From a8df9404f062dc93661ff7d12bf72c6bc1d93faa Mon Sep 17 00:00:00 2001 From: fuckwit Date: Mon, 25 Nov 2024 16:50:18 +0100 Subject: [PATCH] add tailwind to framework --- .sops.yaml | 8 +++++++- nixos/framework/configuration.nix | 11 +++++++++++ nixos/framework/secrets.yaml | 33 +++++++++++++++++++++++++++++++ 3 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 nixos/framework/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml index 0967869..fc1d4d0 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -2,7 +2,7 @@ keys: - &user_patrick 5FA64909521A5C85992F26E0F819AEFF941BB849 - &host_celestia age1vadwmwh8ckfal7j83gwrwn9324gqufwgkxskznhp9v867amndcwqgp2w6t - &host_primordial age12u7ayy2q5dps2pcpc6z7962pz07jxv3tt03hna6jyumlu4fdjvtqdg2n3e - - &host_laptop age1fhnujflp29sekvwjgw0ue2hnmjum3fpcj80vly0rkt07u9xwlf7ql25mkk + - &host_framework age18kc63lpfutqlw505fkqagumqup6dtpudajeaheueuaf0frjpdc3suz49qk creation_rules: - path_regex: nixos/celestia/secrets\.yaml$ key_groups: @@ -16,3 +16,9 @@ creation_rules: - *user_patrick age: - *host_primordial + - path_regex: nixos/framework/secrets\.yaml$ + key_groups: + - pgp: + - *user_patrick + age: + - *host_framework diff --git a/nixos/framework/configuration.nix b/nixos/framework/configuration.nix index 5bbd97f..7e34e10 100644 --- a/nixos/framework/configuration.nix +++ b/nixos/framework/configuration.nix @@ -6,6 +6,8 @@ ... }: { imports = [./hardware-configuration.nix]; + sops.defaultSopsFile = ./secrets.yaml; + sops.secrets."tailscale-auth-key" = {}; boot.bootspec.enable = true; boot.loader.systemd-boot.enable = lib.mkForce false; @@ -99,6 +101,15 @@ lidSwitchExternalPower = "ignore"; extraConfig = "HoldoffTimeoutSec=300s"; }; + + tailscale = { + enable = true; + extraSetFlags = [ + "--accept-routes=true" + "--accept-dns=false" + ]; + authKeyFile = config.sops.secrets."tailscale-auth-key".path; + }; }; services.pipewire = { diff --git a/nixos/framework/secrets.yaml b/nixos/framework/secrets.yaml new file mode 100644 index 0000000..7bd9b77 --- /dev/null +++ b/nixos/framework/secrets.yaml @@ -0,0 +1,33 @@ +tailscale-auth-key: ENC[AES256_GCM,data:jReYmVBmruNXXOlB9ep1Vx84XSKA8JAPReuxXglPMNDCUOIaX2S7zPuxAJp4KYhE91CnCNzprW/rdGejMw==,iv:251dyqcTqRh6N/lM07spgcyBnsxvwTdhKXdM45hepTc=,tag:/JqRTN80TJmA3H06Efbx8A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age18kc63lpfutqlw505fkqagumqup6dtpudajeaheueuaf0frjpdc3suz49qk + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGQ29IUmRFcjNXNFRVZDh5 + ZGE0YUJxYmFITHJ1N1RtVkNHbnpBYS9IM0g0CmFWak94ZE9BR2x2cHhrTkxxVWVn + czlRNUJoSm5FUVVPQVdXMnp6V1dMRjAKLS0tIFNUWVNCMEhjbEpjUXhRS05QTFpL + bk1raG5pVE10ZEh1RXdYUXY0ZkVkUW8K5JWNqbd6k6slfOR9xfc6a58tdouElwlX + w4MzIE7dUlqYux4MxbTzXhnX/A3D2oXg60Ya5rKqakgnAYvWlNwwAw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-25T15:49:24Z" + mac: ENC[AES256_GCM,data:GQcgu7CWkUPrcsYlSK8rbnZIu3Ph/q5ohEt2F46Q5afEh2j0aQQfdlO7suFUmO93qoQ4Z4qo6HmSsqajR5QTMvWMjERSdAYh8WiX64zgnxzYD32GCLjvtp3NSraIHy5RsnX/+4vNDsGVq1pJIEr6McWuvxuuZ3cT2JbHiui8cGI=,iv:GkHo9aM6JXM1+kY42au7Rm3fJrqOnncKLxLC52JrVUw=,tag:7Ua+LTsfihrr+qcVhKvJPA==,type:str] + pgp: + - created_at: "2024-11-25T15:46:53Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DMGJRmcuHhnsSAQdAIUNST8klTbwju58Y6yBe8tZtn0yK4hCrocSfV5qAOz8w + eDZyWmShWVeAMIksZPJthyq2GmExd6S+BPjgn6sLmeaDBHzUsLV2lexpGSTif6MW + 1GgBCQIQVijI8dBnboVzsQHN1Yaj9Ntfb++u29TBmYiXLm455jsr/Aqwp8I9ZM0P + tMPkxT6kHebICXpsbZvkSxv3kaPK1+TBGZkk8VEZxZZBl7NpvCAKufOiCHU/sH8I + UOJGtqbpiWwqJQ== + =qjQD + -----END PGP MESSAGE----- + fp: 5FA64909521A5C85992F26E0F819AEFF941BB849 + unencrypted_suffix: _unencrypted + version: 3.9.1