From 5af42df5a9a63991ba5024e89c54df046116a029 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 21 Jan 2024 21:08:01 +0100 Subject: [PATCH] steveej-x13s-rmvbl: init with minimal setup this configures a standalone USB device that doesn't need configuration of the firmware's EFI variables. --- .sops.yaml | 8 + flake.lock | 17 -- flake.nix | 15 +- nix/devShells.nix | 24 +-- .../devices/sj-bm-hostkey0/configuration.nix | 100 +++++---- nix/os/devices/steveej-t14/hw.nix | 34 ++-- nix/os/devices/steveej-t14/system.nix | 11 + .../.gitignore | 0 .../steveej-x13s-rmvbl/configuration.nix | 66 ++++++ .../default.nix | 0 nix/os/devices/steveej-x13s-rmvbl/disko.nix | 66 ++++++ .../flake.lock | 108 +++++----- .../flake.nix | 190 ++++++++++-------- nix/os/devices/steveej-x13s/configuration.nix | 82 -------- secrets/shared-users.yaml | 108 +++++----- secrets/steveej-x13s-rmvbl/secrets.yaml | 46 +++++ 16 files changed, 501 insertions(+), 374 deletions(-) rename nix/os/devices/{steveej-x13s => steveej-x13s-rmvbl}/.gitignore (100%) create mode 100644 nix/os/devices/steveej-x13s-rmvbl/configuration.nix rename nix/os/devices/{steveej-x13s => steveej-x13s-rmvbl}/default.nix (100%) create mode 100644 nix/os/devices/steveej-x13s-rmvbl/disko.nix rename nix/os/devices/{steveej-x13s => steveej-x13s-rmvbl}/flake.lock (58%) rename nix/os/devices/{steveej-x13s => steveej-x13s-rmvbl}/flake.nix (61%) delete mode 100644 nix/os/devices/steveej-x13s/configuration.nix create mode 100644 secrets/steveej-x13s-rmvbl/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml index 7f5c5ec..4ac1cea 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -8,6 +8,7 @@ keys: - &steveej 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B - &steveej-t14 age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl + - &steveej-x13s-rmvbl age1hkta9w0yawwwwchapemkygzxkrv7vx759vrafgrjhm63spckwstque8x97 - &elias-e525 age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm - &justyna-p300 age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8 @@ -24,6 +25,7 @@ creation_rules: - *steveej age: - *steveej-t14 + - *steveej-x13s-rmvbl - *elias-e525 - *justyna-p300 @@ -83,3 +85,9 @@ creation_rules: - *steveej age: - *sj-bm-hostkey0 + - path_regex: ^secrets/steveej-x13s-rmvbl/.+$ + key_groups: + - pgp: + - *steveej + age: + - *steveej-x13s-rmvbl diff --git a/flake.lock b/flake.lock index af15232..86a3f52 100644 --- a/flake.lock +++ b/flake.lock @@ -293,22 +293,6 @@ "type": "github" } }, - "magmawm": { - "flake": false, - "locked": { - "lastModified": 1703542178, - "narHash": "sha256-HuCAz+B+cg7HoEEL67heaYRc8zmQCnPBR+DgmuiIZBk=", - "owner": "MagmaWM", - "repo": "MagmaWM", - "rev": "24dc21f228efb034cd0237fb5ff9a8310f1929b7", - "type": "github" - }, - "original": { - "owner": "MagmaWM", - "repo": "MagmaWM", - "type": "github" - } - }, "nix-eval-jobs": { "inputs": { "flake-parts": "flake-parts_3", @@ -663,7 +647,6 @@ "flake-parts": "flake-parts", "get-flake": "get-flake", "jay": "jay", - "magmawm": "magmawm", "nixos-anywhere": "nixos-anywhere", "nixpkgs": [ "nixpkgs-2311" diff --git a/flake.nix b/flake.nix index ba852b7..691edf1 100644 --- a/flake.nix +++ b/flake.nix @@ -59,11 +59,6 @@ flake = false; }; - magmawm = { - url = "github:MagmaWM/MagmaWM"; - flake = false; - }; - salut = { url = "gitlab:snakedye/salut"; flake = false; @@ -127,7 +122,7 @@ // ( let router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations; - steveej-x13s = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations; + steveej-x13s-rmvbl = (inputs.get-flake ./nix/os/devices/steveej-x13s-rmvbl).nixosConfigurations; retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations; in { @@ -140,7 +135,8 @@ # nixos-install --flake .