genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-03-27 01:17:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Working Pi with Cage

Browse source
This commit is contained in:
Gene Liverman 2025-01-10 21:11:43 -05:00
parent 1c2414c595
commit 4727b78cd6
6 changed files with 156 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.sops.yaml
View file

@ -3,6 +3,7 @@ keys:
- &system_bigboy age1hraf69phgqg9y48m2r2sn6tr2sw7tf2h5j62ysl8nrv3qs2ft9kst0ysxm - &system_bigboy age1hraf69phgqg9y48m2r2sn6tr2sw7tf2h5j62ysl8nrv3qs2ft9kst0ysxm
- &system_hetznix01 age1rd55wsu0hhvxk25tm69d9h57z0z0u6556x4ypg09muj3vh4yqs5qaw23nu - &system_hetznix01 age1rd55wsu0hhvxk25tm69d9h57z0z0u6556x4ypg09muj3vh4yqs5qaw23nu
- &system_hetznix02 age180w4c04kga07097u0us6d72aslnv2523hx64x8fzgzu4tccrxuyqa50hpm - &system_hetznix02 age180w4c04kga07097u0us6d72aslnv2523hx64x8fzgzu4tccrxuyqa50hpm
- &system_kiosk_gene_desk age1an6t5f0rr6h55rzsv5ejycxju72rp46jka840fwvupwfk65jegrq7hmkl9
- &system_nixnas1 age1g4h5a4f5xfle2a6np8te342pphs3mcuan60emz2zp87nrwjzl5yquhr5vl - &system_nixnas1 age1g4h5a4f5xfle2a6np8te342pphs3mcuan60emz2zp87nrwjzl5yquhr5vl
- &system_nixnuc age1g24zhwvgenpc4wqejt63thvgd4rn5x9n7nnwwme7dm83nfqpp93se2vmq4 - &system_nixnuc age1g24zhwvgenpc4wqejt63thvgd4rn5x9n7nnwwme7dm83nfqpp93se2vmq4
- &system_rainbow_planet age15xlw5vnnjdx2ypz6rq0mqcywuaj3yx8y6lrgf95satafqf7y4qus6rv6ck - &system_rainbow_planet age15xlw5vnnjdx2ypz6rq0mqcywuaj3yx8y6lrgf95satafqf7y4qus6rv6ck
@ -22,6 +23,10 @@ creation_rules:
key_groups: key_groups:
- age: - age:
- *system_hetznix02 - *system_hetznix02
- path_regex: kiosk-gene-desk/secrets.yaml$
key_groups:
- age:
- *system_kiosk_gene_desk
- path_regex: nixnas1/secrets.yaml$ - path_regex: nixnas1/secrets.yaml$
key_groups: key_groups:
- age: - age:
@ -52,6 +57,7 @@ creation_rules:
- *system_bigboy - *system_bigboy
- *system_hetznix01 - *system_hetznix01
- *system_hetznix02 - *system_hetznix02
- *system_kiosk_gene_desk
- *system_nixnas1 - *system_nixnas1
- *system_nixnuc - *system_nixnuc
- *system_rainbow_planet - *system_rainbow_planet

6
flake.nix
View file

@ -182,5 +182,11 @@
additionalSpecialArgs = {}; additionalSpecialArgs = {};
}; };
}; # end homeConfigurations }; # end homeConfigurations
packages.aarch64-linux.kiosk-gene-desk-sdImage = (self.nixosConfigurations.kiosk-gene-desk.extendModules {
modules = [
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
];
}).config.system.build.sdImage;
}; };
} }

106
