diff --git a/flake.lock b/flake.lock index e425e8b..8a95fce 100644 --- a/flake.lock +++ b/flake.lock @@ -101,21 +101,6 @@ "type": "github" } }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -144,11 +129,11 @@ ] }, "locked": { - "lastModified": 1745251259, - "narHash": "sha256-Hf8WEJMMoP6Fe+k+PYkVJFk5UKory2S0jW7HqRVqQFc=", + "lastModified": 1747439237, + "narHash": "sha256-5rCGrnkglKKj4cav1U3HC+SIUNJh08pqOK4spQv9RjA=", "owner": "nix-community", "repo": "home-manager", - "rev": "82ee14ff60611b46588ea852f267aafcc117c8c8", + "rev": "ae755329092c87369b9e9a1510a8cf1ce2b1c708", "type": "github" }, "original": { @@ -171,43 +156,6 @@ "url": "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz" } }, - "lix": { - "flake": false, - "locked": { - "lastModified": 1729298361, - "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=", - "rev": "ad9d06f7838a25beec425ff406fe68721fef73be", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": [ - "flake-utils" - ], - "flakey-profile": "flakey-profile", - "lix": "lix", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1732605668, - "narHash": "sha256-DN5/166jhiiAW0Uw6nueXaGTueVxhfZISAkoxasmz/g=", - "rev": "f19bd752910bbe3a861c9cad269bd078689d50fe", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/f19bd752910bbe3a861c9cad269bd078689d50fe.tar.gz?rev=f19bd752910bbe3a861c9cad269bd078689d50fe" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz" - } - }, "nixlib": { "locked": { "lastModified": 1736643958, @@ -246,11 +194,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1744633460, - "narHash": "sha256-fbWE4Xpw6eH0Q6in+ymNuDwTkqmFmtxcQEmtRuKDTTk=", + "lastModified": 1747129300, + "narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "9a049b4a421076d27fee3eec664a18b2066824cb", + "rev": "e81fd167b33121269149c57806599045fd33eeed", "type": "github" }, "original": { @@ -262,43 +210,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744917357, - "narHash": "sha256-1Sj8MToixDwakJYNMYBS/PYbg8Oa4CAxreXraMHB5qg=", + "lastModified": 1747327360, + "narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1eae3268880484be84199bdb77941c09bb4a97ba", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.11-small", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-full": { - "locked": { - "lastModified": 1744440957, - "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1744932701, - "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", + "rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46", "type": "github" }, "original": { @@ -308,6 +224,22 @@ "type": "github" } }, + "nixpkgs-small": { + "locked": { + "lastModified": 1747452614, + "narHash": "sha256-hSEz6JHZTJJTeIudt0SK3UoZnfThHwKCUGvSe5/zn8g=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e067fb89ac3e59f993f257c799318132f1492f01", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -316,12 +248,10 @@ "flake-utils": "flake-utils", "home-manager": "home-manager_2", "homepage": "homepage", - "lix-module": "lix-module", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", - "nixpkgs-full": "nixpkgs-full", - "nixpkgs-unstable": "nixpkgs-unstable", + "nixpkgs-small": "nixpkgs-small", "systems": "systems", "treefmt-nix": "treefmt-nix" } @@ -348,11 +278,11 @@ ] }, "locked": { - "lastModified": 1744961264, - "narHash": "sha256-aRmUh0AMwcbdjJHnytg1e5h5ECcaWtIFQa6d9gI85AI=", + "lastModified": 1747469671, + "narHash": "sha256-bo1ptiFoNqm6m1B2iAhJmWCBmqveLVvxom6xKmtuzjg=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "8d404a69efe76146368885110f29a2ca3700bee6", + "rev": "ab0378b61b0d85e73a8ab05d5c6029b5bd58c9fb", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 8dc1c74..05f7349 100644 --- a/flake.nix +++ b/flake.nix @@ -2,9 +2,8 @@ description = "dadada's nix flake"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11-small"; - nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; - nixpkgs-full.url = "github:NixOS/nixpkgs/nixos-24.11"; + nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; flake-utils = { url = "github:numtide/flake-utils"; inputs.systems.follows = "systems"; @@ -26,11 +25,6 @@ url = "github:numtide/devshell"; inputs.nixpkgs.follows = "nixpkgs"; }; - lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-utils.follows = "flake-utils"; - }; nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/home/default.nix b/home/default.nix index 80d53a3..fd0ddd3 100644 --- a/home/default.nix +++ b/home/default.nix @@ -19,24 +19,24 @@ let "helix" ]; colors = { - background = "ffffff"; - foreground = "000000"; - regular0 = "000000"; - regular1 = "000000"; - regular2 = "000000"; - regular3 = "000000"; - regular4 = "000000"; - regular5 = "000000"; - regular6 = "000000"; - regular7 = "000000"; - bright0 = "ffffff"; - bright1 = "ffffff"; - bright2 = "ffffff"; - bright3 = "ffffff"; - bright4 = "ffffff"; - bright5 = "ffffff"; - bright6 = "ffffff"; - bright7 = "ffffff"; + background = "fdf6e3"; + foreground = "657b83"; + regular0 = "eee8d5"; # background darker + regular1 = "dc322f"; # red + regular2 = "859900"; # green + regular3 = "b58900"; # dark orange + regular4 = "268bd2"; # azure blue + regular5 = "d33682"; # hot pink + regular6 = "2aa198"; # petrol + regular7 = "073642"; # navy + bright0 = "cb4b16"; # orange + bright1 = "fdf6e3"; # foreground + bright2 = "93a1a1"; # grey + bright3 = "839496"; # slightly darker grey + bright4 = "657b83"; # even slightly darker grey + bright5 = "6c71c4"; # purple + bright6 = "586e75"; # pretty dark grey + bright7 = "002b36"; # dark navy blue }; in { @@ -403,11 +403,11 @@ in bindsym $mod+grave exec busctl --user call org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow lockAllDatabases && swaylock -c #fdf6e3 # class border backgr. text indicator child_border - client.focused #${background} #${foreground} #${background} #${foreground} #${background} - client.focused_inactive #${background} #${background} #${foreground} #${foreground} #${background} - client.unfocused #${background} #${background} #${foreground} #${foreground} #${background} - client.urgent #${background} #${background} #${foreground} #${foreground} #${background} - client.placeholder #${background} #${background} #${foreground} #${foreground} #${background} + client.focused #${bright6} #${foreground} #${background} #${bright5} #${regular4} + client.focused_inactive #${regular0} #${regular0} #${foreground} #${bright5} #${regular0} + client.unfocused #${regular0} #${background} #${bright2} #${bright5} #${regular0} + client.urgent #${bright1} #${bright0} #${regular4} #${background} #${bright0} + client.placeholder #${background} #${bright2} #${foreground} #${background} #${bright2} client.background #${foreground} @@ -432,6 +432,8 @@ in } ''; + services.poweralertd.enable = true; + # Let Home Manager install and manage itself. programs.home-manager.enable = true; diff --git a/home/modules/alacritty/default.nix b/home/modules/alacritty/default.nix index db3db6e..086b945 100644 --- a/home/modules/alacritty/default.nix +++ b/home/modules/alacritty/default.nix @@ -17,7 +17,7 @@ in programs.alacritty = { enable = true; settings = { - env.TERM = "xterm-mono"; + env.TERM = "xterm-256color"; scrolling.history = 0; font = { size = 9; diff --git a/home/modules/helix/config/config.toml b/home/modules/helix/config/config.toml index 71b6c42..41cf786 100644 --- a/home/modules/helix/config/config.toml +++ b/home/modules/helix/config/config.toml @@ -1,4 +1,4 @@ -theme = "black" +theme = "solarized_light" [editor] line-number = "relative" diff --git a/home/modules/helix/config/themes/black.toml b/home/modules/helix/config/themes/black.toml deleted file mode 100644 index 88d1a35..0000000 --- a/home/modules/helix/config/themes/black.toml +++ /dev/null @@ -1,34 +0,0 @@ -"ui.background" = {bg="white"} -"ui.text" = "black" -"ui.linenr" = {bg="white", fg="black"} -"ui.linenr.selected" = {bg="white", fg="black"} -"ui.selection" = {modifiers=["reversed"]} -"ui.cursorline" = {modifiers=["reversed"]} -"ui.statusline" = {modifiers=["reversed"]} -"ui.statusline.inactive" = {fg="black", bg="white"} -"ui.virtual" = "indent" -"ui.virtual.ruler" = { bg = "black", fg ="white" } -"ui.cursor.match" = {modifiers=["reversed"]} -"ui.cursor" = {modifiers=["reversed"]} -"ui.debug" = {fg="black"} -"ui.highlight" = { modifiers = ["underlined"] } -"ui.highlight.frameline" = {modifiers=["reversed"]} -"ui.help" = { modifiers=["reversed"] } -"ui.popup" = { modifiers=["reversed"] } -"ui.popup.info" = { modifiers=["reversed"] } -"ui.text.info" = { modifiers=["reversed"] } -"ui.menu" = { bg="black", fg="white" } -"ui.menu.selected" = { bg="white", fg="black" } -"ui.window" = { bg="white" } -"diagnostic" = { modifiers=["reversed"] } -"diagnostic.error" = {modifiers=["bold", "underlined"]} -"diagnostic.warning" = {modifiers=["underlined", "italic"]} -"diagnostic.hint" = {modifiers=["underlined"]} -"diagnostic.unnecessary" = {modifiers = ["dim"]} -"diagnostic.deprecated" = {modifiers = ["crossed_out"]} -"ui.bufferline" = { fg="black", bg="white" } -"ui.bufferline.active" = { fg="black", bg="white" } - -[palette] -white = "#ffffff" -black = "#000000" diff --git a/home/modules/tmux.nix b/home/modules/tmux.nix index df005ff..70f2974 100644 --- a/home/modules/tmux.nix +++ b/home/modules/tmux.nix @@ -12,17 +12,17 @@ in config = mkIf cfg.enable { programs.tmux = { enable = true; + terminal = "tmux-256color"; extraConfig = '' setw -g mode-keys vi set -g mouse on set -g set-clipboard external set -g set-titles on set -g status on + set -ga terminal-overrides ',*256col*:Tc' set-option -g status-interval 5 set-option -g automatic-rename on set-option -g automatic-rename-format '#{b:pane_current_path}' - set -g status-bg "#000000" - set -g status-fg "#ffffff" bind '"' split-window -c "#{pane_current_path}" bind % split-window -h -c "#{pane_current_path}" bind c new-window -c "#{pane_current_path}" diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index fb4cc76..a095bff 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -20,7 +20,6 @@ in autocd = true; sessionVariables = { EDITOR = "hx"; - TERM = "xterm-mono"; }; history = { extended = true; @@ -45,7 +44,6 @@ in PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f"$'\n'"╰─> " RPROMPT='$(git_super_status)' - #NIX_BUILD_SHELL="${pkgs.zsh}/bin/zsh" ''; profileExtra = '' ''; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 48d70cd..adacb51 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -1,60 +1,73 @@ -{ self -, agenix -, lix-module -, nixpkgs -, nixpkgs-full -, home-manager -, homepage -, nixos-hardware -, nixos-generators -, nixpkgs-unstable -, ... +{ + self, + agenix, + home-manager, + homepage, + nixos-hardware, + nixos-generators, + nixpkgs, + nixpkgs-small, + ... }@inputs: let - lixModule = lix-module.nixosModules.default; + nixosSystem = + { + nixpkgs, + system ? "x86_64-linux", + extraModules ? [ ], + }: + nixpkgs.lib.nixosSystem { + inherit system; - nixosSystem = { n_nixpkgs ? nixpkgs, system ? "x86_64-linux", extraModules ? [ ] }: n_nixpkgs.lib.nixosSystem { - inherit system; - - modules = [ - lixModule - { - nixpkgs.overlays = n_nixpkgs.lib.attrValues self.overlays; - } - ] ++ (n_nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModules.age ] ++ extraModules; - }; + modules = + [ + { + nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; + } + ] + ++ (nixpkgs.lib.attrValues self.nixosModules) + ++ [ agenix.nixosModules.age ] + ++ extraModules; + }; in { - gorgon = nixosSystem rec { - n_nixpkgs = nixpkgs-unstable; + gorgon = + let + system = "x86_64-linux"; + in + nixosSystem { + inherit nixpkgs system; - system = "x86_64-linux"; - - extraModules = [ - { - nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; - dadada.pkgs = self.packages.${system}; - dadada.inputs = inputs // { dadada = self; }; - } - - nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 - - home-manager.nixosModules.home-manager - ({ pkgs, lib, ... }: + extraModules = [ { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ - { dadada.home.helix.package = pkgs.helix; } - { manual.manpages.enable = false; } - ]; - home-manager.users.dadada = import ../home; - }) - ./gorgon/configuration.nix - ]; - }; + nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; + dadada.pkgs = self.packages.${system}; + dadada.inputs = inputs // { + dadada = self; + }; + } + + nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 + + home-manager.nixosModules.home-manager + ( + { pkgs, lib, ... }: + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ + { dadada.home.helix.package = pkgs.helix; } + { manual.manpages.enable = false; } + ]; + home-manager.users.dadada = import ../home; + } + ) + ./gorgon/configuration.nix + ]; + }; surgat = nixosSystem { + nixpkgs = nixpkgs-small; system = "x86_64-linux"; extraModules = [ { @@ -66,34 +79,38 @@ in }; agares = nixosSystem { + nixpkgs = nixpkgs-small; extraModules = [ ./agares/configuration.nix ]; }; - installer = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - lixModule - nixos-generators.nixosModules.install-iso - self.nixosModules.admin - { - isoImage.isoName = nixpkgs.lib.mkForce "dadada-nixos-installer.iso"; - networking.tempAddresses = "disabled"; - dadada.admin.enable = true; - documentation.enable = true; - documentation.nixos.enable = true; - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - } - ]; - }; + installer = + let + nixpkgs = nixpkgs-small; + in + nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + nixos-generators.nixosModules.install-iso + self.nixosModules.admin + { + isoImage.isoName = nixpkgs.lib.mkForce "dadada-nixos-installer.iso"; + networking.tempAddresses = "disabled"; + dadada.admin.enable = true; + documentation.enable = true; + documentation.nixos.enable = true; + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + } + ]; + }; ninurta = nixosSystem { - n_nixpkgs = nixpkgs-full; + nixpkgs = nixpkgs-small; extraModules = [ ./ninurta/configuration.nix ]; diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index e375cc9..c23a273 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let mkDefault = lib.mkDefault; inputs = config.dadada.inputs; @@ -22,6 +22,8 @@ in time.timeZone = mkDefault "Europe/Berlin"; + nix.package = pkgs.lix; + nix.settings.substituters = [ https://cache.nixos.org/ ]; nix.settings.trusted-public-keys = [ diff --git a/nixos/modules/profiles/cloud.nix b/nixos/modules/profiles/cloud.nix index 98314c7..ba131e1 100644 --- a/nixos/modules/profiles/cloud.nix +++ b/nixos/modules/profiles/cloud.nix @@ -5,11 +5,19 @@ let in { boot.initrd.availableKernelModules = [ "virtio-pci" ]; + + boot.kernelParams = [ + # Wait forever for the filesystem root to show up + "rootflags=x-systemd.device-timeout=0" + + # Wait forever to enter the LUKS passphrase via SSH + "rd.luks.options=timeout=0" + ]; boot.initrd.network = { enable = true; ssh = { enable = true; - port = 22; + port = 2223; hostKeys = [ config.age.secrets."${initrdHostKey}".path ]; @@ -27,8 +35,13 @@ in ''; }; + assertions = lib.singleton { + assertion = (config.boot.initrd.network.ssh.hostKeys != [ ]) -> config.boot.loader.supportsInitrdSecrets == true; + message = "Refusing to store private keys in store"; + }; + age.secrets."${initrdHostKey}" = { - file = "${secretsPath}/${initrdHostKey}.age"; + file = "${secretsPath}/initrd-${initrdHostKey}.age"; mode = "600"; path = "/etc/initrd/${initrdHostKey}"; symlink = false; diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index d26358c..1aeab43 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -20,6 +20,7 @@ with lib; { services.journald.extraConfig = '' SystemKeepFree = 2G + MaxRetentionSec = 100days ''; system.autoUpgrade = { diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 6dad1ee..f2c7ba2 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -137,6 +137,10 @@ in boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; + boot.kernelParams = [ + "ip=49.12.3.98::172.31.1.1:255.255.255.255:surgat::dhcp" + ]; + services.resolved = { enable = true; fallbackDns = [ "9.9.9.9" "2620:fe::fe" ]; diff --git a/outputs.nix b/outputs.nix index efa3dab..d588f6e 100644 --- a/outputs.nix +++ b/outputs.nix @@ -1,18 +1,14 @@ # Adapted from Mic92/dotfiles -{ self -, flake-utils -, flake-registry -, homepage -, lix-module -, nixpkgs -, home-manager -, nixos-hardware -, nixpkgs-full -, agenix -, devshell -, ... -} @ inputs: -(flake-utils.lib.eachDefaultSystem (system: +{ + self, + flake-utils, + nixpkgs, + agenix, + devshell, + ... +}@inputs: +(flake-utils.lib.eachDefaultSystem ( + system: let pkgs = import nixpkgs { inherit system; }; in @@ -35,8 +31,9 @@ packages = import ./pkgs { inherit pkgs; } // { installer-iso = self.nixosConfigurations.installer.config.system.build.isoImage; }; - })) - // { + } +)) +// { hmModules = import ./home/modules.nix { lib = nixpkgs.lib; }; diff --git a/secrets/initrd-surgat-ssh_host_ed25519_key.age b/secrets/initrd-surgat-ssh_host_ed25519_key.age new file mode 100644 index 0000000..32dbcbf Binary files /dev/null and b/secrets/initrd-surgat-ssh_host_ed25519_key.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 7da57e3..946d855 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -21,6 +21,7 @@ in "miniflux-admin-credentials.age".publicKeys = [ systems.surgat dadada ]; "gorgon-backup-passphrase-gs.age".publicKeys = [ systems.gorgon dadada ]; "paperless.age".publicKeys = [ systems.gorgon dadada ]; + "initrd-surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; "surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; "ninurta-initrd-ssh-key.age".publicKeys = [ systems.ninurta dadada ]; "ddns-credentials.age".publicKeys = [ systems.agares systems.ninurta dadada ];