diff --git a/.sops.yaml b/.sops.yaml index 80c1453..a881e9b 100755 --- a/.sops.yaml +++ b/.sops.yaml @@ -6,7 +6,7 @@ keys: - &desktop age1jv8ap5zwa49ftv0gg7wqf5ps0e68uuwxe2fekjsn0zkyql964unqyc58rf - &admin age1pm3fehmmk0vmnrscz9vm96rakn46aaldr5ydpscmde3v9x0k3faswwdzxs - &jallen-nas age1mn2afyp9my7y7hcyzum0wdwt49zufnkt8swnyy8pj30cwzs4zvgsthj0lt - - &pi4 age10srypda0fzsevtklch3kqkpuytm4k4wpgheqej4u9grye32wactsn30m46 + - &pi4 age1ykkjw57t3z3deup3gtp7dujyaslskn74e0d9hsmqaha2pj3rvazqgndw5a - &pi5 age1t2d5scrukk0guva5sr97a8tge5j8kd865adezrcru7p269pzwvpsamkgje creation_rules: - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ @@ -19,4 +19,4 @@ creation_rules: - *admin - *jallen-nas - *pi4 - - *pi5 \ No newline at end of file + - *pi5 diff --git a/hosts/pi4/adguard.nix b/hosts/pi4/adguard.nix index 16b85fb..099594e 100644 --- a/hosts/pi4/adguard.nix +++ b/hosts/pi4/adguard.nix @@ -5,6 +5,7 @@ openFirewall = true; mutableSettings = true; settings = { + http.address = "0.0.0.0:0"; users = [ { name = "mjallen"; diff --git a/hosts/pi4/boot.nix b/hosts/pi4/boot.nix index fa9eb16..e289c43 100755 --- a/hosts/pi4/boot.nix +++ b/hosts/pi4/boot.nix @@ -10,6 +10,11 @@ in }; plymouth.enable = true; kernelPackages = pkgs.linuxPackages_latest; + initrd.postDeviceCommands = '' + echo "Running pre-boot fs resize" + /sbin/e2fsck -f /dev/mmcblk1p3 + /sbin/resize2fs /dev/mmcblk1p3 + ''; }; # hardware.raspberry-pi.config = { diff --git a/hosts/pi4/configuration.nix b/hosts/pi4/configuration.nix index c2901f2..207335e 100755 --- a/hosts/pi4/configuration.nix +++ b/hosts/pi4/configuration.nix @@ -5,7 +5,7 @@ { config, lib, pkgs, ... }: let user = "matt"; -# password = config.sops.secrets."desktop/matt_password".path; + password = config.sops.secrets."desktop/matt_password".path; # kernelBundle = pkgs.linuxAndFirmware.v6_6_31; in { @@ -79,8 +79,7 @@ in mutableUsers = false; users."