diff --git a/devshell.nix b/devshell.nix new file mode 100644 index 0000000..77393a6 --- /dev/null +++ b/devshell.nix @@ -0,0 +1,20 @@ +{inputs, ...}: { + imports = [inputs.agenix-rekey.flakeModule]; + + perSystem = { + system, + pkgs, + ... + }: { + devShells.default = pkgs.mkShell { + inherit system; + + packages = [ + pkgs.nix + pkgs.nixos-rebuild + pkgs.nixos-rebuild + pkgs.nh + ]; + }; + }; +} diff --git a/flake.nix b/flake.nix index 129d59a..4b4d0d4 100644 --- a/flake.nix +++ b/flake.nix @@ -66,10 +66,10 @@ flake-parts.lib.mkFlake {inherit inputs;} { imports = [ inputs.agenix-rekey.flakeModule - ./parts/devshell.nix - ./parts/vm.nix - ./parts/formatter.nix - ./parts/hosts + ./devshell.nix + ./vm.nix + ./formatter.nix + ./hosts ]; systems = [ "x86_64-linux" diff --git a/parts/formatter.nix b/formatter.nix similarity index 100% rename from parts/formatter.nix rename to formatter.nix diff --git a/hosts/bootstrap/configuration.nix b/hosts/bootstrap/configuration.nix new file mode 100644 index 0000000..da5caad --- /dev/null +++ b/hosts/bootstrap/configuration.nix @@ -0,0 +1,5 @@ +{username, ...}: { + networking.wireless.enable = false; + networking.networkmanager.enable = true; + users.users.${username}.extraGroups = [ "networkmanager" ]; +} diff --git a/parts/hosts/default.nix b/hosts/default.nix similarity index 93% rename from parts/hosts/default.nix rename to hosts/default.nix index 1d023c2..0d8a093 100644 --- a/parts/hosts/default.nix +++ b/hosts/default.nix @@ -55,6 +55,15 @@ with lib; let ); in { config.flake.nixosConfigurations = { + bootstrap = mkSystem { + hostname = "bootstrap"; + username = "nixos"; + modules = [ + ../modules/required.nix + ../modules/shell.nix + ]; + }; + laptop = mkSystem { hostname = "laptop"; username = "nickolaj"; diff --git a/parts/hosts/desktop/disk-configuration.nix b/hosts/desktop/disk-configuration.nix similarity index 100% rename from parts/hosts/desktop/disk-configuration.nix rename to hosts/desktop/disk-configuration.nix diff --git a/parts/hosts/desktop/facter.json b/hosts/desktop/facter.json similarity index 100% rename from parts/hosts/desktop/facter.json rename to hosts/desktop/facter.json diff --git a/parts/hosts/desktop/monitors.nix b/hosts/desktop/monitors.nix similarity index 100% rename from parts/hosts/desktop/monitors.nix rename to hosts/desktop/monitors.nix diff --git a/parts/hosts/work/nvidia.nix b/hosts/desktop/nvidia.nix similarity index 72% rename from parts/hosts/work/nvidia.nix rename to hosts/desktop/nvidia.nix index 0d4ef5e..2611b0b 100644 --- a/parts/hosts/work/nvidia.nix +++ b/hosts/desktop/nvidia.nix @@ -9,4 +9,7 @@ _: { powerManagement.enable = true; nvidiaSettings = true; }; + + # Avoid nvidia driver from crashing the system + boot.kernelParams = ["pcie_aspm=off"]; } diff --git a/parts/hosts/laptop/configuration.nix b/hosts/laptop/configuration.nix similarity index 100% rename from parts/hosts/laptop/configuration.nix rename to hosts/laptop/configuration.nix diff --git a/parts/hosts/laptop/disk-configuration.nix