From a00bdb82be7f5cb8df4d3b56bc575384e79c8241 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sat, 1 Nov 2025 13:04:03 +0800 Subject: [PATCH 01/32] hydrogen: init --- default.nix | 4 + nix/configurations/hydrogen.nix | 133 ++++++++++++++++++ nix/configurations/hydrogen/home/programs.nix | 64 +++++++++ .../hydrogen/nixos/connectivity.nix | 71 ++++++++++ .../hydrogen/nixos/connectivity/networks.nix | 97 +++++++++++++ .../connectivity/universite_de_rennes.pem | 97 +++++++++++++ nix/configurations/hydrogen/nixos/misc.nix | 10 ++ .../hydrogen/nixos/programs.nix | 16 +++ .../hydrogen/nixos/secure_dns.nix | 57 ++++++++ nix/configurations/vanadium/nixos/misc.nix | 7 +- 10 files changed, 555 insertions(+), 1 deletion(-) create mode 100644 nix/configurations/hydrogen.nix create mode 100644 nix/configurations/hydrogen/home/programs.nix create mode 100644 nix/configurations/hydrogen/nixos/connectivity.nix create mode 100644 nix/configurations/hydrogen/nixos/connectivity/networks.nix create mode 100644 nix/configurations/hydrogen/nixos/connectivity/universite_de_rennes.pem create mode 100644 nix/configurations/hydrogen/nixos/misc.nix create mode 100644 nix/configurations/hydrogen/nixos/programs.nix create mode 100644 nix/configurations/hydrogen/nixos/secure_dns.nix diff --git a/default.nix b/default.nix index 7deece54..7445744d 100644 --- a/default.nix +++ b/default.nix @@ -8,6 +8,10 @@ system = "x86_64-linux"; modules = [./nix/configurations/vanadium.nix]; }; + hydrogen = { + system = "aarch64-linux"; + modules = [./nix/configurations/hydrogen.nix]; + }; installer = { system = "x86_64-linux"; modules = [./nix/configurations/installer.nix]; diff --git a/nix/configurations/hydrogen.nix b/nix/configurations/hydrogen.nix new file mode 100644 index 00000000..4bb8d997 --- /dev/null +++ b/nix/configurations/hydrogen.nix @@ -0,0 +1,133 @@ +let + sources = import ../../npins; + + hostname = "hydrogen"; + username = "leana"; +in + { + modulesPath, + config, + pkgs, + lib, + ... + }: let + inherit (lib.modules) mkAliasOptionModule; + in { + imports = [ + # The generator and hardware configuration + (modulesPath + "/installer/sd-card/sd-image-aarch64.nix") + + # + # Shorthands + # + (mkAliasOptionModule ["me"] ["users" "users" username]) + (mkAliasOptionModule ["hm"] ["home-manager" "users" username]) + + # + # hostname + # + {_module.args = {inherit hostname;};} + + # + # nixpkgs + # + { + nixpkgs = { + overlays = + map import + [ + ../overlays/agenix.nix + ../overlays/nur.nix + ../overlays/nix-tree.nix + ../packages/overlay.nix + ] + # use lix everywhere and wrap it with nom + ++ [ + (import (sources.lix-module + "/overlay.nix") {inherit (sources) lix;}) + (import ../overlays/nix-monitored.nix) + ]; + + # Set NIX_PATH and flake registry at the same time + # https://github.com/NixOS/nixpkgs/pull/254405 + flake.source = sources.nixpkgs; + }; + + nix.package = pkgs.nix-monitored; + + system.nixos.version = lib.substring 0 8 sources.nixpkgs.revision; + } + + ./hydrogen/nixos/misc.nix + ./hydrogen/nixos/programs.nix + ./hydrogen/nixos/connectivity.nix + ./hydrogen/nixos/secure_dns.nix + + ../nixosModules/common/disable-command-not-found.nix + ../nixosModules/common/network.nix + ../nixosModules/common/sudo-conf.nix + ../nixosModules/common/system-nixconf.nix + + ../nixosModules/extra/leana.nix + + # + # Extern modules + # + (sources.agenix + "/modules/age.nix") + + (sources.nixos-hardware + "/raspberry-pi/4") + + # + # home-manager + # + (sources.home-manager + "/nixos") + { + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + sharedModules = [{home.stateVersion = lib.mkDefault config.system.stateVersion;}]; + }; + + hm.imports = [ + # + # hostname + # + {_module.args = {inherit hostname;};} + + # + # home modules + # + ./hydrogen/home/programs.nix + + ../homeModules/common/btop + ../homeModules/common/fish + ../homeModules/common/starship + ../homeModules/common/tmux + ../homeModules/common/vim + ../homeModules/common/direnv.nix + ../homeModules/common/git.nix + ../homeModules/common/gpg.nix + ../homeModules/common/leana.nix + ../homeModules/common/locale.nix + ../homeModules/common/packages.nix + ../homeModules/common/tealdeer.nix + + ../homeModules/extra/tmux-fish-integration.nix + + # + # Extern modules + # + (sources.agenix + "/modules/age-home.nix") + (import sources.wired-notify).homeManagerModules.default + ]; + } + + # + # Secrets + # + { + age.secrets = { + wpa_password.file = "${../secrets/wpa_password.age}"; + }; + } + ]; + } diff --git a/nix/configurations/hydrogen/home/programs.nix b/nix/configurations/hydrogen/home/programs.nix new file mode 100644 index 00000000..32ed2b56 --- /dev/null +++ b/nix/configurations/hydrogen/home/programs.nix @@ -0,0 +1,64 @@ +{ + pkgs, + lib, + config, + ... +}: { + home.sessionVariables = let + fishCfg = config.programs.fish; + in { + "SHELL" = lib.mkIf fishCfg.enable (lib.getExe fishCfg.package); + }; + + home.packages = [ + pkgs.nmap + pkgs.stow + pkgs.zip + pkgs.unzip + pkgs.gnutar + pkgs.p7zip + pkgs.bc + pkgs.dig + pkgs.hutils + pkgs.miniserve + pkgs.agenix + pkgs.nix-which + + # pretty tui tools + pkgs.du-dust + pkgs.tokei + pkgs.hyperfine + pkgs.watchexec + pkgs.onefetch + pkgs.just + + # nix tools + pkgs.alejandra + pkgs.nurl + pkgs.npins + pkgs.nix-tree + pkgs.nh + ]; + + programs = { + neovim = { + enable = true; + defaultEditor = true; + }; + lazygit.enable = true; + fish.enable = true; + starship.enable = true; + tmux.enable = true; + direnv.enable = true; + ripgrep.enable = true; + + btop.enable = true; + + # OCaml fails to build on aarch64-linux + git.patdiff.enable = lib.mkForce false; + }; + + services = { + gpg-agent.enable = true; + }; +} diff --git a/nix/configurations/hydrogen/nixos/connectivity.nix b/nix/configurations/hydrogen/nixos/connectivity.nix new file mode 100644 index 00000000..2f24dbb5 --- /dev/null +++ b/nix/configurations/hydrogen/nixos/connectivity.nix @@ -0,0 +1,71 @@ +{ + config, + lib, + ... +}: { + # https://unix.stackexchange.com/questions/592775/how-can-i-enable-apple-ios-fast-charge-support + services.udev.extraRules = '' + SUBSYSTEM=="usb", ACTION=="add", DRIVER=="apple-mfi-fastcharge", RUN+="/bin/sh -c 'echo Fast > /sys/class/power_supply/apple_mfi_fastcharge/charge_type'" + ''; + + users.users.root.openssh.authorizedKeys.keys = let + ids = import ../../../identities.nix; + in + builtins.concatMap builtins.attrValues (builtins.attrValues ids); + + networking = { + networkmanager.enable = lib.mkForce false; + + firewall.allowedTCPPorts = [ + 8080 + + # For 'localsend' + # https://github.com/localsend/localsend?tab=readme-ov-file#setup + 53317 + ]; + + # To enable roaming https://wiki.archlinux.org/title/Wpa_supplicant#Roaming + wireless = { + enable = true; + userControlled.enable = true; + secretsFile = config.age.secrets.wpa_password.path; + scanOnLowSignal = false; + networks = let + # wpa_supplicant uses `strchr` to seek to the first `=`, so the only forbidden character is `=`. + escapePwdKey = lib.replaceStrings ["="] ["_"]; + + fromList = ns: let + go = networkArgs @ { + ssid, + # Custom fields wrapping nixpkgs module options + hasPassword ? false, + scanOnLowSignal ? false, + randomizeMac ? false, + ... + }: { + ${ssid} = lib.mkMerge [ + (builtins.removeAttrs networkArgs ["ssid" "hasPassword" "scanOnLowSignal" "randomizeMac"]) + (lib.optionalAttrs hasPassword { + pskRaw = "ext:${escapePwdKey ssid}"; + }) + (lib.optionalAttrs scanOnLowSignal { + extraConfig = '' + bgscan="simple:30:-70:3600" + ''; + }) + (lib.optionalAttrs randomizeMac { + extraConfig = '' + mac_addr=1 + ''; + }) + ]; + }; + in + lib.mkMerge (map go ns); + in + fromList (import ./connectivity/networks.nix); + }; + }; + + hardware.bluetooth.enable = true; +} diff --git a/nix/configurations/hydrogen/nixos/connectivity/networks.nix b/nix/configurations/hydrogen/nixos/connectivity/networks.nix