felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2026-02-11 20:50:03 +01:00
Code Issues Projects Releases Wiki Activity

sopsing

Browse Source
This commit is contained in:
System administrator
2026-02-10 20:52:52 +01:00
parent 7ba8b47d7d
commit 9048261756
4 changed files with 140 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
.sops.yaml
View File

@@ -22,6 +22,7 @@ keys:
- &host_lupine-5 age199zkqq4jp4yc3d0hx2q0ksxdtp42xhmjsqwyngh8tswuck34ke3smrfyqu - &host_lupine-5 age199zkqq4jp4yc3d0hx2q0ksxdtp42xhmjsqwyngh8tswuck34ke3smrfyqu
- &host_skrott age1lpkju2e053aaddpgsr4ef83epclf4c9tp4m98d35ft2fswr8p4tq2ua0mf - &host_skrott age1lpkju2e053aaddpgsr4ef83epclf4c9tp4m98d35ft2fswr8p4tq2ua0mf
- &host_ustetind age1hffjafs4slznksefmtqrlj7rdaqgzqncn4un938rhr053237ry8s3rs0v8 - &host_ustetind age1hffjafs4slznksefmtqrlj7rdaqgzqncn4un938rhr053237ry8s3rs0v8
- &host_skrot age1hzkvnktkr8t5gvtq0ccw69e44z5z6wf00n3xhk3hj24emf07je5s6q2evr
creation_rules: creation_rules:
# Global secrets # Global secrets
@@ -147,3 +148,15 @@ creation_rules:
- *user_vegardbm - *user_vegardbm
pgp: pgp:
- *user_oysteikt - *user_oysteikt
- path_regex: secrets/skrot/[^/]+\.yaml$
key_groups:
- age:
- *host_skrot
- *user_danio
- *user_felixalb
- *user_pederbs_sopp
- *user_pederbs_nord
- *user_pederbs_bjarte
- *user_vegardbm
pgp:
- *user_oysteikt

2
flake.nix
View File

@@ -187,7 +187,9 @@
skrot = stableNixosConfig "skrot" { skrot = stableNixosConfig "skrot" {
modules = [ modules = [
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
inputs.dibbler.nixosModules.default
]; ];
overlays = [inputs.dibbler.overlays.default];
}; };
shark = stableNixosConfig "shark" { }; shark = stableNixosConfig "shark" { };
wenche = stableNixosConfig "wenche" { }; wenche = stableNixosConfig "wenche" { };

33
hosts/skrot/configuration.nix
View File

@@ -1,7 +1,9 @@
{ {
fp, fp,
lib, lib,
config,
values, values,
pkgs,
... ...
}: }:
@@ -13,6 +15,8 @@
(fp /base) (fp /base)
]; ];
sops.defaultSopsFile = fp /secrets/skrot/skrot.yaml;
systemd.network.networks."enp2s0" = values.defaultNetworkConfig // { systemd.network.networks."enp2s0" = values.defaultNetworkConfig // {
matchConfig.Name = "enp2s0"; matchConfig.Name = "enp2s0";
address = with values.hosts.skrot; [ address = with values.hosts.skrot; [
@@ -21,5 +25,32 @@
]; ];
}; };
system.stateVersion = "26.05"; # Did you read the comment? sops.secrets = {
"dibbler/postgresql/password" = {
owner = "dibbler";
group = "dibbler";
};
};
services.dibbler = {
enable = true;
kioskMode = false;
limitScreenWidth = 80;
limitScreenHeight = 42;
settings = {
general.quit_allowed = false;
database = {
type = "postgresql";
postgresql = {
username = "pvv_vv";
dbname = "pvv_vv";
host = "postgres.pvv.ntnu.no";
password = config.sops.secrets."dibbler/postgresql/password".path;
};
};
};
};
system.stateVersion = "25.11"; # Did you read the comment? Nah bro
} }

