rename 'uninsane' machine -> 'servo'
This commit is contained in:
parent
39049c8a9c
commit
2b8ff8d5ae
14
.sops.yaml
14
.sops.yaml
|
@ -1,11 +1,11 @@
|
|||
keys:
|
||||
- &user_desko_colin age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x
|
||||
- &user_lappy_colin age1ml8kkppftygu2wag57yld98jlrkh4avp54eheq7q0fa2rup843csqjajs6
|
||||
- &user_uninsane_colin age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu
|
||||
- &user_servo_colin age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu
|
||||
- &user_moby_colin age1lt739n2tq7dmpglvntjr9j2r7426md7rat7x9w930gagtx4jyvnqwts2al
|
||||
- &host_desko age1vnw7lnfpdpjn62l3u5nyv5xt2c965k96p98kc43mcnyzpetrts9q54mc9v
|
||||
- &host_lappy age1w7mectcjku6x3sd8plm8wkn2qfrhv9n6zhzlf329e2r2uycgke8qkf9dyn
|
||||
- &host_uninsane age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf
|
||||
- &host_servo age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf
|
||||
- &host_moby age1t957gf0z865gya0khgc9x59wy76hzps3sgejjqtwcngn2xl273msxsmpe6
|
||||
creation_rules:
|
||||
- path_regex: secrets/universal.yaml$
|
||||
|
@ -13,18 +13,18 @@ creation_rules:
|
|||
- age:
|
||||
- *user_desko_colin
|
||||
- *user_lappy_colin
|
||||
- *user_uninsane_colin
|
||||
- *user_servo_colin
|
||||
- *user_moby_colin
|
||||
- *host_desko
|
||||
- *host_lappy
|
||||
- *host_uninsane
|
||||
- *host_servo
|
||||
- *host_moby
|
||||
- path_regex: secrets/uninsane.yaml$
|
||||
- path_regex: secrets/servo.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *user_desko_colin
|
||||
- *user_uninsane_colin
|
||||
- *host_uninsane
|
||||
- *user_servo_colin
|
||||
- *host_servo
|
||||
- path_regex: secrets/desko.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
};
|
||||
|
||||
outputs = { self, nixpkgs, mobile-nixos, home-manager, nurpkgs, sops-nix }: {
|
||||
machines.uninsane = self.decl-bootable-machine { name = "uninsane"; system = "aarch64-linux"; };
|
||||
machines.servo = self.decl-bootable-machine { name = "servo"; system = "aarch64-linux"; };
|
||||
machines.desko = self.decl-bootable-machine { name = "desko"; system = "x86_64-linux"; };
|
||||
machines.lappy = self.decl-bootable-machine { name = "lappy"; system = "x86_64-linux"; };
|
||||
|
||||
|
|
|
@ -25,7 +25,7 @@
|
|||
colinsane.services.duplicity.enable = true;
|
||||
|
||||
sops.secrets.duplicity_passphrase = {
|
||||
sopsFile = ../../secrets/uninsane.yaml;
|
||||
sopsFile = ../../secrets/servo.yaml;
|
||||
};
|
||||
|
||||
# This value determines the NixOS release from which the default
|
|
@ -88,7 +88,7 @@
|
|||
};
|
||||
|
||||
sops.secrets."wg_ovpns_privkey" = {
|
||||
sopsFile = ../../secrets/uninsane.yaml;
|
||||
sopsFile = ../../secrets/servo.yaml;
|
||||
};
|
||||
|
||||
# HURRICANE ELECTRIC CONFIG:
|
|
@ -24,6 +24,6 @@
|
|||
};
|
||||
|
||||
sops.secrets."ddns_he" = {
|
||||
sopsFile = ../../../secrets/uninsane.yaml;
|
||||
sopsFile = ../../../secrets/servo.yaml;
|
||||
};
|
||||
}
|
|
@ -157,7 +157,7 @@
|
|||
};
|
||||
|
||||
