Skip to content

Commit

Permalink
Merge branch 'main' of github.com:anthr76/snowflake
Browse files Browse the repository at this point in the history
  • Loading branch information
@anthr76
anthr76 committed Jan 4, 2025
2 parents 94bbf37 + fed72a8 commit 21a21ae
Show file tree
Hide file tree
Showing 6 changed files with 56 additions and 47 deletions.
2 changes: 2 additions & 0 deletions .sops.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ keys:
- &f80 age17j2dw9kdpqntanmk9ndfw3gfu2cld22teuwzfuhnu8j7xpm2yf5se8d2f7
- &fw1-nwk3 age1hfg2qhhgkun0jz3ez383slf3ruldxyhvcr4488nuhn6vuuaje4rqhp0h96
- &fw1-nwk2 age1n84nrpcndeduskpx7psc5p3758vcp8ynme5qacdergyrkhhtremsdewm8g
- &lattice age1w0gxlxdt4p63ggundtdwvhar4kgkl5z09vmxxdg2r94f8hugsegq6nx2gw

creation_rules:
- path_regex: secrets/[^/]+\.yaml$
Expand All @@ -23,3 +24,4 @@ creation_rules:
- *f80
- *fw1-nwk3
- *fw1-nwk2
- *lattice
2 changes: 1 addition & 1 deletion nixos/hosts/lattice/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
hardware.enableAllFirmware = true;

disko.devices = import ./disks.nix {
disks = [ "/dev/disk/by-id/nvme-Sabrent_SB-RKT4P-2TB_48821069801973" ];
disks = [ "/dev/disk/by-id/nvme-WD_BLACK_SN850X_4000GB_24035A801792" ];
luksCreds = config.sops.secrets.e39-luks-password.path;
};

Expand Down
4 changes: 2 additions & 2 deletions nixos/hosts/lattice/disks.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ disks ? [ "/dev/disk/by-id/nvme-Sabrent_SB-RKT4P-2TB_48821069801973" ]
{ disks ? [ "/dev/disk/by-id/nvme-WD_BLACK_SN850X_4000GB_24035A801792" ]
, luksCreds, ... }: {

