Compare commits
2 commits
58e12507d2
...
8fe2f766d6
Author | SHA1 | Date | |
---|---|---|---|
8fe2f766d6 | |||
e52897cd14 |
11
README.rst
11
README.rst
|
@ -8,3 +8,14 @@ https://reciproka.dev/reciproka/reciproka-ops
|
||||||
|
|
||||||
.. _Colmena: https://colmena.cli.rs/
|
.. _Colmena: https://colmena.cli.rs/
|
||||||
.. _Reciproka Kolektivo: https://reciproka.co/
|
.. _Reciproka Kolektivo: https://reciproka.co/
|
||||||
|
|
||||||
|
.. toctree::
|
||||||
|
|
||||||
|
Building for aarch64 Targets
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
If you don't have your own ``aarch64`` build server, you can apply to use the
|
||||||
|
`aarch64 build box`_ provided by the `Nix Community`_.
|
||||||
|
|
||||||
|
.. _aarch64 build box: https://github.com/NixOS/aarch64-build-box
|
||||||
|
.. _Nix Community: https://github.com/nix-community
|
||||||
|
|
80
hardware/pi3B.nix
Normal file
80
hardware/pi3B.nix
Normal file
|
@ -0,0 +1,80 @@
|
||||||
|
# Configuration common to all Raspberry Pi 3 Model B devices
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
boot = {
|
||||||
|
initrd = {
|
||||||
|
availableKernelModules = [
|
||||||
|
"bcm2835_dma" # Allows early (earlier) mode setting
|
||||||
|
"i2c_bcm2835" # Allows early (earlier) mode setting
|
||||||
|
"usbhid"
|
||||||
|
"usb_storage"
|
||||||
|
"vc4" # Allows early (earlier) mode setting
|
||||||
|
];
|
||||||
|
};
|
||||||
|
kernelPackages = pkgs.linuxPackages_5_15; # For a Raspberry Pi 2 or 3)
|
||||||
|
kernelParams = [
|
||||||
|
"cma=32M" # Needed for the virtual console to work on the RPi 3
|
||||||
|
"console=ttyS0,115200n8" # Enable the serial console
|
||||||
|
"console=tty0"
|
||||||
|
];
|
||||||
|
loader = {
|
||||||
|
generic-extlinux-compatible = {
|
||||||
|
enable = true; # Enables the generation of /boot/extlinux/extlinux.conf
|
||||||
|
};
|
||||||
|
grub = {
|
||||||
|
enable = false; # NixOS wants to enable GRUB by default.
|
||||||
|
};
|
||||||
|
raspberryPi = {
|
||||||
|
enable = false;
|
||||||
|
version = 3;
|
||||||
|
uboot.enable = true;
|
||||||
|
firmwareConfig = ''
|
||||||
|
arm_64bit=1 # Force kernel loading system to assume a 64-bit kernel
|
||||||
|
hdmi_force_hotplug=1 # Enable headless booting
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# File systems configuration for using the installer's partition layout
|
||||||
|
fileSystems = {
|
||||||
|
"/" = {
|
||||||
|
device = "/dev/disk/by-label/NIXOS_SD";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
"/boot/firmware" = {
|
||||||
|
device = "/dev/disk/by-label/FIRMWARE";
|
||||||
|
fsType = "vfat";
|
||||||
|
# Alternatively, this could be removed from the configuration.
|
||||||
|
# The filesystem is not needed at runtime, it could be treated
|
||||||
|
# as an opaque blob instead of a discrete FAT32 filesystem.
|
||||||
|
options = ["nofail" "noauto"];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# !!! Adding a swap file is optional, but strongly recommended!
