Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

help

Browse Source
This commit is contained in:
Nathan
2026-01-04 16:33:14 -06:00
parent e4e6db94aa
commit cc834fd85d
5 changed files with 10 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.sops.yaml
View File

@@ -25,7 +25,7 @@ creation_rules:
- *laptop - *laptop
- *homebox - *homebox
- *android - *android
- path_regex: system-config/secrets.yaml$ - path_regex: system/secrets.yaml$
key_groups: key_groups:
- age: - age:
- *laptop - *laptop

28
machines/laptop/.sops.yaml
View File

@@ -1,33 +1,7 @@
keys: keys:
- &homebox age1640eg0pnmkruc89m5xguz0m8fek44fl4tzez6qwuzlz6kmapqewsp8esxd
- &laptop age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q - &laptop age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
- &android age12pnf36uqesjmy3e0lythfnpwam3zg5mv8m936fc4jphy4ces2fdqwn0s74
creation_rules: creation_rules:
- path_regex: homebox/secrets.yaml$ - path_regex: ^secrets.yaml$
key_groups:
- age:
- *homebox
- path_regex: laptop/secrets.yaml$
key_groups: key_groups:
- age: - age:
- *laptop - *laptop
- path_regex: pi4/secrets.yaml$
key_groups:
- age:
- *laptop
- path_regex: live/secrets.yaml$
key_groups:
- age:
- *laptop
- path_regex: nathan/secrets.yaml$
key_groups:
- age:
- *laptop
- *homebox
- *android
- path_regex: system-config/secrets.yaml$
key_groups:
- age:
- *laptop
- *homebox
- *android

37
system/default.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, modulesPath, ... }: { { config, lib, nixpkgs, ... }: {
imports = [ imports = [
./services ./services
@@ -28,41 +28,10 @@
config = { config = {
sops.secrets = (if config.sysconfig.remoteBuildHost then (
builtins.listToAttrs
(builtins.map
(y: {
name = "remoteBuildClientKeys/${y}";
value = {
format = "yaml";
sopsFile = ./secrets.yaml;
};
})
(builtins.partition
(z: let
cfg = if
((builtins.readDir ./configuration).${z} == "directory")
then (import ./configuration/${z} {
config = {};
inherit lib pkgs inputs modulesPath;
}).config
else null;
test = if cfg == null then false
else if !(cfg ? sysconfig) then false
else if !(cfg.sysconfig ? remoteBuildClient) then false
else cfg.sysconfig.remoteBuildClient;
in test)
(builtins.attrNames (builtins.readDir ./configuration))
).right
)
) else {}) // {
"remoteBuildKey" = lib.mkIf config.sysconfig.remoteBuildClient {};
};
networking.hostName = lib.mkDefault config.sysconfig.host; networking.hostName = lib.mkDefault config.sysconfig.host;
nix = { nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; nixPath = [ "nixpkgs=${nixpkgs}" ];
channel.enable = false; channel.enable = false;
settings = { settings = {
experimental-features = [ "nix-command" "flakes" ]; experimental-features = [ "nix-command" "flakes" ];
@@ -73,7 +42,7 @@
distributedBuilds = config.sysconfig.remoteBuildClient; distributedBuilds = config.sysconfig.remoteBuildClient;
buildMachines = lib.mkIf config.sysconfig.remoteBuildClient [ buildMachines = lib.mkIf config.sysconfig.remoteBuildClient [
{ {
hostName = "blunkall.us"; hostName = "esotericbytes.com";
sshUser = "remote-builder"; sshUser = "remote-builder";
sshKey = config.sops.secrets."remoteBuildKey".path; sshKey = config.sops.secrets."remoteBuildKey".path;
supportedFeatures = [ supportedFeatures = [

6
system/profiles/laptop/default.nix
View File

@@ -1,11 +1,11 @@
{ config, pkgs, lib, inputs, ... }: { config, pkgs, lib, home-manager, sops-nix, ... }:
{ {
imports = [ imports = [
inputs.home-manager.nixosModules.default home-manager.nixosModules.default
inputs.sops-nix.nixosModules.sops sops-nix.nixosModules.sops
]; ];
config = { config = {

4
system/users/nathan/home-manager/programs/git/default.nix
View File

@@ -32,9 +32,9 @@
defaultBranch = "master"; defaultBranch = "master";
}; };
url = { url = {
"ssh://gitea@gitea.blunkall.us/" = { "ssh://gitea@esotericbytes.com/" = {
insteadOf = [ insteadOf = [
"blunkall:" "server:"
]; ];
}; };
}; };