disk = {
Expand All @@ -11,7 +11,7 @@
ESP = {
label = "EFI";
name = "ESP";
size = "512M";
size = "2048M";
type = "EF00";
content = {
type = "filesystem";
Expand Down
4 changes: 0 additions & 4 deletions nixos/personalities/base/openssh.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,4 @@ in {
enable = true;
authorizedKeysFiles = ["/etc/ssh/authorized_keys.d/%u"];
};
# Keep SSH_AUTH_SOCK when sudo'ing
security.sudo.extraConfig = ''
Defaults env_keep+=SSH_AUTH_SOCK
'';
}
2 changes: 2 additions & 0 deletions nixos/personalities/physical/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,6 @@ in {
services.pcscd = {
enable = true;
};
services.fwupd.enable = true;
services.fwupd.extraRemotes = [ "lvfs-testing" ];
}
89 changes: 49 additions & 40 deletions secrets/users.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,74 +14,83 @@ sops:
- recipient: age12t69fa3kqmnxdx4sca7ecv6lfu3wrfwm95zuuhujcfk3ukcn8dzsk40u6x
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVd1dkZFcrT3RQT2pPR1Iz
QmIwbk5Xa21XOHIzVW5vSmR6QkJUSGVURkZNClQ4VDZnM2J3Z1kxd3JXcG4zWVQ1
YXRhaG5iL0k5MytCN0VHcEhkZ3p3V1UKLS0tIHlhWjlqTkk5VDljd3ltN2N5Wmw1
RThUeXpJVU5ML2hWYTNGVkVJRGxSZ1EKtFu7YfzfIn1Tx+HOwgJ94Wu35Jchc4Fn
5pZXIdq0EP3vEZEBSCsg3EghQeT8gUup+sL5/TRKPSQoVZ+5kioO+g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBudVlvOWl2Wjg4WWE5T1FP
T1J2THJwVGpQNnNGQXozdzBxYW5zQnBGZHhjCndISms4YTJRWVBjOVRBeHU4MytQ
MnFuNmRCZ0FkZHh3YVZ4b1d5SENyRHMKLS0tIHFvM2lZTkZ0YWw5TldaOFpvYXY4
eTVubUhPelRaeFpmYzBUNGpsQmg4RE0KuyUICiRpoXbxones3rX8GEl91WGwm9bc
evs02ctVpkJVKz/v7vYQE7x30QU9jJeHRFiJ8PqFaqdrJG/mHE62Kw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1uvm732gdzuq2v2m97tw5gxerztw6ad3452xrpq5y9ggvg62x7fqse4pzly
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1UnEyS2xKMjBxeEJsaE8y
UEhZNmtlNTJZOHA4ZWJTK1pzRGppYmNsOUZFCklQU21ENFFXQzR6WnFkeXhwWVhY
U1lNRGluWmQ1VkdodWkxWVVDbTBVY0EKLS0tIHUrUVZOcDdpSXBvWTdSSmZkc0lU
aW1HL3RuNmdVa1lqN3RIRmQzZ0xZQ1kKya/26zZcXlu1qvf5AH85ghTruXPBiXq1
37WCunPqyYpRAOLdL0ui88o5vHHDUahByjw4toXOjd1/xDCKhIWeww==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUdFF3cmJ5b3Z2a1Z0RWFp
WStzS2NXTjB5dTBveG5ZL2oyM09VbU5ZZ1RFCmZPbVpQREQyVG90cWYxbHhzSWdz
SUZ0VURKUFdqb3YrdytQOCsyZUt1bU0KLS0tIGkrN0VIcHZoVGw5MzZ1S0ZQbDVU
dHAxblpSRDlsM2MxWGU4MUhhN2c5eEkK4dHzfOfmmc9o3G7Qy3iUFnQKJFLH/dXr
h+lu/AwDMJTggLEIr/BjPPEyP08fW5mp2Fajyz0WHdoCfBbwDDkP+Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1td7hkcms0fmrt438ta2kmxxfmp0lget6gdae7me60apprll543sqr525jy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhOFMyWDlwYW9oc1gvd2Zu
RmtSdmNTMEJxUU1PMGYzc0Z3RlZvWkhiOVdvCkFTdmVWcEZlSUlCdDJ1Y3NnOVVt
