From 2e45e26a2862a5669776e41021ca31119937ef67 Mon Sep 17 00:00:00 2001
From: Jonni Liljamo <jonni@liljamo.com>
Date: Wed, 13 Nov 2024 17:57:47 +0200
Subject: [PATCH] feat: move social

---
 hosts/social/default.nix                  | 17 -----------------
 lxc/flake.lock                            | 17 +++++++++++++++++
 lxc/flake.nix                             |  1 +
 lxc/hosts/default.nix                     |  5 +++++
 {systems => lxc}/hosts/social/default.nix |  4 ++++
 secrets/social/secrets.yaml               |  7 +++----
 systems/hosts/default.nix                 |  5 -----
 7 files changed, 30 insertions(+), 26 deletions(-)
 delete mode 100644 hosts/social/default.nix
 rename {systems => lxc}/hosts/social/default.nix (94%)

diff --git a/hosts/social/default.nix b/hosts/social/default.nix
deleted file mode 100644
index d840393..0000000
--- a/hosts/social/default.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{config, ...}: {
-  sops.secrets.rootPwd.neededForUsers = true;
-  sops.secrets.liljamoPwd.neededForUsers = true;
-
-  roles.base = {
-    root.hashedPasswordFile = config.sops.secrets.rootPwd.path;
-    primaryUser = {
-      username = "liljamo";
-      hashedPasswordFile = config.sops.secrets.liljamoPwd.path;
-    };
-  };
-
-  roles.tailscale = {
-    enable = true;
-    enableSSH = true;
-  };
-}
diff --git a/lxc/flake.lock b/lxc/flake.lock
index 0b612fd..b5dce9a 100644
--- a/lxc/flake.lock
+++ b/lxc/flake.lock
@@ -96,6 +96,22 @@
         "type": "github"
       }
     },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1731139594,
+        "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nixpkgs_2": {
       "locked": {
         "lastModified": 1730327045,
@@ -133,6 +149,7 @@
         "flake-parts": "flake-parts",
         "nixos-generators": "nixos-generators",
         "nixpkgs": "nixpkgs_2",
+        "nixpkgs-unstable": "nixpkgs-unstable",
         "sops-nix": "sops-nix"
       }
     },
diff --git a/lxc/flake.nix b/lxc/flake.nix
index 021beb7..7c96e3c 100644
--- a/lxc/flake.nix
+++ b/lxc/flake.nix
@@ -1,6 +1,7 @@
 {
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
+    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
 
     flake-parts.url = "github:hercules-ci/flake-parts";
     nixos-generators.url = "github:nix-community/nixos-generators";
diff --git a/lxc/hosts/default.nix b/lxc/hosts/default.nix
index 9c850f3..39d3747 100644
--- a/lxc/hosts/default.nix
+++ b/lxc/hosts/default.nix
@@ -14,4 +14,9 @@ profiles: {
     profile = profiles.generic;
     modules = [];
   };
+  social = {
+    system = "x86_64-linux";
+    profile = profiles.generic;
+    modules = [];
+  };
 }
diff --git a/systems/hosts/social/default.nix b/lxc/hosts/social/default.nix
similarity index 94%
rename from systems/hosts/social/default.nix
rename to lxc/hosts/social/default.nix
index 961765a..104c51e 100644
--- a/systems/hosts/social/default.nix
+++ b/lxc/hosts/social/default.nix
@@ -8,6 +8,10 @@
   akkomaPort = 4000;
   conduitPort = 6167;
 in {
+  sops.secrets.rootPwd.neededForUsers = true;
+
+  roles.base.root.hashedPasswordFile = config.sops.secrets.rootPwd.path;
+
   networking.firewall.allowedTCPPorts = [akkomaPort conduitPort];
 