b/hosts/laptop/disk-configuration.nix similarity index 100% rename from parts/hosts/laptop/disk-configuration.nix rename to hosts/laptop/disk-configuration.nix diff --git a/parts/hosts/laptop/facter.json b/hosts/laptop/facter.json similarity index 100% rename from parts/hosts/laptop/facter.json rename to hosts/laptop/facter.json diff --git a/parts/hosts/work/disk-configuration.nix b/hosts/work/disk-configuration.nix similarity index 95% rename from parts/hosts/work/disk-configuration.nix rename to hosts/work/disk-configuration.nix index f5bc1d1..9e42851 100644 --- a/parts/hosts/work/disk-configuration.nix +++ b/hosts/work/disk-configuration.nix @@ -2,7 +2,7 @@ _: { disko.devices = { disk = { main = { - device = "/dev/disk/by-id/ata-SanDisk_SDSSDXPS240G_153251401377"; + device = "/dev/sda"; type = "disk"; content = { type = "gpt"; diff --git a/parts/hosts/desktop/nvidia.nix b/hosts/work/nvidia.nix similarity index 100% rename from parts/hosts/desktop/nvidia.nix rename to hosts/work/nvidia.nix diff --git a/justfile b/justfile index 5b498ca..066bf92 100644 --- a/justfile +++ b/justfile @@ -1,10 +1,15 @@ # export NIXPKGS_ALLOW_UNFREE := "1" +nixcmd := "nix --experimental-features 'nix-command flakes'" + +@_default: + just --list + [group('vm')] vm-build: git add . echo "Building VM..." - nix build .#vm + {{ nixcmd }} build .#vm echo "VM built." sudo chmod 777 result/nixos.qcow2 echo "VM permissions set." @@ -42,96 +47,119 @@ vm-destroy: virsh pool-destroy nixos virsh pool-undefine nixos -[group('nix')] -repl: - nix repl --show-trace ".#" nixpkgs - +[doc('Wrapper for nixos-facter')] [group('deploy')] -deploy-factor hostname target='': +factor hostname target='': #!/usr/bin/env -S bash -e target="{{ target }}" if [ -z "$target" ]; then - sudo nix run nixpkgs#nixos-facter -- -o parts/hosts/{{ hostname }}/facter.json + {{ nixcmd }} run nixpkgs#nixos-facter -- -o hosts/{{ hostname }}/facter.json else - nix run github:nix-community/nixos-anywhere -- \ + {{ nixcmd }} run github:nix-community/nixos-anywhere -- \ --flake .#{{ hostname }} \ --target-host {{ target }} \ --generate-hardware-config nixos-facter \ - ./parts/hosts/{{ hostname }}/facter.json + ./hosts/{{ hostname }}/facter.json fi -tmp_dir := "/tmp/secrets/" + uuid() - +[doc('Wrapper for nixos-rebuild switch')] [group("deploy")] -deploy hostname *ARGS: - nix run nixpkgs#nixos-rebuild -- \ - --flake .#{{ hostname }} \ - {{ ARGS }} switch +switch hostname target='': + #!/usr/bin/env -S bash -e + target="{{ target }}" + if [ -z "$target" ]; then + {{ nixcmd }} run nixpkgs#nixos-rebuild -- switch --flake .#{{ hostname }} + else + {{ nixcmd }} run nixpkgs#nixos-rebuild -- switch \ + --flake .#{{ hostname }} \ + --target-host {{ target }} \ + --use-remote-sudo + fi +[doc('Use nixos-anywhere to deploy to a remote host')] [group('deploy')] deploy-remote hostname target: #!