steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

steveej-x13s-rmvbl: init with minimal setup

Browse source 
this configures a standalone USB device that doesn't need configuration
of the firmware's EFI variables.
This commit is contained in:
steveej 2024-01-21 21:08:01 +01:00
parent f35bd726fa
commit 03c6157ab5
16 changed files with 501 additions and 374 deletions
Download patch file Download diff file Expand all files Collapse all files

8
.sops.yaml
View file

@ -8,6 +8,7 @@
keys: keys:
- &steveej 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B - &steveej 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
- &steveej-t14 age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl - &steveej-t14 age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl
- &steveej-x13s-rmvbl age1hkta9w0yawwwwchapemkygzxkrv7vx759vrafgrjhm63spckwstque8x97
- &elias-e525 age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm - &elias-e525 age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm
- &justyna-p300 age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8 - &justyna-p300 age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8
@ -24,6 +25,7 @@ creation_rules:
- *steveej - *steveej
age: age:
- *steveej-t14 - *steveej-t14
- *steveej-x13s-rmvbl
- *elias-e525 - *elias-e525
- *justyna-p300 - *justyna-p300
@ -83,3 +85,9 @@ creation_rules:
- *steveej - *steveej
age: age:
- *sj-bm-hostkey0 - *sj-bm-hostkey0
- path_regex: ^secrets/steveej-x13s-rmvbl/.+$
key_groups:
- pgp:
- *steveej
age:
- *steveej-x13s-rmvbl

17
flake.lock generated
View file

@ -293,22 +293,6 @@
"type": "github" "type": "github"
} }
}, },
"magmawm": {
"flake": false,
"locked": {
"lastModified": 1703542178,
"narHash": "sha256-HuCAz+B+cg7HoEEL67heaYRc8zmQCnPBR+DgmuiIZBk=",
"owner": "MagmaWM",
"repo": "MagmaWM",
"rev": "24dc21f228efb034cd0237fb5ff9a8310f1929b7",
"type": "github"
},
"original": {
"owner": "MagmaWM",
"repo": "MagmaWM",
"type": "github"
}
},
"nix-eval-jobs": { "nix-eval-jobs": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_3", "flake-parts": "flake-parts_3",
@ -663,7 +647,6 @@
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"get-flake": "get-flake", "get-flake": "get-flake",
"jay": "jay", "jay": "jay",
"magmawm": "magmawm",
"nixos-anywhere": "nixos-anywhere", "nixos-anywhere": "nixos-anywhere",
"nixpkgs": [ "nixpkgs": [
"nixpkgs-2311" "nixpkgs-2311"

15
flake.nix
View file

@ -59,11 +59,6 @@
flake = false; flake = false;
}; };
magmawm = {
url = "github:MagmaWM/MagmaWM";
flake = false;
};
salut = { salut = {
url = "gitlab:snakedye/salut"; url = "gitlab:snakedye/salut";
flake = false; flake = false;
@ -127,7 +122,7 @@
// ( // (
let let
router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations; router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations;
steveej-x13s = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations; steveej-x13s-rmvbl = (inputs.get-flake ./nix/os/devices/steveej-x13s-rmvbl).nixosConfigurations;
retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations; retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations;
in in
{ {
@ -140,7 +135,8 @@
# nixos-install --flake .\#retro_cross # nixos-install --flake .\#retro_cross
retro_cross = retro.cross; retro_cross = retro.cross;
steveej-x13s_cross = steveej-x13s.cross; steveej-x13s-rmvbl = steveej-x13s-rmvbl.native;
steveej-x13s-rmvbl_cross = steveej-x13s-rmvbl.cross;
} }
); );
@ -194,11 +190,6 @@
# }; # };
# }; # };
# magmawm = pkgs.callPackage (self + /nix/pkgs/magmawm.nix) {
# inherit craneLib;
# src = inputs.magmawm;
# };
salut = craneLib.buildPackage { salut = craneLib.buildPackage {
src = inputs.salut; src = inputs.salut;
nativeBuildInputs = [ nativeBuildInputs = [

24
nix/devShells.nix
View file

@ -1,27 +1,27 @@
{ { inputs'
inputs', , packages'
packages', , pkgs
pkgs, ,
}: }:
pkgs.stdenv.mkDerivation { pkgs.stdenv.mkDerivation {
name = "infra-env"; name = "infra-env";
buildInputs = buildInputs =
[ [
(with pkgs.callPackage (pkgs.path + "/nixos") {configuration = {};}; (with pkgs.callPackage (pkgs.path + "/nixos") { configuration = { }; };
with config.system.build; [ with config.system.build; [
nixos-generate-config nixos-generate-config
nixos-install nixos-install
nixos-enter nixos-enter
manual.manpages manual.manpages
]) ])
] ]
++ (with pkgs; [ ++ (with pkgs; [
inputs'.colmena.packages.colmena inputs'.colmena.packages.colmena
nixos-install-tools nixos-install-tools
dconf2nix dconf2nix
inputs'.nixos-anywhere.packages.nixos-anywhere inputs'.nixos-anywhere.packages.nixos-anywhere
inputs'.disko.packages.default
nurl nurl
just just
git-crypt git-crypt
vcsh vcsh

