diff --git a/classes/headful/clipboard.nix b/classes/desktop/clipboard.nix similarity index 100% rename from classes/headful/clipboard.nix rename to classes/desktop/clipboard.nix diff --git a/classes/desktop/cosmic.nix b/classes/desktop/cosmic.nix new file mode 100644 index 0000000..3c3caf6 --- /dev/null +++ b/classes/desktop/cosmic.nix @@ -0,0 +1,15 @@ +{inputs, ...}: { + imports = [ + inputs.nixos-cosmic.nixosModules.default + ]; + + nix.settings = { + substituters = ["https://cosmic.cachix.org/"]; + trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="]; + }; + + services = { + desktopManager.cosmic.enable = true; + displayManager.cosmic-greeter.enable = true; + }; +} diff --git a/classes/headful/devenv.nix b/classes/desktop/devenv.nix similarity index 100% rename from classes/headful/devenv.nix rename to classes/desktop/devenv.nix diff --git a/classes/headful/flatpak.nix b/classes/desktop/flatpak.nix similarity index 100% rename from classes/headful/flatpak.nix rename to classes/desktop/flatpak.nix diff --git a/classes/headful/fonts.nix b/classes/desktop/fonts.nix similarity index 100% rename from classes/headful/fonts.nix rename to classes/desktop/fonts.nix diff --git a/classes/headful/fs.nix b/classes/desktop/fs.nix similarity index 100% rename from classes/headful/fs.nix rename to classes/desktop/fs.nix diff --git a/classes/headful/gamemode.nix b/classes/desktop/gamemode.nix similarity index 100% rename from classes/headful/gamemode.nix rename to classes/desktop/gamemode.nix diff --git a/classes/headful/hardware.nix b/classes/desktop/hardware.nix similarity index 100% rename from classes/headful/hardware.nix rename to classes/desktop/hardware.nix diff --git a/classes/headful/location.nix b/classes/desktop/location.nix similarity index 100% rename from classes/headful/location.nix rename to classes/desktop/location.nix diff --git a/classes/headful/mullvad.nix b/classes/desktop/mullvad.nix similarity index 100% rename from classes/headful/mullvad.nix rename to classes/desktop/mullvad.nix diff --git a/classes/desktop/networking.nix b/classes/desktop/networking.nix new file mode 100644 index 0000000..3fe1ecf --- /dev/null +++ b/classes/desktop/networking.nix @@ -0,0 +1,13 @@ +{config, ...}: { + services.resolved.enable = true; + + networking = { + networkmanager = { + enable = true; + dns = "systemd-resolved"; + }; + firewall.enable = false; + }; + + users.groups.networkmanager.members = config.users.normalUsers; +} diff --git a/classes/headful/pipewire.nix b/classes/desktop/pipewire.nix similarity index 100% rename from classes/headful/pipewire.nix rename to classes/desktop/pipewire.nix diff --git a/classes/headful/printing.nix b/classes/desktop/printing.nix similarity index 100% rename from classes/headful/printing.nix rename to classes/desktop/printing.nix diff --git a/classes/headful/syncthing.nix b/classes/desktop/syncthing.nix similarity index 62% rename from classes/headful/syncthing.nix rename to classes/desktop/syncthing.nix index 89853f7..0ec4025 100644 --- a/classes/headful/syncthing.nix +++ b/classes/desktop/syncthing.nix @@ -1,9 +1,9 @@ { services.syncthing = { enable = true; - systemService = true; - openDefaultPorts = true; overrideDevices = false; overrideFolders = false; }; + + systemd.user.services.syncthing.wantedBy = ["default.target"]; } diff --git a/classes/headful/wayland.nix b/classes/desktop/wayland.nix similarity index 100% rename from classes/headful/wayland.nix rename to classes/desktop/wayland.nix diff --git a/classes/headful/xdg.nix b/classes/desktop/xdg.nix similarity index 100% rename from classes/headful/xdg.nix rename to classes/desktop/xdg.nix diff --git a/classes/headful/networking.nix b/classes/headful/networking.nix deleted file mode 100644 index d7cd8c0..0000000 --- a/classes/headful/networking.nix +++ /dev/null @@ -1,10 +0,0 @@ -{config, ...}: { - services.resolved.enable = true; - - networking.networkmanager = { - enable = true; - dns = "systemd-resolved"; - }; - - users.groups.networkmanager.members = config.users.normalUsers; -} diff --git a/classes/headful/plasma.nix b/classes/headful/plasma.nix deleted file mode 100644 index e4a722a..0000000 --- a/classes/headful/plasma.nix +++ /dev/null @@ -1,27 +0,0 @@ -{pkgs, ...}: { - services = { - desktopManager.plasma6.enable = true; - displayManager.sddm = { - enable = true; - wayland.enable = true; - }; - }; - - environment.systemPackages = [ - pkgs.kdePackages.sddm-kcm - pkgs.kdePackages.discover - pkgs.kdePackages.kate - ]; - - programs = { - kdeconnect.enable = true; - partition-manager.enable = true; - }; - - xdg.portal = { - xdgOpenUsePortal = true; - extraPortals = [pkgs.xdg-desktop-portal-gtk]; - }; - - programs.dconf.enable = true; -} diff --git a/classes/headless/fs.nix b/classes/server/fs.nix similarity index 100% rename from classes/headless/fs.nix rename to classes/server/fs.nix diff --git a/classes/headless/networking.nix b/classes/server/networking.nix similarity index 100% rename from classes/headless/networking.nix rename to classes/server/networking.nix diff --git a/classes/headless/time.nix b/classes/server/time.nix similarity index 100% rename from classes/headless/time.nix rename to classes/server/time.nix diff --git a/common/documentation.nix b/common/documentation.nix index ac11bb9..da6141d 100644 --- a/common/documentation.nix +++ b/common/documentation.nix @@ -1,13 +1,3 @@ { - documentation = { - doc.enable = false; - info.enable = false; - nixos.enable = false; - man = { - enable = true; - generateCaches = true; - man-db.enable = false; - mandoc.enable = true; - }; - }; + documentation.nixos.enable = false; } diff --git a/common/nix.nix b/common/nix.nix index 6b3bc34..75c911c 100644 --- a/common/nix.nix +++ b/common/nix.nix @@ -10,7 +10,7 @@ nixPath = lib.mapAttrsToList (key: _: "${key}=flake:${key}") config.nix.registry; settings = { - trusted-users = config.users.normalUsers; + trusted-users = ["@wheel"]; experimental-features = "nix-command flakes"; auto-optimise-store = true; }; diff --git a/common/puter.nix b/common/puter/puter.nix similarity index 100% rename from common/puter.nix rename to common/puter/puter.nix diff --git a/flake.lock b/flake.lock index