omo/gum: add zerotier secrets

machines/cake/hardware-config.nix

@@ -5,7 +5,6 @@
     #"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
   ];
   boot.kernelPackages = lib.mkForce pkgs.linuxPackages_rpi4;
-  #nixpkgs.pkgs = nixpkgs.legacyPackages.aarch64-linux;
   fileSystems = {
     "/" = {
       device = "/dev/disk/by-label/NIXOS_SD";
@@ -17,16 +16,14 @@
   hardware = {
     raspberry-pi."4" = {
       apply-overlays-dtmerge.enable = true;
-      audio.enable = true;  
+      #audio.enable = true;  
       fkms-3d.enable = true; 
     };
-    #deviceTree = {
-    #  enable = true;
-    #  filter = lib.mkForce "*rpi-4-*.dtb";
-    #};
+    deviceTree = {
+      enable = true;
+      filter = lib.mkForce "*rpi-4-*.dtb";
+    };
   };
 
-  nixpkgs.localSystem.system = "aarch64-linux";
-
   environment.systemPackages = [ pkgs.libraspberrypi pkgs.raspberrypi-eeprom ];
 }

machines/gum/config.nix

@@ -7,6 +7,8 @@ let
   allDisks = [ "/dev/sda" "/dev/sdb" ];
 in {
   imports = [
+      
+      ../../2configs/networking/zerotier.nix
       ./hetznercloud
       {
         # wait for mount

machines/gum/facts/zerotier-ip

@@ -0,0 +1 @@
+fdcc:c5da:5295:c853:d499:933d:b874:7e32

machines/gum/facts/zerotier-meshname

@@ -0,0 +1 @@
+7xgmlwsssxefhvezsm63q5d6gi

machines/omo/config.nix

@@ -39,7 +39,7 @@ in {
       ../../2configs/editor/neovim
       # ../../2configs/storj/client.nix
 
-
+      ../../2configs/networking/zerotier.nix
       ../../2configs/backup/state.nix
 
       { makefu.backup.server.repo = "/media/cryptX/backup/borg"; }
@@ -156,7 +156,7 @@ in {
 
       # Temporary:
       # ../../2configs/temp/rst-issue.nix
-      ../../2configs/bgt/social-to-irc.nix
+      # ../../2configs/bgt/social-to-irc.nix
 
     ];
   makefu.full-populate =  true;

machines/omo/facts/zerotier-ip

@@ -0,0 +1 @@
+fdcc:c5da:5295:c853:d499:9359:e39a:d565

machines/omo/facts/zerotier-meshname

@@ -0,0 +1 @@
+7xgmlwsssxefhvezsnm6hgwvmu

machines/omo/hw/omo.nix

@@ -41,6 +41,7 @@ in {
     [ # TODO: unlock home partition via ssh
       ./vaapi.nix
       ../../../2configs/fs/sda-crypto-root.nix
+      ./nvme-extra.nix
     ];
     
   makefu.server.primary-itf = primaryInterface;

machines/wbob/config.nix

@@ -11,6 +11,7 @@ in {
       ./nuc
 
 
+      ../../2configs/networking/zerotier.nix
       ../../2configs/home-manager
       ../../2configs/support-nixos.nix
       ../../2configs/zsh-user.nix
@@ -59,7 +60,8 @@ in {
       { environment.systemPackages = [ pkgs.vlc ]; }
 