100
nix/os/devices/sj-bm-hostkey0/configuration.nix
View file

@ -1,14 +1,13 @@
{ { modulesPath
modulesPath, , repoFlake
repoFlake, , packages'
packages', , pkgs
pkgs, , lib
lib, , config
config, , nodeFlake
nodeFlake, , nodeName
nodeName, , system
system, , ...
...
}: { }: {
disabledModules = [ disabledModules = [
]; ];
@ -52,7 +51,7 @@
programs.zsh.enable = true; programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh; users.defaultUserShell = pkgs.zsh;
environment.pathsToLink = ["/share/zsh"]; environment.pathsToLink = [ "/share/zsh" ];
} }
]; ];
@ -83,52 +82,54 @@
firewall.enable = false; firewall.enable = false;
}; };
disko.devices = let disko.devices =
disk = id: { let
type = "disk"; disk = id: {
device = "/dev/${id}"; type = "disk";
content = { device = "/dev/${id}";
type = "gpt"; content = {
partitions = { type = "gpt";
boot = { partitions = {
size = "1M"; boot = {
type = "EF02"; # for grub MBR size = "1M";
}; type = "EF02"; # for grub MBR
mdadm = { };
size = "100%"; mdadm = {
content = { size = "100%";
type = "mdraid"; content = {
name = "raid0"; type = "mdraid";
name = "raid0";
};
}; };
}; };
}; };
}; };
}; in
in { {
disk = { disk = {
sda = disk "sda"; sda = disk "sda";
sdb = disk "sdb"; sdb = disk "sdb";
}; };
mdadm = { mdadm = {
raid0 = { raid0 = {
type = "mdadm"; type = "mdadm";
level = 0; level = 0;
content = { content = {
type = "gpt"; type = "gpt";
partitions = { partitions = {
primary = { primary = {
size = "100%"; size = "100%";
content = { content = {
type = "filesystem"; type = "filesystem";
format = "btrfs"; format = "btrfs";
mountpoint = "/"; mountpoint = "/";
};
}; };
}; };
}; };
}; };
}; };
}; };
};
system.stateVersion = "23.11"; system.stateVersion = "23.11";
@ -162,8 +163,5 @@
boot.binfmt.emulatedSystems = [ boot.binfmt.emulatedSystems = [
"aarch64-linux" "aarch64-linux"
"i686-linux"
# "i386-linux"
# "i586-linux"
]; ];
} }

34
nix/os/devices/steveej-t14/hw.nix
View file

@ -1,21 +1,5 @@
{ lib, ... }: { lib, ... }:
let let
stage1Modules = [
"aesni_intel"
"kvm_amd"
"nvme"
"nvme_core"
"thunderbolt"
"e1000e"
"usbcore"
"xhci_hcd"
"usbhid"
"usb_storage"
"xhci_pci"
"uas"
];
in in
{ {
# TASK: new device # TASK: new device
@ -103,6 +87,20 @@ in
}; };
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
# boot.initrd.availableKernelModules = stage1Modules; boot.initrd.kernelModules = [
boot.initrd.kernelModules = stage1Modules; "aesni_intel"
"kvm_amd"
"nvme"
"nvme_core"
"thunderbolt"
"e1000e"
"usbcore"
"xhci_hcd"
"usbhid"
"usb_storage"
"xhci_pci"
"uas"
];
} }

11
nix/os/devices/steveej-t14/system.nix
View file

@ -47,6 +47,17 @@ in
system = "x86_64-linux"; system = "x86_64-linux";
maxJobs = 32; maxJobs = 32;
speedFactor = 100; speedFactor = 100;
supportedFeatures = repoFlake.nixosConfigurations.steveej-t14.config.nix.settings.system-features ++ [ ];
}
{
hostName = repoFlake.colmena.sj-bm-hostkey0.deployment.targetHost;
# TODO: make this a reference
sshUser = "nix-remote-builder";
protocol = "ssh-ng";
system = "aarch64-linux";
maxJobs = 32;
speedFactor = 100;
supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features ++ [ ]; supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features ++ [ ];
} }
]; ];

0
nix/os/devices/steveej-x13s/.gitignore → nix/os/devices/steveej-x13s-rmvbl/.gitignore vendored
View file

66
nix/os/devices/steveej-x13s-rmvbl/configuration.nix Normal file
View file

@ -0,0 +1,66 @@
{ repoFlake
, pkgs
, lib
, config
, nodeFlake
, nodeName
, localDomainName
, system
, ...
}:
{
imports = [
repoFlake.inputs.sops-nix.nixosModules.sops
nodeFlake.inputs.disko.nixosModules.disko
./disko.nix
../../profiles/common/user.nix
{
nix.nixPath = [
"nixpkgs=${pkgs.path}"
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.max-jobs = lib.mkDefault "auto";
}
{
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "yes";
services.openssh.openFirewall = true;
users.commonUsers = {
enable = true;
enableNonRoot = true;
};
sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
sops.defaultSopsFormat = "yaml";
}
];
networking = {
hostName = nodeName;
firewall.enable = true;
useNetworkd = true;
networkmanager.enable = false;
};
system.stateVersion = "23.11";
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [
pkgs.util-linux
pkgs.coreutils
pkgs.vim
];
}

0
nix/os/devices/steveej-x13s/default.nix → nix/os/devices/steveej-x13s-rmvbl/default.nix
View file

66
nix/os/devices/steveej-x13s-rmvbl/disko.nix Normal file
View file

@ -0,0 +1,66 @@
{
disko.devices = {
disk = {
voyager-gtx = {
type = "disk";
device = "/dev/disk/by-id/ata-Corsair_Voyager_GTX_21488170000126002054";
content = {
type = "gpt";
partitions = {
ESP = {
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "x13s-usb-crypt";
extraOpenArgs = [ ];
# disable settings.keyFile if you want to use interactive password entry
#passwordFile = "/tmp/secret.key"; # Interactive
settings = {
# if you want to use the key for interactive login be sure there is no trailing newline
# for example use `echo -n "password" > /tmp/secret.key`
# keyFile = "/tmp/secret.key";
allowDiscards = true;
};
# additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/swap" = {
mountpoint = "/.swapvol";
swap.swapfile.size = "32G";
};
};
};
};
};
};
};
};
};
};
}

108
nix/os/devices/steveej-x13s/flake.lock → nix/os/devices/steveej-x13s-rmvbl/flake.lock generated
View file

