genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-03-27 09:27:44 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #481 from genebean/pi-setup

Browse source 
Pi setup
This commit is contained in:
Gene Liverman 2025-01-11 13:49:38 -05:00 committed by GitHub
commit 4a53840cbf
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 235 additions and 90 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.sops.yaml
View file

@ -3,6 +3,7 @@ keys:
- &system_bigboy age1hraf69phgqg9y48m2r2sn6tr2sw7tf2h5j62ysl8nrv3qs2ft9kst0ysxm
- &system_hetznix01 age1rd55wsu0hhvxk25tm69d9h57z0z0u6556x4ypg09muj3vh4yqs5qaw23nu
- &system_hetznix02 age180w4c04kga07097u0us6d72aslnv2523hx64x8fzgzu4tccrxuyqa50hpm
- &system_kiosk_gene_desk age1an6t5f0rr6h55rzsv5ejycxju72rp46jka840fwvupwfk65jegrq7hmkl9
- &system_nixnas1 age1g4h5a4f5xfle2a6np8te342pphs3mcuan60emz2zp87nrwjzl5yquhr5vl
- &system_nixnuc age1g24zhwvgenpc4wqejt63thvgd4rn5x9n7nnwwme7dm83nfqpp93se2vmq4
- &system_rainbow_planet age15xlw5vnnjdx2ypz6rq0mqcywuaj3yx8y6lrgf95satafqf7y4qus6rv6ck
@ -22,6 +23,10 @@ creation_rules:
key_groups:
- age:
- *system_hetznix02
- path_regex: kiosk-gene-desk/secrets.yaml$
key_groups:
- age:
- *system_kiosk_gene_desk
- path_regex: nixnas1/secrets.yaml$
key_groups:
- age:
@ -52,6 +57,7 @@ creation_rules:
- *system_bigboy
- *system_hetznix01
- *system_hetznix02
- *system_kiosk_gene_desk
- *system_nixnas1
- *system_nixnuc
- *system_rainbow_planet

20
flake.nix
View file

@ -144,6 +144,13 @@
# inputs.simple-nixos-mailserver.nixosModule
];
};
kiosk-gene-desk = localLib.mkNixosHost {
system = "aarch64-linux";
hostname = "kiosk-gene-desk";
additionalModules = [
inputs.nixos-hardware.nixosModules.raspberry-pi-4
];
};
nixnas1 = localLib.mkNixosHost {
hostname = "nixnas1";
additionalModules = [
@ -163,13 +170,6 @@
inputs.nixos-hardware.nixosModules.dell-xps-13-9360
];
};
raspberry = localLib.mkNixosHost {
system = "aarch64-linux";
hostname = "raspberry";
additionalModules = [
inputs.nixos-hardware.nixosModules.raspberry-pi-3
];
};
}; # end nixosConfigurations
# Home Manager (only) users
@ -182,5 +182,11 @@
additionalSpecialArgs = {};
};
}; # end homeConfigurations
packages.aarch64-linux.kiosk-gene-desk-sdImage = (self.nixosConfigurations.kiosk-gene-desk.extendModules {
modules = [
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
];
}).config.system.build.sdImage;
};
}

