rpi4: rename to raspite, add password
This commit is contained in:
parent
41ce883dd8
commit
ec6476d470
7 changed files with 125 additions and 27 deletions
14
.sops.yaml
14
.sops.yaml
|
@ -1,17 +1,27 @@
|
|||
keys:
|
||||
- &xin age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c
|
||||
- &host-laptop age1ytwfqfeez3dqtazyjltn7mznccwx3ua8djhned7n8mxqhw4p6e5s97skfa
|
||||
- &host-calcite age1ytwfqfeez3dqtazyjltn7mznccwx3ua8djhned7n8mxqhw4p6e5s97skfa
|
||||
- &host-raspite age1nugzw24upk8pz5lyz2z89qk8se4gpcsg3ypcs58nykncr56sevrsm8qpvj
|
||||
creation_rules:
|
||||
- path_regex: machines/calcite/secrets.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *xin
|
||||
- *host-laptop
|
||||
- *host-calcite
|
||||
- path_regex: machines/raspite/secrets.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *xin
|
||||
- *host-raspite
|
||||
- path_regex: machines/secrets.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *xin
|
||||
- *host-calcite
|
||||
- *host-raspite
|
||||
- path_regex: home/xin/secrets.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *xin
|
||||
- *host-raspite
|
||||
- *host-calcite
|
||||
|
|
|
@ -61,20 +61,21 @@
|
|||
];
|
||||
};
|
||||
|
||||
nixosConfigurations.rpi4 = mkNixos {
|
||||
nixosConfigurations.raspite = mkNixos {
|
||||
system = "aarch64-linux";
|
||||
modules = [
|
||||
nixos-hardware.nixosModules.raspberry-pi-4
|
||||
machines/rpi4/configuration.nix
|
||||
machines/raspite/configuration.nix
|
||||
(mkHome "xin" "raspite")
|
||||
];
|
||||
};
|
||||
|
||||
images.rpi4 = (nixpkgs.lib.nixosSystem {
|
||||
images.raspite = (mkNixos {
|
||||
system = "aarch64-linux";
|
||||
modules = [
|
||||
"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
|
||||
machines/rpi4/configuration.nix
|
||||
nixos-hardware.nixosModules.raspberry-pi-4
|
||||
machines/raspite/configuration.nix
|
||||
{
|
||||
nixpkgs.config.allowUnsupportedSystem = true;
|
||||
nixpkgs.hostPlatform.system = "aarch64-linux";
|
||||
|
|
|
@ -8,7 +8,8 @@
|
|||
dig
|
||||
du-dust # du + rust
|
||||
zoxide # autojumper
|
||||
man-pages
|
||||
file
|
||||
# man-pages
|
||||
tree
|
||||
wget
|
||||
tmux
|
||||
|
|
28
home/xin/raspite/default.nix
Normal file
28
home/xin/raspite/default.nix
Normal file
|
@ -0,0 +1,28 @@
|
|||
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
../common
|
||||
];
|
||||
|
||||
home.username = "xin";
|
||||
home.homeDirectory = "/home/xin";
|
||||
home.stateVersion = "23.05";
|
||||
|
||||
# Let Home Manager install and manage itself.
|
||||
programs.home-manager.enable = true;
|
||||
|
||||
accounts.email.accounts.gmail = {
|
||||
primary = true;
|
||||
address = "lixinyang411@gmail.com";
|
||||
flavor = "gmail.com";
|
||||
};
|
||||
|
||||
accounts.email.accounts.whu = {
|
||||
address = "lixinyang411@whu.edu.cn";
|
||||
};
|
||||
|
||||
accounts.email.accounts.foxmail = {
|
||||
address = "lixinyang411@foxmail.com";
|
||||
};
|
||||
}
|
|
@ -1,9 +1,6 @@
|
|||
{ config, libs, pkgs, ... }:
|
||||
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
vim
|
||||
];
|
||||
nixpkgs.overlays = [
|
||||
# Workaround https://github.com/NixOS/nixpkgs/issues/126755#issuecomment-869149243
|
||||
(final: super: {
|
||||
|
@ -12,12 +9,33 @@
|
|||
})
|
||||
];
|
||||
|
||||
imports = [ ];
|
||||
imports = [
|
||||
../clash.nix
|
||||
../sops.nix
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
git
|
||||
clash
|
||||
];
|
||||
|
||||
# Use mirror for binary cache
|
||||
nix.settings.substituters = [
|
||||
"https://mirrors.ustc.edu.cn/nix-channels/store"
|
||||
"https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store"
|
||||
];
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
|
||||
sops = {
|
||||
secrets.password = {
|
||||
sopsFile = ./secrets.yaml;
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "22.11";
|
||||
|
||||
networking = {
|
||||
hostName = "pi-wh";
|
||||
hostName = "raspite";
|
||||
useDHCP = false;
|
||||
interfaces.eth0.useDHCP = true;
|
||||
};
|
||||
|
@ -28,11 +46,12 @@
|
|||
|
||||
systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
|
||||
|
||||
users.users.pi = {
|
||||
users.users.xin = {
|
||||
isNormalUser = true;
|
||||
home = "/home/pi";
|
||||
extraGroups = [ "wheel" "networkmanager" ];
|
||||
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIInPn+7cMbH7zCEPJArU/Ot6oq8NHo8a2rYaCfTp7zgd xin@nixos" ];
|
||||
# passwordFile = config.sops.secrets.password.path;
|
||||
hashedPassword = "$y$j9T$KEOMZBlXtudOYWq/elAdI.$Vd3X8rjEplbuRBeZPp.8/gpL3zthpBNjhBR47wFc8D4";
|
||||
};
|
||||
|
||||
}
|
30
machines/raspite/secrets.yaml
Normal file
30
machines/raspite/secrets.yaml
Normal file
|
@ -0,0 +1,30 @@
|
|||
password: ENC[AES256_GCM,data:QHPNTvjNjrcUaV7aVvnFQFF+1bA+g1Y2emYIabBgHQ7Dmg7SuOwVpBsZCvsh+BgrWLykK3Gcf+huTMzixjaqXbGHrpqx9Eq9wi1O1alVG8bJ/UvWr7H3qBCuye85KUopBxXLF93skT7H1Q==,iv:Iq/s+AuMJN/Z/Pbc5UsZQA6gvnPXxihKJzWYl+N6Gmc=,tag:6UvNTQlLrl1ay3BI6vPqTw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBieXZQcFZ6R0ZBQUdTMWtL
|
||||
QXM2djdBNThrNnpuT1lpNDU1R3NIM2FRNnhZCkZqbUtrWldFMS9oOTE3T2ZCTklm
|
||||
emxsL21pQThiMDJIUXA1Y0RKSVBRWFUKLS0tIE1qK0dySHZHUVZ1aDZoZ1lEZHoy
|
||||
dnBLOWV4NjBrZzM5VkhRZFFrNFByVFkKK7j/rDiD7WbCU/Z1+FRuxjOitS6Y9cc1
|
||||
L2oW35AJluG27tdwe39nBORzeLwDrcFy5TpUSV9hMEBbeDBlhLNSiA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1nugzw24upk8pz5lyz2z89qk8se4gpcsg3ypcs58nykncr56sevrsm8qpvj
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPb0RxTHFhZjZ5bEtpblo1
|
||||
VHJkeDFpNjhoc294eWs5TmxxcEMwOTQ4SmxVCmp1dnFXSlNiUzdtWm9WSmlMa3BR
|
||||
RDFmWVdxcXJzRmdzbzVOMkUvNDd4Y1UKLS0tIDVkNHBrYWFmNWtkNllidUlPdFJ1
|
||||
djhXQ2RzM0JEdnRvUkxVNm9MdFNJUHMKmacD8MIV7r92c5KbJtg7CbnI09QMclQl
|
||||
5rIF5vcgaRRpS6zXq22OgxSjsjIHg7jDOkUJdueGNHzc4f9F91+0yQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-04-23T03:02:43Z"
|
||||
mac: ENC[AES256_GCM,data:7k+Eoua6DviF6XN5QiVOXE4LHr0gggvvYY9EMBU4J6RsA9hzi0L3DjdofppAvG2928mCd/SYiZC3vGU8UFohXbZuxFLq9YJGkE1P+VxvlggkMKoJkIbE2d2t78zm2gt4nd60tDyJgYINqbbgfs2qOdnm8Y/WShRkmNs/ggf5Azo=,iv:cXoP6GYOzhfXov/l9rSg/2GIGI4aeJonAXCQ6k6YuaQ=,tag:Tv/JYpj6DfhddSzSkh8zcQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
|
@ -1,4 +1,4 @@
|
|||
clash_subscription_link: ENC[AES256_GCM,data:HKHMCu6FAhXroM+j33coUhJybw2P0k4c+2NyVoLkHRtxyWc2qDmwLfyaYfU9hkBdE60eZ6t5ewNFnMFe78DatVTcwPXGznY=,iv:0yP9LG8lUdjKiize6z5LjY3NsGmKST4H2aMvOZoUXyo=,tag:vcBk7seKuaSpEw8PXmM05A==,type:str]
