From bf3f7ad56d6f5e6876c4af187f82987bbf356af3 Mon Sep 17 00:00:00 2001
From: Jonni Liljamo <jonni@liljamo.com>
Date: Wed, 13 Nov 2024 18:19:29 +0200
Subject: [PATCH] feat: move oci

---
 hosts/oci/default.nix                  | 17 -----------------
 lxc/hosts/default.nix                  |  5 +++++
 {systems => lxc}/hosts/oci/default.nix |  5 ++++-
 {systems => lxc}/hosts/oci/umami.nix   |  0
 secrets/oci/secrets.yaml               |  7 +++----
 systems/hosts/default.nix              |  5 -----
 6 files changed, 12 insertions(+), 27 deletions(-)
 delete mode 100644 hosts/oci/default.nix
 rename {systems => lxc}/hosts/oci/default.nix (85%)
 rename {systems => lxc}/hosts/oci/umami.nix (100%)

diff --git a/hosts/oci/default.nix b/hosts/oci/default.nix
deleted file mode 100644
index d840393..0000000
--- a/hosts/oci/default.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{config, ...}: {
-  sops.secrets.rootPwd.neededForUsers = true;
-  sops.secrets.liljamoPwd.neededForUsers = true;
-
-  roles.base = {
-    root.hashedPasswordFile = config.sops.secrets.rootPwd.path;
-    primaryUser = {
-      username = "liljamo";
-      hashedPasswordFile = config.sops.secrets.liljamoPwd.path;
-    };
-  };
-
-  roles.tailscale = {
-    enable = true;
-    enableSSH = true;
-  };
-}
diff --git a/lxc/hosts/default.nix b/lxc/hosts/default.nix
index 1973da7..c40539e 100644
--- a/lxc/hosts/default.nix
+++ b/lxc/hosts/default.nix
@@ -19,6 +19,11 @@ profiles: {
     profile = profiles.generic;
     modules = [];
   };
+  oci = {
+    system = "x86_64-linux";
+    profile = profiles.generic;
+    modules = [];
+  };
   social = {
     system = "x86_64-linux";
     profile = profiles.generic;
diff --git a/systems/hosts/oci/default.nix b/lxc/hosts/oci/default.nix
similarity index 85%
rename from systems/hosts/oci/default.nix
rename to lxc/hosts/oci/default.nix
index 5d29a3a..1ed9c7c 100644
--- a/systems/hosts/oci/default.nix
+++ b/lxc/hosts/oci/default.nix
@@ -1,10 +1,13 @@
-{...}: let
+{config, ...}: let
   registryPort = 5000;
   registryUIPort = 5080;
 in {
   imports = [
     ./umami.nix
   ];
+  sops.secrets.rootPwd.neededForUsers = true;
+
+  roles.base.root.hashedPasswordFile = config.sops.secrets.rootPwd.path;
 
   networking.firewall.allowedTCPPorts = [
     registryPort
diff --git a/systems/hosts/oci/umami.nix b/lxc/hosts/oci/umami.nix
similarity index 100%
rename from systems/hosts/oci/umami.nix
rename to lxc/hosts/oci/umami.nix
diff --git a/secrets/oci/secrets.yaml b/secrets/oci/secrets.yaml
index 641e062..b4489e3 100644
--- a/secrets/oci/secrets.yaml
+++ b/secrets/oci/secrets.yaml
@@ -1,5 +1,4 @@
-rootPwd: ENC[AES256_GCM,data:d0W9M0bRTFX6P0V9TlcZf/Kai7RuZfci/+WcGBWcxCshWcMBYOEfe+9wWhswLc5VpeNTg4Eu09+4+aBGuuG1g4shfa236qbeQ4tic6rX6rm2TpQPINSfvXTBXqPURQoNETgxeLwH/be14A==,iv:EQb9+1tNntiVorT+ORovi8nqsqd0rnncFeWSuZ+OT3s=,tag:GW0qbDfFwzErObCF/I7rVg==,type:str]
-liljamoPwd: ENC[AES256_GCM,data:sE+aU3MFnxduKolCW4FpqeT/8ltzLPqXW7exYEOCpj4s9p8n9S9O8hqSNN+Hr1oktUb5Hfhr8AaKLHTDyMiemSF252HDP+8AAzXAx5PT4k6epd69n8rab27LyhG3E7WdIC9yzW8XuRcnZg==,iv:fsTRs3H6Lyb7QemlUdGxOMdAUED+JBJCYP0CkiCR8WE=,tag:cBtmGh8SxkhNRvOePY9v1w==,type:str]
+rootPwd: ENC[AES256_GCM,data:MDvWi2l+NBK9LVIwCgj2DrsUMdpdzJICWdXYNSabmeZcutvQInoBnUougmuZH9wVXcCZCTnAxIC9eiv4wRZD0LlG+fFSUfAfzJ2jKtbRcMaA9h7UbBvjSQRCCJAHq1HrAbp1o61+mOYX/Q==,iv:SitymkTLGiw0SrXv97DhgY8JdYKrm6fa8xGydbEd0Pc=,tag:nU0Zqkfm9RbC9pFH4zGbJw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -15,8 +14,8 @@ sops:
             NWhxT1JJS1hPb1c4VXVYNFZiUzl1TWsKV6xNCNiZu+rwCGOYWf6Mf51Oy6+702mz
             OHctTk7f+OhQhkq5oAUEkeRLhmzrb6dx1KVCeA/V+nzksHjSwz3LLw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-26T16:04:32Z"
-    mac: ENC[AES256_GCM,data:Ds9tpSa8qlzM93Dabqk+xIPMwTFDCwiHXctS9zIMHXWBDMrX4/rV/bTsDNkuQf8ccG/O5/3rDEFveiQMy/6GbboSXethUonaeRA3pJfa/onFzoUL4MQ+P2MGbPciiHnyf5cmtkRZ4tIRYoae1Ztjyj+506Uf4UpwSzq/oV1ev28=,iv:PiTuaah537odXM2jnKzisInMlvX+AtxVd5Xm1OhThdA=,tag:CXY6JaG67NmFB0OiOsFlqw==,type:str]
+    lastmodified: "2024-11-13T16:15:13Z"
+    mac: ENC[AES256_GCM,data:KlM/qF3TcDhIt3rHeGHb/rUBbKwFmdR4KIm63dE02btqvzfMjOtoOuqBJ40yvb+G7g8a93UqQJflEJJCJAZMNQJThLW/dq6A4Pl1ZznKmf4kjVroMtjWzHQ/ydQp8PFn9rrJijHgTEyhQhc5rqJ23O/011fJu+sEkhuwSvPrkBk=,iv:KtS/SXHQxz5Ain881nxJr5qylhXUJTrCUtrWHog4Hd8=,tag:lG3JohaOeRXfQz0jolZ7+g==,type:str]
     pgp:
         - created_at: "2024-09-26T16:03:05Z"
           enc: |-
diff --git a/systems/hosts/default.nix b/systems/hosts/default.nix
index 8dfc736..2d97e65 100644
--- a/systems/hosts/default.nix
+++ b/systems/hosts/default.nix
@@ -17,11 +17,6 @@
   };
 
   # LXCs
-  oci = {
-    system = "x86_64-linux";
-    profile = lxc;
-    modules = [];
-  };
   proxy = {
     system = "x86_64-linux";
     profile = lxc;
-- 
2.44.1