diff --git a/README.md b/README.md index 402fc97f..7da3091b 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,23 @@ This repo is managed with Nix + GNU stow # profit ``` +## Installation for Raspberry Pi +Raspberry Pi uses the same configuration as the installer. +The `(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")` allows this. + +- Build the image `nixosConfigurations..config.system.build.sdImage`. + Disable stuff like Lix to build this. + You might want to use raw password once so you don't have agenix decryption + problem while trying to have wpa_supplicant have the right passwords. + +- Burn the image to the sd card. + ```bash + zstdcat result/sd-image/nixos-image-sd-card--aarch64-linux.img.zst | + doas dd of=/dev/sdb status=progress + ``` + +- profit + # Pitfalls ## `users.mutableUsers` NEVER set this to true without declaratively setting the passwords. diff --git a/default.nix b/default.nix index 7deece54..7445744d 100644 --- a/default.nix +++ b/default.nix @@ -8,6 +8,10 @@ system = "x86_64-linux"; modules = [./nix/configurations/vanadium.nix]; }; + hydrogen = { + system = "aarch64-linux"; + modules = [./nix/configurations/hydrogen.nix]; + }; installer = { system = "x86_64-linux"; modules = [./nix/configurations/installer.nix]; diff --git a/nix/configurations/hydrogen.nix b/nix/configurations/hydrogen.nix new file mode 100644 index 00000000..d0196449 --- /dev/null +++ b/nix/configurations/hydrogen.nix @@ -0,0 +1,134 @@ +let + sources = import ../../npins; + + hostname = "hydrogen"; + username = "leana"; +in + { + modulesPath, + config, + pkgs, + lib, + ... + }: let + inherit (lib.modules) mkAliasOptionModule; + in { + imports = [ + # The generator and hardware configuration + (modulesPath + "/installer/sd-card/sd-image-aarch64.nix") + + # + # Shorthands + # + (mkAliasOptionModule ["me"] ["users" "users" username]) + (mkAliasOptionModule ["hm"] ["home-manager" "users" username]) + + # + # hostname + # + {_module.args = {inherit hostname;};} + + # + # nixpkgs + # + { + nixpkgs = { + overlays = map import [ + ../overlays/agenix.nix + ../overlays/nur.nix + ../overlays/nix-tree.nix + ../packages/overlay.nix + + # use lix everywhere and wrap it with nom + ../overlays/lix.nix + ../overlays/nix-monitored.nix + ]; + + # Set NIX_PATH and flake registry at the same time + # https://github.com/NixOS/nixpkgs/pull/254405 + flake.source = sources.nixpkgs; + }; + + nix.package = pkgs.nix-monitored; + + system.nixos.version = lib.substring 0 8 sources.nixpkgs.revision; + } + + ./hydrogen/nixos/misc.nix + ./hydrogen/nixos/programs.nix + ./hydrogen/nixos/connectivity.nix + + # QUIRK: + # Had issue when building the installer as it fails to bootstrap itself + # Might be useful to disable for the first build. + ../nixosModules/extra/secure_dns.nix + ../nixosModules/common/disable-command-not-found.nix + ../nixosModules/common/network.nix + ../nixosModules/common/sudo-conf.nix + ../nixosModules/common/system-nixconf.nix + + ../nixosModules/extra/leana.nix + + # + # Extern modules + # + (sources.agenix + "/modules/age.nix") + + (sources.nixos-hardware + "/raspberry-pi/4") + + # + # home-manager + # + (sources.home-manager + "/nixos") + { + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + sharedModules = [{home.stateVersion = lib.mkDefault config.system.stateVersion;}]; + }; + + hm.imports = [ + # + # hostname + # + {_module.args = {inherit hostname;};} + + # + # home modules + # + ./hydrogen/home/programs.nix + + ../homeModules/common/btop + ../homeModules/common/fish + ../homeModules/common/starship + ../homeModules/common/fzf.nix + ../homeModules/common/tmux + ../homeModules/common/vim + ../homeModules/common/direnv.nix + ../homeModules/common/git.nix + ../homeModules/common/gpg.nix + ../homeModules/common/leana.nix + ../homeModules/common/locale.nix + ../homeModules/common/packages.nix + ../homeModules/common/tealdeer.nix + + ../homeModules/extra/tmux-fish-integration.nix + + # + # Extern modules + # + (sources.agenix + "/modules/age-home.nix") + (import sources.wired-notify).homeManagerModules.default + ]; + } + + # + # Secrets + # + { + age.secrets = { + wpa_password.file = "${../secrets/wpa_password.age}"; + }; + } + ]; + } diff --git a/nix/configurations/hydrogen/home/programs.nix b/nix/configurations/hydrogen/home/programs.nix new file mode 100644 index 00000000..bfe508c8 --- /dev/null +++ b/nix/configurations/hydrogen/home/programs.nix @@ -0,0 +1,61 @@ +{ + pkgs, + lib, + config, + ... +}: { + home.sessionVariables = let + fishCfg = config.programs.fish; + in { + "SHELL" = lib.mkIf fishCfg.enable (lib.getExe fishCfg.package); + }; + + home.packages = [ + pkgs.nmap + pkgs.stow + pkgs.zip + pkgs.unzip + pkgs.gnutar + pkgs.p7zip + pkgs.bc + pkgs.dig + pkgs.hutils + pkgs.miniserve + pkgs.agenix + pkgs.nix-which + + # pretty tui tools + pkgs.du-dust + pkgs.tokei + pkgs.hyperfine + pkgs.watchexec + pkgs.onefetch + pkgs.just + + # nix tools + pkgs.alejandra + pkgs.nurl + pkgs.npins + pkgs.nix-tree + pkgs.nh + ]; + + programs = { + neovim = { + enable = true; + defaultEditor = true; + }; + lazygit.enable = true; + fish.enable = true; + starship.enable = true; + tmux.enable = true; + direnv.enable = true; + ripgrep.enable = true; + + btop.enable = true; + }; + + services = { + gpg-agent.enable = true; + }; +} diff --git a/nix/configurations/hydrogen/nixos/connectivity.nix b/nix/configurations/hydrogen/nixos/connectivity.nix new file mode 100644 index 00000000..a71fc30c --- /dev/null +++ b/nix/configurations/hydrogen/nixos/connectivity.nix @@ -0,0 +1,73 @@ +{ + config, + lib, + ... +}: { + users.users.root.openssh.authorizedKeys.keys = let + ids = import ../../../identities.nix; + in + builtins.concatMap builtins.attrValues (builtins.attrValues ids); + + networking = { + networkmanager.enable = lib.mkForce false; + + firewall.allowedTCPPorts = [ + 8080 + + # For 'localsend' + # https://github.com/localsend/localsend?tab=readme-ov-file#setup + 53317 + ]; + + # To enable roaming https://wiki.archlinux.org/title/Wpa_supplicant#Roaming + wireless = { + enable = true; + userControlled.enable = true; + secretsFile = config.age.secrets.wpa_password.path; + scanOnLowSignal = false; + networks = let + # wpa_supplicant uses `strchr` to seek to the first `=`, so the only forbidden character is `=`. + escapePwdKey = lib.replaceStrings ["="] ["_"]; + + fromList = ns: let + go = networkArgs @ { + ssid, + # Custom fields wrapping nixpkgs module options + hasPassword ? false, + scanOnLowSignal ? false, + randomizeMac ? false, + ... + }: { + ${ssid} = lib.mkMerge [ + (builtins.removeAttrs networkArgs ["ssid" "hasPassword" "scanOnLowSignal" "randomizeMac"]) + (lib.optionalAttrs hasPassword { + pskRaw = "ext:${escapePwdKey ssid}"; + }) + (lib.optionalAttrs scanOnLowSignal { + extraConfig = '' + bgscan="simple:30:-70:3600" + ''; + }) + (lib.optionalAttrs randomizeMac { + extraConfig = '' + mac_addr=1 + ''; + }) + ]; + }; + in + lib.mkMerge (map go ns); + + allowList = builtins.filter (x: x.ssid == "~"); + in + fromList ( + # We only want to use my own network + allowList ( + import ../../../connectivity/networks.nix + ) + ); + }; + }; + + hardware.bluetooth.enable = true; +} diff --git a/nix/configurations/hydrogen/nixos/misc.nix b/nix/configurations/hydrogen/nixos/misc.nix new file mode 100644 index 00000000..3cb2c3d4 --- /dev/null +++ b/nix/configurations/hydrogen/nixos/misc.nix @@ -0,0 +1,20 @@ +{ + system.stateVersion = "25.05"; + + swapDevices = [ + { + device = "/var/swapfile"; + size = 1024; # MB + } + ]; + + # Related https://github.com/NixOS/nixpkgs/issues/154163#issuecomment-1350599022 + # + # modprobe: FATAL: Module sun4i-drm not found in directory /nix/store/gvvwpdckzcr4iamp1iyrqw3nzb7bg6c4-linux-rpi-6.6.51-stable_20241008-modules/lib/modules/6.6.51 + nixpkgs.overlays = [ + (final: prev: { + makeModulesClosure = x: + prev.makeModulesClosure (x // {allowMissing = true;}); + }) + ]; +} diff --git a/nix/configurations/hydrogen/nixos/programs.nix b/nix/configurations/hydrogen/nixos/programs.nix new file mode 100644 index 00000000..5f281024 --- /dev/null +++ b/nix/configurations/hydrogen/nixos/programs.nix @@ -0,0 +1,19 @@ +{pkgs, ...}: { + environment.systemPackages = [ + pkgs.man-pages + pkgs.man-pages-posix + ]; + + # + # Programs + # + programs = { + vim.enable = true; + vim.defaultEditor = true; + + git.enable = true; + }; + + # Helps with kitty when ssh from remote + environment.enableAllTerminfo = true; +} diff --git a/nix/configurations/vanadium.nix b/nix/configurations/vanadium.nix index 5be9bac1..0e72a47e 100644 --- a/nix/configurations/vanadium.nix +++ b/nix/configurations/vanadium.nix @@ -42,35 +42,32 @@ in rocmSupport = true; }; - overlays = - map import - [ - ../overlays/agenix.nix - ../overlays/disko.nix - ../overlays/nur.nix - ../overlays/wired-notify.nix - ../overlays/nix-tree.nix - ../overlays/wallpapers.nix - ../overlays/nil.nix - ../overlays/dix.nix - ../overlays/eepy.nix - ../overlays/calibre-no-mime.nix - ../overlays/fcitx5-table-extra-taiwanese.nix + overlays = map import [ + ../overlays/agenix.nix + ../overlays/disko.nix + ../overlays/nur.nix + ../overlays/wired-notify.nix + ../overlays/nix-tree.nix + ../overlays/wallpapers.nix + ../overlays/nil.nix + ../overlays/dix.nix + ../overlays/eepy.nix + ../overlays/calibre-no-mime.nix + ../overlays/fcitx5-table-extra-taiwanese.nix - ../overlays/iosevka.nix - ../packages/overlay.nix + ../overlays/iosevka.nix + ../packages/overlay.nix - ./vanadium/overlay.nix - ./vanadium/kernel-overlay.nix + ./vanadium/overlay.nix + ./vanadium/kernel-overlay.nix + + # removed, but I need it for PLFA! + ../overlays/pin-emacs28.nix - # removed, but I need it for PLFA! - ../overlays/pin-emacs28.nix - ] # use lix everywhere and wrap it with nom - ++ [ - (import (sources.lix-module + "/overlay.nix") {inherit (sources) lix;}) - (import ../overlays/nix-monitored.nix) - ]; + ../overlays/lix.nix + ../overlays/nix-monitored.nix + ]; # Set NIX_PATH and flake registry at the same time # https://github.com/NixOS/nixpkgs/pull/254405 @@ -93,7 +90,6 @@ in ./vanadium/nixos/audio.nix ./vanadium/nixos/connectivity.nix - ./vanadium/nixos/secure_dns.nix ./vanadium/nixos/input.nix ./vanadium/nixos/misc.nix @@ -111,6 +107,7 @@ in ../nixosModules/common/system-nixconf.nix ../nixosModules/common/xscreensaver.nix + ../nixosModules/extra/secure_dns.nix ../nixosModules/extra/zram.nix ../nixosModules/extra/leana.nix diff --git a/nix/configurations/vanadium/nixos/connectivity.nix b/nix/configurations/vanadium/nixos/connectivity.nix index 5a0891fc..ab4aa177 100644 --- a/nix/configurations/vanadium/nixos/connectivity.nix +++ b/nix/configurations/vanadium/nixos/connectivity.nix @@ -70,7 +70,7 @@ in lib.mkMerge (map go ns); in - fromList (import ./connectivity/networks.nix); + fromList (import ../../../connectivity/networks.nix); }; }; diff --git a/nix/configurations/vanadium/nixos/misc.nix b/nix/configurations/vanadium/nixos/misc.nix index db83b159..91579fc2 100644 --- a/nix/configurations/vanadium/nixos/misc.nix +++ b/nix/configurations/vanadium/nixos/misc.nix @@ -1,4 +1,4 @@ -{ +{config, ...}: { system.stateVersion = "24.11"; boot.loader = { @@ -13,4 +13,9 @@ # https://community.frame.work/t/stability-issues-random-crashes-reboots-and-boot-freezes/62675/4 "pcie_aspm=off" ]; + + # Cross building + # https://discourse.nixos.org/t/how-do-i-get-my-aarch64-linux-machine-to-build-x86-64-linux-extra-platforms-doesnt-seem-to-work/38106/2?u=leana8959 + boot.binfmt.emulatedSystems = ["aarch64-linux"]; + nix.settings.extra-platforms = config.boot.binfmt.emulatedSystems; } diff --git a/nix/configurations/vanadium/nixos/connectivity/networks.nix b/nix/connectivity/networks.nix similarity index 100% rename from nix/configurations/vanadium/nixos/connectivity/networks.nix rename to nix/connectivity/networks.nix diff --git a/nix/configurations/vanadium/nixos/connectivity/universite_de_rennes.pem b/nix/connectivity/universite_de_rennes.pem similarity index 100% rename from nix/configurations/vanadium/nixos/connectivity/universite_de_rennes.pem rename to nix/connectivity/universite_de_rennes.pem diff --git a/nix/homeModules/common/git.nix b/nix/homeModules/common/git.nix index a50ba2a5..68f151c6 100644 --- a/nix/homeModules/common/git.nix +++ b/nix/homeModules/common/git.nix @@ -1,12 +1,22 @@ { lib, config, + pkgs, ... }: { # git plugins programs.git = { lfs.enable = true; - patdiff.enable = true; + patdiff.enable = lib.mkMerge [ + # known to fail on aarch64-linux + (lib.mkIf (pkgs.system == "aarch64-linux") ( + # TODO: investigate this + lib.warn "patdiff has been forcibly disabled because it has previously failed to build" + lib.mkForce + false + )) + (lib.mkDefault true) + ]; }; # 懶惰鬼賴皮 diff --git a/nix/identities.nix b/nix/identities.nix index 649c1ca8..9e94fd65 100644 --- a/nix/identities.nix +++ b/nix/identities.nix @@ -3,4 +3,8 @@ leana = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGPq2o9pbmLRGrOpAP76eYCAscmfakDC7wPm9fmsCCQM leana@vanadium"; root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDc55vENX+13c4s2w7zjTb8T/AnBnTi96yRC5+fy7Z2A root@vanadium"; }; + hydrogen = { + leana = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEXzNdCA0zZ+WmeKZnhQSQtUcxnQhhDl59E3BPQfLj7Q leana@hydrogen"; + root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIMVDmEt/12u9U4QGDZBx/Sx8itzqfQ4zWJvcC3pRZqP root@hydrogen"; + }; } diff --git a/nix/configurations/vanadium/nixos/secure_dns.nix b/nix/nixosModules/extra/secure_dns.nix similarity index 98% rename from nix/configurations/vanadium/nixos/secure_dns.nix rename to nix/nixosModules/extra/secure_dns.nix index 1aeeff7f..f662db89 100644 --- a/nix/configurations/vanadium/nixos/secure_dns.nix +++ b/nix/nixosModules/extra/secure_dns.nix @@ -1,9 +1,5 @@ # https://nixos.wiki/wiki/Encrypted_DNS -{ - lib, - pkgs, - ... -}: { +{pkgs, ...