genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-03-27 09:27:44 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #507 from genebean/kiosk-entryway

Browse source 
Migrate kiosk-entryway to NixOS from MX Linux
This commit is contained in:
Gene Liverman 2025-04-03 13:10:42 -04:00 committed by GitHub
commit d0385ef715
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
9 changed files with 301 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.gitignore vendored
View file

@ -8,6 +8,9 @@
*.swp *.swp
*.kate-swp *.kate-swp
# From running nixos-rebuild build-vm
*.qcow2
# Config files that are not suitable to add to version control: # Config files that are not suitable to add to version control:
link/nix/config/.mono/ link/nix/config/.mono/
link/nix/config/asciinema/ link/nix/config/asciinema/

6
.sops.yaml
View file

@ -9,6 +9,7 @@ keys:
- &system_rainbow_planet age15xlw5vnnjdx2ypz6rq0mqcywuaj3yx8y6lrgf95satafqf7y4qus6rv6ck - &system_rainbow_planet age15xlw5vnnjdx2ypz6rq0mqcywuaj3yx8y6lrgf95satafqf7y4qus6rv6ck
- &user_airpuppet age1awdf9h0avajf57cudx0rjfmxu2wlxw8wf3sa7yvfk8rp4j6taecsu74x77 - &user_airpuppet age1awdf9h0avajf57cudx0rjfmxu2wlxw8wf3sa7yvfk8rp4j6taecsu74x77
- &user_blue_rock age1rt72txg22w8y3cdvq9w7zff0cas6xtkplpj36kxnevfnrtn82f6ss7yw7d - &user_blue_rock age1rt72txg22w8y3cdvq9w7zff0cas6xtkplpj36kxnevfnrtn82f6ss7yw7d
- &user_kiosk_entryway age1xaaf9enkf669w0cfnlx4ksd9g2kvvkuskp4xw7x84x6u492ulquqfjez5s
- &user_mightymac age1zz34qx3n3dj63sva24kaymetv3apn58lafjq4dl6zw7xxachuyts00mhck - &user_mightymac age1zz34qx3n3dj63sva24kaymetv3apn58lafjq4dl6zw7xxachuyts00mhck
creation_rules: creation_rules:
- path_regex: bigboy/secrets.yaml$ - path_regex: bigboy/secrets.yaml$
@ -47,6 +48,10 @@ creation_rules:
key_groups: key_groups:
- age: - age:
- *user_blue_rock - *user_blue_rock
- path_regex: kiosk-entryway/secrets.yaml$
key_groups:
- age:
- *user_kiosk_entryway
- path_regex: mightymac/secrets.yaml$ - path_regex: mightymac/secrets.yaml$
key_groups: key_groups:
- age: - age:
@ -63,5 +68,6 @@ creation_rules:
- *system_rainbow_planet - *system_rainbow_planet
- *user_airpuppet - *user_airpuppet
- *user_blue_rock - *user_blue_rock
- *user_kiosk_entryway
- *user_mightymac - *user_mightymac

4
flake.nix
View file

@ -144,6 +144,10 @@
# inputs.simple-nixos-mailserver.nixosModule # inputs.simple-nixos-mailserver.nixosModule
]; ];
}; };
kiosk-entryway = localLib.mkNixosHost {
# Lenovo IdeaCentre Q190
hostname = "kiosk-entryway";
};
kiosk-gene-desk = localLib.mkNixosHost { kiosk-gene-desk = localLib.mkNixosHost {
system = "aarch64-linux"; system = "aarch64-linux";
hostname = "kiosk-gene-desk"; hostname = "kiosk-gene-desk";

