diff --git a/assets/ssh.nix b/assets/ssh.nix
index fb8a04d..afdc92c 100644
--- a/assets/ssh.nix
+++ b/assets/ssh.nix
@@ -15,6 +15,7 @@
kogata = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGK7H4Z29d72HJlI69Vt0YLOyuPcn9XxYjvMZfql80z0 nikodem@rabulinski.com";
hijiri = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFXVPUBYAMn9H3efG/ldWl/ySmZV0CXleyH7E5nKf/N7 nikodem@rabulinski.com";
tsukasa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPKXcihNVgsStMstnZYvh+Ai+JsydX3vu4O0yhlN+zw niko@tsukasa";
+ youko = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKAGBazVVFr1+beFxpC701IPz4JwdPIyFJybVVZ9kTkr niko@youko";
};
system = {
@@ -25,5 +26,6 @@
kogata = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPN/SXBcIB1WN8GIhYrQrqzFGuVkEP4o0E+x0uQ4f2l";
hijiri = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILsTkICNuUwGqrToisTViFCBoql39+DFYVZSWj7vfbXK";
tsukasa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKy32XGCkB0KOUm4f0ybrutfAzR7+baifM2yv5KuYV7 root@tsukasa";
+ youko = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPSbIjEo28aB2TACkvLY+VRKElZEdH9qFlTTfxCrblGZ root@youko";
};
}
diff --git a/hosts/default.nix b/hosts/default.nix
index a245e1c..03d464d 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -14,6 +14,7 @@
# ./installer
./ude
./kogata
+ ./youko
];
builders =
diff --git a/hosts/youko/default.nix b/hosts/youko/default.nix
new file mode 100644
index 0000000..3a2fe49
--- /dev/null
+++ b/hosts/youko/default.nix
@@ -0,0 +1,48 @@
+{
+ configurations.nixos.youko =
+ {
+ config,
+ lib,
+ username,
+ ...
+ }:
+ {
+ imports = [
+ ./disks.nix
+ ./hardware.nix
+ ./sway.nix
+ ./msmtp.nix
+ ./nas.nix
+ ];
+
+ nixpkgs.hostPlatform = "x86_64-linux";
+
+ boot = {
+ loader.systemd-boot.enable = true;
+ loader.efi.canTouchEfiVariables = true;
+ };
+
+ networking.networkmanager.enable = true;
+
+ age.secrets.niko-pass.file = ../../secrets/youko-niko-pass.age;
+ users.users.${username}.hashedPasswordFile = config.age.secrets.niko-pass.path;
+
+ settei.user.config = {
+ settei.desktop.enable = true;
+ };
+
+ services.udisks2.enable = true;
+ settei.incus.enable = true;
+ virtualisation.podman.enable = true;
+ hardware.keyboard.qmk.enable = true;
+
+ settei.unfree.allowedPackages = [ "vmware-workstation" ];
+ virtualisation.vmware.host.enable = true;
+ environment.etc."vmware/config" = lib.mkForce {
+ source = "${config.virtualisation.vmware.host.package}/etc/vmware/config";
+ text = null;
+ };
+
+ networking.hostId = "b49ee8de";
+ };
+}
diff --git a/hosts/youko/disks.nix b/hosts/youko/disks.nix
new file mode 100644
index 0000000..3156235
--- /dev/null
+++ b/hosts/youko/disks.nix
@@ -0,0 +1,58 @@
+{
+ disko.devices.disk.main = {
+ type = "disk";
+ device = "/dev/nvme0n1";
+ content = {
+ type = "gpt";
+ partitions = {
+ esp = {
+ size = "512M";
+ type = "EF00";
+ content = {
+ type = "filesystem";
+ format = "vfat";
+ mountpoint = "/boot";
+ mountOptions = [ "umask=0077" ];
+ };
+ };
+ luks = {
+ size = "100%";
+ content = {
+ type = "luks";
+ name = "crypted";
+ settings.allowDiscards = true;
+ content = {
+ type = "btrfs";
+ extraArgs = [ "-f" ];
+ subvolumes =
+ let
+ mountOptions = [
+ "noatime"
+ "compress=zstd"
+ ];
+ in
+ {
+ "/root" = {
+ inherit mountOptions;
+ mountpoint = "/";
+ };
+ "/home" = {
+ inherit mountOptions;
+ mountpoint = "/home";
+ };
+ "/nix" = {
+ inherit mountOptions;
+ mountpoint = "/nix";
+ };
+ "/swap" = {
+ mountpoint = "/.swapvol";
+ swap.swapfile.size = "16G";
+ };
+ };
+ };
+ };
+ };
+ };
+ };
+ };
+}
diff --git a/hosts/youko/hardware.nix b/hosts/youko/hardware.nix
new file mode 100644
index 0000000..0f1386d
--- /dev/null
+++ b/hosts/youko/hardware.nix
@@ -0,0 +1,25 @@
+{ config, ... }:
+{
+ boot = {
+ extraModulePackages = with config.boot.kernelPackages; [ it87 ];
+ initrd.availableKernelModules = [
+ "nvme"
+ "xhci_pci"
+ "ahci"
+ "usb_storage"
+ "usbhid"
+ "sd_mod"
+ ];
+ kernelModules = [
+ "kvm-amd"
+ "i2c-dev"
+ "it87"
+ ];
+ extraModprobeConfig = ''
+ options it87 ignore_resource_conflict=1
+ '';
+ };
+
+ services.smartd.enable = true;
+ hardware.cpu.amd.updateMicrocode = true;
+}
diff --git a/hosts/youko/msmtp.nix b/hosts/youko/msmtp.nix
new file mode 100644
index 0000000..dc51c15
--- /dev/null
+++ b/hosts/youko/msmtp.nix
@@ -0,0 +1,36 @@
+# TODO: Potentially make this a common module?