}: { networking = { nameservers = ["127.0.0.1" "::1"]; dhcpcd.extraConfig = "nohook resolv.conf"; diff --git a/nix/overlays/lix.nix b/nix/overlays/lix.nix new file mode 100644 index 00000000..6be56324 --- /dev/null +++ b/nix/overlays/lix.nix @@ -0,0 +1,3 @@ +final: _: { + nix = final.lixPackageSets.stable.lix; +} diff --git a/nix/secrets/four_pwd.age b/nix/secrets/four_pwd.age index 2ca25498..cb33568c 100644 --- a/nix/secrets/four_pwd.age +++ b/nix/secrets/four_pwd.age @@ -1,11 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 7owkuQ WbwyERolRsVLr0HxjKOzEPdaxegb+l+BESYvmMhtzXc -2CDufbW6viuui2Oqmgo/Fd23tQxJJMnFEgmaz0hYn+E --> ssh-ed25519 yg55bA qyqMmtbigot7wP0FuWNQ4mDd6GtSqECCTjf9E5r57HQ -VVYdcCpjGC0TeCoM0r1Ei/kCrYtCN55Kitr5KhyuNXU --> 9"tCN!-grease y p32_~6 -Eer9vu1p9YYXVrYVnRgnlb3htCmnM7sGcbSE9dwLMchbMYnxUNLZ2U9YQscGe4+G -9d1XaRMAKxPmALzNqap3WSbcEZLTmw ---- OfKe6yO+TKKai6mRvprUxhgq5smJqtYMLh1wT26YtlQ -Umt -sCLwǂ^  >EO?C_F \ No newline at end of file +-> ssh-ed25519 0LL3PQ pZvOUiznF408OPkjuasLZmbQZLS5RuRJwVucLpTe2xQ +OgLqiLgT/4Df13l2l2CdsYnMUZSmfh3xZWb3k0ALjdY +-> ssh-ed25519 0dJ6Mg SzGIUfJrv6L09LhVbzMvvaSpP4Cwr6hFFNbcCH6RO3E +jsFof9xMH73XPH/PWv//j9Fc0MPTSwwwIyNzdXd8FxM +-> ssh-ed25519 7owkuQ xtSm22EfAFkscUZ3r69V+S3guCJJu0KjXtWcE+Tv1S4 +13QkwIuZFMz1zIrWRZUfOzPVmc2eK56ruBgUD8lK+aE +-> ssh-ed25519 yg55bA 9ie4rBiJfwrUg/952DPXOY6sHFeTf8Os3bwJ8ZBphFg +PAuEQKfravJxYejS10EgB7aR+pwadl+zVtG57UGj6rA +-> p-grease TV+^qU1F ^'dkwO+: UF.{ e#KV!IV +/ASx0x3SOZzaktns0hYlSYnTzOkfn3SPaiPNbYGuSnzTSzcPEjUBTGAuk7/u7g95 +o8M5T14bFx1Mqyk +--- XGK2yNNL5UzmgLZiQvOK0jB13HiioVOHGzAwzVte7no + )7dYФ?GgYĴlr4E0]DpuD3t E&Ԕx!}I ot]KQd \ No newline at end of file diff --git a/nix/secrets/hoot_token.age b/nix/secrets/hoot_token.age index 76995e5c..dce00a08 100644 --- a/nix/secrets/hoot_token.age +++ b/nix/secrets/hoot_token.age @@ -1,11 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 7owkuQ JknIZGtwwI5E7eDTM+T5BpOoSmw2IRG49Mm3WwRC9Tw -Z1wjHJNZvQNIUwgoF0+r0JEVFfg4a+X/QA2g+IbfZ+E --> ssh-ed25519 yg55bA 6O5KVqgZDGEVXurVbiVU/jYq6wz4YymiI/2RzvOgdD4 -w3DVArFB8xsjYXmctyV0mqXE5EqAXJ8sBW5C02YztuY --> \.-grease !v -A25MQQ41zOq6KNAIgBSpCWnPZ53XrWnEL58GWVtn8pVlavGACpAV/CcstsUa6yM2 -jmYYTv2AU+BYuZ/JTqGb0vM35e3vODlzGu8MsrQ ---- qm7/iVxbQgrBnoNrGpPzBaHbBeDlQud3HsP2U/epY9g -|YPJe@&~U։Hr9,4~tAcҰu[JL20_Mb^KPH -{(E[|]t&RFY$ Tv6K\=ɨ \ No newline at end of file +-> ssh-ed25519 0LL3PQ 7sq+E69e1+k7Ofs+qrBzfX3ZrHWNl4L7W3tw44WEmFo +EjIviQjW6FD5x9yDoWwdrs1WlTxbnMhMJqqwQApz3DM +-> ssh-ed25519 0dJ6Mg Mbwr0B2vgrfG/AP6kWo/74krh8q0J9ROM0sRZDuPf3E +QW7FLw9SYZDl4ROdXRo1UgxNrkPg8/50wfskI3EycS4 +-> ssh-ed25519 7owkuQ 0jALH8GNUFc4+MVE79olkEINRmlqq8HVCoj/MO514l4 +k7i1YfC6YW0l0IN6rO9bpqCT+j3FBDg7p1yW1YAuSB0 +-> ssh-ed25519 yg55bA UDTNYKv1s+zKRZGbbZshXegb1qS+wfneqJjm7ZV9lmI +a8NLjIzKIFNf96ayOZJcJujuwA1inEsAmzfLaQyLHsw +-> $ww-grease /* +UtyDg6e07OmivhdTTl/Mz+mg/SmDC/cYqI0QDRmvd9hYhgTHG87mcevhyoLXQywp +aH1G2/deE+4+d2PEiXLOJIMM8A +--- b58ZKMa5/o53ttgY/NRQ1zcRTI5i/zWv2+BNwaAxAV8 +OrٖpMGک[E_ߢ VuljCpb+[~ %@ JDop'*ϮИV&~ַei#TL@ mcl(<󒄼bq \ No newline at end of file diff --git a/nix/secrets/iambconfig.age b/nix/secrets/iambconfig.age index c98a06d7..707377f3 100644 Binary files a/nix/secrets/iambconfig.age and b/nix/secrets/iambconfig.age differ diff --git a/nix/secrets/parrot_token.age b/nix/secrets/parrot_token.age index 2e4eb685..8cbf311f 100644 --- a/nix/secrets/parrot_token.age +++ b/nix/secrets/parrot_token.age @@ -1,10 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 7owkuQ g+/zzLQiHuiuauXP4VvPXWFxmxX9NftrSl88fNcwwC4 -O5kQ1yL3MdlxkRknXStZ+QzMCuIDFK31v8w4YvGXGE4 --> ssh-ed25519 yg55bA GN2EuwUUtBN1p8u8m0Ghn0HEP4yNuYz4whRv55kmnCc -Ck1buWhftdknrJEGak/pJ+mGEPdICNqnzDEazhAQAeQ --> %.'9AY-grease -UyOK7WEX6LgO1Z0AmtClsynfIj1OGcuIlJjIwMwiK+CHGoVjOIIRkbHiarTQw12V -kL7BR6EZRAsEpmoDYVNZrTspogQ4kDKi2KsQRoNuemiTEg ---- W1SmO6s+WRW5fxwneQ0MEv5GzbFc4IX0pNaVGHSWTTA -בs˺#\p-PKh+4Ws=0PC5ЎZ2ny,]gSd9qo?(9UАDJOr(b&hBQ\vp]emYKŞ`S`1 @ (/eYP0 \ No newline at end of file +-> ssh-ed25519 0LL3PQ 6Ue4UZAASHIQDJm8F+qrw7cdlvw+jDlrhIfTOb2mlj8 +F768h+HzBohopJJ584wcHXdKUz3CLW/ATO4nyAW1aw4 +-> ssh-ed25519 0dJ6Mg LYCAlM525ANfQAvAaYPvUpLic7FrSKXkZCDF4PIsWxU +5CrVrQdhARNiCup5fgmQH05sb2k0z/yzDElim66194o +-> ssh-ed25519 7owkuQ MNGb3zFfaJ+oTY0Vtc43uS4Gb0d+vmeEq7kZeV5t02Q +RM8dX2yW9r4QLTsBQY2uSB4fzBQSK1sxjhG/f1qNCcI +-> ssh-ed25519 yg55bA ZVbIzTEmenGD1F8KkwTPGLit7znypUiFIOW6OWhO8wo +Ai2Y2QdfZ3pZGaPWoY7HfMEstOzMDp8+BTHS7zpOwlU +-> ,%y9?-grease r(S=ghd1 +FPKkbTLe5kxzDs3dEVKa8MJ7o8t4OJ4/gO0nwP55OJlV51nRPxpsd9WWdhVv0h69 +7jZNBCF9CgB72huPFZR/50TvctOILmGmTfnIv0mpsIFjYl4QHrr6qPzuHQ +--- VJ27uwCEZSWYS99nH1OIiYNKg9Rqn1qTQnMCAVTbv6E +69]hĪ&>Z $“ nVڠCR3nT2`l;V;y[ݱY|7\하9=YHԭN[J1i'aa372NKZlDͣI* ?L@V`,vʞD \ No newline at end of file diff --git a/nix/secrets/restic_backblaze_env.age b/nix/secrets/restic_backblaze_env.age index 1c5a33d1..a456d90b 100644 Binary files a/nix/secrets/restic_backblaze_env.age and b/nix/secrets/restic_backblaze_env.age differ diff --git a/nix/secrets/restic_backblaze_pwd.age b/nix/secrets/restic_backblaze_pwd.age index 65206714..d3a3ee25 100644 --- a/nix/secrets/restic_backblaze_pwd.age +++ b/nix/secrets/restic_backblaze_pwd.age @@ -1,9 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 7owkuQ q458BCC+1ChqixcO2bMdBMktANq3d3nwzvs8hb9ityM -FjbGE5gA0lvPg0Ybp3WyqrfzmF9b7LsMp24vv/5hRHo --> ssh-ed25519 yg55bA lNCW4DBdwsFxGhw75WAUOTRkbY7ljMilARPNdI4sFTk -zULx2aX+PHxOEPyYfGEJEugaYHUwgBFminlXybrrTSo --> .C(--grease Mk?! JvhX04'M -s8AZa58 ---- Ja48d/9lY/dhamU1RxGqpweLwGI6Y/rr9npilNd9cp4 -eJ#tql DvΎa=uԢ8k&4J4G \ No newline at end of file +-> ssh-ed25519 0LL3PQ kAkdTH8kPHnYR5GncurnYL6atChq9B2ugqJYK0xUAHs +doCoG+lJAlbygvWg31BycpMf4K6dWihcJ4Vb3308ypA +-> ssh-ed25519 0dJ6Mg aWeQi7cyFZwEgcJb4GkROumwptaRTPrCBQCCpMdKQXA +ORlGsAxLgWIeRhDwv58FFIZP3vUqTipOl3Q2bdq1nEs +-> ssh-ed25519 7owkuQ aUTN8z+aD4ltDJ/7oBRhZZlsyp6blSGoeJdDDzwTsiI +00/DiiSDI3N2c1l4apPYKwQwWX/7FaxzupPnTPSzgDw +-> ssh-ed25519 yg55bA QN8RxfPk+yAL/veq7aLX7Z9LMBaMPiq7edju0xSbOjU ++Q+IADzBZB5H5PwFD3jVZOsPJdwbsiN0t6vs5tqF5HQ +-> 1-grease "[wrG8^D YH)pk=`h +OFsK01MRbG/Ds1s+xEDF5D37ijhhCuRCWAXHL+kXlJ3lXulkMpAA/QBUj2/Y9RIY +veiOf8/qizBR +--- rpmIeN8PqT0PRmiykzweztzDkzVNp1mCetqj1WJNerM +hjr@oپ$'@#ʚ 3G.U'0+|ϭna/ \ No newline at end of file diff --git a/nix/secrets/restic_backblaze_repo.age b/nix/secrets/restic_backblaze_repo.age index 167e78cd..3c0928ff 100644 Binary files a/nix/secrets/restic_backblaze_repo.age and b/nix/secrets/restic_backblaze_repo.age differ diff --git a/nix/secrets/restic_four_pwd.age b/nix/secrets/restic_four_pwd.age index 46b980de..b67cc300 100644 --- a/nix/secrets/restic_four_pwd.age +++ b/nix/secrets/restic_four_pwd.age @@ -1,10 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 7owkuQ /LOUFKCJMDbwGmRbKmtA5YibEwXaC+bn3qzr2G5PNjU -8sFd/TH7CotBpgE9IcBUjpl1HQDoVWcBnKMs+65yWFM --> ssh-ed25519 yg55bA