109
modules/hosts/common/secrets.yaml
View file

@ -14,92 +14,101 @@ sops:
- recipient: age1hraf69phgqg9y48m2r2sn6tr2sw7tf2h5j62ysl8nrv3qs2ft9kst0ysxm - recipient: age1hraf69phgqg9y48m2r2sn6tr2sw7tf2h5j62ysl8nrv3qs2ft9kst0ysxm
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXbHhmeVRUUDJvTy94Vldu YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzZUhGRlUxdTVkYzh3VUU2
QmxTb2pWTWM0RVFUK2NYUlcyKytERXdtZGxJClVvTDZuZ3R5Ujc4U3o1bmtlempi czNjTnFTbzNrc08wUHBkVUE1ak1tOUtqcHdvCjNTS2JEbjlxTk12cnhsckIyM3FP
bzhCK1RveHF5bE4xVWx4bmxsNHZhOHMKLS0tIFRVWEF2N05wZGpZY0w2MXlETXFm QkVDWVF5MGY3WWJCYmtKdkRrVmFHSkkKLS0tIGdPMGtEWEVXcVM1WnNFNnZZU285
dkFJQUJ0aGxtdTFGSU1US2Y5U3ZxS0UKViqR82ov4e+C1eKpJ6zPI9TMqBbk2PJP N0Zxc2k4VGQvdzVveC9PRkMrdm9JWUEKQdD5G1uSXH7HzOtBBJTJ7Bz4LwMrNKxn
ZvsROkTo8GmdB7RctIfnbNust8A4iO31aJB899eVD07iZpX9tsivQw== nPv/7dsbsevCtYpdpYUiADFaXk6zViRXsehA2zDZ/ku3mC59qiZlUg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1rd55wsu0hhvxk25tm69d9h57z0z0u6556x4ypg09muj3vh4yqs5qaw23nu - recipient: age1rd55wsu0hhvxk25tm69d9h57z0z0u6556x4ypg09muj3vh4yqs5qaw23nu
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4eFRsYjU1OE1XaDhrK2JC YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWcjZPQWZ3UHR4bXo1VFVW
QktYaUc0RDlSUXZ2TDVxaDRxMWlqUG52b25VClJoYzVyTnM5dnJyMlBtcDN4VnJh VmN4dVBCSXo5NFlnQ2VJcS9JbkVhRUUwV0ZvCjQ2MENmdUxLQkR1MC95SS9na3ZX
dDR1QUVCRjdhaXRhcFZmNXBzRWluc3MKLS0tIGl4WVdlVjNGWWVQV3I1ZSs3VHQ3 VEZLSjMxdzhpYnF5WElRZjhUSVlIZ2cKLS0tIHF6RngwNTZxS0thYzdNOWdmeC9R
WVZhbmlzTGptWGU0MkQ2YlBQK292TDQKexgX4LUBeQuGxqUfNP32d+omdpnd9vVC OFRSSys1WkxUVzFIeHhsVU9XZzJleEEKRlGE9qzIlbWH5kHbex3eZbxiE0EHrW2t
LMKg50MZR2RzZXDwBpWECxCShOvzCjikyzV5955vLMfLQoPky+TG4Q== DX18F+iyUhmMS6CPbiT5u2WqwXEkQ7vDQ+jYjY6nfo5ieqzaofoo2w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age180w4c04kga07097u0us6d72aslnv2523hx64x8fzgzu4tccrxuyqa50hpm - recipient: age180w4c04kga07097u0us6d72aslnv2523hx64x8fzgzu4tccrxuyqa50hpm
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUVW9rRUFlb3h4aXlOK0xV YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCbDJxSzkxVVRHWDJsUzJy
enNNK3V5Ni91cWxsY1lSSzZBUnNsODE4OGpZCk9YK3VLTWhWOHhraEM3ZHROTDhi WG9UeWtzNUFjZzQ4MnhncnRGZjRUY0ZqZzJNClJBTms5eVNiRXc2WTNkUCtScXhp
cm0rVXdqQTNNbjAyNzQxUGJIVVVTcTgKLS0tIE5KUGtoNE5seHFZNnBReFZ3WmFr UmN4enpaUlBUN0NEK2pWbzA4MGpWQncKLS0tIHhPQUdKZzhWdUlYQzN2d2hIMEhH
cGFDUVZFbVBSMmdLeU8wbjhlUzRHaXcK/tsc4Amurh2i4TdzQoruD7scW+SnYUtU cUUzelFTRS9ON0dtZEZ5MURURHZYSWcKvseIz1/Ensq7g2apDF/TD2CRN1RotVOM