106
modules/hosts/common/secrets.yaml
View file

@ -3,6 +3,7 @@ gandi_api: ENC[AES256_GCM,data:YsdDMk75miIKO4LkCZjfwJw6gxfrmsTL,iv:BOPRxB661sPJn
restic_env: ENC[AES256_GCM,data:FCYR8tkClRwfcjUotcr28D6uRz7sNihn50nw38CaYnqOD/U9+5kU0iAPSvqAbeuw+xUoKKKAPAfMHI12dPTYt17Wz1N7i4a+MRkiIR9pjyv5KZTK59G+,iv:jStc8GMbZUQUgooZiRdImSZskdckYN1cRm2gsKbUyYY=,tag:HpQQIj1j7fjCmxkSeY/k4g==,type:str]
restic_repo: ENC[AES256_GCM,data:kCoNYVKwB87W4h5doa3IXj4n,iv:jKEw/Hki/tp3RSTsRB4dlg593I5B4pCLBav84ADCh70=,tag:+GFF5vHOVw0r/G8BbhcCjw==,type:str]
restic_password: ENC[AES256_GCM,data:PfQsxJul1Qpt3WQoUEI941l+yng3lVjhDd8=,iv:U5KjhcVqyksN2ay19RBjNhYIB31tUbfNRIqCEx/+Wbc=,tag:jsoU+B1mjAprPK+M5I0pAQ==,type:str]
wifi_creds: ENC[AES256_GCM,data:9lgTtI8YHyCHrvqss4W7coLnqfOAoQzrCQne6dLv0x66pt7jLo4Y6YSd3TklRTurS9usvNk3sg==,iv:6g86hOmpnOxf4p4C+wPit7EP0DD+xb+cINiWRJnTRDM=,tag:ZW336IhXtrf5l5n/RJecoQ==,type:str]
sops:
kms: []
gcp_kms: []
@ -12,86 +13,95 @@ sops:
- recipient: age1hraf69phgqg9y48m2r2sn6tr2sw7tf2h5j62ysl8nrv3qs2ft9kst0ysxm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoNUNVVVk4NVZPTU93bE53
OXRjY2U1R0JFU1hBQU9LU2RmazhVUG92R0RZClF3RXREaFNidjBlZDNRQW9jcWFY
dStPSHV4RS9PQnZ2RFo1NW8zQ2NYT0EKLS0tIHcyVFRRU09SeFQzOC82dHh5WXZl
OTRYOEwxWWkybE9GcndhOEt1VW1Cc0kK3aoH7yrC/Vc98RqzAicwkGKZKiTx5dMl
6cPFziBIQv03N06vN60eLbBXUMgrT/21Cn/Np79PLzYJ/K/i9Tt4Qg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXbHhmeVRUUDJvTy94Vldu
QmxTb2pWTWM0RVFUK2NYUlcyKytERXdtZGxJClVvTDZuZ3R5Ujc4U3o1bmtlempi
bzhCK1RveHF5bE4xVWx4bmxsNHZhOHMKLS0tIFRVWEF2N05wZGpZY0w2MXlETXFm
dkFJQUJ0aGxtdTFGSU1US2Y5U3ZxS0UKViqR82ov4e+C1eKpJ6zPI9TMqBbk2PJP
ZvsROkTo8GmdB7RctIfnbNust8A4iO31aJB899eVD07iZpX9tsivQw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rd55wsu0hhvxk25tm69d9h57z0z0u6556x4ypg09muj3vh4yqs5qaw23nu
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKblc4TGk4d0hxdW9MREJQ
a2UyWmxSTUZOUUlURHY1eDB1LzRDQUxmRFJ3CkpRak9mVTd5bGxjZnJYQlhBSWpw
ditqemZ5QnNJbEJ0WWJneHM3NkN3SkkKLS0tIHlDT1VyNCtSejRjd1RSZGM4ZzMx
V2d5ZTRkRURRc0huT1k5Y0VNZGVMWWMKn9BnIg+vehG2Nxea2Jz3JMqrPwpNGXuP
9GU3kbk/ldviqLjqRGmvZR8KiOnazX7AdV/x/c0dO/nfckeKVZ1sAA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4eFRsYjU1OE1XaDhrK2JC
QktYaUc0RDlSUXZ2TDVxaDRxMWlqUG52b25VClJoYzVyTnM5dnJyMlBtcDN4VnJh
