~liljamo/nix-arta: feat: move oci

6 files changed, 12 insertions(+), 27 deletions(-)

D hosts/oci/default.nix
M lxc/hosts/default.nix
R systems/hosts/oci/default.nix => lxc/hosts/oci/default.nix
R systems/hosts/oci/umami.nix => lxc/hosts/oci/umami.nix
M secrets/oci/secrets.yaml
M systems/hosts/default.nix

D hosts/oci/default.nix => hosts/oci/default.nix +0 -17

@@ 1,17 0,0 @@
-{config, ...}: {
-  sops.secrets.rootPwd.neededForUsers = true;
-  sops.secrets.liljamoPwd.neededForUsers = true;
-
-  roles.base = {
-    root.hashedPasswordFile = config.sops.secrets.rootPwd.path;
-    primaryUser = {
-      username = "liljamo";
-      hashedPasswordFile = config.sops.secrets.liljamoPwd.path;
-    };
-  };
-
-  roles.tailscale = {
-    enable = true;
-    enableSSH = true;
-  };
-}

M lxc/hosts/default.nix => lxc/hosts/default.nix +5 -0

@@ 19,6 19,11 @@ profiles: {
     profile = profiles.generic;
     modules = [];
   };
+  oci = {
+    system = "x86_64-linux";
+    profile = profiles.generic;
+    modules = [];
+  };
   social = {
     system = "x86_64-linux";
     profile = profiles.generic;

R systems/hosts/oci/default.nix => lxc/hosts/oci/default.nix +4 -1

@@ 1,10 1,13 @@
-{...}: let
+{config, ...}: let
   registryPort = 5000;
   registryUIPort = 5080;
 in {
   imports = [
     ./umami.nix
   ];
+  sops.secrets.rootPwd.neededForUsers = true;
+
+  roles.base.root.hashedPasswordFile = config.sops.secrets.rootPwd.path;
 
   networking.firewall.allowedTCPPorts = [
     registryPort

R systems/hosts/oci/umami.nix => lxc/hosts/oci/umami.nix +0 -0

M secrets/oci/secrets.yaml => secrets/oci/secrets.yaml +3 -4

@@ 1,5 1,4 @@
-rootPwd: ENC[AES256_GCM,data:d0W9M0bRTFX6P0V9TlcZf/Kai7RuZfci/+WcGBWcxCshWcMBYOEfe+9wWhswLc5VpeNTg4Eu09+4+aBGuuG1g4shfa236qbeQ4tic6rX6rm2TpQPINSfvXTBXqPURQoNETgxeLwH/be14A==,iv:EQb9+1tNntiVorT+ORovi8nqsqd0rnncFeWSuZ+OT3s=,tag:GW0qbDfFwzErObCF/I7rVg==,type:str]
-liljamoPwd: ENC[AES256_GCM,data:sE+aU3MFnxduKolCW4FpqeT/8ltzLPqXW7exYEOCpj4s9p8n9S9O8hqSNN+Hr1oktUb5Hfhr8AaKLHTDyMiemSF252HDP+8AAzXAx5PT4k6epd69n8rab27LyhG3E7WdIC9yzW8XuRcnZg==,iv:fsTRs3H6Lyb7QemlUdGxOMdAUED+JBJCYP0CkiCR8WE=,tag:cBtmGh8SxkhNRvOePY9v1w==,type:str]
+rootPwd: ENC[AES256_GCM,data:MDvWi2l+NBK9LVIwCgj2DrsUMdpdzJICWdXYNSabmeZcutvQInoBnUougmuZH9wVXcCZCTnAxIC9eiv4wRZD0LlG+fFSUfAfzJ2jKtbRcMaA9h7UbBvjSQRCCJAHq1HrAbp1o61+mOYX/Q==,iv:SitymkTLGiw0SrXv97DhgY8JdYKrm6fa8xGydbEd0Pc=,tag:nU0Zqkfm9RbC9pFH4zGbJw==,type:str]
 sops:
     kms: []
     gcp_kms: []


@@ 15,8 14,8 @@ sops:
             NWhxT1JJS1hPb1c4VXVYNFZiUzl1TWsKV6xNCNiZu+rwCGOYWf6Mf51Oy6+702mz
             OHctTk7f+OhQhkq5oAUEkeRLhmzrb6dx1KVCeA/V+nzksHjSwz3LLw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-26T16:04:32Z"
-    mac: ENC[AES256_GCM,data:Ds9tpSa8qlzM93Dabqk+xIPMwTFDCwiHXctS9zIMHXWBDMrX4/rV/bTsDNkuQf8ccG/O5/3rDEFveiQMy/6GbboSXethUonaeRA3pJfa/onFzoUL4MQ+P2MGbPciiHnyf5cmtkRZ4tIRYoae1Ztjyj+506Uf4UpwSzq/oV1ev28=,iv:PiTuaah537odXM2jnKzisInMlvX+AtxVd5Xm1OhThdA=,tag:CXY6JaG67NmFB0OiOsFlqw==,type:str]
+    lastmodified: "2024-11-13T16:15:13Z"
+    mac: ENC[AES256_GCM,data:KlM/qF3TcDhIt3rHeGHb/rUBbKwFmdR4KIm63dE02btqvzfMjOtoOuqBJ40yvb+G7g8a93UqQJflEJJCJAZMNQJThLW/dq6A4Pl1ZznKmf4kjVroMtjWzHQ/ydQp8PFn9rrJijHgTEyhQhc5rqJ23O/011fJu+sEkhuwSvPrkBk=,iv:KtS/SXHQxz5Ain881nxJr5qylhXUJTrCUtrWHog4Hd8=,tag:lG3JohaOeRXfQz0jolZ7+g==,type:str]
     pgp:
         - created_at: "2024-09-26T16:03:05Z"
           enc: |-

M systems/hosts/default.nix => systems/hosts/default.nix +0 -5

@@ 17,11 17,6 @@
   };
 
   # LXCs
-  oci = {
-    system = "x86_64-linux";
-    profile = lxc;
-    modules = [];
-  };
   proxy = {
     system = "x86_64-linux";
     profile = lxc;