\#retro_cross retro_cross = retro.cross; - steveej-x13s_cross = steveej-x13s.cross; + steveej-x13s-rmvbl = steveej-x13s-rmvbl.native; + steveej-x13s-rmvbl_cross = steveej-x13s-rmvbl.cross; } ); @@ -194,11 +190,6 @@ # }; # }; - # magmawm = pkgs.callPackage (self + /nix/pkgs/magmawm.nix) { - # inherit craneLib; - # src = inputs.magmawm; - # }; - salut = craneLib.buildPackage { src = inputs.salut; nativeBuildInputs = [ diff --git a/nix/devShells.nix b/nix/devShells.nix index 3f59c5b..d4d5c07 100644 --- a/nix/devShells.nix +++ b/nix/devShells.nix @@ -1,27 +1,27 @@ -{ - inputs', - packages', - pkgs, +{ inputs' +, packages' +, pkgs +, }: pkgs.stdenv.mkDerivation { name = "infra-env"; buildInputs = [ - (with pkgs.callPackage (pkgs.path + "/nixos") {configuration = {};}; - with config.system.build; [ - nixos-generate-config - nixos-install - nixos-enter - manual.manpages - ]) + (with pkgs.callPackage (pkgs.path + "/nixos") { configuration = { }; }; + with config.system.build; [ + nixos-generate-config + nixos-install + nixos-enter + manual.manpages + ]) ] ++ (with pkgs; [ inputs'.colmena.packages.colmena nixos-install-tools dconf2nix inputs'.nixos-anywhere.packages.nixos-anywhere + inputs'.disko.packages.default nurl - just git-crypt vcsh diff --git a/nix/os/devices/sj-bm-hostkey0/configuration.nix b/nix/os/devices/sj-bm-hostkey0/configuration.nix index 76ddb97..f2dd56d 100644 --- a/nix/os/devices/sj-bm-hostkey0/configuration.nix +++ b/nix/os/devices/sj-bm-hostkey0/configuration.nix @@ -1,14 +1,13 @@ -{ - modulesPath, - repoFlake, - packages', - pkgs, - lib, - config, - nodeFlake, - nodeName, - system, - ... +{ modulesPath +, repoFlake +, packages' +, pkgs +, lib +, config +, nodeFlake +, nodeName +, system +, ... }: { disabledModules = [ ]; @@ -52,7 +51,7 @@ programs.zsh.enable = true; users.defaultUserShell = pkgs.zsh; - environment.pathsToLink = ["/share/zsh"]; + environment.pathsToLink = [ "/share/zsh" ]; } ]; @@ -83,52 +82,54 @@ firewall.enable = false; }; - disko.devices = let - disk = id: { - type = "disk"; - device = "/dev/${id}"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1M"; - type = "EF02"; # for grub MBR - }; - mdadm = { - size = "100%"; - content = { - type = "mdraid"; - name = "raid0"; + disko.devices = + let + disk = id: { + type = "disk"; + device = "/dev/${id}"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + mdadm = { + size = "100%"; + content = { + type = "mdraid"; + name = "raid0"; + }; }; }; }; }; - }; - in { - disk = { - sda = disk "sda"; - sdb = disk "sdb"; - }; - mdadm = { - raid0 = { - type = "mdadm"; - level = 0; - content = { - type = "gpt"; - partitions = { - primary = { - size = "100%"; - content = { - type = "filesystem"; - format = "btrfs"; - mountpoint = "/"; + in + { + disk = { + sda = disk "sda"; + sdb = disk "sdb"; + }; + mdadm = { + raid0 = { + type = "mdadm"; + level = 0; + content = { + type = "gpt"; + partitions = { + primary = { + size = "100%"; + content = { + type = "filesystem"; + format = "btrfs"; + mountpoint = "/"; + }; }; }; }; }; }; }; - }; system.stateVersion = "23.11"; @@ -162,8 +163,5 @@ boot.binfmt.emulatedSystems = [ "aarch64-linux" - "i686-linux" - # "i386-linux" - # "i586-linux" ]; } diff --git a/nix/os/devices/steveej-t14/hw.nix b/nix/os/devices/steveej-t14/hw.nix index 419399b..ea1352c 100644 --- a/nix/os/devices/steveej-t14/hw.nix +++ b/nix/os/devices/steveej-t14/hw.nix @@ -1,21 +1,5 @@ { lib, ... }: let - stage1Modules = [ - "aesni_intel" - "kvm_amd" - "nvme" - "nvme_core" - - "thunderbolt" - "e1000e" - - "usbcore" - "xhci_hcd" - "usbhid" - "usb_storage" - "xhci_pci" - "uas" - ]; in { # TASK: new device @@ -103,6 +87,20 @@ in }; hardware.enableRedistributableFirmware = true; - # boot.initrd.availableKernelModules = stage1Modules; - boot.initrd.kernelModules = stage1Modules; + boot.initrd.kernelModules = [ + "aesni_intel" + "kvm_amd" + "nvme" + "nvme_core" + + "thunderbolt" + "e1000e" + + "usbcore" + "xhci_hcd" + "usbhid" + "usb_storage" + "xhci_pci" + "uas" + ]; } diff --git a/nix/os/devices/steveej-t14/system.nix b/nix/os/devices/steveej-t14/system.nix index 3e35163..11a2690 100644 --- a/nix/os/devices/steveej-t14/system.nix +++ b/nix/os/devices/steveej-t14/system.nix @@ -47,6 +47,17 @@ in system = "x86_64-linux"; maxJobs = 32; speedFactor = 100; + supportedFeatures = repoFlake.nixosConfigurations.steveej-t14.config.nix.settings.system-features ++ [ ]; + } + + { + hostName = repoFlake.colmena.sj-bm-hostkey0.deployment.targetHost; + # TODO: make this a reference + sshUser = "nix-remote-builder"; + protocol = "ssh-ng"; + system = "aarch64-linux"; + maxJobs = 32; + speedFactor = 100; supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features ++ [ ]; } ]; diff --git a/nix/os/devices/steveej-x13s/.gitignore b/nix/os/devices/steveej-x13s-rmvbl/.gitignore similarity index 100% rename from nix/os/devices/steveej-x13s/.gitignore rename to nix/os/devices/steveej-x13s-rmvbl/.gitignore diff --git a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix new file mode 100644 index 0000000..6ecdbb8 --- /dev/null +++ b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix @@ -0,0 +1,66 @@ +{ repoFlake +, pkgs +, lib +, config +, nodeFlake +, nodeName +, localDomainName +, system +, ... +}: + +{ + imports = [ + repoFlake.inputs.sops-nix.nixosModules.sops + nodeFlake.inputs.disko.nixosModules.disko + ./disko.nix + + ../../profiles/common/user.nix + + { + nix.nixPath = [ + "nixpkgs=${pkgs.path}" + ]; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + nix.settings.max-jobs = lib.mkDefault "auto"; + } + + { + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "yes"; + services.openssh.openFirewall = true; + + users.commonUsers = { + enable = true; + enableNonRoot = true; + }; + + sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + } + ]; + + networking = { + hostName = nodeName; + + firewall.enable = true; + + useNetworkd = true; + networkmanager.enable = false; + }; + + system.stateVersion = "23.11"; + + nixpkgs.config.allowUnfree = true; + + environment.systemPackages = [ + pkgs.util-linux + pkgs.coreutils + pkgs.vim + ]; +} diff --git a/nix/os/devices/steveej-x13s/default.nix b/nix/os/devices/steveej-x13s-rmvbl/default.nix similarity index 100% rename from nix/os/devices/steveej-x13s/default.nix rename to nix/os/devices/steveej-x13s-rmvbl/default.nix diff --git a/nix/os/devices/steveej-x13s-rmvbl/disko.nix b/nix/os/devices/steveej-x13s-rmvbl/disko.nix new file mode 100644 index 0000000..e7e0391 --- /dev/null +++ b/nix/os/devices/steveej-x13s-rmvbl/disko.nix @@ -0,0 +1,66 @@ +{ + disko.devices = { + disk = { + voyager-gtx = { + type = "disk"; + device = "/dev/disk/by-id/ata-Corsair_Voyager_GTX_21488170000126002054"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "x13s-usb-crypt"; + extraOpenArgs = [ ]; + # disable settings.keyFile if you want to use interactive password entry + #passwordFile = "/tmp/secret.key"; # Interactive + settings = { + # if you want to use the key for interactive login be sure there is no trailing newline + # for example use `echo -n "password" > /tmp/secret.key` + # keyFile = "/tmp/secret.key"; + allowDiscards = true; + }; + # additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/swap" = { + mountpoint = "/.swapvol"; + swap.swapfile.size = "32G"; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s-rmvbl/flake.lock similarity index 58% rename from nix/os/devices/steveej-x13s/flake.lock rename to nix/os/devices/steveej-x13s-rmvbl/flake.lock index be88708..71d8fc6 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s-rmvbl/flake.lock @@ -1,18 +1,51 @@ { "nodes": { + "acamcstephens_stop-export": { + "flake": false, + "locked": { + "lastModified": 1705858695, + "narHash": "sha256-iTIwMsw/cjacCkSzzCwb+nEkpOK/PoPenPHOysWCBSk=", + "ref": "refs/heads/main", + "rev": "8b61e53b83caf55bd374f4ce2b20f1e8012ce2ec", + "revCount": 13, + "type": "git", + "url": "https://codeberg.org/adamcstephens/stop-export.git" + }, + "original": { + "type": "git", + "url": "https://codeberg.org/adamcstephens/stop-export.git" + } + }, + "alsa-ucm-conf": { + "flake": false, + "locked": { + "lastModified": 1705501566, + "narHash": "sha256-Nyr7tjH5VBjocvaKaHCiK+zsjThYBtcr936aRWCBBpM=", + "owner": "alsa-project", + "repo": "alsa-ucm-conf", + "rev": "e87dde51d68950537f92af955ad0633437cc419a", + "type": "github" + }, + "original": { + "owner": "alsa-project", + "repo": "alsa-ucm-conf", + "rev": "e87dde51d68950537f92af955ad0633437cc419a", + "type": "github" + } + }, "brainwart_x13s-nixos": { "flake": false, "locked": { - "lastModified": 1701822673, - "narHash": "sha256-F2LBV8tqGPhEAvmn5Frxj79RPWgPGUYxJRYz8Pn9uj0=", + "lastModified": 1705565623, + "narHash": "sha256-sisr/dFIz8p3/Y7mz+arWxjeiBmUTQkMqkF9j3c2dWE=", "owner": "BrainWart", "repo": "x13s-nixos", - "rev": "ba245df7a72a78ec93aa500ba1a0cb29f0f65f37", + "rev": "29002122d86a1009ba70e7a4ca3063e5404c77a2", "type": "github" }, "original": { "owner": "BrainWart", - "ref": "main", + "ref": "flake", "repo": "x13s-nixos", "type": "github" } @@ -24,11 +57,11 @@ ] }, "locked": { - "lastModified": 1705348229, - "narHash": "sha256-CssPema1sBxZkrT95KFuKCNNiqxNe1lnf2QNeXk88Xk=", + "lastModified": 1705540973, + "narHash": "sha256-kNt/qAEy7ueV7NKbVc8YMHWiQAAgrir02MROYNI8fV0=", "owner": "nix-community", "repo": "disko", - "rev": "d0b4408eaf782a1ada0a9133bb1cecefdd59c696", + "rev": "0033adc6e3f1ed076f3ed1c637ef1dfe6bef6733", "type": "github" }, "original": { @@ -36,27 +69,6 @@ "type": "indirect" } }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "srvos", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1704982712, - "narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "07f6395285469419cf9d078f59b5b49993198c00", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "get-flake": { "locked": { "lastModified": 1694475786, @@ -75,11 +87,11 @@ "linux_x13s": { "flake": false, "locked": { - "lastModified": 1705487080, - "narHash": "sha256-DTOPiUGaeH5Ey+AZaO1c1n/QFikIXmvo2tTzgFtJ70k=", + "lastModified": 1705680516, + "narHash": "sha256-NjCuPYjYHBJcoJR1ZaWQ9sRh0VpY2Y0hawkbUBRfCvk=", "owner": "jhovold", "repo": "linux", - "rev": "dd209a8fb4840e48ca4963bb23057f38b1066a6d", + "rev": "bac95eabe6577faa2773cbe7e91c34fd17ab79a0", "type": "github" }, "original": { @@ -107,50 +119,30 @@ }, "nixpkgs": { "locked": { - "lastModified": 1705316053, - "narHash": "sha256-J2Ey5mPFT8gdfL2XC0JTZvKaBw/b2pnyudEXFvl+dQM=", + "lastModified": 1705641746, + "narHash": "sha256-D6c2aH8HQbWc7ZWSV0BUpFpd94ImFyCP8jFIsKQ4Slg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c3e128f3c0ecc1fb04aef9f72b3dcc2f6cecf370", + "rev": "d2003f2223cbb8cd95134e4a0541beea215c1073", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-unstable", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } }, "root": { "inputs": { + "acamcstephens_stop-export": "acamcstephens_stop-export", + "alsa-ucm-conf": "alsa-ucm-conf", "brainwart_x13s-nixos": "brainwart_x13s-nixos", "disko": "disko", "get-flake": "get-flake", "linux_x13s": "linux_x13s", "mobile-nixos": "mobile-nixos", - "nixpkgs": "nixpkgs", - "srvos": "srvos" - } - }, - "srvos": { - "inputs": { - "flake-parts": "flake-parts", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1705346686, - "narHash": "sha256-lTf1b2I6wwNDhV5eEKIAMT5DOa43bK5KaPqDWH2yfek=", - "owner": "numtide", - "repo": "srvos", - "rev": "8e03bea707212a7225b0ab02a8186af8b1e98e0a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "srvos", - "type": "github" + "nixpkgs": "nixpkgs" } } }, diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s-rmvbl/flake.nix similarity index 61% rename from nix/os/devices/steveej-x13s/flake.nix rename to nix/os/devices/steveej-x13s-rmvbl/flake.nix index 05b3765..d5eceb3 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/flake.nix @@ -1,13 +1,11 @@ { inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; get-flake.url = "github:ursi/get-flake"; disko.inputs.nixpkgs.follows = "nixpkgs"; - srvos.url = "github:numtide/srvos"; - srvos.inputs.nixpkgs.follows = "nixpkgs"; mobile-nixos.url = "github:NixOS/mobile-nixos"; mobile-nixos.flake = false; @@ -17,9 +15,20 @@ linux_x13s.flake = false; brainwart_x13s-nixos = { - url = "github:BrainWart/x13s-nixos/main"; + url = "github:BrainWart/x13s-nixos/flake"; flake = false; }; + + acamcstephens_stop-export = { + flake = false; + url = "git+https://codeberg.org/adamcstephens/stop-export.git"; + }; + + + alsa-ucm-conf = { + flake = false; + url = "github:alsa-project/alsa-ucm-conf/e87dde51d68950537f92af955ad0633437cc419a"; + }; }; outputs = @@ -31,15 +40,7 @@ let targetPlatform = "aarch64-linux"; buildPlatform = "x86_64-linux"; - nodeName = "steveej-x13s"; - - pkgs = nixpkgs.legacyPackages.${targetPlatform}; - pkgsCross = import self.inputs.nixpkgs { - system = buildPlatform; - crossSystem = { - config = "pentium2-unknown-linux-gnu"; - }; - }; + nodeName = "steveej-x13s-rmvbl"; mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs: nixpkgs.lib.nixosSystem ( @@ -64,21 +65,6 @@ { nix.registry.nixpkgs.flake = nixpkgs; } - - { - nixpkgs.overlays = [ - (final: prev: - { - qrtr = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/qrtr.nix" { }; - qmic = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/qmic.nix" { }; - rmtfs = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/rmtfs.nix" { }; - pd-mapper = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/pd-mapper.nix" { - inherit (final) qrtr; - }; - compressFirmwareXz = prev.lib.id; #this leaves all firmware uncompressed :) for pd-mapper - }) - ]; - } ] ++ extraModules; } @@ -155,56 +141,76 @@ defconfig = "johan_defconfig"; }; - uncompressed-fw = pkgs.callPackage - ({ lib, runCommand, buildEnv, firmwareFilesList }: - runCommand "qcom-modem-uncompressed-firmware-share" - { - firmwareFiles = buildEnv { - name = "qcom-modem-uncompressed-firmware"; - paths = firmwareFilesList; - pathsToLink = [ - "/lib/firmware/rmtfs" - "/lib/firmware/qcom" - ]; - }; - } '' - PS4=" $ " - ( - set -x - mkdir -p $out/share/ - ln -s $firmwareFiles/lib/firmware/ $out/share/uncompressed-firmware - ) - '') - { - firmwareFilesList = lib.flatten options.hardware.firmware.definitions; - }; - linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s; dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/sc8280xp-lenovo-thinkpad-x13s.dtb"; dtbName = "x13s63rc4.dtb"; + + x13_firmware = { stdenvNoCC, fetchFromGitHub }: + stdenvNoCC.mkDerivation { + pname = "x13s-extra-firmware"; + version = "1.0.0"; + + src = fetchFromGitHub { + owner = "ironrobin"; + repo = "x13s-alarm"; + rev = "efa51c3b519f75b3983aef67855b1561d9828771"; + sha256 = "sha256-weETbWXz9aL2pDQDKk7fkb1ecQH0qrhUYDs2E5EiJcI="; + }; + + dontFixup = true; + dontBuild = true; + + installPhase = '' + mkdir -p $out/lib/firmware/qcom/sc8280xp/LENOVO/21BX + cp x13s-firmware/qcvss8280.mbn $out/lib/firmware/qcom/sc8280xp/LENOVO/21BX/ + ''; + }; + in { + nixpkgs.overlays = [ + (final: prev: + { + qrtr = final.callPackage "${self.inputs.acamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" { }; + pd-mapper = final.callPackage "${self.inputs.acamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" { + inherit (final) qrtr; + }; + + x13s_alsa-ucm-conf = prev.alsa-ucm-conf.overrideAttrs (prev: { + src = self.inputs.alsa-ucm-conf; + }); + } + ) + ]; + boot = { loader.systemd-boot.enable = true; loader.systemd-boot.extraFiles = { "${dtbName}" = dtb; }; - loader.efi.canTouchEfiVariables = true; + loader.efi.canTouchEfiVariables = false; loader.efi.efiSysMountPoint = "/boot"; + blacklistedKernelModules = [ "wwan" ]; + kernelPackages = linuxPackages_x13s; kernelParams = [ + "dtb=${dtbName}" + "boot.shell_on_fail" + + # jhovold recommended + "efi=noruntime" "clk_ignore_unused" "pd_ignore_unused" "arm64.nopauth" - "cma=128M" - "nvme.noacpi=1" - "iommu.strict=0" - "dtb=${dtbName}" + + # blacklist graphics in initrd so the firmware can load from disk + "rd.driver.blacklist=msm" ]; + initrd = { includeDefaultModules = false; availableKernelModules = [ @@ -231,39 +237,65 @@ "phy-qcom-snps-femto-v2" "phy-qcom-usb-hs" "nvme" + + "usbcore" + "xhci_hcd" + "usbhid" + "usb_storage" + # "xhci_pci" + "uas" ]; }; }; - # power management, etc. - environment.systemPackages = with pkgs; [ - qrtr - qmic - rmtfs - pd-mapper - uncompressed-fw - ]; - environment.pathsToLink = [ "share/uncompressed-firmware" ]; - # ensure the x13s' dtb file is in the boot partition - system.activationScripts.x13s-dtb = '' - in_package="${dtb}" - esp_tool_folder="${efi.efiSysMountPoint}/" - in_esp="''${esp_tool_folder}${dtbName}" - >&2 echo "Ensuring $in_esp in EFI System Partition" - if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then - >&2 echo "Copying $in_package -> $in_esp" - mkdir -p "$esp_tool_folder" - cp "$in_package" "$in_esp" - sync - fi - ''; + # default is performance + powerManagement.cpuFreqGovernor = "ondemand"; hardware.enableAllFirmware = true; hardware.firmware = [ pkgs.linux-firmware + + (pkgs.callPackage x13_firmware { }) (pkgs.callPackage "${self.inputs.brainwart_x13s-nixos}/pkgs/x13s-firmware.nix" { }) ]; + + systemd.services.pd-mapper = { + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + ExecStart = "${lib.getExe pkgs.pd-mapper}"; + Restart = "always"; + }; + }; + + # bind mount over existing alsa-ucm-conf + # this is just config, but is in the critical path for lots of packages + # systemd.services.x13s-alsa-conf = { + # wantedBy = [ "multi-user.target" ]; + + # serviceConfig = { + # Type = "oneshot"; + # RemainAfterExit = true; + + # ExecStart = "${pkgs.util-linux.mount}/bin/mount -o bind ${pkgs.x13s_alsa-ucm-conf}/share/alsa ${pkgs.alsa-ucm-conf}/share/alsa"; + # ExecStop = "${pkgs.util-linux.mount}/bin/umount ${pkgs.alsa-ucm-conf}/share/alsa"; + # }; + # }; + + systemd.services.bluetooth = { + serviceConfig = { + # disabled because btmgmt call hangs + # ExecStartPre = [ + # "" + # "${pkgs.util-linux}/bin/rfkill block bluetooth" + # "${pkgs.bluez5-experimental}/bin/btmgmt public-addr ${cfg.bluetoothMac}" + # "${pkgs.util-linux}/bin/rfkill unblock bluetooth" + # ]; + RestartSec = 5; + Restart = "on-failure"; + }; + }; }; }; }; diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix deleted file mode 100644 index 8bbc5c9..0000000 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ repoFlake -, pkgs -, lib -, config -, nodeFlake -, nodeName -, localDomainName -, system -, ... -}: - -{ - imports = [ - # repoFlake.inputs.sops-nix.nixosModules.sops - - # ../../profiles/common/user.nix - - { - nix.nixPath = [ - "nixpkgs=${pkgs.path}" - ]; - - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - - nix.settings.max-jobs = lib.mkDefault "auto"; - nix.settings.cores = lib.mkDefault 0; - } - - { - services.openssh.enable = true; - services.openssh.settings.PermitRootLogin = "yes"; - - # users.commonUsers = { - # enable = true; - # enableNonRoot = false; - # rootPasswordFile = config.sops.secrets.passwords-root.path; - # }; - - users.users.root.password = "install"; - - # sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; - # sops.defaultSopsFormat = "yaml"; - - # sops.secrets.passwords-root.neededForUsers = true; - } - ]; - - networking = { - hostName = nodeName; - useNetworkd = false; - - networkmanager.enable = false; - - firewall.enable = false; - }; - - system.stateVersion = "23.11"; - - # We exclude a number of modules included in the default list. A non-insignificant amount do - # not apply to embedded hardware like this, so simply skip the defaults. - # - # Custom kernel is required as a lot of MTK components misbehave when built as modules. - # They fail to load properly, leaving the system without working ethernet, they'll oops on - # remove. MTK-DSA parts and PCIe were observed to do this. - - # boot.initrd.includeDefaultModules = false; - # boot.initrd.kernelModules = ["rfkill" "cfg80211" "mt7915e"]; - # boot.initrd.availableKernelModules = ["nvme"]; - - nixpkgs.config.allowUnfree = true; - - # hardware.enableRedistributableFirmware = true; - - environment.systemPackages = [ - pkgs.busybox - ]; - - fileSystems."/".label = "x13s_root"; -} diff --git a/secrets/shared-users.yaml b/secrets/shared-users.yaml index c081ae5..e423eb6 100644 --- a/secrets/shared-users.yaml +++ b/secrets/shared-users.yaml @@ -16,82 +16,100 @@ sops: - recipient: age17jxphuql70wjkd84azn62ltx9ky69hyvkac23lm8f2j92lznf9hseqq0vl enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlbG5RWWVBZ2JZOXlENDVr - M3lCdEc4RnVwWlZJZXY5RGJ5aEFmcmlmK0hFCnNFSHliMHZyWTBLZG5ub2hPSy93 - dDNoWmgvTEhQdUdWL1dEbDZpRnBacFUKLS0tIFpjdVZBZjhRdll2TGdKdFVQTzVp - UDV5bXpzWXNzMTQwTkZPVjc0ckNUUFEKwYIl0ErBjh83ogRau2mYzkivxruLKQXj - eEQgNMf/xdWZ76OAKDwCF/7zmCSeT2UYoJFCfYtnMw7OxwOCyvPIOg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlanJ3b29Ed2Q3Y2I3SWRt + TlpTRFpMT3FhOUl0dGZGMW1lU3pQNW95bkZjCjY0bXV4Q2dBQjd6emZRdlczQ0F6 + V3RvbklucGhzbGpPUzJ4K3FrNzJ2SVEKLS0tIFRlWWRBNk1HdllsZzNQZDIwa2N6 + bUpjR0ZzNVd5dEpEZUJCSnVUWVJtSzAKb2dEX133nceasBIwgd8q6x6WWPCQ0Ukg + Rmsbi5u1SYrZr3544sVoo0PvkU7gT9Fh4/LOy9oPpJSEcTXf5DMzjQ== -----END AGE ENCRYPTED FILE----- - recipient: age1pmznn2tjpelpmxjxqef48rse5ujggf9kcr8x5vewuadqcw03aavqwy54zm enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAramZoZmdSOFdoWEttNndT - RHVWUC9RekVVL21iQVA5Z3JvajliSVZVNVNFCjhiMkdGOXNTa2FnVStUTVRVZm1s - Y1ZVdGFnZ0I2VGYxTW1Wakt5Znd3NXcKLS0tIERvVjFySDJDU3lRNGlpL3pYRWwy - UU0ybTRsSVlBaFV2d2xqVTc5Q1lNQWcKUti+W3HLneDzq/VI5yPBsTPyDUAUYL6U - tO1SMC8xBVbgzlFQtM84gYCE8ATxvwOJV+8wNrcHdWXQ8AJLF9UwPA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkRjBHQ2lDYmhsei84STdk + eUVOdWZGOTJMR1JwbHB2ek5mRzVVdkJuU0ZjCmk2NUttVjgwTk42OUtxVStVMEFK + VFo0RFRyR3RJa2VJSm95NVV3dm5YL3MKLS0tIExGQUlhS3RDMjRHejRaZ01BQWZ1 + U0pZR3BzakVmUW1QNGhsQkNQMk1NY00KR3ZP/WB3sMNoWi13mjMqgnZuM8tnIjty + QHgwav0qOkcQqdYSfOY/DxmPgTG0CKroqRXY8Hk72Y/UH2HpyIptnQ== -----END AGE ENCRYPTED FILE----- - recipient: age1ye4fa0v37shz8q4e5uf9cp2avygcp9jtetmnj2sv9y9mqc7gjyksq2cjy8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2ZXpGREZxdzREU0tSV1Nu - ZnVONGdxU0VBb3RXY21pTEJVWUw3aUV1UG5ZCmZYcXVzdUgzalFvdXR1Q0FESENF - Q0VDSmlqbGRxemlGYVRQN2NQcGU3VEEKLS0tIFp1N2V6V3dkeWVpRGtrTzhyNUFE - TUdFcXpEbnpmdTlWM1I3UTBYSFo5UnMKJm4gkNDHnCujMk+i46hGEMoQWEs9IBRM - /Lb1BpHA+5BB0LB6yL1VkXttSBNp69s5LN/EgdvTnZ7qL4/KqhwvMg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3UUs4dTFIcXVvZ285N1A1 + MmhleE50YXVGaDg0QlZsUWZNam4wYjRwL1FVClNBUm9GcWNvUitYSnBla1dIeDFl + SmZKMzBQTWpSdGRPcDVlTmRjQzZxNWcKLS0tIFh2UGJtMHdZTXo1N2lzckM3YXRl + NmZpcGRLVmZsYjkwZkJ2NEk5dzlmY0EKtxNY7qvh5ErrAhRcQHVnDc1orsYlLGCS + 8uLSOapuC8W6EH6w6aewQiggKBjDmECpNo7VyXfbURfaOk4o8uqg3A== -----END AGE ENCRYPTED FILE----- - recipient: age13cyvxrd28j68f97q2dwsn62q5dy8tdxtq86ql2dxv2ncwfrf63dsmkj7n3 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxSk9GbVpxaHJPUGY4U3hu - K3hpbzhkMWVJNHIrNWVPRUphcjkvY0h1cWpnCkxYTmtiWjk2QktxSHJON01XRGJD - MDZZZlB3dU9NbXN4RHRMc2ZRTHdERE0KLS0tIFJpdUhWdm1INFU3eU96NFN3OFk1 - Z2dMQ2xGOTJCcXdCU0FFdVJjQVIwK1EKHLo6YIsfKAwQ/yBQvS1icIAS6W7AwABw - d5hD2G0KVJK66HnYWuQALQbuWh2i0OA2fNAywcKe4R5ACN5M8TKHew== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUEFIb3VmZVE2Q1NheGEx + YmdscFdEYThQa29jTEdzdjZlK1U2WFlUY3dVCm1CUmlMY21pMXRGTXY4RDZ3cE1p + UUxNMEozQndUaTNGUlVrK0pKWC9WODAKLS0tIG1wSnNEZVUvakkxZS8yaklpWlNH + MFZkc2Z4M1FNdWZkdmwvQVpiRDFtbTQKbnNBlKnsNiL6BeSC9AoGx6IVeOyvB5IH + mP6aBQHyOBMgGql2+WHLdjBS5qEeR43jZbWNKiTnt8lnnfj7GVgiPA== -----END AGE ENCRYPTED FILE----- - recipient: age1k7cejd9tqz6a3expd63wkn7kmeawhhrp9vy5vevhjn6eavhdwywqeh7j86 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3dEttcnphWlVpbTdET1pY - L2RxWkx2VWVxZ21URE53MFg1cVFpTkwxN1N3CmJSRk1DY2JkZk5DMlUvZFp5RXNw - YWh0Q1FxTUJwTWNVY09NTTdSRHEzM1UKLS0tIEREeGY4M2J1QWZUTThhTWxoOUVX - QVJSemJ4eldSbGU4dWZtU1hRNi9VQk0KhT8lL2mk8J/uZ0dECGbi14Se2cC7l6AK - yWgNHggdrPcSvHH/A2u1yUdfQCU36yEvoxAwa8y/uQW3lgU35iVT+g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1NTlhSXRFN1ZrYjZGdXlG + dDBlVUxJd0FlQnpETkJSbHppNGlncEp1emhRCjRLMkEvbXRkampwcWxvNnhRRVhY + dWlQWWI5YXJQMmR3cWxOVUtneWRDRFkKLS0tICt6ZEF3cHg0SUxES243TzdFcnVS + bkgrWklIbFFrRHdHZGdvMGlHTGNXUkEKUuT35aX71q+KBXozpoGWcHeSs0g70kyY + yo5uuD6Ay4QlNtdfeOYmsyg8iikOrpw5Mer2vsSTWGbszy8p1+93Pw== -----END AGE ENCRYPTED FILE----- - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuT29LTzAxcHZPd0VFa2pG - ZVJ6K2tiT2V3MDJlakpjZ1puczFWZEdORFJNCitNRzViZHU4ZTRXMmJZYUZqRHJ2 - aDZtRlAyMDdOUHoxbWJ1c0JHaURXSlEKLS0tIHpnRitqc1BmV3FyUjZQcGtZZUtG - dXRPaEJna0duZDVLZVRpODM2enpiUmcKWLmGdJzLZ6UMcGRAzCb/UmsHl1Q+FQgk - IPTiCyyun+1JjWMSXC/z7rf2LFuvWvPPxHOChnYivBD60BYMgHJ8Sg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUSzR0SFJPSjBVQVlCcFBT + ajMwNUFzZWwzMDkzTHh0anJETnVicWdiVFJJClRSVi9MbjdKcUUvRVFyby9RSVdk + VHpxbnBuQll3QzQwUERCNXdQOCtZSE0KLS0tIDBhbW1YU2c5YVpwUVMwY2EwVjRD + dk1uTzNZN1hnT2NHU29EN2FsQ1pUQVEK+cpcftNnD8HhLimsrp+YDLwurUZqENkQ + HX45h7tC7J6R0+w8A/1nfY1gsST/asgJhSGjroB+EdsP2aGUCUiNyA== + -----END AGE ENCRYPTED FILE----- + - recipient: age18dmqd7r7fanrfmdxsvwgv9psvhs3hw5ydpvw0na0dv3dlrg4rs3q2wpvgv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6bXZsYnYzMC8wQnhMUGpu + TVFKWkFTU1U0VTFDeUlaR2dzZzN6WG9ueFQ4CnFYMWpoUGFPbkZRTUtSN2ZnelFJ + Nk1CdjVTbnY3aG1FNVZrY3hQYmRGalEKLS0tIERsd2xvaStod1N4eHg3eTIxSlUy + NERKTEZpSkV3N2wxWTlVazhNdFk2NDQKt+omfSoPJQvohV4aED0HYMXwFKMq25lB + 9+gB0BJDYe7btIUuFr861EDWx+D32gBtbpRsyAitNJKc9NlZ4VLWuw== -----END AGE ENCRYPTED FILE----- - recipient: age1dw43sxtdxptzgyhsxhrj36x5gn7376gqk45t7wtyt3s97v7ux39sdmdd44 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXN1hoQWdERDRTN0lJM0pI - RWcvZXVPN3ljd0h0QTA1SmN6dlorVi9vWjNNCmhscXhNTmhBVlZZN3VzdzFnRWNt - VTlTUGk0RnRIaHF2bnBPeFpOVHY4RGsKLS0tIDA5MjVFZnU3bTE3bHZZSzJJQmpD - NEJkTStUaWVzZTNpKzZNTnRmR0tJUGsKBsVqJ0Xg8qWHGb2IDJXrEq4k4LgQFhQS - HrVF7MAwE/WSnGRhh/V8osej3QHW4vLg37IjaT6v+hCcBOiJeCqg5g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXc0dETndkQVFwa2FwUUtj + aHNNaG5rS2VvamRtVDR1Rm1ubXFaR2NWa0RzCmdLbTFFUzlrZ01KWTY5Uk9uWTAy + Ym1kRXp4bWM1QUs2d1BwcE1WTEsyY3cKLS0tIG5qVm84WGlGVDlDWUVHWGNrcXJQ + NHR6S3pPRFhWemNWM0FMSjZpbXkzN0UKoTE6GuckP7QwuCQ8gZgitmW0URtG57u6 + VuWmt7vpSuutHJmccODDpFg4iJKC8SKIeUoQANKsnBJf/uZhDaG42Q== + -----END AGE ENCRYPTED FILE----- + - recipient: age1hkta9w0yawwwwchapemkygzxkrv7vx759vrafgrjhm63spckwstque8x97 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsM2ptZVl5R0tybkU1bHJp + ams0OENxU21FZDJjNkZNQUlteDF3RHBoOWpZCjFNUXhzMzhXR1FhUmxnSFAzcnVK + NVZONlNkVVdGcUNtZyszT1liOVdtOVUKLS0tIDZIR2NMWGVJclhqeitqN1V3endv + Z0wzT0hweEVML2plRTkzaFZsWHJHY2MKTcX84PLdHpuGzUn2v7r5gJLp9ZBhgLu6 + WI1KWIwbYj91hsoHjUH4lW0Xv7/mVLrON9wOQuOuyuVeDfP7GQ73qA== -----END AGE ENCRYPTED FILE----- lastmodified: "2023-07-06T20:14:22Z" mac: ENC[AES256_GCM,data:GPWu5DjjJ1ki+HRuedGdDCt+2V0RPbOsD/yWJxPIkgu5923vnF8y9y4V6e6+ZsTqHv4hsKeCjKtUnh2Ldn+xadwJmqrIxyJ8NzH5TOvcBxAab9cJCp/yKENw0O1WMUTlDPelvQKMDwbgiebaVVfxbQPUEfJGOgkHkyXrgqN94FU=,iv:h9YALYahUl7mRJmZKjArEfaMrfW9YZkVYd2CEooF13Q=,tag:wotqxup/ouG/bEVOZCs19w==,type:str] pgp: - - created_at: "2023-11-23T20:47:07Z" + - created_at: "2024-01-22T09:16:19Z" enc: |- -----BEGIN PGP MESSAGE----- - wcBMA0SHG/zF3227AQf/Y907bW+LYWHAT8FPF12f8+GvUy744+9sMZe3oSX1ML9F - JOEjxSOs9OCWM79qBIMI6Nets3lV1eEoR8eG74jcIwNPQMfQn/U4hHtJM9Nq4yI7 - 1FLQEfGZcuSMUk2/1c/9lEi+Sye9W+9ZYGUIcvBu1ksPmZpJT/BVOaNc8xWe1hzY - FmEzwaWAPaxSH1EM3KnPhxezzn76DxjDKc4iMNi+5UoAIT2cssbdckf5uDaTa3CE - 6GrfR9//5ldsPqineM2MHeEMHgn+mlVYmpiXNBCfcMfEi81o6l5nmNjy1qjABEKC - 254kSW+vMFOhdH6AZvJ/21z/3aUTwMM2mFEti/nh4dJRAWNWEymviIC1o2esJ9K6 - 77xHv4pEIEahuBcHLBbeBK3AYYqJxcZr5BhIqGAir8OlCOaXzRsN5ElzmVS+Hoib - t04nfgpuRfKyso0zrndvLwDn - =lmD0 + wcBMA0SHG/zF3227AQf/WsDFXBatZSxOmQWVGXw0MOeC2QOKaUo5if7C4Z0d+cMg + AyEmUMFcU3KkTFTqjqSqjA/9k/AJiqJxQkXqcSVHT4z3vNdGzrWVsJI4fimmumFZ + Hcc7hIgkBK1THkTkoOr3G3WRHJ/J4nZmABycWSt1kF1FdnHnXo8bXh25Sk+Ellt2 + +SlaC8NAZtd2P6L3ZxQYFUud3mc6/uUV5GTkZ7RisjMnAEVF5BbvzSAlAj7fh4Ph + ZJxMLzVnqQHrN+U/0WuFtL8KJaCF9zecxQxzaM/Zf/Sa5x4fsoqsjmMPhtwQMvC5 + ehiXSoVYETuJylSQF+N44V46/lrO6qqnIi+5NqqC2NJRAXH01P/bMQfW5M6AqQgJ + muPztPFjBL46D3wVo6Hg0JL6ag5DV4/mjTOpEiiGUHKxTDxFwlNYRQQX2EHnBHFb + Otf7rnrSdA+I9GqEpCNkzdbi + =pR8T -----END PGP MESSAGE----- fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B unencrypted_suffix: _unencrypted diff --git a/secrets/steveej-x13s-rmvbl/secrets.yaml b/secrets/steveej-x13s-rmvbl/secrets.yaml new file mode 100644 index 0000000..7b2d3ec --- /dev/null +++ b/secrets/steveej-x13s-rmvbl/secrets.yaml @@ -0,0 +1,46 @@ +hello: ENC[AES256_GCM,data:9dO0Gd4YDDxWHHBYtdomfK8BJnBZC+SQYfUvTAkCq9sOO/ZH/bFhN0Fl/NvLzQ==,iv:m1TZ9PGjsoMo7NA9EHrLb0tCtIl98E3OEN1bkpZZxXY=,tag:Gup/pACLIXGXu8KEyzmfWg==,type:str] +example_key: ENC[AES256_GCM,data:EQ+uewu8+17QhrbIHg==,iv:N9i1tCT5IHz5WYbqyF0AIqCq/c67uPMiavUxt0Eb2Oc=,tag:UwOrM3cOLYMxIe80GenljA==,type:str] +#ENC[AES256_GCM,data:qZzxU9ai1z/5f3gxHrR5Dq56,iv:ccvxVS693K9Jjp/YIesWo8kemtkCSFWHJlJposcmXt0=,tag:FQUUPO+ydScUVZWH89vEew==,type:comment] +#ENC[AES256_GCM,data:Il5rKFCgUQERmLqSEOnzoQ==,iv:ALxNqdu/MgDdPyiEsq0Qgb/5bOBS3OgIWf0ZOUbGLJg=,tag:u4vJ7Y6iwa1Na5FIebrVow==,type:comment] +example_array: + - ENC[AES256_GCM,data:yMM0kfvv4WI/reWLuM8=,iv:51XoWYOFLAbhIzejbWBwIpi2JVhQZIivLt4HVJtXPpA=,tag:J9C7NwdVOoocGKWUvUAOSQ==,type:str] + - ENC[AES256_GCM,data:Tg1bRwtydMuaLvnvTDc=,iv:8c44EM1U5tqD8Mn8Fg37MyASi+xv78BB+8AjG59tzXE=,tag:OvxU9x0pZbjW9j/DQMahFg==,type:str] +example_number: ENC[AES256_GCM,data:DhzIPdpqm/p1pQ==,iv:ZWkBTeuyaXVzffEVGuw1xxi+ekiSGyspE9PeBNRRm1k=,tag:Qq1/Wo3XY+Y2u5luxxxTeA==,type:float] +example_booleans: + - ENC[AES256_GCM,data:ZA6WIQ==,iv:gkQnXrVZiP6Yj4SVdtM09Jmpebb11998tv3y/P5pvqE=,tag:ujwkH9l6/+1W4IeDu3HBFw==,type:bool] + - ENC[AES256_GCM,data:YcDPFAc=,iv:r9gBG5YIq5Sgs6/HWRWjBJZ8TrlXDxnAZN1PRBVIq8k=,tag:TTP0tsiPsPsd6BjkScCRbQ==,type:bool] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1hkta9w0yawwwwchapemkygzxkrv7vx759vrafgrjhm63spckwstque8x97 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDWk1LS3A0NENRZk1HZm8x + dW1PNkxZV1ZWdStzb2M5MzRRNmJmUXcvakJJCnpwVlZRV3FHVDNUbURSMWZXY3k2 + NUliMUpNT3kreEZITjR3dDdrU2MvVkEKLS0tIFp5U2tCa3V5NWhqWHgzdDR5RG9D + SmxNVk45UklhUjRYc2pTVy9FWFBhQUUK1QMqDCIZnyyzJhUb0TBgheW2P6lAUTQe + KLhYqTRuo5/zS5C2uANa028CNGWJVOoEgKEw3xjHz0pvSkT5JkI8WQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-01-22T09:20:19Z" + mac: ENC[AES256_GCM,data:Mmo5XJaMIDZ0sqKyn7oK+l6XdrTyA0NuF8tueLEKSdSCFxr2TJjroyojsybrYKehp5rrW1rT8cWWld2wXEEr+txsMCzIrlDqyerkcsu7ioMJb7ihRyXATBzdBOfUTq/8iLLc9gE9uRaMbeNOrglF0nxS+VtwOmst/z6fl7wC0+Q=,iv:t+dSzeBBhVfPo2efHM4iWIE/DHTDAm917kZrV1UxV0I=,tag:+CPkO6bbWqMzWBs16HT8GA==,type:str] + pgp: + - created_at: "2024-01-22T09:20:12Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcBMA0SHG/zF3227AQgApMVbQc+4BUc/7ima51XMJzIBA93SOLOCmyn2J9tLG/V/ + ZM6fmWyiLvCRowA0nLt19DYnaRrEXTcRlvBPs/RIx6Fmq4260ZvyPN7Fea6ltVOL + EhG5IJHaweUhXMi6UV2/6vuTBbQsLzWK8xl6bZNCVFWB/JiLrHzukWpE4ACeqD0Y + P/428L4XCW05DkltQdfQrn2bIlf/6c/itvepRr1tHFr8ABuBM/g4hSg/nFyHlrH3 + CtrdPSQBopZxhVv4MoHPWSQ6jGjrmqumc6gyNGa1Ugry3FmuFmdlMAoUsQtG/cU1 + ORM/CvKwxLZU+qifm8QU4BO+0Gw/nhLrYfX0/EWsmtJRAQJt51PK3t/nXUTE47sT + lz+zPgpT/Sz9E/wKH3yAq9RuXKKtwc7oRJS+NHuv10YPIkhVejSjvmsGEKezU1ed + 6BsZrcVnaQt+SdmUOEuP/iRF + =8elR + -----END PGP MESSAGE----- + fp: 6F7069FE6B96E894E60EC45C6EEFA706CB17E89B + unencrypted_suffix: _unencrypted + version: 3.7.3