/usr/bin/env -S bash -e git add . - trap "rm -rf {{ tmp_dir }}" EXIT + temp=$(mktemp -d) + trap "rm -rf $temp" EXIT - # Copy ssh key to decrypt agenix secrets - install -d -m755 {{ tmp_dir }}/etc/ssh - just secret-echo ./secrets/hosts/{{ hostname }}/id_ed25519 > {{ tmp_dir }}/etc/ssh/ssh_host_ed25519_key - chmod 600 {{ tmp_dir }}/etc/ssh/ssh_host_ed25519_key - cp ./secrets/hosts/{{ hostname }}/id_ed25519.pub {{ tmp_dir }}/etc/ssh/ssh_host_ed25519_key.pub + + install -d -m755 "$temp/etc/ssh" + + # Copy ssh key to decrypt agenix secrets + just age -d "./secrets/hosts/{{ hostname }}/id_ed25519.age" > "$temp/etc/ssh/ssh_host_ed25519_key" + chmod 600 "$temp/etc/ssh/ssh_host_ed25519_key" + + cp "./secrets/hosts/{{ hostname }}/id_ed25519.pub" "$temp/etc/ssh/ssh_host_ed25519_key.pub" # Deploy - nix run github:nix-community/nixos-anywhere -- \ + {{ nixcmd }} run github:nix-community/nixos-anywhere -- \ --flake .#{{ hostname }} \ - --disk-encryption-keys /luks-password <(just secret-echo ./secrets/luks-password) \ - --extra-files {{ tmp_dir }} \ - --target-host {{ target }} + --disk-encryption-keys /luks-password <(just age -d ./secrets/luks-password.age) \ + --extra-files "$temp" \ + --target-host "{{ target }}" +[doc('A wrapper disko-install')] [group('deploy')] -deploy-switch hostname target *ARGS: - nix run nixpkgs#nixos-rebuild -- \ - --flake .#{{ hostname }} \ - --target-host {{ target }} \ - --use-remote-sudo \ - {{ ARGS }} switch +disko-install hostname disk="/dev/sda": + sudo {{ nixcmd }} run 'github:nix-community/disko/latest#disko-install' -- --flake .#{{ hostname }} --disk main {{ disk }} +[doc('Build an install ISO for a host')] [group('deploy')] -deploy-iso hostname: - nix build .#nixosConfigurations.{{ hostname }}.config.formats.install-iso - -identifier := "./secrets/yubikey-identity.pub" - -[group("secret")] -secret-import path: - #!/usr/bin/env bash - # load the file from the root system - cat {{ path }} | nix develop --quiet --command bash -c \ - "rage -e -r -o secrets/{{ path }}.age -i {{ identifier }}" +iso hostname: + {{ nixcmd }} build .#nixosConfigurations.{{ hostname }}.config.formats.install-iso +[doc('Runs (r)age with yubikey identity')] [group('secret')] -secret-echo file: - nix develop --quiet --command bash -c \ - "rage -d {{ file }}.age -i {{ identifier }}" - -default := "" +age *ARGS="--help": + @{{ nixcmd }} shell nixpkgs#rage nixpkgs#age-plugin-yubikey --command rage {{ ARGS }} -i ./secrets/yubikey-identity.pub +[doc('Decrypt a file to stdout')] [group('secret')] -secret-edit name=default: - nix run .#agenix-rekey.x86_64-linux.edit {{ name }} +decrypt file: + just age -d {{ file }} +[doc('Edit an encrypted file in $EDITOR')] +[group('secret')] +secret-edit name: + {{ nixcmd }} run .#agenix-rekey.x86_64-linux.edit {{ name }} + +[doc('Rekey all secrets - needed when adding secrets/hosts')] [group('secret')] secret-rekey: - nix develop --quiet --command bash -c \ - "agenix rekey" - git add . + {{ nixcmd }} run .#agenix-rekey.x86_64-linux.rekey -[group('secret')] -secret-new-ssh-key hostname $USER: - #!/usr/bin/env -S nix develop --quiet --command bash +[doc("Sets up configuration + SSH keys for a new host")] +new-host hostname username: + #!