+{
+ pkgs,
+ config,
+ username,
+ ...
+}:
+let
+ mail = "alert@nrab.lol";
+ aliases = pkgs.writeText "mail-aliases" ''
+ ${username}: nikodem@rabulinski.com
+ root: ${mail}
+ '';
+in
+{
+ age.secrets.alert-plaintext.file = ../../secrets/alert-plain-pass.age;
+
+ programs.msmtp = {
+ enable = true;
+ setSendmail = true;
+ defaults = {
+ inherit aliases;
+ tls = "on";
+ auth = "login";
+ tls_starttls = "off";
+ };
+ accounts = {
+ default = {
+ host = "mail.nrab.lol";
+ passwordeval = "cat ${config.age.secrets.alert-plaintext.path}";
+ user = mail;
+ from = mail;
+ };
+ };
+ };
+}
diff --git a/hosts/youko/nas.nix b/hosts/youko/nas.nix
new file mode 100644
index 0000000..2e83912
--- /dev/null
+++ b/hosts/youko/nas.nix
@@ -0,0 +1,122 @@
+{
+ username,
+ lib,
+ pkgs,
+ ...
+}:
+{
+ boot = {
+ supportedFilesystems = [ "zfs" ];
+ zfs.extraPools = [ "yottapool" ];
+ };
+
+ services.zfs = {
+ autoScrub.enable = true;
+ zed.settings = {
+ ZED_DEBUG_LOG = "/tmp/zed.debug.log";
+ ZED_EMAIL_ADDR = [ username ];
+ ZED_EMAIL_PROG = lib.getExe pkgs.msmtp;
+ ZED_EMAIL_OPTS = "@ADDRESS@";
+
+ ZED_NOTIFY_INTERVAL_SECS = 3600;
+ ZED_NOTIFY_VERBOSE = true;
+
+ ZED_USE_ENCLOSURE_LEDS = true;
+ ZED_SCRUB_AFTER_RESILVER = true;
+ };
+ };
+
+ services.samba-wsdd = {
+ enable = true;
+ openFirewall = true;
+ };
+
+ # TODO: Clean up. Potentially make it a separate module
+ services.avahi = {
+ publish.enable = true;
+ publish.userServices = true;
+ nssmdns4 = true;
+ enable = true;
+ openFirewall = true;
+ extraServiceFiles = {
+ timemachine = ''
+
+
+
+ %h
+
+ _smb._tcp
+ 445
+
+
+ _device-info._tcp
+ 0
+ model=TimeCapsule8,119
+
+
+ _adisk._tcp
+ dk0=adVN=tm_share,adVF=0x82
+ sys=waMa=0,adVF=0x100
+
+
+ '';
+ };
+ };
+
+ services.samba = {
+ enable = true;
+ openFirewall = true;
+ settings = {
+ global = {
+ "workgroup" = "WORKGROUP";
+ "hosts allow" = "0.0.0.0/0";
+ "guest account" = "nobody";
+ "map to guest" = "bad user";
+ "getwd cache" = "true";
+ "strict sync" = "no";
+ "use sendfile" = "true";
+ };
+ "tm_share" = {
+ "path" = "/media/data/tm_share";
+ "valid users" = "niko";
+ "public" = "no";
+ "writeable" = "yes";
+ "force user" = "niko";
+ "fruit:aapl" = "yes";
+ "fruit:time machine" = "yes";
+ "vfs objects" = "catia fruit streams_xattr";
+ };
+ };
+ };
+
+ services.jellyfin = {
+ enable = true;
+ openFirewall = true;
+ };
+ services.radarr.enable = true;
+ # TODO: Remove once https://github.com/Sonarr/Sonarr/pull/7443 is merged
+ nixpkgs.config.permittedInsecurePackages = [
+ "dotnet-sdk-6.0.428"
+ "aspnetcore-runtime-6.0.36"
+ ];
+ services.sonarr.enable = true;
+ services.prowlarr.enable = true;
+ services.jellyseerr.enable = true;
+ services.deluge = {
+ enable = true;
+ web.enable = true;
+ config.download_location = "/media/deluge";
+ };
+
+ users = {
+ users = {