new file mode 100644 index 00000000..e87052ce --- /dev/null +++ b/nix/configurations/hydrogen/nixos/connectivity/networks.nix @@ -0,0 +1,97 @@ +let + preferredPriority = 20; + privatePriority = 10; + limitedPriority = -10; +in [ + { + ssid = "~"; + priority = preferredPriority; + hasPassword = true; + } + { + ssid = "Pei’s Wifi"; + priority = privatePriority; + hasPassword = true; + } + { + ssid = "girlypop-net"; + priority = privatePriority; + hasPassword = true; + } + + { + ssid = "annapurna"; + priority = privatePriority; + hasPassword = true; + scanOnLowSignal = true; + } + { + ssid = "5526-1"; # TODO: set bssid preference ? + priority = privatePriority; + hasPassword = true; + } + + { + ssid = "eduroam"; + priority = privatePriority; + scanOnLowSignal = true; + + authProtocols = ["WPA-EAP"]; + auth = '' + pairwise=CCMP + group=CCMP TKIP + eap=PEAP + ca_cert="${./universite_de_rennes.pem}" + identity="ychiang@etudiant.univ-rennes.fr" + altsubject_match="DNS:radius.univ-rennes1.fr;DNS:radius1.univ-rennes1.fr;DNS:radius2.univ-rennes1.fr;DNS:vmradius-psf1.univ-rennes1.fr;DNS:vmradius-psf2.univ-rennes1.fr" + phase2="auth=MSCHAPV2" + password=ext:EDUROAM + anonymous_identity="anonymous@univ-rennes.fr" + ''; + } + + { + ssid = "A-WAY"; + priority = privatePriority; + hasPassword = true; + randomizeMac = true; + } + { + ssid = "CAT.jpgcafe"; + priority = privatePriority; + hasPassword = true; + randomizeMac = true; + } + { + ssid = "LOUISA"; # 區公所 + priority = privatePriority; + hasPassword = true; + randomizeMac = true; + } + { + ssid = "LouisaCoffee"; # 七張 + priority = privatePriority; + hasPassword = true; + randomizeMac = true; + } + { + ssid = "MetroTaipei x Louisa"; # 大安 + priority = privatePriority; + hasPassword = true; + randomizeMac = true; + } + + {ssid = "_SNCF_WIFI_INOUI";} + {ssid = "_WIFI_LYRIA";} + {ssid = "EurostarTrainsWiFi";} + {ssid = "SBB-FREE";} + {ssid = "AOT Airport Free Wi-Fi by NT";} + {ssid = "NewTaipei";} + {ssid = "Fami-WiFi";} + + { + ssid = "iPhone de Léana 江"; + priority = limitedPriority; + hasPassword = true; + } +] diff --git a/nix/configurations/hydrogen/nixos/connectivity/universite_de_rennes.pem b/nix/configurations/hydrogen/nixos/connectivity/universite_de_rennes.pem new file mode 100644 index 00000000..ac4d2e1f --- /dev/null +++ b/nix/configurations/hydrogen/nixos/connectivity/universite_de_rennes.pem @@ -0,0 +1,97 @@ +-----BEGIN CERTIFICATE----- +MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb +MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow +GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj +YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM +GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua +BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe +3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 +YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR +rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm +ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU +oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF +MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v +QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t +b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF +AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q +GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz +Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 +G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi +l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 +smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7 +MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD +VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE +AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4 +MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5 +MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO +ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI +s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG +vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ +Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb +IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0 +tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E +xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV +icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5 +D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ +WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ +5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG +KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg +EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID +ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG +BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t +L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr +BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA +A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+ +rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+ +/czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA +CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F +zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA +vGp4z7h/jnZymQyd/teRCBaho1+V +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIG5TCCBM2gAwIBAgIRANpDvROb0li7TdYcrMTz2+AwDQYJKoZIhvcNAQEMBQAw +gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK +ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD +VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIw +MDIxODAwMDAwMFoXDTMzMDUwMTIzNTk1OVowRDELMAkGA1UEBhMCTkwxGTAXBgNV +BAoTEEdFQU5UIFZlcmVuaWdpbmcxGjAYBgNVBAMTEUdFQU5UIE9WIFJTQSBDQSA0 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApYhi1aEiPsg9ZKRMAw9Q +r8Mthsr6R20VSfFeh7TgwtLQi6RSRLOh4or4EMG/1th8lijv7xnBMVZkTysFiPmT +PiLOfvz+QwO1NwjvgY+Jrs7fSoVA/TQkXzcxu4Tl3WHi+qJmKLJVu/JOuHud6mOp +LWkIbhODSzOxANJ24IGPx9h4OXDyy6/342eE6UPXCtJ8AzeumTG6Dfv5KVx24lCF +TGUzHUB+j+g0lSKg/Sf1OzgCajJV9enmZ/84ydh48wPp6vbWf1H0O3Rd3LhpMSVn +TqFTLKZSbQeLcx/l9DOKZfBCC9ghWxsgTqW9gQ7v3T3aIfSaVC9rnwVxO0VjmDdP +FNbdoxnh0zYwf45nV1QQgpRwZJ93yWedhp4ch1a6Ajwqs+wv4mZzmBSjovtV0mKw +d+CQbSToalEUP4QeJq4Udz5WNmNMI4OYP6cgrnlJ50aa0DZPlJqrKQPGL69KQQz1 +2WgxvhCuVU70y6ZWAPopBa1ykbsttpLxADZre5cH573lIuLHdjx7NjpYIXRx2+QJ +URnX2qx37eZIxYXz8ggM+wXH6RDbU3V2o5DP67hXPHSAbA+p0orjAocpk2osxHKo +NSE3LCjNx8WVdxnXvuQ28tKdaK69knfm3bB7xpdfsNNTPH9ElcjscWZxpeZ5Iij8 +lyrCG1z0vSWtSBsgSnUyG/sCAwEAAaOCAYswggGHMB8GA1UdIwQYMBaAFFN5v1qq +K0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQWBBRvHTVJEGwy+lmgnryK6B+VvnF6DDAO +BgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggr +BgEFBQcDAQYIKwYBBQUHAwIwOAYDVR0gBDEwLzAtBgRVHSAAMCUwIwYIKwYBBQUH +AgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMFAGA1UdHwRJMEcwRaBDoEGGP2h0 +dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9u +QXV0aG9yaXR5LmNybDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6 +Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAl +BggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0B +AQwFAAOCAgEAUtlC3e0xj/1BMfPhdQhUXeLjb0xp8UE28kzWE5xDzGKbfGgnrT2R +lw5gLIx+/cNVrad//+MrpTppMlxq59AsXYZW3xRasrvkjGfNR3vt/1RAl8iI31lG +hIg6dfIX5N4esLkrQeN8HiyHKH6khm4966IkVVtnxz5CgUPqEYn4eQ+4eeESrWBh +AqXaiv7HRvpsdwLYekAhnrlGpioZ/CJIT2PTTxf+GHM6cuUnNqdUzfvrQgA8kt1/ +ASXx2od/M+c8nlJqrGz29lrJveJOSEMX0c/ts02WhsfMhkYa6XujUZLmvR1Eq08r +48/EZ4l+t5L4wt0DV8VaPbsEBF1EOFpz/YS2H6mSwcFaNJbnYqqJHIvm3PLJHkFm +EoLXRVrQXdCT+3wgBfgU6heCV5CYBz/YkrdWES7tiiT8sVUDqXmVlTsbiRNiyLs2 +bmEWWFUl76jViIJog5fongEqN3jLIGTG/mXrJT1UyymIcobnIGrbwwRVz/mpFQo0 +vBYIi1k2ThVh0Dx88BbF9YiP84dd8Fkn5wbE6FxXYJ287qfRTgmhePecPc73Yrzt +apdRcsKVGkOpaTIJP/l+lAHRLZxk/dUtyN95G++bOSQqnOCpVPabUGl2E/OEyFrp +Ipwgu2L/WJclvd6g+ZA/iWkLSMcpnFb+uX6QBqvD6+RNxul1FaB5iHY= +-----END CERTIFICATE----- + diff --git a/nix/configurations/hydrogen/nixos/misc.nix b/nix/configurations/hydrogen/nixos/misc.nix new file mode 100644 index 00000000..b8537a11 --- /dev/null +++ b/nix/configurations/hydrogen/nixos/misc.nix @@ -0,0 +1,10 @@ +{ + system.stateVersion = "25.05"; + + swapDevices = [ + { + device = "/var/swapfile"; + size = 1024; # MB + } + ]; +} diff --git a/nix/configurations/hydrogen/nixos/programs.nix b/nix/configurations/hydrogen/nixos/programs.nix new file mode 100644 index 00000000..0e605d66 --- /dev/null +++ b/nix/configurations/hydrogen/nixos/programs.nix @@ -0,0 +1,16 @@ +{pkgs, ...