From f5f2b3a7900fb1fd5f84bfe0f89e943c63f2dcb6 Mon Sep 17 00:00:00 2001 From: Jacob Hrbek Date: Sun, 10 Nov 2024 11:03:06 +0000 Subject: [PATCH] Test Refactor --- .gitmodules | 8 + default.code-workspace | 1 - flake.lock | 270 ++++++++++-------- flake.nix | 29 +- src/nixos/default.nix | 1 + src/nixos/images/default.nix | 5 + src/nixos/images/recovery/README.md | 3 + .../images/recovery/config/bootloader.nix | 10 + src/nixos/images/recovery/config/disks.nix | 235 +++++++++++++++ src/nixos/images/recovery/config/firmware.nix | 7 + .../recovery/config/hardware-acceleration.nix | 20 ++ src/nixos/images/recovery/config/initrd.nix | 19 ++ src/nixos/images/recovery/config/kernel.nix | 16 ++ .../images/recovery/config/networking.nix | 12 + src/nixos/images/recovery/config/plymouth.nix | 16 ++ src/nixos/images/recovery/config/printing.nix | 7 + src/nixos/images/recovery/config/security.nix | 21 ++ src/nixos/images/recovery/config/setup.nix | 50 ++++ src/nixos/images/recovery/config/sound.nix | 35 +++ src/nixos/images/recovery/config/vm-build.nix | 24 ++ src/nixos/images/recovery/default.nix | 47 +++ .../images/recovery/lib/recovery-export.nix | 27 ++ .../images/recovery/releases/default.nix | 7 + .../recovery/releases/stable/default.nix | 184 ++++++++++++ .../stable/recovery-nixos-stable-install.sh | 110 +++++++ .../secrets/recovery-disks-password.age | 11 + .../secrets/recovery-ssh-ed25519-private.age | 15 + src/nixos/images/recovery/services/binfmt.nix | 11 + .../recovery/services/distributedBuilds.nix | 37 +++ .../images/recovery/services/openssh.nix | 26 ++ src/nixos/images/recovery/services/tor.nix | 11 + src/nixos/images/recovery/status | 1 + src/nixos/machines/morph/config/disks.nix | 2 +- src/nixos/machines/morph/default.nix | 5 + .../morph-builder-ssh-ed25519-private.age | 36 +-- .../secrets/morph-initrd-ed25519-key.age | 31 -- .../secrets/morph-onion-openssh-private.age | 33 +-- .../machines/morph/secrets/morph-onion.age | 45 ++- .../secrets/morph-ssh-ed25519-private.age | 34 +-- .../morph/services/distributedBuilds.nix | 8 +- src/nixos/machines/mracek/default.nix | 5 + .../mracek-builder-ssh-ed25519-private.age | 37 +-- .../mracek/secrets/mracek-disks-password.age | 21 +- .../mracek/secrets/mracek-gitea-onion.age | 43 +-- .../mracek/secrets/mracek-monero-onion.age | 42 +-- .../secrets/mracek-monero-p2p-onion.age | 43 +-- .../mracek/secrets/mracek-murmur-onion.age | 42 +-- .../mracek/secrets/mracek-navidrome-onion.age | 43 ++- .../secrets/mracek-onion-gitea-private.age | 21 +- .../mracek-onion-monero-p2p-private.age | 23 +- .../secrets/mracek-onion-monero-private.age | 22 +- .../secrets/mracek-onion-murmur-private.age | 21 +- .../mracek-onion-navidrome-private.age | 22 +- .../secrets/mracek-onion-openssh-private.age | 23 +- .../secrets/mracek-onion-vikunja-private.age | 23 +- .../mracek/secrets/mracek-openssh-onion.age | 42 +-- .../secrets/mracek-ssh-ed25519-private.age | 37 +-- .../mracek/secrets/mracek-vikunja-onion.age | 41 ++- .../machines/sinnenfreude/config/setup.nix | 3 + src/nixos/machines/sinnenfreude/default.nix | 5 + ...nnenfreude-builder-ssh-ed25519-private.age | 34 +-- .../secrets/sinnenfreude-disks-password.age | 20 +- .../sinnenfreude-onion-openssh-private.age | 23 +- .../secrets/sinnenfreude-onion.age | 44 +-- .../sinnenfreude-ssh-ed25519-private.age | 35 ++- .../services/distributedBuilds.nix | 33 ++- src/nixos/machines/tupac/config/disks.nix | 4 +- src/nixos/machines/tupac/config/setup.nix | 8 +- src/nixos/machines/tupac/default.nix | 25 +- .../stable/tupac-nixos-stable-install.sh | 2 +- .../tupac-builder-ssh-ed25519-private.age | 41 ++- .../tupac/secrets/tupac-disks-password.age | 22 +- .../secrets/tupac-onion-openssh-private.age | 30 +- .../machines/tupac/secrets/tupac-onion.age | 40 +-- .../secrets/tupac-ssh-ed25519-private.age | 25 +- src/nixos/machines/tupac/services/binfmt.nix | 10 +- .../system/wifi/homeBaseKreyren-WiFi-PSK.age | 50 ++-- src/nixos/secrets.nix | 36 ++- .../machines/tupac/home-configuration.nix | 2 +- .../vpn/kira-wireproxy-protonvpn-config.age | 33 ++- src/nixos/users/kira/kira-user-password.age | 43 ++- src/nixos/users/kreyren/home/default.nix | 7 +- src/nixos/users/kreyren/home/home.nix | 3 +- .../sinnenfreude/home-configuration.nix | 13 +- .../machines/tupac/home-configuration.nix | 2 +- .../kreyren-wireproxy-protonvpn-config.age | 30 +- .../users/kreyren/kreyren-user-password.age | 42 +-- vendor/nixpkgs-stable | 1 + vendor/nixpkgs-unstable | 1 + 89 files changed, 1872 insertions(+), 816 deletions(-) create mode 100644 src/nixos/images/default.nix create mode 100644 src/nixos/images/recovery/README.md create mode 100644 src/nixos/images/recovery/config/bootloader.nix create mode 100644 src/nixos/images/recovery/config/disks.nix create mode 100644 src/nixos/images/recovery/config/firmware.nix create mode 100644 src/nixos/images/recovery/config/hardware-acceleration.nix create mode 100644 src/nixos/images/recovery/config/initrd.nix create mode 100644 src/nixos/images/recovery/config/kernel.nix create mode 100644 src/nixos/images/recovery/config/networking.nix create mode 100644 src/nixos/images/recovery/config/plymouth.nix create mode 100644 src/nixos/images/recovery/config/printing.nix create mode 100644 src/nixos/images/recovery/config/security.nix create mode 100644 src/nixos/images/recovery/config/setup.nix create mode 100644 src/nixos/images/recovery/config/sound.nix create mode 100644 src/nixos/images/recovery/config/vm-build.nix create mode 100644 src/nixos/images/recovery/default.nix create mode 100644 src/nixos/images/recovery/lib/recovery-export.nix create mode 100644 src/nixos/images/recovery/releases/default.nix create mode 100644 src/nixos/images/recovery/releases/stable/default.nix create mode 100644 src/nixos/images/recovery/releases/stable/recovery-nixos-stable-install.sh create mode 100644 src/nixos/images/recovery/secrets/recovery-disks-password.age create mode 100644 src/nixos/images/recovery/secrets/recovery-ssh-ed25519-private.age create mode 100644 src/nixos/images/recovery/services/binfmt.nix create mode 100644 src/nixos/images/recovery/services/distributedBuilds.nix create mode 100644 src/nixos/images/recovery/services/openssh.nix create mode 100644 src/nixos/images/recovery/services/tor.nix create mode 100644 src/nixos/images/recovery/status delete mode 100644 src/nixos/machines/morph/secrets/morph-initrd-ed25519-key.age create mode 160000 vendor/nixpkgs-stable create mode 160000 vendor/nixpkgs-unstable diff --git a/.gitmodules b/.gitmodules index f6534374..9e8fbcd8 100644 --- a/.gitmodules +++ b/.gitmodules @@ -7,3 +7,11 @@ [submodule "vendor/ragenix"] path = vendor/ragenix url = git@github.com:NiXium-org/ragenix.git +[submodule "vendor/nixpkgs-unstable"] + path = vendor/nixpkgs-unstable + url = git@github.com:NiXium-org/nixpkgs-unstable.git + branch = central +[submodule "vendor/nixpkgs-stable"] + path = vendor/nixpkgs-stable + url = git@github.com:NiXium-org/nixpkgs-stable.git + branch = central diff --git a/default.code-workspace b/default.code-workspace index c0d368b1..5af56afd 100644 --- a/default.code-workspace +++ b/default.code-workspace @@ -1,7 +1,6 @@ { "folders": [ { "path": "." }, - { "path": "vendor/impermanence" }, ], "settings": { diff --git a/flake.lock b/flake.lock index fb933c18..9ed28a99 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ ] }, "locked": { - "lastModified": 1726234467, - "narHash": "sha256-n6otdlFe6RLnOExKsIGrEyQ5wj6wJ/chIuiuCyyNolw=", + "lastModified": 1728524497, + "narHash": "sha256-hphRisziRbK6xISe0D771O87CmUOtGe0QPkQSuFR9pU=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "a6a36d78061e0979300ba441ebaea86538c45a4a", + "rev": "d4461dbcc36171e33a1615755342b27c1184df74", "type": "github" }, "original": { @@ -52,11 +52,11 @@ ] }, "locked": { - "lastModified": 1726234467, - "narHash": "sha256-n6otdlFe6RLnOExKsIGrEyQ5wj6wJ/chIuiuCyyNolw=", + "lastModified": 1728524497, + "narHash": "sha256-hphRisziRbK6xISe0D771O87CmUOtGe0QPkQSuFR9pU=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "a6a36d78061e0979300ba441ebaea86538c45a4a", + "rev": "d4461dbcc36171e33a1615755342b27c1184df74", "type": "github" }, "original": { @@ -74,11 +74,11 @@ ] }, "locked": { - "lastModified": 1726532433, - "narHash": "sha256-xyUZGXg38oXhWxbMPC4AJWpOn1IsB+w+taYkZomHupY=", + "lastModified": 1730486342, + "narHash": "sha256-/fNj+vW2oE69JMXqyjadxVeuQoWshn+wHp2LHufiVpw=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "f27ebcdcaf296f24b7a662facefec6b4d492b5c5", + "rev": "512940696be1969a42d3b89e1e77f9dc7e0641b4", "type": "github" }, "original": { @@ -96,11 +96,11 @@ ] }, "locked": { - "lastModified": 1726532433, - "narHash": "sha256-xyUZGXg38oXhWxbMPC4AJWpOn1IsB+w+taYkZomHupY=", + "lastModified": 1730486342, + "narHash": "sha256-/fNj+vW2oE69JMXqyjadxVeuQoWshn+wHp2LHufiVpw=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "f27ebcdcaf296f24b7a662facefec6b4d492b5c5", + "rev": "512940696be1969a42d3b89e1e77f9dc7e0641b4", "type": "github" }, "original": { @@ -423,11 +423,11 @@ ] }, "locked": { - "lastModified": 1726842196, - "narHash": "sha256-u9h03JQUuQJ607xmti9F9Eh6E96kKUAGP+aXWgwm70o=", + "lastModified": 1730751873, + "narHash": "sha256-sdY29RWz0S7VbaoTwSy6RummdHKf0wUTaBlqPxrtvmQ=", "owner": "nix-community", "repo": "disko", - "rev": "51994df8ba24d5db5459ccf17b6494643301ad28", + "rev": "856a2902156ba304efebd4c1096dbf7465569454", "type": "github" }, "original": { @@ -443,11 +443,11 @@ ] }, "locked": { - "lastModified": 1726842196, - "narHash": "sha256-u9h03JQUuQJ607xmti9F9Eh6E96kKUAGP+aXWgwm70o=", + "lastModified": 1730751873, + "narHash": "sha256-sdY29RWz0S7VbaoTwSy6RummdHKf0wUTaBlqPxrtvmQ=", "owner": "nix-community", "repo": "disko", - "rev": "51994df8ba24d5db5459ccf17b6494643301ad28", + "rev": "856a2902156ba304efebd4c1096dbf7465569454", "type": "github" }, "original": { @@ -463,11 +463,11 @@ ] }, "locked": { - "lastModified": 1726842196, - "narHash": "sha256-u9h03JQUuQJ607xmti9F9Eh6E96kKUAGP+aXWgwm70o=", + "lastModified": 1730751873, + "narHash": "sha256-sdY29RWz0S7VbaoTwSy6RummdHKf0wUTaBlqPxrtvmQ=", "owner": "nix-community", "repo": "disko", - "rev": "51994df8ba24d5db5459ccf17b6494643301ad28", + "rev": "856a2902156ba304efebd4c1096dbf7465569454", "type": "github" }, "original": { @@ -485,11 +485,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1726891391, - "narHash": "sha256-o01/njm1G+5H5dJoHncIaO8Fu/jfSgu/0radj4LaHcE=", + "lastModified": 1730865784, + "narHash": "sha256-6kJYNjVCyf1tYgpqm7QOYcMkkD/RsaSfrsC2+ojmFAI=", "owner": "rycee", "repo": "nur-expressions", - "rev": "cecf006ed59b5e41a7ee3378f57ee3729e8a67bc", + "rev": "b8d22442e09a02eb8b830d41726ac371be21b7cd", "type": "gitlab" }, "original": { @@ -712,11 +712,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1726153070, - "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", "type": "github" }, "original": { @@ -997,11 +997,11 @@ ] }, "locked": { - "lastModified": 1726818100, - "narHash": "sha256-z2V74f5vXqkN5Q+goFlhbFXY/dNaBAyeLpr2bxu4Eic=", + "lastModified": 1726989464, + "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "owner": "nix-community", "repo": "home-manager", - "rev": "1bbc1a5a1f4de7401c92db85b2119ed21bb4139d", + "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "type": "github" }, "original": { @@ -1039,11 +1039,11 @@ ] }, "locked": { - "lastModified": 1726818100, - "narHash": "sha256-z2V74f5vXqkN5Q+goFlhbFXY/dNaBAyeLpr2bxu4Eic=", + "lastModified": 1726989464, + "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "owner": "nix-community", "repo": "home-manager", - "rev": "1bbc1a5a1f4de7401c92db85b2119ed21bb4139d", + "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "type": "github" }, "original": { @@ -1060,11 +1060,11 @@ ] }, "locked": { - "lastModified": 1726902823, - "narHash": "sha256-Gkc7pwTVLKj4HSvRt8tXNvosl8RS9hrBAEhOjAE0Tt4=", + "lastModified": 1730837930, + "narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=", "owner": "nix-community", "repo": "home-manager", - "rev": "14929f7089268481d86b83ed31ffd88713dcd415", + "rev": "2f607e07f3ac7e53541120536708e824acccfaa8", "type": "github" }, "original": { @@ -1081,11 +1081,11 @@ ] }, "locked": { - "lastModified": 1726902823, - "narHash": "sha256-Gkc7pwTVLKj4HSvRt8tXNvosl8RS9hrBAEhOjAE0Tt4=", + "lastModified": 1730837930, + "narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=", "owner": "nix-community", "repo": "home-manager", - "rev": "14929f7089268481d86b83ed31ffd88713dcd415", + "rev": "2f607e07f3ac7e53541120536708e824acccfaa8", "type": "github" }, "original": { @@ -1165,13 +1165,13 @@ "locked": { "lastModified": 1716863923, "narHash": "sha256-ivIAlJxnxDIiiVBB5h9G2GF818yi6qmTta4/yiGAfio=", - "owner": "kreyren", + "owner": "NiXium-org", "repo": "impermanence", "rev": "5f94a1c4465c37e84e85ed66210976ba442e011a", "type": "github" }, "original": { - "owner": "kreyren", + "owner": "NiXium-org", "repo": "impermanence", "type": "github" } @@ -1219,11 +1219,11 @@ }, "mission-control": { "locked": { - "lastModified": 1718815759, - "narHash": "sha256-hzLbxU580EaxKmkbQkiaMF3NoIzrcmVryGul5WSQatA=", + "lastModified": 1727581548, + "narHash": "sha256-LDAHv2KECDaf9hf6oFV2dMCqPzEaYFcmeQCOnA+/eh8=", "owner": "Platonic-Systems", "repo": "mission-control", - "rev": "db5e2cc39c6799b301412d69182b9221c65146a8", + "rev": "781a209a8cdeb9e63a26d19b2e3b75565266db97", "type": "github" }, "original": { @@ -1232,13 +1232,43 @@ "type": "github" } }, + "nixium": { + "locked": { + "lastModified": 1730713481, + "narHash": "sha256-1cQjQgaXJU+3WinYxpSbWDzkqyikkcYugzNw4ag3kY8=", + "ref": "refs/heads/central", + "rev": "14e770eef73f088e1fda9d05c2259553165bd411", + "revCount": 703574, + "type": "git", + "url": "file:///nix/persist/NiXium/vendor/nixpkgs-stable" + }, + "original": { + "type": "git", + "url": "file:///nix/persist/NiXium/vendor/nixpkgs-stable" + } + }, + "nixium-unstable": { + "locked": { + "lastModified": 1730793600, + "narHash": "sha256-srg0gWDGNv8bQswn264vs/re+GOM//rqxgUPSF4B1G0=", + "ref": "refs/heads/central", + "rev": "e4d2da8509b3be815a7d314132c188085749954c", + "revCount": 702573, + "type": "git", + "url": "file:///nix/persist/NiXium/vendor/nixpkgs-unstable" + }, + "original": { + "type": "git", + "url": "file:///nix/persist/NiXium/vendor/nixpkgs-unstable" + } + }, "nixlib": { "locked": { - "lastModified": 1726362065, - "narHash": "sha256-4h15WKdrs9zf6DGaeeV7ntU/pHHGkH6geYt1QBW0CP4=", + "lastModified": 1729386149, + "narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "9db4db09d82e4b2207bfa7f1e747a4f49d214555", + "rev": "cce4521b6df014e79a7b7afc58c703ed683c916e", "type": "github" }, "original": { @@ -1249,11 +1279,11 @@ }, "nixlib_2": { "locked": { - "lastModified": 1726362065, - "narHash": "sha256-4h15WKdrs9zf6DGaeeV7ntU/pHHGkH6geYt1QBW0CP4=", + "lastModified": 1729386149, + "narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "9db4db09d82e4b2207bfa7f1e747a4f49d214555", + "rev": "cce4521b6df014e79a7b7afc58c703ed683c916e", "type": "github" }, "original": { @@ -1264,11 +1294,11 @@ }, "nixlib_3": { "locked": { - "lastModified": 1726362065, - "narHash": "sha256-4h15WKdrs9zf6DGaeeV7ntU/pHHGkH6geYt1QBW0CP4=", + "lastModified": 1729386149, + "narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "9db4db09d82e4b2207bfa7f1e747a4f49d214555", + "rev": "cce4521b6df014e79a7b7afc58c703ed683c916e", "type": "github" }, "original": { @@ -1279,11 +1309,11 @@ }, "nixos-flake": { "locked": { - "lastModified": 1726266595, - "narHash": "sha256-r+mX2ZC/mQ7zlLPeF/HvLNN4VnXfoWxbc5StpKHKDHM=", + "lastModified": 1729697921, + "narHash": "sha256-gqcmWE+4Vr5/l6AoQc2jIbJHCAXAY+qWPC0ruoAHV1Q=", "owner": "srid", "repo": "nixos-flake", - "rev": "ef4921f6af505ee41ccab57b65b99be9cef63886", + "rev": "e60e64841e74c777799624531dcb2f311f95f639", "type": "github" }, "original": { @@ -1300,11 +1330,11 @@ ] }, "locked": { - "lastModified": 1726817511, - "narHash": "sha256-r3R7zZzGklN0udSO/JhWbU/xyq6i1aXKKwfs33LUVls=", + "lastModified": 1729472750, + "narHash": "sha256-s93LPHi5BN7I2xSGNAFWiYb8WRsPvT1LE9ZjZBrpFlg=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "bfa25c9065f4cb5d884a0ad70f6e82f55ae90448", + "rev": "7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565", "type": "github" }, "original": { @@ -1321,11 +1351,11 @@ ] }, "locked": { - "lastModified": 1726817511, - "narHash": "sha256-r3R7zZzGklN0udSO/JhWbU/xyq6i1aXKKwfs33LUVls=", + "lastModified": 1729472750, + "narHash": "sha256-s93LPHi5BN7I2xSGNAFWiYb8WRsPvT1LE9ZjZBrpFlg=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "bfa25c9065f4cb5d884a0ad70f6e82f55ae90448", + "rev": "7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565", "type": "github" }, "original": { @@ -1342,11 +1372,11 @@ ] }, "locked": { - "lastModified": 1726817511, - "narHash": "sha256-r3R7zZzGklN0udSO/JhWbU/xyq6i1aXKKwfs33LUVls=", + "lastModified": 1729472750, + "narHash": "sha256-s93LPHi5BN7I2xSGNAFWiYb8WRsPvT1LE9ZjZBrpFlg=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "bfa25c9065f4cb5d884a0ad70f6e82f55ae90448", + "rev": "7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565", "type": "github" }, "original": { @@ -1357,11 +1387,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1726905744, - "narHash": "sha256-xyNtG5C+xvfsnOVEamFe9zCCnuNwk93K/TlFC/4DmCI=", + "lastModified": 1730874081, + "narHash": "sha256-VK7LkfdcpUi8tqcgMIYY2jejDh4O3MNw9An0FcKveRQ=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "b493dfd4a8cf9552932179e56ff3b5819a9b8381", + "rev": "12ad8c1bf13ff15ffa6afe82c59b4af0b9226035", "type": "github" }, "original": { @@ -1420,11 +1450,11 @@ }, "nixpkgs-24_05": { "locked": { - "lastModified": 1726838390, - "narHash": "sha256-NmcVhGElxDbmEWzgXsyAjlRhUus/nEqPC5So7BOJLUM=", + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "944b2aea7f0a2d7c79f72468106bc5510cbf5101", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", "type": "github" }, "original": { @@ -1452,23 +1482,23 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1725233747, - "narHash": "sha256-Ss8QWLXdr2JCBPcYChJhz4xJm+h/xjl4G0c0XlP6a74=", + "lastModified": 1730504152, + "narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" } }, "nixpkgs-master": { "locked": { - "lastModified": 1726971965, - "narHash": "sha256-0AkkyfGFc0/PblHSPBwRUq+UCWpeLLWogiJBoEp5yeI=", + "lastModified": 1730877171, + "narHash": "sha256-1eTFhuMOiQ+x9QEFZmR7TMm7kPel09qMoignB+n+QxM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "51a1d531dbc0330b34b4f0ad67503ca362d1f8ba", + "rev": "0fc41ad9770b2133cf90ea131a3ae50fd8cfd86a", "type": "github" }, "original": { @@ -1544,11 +1574,11 @@ }, "nixpkgs-stable_5": { "locked": { - "lastModified": 1725762081, - "narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=", + "lastModified": 1730602179, + "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05", + "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c", "type": "github" }, "original": { @@ -1560,11 +1590,11 @@ }, "nixpkgs-stable_6": { "locked": { - "lastModified": 1725762081, - "narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=", + "lastModified": 1730602179, + "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05", + "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c", "type": "github" }, "original": { @@ -1576,11 +1606,11 @@ }, "nixpkgs-stable_7": { "locked": { - "lastModified": 1725762081, - "narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=", + "lastModified": 1730602179, + "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05", + "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c", "type": "github" }, "original": { @@ -1592,11 +1622,11 @@ }, "nixpkgs-staging": { "locked": { - "lastModified": 1726964334, - "narHash": "sha256-8XTSXMhcBTxAvkMm0MKvj+GQ+78XbaUsMsxVNhrXLrI=", + "lastModified": 1730873128, + "narHash": "sha256-BiMPK9CcvS0bTilOSQfk+IaCMJ3pd/09w3rr40hV0Ug=", "owner": "nixos", "repo": "nixpkgs", - "rev": "71d97d6e0c552513a7653be1bd8a3d58cb9be643", + "rev": "ca614aa53a45ba40146e3698715ddaa15b5e6397", "type": "github" }, "original": { @@ -1608,11 +1638,11 @@ }, "nixpkgs-staging-next": { "locked": { - "lastModified": 1726964132, - "narHash": "sha256-vMXo/IZwLk4Ka2WFNXSCyBALjuUOcAiSWeDdi8jeSAU=", + "lastModified": 1730873103, + "narHash": "sha256-ljSt/ozNskeF6JgElcCT8k90cEsYXoPO9K1bhlIGCkA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "94770996aeb7de39546559c7b327de6704f8c9b2", + "rev": "590715689869fe890131ca48cc8c07cf2e6c98dd", "type": "github" }, "original": { @@ -1624,16 +1654,16 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1726755586, - "narHash": "sha256-PmUr/2GQGvFTIJ6/Tvsins7Q43KTMvMFhvG6oaYK+Wk=", - "owner": "nixos", + "lastModified": 1729361040, + "narHash": "sha256-kuOghllR6TSwmhLvRlNqCJQHzalArI1lYO0lQeismuA=", + "owner": "NiXium-org", "repo": "nixpkgs", - "rev": "c04d5652cfa9742b1d519688f65d1bbccea9eb7e", + "rev": "97ab0c030584b381539006bcdde34604c3c1a225", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable", + "owner": "NiXium-org", + "ref": "nixium-unstable", "repo": "nixpkgs", "type": "github" } @@ -1688,12 +1718,12 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1726838390, - "narHash": "sha256-NmcVhGElxDbmEWzgXsyAjlRhUus/nEqPC5So7BOJLUM=", - "rev": "944b2aea7f0a2d7c79f72468106bc5510cbf5101", - "revCount": 635367, + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", + "revCount": 636376, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2405.635367%2Brev-944b2aea7f0a2d7c79f72468106bc5510cbf5101/019213de-4759-79c6-b638-0878c1fd0179/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2405.636376%2Brev-d063c1dd113c91ab27959ba540c0d9753409edf3/0192facb-0ae2-71fe-ba33-5b04923dc511/source.tar.gz" }, "original": { "type": "tarball", @@ -1718,11 +1748,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1718428119, - "narHash": "sha256-WdWDpNaq6u1IPtxtYHHWpl5BmabtpmLnMAx0RdJ/vo8=", + "lastModified": 1728538411, + "narHash": "sha256-f0SBJz1eZ2yOuKUr5CA9BHULGXVSn6miBuUWdTyhUhU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e6cea36f83499eb4e9cd184c8a8e823296b50ad5", + "rev": "b69de56fac8c2b6f8fd27f2eca01dcda8e0a4221", "type": "github" }, "original": { @@ -1943,6 +1973,8 @@ "impermanence": "impermanence", "lanzaboote": "lanzaboote", "mission-control": "mission-control", + "nixium": "nixium", + "nixium-unstable": "nixium-unstable", "nixos-flake": "nixos-flake", "nixos-generators": "nixos-generators", "nixos-generators-master": "nixos-generators-master", @@ -2072,11 +2104,11 @@ "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1726885519, - "narHash": "sha256-wrXknshJMRLv91KQD5d7ovUqJ70FlDM7XeG/upSsKgM=", + "lastModified": 1730860036, + "narHash": "sha256-u0sfA4B65Q9cRO3xpIkQ4nldB8isfdIb3rWtsnRZ+Iw=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "a66e16cb21e4428224925dbf1b66238c727dda0a", + "rev": "b8eb3aeb21629cbe14968a5e3b1cbaefb0d1b260", "type": "github" }, "original": { @@ -2093,11 +2125,11 @@ "nixpkgs-stable": "nixpkgs-stable_5" }, "locked": { - "lastModified": 1726524647, - "narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=", + "lastModified": 1730872678, + "narHash": "sha256-AO3xerwwEQ74s8TMeAfaOvHSvPI6FK4J5H+ACkRZVGk=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e2d404a7ea599a013189aa42947f66cede0645c8", + "rev": "f21c31dadf0a486ee5a501779e505036fb1b1bcf", "type": "github" }, "original": { @@ -2114,11 +2146,11 @@ "nixpkgs-stable": "nixpkgs-stable_6" }, "locked": { - "lastModified": 1726524647, - "narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=", + "lastModified": 1730872678, + "narHash": "sha256-AO3xerwwEQ74s8TMeAfaOvHSvPI6FK4J5H+ACkRZVGk=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e2d404a7ea599a013189aa42947f66cede0645c8", + "rev": "f21c31dadf0a486ee5a501779e505036fb1b1bcf", "type": "github" }, "original": { @@ -2135,11 +2167,11 @@ "nixpkgs-stable": "nixpkgs-stable_7" }, "locked": { - "lastModified": 1726524647, - "narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=", + "lastModified": 1730872678, + "narHash": "sha256-AO3xerwwEQ74s8TMeAfaOvHSvPI6FK4J5H+ACkRZVGk=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e2d404a7ea599a013189aa42947f66cede0645c8", + "rev": "f21c31dadf0a486ee5a501779e505036fb1b1bcf", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 061fd7ab..59d507e6 100644 --- a/flake.nix +++ b/flake.nix @@ -3,30 +3,35 @@ inputs = { # Release inputs - nixpkgs-master.url = "github:nixos/nixpkgs/master"; - nixpkgs-staging-next.url = "github:nixos/nixpkgs/staging-next"; - nixpkgs-staging.url = "github:nixos/nixpkgs/staging"; - nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + # Nixpkgs + nixpkgs-master.url = "github:nixos/nixpkgs/master"; # master.