+ jellyfin.extraGroups = [
+ "radarr"
+ "sonarr"
+ ];
+ radarr.extraGroups = [ "deluge" ];
+ sonarr.extraGroups = [ "deluge" ];
+ ${username}.extraGroups = [ "deluge" ];
+ };
+ };
+}
diff --git a/hosts/youko/sway.nix b/hosts/youko/sway.nix
new file mode 100644
index 0000000..9402602
--- /dev/null
+++ b/hosts/youko/sway.nix
@@ -0,0 +1,137 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+{
+ services.greetd = {
+ enable = true;
+ vt = 2;
+ settings.default_session =
+ let
+ swayWrapper = pkgs.writeShellScript "sway-wrapper" ''
+ export XCURSOR_THEME=volantes_cursors
+ exec ${lib.getExe config.programs.sway.package}
+ '';
+ in
+ {
+ command = "${lib.getExe pkgs.greetd.tuigreet} --time --cmd ${swayWrapper}";
+ user = "niko";
+ };
+ };
+
+ programs.sway = {
+ enable = true;
+ wrapperFeatures.base = true;
+ wrapperFeatures.gtk = true;
+ };
+
+ security.pam.services.swaylock = { };
+ xdg.portal.config.common.default = "*";
+
+ settei.user.config =
+ { config, ... }:
+ {
+ home.pointerCursor = {
+ name = "volantes_cursors";
+ package = pkgs.volantes-cursors;
+ };
+
+ home.packages = with pkgs; [
+ (writeShellApplication {
+ name = "lock";
+ text = ''
+ swaymsg output '*' power off
+ swaylock -c 000000
+ swaymsg output '*' power on
+ '';
+ })
+ (writeShellApplication {
+ name = "screenshot";
+ runtimeInputs = [
+ slurp
+ grim
+ wl-clipboard
+ ];
+ text = ''
+ grim -g "$(slurp)" - | \
+ wl-copy -t image/png
+ '';
+ })
+ # Bitwarden stuff, move to separate module or properly package?
+ # Maybe use some other input method?
+ (rofi-rbw.override { waylandSupport = true; })
+ rbw
+ pinentry-rofi
+ ];
+
+ wayland.windowManager.sway =
+ let
+ mod = config.wayland.windowManager.sway.config.modifier;
+ in
+ {
+ enable = true;
+ package = null;
+ config.workspaceAutoBackAndForth = true;
+ config.terminal = "wezterm";
+ config.modifier = "Mod4";
+ config.fonts.names = [ "IosevkaTerm Nerd Font" ];
+ config.keybindings = lib.mkOptionDefault {
+ "${mod}+b" = "exec rofi-rbw --selector rofi";
+ "${mod}+d" = "exec rofi -show drun";
+ "${mod}+Shift+s" = "exec screenshot";
+ };
+ config.keycodebindings = {
+ "${mod}+Shift+60" = "exec lock";
+ };
+ config.window.commands =
+ let
+ alwaysFloating = [
+ { window_role = "pop-up"; }
+ { window_role = "bubble"; }
+ { window_role = "dialog"; }
+ { window_type = "dialog"; }
+ { window_role = "task_dialog"; }
+ { window_type = "menu"; }
+ { app_id = "floating"; }
+ { app_id = "floating_update"; }
+ { class = "(?i)pinentry"; }
+ { title = "Administrator privileges required"; }
+ { title = "About Mozilla Firefox"; }
+ { window_role = "About"; }
+ {
+ app_id = "firefox";
+ title = "Library";
+ }
+ ];
+ in
+ map (criteria: {
+ inherit criteria;
+ command = "floating enable";
+ }) alwaysFloating;
+ config.input = {
+ "type:pointer" = {
