stuff

2025-05-30 19:53:06 -05:00
parent 248d6f4f20
commit a15815a8cb
6 changed files with 56 additions and 36 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -36,6 +36,8 @@ creation_rules:
    - age:
      - *matt
      - *desktop
+      - *admin
+      - *jallen-nas
  - path_regex: steamdeck-secrets/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - age:
@@ -43,6 +45,8 @@ creation_rules:
      - *desktop
      - *deck
      - *steamdeck
+      - *admin
+      - *jallen-nas
  - path_regex: pi4-secrets/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - age:
--- a/hosts/nas/hardware-configuration.nix
+++ b/hosts/nas/hardware-configuration.nix
@@ -28,7 +28,7 @@
    fsType = "tmpfs";
    options = [
      "defaults"
-      "size=256G"
+      "size=25%"
      "mode=755"
    ];
  };
--- a/hosts/nas/nix-serve.nix
+++ b/hosts/nas/nix-serve.nix
@@ -138,4 +138,16 @@
      RandomizedDelaySec = "1h";  # Spread load
    };
  };
+
+  nix.settings.builders-use-substitutes = true;
+  nix.distributedBuilds = true;
+  nix.buildMachines = [
+    {
+      hostName = "pi5.local";
+      system = "aarch64-linux";
+      maxJobs = 4;
+      sshUser = "matt";
+      supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
+    }
+  ];
 }
--- a/hosts/nas/sops.nix
+++ b/hosts/nas/sops.nix
@@ -62,7 +62,7 @@ in
      "ssh-keys-private/jallen-nas-root" = {
        sopsFile = ../../secrets/secrets.yaml;
        path = "/root/.ssh/id_ed25519";
-        mode = "0640";
+        mode = "0600";
      };

      # ------------------------------
--- a/hosts/pi4/sops.nix
+++ b/hosts/pi4/sops.nix
@@ -5,7 +5,11 @@ in
 {
  sops = {
    defaultSopsFile = ../../secrets/pi4-secrets.yaml;
-    age.keyFile = /home/matt/.config/sops/age/keys.txt;
+    # age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
+    age = {
+      generateKey = true;
+      sshKeyPaths = [ "/etc/ssd/ssh_host_ed25519_key" ];
+    };

    # ------------------------------
    # Secrets
--- a/test.sh
+++ b/test.sh
@@ -5,36 +5,36 @@
        git pull || echo "Warning: Could not pull latest changes"
      fi
      
-      echo "Starting build of matt-nixos at $(date)"
-    #   if nix flake update desktop-nixpkgs desktop-chaotic desktop-home-manager desktop-impermanence desktop-lanzaboote desktop-nixos-hardware desktop-sops-nix desktop-steam-rom-manager nixpkgs-unstable nixpkgs-stable nix-darwin; then
-    #     echo "matt-nixos flake updated successfully at $(date)"
+    #   echo "Starting build of matt-nixos at $(date)"
+    # #   if nix flake update desktop-nixpkgs desktop-chaotic desktop-home-manager desktop-impermanence desktop-lanzaboote desktop-nixos-hardware desktop-sops-nix desktop-steam-rom-manager nixpkgs-unstable nixpkgs-stable nix-darwin; then
+    # #     echo "matt-nixos flake updated successfully at $(date)"
+    # #   else
+    # #     echo "matt-nixos failed to build at $(date)"
+    # #   fi
+    #   if nix build .\#nixosConfigurations.matt-nixos.config.system.build.toplevel --no-link; then
+    #     echo "matt-nixos built successfully at $(date)"
+    #     # sudo -u admin -g jallen-nas git add .
+    #     # sudo -u admin -g jallen-nas git commit -m "Desktop Updates $(date)"
    #   else
    #     echo "matt-nixos failed to build at $(date)"
+    #     # sudo -u admin -g jallen-nas git reset --hard
    #   fi
-      if nix build .\#nixosConfigurations.matt-nixos.config.system.build.toplevel --no-link; then
-        echo "matt-nixos built successfully at $(date)"
-        git add .
-        git commit -m "Desktop Updates $(date)"
-      else
-        echo "matt-nixos failed to build at $(date)"
-        git reset --hard
-      fi
      
