From 68c413212d4b4e4adc5c5f56a21284b3636d0f92 Mon Sep 17 00:00:00 2001 From: Stefan Ellmauthaler Date: Tue, 19 Jul 2022 10:50:37 +0200 Subject: [PATCH] Add firewall and update readme --- .sops.yaml | 2 +- README.md | 2 +- modules/base.nix | 4 ++++ secrets/shell.nix | 7 ++++++- 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 2a90c25..dfef99e 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -15,7 +15,7 @@ creation_rules: - *stefan_ellmauthaler - *nucturne - - path_regex: machines/metis/secrets/wireguard\.yaml + - path_regex: machines/metis/secrets/[^/]+\.yaml key_groups: - pgp: - *stefan_ellmauthaler diff --git a/README.md b/README.md index 35e72eb..dfac52c 100644 --- a/README.md +++ b/README.md @@ -18,4 +18,4 @@ * Rekey the secrets with either * a master key * or after a git push on another machine with enough permissions to rekey -* the flakes dev-shell (`nix devshell`) allows to use `sops ` as well as `sops-rekey ` to manage the keys on the system +* the flakes dev-shell (`nix develop`) allows to use `sops ` as well as `sops-rekey ` to manage the keys on the system diff --git a/modules/base.nix b/modules/base.nix index bf65a6f..8d8d934 100644 --- a/modules/base.nix +++ b/modules/base.nix @@ -24,6 +24,10 @@ with lib; { dev.enable = true; }; + networking = { + firewall.enable = true; + }; + environment.systemPackages = with pkgs; [ alacritty.terminfo bintools diff --git a/secrets/shell.nix b/secrets/shell.nix index 5d01992..3922b5b 100644 --- a/secrets/shell.nix +++ b/secrets/shell.nix @@ -11,5 +11,10 @@ in pkgs.mkShell { sopsPGPKeyDirs = [ ./keys/users ./keys/hosts ]; - nativeBuildInputs = [ sops-nix.sops-import-keys-hook sops-nix.ssh-to-pgp sops-rekey ]; + nativeBuildInputs = [ + sops-nix.sops-import-keys-hook + sops-nix.ssh-to-pgp + sops-rekey + pkgs.wireguard-tools + ]; }