+ accel_profile = "flat";
+ pointer_accel = "0.2";
+ };
+ "type:keyboard" = {
+ xkb_layout = "pl";
+ };
+ };
+ config.seat."*" = {
+ xcursor_theme = "volantes_cursors 24";
+ };
+ config.startup = [
+ {
+ command = "${lib.getExe' pkgs.glib "gsettings"} set org.gnome.desktop.interface cursor-theme 'volantes_cursors'";
+ always = true;
+ }
+ ];
+ };
+ programs.rofi = {
+ enable = true;
+ package = pkgs.rofi-wayland;
+ };
+ };
+}
diff --git a/modules/system/incus.nix b/modules/system/incus.nix
index 4313573..b46ab37 100644
--- a/modules/system/incus.nix
+++ b/modules/system/incus.nix
@@ -49,6 +49,23 @@ let
};
}
];
+ profiles = [
+ {
+ devices = {
+ eth0 = {
+ name = "eth0";
+ network = "incusbr0";
+ type = "nic";
+ };
+ root = {
+ path = "/";
+ pool = "default";
+ type = "disk";
+ };
+ };
+ name = "default";
+ }
+ ];
};
};
networking = {
diff --git a/modules/system/sane-defaults.nix b/modules/system/sane-defaults.nix
index fcd1cde..918b34d 100644
--- a/modules/system/sane-defaults.nix
+++ b/modules/system/sane-defaults.nix
@@ -92,7 +92,10 @@ let
isNormalUser = true;
home = "/home/${username}";
group = username;
- extraGroups = [ "wheel" ];
+ extraGroups = lib.mkMerge [
+ [ "wheel" ]
+ (lib.mkIf config.networking.networkmanager.enable [ "networkmanager" ])
+ ];
};
groups.${username} = { };
};
diff --git a/secrets/alert-nrab-lol-pass.age b/secrets/alert-nrab-lol-pass.age
index 4e34281..85d17ab 100644
Binary files a/secrets/alert-nrab-lol-pass.age and b/secrets/alert-nrab-lol-pass.age differ
diff --git a/secrets/alert-plain-pass.age b/secrets/alert-plain-pass.age
index 0204c32..032dbb2 100644
Binary files a/secrets/alert-plain-pass.age and b/secrets/alert-plain-pass.age differ
diff --git a/secrets/attic-creds.age b/secrets/attic-creds.age
index 557c86a..6d72b95 100644
Binary files a/secrets/attic-creds.age and b/secrets/attic-creds.age differ
diff --git a/secrets/github-token.age b/secrets/github-token.age
index 25e333e..03ad19e 100644
--- a/secrets/github-token.age
+++ b/secrets/github-token.age
@@ -1,13 +1,13 @@
age-encryption.org/v1
--> ssh-ed25519 IFuY+w nyBEszEusqQE6jM7y9G4KCyzNHawdyy+hTfm9LsuRCY
-1bbg4kmmv9m2Gwp+3x8zvqFOkmTKt898/sGCUK9rpGE
--> ssh-ed25519 84j9mw 5s2PNoIOMWf2gBwzmRHmssMOuvu2kv43316E20McKh8
-FyA+VjPgPynvMQfxm3d2+SOEpsJFIKJE8pbXeIkOfGI
--> ssh-ed25519 ioPMHA 4N9PsYYaeqJDbxpQpyCgvR/JWwLPDCAi65YB6M0uT0U
-mFCqo1htPi2WRKiJz/t8Y7TMD/p7X81HsHGG0KIsROQ
--> ssh-ed25519 5A7peQ ZjRTqjDou2xS638dR8AWKCv5uKTSmOSJ/4rkfFckhjY
-yUJABvMDLN0C15XBmnZJZ88khXAXLUP+aEqH5DlJcKY
--> ssh-ed25519 GKhvwg w1OKhVPY89J/pbrrXIHVifV++5e1tLqlSL9yM/2rqX0
-VF0cvmdtCZAlPgIqcNZYp7ANPhvDqlFE7h018lCbWyg
---- YWa0wXlaYVF+g06+w/u/h+NURlfMY8lauf5ZtrrhrF4
-3��ͅ�P׆?4)�mf.�²�`aFCj"Jwd鱇Bƌ+{dK
\ No newline at end of file
+-> ssh-ed25519 IFuY+w hrfVBxFIiDTvbm7OMYbme2+97WI3nqxYbjBNRXRS9H4