@ -1,18 +1,51 @@
{ {
"nodes": { "nodes": {
"acamcstephens_stop-export": {
"flake": false,
"locked": {
"lastModified": 1705858695,
"narHash": "sha256-iTIwMsw/cjacCkSzzCwb+nEkpOK/PoPenPHOysWCBSk=",
"ref": "refs/heads/main",
"rev": "8b61e53b83caf55bd374f4ce2b20f1e8012ce2ec",
"revCount": 13,
"type": "git",
"url": "https://codeberg.org/adamcstephens/stop-export.git"
},
"original": {
"type": "git",
"url": "https://codeberg.org/adamcstephens/stop-export.git"
}
},
"alsa-ucm-conf": {
"flake": false,
"locked": {
"lastModified": 1705501566,
"narHash": "sha256-Nyr7tjH5VBjocvaKaHCiK+zsjThYBtcr936aRWCBBpM=",
"owner": "alsa-project",
"repo": "alsa-ucm-conf",
"rev": "e87dde51d68950537f92af955ad0633437cc419a",
"type": "github"
},
"original": {
"owner": "alsa-project",
"repo": "alsa-ucm-conf",
"rev": "e87dde51d68950537f92af955ad0633437cc419a",
"type": "github"
}
},
"brainwart_x13s-nixos": { "brainwart_x13s-nixos": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1701822673, "lastModified": 1705565623,
"narHash": "sha256-F2LBV8tqGPhEAvmn5Frxj79RPWgPGUYxJRYz8Pn9uj0=", "narHash": "sha256-sisr/dFIz8p3/Y7mz+arWxjeiBmUTQkMqkF9j3c2dWE=",
"owner": "BrainWart", "owner": "BrainWart",
"repo": "x13s-nixos", "repo": "x13s-nixos",
"rev": "ba245df7a72a78ec93aa500ba1a0cb29f0f65f37", "rev": "29002122d86a1009ba70e7a4ca3063e5404c77a2",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "BrainWart", "owner": "BrainWart",
"ref": "main", "ref": "flake",
"repo": "x13s-nixos", "repo": "x13s-nixos",
"type": "github" "type": "github"
} }
@ -24,11 +57,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1705348229, "lastModified": 1705540973,
"narHash": "sha256-CssPema1sBxZkrT95KFuKCNNiqxNe1lnf2QNeXk88Xk=", "narHash": "sha256-kNt/qAEy7ueV7NKbVc8YMHWiQAAgrir02MROYNI8fV0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "d0b4408eaf782a1ada0a9133bb1cecefdd59c696", "rev": "0033adc6e3f1ed076f3ed1c637ef1dfe6bef6733",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -36,27 +69,6 @@
"type": "indirect" "type": "indirect"
} }
}, },
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"srvos",
"nixpkgs"
]
},
"locked": {
"lastModified": 1704982712,
"narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "07f6395285469419cf9d078f59b5b49993198c00",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"get-flake": { "get-flake": {
"locked": { "locked": {
"lastModified": 1694475786, "lastModified": 1694475786,
@ -75,11 +87,11 @@
"linux_x13s": { "linux_x13s": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1705487080, "lastModified": 1705680516,
"narHash": "sha256-DTOPiUGaeH5Ey+AZaO1c1n/QFikIXmvo2tTzgFtJ70k=", "narHash": "sha256-NjCuPYjYHBJcoJR1ZaWQ9sRh0VpY2Y0hawkbUBRfCvk=",
"owner": "jhovold", "owner": "jhovold",
"repo": "linux", "repo": "linux",
"rev": "dd209a8fb4840e48ca4963bb23057f38b1066a6d", "rev": "bac95eabe6577faa2773cbe7e91c34fd17ab79a0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -107,50 +119,30 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1705316053, "lastModified": 1705641746,
"narHash": "sha256-J2Ey5mPFT8gdfL2XC0JTZvKaBw/b2pnyudEXFvl+dQM=", "narHash": "sha256-D6c2aH8HQbWc7ZWSV0BUpFpd94ImFyCP8jFIsKQ4Slg=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c3e128f3c0ecc1fb04aef9f72b3dcc2f6cecf370", "rev": "d2003f2223cbb8cd95134e4a0541beea215c1073",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-unstable", "ref": "nixos-23.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"root": { "root": {
"inputs": { "inputs": {
"acamcstephens_stop-export": "acamcstephens_stop-export",
"alsa-ucm-conf": "alsa-ucm-conf",
"brainwart_x13s-nixos": "brainwart_x13s-nixos", "brainwart_x13s-nixos": "brainwart_x13s-nixos",
"disko": "disko", "disko": "disko",
"get-flake": "get-flake", "get-flake": "get-flake",
"linux_x13s": "linux_x13s", "linux_x13s": "linux_x13s",
"mobile-nixos": "mobile-nixos", "mobile-nixos": "mobile-nixos",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs"
"srvos": "srvos"
}
},
"srvos": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1705346686,
"narHash": "sha256-lTf1b2I6wwNDhV5eEKIAMT5DOa43bK5KaPqDWH2yfek=",
"owner": "numtide",
"repo": "srvos",
"rev": "8e03bea707212a7225b0ab02a8186af8b1e98e0a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "srvos",
"type": "github"
} }
} }
}, },

190
nix/os/devices/steveej-x13s/flake.nix → nix/os/devices/steveej-x13s-rmvbl/flake.nix
View file

