diff --git a/.envrc b/.envrc index 6a37c4f..3140b68 100644 --- a/.envrc +++ b/.envrc @@ -1,5 +1,3 @@ -#!/bin/sh - watch_file devshell.nix use flake diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 512e01e..49f19df 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,4 +4,4 @@ updates: directory: "/" schedule: interval: "weekly" - assignees: ["dadada"] + assignees: [ "dadada" ] diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml index 28b1d3c..b0c0fa3 100644 --- a/.github/workflows/nix-flake-check.yml +++ b/.github/workflows/nix-flake-check.yml @@ -1,24 +1,26 @@ name: Continuous Integration + on: pull_request: push: branches: [main] + jobs: checks: name: "Checks" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v26 - with: - nix_path: nixpkgs=channel:nixos-stable - extra_nix_config: | - experimental-features = nix-command flakes - access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} - system-features = nixos-test benchmark big-parallel kvm - - uses: cachix/cachix-action@v14 - with: - name: dadada - signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - - run: nix flake check + - uses: actions/checkout@v4 + - uses: cachix/install-nix-action@v26 + with: + nix_path: nixpkgs=channel:nixos-stable + extra_nix_config: | + experimental-features = nix-command flakes + access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} + system-features = nixos-test benchmark big-parallel kvm + - uses: cachix/cachix-action@v14 + with: + name: dadada + signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + - run: nix flake check diff --git a/.github/workflows/nix-flake-update.yml b/.github/workflows/nix-flake-update.yml index 33843d1..9045f91 100644 --- a/.github/workflows/nix-flake-update.yml +++ b/.github/workflows/nix-flake-update.yml @@ -3,6 +3,7 @@ on: workflow_dispatch: # allows manual triggering schedule: - cron: '0 0 * * 0' # runs weekly on Sunday at 00:00 + jobs: lockfile: runs-on: ubuntu-latest @@ -15,6 +16,6 @@ jobs: uses: DeterminateSystems/update-flake-lock@v21 with: pr-title: "Update flake.lock" # Title of PR to be created - pr-labels: | # Labels to be set on the PR + pr-labels: | # Labels to be set on the PR dependencies automated diff --git a/devshell.nix b/devshell.nix index 1fbad07..ebdfb12 100644 --- a/devshell.nix +++ b/devshell.nix @@ -24,7 +24,7 @@ name = "format"; help = "Format the project"; command = '' - treefmt . + nixpkgs-fmt . ''; category = "dev"; } diff --git a/flake.lock b/flake.lock index 8c964f5..a2f410e 100644 --- a/flake.lock +++ b/flake.lock @@ -25,21 +25,6 @@ "type": "github" } }, - "crane": { - "locked": { - "lastModified": 1731098351, - "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=", - "owner": "ipetkov", - "repo": "crane", - "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, "darwin": { "inputs": { "nixpkgs": [ @@ -82,63 +67,6 @@ "type": "github" } }, - "disko": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1753140376, - "narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=", - "owner": "nix-community", - "repo": "disko", - "rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "disko", - "type": "github" - } - }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-registry": { "flake": false, "locked": { @@ -175,28 +103,6 @@ "type": "github" } }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "lanzaboote", - "pre-commit-hooks-nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -204,11 +110,11 @@ ] }, "locked": { - "lastModified": 1753470191, - "narHash": "sha256-hOUWU5L62G9sm8NxdiLWlLIJZz9H52VuFiDllHdwmVA=", + "lastModified": 1752286566, + "narHash": "sha256-A4nftqiNz2bNihz0bKY94Hq/6ydR6UQOcGioeL7iymY=", "owner": "nix-community", "repo": "home-manager", - "rev": "a1817d1c0e5eabe7dfdfe4caa46c94d9d8f3fdb6", + "rev": "392ddb642abec771d63688c49fa7bcbb9d2a5717", "type": "github" }, "original": { @@ -231,32 +137,6 @@ "url": "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz" } }, - "lanzaboote": { - "inputs": { - "crane": "crane", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", - "nixpkgs": [ - "nixpkgs" - ], - "pre-commit-hooks-nix": "pre-commit-hooks-nix", - "rust-overlay": "rust-overlay" - }, - "locked": { - "lastModified": 