From f88b81672aa7c98380cc8e21ebba4911fc801d8d Mon Sep 17 00:00:00 2001 From: Vegard Bieker Matthey Date: Sun, 8 Feb 2026 00:05:45 +0100 Subject: [PATCH 1/7] skrot: init --- flake.nix | 1 + hosts/skrot/configuration.nix | 24 +++++++++++++++++++++ hosts/skrot/hardware-configuration.nix | 30 ++++++++++++++++++++++++++ values.nix | 4 ++++ 4 files changed, 59 insertions(+) create mode 100644 hosts/skrot/configuration.nix create mode 100644 hosts/skrot/hardware-configuration.nix diff --git a/flake.nix b/flake.nix index b533518..2be210f 100644 --- a/flake.nix +++ b/flake.nix @@ -184,6 +184,7 @@ }; ildkule = stableNixosConfig "ildkule" { }; #ildkule-unstable = unstableNixosConfig "ildkule" { }; + skrot = stableNixosConfig "skrot" { }; shark = stableNixosConfig "shark" { }; wenche = stableNixosConfig "wenche" { }; temmie = stableNixosConfig "temmie" { }; diff --git a/hosts/skrot/configuration.nix b/hosts/skrot/configuration.nix new file mode 100644 index 0000000..5a976c3 --- /dev/null +++ b/hosts/skrot/configuration.nix @@ -0,0 +1,24 @@ +{ + fp, + lib, + values, + ... +}: + +{ + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + (fp /base) + ]; + + systemd.network.networks."enp2s0" = values.defaultNetworkConfig // { + matchConfig.Name = "enp2s0"; + address = with values.hosts.skrot; [ + (ipv4 + "/25") + (ipv6 + "/64") + ]; + }; + + system.stateVersion = "26.05"; # Did you read the comment? +} diff --git a/hosts/skrot/hardware-configuration.nix b/hosts/skrot/hardware-configuration.nix new file mode 100644 index 0000000..a33c6a1 --- /dev/null +++ b/hosts/skrot/hardware-configuration.nix @@ -0,0 +1,30 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/0dfcdb69-80ce-429f-8504-200754b240e6"; + fsType = "ext4"; + }; + + fileSystems."/etc" = + { device = "overlay"; + fsType = "overlay"; + }; + + swapDevices = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/values.nix b/values.nix index 6c46165..98edfe6 100644 --- a/values.nix +++ b/values.nix @@ -85,6 +85,10 @@ in rec { ipv4 = pvv-ipv4 235; ipv6 = pvv-ipv6 235; }; + skrot = { + ipv4 = pvv-ipv4 237; + ipv6 = pvv-ipv6 237; + }; temmie = { ipv4 = pvv-ipv4 167; ipv6 = pvv-ipv6 167; -- 2.52.0 From 7ba8b47d7d54f3aba58f84859bac174c322e3039 Mon Sep 17 00:00:00 2001 From: System administrator Date: Tue, 10 Feb 2026 15:12:53 +0100 Subject: [PATCH 2/7] setup nix for skrot --- flake.nix | 6 +++- hosts/skrot/configuration.nix | 1 + hosts/skrot/disk-config.nix | 41 ++++++++++++++++++++++++++ hosts/skrot/hardware-configuration.nix | 15 ---------- 4 files changed, 47 insertions(+), 16 deletions(-) create mode 100644 hosts/skrot/disk-config.nix diff --git a/flake.nix b/flake.nix index 2be210f..995dcf6 100644 --- a/flake.nix +++ b/flake.nix @@ -184,7 +184,11 @@ }; ildkule = stableNixosConfig "ildkule" { }; #ildkule-unstable = unstableNixosConfig "ildkule" { }; - skrot = stableNixosConfig "skrot" { }; + skrot = stableNixosConfig "skrot" { + modules = [ + inputs.disko.nixosModules.disko + ]; + }; shark = stableNixosConfig "shark" { }; wenche = stableNixosConfig "wenche" { }; temmie = stableNixosConfig "temmie" { }; diff --git a/hosts/skrot/configuration.nix b/hosts/skrot/configuration.nix index 5a976c3..61c1221 100644 --- a/hosts/skrot/configuration.nix +++ b/hosts/skrot/configuration.nix @@ -9,6 +9,7 @@ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix + ./disk-config.nix (fp /base) ]; diff --git a/hosts/skrot/disk-config.nix b/hosts/skrot/disk-config.nix new file mode 100644 index 0000000..723f158 --- /dev/null +++ b/hosts/skrot/disk-config.nix @@ -0,0 +1,41 @@ +{ + disko.devices = { + disk = { + main = { + device = "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + type = "EF00"; + size = "1G"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + plainSwap = { + size = "8G"; + content = { + type = "swap"; + discardPolicy = "both"; + resumeDevice = false; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/skrot/hardware-configuration.nix b/hosts/skrot/hardware-configuration.nix index a33c6a1..cafc847 100644 --- a/hosts/skrot/hardware-configuration.nix +++ b/hosts/skrot/hardware-configuration.nix @@ -1,6 +1,3 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. { config, lib, pkgs, modulesPath, ... }: { @@ -13,18 +10,6 @@ boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/0dfcdb69-80ce-429f-8504-200754b240e6"; - fsType = "ext4"; - }; - - fileSystems."/etc" = - { device = "overlay"; - fsType = "overlay"; - }; - - swapDevices = [ ]; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } -- 2.52.0 From 90482617568005322a41bbaf93d77c67da7d5b07 Mon Sep 17 00:00:00 2001 From: System administrator Date: Tue, 10 Feb 2026 20:52:52 +0100 Subject: [PATCH 3/7] sopsing --- .sops.yaml | 13 +++++ flake.nix | 2 + hosts/skrot/configuration.nix | 33 ++++++++++++- secrets/skrot/skrot.yaml | 93 +++++++++++++++++++++++++++++++++++ 4 files changed, 140 insertions(+), 1 deletion(-) create mode 100644 secrets/skrot/skrot.yaml diff --git a/.sops.yaml b/.sops.yaml index 974a386..ee69f6c 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -22,6 +22,7 @@ keys: - &host_lupine-5 age199zkqq4jp4yc3d0hx2q0ksxdtp42xhmjsqwyngh8tswuck34ke3smrfyqu - &host_skrott age1lpkju2e053aaddpgsr4ef83epclf4c9tp4m98d35ft2fswr8p4tq2ua0mf - &host_ustetind age1hffjafs4slznksefmtqrlj7rdaqgzqncn4un938rhr053237ry8s3rs0v8 + - &host_skrot age1hzkvnktkr8t5gvtq0ccw69e44z5z6wf00n3xhk3hj24emf07je5s6q2evr creation_rules: # Global secrets @@ -147,3 +148,15 @@ creation_rules: - *user_vegardbm pgp: - *user_oysteikt + - path_regex: secrets/skrot/[^/]+\.yaml$ + key_groups: + - age: + - *host_skrot + - *user_danio + - *user_felixalb + - *user_pederbs_sopp + - *user_pederbs_nord + - *user_pederbs_bjarte + - *user_vegardbm + pgp: + - *user_oysteikt diff --git