       ../../2configs/bam # new hass entry point
-      ../../2configs/bam/led-fader.nix
+      # disable
+      # ../../2configs/bam/led-fader.nix
       ../../2configs/bam/printer.nix
       # ../../2configs/bam/kalauerbot.nix now runs in thales
       # ../../2configs/bam/visitor-photostore.nix

machines/x/config.nix

@@ -6,6 +6,7 @@
       # ./x230
       ./x13
 
+      ../../2configs/networking/zerotier.nix
       ../../2configs/default.nix
       ## Common Hardware Components
       # (self + "/makefu/2configs/hw/mceusb.nix")

sops/secrets/gum-zerotier-identity-secret/machines/gum

@@ -0,0 +1 @@
+../../../machines/gum

sops/secrets/gum-zerotier-identity-secret/secret

@@ -0,0 +1,24 @@
+{
+	"data": "ENC[AES256_GCM,data:7nycDcjXOAXOSVkErx6xlUExS8Rn1T7O0EXD/6peVLzaX2Pk2II2hfLj2h8E7NHQS6cajQgKewdCtveoAJ/2Ndps20ENWD0D3yBQZhBSzfWvjJKhOaRc8zt4lO0HJtVvBLkL8fTEGt3cfaYsfSZmeuK7YINvhibNm+ay6Klx5eAfWYkvBJhMvkPeyXkwrGoECKRtrBkiyvO1bWwOGZ4gFoFyfA91B3rbhDUdF8rLUK7rRkY4kAsWf1EPczKJ0St/rkit6UXp2v9b8+PcSNbZQsOLRdVNF9lhmZx7wfGu5jmjrHWXcgHTDtSro/VPf+qgpmg+MEpeWFXsE8FcDuNjTFq0L84knat6YX0KgXV8,iv:kchginy7XRXhnnqYwRiErMIJj2Wg3XqCvwANP6iietY=,tag:CsTKpyTmHo8jlJ3CjwtQzg==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age13ekyvn5ux7zyvclwlrpnhgauw5s6dzn538msjka8vpwhu535ychqa7dk7a",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIWG9xQms0WCtBekJNRGZq\nOXRSYzNOcVF0WUhaRTNRUHIvM1dKczBZSUNrCklPMWhxUWpuM21KVjF6NEEraDYr\nR1JpQXpvSHdldUFTbzFwYVY4V2RlaGcKLS0tIFJBMy9CeGZCTW81RW5HclgrekhL\nL2plb2RCU0VCZko5VUJxczZRamE1dUUK3pGrUlVuj6dPEPZ5Ul8av4zeH+NlZzQ0\nk1qiRydDa0khgidmY6vJTlA3xV+Ey91dMHgLZ7GAxXrjsoK8R40KrQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1vh6qdlxzfsy8gquvzwsfz40ezkx9m5m9q8sj4225nh3mr9lrjvrqt079mp",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2R1JmTjZyajJwemYrMnND\nNTBvYmc4UEpPQUE5OUw2elVaS1VQL0hKTnpnCmFEbmNZYjVzVTJDRHRLS1I2ekF5\nRjQ2TE1MdnY5RlZYeXk2ZWNmRENFRDgKLS0tIGxjTXhNd3pjTHB2ZVdXVnVuQTdQ\nY2o2ZUVMYUx3YVZCR1NudXF1VnNxRXMKIUbVdJ8BuXgJ3bgRbt8M+IVykbZzKAAQ\nVHP23+uQA4xAtAGqhwGbpfNzN63DRybX4i0/W0HAkdOpmDogKZNiCQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2024-02-14T22:43:12Z",
+		"mac": "ENC[AES256_GCM,data:B7xvcQvbEVhXVQLRqgTrUF8kfEaYu5RTwDRxqpK7mz011mDt5lY+dPBzX724zlzZ7wKiZYoYTXp7e8ufJQsdM1LL3YZtuB65OSPqPRP9bYfEnqYhfxkywNCmwCFeQics+QkZfVtXaoSjd4bKwKKBpYDMZCTzz0HzzeNS0VbToMc=,iv:fHGdSNo74tJOv/mkoaH1ikG58wCUmmJFpi5rat64FRs=,tag:HGFyHDtQ4Oy2AQ855Kt/GA==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.8.1"
+	}
+}

