - &host_ustetind age1hffjafs4slznksefmtqrlj7rdaqgzqncn4un938rhr053237ry8s3rs0v8 + - &host_skrot age1hzkvnktkr8t5gvtq0ccw69e44z5z6wf00n3xhk3hj24emf07je5s6q2evr creation_rules: # Global secrets @@ -147,3 +148,15 @@ creation_rules: - *user_vegardbm pgp: - *user_oysteikt + - path_regex: secrets/skrot/[^/]+\.yaml$ + key_groups: + - age: + - *host_skrot + - *user_danio + - *user_felixalb + - *user_pederbs_sopp + - *user_pederbs_nord + - *user_pederbs_bjarte + - *user_vegardbm + pgp: + - *user_oysteikt diff --git a/flake.nix b/flake.nix index 995dcf6..6322b6b 100644 --- a/flake.nix +++ b/flake.nix @@ -187,7 +187,9 @@ skrot = stableNixosConfig "skrot" { modules = [ inputs.disko.nixosModules.disko + inputs.dibbler.nixosModules.default ]; + overlays = [inputs.dibbler.overlays.default]; }; shark = stableNixosConfig "shark" { }; wenche = stableNixosConfig "wenche" { }; diff --git a/hosts/skrot/configuration.nix b/hosts/skrot/configuration.nix index 61c1221..5129ae1 100644 --- a/hosts/skrot/configuration.nix +++ b/hosts/skrot/configuration.nix @@ -1,7 +1,9 @@ { fp, lib, + config, values, + pkgs, ... }: @@ -13,6 +15,8 @@ (fp /base) ]; + sops.defaultSopsFile = fp /secrets/skrot/skrot.yaml; + systemd.network.networks."enp2s0" = values.defaultNetworkConfig // { matchConfig.Name = "enp2s0"; address = with values.hosts.skrot; [ @@ -21,5 +25,32 @@ ]; }; - system.stateVersion = "26.05"; # Did you read the comment? + sops.secrets = { + "dibbler/postgresql/password" = { + owner = "dibbler"; + group = "dibbler"; + }; + }; + + services.dibbler = { + enable = true; + kioskMode = false; + limitScreenWidth = 80; + limitScreenHeight = 42; + + settings = { + general.quit_allowed = false; + database = { + type = "postgresql"; + postgresql = { + username = "pvv_vv"; + dbname = "pvv_vv"; + host = "postgres.pvv.ntnu.no"; + password = config.sops.secrets."dibbler/postgresql/password".path; + }; + }; + }; + }; + + system.stateVersion = "25.11"; # Did you read the comment? Nah bro } diff --git a/secrets/skrot/skrot.yaml b/secrets/skrot/skrot.yaml new file mode 100644 index 0000000..21f7aba --- /dev/null +++ b/secrets/skrot/skrot.yaml @@ -0,0 +1,93 @@ +dibbler: + postgresql: + password: ENC[AES256_GCM,data:Cwu0YAyCB1rOSK5xpEOic6HWNjQ=,iv:eR3OQ482VHFq7KcjIzA0+kMVObVIzHlDVJY4FMRM154=,tag:0Djwf7rFyZ0kfe8F12SUgg==,type:str] +sops: + age: + - recipient: age1hzkvnktkr8t5gvtq0ccw69e44z5z6wf00n3xhk3hj24emf07je5s6q2evr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONDg0ejdDbUxReW80SmNx + MzV5MVRCdENwekNGaGZnNUN2TjZicm52UUZrCjEvZEpLaWVPUUNEU3RIRHNXQmNG + ZVJaaUNqYTN3S2VUaWVZUUNGeUhacGsKLS0tIFNDc1BsaFR6N1RIMW9WK2xHblF0 + V1RsejRiZE56clBSN2NPUVhDM2Q4K2MKLouvlu6ki9BM+8usEGoLLdhPFJlgNakw + +b736dl6QD9vXBY9nC/9U0AYtgRfPiVlUe4CuYtZM0zSpWSoLCwWyg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2NTkvMGZ4amtKYklvMTB1 + bWxiaUVkbUFjdEJtbDNsQkNhNFZNNWhucUJVCm9RVTc2cVVvbDZSNFJwbm90dWov + YnVmRG1qcmluWituelExd1VQK3dPU28KLS0tIDVuSUFDbFZITjh0Q2k5Vk83Kzla + TjBDdVZwNFRRUU4vb0k1OEFPZDI4LzAKuegMuRtzR6LIRk3EHkeeGMLvlyKZPtm3 + pJ2/3z2dLLzxmIvMS2zs2Gtdf/0EFl8KsdvH6SdmvpXV2JicRkwu/A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIeTh1d01XOEhxMFVJZXhH + MkIyZWE3eGRFazBWUUEvVXU2QnJwakZ4VFZ3CnB1ZVA1ZkNwU3dhZFRyQlZMWU9a + OGpxVWJZTDBlWEorcGdDcnRiUVIvWW8KLS0tIEhFS2I4NkV5L1BTVWpjU2Z5WDFX + clhUdHBGWjlET0VtNGRwcjQvczhtTVEKxoQNXzw1A5Jv3aPxuwSBKMGXxXIJIFr9 + wt/PZTkfeR1M5Z/SoQ773HkXzdv3If9g9Bes/qAFmKwYdZZdCGBm2w== + -----END AGE ENCRYPTED FILE----- + - recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIMmdoN2JrYWt0cGNXOWkz + YjRLdHBhc0pGSlcwbnlnR0tXVFBmZEJ1a1Z3CndpeVpKbWg3eVUrUUlSV2c1dXNO + SnVPMUFSWkF0R1ZzOEVUcGVPTXR2dGMKLS0tIG05UjBuamhlVkVrWHBmUjdmRFVF + Ukl6clVvM1BMNXhWTlNpQU1RMkxGTTAKEmjXEKtRLhSH5ObGAtzYNEN48ga0bNhB + 5yoOqAcHcg2Afd5vFWmwrn5EhKH7vqD69UcDDZQosLqx2Wqt181K8Q== + -----END AGE ENCRYPTED FILE----- + - recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIakZLbytvL2JyMUY0MXRv + eU1EZVQwVTdYU2N6cU5Zc01PSm9lQ2h5NWtjCks5MmNubXRmbmN4bkNxMHgyaGhh + SDRoOWFnZUQ3YS9FZ0VhM1NJbldjOXcKLS0tIDlrNlNrUWpiL1J6b09wem8wRHJM + NzFWbDZJWHUvMzcwaEw1YWtLd1ZDcGcKHWIlQrTolk86EpizwELuyJ16lc/DWxpa + 4OwXk5wy0JLbTssOm6Sk5oM4p/K/ucImuGWK1h15n9y6+xNiSkgWSw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArZDV3M283SEROVDlKS3pV + dG5qNU85QnlrYTk5eWFOK1NRVnN3RGdXRVRrCmk4UEZXYUlqclZGblc0Y2l1bXlI + eWQ4MzhzaHoyWXo2RzVvZ3ZvUVljWHMKLS0tIE1hOEp5dUNHZS83WSs0UnlvRTlL + Um5UdkxuZ1dwUGxqVC9hV2lkMFVVOEkKrS2hVTY87NLqtzCtiEyN2oD0EoAbQKWn + GZlT+Doqq69T68vHwtflv1/GUY9K9V6tYGtRaQw1Z2909GdJxqVdng== + -----END AGE ENCRYPTED FILE----- + - recipient: age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6anBHYXMyY0RBQTRWNW1C + QklPN3VKYmpYOUlFbGQ4ckN6VWNNa1AyY1RNClBITkFMYXorQjJBK0lzNGRkZDQz + YU84ZjJiSXliU05qUlhGSmpxT3RxNGcKLS0tIHlSU0RPREJaNlZ4VHBRd0czSFJF + dXl3cUJVRmU0dElBRVd1TjJQeU16aWcKWrYyTNBX827tD5Tk3s9VLvXjaz332EFa + oPnpiv7V5EMLPtA3FF/U8GiO8+/FsTbsTsHpkMPBv2AJLjmwhgXPVg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-02-10T19:46:45Z" + mac: ENC[AES256_GCM,data:Gz6+N/4svz3l+Jey3vpMV9MCSlbdf5IdZohVH7kyLY6x0zspJzYU257AQeYGOnFwqUt6PqFCdIQJv7QbaZv2OtnE+S+jU9D8e9r18ua56s2NCU49vCAedQyzWyZ+bsrAMAzskbwGAKX5YKaa4QCFbuBDVD8YpXDMsdJCOa5U/V0=,iv:STvRoWf2RUsa9VeBANtOM/mMVK5+4TqmdZuMLhVpBB4=,tag:Q15oLI6rCFNZrbQ/UqxcpA==,type:str] + pgp: + - created_at: "2026-02-10T19:44:48Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA0av/duuklWYARAA2kRHL3b7E8/2h2bhYyhcZ+g/x6f1xAHWBrvJDfK85K2w + /xsGmJsFj0xNaApyCE0Nimn0+FC9Qu2e01bgLg9MNnTCefyBjJ11uFKhztz5btV/ + +y4bqG9J+ufWlI+fVKOwgai2oEFg0DFBqmn9cQCVnr7yWLYwN9Ijshrbu9eWVQcm + lmloD3Tn4pvYUz91qUIYHM8zqJvXVHCc4dBeiE9XlW5/+hOn9VllEdEc4NZFMGfA + LBJ5CmTGtAUlWc+j9A36zFch/qA+pQocnlTHC2e5or5jISu/mPvsEBZVwfq58Rp7 + AKcwkjiT8/0c1wRWodMYpBIDB1kI4UCaUx5zURLg94Kt4E3vNnNAGckVAcoWfeLt + wlQSmM13lyMoMw3tl4rs7j+PA8mBp3V+uMp55klFTDoaoyIwee88J8B6ydFmrGh1 + 0KNwfraBY/oLkizxR9uZcX2SqZWxjm6uIOVt8Wbo9cO2+IebZGkZ6msyiaGFYD59 + THxVWDG9vMHUCy/3vJOiz0BiUSrD/vnRR4jDirMJD8phfHsjuBBdZmIf5RcfqRLE + rc0A/eiQp3dhe3RzqaItBmawIVMUY8ot8zANqauI3jo3+KjohBjM/cBDiqUBtz8t + NYwEZG5oXhvml2rT/Eox9L5BzGeQN7srEg7G6s1MvrbaJA1iIVbjxcxEc6/cA2/S + XgGP6AGgbsZrQQP16N9+3inKgFdC66mmv6nvoeLhMr9faAMLcBUSNUvfjOpJYNuT + ULvYqCIT3k9MweXgk/ZV1tnp7s4ZFkagt2L6XBUzCwykmh02IBP0NRBvMvYhgAQ= + =55HC + -----END PGP MESSAGE----- + fp: F7D37890228A907440E1FD4846B9228E814A2AAC + unencrypted_suffix: _unencrypted + version: 3.11.0