modules/hosts/common/secrets.yaml
View file

@ -3,6 +3,7 @@ gandi_api: ENC[AES256_GCM,data:YsdDMk75miIKO4LkCZjfwJw6gxfrmsTL,iv:BOPRxB661sPJn
restic_env: ENC[AES256_GCM,data:FCYR8tkClRwfcjUotcr28D6uRz7sNihn50nw38CaYnqOD/U9+5kU0iAPSvqAbeuw+xUoKKKAPAfMHI12dPTYt17Wz1N7i4a+MRkiIR9pjyv5KZTK59G+,iv:jStc8GMbZUQUgooZiRdImSZskdckYN1cRm2gsKbUyYY=,tag:HpQQIj1j7fjCmxkSeY/k4g==,type:str] restic_env: ENC[AES256_GCM,data:FCYR8tkClRwfcjUotcr28D6uRz7sNihn50nw38CaYnqOD/U9+5kU0iAPSvqAbeuw+xUoKKKAPAfMHI12dPTYt17Wz1N7i4a+MRkiIR9pjyv5KZTK59G+,iv:jStc8GMbZUQUgooZiRdImSZskdckYN1cRm2gsKbUyYY=,tag:HpQQIj1j7fjCmxkSeY/k4g==,type:str]
restic_repo: ENC[AES256_GCM,data:kCoNYVKwB87W4h5doa3IXj4n,iv:jKEw/Hki/tp3RSTsRB4dlg593I5B4pCLBav84ADCh70=,tag:+GFF5vHOVw0r/G8BbhcCjw==,type:str] restic_repo: ENC[AES256_GCM,data:kCoNYVKwB87W4h5doa3IXj4n,iv:jKEw/Hki/tp3RSTsRB4dlg593I5B4pCLBav84ADCh70=,tag:+GFF5vHOVw0r/G8BbhcCjw==,type:str]
restic_password: ENC[AES256_GCM,data:PfQsxJul1Qpt3WQoUEI941l+yng3lVjhDd8=,iv:U5KjhcVqyksN2ay19RBjNhYIB31tUbfNRIqCEx/+Wbc=,tag:jsoU+B1mjAprPK+M5I0pAQ==,type:str] restic_password: ENC[AES256_GCM,data:PfQsxJul1Qpt3WQoUEI941l+yng3lVjhDd8=,iv:U5KjhcVqyksN2ay19RBjNhYIB31tUbfNRIqCEx/+Wbc=,tag:jsoU+B1mjAprPK+M5I0pAQ==,type:str]
wifi_creds: ENC[AES256_GCM,data:9lgTtI8YHyCHrvqss4W7coLnqfOAoQzrCQne6dLv0x66pt7jLo4Y6YSd3TklRTurS9usvNk3sg==,iv:6g86hOmpnOxf4p4C+wPit7EP0DD+xb+cINiWRJnTRDM=,tag:ZW336IhXtrf5l5n/RJecoQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -12,86 +13,95 @@ sops:
- recipient: age1hraf69phgqg9y48m2r2sn6tr2sw7tf2h5j62ysl8nrv3qs2ft9kst0ysxm - recipient: age1hraf69phgqg9y48m2r2sn6tr2sw7tf2h5j62ysl8nrv3qs2ft9kst0ysxm
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoNUNVVVk4NVZPTU93bE53 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXbHhmeVRUUDJvTy94Vldu
OXRjY2U1R0JFU1hBQU9LU2RmazhVUG92R0RZClF3RXREaFNidjBlZDNRQW9jcWFY QmxTb2pWTWM0RVFUK2NYUlcyKytERXdtZGxJClVvTDZuZ3R5Ujc4U3o1bmtlempi
dStPSHV4RS9PQnZ2RFo1NW8zQ2NYT0EKLS0tIHcyVFRRU09SeFQzOC82dHh5WXZl bzhCK1RveHF5bE4xVWx4bmxsNHZhOHMKLS0tIFRVWEF2N05wZGpZY0w2MXlETXFm
OTRYOEwxWWkybE9GcndhOEt1VW1Cc0kK3aoH7yrC/Vc98RqzAicwkGKZKiTx5dMl dkFJQUJ0aGxtdTFGSU1US2Y5U3ZxS0UKViqR82ov4e+C1eKpJ6zPI9TMqBbk2PJP
6cPFziBIQv03N06vN60eLbBXUMgrT/21Cn/Np79PLzYJ/K/i9Tt4Qg== ZvsROkTo8GmdB7RctIfnbNust8A4iO31aJB899eVD07iZpX9tsivQw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1rd55wsu0hhvxk25tm69d9h57z0z0u6556x4ypg09muj3vh4yqs5qaw23nu - recipient: age1rd55wsu0hhvxk25tm69d9h57z0z0u6556x4ypg09muj3vh4yqs5qaw23nu
