From d999d4d0e68b9d7cfa0f477cdbac8fe82850ae78 Mon Sep 17 00:00:00 2001
From: Freya Murphy <freya@freyacat.org>
Date: Fri, 24 Jan 2025 13:06:22 -0500
Subject: use sops-nix for secrets

---
 hosts/shinji.nix          | 77 -----------------------------------------------
 hosts/shinji/default.nix  | 74 +++++++++++++++++++++++++++++++++++++++++++++
 hosts/shinji/secrets.yaml | 23 ++++++++++++++
 3 files changed, 97 insertions(+), 77 deletions(-)
 delete mode 100644 hosts/shinji.nix
 create mode 100644 hosts/shinji/default.nix
 create mode 100644 hosts/shinji/secrets.yaml

(limited to 'hosts')

diff --git a/hosts/shinji.nix b/hosts/shinji.nix
deleted file mode 100644
index 756cfe1..0000000
--- a/hosts/shinji.nix
+++ /dev/null
@@ -1,77 +0,0 @@
-# Shinji
-# System configuration for my laptop
-
-{
-  inputs,
-  options,
-  ...
-}:
-
-inputs.nixpkgs.lib.nixosSystem rec {
-  system = "x86_64-linux";
-  specialArgs = { inherit inputs; };
-  modules = [
-    options
-    inputs.home-manager.nixosModules.home-manager
-    ../nix
-    {
-      # options
-      monitors = [{
-        name = "eDP-1";
-        scale = 1.25;
-      }];
-
-      # hardware
-      hardware.graphics.enable = true;
-      hardware.bluetooth.enable = true;
-      security.tpm2.enable = false;
-
-      # bootloader
-      boot.loader.systemd-boot.enable = true;
-      boot.loader.efi = {
-        canTouchEfiVariables = true;
-        efiSysMountPoint = "/boot/efi";
-      };
-
-      # hostname
-      networking.hostName = "shinji";
-
-      # kernel modules
-      boot.initrd.availableKernelModules = [
-        "nvme"
-        "xhci_pci"
-        "thunderbolt"
-        "usb_storage"
-        "sd_mod"
-      ];
-      boot.initrd.kernelModules = [ ];
-      boot.kernelModules = [ "kvm-amd" ];
-      boot.extraModulePackages = [ ];
-
-      # firmware
-      hardware.enableRedistributableFirmware = true;
-      hardware.cpu.amd.updateMicrocode = true;
-
-      # luks device
-      boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/ad489bfa-4280-44ea-8ad2-60347b516d60";
-
-      # root
-      fileSystems."/" = {
-        device = "/dev/disk/by-uuid/b43a7cf6-b9aa-44c2-ad29-da24ffa56901";
-        fsType = "btrfs";
-      };
-
-      # boot
-      fileSystems."/boot/efi" = {
-        device = "/dev/disk/by-uuid/6F93-6A0B";
-        fsType = "vfat";
-        options = [ "fmask=0022" "dmask=0022" ];
-      };
-
-      # swap
-      swapDevices = [
-        { device = "/dev/disk/by-uuid/57caa02d-8569-43e3-8bf9-09dd6f02b191"; }
-      ];
-    }
-  ];
-}
diff --git a/hosts/shinji/default.nix b/hosts/shinji/default.nix
new file mode 100644
index 0000000..d1a02a8
--- /dev/null
+++ b/hosts/shinji/default.nix
@@ -0,0 +1,74 @@
+# Shinji
+# System configuration for my laptop
+
+{
+  inputs,
+  options,
+  ...
+}:
+
+inputs.nixpkgs.lib.nixosSystem rec {
+  system = "x86_64-linux";