@ -1,13 +1,11 @@
{ {
inputs = inputs =
{ {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
get-flake.url = "github:ursi/get-flake"; get-flake.url = "github:ursi/get-flake";
disko.inputs.nixpkgs.follows = "nixpkgs"; disko.inputs.nixpkgs.follows = "nixpkgs";
srvos.url = "github:numtide/srvos";
srvos.inputs.nixpkgs.follows = "nixpkgs";
mobile-nixos.url = "github:NixOS/mobile-nixos"; mobile-nixos.url = "github:NixOS/mobile-nixos";
mobile-nixos.flake = false; mobile-nixos.flake = false;
@ -17,9 +15,20 @@
linux_x13s.flake = false; linux_x13s.flake = false;
brainwart_x13s-nixos = { brainwart_x13s-nixos = {
url = "github:BrainWart/x13s-nixos/main"; url = "github:BrainWart/x13s-nixos/flake";
flake = false; flake = false;
}; };
acamcstephens_stop-export = {
flake = false;
url = "git+https://codeberg.org/adamcstephens/stop-export.git";
};
alsa-ucm-conf = {
flake = false;
url = "github:alsa-project/alsa-ucm-conf/e87dde51d68950537f92af955ad0633437cc419a";
};
}; };
outputs = outputs =
@ -31,15 +40,7 @@
let let
targetPlatform = "aarch64-linux"; targetPlatform = "aarch64-linux";
buildPlatform = "x86_64-linux"; buildPlatform = "x86_64-linux";
nodeName = "steveej-x13s"; nodeName = "steveej-x13s-rmvbl";
pkgs = nixpkgs.legacyPackages.${targetPlatform};
pkgsCross = import self.inputs.nixpkgs {
system = buildPlatform;
crossSystem = {
config = "pentium2-unknown-linux-gnu";
};
};
mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs: mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs:
nixpkgs.lib.nixosSystem ( nixpkgs.lib.nixosSystem (
@ -64,21 +65,6 @@
{ {
nix.registry.nixpkgs.flake = nixpkgs; nix.registry.nixpkgs.flake = nixpkgs;
} }
{
nixpkgs.overlays = [
(final: prev:
{
qrtr = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/qrtr.nix" { };
qmic = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/qmic.nix" { };
rmtfs = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/rmtfs.nix" { };
pd-mapper = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/pd-mapper.nix" {
inherit (final) qrtr;
};
compressFirmwareXz = prev.lib.id; #this leaves all firmware uncompressed :) for pd-mapper
})
];
}
] ]
++ extraModules; ++ extraModules;
} }
@ -155,56 +141,76 @@
defconfig = "johan_defconfig"; defconfig = "johan_defconfig";
}; };
uncompressed-fw = pkgs.callPackage
({ lib, runCommand, buildEnv, firmwareFilesList }:
runCommand "qcom-modem-uncompressed-firmware-share"
{
firmwareFiles = buildEnv {
name = "qcom-modem-uncompressed-firmware";
paths = firmwareFilesList;
pathsToLink = [
"/lib/firmware/rmtfs"
"/lib/firmware/qcom"
];
};
} ''
PS4=" $ "
(
set -x
mkdir -p $out/share/
ln -s $firmwareFiles/lib/firmware/ $out/share/uncompressed-firmware
)
'')
{
firmwareFilesList = lib.flatten options.hardware.firmware.definitions;
};
linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s; linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s;
dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/sc8280xp-lenovo-thinkpad-x13s.dtb"; dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/sc8280xp-lenovo-thinkpad-x13s.dtb";
dtbName = "x13s63rc4.dtb"; dtbName = "x13s63rc4.dtb";
x13_firmware = { stdenvNoCC, fetchFromGitHub }:
stdenvNoCC.mkDerivation {
pname = "x13s-extra-firmware";
version = "1.0.0";
src = fetchFromGitHub {
owner = "ironrobin";
repo = "x13s-alarm";
rev = "efa51c3b519f75b3983aef67855b1561d9828771";
sha256 = "sha256-weETbWXz9aL2pDQDKk7fkb1ecQH0qrhUYDs2E5EiJcI=";
};
dontFixup = true;
dontBuild = true;
installPhase = ''
mkdir -p $out/lib/firmware/qcom/sc8280xp/LENOVO/21BX
cp x13s-firmware/qcvss8280.mbn $out/lib/firmware/qcom/sc8280xp/LENOVO/21BX/
'';
};
in in
{ {
nixpkgs.overlays = [
(final: prev:
{
qrtr = final.callPackage "${self.inputs.acamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" { };
pd-mapper = final.callPackage "${self.inputs.acamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" {
inherit (final) qrtr;
};
x13s_alsa-ucm-conf = prev.alsa-ucm-conf.overrideAttrs (prev: {
src = self.inputs.alsa-ucm-conf;
});
}
)
];
boot = { boot = {
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
loader.systemd-boot.extraFiles = { loader.systemd-boot.extraFiles = {
"${dtbName}" = dtb; "${dtbName}" = dtb;
}; };
loader.efi.canTouchEfiVariables = true; loader.efi.canTouchEfiVariables = false;
loader.efi.efiSysMountPoint = "/boot"; loader.efi.efiSysMountPoint = "/boot";
blacklistedKernelModules = [ "wwan" ];
kernelPackages = linuxPackages_x13s; kernelPackages = linuxPackages_x13s;
kernelParams = [ kernelParams = [
"dtb=${dtbName}"
"boot.shell_on_fail" "boot.shell_on_fail"
# jhovold recommended
"efi=noruntime"
"clk_ignore_unused" "clk_ignore_unused"
"pd_ignore_unused" "pd_ignore_unused"
"arm64.nopauth" "arm64.nopauth"
"cma=128M"
"nvme.noacpi=1" # blacklist graphics in initrd so the firmware can load from disk
"iommu.strict=0" "rd.driver.blacklist=msm"
"dtb=${dtbName}"
]; ];
initrd = { initrd = {
includeDefaultModules = false; includeDefaultModules = false;
availableKernelModules = [ availableKernelModules = [
@ -231,39 +237,65 @@
"phy-qcom-snps-femto-v2" "phy-qcom-snps-femto-v2"
"phy-qcom-usb-hs" "phy-qcom-usb-hs"
"nvme" "nvme"
"usbcore"
"xhci_hcd"
"usbhid"
"usb_storage"
# "xhci_pci"
"uas"
]; ];
}; };
}; };
# power management, etc.
environment.systemPackages = with pkgs; [
qrtr
qmic
rmtfs
pd-mapper
uncompressed-fw
];
environment.pathsToLink = [ "share/uncompressed-firmware" ];
# ensure the x13s' dtb file is in the boot partition # default is performance
system.activationScripts.x13s-dtb = '' powerManagement.cpuFreqGovernor = "ondemand";
in_package="${dtb}"
esp_tool_folder="${efi.efiSysMountPoint}/"
in_esp="''${esp_tool_folder}${dtbName}"
>&2 echo "Ensuring $in_esp in EFI System Partition"
if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then
>&2 echo "Copying $in_package -> $in_esp"
mkdir -p "$esp_tool_folder"
cp "$in_package" "$in_esp"
sync
fi
'';
hardware.enableAllFirmware = true; hardware.enableAllFirmware = true;
hardware.firmware = [ hardware.firmware = [
pkgs.linux-firmware pkgs.linux-firmware
(pkgs.callPackage x13_firmware { })
(pkgs.callPackage "${self.inputs.brainwart_x13s-nixos}/pkgs/x13s-firmware.nix" { }) (pkgs.callPackage "${self.inputs.brainwart_x13s-nixos}/pkgs/x13s-firmware.nix" { })
]; ];
systemd.services.pd-mapper = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${lib.getExe pkgs.pd-mapper}";
Restart = "always";
};
};
# bind mount over existing alsa-ucm-conf
# this is just config, but is in the critical path for lots of packages
# systemd.services.x13s-alsa-conf = {
# wantedBy = [ "multi-user.target" ];
# serviceConfig = {
# Type = "oneshot";
# RemainAfterExit = true;
# ExecStart = "${pkgs.util-linux.mount}/bin/mount -o bind ${pkgs.x13s_alsa-ucm-conf}/share/alsa ${pkgs.alsa-ucm-conf}/share/alsa";
# ExecStop = "${pkgs.util-linux.mount}/bin/umount ${pkgs.alsa-ucm-conf}/share/alsa";
# };
# };
systemd.services.bluetooth = {
serviceConfig = {
# disabled because btmgmt call hangs
# ExecStartPre = [
# ""
# "${pkgs.util-linux}/bin/rfkill block bluetooth"
# "${pkgs.bluez5-experimental}/bin/btmgmt public-addr ${cfg.bluetoothMac}"
# "${pkgs.util-linux}/bin/rfkill unblock bluetooth"
# ];
RestartSec = 5;
Restart = "on-failure";
};
};
}; };
}; };
}; };