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKblc4TGk4d0hxdW9MREJQ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4eFRsYjU1OE1XaDhrK2JC
a2UyWmxSTUZOUUlURHY1eDB1LzRDQUxmRFJ3CkpRak9mVTd5bGxjZnJYQlhBSWpw QktYaUc0RDlSUXZ2TDVxaDRxMWlqUG52b25VClJoYzVyTnM5dnJyMlBtcDN4VnJh
ditqemZ5QnNJbEJ0WWJneHM3NkN3SkkKLS0tIHlDT1VyNCtSejRjd1RSZGM4ZzMx dDR1QUVCRjdhaXRhcFZmNXBzRWluc3MKLS0tIGl4WVdlVjNGWWVQV3I1ZSs3VHQ3
V2d5ZTRkRURRc0huT1k5Y0VNZGVMWWMKn9BnIg+vehG2Nxea2Jz3JMqrPwpNGXuP WVZhbmlzTGptWGU0MkQ2YlBQK292TDQKexgX4LUBeQuGxqUfNP32d+omdpnd9vVC
9GU3kbk/ldviqLjqRGmvZR8KiOnazX7AdV/x/c0dO/nfckeKVZ1sAA== LMKg50MZR2RzZXDwBpWECxCShOvzCjikyzV5955vLMfLQoPky+TG4Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age180w4c04kga07097u0us6d72aslnv2523hx64x8fzgzu4tccrxuyqa50hpm - recipient: age180w4c04kga07097u0us6d72aslnv2523hx64x8fzgzu4tccrxuyqa50hpm
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4N1NkU04xY1JZVG5WRThV YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUVW9rRUFlb3h4aXlOK0xV
Um5pV3RzZG9UcmZHZk5FUDl4Ni9KbmJLTFFjCmJXcHVORll0eko1bmxDUFhHYVpz enNNK3V5Ni91cWxsY1lSSzZBUnNsODE4OGpZCk9YK3VLTWhWOHhraEM3ZHROTDhi
Z1RpdUIzM1lUV3Z3VGU1emdTbmpEWDAKLS0tIC96TFZRMkdHQ255VjZGcVdKcmJD cm0rVXdqQTNNbjAyNzQxUGJIVVVTcTgKLS0tIE5KUGtoNE5seHFZNnBReFZ3WmFr
UWExNWozT2h1TDZ0YmtuWldCeXhEV1EK/v+GJ7eKgpQE1dysCD0dt+ildshnkPqB cGFDUVZFbVBSMmdLeU8wbjhlUzRHaXcK/tsc4Amurh2i4TdzQoruD7scW+SnYUtU
j1tqYcnHysXYoQSLUzCADK2Fo7tJ1BC7e4N7C0wZMXZ1B6FkO8GrrA== EySIFKKQzKCodSEYRzDHlp0PRRTcbgOtEUuvr+9a2Rsod1Kzc9CZ1g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1an6t5f0rr6h55rzsv5ejycxju72rp46jka840fwvupwfk65jegrq7hmkl9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxeCt3M1JzRVdWblBENXpI
T1RHZ3h3ekx6N0FyRTJ5Z1ZGejFPY29rV0RrCnZRWjRXSnhNekxQeVU4M3loNDJO
RitBL25kRWhMVnJNcDB4RFQvYks4SUUKLS0tIC8zVGVPNFZLYzVvdDk1dFF6M2Fn
c3RSNXZJNlEvQTQxTVovY1NndEtQSTAKuMUQBKVIYfDKxCIMZwUczd1UlE6O9L93
WL/Fs/TWYKtduiOAJtAEpKKmMzHIWAUwH8fdvVUXO8T+8xR3VyZ7gA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1g4h5a4f5xfle2a6np8te342pphs3mcuan60emz2zp87nrwjzl5yquhr5vl - recipient: age1g4h5a4f5xfle2a6np8te342pphs3mcuan60emz2zp87nrwjzl5yquhr5vl
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoQnZzNnYrb1hTYUtUWits YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4RU9JNks0U0MwQTFsY2pp
V3lETXpZODMyN3M4R3B4VHpwMytOamVFM2dZCnl3dmxUWWJYOFdnRFZZVXROWnNn YVVkbDJ3TnV2QVRyanZITmVCelJzay8rbkI4CmM2cWNYN2NQaEoxcGNOZFI1K05Y