1737639419, - "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=", - "owner": "nix-community", - "repo": "lanzaboote", - "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "v0.4.2", - "repo": "lanzaboote", - "type": "github" - } - }, "nixlib": { "locked": { "lastModified": 1736643958, @@ -295,11 +175,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1753122741, - "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=", + "lastModified": 1752048960, + "narHash": "sha256-gATnkOe37eeVwKKYCsL+OnS2gU4MmLuZFzzWCtaKLI8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22", + "rev": "7ced9122cff2163c6a0212b8d1ec8c33a1660806", "type": "github" }, "original": { @@ -311,11 +191,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1753429684, - "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", + "lastModified": 1751984180, + "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d", + "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0", "type": "github" }, "original": { @@ -327,11 +207,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1753505055, - "narHash": "sha256-jQKnNATDGDeuIeUf7r0yHnmirfYkYPHeF0N2Lv8rjPE=", + "lastModified": 1752298176, + "narHash": "sha256-wY7/8k5mJbljXxBUX1bDHFVUcMrWdrDT8FNDrcPwLbA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7be0239edbf0783ff959f94f9728db414be73002", + "rev": "d3807bc34e7d086b4754e1c842505570e23f9d01", "type": "github" }, "original": { @@ -341,59 +221,14 @@ "type": "github" } }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1730741070, - "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "pre-commit-hooks-nix": { - "inputs": { - "flake-compat": [ - "lanzaboote", - "flake-compat" - ], - "gitignore": "gitignore", - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1731363552, - "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, "root": { "inputs": { "agenix": "agenix", "devshell": "devshell", - "disko": "disko", "flake-registry": "flake-registry", "flake-utils": "flake-utils", "home-manager": "home-manager", "homepage": "homepage", - "lanzaboote": "lanzaboote", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", @@ -402,27 +237,6 @@ "treefmt-nix": "treefmt-nix" } }, - "rust-overlay": { - "inputs": { - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1731897198, - "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, @@ -460,11 +274,11 @@ ] }, "locked": { - "lastModified": 1753439394, - "narHash": "sha256-Bv9h1AJegLI8uAhiJ1sZ4XAndYxhgf38tMgCQwiEpmc=", + "lastModified": 1752055615, + "narHash": "sha256-19m7P4O/Aw/6+CzncWMAJu89JaKeMh3aMle1CNQSIwM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "2673921c03d6e75fdf4aa93e025772608d1482cf", + "rev": "c9d477b5d5bd7f26adddd3f96cfd6a904768d4f9", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 73686ce..6ccece0 100644 --- a/flake.nix +++ b/flake.nix @@ -4,10 +4,6 @@ inputs = { nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - disko = { - url = "github:nix-community/disko"; - inputs.nixpkgs.follows = "nixpkgs"; - }; flake-utils = { url = "github:numtide/flake-utils"; inputs.systems.follows = "systems"; @@ -16,10 +12,6 @@ url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; - lanzaboote = { - url = "github:nix-community/lanzaboote/v0.4.2"; - inputs.nixpkgs.follows = "nixpkgs"; - }; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; homepage = { url = "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz"; diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index 7a0cd6c..96364ff 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -34,7 +34,7 @@ in }; plugins = [ ]; - initContent = '' + initExtra = '' source ${pkgs.zsh-git-prompt}/share/zsh-git-prompt/zshrc.sh source ${pkgs.fzf}/share/fzf/key-bindings.zsh source ${pkgs.fzf}/share/fzf/completion.zsh diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 95b894e..adacb51 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -1,10 +1,8 @@ { self, agenix, - disko, home-manager, homepage, - lanzaboote, nixos-hardware, nixos-generators, nixpkgs, @@ -21,51 +19,18 @@ let nixpkgs.lib.nixosSystem { inherit system; - modules = [ - { - nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; - } - ] - ++ (nixpkgs.lib.attrValues self.nixosModules) - ++ [ agenix.nixosModules.age ] - ++ extraModules; + modules = + [ + { + nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; + } + ] + ++ (nixpkgs.lib.attrValues self.nixosModules) + ++ [ agenix.nixosModules.age ] + ++ extraModules; }; in { - stolas = - let - system = "x86_64-linux"; - in - nixosSystem { - inherit nixpkgs system; - - extraModules = [ - lanzaboote.nixosModules.lanzaboote - disko.nixosModules.disko - { - nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; - dadada.pkgs = self.packages.