a/flake.nix b/flake.nix index 995dcf6..6322b6b 100644 --- a/flake.nix +++ b/flake.nix @@ -187,7 +187,9 @@ skrot = stableNixosConfig "skrot" { modules = [ inputs.disko.nixosModules.disko + inputs.dibbler.nixosModules.default ]; + overlays = [inputs.dibbler.overlays.default]; }; shark = stableNixosConfig "shark" { }; wenche = stableNixosConfig "wenche" { }; diff --git a/hosts/skrot/configuration.nix b/hosts/skrot/configuration.nix index 61c1221..5129ae1 100644 --- a/hosts/skrot/configuration.nix +++ b/hosts/skrot/configuration.nix @@ -1,7 +1,9 @@ { fp, lib, + config, values, + pkgs, ... }: @@ -13,6 +15,8 @@ (fp /base) ]; + sops.defaultSopsFile = fp /secrets/skrot/skrot.yaml; + systemd.network.networks."enp2s0" = values.defaultNetworkConfig // { matchConfig.Name = "enp2s0"; address = with values.hosts.skrot; [ @@ -21,5 +25,32 @@ ]; }; - system.stateVersion = "26.05"; # Did you read the comment? + sops.secrets = { + "dibbler/postgresql/password" = { + owner = "dibbler"; + group = "dibbler"; + }; + }; + + services.dibbler = { + enable = true; + kioskMode = false; + limitScreenWidth = 80; + limitScreenHeight = 42; + + settings = { + general.quit_allowed = false; + database = { + type = "postgresql"; + postgresql = { + username = "pvv_vv"; + dbname = "pvv_vv"; + host = "postgres.pvv.ntnu.no"; + password = config.sops.secrets."dibbler/postgresql/password".path; + }; + }; + }; + }; + + system.stateVersion = "25.11"; # Did you read the comment? Nah bro } diff --git a/secrets/skrot/skrot.yaml b/secrets/skrot/skrot.yaml new file mode 100644 index 0000000..21f7aba --- /dev/null +++ b/secrets/skrot/skrot.yaml @@ -0,0 +1,93 @@ +dibbler: + postgresql: + password: ENC[AES256_GCM,data:Cwu0YAyCB1rOSK5xpEOic6HWNjQ=,iv:eR3OQ482VHFq7KcjIzA0+kMVObVIzHlDVJY4FMRM154=,tag:0Djwf7rFyZ0kfe8F12SUgg==,type:str] +sops: + age: + - recipient: age1hzkvnktkr8t5gvtq0ccw69e44z5z6wf00n3xhk3hj24emf07je5s6q2evr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONDg0ejdDbUxReW80SmNx + MzV5MVRCdENwekNGaGZnNUN2TjZicm52UUZrCjEvZEpLaWVPUUNEU3RIRHNXQmNG + ZVJaaUNqYTN3S2VUaWVZUUNGeUhacGsKLS0tIFNDc1BsaFR6N1RIMW9WK2xHblF0 + V1RsejRiZE56clBSN2NPUVhDM2Q4K2MKLouvlu6ki9BM+8usEGoLLdhPFJlgNakw + +b736dl6QD9vXBY9nC/9U0AYtgRfPiVlUe4CuYtZM0zSpWSoLCwWyg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2NTkvMGZ4amtKYklvMTB1 + bWxiaUVkbUFjdEJtbDNsQkNhNFZNNWhucUJVCm9RVTc2cVVvbDZSNFJwbm90dWov + YnVmRG1qcmluWituelExd1VQK3dPU28KLS0tIDVuSUFDbFZITjh0Q2k5Vk83Kzla + TjBDdVZwNFRRUU4vb0k1OEFPZDI4LzAKuegMuRtzR6LIRk3EHkeeGMLvlyKZPtm3 + pJ2/3z2dLLzxmIvMS2zs2Gtdf/0EFl8KsdvH6SdmvpXV2JicRkwu/A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIeTh1d01XOEhxMFVJZXhH + MkIyZWE3eGRFazBWUUEvVXU2QnJwakZ4VFZ3CnB1ZVA1ZkNwU3dhZFRyQlZMWU9a + OGpxVWJZTDBlWEorcGdDcnRiUVIvWW8KLS0tIEhFS2I4NkV5L1BTVWpjU2Z5WDFX + clhUdHBGWjlET0VtNGRwcjQvczhtTVEKxoQNXzw1A5Jv3aPxuwSBKMGXxXIJIFr9 + wt/PZTkfeR1M5Z/SoQ773HkXzdv3If9g9Bes/qAFmKwYdZZdCGBm2w== + -----END AGE ENCRYPTED FILE----- + - recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIMmdoN2JrYWt0cGNXOWkz + YjRLdHBhc0pGSlcwbnlnR0tXVFBmZEJ1a1Z3CndpeVpKbWg3eVUrUUlSV2c1dXNO + SnVPMUFSWkF0R1ZzOEVUcGVPTXR2dGMKLS0tIG05UjBuamhlVkVrWHBmUjdmRFVF + Ukl6clVvM1BMNXhWTlNpQU1RMkxGTTAKEmjXEKtRLhSH5ObGAtzYNEN48ga0bNhB + 5yoOqAcHcg2Afd5vFWmwrn5EhKH7vqD69UcDDZQosLqx2Wqt181K8Q== + -----END AGE ENCRYPTED FILE----- + - recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIakZLbytvL2JyMUY0MXRv + eU1EZVQwVTdYU2N6cU5Zc01PSm9lQ2h5NWtjCks5MmNubXRmbmN4bkNxMHgyaGhh + SDRoOWFnZUQ3YS9FZ0VhM1NJbldjOXcKLS0tIDlrNlNrUWpiL1J6b09wem8wRHJM + NzFWbDZJWHUvMzcwaEw1YWtLd1ZDcGcKHWIlQrTolk86EpizwELuyJ16lc/DWxpa + 4OwXk5wy0JLbTssOm6Sk5oM4p/K/ucImuGWK1h15n9y6+xNiSkgWSw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArZDV3M283SEROVDlKS3pV + dG5qNU85QnlrYTk5eWFOK1NRVnN3RGdXRVRrCmk4UEZXYUlqclZGblc0Y2l1bXlI + eWQ4MzhzaHoyWXo2RzVvZ3ZvUVljWHMKLS0tIE1hOEp5dUNHZS83WSs0UnlvRTlL + Um5UdkxuZ1dwUGxqVC9hV2lkMFVVOEkKrS2hVTY87NLqtzCtiEyN2oD0EoAbQKWn + GZlT+Doqq69T68vHwtflv1/GUY9K9V6tYGtRaQw1Z2909GdJxqVdng== + -----END AGE ENCRYPTED FILE----- + - recipient: age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6anBHYXMyY0RBQTRWNW1C + QklPN3VKYmpYOUlFbGQ4ckN6VWNNa1AyY1RNClBITkFMYXorQjJBK0lzNGRkZDQz + YU84ZjJiSXliU05qUlhGSmpxT3RxNGcKLS0tIHlSU0RPREJaNlZ4VHBRd0czSFJF + dXl3cUJVRmU0dElBRVd1TjJQeU16aWcKWrYyTNBX827tD5Tk3s9VLvXjaz332EFa + oPnpiv7V5EMLPtA3FF/U8GiO8+/FsTbsTsHpkMPBv2AJLjmwhgXPVg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-02-10T19:46:45Z" + mac: ENC[AES256_GCM,data:Gz6+N/4svz3l+Jey3vpMV9MCSlbdf5IdZohVH7kyLY6x0zspJzYU257AQeYGOnFwqUt6PqFCdIQJv7QbaZv2OtnE+S+jU9D8e9r18ua56s2NCU49vCAedQyzWyZ+bsrAMAzskbwGAKX5YKaa4QCFbuBDVD8YpXDMsdJCOa5U/V0=,iv:STvRoWf2RUsa9VeBANtOM/mMVK5+4TqmdZuMLhVpBB4=,tag:Q15oLI6rCFNZrbQ/UqxcpA==,type:str] + pgp: + - created_at: "2026-02-10T19:44:48Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA0av/duuklWYARAA2kRHL3b7E8/2h2bhYyhcZ+g/x6f1xAHWBrvJDfK85K2w + /xsGmJsFj0xNaApyCE0Nimn0+FC9Qu2e01bgLg9MNnTCefyBjJ11uFKhztz5btV/ + +y4bqG9J+ufWlI+fVKOwgai2oEFg0DFBqmn9cQCVnr7yWLYwN9Ijshrbu9eWVQcm + lmloD3Tn4pvYUz91qUIYHM8zqJvXVHCc4dBeiE9XlW5/+hOn9VllEdEc4NZFMGfA + LBJ5CmTGtAUlWc+j9A36zFch/qA+pQocnlTHC2e5or5jISu/mPvsEBZVwfq58Rp7 + AKcwkjiT8/0c1wRWodMYpBIDB1kI4UCaUx5zURLg94Kt4E3vNnNAGckVAcoWfeLt + wlQSmM13lyMoMw3tl4rs7j+PA8mBp3V+uMp55klFTDoaoyIwee88J8B6ydFmrGh1 + 0KNwfraBY/oLkizxR9uZcX2SqZWxjm6uIOVt8Wbo9cO2+IebZGkZ6msyiaGFYD59 + THxVWDG9vMHUCy/3vJOiz0BiUSrD/vnRR4jDirMJD8phfHsjuBBdZmIf5RcfqRLE + rc0A/eiQp3dhe3RzqaItBmawIVMUY8ot8zANqauI3jo3+KjohBjM/cBDiqUBtz8t + NYwEZG5oXhvml2rT/Eox9L5BzGeQN7srEg7G6s1MvrbaJA1iIVbjxcxEc6/cA2/S + XgGP6AGgbsZrQQP16N9+3inKgFdC66mmv6nvoeLhMr9faAMLcBUSNUvfjOpJYNuT + ULvYqCIT3k9MweXgk/ZV1tnp7s4ZFkagt2L6XBUzCwykmh02IBP0NRBvMvYhgAQ= + =55HC + -----END PGP MESSAGE----- + fp: F7D37890228A907440E1FD4846B9228E814A2AAC + unencrypted_suffix: _unencrypted + version: 3.11.0 -- 2.52.0 From 9d7cadbcbeb224f69cd9243a362d6043a4e2bf15 Mon Sep 17 00:00:00 2001 From: Vegard Bieker Matthey Date: Tue, 10 Feb 2026 21:02:54 +0100 Subject: [PATCH 4/7] other decrypt yaml file thing --- secrets/skrot/skrot.yaml | 106 +++++++++++++++++++-------------------- 1 file changed, 53 insertions(+), 53 deletions(-) diff --git a/secrets/skrot/skrot.yaml b/secrets/skrot/skrot.yaml index 21f7aba..3485aa3 100644 --- a/secrets/skrot/skrot.yaml +++ b/secrets/skrot/skrot.yaml @@ -1,92 +1,92 @@ dibbler: postgresql: - password: ENC[AES256_GCM,data:Cwu0YAyCB1rOSK5xpEOic6HWNjQ=,iv:eR3OQ482VHFq7KcjIzA0+kMVObVIzHlDVJY4FMRM154=,tag:0Djwf7rFyZ0kfe8F12SUgg==,type:str] + password: ENC[AES256_GCM,data:3X9A3jOpFVRuBg0gRiCEsZVKfLI=,iv:XC7LBNUhALk9IEhItV8fO5p/m7VKL0REBY1W2IZt7G4=,tag:l18R7EhbOlucZHFQiEvpHw==,type:str] sops: age: - recipient: age1hzkvnktkr8t5gvtq0ccw69e44z5z6wf00n3xhk3hj24emf07je5s6q2evr enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONDg0ejdDbUxReW80SmNx - MzV5MVRCdENwekNGaGZnNUN2TjZicm52UUZrCjEvZEpLaWVPUUNEU3RIRHNXQmNG - ZVJaaUNqYTN3S2VUaWVZUUNGeUhacGsKLS0tIFNDc1BsaFR6N1RIMW9WK2xHblF0 - V1RsejRiZE56clBSN2NPUVhDM2Q4K2MKLouvlu6ki9BM+8usEGoLLdhPFJlgNakw - +b736dl6QD9vXBY9nC/9U0AYtgRfPiVlUe4CuYtZM0zSpWSoLCwWyg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTk5YU3Z2Yy9HS1R4ME5I + UU1PRWVncHJYcXY5RlFpOWVQUWZsdy93ZDFBCnlxWkpaL1g5WmNSckNYd202WE40 + RkwwSEM1YUNNZmozejlrdW8yY1JiekkKLS0tIHVWY0JKZm9CNWhzVGl4cG82UXZs + ZnllQzJiK1ZkRmFndmtYdW9IclFWY1EK82f1iGt3nt8dJnEQlMujNqConf6Qq6GX + hqoqPoc2EM4kun28Bbpq4pAY7eEPRrWFqOkjYVvgIRoS88D7xT3LWg== -----END AGE ENCRYPTED FILE----- - recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2NTkvMGZ4amtKYklvMTB1 - bWxiaUVkbUFjdEJtbDNsQkNhNFZNNWhucUJVCm9RVTc2cVVvbDZSNFJwbm90dWov - YnVmRG1qcmluWituelExd1VQK3dPU28KLS0tIDVuSUFDbFZITjh0Q2k5Vk83Kzla - TjBDdVZwNFRRUU4vb0k1OEFPZDI4LzAKuegMuRtzR6LIRk3EHkeeGMLvlyKZPtm3 - pJ2/3z2dLLzxmIvMS2zs2Gtdf/0EFl8KsdvH6SdmvpXV2JicRkwu/A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5WTJIOUcxRlBuNmRrNUZo + MXFxeVJBTEhDK00yTUw1U2dHckNFYWZKWkhNCnYxYmtrUEVvd1RaYUI5WTRTRW16 + S2NhbDdpdDZhSkVWeUhjZDhKd3ZpTmcKLS0tIFovWm5lOXBzcnN3Zm5GQlBhNmlp + eTB4WldMNW9GNUwwaEUzRThsemxRVzQKGpa0J2PBzDRdHijm0e3nFAaxQCHUjz+L + KataXJEMCijJ6k+7vpb5QMxe2jB1J2PMxNGFp0bWAy2Al3p/Ez2Kww== -----END AGE ENCRYPTED FILE----- - recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIeTh1d01XOEhxMFVJZXhH - MkIyZWE3eGRFazBWUUEvVXU2QnJwakZ4VFZ3CnB1ZVA1ZkNwU3dhZFRyQlZMWU9a - OGpxVWJZTDBlWEorcGdDcnRiUVIvWW8KLS0tIEhFS2I4NkV5L1BTVWpjU2Z5WDFX - clhUdHBGWjlET0VtNGRwcjQvczhtTVEKxoQNXzw1A5Jv3aPxuwSBKMGXxXIJIFr9 - wt/PZTkfeR1M5Z/SoQ773HkXzdv3If9g9Bes/qAFmKwYdZZdCGBm2w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZaW1ZSXhVeFVTQW9WYzVh + WkVUM2JkOU5VNU9oQXE2Y2pvcFlOWTdvbnpJClduS0RHL2xja291a2doQ0wzbzhQ + NmJOSGVvQUdxM3IvaS8zRW1VbVhvYmsKLS0tIHoyOUdvT0xXWXo3SWcyQ1lqTmJS + ZUdnS2RvOXI1dGNYQTl6ZHE1cUdMWHMK4ycAJQLyKCgJIzjQ02bPjz4Ct9eO6ivw + kfWhyMaoWwM9PhFcwSak0cLpX0C/IOzSzO78pf3WhG16pV7aXapdog== -----END AGE ENCRYPTED FILE----- - recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIMmdoN2JrYWt0cGNXOWkz - YjRLdHBhc0pGSlcwbnlnR0tXVFBmZEJ1a1Z3CndpeVpKbWg3eVUrUUlSV2c1dXNO - SnVPMUFSWkF0R1ZzOEVUcGVPTXR2dGMKLS0tIG05UjBuamhlVkVrWHBmUjdmRFVF - Ukl6clVvM1BMNXhWTlNpQU1RMkxGTTAKEmjXEKtRLhSH5ObGAtzYNEN48ga0bNhB - 5yoOqAcHcg2Afd5vFWmwrn5EhKH7vqD69UcDDZQosLqx2Wqt181K8Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqaml0OVlhcUJSU1hSY3lP + bkM0cUV4Z2ZLeERHZ3BUNExuYS9KSU5CekQ4CmQ3SE1vdDBtdFJ6czZYR3U5Tk1X + SFJmTVlERjBzV0hFalFLMmVLQzNNdXMKLS0tIDdJLzZveFdnYTI0azk1UXJZLzZF + Sy9XbjhwOFR6SFpaNHZLd3ZxdmxOVUEKBBbGmdVVlKHxO+/iODznLP3+dJGppybW + +1k9uenVHzie+pDKcrQpSyX2WDnmgg7hUAUiXPuz1eEWmwbRJnU/5w== -----END AGE ENCRYPTED FILE----- - recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIakZLbytvL2JyMUY0MXRv - eU1EZVQwVTdYU2N6cU5Zc01PSm9lQ2h5NWtjCks5MmNubXRmbmN4bkNxMHgyaGhh - SDRoOWFnZUQ3YS9FZ0VhM1NJbldjOXcKLS0tIDlrNlNrUWpiL1J6b09wem8wRHJM - NzFWbDZJWHUvMzcwaEw1YWtLd1ZDcGcKHWIlQrTolk86EpizwELuyJ16lc/DWxpa - 4OwXk5wy0JLbTssOm6Sk5oM4p/K/ucImuGWK1h15n9y6+xNiSkgWSw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXK01vOVV5YlhsZ2ljYS91 + OUVEaEpTbXFKOHVNVDVoMTlrS05wRmsyM2dvCjZHOXlCUGowd0J4UlQzSzM5dWJ0 + eU50SHdtZ2ZyUE1JVHdvODFxWDYvRWsKLS0tIDhlRVQ0Mm5Ua0J2aExqMzRyUGlP + RUR6Yi9SUDFCUkZmRk5hYTVFeGloZXcKY/XtaSoW8Pu2wS4oistLSc0T5JvMnt+w + s3yfe/zx9/1K6OtbeljF9FZVOB/dOamvk+Qlfl0T5qush7/WgGzErA== -----END AGE ENCRYPTED FILE----- - recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArZDV3M283SEROVDlKS3pV - dG5qNU85QnlrYTk5eWFOK1NRVnN3RGdXRVRrCmk4UEZXYUlqclZGblc0Y2l1bXlI - eWQ4MzhzaHoyWXo2RzVvZ3ZvUVljWHMKLS0tIE1hOEp5dUNHZS83WSs0UnlvRTlL - Um5UdkxuZ1dwUGxqVC9hV2lkMFVVOEkKrS2hVTY87NLqtzCtiEyN2oD0EoAbQKWn - GZlT+Doqq69T68vHwtflv1/GUY9K9V6tYGtRaQw1Z2909GdJxqVdng== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOM0pFb2tRTURtWmp6elRN + M0xtajlzMTNPMnppcGhJMVlsNHdwWmNGbFVFCnlxM1JQTkR2elAvdytKUEJ3djBS + UnlhL0tLLzY3Z05RU3phNDZIOGtTMFEKLS0tIEpOZDUxU1JQVXJTbmVFQlVkOUcy + eWlyWGhaS1JCNitUSVVScFk2WGEvOG8K2rpYPGx5jhyyRK4UkeJR96wDFr4Frzsr + QWz7fYZRWKWf0H0qn+bm9IfVJiBAlS5i16D1FnipZVmdWefFaZSEPg== -----END AGE ENCRYPTED FILE----- - recipient: age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6anBHYXMyY0RBQTRWNW1C - QklPN3VKYmpYOUlFbGQ4ckN6VWNNa1AyY1RNClBITkFMYXorQjJBK0lzNGRkZDQz - YU84ZjJiSXliU05qUlhGSmpxT3RxNGcKLS0tIHlSU0RPREJaNlZ4VHBRd0czSFJF - dXl3cUJVRmU0dElBRVd1TjJQeU16aWcKWrYyTNBX827tD5Tk3s9VLvXjaz332EFa - oPnpiv7V5EMLPtA3FF/U8GiO8+/FsTbsTsHpkMPBv2AJLjmwhgXPVg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJVFV0WVZrK0wzbnhkcmcz + c2lIdVlKcFpoYjZIWlNPN0M5N2g2WG9YdlRJCjg5YlNoSzQ5YW5yRUVSeTEzRThY + WklKQzlzRXdrUUlFNzF4M1BFZCtPT28KLS0tIDlUOTVIQVZJNFJwTnQxN0Z1ZlQx + MmxPMWNPYzJiOFRqY2VYczhvRm5IR3cKpUVV+zsMolsHI2YK9YqC6ecNT6QXv0TV + d1SpXRAexZBeWCCHBjSdvQBl8AT4EwrAIP2M2o++6i5DaGoGiEIWZQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-02-10T19:46:45Z" - mac: ENC[AES256_GCM,data:Gz6+N/4svz3l+Jey3vpMV9MCSlbdf5IdZohVH7kyLY6x0zspJzYU257AQeYGOnFwqUt6PqFCdIQJv7QbaZv2OtnE+S+jU9D8e9r18ua56s2NCU49vCAedQyzWyZ+bsrAMAzskbwGAKX5YKaa4QCFbuBDVD8YpXDMsdJCOa5U/V0=,iv:STvRoWf2RUsa9VeBANtOM/mMVK5+4TqmdZuMLhVpBB4=,tag:Q15oLI6rCFNZrbQ/UqxcpA==,type:str] + lastmodified: "2026-02-10T20:02:28Z" + mac: ENC[AES256_GCM,data:i8CjVxoD7zdkLNJlI9DCo/tDV5DUI7JdpozLtYZzI7Cu51GayaE2Y3Wg4de6P0L7C3FER04WfRe/h+G9PLZICX/CfSipQysyrEq3Pjt9IKsjytDhP9VYJ36QFGF0PuHUQAMSLts/tAoAvLue6MP+V82l5js9ghvyBrzyBGxoyJw=,iv:QFNxvCYxrSkwy7iT+2BEacNPftDXju1cibprVPDjic0=,tag:496E+oCy/VwTylyaWhQD+A==,type:str] pgp: - - created_at: "2026-02-10T19:44:48Z" + - created_at: "2026-02-10T20:01:32Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA0av/duuklWYARAA2kRHL3b7E8/2h2bhYyhcZ+g/x6f1xAHWBrvJDfK85K2w - /xsGmJsFj0xNaApyCE0Nimn0+FC9Qu2e01bgLg9MNnTCefyBjJ11uFKhztz5btV/ - +y4bqG9J+ufWlI+fVKOwgai2oEFg0DFBqmn9cQCVnr7yWLYwN9Ijshrbu9eWVQcm - lmloD3Tn4pvYUz91qUIYHM8zqJvXVHCc4dBeiE9XlW5/+hOn9VllEdEc4NZFMGfA - LBJ5CmTGtAUlWc+j9A36zFch/qA+pQocnlTHC2e5or5jISu/mPvsEBZVwfq58Rp7 - AKcwkjiT8/0c1wRWodMYpBIDB1kI4UCaUx5zURLg94Kt4E3vNnNAGckVAcoWfeLt - wlQSmM13lyMoMw3tl4rs7j+PA8mBp3V+uMp55klFTDoaoyIwee88J8B6ydFmrGh1 - 0KNwfraBY/oLkizxR9uZcX2SqZWxjm6uIOVt8Wbo9cO2+IebZGkZ6msyiaGFYD59 - THxVWDG9vMHUCy/3vJOiz0BiUSrD/vnRR4jDirMJD8phfHsjuBBdZmIf5RcfqRLE - rc0A/eiQp3dhe3RzqaItBmawIVMUY8ot8zANqauI3jo3+KjohBjM/cBDiqUBtz8t - NYwEZG5oXhvml2rT/Eox9L5BzGeQN7srEg7G6s1MvrbaJA1iIVbjxcxEc6/cA2/S - XgGP6AGgbsZrQQP16N9+3inKgFdC66mmv6nvoeLhMr9faAMLcBUSNUvfjOpJYNuT - ULvYqCIT3k9MweXgk/ZV1tnp7s4ZFkagt2L6XBUzCwykmh02IBP0NRBvMvYhgAQ= - =55HC + hQIMA0av/duuklWYARAAnSjSeI8BybEl1PwNt3KTGcUjpCI+XZPWgNWuvjIymVBv + ZgNESNktJB4loNvd/+TIADE7TqGFQK9ev6IPRoDHHkSMdmJ9Bc/lu2HPO+rJa1yD + vLXbjf8vRa+GkBDV8DTrPPFvSrHY+jv9vQIzY3nQPKMlyV58E85N262q/2gJUfm9 + cy/dYE2BUWMQC1DfiGbBRC4xGHhp94XccOMBkIpchP+BL90ZVpocnxeSrSjBsSLE + wuhMQPRQSI4PFm8ZYajf6tF001HDa5zaqF1lqkTxtxypDDUr8BVb9n/ObaD8omDI + QHQUiPmVgpDs7w2Ph5UgJxK1c+dOcG+mXsl1CHOLldA29sNzDBuh94PKfRl1B3cY + KPoPIqntdn59zzRDbuVJxWeJal7Ffynwsrx4h7w7muIR/FYeaFphsokE5Q6gqwTO + ZqWY2tuQ0CFRtMl7HB7ZVdSsKv6D5DlesXPXdrhQBKRrNylBpSBmcZH8KRAuHGNj + 4GFZRN++GFuq54d7wB689kn+F7+pbNom7CDILXiCrz8+9DjFw0maDRoas8OaUyW6 + kfyJe/YnK94EyCPitkJWYc9uvA2t9y25Rm9uUSvh7WnTFAEK9mJLOal4VgHbqCtg + zSGbdw79U4H0Umbi5eSCvEYNtv7eBzKaS/t6irfDRr1WajNhThcd1wmnvjZYxl3S + XgHOucYvQvxXjqG0B0Qbd12ucYthPO1+gozEzWxJx2wtiL3gClPYOaiteRlO/XQA + WTG6A36X3IxB6qW8lEx12geyjHxFYb82BjyrBnnlj+YcViIBpPQqd8Dz6sl4Rls= + =tCoI -----END PGP MESSAGE----- fp: F7D37890228A907440E1FD4846B9228E814A2AAC unencrypted_suffix: _unencrypted -- 2.52.0 From c1ada2f94d6ba0360ad9d00bcd3147434b1600a3 Mon Sep 17 00:00:00 2001 From: System administrator Date: Fri, 13 Feb 2026 17:57:44 +0100 Subject: [PATCH 5/7] fix sops --- hosts/skrot/configuration.