SW50dmhlWGJjZHVPS1pjdTY0dDF2QjgKLS0tIFhmc3ZCSUZ3U0JnUm1ScHphTmFD
amtuMFQrRTlxbFltc3VnczI5K1UvMzgKL1twkq/a+I3Y6awRkp4y5sEW1YtBJwYn
9n78AQplcygdwlG6vhaVVpjCiBk7kAvlN5I6BOmpZhdyYMc6B3rzww==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKbTdSbjRObDhodUJUWWRF
NnRybGdQOXhvbVRIcXQzZUpJNjVtYlIzaXk4ClNtTWo2MVhtUlQ2SCtFZGxUYkts
Mk91OHVPM2cwcEZhVDdMYjhOM0pZRm8KLS0tIGdIU0VqMy9yOWtza00wZStIN0Nr
S1d0NThiODROQTl1L2c5eWxiVVV5MkEK4KnaEaE/ZPHLYp+So20Yxll0y9CB5GvV
cRJRbsQ9UKs/uc0AM4E0CjapCSA9bS1oUtpGO0fH/bxY2yRHSNe8yg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1a4uumamqg8248ntjjl088ppq7m75p6zyhu5r8yyaqjvvk5yjpuksqspeea
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3OGtyVTh2S2ZodGo1ajlC
TnFuVUY5K2MxRmxnN1lQTXdPcThYL0tITGo4Ck5xYk9Ud054bzVpR05OLzN5UWg4
R3JiY1NidUFEYW55dFhOSjArazRVR1EKLS0tIElMd2pmTXhva1Z2N2lIQkdlTVRs
elkrTDZvVEVPT0czN1Evc2RpN3I0TG8K97cBCYmx0CrH2cKdtTILB0xQ0oT611Ny
/BIipRCf7fCBEs0WseWQ0MC1wv5X58U6NflIFGjq9kxzMpo/QfVSpQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsVGNpSitPSC8zOEw5SzBO
U0VKcE1YQzU5a0tWOXRYSk9NQ2NURG00RWlvCmRtYmtubzdOQjBvRkwrZXduWmht
RDYxTlVrWkFUYUZIWUpGWjh3NXdHL28KLS0tIDRyaWdBK2liTGprUnhWUEJqOGwz
NkxaSkdxVVNBL25mWms3UWlYWU1oWDgKLx+XCMJ52qirR1zedW8QTbM5xCmieEfY
YMNxT/WUP1kKqxNf9d+aq6hnsRowdLhihEqNdNym/VBhXOBCHWgquA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mntfkg0jyv698z8kg6mlq8mr72ecpyt0dmn8y0skux9r26km4uzsge8h9q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXWlVQWVd2MG9oUDgvQS92
Y2hIWUFMOWZVUUtZMkY3T0RsSWoxNjBNa0ZvCkpzVWRFbm1VZDFiWjFwUytlNEQ1
S202VkxWdTJIMVJUbGc5d1dwQ2FPZTQKLS0tIGdCT3YvUkVFZi9kUnk2bXBoU3pL
czhqY2JVRFIyZlBLTERhaXliM0RiQTAKQORkmwgDZ/t5HKG+K4Jkwv8QRSEngVoo
loGmutQm1o1oCKR7nwgR9KY+ZU+1AH65xMWdunSPMc6qx+0/eoUUBA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2RW9tazVVSDZNTDNFSnFV
c2dvSWlCcHd0KzF4UHVFaVdaeGpZVEFna3lFCkNXRVNiUGF3OHJHa3hhSk93WTJH
UEpWNms5eHRtQ0dNeUlFOTZlK2ZMNlEKLS0tIGVYK1VHc29keGtmRlVaeFlKWUt4
Vkw4Mk5TUktFaUp1Qk5RQ0dCZTEyclkK8jWCSSPRRGUgVzwv3Henod4q8RoBHqy+
9BgmSpVrdlbikMBTS3u9TOO+iqwvx0n1rVle3cr4RX5A24je+OCs+A==
-----END AGE ENCRYPTED FILE-----
- recipient: age17j2dw9kdpqntanmk9ndfw3gfu2cld22teuwzfuhnu8j7xpm2yf5se8d2f7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2eTBiU2EvZDZrSDc5WExO
NkxtelQralcwMyswUm5xMHFuZjRUeUlvMGgwCmJJMXJJbU42dHNrbFZzMlhwWVBp
QittRVJ6STQ5dDdXYnY0RFJZQ1RWN0kKLS0tIHJwQ0FQSGlHVk5HeGprZGhSWUgx
MSs2R044a3pYclpJMDUvNEVWUFBzRG8K+UheawNxnnXFodHOfnaE8QT9udQKPHfw
4p7W6mHRpwxKNapLTkYOP+oZDB2mInMQHnbCXuL2xm2kg+Juf/UYkw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHZUZZWWJaMWRoL2hSMlAx
QS90MVVOMHN3S2ZRcGF3RlFaWk9HUTJJQ3pzClYvT2x3aDQ3YnE5ejN5cnlpWFQz