${user}" = { isNormalUser = true; - # hashedPasswordFile = password; - password = "BogieDudie1"; + hashedPasswordFile = password; extraGroups = [ "wheel" "docker" diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index ae76c8e..3714519 100755 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -94,81 +94,84 @@ secureboot: pi5: sys-public-key: ENC[AES256_GCM,data:CcmAv55Rz6E5T8hJ7iFknq5R0H86QGpQXNEFaNIcvJc/Re0wCS7NsfDkNGAgiUgDVpUB922LjizJ3s1rjeMx+YJsqU/mnTdm4ZrBg26is4K+Zn/MZ6jc6+4=,iv:RZCIMe8nPRjC1LBM36lofvNH6y4KtO9Q28L5BohFjpM=,tag:AV6CGsQ0vIKkTODGkfMRmg==,type:str] sys-priv-key: ENC[AES256_GCM,data:e8lJEHhv6OBU8epLjaFjIgV9odb6TI6ssdRUN1hqPmkdBxcG8i21Rz+yRLf8lrOzuUBLwrg7fw0qN+A809t99SeGRd6kBIfB8dSNW3LxiKTR8kkoLFH14hv66K8Gzy+g8CYH3rzTHcYEMG0V13sFFWSfvZvdwj7CLZakZ0iDWBaPCnU9Em6SwfKeboeaXVM6IKSgKdOG5TJXBACAySVbMDAlZKli3vdNpUFPFji/MvChHmpohz2Lt7oHXB8RWGqXztUSg7HIPur5lKqU6eiXlFdgfnDIB5o3e1aTS70UkXzyCiQ5tMDr96/mWKqKd1lwVAHcxRgLA9uILFZXaIH4RQcgTAQ+KD9UpJgX8shWTVfY5iS7CmTQEXhbVltKG30rMQZfnrUOyk/9Ex8JoHIsxOcaEsnNExpMVY8zWVGnifJ1pT0luUSfZYi2+rU2mLqoy0jjW7B7RRzXORMvRsRnr/w+Gp/BwMDKI68ox5wWviHpaz11h/e/2O/8ksjQVmTtMbWEc4soP7VjZUm1HtG7,iv:gwJrwMCtjIaoE/2rL/sYhYxeAVJFEyBDWgsei7YjX60=,tag:KTJEn/zDOGmOn1Dob8IfoQ==,type:str] +pi4: + sys-public-key: ENC[AES256_GCM,data:OJYVHTSVoMWP7BKJUPi6AHw504QpMVHwCDW/SJtchxhGj22LnnFEGGL5pYvM48tM0PZbr2IvUYMRaGl/wPT6ZGnoeaA2aDpnlaN2YOLms9VSDYfdeKd4z24=,iv:tSP9bcjKQXvErWWryX+ZGM9gvns2Qu2rnoyiCBXs43M=,tag:U8ggYsVx9ofURiUmUHTUUQ==,type:str] + sys-priv-key: ENC[AES256_GCM,data:5PU1tRru3XaemDX7FbxL4UsLl4URyvtupuIwMKJEE8y+tLEz0J/O7OInfEuDitFMqRs/wWIDPHnQUcPBO9UuvJ3asQP9oUTNTS1NARl9H2d/v8QKSoArD15YhzORrWByaqAUSsmecTI1HEYYyhILXzgCkn3eLyFve+FbO1DLBfX9MKU9K9RIEoehfvpwPmlXxT9wrKbVpavP4Xvx96cOK9xvFz3MgzqgQ7T46kekDniDpS48g2guw+QB8brjF+qbfIPsUDpQwkpgg2NOOfyydGwV/lcjXcLW9+cHGIrXU9gINJGk5krX7pfUyHH9Ilw+tgUSBKN/Jm4tflGs3qdS/o6leDk1BC1CekqbATsvyQMkjrBdTWmzxfAMe0yKHNQSKtFdSsqFZAzKfcpkUI/ESKgRmhEpJuIID9tn+Mrte9qcTdD50JyVmem3NSoret/4MzsWXRXQ19OG3G18uB0zWPhfFBX49yW24nwuDlKJ1vr3wflvjyX4NL70lw8XGMgdzVX0gPGT7YB6axE4AftW,iv:fJs9GJkntWVzwMYOKHT0V/lc8tc6L0tQOjCT7CPfpFg=,tag:xeg6yT5svSXJm1I48Zh8PA==,type:str] sops: age: - recipient: age157jemphjzg6zmk373vpccuguyw6e75qnkqmz8pcnn2yue85p939swqqhy0 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVYUhQNzl5N3lIMmczUzVi - Z0tDNWQ0YUd0QjFHMFNuamdBb3NyTjM3TVZjCmVQckVqZkZKL0RVQjk4a1pJRjFF - bkhZQ0dLa0pxWGt1eC8vKzQ3WGZ6WkEKLS0tIDUxR0hVdlVvUXk1bXdCSzd5SC9T - Y2ExLzFUa201Q1VSNUJ0WGlNc0gxSWMKW5LDShnlB2Sa5/85UrThPffulV6KF5hq - x1/lXQWL5HsaG2UOeXcDakcu346LTpscQQB99HFiwJLI1iNsqMGFeQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxRFQyQWVDYnd6MlNHUU83 + SUlvQ05FZDBMNmxRdkZpMS9vN1E1S0w1TW1ZCnN2Mm16Vyt0ZzRTQmhGbUNZeDNW + eDcwa0FtQlQvYkc0UUVybnpyWHN6Tk0KLS0tIFR0SHByc3BoVzI3QmJKT1dINjBN + ZXRoeS9TUGZDSzIzYy9qdHRXUWN6TVkK/BWAbun7pwW9dqKQ7SuTyRlri6ttBlR4 + j6kovkyqLNPdcZCZ8Sgxqo7RGdCHFmkmjms06tsfjFNxrNMySIbdhQ== -----END AGE ENCRYPTED FILE----- - recipient: age13g9a4d4jrvckfddpgn8sm4kjtzajr67le56pfdg78ktr5pd09phq32j89u enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXemdidGpONGp4dzZtaE9M - SnpZeDBvWUxCUVV6S2dJaW9FZGgzaHhlSVhnCnVOOVVvaWpXT0FUdmVNZWEwa2VP - K21idUpRNGdOc1VpdEZySjBqY2xkbFUKLS0tIGNnUXVrdjR6MXhMU0R6R3A5ME9R - bk1oeUtWb0tTeEJQdm9jYWVVWXFlL28KwEst/2GD4LfHb93gL5bo4GQM5K+/PxrL - 9ot+jI4R9UU0RBRoN73su4noYeciuCLz/BfytabaJClV0Qd8dW6x7g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCcU5lbUMzU04wZUNaUkph + QjdtUHRsK0VqNU1WT3Zja1Avdlk4UTQrWHlRCkYwRXMySHBJRVhycGF3N2dzSTB0 + RVl5enpxZE1sSnBxTm5jR3dXRk8xNVEKLS0tIFdZOGNQZHJnTWM2VTJ3MjNkTi9m + eFFId1B4Q0FXWWxaM3lXcnF0ZWFLSzgKj1mt6ogp+c81mQPK+j0wvD+7YdHxxixB + uWOHd8zNTFIruRfOU9sYf7Ghwahbag2MWdRyH4ytRjgM5qxct2MPKg== -----END AGE ENCRYPTED FILE----- - recipient: age1wpvfpv5n32lruk7c0da4uaeapsmhjxdvg8z4ljehn06l6g2y0e0sum404l enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwUExDaW9zVG5sbDc0RlBR - Q0xLS25TQlJ3WFNrRjlZU1dZM2FNY0ZOYXdVCm11bUlmMDFnMmVrbjFkTGRkTURk - L1hmV3czYmJwQm5RWHlTUnRTaVljd2MKLS0tIEU4OElyTW9IT3dNbjUzeUZYcTVs - Q0RuTXRpT25BWWlHcFpKRTMyc2lvZm8KCZbn37Gv1Bji2NGnXnf5ulZ/iIepKxgk - 2VUiIeHuMrbni1iuPMcGH2tZ6WgZ2bLHcyJHrTvWYoQ2xHFwouQqAg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQQmo4aWU4SGlBZWZ4Ynpm + YVNydHRjNmJVR0R6SnNIK0szWXFGUmJTeEhRCjZIU1htVGQxTFp2bGZHeFpzSlJL + elhwVUhIZjEvT1Q0aUtjbU15ZGU5S2cKLS0tIHE4SmR4Mm9jM0ROcnF5Wnl6MWpP + azFoc0h3U1dNa3Z6ZU5FdXE3UVZYSzAK4Ge42ceCmP0PA8cSJRp7bRTb5iLA/TWN + Z4cD8Azdn1Xx9HYZJ+T7cLmqXzi5as2p4nf7O7y+UV5KI1+VV/oboQ== -----END AGE ENCRYPTED FILE----- - recipient: age1jv8ap5zwa49ftv0gg7wqf5ps0e68uuwxe2fekjsn0zkyql964unqyc58rf enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1M3RmbmY3OWJlVEFWYjNO - ZjFUWXFUakNqWTh4Z1RFRG1xaXJXSlY4SzFZCmF1WU9IaGY2UEI5LzE2N3lLRURR - U3kwREdrZEMzWEdGTXdCLzZ3SjNVTUUKLS0tIENBMlBYOU5NU0xXVko3SlNzc3V3 - VXRlRVIzK05MVW0vSG1hdlpaZGVJQjAKnrBNT1z6LN3lDqzGZ0oY4kEoE+gtivc9 - UQ7RTWLYNDiiDK046/23S3wh7Z7RdktaZvRPCjgFzJuNEywbQBstdQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1K2Y0QzFxdWg2N3lDNVYz + TzZ2WTRBMjRFWjUxOHhjTUZNQW4vQ29aZmdjCnhTb2J3RDlsbmNGWmRzYlFueFpB + NDJXMC9aRXVrcVAzeG56S0hEVGgrQVEKLS0tIHlMZ0NkdzNYNURYbGtrK0Ywb05W + b3dweDR6b3pHUGxNTUZJTnluVXkwTDgKbIUMRg2OuEhlJNLDHZHHnCydMWiUaDbG + noSFkVPlb51LKU1kge5Vo6xGAul3tH0CAww/5kG60LbHKeQS76onQQ== -----END AGE ENCRYPTED FILE----- - recipient: age1pm3fehmmk0vmnrscz9vm96rakn46aaldr5ydpscmde3v9x0k3faswwdzxs enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6d1NyQWYvR3haZHhIMVBD - ZE1FTnpvMVZBQm9KQXIreHBHYVV2YWlFeDNFCkVhYVNHR0xZNERXcHVkdFRvMmxo - THFVTFNkOFR5OE5PRnRibG0vTjROUjAKLS0tIEIvalMvNndBSS91OGFIRUlBNFZO - a0Q5ZjFuQUR0TzRaRGZqeVJTTHAvelkKmIpnxBND+2rTS+BR5wuXWT5NBmRTLyKN - QHAusfHzOlbRXqQt6AQKqng4lrN6zgIH9NDeUl5gH/FirfD7FnniCg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMVHprYzlFVWc4RWhDdnlr + ampReXFFZGduOCtiV0FGT3YzVVFWaGhGMFZFCm85aXBWM0JvSnU0WEJmb0xkQ2Yx + Qm5NYUViMzhWVFJFcGhKYmoyWUJsV28KLS0tIEQyRFlhMGVLUGhZTi9rRUNCWExQ + T2MrTGVmTjhSVDVibHg1L084VFIydVUKibkSm36F2eXo3h7Naj7+h3rMVn8vfJns + 1j9B4eWi7nh/B0INK8Si6mgSTAx/3sOUw+OWHjG1y1GAA1xF+bEJ1A== -----END AGE ENCRYPTED FILE----- - recipient: age1mn2afyp9my7y7hcyzum0wdwt49zufnkt8swnyy8pj30cwzs4zvgsthj0lt enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTWFBqR3dHVGJzREo1NkxY - aUNYUzBqSG5pZ21DN1g1UXVwWFJ4cXErL2tNCjNtRXlZd0NzS1NJdDg1TUV3eTBF - djdCa1ZMaVk3cTQ1a1lPR1duZ1NsWWMKLS0tIEpFRXprOUhNdFBsdWUvSVl5bzRr - M2xQSlVjenFxUCtneDVpL3FuMzJJalUK6RZMir4cfc1Qd9H9uCChKB5UqF+6xeOm - eA7r5gUFfm6mzU26erfu7rf8kM93b1bXn92ZGT5ZGz2AKbmtNRF0MQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaWWkwTjdzZ2N1cEFHWmV6 + Ukk5dnBaalA2SkJ2SzVrcHlIdWFUQ3dtUEJJClIzandJcktkZ3VIZXRQblBja1p1 + TWtVbmtJSWl0dmpFa2RIQmdkclVuOE0KLS0tIElrc05tNGY1dndIUlJmZXlkbmZF + a1dnR1ZCTHEzbUljdVl3QXBaTThPVHMKi4rHbmK9mhmTuCvuM1HidnR9hU1ykncc + 5etozYpcyaPLELZr29zPlCIMnlPW12blz2kGA1qlKdoKm1PIIQ0Pdw== -----END AGE ENCRYPTED FILE----- - - recipient: age10srypda0fzsevtklch3kqkpuytm4k4wpgheqej4u9grye32wactsn30m46 + - recipient: age1ykkjw57t3z3deup3gtp7dujyaslskn74e0d9hsmqaha2pj3rvazqgndw5a enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUTDdiODM4Mzk2aTFqV1VL - Rmdmc2F4dzFSQVNvWWdRa1VRaEhoUVQ1RW5nCjgwTGpuRDdBc0EyQ3Frd2FSMENp - dVQwOHg2RFV0SitkQ1dkSW9oOVhXc2sKLS0tIHpkTWlmVCs0czBsQUUvOUxyWnpQ - eHVLVlVGVXY4Z3lzNEVJYVB0eFl5OVUKiD7uoWbhTADBb/i67qfx6jJac03q4B+W - Te/ranpo9MSmXXxkDPfn+/j6PLzfD9yFoqW3vgebm7DDKu/G8/G8mQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpdFVhVHk1Q2ZFS3d5SFN4 + SWxRdUxXQTZQdWRnMDhVK2RqOW5Xd0dnZUFNCmNTdzF4clMrRitIZFRMOGZFaXdB + VXJDZTNKZ2tKOThveGRzYnY0UGFwZEEKLS0tIFlwdnNJa0gwYU9GWnBvYndhVTFD + bWRNcnVCMWJFa2VUbmxtMGFPcWpDVTQKwdJJA/5Ko5dXEbP2sUJbjOddIkYs6G4L + CURKzdVmfvXu1nvJ4C+jDXnZ9YZNv7iTQRrhOnK2a6j4HEd/lQUD9Q== -----END AGE ENCRYPTED FILE----- - recipient: age1t2d5scrukk0guva5sr97a8tge5j8kd865adezrcru7p269pzwvpsamkgje enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBualNwWm9ERGFBUlJLZFRn - dlVDc1Foekgxczd0R1hjRVRDWWxEeURFU1NBCkRzVWRRa2xndXNHNGtCOCtqTnNB - dVBiaW10bWtQcmhEMjFMZTNPM3RGZTgKLS0tIERzWVN4dWdFcFQyUkRqcVJTeXM0 - bjVLYWpRSWNwRVd3MTFJVFYxYkVOQkUKIF5fIQ5BLXf1ixaryZ4ZpPWf7CHvXa0w - T7SxgCGTCQDGlNp+JxMNAvAQe1O4Q1gDb11Qk5Bn5QntDiC3UT15wQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBETkZVVGxHcUlaZnBoZGxH + YkNjQVEwZ3JxTEp3dG5lUlRJUFNGRitQRXo4CkR3NG83MlY5SGhQNkhFaFVjWWR1 + M0V0MkxOU0hod0luQ1B0YlEvWml4UTQKLS0tIHVyL09mWjE1MEcyczQ0OGp3WXYv + TkdNc25CSGVkSmJsZW0xc0hRK05SV1kK9kKvR2slhnKAUUQcQ/3mJ79PfrrTLyfL + IuEG3xwGQvwIISdSM5KOFEVYLe98N1+W3GYRPwqGTac8MG+vyXlirw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-05-09T19:58:46Z" - mac: ENC[AES256_GCM,data:LSBrwGKnxEHPoJ4aCd9ocmwJ7V7kdlNNCF/9TC/W8DVHhuyL2EHJXGHdhd9iaZDE+ENkOig0EO4q92ezB5WMpMMl4bnUOtwj0WWfElPq5bdDQUWsrLlhFS9H1yXWhlsI4Mm4w56hNaWJhjISFW0wZXeZvvAoiFI5Fm1/jvl/Pas=,iv:YpYT1MNb/Yfw2Nnb61O9751MNR38/aYaUR75a0HUPF0=,tag:v8bJ81fPAU7/5eYLwZyMgg==,type:str] + lastmodified: "2025-05-18T21:41:04Z" + mac: ENC[AES256_GCM,data:2Zi6E+d5zDxrMG13/xfXSncdkK5jstL/6H6aq8TXpllXtCh5LltwEFW0UuSGAexid42t+VsfFS2QeVtrUGl5tNeRGoPfiQbgspsQvJ1UBDqIktF+ZAGzdBolzsofzgwC/z/wThgXJsUK/SHaSBvf97Hhv/lZfzbbi68LgkQBhI0=,iv:48SjZ4d16KJ2BVHD17afmGBViuLvfzPoUxqa+SngxII=,tag:4uE4hp5HHmsi1uz32JUYgw==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2