From 4f01013081269858e1149f6b2ecb8009e86c51b4 Mon Sep 17 00:00:00 2001 From: "Lennart J. Kurzweg (Nx2)" Date: Mon, 3 Jun 2024 23:52:44 +0200 Subject: [PATCH] sops ace + docker fix --- .sops.yaml | 2 ++ home-modules/helix.nix | 1 + sops-secrets.yaml | 53 +++++++++++++++++++++--------------- system-modules/docker.nix | 12 +++++++- system-modules/sshd.nix | 2 +- system-modules/syncthing.nix | 13 ++++----- system-modules/users.nix | 2 +- 7 files changed, 53 insertions(+), 32 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 4319e34..0dd93f8 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -5,11 +5,13 @@ keys: - &hosts: - &north age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e - &xps age1jvf2lyrt2dw9jfnwgvnhmj9fmvyq8vvtepqjpkyycc5dqkkd4edqhxsgv6 + - &ace age1jj7kfjw3e7rf9kwg5f87zf4ns6yr5465wcasanr9gcgwrq7c6dmq6gprgk creation_rules: - path_regex: sops-secrets.yaml$ key_groups: - age: - *north - *xps + - *ace pgp: - *nx2 diff --git a/home-modules/helix.nix b/home-modules/helix.nix index 7c46824..d8e41a0 100644 --- a/home-modules/helix.nix +++ b/home-modules/helix.nix @@ -6,6 +6,7 @@ nil # nix language server python311Packages.python-lsp-server lldb # debugger for llvm stuff + yaml-language-server # yaml ] ++ (with pkgs-unstable; [ helix ]); diff --git a/sops-secrets.yaml b/sops-secrets.yaml index 05c3142..e6cf28d 100644 --- a/sops-secrets.yaml +++ b/sops-secrets.yaml @@ -6,7 +6,7 @@ example: ENC[AES256_GCM,data:WH4=,iv:dQ7quTadSmPNi3F86Xfzne02CVMzyFipcrHYfHdKmf8 ssh: NxNORTH-ssh_host_ed25519_key: ENC[AES256_GCM,data:4zIDtZzL196XTXg4qxCXLDvk9cD7cBvuK01TB/5ZjQp51jvbDA4aNgujEcVtcBQbCi34TsKMHa3j4VAdfeGrt6hmPLb1krog6/qsqSyFV9u9pBq2EqBokC0JIM8j5xpYWsswxa7/IWWuKTuJA3SXVey2SxJWMCzEXhov54L068ObVMJeKpg8C1+Ax6AohTG+ntYrvxIDz06RxyddfV/OBY/EbUafiDsNCa3rJo5jvsDSErChpXqvP0zInWnQF0bSyvo2CCwzAhHrN+c7dYkZ4cRMIMTnbfx93Qi3soWzfXvyZZsPIRW6UcvNfvNLY3g5amkQzUCYTxgXfiJbpoUHv4EZybOfGTU9sS+2s73OfWzkeQpJDp3QYDGCIdEctFkJ1ntFhdL2XKKHsvMPIWuOHbBuE7dG7yNyzICRAaQH4MDIrDDywXloGC+J6Vwjte/ZiNOjZA1WUPpVhlABppM0XQNauRz+uXcF7JCSn8mj1KNaD0JM2AR9tlu6sDociLq3JyoJMXoNNhuM//zu0Ac9,iv:BGc1rCP9LHpYpIMY94tsEE+YltQBx4ZouOmHZlM7WlU=,tag:7DpI9vXJ1vkZjDj2UtQ/Ag==,type:str] NxXPS-ssh_host_ed25519_key: ENC[AES256_GCM,data:OOkbAOl8BYNBC0mv2LLyhXHiugnfp8ULM1H2upHD+D041MZeUjAvN+E7XaHuLHv1yddYvnT/CcX0yrn29mHzhlA/gEaOt7jr1n/pEPasOuxh476oSot6fIEkCbXCCEX3KF5t6Qr5y2Z8ZKiETRthqqcTxvYc/sy5ER+FPx3qqdnhWTQKi5wsXzYXqcAR8f8YyTDnHwxc98AC5MK1AEhIZ98eiJy8ifPIp3VVD3uVYtDYX1pT5hyntIa+LfvGi+Wk96rktEVO81HskKsDeif26fbnzqlqXvpwmkiH1IUTdp+8zJp9kXbL+W0S5RINmkmDT38+z2kNT9l6e2WOKwrL7hUoc6BV57QrtwxClQEZv6RuekX9DGI3pOP96ZNi7BZ7UwzmdkgK/suaGTtF/RgdccCs9FyBZfsYDNElMQqQBlXvXG/hnyIxHIPCLAnFEgFvkCtLOZjYH8Rp/BO5n53wOFkG884Wn615o98bD4CL17tLaIkoWtwUIpmJj5COqLWJvziCa2sEwvbWDfb35xzR,iv:MFIv7bXxyXDr8pQnVE/lAjQ69CnTPRr+out5/yRkeJk=,tag:++jnOAabbc/1ROerlwZn/g==,type:str] - NxACE-ssh_host_ed25519_key: ENC[AES256_GCM,data:1dh3SYzf,iv:tG5maEax2fke5bhdcdAoMp8AObKbs8kKI1p5akysu4g=,tag:JTDa1beKwTQ9ggwlkdpYtg==,type:str] + NxACE-ssh_host_ed25519_key: ENC[AES256_GCM,data:JKmM8r37mirblns6wAmP32GdG2JS5ob6J14Iuoy/mnE/DKzwA6pgZNESig6FsM96RbV9eDcL+gvnKic9TQvYSOsyd3htmIqppsGcCES/bniuVIqPWUpBa7Yd/TxcW3B/mpL3QtUYWqi0xY43wnExRZjsBwhjsL7iJpts2ge4hMKBNE7Jzp2GIZKQclbe7cEft/xiZ0g0zPH4bxH6UGGgEeZCzVjOMshlUhctM952EPsCJMMIXIN7Y4eGSw96ZkRj4U63Kq8t8z+qGfL1upJzF7LLgy/MDs68929hXCHV/qmxfS6vrdt4dDla/0u4Ds8fOCwutayfc1sYHaK/F6b1U7RZWjvSMAZonZqhs8p23LSL7+UkAmoFQXT3MPYTsYIa3YydMm9ctHxIVW+mP3YkIJ5xyO3WGD+X3GdpZqW56EppGt8HWh6swHlJXyBciBJiUgNHiSv8c5ruUAnE88ULjFwcSxwjTPrLB7/UWflnv+zDPhWHfCyQ1C8ckrEWM+Xvv01rkGr4k5DVonk92ez4,iv:UCvbO/9W9MlxQQlk2amvDuss0W9n9+YEGFKmU69C4QA=,tag:u0QlZQjbZMWB9DVP2bARIQ==,type:str] syncthing: NxNORTH: cert.pem: ENC[AES256_GCM,data:G/cFGWFRryPoSnxNw9QF8oMFmwSDNOYhpWDWqON9akjQISBco72BqN08k/J1GA+c/5+IkhZRqKJKZGt8UsuZPErLH3uLrMgqyMwcfoMWqf1Bv/dJWPkv2hk4vsVl1lrNLwgN5075tfDqLNhRO7NYGXbh0oaL4OjyQmkkgJov8omhnLE6K089gdRYaPlcbitReBuv6xTLnJ8LVWyZe7n31FoEcwrj7zKt6uMxTCUMyDs9ONgN+JwXcL/E4gZ+8PbFwmpW7eR2T5vw7Hw+1ZgzBEDqdiAE3wuDajfYXnXMd0DfBLPbPHmeLklXRcqFNWn3jW7NPLASivqxABWrjsNwpqZWZFA1z7GAsz9LGoal6jUQELBbQv0oCrsfvcRaD8xGNVUwRwHIkAjh0Ia5GZPUGRPeeyVpoLdH5NfZLjU2erB44L4ClxqR0lk0ovZ8i11M42wtJp6uErGIgTdOfd7Sg7fkIvfgIB0C1h3MC5KGR9xlz2rcOW5Lh5rBhzs+81LZXpW/dOXHktEFiWRn+FFjpInLno/V5wFJXpRrlytIvNO+SsJAhyWU6Cko7nQRQYT5HaTHQW+yTAUEmP6K6PcT5zCQax/F3E/j5TccNjPjvVpLs0weL7DUG/j+UOh64U2e1pLZnYt0ARXytcXcfy0ht8S0+aDiLZ+kZbY0BwsY8IsoB/8S9TtxR4WYzPr+U7ldgVNGTdDAUlldH1zjPQH8FMblYDC07TCZJR66RQDDYgC+g7AekP/CO6qaz8P2R+ghk5wuaVUCSqXWolXKzlo+VY/qUTRCbuAW4+s4y+rwVRLVfaZglyqXCkfCNwtE1lH5ZIkZIuVFBF9aRvgiuMYoBTpaCEie+md2P9nYqGm70il+vaKqQfThM/+1UX0C8BKkSL4yIswSHtaZKVeScPEtJg6+DqgdwZEQ8WLotdoNcI8qNFNTO+HSBfUYtudYKOkujgt9Dm6H1OCIB1Axbj3ukYufXhcSATNI/m5jGOWwf0RAV/JrWsdnvou5PSEVg97D2DjPuG3a2dVyTke5kszr7uqdrUfixA==,iv:2vhqS0MFm4IoSu5BFzimg+p2bDTIqeqgvBbhse2jcU4=,tag:sxUlLyhn3Jb0Z+kl6ohEQg==,type:str] @@ -15,8 +15,8 @@ syncthing: cert.pem: ENC[AES256_GCM,data:DQhlDJ99Qbbv+qq79w+rvZJApH51U7KzvCWgUb5D/MBEYYv4Gq7Srntn/BrZjfUBUQCtK91cR3lHsWtRI/QkBzOtMxJcO7GhEC6mlrJ6hkukmZ5Z/e4W+kUrVbgSqUqq2UB4fDGrBNRcli9vleRmtswMgzcPv207p8n0OyYypkAsgaDlxKbylpOLcF2BFXoIR+R6cpbis5nU3vMWJopEdzVDDgl6qW4gZXjTOPcWUJ96IGXKSuTBN1rbqMAI3e3D2u/aK+RTs0KKGmSfqWZkJFM1GJERAa6OHzgLLXftERl565aBBKMgxHi7G9Z4vTSYvsdBzOHqKsK0V/JL8AGsCtVcgM9F8GMYRGq7mSJEcRK7B5hY/zzVJZZ2acLSuUoN92c5R/ZvMwD465nqaemVuc4gP2nu6bqyLFuOYEkuajXRJJElhoegPxGVyVtQm66093pPUB0zFHfkhT5CbN/qyo6ubuj7J8FwR4eBFUPI5aDrKb9diSHduohh7lzB2y9w/JwiZC4JqGZIPh6hJ8U56mA5GxLaiPv00p1CIIZKKdEX1j0IKPXkyVytmcveOHFuJj+iw3ysPkOD2Z0pUAt0DCfSmhx1MSzbEk3KDL4Z1w0mcH+28IZQ277t6Rq9vWp1Bvv6OSw6qcKTl4YSVsFrdoFZbZVkd0UYkb17jk6dEXt2aDU2V5D29FhuQrStygEvA3mxKUT7SOAmcsWDSTnnyfEdO1t4/z/2rW+bWl2CqnOXhs8j+a+PMUw3zhIs7alx1hD9H6yEUY9AmIBXETco37fwzP0WrM+R6h4G+fPu6LBuk+Xdi3hda485Z2RVFhCRrZk/GJ/BNGHJ45OmXi08G/G0IhtBjJVavScnO8f2CLq/OMAwrgDeoX/Bdp5MegjfHcj9BpnqkI6j1c28P1/GbIg5QgWv9xJfDAsgCuziNZKzXhi1jEeo6jbcOc3nqJBJS3bbWLZrAkDPIscZyhAJrBs+Ay5R39v853MNOWTbdUMwqX5ksyBuM3E3fxaO97FFxfDXpL/LaSrgNvYsagm07DAHbbhXz1jQbDc=,iv:ABR974ZNDnWCzA0rcI86PPztX7/hZCadc2dhxJfrldg=,tag:9oAAMs12m8qMhTKai7p3ow==,type:str] key.pem: ENC[AES256_GCM,data:etNgxfryF0MJGX+X0guZKAaEh/PbaR9sVmbi7RikvL1okBUDxnVewOFuPQLKjDIpqhD8MIhUb4gdoWKq02MpqEvrlj3C+ffri8/8HLuwsm/vBniNvZHwdKyyWcodTUa5TpJt6nJMUzjJtKfv8u0dEEoQUbGN+nmWnJRSIczsWdw4RE30Hj/byiIWDZXmNtcXE5M6O7+buhqbmPpciFh6YjjofnJZ4KOD59Cmkl/KdGjaJUymsFMDmbDQsmeYmmzbfXuAZkW7C5KpBovAppLIn0m7H+ORyBK3wEZl+Hc9zK2pzKPb83qTclXkLQEx2Yfjdw6eK11IaqVBBSPPDgR0SZRwuPTlsoZqdlo1IUaKO77D8ARAohj+4X3JKfu0EeM6,iv:oGBk17V69Z/Nffc/pgqRoqsUFH7ZhCnQS3CR6uh4mQM=,tag:f4j2u6vr3tJpess37m46vw==,type:str] NxACE: - cert.pem: ENC[AES256_GCM,data:Hg==,iv:NWaLNrHid5jUvAuiXUj3Rm4QLtXQPG+7NTITA7DBtwI=,tag:HuyWANId50xpByZBWSyjYA==,type:str] - key.pem: ENC[AES256_GCM,data:/w==,iv:QHILq9oHJ0nK3Wwy9ClDIBpppgQmyFJHU+Cb+ReVEXE=,tag:i2uPgiNKDjSldcORBPaYVQ==,type:str] + cert.pem: ENC[AES256_GCM,data:EOa6EesESj1WPD7NYhNkMF9OsT+QeWNG6r4X3d6BO+ztWCel+UQUiWd2OnNbX9dDh6eNwK1pWa/T8hnj81UG+0iRuDGafGteB9XmzOUsnpd8tlGczkXV54MYDEnxSArZQSfZ/e3enLMb9C6z/iT0ldOFukW9nIjowtmTWLCZQlGE3YGlOmrW0Os+eFfZc33uBBTaqjCWEB/0wGJVQAg8cnHlUU0HPj6rpWJumkeQ/29b/J4yBNAI2qmXPAMVOHccJKzLY25yAdgIQ1gMz20DrUe/I0OlbP0bMmrkISkzERg4dpyGCJ1r50Q8P6+h4eCpBqi7RfWvY8sfsWtanzI1binszSNjtVS1Em4izF3z6LVcSmYN1pXCsC0AHxDveDwYEgVsSPCz4m0/LSUhfHoi6csk4mAwKJm1vCJZLv66q77fh1pKWbrbc0/F+sSQWuLcFF6EC7SD4lH371QVTp4xxWIQ5zTTS0BRcHq0DeZ3jVHqu3SxuJaJNwLSYKdrQMt5+FBmVrmgvO8TI5h6tXdTXvqR21qQhzlYmkU1VAzn12zMk6Zl7OWBD73GF2gQ+jgdG+4Rk2fLBzExKDPD0gbh4ybmNErq1UPKbK+2vivxxRuD0XUlYWWopqAOs9QKyhSjK5uUA+12MFFE5uiU5x1MLvzll/CgawVMdgXgPls/+Ut0LxbIzp4/H/6XOX1GtqpFLda3taDHLoYKyDMbWdUPZFQwn84adUk83h+Tgb0WaAA3bXw/vZlcGtaFt20k2z/iRc8LGflg73Bg0TX5Wghwr7Yu0t4K15it2pNtkmAzyEcZHKVSW9DQNHtv3E1djFhJuaA5qaL6fwb7M78f1///qtOIR4KJ9BAmtkLd0bWmsLDpFiea2WMwAaL3uKqLwB4K0WjBNvG0CkerZSPyUKbsRIgEkUAOJRWPbsx7rlvVxWziTBoUoH+vdLXhLAxKl9+CI9aTIyZlF7G7uBivYWGcgzBlUvqpyNOfVDryn+8L9LZM+o55dqPJT1rl27G0sPZRMdXqhG4IZqAfsYmSkufjIgLkcTjh/tJI93I=,iv:z7UMsU4VhWLJJZPP+hmqaOSaNy4k1PQhm5kJh6DrduA=,tag:h3sOf8TG0GNeCpPFpPXfSg==,type:str] + key.pem: ENC[AES256_GCM,data:zFgSrZelmXgTAm0Zl0HSTp+M4tLOQzksdYnA1NZPeu4R+mxMylilEtHzMp9zE7urz5gadjUEiguDBkfTOIzFeSLeUlXBDBWJhXf5JPZ403HES11qlIFdW8BPkzVC3X0N0KyydLdfhM0MAhZdyrRxn1ATc0ppvyqTpeN1rxNYMHTezRH9WMmKC9VS506rCIZrfOtEsuBpsxP6tTjOQ9AxuWV1z6/DRjv55U2EojZ/viM6sjGSsuDAYZQJBA7VQcNsw4PZu49OfA0czo7FbE6Gh6+TJ9PdMOUuo2/syH4yPBC7vqMECIBN4MHzhyoOTqcyZHIV5iJsZqTIbTN+CP72pPPrhs/a5K0GkyT0PPHVem+dGhyAJWQglSAlcK8kXWDP,iv:pzQOoQvFqoC3nIuGLNx97cCE7qO+PHCVw9G4K1mX2nk=,tag:zXUch/o/B97TlgHhAYUveA==,type:str] sops: kms: [] gcp_kms: [] @@ -26,34 +26,43 @@ sops: - recipient: age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrdkZKYWFJQ1Nyc1AxMktY - d3AyT2Zsc01ZUjNFdzBPU0srUnFzVklxNnkwCm9Pek4zVnBqNEZoZ1RlMmxibis1 - VW5vRHpPbENSbTl2cnl3a2JQNzlTelUKLS0tIEpUSHpwYytBT21BTWdWQlhHcFJt - SUIzR09xMmhWbzFOUlhmRUxHUWc1MU0KwXJtg+4bf1ao9x5tJU5fm9MUKYwz7GMz - dUua5Wy6DGgiGBLVTLxXaBjc6uRTNHHiRCdd4xja1apnh0dqkVsRIw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKM0tBcGRsbmNRUmpUdUJP + bGdQS3RaRENLTEVlZlZOMU5GeU9WTlBJSW00CjUwY010aTNVMW56SEZaTFZEd2E0 + TXh5TmtnMlU0Sm5uMk96cTJuSll2WU0KLS0tIExKY0hPNnZmeHV4czV1Qng5SkUr + VWl1U2dYT2VRVWRjaTFUNS9wVDdEMnMKNkkFBhfS0XH0Ekqoe/RYBuVzTSGKnvQe + LSchPODzUEBhmPOAE7rdIBfYu+Dx7MSyAuZBqHSkyj6wSjktjFmeVg== -----END AGE ENCRYPTED FILE----- - recipient: age1jvf2lyrt2dw9jfnwgvnhmj9fmvyq8vvtepqjpkyycc5dqkkd4edqhxsgv6 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjT283YjMrWFBWODQ2UU1x - T1djNW5HTUlRdWtPdGtJUjdVcUhOWEtzdkhnCmdOUVhTNzF6UzZpSTkvNUJFVDhF - WDZId2o3dkdHOG5QL05RaXpLNk0zZU0KLS0tIHUwT3BCOVZEYVR2YXc1UTZVdEp4 - NzBKelE5NENBczJIc28xVkVmU3FKWkUKBEyLzVMSlID+p/ZcpZiMzqXhHoQyBnbt - AJ/vc2SStdXtuKOzCj2cKm2HV3U0nBlp0AFSRsreQZ3nPYya8fryZQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJUGN2aVZOSWVwaFZFYVk4 + V3JyaFlIYXFabzN4cjRRb3d0MEJkSGZUL0hJClRUWXE1YURZTnZ5djM4QmlPSmd4 + TmZURE5EZFplZFhZZVo5Y1NMMGU4bncKLS0tIDVOTmpoanVHK1BtR3JGTlNyeUNw + Y3FtQzhjMG82dlBmakxoeWcvWHB0Sk0K1970jOatgLAC/eIgia7+NXnE8X7WzML+ + iYOdpBOD6vV1bxpKUHe434YmnNCEGH6btpssfmF+ge6RaS6rynPKmQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-03T16:42:49Z" - mac: ENC[AES256_GCM,data:pssDZOSjK8BY3i5aiJxmNfCX/L6zN+9U3QdQw6TEaLVWpcW8QjtAATh+/5z8G88ROQR/exW51C+saNrnuWsNU/oQ5MSC1r/9fbqjs6MLAHXS9Kl11xdzMw1KnIDRUB1tzPzL/WgqTnaRV5ND0mZdfbMqk7ivynjJGwqIjbhEybE=,iv:2wFVEL70D8zfKdYEnTV2qGC9MqTghpabzKnhF1ZOXow=,tag:CFZw6s4NttzCMv+mhUefTg==,type:str] + - recipient: age1jj7kfjw3e7rf9kwg5f87zf4ns6yr5465wcasanr9gcgwrq7c6dmq6gprgk + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFQkJyUHI3d053TWtjRFlR + TUlWVm9iK0IweGpZQXZUWUlHSmYrWkpEZ3lFCkN4bkQxTjhQdk00K1VMWWtMenFv + bVZXNGJheTFVR1V4cHdSWHA4aVNHTzQKLS0tIHJXUUJOWXM2NHRPVlQwb0FTeC9V + WlgwZFFRbE5PdnJVSGlOOW9zeEhTajQKB+x9mdS+VAJagsdr8DJiQM6WMoYmvzhp + KUa8HEtkMUKLtwm4tMjKcBEqZFv/sKXOMqDO5o35z1jKeErCnnxzIA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-03T19:04:51Z" + mac: ENC[AES256_GCM,data:4oE9N4llvpXW15FhQLJ4vl+9FQQoNF1BK/DrX9jymrUxc5QVqASLLWRMZqwfoYofn2JqXIuNpFgW+NpoRQjqzTaFNt2OSGWYMmT10t2yteM40fhfZrRAU+hwOm8QhnbJrVgUunO2S6USGqkyr+nhafQkGPmqIiqPeW8bQROSSwc=,iv:NWEuLtamkQIS84mEZNByYA6vBLVkfCsuNtkT1OmtqFE=,tag:O06xDZT+Tqd66H4s+JMf+w==,type:str] pgp: - - created_at: "2024-06-03T17:01:02Z" + - created_at: "2024-06-03T19:30:15Z" enc: |- -----BEGIN PGP MESSAGE----- - hF4DCvJ7ODFw5jQSAQdAoSxKmoTPq3yDgcXE3Dn6oS/yy/aHkFZEgQAR/UC7xwYw - 8Oqo6j5XATs/hoShbQRNPkLjtagmehW87qk2QckfiVH08MM3SZ8lhFTWs9/jsQSi - 1GgBCQIQqOSY+v/i1JWEPvXW/3nLRa1lvpnj8P6yYbRZQ6F3Dd+wgzAcmckko+M8 - x+T1x9XcKUtr1eEMhozzzy0hEMPCl7AzDIl7AUALnaCkT6Wxd9ce6NkEneMroHol - YK1GYaVYIR+cgw== - =DI3a + hF4DCvJ7ODFw5jQSAQdA6eOMCqmAKRaVZbBBWpyERU/SXe0aCWxTx+CL1GSkuUsw + Vj9R3IvD+yQUwbaBntD0Orf7aLUnDHr0jGxDrFcMbGkqBsqS2ewCtUavqSUw6A1u + 1GgBCQIQNcQCGpxX1Gzum/7HVsJE4JCaE4Dr2yQtdmUQhzxS3zTdc6xwUWSPPOZi + 5hXw4GZKN/MtiFyxAVRBaxsoPHhH3VaxJaXQ365E4TP+q8Urbk7V6aUFNKQs1+Xr + I/3GfobQh/FfZQ== + =ru2B -----END PGP MESSAGE----- fp: 22FB2CC03DC5292AB81CF67D0AF27B383170E634 unencrypted_suffix: _unencrypted diff --git a/system-modules/docker.nix b/system-modules/docker.nix index 9f85e5c..18c7dd1 100755 --- a/system-modules/docker.nix +++ b/system-modules/docker.nix @@ -3,8 +3,18 @@ { environment.systemPackages = with pkgs; [ lazydocker + docker-compose-language-service ]; - virtualisation.docker.enable = true; + virtualisation.docker = { + enable = true; + # daemon.settings = { + # vpnKitMaxPortIdleTime = 0; + # }; + }; users.users."${user}".extraGroups = [ "docker" ]; + networking.firewall.allowedTCPPorts = [ + 80 + 8384 + ]; } diff --git a/system-modules/sshd.nix b/system-modules/sshd.nix index a1578fc..dff0395 100644 --- a/system-modules/sshd.nix +++ b/system-modules/sshd.nix @@ -6,7 +6,7 @@ else if ( host == "NxXPS") then "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPf+08+t8a0lY2+nR1mhIU3vuksStiJOlojJjzCwFk7r root@NxXPS" else - ""; + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBFfZpWVPlujsz3FklSVAM+tuYn4pzDSijhp5CeYNOZk root@NxACE"; sops.secrets."ssh/${host}-ssh_host_ed25519_key" = { mode = "0600"; path = "/etc/ssh/ssh_host_ed25519_key.shadow"; diff --git a/system-modules/syncthing.nix b/system-modules/syncthing.nix index c397ce3..b3d3946 100644 --- a/system-modules/syncthing.nix +++ b/system-modules/syncthing.nix @@ -19,7 +19,6 @@ let dirs = { default = { name = "sync"; path = "/home/${user}/sync"; }; }; - cd = "/home/${user}/.config/syncthing"; in lib.mkIf (user != "tv") { @@ -33,11 +32,12 @@ lib.mkIf (user != "tv") enable = true; user = "${user}"; dataDir = "/home/${user}/.local/share/syncthing"; # useless ? - configDir = cd; + configDir = "/home/${user}/.config/syncthing"; key = config.sops.secrets."syncthing/${host}/key.pem".path; cert = config.sops.secrets."syncthing/${host}/cert.pem".path; overrideDevices = true; overrideFolders = true; + # guiAddress = "127.0.0.1:8384"; guiAddress = if ( host == "NxACE" ) then "0.0.0.0:8384" else "127.0.0.1:8384"; settings = { devices = with (builtins.mapAttrs conv devices); if (host == "NxXPS") then ( @@ -45,19 +45,18 @@ lib.mkIf (user != "tv") ) else if (host == "NxNORTH") then ( xps // ace // s21u ) else ( - north // xps // s21u // diane // daniel // tessa // georg + # north // xps // s21u // diane // daniel // tessa // georg + north // xps // s21u ); folders = with dirs; if (host == "NxXPS") then { "${default.name}" = { path = default.path; - devices = with devices; (justname [ north s21u ]); - # devices = with devices; (justname [ north ace s21u ]); + devices = with devices; (justname [ north ace s21u ]); }; } else if (host == "NxNORTH") then { "${default.name}" = { path = default.path; - devices = with devices; (justname [ s21u xps ]); - # devices = with devices; (justname [ xps ace s21u ]); + devices = with devices; (justname [ xps ace s21u ]); }; } else { "${default.name}" = { diff --git a/system-modules/users.nix b/system-modules/users.nix index 0783f8d..7ade1d9 100755 --- a/system-modules/users.nix +++ b/system-modules/users.nix @@ -8,7 +8,7 @@ extraGroups = [ "networkmanager" "wheel" "audio" "video" "docker" "libvirtd" "uinput" ]; useDefaultShell = true; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHzEtnN/GrgXK7yz+0z1x6rKHhYYQhTOFQ6c6Faz79g2 Nx2-ed25519-ssh-key" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID1RPCcS8DtIf75a2FEW4d8X6WTVeLlmretoLqppvZlJ" # From [A] GPG Sub Key ]; packages = with pkgs; []; # all in home.nix };