/usr/bin/env -S bash -e + temp=$(mktemp -d) + trap "rm -rf $temp" EXIT - mkdir -p secrets/hosts/{{ hostname }} - ssh-keygen -t ed25519 -f secrets/hosts/{{ hostname }}/id_ed25519 -C "${USER}@{{ hostname }}" - age-plugin-yubikey -e secrets/hosts/{{ hostname }}/id_ed25519 \ - -o secrets/hosts/{{ hostname }}/id_ed25519.age - rm secrets/hosts/{{ hostname }}/id_ed25519 + echo "Setting up folders" + mkdir -p "secrets/hosts/{{ hostname }}" + mkdir -p "hosts/{{ hostname }}" + + echo "Generating SSH key for {{ username }}@{{ hostname }}" + ssh-keygen -q -t ed25519 -f "$temp/id_ed25519" -C "{{ username }}@{{ hostname }}" -N "" + cp "$temp/id_ed25519.pub" "secrets/hosts/{{ hostname }}/id_ed25519.pub" + + echo "Encrypting SSH key" + just age -e "$temp/id_ed25519" -o "secrets/hosts/{{ hostname }}/id_ed25519.age" + + echo "Remember to update ./hosts/default.nix eg:" + + # Bold with no newline + cat < + + + + + + + + \ No newline at end of file diff --git a/parts/modules/desktop/hyprland/default.nix b/modules/desktop/hyprland/default.nix similarity index 98% rename from parts/modules/desktop/hyprland/default.nix rename to modules/desktop/hyprland/default.nix index 122c400..99be7c7 100644 --- a/parts/modules/desktop/hyprland/default.nix +++ b/modules/desktop/hyprland/default.nix @@ -11,8 +11,6 @@ with lib; let then (builtins.elemAt config.monitors 0).name else ""; - - mkKeyboard = name: { inherit name; kb_layout = "eu"; @@ -20,6 +18,7 @@ with lib; let in { imports = [ ./hyprpolkitagent.nix + ./hyprpaper.nix ]; config = { @@ -79,6 +78,8 @@ in { ) config.monitors; + exec = ["systemctl --user start hyprpaper"]; + input = { # Most unknown keyboards will be of the DK layout, we set known keyboards to eu in `devices` kb_layout = "dk"; diff --git a/modules/desktop/hyprland/hyprpaper.nix b/modules/desktop/hyprland/hyprpaper.nix new file mode 100644 index 0000000..c09b781 --- /dev/null +++ b/modules/desktop/hyprland/hyprpaper.nix @@ -0,0 +1,39 @@ +{ + pkgs, + lib, + ... +}: let + background = pkgs.stdenvNoCC.mkDerivation { + pname = "desktop-background"; + version = "0.1"; + + src = lib.fileset.toSource { + root = ./.; + fileset = lib.fileset.unions [ + ./background.svg + ]; + }; + + nativeBuildInputs = [pkgs.inkscape]; + + buildPhase = '' + inkscape -w 3840 -h 2160 background.svg -o background.png + ''; + + installPhase = '' + mkdir -p $out/share/backgrounds + cp *.svg *.png $out/share/backgrounds + ''; + }; + png = background + "/share/backgrounds/background.png"; +in { + fireproof.home-manager = { + services.hyprpaper = { + enable = true; + settings = { + preload = [png]; + wallpaper = [",${png}"]; + }; + }; + }; +} diff --git a/parts/modules/desktop/hyprland/hyprpolkitagent.nix b/modules/desktop/hyprland/hyprpolkitagent.nix similarity index 100% rename from parts/modules/desktop/hyprland/hyprpolkitagent.nix rename to modules/desktop/hyprland/hyprpolkitagent.nix diff --git a/parts/modules/desktop/walker/default.nix b/modules/desktop/walker/default.nix similarity