fixing fitbit

home-manager/users/sstent/default.nix

@@ -49,6 +49,7 @@
     #git-run
     mr
     perl
+    just
     # beets
     # qemu_kvm
     # nixos-generators
@@ -102,16 +103,34 @@
     };
     ssh = {
       enable = true;
+      extraConfig = ''
+            StrictHostKeyChecking no
+            UpdateHostKeys yes
+            identityFile = "~/.ssh/id_rsa"
+      '';
       matchBlocks = {
-        "*" = {
-          identityFile = "~/.ssh/id_rsa";
-        };
+        # "*" = {
+        #   identityFile = "~/.ssh/id_rsa";
+        # };
         "github.com" = {
           user = "git";
           identityFile = "~/.ssh/id_rsa_git";
         };
+        "192.168.1.*" = {
+          user = "root";
+          extraOptions = {
+            StrictHostKeyChecking = "no";
+            UpdateHostKeys = "yes";
+            UserKnownHostsFile = "/dev/null";
+          };
+        };
         "odroid*" = {
           user = "root";
+          extraOptions = {
+            StrictHostKeyChecking = "no";
+            UpdateHostKeys = "yes";
+            UserKnownHostsFile = "/dev/null";
+          };
         };
       };
     };

hosts/common.nix

@@ -1,180 +1,85 @@
-<<<<<<< HEAD
-# This file (and the global directory) holds config that i use on all hosts
-{
-  lib,
-  inputs,
-  outputs,
-  pkgs,
-  config,
-  ...
-}: {
-  imports =
-    [
-      inputs.home-manager.nixosModules.home-manager
-      inputs.sops-nix.nixosModules.sops
-    ]
-    ++ (builtins.attrValues outputs.nixosModules);
-
-  ###dotfiles path variable
-  options._dotfiles = lib.mkOption {
-    type = lib.types.str;
-    default = "${inputs.self}/home-manager/dotfiles";
-    description = "Path to the dotfiles in this repository";
-  };
-
-  ###secrets path variable
-  options._secrets = lib.mkOption {
-    type = lib.types.str;
-    default = "/run/user/1000/secrets";
-    description = "Path to the Secrets runtime";
-  };
-
-  ###secretstore path variable
-  options._secretstore = lib.mkOption {
-    type = lib.types.str;
-    default = "${inputs.self}/secrets";
-    description = "Path to the Secrets storage";
-  };
-
-  config = {
-    system.stateVersion = "23.05";
-
-    sops = {
-      defaultSopsFile = "${config._secretstore}/host-secrets.yaml";
-      age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
-    };
-
-    home-manager = {
-      useUserPackages = true;
-      extraSpecialArgs = {inherit inputs outputs;};
-      sharedModules = [
-        inputs.sops-nix.homeManagerModules.sops
-      ];
-    };
-
-    nixpkgs.config.allowUnfree = true;
-    programs.fuse.userAllowOther = true;
-    security.sudo.wheelNeedsPassword = false;
-  virtualisation.docker.enable = true;
-
-    # nixpkgs.overlays = overlays;
-    # Enable nix flakes
-    nix.package = pkgs.nixFlakes;
-    nix.extraOptions = ''
-      experimental-features = nix-command flakes
-    '';
-    nix.nixPath = ["nixpkgs=${inputs.nixpkgs}"];
-    #  nix.nixPath = [ "nixpkgs=pkgs.outPath" ];
-    networking.search = ["node.dc1.consul" "service.dc1.consul"];
-
-    #services.envfs.enable = true;
-    environment.systemPackages = [
-      pkgs.git
-      pkgs.home-manager
-      pkgs.sops
-      pkgs.ssh-to-age
-      pkgs.age
-      pkgs.bitwarden-cli
-    ];
-
-    nix.gc = {
-      automatic = true; # Enable the automatic garbage collector
-      dates = "03:15"; # When to run the garbage collector
-      options = "-d"; # Arguments to pass to nix-collect-garbage
-    };
-  };
-}
-=======
 # This file (and the global directory) holds config that i use on all hosts
-{ lib, inputs, outputs, pkgs, config, ... }:
 {
-  imports = [
-    inputs.home-manager.nixosModules.home-manager
-    inputs.sops-nix.nixosModules.sops
-    # ./binfmt.nix
-   ]++ (builtins.attrValues outputs.nixosModules);
+  lib,
+  inputs,
+  outputs,
+  pkgs,
+  config,
+  ...
+}: {
+  imports =
+    [
+      inputs.home-manager.nixosModules.home-manager
+      inputs.sops-nix.nixosModules.sops
+    ]
+    ++ (builtins.attrValues outputs.nixosModules);
 
