diff --git a/.sops.yaml b/.sops.yaml index 6f2f02e..3a370ac 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -6,6 +6,7 @@ keys: # nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age' - &aristotle age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp - &blacksteel age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk + - &dust age193x79xx8snu82w3t3hax6nruuw57g7pduwnkpvzkzmd7fs5jvfrquqa3sl - &lightsail-tokyo age1vw4kf5v8cfnhfhvl0eyvqzpvy9hpfv9enffvzyt95tx5mu7s5dxqjqw0fa creation_rules: - path_regex: hosts/blacksteel/secrets.yaml$ @@ -24,16 +25,19 @@ creation_rules: - *guanranwang - *aristotle - *blacksteel + - *dust - path_regex: nixos/profiles/opt-in/wireless/secrets.yaml$ key_groups: - age: - *guanranwang - *aristotle - *blacksteel + - *dust - path_regex: secrets.yaml$ key_groups: - age: - *guanranwang - *aristotle - *blacksteel + - *dust - *lightsail-tokyo diff --git a/flake.lock b/flake.lock index cd36900..ca14d70 100644 --- a/flake.lock +++ b/flake.lock @@ -324,15 +324,16 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1721413321, - "narHash": "sha256-0GdiQScDceUrVGbxYpV819LHesK3szHOhJ09e6sgES4=", - "owner": "NixOS", + "lastModified": 1721750544, + "narHash": "sha256-u0aiWIcd95vRQdGjia3X5V6tP618r68gbvjuaIwUBgw=", + "owner": "Guanran928", "repo": "nixos-hardware", - "rev": "ab165a8a6cd12781d76fe9cbccb9e975d0fb634f", + "rev": "d24b6083f8101c3b91d6327c06e5bb24f50f18ba", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "Guanran928", + "ref": "lenovo-thinkpad-x1-12th-gen", "repo": "nixos-hardware", "type": "github" } diff --git a/flake.nix b/flake.nix index fa35008..6cf56fe 100644 --- a/flake.nix +++ b/flake.nix @@ -52,7 +52,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; nixos-hardware = { - url = "github:NixOS/nixos-hardware"; + url = "github:Guanran928/nixos-hardware/lenovo-thinkpad-x1-12th-gen"; }; nixos-sensible = { url = "github:Guanran928/nixos-sensible"; @@ -188,6 +188,7 @@ nixosConfigurations = { "aristotle" = mkNixOS "x86_64-linux" [./hosts/aristotle]; "blacksteel" = mkNixOS "x86_64-linux" [./hosts/blacksteel]; + "dust" = mkNixOS "x86_64-linux" [./hosts/dust]; }; ### Darwin diff --git a/hosts/aristotle/disko.nix b/hosts/aristotle/disko.nix index 63c9cce..2c79a83 100644 --- a/hosts/aristotle/disko.nix +++ b/hosts/aristotle/disko.nix @@ -25,11 +25,11 @@ in { mountOptions = ["defaults" "umask=007"]; }; }; - "cryptedroot" = { + "cryptroot" = { end = "-16G"; content = { type = "luks"; - name = "cryptedroot"; + name = "cryptroot"; settings = cryptSettings; content = { type = "btrfs"; @@ -46,11 +46,11 @@ in { }; }; }; - "cryptedswap" = { - end = "-16G"; + "cryptswap" = { + size = "100%"; content = { type = "luks"; - name = "cryptedswap"; + name = "cryptswap"; settings = cryptSettings; content = { type = "swap"; diff --git a/hosts/dust/anti-feature.nix b/hosts/dust/anti-feature.nix new file mode 100644 index 0000000..e741827 --- /dev/null +++ b/hosts/dust/anti-feature.nix @@ -0,0 +1,33 @@ +{lib, ...