UlZuOFBzdTRXeHh3bC9McmhUM3dtWTQKLS0tIGpqSUQ5bjM5aW1FalNoRlIrZ2lJ
OWVJT2hTR2dqbXlUbXBoUVlwNHFxb1kKXxHixvLBwyamnsFE5RHd+SJf2CfYo4tu
qLasQ3HThxExEzGuf+jtnaVQQQzHNM/7EX2DCEJW6esqBHu+y6URCQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hfg2qhhgkun0jz3ez383slf3ruldxyhvcr4488nuhn6vuuaje4rqhp0h96
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAva01lV2pmc25SaVFwOUJW
d2dqd3dUWlJ4a0ptR0cvTmhiaGRSWVhWN2xnCldzNWNXU0ZGS3MwY0RjMXpoRnRJ
N2JTWUNITGs3SngrRDNDSnY4bW5nT3cKLS0tIG1EOGNqSGsvQXRKVDRIL211T0h1
YjFFclhPVCtTNkljV0JjOUszazdGT1kKlHYPI6OwRsEYfiwAz2iiC1v2CO6/3yrT
4exDuDz1o7w68FPOcbWpB1CAhoMwg9H0Uqe3su4E/MCOLdItZSgvHw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwN2x4czNHYWdMWWJ5MC8r
ZXAzZXZueDNlOE5qVkY1QjlrdE15ck9sandNCkIzazB5MGxndDJOdEFXaXBCaXJs
VXJpVTNGMEp6eVFIMDh3M2VVWFVTaUEKLS0tIG5USmZSVDViMUlVWHNXOWRnSGh1
Q1NPeHBVZ2kxRWl0SGkwdWljUHNicTAK2JBEKZcU/Yn0oAWCQ1dTPTPJG6ENgT8F
sEpeUwMuQ/nHWLrkQ/ZavJ34WwDKmZ75dObhLZ5VeBcJFl+3Lq28pA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1n84nrpcndeduskpx7psc5p3758vcp8ynme5qacdergyrkhhtremsdewm8g
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSQjlJTlZyYktwaTVmOERD
SFNhc3RvS2VRYTRpWU0yMlJ0bFd3ZWd2WWtRCm1PUUVBeWtBSU9Hb3pIbEJBY2s0
VlJlMGZOcjc5Q05JTnZMYmh2bmlrM3cKLS0tIDBqcFg3K1pvK3pJcnlHVGQzWXV4
ZUQ3U0pKenRMci9tT2I1RUpZSktoWm8Kc/bv3LPYQDLlox1/N6m0SpdayzThiruy
r1O2R4K6UZ33BHQVVWP2dBiBpcazblt7yXQnIrU3tZmK4fhJRV5qJw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuc1B1aFZneGQ5dnhsczU4
Z3pmd1p1d1ZVMHZUcitDQ3V0bVVqbW40OWp3CmdacEtVUW9VeU4yRXAyNWhnSnlQ
Yjl0Zm1PNXdUdHdJd056Zzg5ZnJOWE0KLS0tIHZxNXZaaUprRVZTNmlHK1lNNDJK
S2RvWTZOek8yRG9WanZwak5IMTZwYjQKQkCC/f1w3a7mGBgY099ZIZWFwYh3/NFm
JSY6INN6AugLMNWo4SpkHtTluXjA7A7fK7n8wjTIRfhV2i0WOytn1w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1w0gxlxdt4p63ggundtdwvhar4kgkl5z09vmxxdg2r94f8hugsegq6nx2gw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvc1Mva0dHZ2xMYS9YQ093
WnIvc0Rsa2czNU54U21uLzZrTlBuMEhoTVhzCmVkeTZkc2d6STFLaTJJbXhPd1lh
NWRoczIzWlNsSG8yOEVMVEVLOUZleGsKLS0tIGNzOHA3S3dKN29uMTl4bXgvd3JM
aXVheUlzK3prQWR5bytPcmlWSC9qOFEKmLiEcU0rCyi7HnBlgG/WZESnqC8erjKa
jNXj+pFjHW8bq6DlC8lclufntBiu7GYyX73SAE3Tpa9vMTyooGlv0g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-01T20:34:19Z"
mac: ENC[AES256_GCM,data:wYCBK7exvPP6bEa84InCly3FZDYuvtzzA16kYhMs6cmbKgNPfsaIDyiRmabAcB2y4S69wW7E220PSpTollvJEy7y9ZuQuSED6VskobPg7eXxaEXKpcgzIPOD2L+W6EL7bYogi6x0YpBJuvu+ONSUJuCuOT9PwCCXiOIFy/ZTw4I=,iv:mNCUnjJnVXLrjfLu48eH0FiKQveK2OdYln+uCcY308c=,tag:dEMGpAxXtAVRpdRMEqLMZA==,type:str]
Expand Down

0 comments on commit 21a21ae

Please sign in to comment.