EySIFKKQzKCodSEYRzDHlp0PRRTcbgOtEUuvr+9a2Rsod1Kzc9CZ1g== buZ1MjfExGyHM3ujQ5yj24uMdAfqqvuUZLp/krOSm0AZhDnQdTm2KQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1an6t5f0rr6h55rzsv5ejycxju72rp46jka840fwvupwfk65jegrq7hmkl9 - recipient: age1an6t5f0rr6h55rzsv5ejycxju72rp46jka840fwvupwfk65jegrq7hmkl9
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxeCt3M1JzRVdWblBENXpI YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxQXRsdHNwS3Z1NjRZYUlu
T1RHZ3h3ekx6N0FyRTJ5Z1ZGejFPY29rV0RrCnZRWjRXSnhNekxQeVU4M3loNDJO bmYzSW1pb0V4d3VwQ0ZNQ3FwYlJIek5iQWhzCmRvUGN6MWFhWVFSamg2cklXVFRP
RitBL25kRWhMVnJNcDB4RFQvYks4SUUKLS0tIC8zVGVPNFZLYzVvdDk1dFF6M2Fn VFp3U1JaMDgrZVR3VHFTd1hFNEpPUzQKLS0tIHFrcnBocEc5ay9walVJd0lEcVRX
c3RSNXZJNlEvQTQxTVovY1NndEtQSTAKuMUQBKVIYfDKxCIMZwUczd1UlE6O9L93 cHIyK3V4SGpHK2h5TVU0L1ZJWnZPU3MKsdj5T0QOCIlT4KXZFg99Y99A5BrGgy2O
WL/Fs/TWYKtduiOAJtAEpKKmMzHIWAUwH8fdvVUXO8T+8xR3VyZ7gA== 627QtUShB4xNjn5Mj72uHmfDF0Co+Yf1prwC5NAzqq70G+YWqoI++A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1g4h5a4f5xfle2a6np8te342pphs3mcuan60emz2zp87nrwjzl5yquhr5vl - recipient: age1g4h5a4f5xfle2a6np8te342pphs3mcuan60emz2zp87nrwjzl5yquhr5vl
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4RU9JNks0U0MwQTFsY2pp YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaZ3BrU09acHVQVHFrOEw1
YVVkbDJ3TnV2QVRyanZITmVCelJzay8rbkI4CmM2cWNYN2NQaEoxcGNOZFI1K05Y RU80eVcwK21nUkRTcEFjS1pETVZlVFEvNzJjCkNvRWpteFk2QVJ0MmZMeUlxbjUr
eDZ1ZlpSRXQyVkVQaFlEeXgrR1ZtTWcKLS0tIDluaGVlZXZQTjB4RVFML2FSMU5s YTZ4RHBTZEYvRnh4bGdEN1hVcE5Nc2sKLS0tIDduaGZLQ3RteXJGenl3SG1KL2FB
N2pxT2hLbEQvVnBTMS9yODc3MWxPWjAK5eB7GQ2gLz3VkBBEji5wr8MWT0V3szPE ZlZkOWxRMVBFTmhodlJBbmRyTko3dG8KLY5vHO5PYMXvkd3lvR7usKh33D8PsMNa
5beVQykzz7kzggKFMFeYli6Uhhy8ZNT7nyM0uusbQ+fZZ4qcr3OxCg== H7zumWbKGQYmnkU/4qYkZ0hYiesWNfdSSrx28VLnokF6PQKPprU4wg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1g24zhwvgenpc4wqejt63thvgd4rn5x9n7nnwwme7dm83nfqpp93se2vmq4 - recipient: age1g24zhwvgenpc4wqejt63thvgd4rn5x9n7nnwwme7dm83nfqpp93se2vmq4
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRVJsZnhncUdnQStTZ0VB YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmQVZOK0UvVDVZSHpIMmcy
T21EaGhwckd0bjF4dXZMRnBzbFZkOEd3RFhVCmFJaEc4UHJZQVJUOS8zaU5PU3p0 TFl3ck5wdHRmSzNJNkduNko0VEZpYWw4bTJFCjMrcjFEZFBGbUl0VDhTY0dDKy9R
MnFGcXc2SEdSWjdWckJ0VXhQaDZsS3cKLS0tIE41N1FpZHh3WmVOYzN2c2VHc00w b2IwQTBVSlFJZTVHZmNsSEd0b1V1S3cKLS0tIDlYVkZ3LzJtRUZkd2hkMHFwN1R0