}: { + nixpkgs.config = { + allowAliases = false; + + allowNonSource = false; + allowNonSourcePredicate = pkg: + lib.elem (lib.getName pkg) [ + "adoptopenjdk-hotspot-bin" + "cargo-bootstrap" + "cef-binary" + "dart" + "osu-lazer-bin" + "rustc-bootstrap" + "rustc-bootstrap-wrapper" + "sof-firmware" + "temurin-bin" + ]; + + allowUnfree = false; + allowUnfreePredicate = pkg: + lib.elem (lib.getName pkg) [ + "fcitx5-pinyin-minecraft" + "fcitx5-pinyin-moegirl" + "libXNVCtrl" + "nvidia-x11" + "osu-lazer-bin" + "steam" + "steam-original" + "steam-run" + "xow_dongle-firmware" + ]; + }; +} diff --git a/hosts/dust/default.nix b/hosts/dust/default.nix new file mode 100644 index 0000000..837d962 --- /dev/null +++ b/hosts/dust/default.nix @@ -0,0 +1,170 @@ +{ + lib, + pkgs, + ... +}: { + imports = [ + ../../nixos/profiles/opt-in/mihomo + ../../nixos/profiles/opt-in/wireless + + ./anti-feature.nix + ./disko.nix + ./hardware-configuration.nix + ./impermanence.nix + ./lanzaboote.nix + ]; + + networking.hostName = "dust"; + time.timeZone = "Asia/Shanghai"; + system.stateVersion = "23.11"; + + home-manager.users.guanranwang = import ./home; + + services.tailscale = { + enable = true; + openFirewall = true; + }; + + environment.systemPackages = with pkgs; [ + yubikey-manager + localsend + ]; + + networking.firewall.allowedTCPPorts = [53317]; + networking.firewall.allowedUDPPorts = [53317]; + + programs.adb.enable = true; + programs.seahorse.enable = true; + programs.steam.enable = true; + programs.kdeconnect = { + enable = true; + package = pkgs.valent; + }; + + services.power-profiles-daemon.enable = true; + services.gvfs.enable = true; + services.gnome = { + gnome-keyring.enable = true; + gnome-online-accounts.enable = true; + sushi.enable = true; + }; + + # https://wiki.archlinux.org/title/Gamepad#Connect_Xbox_Wireless_Controller_with_Bluetooth + hardware.xone.enable = true; # via wired or wireless dongle + hardware.xpadneo.enable = true; # via Bluetooth + + # yubikey + services.pcscd.enable = true; + services.udev.packages = [pkgs.yubikey-personalization]; + + fonts = { + enableDefaultPackages = false; + packages = with pkgs; [ + (nerdfonts.override { + fonts = ["NerdFontsSymbolsOnly"]; + }) + (inter.overrideAttrs { + installPhase = '' + runHook preInstall + install -Dm644 -t $out/share/fonts/truetype/ InterVariable*.ttf + runHook postInstall + ''; + }) + (jetbrains-mono.overrideAttrs { + installPhase = '' + runHook preInstall + install -Dm644 -t $out/share/fonts/truetype/ fonts/variable/*.ttf + runHook postInstall + ''; + }) + (source-sans.overrideAttrs { + installPhase = '' + runHook preInstall + install -Dm444 VF/*.otf -t $out/share/fonts/variable + runHook postInstall + ''; + }) + (source-serif.overrideAttrs { + installPhase = '' + runHook preInstall + install -Dm444 VAR/*.otf -t $out/share/fonts/variable + runHook postInstall + ''; + }) + source-han-sans-vf-otf + source-han-serif-vf-otf + noto-fonts-color-emoji + ]; + fontconfig.defaultFonts = { + emoji = [ + "Noto Color Emoji" + ]; + # Append emoji font for Qt apps, they might use the monochrome emoji + monospace = [ + "JetBrains Mono" + "Source Han Sans SC VF" + "Symbols Nerd Font" + "Noto Color Emoji" + ]; + sansSerif = [ + "Inter Variable" + "Source Han Sans SC VF" + "Noto Color Emoji" + ]; + serif = [ + "Source Serif 4 Variable" + "Source Han Serif SC VF" + "Noto Color Emoji" + ]; + }; + }; + + console = { + earlySetup = true; + keyMap = "dvorak"; + }; + + services.greetd = { + enable = true; + settings.default_session.command = "${lib.getExe pkgs.greetd.tuigreet} --cmd sway"; + }; + + # polkit + security.polkit.enable = true; + systemd.user.services.polkit-gnome-authentication-agent-1 = { + description = "polkit-gnome-authentication-agent-1"; + wantedBy = ["graphical-session.target"]; + wants = ["graphical-session.target"]; + after = ["graphical-session.target"]; + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; + Restart = "on-failure"; + RestartSec = 1; + TimeoutStopSec = 10; + }; + }; + + security.pam.services.swaylock = {}; + xdg.portal = { + enable = true; + xdgOpenUsePortal = true; + wlr.enable = true; + extraPortals = [pkgs.xdg-desktop-portal-gtk]; + # https://gitlab.archlinux.org/archlinux/packaging/packages/sway/-/blob/main/sway-portals.conf + config."sway" = { + default = "gtk"; + "org.freedesktop.impl.portal.ScreenCast" = "wlr"; + "org.freedesktop.impl.portal.Screenshot" = "wlr"; + "org.freedesktop.impl.portal.Inhibit" = "none"; + }; + }; + + ### Removes debounce time + # https://www.reddit.com/r/linux_gaming/comments/ku6gth + environment.etc."libinput/local-overrides.quirks".text = '' + [Never Debounce] + MatchUdevType=mouse + ModelBouncingKeys=1 + ''; +} diff --git a/hosts/dust/disko.nix b/hosts/dust/disko.nix new file mode 100644 index 0000000..b1be3a6 --- /dev/null +++ b/hosts/dust/disko.nix @@ -0,0 +1,80 @@ +let + # compress-force: https://t.me/archlinuxcn_group/3054167 + mountOptions = ["compress-force=zstd" "noatime"]; + cryptSettings = { + allowDiscards = true; + bypassWorkqueues = true; + }; +in { + disko.devices = { + disk = { + "one" = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + "esp" = { + size = "2G"; + type = "EF00"; + priority = -100; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["defaults" "umask=007"]; + }; + }; + "cryptroot" = { + end = "-16G"; + content = { + type = "luks"; + name = "cryptroot"; + passwordFile = "/tmp/secret.key"; + settings = cryptSettings; + content = { + type = "btrfs"; + subvolumes = { + "/@nix" = { + mountpoint = "/nix"; + inherit mountOptions; + }; + "/@persist" = { + mountpoint = "/persist"; + inherit mountOptions; + }; + }; + }; + }; + }; + "cryptswap" = { + size = "100%"; + content = { + type = "luks"; + name = "cryptswap"; + passwordFile = "/tmp/secret.key"; + settings = cryptSettings; + content = { + type = "swap"; + resumeDevice = true; + }; + }; + }; + }; + }; + }; + }; + nodev = { + "/" = { + fsType = "tmpfs"; + mountOptions = [ + "defaults" + "size=2G" + "mode=755" + "nodev" + "nosuid" + ]; + }; + }; + }; +} diff --git a/hosts/dust/hardware-configuration.nix b/hosts/dust/hardware-configuration.nix new file mode 100644 index 0000000..319792e --- /dev/null +++ b/hosts/dust/hardware-configuration.nix @@ -0,0 +1,34 @@ +{inputs, ...