dDR1QUVCRjdhaXRhcFZmNXBzRWluc3MKLS0tIGl4WVdlVjNGWWVQV3I1ZSs3VHQ3
WVZhbmlzTGptWGU0MkQ2YlBQK292TDQKexgX4LUBeQuGxqUfNP32d+omdpnd9vVC
LMKg50MZR2RzZXDwBpWECxCShOvzCjikyzV5955vLMfLQoPky+TG4Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age180w4c04kga07097u0us6d72aslnv2523hx64x8fzgzu4tccrxuyqa50hpm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4N1NkU04xY1JZVG5WRThV
Um5pV3RzZG9UcmZHZk5FUDl4Ni9KbmJLTFFjCmJXcHVORll0eko1bmxDUFhHYVpz
Z1RpdUIzM1lUV3Z3VGU1emdTbmpEWDAKLS0tIC96TFZRMkdHQ255VjZGcVdKcmJD
UWExNWozT2h1TDZ0YmtuWldCeXhEV1EK/v+GJ7eKgpQE1dysCD0dt+ildshnkPqB
j1tqYcnHysXYoQSLUzCADK2Fo7tJ1BC7e4N7C0wZMXZ1B6FkO8GrrA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUVW9rRUFlb3h4aXlOK0xV
enNNK3V5Ni91cWxsY1lSSzZBUnNsODE4OGpZCk9YK3VLTWhWOHhraEM3ZHROTDhi
cm0rVXdqQTNNbjAyNzQxUGJIVVVTcTgKLS0tIE5KUGtoNE5seHFZNnBReFZ3WmFr
cGFDUVZFbVBSMmdLeU8wbjhlUzRHaXcK/tsc4Amurh2i4TdzQoruD7scW+SnYUtU
EySIFKKQzKCodSEYRzDHlp0PRRTcbgOtEUuvr+9a2Rsod1Kzc9CZ1g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1an6t5f0rr6h55rzsv5ejycxju72rp46jka840fwvupwfk65jegrq7hmkl9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxeCt3M1JzRVdWblBENXpI
T1RHZ3h3ekx6N0FyRTJ5Z1ZGejFPY29rV0RrCnZRWjRXSnhNekxQeVU4M3loNDJO
RitBL25kRWhMVnJNcDB4RFQvYks4SUUKLS0tIC8zVGVPNFZLYzVvdDk1dFF6M2Fn
c3RSNXZJNlEvQTQxTVovY1NndEtQSTAKuMUQBKVIYfDKxCIMZwUczd1UlE6O9L93
WL/Fs/TWYKtduiOAJtAEpKKmMzHIWAUwH8fdvVUXO8T+8xR3VyZ7gA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1g4h5a4f5xfle2a6np8te342pphs3mcuan60emz2zp87nrwjzl5yquhr5vl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoQnZzNnYrb1hTYUtUWits
V3lETXpZODMyN3M4R3B4VHpwMytOamVFM2dZCnl3dmxUWWJYOFdnRFZZVXROWnNn
RjlkdHMyalBaRU5VczhKWEU2dEtFT3cKLS0tIHFOMDJRRVY4dVFjQTV5YWFzZDRr
K2orYzVra3V0OEtROU5ma25jaHJkTjQKdHeDC7b+6zTmClpVOOXTbAcK38ADx6TN
HkyIcASUaC/HqpTSTvXT3OYUE8edQdUAC7Z9wYLTgrxTVZRCTtTzLQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4RU9JNks0U0MwQTFsY2pp
YVVkbDJ3TnV2QVRyanZITmVCelJzay8rbkI4CmM2cWNYN2NQaEoxcGNOZFI1K05Y
eDZ1ZlpSRXQyVkVQaFlEeXgrR1ZtTWcKLS0tIDluaGVlZXZQTjB4RVFML2FSMU5s
N2pxT2hLbEQvVnBTMS9yODc3MWxPWjAK5eB7GQ2gLz3VkBBEji5wr8MWT0V3szPE
5beVQykzz7kzggKFMFeYli6Uhhy8ZNT7nyM0uusbQ+fZZ4qcr3OxCg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1g24zhwvgenpc4wqejt63thvgd4rn5x9n7nnwwme7dm83nfqpp93se2vmq4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZTZRZmRCL0NRVFJTSjVT