* + nixpkgs-staging-next.url = "github:nixos/nixpkgs/staging-next"; # staging-next.* + nixpkgs-staging.url = "github:nixos/nixpkgs/staging"; # staging.* + nixpkgs-unstable.url = "github:NiXium-org/nixpkgs/nixium-unstable"; # unstable.* - nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/*.tar.gz"; + nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/*.tar.gz"; # pkgs.* (Default Release) - nixpkgs-23_05.url = "github:nixos/nixpkgs/nixos-23.05"; - nixpkgs-23_11.url = "github:nixos/nixpkgs/nixos-23.11"; - nixpkgs-24_05.url = "github:nixos/nixpkgs/nixos-24.05"; + nixpkgs-23_05.url = "github:nixos/nixpkgs/nixos-23.05"; # nixos-23_05.* + nixpkgs-23_11.url = "github:nixos/nixpkgs/nixos-23.11"; # nixos-23_11.* + nixpkgs-24_05.url = "github:nixos/nixpkgs/nixos-24.05"; # nixos-24_05.* - nixpkgs-kreyren.url = "github:kreyren/nixpkgs/central"; + nixpkgs-kreyren.url = "github:kreyren/nixpkgs/central"; # kreyren.* + + # NiXium + nixium-unstable.url = "git+file:///nix/persist/NiXium/vendor/nixpkgs-unstable"; # nx-unstable.* + + nixium.url = "git+file:///nix/persist/NiXium/vendor/nixpkgs-stable"; # nx.* (Default Release) # Principle inputs nixos-hardware.url = "github:NixOS/nixos-hardware"; nixos-flake.url = "github:srid/nixos-flake"; # nur.url = "github:nix-community/NUR/master"; - #impermanence.url = "github:nix-community/impermanence"; - impermanence.url = "github:kreyren/impermanence"; # Use a fork to manage https://github.com/nix-community/impermanence/issues/167 + impermanence.url = "github:NiXium-org/impermanence"; # Fork to manage https://github.com/nix-community/impermanence/issues/167 flake-parts.url = "github:hercules-ci/flake-parts"; mission-control.url = "github:Platonic-Systems/mission-control"; flake-root.url = "github:srid/flake-root"; - # NOTE(Krey): Lanzaboote was updated to 0.4.1, but those versions are not compatible with the nixpkgs stable channel + # NOTE(Krey): Lanzaboote was updated to 0.4.1, but those versions are not compatible with the nixpkgs stable channel yet lanzaboote.url = "github:nix-community/lanzaboote/v0.3.0"; # MAINTAIN(Krey): has to be kept up to date -- https://github.com/nix-community/lanzaboote/issues/343 arkenfox = { diff --git a/src/nixos/default.nix b/src/nixos/default.nix index 7404a436..820e27b2 100644 --- a/src/nixos/default.nix +++ b/src/nixos/default.nix @@ -61,6 +61,7 @@ in { ); imports = [ + ./images ./machines ./modules ./users diff --git a/src/nixos/images/default.nix b/src/nixos/images/default.nix new file mode 100644 index 00000000..e45606d0 --- /dev/null +++ b/src/nixos/images/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./recovery + ]; +} diff --git a/src/nixos/images/recovery/README.md b/src/nixos/images/recovery/README.md new file mode 100644 index 00000000..4e4d9453 --- /dev/null +++ b/src/nixos/images/recovery/README.md @@ -0,0 +1,3 @@ +# Recovery + +Special image used by the NiXium Super Administrator as a portable drive. diff --git a/src/nixos/images/recovery/config/bootloader.nix b/src/nixos/images/recovery/config/bootloader.nix new file mode 100644 index 00000000..1fce5412 --- /dev/null +++ b/src/nixos/images/recovery/config/bootloader.nix @@ -0,0 +1,10 @@ +{ ... }: + +# Bootloader management of the RECOVERY image + +{ + boot.loader.systemd-boot.enable = true; + boot.lanzaboote.enable = false; # Image designed to boot on any system + + boot.loader.efi.canTouchEfiVariables = true; # Whether the EFI variables are writable +} diff --git a/src/nixos/images/recovery/config/disks.nix b/src/nixos/images/recovery/config/disks.nix new file mode 100644 index 00000000..7b256b18 --- /dev/null +++ b/src/nixos/images/recovery/config/disks.nix @@ -0,0 +1,235 @@ +{ config, lib, ... }: + +# Nix-based Disk Management of RECOVERY + +# Formatting strategy (Impermanence): +# Table: GPT +# 2048 - 1050623 (1048576) [512M] -- EFI BOOT with FAT32 +# 1050624-395259903 (394209280) -- -50G Nix Store with BTRFS +# 395259904-500117503 (104857600) -- Encrypted SWAP + +# Formatting strategy (WITHOUT impermanence): +# Table: GPT +# TBD.. + +let + inherit (lib) mkMerge; +in { + config = mkMerge [ + { + age.secrets.recovery-disks-password.file = ../secrets/recovery-disks-password.age; + + age.identityPaths = (if config.boot.impermanence.enable + then [ "/nix/persist/system/etc/ssh/ssh_host_ed25519_key" ] + else [ "/etc/ssh/ssh_host_ed25519_key" ]); + } + + # FIXME-QA(Krey): Produces an infinite recursion -- (config.boot.impermanence.enable == true) + (if (true) then { + fileSystems."/nix/persist/system".neededForBoot = true; + + # FIXME(Krey): Figure out how to do labels + disko.devices = { + nodev."/" = { + fsType = "tmpfs"; + mountOptions = [ + "size=2G" # We assume that the system has at least 2GB of USABLE RAM here + "defaults" + # set mode to 755, otherwise systemd will set it to 777, which cause problems. + # relatime: Update inode access times relative to modify or change time. + "mode=755" + ]; + }; + + disk = { + system = { + device = "/dev/disk/by-id/ata-SanDisk_SD8SN8U-256G-1006_165139801733"; # NVME SSD in a USB-C Dock + type = "disk"; + content = { + type = "gpt"; + partitions = { + + boot = { + type = "EF00"; # EFI System Partition/ + start = "2048"; + size = "512M"; + priority = 1; # Needs to be first partition + content = { + type = "filesystem"; + format = "vfat"; # FAT32 + mountpoint = "/boot"; + }; + }; + + store = { + priority = 3; + size = "100%"; + content = { + name = "nix-store"; + type = "luks"; + settings.allowDiscards = true; + + passwordFile = config.age.secrets.recovery-disks-password.path; + + initrdUnlock = true; # Add a boot.initrd.luks.devices entry for the specified disk + + extraFormatArgs = [ + "--use-random" # use true random data from /dev/random, will block until enough entropy is available + "--label=CRYPT_NIX" + ]; + + extraOpenArgs = [ + "--timeout 10" + ]; + + content = { + type = "btrfs"; + extraArgs = [ "--label NIX_STORE" ]; + subvolumes = { + "@nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=lzo" "noatime" ]; + }; + "@persist" = { + mountpoint = "/nix/persist/system"; + mountOptions = [ "compress=lzo" "noatime" ]; + }; + }; + }; + }; + }; + + swap = { + priority = 2; + size = "50G"; + content = { + name = "swap"; + type = "luks"; + + settings.allowDiscards = true; + + passwordFile = config.age.secrets.recovery-disks-password.path; + + initrdUnlock = true; # Add a boot.initrd.luks.devices entry for the specified disk + + extraFormatArgs = [ + "--use-random" # use true random data from /dev/random, will block until enough entropy is available + "--label=CRYPT_SWAP" + ]; + + extraOpenArgs = [ + "--timeout 10" + ]; + + content = { + # FIXME-QA(Krey): Add label 'SWAP' + type = "swap"; + resumeDevice = true; # resume from hiberation from this device + + extraArgs = [ + "--label SWAP" + ]; + }; + }; + }; + }; + }; + }; + }; + }; + } else { + # WARNING(Krey): Not Implemented And Designed! + disk = { + system = { + device = "/dev/disk/by-id/ata-SanDisk_SD8SN8U-256G-1006_165139801733"; # NVME SSD + type = "disk"; + content = { + type = "gpt"; + partitions = { + + boot = { + type = "EF00"; # EFI System Partition/ + start = "2048"; + end = "1050623"; # +512M + priority = 1; # Needs to be first partition + content = { + type = "filesystem"; + format = "vfat"; # FAT32 + mountpoint = "/boot"; + }; + }; + + root = { + start = "1050624"; + end = "1874579455"; + content = { + name = "root"; + type = "luks"; + settings.allowDiscards = true; + + passwordFile = config.age.secrets.recovery-disks-password.path; + + initrdUnlock = true; # Add a boot.initrd.luks.devices entry for the specified disk + + extraFormatArgs = [ + "--use-random" # use true random data from /dev/random, will block until enough entropy is available + "--label=CRYPT_NIXOS" + ]; + + extraOpenArgs = [ + "--timeout 10" + ]; + + content = { + type = "btrfs"; + extraArgs = [ "--label ROOT_NIXOS" ]; + subvolumes = { + "@" = { + mountpoint = "/"; + mountOptions = [ "compress=lzo" "noatime" ]; + }; + }; + }; + }; + }; + + swap = { + start = "1874579456"; + end = "2000408575"; + content = { + name = "swap"; + type = "luks"; + + settings.allowDiscards = true; + + passwordFile = config.age.secrets.recovery-disks-password.path; + + initrdUnlock = true; # Add a boot.initrd.luks.devices entry for the specified disk + + extraFormatArgs = [ + "--use-random" # use true random data from /dev/random, will block until enough entropy is available + "--label=CRYPT_SWAP" + ]; + + extraOpenArgs = [ + "--timeout 10" + ]; + + content = { + # FIXME-QA(Krey): Add label 'SWAP' + type = "swap"; + resumeDevice = true; # resume from hiberation from this device + + extraArgs = [ + "--label SWAP" + ]; + }; + }; + }; + }; + }; + }; + }; + }) + ]; +} diff --git a/src/nixos/images/recovery/config/firmware.nix b/src/nixos/images/recovery/config/firmware.nix new file mode 100644 index 00000000..b7633966 --- /dev/null +++ b/src/nixos/images/recovery/config/firmware.nix @@ -0,0 +1,7 @@ +{ ... }: + +# Firmware management of the RECOVERY image + +{ + services.fwupd.enable = true; # Use FWUP daemon to keep firmware files up-to-date +} diff --git a/src/nixos/images/recovery/config/hardware-acceleration.nix b/src/nixos/images/recovery/config/hardware-acceleration.nix new file mode 100644 index 00000000..b030a2b9 --- /dev/null +++ b/src/nixos/images/recovery/config/hardware-acceleration.nix @@ -0,0 +1,20 @@ +{ config, lib, ... }: + +# Hardware-acceleration management of the RECOVERY image + +{ + "24.05" = { + # The option was renamed on `hardware.graphics` in NixOS 24.11+ + hardware.opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + }; + }; + + "24.11" = { + hardware.graphics.enable = true; + hardware.graphics.enable32Bit = true; + }; +}."${lib.trivial.release}" or (throw "Release is not implemented: ${lib.trivial.release}") + diff --git a/src/nixos/images/recovery/config/initrd.nix b/src/nixos/images/recovery/config/initrd.nix new file mode 100644 index 00000000..4ac2471f --- /dev/null +++ b/src/nixos/images/recovery/config/initrd.nix @@ -0,0 +1,19 @@ +{ ... }: + +{ + # FIXME(Krey): We are expecting to use the systemd initrd, but it currently has issues (https://github.com/NixOS/nixpkgs/issues/245089#issuecomment-1646966283) + boot.initrd.systemd.enable = false; + + # InitRD Kernel Modules + boot.initrd.includeDefaultModules = true; # Include Default Modules to work on as many systems as possible out of the box + # boot.initrd.availableKernelModules = [ + # # Auto-Generated + # "xhci_pci" + # "nvme" + # "uas" + # "usb_storage" + # "sd_mod" + # "sdhci_pci" + # ]; + # boot.initrd.kernelModules = [ ]; +} diff --git a/src/nixos/images/recovery/config/kernel.nix b/src/nixos/images/recovery/config/kernel.nix new file mode 100644 index 00000000..da451e14 --- /dev/null +++ b/src/nixos/images/recovery/config/kernel.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }: + +# Kernel management of the RECOVERY image + +{ + # Use NiXium's default Kernel + # boot.kernelPackages = pkgs.linuxPackages; + + boot.kernelParams = [ + "copytoram" # Load the system into the Random-Access-Memory + ]; + + # Kernel Modules + # boot.kernelModules = [ ]; + # boot.extraModulePackages = [ ]; +} diff --git a/src/nixos/images/recovery/config/networking.nix b/src/nixos/images/recovery/config/networking.nix new file mode 100644 index 00000000..e8525794 --- /dev/null +++ b/src/nixos/images/recovery/config/networking.nix @@ -0,0 +1,12 @@ +{ lib, ... }: + +# Networking management of the REOVERY image + +let + inherit (lib) mkForce; +in { + networking.networkmanager.enable = mkForce true; # Always use NetworkManager over the default + + # FIXME-QA(Krey): Use DHCP only on set adapters + networking.useDHCP = mkForce true; # Use DHCP on all adapters +} diff --git a/src/nixos/images/recovery/config/plymouth.nix b/src/nixos/images/recovery/config/plymouth.nix new file mode 100644 index 00000000..69668832 --- /dev/null +++ b/src/nixos/images/recovery/config/plymouth.nix @@ -0,0 +1,16 @@ +{ config, pkgs, lib, ... }: + +# Plymouth management of the RECOVERY image + +let + inherit (lib) mkIf; +in mkIf config.boot.plymouth.enable { + boot.plymouth = { + theme = "deus_ex"; + themePackages = [ + (pkgs.adi1090x-plymouth-themes.override { + selected_themes = [ "deus_ex" ]; + }) + ]; + }; +} diff --git a/src/nixos/images/recovery/config/printing.nix b/src/nixos/images/recovery/config/printing.nix new file mode 100644 index 00000000..6bc725fa --- /dev/null +++ b/src/nixos/images/recovery/config/printing.nix @@ -0,0 +1,7 @@ +{ ... }: + +# Printing management of the RECOVERY image + +{ + services.printing.enable = true; +} diff --git a/src/nixos/images/recovery/config/security.nix b/src/nixos/images/recovery/config/security.nix new file mode 100644 index 00000000..cb569de7 --- /dev/null +++ b/src/nixos/images/recovery/config/security.nix @@ -0,0 +1,21 @@ +{ lib, config, ... }: + +# Security management of the RECOVERY image + +let + inherit (lib) mkMerge; +in { + # NOTE(Krey): Makes it impossible to hibernate + security.protectKernelImage = false; + + security.lockKernelModules = false; # Allow changing kernel modules + + # config = mkMerge [ + # # Enforce to use the Tor Proxy + # # NOTE(Krey): It's currently causing issues + # # (mkIf config.services.tor.enable { + # # networking.proxy.default = mkDefault "socks5://127.0.0.1:9050"; + # # networking.proxy.noProxy = mkDefault "127.0.0.1,localhost"; + # # }) + # ]; +} diff --git a/src/nixos/images/recovery/config/setup.nix b/src/nixos/images/recovery/config/setup.nix new file mode 100644 index 00000000..decc71c4 --- /dev/null +++ b/src/nixos/images/recovery/config/setup.nix @@ -0,0 +1,50 @@ +{ pkgs, ... }: + +# The Setup of the RECOVERY image + +{ + networking.hostName = "recovery"; + + boot.impermanence.enable = true; # Whether To Use Impermanence + + boot.plymouth.enable = true; # Show eyecandy on bootup? + + nix.distributedBuilds = true; # Perform distributed builds + + programs.adb.enable = true; + programs.noisetorch.enable = true; # Microphone filtering + + programs.nix-ld.enable = true; + + services.flatpak.enable = false; + services.openssh.enable = true; + services.tor.enable = true; + + # Desktop Environment + services.xserver.enable = false; + services.xserver.displayManager.gdm.enable = false; + services.xserver.desktopManager.gnome.enable = false; + programs.dconf.enable = true; # Needed for home-manager to not fail deployment (https://github.com/nix-community/home-manager/issues/3113) + + # Japanese Keyboard Input + # i18n.inputMethod.enabled = "fcitx5"; + # i18n.inputMethod.fcitx5.addons = with pkgs; [ fcitx5-mozc ]; + + # Which locales to support + i18n.supportedLocales = [ + "en_US.UTF-8/UTF-8" + "cs_CZ.UTF-8/UTF-8" + ]; + + time.timeZone = "Europe/Prague"; + + age.secrets.recovery-ssh-ed25519-private.file = ../secrets/recovery-ssh-ed25519-private.age; # Declare private key + + hardware.enableRedistributableFirmware = true; # There should be nothing on this system that needs proprietary firmware, but the user 'kira' likely uses proprietary peripherals + + # FIXME(Krey): Needs management for either of the major CPU vendors + # hardware.cpu.intel.updateMicrocode = true; # Use the proprietary CPU microcode as the CPU won't work without it + + # FIXME(Krey): This should be managed elsewhere + nixpkgs.hostPlatform = "x86_64-linux"; +} diff --git a/src/nixos/images/recovery/config/sound.nix b/src/nixos/images/recovery/config/sound.nix new file mode 100644 index 00000000..dfb380b3 --- /dev/null +++ b/src/nixos/images/recovery/config/sound.nix @@ -0,0 +1,35 @@ +{ config, lib, ... }: + +# Sound management of the RECOVERY image + +{ + "24.05" = { + sound.enable = true; # Whether to use ALSA + hardware.pulseaudio.enable = false; # Whether to use pulseaudio, requires to be turned off if pipewire is used + services.pipewire.enable = true; # Whether to use pipewire + + # Pipewire + services.pipewire = { + alsa.enable = config.sound.enable; # Integrate alse in pipewire + alsa.support32Bit = config.sound.enable; # Allow 32-bit ALSA support + pulse.enable = true; # Integrate pulseaudio in pipewire + }; + + security.rtkit.enable = true; # Allow real-time scheduling priority to user + }; + + # Option 'sound' has been removed + "24.11" = { + hardware.pulseaudio.enable = false; # Whether to use pulseaudio, requires to be turned off if pipewire is used + services.pipewire.enable = true; # Whether to use pipewire + + # Pipewire + services.pipewire = { + alsa.enable = true; # Integrate alse in pipewire + alsa.support32Bit = true; # Allow 32-bit ALSA support + pulse.enable = true; # Integrate pulseaudio in pipewire + }; + + security.rtkit.enable = true; # Allow real-time scheduling priority to user + }; +}."