82
nix/os/devices/steveej-x13s/configuration.nix
View file

@ -1,82 +0,0 @@
{ repoFlake
, pkgs
, lib
, config
, nodeFlake
, nodeName
, localDomainName
, system
, ...
}:
{
imports = [
# repoFlake.inputs.sops-nix.nixosModules.sops
# ../../profiles/common/user.nix
{
nix.nixPath = [
"nixpkgs=${pkgs.path}"
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.max-jobs = lib.mkDefault "auto";
nix.settings.cores = lib.mkDefault 0;
}
{
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "yes";
# users.commonUsers = {
# enable = true;
# enableNonRoot = false;
# rootPasswordFile = config.sops.secrets.passwords-root.path;
# };
users.users.root.password = "install";
# sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
# sops.defaultSopsFormat = "yaml";
# sops.secrets.passwords-root.neededForUsers = true;
}
];
networking = {
hostName = nodeName;
useNetworkd = false;
networkmanager.enable = false;
firewall.enable = false;
};
system.stateVersion = "23.11";
# We exclude a number of modules included in the default list. A non-insignificant amount do
# not apply to embedded hardware like this, so simply skip the defaults.
#
# Custom kernel is required as a lot of MTK components misbehave when built as modules.
# They fail to load properly, leaving the system without working ethernet, they'll oops on
# remove. MTK-DSA parts and PCIe were observed to do this.
# boot.initrd.includeDefaultModules = false;
# boot.initrd.kernelModules = ["rfkill" "cfg80211" "mt7915e"];
# boot.initrd.availableKernelModules = ["nvme"];
nixpkgs.config.allowUnfree = true;
# hardware.enableRedistributableFirmware = true;
environment.systemPackages = [
pkgs.busybox
];
fileSystems."/".label = "x13s_root";
}