SHl0cFhvVzQzZXhmTFdWTnB3R1pqVXcKOTbCrWLKG2tDtiduNipCxB5pVRw6XhMe Y21hUWFyZU54ZklJVklpTE56bmZyTkkK4g6DDxms0iFF/2BmmuLYvqBKA8f2zRkY
oir1nURrV/c7LFALactcq51rV1Es48DvSyBjE0OM7XaeJvRIQjfB2w== BYk9z7PLje2tS5G8CtLJqQ6jZVCNk0mtV+QXYreNf6wFY8eouV4f+Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age15xlw5vnnjdx2ypz6rq0mqcywuaj3yx8y6lrgf95satafqf7y4qus6rv6ck - recipient: age15xlw5vnnjdx2ypz6rq0mqcywuaj3yx8y6lrgf95satafqf7y4qus6rv6ck
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzc2EzZ2IwZW05VldyL3pO YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUQzBGcXNrZnFvNjhhb2VS
M1duZis0VUFwYm1ZNVU0elExZTlmcklYR0JNCnVsbXN1OEZoV2NEV0IyTjlmWXU4 YjNLVHVEWEpnUmNGL2VVM2JWK2YvcUprNG53Cmw2b0o5dFVzS3lONWFlbnFmaHBj
WmZ2Q2xFUVVzaUMvWFBvanpJWHNaR0EKLS0tIER1S2hmN0tYZEluZUlJZDd6Sk9Q cmpvVStwRUZsTVd0dXEzU29UaU9rYkUKLS0tIE15WFhJYnJLcm1xUUM1dWc4VzVh
YWxBS0liSUxCc00zeExwZUFrUWhSb2MKEd+wTDvIQR8fvb6hknCiT18AYB429APU RWxCVzZkYUprOXN1N1VyaXBScTlVTWcK1iv/pI6p7COcWA1O+VwClAoN706nAQtf
qOqgxnK8NAhMYZ73EtmAK8cyKnNWOfARwcFh0OkY9xf1mwH8ahAgkQ== qXMkqdh7/HC3scFd7NMKUxDF4DIi89C762gzYnhN/zHGg3lD0yDHwQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1awdf9h0avajf57cudx0rjfmxu2wlxw8wf3sa7yvfk8rp4j6taecsu74x77 - recipient: age1awdf9h0avajf57cudx0rjfmxu2wlxw8wf3sa7yvfk8rp4j6taecsu74x77
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWNFRSRVE1KzArQUF1Wk5I YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQdXJObm5WUG5FeVIyUGE1
b1MyNnZvZWtGQ2hXYU9kTmZXM01JajNqWXpBCmtLVDB4YW5ReTV5NnBLTm5lTXJw amJQU1Q0azBOU3llSUNocG5XakxaQTJEUndJCkQ4NmoxSzRZNTcwN1B5c1AyMEli
Y2s5UzIwVGN6RmlnYk1tTHJSbU5Eb0UKLS0tIEk4R3ZvOFM0bnJrOGh5dDUrSE00 SUVjUDhIc0lmZ3V6ME1ISG8ydVJWNmMKLS0tIGNxUVRjK0lhOFdjdldod0pJVk95
SFZpK3RtR2dJcy9rNHpHZTNaYndwZ0kKYCt784yPEXPoHeksPT5GQ8RZl+urHfUV RkpxOXpodGpEVEU4RE5VVUs0ZVpiUk0K4VTCk1dapZL0dYrCGZpIYH9d6LnLZ2Ss
VABWk70L+6cySe5y/N1mZT3ixaNwEOhViKqONw8soeqMDnELJtYWBg== vx8HIfjnsJT4nu4kB4CFgz6jdKTAetH0gB3N0L7nQDT9DIY7bLQNpA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1rt72txg22w8y3cdvq9w7zff0cas6xtkplpj36kxnevfnrtn82f6ss7yw7d - recipient: age1rt72txg22w8y3cdvq9w7zff0cas6xtkplpj36kxnevfnrtn82f6ss7yw7d
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjbU1PVWZLMFplT0I5RnNk YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWd0lQLzdxSllxSEpvb3hM
