My configuration. Probably nothing to look for here.
Go to file
2023-04-19 06:12:16 +03:00
hosts/hel1-a wip sops 2023-04-06 23:16:17 +03:00
secrets wip sops 2023-04-06 23:16:17 +03:00
.envrc formatting + remove obsolete gpgconv 2023-04-14 22:55:39 +03:00
.gitattributes Configure git repository for gpg file diff. 2023-01-03 13:41:30 +02:00
.gitignore make shell work 2023-04-03 16:43:34 +03:00
.sops.yaml wip sops 2023-04-06 23:16:17 +03:00
configuration.nix remove ssh-to-age 2023-04-16 22:12:35 +03:00
data.nix wip2 sops 2023-04-05 23:19:56 +03:00
flake.lock nix flake update 2023-04-19 06:12:16 +03:00
flake.nix agenix + nix flake update 2023-04-14 14:15:43 +03:00
hardware-configuration.nix nix fmt . 2023-04-03 16:50:52 +03:00
krops.nix nix fmt . 2023-04-03 16:50:52 +03:00
LICENSE add a license 2023-04-13 23:50:42 +03:00
nixpkgs.nix nix fmt . 2023-04-03 16:50:52 +03:00
README.md Update README 2023-04-16 06:54:29 +03:00
yubikey-installer.nix fmt 2023-04-08 18:06:03 +03:00
zfs.nix nix fmt . 2023-04-03 16:50:52 +03:00

Config

This is an attempt to configure my NixOS servers with krops. Usage:

$ direnv allow .
$ nix-build ./krops.nix -A hel1a && ./result

There is probably nothing to look at here.

Upcoming flakes:

$ nix build .#deploy.nodes.hel1-a.profiles.system.path

Managing secrets

Encode a secret on host:

rage -e -r $(ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub) -o secret.age /etc/plaintext

Decode a secret on host (to test things out):

age -d -i <(sudo ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key) secret.age

If/when str4d/rage#379 is fixed, we can replace the above command to rage.