From a58e66c7479884efd4227e0dee357a0c91573cbd Mon Sep 17 00:00:00 2001 From: Squibid Date: Mon, 1 Dec 2025 20:55:49 -0500 Subject: [PATCH] auto commit on build .sops.yaml secrets.yaml auto commit on build hosts/blob/hardware-configuration.nix --- .sops.yaml | 2 ++ hosts/blob/hardware-configuration.nix | 26 +++++++++++++++++- secrets.yaml | 39 ++++++++++++++++----------- 3 files changed, 51 insertions(+), 16 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 2dcd4b5..7a03b5f 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -11,6 +11,7 @@ keys: - &hosts: - &dev-vm age1rjtqzmywfr3zuzz0cn8eqnwp3x8ypzya9gcv6kvtplhudar5eayqq83ey4 - &crayon age1pnu4tkdxfcnefntdw262k4m8wuv3qe2894s4e6w5j8yshg8vlu6q9uq5tv + - &blob age1kardawqarv498rwayadsmnlx62kvjgduvhhg3drx39xacn9u3ajq5d0qra # new-host marker creation_rules: - path_regex: secrets.yaml$ @@ -19,4 +20,5 @@ creation_rules: - *dev - *dev-vm - *crayon + - *blob # new-host ptr marker diff --git a/hosts/blob/hardware-configuration.nix b/hosts/blob/hardware-configuration.nix index 857c8ef..3431b41 100644 --- a/hosts/blob/hardware-configuration.nix +++ b/hosts/blob/hardware-configuration.nix @@ -1 +1,25 @@ -throw "not generated yet" +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/secrets.yaml b/secrets.yaml index 772d0cb..4832b5f 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -15,29 +15,38 @@ sops: - recipient: age14d55nfxlzm8t2yzplxpprygxmt99javafz9a8dh5llu87aww4qlswf6g0c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvOWlGajE0Q0FQclZUdUJ2 - RjNUcVBuckZpT1FrbzJaaFcyNXgrTklub0V3ClNIZHpyWVlmVUExK0phNlRIOCtl - ajhPR1M1eERIclhiWEpRelFQRi94em8KLS0tIG1wdVlmbis3OXcxOXRBbFp6b0Nw - QzEyaWIrdVlpcHRHSmpZQkhjN2U3OGcKXRTscSq9D73awM2CLbst8KHPXs3WFXBy - rM8W40zgn6wDPjy2XxB54qZg9hnsBGdAtNnY5PInjMJ5F17lgSdXaw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaZVRGTEpIWW1qRWhPOTR5 + STdwVzZzeU1QS2l0TlN2NFNLY1VNZjVCdEhFCmxhejBDSjF5Vk1UQjdEYmpRRFRw + allpajVzcUFpc1h0TVBlUFdaUERPZ3cKLS0tIHc3S0FRbkgwc3BwYUYrWGUrUjZX + QjBLcFY5NnFBZXBJenFYUS8yMXBML0EKkuoDfnc0MnZ0bRQ4Op8GnxC0Mpld9nRE + 5tn6why12mT65jDHuaU3+bX2Rg5+NU90KpdA3S88M4tiCD3WSo70eg== -----END AGE ENCRYPTED FILE----- - recipient: age1rjtqzmywfr3zuzz0cn8eqnwp3x8ypzya9gcv6kvtplhudar5eayqq83ey4 