index 100% rename from parts/modules/desktop/walker/default.nix rename to modules/desktop/walker/default.nix diff --git a/parts/modules/desktop/walker/theme.nix b/modules/desktop/walker/theme.nix similarity index 100% rename from parts/modules/desktop/walker/theme.nix rename to modules/desktop/walker/theme.nix diff --git a/parts/modules/dev/docker.nix b/modules/dev/docker.nix similarity index 86% rename from parts/modules/dev/docker.nix rename to modules/dev/docker.nix index c5a51cb..5db4a6b 100644 --- a/parts/modules/dev/docker.nix +++ b/modules/dev/docker.nix @@ -1,4 +1,8 @@ -{username, pkgs, ...}: { +{ + username, + pkgs, + ... +}: { environment.systemPackages = [ pkgs.docker pkgs.docker-compose @@ -7,4 +11,4 @@ virtualisation.docker.enable = true; virtualisation.docker.storageDriver = "btrfs"; users.extraGroups.docker.members = [username]; -} \ No newline at end of file +} diff --git a/parts/modules/dev/just.nix b/modules/dev/just.nix similarity index 100% rename from parts/modules/dev/just.nix rename to modules/dev/just.nix diff --git a/parts/modules/dev/k8s.nix b/modules/dev/k8s.nix similarity index 78% rename from parts/modules/dev/k8s.nix rename to modules/dev/k8s.nix index 52a5e9d..d908ce3 100644 --- a/parts/modules/dev/k8s.nix +++ b/modules/dev/k8s.nix @@ -1,17 +1,22 @@ -{pkgs, username, config, ...}: { +{ + pkgs, + username, + config, + ... +}: { environment.systemPackages = [ pkgs.kubectl ]; age.secrets.k8s-ao-dev = { - rekeyFile = ../../../secrets/k8s/ao-dev.age; + rekeyFile = ../../secrets/k8s/ao-dev.age; path = "/home/${username}/.kube/config.ao-dev"; mode = "0600"; owner = username; }; age.secrets.k8s-ao-prod = { - rekeyFile = ../../../secrets/k8s/ao-prod.age; + rekeyFile = ../../secrets/k8s/ao-prod.age; path = "/home/${username}/.kube/config.ao-prod"; mode = "0600"; owner = username; @@ -22,4 +27,4 @@ KUBECONFIG = "${config.age.secrets.k8s-ao-dev.path}:${config.age.secrets.k8s-ao-prod.path}:$HOME/.kube/config"; }; }; -} \ No newline at end of file +} diff --git a/parts/modules/dev/python.nix b/modules/dev/python.nix similarity index 98% rename from parts/modules/dev/python.nix rename to modules/dev/python.nix index 65830ee..058eb97 100644 --- a/parts/modules/dev/python.nix +++ b/modules/dev/python.nix @@ -8,7 +8,7 @@ pkgsUnstable.rye pkgs.python3 ]; - + # uv tool adds executable to $HOME/.local/bin, so add it to PATH fireproof.home-manager = { home.sessionPath = [ diff --git a/parts/modules/dev/tilt.nix b/modules/dev/tilt.nix similarity index 100% rename from parts/modules/dev/tilt.nix rename to modules/dev/tilt.nix diff --git a/parts/modules/devenv.nix b/modules/devenv.nix similarity index 72% rename from parts/modules/devenv.nix rename to modules/devenv.nix index 42165ad..f6120c0 100644 --- a/parts/modules/devenv.nix +++ b/modules/devenv.nix @@ -2,6 +2,8 @@ imports = [ ./apps/pycharm.nix ./apps/vscode.nix + ./apps/sublime-merge.nix + ./apps/virtualbox.nix ./dev/python.nix ./dev/k8s.nix ./dev/docker.nix diff --git a/parts/modules/graphical.nix b/modules/graphical.nix