|
||||
clash_subscription_link: ENC[AES256_GCM,data:QwszQooTzHboIgIsbxcL1ZrVgOn91pKC8mMUSY7R0FB426ERiVPNyGWBy5ar4m0yk/XwcFLdFRmiWOrQG9mWsx9J6/tH7K8=,iv:zeDuLmDRUiCtKfUlpl1KJl62DP4DnQ2c6gOjpiHw+4c=,tag:w5AQIUC1p3nrwepdxH7Kkw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -8,23 +8,32 @@ sops:
|
|||
- recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuRXoxNVJzZERQTFdDNWlL
|
||||
N2s2ajdCVzFFZWlSY1dndWhCL0RuMnk3aVdJCjJaQUJ2a1VPanArN2YxMy9vSEYv
|
||||
blBISEZQL3UvNnRFN0ozZ3hzbEcvaDQKLS0tIEYydmF2bHBwQWdTSFFQQ29ROGxi
|
||||
OFo3K3N6VWsyRnphblVsM2pHZnljUncKWLyzuKl+8WXtvlPtsaYG4PyGYNmPFdG5
|
||||
gxlMsQvaUrGReCs9M3EeS0KKvl9INzOP33KCiwrIAfq1PygP1xF1QQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtYjBKUUNCTlpoYXJqMkVL
|
||||
U0xoNDNXVUpGaEdTVFVVL05MYng4N3l5dlhRCjZXMmplRGY1UWdlUTB4NHBFNHVO
|
||||
QThQTkhwVlc2NE1HWUc5RlRyS2lURE0KLS0tIDZPOW1EMis2TjFjaS9sUHEvenRJ
|
||||
cmZYOEVHTE1ybDBXMDFZRnJQaWRjeU0KVAiaO0xMhDQTh26e4lTRigkG2P6KfXov
|
||||
c2DItjmdWmdfN/QOKl6JzObtHBxSWxXGZwbnWmDkGq69t20TDus2Xw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ytwfqfeez3dqtazyjltn7mznccwx3ua8djhned7n8mxqhw4p6e5s97skfa
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1ZHpMa0NiYzJSa0Jyd3dD
|
||||
WUFzenY3dEYzRjBxbVk4NWFGUnp0N0oySjE4CllEMlRXSmR6cWR0QlMrOWJGdEhO
|
||||
ZzkwaFRRMVdjcVhLaEpMcFhxMTVxcTQKLS0tIEY3eER1d3B0NGtsdk9RaENscTBk
|
||||
eHg2UVZRRkdVWm5PdW1MSzhVTGlpc3cKnZj4fil9mysiJJcDK4SLo+I0TcUtgww1
|
||||
67W3wpd2y+ofIEP/qBSTVU4PYJ+ZsYDr1hy+6qJ7r4rgQ9wzLiWBog==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvWWx3TGJTWEtLd0ROVXZQ
|
||||
OUcycUlCUmhJT3JybldLYytJNlhld3lSVENJCmd0YUVBbWN3MU8yQ2FFMTRSWXln
|
||||
S0x4c0pGemVDdVV6N3hCM3BsWGxBYzQKLS0tIDdyNFBtK2RQTFNXdlRDaVZBNjZ6
|
||||
TVo3cmh0eFlDU1d2RnVZVUI1NXcrbnMKU+tJhePvEk/awxtoZA8NWTxUr5buXSRu
|
||||
CyIZXG3THbrIWAzBRlgtKqmlvdOseIASSO9OgOUPb8/EKSD5eUTH3g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-04-22T15:22:58Z"
|
||||
mac: ENC[AES256_GCM,data:3LtivTLt04ADulz9XkMxcpgAY6it+hWFuXZVI9AOuFVQCgGE41fpH0RUKgJ4kIpr5kvbe4wVLQ6OTFqBcAkPnBBPCCg/Npzo7sWbGOiBEyK3aEk2uGsmZHqpDexHS5VJvSY0iePD+Qb/LNxjBo4KLWGNj+frKnpGALV0Qn6yzIE=,iv:alylpWLPhIIL4piaVFpjHbXJY4nz0pcUIFN5TvVcj74=,tag:HaSjcpwRMZ06UjXoDwEmyg==,type:str]
|
||||
- recipient: age1nugzw24upk8pz5lyz2z89qk8se4gpcsg3ypcs58nykncr56sevrsm8qpvj
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBidXFsbFBPc3hhMzFMSk9v
|
||||
NVdKWDE5MWoyMnUyVWdwOXhsK3dpQ1o2bGlBClZHVTZzc2lxblYrUUUvRFRmQ2Mv
|
||||
S1I4YzJYd1JCcUx5b0E2MTlwYWlwRDAKLS0tIGphM2NaSXBwdlZSR3kwSUkzcXkv
|
||||
dWVDd2VSd213NmpYdDcvNUZXTHdzSDgKj68TLxSYYExtGg/hyuAiPqmdXPGIWzou
|
||||
DnCdBitTPPswI+BVwYufnGmHdt8xz5nofBxACWg/bS3NUTGFcnIPWQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-04-23T03:03:14Z"
|
||||
mac: ENC[AES256_GCM,data:LxnM5wRjyV0VxOWm0/XDF6iVoe2PoJ/Ps8iW6mNI4JDDy8EK7pRElcU0W+IuOq09eUCBJ4KzIssbUTqumUtQHXIOhkCx0qrsf4XWsLnKNqteMwkDuWhQAiUgzGa4T0zD7B1chnos9J85rHGrGLZ9aGzC04hwUrADcw0HbxQIBm4=,iv:U2sYlCl8cppaJT8ldJhVoHj2NbTCanJyPblsO11/hBs=,tag:h8cE/+uNDz5CXoX29RKCgQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
|
Loading…
Reference in a new issue