+  specialArgs = { inherit inputs; };
+  modules = [
+    options
+    ../../nix
+    {
+      # options
+      hostName = "shinji";
+      monitors = [{
+        name = "eDP-1";
+        scale = 1.25;
+      }];
+
+      # hardware
+      hardware.graphics.enable = true;
+      hardware.bluetooth.enable = true;
+      security.tpm2.enable = false;
+
+      # bootloader
+      boot.loader.systemd-boot.enable = true;
+      boot.loader.efi = {
+        canTouchEfiVariables = true;
+        efiSysMountPoint = "/boot/efi";
+      };
+
+      # kernel modules
+      boot.initrd.availableKernelModules = [
+        "nvme"
+        "xhci_pci"
+        "thunderbolt"
+        "usb_storage"
+        "sd_mod"
+      ];
+      boot.initrd.kernelModules = [ ];
+      boot.kernelModules = [ "kvm-amd" ];
+      boot.extraModulePackages = [ ];
+
+      # firmware
+      hardware.enableRedistributableFirmware = true;
+      hardware.cpu.amd.updateMicrocode = true;
+
+      # luks device
+      boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/ad489bfa-4280-44ea-8ad2-60347b516d60";
+
+      # root
+      fileSystems."/" = {
+        device = "/dev/disk/by-uuid/b43a7cf6-b9aa-44c2-ad29-da24ffa56901";
+        fsType = "btrfs";
+      };
+
+      # boot
+      fileSystems."/boot/efi" = {
+        device = "/dev/disk/by-uuid/6F93-6A0B";
+        fsType = "vfat";
+        options = [ "fmask=0022" "dmask=0022" ];
+      };
+
+      # swap
+      swapDevices = [
+        { device = "/dev/disk/by-uuid/57caa02d-8569-43e3-8bf9-09dd6f02b191"; }
+      ];
+    }
+  ];
+}
diff --git a/hosts/shinji/secrets.yaml b/hosts/shinji/secrets.yaml
new file mode 100644
index 0000000..5bb89cf
--- /dev/null
+++ b/hosts/shinji/secrets.yaml
@@ -0,0 +1,23 @@
+freyanetWg: ENC[AES256_GCM,data:TlaDyx3E6Gez8HHiihFGIGfVedLx9xXSzBNEPmZYC3rqWEHHTfsMh6xL5l8=,iv:qdygQeUQkpVCWOYJ9BLsBtN/F0sYU4fTKz+/Az1QyOg=,tag:88yeDqXtcHshVRiinn2Bsg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2025-01-24T17:54:22Z"
+    mac: ENC[AES256_GCM,data:IfPObEnZ46RUXjHwK4ibIlfwveqYaOHPtKgIhLjBuuElPHfvhSqgeN4KEwTDPnk38F39qRiyDA3TlEZjIvC856t+a5FG7UkdQRkOkotcqMPwtmEHz5YXw0gqMny7y4+iFMvog0NQL94ptodD0kD/OoJKt/2tGmm9Jv3yBO/qqwo=,iv:BGBONzCHiWLhS0AX9Xa3Rt8dZTzDEGWS0jr72GAx4bc=,tag:SIJyE/xWuxf2U2x2+1cX4w==,type:str]
+    pgp:
+        - created_at: "2025-01-24T17:54:22Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hF4D/YCJcy0T0DkSAQdAxr7yRTBbTqekdXYr4apLlMvUa00t07itX1tUfrQcQjsw
+            spxEodkxhj5ZiD/ohAQRBzhwMN+xhqo69b+yfRPYke1IXc8CqeQAJHGXZKxhlOPO
+            0l4B7AD9YlNgegBsUhFm/7ll5t1oTy3xXzgVKpWhpqAnyMqzyKx7gZcZagjaRaDn
+            aMITJxTBRU8cmuZazUvu5O2lUKqFCj9Au/wP42eUWQphzsxKkGeYsnqr1z417N83
+            =qn+4
+            -----END PGP MESSAGE-----
+          fp: 2A8A27879715447AEEC59D0C18DCCBE353963394
+    unencrypted_suffix: _unencrypted
+    version: 3.9.3
-- 
cgit v1.2.3-freya