|
||||||
|
swapDevices = [
|
||||||
|
{
|
||||||
|
device = "/swapfile";
|
||||||
|
size = 1024;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
hardware = {
|
||||||
|
enableRedistributableFirmware = true; # Enable support for Pi firmware blobs
|
||||||
|
};
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
enableB43Firmware = true; # If true, enable Pi wireless firmware
|
||||||
|
};
|
||||||
|
|
||||||
|
nixpkgs.config.allowUnfree = true; # required by B34Firmare above
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
libraspberrypi # Userland tools for the Raspberry Pi board
|
||||||
|
];
|
||||||
|
}
|
86
hardware/raspberry_pi_3_model_B.nix
Normal file
86
hardware/raspberry_pi_3_model_B.nix
Normal file
|
@ -0,0 +1,86 @@
|
||||||
|
# Configuration common to all Raspberry Pi 3 Model B devices
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
boot = {
|
||||||
|
initrd = {
|
||||||
|
availableKernelModules = [
|
||||||
|
"bcm2835_dma" # Allows early (earlier) mode setting
|
||||||
|
"i2c_bcm2835" # Allows early (earlier) mode setting
|
||||||
|
"usbhid"
|
||||||
|
"usb_storage"
|
||||||
|
"vc4" # Allows early (earlier) mode setting
|
||||||
|
];
|
||||||
|
};
|
||||||
|
kernelPackages = pkgs.linuxPackages_5_15; # For a Raspberry Pi 2 or 3)
|
||||||
|
kernelParams = [
|
||||||
|
"cma=320M" # Needed for the virtual console to work on the RPi 3
|
||||||
|
"console=ttyS0,115200n8" # Enable the serial console
|
||||||
|
"console=tty0"
|
||||||
|
];
|
||||||
|
loader = {
|
||||||
|
generic-extlinux-compatible = {
|
||||||
|
enable = true; # Enables the generation of /boot/extlinux/extlinux.conf
|
||||||
|
};
|
||||||
|
grub = {
|
||||||
|
enable = false; # NixOS wants to enable GRUB by default.
|
||||||
|
};
|
||||||
|
raspberryPi = {
|
||||||
|
enable = false;
|
||||||
|
version = 3;
|
||||||
|
uboot.enable = true;
|
||||||
|
firmwareConfig = ''
|
||||||
|
arm_64bit=1 # Force kernel loading system to assume a 64-bit kernel
|
||||||
|
display_auto_detect=1 # Enable auto detection of screen resolution
|
||||||
|
gpu_mem=128
|
||||||
|
hdmi_force_hotplug=1 # Enable headless booting
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# File systems configuration for using the installer's partition layout
|
||||||
|
fileSystems = {
|
||||||
|
"/" = {
|
||||||
|
device = "/dev/disk/by-label/NIXOS_SD";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
"/boot/firmware" = {
|
||||||
|
device = "/dev/disk/by-label/FIRMWARE";
|
||||||
|
fsType = "vfat";
|
||||||
|
# Alternatively, this could be removed from the configuration.
|
||||||
|
# The filesystem is not needed at runtime, it could be treated
|
||||||
|
# as an opaque blob instead of a discrete FAT32 filesystem.
|
||||||
|
options = ["nofail" "noauto"];
|
||||||
|
};
|
||||||
|
#"/var" = {
|
||||||
|
# device = "/dev/disk/by-label/var";
|
||||||
|
# fsType = "ext4";
|
||||||
|
#};
|
||||||
|
};