zfExS48sAVvVfmhoNjrqu7b6YBPF8Nj+Uz7LyAswexk -0m8ezLoCMw71c+HlEDgNA/V1IZeMsWu5MV+fvQEKsRA --> .5;c~,-grease M^}>kjw ;yYsB Z 1}Z@jDzv -2ZhEqtWhM/7boxsNVSQHc+eDs41VyWaj3JoyYPBdQf1Gm9OVToKAfM03EuTYKvGk -IgoyvRNeEsXRJA3gnApmlQC/gGsaR/bMs+/sDuZzsNpMo7cFjPcfQZ+TM3A ---- ACmisGCqSllpxxoCa1FKK79Jmf1TjNCcQe+ouccHttA -mm5f}r._%) 7G~}{ {oubN3@>V4:?, \ No newline at end of file +-> ssh-ed25519 0LL3PQ xLhj3/Y4owHlZ9wSvSUO6J5QRDbAwbaMO2MNAIW/S34 +T86CtE8vACVDH34OnmUVokUY4NctvHcaVunoCvGUxEo +-> ssh-ed25519 0dJ6Mg 0sZCeLLGHhQ/ZppSTuyeZBOKdypMBNaJrI84Sdya6C0 +3koAeP0eIaSj/TQEGHYJ0GSUx9T35WQiALzLj8cykM8 +-> ssh-ed25519 7owkuQ fOjqhSibMqCebX44ODbi5B6T1KGBVjgAl78XcQbGnUs +LqRR+NxqMGi0gW3DLubo0k00mkW5onuhKWw4Oaq4o2g +-> ssh-ed25519 yg55bA xl59uoVVAsDwAik1iN+aMxAvmX2yBW6Tgngt6nrAy38 +NnAGx9qDQScgbA8eMd6JmOWV14Kp3enpuzMeTpVLSQM +-> *-grease 8-(+ vYaB m6U +8gdvu5Df7a7QJC+s3/x4OMEp3nGRQo+v6GKMo957cTIofYQrX1zPIscugjB+Ua/R +mqSUmYM +--- IYRDnT9/tIxleM47lmOA5wp3e5TrJGqn/faxfMTq7po +Q&]cӵҷrJիϘzaBd $Y['s8pZ \ No newline at end of file diff --git a/nix/secrets/restic_sgbk_pwd.age b/nix/secrets/restic_sgbk_pwd.age index 04cd71dc..ea4711ba 100644 --- a/nix/secrets/restic_sgbk_pwd.age +++ b/nix/secrets/restic_sgbk_pwd.age @@ -1,10 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 7owkuQ 4qJGfzwkiTLxMp29ap8xS4Yrr4v5+WuEgR2l6kk1u3g -/ez+z5soKOZJYd1ETWcZ9WwGQkcI4hdOhS63oshjBWM --> ssh-ed25519 yg55bA is0cfph0fc3Yd4btpE4+HqN9YWWlkkQ9hj0LDtkCPwQ -K3zdjEN3dlTaticQtVi774mQOM1KUg+dk0JvjQxctnk --> zou8qv-grease $$C.n1_ # -N5iTy0ERftclPNDFgpa4ClqGCIvTDIKj03Iyzy+az2l3bs8MXUS/4hqh+uDCW3GG -t4gL59TG ---- U3g4gGvkEQKWkM6gMEA3AFK9y5y4i7jnoNWb7xgDqeo -(}A2t80_s#5kˀ|A&p@F#p \ No newline at end of file +-> ssh-ed25519 0LL3PQ KHSf9ndwbU+gp/EjEqb6BizoDld2P0IUE+NyNq41qRU +nnjQ6RxRj/oVI4lrmGx3YA9xru2wIkV6tyYnF/Qj4gA +-> ssh-ed25519 0dJ6Mg FoLEamzgj2WZxiEGjWEacLtP+YvwPK4S961Mz4QVo0Q +LRV7YndQRyZxFWgxjZ8+KhnHY3NmQjtBx9D9SkEfdBk +-> ssh-ed25519 7owkuQ +ERZ/SyjyHNDMUcZftWjPPg/+Y4vNNhY9qcXYJTocEo +WvRkkgWh+t1O2574vvIRYkDav6XJaZe1H8+bMk6Rt2U +-> ssh-ed25519 yg55bA T1koZe8t1aK3Z8t102m9Q3sTFo68ml8hjbm5oTDxqXg +OuVwNZFJokgz3ZubnQJbhdmgfYnpKSyt+2f0pfJ0zMM +-> 1I-grease SAO!z + 1 +dor0+AdeMZtvH6XIh/8UOwtKIeqTckMwS64fXpQC15sQN4s01iZ0E2fmfxlOd7sF +CEjwIjD/c76eWsm4HXnFKPMn +--- PtcipNj2Ol00OQXMJnvGfBPLxAkxB5/JrqUNXWKRqEE +p3ו!3`S^' To[F"WQF5H$ \ No newline at end of file diff --git a/nix/secrets/sgbk_pwd.age b/nix/secrets/sgbk_pwd.age index 58602dda..ddc824b7 100644 --- a/nix/secrets/sgbk_pwd.age +++ b/nix/secrets/sgbk_pwd.age @@ -1,10 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 7owkuQ rAj9h0wtf1gsdtlvGDmaxdHjRreUyfRpZBNnI01edhY -jCTGmhWgEy3BPdWQdv7goL0Vd2obIdRFn1HHApQdIpI --> ssh-ed25519 yg55bA 9oZRoMwVSR5W7gFufctfhQcrunzGABm0eY5Zrd30CHw -10sx6yDe/qhGSo7yfJi33bqrilLE5BBMjLuw46xZ/xo --> 6<-grease # $q0gf& d+*Zn G7~` -4wM1yc2zThJt4kjBR5Evb0sKVQTk+2/UxCyRclcj+c5WoFnZAUkweu5J9NKKZZY1 -eQDsxMy2VTCwKH21kt6GMThqd8uFLWlNIG8Rd+p1UQ ---- 4ITweNL+AK2o11O1NyophxQQsMYL4Lu6iBedFz9c7TE -BQe~n bʙk86q}gې+c;]ɣK \ No newline at end of file +-> ssh-ed25519 0LL3PQ EaH3FSFURTrKNRQgBzRJHwScLs+0++zx8L5xtiv2Thg +zb9BAe2Mh3Dnq7xQTsV3FKSLfti6qk1fMuVU3jnkvSE +-> ssh-ed25519 0dJ6Mg wOmgGAMbqQD3agi6iH7ncke5yIuWwI3JK2+Z4Z6LAGQ +aPyfZ96NlrP7/XIMpKJkgvONfzdgjrm18CFGpE8rWjo +-> ssh-ed25519 7owkuQ Siq/BgJuW1G34eBHL5rUTaR/D1R8AKxo3oWNfKkjNjg +8/qCD7Z8Pnnpz2fwzcZuRKi/NqU4sOUdEn97JT5sy7U +-> ssh-ed25519 yg55bA JHUJBdwb6/vcw3g2JCZVSs/dm96PE7dhOW1gEi5Nokc +NiT7i0XArZPVz4UqN4IR+Dc47tjU1jVe8SFUbM17fBo +-> %-grease R +5njLYJJMaDrRkP6qA1AUGy375lHVqP2WzUlhYX8HLtBL95VysXoW+PTzIEc+PQNs +UMxNTezEFXnww4E06+rPE5JN/VN+lOtb1uaEFdc +--- TKX4YuCK4DPsLEB0A1XSywqEt2gysGHbYtL59hudEkQ +|oKw5tU|Gg(f\@9â0_j \ No newline at end of file diff --git a/nix/secrets/sshconfig.age b/nix/secrets/sshconfig.age index 7ddfaa72..75bd6ee3 100644 Binary files a/nix/secrets/sshconfig.age and b/nix/secrets/sshconfig.age differ diff --git a/nix/secrets/two_pwd.age b/nix/secrets/two_pwd.age index 54ff2e64..857b8c72 100644 --- a/nix/secrets/two_pwd.age +++ b/nix/secrets/two_pwd.age @@ -1,10 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 7owkuQ 19/isGgYZjRCPON85JEAYTaM766DiIvvFaaoijZivxU -OE/HYTXVW4JMx7naMAORiYfQXyfrJEuegco97PBlfs4 --> ssh-ed25519 yg55bA qsSTyN6LX3FPcfS9Mo0zZFxlv8bN+tSm3kfr7JInzE8 -OUNksovVTZjecBLo2G2EksGl/f1qMfCv2IKcgWWc7hA --> 8~-grease ^ -TtU/CcXzUV6vxDjnnSs4UHT0skFZdOOGAPZ54XYS9VI5qD5zYPdxlt4Xs293QALL -+EYnfX/02ga1Xik2diAn2/pefStizBztyrqZ6n4ZSFwbYlg66WmG7y+mW+M ---- skqsOtKqWNBNuPKITV3vEQp27npkPn8DmVvT98XFnTw -s2[>m虠JHO[{=ʆ{`sjw: 4);vRp F{9TX< \ No newline at end of file +-> ssh-ed25519 0LL3PQ bOMlgebRdu00Y6AMCMzfMDHz20hmxFZKXZXTV0GxrXI +h8g+yA6VbtKmSpJQd7jRXbI3XZ4t9onF9HAAFZqGfjo +-> ssh-ed25519 0dJ6Mg re3MAlJT/+Cv3JuX32+DDsCpX2fyjmbf6lHWEPo2cS4 +eoGwzNSWZsz7MraRl+WszHPtV/Js5miEpyPW80qE2Rk +-> ssh-ed25519 7owkuQ jVPzIG/BaqhF0pDsQGyTszSYk9uqxgT+gkI3isFfXjw +KNYecxPhASdkrX9HksZvd3PklumBxhT56cwuAvrjrCI +-> ssh-ed25519 yg55bA RQqNeR7/CnTikL1PmjuB8wbrbB/ePXDL5Vc68nwglms +XSdnfZRny11PwqNz2RQXZTJkebgpcIlLPH41anP+bE0 +-> Fwm.uTZQ-grease 0 l*:+ KkJHBhG ++GHIrzesQEN5gofR9foQBAispJYm7Q+ZpcaGA5c +--- BeBZdmPhZssR+92iYgQ/62hlCIiY6SUQaggAZkXTw8I +|.hv"՟i +|pw4ni؟WB?l`[2(ᨿ_i' \ No newline at end of file diff --git a/nix/secrets/typst-bot_token.age b/nix/secrets/typst-bot_token.age index da1052de..82ff09f7 100644 Binary files a/nix/secrets/typst-bot_token.age and b/nix/secrets/typst-bot_token.age differ diff --git a/nix/secrets/wpa_password.age b/nix/secrets/wpa_password.age index 805ead8d..2ac609b7 100644 Binary files a/nix/secrets/wpa_password.age and b/nix/secrets/wpa_password.age differ diff --git a/npins/sources.json b/npins/sources.json index 7df0bc2f..4201f4b0 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -135,40 +135,6 @@ "url": "https://codeberg.org/api/v1/repos/amjoseph/infuse.nix/archive/v2.4.tar.gz", "hash": "1s3d1v27jxsw5050qi0bq6agpf5gpw6jmcyigzpdgwfm9d6w6wz1" }, - "lix": { - "type": "GitRelease", - "repository": { - "type": "Forgejo", - "server": "https://git.lix.systems/", - "owner": "lix-project", - "repo": "lix" - }, - "pre_releases": false, - "version_upper_bound": null, - "release_prefix": null, - "submodules": false, - "version": "2.93.3", - "revision": "017e93ae637ce6dfc958001e5cdc2a3e0182be6f", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2.93.3.tar.gz", - "hash": "152xjnlr733z34ndyxnhdaw7d4f3zcj5w028mlmwy378wvhk9b1s" - }, - "lix-module": { - "type": "GitRelease", - "repository": { - "type": "Forgejo", - "server": "https://git.lix.systems/", - "owner": "lix-project", - "repo": "nixos-module" - }, - "pre_releases": false, - "version_upper_bound": null, - "release_prefix": null, - "submodules": false, - "version": "2.93.1", - "revision": "c3c78a32273e89d28367d8605a4c880f0b6607e3", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/2.93.1.tar.gz", - "hash": "1m1lk9mjmcjfi30h1yckjrbdy9yf4msav2dnk8lpn0hrj4mkkw0i" - }, "nil": { "type": "Git", "repository": {