+SaKftmSA+8LitXnkqaw67xw378sNeGs/ENxmMsOVdvQ
+-> ssh-ed25519 84j9mw opGXl7a35TsSj2/ADgdbS5bp6/EDTsUDkS/IjIgjUBA
+Cw5O6wt9vzqCgbWxxCrzmXJQH+/Ae1wwyHCcHLfpEck
+-> ssh-ed25519 ioPMHA 5fAg0NsD/KlXSAJg1UQYsJEzZMy/wCHfwmv19cbWRyQ
+OhDaO75k9xEdCE0GdyJ6iK6B11ie/l4yCfVKp6py31I
+-> ssh-ed25519 5A7peQ pqvZetDuRh5pesWPZ9725h7i+XuvSNMn7810ukhNjyM
+96JlWRIyIZ07siNa1kk0HtHhiB4NQbSKQ4KXsDJGGdE
+-> ssh-ed25519 GKhvwg Ba5tOdWUlE9qs1tPb7t+0ZtHN82a6RmMHP1tzGe/VSg
+wLWBaFUkWkB5lMEKX0ISEQTGx/RDTF1vbvuGo9w8Qm4
+--- yVc69z1O1UOM+93dnjV0wkeqb4StW4HcBYi00z+0dIQ
+"�49�bW5v WjsUڲoO��#S%\qn[hAjEhޢtjC
\ No newline at end of file
diff --git a/secrets/hercules-cache.age b/secrets/hercules-cache.age
index 615b2c2..783c7f3 100644
Binary files a/secrets/hercules-cache.age and b/secrets/hercules-cache.age differ
diff --git a/secrets/hercules-secrets.age b/secrets/hercules-secrets.age
index f63b958..8b55761 100644
--- a/secrets/hercules-secrets.age
+++ b/secrets/hercules-secrets.age
@@ -1,13 +1,16 @@
age-encryption.org/v1
--> ssh-ed25519 84j9mw P7StDsdpmJLp0ni5ZwdhVy2lx5TSfVlIqFAF9y4Zn34
-UksAEE1WWb2xWgHM8h4lhTW2pwqF8ydgGtFnqcp1KUo
--> ssh-ed25519 ioPMHA roPhy0I+dRtPuWsnFSxl2m7Uh7GgXkupwHSgL+LHrzs
-8rUE3mr9dukcAeR1213wjSm6Bme9ExpGX6TjEhHRYnc
--> ssh-ed25519 IFuY+w crwMCw/ElBMNFhUMHLAg+ZxpsutBwV7hhG79bXEmCDE
-7rnOVAVI/HgGbaswauWxCqB7Tkzx3hCxB2RZOi4aIpQ
--> ssh-ed25519 5A7peQ bcqPb+IVrI8BKlcpIrZ/qnbnG3p/mLsk/iSCVYlvwmY
-2q9KmMmyeYey9txiYrmxM5T86qXw7arKZSAbxszgxVo
--> ssh-ed25519 GKhvwg H9Pka72t6kmmxGcoAaRtyn8m9xlP9DJSeBrE6jVtRh4
-w/lcxBFd5w9mMn/sarr+7yCY+IGJzMJUgvi+KrQA4s4
---- wO1f52ZjrCtOdgOrnkKWPao5ZS2BhmWFQmvLGliosyM
-S]luG �c�U LHb/(f� $&XmݒFPt�.n,)t8 �9g~3.h`0i|Zi�9S�߫��ޔ~vf,~\;�IۮF�V�O)uj:u[&��6�`OZ|y�V�ɥ_Pe��K.vꪹ^2�-�Ҁ<\^m!.y��s���
l
��K`fbDcdb�D��<_6zR?g̮`H ,5�h$\Xl
\ No newline at end of file
+-> ssh-ed25519 84j9mw qVTbaORT1Ouwq1uA0cWQ3Q85tLYcq6xuZ9UhcMOTTSk
+PE0VZp1P9K4IAnm/BIDusGsp4dtLvaN0/m9q9gNnfx4
+-> ssh-ed25519 ioPMHA +m127XNN1vH6Tg6XGuHDbND0giQgGsMLE7YUKagZbXk
+tKyYRNLt1UgnQR//64yAunpHjE7JyB/Mkdmc4gkMTWw
+-> ssh-ed25519 IFuY+w x4WynTbStig1Ay9gyaplDcNlLQT0kMOFOJwVvcco1i0
+i8M7n2tfBJoFNmQHs5jEaZdfKc1UmjL5y6oBCos1mDk
+-> ssh-ed25519 5A7peQ +XJDHQntGS+FcrFgy9X/9RDOrBMNCI8rHsicV4Z5sBo
+i6xfceBN4DE9EYF8Q4PaJjX7qbELJaJ5dxMGoAIE8xU
+-> ssh-ed25519 GKhvwg fzJcotOtNhVeNwOdMQIwPT9GmgbE13HYmCkwbFlCCkQ
+mNtYtoX8IUDgHKAQRA5e7HLZgYVI9wCF8QMm530eFEo
+--- EIWU+anFU1NSYiu3O+xncDnVvJVrwHzwaAX1YhsaOj4
+%DJ#��0A�D
+q�z�,3sH����V�b��Tުˇ8[ �?VgNVd
+ĝȗL=̵g%ι[md�6oqE4ŏ�F3�@P\(MDM;%^ܫ�px��p�):O9,iBT
+s�ǚ-�JWE\0£y>0;y�L{t.g%W,X} JJdg3\�#�)�0h=lhBB�Xb$^
�BM[~�u? hl��c;zk
\ No newline at end of file
diff --git a/secrets/hercules-token.age b/secrets/hercules-token.age
index 66500a1..54dd108 100644
Binary files a/secrets/hercules-token.age and b/secrets/hercules-token.age differ