${lib.trivial.release}" diff --git a/src/nixos/images/recovery/config/vm-build.nix b/src/nixos/images/recovery/config/vm-build.nix new file mode 100644 index 00000000..53f6d7bd --- /dev/null +++ b/src/nixos/images/recovery/config/vm-build.nix @@ -0,0 +1,24 @@ +{ ... }: + +# VM configuration of the RECOVERY image, used for testing prior to deployment + +{ + # FIXME(Krey): Neither of those are working right now, see https://github.com/nix-community/disko/issues/668 + virtualisation = { + # build-vm + vmVariant = { + virtualisation = { + memorySize = 1024 * 2; + cores = 2; + }; + }; + + # build-vm-with-bootloader + vmVariantWithBootLoader = { + virtualisation = { + memorySize = 1024 * 2; + cores = 2; + }; + }; + }; +} diff --git a/src/nixos/images/recovery/default.nix b/src/nixos/images/recovery/default.nix new file mode 100644 index 00000000..cecf41ce --- /dev/null +++ b/src/nixos/images/recovery/default.nix @@ -0,0 +1,47 @@ +{ self, inputs, ... }: + +# Flake management of the RECOVERY image + +{ + flake.nixosModules."nixos-recovery" = { + imports = [ + self.nixosModules.default + + # Users + self.nixosModules.users-kreyren + #self.homeManagerModules."kreyren@recovery" + #self.nixosModules.users-kira + #self.homeManagerModules."kira@recovery" + + # Files + ./config/bootloader.nix + ./config/disks.nix + ./config/firmware.nix + ./config/hardware-acceleration.nix + ./config/initrd.nix + ./config/kernel.nix + ./config/networking.nix + ./config/printing.nix + ./config/security.nix + ./config/setup.nix + ./config/sound.nix + ./config/vm-build.nix + + ./services/binfmt.nix + # ./services/distributedBuilds.nix + ./services/openssh.nix + ./services/tor.nix + + self.nixosModules.machine-morph + self.nixosModules.machine-mracek + self.nixosModules.machine-sinnenfreude + self.nixosModules.machine-tupac + ]; + }; + + imports = [ + ./releases # Include releases + ]; + + #flake.nixosModules.image-recovery = ./lib/recovery-export.nix; +} diff --git a/src/nixos/images/recovery/lib/recovery-export.nix b/src/nixos/images/recovery/lib/recovery-export.nix new file mode 100644 index 00000000..12a57d37 --- /dev/null +++ b/src/nixos/images/recovery/lib/recovery-export.nix @@ -0,0 +1,27 @@ +{ config, lib, ... }: + +# Module exporting configuration from RECOVERY to other systems + +{ + # SSHD on Onions + # Add this system into Tor's MapAddress so that we can refer to it easier + age.secret.recovery-onion = { + file = ../secrets/recovery-onion.age; + + owner = "tor"; + group = "tor"; + mode = "0400"; # Only read for the user + + # FIXME(Krey): This should be using `config.services.tor.settings.dataDir`, but that results in `error: infinite recursion encountered` so if we ever change the DataDir then that will have to be changed here as well otherwise it will cause issues + # path = "${config.services.tor.settings.DataDir}/pelagus-onion.conf"; + path = "/var/lib/tor/recovery-onion.conf"; + + # FIXME(Krey): has to be without symlink due to bug with link ownership https://github.com/ryantm/agenix/issues/261 + symlink = false; + }; + + # # Add to the tor settings + services.tor.settings."%include" = [ + config.age.secrets."recovery-onion".path + ]; +} diff --git a/src/nixos/images/recovery/releases/default.nix b/src/nixos/images/recovery/releases/default.nix new file mode 100644 index 00000000..eb43612a --- /dev/null +++ b/src/nixos/images/recovery/releases/default.nix @@ -0,0 +1,7 @@ +{ ... }: + +{ + imports = [ + ./stable + ]; +} diff --git a/src/nixos/images/recovery/releases/stable/default.nix b/src/nixos/images/recovery/releases/stable/default.nix new file mode 100644 index 00000000..14204778 --- /dev/null +++ b/src/nixos/images/recovery/releases/stable/default.nix @@ -0,0 +1,184 @@ +{ inputs, lib, self, config, ... }: + +# Declaration for STABLE release of NixOS for the RECOVERY image + +let + inherit (lib) mkForce; +in { + flake.nixosConfigurations."nixos-recovery-stable" = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + + pkgs = import inputs.nixpkgs { + system = "x86_64-linux"; + config.allowUnfree = true; + config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + # FIXME-QA(Krey): Why the fuck is this needed for a steam controller? + "steam" + ]; + }; + + modules = [ + self.nixosModules."nixos-recovery" + + { + nix.nixPath = [ + "nixpkgs=${self.inputs.nixpkgs}" + ]; + + nix.registry = { + nixpkgs = { flake = self.inputs.nixpkgs; }; + }; + } + + # Principles + self.inputs.ragenix.nixosModules.default + self.inputs.sops.nixosModules.sops + self.inputs.hm.nixosModules.home-manager + self.inputs.disko.nixosModules.disko + self.inputs.lanzaboote.nixosModules.lanzaboote + self.inputs.impermanence.nixosModules.impermanence + self.inputs.arkenfox.hmModules.default + + # An Anime Game + self.inputs.aagl.nixosModules.default { + networking.mihoyo-telemetry.block = true; # Block miHoYo telemetry servers + nix.settings = { + substituters = [ "https://ezkea.cachix.org" ]; + trusted-public-keys = [ "ezkea.cachix.org-1:ioBmUbJTZIKsHmWWXPe1FSFbeVe+afhfgqgTSNd34eI=" ]; + }; + } + ]; + + specialArgs = { + inherit self; + + # Priciple args + stable = import inputs.nixpkgs { + system = "x86_64-linux"; + config.allowUnfree = true; + }; + + unstable = import inputs.nixpkgs-unstable { + system = "x86_64-linux"; + config.allowUnfree = true; + }; + + staging = import inputs.nixpkgs-staging { + system = "x86_64-linux"; + config.allowUnfree = true; + }; + + staging-next = import inputs.nixpkgs-staging-next { + system = "x86_64-linux"; + config.allowUnfree = true; + }; + }; + }; + + # Task to perform installation of the RECOVERY image of NiXium's NixOS distribution, stable release + perSystem = { system, pkgs, inputs', self', ... }: { + packages.nixos-recovery-stable-install = pkgs.writeShellApplication { + name = "nixos-recovery-stable-install"; + bashOptions = [ + "errexit" # Exit on False Return + "posix" # Run in POSIX mode + ]; + runtimeInputs = [ + inputs'.disko.packages.disko-install # disko-install + pkgs.age # age + pkgs.nixos-install-tools # nixos-install + pkgs.gawk # awk + pkgs.curl + pkgs.jq + pkgs.openssh # ssh-keygen + pkgs.nixos-rebuild + pkgs.util-linux # mountpoint + ]; + runtimeEnv = { + systemDevice = self.nixosConfigurations.nixos-recovery-stable.config.disko.devices.disk.system.device; + + secretPasswordPath = self.nixosConfigurations.nixos-recovery-stable.config.age.secrets.recovery-disks-password.file; + + secretSSHHostKeyPath = self.nixosConfigurations.nixos-recovery-stable.config.age.secrets.recovery-ssh-ed25519-private.file; + }; + text = builtins.readFile ./recovery-nixos-stable-install.sh; + }; + + # Declare for `nix run` + apps.nixos-recovery-stable-install.program = self'.packages.nixos-recovery-stable-install; + + # Unattended installer + packages.nixos-recovery-stable-unattended-installer-iso = inputs.nixos-generators.nixosGenerate { + pkgs = import inputs.nixpkgs { + inherit system; + config.allowUnfree = true; + }; + + inherit system; + + modules = [ + { + boot.loader.timeout = mkForce 0; + + boot.kernelParams = [ + "copytoram" # Run the installer from the Random Access Memory + ]; + + environment.systemPackages = [ + pkgs.git + ]; + + nix.settings.experimental-features = "nix-command flakes"; + + services.getty.loginProgram = "${pkgs.util-linux}/bin/nologin"; # Do not permit login on ttys + + services.getty.greetingLine = ''<<< Welcome To The NiXium Installer >>>''; + + systemd.services.inception = { + description = "NiXium Installation"; + after = [ "multi-user.target" ]; + wantedBy = [ "network-online.target" ]; + path = [ + inputs'.disko.packages.disko-install # disko-install + pkgs.age # age + pkgs.nixos-install-tools # nixos-install + pkgs.gawk # awk + pkgs.curl + pkgs.jq + pkgs.openssh # ssh-keygen + pkgs.nixos-rebuild + pkgs.util-linux # mountpoint + ]; + + serviceConfig = { + ExecStart = "${pkgs.nix}/bin/nix run github:NiXium-org/NiXium#nixos-recovery-stable-install"; + StandardInput = "tty-force"; # Force interaction with TTY1 + StandardOutput = "tty"; # Show the output on the TTY + StandardError = "tty"; # Display any errors on the TTY + TTYPath = "/dev/tty1"; # Specify TTY1 for the interaction + Restart = "always"; + RestartSec = 5; # Wait 5 second before trying again + }; + }; + + # Connect to FreeNet if the system doesn't have access to the internet by itself + networking.wireless.networks."FreeNet" = { }; + } + + { + services.sshd.enable = true; # Start OpenSSH server + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOzh6FRxWUemwVeIDsr681fgJ2Q2qCnwJbvFe4xD15ve kreyren@fsfe.org" # Allow root access for the Super Administrator (KREYREN) + ]; + } + ]; + format = "iso"; + + specialArgs = { + inherit self; + }; + }; + + apps.nixos-recovery-stable-unattended-installer-iso.program = self'.packages.nixos-recovery-stable-unattended-installer-iso; + }; +} diff --git a/src/nixos/images/recovery/releases/stable/recovery-nixos-stable-install.sh b/src/nixos/images/recovery/releases/stable/recovery-nixos-stable-install.sh new file mode 100644 index 00000000..cf21407d --- /dev/null +++ b/src/nixos/images/recovery/releases/stable/recovery-nixos-stable-install.sh @@ -0,0 +1,110 @@ +#@ This POSIX Shell Script is executed in an isolated reproducible environment managed by Nix , which handles dependencies, ensures deterministic function imports, sets any needed variables and performs strict linting prior to script execution to capture common issues for quality assurance. + +# shellcheck disable=SC2154 # Do not trigger SC2154 for variables provided to the environment by Nix +{ + : "$systemDevice" # Absolute path to target device by id + : "$secretPasswordPath" # Path to the file storing decrypted secret with disk password + : "$secretSSHHostKeyPath" # Path to the private SSH key of the system + : "$nixiumDoNotReboot" # Internal variable to prevent reboot after installation for special use-cases +} + +### [START] Export this outside [START] ### + +# FIXME-QA(Krey): This should be a runtimeInput +die() { printf "FATAL: %s\n" "$2"; exit ;} # Termination Helper + +# FIXME-QA(Krey): This should be a runtimeInput +status() { printf "STATUS: %s\n" "$1" ;} # Status Helper + +# FIXME-QA(Krey): This should be a runtimeInput +warn() { printf "WARNING: %s\n" "$1" ;} # Warning Helper + +# FIXME(Krey): This should be managed for all used scripts e.g. runtimeEnv +# Refer to https://github.com/srid/flake-root/discussions/5 for details tldr flake-root doesn't currently allow parsing the specific commit +#[ -n "$FLAKE_ROOT" ] || FLAKE_ROOT="github:NiXium-org/NiXium/$(curl -s -X GET "https://api.github.com/repos/NiXium-org/NiXium/commits" | jq -r '.[0].sha')" +[ -n "$FLAKE_ROOT" ] || FLAKE_ROOT="github:NiXium-org/NiXium/$(curl -s -X GET "https://api.github.com/repos/NiXium-org/NiXium/commits?sha=central" | jq -r '.[0].sha')" + +### [END] Export this outside [END] ### + +[ "$(id -u || true)" = 0 ] || die 126 "This script must be executed as the root user" # Ensure that we are root + +# Check if the declared installation device is available on the target system +[ -b "$systemDevice" ] || die 1 "Expected device was not found, refusing to install for safety" + +###! This script performs declarative installation of NiXium-Managed NixOS STABLE for the recovery system +###! +###! For that we utilize: +###! * Ragenix - The Rust implementation of agenix which is used to handle secrets in a declarative way +###! * Disko (specifically 'disko-install') - NixOS utility used to declaratively format disks and perform system installation +###! +###! First we need to decrypt the needed secrets mainly we need: +###! * The disk encryption password - Used to encrypt the disks +###! * Private SSH host key - Required by NiXium to differenciate the system and ability to decrypt secrets +###! +###! ..in the ragenix-expected directory which is `/run/agenix/`. +###! +###! Then we pre-build the system configuration to avoid rebuilds and lesser the risk of failure later and initialize the disko-install payload after which the system will reboot into the new Operating System. +###! +###! Warning: For this payload to work we require that the disks that we are manipulating are not used to boot the current Operating System as otherwise disko-install will fail for safety. Use recovery disk or load a minimal nixos installer in the Random Access Memory ("RAM") + +#! Ensure sane Ragenix Secret Directory ("RSD") +# By default the RSD is a symlink to /run/agenix.d/ +if [ -L "/run/agenix" ]; then + status "Required Ragenix Secret Directory is present" + +else # We assume that ragenix is not deployed on the target system + status "Expected Ragenix Secret Directory is not present, setting up manually" + + [ -d "/run/agenix" ] || mkdir --verbose --parents /run/agenix.d/1 + + ln --verbose --symbolic /run/agenix.d/1 /run/agenix # Perform the symlink + + # Ensure that the RSD has the expected permissions + chown --verbose "root:root" "/run/agenix.d/1" # Ensure expected ownership + chmod --verbose 700 "/run/agenix.d/1" # Ensure expected permission + + status "Ragenix Secret Directory has been set up" +fi + +#! Set up the identity file +status "Verifying the Identity File" + +[ -n "$ragenixIdentity" ] || ragenixIdentity="$HOME/.ssh/id_ed25519" # Try to use the default path + +# If the identity file is provided then use it to decrypt the secrets otherwise use hard-coded secrets +if [ -s "$ragenixIdentity" ]; then + status "The identity file is provided trying to decrypt the secrets" + + [ -s "/run/agenix/recovery-disks-password" ] || age --identity "$ragenixIdentity" --decrypt --output "/run/agenix/recovery-disks-password" "$secretPasswordPath" + + [ -s "/run/agenix/recovery-ssh-ed25519-private" ] || age --identity "$ragenixIdentity" --decrypt --output "/run/agenix/recovery-ssh-ed25519-private" "$secretSSHHostKeyPath" + + status "Decrypting of required secrets was successful" +else + status "Required Identity File was not found, managing by using hard-coded secrets" + + warn "BEWARE THAT USING HARD-CODED SECRETS IS A SECURITY HOLE!" + + [ -s "/run/agenix/recovery-disks-password" ] || echo "000000" > "/run/agenix/recovery-disks-password" + + [ -s "/run/agenix/recovery-ssh-ed25519-private" ] || ssh-keygen -f "/run/agenix/recovery-ssh-ed25519-private" -N "" +fi + +#! Pre-build the system configuration +status "Pre-building the system configuration" +nixos-rebuild build --flake "$FLAKE_ROOT#nixos-recovery-stable" # pre-build the configuration + +#! Perform the Payload +status "Performing the system installation" +disko-install \ + --flake "$FLAKE_ROOT#nixos-recovery-stable" \ + --mode format \ + --debug \ + --disk system "$(realpath "$systemDevice" || true)" \ + --extra-files "/run/agenix/recovery-ssh-ed25519-private" /nix/persist/system/etc/ssh/ssh_host_ed25519_key + +#! Reboot in the new Operating System +[ "$nixiumDoNotReboot" = 0 ] || { + status "Installation was successful, performing reboot" + # reboot +} diff --git a/src/nixos/images/recovery/secrets/recovery-disks-password.age b/src/nixos/images/recovery/secrets/recovery-disks-password.age new file mode 100644 index 00000000..2f022ff4 --- /dev/null +++ b/src/nixos/images/recovery/secrets/recovery-disks-password.age @@ -0,0 +1,11 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBQRFJI +ZjFRaWJkTFllR0pxckhNaXo1dXJhYmhBOFdCUDdpVEdEVVRMR0hVCklMSURFT3Bs +K280K3RYMHZHUnZUVVVoMFk0STZyV3crYnhReHZzNThEVWcKLT4gZ1kydVItZ3Jl +YXNlIFAzKWlEIHtPXU8gbzVwMnYoW2QgW046cClQegpNS1U4Y2pUdVlHdlFiZnVE +dGFSeEJ6S3YvSDRHeUxpNWw4YkI5a3NXN1I1RG1lZHpNcy9ZU3hhekFUbFB0UHNL +CjFBbnQ1V3JDVDRWdEh2MEtWeUxlU3pLRm8vV1BUZkdkM3Y0cFJFaTRQdEcwemQw +bVg5SjdQSVRua3BlN3NRL2kKU3drCi0tLSBUL2sxNERsVFp2emhZYmRXMExwZHBa +S2g3dkZ3SklLZVhpQ0t2THJ0VitBCq7b1eoD+a0Qjkssjv/hiqhUv0e8WJ5f0Cjs +vQjQICs1pXNwS1E76Q== +-----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/images/recovery/secrets/recovery-ssh-ed25519-private.age b/src/nixos/images/recovery/secrets/recovery-ssh-ed25519-private.age new file mode 100644 index 00000000..59b8bbe1 --- /dev/null +++ b/src/nixos/images/recovery/secrets/recovery-ssh-ed25519-private.age @@ -0,0 +1,15 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBsV0NJ +Y05GTmk5b3lTcTNiTzR2OXg1MHhrQlNYRWMyd3dHVEtqT0l2bjFzCnQzM2FORkdB +NytaU0M0Q2FPaEYrSjhDVGtaWWF0eTVEL3dERndLdExKZnMKLS0tIGc1TysyRHM2 +VnJVREROdVI2ZkNPMkpnWUhLUGQ4RHE3VjBXSkZHSHMvaWMKjkQoO/UBWBbOjMLf +t6i1iBoK5WVPuTQBWKUSW4mYD1qAs7yfi+pBSwYXZ9CEY60mw+lRfC4seOe1MQbt +MZbyZzObsCbTaZERkl3dlL+KiCsZv5JQCNGUk8PHSGa9IcRubhw8cKZPwlpb8moY +n8TBO8Sb6oqXYj/m4Cisbr+hHXo144nb1o0ee/G84JZGzFvRyOScAqhVy6fNJvZ3 +ha/tEYiheMFWFP8nd94S4Tn2P5Jj1lUL4Gprh00sQWG7a1ke65I+H3vDRFzeK3bO +Fq21U7YI+yj8jAlS/wnVxpAwWWTTIHGh392bzwBwCBLPIWGU9ng/Kgtriz78l775 +wveWoZoehlB4X32dgvmW/zWrwBYSC093mqSs+CL7gklnKdhZAzIRR4C8w5HkZyjc +NLmD35AsuEXAd3p4PY28Z/P20e27KQ04JfuPWU3PCD9i9XZVWCT9kL7CB5Pi8EMc +AF9M3XxCoS/oDVprcyrABX88CMRrjaJD/rQRw/stlUkdmNl3/fBdmoFPAHW27T1p +5JbuNkteDlH8FtPFQj+rzMhGv0j8/+tWh20T5iXIElh9GEY= +-----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/images/recovery/services/binfmt.nix b/src/nixos/images/recovery/services/binfmt.nix new file mode 100644 index 00000000..bf225004 --- /dev/null +++ b/src/nixos/images/recovery/services/binfmt.nix @@ -0,0 +1,11 @@ +{ ... }: + +# BinFMT Management of the RECOVERY image + +{ + # boot.binfmt.emulatedSystems = [ + # "aarch64-linux" + # "riscv64-linux" + # "armv7l-linux" + # ]; +} diff --git a/src/nixos/images/recovery/services/distributedBuilds.nix b/src/nixos/images/recovery/services/distributedBuilds.nix new file mode 100644 index 00000000..98e15c40 --- /dev/null +++ b/src/nixos/images/recovery/services/distributedBuilds.nix @@ -0,0 +1,37 @@ +{ config, lib, ... }: + +# Used to outsource nix's build requirements across available systems in the network, on slow devices such as tablets and battery limited devices such as drones this is essential to configure otherwise nix will drain battery and resources from them +# +# Reference: https://nixos.wiki/wiki/Distributed_build + +let + inherit (lib) mkIf; +in mkIf config.nix.distributedBuilds { + # Authorize TSVETAN + # users.extraUsers.builder.openssh.authorizedKeys.keys = [ + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF18QG9oqeeq/lQc5QDJl3hz5D4Q9bhiHFTRLJN4KSZb" # TSVETAN + # ]; + + # Import the SSH Keys for the builder account + age.secrets.recovery-builder-ssh-ed25519-private = { + file = ../secrets/recovery-builder-ssh-ed25519-private.age; + + owner = "builder"; + group = "builder"; + mode = "660"; # rw-rw---- + + path = (if config.boot.impermanence.enable + then "/nix/persist/system/etc/ssh/ssh_builder_ed25519_key" + else "/etc/ssh/ssh_builder_ed25519_key"); + + symlink = false; # Appears to not work as symlink + }; + + # Set the pubkey + # environment.etc."ssh/ssh_builder_ed25519_key.pub".text = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBSPCMXZ6377AeL5ZKdv7Y041CIJ2lhKl/YH/tbY7xc builder@recovery"; + + # Impermanence + environment.persistence."/nix/persist/system".files = mkIf config.boot.impermanence.enable [ + "/etc/ssh/ssh_builder_ed25519_key" # Builder account for distributed builds + ]; +} diff --git a/src/nixos/images/recovery/services/openssh.nix b/src/nixos/images/recovery/services/openssh.nix new file mode 100644 index 00000000..72097114 --- /dev/null +++ b/src/nixos/images/recovery/services/openssh.nix @@ -0,0 +1,26 @@ +{ self, config, lib, ... }: + +# RECOVERY-specific configuration of OpenSSH + +let + inherit (lib) mkIf mkForce; +in mkIf config.services.openssh.enable { + # Import the private key for an onion service + #age.secrets.recovery-onion-openssh-private = { + # file = ../secrets/recovery-onion-openssh-private.age; + + # owner = "tor"; + # group = "tor"; + + # path = "/var/lib/tor/onion/openssh/hs_ed25519_secret_key"; + + # symlink = false; # Appears to not work as symlink + #}; + + services.tor.relay.onionServices."openssh".map = mkIf config.services.tor.enable config.services.openssh.ports; # Provide hidden SSH + + # Set the pubkey + # environment.etc."ssh/ssh_host_ed25519_key.pub".text = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYpmNkpSkSSk1FnxHvPb8JlbeYh2lf3d5u8MBqGpHP root@tupac"; + + services.openssh.hostKeys = mkForce []; # Do not generate SSH keys +} diff --git a/src/nixos/images/recovery/services/tor.nix b/src/nixos/images/recovery/services/tor.nix new file mode 100644 index 00000000..6cbc398a --- /dev/null +++ b/src/nixos/images/recovery/services/tor.nix @@ -0,0 +1,11 @@ +{ self, config, lib, ... }: + +# RECOVERY-specific configuration of Tor + +let + inherit (lib) mkIf; +in mkIf config.services.tor.enable { + services.tor.client.enable = config.services.tor.enable; # Provides Port 9050 with gateway to Tor + + services.tor.relay.enable = config.services.tor.enable; # Work as a relay to obstruct network sniffing +} diff --git a/src/nixos/images/recovery/status b/src/nixos/images/recovery/status new file mode 100644 index 00000000..d86bac9d --- /dev/null +++ b/src/nixos/images/recovery/status @@ -0,0 +1 @@ +OK diff --git a/src/nixos/machines/morph/config/disks.nix b/src/nixos/machines/morph/config/disks.nix index 05be68ef..a36e294c 100644 --- a/src/nixos/machines/morph/config/disks.nix +++ b/src/nixos/machines/morph/config/disks.nix @@ -35,7 +35,7 @@ in mkMerge [ nodev."