RjlkdHMyalBaRU5VczhKWEU2dEtFT3cKLS0tIHFOMDJRRVY4dVFjQTV5YWFzZDRr eDZ1ZlpSRXQyVkVQaFlEeXgrR1ZtTWcKLS0tIDluaGVlZXZQTjB4RVFML2FSMU5s
K2orYzVra3V0OEtROU5ma25jaHJkTjQKdHeDC7b+6zTmClpVOOXTbAcK38ADx6TN N2pxT2hLbEQvVnBTMS9yODc3MWxPWjAK5eB7GQ2gLz3VkBBEji5wr8MWT0V3szPE
HkyIcASUaC/HqpTSTvXT3OYUE8edQdUAC7Z9wYLTgrxTVZRCTtTzLQ== 5beVQykzz7kzggKFMFeYli6Uhhy8ZNT7nyM0uusbQ+fZZ4qcr3OxCg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1g24zhwvgenpc4wqejt63thvgd4rn5x9n7nnwwme7dm83nfqpp93se2vmq4 - recipient: age1g24zhwvgenpc4wqejt63thvgd4rn5x9n7nnwwme7dm83nfqpp93se2vmq4
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZTZRZmRCL0NRVFJTSjVT YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRVJsZnhncUdnQStTZ0VB
WmUyRXExZU5pMzY1SEV0dThjc0hvSXVXdEhjClBLZENteEhvOEF6T0ZqaHA3TE5k T21EaGhwckd0bjF4dXZMRnBzbFZkOEd3RFhVCmFJaEc4UHJZQVJUOS8zaU5PU3p0
Sko0Y1lKSjdaWTF4amNvc1VJTXkzdDQKLS0tIFNHRnhYQjB2MXdxcmNDREZLdkov MnFGcXc2SEdSWjdWckJ0VXhQaDZsS3cKLS0tIE41N1FpZHh3WmVOYzN2c2VHc00w
dWxkN3dzanY2TVNPelZFMXpvMTFyUm8KTwij5ubszireukfKqKPEKB8kELS82ld+ SHl0cFhvVzQzZXhmTFdWTnB3R1pqVXcKOTbCrWLKG2tDtiduNipCxB5pVRw6XhMe
UqDDPu6x7uNT+D9UV5nk4l4zzox5pmxuBxziz4RcTVYCHmhjtVSh7A== oir1nURrV/c7LFALactcq51rV1Es48DvSyBjE0OM7XaeJvRIQjfB2w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age15xlw5vnnjdx2ypz6rq0mqcywuaj3yx8y6lrgf95satafqf7y4qus6rv6ck - recipient: age15xlw5vnnjdx2ypz6rq0mqcywuaj3yx8y6lrgf95satafqf7y4qus6rv6ck
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpT21zMzRCMXpVOStBbEJO YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzc2EzZ2IwZW05VldyL3pO
UlVBdVNRTmkzSjNpRzQrYlExRnVPU3FVM1FzCk11RFVsdVBRMWUxeUFyS1FqckhZ M1duZis0VUFwYm1ZNVU0elExZTlmcklYR0JNCnVsbXN1OEZoV2NEV0IyTjlmWXU4
cndkQktqRTEvNUFrQ3lEa1B3T0V6a2cKLS0tIEtWRXB1Z3hyZjczS0VMZ0I0cFRZ WmZ2Q2xFUVVzaUMvWFBvanpJWHNaR0EKLS0tIER1S2hmN0tYZEluZUlJZDd6Sk9Q
N3RiR3ZTcFVvUFJlbTFiVS9OOElOd1EKy1tuLTMr+0EB0ZcgOMz8INbhFMUbyfme YWxBS0liSUxCc00zeExwZUFrUWhSb2MKEd+wTDvIQR8fvb6hknCiT18AYB429APU
NByTM4lrHsOvt1mO6ts+Ug3UWy0KSqE1RQI5XZIU0jsA36z+ISM6tg== qOqgxnK8NAhMYZ73EtmAK8cyKnNWOfARwcFh0OkY9xf1mwH8ahAgkQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1awdf9h0avajf57cudx0rjfmxu2wlxw8wf3sa7yvfk8rp4j6taecsu74x77 - recipient: age1awdf9h0avajf57cudx0rjfmxu2wlxw8wf3sa7yvfk8rp4j6taecsu74x77
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByeWhOT0pZb1hyOVp6cG1n YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWNFRSRVE1KzArQUF1Wk5I
b1c1RFJWNUFKSVYremo4TngxcHlEaUlWM1I4CkVzSjZKeGFiTHdTamQrYlg5UGxy b1MyNnZvZWtGQ2hXYU9kTmZXM01JajNqWXpBCmtLVDB4YW5ReTV5NnBLTm5lTXJw