-      echo "Starting build of steamdeck at $(date)"
-    #   if nix flake update steamdeck-nixpkgs steamdeck-chaotic steamdeck-home-manager steamdeck-impermanence steamdeck-jovian steamdeck-lanzaboote steamdeck-nixos-hardware steamdeck-sops-nix steamdeck-steam-rom-manager; then
-    #     echo "steamdeck flake updated successfully at $(date)"
+    #   echo "Starting build of steamdeck at $(date)"
+    # #   if nix flake update steamdeck-nixpkgs steamdeck-chaotic steamdeck-home-manager steamdeck-impermanence steamdeck-jovian steamdeck-lanzaboote steamdeck-nixos-hardware steamdeck-sops-nix steamdeck-steam-rom-manager; then
+    # #     echo "steamdeck flake updated successfully at $(date)"
+    # #   else
+    # #     echo "steamdeck flake failed to update at $(date)"
+    # #     git reset --hard
+    # #   fi
+    #   if nix build .\#nixosConfigurations.steamdeck.config.system.build.toplevel --no-link; then
+    #     echo "steamdeck built successfully at $(date)"
+    #     # sudo -u admin -g jallen-nas git add .
+    #     # sudo -u admin -g jallen-nas git commit -m "Dteamdeck Updates $(date)"
    #   else
-    #     echo "steamdeck flake failed to update at $(date)"
-    #     git reset --hard
+    #     echo "steamdeck failed to build at $(date)"
+    #     # sudo -u admin -g jallen-nas git reset --hard
    #   fi
-      if nix build .\#nixosConfigurations.steamdeck.config.system.build.toplevel --no-link; then
-        echo "steamdeck built successfully at $(date)"
-        git add .
-        git commit -m "Dteamdeck Updates $(date)"
-      else
-        echo "steamdeck failed to build at $(date)"
-        git reset --hard
-      fi
      
      echo "Starting build of pi4 at $(date)"
    #   if nix flake update pi4-nixpkgs pi4-home-manager pi4-impermanence pi4-sops-nix pi4-nixos-hardware pi4-nixos-raspberrypi pi4-disko; then
@@ -44,11 +44,11 @@
    #   fi
      if nix build .\#nixosConfigurations.pi4.config.system.build.toplevel --no-link --impure; then
        echo "pi4 built successfully at $(date)"
-        git add .
-        git commit -m "Pi4 Updates $(date)"
+        # sudo -u admin -g jallen-nas git add .
+        # sudo -u admin -g jallen-nas git commit -m "Pi4 Updates $(date)"
      else
        echo "pi4 failed to build at $(date)"
-        git reset --hard
+        # sudo -u admin -g jallen-nas git reset --hard
      fi
      
      echo "Starting build of pi5 at $(date)"
@@ -59,11 +59,11 @@
    #   fi
      if nix build .\#nixosConfigurations.pi5.config.system.build.toplevel --no-link; then
        echo "pi5 built successfully at $(date)"
-        git add .
-        git commit -m "Pi5 Updates $(date)"
+        # sudo -u admin -g jallen-nas git add .
+        # sudo -u admin -g jallen-nas git commit -m "Pi5 Updates $(date)"
      else
        echo "pi5 failed to build at $(date)"
-        git reset --hard
+        # sudo -u admin -g jallen-nas git reset --hard
      fi
      
      echo "Starting build of jallen-nas at $(date)"
@@ -75,11 +75,11 @@
      export NIXPKGS_ALLOW_UNFREE=1
      if nix build .\#nixosConfigurations.jallen-nas.config.system.build.toplevel --no-link --impure; then
        echo "jallen-nas built successfully at $(date)"
-        git add .
-        git commit -m "Jallen-NAS Updates $(date)"
+        # sudo -u admin -g jallen-nas git add .
+        # sudo -u admin -g jallen-nas git commit -m "Jallen-NAS Updates $(date)"
      else
        echo "jallen-nas failed to build at $(date)"
-        git reset --hard
+        # sudo -u admin -g jallen-nas git reset --hard
      fi

      # git push