From 47b956331ac573a287b22d602cc05753b7b38198 Mon Sep 17 00:00:00 2001 From: Harald Hoyer Date: Wed, 6 Mar 2024 12:26:12 +0100 Subject: [PATCH] add sops Signed-off-by: Harald Hoyer --- .secrets/hetzner/internetbs.yaml | 30 +++++++++++++++++ .secrets/hetzner/postgres.yaml | 31 ++++++++++++++++++ .secrets/sgx/backup-s3.yaml | 31 ++++++++++++++++++ .secrets/sgx/pccs.yaml | 30 +++++++++++++++++ .secrets/t15/backup-s3.yaml | 31 ++++++++++++++++++ .sops.yaml | 21 ++++++++++++ flake.lock | 38 ++++++++++++++++++++++ flake.nix | 5 +++ systems/x86_64-linux/sgx-nixos/default.nix | 1 - 9 files changed, 217 insertions(+), 1 deletion(-) create mode 100644 .secrets/hetzner/internetbs.yaml create mode 100644 .secrets/hetzner/postgres.yaml create mode 100644 .secrets/sgx/backup-s3.yaml create mode 100644 .secrets/sgx/pccs.yaml create mode 100644 .secrets/t15/backup-s3.yaml create mode 100644 .sops.yaml diff --git a/.secrets/hetzner/internetbs.yaml b/.secrets/hetzner/internetbs.yaml new file mode 100644 index 0000000..887fd92 --- /dev/null +++ b/.secrets/hetzner/internetbs.yaml @@ -0,0 +1,30 @@ +internetbs: ENC[AES256_GCM,data:usJ/08NTnlLNcnzVyycFVe7VN2LS7gNkqQRltpTEKBHu8POjaNK2E7t0tuq3a+EcxkhxBsd7O8lw7fjFDh6ZPo7nfUQjvVQzbaI1JjMUOw==,iv:kJFbg9mt3EMSzrUWEzC4xK6ilAiRp+fktYUX+W6uwSM=,tag:tsE6qpyjA5d4egFM2IJzRA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1qur4kh3gay9ryk3jh2snvjp6x9eq94zdrmgkrfcv4fzsu7l6lumq4tr3uy + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHT3U4dmhTTmRGRnFxMmhQ + Lzc0RWdQaThYZDhtcHFTSHNPNS9pd2RKS0N3CnVlUmx0V3BCUHhkQ1d0Nlk3NGEw + bHM1YWQySEZVV3VjZUcwcE1TSW9scDgKLS0tIFNYbnJxVzA4d2dsQTRVVXhDdFUv + OS9xVXVUSTFmbStObGdLRUl5RWlGTk0Ki6/1TMHB/BfL53qDYvQwmW6xHes27Ni4 + exk+T9OlgKsHQfdRpu3t3TrdnFIJYmAJeuU6NNdlp18juNPp9kbBEg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1dwcz3fmp29ju4svy0t0wz4ylhpwlqa8xpw4l7t4gmgqr0ev37qrsfn840l + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUY2VCS1ZtWjc3VFFLSUhl + R2EzbE5SMWlWOXZhWmVuckFzVGR1aFp2aVQ0CllkemVFaFhwYzgxNFNlL3Z1QWRP + d0Rqb2FtYXI5T2ZzUjJIMXluUWwwdnMKLS0tIEQ4Yk1vRzVpZVF4blFxVkdIRGFl + ZmMxald2NU9HSE1ZOUN5R2twMXdmVGcKAXcUXemrleTxGxkMP+4mWh8uYwN1FTDc + cHbaln4DsDOqHtqqpJheTqN0mMOmkDvTCq2jbiKIkr2sruh49acIoA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-24T13:45:16Z" + mac: ENC[AES256_GCM,data:MOEFuQSx+SlXM7ajjQR6twCULem19A/hYKHBQhnLMb2V9o8SuYOvhmn8dz/UE558dnJt6eIB0rRKTItEbxNfyjvr6r2q+GPi7OM85ytLd0UuNPwcKUrqmlx5JPCRWt189U+qetbIDH7PXCawfccbLJmJWHBhFn+ZwqPbLs2wUnI=,iv:YUcEofcFTT8KgVVoQg/+bsCgBTdyGmmYLX7m1cqonhA=,tag:9oKLUS0eebRvC7UwEgkhew==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/.secrets/hetzner/postgres.yaml