-###dotfiles path variable
- options._dotfiles = lib.mkOption {
+  ###dotfiles path variable
+  options._dotfiles = lib.mkOption {
     type = lib.types.str;
     default = "${inputs.self}/home-manager/dotfiles";
     description = "Path to the dotfiles in this repository";
   };
 
-###secrets path variable
- options._secrets = lib.mkOption {
+  ###secrets path variable
+  options._secrets = lib.mkOption {
     type = lib.types.str;
     default = "/run/user/1000/secrets";
     description = "Path to the Secrets runtime";
   };
 
-
-###secretstore path variable
- options._secretstore = lib.mkOption {
+  ###secretstore path variable
+  options._secretstore = lib.mkOption {
     type = lib.types.str;
     default = "${inputs.self}/secrets";
     description = "Path to the Secrets storage";
   };
 
-config = {
-  system.stateVersion = "23.05";
+  config = {
+    system.stateVersion = "23.05";
 
+    sops = {
+      defaultSopsFile = "${config._secretstore}/host-secrets.yaml";
+      age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
+    };
 
-  sops = {
-  defaultSopsFile = "${config._secretstore}/host-secrets.yaml";
-  age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
-};
+    home-manager = {
+      useUserPackages = true;
+      extraSpecialArgs = {inherit inputs outputs;};
+      sharedModules = [
+        inputs.sops-nix.homeManagerModules.sops
+      ];
+    };
 
-
-  home-manager = {
-    useUserPackages = true;
-    extraSpecialArgs = { inherit inputs outputs; };
-              sharedModules = [
-                inputs.sops-nix.homeManagerModules.sops
-              ];
-  };
-
-  nixpkgs.config.allowUnfree = true;
-   programs.fuse.userAllowOther = true;
-  security.sudo.wheelNeedsPassword = false;
+    nixpkgs.config.allowUnfree = true;
+    programs.fuse.userAllowOther = true;
+    security.sudo.wheelNeedsPassword = false;
+  virtualisation.docker.enable = true;
 
     # nixpkgs.overlays = overlays;
-  # Enable nix flakes
-  nix.package = pkgs.nixFlakes;
-  nix.extraOptions = ''
-    experimental-features = nix-command flakes
-  '';
-nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
-# nix.extra-platforms = aarch64-linux i686-linux;
+    # Enable nix flakes
+    nix.package = pkgs.nixFlakes;
+    nix.extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+    nix.nixPath = ["nixpkgs=${inputs.nixpkgs}"];
+    #  nix.nixPath = [ "nixpkgs=pkgs.outPath" ];
+    networking.search = ["node.dc1.consul" "service.dc1.consul"];
 
-#  nix.nixPath = [ "nixpkgs=pkgs.outPath" ];
-# boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
-boot.binfmt.emulatedSystems = ["armv7l-linux" "aarch64-linux"];
+    #services.envfs.enable = true;
+    environment.systemPackages = [
+      pkgs.git
+      pkgs.home-manager
+      pkgs.sops
+      pkgs.ssh-to-age
+      pkgs.age
+      pkgs.bitwarden-cli
+    ];
 