108
secrets/shared-users.yaml
View file

@ -16,82 +16,100 @@ sops:
- recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl - recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlbG5RWWVBZ2JZOXlENDVr YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlanJ3b29Ed2Q3Y2I3SWRt
M3lCdEc4RnVwWlZJZXY5RGJ5aEFmcmlmK0hFCnNFSHliMHZyWTBLZG5ub2hPSy93 TlpTRFpMT3FhOUl0dGZGMW1lU3pQNW95bkZjCjY0bXV4Q2dBQjd6emZRdlczQ0F6
dDNoWmgvTEhQdUdWL1dEbDZpRnBacFUKLS0tIFpjdVZBZjhRdll2TGdKdFVQTzVp V3RvbklucGhzbGpPUzJ4K3FrNzJ2SVEKLS0tIFRlWWRBNk1HdllsZzNQZDIwa2N6
UDV5bXpzWXNzMTQwTkZPVjc0ckNUUFEKwYIl0ErBjh83ogRau2mYzkivxruLKQXj bUpjR0ZzNVd5dEpEZUJCSnVUWVJtSzAKb2dEX133nceasBIwgd8q6x6WWPCQ0Ukg
eEQgNMf/xdWZ76OAKDwCF/7zmCSeT2UYoJFCfYtnMw7OxwOCyvPIOg== Rmsbi5u1SYrZr3544sVoo0PvkU7gT9Fh4/LOy9oPpJSEcTXf5DMzjQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm - recipient: age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAramZoZmdSOFdoWEttNndT YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkRjBHQ2lDYmhsei84STdk
RHVWUC9RekVVL21iQVA5Z3JvajliSVZVNVNFCjhiMkdGOXNTa2FnVStUTVRVZm1s eUVOdWZGOTJMR1JwbHB2ek5mRzVVdkJuU0ZjCmk2NUttVjgwTk42OUtxVStVMEFK
Y1ZVdGFnZ0I2VGYxTW1Wakt5Znd3NXcKLS0tIERvVjFySDJDU3lRNGlpL3pYRWwy VFo0RFRyR3RJa2VJSm95NVV3dm5YL3MKLS0tIExGQUlhS3RDMjRHejRaZ01BQWZ1
UU0ybTRsSVlBaFV2d2xqVTc5Q1lNQWcKUti+W3HLneDzq/VI5yPBsTPyDUAUYL6U U0pZR3BzakVmUW1QNGhsQkNQMk1NY00KR3ZP/WB3sMNoWi13mjMqgnZuM8tnIjty
tO1SMC8xBVbgzlFQtM84gYCE8ATxvwOJV+8wNrcHdWXQ8AJLF9UwPA== QHgwav0qOkcQqdYSfOY/DxmPgTG0CKroqRXY8Hk72Y/UH2HpyIptnQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8 - recipient: age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2ZXpGREZxdzREU0tSV1Nu YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3UUs4dTFIcXVvZ285N1A1
ZnVONGdxU0VBb3RXY21pTEJVWUw3aUV1UG5ZCmZYcXVzdUgzalFvdXR1Q0FESENF MmhleE50YXVGaDg0QlZsUWZNam4wYjRwL1FVClNBUm9GcWNvUitYSnBla1dIeDFl
Q0VDSmlqbGRxemlGYVRQN2NQcGU3VEEKLS0tIFp1N2V6V3dkeWVpRGtrTzhyNUFE SmZKMzBQTWpSdGRPcDVlTmRjQzZxNWcKLS0tIFh2UGJtMHdZTXo1N2lzckM3YXRl
TUdFcXpEbnpmdTlWM1I3UTBYSFo5UnMKJm4gkNDHnCujMk+i46hGEMoQWEs9IBRM NmZpcGRLVmZsYjkwZkJ2NEk5dzlmY0EKtxNY7qvh5ErrAhRcQHVnDc1orsYlLGCS
/Lb1BpHA+5BB0LB6yL1VkXttSBNp69s5LN/EgdvTnZ7qL4/KqhwvMg== 8uLSOapuC8W6EH6w6aewQiggKBjDmECpNo7VyXfbURfaOk4o8uqg3A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 - recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxSk9GbVpxaHJPUGY4U3hu YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUEFIb3VmZVE2Q1NheGEx
K3hpbzhkMWVJNHIrNWVPRUphcjkvY0h1cWpnCkxYTmtiWjk2QktxSHJON01XRGJD YmdscFdEYThQa29jTEdzdjZlK1U2WFlUY3dVCm1CUmlMY21pMXRGTXY4RDZ3cE1p
MDZZZlB3dU9NbXN4RHRMc2ZRTHdERE0KLS0tIFJpdUhWdm1INFU3eU96NFN3OFk1 UUxNMEozQndUaTNGUlVrK0pKWC9WODAKLS0tIG1wSnNEZVUvakkxZS8yaklpWlNH
Z2dMQ2xGOTJCcXdCU0FFdVJjQVIwK1EKHLo6YIsfKAwQ/yBQvS1icIAS6W7AwABw MFZkc2Z4M1FNdWZkdmwvQVpiRDFtbTQKbnNBlKnsNiL6BeSC9AoGx6IVeOyvB5IH
d5hD2G0KVJK66HnYWuQALQbuWh2i0OA2fNAywcKe4R5ACN5M8TKHew== mP6aBQHyOBMgGql2+WHLdjBS5qEeR43jZbWNKiTnt8lnnfj7GVgiPA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86 - recipient: age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3dEttcnphWlVpbTdET1pY YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1NTlhSXRFN1ZrYjZGdXlG
L2RxWkx2VWVxZ21URE53MFg1cVFpTkwxN1N3CmJSRk1DY2JkZk5DMlUvZFp5RXNw dDBlVUxJd0FlQnpETkJSbHppNGlncEp1emhRCjRLMkEvbXRkampwcWxvNnhRRVhY
YWh0Q1FxTUJwTWNVY09NTTdSRHEzM1UKLS0tIEREeGY4M2J1QWZUTThhTWxoOUVX dWlQWWI5YXJQMmR3cWxOVUtneWRDRFkKLS0tICt6ZEF3cHg0SUxES243TzdFcnVS
QVJSemJ4eldSbGU4dWZtU1hRNi9VQk0KhT8lL2mk8J/uZ0dECGbi14Se2cC7l6AK bkgrWklIbFFrRHdHZGdvMGlHTGNXUkEKUuT35aX71q+KBXozpoGWcHeSs0g70kyY
yWgNHggdrPcSvHH/A2u1yUdfQCU36yEvoxAwa8y/uQW3lgU35iVT+g== yo5uuD6Ay4QlNtdfeOYmsyg8iikOrpw5Mer2vsSTWGbszy8p1+93Pw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuT29LTzAxcHZPd0VFa2pG YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUSzR0SFJPSjBVQVlCcFBT