WmUyRXExZU5pMzY1SEV0dThjc0hvSXVXdEhjClBLZENteEhvOEF6T0ZqaHA3TE5k
Sko0Y1lKSjdaWTF4amNvc1VJTXkzdDQKLS0tIFNHRnhYQjB2MXdxcmNDREZLdkov
dWxkN3dzanY2TVNPelZFMXpvMTFyUm8KTwij5ubszireukfKqKPEKB8kELS82ld+
UqDDPu6x7uNT+D9UV5nk4l4zzox5pmxuBxziz4RcTVYCHmhjtVSh7A==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRVJsZnhncUdnQStTZ0VB
T21EaGhwckd0bjF4dXZMRnBzbFZkOEd3RFhVCmFJaEc4UHJZQVJUOS8zaU5PU3p0
MnFGcXc2SEdSWjdWckJ0VXhQaDZsS3cKLS0tIE41N1FpZHh3WmVOYzN2c2VHc00w
SHl0cFhvVzQzZXhmTFdWTnB3R1pqVXcKOTbCrWLKG2tDtiduNipCxB5pVRw6XhMe
oir1nURrV/c7LFALactcq51rV1Es48DvSyBjE0OM7XaeJvRIQjfB2w==
-----END AGE ENCRYPTED FILE-----
- recipient: age15xlw5vnnjdx2ypz6rq0mqcywuaj3yx8y6lrgf95satafqf7y4qus6rv6ck
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpT21zMzRCMXpVOStBbEJO
UlVBdVNRTmkzSjNpRzQrYlExRnVPU3FVM1FzCk11RFVsdVBRMWUxeUFyS1FqckhZ
cndkQktqRTEvNUFrQ3lEa1B3T0V6a2cKLS0tIEtWRXB1Z3hyZjczS0VMZ0I0cFRZ
N3RiR3ZTcFVvUFJlbTFiVS9OOElOd1EKy1tuLTMr+0EB0ZcgOMz8INbhFMUbyfme
NByTM4lrHsOvt1mO6ts+Ug3UWy0KSqE1RQI5XZIU0jsA36z+ISM6tg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzc2EzZ2IwZW05VldyL3pO
M1duZis0VUFwYm1ZNVU0elExZTlmcklYR0JNCnVsbXN1OEZoV2NEV0IyTjlmWXU4
WmZ2Q2xFUVVzaUMvWFBvanpJWHNaR0EKLS0tIER1S2hmN0tYZEluZUlJZDd6Sk9Q
YWxBS0liSUxCc00zeExwZUFrUWhSb2MKEd+wTDvIQR8fvb6hknCiT18AYB429APU
qOqgxnK8NAhMYZ73EtmAK8cyKnNWOfARwcFh0OkY9xf1mwH8ahAgkQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1awdf9h0avajf57cudx0rjfmxu2wlxw8wf3sa7yvfk8rp4j6taecsu74x77
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByeWhOT0pZb1hyOVp6cG1n
b1c1RFJWNUFKSVYremo4TngxcHlEaUlWM1I4CkVzSjZKeGFiTHdTamQrYlg5UGxy
UVh1ZlVWeFFkQk9oeG5BUDAyTlNlQWcKLS0tIGRKSmhkRGVCWnJkRVFXMjBaQm9K
enhPTnBQVjFQSk80UzNvUm1iL0xjMEEKtsMPvSTm+j6FxZbtdxKEBmRsYwXgDQZH
FUXkJLpNFVJVNLRHb8WKfLQaf2xR+tJmNZ0KM8GueHE9ft4q7gxCRA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWNFRSRVE1KzArQUF1Wk5I
b1MyNnZvZWtGQ2hXYU9kTmZXM01JajNqWXpBCmtLVDB4YW5ReTV5NnBLTm5lTXJw
Y2s5UzIwVGN6RmlnYk1tTHJSbU5Eb0UKLS0tIEk4R3ZvOFM0bnJrOGh5dDUrSE00
SFZpK3RtR2dJcy9rNHpHZTNaYndwZ0kKYCt784yPEXPoHeksPT5GQ8RZl+urHfUV