93
secrets/skrot/skrot.yaml Normal file
View File

@@ -0,0 +1,93 @@
dibbler:
postgresql:
password: ENC[AES256_GCM,data:Cwu0YAyCB1rOSK5xpEOic6HWNjQ=,iv:eR3OQ482VHFq7KcjIzA0+kMVObVIzHlDVJY4FMRM154=,tag:0Djwf7rFyZ0kfe8F12SUgg==,type:str]
sops:
age:
- recipient: age1hzkvnktkr8t5gvtq0ccw69e44z5z6wf00n3xhk3hj24emf07je5s6q2evr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONDg0ejdDbUxReW80SmNx
MzV5MVRCdENwekNGaGZnNUN2TjZicm52UUZrCjEvZEpLaWVPUUNEU3RIRHNXQmNG
ZVJaaUNqYTN3S2VUaWVZUUNGeUhacGsKLS0tIFNDc1BsaFR6N1RIMW9WK2xHblF0
V1RsejRiZE56clBSN2NPUVhDM2Q4K2MKLouvlu6ki9BM+8usEGoLLdhPFJlgNakw
+b736dl6QD9vXBY9nC/9U0AYtgRfPiVlUe4CuYtZM0zSpWSoLCwWyg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2NTkvMGZ4amtKYklvMTB1
bWxiaUVkbUFjdEJtbDNsQkNhNFZNNWhucUJVCm9RVTc2cVVvbDZSNFJwbm90dWov
YnVmRG1qcmluWituelExd1VQK3dPU28KLS0tIDVuSUFDbFZITjh0Q2k5Vk83Kzla
TjBDdVZwNFRRUU4vb0k1OEFPZDI4LzAKuegMuRtzR6LIRk3EHkeeGMLvlyKZPtm3
pJ2/3z2dLLzxmIvMS2zs2Gtdf/0EFl8KsdvH6SdmvpXV2JicRkwu/A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIeTh1d01XOEhxMFVJZXhH
MkIyZWE3eGRFazBWUUEvVXU2QnJwakZ4VFZ3CnB1ZVA1ZkNwU3dhZFRyQlZMWU9a
OGpxVWJZTDBlWEorcGdDcnRiUVIvWW8KLS0tIEhFS2I4NkV5L1BTVWpjU2Z5WDFX
clhUdHBGWjlET0VtNGRwcjQvczhtTVEKxoQNXzw1A5Jv3aPxuwSBKMGXxXIJIFr9
wt/PZTkfeR1M5Z/SoQ773HkXzdv3If9g9Bes/qAFmKwYdZZdCGBm2w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIMmdoN2JrYWt0cGNXOWkz
YjRLdHBhc0pGSlcwbnlnR0tXVFBmZEJ1a1Z3CndpeVpKbWg3eVUrUUlSV2c1dXNO
SnVPMUFSWkF0R1ZzOEVUcGVPTXR2dGMKLS0tIG05UjBuamhlVkVrWHBmUjdmRFVF
Ukl6clVvM1BMNXhWTlNpQU1RMkxGTTAKEmjXEKtRLhSH5ObGAtzYNEN48ga0bNhB
5yoOqAcHcg2Afd5vFWmwrn5EhKH7vqD69UcDDZQosLqx2Wqt181K8Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIakZLbytvL2JyMUY0MXRv
eU1EZVQwVTdYU2N6cU5Zc01PSm9lQ2h5NWtjCks5MmNubXRmbmN4bkNxMHgyaGhh
SDRoOWFnZUQ3YS9FZ0VhM1NJbldjOXcKLS0tIDlrNlNrUWpiL1J6b09wem8wRHJM
NzFWbDZJWHUvMzcwaEw1YWtLd1ZDcGcKHWIlQrTolk86EpizwELuyJ16lc/DWxpa
4OwXk5wy0JLbTssOm6Sk5oM4p/K/ucImuGWK1h15n9y6+xNiSkgWSw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArZDV3M283SEROVDlKS3pV