|
||||||
|
|
||||||
|
# !!! Adding a swap file is optional, but strongly recommended!
|
||||||
|
swapDevices = [
|
||||||
|
{
|
||||||
|
device = "/swapfile";
|
||||||
|
size = 1024;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
hardware = {
|
||||||
|
enableRedistributableFirmware = true; # Enable support for Pi firmware blobs
|
||||||
|
};
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
enableB43Firmware = true; # If true, enable Pi wireless firmware
|
||||||
|
};
|
||||||
|
|
||||||
|
nixpkgs.config.allowUnfree = true; # required by B34Firmare above
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
libraspberrypi # Userland tools for the Raspberry Pi board
|
||||||
|
];
|
||||||
|
}
|
14
modules/piCommon/default.nix
Normal file
14
modules/piCommon/default.nix
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
# Configuration common to all my servers
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
environment = {
|
||||||
|
# Set the system-wide environment
|
||||||
|
systemPackages = with pkgs; [
|
||||||
|
usbutils # Tools for working with USB devices, such as lsusb
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
26
networks/pi3B_rack.nix
Normal file
26
networks/pi3B_rack.nix
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
# NixOps configuration for the Raspberry Pi 3B Rack
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||||
|
../hardware/raspberry_pi_3_model_B.nix
|
||||||
|
../profiles/host_common.nix
|
||||||
|
../profiles/server_common.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# Ensure the right package architecture is used
|
||||||
|
nixpkgs.localSystem = {
|
||||||
|
system = "aarch64-linux";
|
||||||
|
config = "aarch64-unknown-linux-gnu";
|
||||||
|
allowUnfree = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.network.networks.eth0.ipv6SendRAConfig = {
|
||||||
|
EmitDNS = true;
|
||||||
|
Managed = true;
|
||||||
|
OtherInformation = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
documentation = {
|
||||||
|
nixos.enable = false; # Save some space by disabling the manual
|
||||||
|
};
|
||||||
|
}
|
25
nixos/hosts/flemming/default.nix
Normal file
25
nixos/hosts/flemming/default.nix
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
# NixOS configuration for flemming
|
||||||
|
#
|
||||||
|
# Andy Flemming, AKA Slackbastard is the psuedonym of an Australian anarchist
|
||||||
|
# who hosts Yeah Nah Pasaran on radio 3CR and documents fascism and its
|
||||||
|
# grave diggers in Australia
|
||||||
|
#
|
||||||
|
# https://en.wikipedia.org/wiki/Andy_Fleming_(activist)
|
||||||
|
# https://slackbastard.anarchobase.com/
|
||||||
|