U1VLd2tWdExCTEFVU3RHZkhSbElmeVByUUFJCmo3OUFnL0daeXNONWxVbHNOUnRE TC91THdlelBHQkYyUFRnblhwNkZmd2ZlS0dNClNhUnU2bTFyLzU5VlE5L3VPMG9x
TUlqTFA2WkJlS0YwL1FoMm1Xa2w0eVEKLS0tIENUNW1KZkMvTmxHbDJsR2VmbG96 bkdkWE9vbzVwbEszS2VERjRIWGdUK1EKLS0tIHRtbkg5dUVFajgyZzVjeE5tK3hi
VFJrdzVtMjZrallSL1BmcXNtZEhYZTAK8hsJvs8GjlxFpwW1Ol8hCQQw+lXvgz81 dGZwYWt3QlkrNVd4TklhZ0tTUUNncDQK4TslyF1bhWPvbmFcQpF5Zpe/V6pqTMxj
qt3aysE/w3voPiZQYcVcZLAoV/oAlaZMS199tEvwTuGa8HXMNN2NZw== gI/ss9FTpgQYREafQ2RtF2fQf7Pr7F29vGIa0b7YXYG7OK0FcgdgyA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1xaaf9enkf669w0cfnlx4ksd9g2kvvkuskp4xw7x84x6u492ulquqfjez5s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3dGgwODN3bE5WUGxLbUo3
UUlFTnowSDZ0c1picENGS01TTld2c2h3ZnhnCk1zU0tkYTFYZDZZbDdoKy9UUTBW
UndZalc3Mnp4Nm9zVWZncXY2WktCVWsKLS0tIDNkaHV3OUhvR2RSMTdSNzFSMjVz
RndIcWZMdUNyMW51N0hObkFTRXJxdFUKor8+bFGKJ2wPpQAYo6MOu/Z24RnzoRtf
ADT8tgG54ViK5kL+e6B5wQ0YkEiLJ0vcxPR6/WDgYTRNnSd2Hu+SGQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1zz34qx3n3dj63sva24kaymetv3apn58lafjq4dl6zw7xxachuyts00mhck - recipient: age1zz34qx3n3dj63sva24kaymetv3apn58lafjq4dl6zw7xxachuyts00mhck
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCdGVCa1Q5QUNmVGZsT01Y YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTK2NmMlVCODEzcG5LQSts
SW9aL2hWUjdTdkFBT0o1TnFDb1pkdWRnNlc0CnlYNDRhbXhTS3lvdlprdUZJY1pm blFUSHBGMHMvS2orbngvME82NE1mci80eFFFClNHSG9McnN0Wkd0N3lVYWFWMWs1
M3VWcTI0OWxHY1hxQW5nZkJxTnZLMzgKLS0tIGFoNVlKTGJ0ZnlnTnlnV21PNDFX Q1dGTzdRU0NucVJTUVVSaUQ3NUhWWXcKLS0tIFdtaDh5MW9xQVFCKzZlalAzWlZs
Y3I0d2xaYlRwVU9CdE44UW9vZ1NJeFUK5DQu30MuGjMq5YRSTh2II2uNvWm2XF9B ZzNFQm56aWdIZU82Mi94dE5hbndBUGcKBo/N9WToL579SCwfG/Qzp6rPC0+GfaRa
YDcK/E1xKGIA/tKk/DDmpbUZMTIzh+tmYcN72EQQqlT/9a2HyINChg== 0/DPakOaYOpPonIa2XRBIZx+83qNYaVFZyZauszaiQZQp0aGsPewfA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-14T03:30:50Z" lastmodified: "2025-01-14T03:30:50Z"
mac: ENC[AES256_GCM,data:lOrSir70ZiZKjajRLUN83FoQQ0+hwLznbul6Z8hVjbxBvXdwvaMfi/BmfG/+wOMFjShU+fEStAjryoKCcaB3RJod2MyncvE4+fY2lmq7U/T1GHEknQ5xm42J6+Dd79P48mDsJ9kUQXO1wpp9CEVkW5hTfzPGYV2tRWY3a9hgz3Y=,iv:+3hE34n4f2zy17TeoDF/lWvFaX2Rd7ZsojlpZq9R4fE=,tag:Bcs3CAKIk+mTwy0dGuzVMg==,type:str] mac: ENC[AES256_GCM,data:lOrSir70ZiZKjajRLUN83FoQQ0+hwLznbul6Z8hVjbxBvXdwvaMfi/BmfG/+wOMFjShU+fEStAjryoKCcaB3RJod2MyncvE4+fY2lmq7U/T1GHEknQ5xm42J6+Dd79P48mDsJ9kUQXO1wpp9CEVkW5hTfzPGYV2tRWY3a9hgz3Y=,iv:+3hE34n4f2zy17TeoDF/lWvFaX2Rd7ZsojlpZq9R4fE=,tag:Bcs3CAKIk+mTwy0dGuzVMg==,type:str]