VABWk70L+6cySe5y/N1mZT3ixaNwEOhViKqONw8soeqMDnELJtYWBg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1rt72txg22w8y3cdvq9w7zff0cas6xtkplpj36kxnevfnrtn82f6ss7yw7d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6UWV3VXVla1M0anREbVNU
MUVRa3FaeHN2WHU2ZjR2cnNlUXRHVVQ1TkVRCmpjTk5nTmJIaU5nRDNheWc5ZDUx
L0wvSVVRQ3A3YS94U3ZpbWFieHJVUG8KLS0tIHpuUFNNOWhlTHRhVHJFdE9tMGJt
c3pmMmlGd0JQV3ptdzlmZDhDY2FGeU0KutCMMR1irGAlD/xYxUGyqj0uXBoChSJL
wsgEMyD62+zqHWDQPqfLFh7b9+/Ir/sQai0qPKiU9uDCuIP/K0TLVQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjbU1PVWZLMFplT0I5RnNk
U1VLd2tWdExCTEFVU3RHZkhSbElmeVByUUFJCmo3OUFnL0daeXNONWxVbHNOUnRE
TUlqTFA2WkJlS0YwL1FoMm1Xa2w0eVEKLS0tIENUNW1KZkMvTmxHbDJsR2VmbG96
VFJrdzVtMjZrallSL1BmcXNtZEhYZTAK8hsJvs8GjlxFpwW1Ol8hCQQw+lXvgz81
qt3aysE/w3voPiZQYcVcZLAoV/oAlaZMS199tEvwTuGa8HXMNN2NZw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zz34qx3n3dj63sva24kaymetv3apn58lafjq4dl6zw7xxachuyts00mhck
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDR2tvaUZLV09udXNiaHE3
SG1HeTE4MUVEeTZlRmx2eWF2RzZ3ZHI2VmxBCisvTWNOcTB6eXRlSEZQQWpCOXFy
Tm1aalJGbVB6SHBnT200OElhZGtmQmMKLS0tIDU5aER4WEFsZDdFQU9hMkhPS3NW
VW9xemJxL05FNzBiNXFLMlpwKzFjTE0KtEzpcVvZrzi40hl2zP9r6Ca4muPCVFbd
hAXOLUi05CkSHDzTt4lrR4BMK46P4rS3ZnpLOfsZO+2zMfGsIOetVw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCdGVCa1Q5QUNmVGZsT01Y
SW9aL2hWUjdTdkFBT0o1TnFDb1pkdWRnNlc0CnlYNDRhbXhTS3lvdlprdUZJY1pm
M3VWcTI0OWxHY1hxQW5nZkJxTnZLMzgKLS0tIGFoNVlKTGJ0ZnlnTnlnV21PNDFX
Y3I0d2xaYlRwVU9CdE44UW9vZ1NJeFUK5DQu30MuGjMq5YRSTh2II2uNvWm2XF9B
YDcK/E1xKGIA/tKk/DDmpbUZMTIzh+tmYcN72EQQqlT/9a2HyINChg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-11T17:22:16Z"
mac: ENC[AES256_GCM,data:WbuN9UpP0OP69ta29VW2LlCFfyTWI3v8IiwUu3tLOxtY3gjdJLZTpaG2hBR985qjLYL3MT7eR7eWp4p99DAKupVBvA6tJl8/+N9+0W/dapcec+qv7u9wRHcFjP9wtggq66vUdGqH8IIHYuGlIhAvCbDouoXuLoFIcB2i2lYNB4Q=,iv:u+KsBgHxLgwSgFLYtY0F6HjCUbSCvNAatIIwrCGGyJg=,tag:bHO4vovTLPVK2vsQvliwzQ==,type:str]
lastmodified: "2025-01-11T02:27:36Z"
mac: ENC[AES256_GCM,data:Eezf5E3vh10bZTQCxGMZxioUoJqoc9rNBdMu+Wske1SC34Z8GzWbxy3s1T4RPB8I84woIigSgiwj03bZ/F5dchUqNtZwZDObpB44Ru9SEXMB/zEgM8g8LLha/Dgj1MFNbsVR9j2VhacDVv5XJKkjzr/TY5tKedi2mTSHUkpjAGI=,iv:U6YQWh0ISZ0LV6TrwA9QEGal/+lNyTV+tA6yCfNjd6A=,tag:6AUhKo1PniUxW98Yrq3Ulg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.9.2