# https://www.3cr.org.au/yeahnahpasaran
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
imports = [
|
||||||
|
../../../networks/pi3B_rack.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# Comment out deployment when building the SD Image.
|
||||||
|
deployment.targetHost = "10.42.0.202";
|
||||||
|
networking.hostName = "flemming"; # Define your hostname.
|
||||||
|
|
||||||
|
system.stateVersion = "23.11"; # The version of NixOS originally installed
|
||||||
|
}
|
|
@ -32,6 +32,12 @@ in {
|
||||||
overlays = [];
|
overlays = [];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
flemming = {
|
||||||
|
imports = [
|
||||||
|
./nixos/hosts/flemming
|
||||||
|
ragenix.nixosModules.default
|
||||||
|
];
|
||||||
|
};
|
||||||
toscano = {
|
toscano = {
|
||||||
imports = [
|
imports = [
|
||||||
./nixos/hosts/toscano/configuration.nix
|
./nixos/hosts/toscano/configuration.nix
|
||||||
|
|
|
@ -27,7 +27,7 @@
|
||||||
# Set the defaul console properties
|
# Set the defaul console properties
|
||||||
console = {
|
console = {
|
||||||
keyMap = "us"; # Set the default console key map
|
keyMap = "us"; # Set the default console key map
|
||||||
font = "ter-powerline-v16Rv"; # Set the default console font
|
font = "ter-powerline-v32n"; # Set the default console font
|
||||||
};
|
};
|
||||||
|
|
||||||
time.timeZone = "Etc/UTC";
|
time.timeZone = "Etc/UTC";
|
||||||
|
|
|
@ -1,14 +1,16 @@
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyBabmpl
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyBXZGxN
|
||||||
K3V2ZWV4c2pXcmtHYlhPaWVTd0Z2UnUrRTU0UHJxSlNGVGxrMEFZCjdsNW1IQTZY
|
eVRsL3QyT1BPc1dOWmt4Z213czlHV1gwV0JldkRQREZ1YkZtRjNnCm9yMlpSV1dK
|
||||||
VWR5MG9YbjlHVGk1OEFEbGthNXVsbkpHbnlyN0lOU3dxOWsKLT4gc3NoLWVkMjU1
|
R2szbEtnQ2tUOXJzWGMyUk9BQldkbjVCa1RwejJ6U01JdGsKLT4gc3NoLWVkMjU1
|
||||||
MTkgZjVUaEFnIDIwdjFwUmc5dEhGdTd3WFdLMlJzN2NqQ1R1YWV2RXBwbTE5OU0x
|
MTkgUWQwZXBRIFJ0TmhHZHVqam1wWkFRbUFHSWFEYk9CbzVmWnYwUWtjZ3hsQ3Z5
|
||||||
Y3hHMDAKcFhOYjdDcncwTnplamd3UTlaWVFiMXBHTlpuNFVSa01iaER4amlhdHdR
|
Y1JYRDgKajR1a3Nnay9SeFlId2ZDTDd6VVNlZXRpY0h3cTh0R3ExUWRRcGovbVl3
|
||||||
MAotPiBRLWdyZWFzZSBjCkRMREtPUVdTeER4WWhjcjJOWSsvUkxtK2JTUnRhblB4
|
cwotPiBzc2gtZWQyNTUxOSBmNVRoQWcgN3BhVlk2Q0Z4RksvL1dLUmhCZFd1VUNs
|
||||||
KzFxMW5BVGp5U2hmdGtOZ1FDbFkrdUpNR1JuKzRLTWUKVTZCZk5nRTRUcnUzWURp
|
ZmtqREtpMDAzWkRyMGZML016cwpKKzloVUxLWWcxcjZOQ2czaSt1b1hqTkFrSUc2
|
||||||
MVplUGhTQjBrQU1UNwotLS0gSm52ejc3TXRBdlYrS0pRamQzeHo4N0pvcktHMDEv
|
bUJUV2crYUl3TVhQUzBzCi0+IDxSI243aidNLWdyZWFzZSBPIVk1J2QKa3RGampV
|
||||||
RzdXakJMVlZrYzNtMAp8HicX1xAaiwdoitp+OGbp3imWarnmMynCZxHsdPGmDIYG
|
dlBKMitIV0ltUGhDNFcwK0c5dGFOSHJaRjlRZUppNXJPbmFFZnkwZkZKOHBmMk9P
|
||||||