116
modules/hosts/nixos/kiosk-entryway/default.nix Normal file
View file

@ -0,0 +1,116 @@
{ config, lib, pkgs, username, ... }: {
imports = [
./disk-config.nix
./hardware-configuration.nix
];
system.stateVersion = "24.11";
boot.supportedFilesystems = lib.mkForce [
"vfat"
"ext4"
];
environment.systemPackages = with pkgs; [
wlr-randr
];
hardware = {
enableRedistributableFirmware = true;
graphics.enable = true;
};
networking = {
firewall.enable = false;
wireless = {
enable = true;
networks = {
# Home
"Diagon Alley".pskRaw = "ext:psk_diagon_alley";
# Public networks
"Gallery Row-GuestWiFi" = {};
"LocalTies Guest".pskRaw = "ext:psk_local_ties";
};
secretsFile = "${config.sops.secrets.wifi_creds.path}";
};
};
nixpkgs.overlays = [
(final: super: {
makeModulesClosure = x:
super.makeModulesClosure (x // { allowMissing = true; });
})
];
services = {
cage = let
kioskProgram = pkgs.writeShellScript "kiosk.sh" ''
WAYLAND_DISPLAY=wayland-0 wlr-randr --output HDMI-A-1
/etc/profiles/per-user/gene/bin/chromium-browser
'';
in {
enable = true;
program = kioskProgram;
user = "gene";
environment = {
WLR_LIBINPUT_NO_DEVICES = "1"; # boot up even if no mouse/keyboard connected
};
};
prometheus.exporters.node = {
enable = true;
enabledCollectors = [
"logind"
"systemd"
"network_route"
];
disabledCollectors = [
"textfile"
];
};
};
sops = {
age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
secrets = {
local_git_config = {
owner = "${username}";
path = "${config.users.users.${username}.home}/.gitconfig-local";
};
local_private_env = {
owner = "${username}";
path = "${config.users.users.${username}.home}/.private-env";
};
wifi_creds = {
sopsFile = ../../common/secrets.yaml;
restartUnits = [
"wpa_supplicant.service"
];
};
};
};
systemd.services.cage-tty1 = {
wants = [
"wpa_supplicant.service"
];
};
users.users.${username} = {
isNormalUser = true;
description = "Gene Liverman";
extraGroups = [ "networkmanager" "wheel" ];
linger = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvLaPTfG3r+bcbI6DV4l69UgJjnwmZNCQk79HXyf1Pt gene@rainbow-planet"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIp42X5DZ713+bgbOO+GXROufUFdxWo7NjJbGQ285x3N gene.liverman@ltnglobal.com"
];
};
zramSwap = {
enable = true;
algorithm = "zstd";
memoryPercent = 90;
};
}