112
modules/hosts/nixos/kiosk-gene-desk/default.nix Normal file
View file

@ -0,0 +1,112 @@
{ inputs, config, lib, pkgs, username, ... }: {
imports = [
# SD card image
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
];
system.stateVersion = "24.11";
boot.supportedFilesystems = lib.mkForce [
"vfat"
"ext4"
];
environment.systemPackages = with pkgs; [
libraspberrypi
raspberrypi-eeprom
raspberrypifw
ubootRaspberryPi4_64bit
wlr-randr
];
hardware.enableRedistributableFirmware = true;
hardware.graphics.enable = true;
hardware.raspberry-pi."4".fkms-3d.enable = true;
networking.wireless = {
enable = true;
networks = {
# Home
"Diagon Alley".pskRaw = "ext:psk_diagon_alley";
# Public networks
"Gallery Row-GuestWiFi" = {};
"LocalTies Guest".pskRaw = "ext:psk_local_ties";
};
secretsFile = "${config.sops.secrets.wifi_creds.path}";
};
nixpkgs.overlays = [
(final: super: {
makeModulesClosure = x:
super.makeModulesClosure (x // { allowMissing = true; });
})
];
sdImage.compressImage = false;
services = {
cage = let
kioskProgram = pkgs.writeShellScript "kiosk.sh" ''
WAYLAND_DISPLAY=wayland-0 wlr-randr --output HDMI-A-1 --transform 90
/etc/profiles/per-user/gene/bin/chromium-browser
'';
in {
enable = true;
program = kioskProgram;
user = "gene";
environment = {
WLR_LIBINPUT_NO_DEVICES = "1"; # boot up even if no mouse/keyboard connected
};
};
prometheus.exporters.node = {
enable = true;
enabledCollectors = [
"logind"
"systemd"
"network_route"
];
disabledCollectors = [
"textfile"
];
};
};
sops = {
age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
secrets = {
local_git_config = {
owner = "${username}";
path = "${config.users.users.${username}.home}/.gitconfig-local";
};
local_private_env = {
owner = "${username}";
path = "${config.users.users.${username}.home}/.private-env";
};
wifi_creds = {
sopsFile = ../../common/secrets.yaml;
restartUnits = [
"wpa_supplicant.service"
];
};
};
};
users.users.${username} = {
isNormalUser = true;
description = "Gene Liverman";
extraGroups = [ "networkmanager" "wheel" ];
linger = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvLaPTfG3r+bcbI6DV4l69UgJjnwmZNCQk79HXyf1Pt gene@rainbow-planet"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIp42X5DZ713+bgbOO+GXROufUFdxWo7NjJbGQ285x3N gene.liverman@ltnglobal.com"
];
};
zramSwap = {
enable = true;
algorithm = "zstd";
memoryPercent = 90;
};
}