diff --git a/secrets/leet-nrab-lol-pass.age b/secrets/leet-nrab-lol-pass.age
index 28c300e..fbf07ad 100644
--- a/secrets/leet-nrab-lol-pass.age
+++ b/secrets/leet-nrab-lol-pass.age
@@ -1,8 +1,7 @@
age-encryption.org/v1
--> ssh-ed25519 84j9mw ZuGILSHnMIMy/GDEjkAriTBKBykkytcIVo63DPd4MhA
-aa/sGLpf+GrLzo8Jf3JWAPI0Uk96SH/CvGhynNJVx6E
--> ssh-ed25519 GKhvwg STHVqp1zYhQzu73INk2Cmkuf8X8kJPLtGSY8LJze/Tc
-Ny1C5CAnqSCcunIbM8if8oQ2VlerIIW5Dqds/Ztektw
---- gaHP+odPfw8A4f5NJkYOuvvYRWwo5EzRZVkXp6E7dfI
-N�fO=�+T3T 0w ssh-ed25519 84j9mw qRlII1WyhanH2pNwSnl01iMlPWQ7tsyiNNOHPLNMflo
+ZMtYsPCDsgcbN1qoAYWTBQtfBWGHzi4WKbGtpJSzKRA
+-> ssh-ed25519 GKhvwg Fck+71BDUxko70r43pDKCYaa5OKZipR4iNveNrJaiC0
+uZZhlsckmE+mi7Oq8+gtisDFmLEoy0Pm/9BKgRi9VHo
+--- i/jgJHw3pEnMDGSjdK47mOkt87oI8szIHiIqimXVyXY
+ߵSAѶ��Bzwg@"PY^+E['����,K[X~Xg{��2c4
\ No newline at end of file
diff --git a/secrets/legion-niko-pass.age b/secrets/legion-niko-pass.age
index 20ed0ff..455628d 100644
Binary files a/secrets/legion-niko-pass.age and b/secrets/legion-niko-pass.age differ
diff --git a/secrets/miyagi-niko-pass.age b/secrets/miyagi-niko-pass.age
index 17e59da..460e357 100644
--- a/secrets/miyagi-niko-pass.age
+++ b/secrets/miyagi-niko-pass.age
@@ -1,8 +1,8 @@
age-encryption.org/v1
--> ssh-ed25519 g2vRWw //TMaNWwTNS5wE3Hg/SEwqriIaOiOUE5remdVF449Vk
-8K3isM05ep9HJ58TlNE9bmiIuqJPoq3lI/3AbUrLw8Q
--> ssh-ed25519 GKhvwg GANoFnELye0945KaMuS7xw6CGPhI5vigD+vScnpbQxI
-CSx0E7fOB8A5MSc1ySywNFj5mkkdi6DDUc+ObaW/kew
---- +BiFZI/o5loCYZ95bkY4zQYr2y6SYc2bmnRuAMg2MPM
-"D1Mh��`dclU;�]Puռ /?�5\\D�1l6ø�zNS
-N;<+^Bpm՚���y���
��sZ;�Vj
\ No newline at end of file
+-> ssh-ed25519 g2vRWw Pdv9mU1heeteeLbLFVUAIyZxmCWHNmhnw0TphSVMczg
+xks6yrF0BziJFp1QHSJdv5Svo1bCu9DF6s3wa2h0Xmg
+-> ssh-ed25519 GKhvwg H2DeS0HP/vWKRrBszwCffNgIZo8nVymGSkWEH26Y/2k
+2y9DCIwpFsFXpgOwOrrD9+HpRzEuno1fW2upd2FLbZc
+--- LNHsLxE4XBziNhnXmARcxB7UWhcKNvon1sDdX6mfZaw
+-�1dm
+���fR,[#[-;M}vi4x�~=)o��N^n"X���B}W583惍f�v:��uZ�ɶ
\ No newline at end of file
diff --git a/secrets/nrab-lol-cf.age b/secrets/nrab-lol-cf.age
index d1672d7..d3b9015 100644
Binary files a/secrets/nrab-lol-cf.age and b/secrets/nrab-lol-cf.age differ
diff --git a/secrets/ntfy-alert-pass.age b/secrets/ntfy-alert-pass.age
index 7819217..27558ca 100644
Binary files a/secrets/ntfy-alert-pass.age and b/secrets/ntfy-alert-pass.age differ
diff --git a/secrets/ntfy-niko-pass.age b/secrets/ntfy-niko-pass.age
index cca1985..276c72f 100644
--- a/secrets/ntfy-niko-pass.age
+++ b/secrets/ntfy-niko-pass.age
@@ -1,7 +1,7 @@
age-encryption.org/v1
--> ssh-ed25519 84j9mw tR4gg/XeVdS8xCIuHxN25uaRKu6a09DSW26SI3AWDlM
-uC2gJ9UWDE6uVXkUDlaVZlWAH5iLDgagkN+54msvyoY
--> ssh-ed25519 GKhvwg q27QskTYhI5gjIKKpNHn5V2FRmhIg8QFJ8m0TPZiwSY
-/0RIbiG/nwxKDJ613BLoCNvjej6f65mr1xwCN7/aueI
---- XU82wFZVE+zTZ/mGhnoxqWrdUOv3n6VOwQizZSHPLfw
-"�1KĽ.� �J'!nlO]>�Y
E�X
\ No newline at end of file
+-> ssh-ed25519 84j9mw VodL+EHOjoXj8R/F0vMQzEcnnCFzzes0QByGCDCgVQw
+tZLaDA1FLFwbK0AGo8lpTJjMUnPhJh1czYVLIYjkcEc
+-> ssh-ed25519 GKhvwg gHaR4I4l0I+/XrbjTMp/mevEzxPJXNLB1eHs33WKwGw
+GTAzrhyyDylZgExteDGpGbcS/TFX1q+NhF1FWHzNV0s
+--- QS1dAgdS96KwIprDjzz6OD4qSIZs4/m9JEIsi3+kgPk
+�zPCSx�f �-��i�c7_2��~�jA
\ No newline at end of file
diff --git a/secrets/rab-lol-cf.age b/secrets/rab-lol-cf.age
index 00a6556..4b5734a 100644
--- a/secrets/rab-lol-cf.age
+++ b/secrets/rab-lol-cf.age
@@ -1,10 +1,9 @@
age-encryption.org/v1
--> ssh-ed25519 ioPMHA efHpBvtB+mXXa7RoRdqePHGOmsY5BXVOgGsfOhPm30w
-2GvumVVuuLGEarpdauTCrB61aLtVtrkM3/pPlWIODnk
--> ssh-ed25519 84j9mw rqj6xvESlvrfcjhVEWCbpd//vvdKjrTjt3ZDPeLHowQ
-dcUD131zvVQGiUYQWt9A51CnIpLGNSGinSZk7HSGHoc
--> ssh-ed25519 GKhvwg cIji8zRSGWEbC/xxS8C4jyDCpQsFv05j2Yo8UjaHSAk
-+c/tIYPigZdPQWKvGYaoA6AYRAB83XlEEdfucihB984
---- TEQTQ/lm/JqyyWU2sC10qHl4AL/2IP9yCUfhXG4LdP4
-�ȮS�F-dcD�\?h Qg@��W
-xA|M*rt0ű�~ѰXa{y/WUѸ�Y렬�{װ}TA�xD
\ No newline at end of file
+-> ssh-ed25519 ioPMHA ftS+6CMGsySkp/KbDBLPKeWNDK83bZ2VB8ZKMRijkkY
+U+2wopG3G2AvI4KUD9tZGIrHZSM3UdyDdYmbbkllWPo
+-> ssh-ed25519 84j9mw xek41MX1ETVgRZa24I7n5U/XkJOqItQWK3Qz1FfkDCc
+40CWzCUmxsjgmiObbqKuSieifZ2vNo965jOeTrZ8hT8
+-> ssh-ed25519 GKhvwg X2YSREIPjoaWaku9qrVu04hOlZjUF3LFEUZaIMgg02s
+jbjT6qoIFGXRv2wrkzf2GHx3tcku/tgWfK6Sns3uFVc
+--- B/FIIz8dDg9YXbtDxfAQFZj9PCLHwI/mboBJQBuFmJg
+4�L�7H3F
�̈́"fU(�L~%sbԀ~Z}Z>2KO�'Q�\W[�όe1�^I���
\ No newline at end of file
diff --git a/secrets/rabulinski-com-cf.age b/secrets/rabulinski-com-cf.age
index 2a15532..6e80a30 100644
--- a/secrets/rabulinski-com-cf.age
+++ b/secrets/rabulinski-com-cf.age
@@ -1,7 +1,7 @@
age-encryption.org/v1
--> ssh-ed25519 84j9mw LuZiZnebklpoXQ6RPZSrELwY4CzwY+Qb/LrlVPFiSC4
-QVi6XyetJxwvOB+v+CyKEdcq96ykcK3wfWh3i75Dq1o
--> ssh-ed25519 GKhvwg V3iEXNodDDKKKrHSfNYVKTphsMQfgl3Z/LUwTyArx3A
-FQJLg7uHWzc6/U+/QOCYwrkwvvw8rQNG+h+PJ1rRKXA
---- FVExbzlz8e7moZFIkpMR+sj4Kurv+Ge6yMW/uJLr5H4
-ѠI-iO�Jbzk1"KxI{Bƚd#71ܮm-�0D��f\y}���=ڸ
4�ݣ
\ No newline at end of file
+-> ssh-ed25519 84j9mw d9KZV9S1hRXBvVcFe40S0NqWKlQ/AdRgAqdYXKicXR8
+SgTn9MXrft+sRr4I96fqQHzAdm0b21Bd0eSoYFfq7/4
+-> ssh-ed25519 GKhvwg B9qTfegTwDH/X0nQMGvTKCsK2GyzJ7yWgFIo+nKhsGc
+Is4Hi8B2/9s0pz/quvNER2hTkabPbr7qeILL4PhQO1c
+--- 1BhfbNEwYq0ra5slik651qbC8jffR2FmnDHV3FDtom0
+-�oSԐ-?�{r�]5;+0
G�oE9tHX�jqj2@�3�@� mmkyQ;_�W϶Q~
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index fc8ce14..ef3acb5 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -33,9 +33,8 @@ in
keys.other.bootstrap
];
"alert-plain-pass.age".publicKeys = [
- keys.system.legion
keys.other.bootstrap
- ];
+ ] ++ builtins.attrValues keys.system;
"legion-niko-pass.age".publicKeys = [
keys.system.legion
keys.other.bootstrap
@@ -89,4 +88,8 @@ in
keys.system.ude
keys.other.bootstrap