da97c25..3d6c19d 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1736955230, - "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", + "lastModified": 1723293904, + "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", "owner": "ryantm", "repo": "agenix", - "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", + "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", "type": "github" }, "original": { @@ -80,11 +80,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1737028622, - "narHash": "sha256-O1QDc/KWWVf9BgWDoa7WKZa2cDMh5mNMb6BMNMxq2Q4=", + "lastModified": 1735883199, + "narHash": "sha256-whedwR4P34Ne5xFLTdac3qMCiGTNiwME5U37M4wmisg=", "owner": "cachix", "repo": "devenv", - "rev": "4e5b00134bf03f16af6b25b80abb38c598cfe239", + "rev": "d67d04ae2dd3bc3723e615003034ba752e8db8c3", "type": "github" }, "original": { @@ -121,6 +121,22 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1717312683, + "narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=", + "owner": "nix-community", + "repo": "flake-compat", + "rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -148,11 +164,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1736143030, - "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "lastModified": 1735774679, + "narHash": "sha256-soePLBazJk0qQdDVhdbM98vYdssfs3WFedcq+raipRI=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "rev": "f2f7418ce0ab4a5309a4596161d154cfc877af66", "type": "github" }, "original": { @@ -213,11 +229,11 @@ }, "hardware": { "locked": { - "lastModified": 1736978406, - "narHash": "sha256-oMr3PVIQ8XPDI8/x6BHxsWEPBRU98Pam6KGVwUh8MPk=", + "lastModified": 1735388221, + "narHash": "sha256-e5IOgjQf0SZcFCEV/gMGrsI0gCJyqOKShBQU0iiM3Kg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "b678606690027913f3434dea3864e712b862dde5", + "rev": "7c674c6734f61157e321db595dbfcd8523e04e19", "type": "github" }, "original": { @@ -296,6 +312,27 @@ "type": "github" } }, + "nixos-cosmic": { + "inputs": { + "flake-compat": "flake-compat_2", + "nixpkgs": "nixpkgs_5", + "nixpkgs-stable": "nixpkgs-stable", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1735955646, + "narHash": "sha256-9KMkTtDYkZmqSZP6iKTY3zAcDK3xaD5gmiFG5siB8kE=", + "owner": "lilyinstarlight", + "repo": "nixos-cosmic", + "rev": "f8b8aa18abde0b84c84da69a86b7fb3761a4ddf7", + "type": "github" + }, + "original": { + "owner": "lilyinstarlight", + "repo": "nixos-cosmic", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1703013332, @@ -324,6 +361,22 @@ "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" } }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1735669367, + "narHash": "sha256-tfYRbFhMOnYaM4ippqqid3BaLOXoFNdImrfBfCp4zn0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "edf04b75c13c2ac0e54df5ec5c543e300f76f1c9", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1730531603, @@ -374,11 +427,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1737062831, - "narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=", + "lastModified": 1735834308, + "narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c", + "rev": "6df24922a1400241dae323af55f30e4318a6ca65", "type": "github" }, "original": { @@ -395,7 +448,32 @@ "devenv-root": "devenv-root", "flake-parts": "flake-parts_2", "hardware": "hardware", - "nixpkgs": "nixpkgs_5" + "nixos-cosmic": "nixos-cosmic", + "nixpkgs": [ + "nixos-cosmic", + "nixpkgs" + ] + } + }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "nixos-cosmic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1735871325, + "narHash": "sha256-6Ta5E4mhSfCP6LdkzkG2+BciLOCPeLKuYTJ6lOHW+mI=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "a599f011db521766cbaf7c2f5874182485554f00", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" } }, "systems": { diff --git a/flake.nix b/flake.nix index 381ee7b..ef31959 100644 --- a/flake.nix +++ b/flake.nix @@ -3,9 +3,16 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + flake-parts.url = "github:hercules-ci/flake-parts"; + hardware.url = "github:NixOS/nixos-hardware"; + agenix.url = "github:ryantm/agenix"; + + nixos-cosmic.url = "github:lilyinstarlight/nixos-cosmic"; + nixpkgs.follows = "nixos-cosmic/nixpkgs"; + devenv-root = { url = "file+file:///dev/null"; flake = false; diff --git a/hosts/headful/flamingo/hardware.nix b/hosts/desktop/flamingo/hardware.nix similarity index 100% rename from hosts/headful/flamingo/hardware.nix rename to hosts/desktop/flamingo/hardware.nix diff --git a/hosts/headful/flamingo/system.nix b/hosts/desktop/flamingo/system.nix similarity index 100% rename from hosts/headful/flamingo/system.nix rename to hosts/desktop/flamingo/system.nix diff --git a/hosts/headful/glacier/hardware.nix b/hosts/desktop/glacier/hardware.nix similarity index 100% rename from hosts/headful/glacier/hardware.nix rename to hosts/desktop/glacier/hardware.nix diff --git a/hosts/headful/glacier/system.nix b/hosts/desktop/glacier/system.nix similarity index 100% rename from hosts/headful/glacier/system.nix rename to hosts/desktop/glacier/system.nix diff --git a/hosts/desktop/glacier/users.nix b/hosts/desktop/glacier/users.nix new file mode 100644 index 0000000..7947add --- /dev/null +++ b/hosts/desktop/glacier/users.nix @@ -0,0 +1,15 @@ +{ + config, + lib, + ... +}: { + age.secrets = lib.mkSecrets {"user-guest" = {};}; + + users.users.guest = { + description = "Guest"; + uid = 1001; + isNormalUser = true; + hashedPasswordFile = config.age.secrets."user-guest".path; + openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users; + }; +} diff --git a/hosts/headful/work/distrobox.nix b/hosts/headful/work/distrobox.nix deleted file mode 100644 index 5b6e13b..0000000 --- a/hosts/headful/work/distrobox.nix +++ /dev/null @@ -1,5 +0,0 @@ -{pkgs, ...}: { - environment.systemPackages = [ - pkgs.distrobox - ]; -} diff --git a/hosts/headful/work/docker.nix b/hosts/headful/work/docker.nix deleted file mode 100644 index 9dee2a5..0000000 --- a/hosts/headful/work/docker.nix +++ /dev/null @@ -1,5 +0,0 @@ -{config, ...}: { - virtualisation.docker.enable = true; - - users.groups.docker.members = config.users.normalUsers; -} diff --git a/hosts/headful/work/hardware.nix b/hosts/headful/work/hardware.nix deleted file mode 100644 index 24f1ac0..0000000 --- a/hosts/headful/work/hardware.