dG5qNU85QnlrYTk5eWFOK1NRVnN3RGdXRVRrCmk4UEZXYUlqclZGblc0Y2l1bXlI
eWQ4MzhzaHoyWXo2RzVvZ3ZvUVljWHMKLS0tIE1hOEp5dUNHZS83WSs0UnlvRTlL
Um5UdkxuZ1dwUGxqVC9hV2lkMFVVOEkKrS2hVTY87NLqtzCtiEyN2oD0EoAbQKWn
GZlT+Doqq69T68vHwtflv1/GUY9K9V6tYGtRaQw1Z2909GdJxqVdng==
-----END AGE ENCRYPTED FILE-----
- recipient: age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6anBHYXMyY0RBQTRWNW1C
QklPN3VKYmpYOUlFbGQ4ckN6VWNNa1AyY1RNClBITkFMYXorQjJBK0lzNGRkZDQz
YU84ZjJiSXliU05qUlhGSmpxT3RxNGcKLS0tIHlSU0RPREJaNlZ4VHBRd0czSFJF
dXl3cUJVRmU0dElBRVd1TjJQeU16aWcKWrYyTNBX827tD5Tk3s9VLvXjaz332EFa
oPnpiv7V5EMLPtA3FF/U8GiO8+/FsTbsTsHpkMPBv2AJLjmwhgXPVg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-10T19:46:45Z"
mac: ENC[AES256_GCM,data:Gz6+N/4svz3l+Jey3vpMV9MCSlbdf5IdZohVH7kyLY6x0zspJzYU257AQeYGOnFwqUt6PqFCdIQJv7QbaZv2OtnE+S+jU9D8e9r18ua56s2NCU49vCAedQyzWyZ+bsrAMAzskbwGAKX5YKaa4QCFbuBDVD8YpXDMsdJCOa5U/V0=,iv:STvRoWf2RUsa9VeBANtOM/mMVK5+4TqmdZuMLhVpBB4=,tag:Q15oLI6rCFNZrbQ/UqxcpA==,type:str]
pgp:
- created_at: "2026-02-10T19:44:48Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA0av/duuklWYARAA2kRHL3b7E8/2h2bhYyhcZ+g/x6f1xAHWBrvJDfK85K2w
/xsGmJsFj0xNaApyCE0Nimn0+FC9Qu2e01bgLg9MNnTCefyBjJ11uFKhztz5btV/
+y4bqG9J+ufWlI+fVKOwgai2oEFg0DFBqmn9cQCVnr7yWLYwN9Ijshrbu9eWVQcm
lmloD3Tn4pvYUz91qUIYHM8zqJvXVHCc4dBeiE9XlW5/+hOn9VllEdEc4NZFMGfA
LBJ5CmTGtAUlWc+j9A36zFch/qA+pQocnlTHC2e5or5jISu/mPvsEBZVwfq58Rp7
AKcwkjiT8/0c1wRWodMYpBIDB1kI4UCaUx5zURLg94Kt4E3vNnNAGckVAcoWfeLt
wlQSmM13lyMoMw3tl4rs7j+PA8mBp3V+uMp55klFTDoaoyIwee88J8B6ydFmrGh1
0KNwfraBY/oLkizxR9uZcX2SqZWxjm6uIOVt8Wbo9cO2+IebZGkZ6msyiaGFYD59
THxVWDG9vMHUCy/3vJOiz0BiUSrD/vnRR4jDirMJD8phfHsjuBBdZmIf5RcfqRLE
rc0A/eiQp3dhe3RzqaItBmawIVMUY8ot8zANqauI3jo3+KjohBjM/cBDiqUBtz8t
NYwEZG5oXhvml2rT/Eox9L5BzGeQN7srEg7G6s1MvrbaJA1iIVbjxcxEc6/cA2/S
XgGP6AGgbsZrQQP16N9+3inKgFdC66mmv6nvoeLhMr9faAMLcBUSNUvfjOpJYNuT
ULvYqCIT3k9MweXgk/ZV1tnp7s4ZFkagt2L6XBUzCwykmh02IBP0NRBvMvYhgAQ=
=55HC
-----END PGP MESSAGE-----
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
unencrypted_suffix: _unencrypted
version: 3.11.0