D hosts/social/default.nix => hosts/social/default.nix +0 -17
@@ 1,17 0,0 @@
-{config, ...}: {
- sops.secrets.rootPwd.neededForUsers = true;
- sops.secrets.liljamoPwd.neededForUsers = true;
-
- roles.base = {
- root.hashedPasswordFile = config.sops.secrets.rootPwd.path;
- primaryUser = {
- username = "liljamo";
- hashedPasswordFile = config.sops.secrets.liljamoPwd.path;
- };
- };
-
- roles.tailscale = {
- enable = true;
- enableSSH = true;
- };
-}
M lxc/flake.lock => lxc/flake.lock +17 -0
@@ 96,6 96,22 @@
"type": "github"
}
},
+ "nixpkgs-unstable": {
+ "locked": {
+ "lastModified": 1731139594,
+ "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=",
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nixos",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
"nixpkgs_2": {
"locked": {
"lastModified": 1730327045,
@@ 133,6 149,7 @@
"flake-parts": "flake-parts",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_2",
+ "nixpkgs-unstable": "nixpkgs-unstable",
"sops-nix": "sops-nix"
}
},
M lxc/flake.nix => lxc/flake.nix +1 -0
@@ 1,6 1,7 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
+ nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
flake-parts.url = "github:hercules-ci/flake-parts";
nixos-generators.url = "github:nix-community/nixos-generators";
M lxc/hosts/default.nix => lxc/hosts/default.nix +5 -0
@@ 14,4 14,9 @@ profiles: {
profile = profiles.generic;
modules = [];
};
+ social = {
+ system = "x86_64-linux";
+ profile = profiles.generic;
+ modules = [];
+ };
}
R systems/hosts/social/default.nix => lxc/hosts/social/default.nix +4 -0
@@ 8,6 8,10 @@
akkomaPort = 4000;
conduitPort = 6167;
in {
+ sops.secrets.rootPwd.neededForUsers = true;
+
+ roles.base.root.hashedPasswordFile = config.sops.secrets.rootPwd.path;
+
networking.firewall.allowedTCPPorts = [akkomaPort conduitPort];
services.postgresql = {
M secrets/social/secrets.yaml => secrets/social/secrets.yaml +3 -4
@@ 1,5 1,4 @@
-rootPwd: ENC[AES256_GCM,data:p41kSprRdol5rfaQ83t2upxKLZL0JnZzpdxIZV7YyX5RPd0Ot8HKMe/FfHWIhO+1T49PTLYOGN3ptQ4S2bq+C+qhBK1B0UCJ86wioObwcPsDzcv3M7xu3T4NVO+921RFrwD0zo8AVFhO6w==,iv:1amFJJyDV8H8vEB49oJsxlXsDIUcHr9gAbbwoCNYsZg=,tag:PpwZdDBlQmTGaQNv5YnGig==,type:str]
-liljamoPwd: ENC[AES256_GCM,data:RXVqEBUxJV45CaKNMpAXbdh42uf5NQvWqlZennxW12+5Wo16kxtEdR7kZxyWmyQP4XJovf5iqVQoNMf7pq6b8kD9ZILo85nfMXgHpJN8sGB2otZ35Bih/gX+taSfQMi7/oYPtUgwtJVl3Q==,iv:GUzyIahXxn3gIHKJxnId42ibojaCGBhC+PVQIN4MrOc=,tag:TKEAyon/qPXzUc8JP4V/qg==,type:str]
+rootPwd: ENC[AES256_GCM,data:SKF/HvZAOVSAoxZJsDNHBLQQ62zvMs2c4iWVLOvLNeVgdnqgCNRnBKqzAHHErLnqzMlYtVNwBY+9vzNLeVzKOUDLYg0XKmk0FCARycQg2SdcsyzeBT58JH0BzbbZfyQnNEY44lJ68fcm9g==,iv:N9zUazBoJ7VZo1cw3Xe01oX/p/xHviHxiWUocAeezHM=,tag:ZQ/3I5F4jqG+Dua2sTp3nA==,type:str]
sops:
kms: []
gcp_kms: []
@@ 15,8 14,8 @@ sops:
dVdhQldtS0F4L2RlazZwS2EwRkhzM0EKNbErU+f1mjgDIl34aCrQFIHpNneVLYHT
MpilN6Pqlddi5iVSXwgcgV24oMFQgqsLDRVynk848YsLGj7JLLCyxg==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2024-09-05T17:46:17Z"
- mac: ENC[AES256_GCM,data:ku53/0KQIpnjCsZZaDDsEJhW72woyEQ72yft0gNgvbBKa2yTMuGJAtTMX0+H6K0TcD+ft2I9PLaruSrVzg3885j4bwCo5SaGDAD1Bwk6XAsPII7aHunofl2WJIby5YLw9xeRzzD3Am7jaY1fqrP/3XcVCOjjoic2PnF8w7XKlNk=,iv:CGbsgINu+d24mT1IaNq2uN7WFw4dgiXF8ifRG41LuzI=,tag:UijnxyMdvAXZk/dqkS3Jxg==,type:str]
+ lastmodified: "2024-11-13T15:53:35Z"
+ mac: ENC[AES256_GCM,data:540Kxydze5a8CsTwflaXwd7Qu8uWEhdv67R7Pynx0JDH3aBiI51fvUt0xfkO+T6qKd6oD9GumxWNupdVfimj0/rbesCGW6HAq+qzixoTAzCnztrAKe+D6MYYfBBeUXJ9+ZU85AnSkOuJhGH6HxQl18Vwr6BjuahAAKZcGeVGMyA=,iv:tvTQg8SVS8PL3keZqdeBY8cE/V/H/bJgq2hXH3M1tgg=,tag:ez9fxR7uC7pXRHEYwFl3Ug==,type:str]
pgp:
- created_at: "2024-09-05T17:45:06Z"
enc: |-
M systems/hosts/default.nix => systems/hosts/default.nix +0 -5
@@ 32,9 32,4 @@
profile = lxc;
modules = [];
};
- social = {
- system = "x86_64-linux";
- profile = lxc;
- modules = [];
- };
}