squibid/flake-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update config for blobercraft

Browse source
This commit is contained in:
Squibid 2025-11-24 02:39:02 -05:00
parent db335a4f71
commit c97dc646fb
Signed by: squibid
GPG key ID: BECE5684D3C4005D
5 changed files with 35 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.sops.yaml
View file

@ -11,7 +11,7 @@ keys:
- &hosts: - &hosts:
- &dev-vm age1rjtqzmywfr3zuzz0cn8eqnwp3x8ypzya9gcv6kvtplhudar5eayqq83ey4 - &dev-vm age1rjtqzmywfr3zuzz0cn8eqnwp3x8ypzya9gcv6kvtplhudar5eayqq83ey4
- &crayon age1pnu4tkdxfcnefntdw262k4m8wuv3qe2894s4e6w5j8yshg8vlu6q9uq5tv - &crayon age1pnu4tkdxfcnefntdw262k4m8wuv3qe2894s4e6w5j8yshg8vlu6q9uq5tv
# - &blobercraft - &blobercraft age167gn88rldpmqmjhm9nl0gv05ms4tn37jx2nxwklfvs3xymfp9y7sa8vurh
creation_rules: creation_rules:
- path_regex: secrets.yaml$ - path_regex: secrets.yaml$
key_groups: key_groups:
@ -19,4 +19,4 @@ creation_rules:
- *dev - *dev
- *dev-vm - *dev-vm
- *crayon - *crayon
# - *blobercraft - *blobercraft

2
Makefile
View file

@ -13,7 +13,7 @@ ifneq ($(shell git diff),)
git commit -m "auto commit on build" -m "`PAGER=cat git diff --name-only --cached`" git commit -m "auto commit on build" -m "`PAGER=cat git diff --name-only --cached`"
endif endif
rsync -azr ./ crown@$(IP):~/flake-config rsync -azr ./ crown@$(IP):~/flake-config
ssh crown@$(IP) "sudo nixos-rebuild switch --flake ~/flake-config#$(HOST)" ssh crown@$(IP) "NIX_CONFIG='experimental-features = flakes pipe-operators' sudo nixos-rebuild switch --flake ~/flake-config#$(HOST)"
sops: sops:
# update sops keys # update sops keys

17
hosts/blobercraft/hardware-configuration.nix
View file

@ -5,35 +5,34 @@
{ {
imports = imports =
[ (modulesPath + "/profiles/qemu-guest.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/37cd6e5e-5e67-48de-a2cf-9f1f26db5721"; { device = "/dev/disk/by-uuid/59b4c37b-b8c6-4b95-96af-e343161381bb";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/2EB4-8533"; { device = "/dev/disk/by-uuid/E8A3-780D";
fsType = "vfat"; fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ]; options = [ "fmask=0077" "dmask=0077" ];
}; };
swapDevices = swapDevices = [ ];
[ { device = "/dev/disk/by-uuid/7849db93-3c39-4571-ac39-8542251eb194"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

1
modules/sops.nix
View file

@ -4,7 +4,6 @@
sops = { sops = {
defaultSopsFile = ../secrets.yaml; defaultSopsFile = ../secrets.yaml;
validateSopsFiles = false;
# Derive the age key from the systems ssh key. I didn't know this before but # Derive the age key from the systems ssh key. I didn't know this before but
# it seems like all systems have ssh keys already generated. # it seems like all systems have ssh keys already generated.