similarity index 92% rename from parts/modules/graphical.nix rename to modules/graphical.nix index 6a541e1..8a7b95a 100644 --- a/parts/modules/graphical.nix +++ b/modules/graphical.nix @@ -8,6 +8,7 @@ ./desktop/astal/default.nix ./desktop/walker/default.nix ./desktop/gtk/default.nix + ./apps/spotify.nix ./apps/firefox.nix ./apps/ghostty.nix ]; diff --git a/parts/modules/hardware/audio.nix b/modules/hardware/audio.nix similarity index 100% rename from parts/modules/hardware/audio.nix rename to modules/hardware/audio.nix diff --git a/parts/modules/hardware/monitors.nix b/modules/hardware/monitors.nix similarity index 100% rename from parts/modules/hardware/monitors.nix rename to modules/hardware/monitors.nix diff --git a/parts/modules/hardware/usb.nix b/modules/hardware/usb.nix similarity index 55% rename from parts/modules/hardware/usb.nix rename to modules/hardware/usb.nix index 6034d3e..2b23fa2 100644 --- a/parts/modules/hardware/usb.nix +++ b/modules/hardware/usb.nix @@ -1,3 +1,4 @@ _: { + services.devmon.enable = true; services.udisks2.enable = true; } diff --git a/parts/modules/hardware/yubikey.nix b/modules/hardware/yubikey.nix similarity index 100% rename from parts/modules/hardware/yubikey.nix rename to modules/hardware/yubikey.nix diff --git a/parts/modules/required.nix b/modules/required.nix similarity index 100% rename from parts/modules/required.nix rename to modules/required.nix diff --git a/parts/modules/shell.nix b/modules/shell.nix similarity index 72% rename from parts/modules/shell.nix rename to modules/shell.nix index 6dde81b..8922e37 100644 --- a/parts/modules/shell.nix +++ b/modules/shell.nix @@ -3,6 +3,8 @@ ./shell/core.nix ./shell/fish/default.nix ./shell/git.nix + ./shell/comma.nix ./shell/neovim.nix + ./shell/zellij.nix ]; } diff --git a/modules/shell/comma.nix b/modules/shell/comma.nix new file mode 100644 index 0000000..13c4555 --- /dev/null +++ b/modules/shell/comma.nix @@ -0,0 +1 @@ +_: {programs.nix-index-database.comma.enable = true;} diff --git a/parts/modules/shell/core.nix b/modules/shell/core.nix similarity index 97% rename from parts/modules/shell/core.nix rename to modules/shell/core.nix index 35c64a1..454dd27 100644 --- a/parts/modules/shell/core.nix +++ b/modules/shell/core.nix @@ -39,7 +39,6 @@ xz # Nix - comma nurl ]; }; diff --git a/parts/modules/shell/fish/default.nix b/modules/shell/fish/default.nix similarity index 100% rename from parts/modules/shell/fish/default.nix rename to modules/shell/fish/default.nix diff --git a/parts/modules/shell/fish/k8s.fish b/modules/shell/fish/k8s.fish similarity index 100% rename from parts/modules/shell/fish/k8s.fish rename to modules/shell/fish/k8s.fish diff --git a/parts/modules/shell/fish/theme.fish b/modules/shell/fish/theme.fish similarity index 100% rename from parts/modules/shell/fish/theme.fish rename to modules/shell/fish/theme.fish diff --git a/parts/modules/shell/git.nix b/modules/shell/git.nix similarity index 100% rename from parts/modules/shell/git.nix rename to modules/shell/git.nix diff --git a/parts/modules/shell/neovim.nix b/modules/shell/neovim.nix similarity index 100% rename from parts/modules/shell/neovim.nix rename to modules/shell/neovim.nix diff --git a/modules/shell/zellij.nix b/modules/shell/zellij.nix new file mode 100644 index 0000000..8df7b17 --- /dev/null +++ b/modules/shell/zellij.nix @@ -0,0 +1,11 @@ +{pkgs, ...}: { + environment.systemPackages = with pkgs; [ + zellij + ]; + + fireproof.home-manager = { + programs.zellij = { + enable = true; + }; + }; +} diff --git a/parts/devshell.nix b/parts/devshell.nix deleted file mode 100644 index e49a103..0000000 --- a/parts/devshell.nix +++ /dev/null @@ -1,29 +0,0 @@ -{inputs, ...}: { - imports = [inputs.agenix-rekey.flakeModule]; - - perSystem = { - config, - system, - pkgs, - ... - }: { - # agenix-rekey.nixosConfigurations = self.nodes; - devShells.default = pkgs.mkShell { - inherit system; - - packages = [ - pkgs.nix - pkgs.nixos-rebuild - pkgs.nixos-rebuild - pkgs.nh - pkgs.age - pkgs.rage - pkgs.age-plugin-yubikey - config.agenix-rekey.package - ]; - env.AGENIX_REKEY_ADD_TO_GIT = true; - }; - - agenix-rekey.nixosConfigurations = inputs.self.nixosConfigurations; # (not technically needed, as it is already the default) - }; -} diff --git a/result b/result index b4faad8..7862996 120000 --- a/result +++ b/result @@ -1 +1 @@ -/nix/store/jpdwv558x8bc92lx6vs54z296xwzhck2-nixos.iso \ No newline at end of file +/nix/store/nc1f93w32gkn9i69vhfi88fp53q29ib7-nixos-24.11.20250212.0ff09db-x86_64-linux.iso \ No newline at end of file diff --git a/secrets/hosts/bootstrap/.rekey/006cfdef5dee6baf8dbbbe05c39cadb1-ssh-key.age b/secrets/hosts/bootstrap/.rekey/006cfdef5dee6baf8dbbbe05c39cadb1-ssh-key.age new file mode 100644 index 0000000..b5aa0e8 Binary files /dev/null and b/secrets/hosts/bootstrap/.rekey/006cfdef5dee6baf8dbbbe05c39cadb1-ssh-key.age differ diff --git a/secrets/hosts/bootstrap/.rekey/36c574349a88c5ad1b1bc0ea99e5a278-hashed-user-password.age b/secrets/hosts/bootstrap/.rekey/36c574349a88c5ad1b1bc0ea99e5a278-hashed-user-password.age new file mode 100644 index 0000000..e310caf --- /dev/null +++ b/secrets/hosts/bootstrap/.rekey/36c574349a88c5ad1b1bc0ea99e5a278-hashed-user-password.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 I1N8TQ oHZTrwd8IVHBHKgqjXOBu3IjY1X7DUa2FKC7h0bDYAA +xDeL0WhGFY0vsFr1f/12uHmrY0QyokfpmgwN/ord5Do +-> ITY_-grease QcD_xSt WhA"L<|S *)OF o~[x|} +BYO4Uc20KSlWj7gZt7HqqtzkgNWD7whcxFNBLqewBCJauDyXrKz642OpPM1XJcPV +3zShFMHjW1F9C+Lg2zOHcyHA6wIzUgIEbHlugRbPNJ/IkcbgaFuMw1la +--- y+EIZ8/ADB80WB7fyWP+BcR+/co46qXkn7bao4koUsE +@|ƒ`:Wn.0 >ܡm4OxJ4l HS.v_aT2b7TkF0@;L;aqOi \ No newline at end of file diff --git a/secrets/hosts/bootstrap/.rekey/6cf125b0ff06b3abca21a3a0c1535d1f-ssh-key-ao.age b/secrets/hosts/bootstrap/.rekey/6cf125b0ff06b3abca21a3a0c1535d1f-ssh-key-ao.age new file mode 100644 index 0000000..5b69725 Binary files /dev/null and b/secrets/hosts/bootstrap/.rekey/6cf125b0ff06b3abca21a3a0c1535d1f-ssh-key-ao.age differ diff --git