pim/nixos-configs
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Deploy root's sops key by default

Browse source
This commit is contained in:
Pim Kunis 2024-12-01 17:15:01 +01:00
parent d5978e4d47
commit 0ce79b62eb
7 changed files with 4 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
machines/atlas/configuration.nix
View file

@ -3,16 +3,12 @@
facter.reportPath = ./facter.json;
system.stateVersion = "23.05";
users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
pim.k3s.serverAddr = "https://jefke.dmz:6443";
deployment = {
targetHost = "atlas";
targetUser = "root";
tags = ["server" "kubernetes"];
};
pim = {
sops-nix.usersWithSopsKeys = ["root"];
k3s.serverAddr = "https://jefke.dmz:6443";
};
};
}

2
machines/gamepc/configuration.nix
View file

@ -6,7 +6,7 @@
config = {
pim = {
cinnamon.enable = true;
sops-nix.usersWithSopsKeys = ["root" "pim"];
sops-nix.usersWithSopsKeys = ["pim"];
};
facter.reportPath = ./facter.json;

6
machines/jefke/configuration.nix
View file

@ -1,5 +1,6 @@
{config, ...}: {
config = {
pim.k3s.clusterInit = true;
facter.reportPath = ./facter.json;
system.stateVersion = "23.05";
users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
@ -9,10 +10,5 @@
targetUser = "root";
tags = ["server" "kubernetes"];
};
pim = {
sops-nix.usersWithSopsKeys = ["root"];
k3s.clusterInit = true;
};
};
}

1
machines/lewis/configuration.nix
View file

@ -16,7 +16,6 @@
};
pim = {
sops-nix.usersWithSopsKeys = ["root"];
# TODO: this should be dynamically set using Colmena tags
k3s.serverAddr = "https://jefke.dmz:6443";
data-sharing.enable = true;

1
machines/sue/configuration.nix
View file

@ -18,7 +18,6 @@
stylix.enable = true;
wireguard.enable = true;
compliance.enable = true;
sops-nix.usersWithSopsKeys = ["pim"];
};

1
machines/warwick/configuration.nix
View file

@ -9,7 +9,6 @@
config = {
pim = {
tailscale.advertiseExitNode = true;
sops-nix.usersWithSopsKeys = ["root"];
prometheus.enable = true;
};

2
nixos/default.nix
View file

@ -38,7 +38,7 @@
usersWithSopsKeys = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
default = lib.optional (! config.deployment.allowLocalDeployment) "root";
};
};
};