/" = { fsType = "tmpfs"; mountOptions = [ - "size=1G" + "size=6G" "defaults" "mode=755" ]; diff --git a/src/nixos/machines/morph/default.nix b/src/nixos/machines/morph/default.nix index 88feb460..1cfe8f84 100644 --- a/src/nixos/machines/morph/default.nix +++ b/src/nixos/machines/morph/default.nix @@ -28,6 +28,11 @@ ./services/distributedBuilds.nix ./services/openssh.nix ./services/tor.nix + + self.nixosModules.machine-morph + self.nixosModules.machine-mracek + self.nixosModules.machine-sinnenfreude + self.nixosModules.machine-tupac ]; }; diff --git a/src/nixos/machines/morph/secrets/morph-builder-ssh-ed25519-private.age b/src/nixos/machines/morph/secrets/morph-builder-ssh-ed25519-private.age index 82fcea72..ca093482 100644 --- a/src/nixos/machines/morph/secrets/morph-builder-ssh-ed25519-private.age +++ b/src/nixos/machines/morph/secrets/morph-builder-ssh-ed25519-private.age @@ -1,19 +1,21 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBSMTBV -TmVMVDRLeGMzR0pHaHZpbG1nN01lbkVHUFcyL0dJRldSOGs2T2dzCkNrL3V5Rjgx -VjRkTzVVd2xnb1o5SktkSzdraVB2dXJHdHdRKzhUZTlYN0kKLT4gc3NoLWVkMjU1 -MTkgclc4Q0dnIG1qQXN3d3c5aksyY3AyaXluUzJBZlhVa09Jd0NyNFFENkFSRjBv -OThOaXcKN09jV205TEFCOHZwbkRsZ1pYSHpkNERJNm5PWUtvU1ovN3JyU3MyVnkv -MAotPiBzMUlbQUstZ3JlYXNlIGNAIH0gO11iYDZfClZtTERUa3RKS25JMzU0YXBS -NVlwZndrRWNyTGxBaUliUlpNVnN2UDBUZHMKLS0tIHAzL3ZiaDdkV2pKa04wN2pI -eGhVanpQMEFST2ZZZCtBdXpDTnV1ZS9obVkKkIB0mkQEi7hHiVn+IH+YWzuS5Rnc -Xn43+vzzic/lBExpzuVxnKsP6khUoJGV773Z+/2DSKX9POSUDv5KucLHfC6u5I7Y -RJZ9UIfT7dBzpRXNklGBs/3TZInMbRi0xMPJmt8gEneG96DULVhjWKBs7h8X3cnH -SkqhxHJRioP6zhVMWsxzjZ7yzCeCTW6oh2wyFGb02c+psBqkxTQ0YjoXhMLcgqUB -wqUupQse9TTyYx07aVwfk3sxP8AR+Gbotci4VETj0ZKF9HBXjjSD6ukYpciEuxdK -+3FonUy4idP3HSOWqaJRiJKgzHCE51iquM6mUSt9AH/cSpVhI/Iiedm7Gm2ImD0O -hmfGk3inE4h/V6aLaUZVkXD/B98c8CXaJSaFRf66qb0XosTOshWolRYFzK9clR++ -5VzOPZfCIyJRQKMRIyd5lm263LTW2ua76zblpIM9FsMuyAebQBUWJrzDPXel7Ad7 -sbfGW7TS3kX0KF8Kgi4umUAvcRIqn+Gk29eZjbJomJKYM8PORppAAH9hg6lRxA9m -0LThXky0XmmWGtw4QS16m5CdumPwdKWHwHb+1GUhLDJXD0bNzzg= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyA0dlcw +and5TGgzSGlKMENkQlFlODl6cFlpZVRML25PY1Uyd21yTFM0TzNvCkhOVUdBOGlz +WC9XNzA2U3FTNlRmSEFoczZnWWl4bnN2LzNMMTU1K2dlTDQKLT4gc3NoLWVkMjU1 +MTkgclc4Q0dnIFIvMTBBTUlhKzY2L09iU1p4cUVnTHdOak1ENHBqcCtDb0crNzND +V01ybjQKQzZ5YkdCdUhzZ2NHVlhuOFlqM05KeFB4OU56SnlLR0FuL0E0NE9qZ1l0 +cwotPiAhSVdoPFldSC1ncmVhc2UKY0hMVEJETFNCaGxmeUlsZFlGQ0E3clJ6ZXlI +WkpZTERBa2V2ZWwybzZmaEw4MlJWQ3Z1d3dZYWZyQUROTjYzKwpncVVURDl0Nm9R +R0doMVdrRjJuUWtDcmJMZDcvU1Y0S3J5MGNkV0JHQTNsMU1GUW5IUHM3UWZoSHRw +TENxZ2llCmVLcwotLS0gYkVzT2tFbG5xQVF6S2NvSnRWMEFzckR4dHl2SEgvVW9n +cjl3YnIvdm1kZwp2tpi4FbepfAFXy5NmGQ0b/f/RhnSx/EfifT7PBAeDzbAWQUdB +R6idntT0YgAqx8ZbtARQGwnJTV3Xv7PszgtM2JdFY43348+whUc+FSamZPdh/0QM +fO+sKfnHKFPwBes2n1fTwfmigPglILojAFymphezh648jiXLH6zGXBNq0izGg1Qd +TXMemVsJA/HS+WVbljYyZ852dXhfSLML+3Ogch7OXAg7jbrWhzA0mIey0vnB0h6w +UXO7NAhyBi62SIZz8jaEbp3vyC8qEfJhzIpIWkxOOzzLGK6bftix8z8vBYI9u97M +8y8UxEq4vilIE12zg7Gn2SsuZAhZHV+b13aM0x7FFUD+ci8wusGma4D+tsvaxg2V +6sB/gBO54C1SIdXZWrcl8mD6AaPodM6aM4W5/+wX3LzrZckDwE2cWiwVXPK/DTPt +H11Hfd16VTWoHUKcyVzsylYf/Yqwy1lBE3rkuTpdoXH33qLQJ1ukMuHWHYB24hTp +469cza4f3A/umBO4fNJ9EtWt3hJx2Z4CIHE3E+992WDZEwsKSQ+J32IkOpejlci+ +Imokt6uucx7qzz6b3NUL4DGEMdc/fQ== -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/morph/secrets/morph-initrd-ed25519-key.age b/src/nixos/machines/morph/secrets/morph-initrd-ed25519-key.age deleted file mode 100644 index 014419fc..00000000 --- a/src/nixos/machines/morph/secrets/morph-initrd-ed25519-key.age +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBTbmhs -akp2Q2oyRDNyU0RnUmFJRFlBYlZQQnFiYVJMaXRDcENGRXdhdVU4CmlNMmZ0Y2lY -cW83WEhIdmw3UFVweDNyS29reU5vUHNYWjZTVE41Sk5MUWMKLT4gc3NoLWVkMjU1 -MTkgclc4Q0dnIDVBVW9ZVDUwSCthVUZyQklnRDhrMUZhUXY1UklvM0VsdTREZ3M2 -aVdER2sKaEw4QnFCSlJ2akxVMndodnVYRDVQOWJ6bUEzU1lxUjUwT0pZeEFML3lh -OAotPiBzc2gtZWQyNTUxOSBTS3cvencgUnJTc1hHSEZKemd5UmZWcitUSUJ1WFRV -cDBWbElZdFljaVducUxYY2VudwpVM1QxdVlaVnlUYzE5c1VvS2FITHZXMjVJdkRV -MEpXZGpPT0VVQ2I0ZEljCi0+IHNzaC1lZDI1NTE5IHBpSW9kQSAyR200eGFEZ2sv -a0dlcnJ0VmZBTjkyQnJhRkNoZlBSVlJ1blR1MndxcWhrClhhaFJIdm55R1ptVU9Z -cWI0eUdmL2drN20yZVgzTlE1M3FYMSs0eGZmYmMKLT4gc3NoLWVkMjU1MTkgMUtj -U2RBIGw2UE83SEZwek5YRnpaNStoc2sxdFZxMkxCdHJMUjY5UG1SUE9YbWZzeXMK -TkFML1FsZzAyK2NGSUxkb01Nb1A3TmNRbGNabnBDV0U5MmtJOU1kSDRyVQotPiBz -c2gtZWQyNTUxOSBCYTdxNncgSEErNGFoQnNPM1I1bXdKTFdsUmJZbmp1ckxhdkUx -WUFqMGoxdFBYYUxIawpkbWZzZk5OOEY1R2V5TTNRQm55aVlINm5Ja0Vlc01JU3J4 -M1ViQjM1R1lrCi0+IHNzaC1lZDI1NTE5IEN3UUludyBBckhCMTV4OVh5ZCtRTk5v -bEQ1TTN2WWtxdXZveGh6U2NBbzBYNUhHNzFBCnBUb1ZESi81ak1sejZFSnR2NVZv -amh6OFZvaGF0WTJCQW91S08vd2plTjAKLT4gW3h6UyVSSS1ncmVhc2UKcUl2VWoz -S1N2U3JFQWFKREg0NzhWWm80d09USWt5NmpSQVlFeHI2WTJSUGt2eXg1K2t4NzJB -M1V1dWlIc0hKcQpoTWJkZDBSbEpSQTdsVFI2OFlSMktFb3UKLS0tIEp6Qjg4UkJT -VDdCOStiY0w0ai9HdHRIcXlmcEFxOWhKQys1SGJ1UFptWG8KBJYSuOeOyfJAyz3Q -TBuqlhzEkd0R80jzwu0Woxo8uYctMNioAQ3+meo+c6qW1ljS1xZDleq2ZA9oL3Rh -lrua82Q7ffiup1xbGT6IHWwuzke10FAcmT0ZvrZ//dlO6z8F6eekQzJSoN/wr5xS -1hDWPsX4oc43KViHiqqn6rW3lvdqVniHwNttvyaUrWPO+OR+QjYs4JYllHmoZ4dy -GBFPSBYqKG/7P/nBBOk3h/bwVO3ssaONacWXDTLukgoNDryHFuzxueNoBa3X02Bv -wPxHqM1ZiWG3h+RjeYX3bXvoNRvySCqRsPqXSpjoaVHzGTL9Htyig4Ut2ZNm8Wfd -j47rOatY/ByDynldFCN/PGTfbaV0/2re9Z2OVbDH+2aTfVGSxYmlvySwLFGD2Y0j -OoTQNU3Sytqn5TPeg94RMoEV4jSKDkBArGgTlBVhBzo9brV+tZSP3njyU8ZUnjLe -ENX/ccrADX9COz0HFl23irjWiYfAP9Fug3NgM2bgw07vXzbqgG55roflVh2RB5Hr -aD6rCqA+++WOD7/SFB1uhYs+bGAmdH8VIsnrEFYHEf0AzJN0/zkdciJKaJDPkXc= ------END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/morph/secrets/morph-onion-openssh-private.age b/src/nixos/machines/morph/secrets/morph-onion-openssh-private.age index 552e7b1f..2ddd8cdd 100644 --- a/src/nixos/machines/morph/secrets/morph-onion-openssh-private.age +++ b/src/nixos/machines/morph/secrets/morph-onion-openssh-private.age @@ -1,23 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBVUFQ4 -Q3BJek5rb2daU1o4OCtwbmVMa2xaN2ZtTlQ5b1hua2wvOVJPdW0wClk1aE5qWExP -bjZVREZ5TE5pdEdnYnBDdHNHQ01WOVlYNEhtN0toakNuMkEKLT4gc3NoLWVkMjU1 -MTkgclc4Q0dnIFlGTnNEOUhhSUdFNVY0VEprWFpLTFdKTVg4eWxXNmdyTnZqQnJy -WVkvelUKYzVRWFRCajl4dDh0NXplR0VvUGF5ZklMSFJzM3RkK1ZFVm8xaEVBOEg1 -ZwotPiBzc2gtZWQyNTUxOSBTS3cvencgUlBsc1NGcnU5VXpYZ0JSUG9RamM0Ujg1 -dEFFdXBEL3YyWTRHQTB3VHVYRQpIWWo4d0g1Wm00OWFKTnpRV1pBTVNxQk42bDVP -VVlVK21qTzJkWHM1aGljCi0+IHNzaC1lZDI1NTE5IHBpSW9kQSBERVlvazVMTWh1 -MFVnZFhZTFk4MnZreGlnck5vVWt4NXgrYk5iMVI2M1M4ClNIT1RzUHF0OHpjSzU5 -eXFjRnQ4QktrdEMyeGFFeDFHbTZUUytRclE4VGcKLT4gc3NoLWVkMjU1MTkgMUtj -U2RBIDVSUDYzZGtxUnMvNWdjNDZMdEpQU3FFb1FmdEJyOS9ZTUFsS2pVc21majQK -K1FnOGFpRFAyb0M5MXc3cXFKV0lJOFg4S0haUkJmaW14Qmxsd2VXd0VocwotPiBz -c2gtZWQyNTUxOSBCYTdxNncgWmRpQklaN1d5S0dGTXQyU0tzWEVVWHBMR0RHU3RR -VmdZV0JJMUpTSEhpcwpMU21CTmZwcXg3MURCSlEweEhzeXN0RkJEOGhxY0g5Z0JS -eTRLb1FMY3RjCi0+IHNzaC1lZDI1NTE5IEN3UUludyBxendPVnN3eTJ1SDlVQnN1 -M2dWSFd0Yk5ueG9iSDdCeFRsSWE0QitSY1gwCk5YRnVzV1ovMWFqM1FMVjUwVHN4 -S29TdVlmRFF1YXc0ZG5kdGg1dTB0Mk0KLT4gMlRGfS1ncmVhc2UKCi0tLSB4UE8x -K0RpOS8yOWtWTXFFOTg4KzR6OE16UnNvcHl2V0ZUWktFREZOa2NjClYUp9QofXee -0cOGW1A8/krs3x6s9ZdWuP3U0ZbGwHNC9RgzjQ0yFkA8s/eVsdxapZeHzDv9PdV+ -lUww+NgghlMA1Q7tgM2ljbgvKbeusWZEj6TvdujaM6h53s0cS28TknyJt2lEbFN7 -CudLWF9fDxLtuFTrf95X1GbEEsxZv3ql +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBFbndM +YlhZQ3grVjNGdGxsZWV4WTdWc0h3YU1QclVVRFlsaHQzNTJHMVdZCkZHbVRML1NF +SW5BRVV1a3Nhb3QwWWk0aklHQjg1Sm5NNXR6YnBnUStjcFEKLT4gc3NoLWVkMjU1 +MTkgclc4Q0dnIEwrMUNLQ2lZVDdxdlBzT09QNDFKTWpkeGhJOHhlcklYeldFYXFU +dXpBVncKcHYvUjRXQjRXR2s3NFdvK0VaZVpVcHJjM0dPbWVSaWNaTGdQOTEyQXFv +UQotPiA6Omp8dC1ncmVhc2UKWEs0aWk0dmw2K2Z1RFBWV0hPSnhyZkFzaXJ2b3RL +c0JJNkxKSTlxWXA0bk0xZzF2cnREMzNaSyszMjBXTkRESwpVZ0g0M3QyQjAwWTky +cDJZajU1N0lVMldJeVA0VThJcHdxQWp4aGcyc3hiazM0TlczclRhQlFrY3Bva0Zm +VngxCgotLS0gcXNmQmNseXFyY09QNjNzK1pkcWV2MFh5aTJUd1IrazRacDEwMURz +QkRjMAo69f9YwoLbSyxsmD82NRLXn5A9z2HoQkVezCeCyjwnmqfWsMPNetMRHN9B +NSidKU8D6Ioj+OLcw1zZDJmRpCKH3GMdWbCgUc/RuUEfTLpd2MQIfChO/SSH2fxA +EqVZa3QrEqxbWMZvs2ZWRAQs771yZKZ8su5l0cJ3KFfSxiXr2Q== -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/morph/secrets/morph-onion.age b/src/nixos/machines/morph/secrets/morph-onion.age index d0ef1d26..9a6966c3 100644 --- a/src/nixos/machines/morph/secrets/morph-onion.age +++ b/src/nixos/machines/morph/secrets/morph-onion.age @@ -1,25 +1,24 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyAvTjd6 -NnkycTZ5dEwxYXlvTzgxYlNqeWM3b1Y4ZjI3VWR3dHZnaWhnelU0CkpxOEdMampR -a2lQdlJZOW9SWnNqYnlJUUJacmxOUlIvbUhSUTYyRjJBZXMKLT4gc3NoLWVkMjU1 -MTkgclc4Q0dnIHE5WW5EUDlBQWNqNWpjZ0FCNlpBWDRGNHdQeEYxamJ0SmlTQVVO -L3NIU3MKcXBCTjFRaEFyWGh6VVVOTnluUG1VNXRWOXJGaEhvOGZZMVVSVmRYUnQw -ZwotPiBzc2gtZWQyNTUxOSBTS3cvencgZk9iaGxHSlVqTUZ0TDBxYzdXNlllY293 -MGF4T00zWENRbUlVUUNZTWQwMApSeklmZnBUZEx2WUl5OHMrTyszL0Y1ZHNvbzlp -Q3pNaitMVTlYd0ZsOGtnCi0+IHNzaC1lZDI1NTE5IHBpSW9kQSBjTldTT3NCcDFR -d2VDc3BZMXNqMmE0MHAzTzl2b2wrS2VScXA1QW1UdVJBCllzSEY2V2VQaFh4SGNl -Sis1ZjVSN1pmaWtlTWFPamRCTktNU0RGejA2b3cKLT4gc3NoLWVkMjU1MTkgMUtj -U2RBIGNvQkxKTTdRVTZ5V1lHR3pGYStVYU5oMGIxMFQwZFdOdTFuSVduNFpYRGMK -djlLRkpDR1Z5RVhLT29OU3BlenNOWEN0a1E3eUFoNkgyQ3Fka2lBWjBwRQotPiBz -c2gtZWQyNTUxOSBCYTdxNncgbWdkZnM4K004UlN6ek1BV1ZkdUxTcWRlQldwWnZR -VTg3Wm1rZnhEcWhpMApiMm52ZFllNXVidzhKSUsycTdiTkRZR2p1R0sxUEhpTHZN -dGxId3cxVzNJCi0+IHNzaC1lZDI1NTE5IEN3UUludyBXeU1LSXUxS0RVU21Ja2Zq -dWhhUlBiTGJQNUM0ZzJjczRLaWlPbWZkb1c0Ck5CM21zbytXWmczdXdST2RXMXJ5 -TmduQ3YzL2tPeXd1WkZPeHd5MlNPU3MKLT4gXXVAPi1ncmVhc2UKNitQekUvS2F3 -QlB6d3JRVThqd25GYjVYOTdKaDVvK2ZhZldiRVBHZkkyWkYrWktGclBTNwotLS0g -Z1MySXd1bUJkSW9rUHQ0dGExcGF2SWplTldyWVBGUFpyR1dqMFc2ejg1VQr3jvYP -IWrpcEz1d+daKO4Av/EfksrKcDB26cL0lV8qatc/XxVhNCgQOTlmGbrErx2Eu6Dx -c3Ydf2spLWXFA2LG/DI05XGipsYjZJjY4tjcTaoi8kmqzUK5xovRDcJoOIUPeIDu -YKJauzjv9/rxduZgY8GpsN0v+fW8UQuL7yHvE+Qi79c5WsDbslPuF1FVvpcpWhCV -25XydKFYcW8Xc2pzCfrkCjEJm/NDyfzXzu3RhWI1TKBfKNU= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBPajFp +ZWlqMFNVUkRWWVBta0FOTlpwZUZoTXdtWTZmREl6Rkp4UUdnR0dZCjVaVmllRTZW +dHlPcnczR2VFTW9RRTlpMXJtcytTb1haaDJWN1lkSDN5aGcKLT4gc3NoLWVkMjU1 +MTkgclc4Q0dnIG0vM2dKVGxJWTBzL2xpaXNLdWxmM1JFMkp6RzA2eDlpTExBNDFK +ajZLR28Kc0JHaGZkQlB6RDN1c29ZYmlPWEtjamt5Z1l0YVlCNXRXMlI5TGd0TVdr +MAotPiBzc2gtZWQyNTUxOSBTS3cvencgOWE0OXAzc2xCTVRKcnR6RnJPUzBJY1JR +MVNYNHNEVjJ5Q2c1K0diZGlIcwoydVkzenhTZytzRllhUUdkNlp6SWdiY3M5eTBQ +bkR0VGR6YzNOZ0tVeGxjCi0+IHNzaC1lZDI1NTE5IDFLY1NkQSBYNXlFVTdOemcx +NzFTRWFsZnBXRFhpRndyTEozdmR2bktSc1FsVlZPY200Ckd2V3RHUy9saHczOE00 +cFFNdnBHMk51ZFZ5Z2pkU0dvZVZnaUg1dk9DcjQKLT4gc3NoLWVkMjU1MTkgQmE3 +cTZ3IHFMbURzN096cjlKZkE4QUZ0SVVONGFERFUzVjZLdGhOUzg1QW5rNHNQMVUK +RlcrMXNDeWpoNXJ0S1JhSTdZbGdoN3FHTW5OaFBrbkZScE8zK2xrcWNWZwotPiBz +c2gtZWQyNTUxOSBDd1FJbncgUVNoYkl6NE03QkNRRHB4aWx5eGE3NVY5by9PaWxW +aGtzWmtBVVVySTdoWQp4Um5WOTVHUElNdUNUbHRLbkFOWW1OZDJlaUlRN0lnWS9P +T1Q3dkJiNnJZCi0+IGZVOXE6Ui1ncmVhc2UgKXZcQDA1QAplNWJiU3FjR3cva0ky +S1puZzZ5R3NuQUZVNUF6USs1VCtkZi82enFMdGllRHIwTUJMaVVvZGVlUWJMVVA3 +cXh5CkNEN0IvUHh2K0R1ZENCZjg3Q2FuTW1LRGFRCi0tLSBtVWI1M1lzbUt6NE9E +VjBqOXRTcDU5RndLcm0yL01ycHVZQ1J3dmxmQUx3CtczSYVQKG0Z7+o6qI0eVvCu +oKGnk6l7A0G/YZJKEngXEw7QIoNvMAWkAJhx7SF5bydAqG5Y3jLXmvqHbk8JvzwW +PtUT4SGIi8DdqZENv6NEG+bBD4faXjae3ffcYN/rSXrUZ9NqbFp9dRLyme+Scole +JpPH4FSyOUjve8Ek4AubCXQIWXxHqmQx3h/x/cKwTFDhUw0UtTAb3CPdpM99nKtH +RJdp4/RSi1H09EBX56QJXQavnr+rjQ== -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/morph/secrets/morph-ssh-ed25519-private.age b/src/nixos/machines/morph/secrets/morph-ssh-ed25519-private.age index 717613bb..cad4ab6f 100644 --- a/src/nixos/machines/morph/secrets/morph-ssh-ed25519-private.age +++ b/src/nixos/machines/morph/secrets/morph-ssh-ed25519-private.age @@ -1,19 +1,19 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyAzYk9l -am0yTUhvSEtJTTVBaUQ2alhISmNzM3R4akZVOWxxZklGTkZXcURrCnNMcmY3aWMx -KzkvRVBpc0QxYktxR1EwbDZ5cEdtOW1ZVFBiVmw4Q3dzaU0KLT4gc3NoLWVkMjU1 -MTkgclc4Q0dnIDRRSFhtM1dlczBJNk5idEJpdmVmTHpPLzNnaGNNMUtOVnhCTDdy -R09xQ00KOU0xbThHYlFRbmdBK1lDM0s5ZThCWnNwbm1RWXNzZXkxbFNXZWJyOVdF -TQotPiBccz4oLWdyZWFzZQplWUtSNWZiWnN6RStWTUh6UDEyU21ObG1kNU5MWWQ1 -RkEyZGRPSm9aV1lLRDQ1Y2YKLS0tIDU2U3I4eDZnN0N4eU5HTkc1SmxoNElXVGdt -RzNUblQ3elhEVnFKRGUrL2MK3k0Gp/z1kdKVf6fN0YCpVcDwP5F/oATU51qfZH2w -vMaaFzwnuzOhkf0m37oJjEHJHlmEtk3U6mst4XoD5k+9hd+s9DVJjgTFQtbrkxBa -nY5wTr5pRJiXmmZPuHvkUnBzGyDBIfDXmjQF3dxFzW9Qb6faZpHA5nxrlZ6Bvbsu -S/niIKALIu+0fHokVy16cJEXtBW5Jt71fMtNwwyQOD30h6wTU5bSmL89RKLQFz6m -tlG5N792fO4QKYss1dWbkXJkin3PgOTs8ponaG/+am2125Pm3ZjdPkwD160fARO0 -dyKZT5+0wnrcEBaDxHrHb/h5a4nQEXQxo+FgpSQxA5+HSdysJ2BHWZ9bRF+SnOtV -XKwFvYVUxgZojKyccbAhoEAZsnaN+/PqbN0LaC89KevnWiVgHb+4jcYTBVEJoCph -lDD10gxAIWpHgp7882PSdpF3Sav+AzrsxNJrAqlU+hJ63FWzDWhGhPrKA04ojpP/ -+8LuPwIg8VPDkD7HRKcn9CSq2OTivOfJWTXrnj/L3KN0IUMowqAhFhZ5p78QKEnL -vBEjdnreZtk9dwXqGyIzyek= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBoMExW +OWJNb1ptSS9CUWxNRGVXaWVUMmMvallMamdVSCswUmdlYmZVREY0ClE4M2lPV1VK +WFZoTVRtOHk0cmtxek1kM1F6Vld5Ujl4bU1EWXVsOC8xYUUKLT4gc3NoLWVkMjU1 +MTkgclc4Q0dnIDVIYVphUTYrbUFKQlhvNEV6OGNENENsaDh4SWNwbnBtREw4Z2Iz +cDlvRzQKbE5GVHZvbFdJdjkrNXVLU1VlMHBOc2dWYlcwSkVCMmtqMmxub0E5cGNj +cwotPiBFVS1ncmVhc2UgdnwgcXcuJTx+Ty0gfmFIVTEgdmkKeFRZUFA1eVVPNXBm +KzZqdmpTTTFvNUJlWWdPdlVyY00yMG5Uc2hibm5tWFhRM1ZhCi0tLSBaV0I5M1dZ +TG5scVZHcEdMVGNBeDNncUV5aGhCRUtzMThvSjRvNi93Ym1nCjvGkmA7GBB9Tlwy +9AFX/pJTdQXHEi267gkpBoX8Vv0BeszbfEyreZe8VxhInPnSpz89ZjAB1GQSphzT +yiInFi5rp9VoSUKtpqWCkSXbCs/jwWLBT/Fwfr5OAV/8ohCrtddgbunsGwPkl20Q +Eogo96ntHyTOBlilaZ6+9Hhwrjl9CT4i51jFVOEDk5fMv8fxwnWEx+OQ71Z5wGCe +gjFqvjE8pSCn3FkDphDNTAjIgb4fCoT35Vel10F+fRSiVLMfBiG7J0G4iBXDHlia +4HxKub6KnWmLcsAWLCPtBY2IzkL9afJzruKMSW/NKXHch9jZ6lSrzSkHFqFN7TH3 +FrEd1EYRJDwZy5UpzgBW9153wqRb1SLs+uYmMfVivhuqWIrYacXMnVtFAZuu4pPQ +vRersiZz65b7mBnThDcAt7J4QrRsZoUfiBo0NYNm5uTlobyKnfFvBgjrj73i3Faa +6dr36y8WlnyRL1WdiWx2QBfjmGBK0Qm9x+wxbutePIaR7YDJXW5H2KpjBD4HAZci +6k75n+ptEtPpxpQj1f+1jMj1O7DIGd5QQ+NOBSjbX7oqMPqV -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/morph/services/distributedBuilds.nix b/src/nixos/machines/morph/services/distributedBuilds.nix index 3191e92f..b2fbf4df 100644 --- a/src/nixos/machines/morph/services/distributedBuilds.nix +++ b/src/nixos/machines/morph/services/distributedBuilds.nix @@ -7,10 +7,10 @@ let inherit (lib) mkIf; in { - # Authorize TSVETAN - # users.extraUsers.builder.openssh.authorizedKeys.keys = [ - # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF18QG9oqeeq/lQc5QDJl3hz5D4Q9bhiHFTRLJN4KSZb" # TSVETAN - # ]; + # Authorizations + users.extraUsers.builder.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGNpn2sAM07pqQFI3HxiuOxppiEz8OwGDaSMKc7GL8VE" # SINNENFREUDE (Builder) + ]; # Import the SSH Keys for the builder account age.secrets.morph-builder-ssh-ed25519-private = { diff --git a/src/nixos/machines/mracek/default.nix b/src/nixos/machines/mracek/default.nix index 38af65d7..98497f01 100644 --- a/src/nixos/machines/mracek/default.nix +++ b/src/nixos/machines/mracek/default.nix @@ -32,6 +32,11 @@ ./config/setup.nix ./config/sound.nix ./config/vm-build.nix + + self.nixosModules.machine-morph + self.nixosModules.machine-mracek + self.nixosModules.machine-sinnenfreude + self.nixosModules.machine-tupac ]; }; diff --git a/src/nixos/machines/mracek/secrets/mracek-builder-ssh-ed25519-private.age b/src/nixos/machines/mracek/secrets/mracek-builder-ssh-ed25519-private.age index d6b2209d..2f365ebb 100644 --- a/src/nixos/machines/mracek/secrets/mracek-builder-ssh-ed25519-private.age +++ b/src/nixos/machines/mracek/secrets/mracek-builder-ssh-ed25519-private.age @@ -1,20 +1,21 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyB3TTZp -VG12aHdpVHppK2hSV2FoVWRZYmU0SkNYSy94TWZUTzZrdXNvQTIwClVvN2hLY0gz -bGFvUGFnaUQ5UE0vL3laR0k4MDdpMnhuUGNoVFR2L05WdjAKLT4gc3NoLWVkMjU1 -MTkgU0t3L3p3IFBvMkIydlJGeTI5SDU3RzhkdW9paWxkMlVuaTZ4V0Jib3VWNnIr -WG40VTAKUEZTWm0zUmtxYXhKS1RPUW85d2p4WU1JUlNQbVpmTjRNbDJqQ1o2N2dk -ZwotPiBnI3dMOGgtZ3JlYXNlIH00Z2IrNDY+Cm1xNi8vS05EM0M1UFp6aEQ0QXY3 -Z3d5c3pwdktkQUNMakdQL09keXFlMmhKM3hZTUZsNHFZenYyKzRraGwremEKaUtH -aTQwdwotLS0gYlNuSnhiYThFR3VrcXNYMWRCVkw4SnYwSWVETGd2RmdJSE1GblU2 -bnRaSQrXMGhxGg4YKI+zpKouHCnCHesrXEnYbEV5BxSxmQOuww7Mukhbfv0bs9dO -QjEJ7GOTijEwDiXg0T7fjW/Si1scnUbHcMdMqIpOqfakkjXfXQBQYqlyv/74IqlN -hDfNnDgC7PPDPfx0KnLXoz2jzfGxqfe2aOlgBV37fwyhYbjvvsLQpyqZjoC56niL -Kj6km4DTPH0ruCArvHKTGMIGTeZmuqzNY8DSdj5ZT+0x53f0KF//qFDMJYOV/ocW -ZaIdv+q1ymfZagIztrS1Oa7f3qFa32Ku4cHjgOKNc3bUkk91jC7GcW+hQPcgMHQv -s5EJdQRoXVqAjmFrT9FZ7L3RoeXoYfCElSR3bctjdPeMSbR95cc5kqOZMd6Jr6DD -Y34hmTlI9zZOTTYM0BZ01xKEtibizMIoogYmN5af1YX7w2QYIcsY6EaLuFRZP6v6 -7kTY0KUTaRvRNtHFCEbFWL+6AEAOECE1paF3tlw315l0ncEyTmogCABTvLd25sn4 -H0FKB2Zb98YHrjH/fxaNtE9aNoqKQT7EOdOWi06mO1fqDdwxoQAovlWc3cOpkuvI -aQ0XiuTPbFmKtunqYM/DXA== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyAvN0tU +NlJaSmxaNzFVOGlYbDZoN24ybWY0WXdCWTRlZXB3WWh6b3diZEM4Clo3TVBWTENm +Mmxwb01DZ04zQzV1MkowZTlxRStHZ0RDYk1QcWV6S3hBWE0KLT4gc3NoLWVkMjU1 +MTkgU0t3L3p3IGozVFhPUEZrOExtdWwxTmEyVGNNcG1BaTk0ZHBOUnR3b3lZclow +WUZ2WE0KMXZRK21PTG43WVJjQjJSTXVLNncrNm5icHVsSDVBWmZpQWZNbTMzL3gy +YwotPiBtXUsiRlBZOy1ncmVhc2UgYmB8IGRGCng3NGRsekt4ZjQ4UnVXVzVXeXZa +VVR3ZmdhTmxCT2dTbFZnaUViV2FFK2dKTm1Fa1ozVWkvcVBjZ0dnZUMvOEMKNjdt +WUxSdzFONzBkZWpTdmJDdnVVQzhPY3lvZ0U1a3Y5TXhWY0ljMmU2R084R2k5VXdo +Y1ZMaXNESHFpNDV1YgpEV1NOCi0tLSBsNWFhRENOOWlOcGZRTXpJbEEzUmQ3RUp3 +eWh1V29nWU1nQ3Fka28vdWtNCjwS6yglV9BYvP84d6rutnyVK+b1khXBhakIGLHA +3k4xKzESuwLMpu4rClz5+xH2d3BZmheBFVmZtd4T6ic8YpBN0UxY7bc0byVkOVvM +b6jNU3a4p4iVRymHf/O1LJJPr3NdGsk4KAUi0o7hXY/wjeffFGUk7PXHzlyOh+hV +BfODHBy3AbohYSaNIQZ5kp2k2koqnqx83cIkRjypxguyra/XB1lhJOvs7SQPb75k +CSPvyK3QBtMRQrpmRpCL3qPPSZgK7R4P1GJpiGqAiZ1t5izUHWCGqizKAw/ISQda +VTsK/XgmhBX/6HA7RWpsJ4ywaTsv2up6dHdx2z3RmIxrFpcib3OXU/VqNPf3Iwe2 +zfwIkc4VZxy/zCYyLTeGtTchW1WdFx63w4JkBigr/eVv+M0WyDn8VqVK+4Dq3hME +BBLToQMX5ingiqT15KZbx6F0zy/s6j+SfdBqlE9AGpXPF9zm+1S296Dv/UtFIrYz +V16zXekYHkJHmOPY+CtgB2hog6ZxDDvXn1isphAxw34DMw2+xXKL5W3bWTeWMbkY +R8of16Z7JEd5riVZpeLSBr72uu+u66qt2o78pg2B -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/mracek/secrets/mracek-disks-password.age b/src/nixos/machines/mracek/secrets/mracek-disks-password.age index 0b5dda33..743242af 100644 --- a/src/nixos/machines/mracek/secrets/mracek-disks-password.age +++ b/src/nixos/machines/mracek/secrets/mracek-disks-password.age @@ -1,12 +1,13 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBCRzht -WlVGZ1J0SThFdEhYNHdYbWIvcG1QYTIrWDVOeW04U2t3MmphN1g0Cm5SaE9iM1Bi -ZEhLeUtETDhvSTV0dE94Ky94Yzh2TzJwV1RQYUprR2ZVYzAKLT4gc3NoLWVkMjU1 -MTkgU0t3L3p3IG44ZHdtT0J5bUZDWkd0czM4VXR5NGQ3TWZFQkdtYkpISlNJYURw -K1hkMVkKS2lzNll6QWl2dWRqUWxsOHIwNlBDaVFKeGhYbFFDVUJyQ0Z3cFdnOWRO -WQotPiBqej5SIU4tZ3JlYXNlIHxdSGR4R1AgXkpcIG8KQ2VXSFpsNElOVHZvczM1 -TUczQThVWEJ4TTJENkNjNm9Jb0lhQ2NiWnNGaFFxZzJXTGdHbUhaK081YVBHL3Ry -cApHN1pMQ1pkbUJnQkxObDFtYytxN3J6VWlvdjdINU9nOTcrcGVDdTZvcFdDcSt0 -awotLS0gZzV5MlNBbjBpMUdhVEU4cmVTWnRrMENQbmtQOVl2VHQ5YThyTmJrOURJ -bwrEy6KA4q9oq/8SLvEFd/8u62HmAT+lTa5LykCVecrt9AF8dmCqJhU= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBRU01t +VVFyczAzN2tpdGI5alpaVWtkSlB5YTlZRmQvZHhuZE9rS2JCTVhjClpEL1RwZkhY +QXYyNWZXVzV0aFl0MHp3RE0ybnVzU2JUWVBoam45VFpSbXcKLT4gc3NoLWVkMjU1 +MTkgU0t3L3p3IExPMC9PZUZwOGd4VnhicTliazNiVDB6RVVBdE9EYjNWTmFsb1BF +MzQ3VzgKWitsWkRxWndoQXBFTWhIZEx3S1Nqcjh2bktCU1ZlUGxDOUQ4QlhDcVBM +bwotPiA0Ry1ncmVhc2Uga3hab0RQIG9lWm98CjhFYk9aOFgrZmZGMVFIRjlFVTBn +OEcycXMxWXJXaTFBOGR3S0JseEhDRVZtRUJwcWczUU0xUnRhckkrUlRkK2wKa0Rx +V1BFSkVrbGp1bUpZd2d0bTA2Q0szQnU3b0U1M2huT1RweXM4Y1FvbEtybEdxWXJw +MUE2Vy96N015b0EKLS0tIDlvcXZJY0lndUg4VXYvSFhEL0hwcDVxMDZ0UjdTdUsz +T1NGcXFTSVVpbW8KHX04OZ8Kq+GbF8alzMRU4eclOk9jLyMJsEuVsjxDaZT70Ghe +qLGz -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/mracek/secrets/mracek-gitea-onion.age b/src/nixos/machines/mracek/secrets/mracek-gitea-onion.age index 8e293955..61cd5ef0 100644 --- a/src/nixos/machines/mracek/secrets/mracek-gitea-onion.age +++ b/src/nixos/machines/mracek/secrets/mracek-gitea-onion.age @@ -1,23 +1,24 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBzbzgz -b1c5ZkhpTEE5bG9lN0N4ZC9oTDVXZW1kbXA4SXhlcEQ5bVlKQWtFCnJJUmE2ZU9p -bGV5cWZ5c0pQZG9Ecmd2dHR4NmtCWUJPVm5VWkJQcGU5cW8KLT4gc3NoLWVkMjU1 -MTkgU0t3L3p3IElnYjV0N241QUJkcFVIanpxbXpWQXRENkpHMi82ZEg1S05paTB4 -cnRNejQKUmNUZjRFNTA4bWgxSldkUmxIYXhWT1k1SDhkTi9GcEd0Lzh2SndRKzlL -ZwotPiBzc2gtZWQyNTUxOSBwaUlvZEEgdUp6Rmh5WGNnNUplSEYxOXhLSDE5WlpP -TVd6OHNCVjBpQlVXbVFaSGNWMAp5cUlhQ2hFakErMjRoOGgySXJmYmVtclVYWHly -c1BIM0JBN2U2T21Hc0c4Ci0+IHNzaC1lZDI1NTE5IDFLY1NkQSBGSzJYV01SQXRC -VitHRXZNaFR6VVVJRTZFNytpYjBwWWxMZGNpbllWeDNFCnhveDRhMWtMTlVNZzNS -TFBKaDJsUWhlRGw2K0JBaHVFMWN0TVFyMmVuWWMKLT4gc3NoLWVkMjU1MTkgQmE3 -cTZ3IFZva1YvYkxEaSsxY2hkcnplb1R0SThOTXRTVTNBMlhRT3VnekdaRlBNM3cK -cjBtWFEvcUlTNjBiMEgyTzhjNDBHcnN2eS9NSGQrcllLTmVWMVU5WXNmMAotPiBz -c2gtZWQyNTUxOSBDd1FJbncgK085UG9Nd3B2UG51M2NCc3FKMVFzUEhpeGdHOTQw -alZvdVo4ZzRIYzkxNApLcTQvdGZZRDJLY1NnWWNYaElMOCs4cHZ6Q0FnMzYyZHMx -ZytxQzVlRVFjCi0+IGtnez4tWC1ncmVhc2UgMQp3bmdhUy9SVDY3dTA3WGdEL1hj -cENXNllTMkZOSzRiUWFhRkhmUnczQVJESVZ5SmFDRnNqaUMvbU9UTHhZN3lMCi9L -Q2xTZVdWeU5TalU1RVovamkvUkNYLwotLS0gNTk4dm9EYVYwUi9IYTh1d2YwZlor -a1BnQXR3bDUxeXBvOWx5YldQWHBCTQptyxixnjSgD8swHbPucvcM9x9ZclislFYP -DbRo8CJyEHcEEhQ60fffjlI7rygu0ZNPNpHjS3yPjKe4RIigsKTB9hMHCCi3DuPI -icPc5yJyJLYxoM+cNoL+/9QVv9hauqoMbnc4z2i1dQj8R8zrwf6OYDXNvUfqINzF -Z9HZVfjew9B83OJummJBtOwvZK5MrNZwLdZd7locol3DGGxWpbGsQvOfXDE= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBUUFdu +aDd0czlSR2lPU3ZDa2VvcDR1OVVsM3JuTUxKNENVUDZOZVQyakgwCmFMNHhxSnNy +VjRSZWEydEgxVEJFbFpMeGlDOG93MW9iRUlXbGhyU1pwNHcKLT4gc3NoLWVkMjU1 +MTkgclc4Q0dnIHpldVdWQmFSYzR0MHRRK3VMbUk4ZDRaZlB6bUY4UEhrV3pzRDFo +MUpvQ00KYWNweW9EWGJDOVBLZW5yZ2gzcnhWd2ZNNDl1MGIzdDlUQldyenU0QURW +UQotPiBzc2gtZWQyNTUxOSBTS3cvencgZ1o1ajFjY1JITVExVUV5dDV6bDM0Nnor +LzMyWmZBMms5dFhsWEhSRi9qQQovdnA3blRyYTRrT3lYaWZBeGxTZlpTdmpKY21B +NFg3M1V5eXVwcDFsN1RvCi0+IHNzaC1lZDI1NTE5IDFLY1NkQSBaZmlMeUdzVE5a +Y3NVWkgzWjBVQnlRa3dYRHVaeVJsNjdyL3dSVkk4MmhNCmxrQmdFQlZ2M2lIcGJX +bWJYWFp1aEk4Uk9URlIzVDdtbnB3b3dHbWZyMDQKLT4gc3NoLWVkMjU1MTkgQmE3 +cTZ3IHJ1UkViVUhMb2o0b0VaakluREQzVGtxOVFRdzV3aCsrQmpzUWxvTy80VGcK +NFBMV1BuV1grRHNyM0JJckFXNkp0MjRFN29rRVlmRzY5QXRrVmlSMW95QQotPiBz +c2gtZWQyNTUxOSBDd1FJbncgTUZQSjNRdnByTVo0VzJ0NkNnai9YemF6aXhHUTh3 +dGxyLytPSGx5bG5BbwpDejVBYjM3ak95dUY3c1ZUTXkveFZwRjhwMVVyZlhMYjZ0 +anhhcTE0ZlM4Ci0+ID48aUtcLWdyZWFzZSBIRzdJeicgRHJzd08zRCA5UWtHSFEg +SHxZKGxwOQo4cXF2cHpLK1BkNitISzNuZ3crUUxMdmlaeGZaS2xmdXZPYXpXYkNS +VHZxemtoamFGajNrZzRESE05bFBnQTdwCkxENDRUVWM4SlZBTUZRCi0tLSBlSTlw +YjBCRnY1SzhKL2k1anRZOFRBa1QrZmlKT2FGOFZjNEVza3hpRzFBCpEH/SlnxnE4 +jkVp9CiRyG5xk90wlnljudqSXDzMvKV/LacxhVFSYtZEWMUTvXfoUOYKHCFngThM +DcV656glNqypnzjSl8eOH/K2g3vLFQcC/bowbPEU99pVeFt2VoGzCLCc3yRA6yoF +TmlrwJeN7l8dkvlidwR0j5J7lIlAEUi0N+xKSW65HiuKtxKmuMvtt884ZLGNZ8K1 +lbj+Tp+WzFaAqhvg6Q== -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/mracek/secrets/mracek-monero-onion.age b/src/nixos/machines/mracek/secrets/mracek-monero-onion.age index 9be3bfe6..844321d8 100644 --- a/src/nixos/machines/mracek/secrets/mracek-monero-onion.age +++ b/src/nixos/machines/mracek/secrets/mracek-monero-onion.age @@ -1,23 +1,23 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBYSlJp -TmtQbWJEZWdzaFJRQmdscWhBa0I4K3ArcUxzVXVKMGxyakU5Z2dJCmRpSytFNjdE -aWVnTWZINGdpV0xjdlFEby9tQ3prTVIwdG5ra1BsTm1mRGcKLT4gc3NoLWVkMjU1 -MTkgU0t3L3p3IFpWSHpnMWFIMmhMR3pxZ3FuaHpXSDRIS2cxVkI3WWRLd2VEMkw3 -QUNGUlEKdWVLRFdmcnRKVEFXYVRLcVNLaE1YejJWL1BwMFd1VTdPZ1hLUG5iMEF0 -bwotPiBzc2gtZWQyNTUxOSBwaUlvZEEgZ1JMdzAvY2puRElIWjZ6cjZ0WjBWd0Fs -bWxJL21odG1TaldFWm00MmZCSQpBSUVDcm85UXM5bFFsZ3BFSnhDSGxqZElLcEtI -UENYMG0zODBsamdmRk1RCi0+IHNzaC1lZDI1NTE5IDFLY1NkQSBCSzM0TWdYbjNT -RHU0cDN6S3hNUXZVQ05wbnRIMW9wN3pyaVpsRjN1NVZNCjVGRnh5eG83SUhpT0kr -QUkvVFdUT3pVTVVEWHZLb0gvcGEyeTdyWFdKQWsKLT4gc3NoLWVkMjU1MTkgQmE3 -cTZ3IEFNSUtzL3NJU284d0NCMnJlaTBhRVp0N1NWQzU1U3dKcWlSZlkwYjg0VXcK -OEorVldOdElpWUNtWWQ3RjJFUUN1MGFUSUVkRTZ5VWcvSWlwRXFVYStDSQotPiBz -c2gtZWQyNTUxOSBDd1FJbncgaTNXVG1BVDU2d2xScEZvOEgyMEdheVBVZk1Wak1N -MHNlandmYlBRYUxWbwpENFk4QU9LMnV5M2UxSmNYQVQ0ZnZFbkJhTjJWTmErNndH -NFVKaXpnTDVrCi0+IEZOLWdyZWFzZSA+SyAqIHszOmtXIiBEUj0mCnR2WWRIUTRu -eG9Sb20rUVZpTDczNnNiaXZsNWpvd0RXWnpPRlczWmNXdGZxTzU3MXZ3ZzdldkUK -LS0tIHQ1empWbUd2OGhPM0p5bmc0Yk5ValkyM0ltc3o4VTA3alBaSjRScDlUYWcK -95hkfKuG4eGTkc2d2BJSJNFzlmEm9sntdGEO2s/MDmP/tO4Vx/A3qaPpnShtlmJW -PKtFfnIXMpuXwI87MkuGajiVe4CxeK/Om5FwnHbYG6WCEdOq9OAJbnqlGxGikVyL -GT62Aow7msfK+RkiRd/uiPQGvszsT1l38aQMgg8IRISZJ/XL/oiXm+LcpvLtyqmL -8uw/+xkNYjliuG/MSm9yAo5E3AM= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBycHF4 +V00vekhSamdSemdWRjFWUFB1VE1qcGhaMUczajFtaW1HWnNxbWlzCnlCdElDWHVZ +d0UzZXRZTkFMWDB1T0wzU21HbXdQemhweFJRQmo4ME44Z3MKLT4gc3NoLWVkMjU1 +MTkgclc4Q0dnIEFoSnFDVFBrN1BiYWM0THlGQTFGMzRadHlqK09FOXN4M01TdEZk +ZXlWVE0KS3NRVWEwa1QrZEF6NEswbnZXYjNmcnV6QWVqSWVBZ05tSmhoMC9tOENm +TQotPiBzc2gtZWQyNTUxOSBTS3cvencgbitRZk9JNjk5UDhXY1dvOUVXR1dxcW1s +UFJmTjlWWWlzNjEwZkpnT1JTSQpsTlZSZy9EQUdEUGpqNTlaMWcvZVArbzYwTXMx +NFYxRXJJdmVIWm5rZU1ZCi0+IHNzaC1lZDI1NTE5IDFLY1NkQSB0M3dJNjlSNWVB +RUpqVFFiVlRMMDJ6QmtVSVhQbUFyakhoS0dVUXZwd1hBCnJsb3FBWUtiZk12dzFG +N1RCRGVrRTdxUTFFUWl4NDZ1VC95aHBMSDRvUlEKLT4gc3NoLWVkMjU1MTkgQmE3 +cTZ3IDl4ajEycDVIeVduZmxtR3prei9DS24zeGRwaWtIZCs1SUloUmdOTmVhWG8K +QW5TY1dZczdsa0hMYVhuMW0yY1MySGhWYVdqMnRwcHl3d2RBakZFc3AvMAotPiBz +c2gtZWQyNTUxOSBDd1FJbncgakhOWHZJS0JTclZLNDFGNVY3d21oQU50SnF0VUtr +TTRVWm94ajVXMFR5bwozakthREN3WUVGeGNMbTBsMVBHRGVjUTZsL3NnbnR2d3Ev +TzJiN3RBbE9NCi0+ID0wZT5gNy1ncmVhc2UgMHAxCk9TUTBVbk9nd2FUZUFYRGRt +OHdCYTZkZnNYSkpyaUlyRWprMEdOTnY4eXF1bXJvMDRkN3hpdTFFV0EKLS0tIG1v +RWJFU3Z5eVVQMVZVRFBEWVNMZ1BNWmY0emZTdGRSdVVHNi91YVpMbTAKkNkrRmrr +WnkHKhpC0AfRuNplzs3IYFJV/bUmAXtlmoTa9Kv0GgggEfOyC3UBdDwVGyqrbeQz +rjgB1+7gJvVGvXLHiRLKiM7fuRMVSpPHuOYv8QClkx0eiRC4TvNv7Cjym4Ck6BWb +7Vblrqt4DpJrtZ/zeNjqjcGt0RESR1nC0C5d0P8FCwjh6gCS6ag9LOyWdmpP9mra +kun349PkEIuNallkygE= -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/mracek/secrets/mracek-monero-p2p-onion.age b/src/nixos/machines/mracek/secrets/mracek-monero-p2p-onion.age index f5241896..07337497 100644 --- a/src/nixos/machines/mracek/secrets/mracek-monero-p2p-onion.age +++ b/src/nixos/machines/mracek/secrets/mracek-monero-p2p-onion.age @@ -1,23 +1,24 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBIK3o3 -djFraDJLOU90MUZhMlhhYVo0UFBwV3BwMjUvS2c0NEsvMmF2WGlvCk9LdWg3aVM5 -WjQwQWJvcVI3QTFVeTl6Z0FzaUplVDRhN25wT1dBQ2p2T00KLT4gc3NoLWVkMjU1 -MTkgU0t3L3p3IFM1cXQ1dlBuK1E3bTRHWTA2RHIxY0lmaWwxMlpqUDJXWjlVWEc2 -dzZUajQKbVNiVStJeDcxQ2d0Yll1VFhTWWxzQlNzWlg0Wml2WEpWYk9FQUlhWWdU -VQotPiBzc2gtZWQyNTUxOSBwaUlvZEEgWWRydDYyK1d0RU0zNkZRdUMvWnNDcitp -S3FvQ1lqMHp1aFR6cXNMVCszawo0dlZvODlGQm1uNmJMbC82R1hLRCtLMmw5YnBH -bm0zeWk5UU5iVzRRM3JjCi0+IHNzaC1lZDI1NTE5IDFLY1NkQSBIVmRNMTZJVFJn -bHVJN1Q0dm4vQ3pFblM5SEIyT2kzazRUcnVMRUVUYmk4CkhXT1JNSVNRdWI4ZG1C -TGUxNVgzc2pVQmVkQUlaSUpxWjhwSUZkL2NubG8KLT4gc3NoLWVkMjU1MTkgQmE3 -cTZ3IDhrUE9zYVY1WXhtQlhMaGJ1MVJoN1hIU1AzNDBVbTVLS3dHcE81Nk1YUjgK -YmpRbkNCajhVb1AzL3pocGs1WEJQVjdVRTc0RlhqdnZDcGpJZVIyanc4WQotPiBz -c2gtZWQyNTUxOSBDd1FJbncgWUpvVTJSV2NXTUt0RVFLOGNRRllXWDVKS3BMaWlB -RTlVZzdGcjFXWUVFSQpsTFFNbXRxa2hFaENJbHp4T2lWSmZ3czdaUVFmT1NkU1Z3 -a1FBQ29NWWZjCi0+IGhWQi1ncmVhc2UKa2k3aTAxd0c4Z1RYVTRpWUlIdmVYV3FL -a2FFVWhoL0ZjZko1QU1BZFdTZzIxam4yeERWOTdRCi0tLSBMYXZSd2Q1TERaODhC -ZG1tMmZCYWxNM0ZiYm1hV24veGQzUHljdXVQczVNCjKw5mmhKJPMYMgVN4g4X5mP -Gx+RKkyb0Zsy/gnyy9eI5Dmig/q3htb+YkEg5yR40HSyCh+h9QH8/5gacwcEJ1z1 -uhummOyMvqbpUyz/51fCuSNjqoG/QR6ynW3gR879UVHgv1bzIEGuN05Ju4sVpyw8 -FB1w4b9ukbXy6FzHrDJRMAs5zwSaaJDGHq8d1R/xb/1tRlQw1UDLts5VDATvVClG -srKyFowDrabZcBsUtI4= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBUWXU3 +WjZlWE9mSTRha1pUUmNmbnBPK0I0VG5pYzdSUklWYk5ud2tickFnCmM4eVhDWWI1 +Q3RvZytRRFA0ZkZSTHM4UFYzVzlyTVJZSWZRdlhHazFtK0kKLT4gc3NoLWVkMjU1 +MTkgclc4Q0dnIFZPeWZsQXNsTlA0dnF3OE40NkoxWENYSElGS2tkVFJaY0NVeHI5 +VCtHa1UKRFNsV3IyRlZXT05aSVIvMHI5QUEzUCtpTi9PUzNyUnF1MG9STXdYNTEy +MAotPiBzc2gtZWQyNTUxOSBTS3cvencgZXJoQklybjIxb3o5aW1FQ2N4bGhXUzlt +SmhlaHFydk1UbGNtWkdEUmVDVQpwS3pvR2tSMTRBNDZXb20yOXhyOU9FbVB2Ylhj +NForRURka1hJTGNsdENzCi0+IHNzaC1lZDI1NTE5IDFLY1NkQSBUOVJTRnlkbkNT +OTBwMGNSMktzK0laRHVSalRpOWhhVGtMNU5odDhKa0hVCmhZdDdKS2xDQ2R4VUx3 +OGY0R0dSRWZwdzhNMkFPcXpTQ2pLa2NlbWdIVFEKLT4gc3NoLWVkMjU1MTkgQmE3 +cTZ3IEwvTEhNZFZmTytuM3pPRXdHVVk0YWt1L2dQY1pJSHV4cGJsN05oYUg2aU0K +OTJjdVNUQ0JnOHk2cEZLR25QakNuc1pvaVMwR01HZTFqVVJIaU9Ta3liVQotPiBz +c2gtZWQyNTUxOSBDd1FJbncgS3ZGYjh3MncwbFk2eWlLNGRZYVhSb1ZPbXZoazNO +aG04V3V3b3VXMHlXcwpidlF0UG5MK05NK09ENGtQWHBBV3l1dnQ4eW9xaURCclJv +WVFPcWs2M2xFCi0+ID1EeC1ncmVhc2UgNV9bUU1iCjF0TUEveEJYTzlNUGxPb3E4 +bnZSL3BSVFJSa25qeVF1K0EwR3N6YmZtNlZydFEvcHJLTDNKQUhGRHFNUytDcTQK +YXhJN3AxSmFyS01lRFlnQ3QyVkZUY3N4U1EKLS0tIFQ0VVdJalh3QUhKdGtLMHlG +S1VSbDViZStqVXZSZW1LYkorQVpMeUw3eTgKzlKsXuIjwAWiGFxMU4SoDQk7rDfm +9ZYtbW6UOLifU5L+brVkBVjDFOS7LkUoHS/tjrNgvDYplKHeSq4IaMEQsvkjoKXZ +Y06GuiEwr2fYt0aSBZi3PzZTBRc9WHknmSTxQNrGJ8i+DftTbQYPj+7CeSbWeLXy +TjW5/4WmnzwxRIY88xQPLlMklYhEhYKWo9z37SF2s8HgWdE88lJCdAm8A7jQDwL+ +FOZdBYI8mbiQLw== -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/mracek/secrets/mracek-murmur-onion.age b/src/nixos/machines/mracek/secrets/mracek-murmur-onion.age index 8bdc30c6..54848c0b 100644 --- a/src/nixos/machines/mracek/secrets/mracek-murmur-onion.age +++ b/src/nixos/machines/mracek/secrets/mracek-murmur-onion.age @@ -1,23 +1,23 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBFQTB5 -ckNydTdyenAyWkZueEdoVDl6UFFjZkZ3bGt6SURxM2R2ZUZtWTFzClpVOWh3UCt3 -em1rYjdSZXFUK3NkSzNQbUZ0TzdCc3JBUHRHUEdTV09QN2cKLT4gc3NoLWVkMjU1 -MTkgU0t3L3p3IHAxbmt0OTdDZDU1anBnYWlxNUpRR1czNGJpNUVRSTdJOFlHTDNa -eFJWMlEKWExoRUpnb2pwTVpFaXhDcGZSUEFueldPSmJ5R2o1Nk9rZ2hwblAwRkYx -OAotPiBzc2gtZWQyNTUxOSBwaUlvZEEgaElCaWM5eXZPclhVY2dnd0ZsaUM2UnNx -TWhMOS91NG9Gcy9BaUl3UzcyMApmV1QxMkZMaFVodmF2WjFTTUg0Q2tHMTk5MUY5 -a1A3K2J3TmtieXBsRURJCi0+IHNzaC1lZDI1NTE5IDFLY1NkQSBjU3V1WVpYRTdN -emFWSUVJSzVMM0srQnpSK3NxMzlSRGRXRVB2U2VpUG0wCnJwZHpjZHdvTTZSZk10 -Y3Y0c1hFeXlxT283VHJuaVJVNW1vOU1mNkhWOFkKLT4gc3NoLWVkMjU1MTkgQmE3 -cTZ3IEdEdHJ6d1BsS281cW9wTlFRMVJYQU41UmV6WERNWk9QVWhuSmZZVEl6VTQK -VTI3amZvR1ZEc1Jrc1ZSK0x6Rm1VZ1BabjFmV3pvVmxGaEZVckE2NFN0VQotPiBz -c2gtZWQyNTUxOSBDd1FJbncgY1JVYW5SOUdRSXRwaDQ2SFhiOGFmZVlIZHE4VHVW -VkN1NC9YUVFDRTJqbwpmamtyREZDN01VM1ZPWGlrTzRwTWZwcFV2UG1EZit1dCtP -bTE5SjluYlBRCi0+IHFHZSlVNS1ncmVhc2UgcE84bWkxID1YYTpEbnAgJjJsSSBm -UC5VCmtrWHBSdXFyc3RqYkYwbi9BUk00dmM5QmxGVFd3VXlvTkZwUUtGSWVkdlVz -eHcKLS0tIEplVHNsRHZDMFJTNEhrN0xTTmJNeXY3bjQ4eVU2Nlcwc25SS0tvR0pk -enMKfYr1FP7XuzYZ2qYuncG/Pk0fRDa3G/el21HEfk8nX6fgNVOfK33QSOnB1zSR -chVa24DfxCtFaOrrZCfDdAtAwVKMIb8W3YT9XqyEi9CC9d0RC36hWNWyvHZw1dhI -WfvRQkQ2PcV55nTGihI65aq73iZbfmxrfHr5frs1s++e8JTB+KdgzgtzvlK2gDgX -ASl0Su9/c2BVOnaFkaCM3WqC +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBhRUdx +bzB3SEFuZCtnbGsrSVBTamNMM1ptRG9BQXVNcDRJMzhzdUFKc1d3CmlYUTRnL21D +d1lBU0ZPSUNrVG9idW82ZEdnVFdkWjhQTmw3S3VUVnpTQTQKLT4gc3NoLWVkMjU1 +MTkgclc4Q0dnIDlhTjhUT3dmVzBEeGNOa3o5Tm82RWNhanhoYkN4NTZ4MFNVakpR +SG5aVmcKNjdLNkppV1pJSnJFWklUY0V4UmQwRldRMHBXUW1jSWZjcGo1U3E0eWN0 +WQotPiBzc2gtZWQyNTUxOSBTS3cvencgckE2aTFTclFZdmVUdmliMWtUbnJBUnpP +ZnRzZGRLTGg1S25ZVWxBUjlHcwpVaTFsVkg1Rm1xZHV1MkRTYm9wQ043QTZyMlcy +QUl6NTBFRHlQT0Y2L0VVCi0+IHNzaC1lZDI1NTE5IDFLY1NkQSA4SWVRTHdKalkx +UTRvdjdPS3d1N0RoR0d0TVdWQkE5Yzd4VmtPNzA2RUJzCm9KSG5YcXVGbDNPdUNr +TlVkU3MzVFNYa3lhcjdjOWFtRjdkUk1lYWNRSFkKLT4gc3NoLWVkMjU1MTkgQmE3 +cTZ3IDg4MEQxV081ZlpubEtCTUp5YnpiWXJQa0dIQWg4ZjZhOGd0NWpYZlpKaG8K +TVk1YXc5eUNjYW9IbnZobkNNeG16bDhXZlhDajlURlBNRFBaNkQrYkVyWQotPiBz +c2gtZWQyNTUxOSBDd1FJbncgYXVDZEdiaGdPZlBtNVd1c2NuSGJrRXQySXhESFpo +cjBLc01VRDRyc09nYwpEc1NjVFZTTGM1cHQzNUlDVjFhUURFeit6WHpiNngycnUv +eHJMQVJLTE5zCi0+IDNCY05OWTktZ3JlYXNlIG51PjVEfSsKRSs4RFA0NjhDVy9l +MWlZcWY5bjFtUjF2SjBrdWRGUjdoREE1dmRLVTNPdVVXZExocTlGb2tzWlV1cStW +Ci0tLSB1V2JzRTYzWWQ4S1ZxcWNhMVZKUlZCTU5NcnZXeGRLMU8yZ3JMc2dDb0d3 +Cl/xGA5OTyXZIbS9VkP1h+wTT7NfAlpO/tb/Lz4juMUJuTVltXxWHT+PfuS767V/ +HFttXF6yQEWF7rzPonOiIjG1uQb1P8DYPiqi2h0PEplXCBpknk7uyQI6vAEHfXD9 +ZaDWuU+iuH86zXLLrS2mscfm/RLsXRyTmnZSGHHYzCm/2A1WyAyNWw+cSMHXIcQd +TQqw1DpxalmlqTjo/DHswg== -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/mracek/secrets/mracek-navidrome-onion.age b/src/nixos/machines/mracek/secrets/mracek-navidrome-onion.age index fd7725d3..995285ac 100644 --- a/src/nixos/machines/mracek/secrets/mracek-navidrome-onion.age +++ b/src/nixos/machines/mracek/secrets/mracek-navidrome-onion.age @@ -1,24 +1,23 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyA2eFZp -VjhtV1lwc0NHdnY0Rk9pb1NGTXVZWmtCQlllQWhwUCtPejhFSVZvCmJrQ2lrT0hP -L2dyVjlBakFlMk9LSVVYSXBOdVlJVWVMUGdKTzR3c1oyd0kKLT4gc3NoLWVkMjU1 -MTkgU0t3L3p3IFU4aTRSMFVYSGowNERQaS9zdEF3L2ptR2toRXZqV3ErbnRCQUhN -eWdNQjQKSWgzQmhiZkI2UVpiU3Y0Sk9Hay8rMGt6ekR6SW9UUW52MDNJb2pJNTJT -MAotPiBzc2gtZWQyNTUxOSBwaUlvZEEgK2VyeGtWU1BIUTlFWXJTeUozbSsvQWQ2 -WVl5a3JPbU1kVS9nelJOYjlDTQpJcVdIY3ZYL1plT3BMYU93eTNoMkF6N0hleWxm -SEIyd0FLTEFvNTh3OE0wCi0+IHNzaC1lZDI1NTE5IDFLY1NkQSBwZHZyT3ZxZVk2 -VFA5R2tmUSsrbU1uWGlhN25FcGhYTWk0VXVxQ0NrdDBRCnhWb0YzVlpCalJTMU01 -c1RSSWFMSG5IR2w4TXFCT3A2TEpvOUhBQTF5OGMKLT4gc3NoLWVkMjU1MTkgQmE3 -cTZ3IGNaaVc2dCtyZVd0M3JjOHVrbTJsdlEvQnppVUd4RXppeWN0aU96d0FDMDAK -YkFYZGJrOXBhV0s0Q0cxZjduRVh5ZTJCVWJrWk1FMHNlODhNdWl3L2RVUQotPiBz -c2gtZWQyNTUxOSBDd1FJbncgMXN5TCtPWHBnenBlcW90eTBqNW0rajVHdjNxaUJy -NDFjYklMMlVNRG9TTQpFWWw0TEU1R2RQVnFNSmVVd3VHODNKaXp4Ri9uZXhJMzlm -UEM3ME1WdDN3Ci0+IFJkNXk3LWdyZWFzZSBGV2FYcTJ3YwpCNXhLMHNoa0RUWUxU -dUEyN21YUXZ3SnZ0R1VHR2M2UUh5UllqNDRBZXZ6d2c1bTg3OWJ5aEdUVnQ3Q1pO -MGFwCnNyMHVxUStsS1NFUGdlTFY5blI3enJXTTRydmJsVytlVDNyY3dUczR4bkRZ -WWVGUlZpdVYKLS0tIG5HSStuU1ovdVh3bGIzRGYyN0JualYzZ2ZiUUhTY1VvUUdD -TVlXRmF1UHcKxSw7xsxMJN/7rDrxTYIhHfOhNTqf9olkGijCFt1YtVUwJ1dyEDT1 -GlILEPd0JHmmPNRYthuYTbP4+ZZp3OVRMa5SdEpTIalGnHu9PCCpuLtxgXk/xHHa -OnpZZg/AsigpNY1vH80B82A6efCNfRdL4cvSNWda3nwbLL5ujIzbyUYaCz3k002i -QqPNA20At0QOwLBZYOELydJVzErbvSbMBKBXkjpxOL25JMgWTIk= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBVNnpu +anlwRjRMY3NrRHM5bSt4UTlVcDAvdGIxZzQwSG1nZ2U1aEpkR1Y0CjBCS1ZoSTFj +c2VRQ3lYQkRRUndxM2NCWmFab2pkVEFEcjErb3Vpc1F1ZzAKLT4gc3NoLWVkMjU1 +MTkgclc4Q0dnIGJic3UwaHh1cm84VzNqL3gzcDFlVzZtNmpqeU5XWU1zdkcraXNY +QXhFREUKdU00L08xYVZPdXdTSUFKbnZNNm1QNDdpVFNTQU4zdG42VTVZWW1ya29X +dwotPiBzc2gtZWQyNTUxOSBTS3cvencgN0lmZ1ROZHYvVWFzS3l6endLU1Vnamp2 +SklLK0xYVjRKeXFCRzBXdDl6awpGeFNOYTNwQ0lXUzdDWXNvakY0WWM5a1RxZjh5 +Q0tTbnhwaGlUL3ZVeEtZCi0+IHNzaC1lZDI1NTE5IDFLY1NkQSAzdGl6Vnp0RTRR +QXhtNHQwM3YySkw5UC94MVIyQ2FOc1JYVVF5Tm03T1R3ClpOOGsrbGFOVHRzdjRj +YkF6eUdGME5Bckc2VUt2Wm4rMHIzNzBnc3JSbHMKLT4gc3NoLWVkMjU1MTkgQmE3 +cTZ3IFRNUVUzZTZMcFh0b2hxYXZNS0VJTEZaUHJUcFBoZlNlQm5hUUxWZ1NiMlUK +aUk1MExtaSt3QlVRVzZvNW13Sk83N0ZrYXNuQUtHVFVKMHRLenI3VUplcwotPiBz +c2gtZWQyNTUxOSBDd1FJbncgdjhwQUI5bEFqTytta3BaOENqV0NXZUVJWHJzQlFN +b2Q4OEJuSFc0a3Bndwo5ZTh5TklEaFpEM1Nwd3kySjJBYzN2ME01NmlOSzlhTnBs +SFZ2ZXYxU1UwCi0+IH1TLWdyZWFzZSBTUz0pIDBBU2wgMTVENUxoIHg2eHF+Ojkx +CmsyeDJ5YVNEZjlJbFlQRGs3ZnVxaG55YXE5WHdBaHkrbWlGTllLajJCYU0KLS0t +IE9nUkpPeDRjQkpSelB1bnQxYlZpeitvTTVxdzRkL3NDYWs1UkVseUlCMlUKnnQy +3Wntbc3Ho+hRfFVdZWnbJbC3QT5X/qbhcgqjA/Pngz6Gu+CrOc6mZusdbPKXIaAg +ncgjPiS2/iqixRAZ4+x5vg2GUjFRsVfQDOpQ2ycKlWy0r2WFN/KnrVK50CPyjrDh ++JtFeUy8gF2dNeiaJwL136hNtyjIsF5RCgiYmlTkNvJAeBzIIVdFOiToU3ofjJrY +/HCNzXjUO7ar7X/R9FS6S51oKvTVU5HUjW0= -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/mracek/secrets/mracek-onion-gitea-private.age b/src/nixos/machines/mracek/secrets/mracek-onion-gitea-private.age index 0e4103d0..c090c549 100644 --- a/src/nixos/machines/mracek/secrets/mracek-onion-gitea-private.age +++ b/src/nixos/machines/mracek/secrets/mracek-onion-gitea-private.age @@ -1,12 +1,13 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBkZ0V0 -anFPS3pxNUI1YnRhYVcrUDdEVldJUDQzQU5vbUoyVDVLQjhMd0VVCkdVM2lweXFU -b1BLamJTOU9xMStyRkZFZ3Z2SG43SlRLay9qR0NtRlZYRHcKLT4gc3NoLWVkMjU1 -MTkgU0t3L3p3IEdYTnJmeGJIaFhYMkhhSzU3TnJiNzFNSTkvWWNyNE12N3o4bi9a -V3ltejgKTEp0WVVyck43MnVqajhsTzdNUnlBQVdSZFk3ckp4Myt6T2FpcGlFSkRa -WQotPiBpIy1ncmVhc2UgeSU1QkhSPTggfDVUIEhlJVl+Cm8ySjZFTngzSncKLS0t -IDlnVEI1K2R3dUlXb0h5S281VnRXSmk0Z0R4azFrMFJVWkJrV0NDNlEyNEEK6CHa -dlVEhww/RH5niaPVVJ2pK4WNWweObRhQ0ZSUlhWTNAkKDjJGns3liIYoQKAc6JiE -Nteg/7TcG3kYuz5olNk/2UwHXw219+MfSuQdia/DBRXe0DATJraVgnZfFpWXP6OA -/OLaUUgucAU4ujJjDxFXcfnzx7V/EcZU+F9oyQs= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyA4RXA4 +U2VpYm0xUzFWSnY0ZzhNR3pTam5sQjBodnR0clFQQUtONTJSRFRRCmRiQVNnU1lZ +YTlHcUI5OExOTnJBeDUrS1Y1dWMxcHlkVW4ySEUzSTBRVlEKLT4gc3NoLWVkMjU1 +MTkgU0t3L3p3IDlPbDNNQ1p4bVVoalQ4NEllQU5pckR1bVM1VXl1aVAwVk5DNEc3 +d2ovWHcKb2lMbzVZRndlSnpYY0dIZVVCL0tYL0tEb04vVG9lWGdzTHp1QytDNUQx +MAotPiBCXTlkXTxydS1ncmVhc2UgaSwrdERcKiAhIFJnIkxQQTxhCkxjUFl0Wm53 +bGRPWlJtalExZENzbjhtQlRoR1VqZW5EQWVOcGExTXpRVmFPWE9renNuMAotLS0g +eWxFTU5iWEdmMC9Cd2QrRHVZSDRJaDZ0SXZCdCtXNkZWUjhPQ2hITEE2NAqhrbDP +EJDnqxUDaxoKll0fcv+QtDI3B8Y6KSBmCSDg0i3u1aLpowug1KCfSXhAOKEWnhxH +mSDy7525YK3ASDWBKVq35dfgRAGB8obj4nfzvQdEstWuC2Anm0lbBOZSmlFaeGc7 +H6g28XBUM0AhkKdZh6PMazVyKcCQPyVvVwiL4g== -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/mracek/secrets/mracek-onion-monero-p2p-private.age b/src/nixos/machines/mracek/secrets/mracek-onion-monero-p2p-private.age index 27f3efda..6d87976f 100644 --- a/src/nixos/machines/mracek/secrets/mracek-onion-monero-p2p-private.age +++ b/src/nixos/machines/mracek/secrets/mracek-onion-monero-p2p-private.age @@ -1,13 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBsVXpw -azRjUUZGdkk4Z3gxb3ltaUpVTklmVXpNMmdYK0FQYXNUbW51cEJVCnFJVTFYcmwx -ZkkyQVlLaUVaWFF0dWE0Vm5xV1hLeGRGMEZDaHF3UzBxWlEKLT4gc3NoLWVkMjU1 -MTkgU0t3L3p3IFFMaWxJMkJDbm4rS2tFTmQvdUk3MzRiQVBaKytqb1VnQ1hHejYz -ZFBGR0EKWXJaMm1XRVNkNzZsOFVDV3c1SnZPeGYzVDlkaWJjU3o4V2ZhS3NWdVlj -cwotPiBkTlFLV31HLWdyZWFzZQpYZTg5Q1J2TkZYRXN3UTRLVWk0ME1GZ2tYTnRK -eTl3WjNHcXFMUml6UjRsawotLS0gTlQ1Tlo4MEZMN1libUVYeGVSelBTUVdxN05B -SUdWR0kwWnNGUzlVV2NWYwr1le1GwKQpGtFMb+Rnl6UNvQxA9lAUjnabI4+Nfu0x -WKroVo1H8EwM0Vu/7G4a7hQEEJRzTQEHwMpwxJ549NjDjOxYTY2+XV33zxIZr3Fq -FBt5R0kOLNJmWRjfVmbBQx77Zq5ukEBvKcF3KumZP/83mdM/1PykrhDaOJytfpgB -hg== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyAwT041 +bU9ramQ1NENiMVVHNnEzUmN0V1UxQk1XZlFCbHZ4bEhFOFBsdlF3CnhhM3M4bGNL +SkxHNzIzb0kyb1dxWmFuanZxZXptTFNQek4wendFRDJkbk0KLT4gc3NoLWVkMjU1 +MTkgU0t3L3p3IFJyZTZHSUlIMWthN0tCeHJ5alp2ZE1EamlyTzE5c3JxOG5MNmgv +NnIxR0kKVmlaKzROVS9NR3JtTE9wbm9yQURDNGtJMVJRcGUvY0RaSnNBTFhFV29S +awotPiB5LGpDYy1ncmVhc2UgPSBFICUlYXcjIHVGCkVUcjR2TWlWS1ZmdFpaQmk0 +NC91U01KLzRYQ0pBdFgxa1p6Y0tTQnNmQVBoVGpVTHlnZ29QUXkvUnBlaVpTVkoK +Y2ZZUWxYdDBTQmJlVGdhN254REVwckhaCi0tLSBRWTJyMURzWVgrSTFTRzdOc1Uw +S0IvZlpIL2V0bG5PeDU4MHk4UStmUE5RCoiRhzVLTJqUsIjzQSn3TqCVgW/HwsVB +TC7EIv1Mc7yzh1rVr1AftethkpeCk5D+NkODA4NJEDA7B+56S0dPjzr9wlxgNvXt +H0rKDIRZK4kCb0DGMjtF/Y5K4YNj9tdqPP9F3BXX/KwbtaPxtN6t3r39NfnhZAxj +r8Lk87oE2PZZ -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/mracek/secrets/mracek-onion-monero-private.age b/src/nixos/machines/mracek/secrets/mracek-onion-monero-private.age index 014c0ae0..cd205841 100644 --- a/src/nixos/machines/mracek/secrets/mracek-onion-monero-private.age +++ b/src/nixos/machines/mracek/secrets/mracek-onion-monero-private.age @@ -1,12 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyA5cXlH -YTh4VU9tOFBRZmR4VzYzTk1XK0c5ajdFL1lJMXczUkVtWldWd2lnCmkwNm9JK2ZK -RkRwOWlMWTFoT3dxdEYyVWFyRFY1N09qQVc1Zy9zUTZ6ajAKLT4gc3NoLWVkMjU1 -MTkgU0t3L3p3IFlocnB5M1RoTTF2bFBKQnRTN0RKeVErczA0aC9kU1MyVEZiYWIv -STlVM3cKa3RHU0NGd2V4d3dMOWJ6YWZXWGxHMldvWWJFbmFyUlFENTJ0NVdEY2lh -awotPiBeZjUvIVFuPy1ncmVhc2UgYwpWYzdSUE0wQlMvTmZLdUNoQkErcTdjejBU -QQotLS0gNGxoOTkra0tIZmpzellSMW9qcklwM1ZpT2toSW95RnlhTFFPcVEzZDRX -SQodzSDRpn3Qrjkfw7lCLf7UbTLLNZ/n94ByV30yxziI94vBS7KqzhH5ye4TbF37 -dgi50/XJ791YmVbx51YSLuNFX7rNK2ZkkUyM2mUSli68CeOL5eWGf62IR1nI8JEf -nJu2s4bmufW5JKibtBSKdghdCTuvJfvOK09AFzsIDaMymQ== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyA4SWFr +Wk1tYUpmZ3FuVUl4dytpZnBVUzE5OUx5NFNXUkJWQXUzUVhTaFJZCm1WZndCanJq +WmRkTzRWYmFaeDhXZkFRM3hjSHFTSzgyUEkvejgwNnNoTFkKLT4gc3NoLWVkMjU1 +MTkgU0t3L3p3IGtZZjVKWlcrU3RHWXhrK0FuRE1TYzIxSmtPN0xSY2RJOEpyTzdG +dCtSQ0EKejRVdnBoRU0vZm9acURVazZlZlBQRnJkdWtXb0dkYTUzcXloNUFHdjBh +ZwotPiA/Ly1ncmVhc2UgPkZDRiYgQyxxd01PICk5ejAyIExGbDIjCmRNbDhnVkdY +SXZzUnUvcDlYQWxWd3dRT08xcWVUblc0REN1T3lXSTNLOHZVWnIrZFBzVkI5ZHgy +QVNzZEh4b0kKWVMzdlhqYwotLS0gRmVwckdXSmFETWhiQ3hNQ0VRMFZNejJ1dy9o +bTJ1eDVvbmZUdTNtdlhSQQrS2y/W5z1t3XGXbrsRZ8N5Bj+7twh4CuYipKNoqZsr +4R/i+HwRmrEqeLlCdvBceXzaW4Ta/OvK2p48+uCos4ji8ovUeJfs42LH8SFHLP5g +XIJR5SRYUaeYtKdzRqhxzAdHHm61HLetWQIQVEJsPrE7E4lh4ef6eopB0SDWiEdZ +qg== -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/mracek/secrets/mracek-onion-murmur-private.age b/src/nixos/machines/mracek/secrets/mracek-onion-murmur-private.age index 16f871dd..c423753b 100644 --- a/src/nixos/machines/mracek/secrets/mracek-onion-murmur-private.age +++ b/src/nixos/machines/mracek/secrets/mracek-onion-murmur-private.age @@ -1,13 +1,12 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBKZUd3 -N3BIVnQxWGt5MVY0bTBDTUtVbVVQQ0M2Wk0xUEwzeVgrSVBhS0FvClNYVFJKRDhQ -TTlibVRBbzM0ZTF1ZEZPdkRiczlNdDJnWUtOVDluT01qVm8KLT4gc3NoLWVkMjU1 -MTkgU0t3L3p3IHp4dDVtRjVacDlTOEVwS2JBZGJCbk5OQ0ZPZkdYamJmK3ZtOVN1 -YTZVUmsKdDVuZG9QZjBXS25rYTJVOW95TUsyQnh4TzZsMVR5NVh5My9EdTN0WU5a -UQotPiBmNHVMKGMtZ3JlYXNlIER1eiBMdkdzZytVOiBJK1clSjh4CjgvV2RvNXB5 -cHVLUThBeW9uZmh3RzJGZGdDRmNQL3J1RGl0MkpDcitjZwotLS0gYWlseXBLVmdZ -ZmNINXNIYktFYXEzTmt3QlNWdDM2ZGJEUUdhSlc4WnJSQQo5jzZ7HzMNW2AObd++ -SwClHkY/BuneyZ86TAluniXnM7Dxo3h3Dm54WNFqWQTuLT1MuCRBjX6ItACfppRV -r5J9Cfj3gXe76QR+ZJVr/9g7GzxYKqk4PpZalKMX+KoI3uJeUE2XXGtBdfI7feDa -KkOAeNzNZOOFAUTueI+iHzWiLg== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBvL25K +TFpJcVBORHV4UUlhRzN4eFJEZ3hrMVQzNDFYdTV6Rk9nSm05K1dRCmljK2VYRFpQ +bFBPOTNjZG51WTNMUElTY1lmb2h3OUw0SjQ5T1pPLzFXQ0kKLT4gc3NoLWVkMjU1 +MTkgU0t3L3p3IHFMMVBPRURMdEovZ056WWJmRHFwTnhhRmx6Wm0vc3FOM3E1S2pZ +OUNOR2MKc0pjRTZralNPMEErUjRySXVCZVNWa2JSUk1VZ25WaEM4b2FyaldYUVVz +bwotPiAneld5Ti1ncmVhc2UgZ2EKcWxVSEduUmUKLS0tIFc4YWJwa2QzQ2VqdW5a +UVVBeU9zMndHL2p2MVFBbjYvM0ZnbWxyczNpbFEKdayH0LdEXWzGN0ZKYueKGHSC +FdOG4knuLRY2GgszRuMXYdYAG+Qb5EQ0GaWy1Ev7N6pmmy7sIEfI+Wl9+gKz8ndq +wIKGFn3zVpMfefrdd/3l+RPOLv9I3lWqBgxxl/gMKv+iWD/TiZIcq/oxRrEtyQOv +fLfF3XxvB/hjGMrvzg0= -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/mracek/secrets/mracek-onion-navidrome-private.age b/src/nixos/machines/mracek/secrets/mracek-onion-navidrome-private.age index 0fef9139..151a707d 100644 --- a/src/nixos/machines/mracek/secrets/mracek-onion-navidrome-private.age +++ b/src/nixos/machines/mracek/secrets/mracek-onion-navidrome-private.age @@ -1,12 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBtVTA4 -SHlLTnN6TUdKWW44aTRaU0NDQXM4MU1CYmpWLzh2aERIak1Zb25vCm04Yk0zaE44 -cytMUTJvRGU5N2hEZW1GaWRRMDNraWVEZG1oVlJiZUM4bmsKLT4gc3NoLWVkMjU1 -MTkgU0t3L3p3IGdFem9CbEVEdGdsRjdRUWhwemlzZnlJVUJUa3NmU1ZxenBKZW9u -ZUNsMlUKM2Z5aTFLL1ZjRlBoWm91U1ozYkVXcGhhSkhEa3ArZHlhZ00vSmlteWZK -awotPiA9dS4tZ3JlYXNlIHdoYXg5bS5aIFA9UiB2XmFONQpTNFZTVVRvQ2UyMzIr -bVIxSjk1U1V3OVNvb2cKLS0tIGVtYzZsMHAvTE9OeHl6NjdVckpKQmlJUG9jektV -RmNrYjFCRUtMbEpLWGsKtUjuRK9In97rMcOO6p9eOEmDQjsZuWwKQ1oe2ywxv/+h -cVdls/LZq/lbvXoMLbmALkFvH5F1Y9azRIPsi9xq1ICaQGdLOQh1TBEWHoEsSStt -R7x4zprihbAHVLykCVFVjcFjK8gU18VBrTGEJzLcmAbdJiEPbQCkOXpD8dSY5DY= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyA5alBJ +RUp0d1lXTW5Nc3RQeXFyTFFDWVA0dDVLSXJGUW9JU1RDcmJ5WXpBCkg4Y1VFSWd1 +TE9NZWRQTWZrbVN3TkFhSEtJZWdSZXZOUEpQc3ZmMkRzTmcKLT4gc3NoLWVkMjU1 +MTkgU0t3L3p3IFZYZDlTSWFFMGlPb3JidjBXQXRyTkpyQldvQTRRdTk5TW8vemh4 +WlRjQzgKOForTnJ4cThNeVl3TDFWYXBaUzMxMVVtU1g2NTMzSnBSK1MzQWdwY29T +cwotPiB+KjdWLWdyZWFzZQpRWWV6WGJlcGUvckFuSndUUVFPWi9XMk03KzJVTnE3 +RmRRdjhDajRzWXo1M2pEU3Q5YlF5OWwyL2JXWFpjQ0ZDCk8rekZYVStHb1prWUFU +OE1NaStmRHhuM0V3WmxpNjR3ZENVeWkzTjBrUDdwWG5Fc3R2ZwotLS0gYitSTnNJ +YnE2YTZDbEhzV3ZNbk01UXB1VVA0dHpsMXl3Z3d1UHV1YVdQTQppCLBLRbfRXq49 +H3uhFvakoP+V7LrV8JpAoVfVmX0/kQ5g3E7Y6iJyQTk09LIedQLUJfl0VmiLZ5n6 +bnCdfVTNRi/DfK7ackmdA4yUPktlaXvhAK7HiQjj1C6uULGyReWRRaRj3h0iyt6n +fiDxaXnAfgqzzdqMHWt7yIYkH52jyw== -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/mracek/secrets/mracek-onion-openssh-private.age b/src/nixos/machines/mracek/secrets/mracek-onion-openssh-private.age index 02b34283..84c7432b 100644 --- a/src/nixos/machines/mracek/secrets/mracek-onion-openssh-private.age +++ b/src/nixos/machines/mracek/secrets/mracek-onion-openssh-private.age @@ -1,14 +1,13 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyA5RnEr -blNMTmtFRmdNNnE5VTc4RktFNVdkcnkzZlJBM2tMVmFpOTVRbGxvCk9wSE1ML2d2 -RnMzSngrZTc4K2xGdHRzQnZLRDd4SGRHblMyQklCdk9nbGMKLT4gc3NoLWVkMjU1 -MTkgU0t3L3p3IDlzNjZ6Q25NQ05tQm9NVUdEcHl0YWRBemtJekRvVWRCb1hsVjdt -bXE2UU0KRnVSVHFvVDlhRCszN0NoZ2dKdFExV2pyem9FbjAzdVdJWFNPbXlPT2do -MAotPiAraC1ncmVhc2UgYCA1fiVXIDN7ayB3YDU1Z2U5CnRjSnJ6eEdPdFRXeGl3 -Z2Y5YlhTQms2MzdBeHFQQ1pNMVowWWNkTDJ2MVlkeTdDMWkxL2FMRWJKSmo2ZElK -Ny8KcGFZdDhTdFoxMlM3cDNWZ2NoWQotLS0geWRmRjMvTXQ5Ym42U0kvL3hvd090 -alJiZzU0c2Q0VkphNzZvaGFjQmxTawqWQ5yNOXsW6BWggCdNVtgvvLLP6S7UpZHE -sQXurYtWMF9FNHMG8dlgzBddI3fBe9ojqDSZMV9aGimm8Yk7Z7/z50CMdetKOlP3 -yLYRyCwxXzGkagXAlSn4IyT+RDABsKq/j+GUpozeV8SuplYU9Wr1X+1vSJ5iJX2J -Ks/7Qo1wvg== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBCZm9V +Y1VTb3BBcXFrUEJNYkVIKytKditDb3djL0t3MlZ0UTR4S3RaY2g4CkpvelpyYlZn +emRCdGt1eC9QRU1RUnVYWmNKT3VvaURaNlRWZC9VVk9KMWcKLT4gc3NoLWVkMjU1 +MTkgU0t3L3p3IDdsYStDc1FJcU5IMW5IVjJJakFCcUFZYzUzdjJZZmtNd3AvQng0 +d25CbWMKcGNaNTRDbm9GMEFjUTR2U2ZRMzQrSXdZMENOalZpdXF3ay9na3BPcU1H +NAotPiBiLWdyZWFzZSBnTEZmCkZ4ZnhRSEFVVDlxRU80ZW01RmFmOWorZDlEQ21N +Tjl3R1pFTW9RZGNxQWhkMGZJaHR0djAxR3BocENnCi0tLSA4RVZZMzVnd3hvYUZ5 +eXdZY29MbmlMSTlCcEZTSHByNUNhWHVtcm10MjFFCjPAnBkog02VOE2/ofF4u+wF +Fhcqvaa+KtMOdPpNX1d0HKru2kLa+4eOuGDW6i6qHUpdWb3tx+0/zOf4lmmFpeyn +Jw081PoGjxz5UuI42S7HxlsHjJD2T6Szsx6N16ZWuHkeNd4EA6ViF7jMgo+8YQ4J +7C5OylSHRCvBcwsTaT1U -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/mracek/secrets/mracek-onion-vikunja-private.age b/src/nixos/machines/mracek/secrets/mracek-onion-vikunja-private.age index dc5c3f5c..d9418890 100644 --- a/src/nixos/machines/mracek/secrets/mracek-onion-vikunja-private.age +++ b/src/nixos/machines/mracek/secrets/mracek-onion-vikunja-private.age @@ -1,13 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBCSWVm -SzZyZzZnT2ZsWFd5K1RWNzNqTHhzLzROd2pPQStrM3M2ZnZ5ZzJjCm5yY2JBZ3ZX -ZHBhWVdhbHJrZ3o1Y3dIS09ERTVpNlQzU3ArZGNyRG9UQmsKLT4gc3NoLWVkMjU1 -MTkgU0t3L3p3IGVQL1BZRWNIbWVGVjVhTTg2UE5qdU50U1R4bzhPOU83djBQUEZO -MGp4VE0KWUtLSGV0RS93SzU0U3BINUhQSzJBaWR5dFRyenVSTXQ5d0prR1Zyd0Ju -TQotPiBPOXZNLWdyZWFzZSAwZS4xbiBiSVA9IDJmPApWNGtzc0I4REROT0cyaFEr -cTB0TUttSmVuNDlJV0I3ZVZySjJ0cWN3a3EyWUNDS2ZrdwotLS0gWEh0Q2Z4b2JO -MEFUbk9YNG9zY3lvYWFPc2ZuZDdEMkpCMXBWTnJUTlEwRQoDC4KPhLJ1NllnZ5QI -pfxFP9u5LdlX8dHrMjGawZgZzDMVQ/qO2nQY7T2Z+pX9lKbrQl4AAXEEgIm9jzhU -3tnXTk9mvvNl/TtCz73p/EUT/jkIMBthsmX/JxefFwvHFxSGow2qXA+NkAy4I7Jb -tVTYBjdV4nIw7JzL44pd5WB2Bg== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBqWTRI +YkVEUXRmU1pRRlJqVDJIUXNrNzVXVklKK3hEY29yMXF4Zmh2bkNZCkVnRmZ4ZENF +NzM3K0dFSzlSTXlxbW92THB1N0dlMGw1a3RNb2owWUhHc1kKLT4gc3NoLWVkMjU1 +MTkgU0t3L3p3IHoxTDExRWhlWDBlb09QNWtydXZpMk52ckVkRHpsODBxUjNXK08w +UW5tVTAKK3pMZmFKYmpwYzhzY005QkR5WVJZL2xqckhBaTVZdlRXSnMvS2lZS0dQ +ZwotPiBvZFckI3wtZ3JlYXNlCmFtVHpPS3duRzZvZ0MybkN2ZGxtQXRUOVc2TUUy +VTk0T2NjWk9GZXFTMHVWdm0vbDJWQzVSazZuK295dndrR1YKU1YzWm85ODdYODVX +aHZ5Y3lIOUFIcWlOZU9wZEZRVDlQc3ZkaXFhNWxORXpSSDNWYWdKY3pDNTNrWHdq +M2cKLS0tIEZoZDdsYTVzc3ZvRTF2aE9NMUluWWM4ZStTcDJnSmNmNnZLdVU4cmVv +Q2cK/nACwc3wrUdLgzxt8CAUZIIqjZC2Z0WhfcNekLwfP5aM/OEOpMfh7WvJPRUj +e49R43wSuRABPTxhBncNQ53ZJ6KzYVxs1l3MJxHl4h0Zzxzsa1M4NNaNgF12Susj +OQLCx3gSGgTdAQFnJ134kcQr1Kf419jX5XVv127/7d7rN4Q= -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/mracek/secrets/mracek-openssh-onion.age b/src/nixos/machines/mracek/secrets/mracek-openssh-onion.age index a3941e27..a1493544 100644 --- a/src/nixos/machines/mracek/secrets/mracek-openssh-onion.age +++ b/src/nixos/machines/mracek/secrets/mracek-openssh-onion.age @@ -1,22 +1,24 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBoODRV -ZW5nWDlRQXNDS1pXd0NDTnZRUzI1elZkRlNRK05mdXFFeGd0amhrCmRKQlgvbHZx -ZEJ1THNoYjdWb05aTk4zbkMzcmpTVU5INW1qWmhkSEd2VW8KLT4gc3NoLWVkMjU1 -MTkgU0t3L3p3IGtic0xnR1dmSnFaeGhseFp2Q2hSaWRYTU1ka1AxbU11QUticDZj -anY4MTgKd1lyc3JuYVNyL3puNWdmdFcvdXpXeExvN3RrNzRxdGNZMG4vS0l2U0tR -bwotPiBzc2gtZWQyNTUxOSBwaUlvZEEgUEh5bFlrRnd1bmdWRnpmV2M5TWYvdU5s -QW1BSjg1U0hkQmMzMmdtUmZuQQpQQmQwejF5K21UTHFheDlkWkdmOW01YXVqQkI2 -TERsK0d3OGtHTlhLcGJrCi0+IHNzaC1lZDI1NTE5IDFLY1NkQSBEbnowMDFuQ3kz -cTZJRWhndGtmcm1VT2hSK1pnL0p5VHZoZTE4VWVFVlJVCnVvZGk0NmhhTEhmZFJI -YnI1RlFLK2g1Mk8vRzJmMUdMTHN6SldHTitscjAKLT4gc3NoLWVkMjU1MTkgQmE3 -cTZ3IDNoNXFVOGhiaW8vNEdQWlkvS2pmcFBWUkpLQU9VYVdTZDNEWWVNMzdWRDgK -dXhkNjRQUHBUNk9zUngvdEV5M3p0Rlo1dTFGVXNUT3NzMnpGazZSODZUSQotPiBz -c2gtZWQyNTUxOSBDd1FJbncgQ3ZTYURNSUxTeE1Ga0Y3ZW5GTDFIb2NlQnVwY3RR -R3hIQWd3Mys1Qk4yNApKQWNyLzdjUjBxR2ZMSTVWNCs0eW5RVURPNDJJRmF4c3Rp -SmhYajdZQnZnCi0+IF9YeixtaTotZ3JlYXNlIDhmbHhCLGAgYllRNAowRzVEYUts -aGlUVk5qUQotLS0gL3hZS2JhUGNSdzZnS0w2NkoyMGJwcjl0TWt3bVNqbGdGMVdB -MGVQQVBCQQr09KlTn3NE0lrflN9Lnzp7BSYgBy4itMIwaOEvAiRaaDxrDc6PGsh1 -UlP79vxA2HEZSjOq+iuGR58gnc4XkcDwL4FAs9oWmSW+2dvZ1Wz7UOqUXTfQNBH5 -lj2b17SkKBJevbit81emGcJDhz4BYaj2NjhSNeVErDLZnkqK4momnDGtvb8ECUGE -EhhAEt9N/bGunG5ULwJQW31t6/vvU+DmlTNilHI/bimGzEKknUM= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyA3MXVE +cWFXZjVSby90MHlhSkNPL3Rzd09KZG9wWEtYam0xczhEbkRsdDBrCjV2V1VlUE1X +T09xV3owTG5RS0dUakg2U21CWEVNSFJnbm1GaWY2Y2dITXcKLT4gc3NoLWVkMjU1 +MTkgclc4Q0dnIEZiQjVCOFRieUFISWNyWDdsOU10blIrc0N4Y1lwU3pWUm1kL25N +MEo2MlUKRkE4OThnWjNBcS9xQ1B6RjJMSS9pOW0wdWovcW1VTzhJWnZ6aXRnaXFE +ZwotPiBzc2gtZWQyNTUxOSBTS3cvencgYmJaL1RyZ0JHN2hnODZIMVZ5cm5PTDNx +eEpDQUJub3hJQ05MMUtwY3NWNApOTlRuUllIWEViSC9PdzVvUEliWFNBaHppR014 +b2svdHdSN3RiaHI5SDd3Ci0+IHNzaC1lZDI1NTE5IDFLY1NkQSBNUnRjVlBhTk5H +ZllzUmtMSEtmaHpjTEYxZVlVOFZhaVNmVUxEUm04a0JrCmdjVFVTWE05Mkp1K1FO +WHpnOXlMbFcvVzBFSGQxSW1BQkxlc2ZYNk5ndzgKLT4gc3NoLWVkMjU1MTkgQmE3 +cTZ3IGIwUCtPUnRzSTY3T0RZVXBIV1cxTDIrU05pVlhoUTZxekt4MVpMNlVid2cK +eWZYeU1xVmlTVnhEcFJVclZhS0hsd3RQTDFUQ1ZpTmpDS2IxUEZzaTRuSQotPiBz +c2gtZWQyNTUxOSBDd1FJbncgdURFSG9mSkFLb2QvNFptUjB3bjdpS0wwYlVFUHZQ +U05BcldxVWRZNGFHZwpTWDBvNHZkYkRzTE1SQnRhaVRyN0tiSXdlclU4NndhT2Ni +Z2FNSE1sWHQ4Ci0+IHd6TXYtZ3JlYXNlIGMgTCBON18xfEwKZ3VITDBFL0laT284 +NFNqdkFEb3U1MFIvaGlVYjc1RzVOYkNnN1c5cWVudXpGdmlRQkUzb0I5dXpIUnRI +cXJ4TgpnOGVoUFlSYjdrMXlNTFl2UUt0MVRrWk9GOHVUZm9MY3BOdjkKLS0tIDg3 +SitUVnE4K0VBaXBpYzIzN1YvU3czY1RFaVNnYS9GQmJRTzREd0YwM0UKC9k8TWtY +tJvHe2EMJx2aHlOk9ViamfMKF+JyWrhshTSQTf1NKXXgSdueHzsRv9vbKHUS4TYZ +WFQJArP44DA9uuwATI/PU7/VmGTCDd3Hk0vzQWM0TDnErCvi0w/4M+kv3G6vx+mR +GoD6KspzOHCd2i804R4RYRIOiFbvI4mqIm32NL0/xZLcIXRjpC1X9/hY/HVcoWNq +hkMJkx00YYug3wwL6dsBPR+iwbHSeKxT -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/mracek/secrets/mracek-ssh-ed25519-private.age b/src/nixos/machines/mracek/secrets/mracek-ssh-ed25519-private.age index 2061bd7f..73ee93c3 100644 --- a/src/nixos/machines/mracek/secrets/mracek-ssh-ed25519-private.age +++ b/src/nixos/machines/mracek/secrets/mracek-ssh-ed25519-private.age @@ -1,20 +1,21 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyB3VmRx -T1FyRVpIbG1SUVdHNm0wUW55K3BPcmZiLy8xZkt6eFVxaEZBRm1nCnl4QmRNa2Er -Y2VDYlBoQ00yZlNtNlVkSzNJaENza1M5Vm1JbmtwQnBuVG8KLT4gc3NoLWVkMjU1 -MTkgU0t3L3p3IHhVbm5qRjZFVTN6Tno2ZkJ2aUJYM1JkdnhKYzVtWCtJbS9pcjN3 -M1NzQmcKMlVtNFNPdHY1WnNLZ0o2Um43enNIRElybS9vS1FIMDJuaVBHN2lYdzFK -MAotPiBQLWdyZWFzZSAvd2x7QHRCIElaagpZZVZUcmFOYk1WWU02ZktYMWZwKyt0 -STA4RXNMdThZQXI5a1VJRWFrS0FWV0JJN1VTaDNjM1JoeXRlSHdOMGgrCk9pM2lE -N3JKVHVUS3JHYXcyR2FyYXkxWUZ3Ci0tLSB4VnNhUis0SklKU1RxRmlKWWd2VDlF -ZzFVNitJb2xiZ2QrekZDbkFaMWswCsbSmMYb+k42rnWMRQKMH6m5GSkn77IQ3B8c -/pbD1mkcqok+AICkwSOxV6SEUBRHIQLfyb7GKyktjsPCNTbYFQT50nqT4F3xXuo1 -aDjkOQ15UOJx3yW2I/OxDI/ePSmC5/uBKVvNJI92AZyHNuylJJdNNj8JNXWGbLhY -Fyr6lCuEH4h2X2YewSFv2Oi28J64vr8uvChQylhxbmI+Q53+uj7S5n0n4/L04jnL -I28iB0FfE6EvETwEjwM3dr56yNb0J9t2F8MYNVcdl5z5FkQuB3LSswQs4f3Yqxu+ -m4fTH7+cgE+PJVYPyPY99i91fxs9ucJ9wo8BGWN98cnuI4KaA1QCM19Y2xF+5T0x -gVODPyIZ11+b0AsBeAKciOStjtdJNaayoKlZrJHleDhlWQTdHC/5mH0oSRncO5Ps -mFxsRTTvGgL/rQQEGMuqREKNw6XlrtG92CJUf6uQZdB9m2I3rbBahbmfUTC4L2VJ -cAfjAEzddmTWCWJGdhi1KMbwSAe2Vm1RslIOEMGBchc2//LUQzdXkw4hVQstjTul -7u2sHyHRcEMe75q6ZjGNhgnIsJ2lFUR1rpYoE7CJTrW7 +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBvQ3ZQ +TEVXU3FMbjZSOExWZ0ppWTlteFFCZW5xb1pmTUVVM2dUUzBoYXdJCmUxek9kZ0Zs +L1lFcFgvb1FpWG0xeEpTMndEdEtlMTNEZ2d2NGNKWFY2R3MKLT4gc3NoLWVkMjU1 +MTkgU0t3L3p3IFJnRmFOQzlqY3NsYnE1d013MVdoeFE0VXhlVWxJUG9hVmJZa0Yz +T3RzUzAKcW91RHVneElOVEVsUllmSkVGbGFHZ25OWnRJY3MzbEY2dy95bCtLajhP +MAotPiBSWDs8VC1ncmVhc2UgTGJLeXx9IEYgZEU7OXgKdlNSd3FiUDhVY3A0ckd3 +T29PWU9FZVZHYlE0elozUTVSaEwzcit2NnBnRnhuWFJ6VFdkaXVPaTBRWVZJRkZq +SApYOG5pb0JiWXBLUVNlV0crQittei9yRUJQd3BibzFKdTFYNFdNRHkzK254emN5 +aE9nUQotLS0gUWo3Qzg1dlQvVk9ZeWl6QVhSUnBub1lLcEpLNG5TY3J2WWt4Znp3 +SzhzYwp7pR3doapgCsr8OEeOD38/MUlivmNNigAvkEsgA0cj5UVVhZ6wvRvHRiay +sxsCubCxkG5bzCOzOqRsUnf6/47cSueLfNiIwZuABV6m3lOtpSxAGYk4kc48Vbck +E5WNOaYOiEXvm6Hc0VYhYgr3NKlkU73VNKsYhtRaxCuKTpXoTPearyHEiKbQzNEc +uso/sJjUNnh+eYyLlT3/xBYC4ZGKmYuRnnz3EtP6wrG8g2yp7QZOVp7kLYZtv2OO +W745vBQso+cNIH4bACR3Uu9aisvcnlWqa31tkJ5qn1ICQXAdhZ8vwuIJSDcNUD1w +SyxhLdqLQYwb8g42cbGJMOl7RktONb+WNn/m+Bk23On/CQ687U/vPXQ5zi25xLrX +dNxHF5+Iw6cOFXL4xKW0e1AgTDe/9SO4khgHhicQnnD7jY1mSYX0kw0SsL5/mlN6 +zVdxkyWCQ2lq8Kd8Xft0Sl8h+kpRgTvM6/VLBvX8IzfXSBK38lIDh3Bdll6mZxHi +F4LUjLCwIhwA3o2LZ+dnHZB1dWPkqvcAIYi0DWTatB7yMjUP+61EQYSZkSC0cTOl +z0/+icir2cA/8YjCCUMJVQ== -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/mracek/secrets/mracek-vikunja-onion.age b/src/nixos/machines/mracek/secrets/mracek-vikunja-onion.age index 90367f19..7a10b117 100644 --- a/src/nixos/machines/mracek/secrets/mracek-vikunja-onion.age +++ b/src/nixos/machines/mracek/secrets/mracek-vikunja-onion.age @@ -1,23 +1,22 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBMQzZJ -ZlRFL1lqTzkycnlPakZTVFpmNm5yQWVoQWNNdHNTbzJHcGhZRVI0CmtUNjQ2aytj -enF1TjI3WEV0VmhLckNPcDJsKzkybUN5QUc5bXRXM1JzTHMKLT4gc3NoLWVkMjU1 -MTkgU0t3L3p3IEE4a21zQU5xZTRROUxTcit0UkxGZ1dxOFVJbDhVaHNHR05mYkVo -OTNUam8KZm1RWllQc3M3OWtpQWxOKzZEdWU3ZnNRSWdCakNhVDRWbW1tSUFsanA1 -bwotPiBzc2gtZWQyNTUxOSBwaUlvZEEgcHg4M0FKbkltUXd2bEtDRnhIejlnNXlT -aE1JZTVRcmIrZWZTMUx5bGRBdwp6bUo1bmVhZk5mNEtwMjkrS1BEaVFoaEZPZVFz -K2dtQUtwSHkyeGNTZEwwCi0+IHNzaC1lZDI1NTE5IDFLY1NkQSBYOUxOWW1xWmpm -ODFDSGVlaTdtMnBtdmJqbGE5UEFsZ3ZhT1ZpWTF2NGpnClBFZi9PQjRKUk5QMmNS -eEUxWEtkYWxrYm9leGxMbHhWSWpEODB0UGpyY1UKLT4gc3NoLWVkMjU1MTkgQmE3 -cTZ3IEdwTE5XdWU0K254cjNzWHkzSU16MVVTbUxRbGtMVXdvWTlSL2ppQXZMMDAK -TmJldmZIbFVZVWNseWQrZXgybkN0VnVVUUFXY2tlVTA5VXlDQkp4RDdNawotPiBz -c2gtZWQyNTUxOSBDd1FJbncgSnRlNE5CMmJUZ0tPWit0bnpQTnNWdnpEb3UycVRC -bmRWV252TzdKYnRDRQp1azVwYi9JNzZpWkwyMFU4OWJpT2lwaTZqaEVGMm4yU3JP -NjdKYjRtWlRFCi0+ICZnUnl5byQtZ3JlYXNlIGA9MlwKbnljeXBvVVNMRktFRXlF -c25NWFF0VytDeHR1Q2VlVlZrZlRCUTM5a2d0RU0rZUFCODc2TkM2K2doaVhDbVVl -LwpBUkdnVGcKLS0tIDk4ZVVOMTI4NmtoaXF1MUJYVEdHb1Z2T1E1Vi80UHBWcUdQ -b3VUbDFVSncKfbpZ63/jXGit28wPH73HuWCr+ZCFOLjM5Nu7Q0eAQ4TUbSs53oy0 -cKYD9DKMeMktqHC4YrytoU/0wy83/D6DLkvPyybVr+3O1Hjr/xzdq5Dz0LBds3qN -Un6rEJtP938baI9Y5HOq5tTIMqlj+FpMy/Oay3bHqoKeCxCR8kKR8YsMiZyrHE5L -B/U6kQwsbRdVdrBmB39TohX53m1pSd/TYSgs5dIooWJVeC8gLg== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyB5Ym5h +Y2FDZm9HL0YyV1o2SWRDQmQyM0pWN0xpanR5d01MTjNtTXR3Z1gwCnAvWm5iVkYz +bXdaSEptcS82K3ZvblZib0h0V0JRWnk2KzRsR2htVm1CTzgKLT4gc3NoLWVkMjU1 +MTkgclc4Q0dnIGtudXpVdjBIQzlaQnA5ZHBmVGk2dElqcyt6ZXVqeGFUd01mcU1o +N3dSQWsKQjd1RGs4RGs0OGZDbGM1OTZpcFM5dzhTc2Z3aFhUSTU5Y2pEZ0Z3akZj +MAotPiBzc2gtZWQyNTUxOSBTS3cvencgUTRzcnFKWDlJc1QxN2ZscVpteWhSaWo1 +aGU0aEtUSlQyd0ZIcE9EcEdHTQpha0QvalRzNUEySDZ1WGVJM3lkdyttZkNIUmNv +YVRHVHlXMmRmb3lMT0tJCi0+IHNzaC1lZDI1NTE5IDFLY1NkQSAvMnB4TTI5b205 +WUR0S01MeE44bDhMdHFMWi9nN0hmenpIMGxkMy9ocXc4Ck16enVlY0djNU5LdFkr +TG4zSzhRRnZTV1dlYXFkNnlhMS81VTBmczNHMVkKLT4gc3NoLWVkMjU1MTkgQmE3 +cTZ3IDhKeEw5MHg4NWFKcjdKTnRiTzFYVHYvcks4eE5sM25acUtuVWg0eDdXVWcK +ZTdLL0o3TUhxMDFHcElsUysyWGg1RzlSdUtFN0EzZDFRNmlHZGs5MUxiNAotPiBz +c2gtZWQyNTUxOSBDd1FJbncgMVkydnFIaElGR096eXFxWUFiOEx2V3dOcHlHZzdI +aGlOdnhJQWdTRTZBMApsY0dNdHB1bGJYN2ZTQjhZTFBHc0xqanJIemllaDd0ZExz +VGhLN20vekx3Ci0+IHt7dG4rcUhWLWdyZWFzZSB5ZiYgdSB5SHMgX0AuKichCkU5 +ZUFhZ2hUYVNnCi0tLSBFT2xsLzh6UUZjTFpOVE1WcThLR05lOUpzQXJpWmpNZnZs +bzBYeFRTQ2hNCuRzjjxk0jw6rKTZnc5Cybm1gnf3bktQ90GDtIF/y0uGGkQVjZgD +V85xG7CP2PWOEVz3lsP824HOiZOujRGInr0Nyj6VQQQ7pwWodWarCZ0tkoefBOOa +H+ei+notJzH3F6Tr0bdntSDrJw91dsut1+DVSNvUfBnGutCdY+zcMBZbukjrVeW4 +dqquu67zS8jzckv42Blils+bawyt/jScQCttNaRaRR8mxxnPIWM= -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/sinnenfreude/config/setup.nix b/src/nixos/machines/sinnenfreude/config/setup.nix index 6cee518f..9233c126 100644 --- a/src/nixos/machines/sinnenfreude/config/setup.nix +++ b/src/nixos/machines/sinnenfreude/config/setup.nix @@ -23,6 +23,9 @@ virtualisation.waydroid.enable = true; virtualisation.docker.enable = true; + programs.appimage.enable = true; + programs.appimage.binfmt = true; + nix.channel.enable = true; # To be able to use nix repl :l as loading flake loads only 16 variables # Desktop Environment diff --git a/src/nixos/machines/sinnenfreude/default.nix b/src/nixos/machines/sinnenfreude/default.nix index 15508d9c..22bf8f74 100644 --- a/src/nixos/machines/sinnenfreude/default.nix +++ b/src/nixos/machines/sinnenfreude/default.nix @@ -33,6 +33,11 @@ ./services/distributedBuilds.nix ./services/openssh.nix ./services/tor.nix + + self.nixosModules.machine-morph + self.nixosModules.machine-mracek + self.nixosModules.machine-sinnenfreude + self.nixosModules.machine-tupac ]; }; diff --git a/src/nixos/machines/sinnenfreude/secrets/sinnenfreude-builder-ssh-ed25519-private.age b/src/nixos/machines/sinnenfreude/secrets/sinnenfreude-builder-ssh-ed25519-private.age index d0b4d369..5488f659 100644 --- a/src/nixos/machines/sinnenfreude/secrets/sinnenfreude-builder-ssh-ed25519-private.age +++ b/src/nixos/machines/sinnenfreude/secrets/sinnenfreude-builder-ssh-ed25519-private.age @@ -1,18 +1,20 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBDdnBu -V3dVRHd6UlNqaHNwUkFxcW1ydm5KZXBXL3psZGFGT01sSkxkRkQ0CklUWFphOUR0 -and4dytscTR0T3JWUkZpK0lvY1NwNFNQRlZkVUdVaWFpNkEKLT4gc3NoLWVkMjU1 -MTkgMUtjU2RBIGFQWG9DNW5SWTIwVGZZa2d6ZGpYK0RBd1BNb25jNUduMytyM1E4 -aTBSVFkKWmh4bUtQQ1VIa3dOTVdGbXUrdVh1bnRtYkp4T1pKVlRJZXVESXI5RytM -dwotPiBkKDBaUEEtZ3JlYXNlClZNUjBIQitzNFRrOU5OUHVLb3ZKSEl0Z0RRdXcz -RXV2Ci0tLSBJU21JZ3M2U3R3QUE2bnMzM1FUbFRpSHRBNnBPekxNRTB2QjJWU1ph -OFR3CjnAcPZ4QSW9Bi50buNEjoNJjUyHE2HoSVorLlecPy4gfD9/0CMu8QRX9Lb3 -5fTJ5oYmDXn+AO3KqbrVrtOVjHZ8we+tctaN63Tg+d38bRzc5TQ3S6XTSq0sE11w -XKB4cFFruwdVB8rJwpY5cz8sTjeicOFGpe2VXKnwzy4tpRaw7IGYiiqErx5EICwR -xu1z/p0lK7fd7O1Kg/R2T6BxGIgGjsVvueNMNdkQjKzpuhoaIzheE4jgIeLIfx7L -4nndyKsF/WplngFNV7ImU9PQSZEKYLTOFhXgUo8c9KvLsoi3k3YgYPtJBsMKoI/j -ZnD8nL21eDGD4C5cB0W+uUZD7noydJZlUKT5oxy/PI8nFClVllG7nPBg4aqRq/bH -10k1SjE1/XCtnowOwNpYvjfGkR5BWFhCYicNLp8xa/nNL9kOIOpf7xNdfeBL1nZf -AMeHCNT3n9EmkSsAJX94YJSPVjcPG2PwPbl4iDvEVFztaZxrlzwHc007nDSYpknH -uEzDIeID6G2Y9gR/Y53z4E+zrUZkdn7LdgKseug0GPLSsXNcfC5n +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBBdXUy +M1R5ejNEKzlLK0FhbzhMbVJJdUtTOU5oamhoT1VZenF2TEkyREQ0CkFjaU5ucHhw +MkE4UHFvc2I2VXJZMHMzcS9HcTZkM29mRzVNNEQvNWdQYk0KLT4gc3NoLWVkMjU1 +MTkgMUtjU2RBIDdzRDlxdTlzZlZmVlR4WmE4VU5MeGo2SjgyT1lXOW95dk1WRTFJ +aXZ4bDgKYlExQmJPMGkzT05ZWEorbjQ2QlV1ZkRWazZVU3dpMmc5Zk11Y1E0eVZm +TQotPiBmNi1ncmVhc2UgVUkgOlp5JDdZQyBjRytfZgpKMzYzZVVGWi9aRzRZYWpB +MWdrN3ZwSlppQVJmWEVBbEtwSFJ5WEUzLzZmaldmZXR5LzNSekpOTDdYY09mQUdD +CkJqeFZaRDZ0WjdibStNY3BvczZOYXJUc1I3OGM2WDFGcnl2Y2dPRFVzOUx4d0EK +LS0tIHVLSnZ4OGJMOXR5ekh5YkhGeENsL2FiZTFhT3k5ZTNOYzlFWnhUM3duRXcK +R+sdJFSmAJ/Kid2buZmd18JWmodo3jTVlgkWwP+fQPtxr/WprFcS3NThIcuubqGt +nirQ72ub2A7zQV1cCk9Kj1Kz1xMaAN+B3Prpzl0HzsI6voFNNhLHoy0QUuWsIwPB +/f6RkTbKduYBzAQnSy+WrOM+6iNa+9D6UMqAIAwgr3ug1XHzutnU/Yhoz2j+rZvG +4rGJoBoL1qgC/WM81C0/4Y6eMrVfnmtJ8mvtmUM/JLuKh4Ikaue0W2DzEJ+c5Fse +Wk5qxrOd/HR4kJal/TEunrVyFi6Kv4i3M1/SQxdJhBPYLc2GrZewI5DzljRhETo0 +sso2h5xp2fvF/9wdPte8Esh3ViX7VfSj4r7IkmUHvUUrZ7I+PvX7nYCjIv3kOFC4 +/DFMIMP0oRhpIZvk3c1emJ30/9qNaplfVXFPDKHARyXrALcRDelwsairg2u8wtl7 +Lb2yDv7HQlALMwTcB6Gy0CA08fUK2awN8Sy3GCu5lBVPgrYjiNEgH1oUej1kdwjC +5TjIV4AAm7RYkkLQCnZxkmcgGTP+Alf5UVOm+BHuBMepAK4= -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/sinnenfreude/secrets/sinnenfreude-disks-password.age b/src/nixos/machines/sinnenfreude/secrets/sinnenfreude-disks-password.age index 17217ff7..942685ac 100644 --- a/src/nixos/machines/sinnenfreude/secrets/sinnenfreude-disks-password.age +++ b/src/nixos/machines/sinnenfreude/secrets/sinnenfreude-disks-password.age @@ -1,11 +1,13 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBVRTZ2 -ejdpVmtWZGJvamxqR2kyeXFRclVJRGZ4ZG5odjcxbVVlc0txS2pjClZFZmxFVzY0 -Q2F4d1NWL2hnK3E4YXNjRE0xZ2dVSEYzU3JVNDdFaXZlUDQKLT4gc3NoLWVkMjU1 -MTkgMUtjU2RBIG5TN0dic2g1RS95NW40VlVXZ2dmZFBBT1FuZkQ0aUxuNHgrZEoy -VkRUVkEKUmFLVWpMazRZVzU5TGtzQ1NXTlU0d0dqeUhkZWNOU01TWForNzN5NmZC -NAotPiBLPytaLWdyZWFzZSA3OWh2eyBXQEsgJCQ7QF8gZFQkQ2pRQApvSHk5KzBs -cUg2N0krUmQ5VjI2NlNzb2kzNHM3Ci0tLSBzUTZJclVBM2FuL1M0dTA3RTh6MWFX -UEdrWUpuWFpLOU12WVlOb2kxVEU0CvzPGIp4XCVZ8bC8dbDIjgOhomAf+B5+mGLh -DNcUVEvv7Nu0CdFu3Q== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBodnpW +NE5vRm5CTGJRaFhwcXorbElRbHNhU01LYXhSQ2drOFdrTUVZMWxvCnppOGRvZ1lV +aVpZTjJmZm0wdEg2QnpLbUlZdy9jUDVrOC9HNWRiNDdKTEEKLT4gc3NoLWVkMjU1 +MTkgMUtjU2RBIFYrWmRydVFXSFN5VFFKMW9XTjN6VmFNdzg4Z0pXeHE0dEp4VWd4 +TnFweEEKSWYxcDJaZkdvdFVzdU1jSUhWUGJXdlZ1NGY1QlZKSy9yblh2YXpuM0RL +RQotPiBYZVNyJDxUSS1ncmVhc2UgN3AyISBkIEY9Plk2KTEgeHI3fXUKVkFrSnBD +YVhFbEQ4bWZDNnZENEw2MUNSbDBnOGVJMnNsTlFjQjk5UWJ4TjdzN3luUFIvV1ZX +M2RxWmZPNERYZApBM1JwbllxaERMb0E5QWZrNUU1c3ZDTnFsYXZnZ3d2elFKNXU2 +TnV0WjRnR2JWbzNBakFGWjVqajdJQ25mVTRWCmZRCi0tLSB5RUdvQWs2TWtmcTJN +aWQ5VzU3djdOYVhyb3k3Sng2blhqUFk3bFE2RERFCoOtYrsxj71HT0OvC9zxQ37c +Cw2two78SpifkoEkIVi0jITCfLiVaQ== -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/sinnenfreude/secrets/sinnenfreude-onion-openssh-private.age b/src/nixos/machines/sinnenfreude/secrets/sinnenfreude-onion-openssh-private.age index 5d313ed9..df8cd4aa 100644 --- a/src/nixos/machines/sinnenfreude/secrets/sinnenfreude-onion-openssh-private.age +++ b/src/nixos/machines/sinnenfreude/secrets/sinnenfreude-onion-openssh-private.age @@ -1,13 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyA1dVAw -WlJOa2FYWXF4aDhLYSt0LzZIM0k2cmVPQ3JzWTdhMDhoVHpTL3drCitJT0szNlFI -Tys3V3dOQUhsZFlUMjh1VE9odXFTMS9udFdTU1duUWtMaXcKLT4gc3NoLWVkMjU1 -MTkgMUtjU2RBIEhPcG9GL3JXcTNGQjRxd0laL25tbURDN1BmNS9nMjBYZmtwU0wx -R2RuQzAKM3Vudkd1K2ppNlFDbUE0dUljQVhwUmlCcFRmR002UnhZRUtSU1VQNGpM -RQotPiBeOkN+Ty1ncmVhc2UKREd1VFFBNEVoZU92UW9seVQwOEE3NzZXSi9DQ1JR -WWVpV1RQNTNLSmoyUlZWRHpIa05vUUs4TTM0Mm1EenUyZgo3NTN6RjY5d2JBUWM1 -OVEKLS0tIEE3bm90UjExOWhkL0NoTCtSTzNRSXJ1TFBDOHNTakJheW1aRzRNMWlV -U28KpR3wy9QH2uRaeh2aQ3jeRBX3SWH5BVy7eqQLs+P5f1AeQlZOoNzTAJWsiCoh -QvRDqVgdfyEVhPjKOAGSkZ4BADInSm88B/2hczvgBDm2oNQmoMqePosZTOMfwbuq -QbQsS6utNralekU72pCJ+J7FeluNA38FCuZ9vx9cwhGkyfo= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBFWkpw +QmRSMmNsS2VCSktNT1NHQWZTR3c3LzBOdUFaTHZWZG1iczVYNlNFClJnQXBBUWFm +TnkrWmgxMEFVRk1zVmdhTTh2ZnhNNUZnckRjYS9HVm9LZUEKLT4gc3NoLWVkMjU1 +MTkgMUtjU2RBIDBpYmJwZjhXNmVVRzkxZmE2ZG9QMFFjZFhzZllwYkxOMWpwZHd1 +bXRPM2cKM2J5ZHZ0ZEJrS2tCcG9vcFUxeURQTFRtbmtBY2M1U1I0WDNueVVsWWxv +bwotPiBCLDJZLWdyZWFzZSBATF9gCmVjRkFSdnordFVEU3MxMm9SeUV5b3lidzJL +bUVRWUJyYU5mTmt1aXBVazNKeTJsSmxhMXg0WU5ZM3UwVFhiQ2sKSnh3bHNlcXJi +bXhzV0dBb0c3UnZaditWaEQrcW95aVdRLzBHZXhTbGUwbVZrMlFlV0EKLS0tIG9T +NnhOTWt1cWVGcmV3M1lOZGlKM29PandrdDZmTSsyZkExZjJlZDQ5SDQK6eAJYpIo +byzeClzzAdveISPrhOFd67qEl0i9L7R05+JfivgnwRdpjSAvNKs58Fn38KSEciY+ +Q5Eytip/fT0cQ2muEyyKn4Vj9lUvcVRpwLLRghyKO/++kTu4RJi2Ax7wAcXF2nRR +OFEpBHLn6VezwP0xyy76YH8AUEjprLsGAEc= -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/sinnenfreude/secrets/sinnenfreude-onion.age b/src/nixos/machines/sinnenfreude/secrets/sinnenfreude-onion.age index a5372d58..cec212df 100644 --- a/src/nixos/machines/sinnenfreude/secrets/sinnenfreude-onion.age +++ b/src/nixos/machines/sinnenfreude/secrets/sinnenfreude-onion.age @@ -1,24 +1,24 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBRb3VP -MXJGVkJHb1ZUTVJPSSszQVhqc3NGZW5pTkRFOXJPRktlbzllZGxrCnB3VzhZcEE0 -MFN3cThPU3cyNmJaQjFlK3pEUlRNZVpISG5WTm1xbldySzgKLT4gc3NoLWVkMjU1 -MTkgU0t3L3p3IFhDajlSdCtmck0wcVdGYlg0VGY3Qld2MW0xOTk5bmVCdEZEWWZs -TUlGMmcKa2I4QlFqcUluQXJ3Y1R6YTJyYkQxZnQvMXZiMG9wdVA3b3lXMnJPeCtu -awotPiBzc2gtZWQyNTUxOSBwaUlvZEEgVlhVL2pWTjlZcmY5Yk5HS3oyejFaeVVt -RTZMVGdSb2Z5U0hOZUFSdDBYdwpYdlNlYTFmdEh4VVV6d2xiM2xMQXNzczZLVDY2 -cjEzdUVRNkYyRjhNQlVvCi0+IHNzaC1lZDI1NTE5IDFLY1NkQSBzVFN1R0d6WWlu -WlQzWVpJT3NvNFlBdzFkd3J4VEhxU24xcXFxMnZROUVZCktIa2crdVo0aE9rMkl0 -Zkk0cXk3TzJnTTBBV24rZ04wWGQxOExJM2MrU3MKLT4gc3NoLWVkMjU1MTkgQmE3 -cTZ3IHJBQk5JQnk0Um1TcGJDMkNFKzNKajhBejl5cDNPMlUzWE9hTVVlV1Qrek0K -Z0RWMHdwc1hGZ3R1OVhobk1Lbm5sSUNjcXJNRjI4T2U3K2xvUkpMNUpxNAotPiBz -c2gtZWQyNTUxOSBDd1FJbncgcEtUUWtSL2Y0Rlc2RzM5bVczZXYwYmo4QW45UDY2 -UkdxTDNwQXUxVmxEVQpPM2k2S1NqTkEwTjd2bmRtT2h3SVJ5cTRBbWFKd1FPUTEr -WThDaHFRTmIwCi0+ICktZ3JlYXNlICFwQF1PdyBoIHZLKD4lNApFcFVZMk5XMEpq -aFhCM094UFI1RDcycko4dldteXdKOVNFek9NLzAyMEgwK1g3NDJXUmlNSkJ3Zm5D -WVlJeFBpCjkwSE5PTk96cUZ5Q0JHOAotLS0gRmRSMG0xY3l4Ty9xZzc2dEQ1dFJN -Y2RNVkMxd09SL0NyNTFtRHpBR1ZYRQrlvjV0QFNODKzeU8yiK6EeTLgkGHmyQo+w -uwTXIryXuJPiCsCICMaJPoKc3sMwm8eJCHQeH1cg6zTNxmA3LnC1ID2w69chcDaM -UkBuHgumRZzIVNiuInwP/9pTxzMnEhnOnwDh7gRqcLBGb19ZiQunneQ2S7rgW3lc -LYkWPNjn1uRbhlzR3lYTy0leS9Jkg4IV8gnmbRWjngGMRId1qVf1R5HEaJOSdCYr -dQ2laHFm +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBvRFE5 +U3d2bFhlT1B2djRZUS96U05pc1V3UTh5bU1YYzJQSE04bytHbm5JCmNoSVY1QmVK +VXpRYkUvaEhsUlNENWxQQitVeDNTaWpENEdjaS9pVExQWWMKLT4gc3NoLWVkMjU1 +MTkgclc4Q0dnIFRRNnV5M1JIdmFrdE9Dc1hWSVZZbVdoMGVvT3dLVTVKVUJEVWhq +cUN1UlEKV212SXNpN29UeWx3ODlzaXozWWpHazVNZ25PZU52UFFJTzFVeWZRU3Y2 +MAotPiBzc2gtZWQyNTUxOSBTS3cvencgNnYyS0hMeFZwM2ZQb2tmT1pLeVZBTkx4 +djVDQyt2Q3RhTzNXa0poNkMycwpLcW1RTFp5TXVtaEZvcG5DS2FBbC81ZThmeWJF +ZkE0bmZHUnZDY29Xdy93Ci0+IHNzaC1lZDI1NTE5IDFLY1NkQSBQcGMxbzlGc1VM +dHNqRlVGaHhyVEZYNFZkVzVXb001QTM5bGxlSUdiSG4wCnRYUTQyaEZTMjdubFpK +eE5Cd1h4a1JjaW43Z05TRjJTWkMzZXFyZjUzdDQKLT4gc3NoLWVkMjU1MTkgQmE3 +cTZ3IDc5SUVjZ0xLMXMraHRWTTMrUkpybjB4UzJBWnl0RnFmalJBMXhxeVlDQmsK +d29FREtTUUZOSjZlRmJCOUJ1Qkd1NFhjc28xZEZxbmkrQzBBRU55V0l1YwotPiBz +c2gtZWQyNTUxOSBDd1FJbncgbXNtRFNHYWdsQ0s1YUtDWXZBZ3VkZFJ0SkJudzRv +Qk1mM0xRQzNBM1UybwpJTnpWMG8wQ3lnczJKYU1wMkhZa2wvVWpBQlJ5OVVDSEFY +cTZYMmRzRTUwCi0+ICVvI0NKQy1ncmVhc2UgS0N3USAtQkVLIFJiQSBvTndiCmhv +VXlQaS9FTHBmZ014RVhkWW1ySWlFTjFCOVVVajQ4L2NYR1k3emhkbmFpdDFCSG1S +dStLSXFvUU5KdUZtYW0KWFYxUmdEMGhDbHMwZ05RVVowZGJNTko5Rjg0L2N3Ci0t +LSBZY3NlVVRnTWtkMjFZZk1sYXFaTExvaUVUNHBkSHpHeVhlQjlaQ3pmYWJJCoLx +/HmBdakHWlbjNQxLJKnxYh8HzRPqWzccyFbcIoHwg6FY+vaURBPGPlDu7Sz1pmpd +a8oufkBGgqJELu0/ZRhqKFYKV6pEIGgDxUjkav/fwo45lztFWKk4U9osDD3uZMwH +mJk2YpBuvvNmOl/ynMpZTvSfE7VIN9pv1nI32iwMepERtQ/vfhZvhciRrpoAsJ61 ++R2kvwHg7RkwoImUZsVX78MLk552EvXjjnhaMnI= -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/sinnenfreude/secrets/sinnenfreude-ssh-ed25519-private.age b/src/nixos/machines/sinnenfreude/secrets/sinnenfreude-ssh-ed25519-private.age index 52fee385..049a6616 100644 --- a/src/nixos/machines/sinnenfreude/secrets/sinnenfreude-ssh-ed25519-private.age +++ b/src/nixos/machines/sinnenfreude/secrets/sinnenfreude-ssh-ed25519-private.age @@ -1,20 +1,19 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyA1V040 -NzB5U0pVMW9xVWtCdzdPcjNxVWgrMlpTYUxJOURyUTRzYndFOVZrCjE3MXVUNkRV -VGpMVXFRZW8yTXgvQ1ROZHo0RnBKMzFrTVlWS1J4VkkxZlEKLT4gc3NoLWVkMjU1 -MTkgMUtjU2RBIEY2TXBvWmJHemNQM2VzS1MybEs4Nm10MGRzbXVwc0tpQ2lWdTJU -VS80d0kKdVRzQ1lUWXdEOXU3c3huM3VNNDU3MEpBRDBNTlRQWklGbllnWmt0MDdi -OAotPiAwdm0/ekstZ3JlYXNlIClELCBoTXxDYiBECkFadGFCenFYYk5mMW0vWmtH -RVRKT1RuQlY5eVFPYnY2OTI4TjdxTnBZdGpEYVNVZDVGeTdBbDhNCi0tLSBPM2Qw -NDRFUzNKbUJZTTJrdDVjb0lrS21OSEFMU3pqZTNsSmg3NUZlMHlFCk1mCbBrBLQS -/PktWUpR8YYMeoXghiCOWjs5LpIHoIvDhiwLPtAXc90fHyPlQ93nTl6WTUHVgbdZ -Jvf/lng+d+t7xzWbIxAx/61BZIQGU6Tx5+B/YhM48tcx8kSf76WeA/BBcw1syGdU -prZ5sSRmU8FuAy58sEBZaY2S3FHk2rlFdTNw7aagrpxottKZA2Z4QChnYfEyC+1u -4ASksomD3RAaXOk1TQOX3Nw74DoAHFuXwXRxAYePOzXr8ZgzVv/+PvOzPYFhQlT9 -8ZoQnFhHHmH03CjOXUjUs+AG3JR7+77T3FFJpAPQSTap4cBmnZGO8lHErXH8pNMp -CIG9T00+aZLi4YsnzoOYYGnd6J7ENNNYLS85QCedNGmbVy3XpRmdbpXu+G9N0OdU -UE1Ir3SHAekH46XQGOcfEzyR7Kiv9uO+DIzVfOFJlKgMTtoe+vqEDARtnOGfk75f -WhQfr9KfVJipQn4ueVj7udovfWEd72kj/mffpm0PF06MlBsjKjDq/qHDpeac8dh1 -IQGXFSmd9mlSBcSall6IHt4vvLi8+0fmFX0tBRYosqG5ERynGa8URNkvg3qNLYPE -ZU3d +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBFODVr +VlBkZHpVcjNTRnJpbHZFWENSSy9jRDBsbWJSUzg4amRiY1RUbDFNCnJ4SkZENjZ3 +V1lBMzM5YlF2NnloT1Y1T29pWFFydFlHZE5HbzFuNFRjcmsKLT4gc3NoLWVkMjU1 +MTkgMUtjU2RBIHkwbWhvK1BNQ3ZzZlhWSFVXU1ZtbnBJTTJHbm9LUURHT1ZyYmZ2 +L0ZYbXMKT3EvUTVZUUpMeUlwV1FqQ0xnNDI0UXppK1BmeHNDd25FUyt1cGVLSkgv +QQotPiA5ZlYtZ3JlYXNlIC1JUiggXiBvUAo5NjV2MTFPV0RPWGRuaWozdVNYVlR0 +eUZYQ2llU0JwZXp0M0FHYVZIbnVybnEzawotLS0gSU1BbmVxTG9xTTdjRjdCNXJF +SnNyc1FOUCt4TUdZaW1zR1dNZThUbXR6UQpZkWtwHsZ48gNZu95RptYNDQTtUetT +l3n0zuM/zkEXEV4IDvDpfHuNz9Xd6iynQsPk47ylF3D4OCbvraXpwDGUP/fhbSxw +HKF27ZttSKqq/4NooMPOXFjdkkzTYAP/v1bCl/DrzV7kE+dyvF445j6SiGX6oc8a +uaSxt5JI0a2T7T0UXORwoeCp8nEsD7JbOdQODbv3M8iqvUplow4g+B6SvDkWYFV+ +62M4vP26AVn/c6r5hueb4pjj1PpyiF8e7XYZjGYoBNpUR1IJL9C9gnJE1ewiZLjz +AH1vxVDmYZVPSGN6bF5T5Z8i3IE3U7hCADR+rTztcZe/DjfMfKSWrI3aCxrIJU4M +su65WMykaGGVST5WTaMK0V8llGLE4AGrCuCf5INTqqSA3SUyg/JR/srzSUFimH6Z +ZuXx5fQAg6k1fEvOvKXe3SNPXuHY3CmiVJ8V5m9+Q5Cb7KCW37XO5IMfy71Dn3Vr +ro7o24Qa3YSK7rVMxjHQlhwj2Iji11qoLO/euOObyjdXcozbClap5/9wxRWsyGKL +TPpxw1dZ/gxVHu2fB9/pzT3qBBmC8L3cwzcD+PYHIOth73261A== -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/sinnenfreude/services/distributedBuilds.nix b/src/nixos/machines/sinnenfreude/services/distributedBuilds.nix index 1b09aa74..76822349 100644 --- a/src/nixos/machines/sinnenfreude/services/distributedBuilds.nix +++ b/src/nixos/machines/sinnenfreude/services/distributedBuilds.nix @@ -7,10 +7,10 @@ let inherit (lib) mkIf; in mkIf config.nix.distributedBuilds { - # Authorize TSVETAN - # users.extraUsers.builder.openssh.authorizedKeys.keys = [ - # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF18QG9oqeeq/lQc5QDJl3hz5D4Q9bhiHFTRLJN4KSZb" # TSVETAN - # ]; + # Authorizations + users.extraUsers.builder.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRmGX/iKHM0fwwDjq4fQGt+B8Nj0fJlw7Lq5YA0v3NP" # MORPH (builder) + ]; # Import the SSH Keys for the builder account age.secrets.sinnenfreude-builder-ssh-ed25519-private = { @@ -28,7 +28,30 @@ in mkIf config.nix.distributedBuilds { }; # Set the pubkey - environment.etc."ssh/ssh_builder_ed25519_key.pub".text = "ssh-ed25519 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGNpn2sAM07pqQFI3HxiuOxppiEz8OwGDaSMKc7GL8VE builder@sinnenfreude"; + environment.etc."ssh/ssh_builder_ed25519_key.pub".text = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGNpn2sAM07pqQFI3HxiuOxppiEz8OwGDaSMKc7GL8VE builder@sinnenfreude"; + + nix.buildMachines = [ + # SINNENFREUDE + { + # hostName = "morph.systems.nx"; + hostName = "192.168.0.114"; + systems = [ "x86_64-linux" "aarch64-linux" ]; + protocol = "ssh-ng"; + + # FIXME-QA(Krey): Set this as a variable from nixos/modules/distributedBuilds + sshUser = "builder"; + # sshUser = builder-account; + + # FIXME-QA(Krey): Set this as a variable from nixos/modules/distributedBuilds + sshKey = "/etc/ssh/ssh_builder_ed25519_key"; + #sshKey = "${builder-key-path}/ssh_${builder-account}_ed25519_key"; + + maxJobs = 8; # 100%, 16GB RAM available + speedFactor = 2; + supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; + mandatoryFeatures = [ ]; + } + ]; # Impermanence environment.persistence."/nix/persist/system".files = mkIf config.boot.impermanence.enable [ diff --git a/src/nixos/machines/tupac/config/disks.nix b/src/nixos/machines/tupac/config/disks.nix index e36a4a8e..db184e02 100644 --- a/src/nixos/machines/tupac/config/disks.nix +++ b/src/nixos/machines/tupac/config/disks.nix @@ -45,7 +45,7 @@ in { disk = { system = { - device = "/dev/disk/by-id/nvme-SOLIDIGM_SSDPFKNU010TZ_BTEH24220RNQ1P0B"; # NVME SSD + device = "/dev/disk/by-id/nvme-KBG50ZNV256G_KIOXIA_725PD2MEQPW6"; # NVME SSD type = "disk"; content = { type = "gpt"; @@ -142,7 +142,7 @@ in { } else { disk = { system = { - device = "/dev/disk/by-id/nvme-SOLIDIGM_SSDPFKNU010TZ_BTEH24220RNQ1P0B"; # NVME SSD + device = "/dev/disk/by-id/nvme-nvme-KBG50ZNV256G_KIOXIA_725PD2MEQPW6"; # NVME SSD type = "disk"; content = { type = "gpt"; diff --git a/src/nixos/machines/tupac/config/setup.nix b/src/nixos/machines/tupac/config/setup.nix index 3967adb9..a10c7709 100644 --- a/src/nixos/machines/tupac/config/setup.nix +++ b/src/nixos/machines/tupac/config/setup.nix @@ -17,15 +17,15 @@ programs.nix-ld.enable = true; - services.flatpak.enable = true; + services.flatpak.enable = false; services.openssh.enable = true; services.tor.enable = true; services.hardware.openrgb.enable = true; # Desktop Environment - services.xserver.enable = true; - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; + services.xserver.enable = false; + services.xserver.displayManager.gdm.enable = false; + services.xserver.desktopManager.gnome.enable = false; programs.dconf.enable = true; # Needed for home-manager to not fail deployment (https://github.com/nix-community/home-manager/issues/3113) # Japanese Keyboard Input diff --git a/src/nixos/machines/tupac/default.nix b/src/nixos/machines/tupac/default.nix index 65562b81..5e457eda 100644 --- a/src/nixos/machines/tupac/default.nix +++ b/src/nixos/machines/tupac/default.nix @@ -13,30 +13,35 @@ # Users self.nixosModules.users-kreyren - self.homeManagerModules."kreyren@tupac" - self.nixosModules.users-kira - self.homeManagerModules."kira@tupac" + # self.homeManagerModules."kreyren@tupac" + # self.nixosModules.users-kira + # self.homeManagerModules."kira@tupac" # Files ./config/bootloader.nix ./config/disks.nix - ./config/firmware.nix + # ./config/firmware.nix ./config/hardware-acceleration.nix ./config/initrd.nix ./config/kernel.nix ./config/networking.nix - ./config/nvidia.nix - ./config/power-management.nix - ./config/printing.nix + # ./config/nvidia.nix + # ./config/power-management.nix + # ./config/printing.nix ./config/security.nix ./config/setup.nix - ./config/sound.nix + # ./config/sound.nix ./config/vm-build.nix - ./services/binfmt.nix - ./services/distributedBuilds.nix + # ./services/binfmt.nix + # ./services/distributedBuilds.nix ./services/openssh.nix ./services/tor.nix + + self.nixosModules.machine-morph + self.nixosModules.machine-mracek + self.nixosModules.machine-sinnenfreude + self.nixosModules.machine-tupac ]; }; diff --git a/src/nixos/machines/tupac/releases/stable/tupac-nixos-stable-install.sh b/src/nixos/machines/tupac/releases/stable/tupac-nixos-stable-install.sh index e616d787..e9d634ad 100644 --- a/src/nixos/machines/tupac/releases/stable/tupac-nixos-stable-install.sh +++ b/src/nixos/machines/tupac/releases/stable/tupac-nixos-stable-install.sh @@ -106,5 +106,5 @@ disko-install \ #! Reboot in the new Operating System [ "$nixiumDoNotReboot" = 0 ] || { status "Installation was successful, performing reboot" - reboot + # reboot } diff --git a/src/nixos/machines/tupac/secrets/tupac-builder-ssh-ed25519-private.age b/src/nixos/machines/tupac/secrets/tupac-builder-ssh-ed25519-private.age index 6b761c0d..f2c424ca 100644 --- a/src/nixos/machines/tupac/secrets/tupac-builder-ssh-ed25519-private.age +++ b/src/nixos/machines/tupac/secrets/tupac-builder-ssh-ed25519-private.age @@ -1,23 +1,22 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBRSGpr -QXFrQmtFMTc0TjgyNjI2Wjk3RVJIaVErK25sdEZ5M3lYMjIxd2x3CnFQVmRaejk5 -VWpSRlBDekJVNjV4S2RxdTJ4YjlQQ2VzOG1MamNWZ2xGcHcKLT4gc3NoLWVkMjU1 -MTkgUHIzd1hBICtiS0k0eGpxZHd4blM3bmhIUDNsbVZQeWFLNlRZeGhXVDU0SHRT -MlIzREkKZXJmaFZOVUExWkYyckZ6Y3Q5OWNEcVMxYUgyemtHbVBzdms2ekh5NEc5 -TQotPiBzc2gtZWQyNTUxOSBDd1FJbncgdGVMaTROWURQampZYTdUaDYyd2ZSbmNY -dDJwdGN1UG1WZm1WUGtUUnRpZwpVdUZxaWJWcjBvd2txK2dVUU14elRsWUU5d1pz -VFZKUnVaSEtQSGJ0QzBjCi0+IEB0Oj9UWEgtZ3JlYXNlIEw0dSEtTQp5RlpDTkhy -eFEzSEJreUoyQmtta0tLM0FuRWtDSDhpdERYOFNyMW81Sk5nOUJGdjg4V0RWRVhC -ZEZ5cnpCTEtXCitSK05zRlVPS1dkMG1aOHh2T0NwaWZXZ3Z0SE00R0RNUEEKLS0t -IEFCSy9EaEcyYldQc1gydHVNZEVKWndPaFlac1VRbmduWEFqcHRJNHA1MVkKo9ph -WmAu5IU2AQt5/whxtLPXi/yp2H82UHemLkg8MYP7cr9lkYvPhVndnHlrTwhxRc0p -B7hyC6Rj3dna7J1lmrnlw4fKrSclwZXr5ApMlKshJRbsVgQX2pjfI/hLnegi3l6c -BIq39fj6bRFyz7HhXQ265G0OyO1FLAvsi/TWMVdndqR+/JO0q8+vEh+9C9E9c7Jc -R4YJw+/u7/QhJ/xpTw/HEsZGh9Z6NA6NUrhtYPLR2IgbWtp3VRZj105a7Z3piKrA -wMXySvZ08+Nf5CDAkwv7bJ+oxM2vgQq/GL+0qpaKYGX4crGpdkC9nQDdMFrR+cNq -ErEu8IJfhLIEaPIWK6GMVQPMY2Q0RYwySZvUc36IfK0SPg1mi5tnvzx1BZkxUYsA -9vYqGgCUc9Om9WID2D6LwBxAHmqkhFmyEgJNSZk4TThAK28RnsQLcAu6G2pWzkBm -sfZZysydFYTMMU1tY69N3lZBX7+k17KN8e3qm1vgkTjZ3N9Ozz3pXP9REX8INsk2 -u4LBRbvvr/b8MhkM8cSIJGbFGX7izB+VXOo0DKLvukXbal/iOtSKEVDD/fXkmrQz -ffEBYmiyR98= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyB1Vk01 +N3YxTXZlUGplTGhPZFcxS3ZmeGNkeG1QN3pYVXF2eDRqTWppY0FZCkN4SWoxeGZ1 +Vy85cHBxZmpxZ2FPQld2VEdzaUdmMXFpeTVVMmtBN2NVencKLT4gc3NoLWVkMjU1 +MTkgUHIzd1hBIDByeDdTTnhTMWZFOGpJRkR1cjRUZ1E5R0YyVytrek5IZk5hMzBH +dFdWWHcKekpOTTNXdGxjS0o1cGlQeFpaZjZrYVdzTnR3bWxzSG1SREhrNFlLbWY1 +NAotPiBzc2gtZWQyNTUxOSBDd1FJbncgeWJKd1RDTW5NS1h5QVQ2My9Fdk1oM2Vl +SFRHelpNclcvZ1hUOWJRa3ZXYwpzK0VQckFIbDNJcWVudFhIbWJvZ3FUR3VmMDJO +bHBZZ0VDTTFJZG5lNkMwCi0+IGAoXCxTOFQiLWdyZWFzZSA+S34+a3VpRSB7M05R +a2sgNUZOTUMKbmhFTjhkUWVmWDBwa3VzYzcyd2NaSFJTb0U1SWYzejY0dlBRUEEK +LS0tIGpSdU9iWVBGRkw4UWdzb0pldmVDcXY5ZWloVGthUDJwcSthN0ZiVGVSSkUK +RHMpBXsxhKlHpqB++Nvvb+Mfy0HHz7L6RSrnGuqr7NuAh23gPgn9Hdjg8JkMGR2O +cNQsJwYcGpthXNejvyWsg7W8PZnAba/0pF+wAn5LkKXWVcPrRwBsngTzxkPXz70W +9rPSCAfTBpjd949V3KJJs/kB5yQzB/RW/kWS8lWyeNLFd6DTd+grYLL/bW9p9unm +cLguyl3N+Z9n/epnGGySFykX5LrFPYOJQRz2M+gHbxF8URIB4H07JTd5rGiJAbX7 +4e0tudam14vCf0COqQJ8tFZyFACWRW+fZEjdEprTHZse1NW5HtXirDsn+aep8V2p +oT9RvEVykgstZa4lDMV6jiYptChrc3QaRibeIAxLfaF89KSH5jbYT6ko8Mb7MGRK +MXBeE9K0YeZpE8+8A8bLBZUTKQE86SRwlGPKCRpnJe3/IITZPre34YEusU4marwf +Tl/ukKZwDZ2xsC83iJ4hGqFFk0ijQkExuFXG/SmWORTjwGuH3VYQmDiHFfAsNInk +ISTOaCkkfNjebm9LlofBJiPZtYrWzG9PKhZG8BtHx5VHCKfOlrwsKt3qf+L0VdZ6 +RCALZlyBa8GoDcI= -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/tupac/secrets/tupac-disks-password.age b/src/nixos/machines/tupac/secrets/tupac-disks-password.age index b3696a67..64f5cd64 100644 --- a/src/nixos/machines/tupac/secrets/tupac-disks-password.age +++ b/src/nixos/machines/tupac/secrets/tupac-disks-password.age @@ -1,13 +1,13 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBtSjlS -NWZXTjVaVFpxVERaYUdhRjBMVWxhdTVyNEZKSVJZZzd1L0UzNGgwCnZBVE9ma0tP -aDEyTnI1ekM5SVJtdk8xVllDeWZsaVRiZU5ZQUJnbVZ4Z3cKLT4gc3NoLWVkMjU1 -MTkgUHIzd1hBIHNNVXdjVU00anpNc2JBZjBzS0dibU95WGFvZi9pcmNUS3JRNC9Y -S3l0a00KR2RHRTR0cFJ6ak5ZUmxWbUFpQ3JOY1VheWtLYkt0TVZiMk9GYTBkV0x4 -awotPiBzc2gtZWQyNTUxOSBDd1FJbncgSDBpZkZDRzBMWHZNbkViRHd1RkwvNWZi -Ukkxc1hTY0NtUzFmZW5hekpTawpkVnNZcWIzUmtkUm5lRzhSTHJ1dkZVSG8rWCtD -YkhHT2paWGREbTcyTXJZCi0+IGRuPTozLWdyZWFzZSBFPyEqX2QKOEVDQURxNm1o -NTJpM242a0R2UXAxL2gvWncKLS0tIC9hMjlpQi84MlkzdnZ0V2xJTThIbEFtU2Ez -dmJ4Q2RYY25QVElmcWNVWDQKWAUICmRQwReyseWMkKKJD/kNPKNg4LJEm5tueAH1 -jbU7mKBDym3Qko6vyA== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBVZ3Bh +RjBOL0xBQjNMejlKdEYrZWRoWkErZEtyRUlCVi82Z0d4dGk0Qm40ClVucHk0Y0E4 +Yjg1eVZ2eEljTFRaTjRXNEV2bFpiQkFOd2JVbTkxS3ZrVDAKLT4gc3NoLWVkMjU1 +MTkgUHIzd1hBIFZMbUpXTm9HTjN2WnFhcTZ3alhQeTlwbGhDUkdtSzRpd0JFU2py +VUNWV1UKblpLSGJRZmhHMzlQb3A3SzVjRnJUeCtyMXJCTmpYM0EyRGtySXNiNzBH +awotPiBzc2gtZWQyNTUxOSBDd1FJbncgZURWQ3MxcmlXR0NMU2IxVHFWSUN6MHha +TWtwOUhMbG0zZFBZNUQ4NERUOApIeHBiTUZCeStBYVprU01kbmp3MjRMWXlBaHVG +RmhJTzdiNStJcUEvMXBBCi0+IHhJQV5tLWdyZWFzZSA+O3cgYzQgeSQmCklqVnRO +NUxVbXNGckhtTnRWbGo2ZisvN3JpU1hOV0o4Ci0tLSBVK0RkY0RLM3U4QzBXQ2tm +cCsvNnVjOWZ1RHhGd2pGdFA1Z0FyUU1ab1ZJCnTs09ztgUtKTPpD3c2MtPGUDSP2 +dPPU8DVKbfhZ0RxBJ9OibL8sHBqCuT0= -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/tupac/secrets/tupac-onion-openssh-private.age b/src/nixos/machines/tupac/secrets/tupac-onion-openssh-private.age index 795f4a72..6a35bceb 100644 --- a/src/nixos/machines/tupac/secrets/tupac-onion-openssh-private.age +++ b/src/nixos/machines/tupac/secrets/tupac-onion-openssh-private.age @@ -1,17 +1,17 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyAxdEJz -Wno3MFRHd1dUODluUWR5Zlg3eldvaGdZYlppRGdpWnJ6ekI4S0ZzCklIZnl3bnJN -QWVLODh3RkJoMWhaWjI2T0dMQktDY1BjKzJjKzR2b1dzNzQKLT4gc3NoLWVkMjU1 -MTkgUHIzd1hBIG1hRC94QTNnUE9XTWovVFhxQkx0aTEzeTQvOUYzR1dxS1FBZ2hU -dXdxU0UKaE83akRQbTFSVkpSeWFhcFpBZW9oUklRVVZZTVlaL3h5ODN2UktPSW1n -cwotPiBzc2gtZWQyNTUxOSBDd1FJbncgRmYrb0hhcXdZZFRYa2d5NjNnZ3A1SWNw -Q3pWOGVSN1pRQ1pZWVYweWxpUQpXVHJnalg4Z2RvQ1hOZjJrbU1YZWROTXMrdk9M -dnE1WmNjQ2xKRzZwNjBjCi0+ICItZ3JlYXNlIDxqcS16RyEoIG5fPlcoKwpGMm9L -MjJmeDRWYUQwSkN4SUh3bmlkYURTNGhZWlVFK2lKYkJtV1MyNThIbUJWZEg0bUxK -a0k1YkZka0lOWTdhCnBzZEN5akpyMnkwbkhwZUh4TkJwMldPN0VsV3ViYVZqb3Zz -dwotLS0gT1dEZkQydG9FSFAyUXN1SERLWUttM2xNTXZOeWFBMWMySHpncWNDOXpP -TQpxKYWn5EXDTEVKIfcx4KSjQaHW7uKLt2B+gV1Wh6AQgQayKyTpoddLD6oqyuIZ -/TIpFLnhHGbUHw251atuNJriwx/McrSAbW6rGoetbR7aLl7VY6cUbfXtNEQf1XV+ -bY5L//WgJ8bbMElHvfYIpyMO2VCUqwgi2haNtZO3gNtv5ahrE7aT5twPh5poBVg0 -ky4WprXtZVVV4HT9/VG6fdlWwIdjCCo2jQ== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyAwWGNj +S1FNTlNrOXV0bWI5T09EdzBvN0JMVit0ek1vYmEvWk5uMGRxWXpBCnJrdU41NVJ4 +NVRTeDlyUHgvVVJPOVdZdHZVR1lwYXRadW9ZQ0hrcFVBYUUKLT4gc3NoLWVkMjU1 +MTkgUHIzd1hBIG1wTG15OVpqOWt1RnFjaUFOcjBYSWtzL3MxamRBbXRjREhIWHQz +RndmVkkKM0tIMjdvQ0VOQ1ZFQnp3eFIyZVErQnQwN2l4SG41YVh3VEhZcjZPVVBv +QQotPiBzc2gtZWQyNTUxOSBDd1FJbncgNFZsSkZld05GeFZpSWFUcldGU3ZNM01I +VjFOQWtNT3pLa3BZeGI2Y1JWWQpTMjBLOEgvM0RHajFGQlFZT1ZNS0cvdmUvVFph +UzZla3ZiZ3lReDJqRGNjCi0+IHYwLTJfQFItZ3JlYXNlIHkpP28gTS1URn1tIyBP +CkY0U2NLemlhR3VrRW5mRzB6KzZ4TWNPanpURzVJSkYxMmh1d214bWl1ZjdvcE9i +aitpSzZubjZybXpMVTlMMzgKbXRScE45aVp3aHJqSmhsMkJwNisvZXZZZkVGR2la +ZwotLS0gWEZqSTBWQzdlUzBiS1d1bXZEemRBdE5KSUVNV3NrSDlITGdGNW42Wjhy +OAqm6D4GoBE+kNI+k7twqIldvB+Dt5TOYibbn9Rj4q76hl60s7KF9vOMlsFhCU39 +Qs0v7sTK2BHpFIKhuYF8q0DZdgkfB0psG3opeu4+xW5oo7u7UH57MVgHWe8Z0qnH +ukTk7bBIa/CRVIF3zmVltMUt/ho1XqO9s9IHLE/4ShLMhKbU2mIj1cOFQjUZqqHF +pIkEOccpnt8Xq3ThhRw5Y/7yQeFAE7ylsw== -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/tupac/secrets/tupac-onion.age b/src/nixos/machines/tupac/secrets/tupac-onion.age index 5a114a7e..a3d1a8b6 100644 --- a/src/nixos/machines/tupac/secrets/tupac-onion.age +++ b/src/nixos/machines/tupac/secrets/tupac-onion.age @@ -1,21 +1,23 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyB1VlEr -ODVPVXh2MEV6SEpLbzBoZnZxc0pmeVAvcUtLNmRFRlJaeVNnMFhZCksyc3ZSRU8r -ZFdNQVpsVk1kN3hEMXFDazRacG0wYXA5TWczNVIzT0lBb1UKLT4gc3NoLWVkMjU1 -MTkgUHIzd1hBIGVNT2dPUFlOM1RuOC9NL29tT1RiM0dVVytObnl1STFmdFZOSVNW -VUJVVlUKK004Z21pd3RqSUtmRkVjKzA3dnRxaUFtOElLdHZDV1l6bWtNVHNYVWxt -ZwotPiBzc2gtZWQyNTUxOSBDd1FJbncgYnEzRUl3YmtGaWRrQTJtbFhYQ2NQL2hG -VnZxbEFNcHhHUHhxS2labGZUZwpjWDdPWVBIY2Y3Y1BUQmxwK1l6bEc5NEpyd1R0 -Tm14RndrZXpSbVNjS0g0Ci0+IHNzaC1lZDI1NTE5IDFLY1NkQSBvVGxQZ3NoK29V -TDloT2hNU3pHSGl4YkxSUUpiT2tHTzk2Q0pnS01JV2lzCm96aFRDNVVGWXkxZ0JG -NmlOOWlCTGpKUlZpcm9scXNPQXJyaktLYTA3N0kKLT4gc3NoLWVkMjU1MTkgU0t3 -L3p3IHFkczRxRm5NRGlLODV0QWU4bjdoVDZROFhMZW5DdW4zZkE0cTdoS2JpbkkK -M3g0RXZEbUtWN29kSW5XWFlPQlFXUXNxT0drSVl5NnlFSndCR2dWUTdKawotPiBJ -Z19pVFotZ3JlYXNlIDBfdXs2OzwgfQoxUjdYTFZhVi9qR005UFo3cjlHbHV1alQ2 -alNjMnBpdDNMUXBGbVo4Szd4bVpwcnVlczZpV04wCi0tLSBOMU1XWGdVZmhhSnpT -YzBPK0N4M0trSFhpOTZHd2dCWit5cFc4VzBYckhFCp5aBRJKEk+67RFsazWQeJB8 -6K0tBxPDUK+Rv5qgQF3MPJkUCH0yRh+MMNX6ZJ+SR6Q22db2vzMm7q2wmUF2og+6 -cFh+rq1ys+gfFdLogy0kIg0R3HUaKNJ7wk1Kz0kN8gbs5CVfOtKx0FQgsInuhr1x -9razLAe3N3wOrFjdD7E/2ZrMgSoQJc0/gZoDO89XtLsnOf1j0NEqX57DDwLa3333 -qnt6CAwdPjJy5rxH0YEiNCsb4VGaQB3rpIs22m3F +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBsNnRy +YnJrVGRsOFZrR1c2a2pBTXByUVVWSGMrRWY2cUljYWVKYVFJVTNJCk93OWVKR0pH +S2xyNTZQbUFoa1BsZndKREloMGZFY1R1U3hzcjd6UUhEc2cKLT4gc3NoLWVkMjU1 +MTkgUHIzd1hBIFNkNGJsaXgrR0lBRjhvaUY3NFZXWER6SlRrQ3hUeHhPUnMvZmJY +bDFheEEKb09XcXh4azAvTVp1eVhzWnFNdDB6U2piWTQxTS84M2ZZMmNFeDByVFEx +SQotPiBzc2gtZWQyNTUxOSBDd1FJbncgY2JYeElLMmZ6bmxNWndqUGRHY2lVSTVC +RVNtVUFscmc1VWd5dXR0ZGltSQpsbHJiOEpvd1RFNUU1RXlZRXcreFRkYjdYVm1O +dnpBRzRBeVQ1aU1wT2dNCi0+IHNzaC1lZDI1NTE5IDFLY1NkQSBtV0J3ZndrYXEr +bUp0OC9kMmFhOVJtT0tGZWg4enF1OU16MGFsQmwzb3hBCmtCbGhNYXI1MUlyM1Uw +ZGtwUmlSV04zYis2YjdTZlkxaGJxcm1TcnRrSGcKLT4gc3NoLWVkMjU1MTkgU0t3 +L3p3IDdySGYwcnBEU0UreFNQWHNCVm9KSEpMMzZwN1ZMb1R4alEyYTM5VGMreFUK +L2E3MEVDeWdVWWVvLzRaNHRSQjh6aitGUWh0LzRoU20wY2NNU25nUy9VMAotPiBz +c2gtZWQyNTUxOSByVzhDR2cgMCsxcTFnYjI1RnA4eU0rQnU3dkxlNEptemJIYUlQ +ZTdZcnREVXhRc2JVYwo3QTR1clhCTkpnOUwvUDQ3UlRMdXF2THhvSnc0bUh5Q2lt +cS8rUVdUNG1NCi0+IFVxQi1ncmVhc2UgKUIgdnggMThEd1cuIHtiZ35cSwp2ckd4 +QncKLS0tIFZlYWtORnBGV09lUEkvWllhRzhQaUg2Z0twbnlHS0gyV2YyWnBDU1RW +RWcKhA9IJiyJR2aXcn58MJ2Hh31OQFpqx2aVcRmF2ZdQdxL3ZBt7vUR07/EF3KPp +11qEv2QSSTgMTtEpqE9hJHIXPGo0VFMA1s0Qagve/MYMttgzJ3vmrgaK/fk4bT2D +G5kqV6f8kbcc4x6tJsf0RMdpABrsVYPdpb+KBj+yzCuFd1PeFlSgD9RVg36+GSJh +x4fwAig8lsu/xZGgDA3W1r2VoBJqAPekMQkDRHaUsAR9l9dqkke0IScr/zTEBlG8 +qAI= -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/tupac/secrets/tupac-ssh-ed25519-private.age b/src/nixos/machines/tupac/secrets/tupac-ssh-ed25519-private.age index f8d7df95..14a2f092 100644 --- a/src/nixos/machines/tupac/secrets/tupac-ssh-ed25519-private.age +++ b/src/nixos/machines/tupac/secrets/tupac-ssh-ed25519-private.age @@ -1,14 +1,15 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBBdXBU -dVo0SzIydVJrc2lHNmRWcjV6dDgySmlwdUp6YTQyYjN1VWtEK3pFCjlGb1oxMXg3 -M2dCZ2FpUnB5OFFqRVJUZ1FTTGgzUkxxVGdxWXhNcVhQdVUKLT4gc3NoLWVkMjU1 -MTkgUHIzd1hBIHplUWN2QUhlY0EwaStDenVkaUhjazBVWHJNMTJRNm9jaTBNNWlT -ckxOZ3cKNzkrR2xtS2ZNREszci9wL2E2OXU1NE5OMXRIcGpUczBxQkttSUczUWNt -awotPiBzc2gtZWQyNTUxOSBDd1FJbncgeW8reVZMd3JZbVhRZGo5RDM4TXg4ampZ -WmlIaGgwVURuQWt6ZTdEOXhqYwovN0ZFUWVnRHJ5RmFlYktPNUJEYWdjNktlaHhE -S0hUZW95SDM2S0k3c3JjCi0+IC9WNSI7LWdyZWFzZQphMWs4ejloZ0g3Y3c3WnVX -dDJhVmlnCi0tLSBrb1prdlpNaC9aQ3lTVURSbXVpSWhjUjl1V1lqankwN1hXajRF -UmlVWEhzCpoUHFXfN3ya/pfH2PwJKADeQiopQZWCMbez51lhG70du62n86ZDrUtA -ySS49pbbgxbPIfeSzu+UVA7NF7kUIbyAvUskwTdayJEzendUSMckhcBAmr0HgRlN -Cl4Giq3lYsADgexSy00AnLhzN3X4qriNlqXvVM2yoepNWk54r5WZ +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyAzeldG +QTdocEM2ZDFBQVlNWXV0ZDg2bENRTFIwWFYyN0JNTlkwbFdNVlRnCndmd2c4dnhN +UW9xOHlITis3UE5iYlVud3NZK0VsTU8wbDJYb1EzSnVlZjgKLT4gc3NoLWVkMjU1 +MTkgUHIzd1hBIGd3L0w0UG10Qmh0dGVYVlVaWWtERXpIUWUyZXZML3NqNWNkVHFa +TENweEUKUE9KcXp5N25mNWJyNWM4RDFLa1g3YnRaUmZueWJQMkQ2M2RlaTJtbERD +TQotPiBzc2gtZWQyNTUxOSBDd1FJbncgWkZMWitRdXEzZ094OFkwdVhES0NYWnhR +TkVWZU5XdDg2Q3IwM0JJQkNnOApRVGt4NW02ejBUZlQxSDdpNk9PU1FhV2Z5ZHNJ +ZFp2VG9JQXcvZUZXWHFFCi0+ICMrRngtZ3JlYXNlCkZ6dEwyQU9RODc1Vmo4L25R +QmJNZEtuOXpjQjZDSmk3T2RjN1RiM3ZXWXJESDUxbWNLTTlEN25Xcy80TDdld1MK +QkdJeGR6LzdMUzgKLS0tIGZXYXl5cTVhaDZFdWNmOWdUdjIxUUtSV3NVcGs5bHN6 +aWdZTnRaUkM4VVUKRiXweAbAJrwkH6XyLkxYIB/jt5q+/1eYaJVAU1Gt1L6TyDmK +k2KJ6fTDX+VNixlbgUKHaXSX/ON63zW+K16GxLQtV1A+BAGUE8+IhIBSA4dlWYNd +X4q4J5/H9BA11c6zZ3VA9WDu/x0WvzH7K5XJaG5eIhYdX4vBEiSJdwqk3bQ= -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/machines/tupac/services/binfmt.nix b/src/nixos/machines/tupac/services/binfmt.nix index 9d26528d..c5192477 100644 --- a/src/nixos/machines/tupac/services/binfmt.nix +++ b/src/nixos/machines/tupac/services/binfmt.nix @@ -3,9 +3,9 @@ # BinFMT Management of TUPAC { - boot.binfmt.emulatedSystems = [ - "aarch64-linux" - "riscv64-linux" - "armv7l-linux" - ]; + # boot.binfmt.emulatedSystems = [ + # "aarch64-linux" + # "riscv64-linux" + # "armv7l-linux" + # ]; } diff --git a/src/nixos/modules/system/wifi/homeBaseKreyren-WiFi-PSK.age b/src/nixos/modules/system/wifi/homeBaseKreyren-WiFi-PSK.age index 5ca864d6..e50228b1 100644 --- a/src/nixos/modules/system/wifi/homeBaseKreyren-WiFi-PSK.age +++ b/src/nixos/modules/system/wifi/homeBaseKreyren-WiFi-PSK.age @@ -1,26 +1,28 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBpZjV2 -Vmx0bERoUjIzRzZLVHh4NEo4RDZxY0VZVk9lbk1NcmdycWQrR0I4CmFPdHhzeEpS -QVZ3ZTA2MFU2ZjlmTk81Q0ZwTGNxRmMrbmZaaWhKMVV5N2sKLT4gc3NoLWVkMjU1 -MTkgUHIzd1hBIFlQQUhlQ2hVY0o3ZUppWlhMNStEUVNJU2tZV01BZGpxeFZ6V05w -d1JhRWcKME5MNiswZ2F0L1VVNEEwNktuaURCVnNKK3htY1owUXdLbEQwOUZOZG1X -RQotPiBzc2gtZWQyNTUxOSBTS3cvencgd3EweTd6ZForaHZFVXlUOGsxK0h1SWtO -Q0prcVdzVlNEMlBKZGh0SWVHUQpYYW5LQ09MK1ZoditDVnIxbXBLYUFFWjJhcEls -d1RwZjFocDJINEtxM28wCi0+IHNzaC1lZDI1NTE5IHBpSW9kQSBOUU9xN0txeVpI -c3BEclJEbHFuMXc5bUlpMXJEaDFOeTQ3dUU0Z2grenc0CnR2THQ2aXNjblhoN3U2 -SEw1TWM4U3VzYW1WRHlJeVdHeXdyUHB4Nmp6N3cKLT4gc3NoLWVkMjU1MTkgMUtj -U2RBIERrL1NzRDVwT2ZKSklSL085dHRFUWhLNklRd0lxSmx5SVB2cHVXTDFNMEkK -MDJWc3lpaFFDcnZnQUlsWUNOZ2E3Wm52SnlXZnB4bkJHQ2RxYk9vbDg1YwotPiBz -c2gtZWQyNTUxOSBCYTdxNncgS1NuTlR5T2Q5WGdjenpqczdHVGVGWXkzMXRpZzFw -U0dZdzltOHJWZ2FIVQoyRDRNQVBQWnR0TEM4U1hUenpJWHhEZlNvemxJK0hsREVp -bVdGc0c0Mks4Ci0+IHNzaC1lZDI1NTE5IEN3UUludyB6WTkyOU9hNXBUYmdWK241 -NUpQMzlUZlNReVNLTFErV2lISGFkRm1uM0hJCklkdnI4NzYwb3hIdWNVMmNiQXFn -OStrc241aFhCcllMZ01TQ1dVV2VmY1UKLT4gUWRnLWdyZWFzZSBDViA4CkZQZlRH -T3U3Ci0tLSBEUmNMandPMDNjdnRmYXVDVHd1c3QybXYxTGQxT1pFT2pTdTduM2xp -RFpNCmf0rphOphJK5nvgzz6AfBuKtU6FQazPfCrvlbFt4H0AL0ePCIIvA0Ugnkg8 -gMdGa9TmJi4zKe3/20qHmtPNbwlTphEl2gTfq7Emc0kkGI/E4XmQjMD+W8NJCxX1 -RWZE3WecEY6VBIFj0Vm121SqKvtCPKrTjSWdBvlm/I2u5N+4j00UXrIIXeN7duam -2aESzOoqsvGbAdClgDF7tJvSXyqJ0w9E5zT3YUoxZ2chYWU9CStyzl+uoKG1G+Fc -aKSWL85JPosCfoQ/ban3tLL3Z7kONXH/NwDwmrwAehPuu4VFve7tHCoyaulDhqpe -JX86mg7Cmw== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBjV1A1 +UDBuTHNtZjlEZHNFU21yRnhCQVQvL21YNWk3akFYYnVaVnMvZzI4CjJrUHJmSDcx +RjU0YWo1TDFTRGp6ZFNwRGZsZXE3Rkt1bmlCVHpHOWVUR2cKLT4gc3NoLWVkMjU1 +MTkgUHIzd1hBIGFVV09MNG5WcTQyeDBGZkZ3SmRRbHplWTd6SWpSRjQ1L0w2VlF6 +LzFWQTQKSnhxUndaVHJnZ3p0aGhWeWFNQ0pnTlZKUld0SncrUXFYNmlWSUJaWlgx +awotPiBzc2gtZWQyNTUxOSByVzhDR2cgL1lVcHBMcEJjTlBISVJHWXoyMkZYUyt4 +NGNzZ0ZmOUxDSlFvNTJZdTVnOApQdlZqQzRMRHJqT1prN3RUK3d5a3BkdlJERGJT +V0Nhc2xMOXMvREhMdDdzCi0+IHNzaC1lZDI1NTE5IFNLdy96dyB4My8wT2lXSlJl +Z1I1ZlpxT3lCTFBQMkhIL0NncElORjMvWkpBdVQ5WkdnCjFSb1RmRGZrMkZFenU4 +c00wSi9PRGQxblo0OEFsVWsxWFcxM2FYZjZ0dDgKLT4gc3NoLWVkMjU1MTkgMUtj +U2RBIEQwb0puUm9uUzUrQldSOERKUW1vUkthcVFXbTZmNDBldmVUeERISGZFbGsK +M1FzRDhweW8rMDFpN2dXdjNLaHB6OGdKSGlmZ212TXZ2b2FpTm5ZOEFLYwotPiBz +c2gtZWQyNTUxOSBCYTdxNncgS3BXdDR3SnJnYk9CYzI1dklJeU51aVRlU0ExYWRm +eDg3dWFqV2pNSEdrbwpUSytyaWZkc04vQ0FWbHdTbU5sb3Jra2tCZERBK2k1eW9C +alJhZmc2VDNBCi0+IHNzaC1lZDI1NTE5IEN3UUludyA2MXhvZStZWHVaUHVyTjhn +ZE5SaldwVVBQQmQ5NzhZOThvM2lhNUQvOFhjCndIMjFJUTJUUDVMMmt5ZUh6azVq +Y1RQRnd6NkkvQ0taMFNVOVNsRTdGbE0KLT4gXi1ncmVhc2UgXjhBQWYgNEBBIFU2 +Q2hVQApBTzRXMFRRSjZvODJuZGlmNGpWc3YrNERTTjR4K2Z3TGRUNnBwVndtRkh1 +V2x4cjkzQ3FLS1A3M1U2YldMNk5pCml6aERRTUZJeHhMYzBvVmNpMFRaQlFiSnFR +ZEpCSnFoRmI5OXN4VnZzbW8KLS0tIDlqS2g0YjdKcmczRmhIREtXcWdnTE9jQTBP +bEpFeWhzSjQzWUpObGJEWlkKhJ/Px36Xdwp2CmnregmLbOoLJLgZh0JUhnyKWtVD ++R5AM1rBCvp/eZb3e3YNAQ7x0t19r7a1sf+xOhLpiD9Xmwltn0o41xnEwyaZ5dnC +2NpFAuErmCUyMwcIL7v1EueP8+gI5ekyJYpE85EUy/BQWDdo/6gEAuK5WYzgGWc8 +jFJQQ6afU6vzfTop27v2pQ+430sU4MOHcwHZKMmpTm+EVqiGQXX1oT0y46UGxcqV +M4URmv97JKxAEXBa212yJFbPptBDFHc5fnkVcXXGdTGdbiSsRfgonVZWsZIXxEUq +MTwwV4WEgzRrtLc637frrW1D7F+P -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/secrets.nix b/src/nixos/secrets.nix index a646d3d2..788a18ec 100644 --- a/src/nixos/secrets.nix +++ b/src/nixos/secrets.nix @@ -6,15 +6,15 @@ let kira = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICWLIYYAXRUD0+bg5CXsxh9F4spvqCz4jaxvtGMsezl/"; # Systems + morph-system = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFJh5Bd1p4GGCAvNkfoWoflrRIFnoj43b2aMs0GxmULs"; mracek-system = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP8d9Nz64gE+x/+Dar4zknmXMAZXUAxhF1IgrA9DO4Ma"; - pelagus-system = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINhxI+25BwlCuEezW6Vc4mJ+EP/KO597PI2YfEU9t+vf"; sinnenfreude-system = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIAXnS4xUPWwjBdKDvvy5OInLbs3oeHUUs5qUsX+fBji"; tsvetan-system = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJdqMVQ3TO5ckmk9nepAY/7zLHy555EkzBJxpfTIwuT5"; tupac-system = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmYpmNkpSkSSk1FnxHvPb8JlbeYh2lf3d5u8MBqGpHP"; all-systems = [ + morph-system mracek-system - pelagus-system sinnenfreude-system tsvetan-system tupac-system @@ -38,6 +38,11 @@ in { kira kreyren tupac-system ]; + # Recovery (image) + "./images/recovery/secrets/recovery-disks-password.age".publicKeys = [ + kreyren + ]; + # MRACEK (system) "./machines/mracek/secrets/mracek-disks-password.age".publicKeys = [ kreyren mracek-system @@ -107,14 +112,26 @@ in { kreyren mracek-system ]; - # PELAGUS (system) - "./machines/pelagus/secrets/disks-password.age".publicKeys = [ - kreyren pelagus-system + # MORPH (system) + "./machines/morph/secrets/disks-password.age".publicKeys = [ + kreyren morph-system ]; - "./machines/pelagus/secrets/pelagus-onion.age".publicKeys = [ + "./machines/morph/secrets/morph-onion.age".publicKeys = [ kreyren ] ++ all-systems; + "./machines/morph/secrets/morph-ssh-ed25519-private.age".publicKeys = [ + kreyren morph-system + ]; + + "./machines/morph/secrets/morph-onion-openssh-private.age".publicKeys = [ + kreyren morph-system + ]; + + "./machines/morph/secrets/morph-builder-ssh-ed25519-private.age".publicKeys = [ + kreyren morph-system + ]; + # SINNENFREUDE (system) "./machines/sinnenfreude/secrets/sinnenfreude-disks-password.age".publicKeys = [ kreyren sinnenfreude-system @@ -136,11 +153,6 @@ in { kreyren sinnenfreude-system ]; - # TSVETAN (system) - "./machines/tsvetan/secrets/disks-password.age".publicKeys = [ - kreyren tsvetan-system - ]; - # TUPAC (system) "./machines/tupac/secrets/tupac-ssh-ed25519-private.age".publicKeys = [ kreyren kira tupac-system @@ -149,7 +161,7 @@ in { kreyren kira tupac-system ]; "./machines/tupac/secrets/tupac-onion.age".publicKeys = [ - kreyren kira tupac-system sinnenfreude-system mracek-system + kreyren kira tupac-system sinnenfreude-system mracek-system morph-system ]; "./machines/tupac/secrets/tupac-onion-secretKey.age".publicKeys = [ kreyren kira tupac-system diff --git a/src/nixos/users/kira/home/machines/tupac/home-configuration.nix b/src/nixos/users/kira/home/machines/tupac/home-configuration.nix index 05683049..34d3f872 100644 --- a/src/nixos/users/kira/home/machines/tupac/home-configuration.nix +++ b/src/nixos/users/kira/home/machines/tupac/home-configuration.nix @@ -52,7 +52,7 @@ in { # pkgs.cura # Broken: https://github.com/NixOS/nixpkgs/issues/186570 pkgs.prusa-slicer unstable.fractal - pkgs.qbittorrent + # unstable.qbittorrent pkgs.stremio pkgs.android-tools pkgs.picocom diff --git a/src/nixos/users/kira/home/modules/vpn/kira-wireproxy-protonvpn-config.age b/src/nixos/users/kira/home/modules/vpn/kira-wireproxy-protonvpn-config.age index 5ddfb38b..92e8a4bb 100644 --- a/src/nixos/users/kira/home/modules/vpn/kira-wireproxy-protonvpn-config.age +++ b/src/nixos/users/kira/home/modules/vpn/kira-wireproxy-protonvpn-config.age @@ -1,19 +1,18 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFByM3dYQSA5UXg3 -eXlreGx6MFJtMUxzTmxKZjlQb3YxZk5HUDFyQUROT3pMUG03aGljCk1CbzV6Ung3 -OVNsMlV5b0lDUnNEVGxkR09TeGp6R3lMdHVDeVEyMWFvU1UKLT4gc3NoLWVkMjU1 -MTkgd2UrczZ3IDgyQ3BPNDlRbGNkTEFwakVTT3VIcFRvYnRudXIyTFNUK0ZTanZp -NCt1RlEKbGpkTXdZMVk2RXpMR21ORi9VRk92bk5jYU1XZTZFWEFQcE1kYmEzMmhI -awotPiBzc2gtZWQyNTUxOSBDd1FJbncgN09jUmNwdWo3RFo3SE1UeUJRQ0tqNTc3 -MDd0UUdkT3BBYkg0VCtsYlFsRQpvc0pEK015dHJjTVEvem9md1F0cXp0NFgrR0J6 -bHhuUHFpMFEzTXphM29jCi0+ICM4LWdyZWFzZSAiUlQsagp1RHBSSlVjQlRFUFFQ -cG4zQUpuVWVrc012RGtNMHNPWUFUaHlRVk9BWEJOakc1YlpRek1RCi0tLSBLUCt3 -Y3lrNnhOdFdadm14UVUxQXd0SVVKMzA4QVV6Rms5bzlodVg3Y0VFCnIushPPuql4 -DtELAs2XKj8QxFLtGutb3HAj+P1IIInjWCbJkGBRGprzXWsfq2qPHHJNAWJ69oiu -DY/Xaj/hjDu2wuCNeaQ63XcuXptaO4PsuBasU/vXLc6fpIbMFXRiWYyJErwxgwiz -WqT5hJw0s3slSMPlD6Fkw8jbWQc/zG9IOMQ5JsrwK6NzLx33hb8EmZp7WmAG2NtH -aRj035XmZhJ+j3Jo9z8OmKT0GP0v7DMp5X67XSMJuKZWEPYmz2RZdN+AoJNj3Vav -sxDmp8hqmTS/KqVjuCaMM7DXYsI58IGEoNETC6H+H/YXaH5nk4pVHJCcBzrVX5O7 -Oo+ubApjjdAc2onq4lFZg7NF2JV2iKe+hAGllJNiYqsAa4I5gfLD9HNFcGkrQLm1 -kdIzimX2ugX36y1U4BbdXA0n +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFByM3dYQSA1TDJ5 +b0t0VTRLNTU2Z2VzSWg1RGRVNE5ZOThydjk2OGdBRVVZMVFydWkwClhqNm1FWmxO +dzBuMmdvQ3pKWFVjWFhHTkM5c3puVngwekx0RUFKVW12UG8KLT4gc3NoLWVkMjU1 +MTkgd2UrczZ3IGxLbFgzbm56M2J4L3BpK3ZUdHMySE1XMmhqc3RmRENsYk9adSsr +VVFWUTgKcVFMckowdlBabnpLdmt3bm5IUUV3Y3hnM055cGI2WUJKOTVYNkJjY0Vy +QQotPiBzc2gtZWQyNTUxOSBDd1FJbncgdi93dlMyaWdMbkdOcC9Va09UbU5JaEtY +SUQ0RS9MRGp2eklmNEMvdFNUawpmV3dDelBlY0J6OEsxaUtDMGpTeHVUa09aWkdH +MHh3cGRYdWMvQ29Xb2pZCi0+IDI1UCpELUgtZ3JlYXNlIFFNSHFmKG5sIGAgSgpn +OHlJCi0tLSBFell1VUg0R3VVam5VNlpQeWdUQW8yK1BOMDRLQVUvYUNENWNlc01m +QVJJCkvlktKlNiHegolpc7gDiArIYnZbljxsBVnPZHcIGjIQQo6B/nzr5EA3ncbt +rcc2KxfHQD5Ivrfn5dLIwVGZMOCkLsEV798xr/RKaq0vyPK2Kouz3MSVzymooBlk +KWBOF98ZlRdvB4zKIDPSlwWItTDoXMApjFOGd7p1lg4XNa/7sVmyPzmvex6m7Ug3 +FHLLhwtkLGRMXeMn8PwxewVxYOs9RQ+flVAC/S7gIQ/6tspnldb6cjSKZv3dwhMU +SzY5tFdGtamNWNGov4zVcNQCmEgNoBvOcWt+Ov7Rqd72A+muoHojeSUW1Q6OKpYK +DoqrJKkIz+ebLgrL1MJLTsc8zelWgV8QKVzrhVs8fhWHWXf62MkqYhTSF8uI8R7C +Nf6cyJXPXKixwY8+1vSBw1JQFyKuI1tUSnd36lP0 -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/users/kira/kira-user-password.age b/src/nixos/users/kira/kira-user-password.age index 6390b85b..8e5a0552 100644 --- a/src/nixos/users/kira/kira-user-password.age +++ b/src/nixos/users/kira/kira-user-password.age @@ -1,24 +1,23 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBkTE1W -REZLdWNJNUNXWUpZb0FVd1VucCtLNFczd294ZHMreldvTVZMRUE4CjRUTlZIMmxJ -bmwrckJSS2FWbVFBTWV4QStmRTQ4cmVhZ0RmZnRPL0ZQdlUKLT4gc3NoLWVkMjU1 -MTkgUHIzd1hBIExQUWFhQVdJYWtKYnVzc2xaaUJ3ZWlCNnh2eTU2RWJjN3RyblpP -cDVrMlEKYzVSdW5EZFcxbWlIZHNsZDY0SEhCaHF2UTM2RG5idGluMkw1dEFNNjlv -VQotPiBzc2gtZWQyNTUxOSBTS3cvencgSVd2M0ViTmhKTy9SYkZYWVBwd3FXRjVP -a2l2NmRSYlNRWW1kVXVWOUYybwo2eUdYcFh1ZUMvSjhBUis5TVpnWGE0K0hOSjV6 -bExFYWkraGxoekwrdmc4Ci0+IHNzaC1lZDI1NTE5IHBpSW9kQSAwRVJ5Z3hVR0F4 -RnJKRzJWUFFCTDRWTVBTV2tkVmYvdTlXcFc5Z2h1bDNFCkdNWEFKb055aFgraFli -VXVQaDlkckZUVWdRM3NRcFk3akFRZ0dTK25rdXMKLT4gc3NoLWVkMjU1MTkgMUtj -U2RBIE95QXl5Q0tDOE5uT1gwK2cxRDF4d1IxOENSNWhqeTVlcFhNOEdlbXVwWFkK -NGhJOWxTdno1bTdqeFNZaURKcW55cXBTdm0yaEI5N0MxdGtjS2FYQUdCbwotPiBz -c2gtZWQyNTUxOSBCYTdxNncgamVCOEtxVkw4Y3VUTTJETlNJVi91aHJERDJYQXVI -OXNObklSZUVWcTFXbwpRS2ZpZjNzTzNIaGp5aGNQRXgwMCt2SG9CQnlTUHRGMm1X -Qi9TdlRXay9vCi0+IHNzaC1lZDI1NTE5IEN3UUludyBFRGU3WG1ENjdPV3RyRnRW -NzBSQXBKR21VeVhMRkhXTGpmVEVVK2FBcGdzCmFNUWd2bGRVUHkyV0NDR0JFNFQ2 -U0Rack5IaDUrRWNUVnVNMkJCMGlaOXMKLT4gLy1ncmVhc2UgXmdOIGlCe19Oezcg -XG4qNmwoCjFkVjVqdHZ0djhmN3RiSjg5d1gyell5eVpwTXBuMHViL2pBSzl3OUVM -aWp4NS9LWUxVMAotLS0gTzc3N3ZyM2R6QXJoRnJnV0pVMnN2SVhlK2NBaWNhZTZz -WE5UZEpCUkJHOAq5rU4t+3le/ldT2HJg8/xgGxbWEslSy5pHbSACbJauSOTfWQLS -UMg1Zu9ZMQ6qYAa9MusNT0kQP/sIyRJPCdWxno5qoVNldtxrXdJh+NxYusfFk39N -jkWFJdSG0uFoR3ZzKrqMH2BmKSrO +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBUMG81 +SXB5QVA5TVdVOXRGeFdiR1JLREhUVjUzbkRhSDh6MmVCRGtZRVRzCk5ueXFwUTc5 +UGpnWHZhVHltRFFYVTExS0dWQ2IybWFsaVFJZXJlKzdRL0kKLT4gc3NoLWVkMjU1 +MTkgUHIzd1hBIGpJenovVEt4cElHbGJsdTNBeE5td0tnSVBWSVhLbzlqOTJ6QkRr +ZzBGeTgKN2RXdUNGMDExMEp6c3VFUW1FUDRjbFlBNE9ybStVdzZENFQ3WUJpQkdo +VQotPiBzc2gtZWQyNTUxOSByVzhDR2cgNS9zRmp0b1MwdjYwcStQeVlFazB6M2pM +WWp3U1ZtemFnRXdhbm1kR2hHTQpGMzQyTVVuSnRhYllOUi83d3AxYmJwbGx2QmhC +aCsxemRtUHRnUGoyNlc0Ci0+IHNzaC1lZDI1NTE5IFNLdy96dyB0TGdlT1JXd21F +M0l4NXNDTkZ0WTdyS0N0QnNhVEJaRzNDaXdFR0VVd1JFCjBzN3NUT0FoUFgxWWEy +V0hBV3VVSWR2QnZpcElNSTAyeDA3b3lRTVhZRFkKLT4gc3NoLWVkMjU1MTkgMUtj +U2RBIFNkQ0ZjOTEreXJGVzR0a2tXQy9qM1BKQjJqWjRUaW9iYWxrUE5nOSt4Q2cK +R0VjREl4OW5DZUJab1lwejdobDdNMGdGbVpUMFVzMnNIM1RJdmlwSW1yawotPiBz +c2gtZWQyNTUxOSBCYTdxNncgMVA4VERGTXJ1T2hrdW5FL1pYRUx5eXhvd3M2Mndi +YkkzN0J1Y1hTamFFOApWbW0wZmlMeFoxRnlVMGNEekpQLzVUS3lGV251Q05xeVhu +MzZickNvUkdjCi0+IHNzaC1lZDI1NTE5IEN3UUludyBya242di8yTHgycmovM0pw +MURjcndMUkJUaDE5Vm1PUXRaVWp3NlBONHdFClVzU014VjRHR3BxeWY0YkNnQXpq +OGExeVVxcnQ2VnFCWmZXVzg5Z241bzAKLT4gcjgtZ3JlYXNlCnRPU0d6OEtUOFZz +Smt1QW10ZwotLS0gTkF2aHBUWUNIWEVCSUdITlNOeXl6blkzNGQ0SW1lV1hzV3BJ +MklSTlNoYwr6sV9WHmgZWcHbdQpikWxjsHn5Fxkli6M+DX+7z84uD4UAGDcqONzq +ywdQJSeC6dsZmmUjywrBwyfenCuRx80mjC0H1uLeabJEI4WSffeIS0fE4XbWrbmW ++BldhYokiPAB5U8ksfcxrybd -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/users/kreyren/home/default.nix b/src/nixos/users/kreyren/home/default.nix index b39c6926..28c84f69 100644 --- a/src/nixos/users/kreyren/home/default.nix +++ b/src/nixos/users/kreyren/home/default.nix @@ -64,9 +64,14 @@ in { home-manager.extraSpecialArgs = { inherit self; - aagl = self.inputs.aagl.packages."${system}"; + master = self.inputs.nixpkgs-master.legacyPackages."${system}"; unstable = self.inputs.nixpkgs-unstable.legacyPackages."${system}"; staging-next = self.inputs.nixpkgs-staging-next.legacyPackages."${system}"; + + nx = self.inputs.nixium.legacyPackages."${system}"; + nx-unstable = self.inputs.nixium-unstable.legacyPackages."${system}"; + + aagl = self.inputs.aagl.packages."${system}"; polymc = self.inputs.polymc.packages."${system}"; firefox-addons = self.inputs.firefox-addons.packages."${system}"; }; diff --git a/src/nixos/users/kreyren/home/home.nix b/src/nixos/users/kreyren/home/home.nix index 6c177425..4350771a 100644 --- a/src/nixos/users/kreyren/home/home.nix +++ b/src/nixos/users/kreyren/home/home.nix @@ -43,7 +43,8 @@ in { systemd.user.startServices = true; # Start all needed services on activation and deactivate the obsolets instead of suggesting what to do - xsession.numlock.enable = true; # Enable numlock on boot + # FIXME(Krey): Fails to deploy + xsession.numlock.enable = false; # Enable numlock on boot # Global Packages Installed On ALL Systems home.packages = [ diff --git a/src/nixos/users/kreyren/home/machines/sinnenfreude/home-configuration.nix b/src/nixos/users/kreyren/home/machines/sinnenfreude/home-configuration.nix index 962d74a5..9e3aa5e4 100644 --- a/src/nixos/users/kreyren/home/machines/sinnenfreude/home-configuration.nix +++ b/src/nixos/users/kreyren/home/machines/sinnenfreude/home-configuration.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, unstable, aagl, polymc, ... }: +{ config, pkgs, lib, unstable, nx-unstable, aagl, polymc, master, staging-next, ... }: # FIXME(Krey): trace: evaluation warning: The ‘gnome.dconf-editor’ was moved to top-level. Please use ‘pkgs.dconf-editor’ directly. -- Channel 24.11 @@ -57,7 +57,7 @@ in { pkgs.nss # Temporary management of Post-Quantum Safety until matrix manages it, see https://github.com/matrix-org/matrix-spec/issues/975 for details - unstable.simplex-chat-desktop + nx-unstable.simplex-chat-desktop # Session uses system proxy by default which breaks functionality (pkgs.session-desktop.overrideAttrs (super: { @@ -77,9 +77,9 @@ in { polymc.polymc # Slicers - pkgs.prusa-slicer - pkgs.super-slicer-beta # Prusa-slicer fork by community. Includes additional features, but lags behind in releases - pkgs.orca-slicer # Prusa-slicer fork by BambuLab adapted by the community + unstable.prusa-slicer + unstable.super-slicer-beta # Prusa-slicer fork by community. Includes additional features, but lags behind in releases + unstable.orca-slicer # Prusa-slicer fork by BambuLab adapted by the community # Games aagl.anime-game-launcher # An Anime Game @@ -117,7 +117,8 @@ in { # FIXME-QA(Krey): As of 24th Jun 2024 this doesn't build # pkgs.gaphor # Mind Maps pkgs.kooha # Screen Recorder - pkgs.qbittorrent # Torrents + # SECURITY(Krey): Stable has - Potential Remote Code Execution https://www.openwall.com/lists/oss-security/2024/10/30/4 -> Move back on stable once this is fixed + unstable.qbittorrent # Torrents pkgs.tealdeer # TLDR Pages Implementation pkgs.nextcloud-client # FIXME(Krey): To be managed.. diff --git a/src/nixos/users/kreyren/home/machines/tupac/home-configuration.nix b/src/nixos/users/kreyren/home/machines/tupac/home-configuration.nix index 6eac0878..46436531 100644 --- a/src/nixos/users/kreyren/home/machines/tupac/home-configuration.nix +++ b/src/nixos/users/kreyren/home/machines/tupac/home-configuration.nix @@ -31,7 +31,7 @@ in { # pkgs.cura # Broken: https://github.com/NixOS/nixpkgs/issues/186570 pkgs.prusa-slicer unstable.fractal - pkgs.qbittorrent + # pkgs.qbittorrent pkgs.stremio pkgs.android-tools pkgs.picocom diff --git a/src/nixos/users/kreyren/home/modules/vpn/kreyren-wireproxy-protonvpn-config.age b/src/nixos/users/kreyren/home/modules/vpn/kreyren-wireproxy-protonvpn-config.age index 9c97f489..e84dbcd4 100644 --- a/src/nixos/users/kreyren/home/modules/vpn/kreyren-wireproxy-protonvpn-config.age +++ b/src/nixos/users/kreyren/home/modules/vpn/kreyren-wireproxy-protonvpn-config.age @@ -1,17 +1,17 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBuV0xW -UVkra1BRdE9sazFrLzMva0hJZzNlWGtjbyt5TUZjSlVNRHNrZ0M0CmJ6R1B2REcz -RWoxTDEvQ1hDYWhQb0s0SFl5VEw4MVBOQWZiWHdyZTQyS0EKLT4gc3NoLWVkMjU1 -MTkgMUtjU2RBIEt0OTJaUm1OMU0vMkc3QmlHMW0xbFdFSTBnYUk2MkVxbDhQOFZF -MjZoU0EKdFJIdWo5eDZvTXAxWlNURDZobEFja0ZFcEwzenZpb1N4Ukw1Y2V4dXEr -dwotPiAhYkBNLDc0Wi1ncmVhc2UgUTZESUtlIUEgME5KM3d6IEcpem18RFIKSW45 -RUJWVGxjNWs2RFBZUFQ2V1IrWlJJblRZMCs4ZkhyZzAKLS0tIDlFMlB4ZTNXZFVu -K1hiQ2pkUE5Fby9lcGcvOElabWM4eFJlZk9zKzJLbWsK4f5ABTz8Wv4PlImZVdkQ -KDemLmbnnD920fWZDeH4/pulxMs/yZuqg86rLe4M17QEHeKt9sROvcTb2Ee/5K+w -ah/JqU3aR1smNci2QpYZzQHm7+tFexgBfHDWcpYbhwq+0u4ufdbh+pAJRsmzH4ED -0fpuxvdFDsziQYrPT9AOL4KePKpVPMhzYwvBinsHvIiBYpRbZw/DjM9r3StsFS7F -+Yswi7aEjJYg30BjyEse81cE/sMLe6StMGh+OajMs/3Wk6ICYP+YHWg5NZQufcLx -E+yJgnQ1IwHyrPcwQbfkOpl8vnJ/NCNbBlJ2sw8i5uYpUT/iWDdZwA1SEtTsXjJw -MpM/bfl9KTuSbKOwQmpi7U7m2Ki7mWSKujNKef8KLPGN1In25gWre3Z/DGti7ysv -RjCH4gZ7bPhoDRr+ +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyA1amdr +eXZGa3I5QzFsbUNlUmtwY0dEYjZKb1hGU1hnbDJnT2UwZWNnNXdFCm5YNDR3b05J +cmxWMmYrMGpNb1ovbFBxLzF3MnV1c2RTWlRDUkU3TjErSEEKLT4gc3NoLWVkMjU1 +MTkgMUtjU2RBIDgrblJlM2ZDRHZCdGlLMmdzeU9TaDNHL2wzZ0gzOG1xNDV1dTRm +bmxjRTQKWGExSlE1NXhDbHE5MUhPYmR6K2NFU3VKT3BMU1JBblhwZStDRWo3VDVG +VQotPiBaZTZ1ZC1ncmVhc2UgPG1uPi5dIExXPm8KbGdQeTRRVHRtYSt6c25OTWlZ +cTQ0c3p1cVhlYTNQRmVyWGpmcjRpWWp0RlMxZmcKLS0tIG96Vk1ra3kveXBjSGdy +amVFYkR6YW1QZmY0TlVLRlFBVGRRbjdUbVVMWEUKDaGI6KMfzXEkH3TePVjxGWBV +TOxAylhMjjyhMtfNJKjoDya4opP6SmV025TpJwp9E6+JT5dD8kmZVFqA9zUpInIg +9XYWMjyLC52qkJUp+BKgyK4G8X/gmQpSD9L4YoroTDkOI6XsGOKTgW4j8iiwBl3w +qUI8+e6rotOqv6DS4NHzLX3LcHoc/gat6NxZEG31kwXGLq7f8wT0P3xTZeP2Fzdl +4HYMZ1Bg/bUIe0HIm7v2t0BiWmPPfMTiqLjp+iVt3iN1IH9g8+hjxKDEAomD7yfI +VFo5qtq2pO4s7xvMCvMSV+y0KRV6DfEE7S+gKmNKCWQakb54XPJErWvHxmSCbygb +1SzSQ2+PChFGUgf0QULxI17FobnY0+qAwT163HjJMRRAYCHknjwRMl/V6vlI65oW +Bko7IZ5keEk1 -----END AGE ENCRYPTED FILE----- diff --git a/src/nixos/users/kreyren/kreyren-user-password.age b/src/nixos/users/kreyren/kreyren-user-password.age index a0f167e4..b5e6981d 100644 --- a/src/nixos/users/kreyren/kreyren-user-password.age +++ b/src/nixos/users/kreyren/kreyren-user-password.age @@ -1,23 +1,23 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBXcVNS -dkkxdGpCbEJOVTRXSXBoK2tBMzErb1FtblZxRTR0Q2FCMlF0bWdrClBPL1VzMWtJ -M3NHb211a2FMRFFVTHQ1N0ZQdTgwOVNSRU5XM3psVXJKQ0EKLT4gc3NoLWVkMjU1 -MTkgU0t3L3p3IDNDME9QWjNxamdobitSWTJUMjA2OVJFNVJMY29aVmkxNy9NejFX -SmxSaWsKR1hCQ2NwQThqL0VHc255eU91WmQ0QnAvS0Vzck9PWThES2NEd043SnhL -RQotPiBzc2gtZWQyNTUxOSBwaUlvZEEgcFMwVXJoRnErdFJSK2dvTVRxUTd2emFY -cWdJSGdDL2pIRExEMDVsamZtVQphdjNSbXZ0T3NuV3hwaWNhQWdFb2lFU3dySmVR -V2FpWDdkTzhpNWI2VXY4Ci0+IHNzaC1lZDI1NTE5IDFLY1NkQSB4SmhQMGQ2cndx -RzBqT0h0YWhmbWdTZDNDT3JBRkYvTU42Q2pUOWJQZEdjCjVYRFBPNkFVaFdmVGdI -OWZRTEpGckhOblNnLzhSb21KaEMrR2RkWDlVZk0KLT4gc3NoLWVkMjU1MTkgQmE3 -cTZ3IFFsUWtrVlpEWkRkcjdPMUVxbEE4bzU0ZVhPTEl4RmsrVjIya2JOU0xyVkkK -SERmaktSeWxhR2h3T1JhT0Q3YzFQSmcza3Y5RFcybEh6clRwdkRLQ0ZRYwotPiBz -c2gtZWQyNTUxOSBDd1FJbncgR0pwVWp3Q2lMb0FxTEc2THJVNUY0VkJIMHlMbVZH -T1U4ZGxQN293eDNqVQp0UDFiTjZRZkd5bGh1RDMzK1J5RGp3WHR0Si9tZ1JuRHdk -a3o4MmFTWjRjCi0+IF1lZy1ncmVhc2UgZSgqUjggMCpvOD56LnQgdwo4aWtnTW4v -TVhJN1drdmpkVm1RVzJwcUlSSCtoV2Nud1d2NzV2LzVDeUFqdkd1Q2R6V3d0Z1lr -NzNDK1prTXhICmF6Z0FQcUtFemFXYWpTY2xVVGF3ZHMwVERya0MwUHpBCi0tLSBY -M2hHVDBsaTJ3aTU1a2p0TlhEM0pmUGFJdnZBMmxKNlVkMExmM2VsM2g4CtRmscnV -5lzNBnNB8AhA+ZY+rpHMzU4sM+E0a6NIOOXP5H2jfjiZlQ0Rlh78z/ioSYdwxbi0 -JOqWTpcTaUDDwXAy4nrbSDkP+FyZWxImzf3TzGWujsC0kLoukqVPIQ6t68d+xweD -e3HqjSk= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHdlK3M2dyBHU1Mr +d3YwTUkxOU41MUZzdHB5aG1yV2Ivd3ZrRVlubGVIZEVaRG8rK1ZZCjEwd05maXRR +ai9WdHJ2aWN0b3VmTWhaY2NDQ1dIMTlFQUtBeXBrQWpaT3cKLT4gc3NoLWVkMjU1 +MTkgclc4Q0dnIHhCbFg1YlBHNS9TQWhpVEpKeDdUOXoxN2Z0OUJJTkxpeUJsY3o0 +WmNNRG8KTWlUSDFVOXgwZ1B2a1F5OW9TNjZac3VjZXZUQm45eEJSM2tnKzZIdGpW +cwotPiBzc2gtZWQyNTUxOSBTS3cvencgOXVKZ1RIZ3BlKzdwZXhubUpCa3hWWnhD +V2ZtRnBncmFha1VmOW1MeGIwawo2SzE3Z0Q1VjdrUE1KalR2TUhHZ1Mvbk5RZ0R4 +Qzh6b0IwRVFnWENnSERrCi0+IHNzaC1lZDI1NTE5IDFLY1NkQSBPNnovdHRKSWw3 +UmZveXJRa1R3ekRUdzg3S1pEVzNvY2VHZFh3RWJpY1ZjCkFuc1NkU2dNRS9ta2xz +N2VIYUpwZ3Y4MjdXbitBK1VtbXdWTUcxZkJyRlUKLT4gc3NoLWVkMjU1MTkgQmE3 +cTZ3IE51VStwOVNBMGtSRXB4N1lJbWF0eDNmb1FSRWM3SWVCa0VkWmhHem1pRjQK +eUYwSWNvc205SEZiUFNQeWxtd1pxTlVRSkdJT2crV0V6RUgxam1wMGhRVQotPiBz +c2gtZWQyNTUxOSBDd1FJbncgYURaSklKNHp4TEovWHJJSm1xek9hdHRVdlZMVnhT +eW1MeE5sVG10OWlETQovUSs2QVl2aGlsMjVxQVhJN09leFN2SzFIMXZYeUo1bEdp +VWxGeFBBdmowCi0+ICQod2N3X0N6LWdyZWFzZSBFIGxyCmdBMmRBbkxxUWdxZExM +ZmRzY2twMkdDMlBJREg1Tk4rWTZRL1VYcnIrNGsxYnYvaSs1YzhuaGZpaUY3ekpH +MDgKdWFVb243UTVKWExEYmxwTExxakpFNmNXaWs0UE1hNWZOU1NrU0ljc1lkTW44 +Y00KLS0tIEtLck9ILysxdkpjTDRuTHp5cnNlRFVpem0veWd1NS85SG1TY2xHOC8r +YVUKwexZDv66DA307esN2nSGXduUgOSi2j3bHgSUsgCPXNJ3+Uoga7XQbjnwo8J0 +iwPCgsSmSWR9OLe+Uqlviae5UJRdXM0gPRQluVj6ZUWlEV14Z9Wwj+hkxeGyHHlz +PvgRYkXrZiII90cZdg== -----END AGE ENCRYPTED FILE----- diff --git a/vendor/nixpkgs-stable b/vendor/nixpkgs-stable new file mode 160000 index 00000000..14e770ee --- /dev/null +++ b/vendor/nixpkgs-stable @@ -0,0 +1 @@ +Subproject commit 14e770eef73f088e1fda9d05c2259553165bd411 diff --git a/vendor/nixpkgs-unstable b/vendor/nixpkgs-unstable new file mode 160000 index 00000000..e4d2da85 --- /dev/null +++ b/vendor/nixpkgs-unstable @@ -0,0 +1 @@ +Subproject commit e4d2da8509b3be815a7d314132c188085749954c