39
secrets.yaml
View file

@ -13,29 +13,38 @@ sops:
- recipient: age14d55nfxlzm8t2yzplxpprygxmt99javafz9a8dh5llu87aww4qlswf6g0c - recipient: age14d55nfxlzm8t2yzplxpprygxmt99javafz9a8dh5llu87aww4qlswf6g0c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwVjgxaW4ydXZDcWNHWG8y YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNT0IxYjhWWkZadnVmcGpz
Vm1JYjY4cG5HbDBUMzY4dFJYUzU5Wkk0dlhVCkcwVlRLaUl2OXNZbWYycVF4czRJ VXB5U2VvTFllYWhJTkNwQmxsWkxEL2drRHcwCksrMGs4SVZoL1pJNU00TUZBeU5V
QkJ4ZUUxN1VNbUErbnoyUnhTYlZmZ1kKLS0tIFNJMnZwdzBHRFIzcFNndDA2QU9R UFBRcnRFdTlxUjgvcVpSelZIU0NyVWsKLS0tICtnZm8rYnB5cWhIUVBmQzQxSWIr
dWdMcEdEYVZ1MURVN3RiUDZVZVRKd3cKgcINDvSO7cswTZSIFBUJMw49VTCXiw0+ M29ZRHIwNGZSdi9LYmp5d2xyTWdmRDgKhs6COQa3Vmosiwv7I/IjvYr10Mx83V6z
pNfExo2VAt+FiMTcErit7YG2Ti4jPBl4T2yPiS/LcEY0BZVq0t5i4A== W2d8PPTHBlRMqPcghpG2UOFsygzP8Y6UlMpCgt25vnFLUwCPlo7ERA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1rjtqzmywfr3zuzz0cn8eqnwp3x8ypzya9gcv6kvtplhudar5eayqq83ey4 - recipient: age1rjtqzmywfr3zuzz0cn8eqnwp3x8ypzya9gcv6kvtplhudar5eayqq83ey4
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtKzZrOUFBeFhKQU1RNDZP YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXMUFJY2RjSHcrS2Foa2Fo
RnZwdTFxL0E5NGtEc3prRitvOWptZFlSNW04Cll2eDNIa2tGZWd5cHdFWUJWeUx2 dUJMSmpEL0NEN1BLYlZDNlA3aUQyQUNkYWxnCnNmV0ZpWTA0ZHUrUEtBV3MyZ3U1
ZHBoWk4ydENneVBMQlREQ1hSUjdjbHMKLS0tIGx1UWgweXNSbHpqM3RSQURUME90 SitYaVFBZklaZ282K2plYUhlVjRVWGMKLS0tIGlOZENMbURDMWR5VEFIVEdyV3k5
Y1Z1M1lQK0ErMFFpcWl1OElDV3FNRG8KzRfpQvGQbo+7W2IBJzJohF+X9s9OuIQn S3hQemRLNFd6eDlQY3pvUlkzUVhRUlUKHvdPyCCb0I825u9Hx+Fz+W9ESM2Gxy+N
e/pFYM0kNd4dBr/KKqXU5olt92b8H6QLGSuMx/rLNSYToFXjg7kPXw== lUsxP/ngAnG52MSrxxU33PG4TXSvaaYzuGP7gOQF6hB9U79inWzFzg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1pnu4tkdxfcnefntdw262k4m8wuv3qe2894s4e6w5j8yshg8vlu6q9uq5tv - recipient: age1pnu4tkdxfcnefntdw262k4m8wuv3qe2894s4e6w5j8yshg8vlu6q9uq5tv
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkZGszdTd2YjZsMkh2ckdZ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtYTkvaldVWUk1TC94REEr
eGlRMUZzcDRDR3dGMlByL3FYUHh4NzJUNG1zCm9FTGczeitRRHdxWGltemM3MHFl OHNiUHlqN0l3QWFJbjZ6anZpVTN5OGtibGtNCm9DcVJ6SktQeEFWU2REU0dpRjZu
TjNhZ1Z5NDB2NHdCY1M2UVlXN2hFVFEKLS0tIEJGZTZ5RjBqNWtjRE5hVksyOCtj WnBBaDMrbnRNaVhtR3BqdjVkc2tpZEEKLS0tIHRVdW8yL1JmcDVrVkNaa2lNN2h5
c0N1WU40bFlRNGkvelR2Y2ZMY29lTDQKMjSDY5VP8Pcmz8FivXBPmuaZH7EaVaok Y0gxSjYrY3gydnBseEVlQTBSSEtJSVEKH4v1Q9kKQaj5vdV9mW2Rsl/GUbq1h/m9
2Z8+er/FQ+K7Y94BVcfPWCw16a2R30kqc32EFRyjGXgHCCOjJBv0Aw== iy6BPmjC9GNtTBJ8VuvkQSvPLD+dsMwYqhmSbTQgDpRP3sQ4a6rWkA==
-----END AGE ENCRYPTED FILE-----
- recipient: age167gn88rldpmqmjhm9nl0gv05ms4tn37jx2nxwklfvs3xymfp9y7sa8vurh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYcWVDbmhhc1FHRG5WOTEz
emp4Rm9YMlA3aXUvMnpDWElqRElzQjdlMzNRCjducWdqQzliZjkzaWtGdEdUbk9u
MlBCL0lqdWs4TVo0RW9ham5mTExTSzQKLS0tICtJWk15NG9yMWwyVjF6SE1weWFF
NmlybmxKYlJESGxJbFdCazZUKzVjYmMK56j3+CuRfZsbVeYfmESlD2z6GYzIFQYz
f/jpI+8CteDlxbGuUvW10hD7lB8az2+Z+MQX2+koy3PZBkGChPh/Yg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-09T02:00:10Z" lastmodified: "2025-11-09T02:00:10Z"
mac: ENC[AES256_GCM,data:9Jg3aXMMe8Yhf3CycD+UPqlTg0E619dmOJENRe2sfwROdKxOXhiFqnuI4t262XW3IMpJdCbv3RIblklF6vPaqqJWkPqj4Jt2niF4Bq0oR+cRM+rAElYAZ6vviCWnjTjOhTD/UB2RYPFH77Ce7RQmR4c5H4D6uLaw1g3+9TLJPTE=,iv:p4mF2S1n+mTV+ny3hKbQ+tYqh+4HGURyUP9hiSdMZjs=,tag:dWCa87XTwH3mBHshUMxjiQ==,type:str] mac: ENC[AES256_GCM,data:9Jg3aXMMe8Yhf3CycD+UPqlTg0E619dmOJENRe2sfwROdKxOXhiFqnuI4t262XW3IMpJdCbv3RIblklF6vPaqqJWkPqj4Jt2niF4Bq0oR+cRM+rAElYAZ6vviCWnjTjOhTD/UB2RYPFH77Ce7RQmR4c5H4D6uLaw1g3+9TLJPTE=,iv:p4mF2S1n+mTV+ny3hKbQ+tYqh+4HGURyUP9hiSdMZjs=,tag:dWCa87XTwH3mBHshUMxjiQ==,type:str]