UVh1ZlVWeFFkQk9oeG5BUDAyTlNlQWcKLS0tIGRKSmhkRGVCWnJkRVFXMjBaQm9K Y2s5UzIwVGN6RmlnYk1tTHJSbU5Eb0UKLS0tIEk4R3ZvOFM0bnJrOGh5dDUrSE00
enhPTnBQVjFQSk80UzNvUm1iL0xjMEEKtsMPvSTm+j6FxZbtdxKEBmRsYwXgDQZH SFZpK3RtR2dJcy9rNHpHZTNaYndwZ0kKYCt784yPEXPoHeksPT5GQ8RZl+urHfUV
FUXkJLpNFVJVNLRHb8WKfLQaf2xR+tJmNZ0KM8GueHE9ft4q7gxCRA== VABWk70L+6cySe5y/N1mZT3ixaNwEOhViKqONw8soeqMDnELJtYWBg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1rt72txg22w8y3cdvq9w7zff0cas6xtkplpj36kxnevfnrtn82f6ss7yw7d - recipient: age1rt72txg22w8y3cdvq9w7zff0cas6xtkplpj36kxnevfnrtn82f6ss7yw7d
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6UWV3VXVla1M0anREbVNU YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjbU1PVWZLMFplT0I5RnNk
MUVRa3FaeHN2WHU2ZjR2cnNlUXRHVVQ1TkVRCmpjTk5nTmJIaU5nRDNheWc5ZDUx U1VLd2tWdExCTEFVU3RHZkhSbElmeVByUUFJCmo3OUFnL0daeXNONWxVbHNOUnRE
L0wvSVVRQ3A3YS94U3ZpbWFieHJVUG8KLS0tIHpuUFNNOWhlTHRhVHJFdE9tMGJt TUlqTFA2WkJlS0YwL1FoMm1Xa2w0eVEKLS0tIENUNW1KZkMvTmxHbDJsR2VmbG96
c3pmMmlGd0JQV3ptdzlmZDhDY2FGeU0KutCMMR1irGAlD/xYxUGyqj0uXBoChSJL VFJrdzVtMjZrallSL1BmcXNtZEhYZTAK8hsJvs8GjlxFpwW1Ol8hCQQw+lXvgz81
wsgEMyD62+zqHWDQPqfLFh7b9+/Ir/sQai0qPKiU9uDCuIP/K0TLVQ== qt3aysE/w3voPiZQYcVcZLAoV/oAlaZMS199tEvwTuGa8HXMNN2NZw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1zz34qx3n3dj63sva24kaymetv3apn58lafjq4dl6zw7xxachuyts00mhck - recipient: age1zz34qx3n3dj63sva24kaymetv3apn58lafjq4dl6zw7xxachuyts00mhck
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDR2tvaUZLV09udXNiaHE3 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCdGVCa1Q5QUNmVGZsT01Y
SG1HeTE4MUVEeTZlRmx2eWF2RzZ3ZHI2VmxBCisvTWNOcTB6eXRlSEZQQWpCOXFy SW9aL2hWUjdTdkFBT0o1TnFDb1pkdWRnNlc0CnlYNDRhbXhTS3lvdlprdUZJY1pm
Tm1aalJGbVB6SHBnT200OElhZGtmQmMKLS0tIDU5aER4WEFsZDdFQU9hMkhPS3NW M3VWcTI0OWxHY1hxQW5nZkJxTnZLMzgKLS0tIGFoNVlKTGJ0ZnlnTnlnV21PNDFX
VW9xemJxL05FNzBiNXFLMlpwKzFjTE0KtEzpcVvZrzi40hl2zP9r6Ca4muPCVFbd Y3I0d2xaYlRwVU9CdE44UW9vZ1NJeFUK5DQu30MuGjMq5YRSTh2II2uNvWm2XF9B
hAXOLUi05CkSHDzTt4lrR4BMK46P4rS3ZnpLOfsZO+2zMfGsIOetVw== YDcK/E1xKGIA/tKk/DDmpbUZMTIzh+tmYcN72EQQqlT/9a2HyINChg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-11T17:22:16Z" lastmodified: "2025-01-11T02:27:36Z"