sops.secrets.matrix_synapse_secrets = {
|
||||
sopsFile = ../../../secrets/uninsane.yaml;
|
||||
sopsFile = ../../../secrets/servo.yaml;
|
||||
owner = config.users.users.matrix-synapse.name;
|
||||
};
|
||||
}
|
|
@ -10,6 +10,6 @@
|
|||
};
|
||||
|
||||
sops.secrets.nix_serve_privkey = {
|
||||
sopsFile = ../../../secrets/uninsane.yaml;
|
||||
sopsFile = ../../../secrets/servo.yaml;
|
||||
};
|
||||
}
|
|
@ -125,7 +125,7 @@
|
|||
# };
|
||||
|
||||
sops.secrets.pleroma_secrets = {
|
||||
sopsFile = ../../../secrets/uninsane.yaml;
|
||||
sopsFile = ../../../secrets/servo.yaml;
|
||||
owner = config.users.users.pleroma.name;
|
||||
};
|
||||
}
|
|
@ -132,7 +132,7 @@ in
|
|||
];
|
||||
|
||||
sops.secrets.dovecot_passwd = {
|
||||
sopsFile = ../../../secrets/uninsane.yaml;
|
||||
sopsFile = ../../../secrets/servo.yaml;
|
||||
owner = config.users.users.dovecot2.name;
|
||||
# TODO: debug why mail can't be sent without this being world-readable
|
||||
mode = "0444";
|
|
@ -24,6 +24,7 @@ in
|
|||
};
|
||||
fileSystems."/mnt/media-uninsane-lan" = {
|
||||
# device = "sshfs#colin@uninsane.org:/opt/uninsane/media";
|
||||
# TODO: use mdns, and replace this with `servo` instead
|
||||
device = "colin@192.168.0.5:/opt/uninsane/media";
|
||||
inherit (uninsane) fsType options;
|
||||
};
|
||||
|
|
|
@ -29,10 +29,11 @@
|
|||
# XXX colin: create ssh key for THIS user by logging in and running:
|
||||
# ssh-keygen -t ed25519
|
||||
openssh.authorizedKeys.keys = [
|
||||
# TODO: is this key dead?
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGSDe/y0e9PSeUwYlMPjzhW0UhNsGAGsW3lCG3apxrD5 colin@colin.desktop"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG+MZ/l5d8g5hbxMB9ed1uyvhV85jwNrSVNVxb5ujQjw colin@lappy"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPU5GlsSfbaarMvDA20bxpSZGWviEzXGD8gtrIowc1pX colin@desko"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPS1qFzKurAdB9blkWomq8gI1g0T3sTs9LsmFOj5VtqX colin@uninsane"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPS1qFzKurAdB9blkWomq8gI1g0T3sTs9LsmFOj5VtqX colin@servo"
|
||||
# TODO: should probably only let this authenticate to my server
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGCLCA9KbjXaXNNMJJvqbPO5KQQ64JCdG8sg88AfdKzi colin@moby"
|
||||
];
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
to build:
|
||||
```sh
|
||||
nixos-rebuild --flake "/etc/nixos/#uninsane" {build,switch}
|
||||
nixos-rebuild --flake "/etc/nixos/#servo" {build,switch}
|
||||
```
|
||||
|
||||
query with:
|
||||
|
@ -18,7 +18,7 @@ see helpers/universal/secrets.nix for some tips.
|
|||
|
||||
to build a distributable image (GPT-formatted image with rootfs and /boot partition):
|
||||
```sh
|
||||
nix build .#imgs.lappy
|
||||
nix build ./#imgs.lappy
|
||||
```
|
||||
this can then be `dd`'d onto a disk and directly booted from a EFI system.
|
||||
there's some post-processing to do before running a rebuild on the deployed system (e.g. change fstab UUIDs)
|
||||
|
|
Loading…
Reference in New Issue