${system}; - dadada.inputs = inputs // { - dadada = self; - }; - } - nixos-hardware.nixosModules.framework-amd-ai-300-series - home-manager.nixosModules.home-manager - ( - { pkgs, ... }: - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ - { dadada.home.helix.package = pkgs.helix; } - ]; - home-manager.users.dadada = import ../home; - } - ) - ./stolas - ]; - }; - gorgon = let system = "x86_64-linux"; @@ -81,10 +46,12 @@ in dadada = self; }; } + nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 + home-manager.nixosModules.home-manager ( - { pkgs, ... }: + { pkgs, lib, ... }: { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 16f8130..d34d0e7 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -5,7 +5,6 @@ ... }: let - secretsPath = config.dadada.secrets.path; xilinxJtag = pkgs.writeTextFile { name = "xilinx-jtag"; text = '' @@ -44,13 +43,6 @@ in sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; repo = "u355513-sub1@u355513-sub1.your-storagebox.de:/home/backup"; }; - dadada.backupClient.gs = { - enable = true; - passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase-gs".path; - }; - - age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = - "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age"; nixpkgs.config.android_sdk.accept_license = true; diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix index bd03ba7..07323da 100644 --- a/nixos/modules/admin.nix +++ b/nixos/modules/admin.nix @@ -93,12 +93,12 @@ in services.sshd.enable = true; services.openssh.settings.PasswordAuthentication = false; - security.sudo.wheelNeedsPassword = lib.mkDefault false; + security.sudo.wheelNeedsPassword = false; services.openssh.openFirewall = true; users.users = mapAttrs (user: keys: { shell = shells."${keys.shell}"; - extraGroups = lib.mkDefault extraGroups; + extraGroups = extraGroups; isNormalUser = true; openssh.authorizedKeys.keys = keys.keys; }) cfg.users; diff --git a/nixos/modules/borg-server.nix b/nixos/modules/borg-server.nix index e498cd1..594f356 100644 --- a/nixos/modules/borg-server.nix +++ b/nixos/modules/borg-server.nix @@ -39,14 +39,6 @@ in path = "${cfg.path}/gorgon"; quota = "1T"; }; - "stolas" = { - allowSubRepos = false; - authorizedKeysAppendOnly = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINC/mVYd3o7oA0dsA58CgkqR40CSfeuU+rikleSrSXFz dadada@gorgon" - ]; - path = "${cfg.path}/stolas"; - quota = "1T"; - }; "surgat" = { allowSubRepos = false; authorizedKeysAppendOnly = [ diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index 0976788..b681d72 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -13,8 +13,8 @@ in ./upgrade-pg-cluster.nix ]; - boot.tmp.useTmpfs = lib.mkDefault true; - boot.tmp.tmpfsSize = lib.mkDefault "50%"; + boot.tmp.useTmpfs = true; + boot.tmp.tmpfsSize = "50%"; i18n.defaultLocale = mkDefault "en_US.UTF-8"; console = mkDefault { diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index 7089f4e..d9f0bde 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -5,6 +5,7 @@ }: let inputs = config.dadada.inputs; + secretsPath = config.dadada.secrets.path; in with lib; { @@ -25,7 +26,7 @@ with lib; age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - users.mutableUsers = true; + users.mutableUsers = mkDefault true; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = mkDefault true; @@ -47,6 +48,13 @@ with lib; alsa.support32Bit = true; pulse.enable = true; }; - services.pulseaudio.enable = false; - security.sudo.wheelNeedsPassword = true; + hardware.pulseaudio.enable = false; + + dadada.backupClient.gs = { + enable = true; + passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase-gs".path; + }; + + age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = + "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age"; } diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 39bdca7..d4eed97 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -149,6 +149,13 @@ in startAt = "daily"; }; + services.postgresqlBackup = { + enable = true; + backupAll = true; + compression = "zstd"; + location = "/var/backup/postgresql"; + }; + age.secrets."ninurta-backup-passphrase" = { file = "${secretsPath}/ninurta-backup-passphrase.age"; mode = "400"; @@ -230,38 +237,33 @@ in services.snapper = { cleanupInterval = "1d"; - snapshotInterval = "daily"; + snapshotInterval = "hourly"; configs.home = { SUBVOLUME = "/home"; TIMELINE_CREATE = true; TIMELINE_CLEANUP = true; - TIMELINE_MIN_AGE = "1800"; - TIMELINE_LIMIT_HOURLY = "5"; - TIMELINE_LIMIT_DAILY = "7"; - TIMELINE_LIMIT_WEEKLY = "0"; - TIMELINE_LIMIT_MONTHLY = "0"; - TIMELINE_LIMIT_YEARLY = "0"; + TIMELINE_LIMIT_HOURLY = "24"; + TIMELINE_LIMIT_DAILY = "13"; + TIMELINE_LIMIT_WEEKLY = "6"; + TIMELINE_LIMIT_MONTHLY = "3"; }; configs.var = { SUBVOLUME = "/var"; TIMELINE_CREATE = true; TIMELINE_CLEANUP = true; - TIMELINE_MIN_AGE = "1800"; - TIMELINE_LIMIT_HOURLY = "5"; - TIMELINE_LIMIT_DAILY = "7"; - TIMELINE_LIMIT_WEEKLY = "0"; - TIMELINE_LIMIT_MONTHLY = "0"; - TIMELINE_LIMIT_YEARLY = "0"; + TIMELINE_LIMIT_HOURLY = "24"; + TIMELINE_LIMIT_DAILY = "13"; + TIMELINE_LIMIT_WEEKLY = "6"; + TIMELINE_LIMIT_MONTHLY = "3"; }; configs.storage = { SUBVOLUME = "/mnt/storage"; TIMELINE_CREATE = true; TIMELINE_CLEANUP = true; - TIMELINE_LIMIT_HOURLY = "10"; - TIMELINE_LIMIT_DAILY = "10"; - TIMELINE_LIMIT_WEEKLY = "10"; - TIMELINE_LIMIT_MONTHLY = "10"; - TIMELINE_LIMIT_YEARLY = "10"; + TIMELINE_LIMIT_HOURLY = "24"; + TIMELINE_LIMIT_DAILY = "13"; + TIMELINE_LIMIT_WEEKLY = "6"; + TIMELINE_LIMIT_MONTHLY = "3"; }; }; diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix deleted file mode 100644 index 696f55f..0000000 --- a/nixos/stolas/default.nix +++ /dev/null @@ -1,224 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -{ - - imports = [ - ../modules/profiles/laptop.nix - ./disks.nix - ./paperless.nix - ]; - - nixpkgs = { - hostPlatform = "x86_64-linux"; - config.allowUnfree = true; - }; - - boot = { - lanzaboote = { - enable = true; - pkiBundle = "/var/lib/sbctl"; - }; - kernelModules = [ "kvm-amd" ]; - extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ]; - # Lanzaboote currently replaces the systemd-boot module. - # This setting is usually set to true in configuration.nix - # generated at installation time. So we force it to false - # for now. - loader.systemd-boot.enable = lib.mkForce false; - initrd = { - availableKernelModules = [ - "nvme" - "xhci_pci" - "thunderbolt" - "usb_storage" - "sd_mod" - ]; - # Ensure that TPM module is loaded - kernelModules = [ "tpm" ]; - }; - }; - - environment.systemPackages = [ - # For debugging and troubleshooting Secure Boot. - pkgs.sbctl - ]; - - hardware = { - # NOTE: hardware.framework.enableKmod requires kernel patching, but enables access to some EC features - bluetooth.enable = true; - cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - enableAllFirmware = true; - framework.laptop13.audioEnhancement.enable = true; - graphics = { - enable = true; - extraPackages = with pkgs; [ - vaapiVdpau - libvdpau-va-gl - ]; - }; - }; - - powerManagement = { - enable = true; - cpuFreqGovernor = "schedutil"; - # TODO: Limit charge of battery, does this work without kernel patches from hardware.frameworkenableKmod? - powerUpCommands = '' - echo 80 > /sys/class/power_supply/BAT0/charge_control_stop_threshold - ''; - }; - - networking = { - hostName = "stolas"; - firewall = { - enable = true; - allowedTCPPorts = [ - 22000 # Syncthing - ]; - allowedUDPPorts = [ - 21027 # Syncthing - ]; - }; - }; - - nix = { - settings.max-jobs = lib.mkDefault 16; - }; - - dadada = { - admin.enable = true; - backupClient.gs.enable = false; - backupClient.backup1.enable = true; - backupClient.backup2 = { - enable = true; - repo = "u355513-sub5@u355513-sub5.your-storagebox.de:/home/backup"; - }; - }; - - programs = { - adb.enable = true; - firefox = { - enable = true; - package = pkgs.firefox-wayland; - }; - gnupg.agent.enable = true; - ssh.startAgent = true; - wireshark.enable = true; - }; - - services = { - avahi.enable = true; - desktopManager.plasma6.enable = true; - displayManager = { - sddm.enable = true; - sddm.wayland.enable = true; - }; - gnome.gnome-keyring.enable = lib.mkForce false; - smartd.enable = true; - printing = { - enable = true; - browsing = true; - }; - tlp.enable = false; - snapper = { - cleanupInterval = "1d"; - snapshotInterval = "hourly"; - configs = { - home = { - SUBVOLUME = "/home/dadada"; - ALLOW_USERS = [ "dadada" ]; - TIMELINE_CREATE = true; - TIMELINE_CLEANUP = true; - TIMELINE_MIN_AGE = "1800"; - TIMELINE_LIMIT_HOURLY = "5"; - TIMELINE_LIMIT_DAILY = "7"; - TIMELINE_LIMIT_WEEKLY = "0"; - TIMELINE_LIMIT_MONTHLY = "0"; - TIMELINE_LIMIT_YEARLY = "0"; - }; - var = { - SUBVOLUME = "/var"; - TIMELINE_CREATE = true; - TIMELINE_CLEANUP = true; - TIMELINE_MIN_AGE = "1800"; - TIMELINE_LIMIT_HOURLY = "5"; - TIMELINE_LIMIT_DAILY = "7"; - TIMELINE_LIMIT_WEEKLY = "0"; - TIMELINE_LIMIT_MONTHLY = "0"; - TIMELINE_LIMIT_YEARLY = "0"; - }; - paperless = { - SUBVOLUME = "/var/lib/paperless"; - TIMELINE_CREATE = true; - TIMELINE_CLEANUP = true; - TIMELINE_MIN_AGE = "3600"; - TIMELINE_LIMIT_HOURLY = "10"; - TIMELINE_LIMIT_DAILY = "10"; - TIMELINE_LIMIT_WEEKLY = "10"; - TIMELINE_LIMIT_MONTHLY = "10"; - TIMELINE_LIMIT_YEARLY = "10"; - }; - }; - }; - }; - - system = { - stateVersion = "25.05"; - }; - - systemd.services = { - modem-manager.enable = lib.mkForce false; - "dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false; - }; - - systemd.sleep.extraConfig = '' - HibernateDelaySec=1h - ''; - - systemd.tmpfiles.rules = [ - "v /var/.snapshots 0755 root root - -" - "v /var/paperless/.snapshots 0755 root root - -" - "v /home/dadada/.snapshots 0755 root root - -" - ]; - - virtualisation.libvirtd.enable = true; - - users = { - users = { - dadada = { - initialHashedPassword = "$y$j9T$43qGBeY6hg6AXQmcVkS131$6AeRDOe6XAnmgA/AkJGaSIYTj5dbQLd9vrQ7zSyi5TA"; - isNormalUser = true; - extraGroups = [ - "wheel" - "networkmanager" - "libvirtd" - "adbusers" - "kvm" - "video" - "scanner" - "lp" - "docker" - "dialout" - "wireshark" - "paperless" - ]; - shell = "/run/current-system/sw/bin/zsh"; - }; - }; - }; - - # TODO - # age.secrets = { - # paperless = { - # file = "${config.dadada.secrets.path}/paperless.age"; - # mode = "700"; - # owner = "paperless"; - # }; - # }; - - # Create compressing swap space in RAM - zramSwap.enable = true; -} diff --git a/nixos/stolas/disks.nix b/nixos/stolas/disks.nix deleted file mode 100644 index 01cf635..0000000 --- a/nixos/stolas/disks.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ - disko.devices = { - nodev."/nix/var/nix/builds" = { - fsType = "tmpfs"; - mountOptions = [ - "size=80%" - "defaults" - "mode=755" - ]; - }; - disk = { - main = { - type = "disk"; - device = "/dev/nvme0n1"; - content = { - type = "gpt"; - partitions = { - ESP = { - size = "1G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - luks = { - size = "100%"; - content = { - type = "luks"; - name = "crypted"; - settings = { - allowDiscards = true; - crypttabExtraOpts = [ - "tpm2-device=auto" - "tpm2-pin=true" - ]; - }; - #additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ - "compress=zstd" - "relatime" - ]; - }; - "/home" = { - mountpoint = "/home"; - mountOptions = [ - "compress=zstd" - "noatime" - ]; - }; - "/dadada" = { - mountpoint = "/home/dadada"; - mountOptions = [ - "compress=zstd" - "relatime" - ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "compress=zstd" - "noatime" - ]; - }; - "/var" = { - mountpoint = "/var"; - mountOptions = [ - "compress=zstd" - "noatime" - ]; - }; - "/paperless" = { - mountpoint = "/var/lib/paperless"; - mountOptions = [ - "compress=zstd" - "noatime" - ]; - }; - "/swap" = { - mountpoint = "/.swapvol"; - swap.swapfile.size = "64G"; - }; - }; - }; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/nixos/stolas/paperless.nix b/nixos/stolas/paperless.nix deleted file mode 100644 index a5fa69f..0000000 --- a/nixos/stolas/paperless.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, ... }: -{ - services.paperless = { - # TODO migrate DB - enable = true; - passwordFile = config.age.secrets.paperless.path; - }; - systemd.tmpfiles.rules = - let - cfg = config.services.paperless; - in - [ - ( - if cfg.consumptionDirIsPublic then - "d '${cfg.consumptionDir}' 777 - - - -" - else - "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -" - ) - ]; - - age.secrets = { - paperless = { - file = "${config.dadada.secrets.path}/paperless.age"; - mode = "700"; - owner = "paperless"; - }; - }; -} diff --git a/outputs.nix b/outputs.nix index c860d3c..aea7953 100644 --- a/outputs.nix +++ b/outputs.nix @@ -5,14 +5,12 @@ nixpkgs, agenix, devshell, - treefmt-nix, ... }@inputs: (flake-utils.lib.eachDefaultSystem ( system: let pkgs = import nixpkgs { inherit system; }; - treefmtEval = treefmt-nix.lib.evalModule pkgs ./treefmt.nix; in { devShells.default = @@ -28,7 +26,7 @@ in import ./devshell.nix { inherit pkgs extraModules; }; - formatter = treefmtEval.config.build.wrapper; + formatter = pkgs.nixfmt-tree; packages = import ./pkgs { inherit pkgs; } // { installer-iso = self.nixosConfigurations.installer.config.system.build.isoImage; @@ -36,6 +34,7 @@ } )) // { + hmModules = import ./home/modules.nix { lib = nixpkgs.lib; }; nixosConfigurations = import ./nixos/configurations.nix inputs; diff --git a/pkgs/default.nix b/pkgs/default.nix index 9f52a8a..9cd9053 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,4 +1,3 @@ -{ pkgs }: -{ - citizen-cups = pkgs.callPackage ./citizen-cups.nix { }; +{ pkgs }: { + citizen-cups = pkgs.callPackage ./citizen-cups.nix {}; } diff --git a/secrets/agares-backup-passphrase.age b/secrets/agares-backup-passphrase.age index d710a45..d538c5a 100644 --- a/secrets/agares-backup-passphrase.age +++ b/secrets/agares-backup-passphrase.age @@ -1,7 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 L7f05w Sof4o2JYLqx59paPpBJWFek1IwCHb4VhuOcPpBkut20 -QNsXS0H2z5NCnKcDuxDVvY+AnTV27/Ijeo/kd12nkoQ --> ssh-ed25519 Otklkw WZt99A5jBrb7MNqzpCuGiJ8wJ/NxZrJE5Q02hvcVEVo -yYlAifPMGC01CGpke5ABasi/sJ8O4r3+5SyoVpbpmM4 ---- vIe/LRs2QxPpZJUrdOFuTBNanHcMyzh7iAFRalWd2dU -+]GHuUʈQ&3'Eg܃Z‘\~e) 1׻ya \ No newline at end of file +-> ssh-ed25519 L7f05w RayKtknLNvFu88aFp4QL7ZMLAh5VmHmlr1DWVsWBziE +rckeFrazZJ3TxY/yD2wlzRVLh9L4x1bV2Nk7Q0S/RWM +-> ssh-ed25519 Otklkw oub7OICQalIkCqAZh4/FfXB9PPBe7j2IpBP7WF/UXGk +gAwxU97b0Js6UPv59/1389/qdPGQb4koa49R14c3UjA +-> mU.rG&?F-grease V? d a}mj5 ^&dc?\ +B0k6BjXmH0cm74+rjQrzJwKa1dcFwTdmlgltZ70oHctwA3+E4/CQ1ChH9UHzkHGG +Fb62klB5XYePywsvxLo2nIGVIvhBgsfIvUpq +--- ONLpuXfKtuCB+VD5IQ5KeSPyqgEb4a2y26+n5E8Ph3E +uD{r ژR9P j?hD -u#F2N +Ys\ \ No newline at end of file diff --git a/secrets/agares-backup-ssh-key.age b/secrets/agares-backup-ssh-key.age index 32c7885..15eab18 100644 Binary files a/secrets/agares-backup-ssh-key.age and b/secrets/agares-backup-ssh-key.age differ diff --git a/secrets/agares-wg0-key.age b/secrets/agares-wg0-key.age index 5e12fbe..9938b85 100644 --- a/secrets/agares-wg0-key.age +++ b/secrets/agares-wg0-key.age @@ -1,7 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 L7f05w Nj0zjzK+5vf4YfUxLPNcBBY4ZC57tH9+rEVCv/ycNWo -5Sk99vaYclDFwTnVKB6IOcTVYJ3SGTuLVJxyjb1W4tM --> ssh-ed25519 Otklkw ogKGpgcz0Gekw7p4LnmIKU2CEdhlkjypRGVZmFda8TI -nkOU/yc7F5BCBRakevYDXyD8akGqYwD67C+9VDxUgyE ---- zuz8UjdxI+CbMr33Z4P5ga1UoRe+oDXzVWgFUhUH1qE -b#sPDF%|Ul e9f_UZ5oeeK}M`aM!5R@j}~3ZҾ͒\ \ No newline at end of file +-> ssh-ed25519 L7f05w ENcdsQ43v/xIe1Ej4BYjb/nTjIk76N2DR/zj754Puz0 +vIDFk+A/m8rOnBNXcvfBX4SJNxT6LP64s674v5pJtcQ +-> ssh-ed25519 Otklkw lLwVf/2E67Bue+VBu+EMupLjuv6wfR656CD1st71GRM +AsXHvpANM0mOiSW3LTqzbEneVQSKNb0TvsMY2WCPfbk +-> DJZq-grease 9))O09 z2- +ZFxd5v9Bma6VVIvpw8VK0DSR55lHUNOTh6cNxFJAezXn1apmjvuZPdMSXZ7OrE23 +qlqnskWvo+SX3JF7NH0yQf53dZJU +--- pSa5IqZmIDAHJkcPgqrS0WUwnD1ipE2pGr87qhTmrjk +(E/P(|Jؑҋz`JO2Ԗd3qO!8HN3\i \ No newline at end of file diff --git a/secrets/ddns-credentials.age b/secrets/ddns-credentials.age index e749a1b..9ae8b77 100644 Binary files a/secrets/ddns-credentials.age and b/secrets/ddns-credentials.age differ diff --git a/secrets/etc-ppp-chap-secrets.age b/secrets/etc-ppp-chap-secrets.age index ff3e453..6a4d954 100644 Binary files a/secrets/etc-ppp-chap-secrets.age and b/secrets/etc-ppp-chap-secrets.age differ diff --git a/secrets/etc-ppp-telekom-secret.age b/secrets/etc-ppp-telekom-secret.age index ece12f8..a97dc40 100644 Binary files a/secrets/etc-ppp-telekom-secret.age and b/secrets/etc-ppp-telekom-secret.age differ diff --git a/secrets/gorgon-backup-passphrase-gs.age b/secrets/gorgon-backup-passphrase-gs.age index 416b011..24beb40 100644 Binary files a/secrets/gorgon-backup-passphrase-gs.age and b/secrets/gorgon-backup-passphrase-gs.age differ diff --git a/secrets/gorgon-backup-passphrase.age b/secrets/gorgon-backup-passphrase.age index 68cc452..38b0cbc 100644 Binary files a/secrets/gorgon-backup-passphrase.age and b/secrets/gorgon-backup-passphrase.age differ diff --git a/secrets/gorgon-backup-ssh-key.age b/secrets/gorgon-backup-ssh-key.age index 0a00855..64ae675 100644 Binary files a/secrets/gorgon-backup-ssh-key.age and b/secrets/gorgon-backup-ssh-key.age differ diff --git