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - inputs, - modulesPath, - ... -}: { - imports = [ - "${modulesPath}/installer/scan/not-detected.nix" - - inputs.hardware.nixosModules.common-cpu-amd - inputs.hardware.nixosModules.common-gpu-amd - inputs.hardware.nixosModules.common-pc-laptop-ssd - inputs.hardware.nixosModules.lenovo-thinkpad - ]; - - nixpkgs.hostPlatform = "x86_64-linux"; - - boot = { - initrd = { - availableKernelModules = ["nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod"]; - kernelModules = []; - }; - kernelModules = ["kvm-amd"]; - extraModulePackages = []; - }; -} diff --git a/hosts/headless/vessel/system.nix b/hosts/headless/vessel/system.nix deleted file mode 100644 index a05de83..0000000 --- a/hosts/headless/vessel/system.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - system.stateVersion = "24.11"; -} diff --git a/hosts/headless/abacus/acme.nix b/hosts/server/abacus/acme.nix similarity index 100% rename from hosts/headless/abacus/acme.nix rename to hosts/server/abacus/acme.nix diff --git a/hosts/headless/abacus/backup.nix b/hosts/server/abacus/backup.nix similarity index 100% rename from hosts/headless/abacus/backup.nix rename to hosts/server/abacus/backup.nix diff --git a/hosts/headless/abacus/forgejo.nix b/hosts/server/abacus/forgejo.nix similarity index 100% rename from hosts/headless/abacus/forgejo.nix rename to hosts/server/abacus/forgejo.nix diff --git a/hosts/headless/abacus/fs.nix b/hosts/server/abacus/fs.nix similarity index 100% rename from hosts/headless/abacus/fs.nix rename to hosts/server/abacus/fs.nix diff --git a/hosts/headless/abacus/hardware.nix b/hosts/server/abacus/hardware.nix similarity index 100% rename from hosts/headless/abacus/hardware.nix rename to hosts/server/abacus/hardware.nix diff --git a/hosts/headless/abacus/microbin.nix b/hosts/server/abacus/microbin.nix similarity index 100% rename from hosts/headless/abacus/microbin.nix rename to hosts/server/abacus/microbin.nix diff --git a/hosts/headless/abacus/miniflux.nix b/hosts/server/abacus/miniflux.nix similarity index 100% rename from hosts/headless/abacus/miniflux.nix rename to hosts/server/abacus/miniflux.nix diff --git a/hosts/headless/abacus/navidrome.nix b/hosts/server/abacus/navidrome.nix similarity index 100% rename from hosts/headless/abacus/navidrome.nix rename to hosts/server/abacus/navidrome.nix diff --git a/hosts/headless/abacus/networking.nix b/hosts/server/abacus/networking.nix similarity index 100% rename from hosts/headless/abacus/networking.nix rename to hosts/server/abacus/networking.nix diff --git a/hosts/headless/abacus/nginx.nix b/hosts/server/abacus/nginx.nix similarity index 100% rename from hosts/headless/abacus/nginx.nix rename to hosts/server/abacus/nginx.nix diff --git a/hosts/headless/abacus/static.nix b/hosts/server/abacus/static.nix similarity index 100% rename from hosts/headless/abacus/static.nix rename to hosts/server/abacus/static.nix diff --git a/hosts/headless/abacus/syncthing.nix b/hosts/server/abacus/syncthing.nix similarity index 100% rename