update file pattern for sops secrets pre-commit
This commit is contained in:
parent
01229ae62e
commit
14461cf4ac
2 changed files with 32 additions and 0 deletions
|
@ -36,3 +36,4 @@ repos:
|
||||||
- id: sops-encryption
|
- id: sops-encryption
|
||||||
# Uncomment to exclude all markdown files from encryption
|
# Uncomment to exclude all markdown files from encryption
|
||||||
# exclude: *.\.md
|
# exclude: *.\.md
|
||||||
|
files: .*secrets.*
|
||||||
|
|
31
nixos/modules/nixos/system/incus/default.nix
Normal file
31
nixos/modules/nixos/system/incus/default.nix
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
{
|
||||||
|
sops.secrets.secret-domain-0 = {
|
||||||
|
sopsFile = ./secret.sops.yaml;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.jahanson.extraGroups = [ "incus-admin" ];
|
||||||
|
|
||||||
|
virtualisation.incus = {
|
||||||
|
enable = true;
|
||||||
|
ui.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
# systemd.services.incus-preseed.postStart = "${oidcSetup}";
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
nftables.enable = true;
|
||||||
|
firewall = {
|
||||||
|
allowedTCPPorts = [
|
||||||
|
8443
|
||||||
|
53
|
||||||
|
67
|
||||||
|
];
|
||||||
|
allowedUDPPorts = [
|
||||||
|
53
|
||||||
|
67
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue