From 7e8db3e3af006b1bc0a56e06d169d7d29521a5e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charlotte=20=F0=9F=A6=9D=20Delenk?= Date: Fri, 8 Nov 2024 09:09:42 +0100 Subject: [PATCH] add rainbow-resort --- .sops.yaml | 5 +++ flake.nix | 4 ++ machine/pc-installer/default.nix | 20 +++++---- machine/rainbow-resort/default.nix | 24 +++++++++++ machine/rainbow-resort/disko.nix | 63 +++++++++++++++++++++++++++++ machine/rainbow-resort/hardware.nix | 23 +++++++++++ modules/hydra/build-server-list.nix | 5 ++- programs/ssh/shared-keys.yaml | 59 +++++++++++++++------------ services/tailscale.yaml | 39 +++++++++++------- users/darkkirb/system.yaml | 49 +++++++++++++--------- users/root/system.yaml | 49 +++++++++++++--------- 11 files changed, 252 insertions(+), 88 deletions(-) create mode 100644 machine/rainbow-resort/default.nix create mode 100644 machine/rainbow-resort/disko.nix create mode 100644 machine/rainbow-resort/hardware.nix diff --git a/.sops.yaml b/.sops.yaml index 1f2e7a33..ced7ec5a 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -3,6 +3,7 @@ keys: - &darkkirb age15g6tzvcmcp3ae4hwnn4pwewat6eq9unlhtjrlaka6rf94ej9dd5qqpgt7u - ¬522 age1emv3kzvwgl36hgllrv7rlekqy3y3c6eztadl3lv09ks3z9vv6vdqw06yqa - &pc-installer age1eh2vd6cdy23qazwg0hzq95pn9e6p8yaqu4g6zyan8gzal4x5ed5qful8kg + - &rainbow-resort age19vzypddhexvvsf8xylstxc9znnkd8rxmamhjlt7elvz4j3zaf5tqqura6f - &thinkrac age1p400545a482fma40yfgytu40p6wr5a75v4f8yeudvgf7eh5erufqxhgynr creation_rules: @@ -16,6 +17,7 @@ creation_rules: - age: - *base - *not522 + - *rainbow-resort - *thinkrac - path_regex: users/root/system\.yaml$ key_groups: @@ -23,6 +25,7 @@ creation_rules: - *base - *not522 - *pc-installer + - *rainbow-resort - *thinkrac - path_regex: users/darkkirb/system\.yaml$ key_groups: @@ -30,6 +33,7 @@ creation_rules: - *base - *not522 - *pc-installer + - *rainbow-resort - *thinkrac - path_regex: programs/ssh/shared-keys.yaml$ key_groups: @@ -38,4 +42,5 @@ creation_rules: - *darkkirb - *not522 - *pc-installer + - *rainbow-resort - *thinkrac diff --git a/flake.nix b/flake.nix index 0c19cc2f..251bbbe7 100644 --- a/flake.nix +++ b/flake.nix @@ -161,6 +161,10 @@ config = ./machine/pc-installer; system = "x86_64-linux"; }; + rainbow-resort = { + config = ./machine/rainbow-resort; + system = "x86_64-linux"; + }; thinkrac = { config = ./machine/thinkrac; system = "x86_64-linux"; diff --git a/machine/pc-installer/default.nix b/machine/pc-installer/default.nix index 66b9b708..b8ac8186 100644 --- a/machine/pc-installer/default.nix +++ b/machine/pc-installer/default.nix @@ -6,14 +6,16 @@ pureInputs, ... }: let + getDeps = name: [ + nixos-config.nixosConfigurations.${name}.config.system.build.toplevel + nixos-config.nixosConfigurations.${name}.config.system.build.diskoScript + nixos-config.nixosConfigurations.${name}.config.system.build.diskoScript.drvPath + nixos-config.nixosConfigurations.${name}.pkgs.stdenv.drvPath + (nixos-config.nixosConfigurations.${name}.pkgs.closureInfo {rootPaths = [];}).drvPath + ]; dependencies = - [ - nixos-config.nixosConfigurations.thinkrac.config.system.build.toplevel - nixos-config.nixosConfigurations.thinkrac.config.system.build.diskoScript - nixos-config.nixosConfigurations.thinkrac.config.system.build.diskoScript.drvPath - nixos-config.nixosConfigurations.thinkrac.pkgs.stdenv.drvPath - (nixos-config.nixosConfigurations.thinkrac.pkgs.closureInfo {rootPaths = [];}).drvPath - ] + (getDeps "rainbow-resort") + ++ (getDeps "thinkrac") ++ map (i: i.outPath) (builtins.filter builtins.isAttrs (builtins.attrValues pureInputs)); closureInfo = pkgs.closureInfo {rootPaths = dependencies;}; @@ -51,5 +53,9 @@ in { set -eux exec ${pkgs.disko}/bin/disko-install --flake "${nixos-config}#thinkrac" --disk main "${nixos-config.nixosConfigurations.thinkrac.config.disko.devices.disk.main.device}" '') + (pkgs.writeShellScriptBin "install-rainbow-resort-unattended" '' + set -eux + exec ${pkgs.disko}/bin/disko-install --flake "${nixos-config}#rainbow-resort" --disk main "${nixos-config.nixosConfigurations.rainbow-resort.config.disko.devices.disk.main.device}" + '') ]; } diff --git a/machine/rainbow-resort/default.nix b/machine/rainbow-resort/default.nix new file mode 100644 index 00000000..2cc9917b --- /dev/null +++ b/machine/rainbow-resort/default.nix @@ -0,0 +1,24 @@ +{ + config, + nixos-config, + lib, + ... +}: { + networking.hostName = "rainbow-resort"; + imports = [ + "${nixos-config}/config" + ./disko.nix + ./hardware.nix + "${nixos-config}/config/networkmanager.nix" + "${nixos-config}/config/graphical.nix" + ]; + system.stateVersion = "24.11"; + specialisation.quiet = { + configuration.imports = [ + "${nixos-config}/config/graphical/plymouth.nix" + { + nix.auto-update.specialisation = "quiet"; + } + ]; + }; +} diff --git a/machine/rainbow-resort/disko.nix b/machine/rainbow-resort/disko.nix new file mode 100644 index 00000000..dc072289 --- /dev/null +++ b/machine/rainbow-resort/disko.nix @@ -0,0 +1,63 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/disk/by-id/nvme-eui.002538b631c1b336"; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1M"; + end = "1024M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + root = { + end = "-64G"; + content = { + type = "btrfs"; + extraArgs = ["-f"]; # Override existing partition + # Subvolumes must set a mountpoint in order to be mounted, + # unless their parent is mounted + subvolumes = { + # Subvolume name is different from mountpoint + "/root" = { + mountOptions = ["compress=zstd"]; + mountpoint = "/"; + }; + # Subvolume name is the same as the mountpoint + "/persistent" = { + mountOptions = ["compress=zstd"]; + mountpoint = "/persistent"; + }; + # Parent is not mounted so the mountpoint must be set + "/nix" = { + mountOptions = ["compress=zstd" "noatime"]; + mountpoint = "/nix"; + }; + }; + mountpoint = "/partition-root"; + }; + }; + swap = { + size = "100%"; + content = { + type = "swap"; + discardPolicy = "both"; + resumeDevice = true; # resume from hiberation from this device + }; + }; + }; + }; + }; + }; + }; +} diff --git a/machine/rainbow-resort/hardware.nix b/machine/rainbow-resort/hardware.nix new file mode 100644 index 00000000..f1c51977 --- /dev/null +++ b/machine/rainbow-resort/hardware.nix @@ -0,0 +1,23 @@ +{ + modulesPath, + nixos-hardware, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + nixos-hardware.nixosModules.common-cpu-amd + nixos-hardware.nixosModules.common-cpu-amd-pstate + nixos-hardware.nixosModules.common-cpu-amd-zenpower + nixos-hardware.nixosModules.common-gpu-amd + nixos-hardware.nixosModules.common-pc + nixos-hardware.nixosModules.common-pc-ssd + ]; + hardware.cpu.amd.updateMicrocode = true; + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" "k10temp"]; + boot.initrd.kernelModules = ["amdgpu"]; + boot.kernelModules = ["kvm-amd" "i2c-dev" "i2c-piix4"]; + boot.extraModulePackages = []; + nix.settings.cores = 4; + # use the lowest frequency possible, to save power + powerManagement.cpuFreqGovernor = "powersave"; +} diff --git a/modules/hydra/build-server-list.nix b/modules/hydra/build-server-list.nix index ff4498f4..72ffec13 100644 --- a/modules/hydra/build-server-list.nix +++ b/modules/hydra/build-server-list.nix @@ -1 +1,4 @@ -["not522"] +[ + "not522" + "rainbow-resort" +] diff --git a/programs/ssh/shared-keys.yaml b/programs/ssh/shared-keys.yaml index cdb1479b..a49923eb 100644 --- a/programs/ssh/shared-keys.yaml +++ b/programs/ssh/shared-keys.yaml @@ -10,47 +10,56 @@ sops: - recipient: age1tltjgexkp5fz3rum4j0k66ty5q4u8ptvkgkepumd20zal24g2qfs5xgw76 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkWUJPZjVjcWxEb0VtNW5k - QVg2M2lrYTdFZnhqdUpKOUk5SCtwU3BSbUFRCk5rdVhWU2dFTC9NWG1KTHd2ODNL - ZXIwV3Z1NXZGRjdrNUJvUndseFljY3MKLS0tIG9NOXU3QXowQXlPUlRwOEpRaXU3 - ajNTUTk4bzJja2hFUUVLZEJnbFZNYjgKizpFQ5N8XZGxGUlmJbZzEj29K2emun09 - dlw2PqJE3IgEEltimTxADUFXZpx0xZuDdexSdpr7RXoB5ZtDsdLiqA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSmxYU0RBU1Y1dzRTUFJu + N2xYeUpVeURmQkRNVW4rckEwYkNxSjlScGtVCmoxdzd1UWlKbXRKQ0hZZTFvMXBa + UTBEUnl0anFVMk4rV3VtYmFCRkRibmsKLS0tIGRKT00zQlp0RjB4a2hqQkovKzVW + R1BFM0hSdWZlU2VwVzVzY1FXcmcraWMKTe7VQ3UWgtZPvr3vkjHRBSm0Uxq2KGwF + vxXYRibdWJDr4q7O52NGoF53pHeRkJry7m9bDcgw9kHFYQh7qfwJiw== -----END AGE ENCRYPTED FILE----- - recipient: age15g6tzvcmcp3ae4hwnn4pwewat6eq9unlhtjrlaka6rf94ej9dd5qqpgt7u enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZYnYvUVFoMDFsVjZBVWF1 - Mmp2VUwrYU8wRnQ0anh2VXFyT1pBUmpxNmk0CmZpcU9lL1ZWRlRmQmlPZ2hVRUlY - YWUvZmFwS3Blc3J3K0VWQjQzcUovbTAKLS0tIFlRaFgzVFlSY3hLcGVoUHREUVo0 - Zjl6V0ZrUVB5NktZRldxdXBhWkxUL1kKS1oGGMip2QDF7ixSmWsHkrs8AwdLSX3W - OZ/a6c62rojFawE2+NaxM7/QrLa+YcAIYfnwb/i7f1V3p/jq6P++0A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIeEdwNGVWd2p0b3VodVY3 + TnJwS0RVQk9nMmdpYXFHSG9NRDc2RStoYlhzCkFuaGVkMUlnNm85eU9UWHZndXJZ + NE1XYkhEN1dvcHpzamdRT3E4amdFb1kKLS0tIEFNSnNBcXllellHemtLTTJ0cEU1 + UWcvT2UzRTJObFpZR0Q0eURFUFNsb0UKBxhhczNzqcqlYpx0Ifxp/gbXoNcaV70Z + sDia1XQTsAG8NeB4TlrfWbV4Fq3yDTo9mJCxzzEdclIk5wTCnh9xdQ== -----END AGE ENCRYPTED FILE----- - recipient: age1emv3kzvwgl36hgllrv7rlekqy3y3c6eztadl3lv09ks3z9vv6vdqw06yqa enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWRFFXdk1MOWpUUDFQamI2 - VGJxZ1M0cFBwVnd4eHUyRTB4bUpGR3hUZTJnCnhoNm9rTE1FaXVObmQ0NDY1NDJO - MER5aHZnaDNFRHduNnlJbHlqWDhVN0EKLS0tIHAyLzRIMUxsNEJnWnUvVTZFU2kw - U3I0Slp0QlVlaUxTSmV5SFNJT0FUa28KliKhAHXanrOPY9GfOB6usDD/NKi442IA - 3eU8y1Z3xwHCcQrnnywxQb60qiN/NwZR0XWwuI68HeOvAQtx38zi3A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLdERSVi9jTHoxTUxETWVw + bkx5QWJraW1ITEhYSGhhYmxuMUREdUV0MFRRCm9nQmJVZ1lmNGJkWFhvN1RkbnVW + b2YreHF5TmhuYzFQdlZLcXdoU3dtUUEKLS0tIE9pcGRNWXF2ajhIYXRmR2R6d2xU + WDhrQ3llNW9uQmZWM0p6TmY5Ti91SXcKGONKMtsvLR8y6QWQqV1mZq6N7tdwydfg + 44+4mHhUpbP1l7kE1GafJGublDEjtFlcAUChB77LcTRUdnxdX22VtQ== -----END AGE ENCRYPTED FILE----- - recipient: age1eh2vd6cdy23qazwg0hzq95pn9e6p8yaqu4g6zyan8gzal4x5ed5qful8kg enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCbFN6TjdoR3QxLytIN2Vm - a1Q3UThvQVV5SEhsZjlyU2FHSGNlY3hsOEVBClRhYTU3MG8xNjA3czJLaE82MFlT - cjFRYWNoVktXUUx2NDg2SVkzN3VEOWcKLS0tIHpWRWZnQWJLNTR4K1ZSUkZJL1F3 - SmVUL1lLdktyWjJsYm1BcmxWaXZPdE0KXkXKRn7HTajEgCJC2pNLrLb/0MF/3n+9 - Jtni+0R+SVTUIE9jgQ++S5MChWmMQYxAxaptXb137e07r5S9mBw+EQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArQ1hmejMreExWT2U3NTlh + MzNtdkpCUGUxQnlyNDc3UExQYWlPMVcvd3gwCkgxd0pDa3VzWGxadjFWM042UG50 + VlZNKzh3aTBReG8yRjdwQXlJaUk0Zk0KLS0tIDYxcTc5NEl3ck5scCtvN0F2RzB4 + TzhaT3ZGRTl2VnNYZ0pocHVPKzFTWWMKd96QPl4OGKNMz3xfM1NTDXE9Pdw5ewfT + 6M9hmpvUngyXN4S5JGbAYrg3yBidfdrKShq2PRud5d/zfveLeUxIDQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age19vzypddhexvvsf8xylstxc9znnkd8rxmamhjlt7elvz4j3zaf5tqqura6f + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6UWdRNWYvUDZ5bjVzQU1O + UVpJQ3lFajJIWG9ydWFvQ1diWGVoRzJLcTNZCjg2K04rY2x0OTVsUkhBUzZNd2FX + WjJCRE9uc3QxWVdGVlpBakhUQmkvZkEKLS0tIDVyTXFEcGVVZ3paL2FqS0VGemlB + aW5uNkRQNlRXZ0RnV2ZNQzNxYVZnSlEK5WDot4E5Fw+2k78ltnEHvThZhrkgXTih + eOeMLlNXFXXMqFohjASAOD/0r5EfaU3IICZwQcmhuWRazRmlh5TZUA== -----END AGE ENCRYPTED FILE----- - recipient: age1p400545a482fma40yfgytu40p6wr5a75v4f8yeudvgf7eh5erufqxhgynr enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKQjltTXdHQVZCWFlHQXIw - SGF6bGZ2VXd2ckVyenF4am1uSnhDdkwzU0JNCmN3VjNEZXVKMkYvb1ZQUXhiWlRu - RzRCaU1GLzB0Q0JkcmJWM3NxTEpBYVEKLS0tIHFQVWxmZkRmNk9CZnphTnN3K2t1 - YWNmWmlNeDAwVFdKdEtqcWJhQUMvSUkK1jE5MDE/XMIgP1xpmxCX5V0Fzldn5aij - oztv4AvmFm2qM2totA3nxqVAMOJql9wHhhhpPmk8j0QoDCZ8n40ojA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByLzVOZGY2MmZ6Rmg1YndM + SkR5VVRmQUcwVm9HeENBNDE4dC80bkRBVTEwCmZNRTlKNjFicWFHRS9MdWlvVHRa + Snp6Z3YrL0k5MGpqN3crNzkrU0RxaDgKLS0tIHJUWnRuUmhRZ2pDV2JyUkk4Y2Fr + MUJUVFVMKzNsWDA3QzJ5YWpMcy9lbUEKUkqB8BSdR7XQdBKAvtW8nxbNrce2gm3l + tXjqxa6DhKMjxnRT1+MvEUa8kk0dMqyGKkLzLfm5JV/l+Lx+r3UNag== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-11-06T08:58:58Z" mac: ENC[AES256_GCM,data:yzeJcuRDNbPebTJ4wwT4yiOuFMplSOf/XJcdw+g04S3ELj8tWwmQszv/gYJfCTI7kfeREbggyddF/2g4T7dzwCK2dWvGNRvGz96JFvYalWwI8a1ZSDk2DCS1ahKzcXisLG1WtVqVpr7i5ttkWGUjrgcRJrekLCCHGz228JnlUvE=,iv:EQs/TLqF8Hzah5YDZ2GqSrpr8FGkZgHt/Q/4bMlWe8U=,tag:AWsIaUAphZ2g95idHnhNSQ==,type:str] diff --git a/services/tailscale.yaml b/services/tailscale.yaml index 0c90a6b6..6a62f409 100644 --- a/services/tailscale.yaml +++ b/services/tailscale.yaml @@ -10,29 +10,38 @@ sops: - recipient: age1tltjgexkp5fz3rum4j0k66ty5q4u8ptvkgkepumd20zal24g2qfs5xgw76 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyWWZiMGc0WWtMdjFXUVNx - elRDMjUrUVVyS0xqa1RlU0ZjRE9GNWdmSEhjClpjaktROG9PKzVxWG5KcWVwRmw2 - NitLa3I1c2xnaXJIVEtNVzFhQ3hBcm8KLS0tIC9GeEhoQ1JMRFlTMzhvZTVydHhl - dkhUYVNOMTRFVFJhM3pRdzVVcGxlcVEKdZPczy4duUIfA5XSHMuRwfbfERZso8dE - G1x2hiKjLuri2cNXTdWx0O1YHp1gdUAv7yXZZyhMK7L4YEMb2jcaSQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLTHFBVmhRNitydE9KbmpW + eG5PbE1pWEhjdUdScTUxNjYzSWZMeWplQXlvCnZaczI2a3Y4U1BJWE1ZcXZqcll2 + ZGxNa3RVYjQ4ckF4aXNRUDdOTmVWVlUKLS0tIFdtWDBKbGF6OXFqeXBBRmtkQWEr + cXI3L3c3cnhxbU05eEt2bVNXY3pBZmsKpnglue8/JSiAOrYKeWuqKba1HABfESzP + SNidd/CaEtOHH/WGedI0Rtjjwou/UFmps+L6zA9NYdMu7ubBwMa0uA== -----END AGE ENCRYPTED FILE----- - recipient: age1emv3kzvwgl36hgllrv7rlekqy3y3c6eztadl3lv09ks3z9vv6vdqw06yqa enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWMDlRZkd4ZjU0NWNHU1Nw - UDQ1UkF0cGF3V1JGY2U1K0JTRWY4c0lZRFdFCjFtVGVrQkV0d21WK0NjSlprUFl3 - dDh4VEFkOXF5VitwKzVlSFRObXVBYTgKLS0tIGFvdDRvYlZMM09XOXZHL0I2c05X - Y09mRkY4cGZCWjVuZU01K0EvKy9VTFUKSseFS0cEPGjzzYiWrX87T1pdH31D9RjC - Xgx8h4zmJCfZD1MiZ/EnQB+UuDyxJR+4Zx6SEoydHSfnL/la9psv2A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuY2xIZ0VUUVUxdXgrc2Ju + WEsxc1dkZUx0K2lMUE1kcVcyM3hzdDAvNndjCnZNWkx3dGh1dlB0WDVwRmx5L3VS + S3pkWVE5VjB2TjNhUGs1WkFsLzdrSjQKLS0tIDNqak9kRTMvNVdhZDdOVENXYmk1 + RjM3WVd4MXFISVpoTVpzYm1DdHIyV2sKFNUbIbPAf9s5Q8LaD6QfOZQN9PvqgvRJ + IayLKzrHUZuzHXJ2JugR2iHJnjwr5KpUg6iX0wLFyrlIjXPTxgWLeA== + -----END AGE ENCRYPTED FILE----- + - recipient: age19vzypddhexvvsf8xylstxc9znnkd8rxmamhjlt7elvz4j3zaf5tqqura6f + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByOFpqeEd5aTJQeEdtWVEr + aGpFaHJaa3JIT0drUXUrMVF1ZFpFVUpBWEUwCnFhME1CZnVsZXpwOXJ0RG1ES0Jx + VzA1bmZMbi8rRFZWTFA3UjRQZEpESDAKLS0tIG12Q1lNbCtDRi9DaUkxUDUwdlY0 + TnlUZDFaaVlXWXB1bWFWaG91OStQaVkKJSLJeb+5TlDXcBP54k8bE8wKwgEp8Lc7 + ajaynuSY77K+eDVBDpDNAMTzR9aKH4kT7fJ7vnRhKKzQ6gs19mH+yg== -----END AGE ENCRYPTED FILE----- - recipient: age1p400545a482fma40yfgytu40p6wr5a75v4f8yeudvgf7eh5erufqxhgynr enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArUHRzb1AzQVM3UVhnZUY5 - Q0hDZXViUjF6KzE4RE4zaVk2YjhVdWtsK1VjCmpNaGtOcHVaV3ZkOTAwUjgrQzRa - K0lINnRxckNFbnJNVjF4Q29rSkRmMHcKLS0tIHJyWEt1UVNhVXpsakRpUDUvTEx0 - eXhBNzlYbW1iQUJlekxIM3djbWVFdkEKKLyCS9vYo4EjiZG/C+fRCQh2wp3Wy9AA - OKARRDSMymIDnWvp5Bm2nVIAbInCqkGaPF6xnRAuqBmtszD95FK4/g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIU2ZlS2h3Yk8weFBGSnV6 + K01Yc0g3V0JvSUhWbUNLRGNKc253a0pEckg4Cm9jdHRET1orR3dUbnlkWmQrS2h4 + TmV2NW9QVUc2cHo0UmxWVGlGZ0RkL3cKLS0tIGJSWS9jTmtUQTV6c250WW8rMVJy + aEdJZzQ4ME9IR2hwbGNYY1FzVXRlbmsK+eXHdbTQMntejUFCRMUBSTU3psshwvj0 + LzZySqhVq+Kk5fh4aKJO3JoTAyOmp7I2C3I/ueHBlrIr7VTSes4lNQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-10-29T09:11:58Z" mac: ENC[AES256_GCM,data:0DTvlOMKIRR11bPB5VElyIKb1Xz5gJZuSOpwahnjlnKF/ba+0RENiKdkb60YTuS6+tv/gVxT+Xs4KWDTJw/3JcTIPhaah3x8q90UfmqE91zLy4oUWzRqFXBDEL5dNtN79/EKI4b19102jSOETvmTTGjjrXV1VSdL0ZMse1g07BA=,iv:WeoU6xUka6zMo5wZviU78OofS5+vTHTWD4m/29hHHp0=,tag:6QessEZIGVRr8NkaLydjtw==,type:str] diff --git a/users/darkkirb/system.yaml b/users/darkkirb/system.yaml index 2d818f4e..c37bdcfe 100644 --- a/users/darkkirb/system.yaml +++ b/users/darkkirb/system.yaml @@ -12,38 +12,47 @@ sops: - recipient: age1tltjgexkp5fz3rum4j0k66ty5q4u8ptvkgkepumd20zal24g2qfs5xgw76 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHK2pCa0p2NkwzM0J2TUY5 - aXdnWm8vR3p0T2pObjV5Umg5bnJYWkVvbnhzClZPUWEyTEIwMHN3VHRwclE0Y2U5 - MzZZR2djUFpzWDVqOGtJQldEVTBKbjQKLS0tIElBVWtORit5MTVXSFVEd1dmOFFF - MVpLdnFScmhidG1UK0pQNTkvN1lsVHcKv+nGSQzmvm1FkAZKGyxY/s7k95RdoXmF - SOC98JjNyD6tPgkPriKAQVoSwlwqrraL4CxP6qI5OUMxIAe5C+weEA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRTmtJZEhrc3FvNTF0Tm9h + Ly9sT01obmVzRzZRVk9xTUtpRlpyZGZTMjEwCmVub2djcmtoendTUDUrNHo0SVRR + bDVBWm53aW1Rdm5SK1AwOVFOZjNCVWMKLS0tIFRrREs2QWU3Yld1bmFpTTFiQ3BZ + SXlYbFJ1ZktPbkZNbEVWWEFlNGpYcXMK/XZAdHER6ePZ61JINWZ3t9XPrs/Yf+Dm + g/IftLsp2ujMFGlx6nxA2slLoS2gbIHdwPWaMVgFuOWLSvyHokhQdw== -----END AGE ENCRYPTED FILE----- - recipient: age1emv3kzvwgl36hgllrv7rlekqy3y3c6eztadl3lv09ks3z9vv6vdqw06yqa enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4STIrVExPTTVKS2ZLVzdI - ZThQZGp2bzZCYkNIelVqLzZSVW5iOHVwcWpFCmk0VnNtRUt0K1dZMHo0YXdqLzlm - VXlHMEhERzZUK3IzM0pGRytkaUJrRDgKLS0tIGIzb0dTTkZiZ2xYWHRRb1d4RDZl - WTZqWElGM0dRL1ArSXEvVXpiYnl4U1kKC/Wek5rfTDS47mWoiAUoindwg77mHkYs - 1vAD7FmNtIXK62ePyGz8/EVZocaCfv5vGr6bIUwbEx19eoWwG9MCOg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLWTgwVGxWNUoxaXZ2bTJB + QmtDYVhFdGcwblo4UnBvY0lrNTdzK0ZWUVJrCndHeXh1blI1UTlSbGhOYXlyL1k1 + SnBvSlpZK0xqK2NudE9YWnNGM214cW8KLS0tIGp0T1luQXdYUFdDMEFIanpHSXFD + Nk51eklBbm8rb0d0SGdCYXBKcjFnQlUKlQnkLNghf0UX0doloGbiTqhKRxnSUwrm + u9vC1v/Q6qA8V1pQAKGikHK7uikSZFREgzEFoquUmWnhsqGN8VQhFg== -----END AGE ENCRYPTED FILE----- - recipient: age1eh2vd6cdy23qazwg0hzq95pn9e6p8yaqu4g6zyan8gzal4x5ed5qful8kg enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3TUNFdnZmQUNISllvcG1m - TE94OHltbE0wVXU5N29yT3RPb080M1Z1SVVVCk9iTml1SG9OQUZTeG9Kald3bCt6 - enBhV09HdmFTbTFIWm90aFhjOWlOMjQKLS0tIEVZUnplcXpFVFEyQzVUQ1BzdE4x - V1R6anpaUWZQR0Q5c3UvU2gvT0RJNWsKrfMXtB5xO/EF/InXWS9pc/PceADbFyUG - oMH56hy7ArWgQXooDcCvP00G3ICpQTh8Npj415MnXyBQNrzz05SOkA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBscmMvUWxaUlM2aDZ0aUxJ + VkQwTms2WisvOTBvV0ppZjdZV3pxd0pHS0dBCnFmM1R5bkEzanZxUTUrcjI3ZWFu + NTRvSTRKU3pMYW1TYWpkQnJET3JVeUEKLS0tIEhDcytRTExDTFN4QzhYeVVvdG84 + U2FXUHJDNElRRFg0MzAyTzg4d2FxY0kKGUEb2VqNUkyNCudb3Bj3xJ9Er07KkkfT + s9P/mgmydrhuaTMWgOfmHSf+pWYMYEHHIg6sQ0KN45Y+yLe5VqePIw== + -----END AGE ENCRYPTED FILE----- + - recipient: age19vzypddhexvvsf8xylstxc9znnkd8rxmamhjlt7elvz4j3zaf5tqqura6f + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwaDhNbTU4SkFkR25kUXFD + NE84aHo2Tjh4dTFNNGM4bmZNNEIzRUJqaEdBCjRJR08zVGRlUnNjWUYwcjJSRnBt + Y0p6QmRWTXcrMmVaUGVGYm1CRm5mR1kKLS0tIGJtYXdkN2NnRXhuTGxzaUtYTEh6 + Smt1ZXRXR04xRWE5TXRPTVJpWEx6RmcK2YEj3wf7ly7a73XG/eweICoog6yYXERU + NHfuJ7PPHHlmuWdPw8Udl9+dm0UVeHp+APW3xprIZc8Rsei1e0LBDA== -----END AGE ENCRYPTED FILE----- - recipient: age1p400545a482fma40yfgytu40p6wr5a75v4f8yeudvgf7eh5erufqxhgynr enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnS3RjUFRGNURmdDk2REg5 - Q2ErNFFCMms4TVZsL2QzNi9OYWtId01UN3dBCjdNbGV1VkhMK0JWQ0lHNkpMVTZT - SjRQcjg2elhyU3h4R2FCS1FXWkJWcjQKLS0tIFp0ejVrTmlqcmhNZ1c1aUdmbHV0 - SDhqa1BwK09wa2VESkJaMFp2dFJQMlkKqHD2EVseaL6TIqHMiO73x2nZP7ZEyQn7 - 888xCubxNmaztzU30YJgqc5XQceR8luujtls8F9CAftRYoRENg0IZw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOZ2RxU2hqV0ZPS0FPUldT + MFlINnBUNFpsUTJKMS94QjVSai9DTFR6TFIwCk9HbmVsaVNIelc2SDQzQjk4OGNU + SXRNYU9hME9TNUkrTjV4bE9FelYyUzgKLS0tIFcza1psYXViUGJ1VGhHL3lFSWVr + dnRWUEMybkhaSURhdHlLanVGcStnbzAKTZ/H7U4UVilPuMB7h+fVxxNI2X1txTVs + IT8ulxPJtoPsg42G9S7Wvln+nWy88PU7qupUrzrAO+4IGD2GeF/1eA== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-11-06T08:34:00Z" mac: ENC[AES256_GCM,data:kb6SOv5juzL1GjGye3SHF9BSlsxWEoMwjOGd+g1xz0aRLZAtEkeN7ZS1a6rO1C9PyQOQdWGZ59NU5k7BftgA4+mWnkgyQtxpb8e2KwcDnkSE+kMYxPgufzuS4L46jkmbTHACItVowja0Qd1Z0fUlUkAzego6bmgPd0hM8s4ZSX4=,iv:SBrFNNVpEBhuybtzQpl8hNx+osyCR42OU5E//sAE2gQ=,tag:7ZAGK//NCxcWl0lx5vrLmQ==,type:str] diff --git a/users/root/system.yaml b/users/root/system.yaml index 7a97b248..13dc8548 100644 --- a/users/root/system.yaml +++ b/users/root/system.yaml @@ -11,38 +11,47 @@ sops: - recipient: age1tltjgexkp5fz3rum4j0k66ty5q4u8ptvkgkepumd20zal24g2qfs5xgw76 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOd3c2OXNsM3B6blhDbzho - MGhFZFhMM3RVc1c1UytjUFNMUUVKUHEzQVEwCkEvc25DcnlsNHBUWm16SktWSVBt - dmJhbWI3MmNKTUtKNVcrY1ZKWE1xTEUKLS0tIDN4eTFBdVcwWVVIZjVpWlp2V2FX - dWpEVzM5OENMODFVcGhDVHpBMDAvVFUKYRrqLhroEdAV/bm0a55Lhdwux3RN11aW - 774YsPxZRHJ9YFXxH1SNPpEcQ17CI4l1JoVAuoWTrNtgCQXy/aGHmA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLOGlxSU9NK1BjY25BRm9N + Zy9Gd0ZaNnU0MEs0TDlic3BrN2dFSVZlVFY0CkZyUERucjNUNzBldGlZQXozbjZS + WkpIZXdXME5IcWRsYUdROVNRSXkzcEkKLS0tIEROZTNjUzJIeVE1aDlOcCtMV2dC + RGxoKzUweHhsay9YWnVUa3ZtVVR3b28KRrd570e+3voFySXwlYMSL51EHcWDurmt + y/9fGkhMv/lsNsS0XQnP1Q6u9jya+hHh7SIvQAqZm8fFF2iphcHdZA== -----END AGE ENCRYPTED FILE----- - recipient: age1emv3kzvwgl36hgllrv7rlekqy3y3c6eztadl3lv09ks3z9vv6vdqw06yqa enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEbWxBYzIyUHZrM1UvZGV6 - ZWFPenlLWEIyRVRqaks4ZloyVXNQZU5YeFVFCndCWDQ4b1gwVFlqakJiVi9IOCta - ZHY2SXp2TnpHdCtubmhUR2lwMXEzMlkKLS0tIER1NEF5NWFKc0JxMjh0eVJpTytx - RUNRNmkwR1JvRnVsZWhmN0FYSFJaM00Ka9qX/I92yQ87bcGrJvljjoYQF/XmI7kq - LgqeaCeS3EXPzliePNlLW5ByguofvU1e+8HzZafTdv6lct9JkMGSpA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3bThJTDB4V0tUK2ltOWNv + OTh1TVJIY1hZV21lZHpQZG5SaFB5SVdpakVVCjZjTWErMXVKbjJ3YlV5YjFTK093 + RzZKKzFsdmFBdExDVk4rRktYdENWWDQKLS0tICtWRW5BT2kxNjJ5K3AveE9UWVFw + dGVVUW1GRE4xSjN5UG12UHZNbGt0dUEKXOLi3zT3s4Am6VFV21mT36+kbJ7Qv2n2 + g61C2jfbQylQySlKVcK+U8u7USQsko86tAz7sDc1YmHw6VLRJYKLHQ== -----END AGE ENCRYPTED FILE----- - recipient: age1eh2vd6cdy23qazwg0hzq95pn9e6p8yaqu4g6zyan8gzal4x5ed5qful8kg enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGRzc5Y1pnbGF5OERLT1d6 - alM1bDBSZTFTLzR0cENmMjM2K0svYlVqTGlvCkpFWVlySyt1Q29rcWtmSnNiUnRq - aTFjSTBSUlVQNHJMNWdMQ3pYUjY5bXMKLS0tICtkVTUrSVFiOGI2eWZseGNiZFc1 - blFCbFdaNS9DNDg0emcvZXBCajRBSUUKrBS+fn7EGkMDQ7B9xIRKCohEwQdS5m/O - gF5fHJsRH4TVLUJ16CVvyZ+a8BtsYoYLguqm8PILv3KR9dOtMsgieQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvdGMwZ3dyKzZzdE5LTWpM + TlNseVpTZmt6Z25BQTBRLzVhVjdSNjhOenhFCllrbzZ0NmdqWW0wYUtoM0tyaVBR + bWcrMWZNeUVpSlRMbGt2by9PU091ZHMKLS0tIElURm9Cc2xINlZRQzkwbTFmSDFO + Kytjcmw1YUxwanBsNlVVb25XZEhyY2MKFwFVFCfLSt+Gim8FTh+Rfv/CGd1Rkwhb + kHcC9h+UfQOwVhz/1Ydng1B9pvHPBHFdJxJPTHwOaxfBhIILjOsQ7w== + -----END AGE ENCRYPTED FILE----- + - recipient: age19vzypddhexvvsf8xylstxc9znnkd8rxmamhjlt7elvz4j3zaf5tqqura6f + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQTjE2ellLREJUOUZhNU80 + eFBLR1ZtL2hMQUt6Z3lvS0E3OHJPNE9qdmhVCkVMdGx0TzVhY0tPaVVQU3lINHh6 + Qmtjck5kTVN4Ly8rS3pPWmxIcDY0WkkKLS0tIHRQdC8xSkw1KzNiM1BiSDVaSVBR + bVB4K3hXRHN3VUtGRHVVbThPcmU2SW8KJFr2ySvEmr+FkzxAq+IeLTZ9MQVQcoHz + 0HtFXe5Uk8sQEphmOgvYWK+uckL4OBovqt+VSDxmTEfq2BIT5ffCog== -----END AGE ENCRYPTED FILE----- - recipient: age1p400545a482fma40yfgytu40p6wr5a75v4f8yeudvgf7eh5erufqxhgynr enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSQ1o4TWl1MU8zWCtVaXhR - V0wweWRkUnpkSHJKd2Vpb0g4N2NlUFl4WnhRClVGaWFob3NVUngzVVRqeW96WStQ - alorajFmbjc4a0dDSzZMc05yUXJzSEUKLS0tIDhLd21wcHVZeUoxL1ZpWktGZkxV - dWxrOWF6WlR2cHloNHV1OEZJV29QU2MK19AqFrUlmZxW2Z0JKvYvAWsLzN0umyF+ - oejyXgvpYVEG2ZD5XuSSRiPVz6SKFOQMtOUrRN7Ooo+1gOVTb5fYvg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSUlaa2tvNTdDUFZBTklz + SWVmYWFMRUdvR1pZbVUzUElWeUQ4SFVINldBClJNNWExSW1RVDdCNWpNOG43OXJh + QW55NXFyTkpOUlY0YkNmK3kwUWlFYkEKLS0tIGkreDgwbVlRUDJPdi9mR0JwM1ZC + clNBMjZjMlB1a2tXUUVjdklpRW4rcUUKN1xvNT6BmnGOY9Fb8gQztXj/6cVjYhGB + L+SvjadMRuXYjnX2dlqVcCuktJNeKRMSt2MXP7GVjupTuQ/GQyP7Yg== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-11-07T07:35:18Z" mac: ENC[AES256_GCM,data:fGS1pQBHJ6vausZUbARxt7J/69tcFk1kkzrHLox12J+QQfgZYAm8xoue343Jw2NH+OgeYyOfAz8nKfKmZiibQIGPbV/JPkFvI7KQL7sEy7PLYLFU0cWF5DXwG4Y4z71rfgnNcX7emc2iQWwEcXMU6wM84ltkqf5zPPelvphXz+I=,iv:mVOFo1PtYVqMTvHmrmTO+eOqZ3N57kuc0KP5/XAN1b0=,tag:OJBY9qGxkVVNqJlDmDOJGQ==,type:str]