from hosts/headless/abacus/syncthing.nix rename to hosts/server/abacus/syncthing.nix diff --git a/hosts/headful/work/system.nix b/hosts/server/abacus/system.nix similarity index 100% rename from hosts/headful/work/system.nix rename to hosts/server/abacus/system.nix diff --git a/hosts/headless/abacus/vaultwarden.nix b/hosts/server/abacus/vaultwarden.nix similarity index 100% rename from hosts/headless/abacus/vaultwarden.nix rename to hosts/server/abacus/vaultwarden.nix diff --git a/hosts/headless/vessel/backup.nix b/hosts/server/vessel/backup.nix similarity index 100% rename from hosts/headless/vessel/backup.nix rename to hosts/server/vessel/backup.nix diff --git a/hosts/headless/vessel/blocky.nix b/hosts/server/vessel/blocky.nix similarity index 100% rename from hosts/headless/vessel/blocky.nix rename to hosts/server/vessel/blocky.nix diff --git a/hosts/headless/vessel/fs.nix b/hosts/server/vessel/fs.nix similarity index 100% rename from hosts/headless/vessel/fs.nix rename to hosts/server/vessel/fs.nix diff --git a/hosts/headless/vessel/hardware.nix b/hosts/server/vessel/hardware.nix similarity index 100% rename from hosts/headless/vessel/hardware.nix rename to hosts/server/vessel/hardware.nix diff --git a/hosts/headless/vessel/musicomp.nix b/hosts/server/vessel/musicomp.nix similarity index 100% rename from hosts/headless/vessel/musicomp.nix rename to hosts/server/vessel/musicomp.nix diff --git a/hosts/headless/vessel/storage.nix b/hosts/server/vessel/storage.nix similarity index 100% rename from hosts/headless/vessel/storage.nix rename to hosts/server/vessel/storage.nix diff --git a/hosts/headless/vessel/syncthing.nix b/hosts/server/vessel/syncthing.nix similarity index 100% rename from hosts/headless/vessel/syncthing.nix rename to hosts/server/vessel/syncthing.nix diff --git a/hosts/headless/abacus/system.nix b/hosts/server/vessel/system.nix similarity index 100% rename from hosts/headless/abacus/system.nix rename to hosts/server/vessel/system.nix diff --git a/modules/musicomp.nix b/modules/musicomp.nix index e78ed31..0b70377 100644 --- a/modules/musicomp.nix +++ b/modules/musicomp.nix @@ -14,6 +14,7 @@ in { Compression jobs to run with musicomp. ''; default = {}; + # type = types.attrsOf (types.submodule ({name, ...}: { type = types.attrsOf (types.submodule { options = { music = lib.mkOption { diff --git a/pubkeys.nix b/pubkeys.nix index ef402fe..c0a572e 100644 --- a/pubkeys.nix +++ b/pubkeys.nix @@ -2,7 +2,6 @@ users = { "lukas@flamingo" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAztZgcRBHqX8Wb2nAlP1qCKF205M3un/D1YnREcO7Dy"; "lukas@glacier" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4U9RzV/gVGBfrCOye7BlS11g5BS7SmuZ36n2ZIJyAX"; - "lukas@work" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINjvkQeQhAlS+e5EJOXW9Lqd3/uG9qNLIO0NaMFCA0Ew"; }; hosts = { diff --git a/secrets/forgejo-admin.age b/secrets/forgejo-admin.age index c1310ee..42485b0 100644 --- a/secrets/forgejo-admin.age +++ b/secrets/forgejo-admin.age @@ -1,11 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 SFHVrw 9dH40GoNAJDxel8PMA1HvlveV7N7YL2pljFOFRt3pCw -VGoCzz+hMzEevY+oyNwqD0SBAszyFlDKE75vgDomnG8 --> ssh-ed25519 S+dwQQ QK3rIe3qP0Q1bTNS5U66b6oNzBQ/sWHIosidrTPcQSA -FCmCsZQFg1NJr8ZkFtMq6xKnhCqCy9WlhnZ9UCwNzLQ --> ssh-ed25519 bPbvlw aNQ8AJ44P2YL13lg4XTGus+bCc+QnixRSRUYYvZlShQ -mxYbEYod31eQPE6Q7RjeHLStyO1Lzgy6Uc5FOnfs+LU --> ssh-ed25519 ffmsLw 0uqp9oR4s4tuaq8jD1zuRJxE0HD01bb0G0MXfwCiBGA -x7WHC+J1yT5uiXP6lBq/bZBwvmrRlSHt7UxKmyBEKKQ ---- zqNQjfCKC/l6wntS69NEHjuc1brikhaBTjFezL9vFL4 -C7%: 18 $~9@?