[outpost] Add basic nixosConfig

flake.nix

@@ -38,6 +38,14 @@
               ./lib/systems/fugitive
             ];
           };
+
+          outpost = nixpkgs.lib.nixosSystem {
+            system = "aarch64-linux";
+            modules = [
+              agenix.nixosModules.default
+              ./lib/systems/outpost
+            ];
+          };
         };
 
         packages = forAllSystems (system:

lib/systems/outpost/default.nix

@@ -0,0 +1,59 @@
+{ config, modulesPath, pkgs, ... }:
+
+let
+
+  pubkeys = {
+    labyrinth = {
+      nix = "labyrinth-1:GCR2h5k9WFvome2mrFRBtiWw7sAn+pYZwXRwAj9W0b0=";
+    };
+  };
+
+in
+
+{
+  imports = [
+    (modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
+
+    ../../users/christian
+  ];
+
+  age.secrets = {
+    wlan.file = ../../../secrets/wlan.age;
+  };
+
+  networking.wireless.enable = true;
+  networking.wireless = {
+    networks."@WLAN_SSID@" = {
+      psk = "@WLAN_PSK@";
+    };
+    environmentFile = config.age.secrets.wlan.path;
+  };
+
+  services = {
+    openssh.enable = true;
+  };
+
+  networking.hostName = "outpost";
+
+  users.users = {
+    christian = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" ];
+    };
+  };
+
+  environment.systemPackages = [ pkgs.raspberrypi-eeprom ];
+
+  security = {
+    sudo = {
+      wheelNeedsPassword = false;
+    };
+  };
+
+  nix.settings = {
+    trusted-users = [ "@wheel" ]; 
+    trusted-public-keys = [ pubkeys.labyrinth.nix ];
+  };
+
+  system.stateVersion = "23.11";
+}

secrets/secrets.nix

@@ -1,7 +1,9 @@
 let
   fugitive = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHVatfyuEoMyvQedoS/dvjPg9NZZYlmWgUnNOGvwVe6";
+  outpost = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKGaw66iPiTm7mLA/d7QNz3EHMEEB1S28FZ52qb5f/F2";
 in
 {
   "namecheap.age".publicKeys = [ fugitive ];
   "grafana.age".publicKeys = [ fugitive ];
+  "wlan.age".publicKeys = [ outpost ];
 }