mac: ENC[AES256_GCM,data:WbuN9UpP0OP69ta29VW2LlCFfyTWI3v8IiwUu3tLOxtY3gjdJLZTpaG2hBR985qjLYL3MT7eR7eWp4p99DAKupVBvA6tJl8/+N9+0W/dapcec+qv7u9wRHcFjP9wtggq66vUdGqH8IIHYuGlIhAvCbDouoXuLoFIcB2i2lYNB4Q=,iv:u+KsBgHxLgwSgFLYtY0F6HjCUbSCvNAatIIwrCGGyJg=,tag:bHO4vovTLPVK2vsQvliwzQ==,type:str] mac: ENC[AES256_GCM,data:Eezf5E3vh10bZTQCxGMZxioUoJqoc9rNBdMu+Wske1SC34Z8GzWbxy3s1T4RPB8I84woIigSgiwj03bZ/F5dchUqNtZwZDObpB44Ru9SEXMB/zEgM8g8LLha/Dgj1MFNbsVR9j2VhacDVv5XJKkjzr/TY5tKedi2mTSHUkpjAGI=,iv:U6YQWh0ISZ0LV6TrwA9QEGal/+lNyTV+tA6yCfNjd6A=,tag:6AUhKo1PniUxW98Yrq3Ulg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.9.2

67
modules/hosts/nixos/kiosk-gene-desk/default.nix
View file

@ -1,4 +1,4 @@
{ inputs, lib, pkgs, username, ... }: { { inputs, config, lib, pkgs, username, ... }: {
imports = [ imports = [
# SD card image # SD card image
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
@ -14,19 +14,25 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
libraspberrypi libraspberrypi
raspberrypi-eeprom raspberrypi-eeprom
raspberrypifw
ubootRaspberryPi4_64bit
wlr-randr
]; ];
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
hardware.graphics.enable = true;
hardware.raspberry-pi."4".fkms-3d.enable = true;
networking.wireless = { networking.wireless = {
enable = true; enable = true;
networks = { networks = {
# Home
"Diagon Alley".pskRaw = "ext:psk_diagon_alley";
# Public networks # Public networks
"Gallery Row-GuestWiFi" = {}; "Gallery Row-GuestWiFi" = {};
"LocalTies Guest" = { "LocalTies Guest".pskRaw = "ext:psk_local_ties";
psk = "DrinkLocal!";
};
}; };
secretsFile = "${config.sops.secrets.wifi_creds.path}";
}; };
nixpkgs.overlays = [ nixpkgs.overlays = [
@ -36,14 +42,55 @@
}) })
]; ];
sdImage.compressImage = false;
services = { services = {
cage = { cage = let
kioskProgram = pkgs.writeShellScript "kiosk.sh" ''
WAYLAND_DISPLAY=wayland-0 wlr-randr --output HDMI-A-1 --transform 90
/etc/profiles/per-user/gene/bin/chromium-browser
'';
in {
enable = true; enable = true;
program = "${pkgs.chromium}/bin/chromium-browser"; program = kioskProgram;
user = "gene";
environment = {
WLR_LIBINPUT_NO_DEVICES = "1"; # boot up even if no mouse/keyboard connected
};
};
prometheus.exporters.node = {
enable = true;
enabledCollectors = [
"logind"
"systemd"
"network_route"
];
disabledCollectors = [
"textfile"
];
}; };
}; };
sdImage.compressImage = false; sops = {
age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
secrets = {
local_git_config = {
owner = "${username}";
path = "${config.users.users.${username}.home}/.gitconfig-local";
};
local_private_env = {
owner = "${username}";
path = "${config.users.users.${username}.home}/.private-env";
};
wifi_creds = {
sopsFile = ../../common/secrets.yaml;
restartUnits = [