a/secrets/hydra-github-authorization.age b/secrets/hydra-github-authorization.age index ef32814..a78cf11 100644 Binary files a/secrets/hydra-github-authorization.age and b/secrets/hydra-github-authorization.age differ diff --git a/secrets/ifrit-backup-passphrase.age b/secrets/ifrit-backup-passphrase.age index b4e55eb..640ac05 100644 --- a/secrets/ifrit-backup-passphrase.age +++ b/secrets/ifrit-backup-passphrase.age @@ -1,7 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 yMjj5g pE3otZ4+5k1GxhoU7FocCMvcHZ9PFzTRqRYiVXXq/H4 -aKCBiwVwbfetSTRaTJ31iTRsvNnbm2JYFQnqTOgCyOA --> ssh-ed25519 Otklkw jn4ZUyWFIeAt+XpxmlqckovK4/jit6SR+Xaouv7gfTU -8yJLyWHk1m9KInOWozqRWXi3kiirgQ7c/ONOwgHk/Z8 ---- 8TS+ZFZfHvgcgOYBE3nzSxbCCmCOtqPWyldlegSu6QU -:{ 4~NtXRl =>$8DQ @G1FAOtΫ \ No newline at end of file +-> ssh-ed25519 yMjj5g FtHlFiQa2xr57K9GiS2VX+NYI/2kP73wWXVBsr61cD8 +Gokj4dzQP6AB9YWRBvmXL8/Sts7NO6g6wP1hIYkKdp4 +-> ssh-ed25519 Otklkw UB1L2gKr0wnsGktaVlnbr+nSUZQ34g7JO4uuHYhuuyM +X4AT5taAJBtFia62IUTDa1cdbZtwaxYRQFCDez8aK8k +-> r;DMOG-grease h"Tb e?z^VJ icNa +/0ZIHqI0whHoBw2Qs15bxY7o1sudscitKuUB3ysyFwUVsIG4nzTOS2GFuXTQ1WuD +5pH2CQfp33hvqrqV +--- vji5ZWP7+BLgpmyX2Sxgdv7Ht37NvQ8DuY1/t3cvvuI +]eޛ,% qnAM{DJWLG@/gGo.V4 \ No newline at end of file diff --git a/secrets/ifrit-backup-ssh-key.age b/secrets/ifrit-backup-ssh-key.age index 9d2879c..6611b7a 100644 Binary files a/secrets/ifrit-backup-ssh-key.age and b/secrets/ifrit-backup-ssh-key.age differ diff --git a/secrets/initrd-surgat-ssh_host_ed25519_key.age b/secrets/initrd-surgat-ssh_host_ed25519_key.age index 36c4b0c..32dbcbf 100644 Binary files a/secrets/initrd-surgat-ssh_host_ed25519_key.age and b/secrets/initrd-surgat-ssh_host_ed25519_key.age differ diff --git a/secrets/miniflux-admin-credentials.age b/secrets/miniflux-admin-credentials.age index 9745c07..06ff0e0 100644 --- a/secrets/miniflux-admin-credentials.age +++ b/secrets/miniflux-admin-credentials.age @@ -1,7 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 jUOjpw 6ThewcuTvg2mn/jC1eqR0KFDXdN8G3JIUBLLiBabkFI -lstfGPvJgaUOp0jriP2nsi4IvgwRjs8dnRye7+ihD/Q --> ssh-ed25519 Otklkw N0ozjfxbOBq7EIvxP4TRa2XyMQ8fINCiHjK0MFq2X0w -tEeua88G2aN6REaUN6xTlkRLy0GFgNfj7v0VXhqddc4 ---- N9V7UfSDvrOAeOr3MRXiCwIu8JJt3NSL3FrGyPapLrM -E"K?>VÄbXdg!ѹ) B f\=[2LxwXH*l9w \ No newline at end of file +-> ssh-ed25519 jUOjpw Tuaz2+fgz5f2ZacAYc3TdREIurh+XG5RjjKpaEFgtGo +gB1iaKV+xAv0PGdjZwmBCxMbxgCqZrM2JBDiEWCl//8 +-> ssh-ed25519 Otklkw ocyFHtGzclF+7S9I7uSqsfn5weqxj5Wq32y4c6VDiSA +hDX5Viym/WdFZE5rXzToFhqtGvj+Ft3Hh7oiuzCuG/Q +-> b&-grease 2u ~R j4C 3|h`M}/ +fdhnmlw+wqO8nb86f8jdDNW2P2SxzdwuljpRrlG/ZxXcC4QxtnO6RwK9NAS9UBQr +OAxJ6v3P+cMYJcsPNLAr90rEzXfTV2VONZgoNwOKN2l5n/JX8aGCt5i/vVI +--- sYjj24oaGUMZPD4TV8JKfjSPHeYOKh+OpueLZT/TxCQ +TO&DdC2ƔW^˻Z &b ssh-ed25519 WJCMDA NDB+Z1hpwH3PWjViCbrRdrt0WCFnsYDBVd1rADCQy2I -p/QYmC6ZwwlyCNrVhUw1vUNfnNGiw8B/rsqP9EMGJ5E --> ssh-ed25519 Otklkw yLMSfitfbXO8qRqaJwKxx68R0AJHsTre0XlN2huudWY -JYogGtU0LLPcJpN9oWmAQE0Kyk2yhNmxrVgh0JMFphE ---- pGx08jh8YJCDeEvi7iZa6pXrlwg8otUTkxv0T5gwLcM -˲'t2͟E/ؿ6@ -DfiVGO_a\{}_~:>GN@K| \ No newline at end of file +-> ssh-ed25519 0aOabg 6QT8adxrQxGCx9w6JZPkbCsCM/Vos+D41JoEQ19h0AY +UaXt2lE7VnhaQ4McdCIGo8kdaYrPyg3ne8MIBCt7NXE +-> ssh-ed25519 Otklkw GJQj739xwoeP9xTLpLrCxANx3/Ebipnr345xKSFLf3w +xtQBgTYrLzkaWBkx8pi0R+GKa6inKFzFD5tompll3wo +-> )gWM0O-grease i%" tB +culBBLA5Bt/POa9w +--- Vtxd8HsFnjBl6eXE4UYNoR1Ca/JA9UlK/WE+FNkmPtk +bV v:ah&4fNJ2]{!%1Ia\}Xex1~_"r,j:O?5 \ No newline at end of file diff --git a/secrets/pruflas-backup-passphrase.age b/secrets/pruflas-backup-passphrase.age index 7315527..7750b1c 100644 Binary files a/secrets/pruflas-backup-passphrase.age and b/secrets/pruflas-backup-passphrase.age differ diff --git a/secrets/pruflas-backup-ssh-key.age b/secrets/pruflas-backup-ssh-key.age index 57e57c8..dd41e28 100644 Binary files a/secrets/pruflas-backup-ssh-key.age and b/secrets/pruflas-backup-ssh-key.age differ diff --git a/secrets/pruflas-wg-hydra-key.age b/secrets/pruflas-wg-hydra-key.age index 7c1333d..be57748 100644 Binary files a/secrets/pruflas-wg-hydra-key.age and b/secrets/pruflas-wg-hydra-key.age differ diff --git a/secrets/pruflas-wg0-key.age b/secrets/pruflas-wg0-key.age index 1312de7..122adcd 100644 --- a/secrets/pruflas-wg0-key.age +++ b/secrets/pruflas-wg0-key.age @@ -1,7 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 