-nix.settings.substituters = [
-  "https://fbleagh.cachix.org"
-  "https://cache.armv7l.xyz"
-  "https://arm.cachix.org"
-  "https://thefloweringash-armv7.cachix.org" ];
-nix.settings.trusted-public-keys = [ 
-  "fbleagh.cachix.org-1:HNgEVkx9HfKmEQdR+9IeCwqFza0k8d8fJgcYvOTVDB8="
-  "cache.armv7l.xyz-1:kBY/eGnBAYiqYfg0fy0inWhshUo+pGFM3Pj7kIkmlBk="
-  "arm.cachix.org-1:K3XjAeWPgWkFtSS9ge5LJSLw3xgnNqyOaG7MDecmTQ8="
-  "thefloweringash-armv7.cachix.org-1:v+5yzBD2odFKeXbmC+OPWVqx4WVoIVO6UXgnSAWFtso="
-]; 
-nix.settings.trusted-users = [ "root" "sstent" ];
-
-#services.envfs.enable = true;
-  environment.systemPackages = [
-    pkgs.git
-    pkgs.home-manager
-    pkgs.sops
-    pkgs.ssh-to-age
-    pkgs.age
-    pkgs.qemu
-    pkgs.cachix
-  ];
-
-};
+    nix.gc = {
+      automatic = true; # Enable the automatic garbage collector
+      dates = "03:15"; # When to run the garbage collector
+      options = "-d"; # Arguments to pass to nix-collect-garbage
+    };
+  };
 }
->>>>>>> dacf7df (updates)

secrets/user-secrets.yaml

@@ -8,20 +8,38 @@ sops:
         - recipient: age1jvqe2j70h97844nkz34z9k4epx3uahx50cx75ss8mty2dnxlrf7qqv9a0g
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4UjNiUjlqak1vVDk2djY5
-            R1dyVWIxejN0UUVJK09janRLQXRrTGdQWHdBCmFxZm9xSHJCVHlFNFJNY2JGMlVC
-            YVgreFpGWWVtYmtvcXVGVS83NzF4aFkKLS0tIG03Vk9kV3hHSzcrZnRmOWlPMU11
-            TGFRcGpNbEI2aDV6Zmtua2pPMUxuNTAK8Y7ne/PUPcqsShppsycuimjctu/N4oFp
-            kFfMx2AVMln/1hk3Co3gKmFKJMKH3BKFuHN8ilhmhznqeHDngmwj9g==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4bWJYMHF3Kyt0ekZzSy82
+            NUJsVy80YnNOdENPUzF5VlZ6ZGhzc1g0cWdZCnZNcGZ6UmdsQ0l4S2d2NlFLd2o4
+            bGJrSFAvV2w4UG43a28wTC9UOUYzN28KLS0tIExWZGJmUEk1UDhSbHRlZWJwMlpk
+            eFliNGR6MjZNa2sva3pzbGxiMmVURm8Ka5gn7I3Mr76gc3XCwwm31wUuIWhhYO/T
+            mSAkCZmpVeVDdBbpKVMmNyNlV35fjaghNonv+TR65o4kiTzw9C8R3A==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1r86w07gy3nm2ltkqx7wcv94wzneeqmqvcm88nzw4g902kdgwgvdqvjumrj
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0SmJXdlNPRVlVVFpMb2d0
-            S1IvZE84UHFlZ25WaHBiM3ZCSkM5MTNNdmw0CkVnbnErSkVPc1B5eHUrNE93VWJN
-            VkpmQ0NuTE44akIwMHpVQUpoSlVZM0kKLS0tIDhGZ0lLUU92bTF0Q0ZIRjR5TTJN
-            UXBZSFhvS0ovS1ZvbHJKWXlNRlp0RXMKmggbbiJCLGVqpkTr+f+hB6rxWN+Q/aFm
-            sC/nzdX/ORUPOVn7IOrDX/To3Ub8A7leFFcHPcO5jV/Tgc3WzFLFGg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtUW8yUWNIQmZlWENZN2hP
+            VWZrV1puRnVETHlYRDlheTRadlNkR3lQZ1RvCjJwNEtxTjhoLytYWFZZUHlEK1Vu
+            ZTB4S29WMDdHbVJBSUJvalVGaFdkN2sKLS0tIGVEbjdxK212RVNqNGs3cFNnQk55
+            L29aeUVjTkQ4T1ZoKzRaamdGY2FPM00KTryQDX4dTSi2+indooo7y1GvxkjBrsy1
+            BUoPg77hIIKwwJDJQM/NcJlMJ4gZiq03bdXANtAtb0ms72AmJV9XFQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1t6zzuxzzlfvqfhcvj3vyngfguxrw960c5u9hjwd05k5q9zp7l3gqyjatew
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxdll4Vk8rMUowOFAwZ0ps
+            QXYwZERGdG9VRmUvaGVhWTZBN0VvamFsQlRjCmZuVk5xbnF6R3FLSVZTcmIrNVdN
+            Yi9aejYwTFR3cmJXNFNncUEwNElEOEkKLS0tIGhWcWFqcEUvS2s4THQ0dnVybzlT
+            bG1OTUJ4U3F6K08zUWIvSmxFVVlBdnMKAItTArCDEik/ARqXYgG3EuYgLjmtjHbR
+            z83JAbL8xSINAt0Jw5yFmWH/SU0vu4rH+tcp2kY9t41VArxYt7YqJw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age187fdx6pc2559tjh03jrcwp6yj8whd70h666g8a0ptyr0z49tfcsssdx6au
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxMHc5QmtCR3R1cDNwZzRr
+            SzJ2R1dUcWxRRE9SdUJGUnZnYktBOEJDVzJBCmdDTUJ3SDY4QU1pWGJRZFBEa3pF
+            blkwWVNSeFdwM201czRrcDdsOUNEUU0KLS0tIE9aamZQTDdPVGowQXQ3NmxhdHFF
+            Q292Wm0wMWh3VHovZGZXWndIbng1dGcKhotxb3slRuj5QjUTTkRTu+O2ClKaLGhR
+            YwlXpH2yjI/4L52ygljDz6Kk89QBdivp7Yc5jzSOI83L3MNaU1UrTw==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2023-10-21T15:32:27Z"
     mac: ENC[AES256_GCM,data:ZIUWEEEHwngFPtBuNslrFku6ONAWYXF4MDIUx1iN12zBihRVO6PBKEd3k1+We+ziJu1D6DwdLT2udqa/PstTt9tRmdTtnJX70i7fyYqY0tMFokcqGLd0s3kF/G1yXYcLusBwo7W33eIucWcuYo6gkgMYYPXvjULPxnV9aJ0ZVR8=,iv:awUr49ELmvdRIkrxHjEgoOLB99IMiH4/TIl2H5upODc=,tag:SkUzPLO6PKYFARw5hQIm4g==,type:str]