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtaVFIaWllNU0xR0ZHQWtZ - T2tsK0dkQVlTL0N6Z0UvYlRKallXeTFVbDJNCis4UWtSZ0tCZHp2aXBDaDFTeUJu - TWFPdlRJUFRCb3E1UWdmUUhGOU5BS0kKLS0tIEFEWVBzNUxDTzhCSndKZ0JxSFlo - K2ZVekRCeXVtL0FhbmpYc0dEQmo2NjAKKSg1/XSIAoVMHsnkMJHSGTzmX8eQYp77 - hGjx4T26UxwTK8KJ8KKPFI5KWiIHzP/HHTeiJb4IhJ5G+z/npttZIA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyVEx6VzRNOFBickVjcGFj + UkpGNUpTeTVVUVRGRHJrRTI3UzhrRjIvcXdrCkFSWGE4YS91dEpJbFZEcFNGUmdP + UFJDc0hpTEVvaHZjY2k3Vk5jdTk4NjgKLS0tIDFpU0srRzBMTDFPVGVVblpEMTZk + SEtxQnN6T2lNbkRGWmUwSFdMVUw0dlEKKYe2xCYLQ8Q21p6f3NIIwRMrQHTicSp3 + BSIG0SmRGcSrzPlg8agUi4aWQ7du9EECXanQSu98sGhCWkIc/QHWnQ== -----END AGE ENCRYPTED FILE----- - recipient: age1pnu4tkdxfcnefntdw262k4m8wuv3qe2894s4e6w5j8yshg8vlu6q9uq5tv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlV1J2bjl2K21WUlpyLzQw - amNRajFuNEFOOTJUdUFmdzBzK29hbFhnL2dRCml4OVZoS1llSVRoa216aWlvR0R3 - cjgyS0pibnQ2SHBBcVlZeXo1MmVNV0UKLS0tIEh3bGt3WnVqYlVwSlI5SUJheU9z - MVIyWFFmVXR3SkN4dmdJUzZEOE1nRzAKXYCh0Y0pwHUO6YAhGFBuVCphmL2dOAsN - R/5NDRIF2ab5hf5vE8g/4jHnrttujsbNyU96Jezh8q6MO2M1afIUwA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvaVZxYTFMZDFCYnVTYWM4 + QS9Oa1dLa3dVNzArZ0hkKy8yR1Z3UVpRQzJVClo5dzU3dythWGU0NkoySUpYRUQv + MTlQYmJSVG5RNWkzWnlEaDh0YjFxL3MKLS0tIDdySlB3cGxoM09BZWdhN3RwNGtZ + Y1ZUb1Y3ais0dlZrclQyUUZxWkNSVHcKv1Q0VBHE9Y9bU6XyQ84WNf+JTIQq/mPI + tOD6uiS46KgnO5p8oM9rqvBmOPJKoS6bgSLUuEnqjLTtZE3QO0eKzA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1kardawqarv498rwayadsmnlx62kvjgduvhhg3drx39xacn9u3ajq5d0qra + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwTFR1UU1PaTl0NWZ1dEVk + WTZMUEtGWFFyNm9aTzNmZHh3RkZHOGsvRWowCnYzZ3JlRGlqN2tHbmtIMFFHUVBD + dWNNc2ZqL1UwdlBmMERlNVZGK1ZhdVkKLS0tIGV1RHh5Z0Z3MlNMZHB0K1liTFdr + NTUrY2pDQXJuTnREakRWQkFqckN2M2MKSonhOJsqcY/HDY+d25rEPwKSl3FSOpkW + EJFXcKKTiJB96Ms5yDGRAtUvbqw/oSBbdGTqe7bE7pQhfj3Y8ECz4w== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-11-26T18:38:21Z" mac: ENC[AES256_GCM,data:V3lKQj0ZWIPl2RPpnv7tRBG8sH6W9+rfnPy0z6g+3SZGmKtwhcgqVBG/VPMKhuyseNZ4vxE23lD7Ol44PchMgd/OCJqJF6TUl3A4LIqkK8Ji0m0cPcC3hsFaI8rChkWcLse30qcoQov4NbP7yElpf76Bh/NqBFgOqCjDD0Pp/NU=,iv:897reifxaub96UDCKCsWNxabVCSzYLmsIrrkXCxBgoM=,tag:0d4iQhLA/YxR7wrtUVxXqA==,type:str]