a/secrets/hosts/bootstrap/.rekey/9027794209bfa8db892b2145082da0fb-hosts-private.age b/secrets/hosts/bootstrap/.rekey/9027794209bfa8db892b2145082da0fb-hosts-private.age new file mode 100644 index 0000000..7a4c064 Binary files /dev/null and b/secrets/hosts/bootstrap/.rekey/9027794209bfa8db892b2145082da0fb-hosts-private.age differ diff --git a/secrets/hosts/bootstrap/id_ed25519.age b/secrets/hosts/bootstrap/id_ed25519.age new file mode 100644 index 0000000..e6e1f63 Binary files /dev/null and b/secrets/hosts/bootstrap/id_ed25519.age differ diff --git a/secrets/hosts/bootstrap/id_ed25519.pub b/secrets/hosts/bootstrap/id_ed25519.pub new file mode 100644 index 0000000..1ebb34d --- /dev/null +++ b/secrets/hosts/bootstrap/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILjwdp2zNGHzsv7ERTbv0SEROUHzoXUcWfCOt7njS3uf nickolaj@iso-test diff --git a/secrets/hosts/desktop/.rekey/5f97a27cf6fa2407a7e04b3273f11cf5-spotify-player.age b/secrets/hosts/desktop/.rekey/5f97a27cf6fa2407a7e04b3273f11cf5-spotify-player.age new file mode 100644 index 0000000..dd460ea Binary files /dev/null and b/secrets/hosts/desktop/.rekey/5f97a27cf6fa2407a7e04b3273f11cf5-spotify-player.age differ diff --git a/secrets/hosts/laptop/.rekey/5f97a27cf6fa2407a7e04b3273f11cf5-spotify-player.age b/secrets/hosts/laptop/.rekey/5f97a27cf6fa2407a7e04b3273f11cf5-spotify-player.age new file mode 100644 index 0000000..073c1f8 Binary files /dev/null and b/secrets/hosts/laptop/.rekey/5f97a27cf6fa2407a7e04b3273f11cf5-spotify-player.age differ diff --git a/secrets/hosts/test/id_ed25519.age b/secrets/hosts/test/id_ed25519.age new file mode 100644 index 0000000..5436d19 --- /dev/null +++ b/secrets/hosts/test/id_ed25519.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> piv-p256 q3LNVw Atsd5qd7RuiYH2sw3kP9Qr73DG/LgEUIS50SPCpWGvJN +XGDLJ6jfwLOykRty8gP0kfzmaQECMoz/e8HKbrD11dY +-> g9.(=-grease }{ D<_x> H/\ eD-H[ +ZKKXcyQoBOkmGg2JiUJXJYoqTTfMu1+ifC4OXUfeNuHTAsHjSBKU723f +--- v6PLnR8THb0wImtuH6+1WjRkwNvEh6abjUla978scYc +k -jPvTl"SwRd +g$v8`؎/\YӘoVq|>а-nHdfIe *.[r/"^$3rwX}Vkb'p>~,k +V|D=|⵾ <)nU'cK c8ՇX)tB3Ži1IiU즓{-PM+GT],S;t3pzθ5 k3CjÖ~nVi ,TkCܲέMF \ No newline at end of file diff --git a/secrets/hosts/test/id_ed25519.pub b/secrets/hosts/test/id_ed25519.pub new file mode 100644 index 0000000..c07d318 --- /dev/null +++ b/secrets/hosts/test/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5B2ln/fxAokwwvg5JcRt+6fjtLg06j+00/dbOMFSs test@test diff --git a/secrets/hosts/work/.rekey/7e53c5cd0a761afee1eec87601c0327f-spotify-player.age b/secrets/hosts/work/.rekey/7e53c5cd0a761afee1eec87601c0327f-spotify-player.age new file mode 100644 index 0000000..4be1c26 --- /dev/null +++ b/secrets/hosts/work/.rekey/7e53c5cd0a761afee1eec87601c0327f-spotify-player.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 UQ3p6w RbeHbL5jqsbYa/7h4Hz0DfBnXOX6vdrQxLU60EFxMXA +Crz5EimHRWl9ANhdhaQJ1eRWiecIK+HhD7NY+M1oyDE +-> pD2pC-grease JWohSW 4f,/D; ++dqfefs+UlIG1ZQA6w +--- tacx2ep4qaIGOnUSZQ/fWXU/nKzHMaUiTCLyQrreW4A +ņR_6E;2'5&/Lq-ah4v(Edr7ahA;!;fPԁ- -s_7]m-ZZi PcKϝ<-$ =d+?L(vaf:A3Dt]L>QKc<̪8 q8sT+O 0R