sops

@@ -0,0 +1,27 @@
+bootstrap-repos:$
+	mr --trust-all bootstrap /run/user/1000/secrets/mrconfig$
+$
+update-repos:$
+    cd ~/vmimages$
+    sops -e ~/justfile > /secrets/user_dotfiles/test$
+$
+$
+sops-updatekeys:$
+    #!/usr/bin/env bash$
+    cd ~/vmimages$
+    sops updatekeys secrets/user-secrets.yaml$
+    sops updatekeys secrets/host-secrets.yaml$
+    sops updatekeys secrets/*.yaml$
+$
+run SERVICE: $
+	nomad run ~/projects/nomad/nomad_jobs/enabled/{{SERVICE}}.nomad$
+purge SERVICE: $
+	nomad stop --purge {{SERVICE}}$
+stop SERVICE: $
+	nomad stop ~/projects/nomad/nomad_jobs/enabled/{{SERVICE}}$
+$
+exec SERVICE:$
+   ID=$(nomad status {{SERVICE}} | grep "running" | grep "{{SERVICE}}" | head -n 1| awk '{print $1}'); nomad alloc exec -task {{SERVICE}} -t ${ID} /bin/bash$
+$
+sh SERVICE:$
+   ID=$(nomad status {{SERVICE}} | grep "running" | grep "{{SERVICE}}" | head -n 1| awk '{print $1}'); nomad alloc exec -task {{SERVICE}} -t ${ID} /bin/sh$