Ÿhvyokn5 \ No newline at end of file +-> ssh-ed25519 SFHVrw AX7EqqMZLaetIHP2UX3tAah1sM62HC4Q6yQN+GfI/mY +ZjQ3rIVxjUKvH49WsQx5GH1Xrt5YhcQV1xGy1Ha0QVM +-> ssh-ed25519 S+dwQQ srmW8YUI+usZdBng7/vYefhK8U7h8lhmZPnQBXIVyzo +PGwiccVGY9LXWwKjaNCNajYiqQeNftGdURSlU+7i6/w +-> ssh-ed25519 ffmsLw sezlUhl2yIHgR6igudKrnRaYlowBNT1mTZPmJL83G0o +vBpTR6Rl4UGtFbdPKrl29QpzyQV2RkJJ5OF5a9TDlzg +--- gpOgzSPpqa4CN+2v7jBkc1CBHJblq1NHlr8bDNvM3Vk +.uc'߄ԒotiPrty ssh-ed25519 SFHVrw tNbCa6mX5iKQVHYzH3zvY2G9WVH6XdrbznOH2Rk2vSY -SoHf0SobVw0xFhAR9fCVsARNTc77NNaJKJhXoVxuR08 --> ssh-ed25519 S+dwQQ VNBre/TP6A4Wi3DikAtlS+R+Nd4qbA/3rCT43yDhC0I -G5IbJ1Qu5cqtwqXmhKXj29HjU7flaKTrVhuL6ZGsCwg --> ssh-ed25519 bPbvlw Q9GIzAbJ4CKedyoIyvlWDy28dMxu96vJ6mo10YMFIik -/q1TMLjD24/px6Js3gJU/1yRh1vVXmKGzmgO5kHp2Sc --> ssh-ed25519 ffmsLw TgwIrHo+kSs/UEl1KU+npeVaMItnMeP3NW8FByzHcTg -6DOj+9BQxf/UyRYBwds1pbZhjoeZW/YobJcwmNejpPE ---- xlK0luDTDWaLrv4RQN5w6QBKdcpjhMgDJ48DZ6FImZI -+,*HZtvp_G6~voFE{(r>7y) -\l jWL5V+u8'x;?^Yd} -y=ERnn݀ [yf:7llLH!% \ No newline at end of file +-> ssh-ed25519 SFHVrw TkbWIX2yad67AIqSP0DUUzcpViFHifihErZwkzz3xFQ +YORNt67kj9l85z1hNTKQM6fAL/HtGcM3wzE5YZuFCs8 +-> ssh-ed25519 S+dwQQ NkzIfNX9W9PixBFN9AfKc3a4GVcx5wNcrYjsJoknJ0M +XuWOXdC2oRruDeTd8iKieiJozsqgm0e9LaJh/VFRgjU +-> ssh-ed25519 ffmsLw vxKLezBR2pJ5PAYmUUt+i+Lrr+RxmMhJBBBvcHfU4VI +qS7oUjBXaCQTHTeHzH4FjT1k1DPQVEMhuI+DcgtKIx8 +--- 1+KVV2W3RuOVgdM/9nfQifQVlyHW30Pom822E+W+N1Y +ԫ^p1QHQC4P1/d@.ڒUW7Úc}n9oBەI4sG/tdy#t 3w8Gsx'Qtk5b?W(oIMܚȕ||a-t&0?o + \ No newline at end of file diff --git a/secrets/miniflux.age b/secrets/miniflux.age index fdf0fad..898de75 100644 Binary files a/secrets/miniflux.age and b/secrets/miniflux.age differ diff --git a/secrets/restic-abacus.age b/secrets/restic-abacus.age index bd2b50d..ab6073e 100644 --- a/secrets/restic-abacus.age +++ b/secrets/restic-abacus.age @@ -1,11 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 SFHVrw G1A9IO6ECBAnXKOjJwMlDjFSTLy9wuhQs+aj8PXuvwA -KoHzzO0Ph+/TEQzR7Q3vnboRHoye3hVdNiPacXEaNiE --> ssh-ed25519 S+dwQQ A1M/dWIKWe19H+RwVqkvAaj1F3IOG2t4be76IReb1wk -fHpcQDg0heffeFbeclcY6p/nP2mcmNs+7s0TblrR1zk --> ssh-ed25519 bPbvlw OBlQjH07EHcSIj2PP/niqgcJvraJjzSiaU9Mzdaixgk -s9iBEXPvrAG77xrEU/upbR82UXnHc0LwTwhpXJihAE0 --> ssh-ed25519 ffmsLw ibz7P1bDTFcp67VjTaZDU3+fNguEz6H+dCVvMfEb6CE -rjUrjtSwNmh1HW0xI2SNNFBVSXF/qSBgnxDrEbgkn5c ---- rP2V1uNQoDB8MuZSsfje/Vms0N3G/cG98ouy3HbSdfg -'#gT4k' -ت1(T> ^gN \ No newline at end of file +-> ssh-ed25519 SFHVrw qAbBwykCd+ep5gMH5b3Q46DT6T7++8n/d5wsYK/A/yU +x5vVOXJkTOrgxeQv/rilnNSfbKNaXTqVXewpfo+t4dI +-> ssh-ed25519 S+dwQQ 5IWRUJAkmEgncU8wNUWucnQsRw4+Pq+aGRFowTDi128 +1LWbLF92Q7kCh6udDygMfxV5SFqSDeLOJjVjeajw3JQ +-> ssh-ed25519 