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/hosts/skrot/configuration.nix b/hosts/skrot/configuration.nix index 5129ae1..64ad337 100644 --- a/hosts/skrot/configuration.nix +++ b/hosts/skrot/configuration.nix @@ -3,7 +3,6 @@ lib, config, values, - pkgs, ... }: @@ -34,7 +33,7 @@ services.dibbler = { enable = true; - kioskMode = false; + kioskMode = true; limitScreenWidth = 80; limitScreenHeight = 42; @@ -46,7 +45,7 @@ username = "pvv_vv"; dbname = "pvv_vv"; host = "postgres.pvv.ntnu.no"; - password = config.sops.secrets."dibbler/postgresql/password".path; + password_file = config.sops.secrets."dibbler/postgresql/password".path; }; }; }; -- 2.52.0 From 036f0e17011590218c936ee41e38d8b14cffbe68 Mon Sep 17 00:00:00 2001 From: System administrator Date: Fri, 13 Feb 2026 19:02:02 +0100 Subject: [PATCH 6/7] fix ttyUSB0 things --- hosts/skrot/configuration.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/hosts/skrot/configuration.nix b/hosts/skrot/configuration.nix index 64ad337..e2241b7 100644 --- a/hosts/skrot/configuration.nix +++ b/hosts/skrot/configuration.nix @@ -14,6 +14,8 @@ (fp /base) ]; + boot.consoleLogLevel = 0; + sops.defaultSopsFile = fp /secrets/skrot/skrot.yaml; systemd.network.networks."enp2s0" = values.defaultNetworkConfig // { @@ -51,5 +53,11 @@ }; }; + systemd.services."serial-getty@ttyUSB0" = lib.mkIf (!config.virtualisation.isVmVariant) { + enable = true; + wantedBy = [ "getty.target" ]; # to start at boot + serviceConfig.Restart = "always"; # restart when session is closed + }; + system.stateVersion = "25.11"; # Did you read the comment? Nah bro } -- 2.52.0 From 3b15d1c2c44e51a4a23b1a3e5cca4cf29bced371 Mon Sep 17 00:00:00 2001 From: Vegard Bieker Matthey Date: Sat, 14 Feb 2026 18:22:27 +0100 Subject: [PATCH 7/7] fix skrot and skrott conflict --- hosts/skrott/configuration.nix | 2 +- topology/default.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/skrott/configuration.nix b/hosts/skrott/configuration.nix index a4d9869..b946e1f 100644 --- a/hosts/skrott/configuration.nix +++ b/hosts/skrott/configuration.nix @@ -59,7 +59,7 @@ # zramSwap.enable = true; networking = { - hostName = "skrot"; + hostName = "skrott"; defaultGateway = values.hosts.gateway; defaultGateway6 = values.hosts.gateway6; interfaces.eth0 = { diff --git a/topology/default.nix b/topology/default.nix index 3b743db..7611e63 100644 --- a/topology/default.nix +++ b/topology/default.nix @@ -228,7 +228,7 @@ in { (mkConnection "demiurgen" "eno1") (mkConnection "sanctuary" "ethernet_0") (mkConnection "torskas" "eth0") - (mkConnection "skrot" "eth0") + (mkConnection "skrott" "eth0") (mkConnection "homeassistant" "eth0") (mkConnection "orchid" "eth0") (mkConnection "principal" "em0") -- 2.52.0