b/.secrets/hetzner/postgres.yaml new file mode 100644 index 0000000..502eb90 --- /dev/null +++ b/.secrets/hetzner/postgres.yaml @@ -0,0 +1,31 @@ +postgres: + gitea_dbpass: ENC[AES256_GCM,data:YdouHox7M6iTygteftGMB1W/hEWUchlZ+35ofgbI0xoYGt7QzVZyPKpO8cvcVNPTgdWk6B1zWlFw6JRhXv+ovg==,iv:0EkZGv8iQkq2fcyViCJy/Rj7n3w1BSuU5NiPw5sJhr0=,tag:z3Ff2dNzJBuBqyGiqoxZcg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1qur4kh3gay9ryk3jh2snvjp6x9eq94zdrmgkrfcv4fzsu7l6lumq4tr3uy + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBOUVxRXduVWhjNHdnZCtH + U0VLWE01VkJaWmNDUzE1bmorRDN5RWNwTnhJClRkcDNzb1U2MzZ3TDhXSnI4Z252 + a1A0dzQ5eUlScDhhYjl6WEdnYnlxUm8KLS0tIDczaXlvcDVwUzdQY1h6a01QM2p6 + T3FBVWJqaHQwVnIrNFVsWVBub2djMG8KsbZb43UkVe1Up0O15UTC/PdsEkwwOnVW + 9P4AGO097HfTLkAjKJHx5QYF02dJ+4xb6rgzUYt9Nr8h8+GD0xRAfQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1dwcz3fmp29ju4svy0t0wz4ylhpwlqa8xpw4l7t4gmgqr0ev37qrsfn840l + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdlhZbDhqamNGU2QrZDN5 + MlY5RFgrV3NJUk1PYWJLSnpCZjhiTUF5b0RrCmRHV0JnYlBmL2p0WE9UTzJUcVhK + dkhiYlJtYWtDN0lseHRCNTUzb252TmsKLS0tIGZKbjA3dkVwcnZNK2djV1BvSkJo + a09FM1ZqSWdsdytjdVFCanVldHVoWUUKyy/LXNd/vZLdgXYXfloFkNviaddvrazw + 4Z0bJ/fqGvRPlLkTUzZlhWKVXfZFGgo5nQSEvyphkIb6UCyd9VamnA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-24T14:02:40Z" + mac: ENC[AES256_GCM,data:7yikTQ7wsy13Hfwo5VKpUow8KW2/UYfzrWuA6Rp+21FglG3f7s6PLlrpMLooDPiaHxiPfc1fHg3u6UDcotyUljMZMQCCfvmLC1saALB6lFHEj3KoTa/NtgimYB2FeK92RcrU+EymmwZItmI/t1CuH8/qvXydWnO9zMWplMtW89Y=,iv:PEmElInahA5pPQvR9aatpKt+JhsKEtBPCPm926/59Uo=,tag:mflo6uSOh8SDKoC5JLHDIw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/.secrets/sgx/backup-s3.yaml b/.secrets/sgx/backup-s3.yaml new file mode 100644 index 0000000..448895a --- /dev/null +++ b/.secrets/sgx/backup-s3.yaml @@ -0,0 +1,31 @@ +backup-s3: ENC[AES256_GCM,data:gT5yQDC/nW7INa6e+BZOiR+Ky6SvU8hsRMvCoBDw8bOJT4yWlLkeYjoZOUSAdNaWyrNuypy72TUnq4+Udhrqd9YeneR7vj+UOSsNpDdqzVaTb0kTiL0lBT3RvXZ3QYVmSqYFnjrR,iv:VVQkDUuQwxHYFgOWueYIYq9M3WSIEYycdH+j+ibeS8w=,tag:wKe5kz0HxpZOW7GCw9rctg==,type:str] +backup-pw: ENC[AES256_GCM,data:JRgZXuO1eABr4fNmWJO/WgFLirEbGssLy+Lc29FWNFfBomDlr+73AFUcj1Ln8w92msuxubOY81jgEtG15PFX/g==,iv:4i6UyGYMJE4a2L4485ywlhZAE900wjVRia/X92Xr3Yg=,tag:d2oU6tSUwj3cdLJNmDHEEQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age149fqcw5jze00vd7jauylrp4j5xyv7amlu57jjfuzghkqtzlnxajs704uz3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPRjFydkVQTXlCWEJCSjNl + Unk1ejJ3K0M4dFVNeFFHK1c4ZjhwTG93b1cwCnJkN3BQZE1Na3VyZkc5SU1PNVkv + b3hVNzNIRStnemZ2RUlxSDJxRWtGTDAKLS0tIGVmK0d0Y2twMTE0U0hoRmRVR2R0 + cjhYNlJZdG1QVzYyRzhoUm1wLzdGY1kK0QNSItqjmwLTxQaMEC1bYrtlpE8EGlHb + hkWADj/Qw8m7Hbi1YCL6YWalHfoHM80VlfGGV6oAH4KH7l2mykqfzQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1dwcz3fmp29ju4svy0t0wz4ylhpwlqa8xpw4l7t4gmgqr0ev37qrsfn840l + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNcHc0NXY1YVhiREJ6ZFBz + cGVqM2ZvZVBYSnlZZ00vS2ZjeUZHeEVrelJ3CnhQRWhWcFRHeUJrcE9OaU9sQ21n + bDJBdnMrRTRKdEtMcWpDQTdqc0R4dDAKLS0tIGZPeTdGOFBSMjhTOEk5TEVnS2tm + QVZ6UEU3eFBEZ2RBRFdMd0sraVl4Z2cKOxGZrvhamIKuYubd6xvHS5VgFuXw7i+x + JvB7Wuu1+GTKk3VM7n66tjZrcZId4W8N9kYtl7w/mE4l5Wg9zIK6ig== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-12-06T12:32:28Z" + mac: ENC[AES256_GCM,data:wkR3Z6WuR2h2MuA9vPwcr1Lw0xJrNRIa5REUYT8j4Fhxd+zLghzemp7CoSBxzYaVeD5xIS4FYYvjAxkAV9FZMMWznjkFI+RkBMvlA6O7cUrUtTwh7YJ4ZTfh0iNcihuBXH9XWA7Ku0C9SwGUjGj+uaKPW4JCaVaNxDg0VzdyFeg=,iv:BdI68VoQlPF+eT7FglGyMgtgUT+3okSp9KIZQsIZSZo=,tag:hzQ9I/WXdtqwYjQyeD9XcA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/.secrets/sgx/pccs.yaml b/.secrets/sgx/pccs.yaml new file mode 100644 index 0000000..be1c54c --- /dev/null +++ b/.secrets/sgx/pccs.yaml @@ -0,0 +1,30 @@ +pccs: ENC[AES256_GCM,data:gsew4gI/i9vGt0X9pKeGed1ItbKEwL/OuYi7W4kti421V2Lor5QGXWsfw89408mPBP68d1qI6Q5BIUvCJdw7c3NJRH/W5UMF7c5ZlVtwrPK2q2v98LiwoeZ1KRDVrGSrchqVw00PClWIKkvh69s7iD10G3Wm8Ctr8ownLVaJnPPn2GQBtX1KJFXz8ikqKf5dUw3aQh7RGxkoLjzgrMx+7jW/t3R9MnPB1eMIUrsXrC40WXuxPaFDRdgvkCZG3KY0RGxR9ndvdDixunYheeKCt8norFrE4GG5Zj9/SHL40JVOTp53lu2IqkroxvDCiANCvVmKiwhLBcPwblgJ8gB9/6+ofNZqKunnBsJ6HNQczqHWFG1p7YNXAkCeZF4R6+TGHEfCmtrzoV0sPPv43peQX5Ibp84iHggCHAaDvOMtDz6zdKFmNC08jqPVC393IkP5KeHDK3hyoa8sVm6PhqCDG5QR8NmySGoXDDdOx1aj0b0xUPHviEQbegn6LlwmXA==,iv:7m5Y0h6apbtOHufVnV/uoK3sEzj5mPvk4eHd1/XCpKs=,tag:K4JmlbXlFzQHlJSYoFasww==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age149fqcw5jze00vd7jauylrp4j5xyv7amlu57jjfuzghkqtzlnxajs704uz3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3VXloZWZoWFpPcm9KMnJp + c00vZDM3d01PWXpnVy9tb3NXZkZ0a0JlaVhVCmx6dXZwaUNWY3FzbTdBMlJNTEVB + MlNHa1Q3VmlrUnhNSlpFYmc4Qm5mNFkKLS0tIHlzY2VMVXBZYW9kaUdRakZUNlk3 + SXBoeEZxNktZSDc3aUh2b2g2OXpZQ3cKLNHjYAAHR5LwoSKfaFT8eLJxYNmk/f1S + xNaGpR+sS/6xNSHtkz2w++crcPa/mt9qlQja1kLSGB3PFURSqfUjRQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1dwcz3fmp29ju4svy0t0wz4ylhpwlqa8xpw4l7t4gmgqr0ev37qrsfn840l + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2anNCTitMRzh0dmt3M1pa + REs5SmhJdExtS2lubXd3ZzY0OGxrTEtnVnlJCmRQNTQ1Rnh6aVpVdTZyYzl4aGJY + OVFiMHNTR090UkRqWDAxS0wwMEhDREkKLS0tIHVDU1A3Y3dKZGh6YlVud3FWNDJj + NW1jNlNVd2cwYXZyY3ZZQTJPM3ZRUlEK8/MXSxDhEo/P2NlZT8IrgwuWRAM/75XA + vrnlknbGJI9bto7O5j77O4OKSuniGat1/ZA5xG/o8YhumSbDtk5ZTA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-12-06T11:31:45Z" + mac: ENC[AES256_GCM,data:5nHxMRjWM8OQ1eyU5KtaC7m74Ss/L4/FF5Bn/zKCfX/x0GS/Q01lwGmHk/4Loyj66pt8wJCtK8mzL67RKPARAiX/9BS9pENYgfRwRk4cEmo/OdjSTOKkr7BO8Q9vAd1beMbDkX1pY/MJpmqvsYdK1yd5yNioAh8IC/PvSh2wu7s=,iv:a7cM8dpm+LMUysaQRT6odCChuLPM1biPHQOFTilH1o8=,tag:f330s/P+rlFVgr0CMc5Jjg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/.secrets/t15/backup-s3.yaml b/.secrets/t15/backup-s3.yaml new file mode 100644 index 0000000..ccf1a76 --- /dev/null +++ b/.secrets/t15/backup-s3.yaml @@ -0,0 +1,31 @@ +backup-s3: ENC[AES256_GCM,data:VsEBUFu2QekSxaBTik4pfnmDKmW68x/R0H90sRVPLyup3MRs0PBk7Qk0hCJGbxzShjlLYcDQcHe0nHyhqmrbNz9U9/cu7hyOKa9QKZvvBcpGApfd8ngdgNnrNdQs4X8No/l66T3w,iv:ylNxJncjVQ6EamgMYbbsoDOcjSocZDV/C/lZTnoX4x0=,tag:SPMFr9cOKyuDhSZaXoUuTg==,type:str] +backup-pw: ENC[AES256_GCM,data:9hF0rxhktvZ/WSY3/AypZ4FBv0c8Ny2XGKXR647LkAbxWgGsP9iMBMOse/RT/ysgBoOvew2i8/8BPt8xtaMHhw==,iv:H/skkAgZOQCKQZ1a8MnuiFDjsNYlfZafbmYxH38EIv4=,tag:Zs231HOXzxCP2KsLgD7rew==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1f2yu0cc826ej7hs4g865y29zy9uqfy0yp32f2m80typpk2pxqp7sfcffj4 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBheng3clhCbklBZkM3RTdI + Sm5ld1Y4R3VEdjFLV0hMMVNWVXFKK21vRG5nClptb1ZXckQ1YmJQVSt2VVNFOFVq + RUo0ait0eWl6dXBwd3UzUjNBTWNDZzAKLS0tIGlwSnhpTTFIRUVNVUxnNWxnNTlh + VW5ka2c1dzFBSFFqaHJKWXBUL0RBbTgKwdvyBXOa8B2K1VezacEuO0sYX2ApzGt6 + JUHUiIOTEWL703FGnkv+hRAtItePYHXmmotpysc1bA25F8Pl4obrqA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1dwcz3fmp29ju4svy0t0wz4ylhpwlqa8xpw4l7t4gmgqr0ev37qrsfn840l + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5ODhLMzNqVm9DMTJ4Sm1p + bXNZMTZreUNPUVdCelJyWGhlUGVYai9hOFVnCkIzM1Vrcjd4YVJhM1hKQ200b3FT + cDJyK3FqTGNHSEtKc3U4bVltS252WEEKLS0tIHViSXB6a1dHZlQrbjB4N2FEcjhh + YktVSFdCempHOTVvL1kxbG44c1RpejAKSMeyP6ayLajIvDKGcG7s5JwIvVXiKaFU + VDDj3eTOEKNBZYCyOoq4IA82G8AvRWaacefAgqBk5dE25LbD2xYHLg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-12-18T13:32:35Z" + mac: ENC[AES256_GCM,data:c4Jum1uWOOsYORM5c3Woo/rjKII4femGBDfc4YPxl8BSKR9oo6Z9R+88lO5egrxT7CoKdJz+izuPgT2EjU7C4OvQ+7aDwpMV2X/lHgvB54V5Lq6I+lLKL5gXG8lt1Bm2YcDrFIWsa+RfInwO9S8yBjkCVbdTnOZZGwNlAYrI31o=,iv:dGK1WmLKryXpjEHvmFXkXYOESTLOIS6ovaunlreVhmI=,tag:W88dYlb2cJ61m7JWYJQIJA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..7449b04 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,21 @@ +keys: + - &server_hetzner