];
+ "youko-niko-pass.age".publicKeys = [
+ keys.system.youko
+ keys.other.bootstrap
+ ];
}
diff --git a/secrets/storage-box-creds.age b/secrets/storage-box-creds.age
index 02e128e..8b0a272 100644
--- a/secrets/storage-box-creds.age
+++ b/secrets/storage-box-creds.age
@@ -1,9 +1,7 @@
age-encryption.org/v1
--> ssh-ed25519 84j9mw voingQjX/CjAjo63KLaRPFaG74IpxcRb0qv+r2b5wzo
-ccWzQQSJW7cc8RiS9PzN2U5Xj0+Z7804tPsaGrq09KA
--> ssh-ed25519 GKhvwg 2z8J0YRxQ4WP1G/W7DxRK7z1b6UBjodvN8ECP4fLg1U
-wRG4U9oAJ2KtPUHg5l0yDmmHatmwXOrn2nJlOQJMlpE
---- qs7kR5AIkwQ8NtDjYnmKZmCl4+1G6MFBNB3Mu3J9Y1M
-
-8[WѕS��]&Zaؼu��EB��!pϴ��4pYݱ"
-QYqSƬ`
\ No newline at end of file
+-> ssh-ed25519 84j9mw auP2WgwsaWjyocQkSzoYShO2kSLjn2UArvAVEhKgDiY
+4Uh423ZjS7/Xo6TxLJzWqXgHZAu0xouH0UvFZuJuEz4
+-> ssh-ed25519 GKhvwg JHtyTS12OXspSKP9r/a61cfp+ubYbsAXFmEijMTex3Q
+wZYrJ8yIZ3v5cdBzpiI9ocaTpHbtmebEpbr59Bz3rhc
+--- koWJ57H+ErMJDxW6JDNL2ImmZb6o9v2BJtaFi2OL+dc
+I��o5q&CU*�[T.HɊʺ��kkpOY�s,g49ʼn$^l-A/�QX�
\ No newline at end of file
diff --git a/secrets/storage-box-webdav.age b/secrets/storage-box-webdav.age
index 8a7f3b8..93a739a 100644
Binary files a/secrets/storage-box-webdav.age and b/secrets/storage-box-webdav.age differ
diff --git a/secrets/ude-deluge.age b/secrets/ude-deluge.age
index f0269c2..f9cdd04 100644
--- a/secrets/ude-deluge.age
+++ b/secrets/ude-deluge.age
@@ -1,7 +1,7 @@
age-encryption.org/v1
--> ssh-ed25519 IFuY+w +zbPYKlvvfaIQl+PnnZlEai/TAgzsQ7s/1bLXNXnXEw
-BTQQRxlaRFbWnV6e+QBPDfN+lyg9URj+2h85tDKZ19k
--> ssh-ed25519 GKhvwg DzWYIGY0CNdA5wp7PkV1gpWmtYG28or8XeNZ7DkLz1c
-ELQVeuyaIOWVH6+oMDDlI3CikDLe5jijwVPbaRBL2NQ
---- vCU0PryisDG8cOKr6CmPcUwjIdThsRjrty/fowZNwOk
-h�+Ѯ>�HV�`w|e/]k�yS�~dm�&9Y))�T
n��S8@ۿzsS�g'
\ No newline at end of file
+-> ssh-ed25519 IFuY+w EOJQpXxn+NL/BJjpdo8mIGfOYxcMElkVIiGx7KftrQ4
+OcglvGhSgb1mxH8M19ZMf3m6lSF0clzH7Mjikf7cilM
+-> ssh-ed25519 GKhvwg cr+0J59wCjYBONBcDulN8lpvZiCvULHqnwDu+eKQRAo
+9q87PSfr4kq8lCDrw5Od3D1xJjSSmVv2/TXBWEBtBpU
+--- FmVR9tb8wjYFb/FBTrblXMCUAMw5KQ7sX8WojcxCrbk
+C<\}J�f|6�G@WXc-"ϐ�A�GZ'x�_�Ԡz�,@n"�3[?
Lb@e
\ No newline at end of file
diff --git a/secrets/youko-niko-pass.age b/secrets/youko-niko-pass.age
new file mode 100644
index 0000000..4c85947
--- /dev/null
+++ b/secrets/youko-niko-pass.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 rA7dkQ etmPKjKz102knTx/qQAihC9bFvRENB0Q1DtnaQyjfm4
+GPt9OCIwT+/Q/UUDtkHB8d7T6znHy1y1NEUeI+SCeMg
+-> ssh-ed25519 GKhvwg qdCxGyXrdD+WQa/il8fIlV7OKdREqd40Qk0PKITHxlk
+OBJ9gg+KBHi2s1HYLazy3K+yh8tvnUvmuH+riWU7K8c
+--- V3FRy0/TcUdUaBDUK+93r5rH26Is/KVuNJC+1vFMsOI
+wO�.➌a�A�&ޝz [�oXĂu������,ajxGƜu/������eL̛/6S[SU
\ No newline at end of file
diff --git a/secrets/zitadel-master.age b/secrets/zitadel-master.age
index 68a374a..6dbbbf4 100644
Binary files a/secrets/zitadel-master.age and b/secrets/zitadel-master.age differ