CEYqJ9JJVXAtzUL7kIE7uQOSZvgp4MvWahk5a0ITQkJDLbXef1mxhavGI6SYkhKP
|
ZmV2L1NZbzF5Kwo3Vlk5Ci0tLSA3MkZtc2V5QXRBLzg3eTNGZkRTZVo4K1hQbkR5
|
||||||
4fYc4GN7xAcxTRvb/oBP67lhc8Pt1W+h6BLphYMYbMM7XT/zHAVCUBrCCKTW2Swc
|
cDUwakRsMjBXWms1U0YwCuls+HqLpYE1XR6thkvMuUi/HALGGLyrzLhgDQp/2fDd
|
||||||
NgJYUgwf7rI+hg/AKeXDXWYyidcYMrvb+L7jiIwZ6Q==
|
qf27fBHxGH+LUVE/AtkcEuYvqRGOV92MFHP42wARbzTHPoT+JEtbJH9pghCRHE8l
|
||||||
|
Zi52BJ+9Erk+AGvDyS02ziP5bstBs2uWt9y143tjuZAPLEcKAeWaPmUzxpj+zd4w
|
||||||
|
3/5keHREdbw9xhJiXYYz55K26V/vyqHm9fz5tP32GhN0
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
|
|
@ -1,11 +1,12 @@
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyBzblFC
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyB1VGRL
|
||||||
eUZrZEw3R24weVJ2TUw3QWZ6WDNYS1NDZVpGTktnakk4M2FnVEhFCjUxK1BucVBu
|
OHRURUVFSjhzMmRmQWI1MnNrMUJDNlVEeHYrTTNQN0syV0xNSHlFCnBLSFNIMUpw
|
||||||
Vm52cXhyK1RyRFdTd2w1WU9NWDUranZTRkhzOHIwbXVHTlkKLT4gc3NoLWVkMjU1
|
akZZenB4WWNwRWZ1WHh3ZmZURkZDUmR3WVFHMC9QZXZSZTQKLT4gc3NoLWVkMjU1
|
||||||
MTkgZjVUaEFnIERNWExUWk95Wk1udHYxWm1vKzAwR29kUC9JeUJoMVI3MUx3UmFG
|
MTkgZjVUaEFnIDIvUmk5NTZ2N29zRTE4MG9NRjk2VEtZbHdMZ3U4bHpVMnFCbHgr
|
||||||
aDFCakkKSitsbEtsVzQ5eDAzZ0VUOXIrUkNsSkFFRXJGbEUyVTZNKzcwcTBhWnYy
|
NXlXMUkKcmtkVE4rRnRyWGRDd1RVK2djVlkxRnArQWJSOTJRTEIySjRKZUtvYWtB
|
||||||
RQotPiBsbS1ncmVhc2UgLTwpJyAxTmtRMgp5OVpBSDh2azhrYjI1cmNjVmdKdlh0
|
dwotPiBhdi1ncmVhc2UgeFlgICp7MXZ4ClBBVUUzQTVKMDFZMVFUdlRvUE9GaXFv
|
||||||
d2ZJZwotLS0gSGRZZ2k2ZDhqc3E1clBkOVZ4K3FjZUtGUG1XZ1ozVDRpZkd3ZkhG
|
clBVUlcvTDhmMVpCWHdjenJpTlIrNlJ6MDJZZTFEWE5QN3Y1dUFFZDMKYWdRaWor
|
||||||
d3ZuYwocfVjJedKaGHSUGZE2tTu5W47y68PW51+NdYxQOT65fyZD9/Vxi+7HiFqM
|
Nk1lSzZoZFlGSG1WVTVxTVRJdjlmNFdGK3k2RnMKLS0tIE5Dcmh2THcvWmNCbXVS
|
||||||
0xrmCMh3IsOvPa60vuY=
|
V3lIbHB6UVlnUm10TjhRMURvbEFVdVhURVM0UGcKQ9Mo+lNHm5eeutxfecchV7Yb
|
||||||
|
593Y2GZGoxQTzIWXoWZkzPkeDxLOpUk+OTkgnNclDJ9xPXyanTSS
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
|
|
@ -1,15 +1,15 @@
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyBoaDBJ
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFAvWjlQZyBaeFBB
|
||||||
M2E4THRwVmtpWTMwMGpKZ2owdC9aci9zMVZGSzdRYk1Xb2VoUmxzCjVveDgzUUc5
|
cWc4V2pHNU40Q0xMRXgxRVdFZWRRZTh5NDhPNlhDZEd3Tk4zc0c4CmJrSTFoanBw
|
||||||
SG1OUEVPb0pFTm5VdG93a2lBbVF3OXh1eGNsL1dZWGY1T3MKLT4gc3NoLWVkMjU1
|
dG9pYmJIVCs2TzkxazJjV1ptRzlSZkRmU2NGT0dtWkZHR0kKLT4gc3NoLWVkMjU1
|
||||||
MTkgZjVUaEFnIDhFWHNoaFFkeVJ3NXBKc3oxVXdzeWtEc1NqSjAvRDZMWG9XSFVR
|
MTkgUWQwZXBRIFdBWmljU0F0U3UrWXEyZnl2MGY5VThxVmE1QkwyMmswRVRFRGFl
|
||||||
UnVzMlEKMEJVOU45OUhVd0FEWTIrLzV2WnN6VmVJWjRHM0xRUk5YdFdNS0J1YVBD
|
YnpYMDQKekZQOTFQeStBUTNTSW1ibUdHM05YSDBxUFY4dGVhTkpHejUwTklCTUpM
|
||||||
NAotPiB4WyMtZ3JlYXNlIFBBaTM8IDsgSDIgTChDaFRtcUcKSUlkVHFnRDA5cWIy