ffmsLw d31xv9QtwoUsEiH8bOJwZfJOO+8TBiTEGFYMdHpAaUA +JjUmM4rBoz3xzCRMBpAc928T3IAnswy0VQ6DiskBmdU +--- NzON8ELsKnc8L8mqMZZlKLQ3jnw9Sli/eykkeemx080 +Y~Xx 7YϪXLL`)I,"P h;f"T \ No newline at end of file diff --git a/secrets/restic-vessel.age b/secrets/restic-vessel.age index c4911ee..8646b01 100644 --- a/secrets/restic-vessel.age +++ b/secrets/restic-vessel.age @@ -1,11 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 SFHVrw VZLiEt6pLSeIDOm+284nFo2hD85Iyc0NpVn+Rey8FWc -4q3br1P7JM/PSlG6vCtJO/CiQqLVXLxtfK/lCY4HhZE --> ssh-ed25519 S+dwQQ xOZrxWxz36yhKO0kAnJKcX3Y9mnoSULbw/UIxaBzO1I -dzuEybiRgrs81j7axLCsENjMVr/DTVhTmCypOJP+Q10 --> ssh-ed25519 bPbvlw 2/vYkg/8kG9ifWC0TUzpnc9hN73PQJdZlxDU0lPr5FM -nj6eGaULzKlCyKk8IrvpFPk8tbIV7vldq5UooMOXJEg --> ssh-ed25519 Sm0lOA 9nkSVidtXtGUp3QcfMIPFXbdyZnDslb2FRFANXon4RU -ChFong+DTCiRjgtIJdRJ6AfKCDZm/Ibm8SSysIYKTb4 ---- kQmvif7LH8dOS7KvYphgj2npxYxhpqhi7MGGVCWJiDg -EzwWj u?^`>Y0!\ zAC2 \ No newline at end of file +-> ssh-ed25519 SFHVrw T90IpkfLUbCrEQEOvErDVp/uv36oCPfZ5QthIEz1uG4 +6ge0ldLTgXJOgBabC2VzElNYg/CpWssd+smNo3JTgBA +-> ssh-ed25519 S+dwQQ qJrUqmj66/eDDvYPbcohc+IA3YwhDDOyfCwxI4jLxUI +yDFBlLTSfJXzvvGhW2DbJVCIRYQDEL9WML1EaUAtXNI +-> ssh-ed25519 Sm0lOA cEd39ojIF4yab0JWV/poybmF4kH6ub9/tTXRXLS0ghU +rA5GqgeruK6Tscay6EnBdHmM5edR0kF4cg+iGPAZuTc +--- 0CvvxtMR1IyIhsNNdwAuh5SWqwEbCtIVPi/K0yeheLM +okj2dBѿgez.K@rw{SzjW \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 5249bb7..111ffe9 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,5 +1,6 @@ with import ../pubkeys.nix; { "user-lukas.age".publicKeys = (builtins.attrValues users) ++ (builtins.attrValues hosts); + "user-guest.age".publicKeys = (builtins.attrValues users) ++ (builtins.attrValues hosts); "microbin.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus]; diff --git a/secrets/user-guest.age b/secrets/user-guest.age new file mode 100644 index 0000000..99525a3 --- /dev/null +++ b/secrets/user-guest.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> ssh-ed25519 SFHVrw 4jAZDtFvwOfUUK8LgLSCTElHNi+QilqWQyP4C/LNflU +qpvs//hyzk7nTOqc7pu/rFY4xAL9TVFzjle8l/gPveU +-> ssh-ed25519 S+dwQQ DK4BzHpq8fupZaiyxh7VQ5qoSY5iSEyd4Kv8PNrz70I +TmbFc3XbyvLESnAkLqFSfRskExzRcPVP8MfKHr/IkNA +-> ssh-ed25519 ffmsLw qY8W9fSy5UuhbeGoI1K+wgQvqrw9ttcNOYelmt71Kng +t2JX4gdYxn6OlKrqXqufwcRrUbOPAmjxXXZnDHkYlSw +-> ssh-ed25519 d2fKsw 3rX4vasW2uHU+bC/YFE2xVvHOFCcz7vmlLPbVrmzt3I +pJFFn19v2dxKM9+6fwW7dBBqXGePHx4LPfBdTg67DHE +-> ssh-ed25519 US6ATA +UHEcCtfoYaTs0U/hI7xLRfw/ZZAJRmqVfAXjgYh/Hk +Wr2HWbLJAvIRCuCeepwEVFCRRu1liER06ErCYHDCWgo +-> ssh-ed25519 Sm0lOA smM2jccrg/AodVMaG8TAXmi+kRTY7Dn2C+50VObvVUg +TV08Asyq60sVfyiveWJ+29zf4kfJ/l0SAKm1otNSHKo +--- DWHY6OyVQuPAcCZWMTt8I2fjoino1r33Dx1Mrr8NqoQ +LWR҆\%^JxbסL(7v.⥈̍7 ""1|i'>6>R+֊DHƃ57X` \ No newline at end of file diff --git a/secrets/user-lukas.age b/secrets/user-lukas.age index e70d73e..22f8fd9 100644 Binary files a/secrets/user-lukas.age and b/secrets/user-lukas.age differ diff --git a/secrets/vaultwarden.age b/secrets/vaultwarden.age index 842007f..e50d808 100644 Binary files a/secrets/vaultwarden.age and b/secrets/vaultwarden.age differ