24
modules/hosts/nixos/kiosk-gene-desk/home-gene.nix Normal file
View file

@ -0,0 +1,24 @@
{ ... }: {
home.stateVersion = "24.11";
programs = {
chromium = {
enable = true;
commandLineArgs = [
#"http://192.168.22.22:8123/kiosk-gene-desk/0?kiosk"
"--app=http://192.168.20.190:3001/?album=e2281831-ae1b-45a5-8fe1-0a267ba5e1a9&transtion=cross-fade"
"--kiosk"
"--noerrdialogs"
"--disable-infobars"
"--no-first-run"
"--ozone-platform=wayland"
"--enable-features=OverlayScrollbar"
"--start-maximized"
"--force-dark-mode"
"--hide-crash-restore-bubble"
];
};
};
}

22
modules/hosts/nixos/kiosk-gene-desk/secrets.yaml Normal file
View file

@ -0,0 +1,22 @@
local_git_config: ENC[AES256_GCM,data:gMuCCJzRdZcDGZvdDCv3h5EZmAkK+bBewn2m6x4VT+23K5gCdajeV94=,iv:1pRM6QWSIw6xfTgcjpGkfHR8iHY/+xuWgeFQ+1pWSTM=,tag:lodSBhqgN8Yaagm6gK4xTQ==,type:str]
local_private_env: ENC[AES256_GCM,data:i+uyo+/StMDUfIp6g1Pl8pOyqD+0f2X5AsFzOo+3VOd/n7CCOy7j/1F42QMpjgejvIYmQwLYSR2jEXyxig==,iv:QTUeDe/LnkKCEFB5g3y7pbySUwdWW7D8rVjVv4+ib9g=,tag:6hBzyfQus60i5c2EktD0Eg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1an6t5f0rr6h55rzsv5ejycxju72rp46jka840fwvupwfk65jegrq7hmkl9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmY2Q1NkR3ZnBOWmJVakxh
SGgweVp1N2FROXAyVk5hM24ybXBTVEJQNnpZCmRJSldCM1NRbEUrekFNU2NjaWZR
RXhxQU5ZYVpiaWJ1V0FzOGxHRHc5N28KLS0tIGtCRTcva1hyOXFGbzlKUXl6REpR
Z0JQanNPV2NTT2dxSThWOU9EUS90UlkKNpEald58B9SM98tqgyLV5Q/943nliZq2
vYd3ULeY9gF8NA7BlmbZrWKRbd+/eIZnYKSAht1lWTwhktwHEVZV0A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-11T17:31:06Z"
mac: ENC[AES256_GCM,data:dGi6v1WdScNNMzaBlMQ3r+B6w4pKuVMo70x8J+d8suysW1Opsot3QehEkxPXQ8OmktuSJlSvPugKSX6CyM2N7pZtPL0ZeyVYQuHHHUmoIf0myc2tgIJ3OD3M+YYtnyEbZoRnDCE/geH/WfQ+ttNCDJbxtSYaQfhndJjouPQBRs4=,iv:zQXSbJLI4A85GcrU8VSOAaMWWprNTh/2PAVA47MALsk=,tag:MqBvBn9V5tXzZtUscuBpjA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

31
modules/hosts/nixos/raspberry/default.nix
View file

@ -1,31 +0,0 @@
{ inputs, username, ... }: {
imports = [
# SD card image
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
];
system.stateVersion = "24.11";
networking.wireless = {
enable = true;
networks = {
# Public networks
"Gallery Row-GuestWiFi" = {};
"LocalTies Guest" = {
psk = "DrinkLocal!";
};
};
};
users.users.${username} = {
isNormalUser = true;
description = "Gene Liverman";
extraGroups = [ "networkmanager" "wheel" ];
linger = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvLaPTfG3r+bcbI6DV4l69UgJjnwmZNCQk79HXyf1Pt gene@rainbow-planet"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIp42X5DZ713+bgbOO+GXROufUFdxWo7NjJbGQ285x3N gene.liverman@ltnglobal.com"
];
};
}

4
modules/hosts/nixos/raspberry/home-gene.nix
View file

@ -1,4 +0,0 @@
{ ... }: {
home.stateVersion = "24.11";
}