"wpa_supplicant.service"
];
};
};
};
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
@ -55,5 +102,11 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIp42X5DZ713+bgbOO+GXROufUFdxWo7NjJbGQ285x3N gene.liverman@ltnglobal.com" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIp42X5DZ713+bgbOO+GXROufUFdxWo7NjJbGQ285x3N gene.liverman@ltnglobal.com"
]; ];
}; };
zramSwap = {
enable = true;
algorithm = "zstd";
memoryPercent = 90;
};
} }

5
modules/hosts/nixos/kiosk-gene-desk/home-gene.nix
View file

@ -5,7 +5,8 @@
chromium = { chromium = {
enable = true; enable = true;
commandLineArgs = [ commandLineArgs = [
"http://192.168.22.22:8123/kiosk-gene-desk" #"http://192.168.22.22:8123/kiosk-gene-desk/0?kiosk"
"--app=http://192.168.20.190:3001/?album=e2281831-ae1b-45a5-8fe1-0a267ba5e1a9&transtion=cross-fade"
"--kiosk" "--kiosk"
"--noerrdialogs" "--noerrdialogs"
"--disable-infobars" "--disable-infobars"
@ -13,6 +14,8 @@
"--ozone-platform=wayland" "--ozone-platform=wayland"
"--enable-features=OverlayScrollbar" "--enable-features=OverlayScrollbar"
"--start-maximized" "--start-maximized"
"--force-dark-mode"
"--hide-crash-restore-bubble"
]; ];
}; };
}; };

22
modules/hosts/nixos/kiosk-gene-desk/secrets.yaml Normal file
View file

@ -0,0 +1,22 @@
local_git_config: ENC[AES256_GCM,data:gMuCCJzRdZcDGZvdDCv3h5EZmAkK+bBewn2m6x4VT+23K5gCdajeV94=,iv:1pRM6QWSIw6xfTgcjpGkfHR8iHY/+xuWgeFQ+1pWSTM=,tag:lodSBhqgN8Yaagm6gK4xTQ==,type:str]
local_private_env: ENC[AES256_GCM,data:i+uyo+/StMDUfIp6g1Pl8pOyqD+0f2X5AsFzOo+3VOd/n7CCOy7j/1F42QMpjgejvIYmQwLYSR2jEXyxig==,iv:QTUeDe/LnkKCEFB5g3y7pbySUwdWW7D8rVjVv4+ib9g=,tag:6hBzyfQus60i5c2EktD0Eg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1an6t5f0rr6h55rzsv5ejycxju72rp46jka840fwvupwfk65jegrq7hmkl9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmY2Q1NkR3ZnBOWmJVakxh
SGgweVp1N2FROXAyVk5hM24ybXBTVEJQNnpZCmRJSldCM1NRbEUrekFNU2NjaWZR
RXhxQU5ZYVpiaWJ1V0FzOGxHRHc5N28KLS0tIGtCRTcva1hyOXFGbzlKUXl6REpR
Z0JQanNPV2NTT2dxSThWOU9EUS90UlkKNpEald58B9SM98tqgyLV5Q/943nliZq2
vYd3ULeY9gF8NA7BlmbZrWKRbd+/eIZnYKSAht1lWTwhktwHEVZV0A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-11T17:31:06Z"
mac: ENC[AES256_GCM,data:dGi6v1WdScNNMzaBlMQ3r+B6w4pKuVMo70x8J+d8suysW1Opsot3QehEkxPXQ8OmktuSJlSvPugKSX6CyM2N7pZtPL0ZeyVYQuHHHUmoIf0myc2tgIJ3OD3M+YYtnyEbZoRnDCE/geH/WfQ+ttNCDJbxtSYaQfhndJjouPQBRs4=,iv:zQXSbJLI4A85GcrU8VSOAaMWWprNTh/2PAVA47MALsk=,tag:MqBvBn9V5tXzZtUscuBpjA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2