J6ROvw jC7rwmoizfZqenUwlrMlLRyN9yQnog2X3KIJ2GgRZB8 -yGoiZTNfrPm6+fb1BcZGH6Lzm8Pj4aeyjWtLNYbGSFg --> ssh-ed25519 Otklkw a2/N7JOiOY/orGyCogBIj48EjTltThv7AAHuMHK7Xzo -PTP9vaEpFf7PXoRobHJgAkNVBh+u3+7rUMKiMj+fadQ ---- KR51LRGHd6jWP4rUWvQqXskwEGfxb0tSCNKtnFT255A -Gw)HkG F&e[{RGh"L{\{H~{.uWMaZ \ No newline at end of file +-> ssh-ed25519 J6ROvw R+xnmMAoVmaJi9UMYBSX5CKk21LhI9iIionc6Nh8ZWg +eR+OpFfB6BIOzOUeeY5IzmXerCCiqOYS9ZAGIb0UAS0 +-> ssh-ed25519 Otklkw HYpIGulRkcfpKhSdb1mF/hbBHiXCUzYR6/b0KspgHTU +1HAtdynQZ10AVgGqh4cw3qDqSh6Suum3zYo6/G7qKw4 +-> +YMQ-grease +wyHx9k+fMnxTm1LMDhmmMye/ +--- g1F7i8Y0foxjDp6qbBtjhY3A/vyxM2R/zIQJZTG2F5o +.]n"wjkYd<2{N N0`XUsPxV)nfOg \ No newline at end of file diff --git a/secrets/pruflas-wg0-preshared-key.age b/secrets/pruflas-wg0-preshared-key.age index 94f9a88..7528977 100644 Binary files a/secrets/pruflas-wg0-preshared-key.age and b/secrets/pruflas-wg0-preshared-key.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index f449646..1da186e 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -7,7 +7,6 @@ let ninurta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO8TDCzjVVO7A4k6rp+srMj0HHc5gmUOlskTBOvhMkEc root@nixos"; pruflas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBqZHu5ygTODgrNzcU9C2O+b8yCfVsnztV83qxXV4aA8 root@pruflas"; surgat = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOJ9UgAle5sX0pAawfRztckVwaQm2U8o0Bawv7cZfXE root@surgat"; - stolas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIObI38cB8gTDXmDb5GcK4pLm5xM+nnvGeSfEpB4lVEwE root@stolas"; }; backupSecrets = hostName: { "${hostName}-backup-passphrase.age".publicKeys = [ @@ -46,8 +45,7 @@ in dadada ]; "paperless.age".publicKeys = [ - #systems.gorgon - systems.stolas + systems.gorgon dadada ]; "initrd-surgat-ssh_host_ed25519_key.age".publicKeys = [ @@ -90,4 +88,3 @@ in // backupSecrets "pruflas" // backupSecrets "surgat" // backupSecrets "agares" -// backupSecrets "stolas" diff --git a/secrets/stolas-backup-passphrase.age b/secrets/stolas-backup-passphrase.age deleted file mode 100644 index 4b4a687..0000000 Binary files a/secrets/stolas-backup-passphrase.age and /dev/null differ diff --git a/secrets/stolas-backup-ssh-key.age b/secrets/stolas-backup-ssh-key.age deleted file mode 100644 index 0a06547..0000000 Binary files a/secrets/stolas-backup-ssh-key.age and /dev/null differ diff --git a/secrets/surgat-backup-passphrase.age b/secrets/surgat-backup-passphrase.age index b3a0a80..2c9bd49 100644 --- a/secrets/surgat-backup-passphrase.age +++ b/secrets/surgat-backup-passphrase.age @@ -1,7 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 jUOjpw FXHC9VzSKIkbJ9JVge5vsGHiGtxBnxB7Nvqqi4OsRHA -1zhd0kCd37fXmWtq9kRx1vQvjTT4i5HsQ9DibyGmNUI --> ssh-ed25519 Otklkw ZKy9Vbf1W1UpejNy8nh+eGss19XLqJuHL6qJuG1KP20 -t5C0Jw//1vK5iiG3+tJK6bu/SBR7StHRDog9ivlfVAI ---- 08Q8bBFnJF2TFV62trgPig/VL3RwKN0dyw4PBgg5LDU -F` 4tۭ ٧o9~}ق)7#a/W\;l2Рl \ No newline at end of file +-> ssh-ed25519 jUOjpw zb9yidyhlOj2LnVSCjNwq0MBj8Ik7zdT+6vs5k2vdTY +lxFHzj+mUpW8ogGkfpZZWZRPfMp38Sb2GYojBUrxGB0 +-> ssh-ed25519 Otklkw G3tj2S2BM+jmGg5ajD2hTIKAWJMAhuHAT4jpFpu2YmQ +XDLRUWirSzXQ55HnWdICzICPQDL8pyJC9SnS9ODwhdM +-> v#M-grease +rEp5i85i+0HA+Rx31HR27NU +--- 2Q+j2Vh/Tbv6NYYg614YL1+yP8hff++2zAuWV7dHDe8 +HY\ \;m~qoz85Z̯e9Ia䔝Y \ No newline at end of file diff --git a/secrets/surgat-backup-ssh-key.age b/secrets/surgat-backup-ssh-key.age index 2abfeac..7523e7a 100644 Binary files a/secrets/surgat-backup-ssh-key.age and b/secrets/surgat-backup-ssh-key.age differ diff --git a/secrets/surgat-ssh_host_ed25519_key.age b/secrets/surgat-ssh_host_ed25519_key.age index 7400a57..c664303 100644 Binary files a/secrets/surgat-ssh_host_ed25519_key.age and b/secrets/surgat-ssh_host_ed25519_key.age differ diff --git a/secrets/wg-privkey-vpn-dadada-li.age b/secrets/wg-privkey-vpn-dadada-li.age index 4bd9044..b956b5e 100644 Binary files a/secrets/wg-privkey-vpn-dadada-li.age and b/secrets/wg-privkey-vpn-dadada-li.age differ diff --git a/treefmt.nix b/treefmt.nix deleted file mode 100644 index 75acdfa..0000000 --- a/treefmt.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: -{ - projectRootFile = "flake.nix"; - programs.nixfmt.enable = true; - programs.shellcheck.enable = pkgs.hostPlatform.system != "riscv64-linux"; - programs.shfmt.enable = pkgs.hostPlatform.system != "riscv64-linux"; - programs.yamlfmt.enable = true; -}