age1qur4kh3gay9ryk3jh2snvjp6x9eq94zdrmgkrfcv4fzsu7l6lumq4tr3uy + - &server_sgx age149fqcw5jze00vd7jauylrp4j5xyv7amlu57jjfuzghkqtzlnxajs704uz3 + - &server_t15 age1f2yu0cc826ej7hs4g865y29zy9uqfy0yp32f2m80typpk2pxqp7sfcffj4 + - &harald age1dwcz3fmp29ju4svy0t0wz4ylhpwlqa8xpw4l7t4gmgqr0ev37qrsfn840l +creation_rules: + - path_regex: .secrets/hetzner/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - age: + - *server_hetzner + - *harald + - path_regex: .secrets/sgx/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - age: + - *server_sgx + - *harald + - path_regex: .secrets/t15/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - age: + - *server_t15 + - *harald diff --git a/flake.lock b/flake.lock index 2368844..8c19496 100644 --- a/flake.lock +++ b/flake.lock @@ -1223,6 +1223,22 @@ "type": "github" } }, + "nixpkgs-stable_2": { + "locked": { + "lastModified": 1709428628, + "narHash": "sha256-//ZCCnpVai/ShtO2vPjh3AWgo8riXCaret6V9s7Hew4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "66d65cb00b82ffa04ee03347595aa20e41fe3555", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1655400192, @@ -1875,6 +1891,7 @@ "neovim-flake": "neovim-flake", "nixpkgs": "nixpkgs_4", "snowfall-lib": "snowfall-lib", + "sops-nix": "sops-nix", "unstable": "unstable" } }, @@ -2000,6 +2017,27 @@ "type": "github" } }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_2" + }, + "locked": { + "lastModified": 1709711091, + "narHash": "sha256-L0rSIU9IguTG4YqSj4B/02SyTEz55ACq5t8gXpzteYc=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "25dd60fdd08fcacee2567a26ba6b91fe098941dc", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, "sqls-nvim": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 1d24835..5386a2b 100644 --- a/flake.nix +++ b/flake.nix @@ -25,6 +25,9 @@ disko.url = "github:nix-community/disko"; disko.inputs.nixpkgs.follows = "nixpkgs"; + + sops-nix.url = "github:Mic92/sops-nix"; + sops-nix.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = inputs: @@ -75,6 +78,8 @@ systems.modules.nixos = with inputs; [ lanzaboote.nixosModules.lanzaboote home-manager.nixosModules.home-manager + sops-nix.nixosModules.sops + disko.nixosModules.disko ]; outputs-builder = channels: { diff --git a/systems/x86_64-linux/sgx-nixos/default.nix b/systems/x86_64-linux/sgx-nixos/default.nix index e6a9b29..68f45d7 100644 --- a/systems/x86_64-linux/sgx-nixos/default.nix +++ b/systems/x86_64-linux/sgx-nixos/default.nix @@ -17,7 +17,6 @@ with lib.plusultra; nix.settings.trusted-users = [ "@wheel" ]; - plusultra.user.extraGroups = [ "docker" ]; programs = {