}: { + imports = [ + inputs.nixpkgs.nixosModules.notDetected + inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-12th-gen + ]; + + services.hdapsd.enable = false; + services.thermald.enable = true; + + security.rtkit.enable = true; + hardware.pulseaudio.enable = false; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + }; + + hardware.bluetooth = { + enable = true; + settings.General.FastConnectable = true; + }; + + boot.loader.timeout = 0; + boot.loader.efi.canTouchEfiVariables = true; + + boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + + nixpkgs.hostPlatform = "x86_64-linux"; +} diff --git a/hosts/dust/home/default.nix b/hosts/dust/home/default.nix new file mode 100644 index 0000000..1d47c9a --- /dev/null +++ b/hosts/dust/home/default.nix @@ -0,0 +1,62 @@ +{ + pkgs, + inputs, + ... +}: { + imports = + [ + ./theme.nix + ./xdg-mime.nix + ] + ++ map (n: ../../../home/applications/${n}) [ + "fcitx5" + "firefox" + "foot" + "go" + "mpv" + "nautilus" + "nix" + "sway" + "thunderbird" + "ydict" + ]; + + # https://wiki.archlinux.org/title/Fish#Start_X_at_login + programs.fish.loginShellInit = '' + if test -z "$DISPLAY" -a "$XDG_VTNR" = 1 + exec sway + end + ''; + + home.packages = + (with pkgs; [ + amberol + dconf-editor + file-roller + fractal + gnome-calculator + hyperfine + loupe + mousai + seahorse + + (prismlauncher.override { + glfw = glfw-wayland-minecraft; + gamemodeSupport = false; + }) + mumble + osu-lazer-bin + ]) + ++ (with inputs.self.legacyPackages.${pkgs.stdenv.hostPlatform.system}.scripts; [ + lofi + ]); + + home.sessionVariables = { + # https://github.com/ppy/osu-framework/pull/6292 + "OSU_SDL3" = "1"; + }; + + programs.mangohud.enable = true; + programs.obs-studio.enable = true; + services.ssh-agent.enable = true; +} diff --git a/hosts/dust/home/theme.nix b/hosts/dust/home/theme.nix new file mode 100644 index 0000000..13777de --- /dev/null +++ b/hosts/dust/home/theme.nix @@ -0,0 +1,52 @@ +{ + pkgs, + config, + lib, + ... +}: { + home.pointerCursor = { + name = "Adwaita"; + package = pkgs.adwaita-icon-theme; + size = 24; + gtk.enable = true; + }; + + gtk = { + enable = true; + gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc"; + + gtk3.bookmarks = [ + "file://${config.home.homeDirectory}/Documents/Projects/flake" + ]; + + iconTheme = { + name = "Adwaita"; + package = pkgs.adwaita-icon-theme; + }; + + theme = { + name = "Adwaita-dark"; + package = pkgs.gnome-themes-extra; + }; + }; + + dconf.settings = { + "org/gnome/desktop/interface" = { + "color-scheme" = "prefer-dark"; + }; + + # Make GTK listen to fontconfig + "org/gnome/desktop/wm/preferences" = { + "titlebar-font" = "Sans Bold 11"; + }; + "org/gnome/desktop/interface" = { + "font-name" = "Sans 11"; + "document-font-name" = "Sans 11"; + "monospace-font-name" = "Monospace 10"; + }; + }; + + # ??? this commit broke nautilus's spacing ??? + # https://github.com/nix-community/home-manager/commit/e9b9ecef4295a835ab073814f100498716b05a96 + xdg.configFile."gtk-4.0/gtk.css".text = lib.mkForce config.gtk.gtk4.extraCss; +} diff --git a/hosts/dust/home/xdg-mime.nix b/hosts/dust/home/xdg-mime.nix new file mode 100644 index 0000000..a0def3a --- /dev/null +++ b/hosts/dust/home/xdg-mime.nix @@ -0,0 +1,46 @@ +{lib, ...