|
YwotPiBzc2gtZWQyNTUxOSBmNVRoQWcgSzAzMGFvVERReU1nRVhvdHdVK0FzajJj
|
||||||
Mjk4THJPREpRTW5FZ2RVR3lhTWFTOXhPaHdldVRBYWd2WE1Pc0IzbFZFQ0Q2RTAz
|
VFZ3aXY1aWl1UW5ReDl4VHBrMApJYm9iRlVQUGNPWlpxcy9MTExhcnZrT0J6UDE0
|
||||||
Q2MySgpYUUNDNE9GM2JrUVpWbE1kenFLVGtDaFFGZjFvTFhYbWY0ZlI0MTlLVXFW
|
WUtTTUduOFlPNVFZTUs0Ci0+IHhxKC1ncmVhc2UgWl9vNyA7NilCVVshWSBEcEgv
|
||||||
d2d5dUdtL2hoSXcKLS0tIHZZMWk2amdIZHpCVzNtSUFvTyt0V3IyVm9NWWVyc3lG
|
RGBpIGgmWAoxVjVrRHVndzI4MmJhN3EwQVEKLS0tIFJabHFPdmtseWhyaTBjV1o0
|
||||||
WDZpYmNtUkkzTDAKUHVWJeK+gcL0T5tHLBFQQP0EKHtO3Y2MFfNti/dtUhMoOnl0
|
Zm1LVEJZY0F0NFJuZUk0anhGdTRkVlFOMmcKRtPfpCjUf05Jnow5FU3OvZc3FLGm
|
||||||
cKi+siTFVAR6hasO8eM+NYgDg0mCt5ThQfAQyr0c2VoPyNu1ITJKwZZndk52y6nv
|
R462mLJoaBg4qhPr7+kxYRrGy2T0yoZLdglOJV4rHwvYWpNglY1o2Jo+I/mG1yAd
|
||||||
g95L4myoHPlJOKEb2pzSyDYKQZw4kUB4JKC5i7zy7a0TsMzVXUjZRDuOvWxcvXw8
|
F+afAb9mQVYreWyQuj7t71Vm1VUdQrsG85lFxdbLbS7ZzITCOrjejgoj6wMPwAgl
|
||||||
QbjtYbRJUZ+pFN445/awGVcZyMIE6KhrazU+WSU=
|
iPHgOccOAPoiDQTSOdGEm3H4k8we/HSfpW7cPowwExtQCK7PSs30XeJsg4o=
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
|
|
@ -1,12 +1,18 @@
|
||||||
# Used by ragenix nix only.
|
# Used by ragenix nix only.
|
||||||
# Ensure that $RULES has been set via direnv
|
# Ensure that $RULES has been set via direnv
|
||||||
|
# Edit a key: `agenix -i ~/.ssh/id_ed25519 -e secrets/someKey.age`
|
||||||
|
# run `ragenix -r -i /path/to/your/key` after modifying any keys below
|
||||||
|
#
|
||||||
|
# Re-keying is required after adding new hosts or keys:
|
||||||
|
# run `ragenix -r -i /path/to/your/key`
|
||||||
let
|
let
|
||||||
fiscalvelvetpoet = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJDMAhG6+40YiYy9wqruHK9M2fLwYAqikJSJ/pRjR/so";
|
fiscalvelvetpoet = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJDMAhG6+40YiYy9wqruHK9M2fLwYAqikJSJ/pRjR/so";
|
||||||
ops = [fiscalvelvetpoet];
|
ops = [fiscalvelvetpoet];
|
||||||
users = [fiscalvelvetpoet];
|
users = [fiscalvelvetpoet];
|
||||||
|
|
||||||
|
flemming = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK16f3Fjj0BY9vjtXahezMAP3I329hHEQXCceRTkr+Yu";
|
||||||
toscano = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGWcukRkNUQUbgXQle8q9xszDZOnDf3BVpPSFgycJVVE";
|
toscano = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGWcukRkNUQUbgXQle8q9xszDZOnDf3BVpPSFgycJVVE";
|
||||||
systems = [toscano];
|
systems = [flemming toscano];
|
||||||
in {
|
in {
|
||||||
"root.age".publicKeys = ops ++ systems;
|
"root.age".publicKeys = ops ++ systems;
|
||||||
"fiscalvelvetpoet.age".publicKeys = [fiscalvelvetpoet] ++ systems;
|
"fiscalvelvetpoet.age".publicKeys = [fiscalvelvetpoet] ++ systems;
|
||||||
|
|
Loading…
Reference in a new issue