diff --git a/.sops.yaml b/.sops.yaml index 32e9d239..a70fc952 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,9 +1,16 @@ keys: - &user-albert D98BBC6C9A27324654C2D8C464F6C4EB46C4543A - &host-nixos-laptop ca375f85e93f5327eca3e0af996236957c887168 + - &host-nixos-rpi4-01 KEY_GOES_HERE creation_rules: - - path_regex: secrets/[^/]+\.(yml|yaml)$ + - path_regex: secrets/secrets.yaml key_groups: - pgp: - *user-albert - - *host-nixos-laptop \ No newline at end of file + - *host-nixos-laptop + - *host-nixos-rpi4-01 + + - path_regex: secrets/tailscale.yaml + key_groups: + - pgp: + - *host-nixos-rpi4-01 \ No newline at end of file diff --git a/README.md b/README.md index 82290a39..816632e4 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,10 @@ nixos-rebuild switch --flake '/etc/nixos#' ![Gruv'd Hyprland](./screenshot.png "Hyprland with a Gruvboxy theme") --- # To Do List +* [ ] Raspberry Pi 1: + * [ ] Set up Tailscale with pre-auth keys (services.tailscale.authKeyFile, add the key to secrets/secrets.yaml) + * `${hostname}-tailscale-key` + * [ ] Set up sops and gpg * [ ] Configure GameMode / Gamescope * [ ] Find a way to remove all default search engines in Firefox (Google, Amazon, etc) * [ ] Figure out what the home-manager `account` options are for. diff --git a/nixos/hosts/nixos-rpi4-01/default.nix b/nixos/hosts/nixos-rpi4-01/default.nix index 609299b6..e31fcdb3 100644 --- a/nixos/hosts/nixos-rpi4-01/default.nix +++ b/nixos/hosts/nixos-rpi4-01/default.nix @@ -1,12 +1,10 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; +{ config, lib, pkgs, modulesPath, ... }: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; # Use the extlinux boot loader. (NixOS wants to enable GRUB by default) boot.loader.grub.enable = false; @@ -39,4 +37,7 @@ powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; networking.hostname = "nixos-rpi4-01"; + + # Generic Tailscale configs are in /nixos/common/services/tailscale.nix + services.tailscale.authKeyFile = "/run/secrets/nixos-rpi4-01_tailscale_key"; } \ No newline at end of file