   services.postgresql = {
diff --git a/secrets/social/secrets.yaml b/secrets/social/secrets.yaml
index 3292d93..84a16bb 100644
--- a/secrets/social/secrets.yaml
+++ b/secrets/social/secrets.yaml
@@ -1,5 +1,4 @@
-rootPwd: ENC[AES256_GCM,data:p41kSprRdol5rfaQ83t2upxKLZL0JnZzpdxIZV7YyX5RPd0Ot8HKMe/FfHWIhO+1T49PTLYOGN3ptQ4S2bq+C+qhBK1B0UCJ86wioObwcPsDzcv3M7xu3T4NVO+921RFrwD0zo8AVFhO6w==,iv:1amFJJyDV8H8vEB49oJsxlXsDIUcHr9gAbbwoCNYsZg=,tag:PpwZdDBlQmTGaQNv5YnGig==,type:str]
-liljamoPwd: ENC[AES256_GCM,data:RXVqEBUxJV45CaKNMpAXbdh42uf5NQvWqlZennxW12+5Wo16kxtEdR7kZxyWmyQP4XJovf5iqVQoNMf7pq6b8kD9ZILo85nfMXgHpJN8sGB2otZ35Bih/gX+taSfQMi7/oYPtUgwtJVl3Q==,iv:GUzyIahXxn3gIHKJxnId42ibojaCGBhC+PVQIN4MrOc=,tag:TKEAyon/qPXzUc8JP4V/qg==,type:str]
+rootPwd: ENC[AES256_GCM,data:SKF/HvZAOVSAoxZJsDNHBLQQ62zvMs2c4iWVLOvLNeVgdnqgCNRnBKqzAHHErLnqzMlYtVNwBY+9vzNLeVzKOUDLYg0XKmk0FCARycQg2SdcsyzeBT58JH0BzbbZfyQnNEY44lJ68fcm9g==,iv:N9zUazBoJ7VZo1cw3Xe01oX/p/xHviHxiWUocAeezHM=,tag:ZQ/3I5F4jqG+Dua2sTp3nA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -15,8 +14,8 @@ sops:
             dVdhQldtS0F4L2RlazZwS2EwRkhzM0EKNbErU+f1mjgDIl34aCrQFIHpNneVLYHT
             MpilN6Pqlddi5iVSXwgcgV24oMFQgqsLDRVynk848YsLGj7JLLCyxg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-05T17:46:17Z"
-    mac: ENC[AES256_GCM,data:ku53/0KQIpnjCsZZaDDsEJhW72woyEQ72yft0gNgvbBKa2yTMuGJAtTMX0+H6K0TcD+ft2I9PLaruSrVzg3885j4bwCo5SaGDAD1Bwk6XAsPII7aHunofl2WJIby5YLw9xeRzzD3Am7jaY1fqrP/3XcVCOjjoic2PnF8w7XKlNk=,iv:CGbsgINu+d24mT1IaNq2uN7WFw4dgiXF8ifRG41LuzI=,tag:UijnxyMdvAXZk/dqkS3Jxg==,type:str]
+    lastmodified: "2024-11-13T15:53:35Z"
+    mac: ENC[AES256_GCM,data:540Kxydze5a8CsTwflaXwd7Qu8uWEhdv67R7Pynx0JDH3aBiI51fvUt0xfkO+T6qKd6oD9GumxWNupdVfimj0/rbesCGW6HAq+qzixoTAzCnztrAKe+D6MYYfBBeUXJ9+ZU85AnSkOuJhGH6HxQl18Vwr6BjuahAAKZcGeVGMyA=,iv:tvTQg8SVS8PL3keZqdeBY8cE/V/H/bJgq2hXH3M1tgg=,tag:ez9fxR7uC7pXRHEYwFl3Ug==,type:str]
     pgp:
         - created_at: "2024-09-05T17:45:06Z"
           enc: |-
diff --git a/systems/hosts/default.nix b/systems/hosts/default.nix
index 571c2f9..b0af418 100644
--- a/systems/hosts/default.nix
+++ b/systems/hosts/default.nix
@@ -32,9 +32,4 @@
     profile = lxc;
     modules = [];
   };
-  social = {
-    system = "x86_64-linux";
-    profile = lxc;
-    modules = [];
-  };
 }
-- 
2.44.1