}: { + # https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types + xdg.mimeApps = { + enable = true; + defaultApplications = + { + "inode/directory" = ["org.gnome.Nautilus.desktop"]; + } + ### Browser + // lib.genAttrs [ + "text/html" + "x-scheme-handler/http" + "x-scheme-handler/https" + "x-scheme-handler/about" + "x-scheme-handler/unknown" + ] (_n: ["firefox.desktop"]) + ### Audio player + // lib.genAttrs [ + "audio/aac" + "audio/flac" + "audio/mpeg" + "audio/ogg" + "audio/wav" + ] (_n: ["io.bassi.Amberol.desktop"]) + ### Image viewer + // lib.genAttrs [ + "image/gif" + "image/jpeg" + "image/png" + "image/webp" + ] (_n: ["org.gnome.Loupe.desktop"]) + ### Video player + // lib.genAttrs [ + "video/mp4" + "video/mpeg" + "video/webm" + ] (_n: ["mpv.desktop"]) + ### Code editor + // lib.genAttrs [ + "text/css" + "text/html" + "text/javascript" + "text/plain" + ] (_n: ["nvim.desktop"]); + }; +} diff --git a/hosts/dust/impermanence.nix b/hosts/dust/impermanence.nix new file mode 100644 index 0000000..4617cf2 --- /dev/null +++ b/hosts/dust/impermanence.nix @@ -0,0 +1,46 @@ +{lib, ...}: { + sops.age.sshKeyPaths = lib.mkForce ["/persist/etc/ssh/ssh_host_ed25519_key"]; + fileSystems."/persist".neededForBoot = true; + environment.persistence."/persist" = { + hideMounts = true; + directories = [ + "/var/log" + "/var/lib" + "/etc/secureboot" + ]; + files = [ + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + ]; + users.guanranwang = { + directories = [ + "Desktop" + "Documents" + "Downloads" + "Music" + "Pictures" + "Videos" + #"Public" + #"Templates" + + ".ssh" + ".mozilla/firefox" + ".thunderbird" + + ".cache" + ".local/share" + ".local/state" + + ".config/gh" + ".config/Mumble" + ".config/fcitx5" + ".config/obs-studio" + ]; + files = [ + ".config/sops/age/keys.txt" + ]; + }; + }; +} diff --git a/hosts/dust/lanzaboote.nix b/hosts/dust/lanzaboote.nix new file mode 100644 index 0000000..3ceac2a --- /dev/null +++ b/hosts/dust/lanzaboote.nix @@ -0,0 +1,7 @@ +{pkgs, ...}: { + environment.systemPackages = [pkgs.sbctl]; + boot.lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + }; +} diff --git a/nixos/profiles/opt-in/mihomo/secrets.yaml b/nixos/profiles/opt-in/mihomo/secrets.yaml index 6246648..f969076 100644 --- a/nixos/profiles/opt-in/mihomo/secrets.yaml +++ b/nixos/profiles/opt-in/mihomo/secrets.yaml @@ -15,29 +15,38 @@ sops: - recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTaXJJdVlKb0lpa3pkZ0px - UGwveFAydHBUMzdXOU5ibHRBNmg1VllUVWxBCkh5SWQrQUhFSFA2NHA2WWhhYXhV - bFlteVVCM1M1VlRoakZ1UW1ENmJWM3cKLS0tIDdpZVo0Z2dQQ29DVnVOQU5kWkMy - N2djZElOQUtINXY5bGJKZFROK1VpZWcKMQY/1i3yvoKhDUdkmvQ0boVHzh9vta1Z - hz9WY8aYIMsa0PY71FuBMklOfNtaPKbewx9XXfLDetFLQ7tmWnIzFg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAra2xDaFE5VW9McnhtOXlT + Vmg2VnB1YThVSVNnbllRTzJPc25tRmtlMDNjCjU2M0VBSW5FNGhNbmg5V2k2b1ox + VW0zblJNUGhlTUs3Ukx1YkZWMDI4OVEKLS0tIDg1QzhwamdvU092UUxURWxRcDdx + cmFBcXJ0dTNwZVpoSGViOEp3RzN4ZkUKslf1N5CDAEhsQPeFlLay0rSbgd+4lhM+ + Em9RFBbLadCCEDR+lNiqJjOH7VUdzhjxR/Bca2rp6XR1Rxl9828Rng== -----END AGE ENCRYPTED FILE----- - recipient: age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmVzFrcWdBNlYvdWRzNVNr - T3YyQ3JBakRQcnd2MzMyNnN4Z3h0TkN3S1NvCmdCZnFaeVdFcCtoVzh6OGRnd2o3 - cVpxTCtpV1RYRjloUElLek9NcDlrMWsKLS0tIEdtZWVNUXY4VDAzSUxkUGhodjlJ - UHFlbi9JYTBVYWIyOGZ6SnBZcWo4K1kK9TkNUwrKIywSaXoExUaBb3y4L5Gg+2CT - 0eI/CUL8LuYSSGeGRtypMPklHUQS4qV3UmXbnNSKctdLrNcDRperXg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaeXJyTDRNTU94c2FjS284 + eEZkSDRrZWo3MGRCOFJBM1F6TmgweFFud1VBCjIyNDdBRk51ZEpoR2tOSFFYMlVv + Nm8vV1k4TDRiYXJ5ejlGaUZuYVhRMDQKLS0tIElyaDZPNmRsWDlFSjdyNVFqWERR + VVFFL2d6Y0ZzUTJuR2lnVHBEUWZKQ28K5WJFk6prLRNjGC/MeMOCihFPcnZhTKcv + JCOhFi/gOoADhHvDSjbbWdUevYgRyy46IrUorBGskgGjyzhADxWWpA== -----END AGE ENCRYPTED FILE----- - recipient: age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1MHd3Qjl1ODJzVWlwN3VB - L3ZFdVBPbmRzQUJBbWdiRUtqVzJYeVlHdkZJCit4YzExQ1UweXcrRkpVMEVKQlB3 - NGt0VHE1alFvSkJGKzU5ZzM5akFwUG8KLS0tIGdvNS9ZYWU4TXM2Y1hVbjl2Z3cy - QStSb1FJb0xUUkV5cjg1Qk5ORDRQMzQKiTUdlCbgRX0zRPURsolB4O0dvxl9+lkn - 0cIBYnVxzSdlDj+TXnTR2zL2cqZg94cNaTz0qWk/kmkmgmqm80hZ7Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxQ2RoL0FVNGNJc0JqNTFD + U3YzbDQyV1d6V29MQ0V5aTlZdTkram1zM3c0CjA4QWdNV3lVTGx1NWZIZ2JWSnZP + NExOWVdkdDJLMjk3bWd2N3Qxc1ZTSVEKLS0tIFFXMWJhRVNoOCtFUm5IZktxOWJT + dVpNRFhtaWcwWTc5K2FIdkJIUlc4c2MKjhodQTFM68pEvIrpTOrr47UmtxW6bHGl + 4df8a+KsHbTyf9JWdVQOeUyNO+LvxWTIbKC2S9PBXLVsGgDp0GM8jQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age193x79xx8snu82w3t3hax6nruuw57g7pduwnkpvzkzmd7fs5jvfrquqa3sl + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMdnVPV0pNWDBQUFJDSVRZ + WXBlK3dpdmFZUmNDTkVWcmZ2Q0ZHUUc1VUJFCkszdFBWckltcTZRTVorTlljOGts + UjRrS3lvMmlpaStzTEUreUxUYWV2a2MKLS0tIC9EOUdhZWdJaWg4K1gvYXpnSDVt + UG9TTEV5R0R2bm5lUTAwSWlaelJFcW8KfBuQEVhkYJ74wYUjEcFYXFf9oWSSdkGR + Yu5lpV9UsjaiJxaD1Qp4xtNgMzzLW7q6surQGEReTDBbN1ZCx+S3Aw== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-07-09T22:04:17Z" mac: ENC[AES256_GCM,data:iKwYqxBllI8SydCUjyK2cJkcUKVj4CqjmfDSMNJtLwM6IWUoOScV4Pu0YJz0aui5F8nbyC92vdDwsE599GZMTWdCH20MeWEMo7pbkPFxxL1bY5BMCNNE3Tm354nz4ihmBXMB9aI1JRiSareV5yQ1v6lOxzDargDigMrPI/6DRfo=,iv:JRvJQ3YdFZsBstT55xKcCMGJODy42FImugHbwEbpV2I=,tag:go33lpTdouZoFk53g9FXTw==,type:str] diff --git a/nixos/profiles/opt-in/wireless/secrets.yaml b/nixos/profiles/opt-in/wireless/secrets.yaml index 56afdf2..7d3a713 100644 --- a/nixos/profiles/opt-in/wireless/secrets.yaml +++ b/nixos/profiles/opt-in/wireless/secrets.yaml @@ -10,29 +10,38 @@ sops: - recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtSktSV1ByUnF2TGJaMzh3 - a3RoaHptWHF1MjdsUFc5R2pySEFYa1IzQVE0CjZoUkVhaktldDJvL2dmRjdGa1B5 - MEtoUHpoaENNUVRtS3B4aXJQMHNCT2sKLS0tIGd5dEt0RWpkd3ZPVGkvM1JWWUdh - ZDBtRFJTMlZmUmtlNVc3ZW5oa3V0WGsKcqjqj+oPnGxAzeWpPYSpBBfS9GhN+O4/ - Mt9NT1LWfiUDhxz5GYmcLKe1tRNXpGeG02HcY65WgcVd1Y7n4mMJRA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDcjYwbmRlU1R2aFplS1JR + THp6NkZlY1k2YndoNTVZMW11elZYVWdjQkdzCjg0a2kxKzlXeVFWaXBKOHEwNGlU + RHZVSy9FdjZMNUZJNExnMGhHS0ozR3cKLS0tIDlXY25BSEcyeW1Bd01oSEVqN21s + S3hTeDBzZm1ydyt0aDRjSDRUYkYvd00KLjKQwdG2+DqxG9HgyK0pseXlBbT9HgBT + tonVZuTIsY4vIbo2sRS9IHBru0LvGPP/Lu9YGmw8I39EOG1b0IMNSg== -----END AGE ENCRYPTED FILE----- - recipient: age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZnRDOHZ1MWViV0dhS3JO - dmY2N2lyVHUxNmZnMStpcFMwbzMyZXBaaEJZCjZqWk0rOEdnMVNLTVRHMDNzUm5u - OFZTV2ZGTFQ5QlQrM3gzNUhQQ2xXMkEKLS0tIGUzeTEwZmYxekQ0cTJrU2Vhb3Zp - M2FjUFFrREphODFQUm1kRlJNOGRpTTQKF7k5/oPjoILtFEf2sO6nnF0Ar6ebTN3r - TdXYtTek0sIlSdYfVSxLmhiymz2mKi7TKPcKH6POmp0uuVX8HFEAJg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2d2FPN0ZiMDZIZ0VkVExR + RERNcE5GN1Z4ZktPZDBXekhYSVM1cWRkbWxZCndOMnhsdHlWcVFMeUtIYkcvbk5W + bHpFQ1RocVR5NWp3VGhmKzRWWDdtMm8KLS0tIDgxZlY3VjVBSmgyaGRXVmozRnM0 + dDBqdnFJUURhdFJVdm5MNDBZL3h0MkkKEQv9tegnMhokwLbFj7NR7iJ2aXjGjuN4 + VIsC/5VMikoVEo/xLeBp8E6qII99WRO+PpK4o4M5Soi+Mc7zpmKjRQ== -----END AGE ENCRYPTED FILE----- - recipient: age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6eWIvamwrRGthdzlYRmJm - SjNQTG92TzlvckJCMTM3SytHdUVodVJFYkVJCmRLSjg5TGF4RkZ1WitRNVVrSlNT - ZnQ5TnRPTGI5Uk1vaWpvMWh2NHR4NmsKLS0tIFRtbm5Kemo1WVMyMFZ3SDAwdDBn - dEN1cEJFZU82bVFRVlVqcTIzckRHQjgKHgRyq4UOcZyiFnK9fq1NLtxRktFCs3V8 - EQhl+CPWTRZTZkttJ5MclGlvTNbiH3Iy9syKns6qvOw75wqtXIdIWQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMS1REa294Z3NJQTB3U0RB + d241M1Z4TWNGdkJCbzJhRkxiSitEaGlzUWdrCjNHSWZqWHBRRTJ1OG9aTWM5ek40 + Y3IyWUFON3diYzJZSVNSNlNrZUN1ckkKLS0tIFliNm9iTUhnMTNsdy8rbks0ZWpx + Q0xpTGtKTERPc3NvRUxHMDlwcjlkQ2sKK/ZFGqI4r68NL48wK4BR0Ho8MGQoeBQQ + yfYZvlzt5iGRswKWB9F6vgGlIdRkOrnOJVq83Wvp2tJWUxzIWbGsQg== + -----END AGE ENCRYPTED FILE----- + - recipient: age193x79xx8snu82w3t3hax6nruuw57g7pduwnkpvzkzmd7fs5jvfrquqa3sl + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwMmx0ODNBT3BLRU9Yck1w + Sk8yOTRnSUd6ejJDZmhuNncxcTdtditSd0c0CjFOcll2azdOWjhMRnAyaXdvcVE0 + S0dndHFqRXcrbHRaSC9YWkNuNkt0TkkKLS0tIDdMQUFjRmlndWFKMUJZTzI5Wk1M + bnpNdWVlTyt4SWUybUE4YWJNWE9Pd1kKpqBrRvQ82HFT68OuDFzpxPaUSevNgtLs + 5K/Q94ySySwvC01PJmyiynWS4fqm8Ve7uXiVLJYbgaJzVL5nExTYpA== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-07-10T08:37:51Z" mac: ENC[AES256_GCM,data:M892yzbmOSiDdifD1kRreBR/+JwMneIZjvCXC90osBogFEmUtf9W6M3xeYmbTobgE/chy9O9yn6CVDt9OucU+sT7o2oUpbOHVulJnwstBuUJGQAEwhyolQP5YRiGRxQzdPG6dqLUkKlsi44pm4dNtDLHFPE0j1wA0PD1fhrH4Y0=,iv:P+ne5UD5F62NW0xYndCDEzR0e7qo0COwDY0iNb2bKUo=,tag:uZfOsrZuSMYdY2zqFhqiyw==,type:str] diff --git a/secrets.yaml b/secrets.yaml index 3f0cd36..fc8e2e6 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -9,38 +9,47 @@ sops: - recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoRDVuSHNpQzMzb1gxaXB4 - aEs5SEpyeFdKMExIYnZMdTdIZi9JbXY2aHlzCmN5Um81VnF3TXpOcW1IbFBnTWY3 - VHVQTmM3Zm5rOGx1UDhRRnBPZTZpRlEKLS0tIFV1am5VVXJiODdFT0RIQW9wNlVM - OWhuQmMrT2dId3U1RGtoamZyNElvSzAKqOOQB3oMulmSTFbiJenpucju+djFUY1t - ldHjlbYF9ywbAckqFtYXGcbDDbD5iv8ZvulyhU2d73534rspOXzyWQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXckNJVXZjSWgvRWZhejBD + S0dIRHVoN1ZOL2Y1Y3JpYTE5UmIxeWxIVkFZCkZJTy9TTWJ1eXYzSXZUcDBhTWho + TkZMZlkyVzQ3QysyRlVIRW1TdS9ISG8KLS0tIHRDdVRJSVhJNmFYS09IWENzdThO + WUpvU0RlVWoyeUFxZ1N6YkNBQk5lRUEKnQwSMuIeeYY39HH0+zrU/tU4EMQsTZro + wZpkYCyJ5+OgIN/WocqGIf8A52ctz19/Car3SNr8mTTpQfJj9H/6og== -----END AGE ENCRYPTED FILE----- - recipient: age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoRitmZ0xSRmNRbTIwdjg2 - aStiQnIzU1AyTzkxdE9UT0laQlkxNzh5RDAwClNDcitIa0FCVUxCRldyL1I4Rit1 - bE9MZjNlaXV6aU5UYjhEVzgrMExHNGcKLS0tIG43bE9CSTFGZG9ZSlhucVc1cWZV - T3cwdUYyQWhpM04ydTJhOWQ1NHZqTncK6kVvFDpmgT4fEv2NCerIr3y1iIfV9phv - fKHhtqeEmaon9Hp1hqBcQzB4+PuxA+AWSZ+wjffGa/aS+RsSt2FYdw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZSk90NGNVaXQyVFF6SE9X + SHkweE4rVlQ0QWNUODBjYWkvcE1qV1lQcFRZClMyc0FWV0FYUnIyL214VFFETDJ3 + MUF0R0ZkSTJOekl0V1g3Y2dRSUx0QXcKLS0tIGlRVklJKzFPM0J1OUthbHFGV0xZ + V2pSTEE3WjU0NjJSNkF3R2dtZ2hLUGcKOSSpHoST4SomzYPEeFA7rZ87lCniNQqW + dNoFFUIsH90p4qAdw8BTE8+z75p46aSoBzNqZOxoLlGzH4UPzTFD6Q== -----END AGE ENCRYPTED FILE----- - recipient: age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrMlR2WmM5cHl3SHRtZ08x - SG42bzNQSmlaQXN6RFpxSkpPcDAwbnpDMWhnCm5tZkpocWswYWF4UmYzS1dINkJ0 - bExOZWpNNlN0WkNXU29UY05vRFVoNUEKLS0tIGRwaUJFNkoyV2pLeDZOd3FxYnIz - eWpqWU12ekl0NWRQV2lIdzRIcmYvVlUKYO7EDTdyLzDjoSgSj7/p/uwjZrw2xWgp - 5474kRLJyPVjejTnnc3K1/za9Cp68tIsk/wC+bGflnXqrReNHyXq3Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYS0dneitmaU96cU5oS09J + YXkvb1hKQXJxcEdPSkU4cStHSnFQYWFudjAwCkdHTzlFN2lEbnRWTjhqZUkyT0FP + Y0JXR2pnY0lmbHFDM3N5cW41RmdaV2cKLS0tIEJ2dVcvQi9GUDA4SnFVdGxGUHgy + T1ViRnM4YXFSOHlsT25SS1U1cFBoZk0KIyUvPy+jmlojgm0yhiRUfWECDRM1E8zP + b8JThM2kJ5NjmvEmol8FnIBq/eyR6GyaBs5GTkuuDAvVHpxLqLh+fw== + -----END AGE ENCRYPTED FILE----- + - recipient: age193x79xx8snu82w3t3hax6nruuw57g7pduwnkpvzkzmd7fs5jvfrquqa3sl + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCNktUSEY4TzVVYjFNRDV0 + bzBCSzNad1BoRUNRbnJwRitVWU52aVBHK1UwCjlmWHRTSWRYZVBMeE5NYVpBVTdK + OXRJTlZSTGFISjRwL2xScGI3N2tocFUKLS0tIHAvVnZkdldUNkVNMFZOZVN6aFJ0 + RlpXZkFkUWpDemJ0Wm04N0QrL0dVY0UKq6KGit+GvUC3Wl7/fT9cZa+DVvNSzLxu + /E1EXLoDEKx9ubai3wPv1Ebt3nCM3PHNSU1l239QJiLk3NfCDc2nwg== -----END AGE ENCRYPTED FILE----- - recipient: age1vw4kf5v8cfnhfhvl0eyvqzpvy9hpfv9enffvzyt95tx5mu7s5dxqjqw0fa enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaWWxBUUVWOVZqbE5FUEt1 - ekdKaXRHdTdvWnR0R1BWMHlGMk5OQ1JTb1JJCkhWTDFpUEdneUR2UW9LVjdHN3VP - UE5WUzNJTWtreDQ2VEd2ZnFSdHJ5dDAKLS0tIEdsWlNIUDB2blBYTDdNaXN0YjBi - SC9YMFk4dUNOUDJYMXErck8yTmJmZmcKp66bHZTD6VitAOfzIr8VJr02+R9f5mxH - c5n2CWurDsZsNTKk7pgxQo78ySyAG3rzvOqgK0NFesyHy9dRl8xHCQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSQVZQRnlNZm5JZVhFZ2Vr + NDl5VHBYcVNERW5lMTY5NS9ad0dkZVlqR2lzCkJadHFDeFdtRlprSTNCQ2s3bkRt + SCtuQ0VneFMrTVptSTRJMXRvbk5iak0KLS0tIC9QMTkwa2ZrTERiQTdxV2xRdnNx + NGNZVXlxMllGMUhNbXA1ZVBTcENxSm8K1BJtltsPjecKcQVDeLTDSY0GbFo1xa2P + TYH7HmgLurykqOOhS2WnOSQZG36e2xaRutDsmdOWkSD2UI2YRBYlMQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-07-09T22:04:25Z" mac: ENC[AES256_GCM,data:d8ml8uokaSlD/nJQVM732OoEXZB0a7dpq5Koq1/Nz8iW9xDmwvrWONRmI6EPHMHJ+vFXKS09iLBtaWRo83H1KPIEfN6slVY8wrVYychz38A/jXx3TWd1oh00otJpkmjzWfEbhYYB6K0D2lTP/rfu009b29OzBNbqcIfVrJRz4vQ=,iv:/PBfFIf+SZ4zmRdOba8NKV29JRWHzCGwK5Oo2EGq/90=,tag:5eHt2FPi+5uSNEd3GlFkcQ==,type:str]