diff --git a/.sops.yaml b/.sops.yaml deleted file mode 100644 index 621bc24..0000000 --- a/.sops.yaml +++ /dev/null @@ -1,10 +0,0 @@ -keys: - - &aviac-gpg 644781002BDEA982 - - &michael age14qgh6kzdlrwcvsrwhy75y3qtrkv46rverqxupu7ugwj8xwrm84dsfupg7d - - &pipeline age1f8p9wqgsr9vlzgfqnmt94cnecq7yyugv2cyvf88d4hzfqwyrhc8qywhsgl -creation_rules: - - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ - age: | - age14qgh6kzdlrwcvsrwhy75y3qtrkv46rverqxupu7ugwj8xwrm84dsfupg7d, - age1f8p9wqgsr9vlzgfqnmt94cnecq7yyugv2cyvf88d4hzfqwyrhc8qywhsgl - pgp: *aviac-gpg diff --git a/dev_system.nix b/dev_system.nix index c1c76b0..7cde22e 100644 --- a/dev_system.nix +++ b/dev_system.nix @@ -23,22 +23,6 @@ in ./shared/ssh.nix ]; - networking.firewall = { - allowedTCPPortRanges = [ - { from = 8000; to = 8020; } - ]; - }; - - sops = { - defaultSopsFile = ./secrets/ssh-key.yaml; - age = { - sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - keyFile = "/root/.config/sops/age/keys.txt"; - generateKey = true; - }; - secrets."pipe-ssh-key" = { }; - }; - services.openssh.settings.AllowUsers = [ "pipeline" ]; users.users = { @@ -54,6 +38,12 @@ in }; }; + networking.firewall = { + allowedTCPPortRanges = [ + { from = 8000; to = 8020; } + ]; + }; + services = { mysql = { enable = true; diff --git a/flake.nix b/flake.nix index 10c132c..4328854 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,6 @@ { inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - sops-nix.url = "github:Mic92/sops-nix"; disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; @@ -89,7 +88,6 @@ }; imports = [ inputs.disko.nixosModules.disko - inputs.sops-nix.nixosModules.sops ./dev_system.nix diff --git a/secrets/ssh-key.yaml b/secrets/ssh-key.yaml deleted file mode 100644 index 714b35c..0000000 --- a/secrets/ssh-key.yaml +++ /dev/null @@ -1,37 +0,0 @@ -pipe-ssh-key: ENC[AES256_GCM,data:hDxyWJZnNWHoeCcduuR28M90q8hX6URn9rK50TiqOLVabQGcDTjATsizLyzbo0/eC6fPUIlM5A3KpwTPxi//eC6Ioyy7Xc0mdPWuSKySfyaYw+Lfg4RpH06LOQ8qUA==,iv:h2SAoJ7q/ov/lctQjZYlL3x/9bLy3p69piUtVcCZTI8=,tag:4Ay0Pv30+C9gLAw6BRHKoA==,type:str] -sops: - age: - - recipient: age14qgh6kzdlrwcvsrwhy75y3qtrkv46rverqxupu7ugwj8xwrm84dsfupg7d - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhOXRaWFo1TzRpZnBVZW1K - TUlISGFrN3Q2OWxtenhTRHNNOEs0VmlJMkVzCm9VdGdmMml3ZHJMT1R2ZE5JNzBU - K3g5V0hUR29tQk1qUnRaTDZDS0prVmcKLS0tIGdQTEs3a0FRSUJCZEhONm12K3dW - MEpqQ295WExyT0VIQUI1a2F6SjQ0UjgK7A3I3in1m4y5zWzmNDKUDsBPFba/gDH/ - 265naa6JQS1Ysb7YIu1Np9ag+dp08KuFgSAnPt5olAXrIJcXh6M0Qg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1f8p9wqgsr9vlzgfqnmt94cnecq7yyugv2cyvf88d4hzfqwyrhc8qywhsgl - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjRHpicTdxT3dvazJidHE5 - ZG1EUGF0QWp6Qm8xKzVqODZXbVVzekgvRUQ4CjVTSGV5TlV5SnhEOE1sRlNoVkk4 - bGJaOVdYS0dGZnhYSmYvTGgyTVJBVzAKLS0tIFo3eEVjL3h6bldCclhRNENJTWdK - dWNlMUIxSTkzZ0QxVWJDOGdMMUduZTAKy0CVsA6hGXv/F81fIBcAHn2NW1E63noE - /6V/FouS39Fsnb5zcK3U5FMJTn9VBNEQKHJzj9qrWlbMHo8q/Lor1w== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-06-12T15:20:45Z" - mac: ENC[AES256_GCM,data:xhg1QK2LkkON+qP7o+rqAZRYPISuFlZ5Vhagavqiy+gNolq1ATajvdOJp6JCgHYqOpSSj6lbxs3F/i0py5cWW5jgkTBsfeiLzsm5MY+n0B0AkuNT6N/q9p2N0Btq0yA5Kez9IETRlpXk6ZnzKyOTHPllfHgoo8RBinwBDOf4VAw=,iv:36FzdyX48B8yAzwjWI95aVMYURE0saT75Z06JL6AQG0=,tag:8BVUeyeBu2YKKrG7xA9gZQ==,type:str] - pgp: - - created_at: "2025-06-12T16:02:00Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hF4DzYliWiOOjtYSAQdAgvWR7o5PxnElk0BjNQNhBvLM0PL40tS3G9ok7vosWUEw - RfAed4lOrDaMpY2PqZJfsxgNoLblFzj/N4F9LVxpwhuR2InRCA+5HboUjkRwiMmK - 0l4BtFBAOfaTKHUVsst+dH0OWhP7IggrKo9sYFqtvSkswLfQDA7O1iGxa4P/FWdh - HXWKrs92rdJ5F2c0e0fjnVwtpdn2aOLlBTDGXGRNHTRs44mjuKOaimR4dbeIeR20 - =30XJ - -----END PGP MESSAGE----- - fp: 644781002BDEA982 - unencrypted_suffix: _unencrypted - version: 3.10.2