sops/secrets/gum-zerotier-identity-secret/users/makefu

@@ -0,0 +1 @@
+../../../users/makefu

sops/secrets/omo-zerotier-identity-secret/machines/omo

@@ -0,0 +1 @@
+../../../machines/omo

sops/secrets/omo-zerotier-identity-secret/secret

@@ -0,0 +1,24 @@
+{
+	"data": "ENC[AES256_GCM,data:bWvA4ThmuXzQYhzaEiOhap3ObZ2m/SzJniU3bpmF1lejCJhVR/5Y7ugOemG1znNcZbnqihYFI+WCvtvHR542rILP0qEuFlxN4jOWrtRtDmti6VLvF80MV1QgPwqgTdyPWImgYcoOLqQxG/v3SHXY8lwR5wcG8BnQ6qOLNbrbBLxX6CgZqyKjA6nDTCEDBgcd8f9iB0/PdIWADAdcy+y+ngzMbs7jdi2gn6ThtlIMvlJH5dYnmxpX+yXEwgBXDm/DQDxQOk2vf1OPdc6bRzHmBKI+E4LjoL1FHQpKpLW5Pn4Jde4hjMzSEv4JdQ0gzf78YnpVSyk8B/W8ktGxJXQ/PhySuFytOiHrCs474w3h,iv:sb6R4X1Y3JxS3F5X4qQucxmkuFjy0F0DMhC+HyCBx+U=,tag:QscAp6rOLqNfaWdBvWyRfA==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age1g0h4fhgnfr7zvp3mqa32u24k4nlfpqmk4dvl5pwnj7t3m6zl2cfs3mw7ht",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKbDlJMjZ2N2ZvaDdLNWFy\nbVJ0SHFncDdwTXJNaUhFcHExendoc2lTSEZVCmVaVjNKQ2F3YVl0SVRFTlBUdFB6\nU2szMnE3K2pYZmN1REhNMzBveGw3MlEKLS0tIG1jdHh5cm1HR0w2MUtXVWgrcjRV\nbGZVWEF3ZmZvUHJISzBIeCttejl0VzgKV2f5YDKosxnVzeJzcuqG0Wb+60Fd/0UG\n1zZkViEwFm3rKxZ25LsJ27h2FvVYqhMbBRujbgwgE6ZsDRvZ5p8tDw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1vh6qdlxzfsy8gquvzwsfz40ezkx9m5m9q8sj4225nh3mr9lrjvrqt079mp",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBodEFPVGdmUTh1NUZ1WlRu\nUmJHQURhOWM0ZWt0djhBeDVPOXFaTWpuQlNJClRWZ0gwTHFwVTRHVDFvMW8zVEpC\nZVlOR3BnZG5iOXBiN1g3L1hnQWljbEEKLS0tIG5VS3VvKzJXUGdWUkMzaVNQSm9p\ndnE4REpJMk0zV2o5MkRTVXdVVGRSMDgK4wdId9Os1cRlMWvhuIJM620hkn+psb55\neroDvLfYZ7J1wuq+aL+wf2b2kDaiVdCoSoIUONVL8h6rYNWKAfhk2w==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2024-02-14T22:42:42Z",
+		"mac": "ENC[AES256_GCM,data:vhxKg9ch9fDGEWgeM6RTAAx3UIUlGdK4hGxTyVvnMcwCjjhIl4RtR5rD8hQFXpwLbYSkJyUMknBvQSEoJTowOXS7GHdOnpp1THyp4Q4OV/IeBp2yH0aAq9Gzh7hBJLeCeGx7KfMjwfvLHzSa4G1WsA27ckFU8juX7xIxYn3EtxI=,iv:NtUXBGf+iwd8tyctL4ANCWmeaE/HmMYkd/sI+hFC6Gk=,tag:LXnpsa105gdWC+AhuyDEjg==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.8.1"
+	}
+}

sops/secrets/omo-zerotier-identity-secret/users/makefu

@@ -0,0 +1 @@
+../../../users/makefu