My configuration. Probably nothing to look for here.
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Motiejus Jakštys 247910a2f0 move to 23.05-small 2 weeks ago
hosts/hel1-a wip sops 2 months ago
secrets wip sops 2 months ago
.envrc formatting + remove obsolete gpgconv 2 months ago
.gitattributes Configure git repository for gpg file diff. 5 months ago
.gitignore make shell work 2 months ago
.sops.yaml wip sops 2 months ago
LICENSE add a license 2 months ago
README.md Update README 2 months ago
configuration.nix move to 23.05-small 2 weeks ago
data.nix wip2 sops 2 months ago
flake.lock jump to 23.05 2 weeks ago
flake.nix jump to 23.05 2 weeks ago
hardware-configuration.nix nix fmt . 2 months ago
krops.nix nix fmt . 2 months ago
nixpkgs.nix nix fmt . 2 months ago
yubikey-installer.nix fmt 2 months ago
zfs.nix nix fmt . 2 months ago

README.md

Config

This is an attempt to configure my NixOS servers with krops. Usage:

$ direnv allow .
$ nix-build ./krops.nix -A hel1a && ./result

There is probably nothing to look at here.

Upcoming flakes:

$ nix build .#deploy.nodes.hel1-a.profiles.system.path

Managing secrets

Encode a secret on host:

rage -e -r $(ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub) -o secret.age /etc/plaintext

Decode a secret on host (to test things out):

age -d -i <(sudo ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key) secret.age

If/when str4d/rage#379 is fixed, we can replace the above command to rage.