ZVJ6K2tiT2V3MDJlakpjZ1puczFWZEdORFJNCitNRzViZHU4ZTRXMmJZYUZqRHJ2 ajMwNUFzZWwzMDkzTHh0anJETnVicWdiVFJJClRSVi9MbjdKcUUvRVFyby9RSVdk
aDZtRlAyMDdOUHoxbWJ1c0JHaURXSlEKLS0tIHpnRitqc1BmV3FyUjZQcGtZZUtG VHpxbnBuQll3QzQwUERCNXdQOCtZSE0KLS0tIDBhbW1YU2c5YVpwUVMwY2EwVjRD
dXRPaEJna0duZDVLZVRpODM2enpiUmcKWLmGdJzLZ6UMcGRAzCb/UmsHl1Q+FQgk dk1uTzNZN1hnT2NHU29EN2FsQ1pUQVEK+cpcftNnD8HhLimsrp+YDLwurUZqENkQ
IPTiCyyun+1JjWMSXC/z7rf2LFuvWvPPxHOChnYivBD60BYMgHJ8Sg== HX45h7tC7J6R0+w8A/1nfY1gsST/asgJhSGjroB+EdsP2aGUCUiNyA==
-----END AGE ENCRYPTED FILE-----
- recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6bXZsYnYzMC8wQnhMUGpu
TVFKWkFTU1U0VTFDeUlaR2dzZzN6WG9ueFQ4CnFYMWpoUGFPbkZRTUtSN2ZnelFJ
Nk1CdjVTbnY3aG1FNVZrY3hQYmRGalEKLS0tIERsd2xvaStod1N4eHg3eTIxSlUy
NERKTEZpSkV3N2wxWTlVazhNdFk2NDQKt+omfSoPJQvohV4aED0HYMXwFKMq25lB
9+gB0BJDYe7btIUuFr861EDWx+D32gBtbpRsyAitNJKc9NlZ4VLWuw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44 - recipient: age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXN1hoQWdERDRTN0lJM0pI YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXc0dETndkQVFwa2FwUUtj
RWcvZXVPN3ljd0h0QTA1SmN6dlorVi9vWjNNCmhscXhNTmhBVlZZN3VzdzFnRWNt aHNNaG5rS2VvamRtVDR1Rm1ubXFaR2NWa0RzCmdLbTFFUzlrZ01KWTY5Uk9uWTAy
VTlTUGk0RnRIaHF2bnBPeFpOVHY4RGsKLS0tIDA5MjVFZnU3bTE3bHZZSzJJQmpD Ym1kRXp4bWM1QUs2d1BwcE1WTEsyY3cKLS0tIG5qVm84WGlGVDlDWUVHWGNrcXJQ
NEJkTStUaWVzZTNpKzZNTnRmR0tJUGsKBsVqJ0Xg8qWHGb2IDJXrEq4k4LgQFhQS NHR6S3pPRFhWemNWM0FMSjZpbXkzN0UKoTE6GuckP7QwuCQ8gZgitmW0URtG57u6
HrVF7MAwE/WSnGRhh/V8osej3QHW4vLg37IjaT6v+hCcBOiJeCqg5g== VuWmt7vpSuutHJmccODDpFg4iJKC8SKIeUoQANKsnBJf/uZhDaG42Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hkta9w0yawwwwchapemkygzxkrv7vx759vrafgrjhm63spckwstque8x97
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsM2ptZVl5R0tybkU1bHJp
ams0OENxU21FZDJjNkZNQUlteDF3RHBoOWpZCjFNUXhzMzhXR1FhUmxnSFAzcnVK
NVZONlNkVVdGcUNtZyszT1liOVdtOVUKLS0tIDZIR2NMWGVJclhqeitqN1V3endv
Z0wzT0hweEVML2plRTkzaFZsWHJHY2MKTcX84PLdHpuGzUn2v7r5gJLp9ZBhgLu6
WI1KWIwbYj91hsoHjUH4lW0Xv7/mVLrON9wOQuOuyuVeDfP7GQ73qA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-06T20:14:22Z" lastmodified: "2023-07-06T20:14:22Z"
mac: ENC[AES256_GCM,data:GPWu5DjjJ1ki+HRuedGdDCt+2V0RPbOsD/yWJxPIkgu5923vnF8y9y4V6e6+ZsTqHv4hsKeCjKtUnh2Ldn+xadwJmqrIxyJ8NzH5TOvcBxAab9cJCp/yKENw0O1WMUTlDPelvQKMDwbgiebaVVfxbQPUEfJGOgkHkyXrgqN94FU=,iv:h9YALYahUl7mRJmZKjArEfaMrfW9YZkVYd2CEooF13Q=,tag:wotqxup/ouG/bEVOZCs19w==,type:str] mac: ENC[AES256_GCM,data:GPWu5DjjJ1ki+HRuedGdDCt+2V0RPbOsD/yWJxPIkgu5923vnF8y9y4V6e6+ZsTqHv4hsKeCjKtUnh2Ldn+xadwJmqrIxyJ8NzH5TOvcBxAab9cJCp/yKENw0O1WMUTlDPelvQKMDwbgiebaVVfxbQPUEfJGOgkHkyXrgqN94FU=,iv:h9YALYahUl7mRJmZKjArEfaMrfW9YZkVYd2CEooF13Q=,tag:wotqxup/ouG/bEVOZCs19w==,type:str]
pgp: pgp:
- created_at: "2023-11-23T20:47:07Z" - created_at: "2024-01-22T09:16:19Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
wcBMA0SHG/zF3227AQf/Y907bW+LYWHAT8FPF12f8+GvUy744+9sMZe3oSX1ML9F wcBMA0SHG/zF3227AQf/WsDFXBatZSxOmQWVGXw0MOeC2QOKaUo5if7C4Z0d+cMg
JOEjxSOs9OCWM79qBIMI6Nets3lV1eEoR8eG74jcIwNPQMfQn/U4hHtJM9Nq4yI7 AyEmUMFcU3KkTFTqjqSqjA/9k/AJiqJxQkXqcSVHT4z3vNdGzrWVsJI4fimmumFZ
1FLQEfGZcuSMUk2/1c/9lEi+Sye9W+9ZYGUIcvBu1ksPmZpJT/BVOaNc8xWe1hzY Hcc7hIgkBK1THkTkoOr3G3WRHJ/J4nZmABycWSt1kF1FdnHnXo8bXh25Sk+Ellt2
FmEzwaWAPaxSH1EM3KnPhxezzn76DxjDKc4iMNi+5UoAIT2cssbdckf5uDaTa3CE +SlaC8NAZtd2P6L3ZxQYFUud3mc6/uUV5GTkZ7RisjMnAEVF5BbvzSAlAj7fh4Ph
6GrfR9//5ldsPqineM2MHeEMHgn+mlVYmpiXNBCfcMfEi81o6l5nmNjy1qjABEKC ZJxMLzVnqQHrN+U/0WuFtL8KJaCF9zecxQxzaM/Zf/Sa5x4fsoqsjmMPhtwQMvC5
254kSW+vMFOhdH6AZvJ/21z/3aUTwMM2mFEti/nh4dJRAWNWEymviIC1o2esJ9K6 ehiXSoVYETuJylSQF+N44V46/lrO6qqnIi+5NqqC2NJRAXH01P/bMQfW5M6AqQgJ
77xHv4pEIEahuBcHLBbeBK3AYYqJxcZr5BhIqGAir8OlCOaXzRsN5ElzmVS+Hoib muPztPFjBL46D3wVo6Hg0JL6ag5DV4/mjTOpEiiGUHKxTDxFwlNYRQQX2EHnBHFb
t04nfgpuRfKyso0zrndvLwDn Otf7rnrSdA+I9GqEpCNkzdbi
=lmD0 =pR8T
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted

46
secrets/steveej-x13s-rmvbl/secrets.yaml Normal file
View file

@ -0,0 +1,46 @@
hello: ENC[AES256_GCM,data:9dO0Gd4YDDxWHHBYtdomfK8BJnBZC+SQYfUvTAkCq9sOO/ZH/bFhN0Fl/NvLzQ==,iv:m1TZ9PGjsoMo7NA9EHrLb0tCtIl98E3OEN1bkpZZxXY=,tag:Gup/pACLIXGXu8KEyzmfWg==,type:str]
example_key: ENC[AES256_GCM,data:EQ+uewu8+17QhrbIHg==,iv:N9i1tCT5IHz5WYbqyF0AIqCq/c67uPMiavUxt0Eb2Oc=,tag:UwOrM3cOLYMxIe80GenljA==,type:str]
#ENC[AES256_GCM,data:qZzxU9ai1z/5f3gxHrR5Dq56,iv:ccvxVS693K9Jjp/YIesWo8kemtkCSFWHJlJposcmXt0=,tag:FQUUPO+ydScUVZWH89vEew==,type:comment]
#ENC[AES256_GCM,data:Il5rKFCgUQERmLqSEOnzoQ==,iv:ALxNqdu/MgDdPyiEsq0Qgb/5bOBS3OgIWf0ZOUbGLJg=,tag:u4vJ7Y6iwa1Na5FIebrVow==,type:comment]
example_array:
- ENC[AES256_GCM,data:yMM0kfvv4WI/reWLuM8=,iv:51XoWYOFLAbhIzejbWBwIpi2JVhQZIivLt4HVJtXPpA=,tag:J9C7NwdVOoocGKWUvUAOSQ==,type:str]
- ENC[AES256_GCM,data:Tg1bRwtydMuaLvnvTDc=,iv:8c44EM1U5tqD8Mn8Fg37MyASi+xv78BB+8AjG59tzXE=,tag:OvxU9x0pZbjW9j/DQMahFg==,type:str]
example_number: ENC[AES256_GCM,data:DhzIPdpqm/p1pQ==,iv:ZWkBTeuyaXVzffEVGuw1xxi+ekiSGyspE9PeBNRRm1k=,tag:Qq1/Wo3XY+Y2u5luxxxTeA==,type:float]
example_booleans:
- ENC[AES256_GCM,data:ZA6WIQ==,iv:gkQnXrVZiP6Yj4SVdtM09Jmpebb11998tv3y/P5pvqE=,tag:ujwkH9l6/+1W4IeDu3HBFw==,type:bool]
- ENC[AES256_GCM,data:YcDPFAc=,iv:r9gBG5YIq5Sgs6/HWRWjBJZ8TrlXDxnAZN1PRBVIq8k=,tag:TTP0tsiPsPsd6BjkScCRbQ==,type:bool]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1hkta9w0yawwwwchapemkygzxkrv7vx759vrafgrjhm63spckwstque8x97
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDWk1LS3A0NENRZk1HZm8x
dW1PNkxZV1ZWdStzb2M5MzRRNmJmUXcvakJJCnpwVlZRV3FHVDNUbURSMWZXY3k2
NUliMUpNT3kreEZITjR3dDdrU2MvVkEKLS0tIFp5U2tCa3V5NWhqWHgzdDR5RG9D
SmxNVk45UklhUjRYc2pTVy9FWFBhQUUK1QMqDCIZnyyzJhUb0TBgheW2P6lAUTQe
KLhYqTRuo5/zS5C2uANa028CNGWJVOoEgKEw3xjHz0pvSkT5JkI8WQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-22T09:20:19Z"
mac: ENC[AES256_GCM,data:Mmo5XJaMIDZ0sqKyn7oK+l6XdrTyA0NuF8tueLEKSdSCFxr2TJjroyojsybrYKehp5rrW1rT8cWWld2wXEEr+txsMCzIrlDqyerkcsu7ioMJb7ihRyXATBzdBOfUTq/8iLLc9gE9uRaMbeNOrglF0nxS+VtwOmst/z6fl7wC0+Q=,iv:t+dSzeBBhVfPo2efHM4iWIE/DHTDAm917kZrV1UxV0I=,tag:+CPkO6bbWqMzWBs16HT8GA==,type:str]
pgp:
- created_at: "2024-01-22T09:20:12Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcBMA0SHG/zF3227AQgApMVbQc+4BUc/7ima51XMJzIBA93SOLOCmyn2J9tLG/V/
ZM6fmWyiLvCRowA0nLt19DYnaRrEXTcRlvBPs/RIx6Fmq4260ZvyPN7Fea6ltVOL
EhG5IJHaweUhXMi6UV2/6vuTBbQsLzWK8xl6bZNCVFWB/JiLrHzukWpE4ACeqD0Y
P/428L4XCW05DkltQdfQrn2bIlf/6c/itvepRr1tHFr8ABuBM/g4hSg/nFyHlrH3
CtrdPSQBopZxhVv4MoHPWSQ6jGjrmqumc6gyNGa1Ugry3FmuFmdlMAoUsQtG/cU1
ORM/CvKwxLZU+qifm8QU4BO+0Gw/nhLrYfX0/EWsmtJRAQJt51PK3t/nXUTE47sT
lz+zPgpT/Sz9E/wKH3yAq9RuXKKtwc7oRJS+NHuv10YPIkhVejSjvmsGEKezU1ed
6BsZrcVnaQt+SdmUOEuP/iRF
=8elR
-----END PGP MESSAGE-----
fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B
unencrypted_suffix: _unencrypted
version: 3.7.3