42
modules/hosts/nixos/kiosk-entryway/disk-config.nix Normal file
View file

@ -0,0 +1,42 @@
# Example to create a bios compatible gpt partition
{ lib, ... }:
{
disko.devices = {
disk.disk1 = {
device = lib.mkDefault "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
};
};
};
};
}

26
modules/hosts/nixos/kiosk-entryway/hardware-configuration.nix Normal file
View file

@ -0,0 +1,26 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

23
modules/hosts/nixos/kiosk-entryway/home-gene.nix Normal file
View file

@ -0,0 +1,23 @@
{ ... }: {
home.stateVersion = "24.11";
programs = {
chromium = {
enable = true;
commandLineArgs = [
"--app=http://192.168.22.22:8123/kiosk-entryway/immich?kiosk"
"--kiosk"
"--noerrdialogs"
"--disable-infobars"
"--no-first-run"
"--ozone-platform=wayland"
"--enable-features=OverlayScrollbar"
"--start-maximized"
"--force-dark-mode"
"--hide-crash-restore-bubble"
];
};
};
}

22
modules/hosts/nixos/kiosk-entryway/secrets.yaml Normal file
View file

@ -0,0 +1,22 @@
local_git_config: ENC[AES256_GCM,data:9eq+YMK1wRewtTOCYdq9haD9XhMKcKCXeYlioxn5kAAreUJdjw/D92O33958eXvA3TbvRJGpioN0iZZribay7q+e2zoW+SfITwetfKa9xIeU2UQF3f6jB9juh5mqWZBXGxx+An3tIg9jNjtHRRzK7nzp6Uyxy5TNEfBKPwU=,iv:mAMMKaEWN9DvVGDDc8tNKE6LXxTnd7NKe5VXL1vmCp0=,tag:EhJkL9V3J+020uUSVsL8BA==,type:str]
local_private_env: ENC[AES256_GCM,data:66Ii8OUAwROOyfSFAWhCdpq8OiTEwGqn6y51Tp3FnOYYuDepJmsh/ikBAkoowVUWf4F4RdABtauLCqOuRg==,iv:xZMtNffbdnbUbohcmr0ZprxdaeFNvp5VfHOyRh+hrhU=,tag:Tq+fo2QJxZvcMAE1oIudBA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1xaaf9enkf669w0cfnlx4ksd9g2kvvkuskp4xw7x84x6u492ulquqfjez5s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCdmUzblhaQ09UdEIzc2xw
OEh2V2JFTWZXdVdUVDJlTElGd2hnQ2x6aTBjCk85Vk0wMy9VdXFIUmNQNXFxYmF1
VkwzelAreUdUY2JDSVlrRitwbXlvOHMKLS0tIHVNUHBTTU44TmpXQyt6OUthOGo5
eEtid0paSEttc3FLamFJZ2FWZDVQSGcKG8gAV8xuSyYUxbRJqC+2WcwsuLQ0/Ngv
gFy5WVrDl61qq6MtI59ELHQiM6/Jv7x5Gv0Nmfy6q8ABtP6rSns/HA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-03T16:37:52Z"
mac: ENC[AES256_GCM,data:c/cGUUlyWJIcJ4sgJEv2EhGvOcE73V953hrOVq3l2PX23mm01rQF5NzXJ0PrEc17kpAPrmnS5CK45KBuN+38WQW6WsCPN+gjzoYzyo6X3W+LaHcSwJd48gRfC/1FXjDvoz7l2o3nmyPncaAzqINTj7ccTzMwgHjrfRNVv+aVWXY=,iv:tV++nZK6zl3dP1Bf+rsB0ivpRZj3r2RCPSGQj19Wdfg=,tag:SbRcxjF57bKZvZ+zl/pBLA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4