}: { + environment.systemPackages = [ + pkgs.man-pages + pkgs.man-pages-posix + ]; + + # + # Programs + # + programs = { + vim.enable = true; + vim.defaultEditor = true; + + git.enable = true; + }; +} diff --git a/nix/configurations/hydrogen/nixos/secure_dns.nix b/nix/configurations/hydrogen/nixos/secure_dns.nix new file mode 100644 index 00000000..1aeeff7f --- /dev/null +++ b/nix/configurations/hydrogen/nixos/secure_dns.nix @@ -0,0 +1,57 @@ +# https://nixos.wiki/wiki/Encrypted_DNS +{ + lib, + pkgs, + ... +}: { + networking = { + nameservers = ["127.0.0.1" "::1"]; + dhcpcd.extraConfig = "nohook resolv.conf"; + # networkmanager.dns = "none"; + }; + + services.resolved.enable = false; + + services.dnscrypt-proxy2 = { + enable = true; + # Settings reference: + # https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml + settings = { + listen_addresses = ["127.0.0.1:53"]; + ipv4_servers = true; + + require_dnssec = true; + require_nolog = true; + require_nofilter = true; + + lb_strategy = "p2"; + lb_estimator = true; + + # Blocklists are made of one pattern per line. + # https://github.com/DNSCrypt/dnscrypt-proxy/blob/fa59f990431a49b6485f63f96601bc7e64017bf8/dnscrypt-proxy/example-dnscrypt-proxy.toml#L583C4-L583C75 + blocked_names.blocked_names_file = pkgs.concatText "dnsblocklist_combined" [ + # Prevent building up reliance on chatbots + # Gotta preserve that thinking ability of my smoof bwain + pkgs.ai_blocklist + pkgs.hategroup_blocklist + + # Gotta purify my smoos brain for a while + (pkgs.writeText "extra_dns_blocklist" '' + instagram.com + youtube.com + '') + ]; + + # Add this to test if dnscrypt-proxy is actually used to resolve DNS requests + # query_log.file = "/var/log/dnscrypt-proxy/query.log"; + sources.public-resolvers = { + urls = [ + "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md" + "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md" + ]; + cache_file = "/var/cache/dnscrypt-proxy/public-resolvers.md"; + minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3"; + }; + }; + }; +} diff --git a/nix/configurations/vanadium/nixos/misc.nix b/nix/configurations/vanadium/nixos/misc.nix index db83b159..91579fc2 100644 --- a/nix/configurations/vanadium/nixos/misc.nix +++ b/nix/configurations/vanadium/nixos/misc.nix @@ -1,4 +1,4 @@ -{ +{config, ...}: { system.stateVersion = "24.11"; boot.loader = { @@ -13,4 +13,9 @@ # https://community.frame.work/t/stability-issues-random-crashes-reboots-and-boot-freezes/62675/4 "pcie_aspm=off" ]; + + # Cross building + # https://discourse.nixos.org/t/how-do-i-get-my-aarch64-linux-machine-to-build-x86-64-linux-extra-platforms-doesnt-seem-to-work/38106/2?u=leana8959 + boot.binfmt.emulatedSystems = ["aarch64-linux"]; + nix.settings.extra-platforms = config.boot.binfmt.emulatedSystems; } From 8800d9053a00d7b30f3b14566171123b3fa4e1a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sat, 1 Nov 2025 13:05:49 +0800 Subject: [PATCH 02/32] tree-wide: unify network settings across hosts --- .../hydrogen/nixos/connectivity.nix | 2 +- .../vanadium/nixos/connectivity.nix | 2 +- .../vanadium/nixos/connectivity/networks.nix | 97 ------------------- .../connectivity/universite_de_rennes.pem | 97 ------------------- .../nixos => }/connectivity/networks.nix | 0 .../connectivity/universite_de_rennes.pem | 0 6 files changed, 2 insertions(+), 196 deletions(-) delete mode 100644 nix/configurations/vanadium/nixos/connectivity/networks.nix delete mode 100644 nix/configurations/vanadium/nixos/connectivity/universite_de_rennes.pem rename nix/{configurations/hydrogen/nixos => }/connectivity/networks.nix (100%) rename nix/{configurations/hydrogen/nixos => }/connectivity/universite_de_rennes.pem (100%) diff --git a/nix/configurations/hydrogen/nixos/connectivity.nix b/nix/configurations/hydrogen/nixos/connectivity.nix index 2f24dbb5..2c04b047 100644 --- a/nix/configurations/hydrogen/nixos/connectivity.nix +++ b/nix/configurations/hydrogen/nixos/connectivity.nix @@ -63,7 +63,7 @@ in lib.mkMerge (map go ns); in - fromList (import ./connectivity/networks.nix); + fromList (import ../../../connectivity/networks.nix); }; }; diff --git a/nix/configurations/vanadium/nixos/connectivity.nix b/nix/configurations/vanadium/nixos/connectivity.nix index 5a0891fc..ab4aa177 100644 --- a/nix/configurations/vanadium/nixos/connectivity.nix +++ b/nix/configurations/vanadium/nixos/connectivity.nix @@ -70,7 +70,7 @@ in lib.mkMerge (map go ns); in - fromList (import ./connectivity/networks.nix); + fromList (import ../../../connectivity/networks.nix); }; }; diff --git a/nix/configurations/vanadium/nixos/connectivity/networks.nix b/nix/configurations/vanadium/nixos/connectivity/networks.nix deleted file mode 100644 index e87052ce..00000000 --- a/nix/configurations/vanadium/nixos/connectivity/networks.nix +++ /dev/null @@ -1,97 +0,0 @@ -let - preferredPriority = 20; - privatePriority = 10; - limitedPriority = -10; -in [ - { - ssid = "~"; - priority = preferredPriority; - hasPassword = true; - } - { - ssid = "Pei’s Wifi"; - priority = privatePriority; - hasPassword = true; - } - { - ssid = "girlypop-net"; - priority = privatePriority; - hasPassword = true; - } - - { - ssid = "annapurna"; - priority = privatePriority; - hasPassword = true; - scanOnLowSignal = true; - } - { - ssid = "5526-1"; # TODO: set bssid preference ? - priority = privatePriority; - hasPassword = true; - } - - { - ssid = "eduroam"; - priority = privatePriority; - scanOnLowSignal = true; - - authProtocols = ["WPA-EAP"]; - auth = '' - pairwise=CCMP - group=CCMP TKIP - eap=PEAP - ca_cert="${./universite_de_rennes.pem}" - identity="ychiang@etudiant.univ-rennes.fr" - altsubject_match="DNS:radius.univ-rennes1.fr;DNS:radius1.univ-rennes1.fr;DNS:radius2.univ-rennes1.fr;DNS:vmradius-psf1.univ-rennes1.fr;DNS:vmradius-psf2.univ-rennes1.fr" - phase2="auth=MSCHAPV2" - password=ext:EDUROAM - anonymous_identity="anonymous@univ-rennes.fr" - ''; - } - - { - ssid = "A-WAY"; - priority = privatePriority; - hasPassword = true; - randomizeMac = true; - } - { - ssid = "CAT.jpgcafe"; - priority = privatePriority; - hasPassword = true; - randomizeMac = true; - } - { - ssid = "LOUISA"; # 區公所 - priority = privatePriority; - hasPassword = true; - randomizeMac = true; - } - { - ssid = "LouisaCoffee"; # 七張 - priority = privatePriority; - hasPassword = true; - randomizeMac = true; - } - { - ssid = "MetroTaipei x Louisa"; # 大安 - priority = privatePriority; - hasPassword = true; - randomizeMac = true; - } - - {ssid = "_SNCF_WIFI_INOUI";} - {ssid = "_WIFI_LYRIA";} - {ssid = "EurostarTrainsWiFi";} - {ssid = "SBB-FREE";} - {ssid = "AOT Airport Free Wi-Fi by NT";} - {ssid = "NewTaipei";} - {ssid = "Fami-WiFi";} - - { - ssid = "iPhone de Léana 江"; - priority = limitedPriority; - hasPassword = true; - } -] diff --git a/nix/configurations/vanadium/nixos/connectivity/universite_de_rennes.pem b/nix/configurations/vanadium/nixos/connectivity/universite_de_rennes.pem deleted file mode 100644 index ac4d2e1f..00000000 --- a/nix/configurations/vanadium/nixos/connectivity/universite_de_rennes.pem +++ /dev/null @@ -1,97 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb -MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow -GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj -YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL -MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE -BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM -GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua -BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe -3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 -YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR -rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm -ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU -oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF -MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v -QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t -b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF -AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q -GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz -Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 -G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi -l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 -smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7 -MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD -VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE -AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4 -MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5 -MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO -ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0 -aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI -s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG -vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ -Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb -IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0 -tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E -xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV -icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5 -D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ -WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ -5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG -KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg -EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID -ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG -BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t -L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr -BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA -A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+ -rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+ -/czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA -CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F -zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA -vGp4z7h/jnZymQyd/teRCBaho1+V ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIG5TCCBM2gAwIBAgIRANpDvROb0li7TdYcrMTz2+AwDQYJKoZIhvcNAQEMBQAw -gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK -ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD -VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIw -MDIxODAwMDAwMFoXDTMzMDUwMTIzNTk1OVowRDELMAkGA1UEBhMCTkwxGTAXBgNV -BAoTEEdFQU5UIFZlcmVuaWdpbmcxGjAYBgNVBAMTEUdFQU5UIE9WIFJTQSBDQSA0 -MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApYhi1aEiPsg9ZKRMAw9Q -r8Mthsr6R20VSfFeh7TgwtLQi6RSRLOh4or4EMG/1th8lijv7xnBMVZkTysFiPmT -PiLOfvz+QwO1NwjvgY+Jrs7fSoVA/TQkXzcxu4Tl3WHi+qJmKLJVu/JOuHud6mOp -LWkIbhODSzOxANJ24IGPx9h4OXDyy6/342eE6UPXCtJ8AzeumTG6Dfv5KVx24lCF -TGUzHUB+j+g0lSKg/Sf1OzgCajJV9enmZ/84ydh48wPp6vbWf1H0O3Rd3LhpMSVn -TqFTLKZSbQeLcx/l9DOKZfBCC9ghWxsgTqW9gQ7v3T3aIfSaVC9rnwVxO0VjmDdP -FNbdoxnh0zYwf45nV1QQgpRwZJ93yWedhp4ch1a6Ajwqs+wv4mZzmBSjovtV0mKw -d+CQbSToalEUP4QeJq4Udz5WNmNMI4OYP6cgrnlJ50aa0DZPlJqrKQPGL69KQQz1 -2WgxvhCuVU70y6ZWAPopBa1ykbsttpLxADZre5cH573lIuLHdjx7NjpYIXRx2+QJ -URnX2qx37eZIxYXz8ggM+wXH6RDbU3V2o5DP67hXPHSAbA+p0orjAocpk2osxHKo -NSE3LCjNx8WVdxnXvuQ28tKdaK69knfm3bB7xpdfsNNTPH9ElcjscWZxpeZ5Iij8 -lyrCG1z0vSWtSBsgSnUyG/sCAwEAAaOCAYswggGHMB8GA1UdIwQYMBaAFFN5v1qq -K0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQWBBRvHTVJEGwy+lmgnryK6B+VvnF6DDAO -BgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggr -BgEFBQcDAQYIKwYBBQUHAwIwOAYDVR0gBDEwLzAtBgRVHSAAMCUwIwYIKwYBBQUH -AgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMFAGA1UdHwRJMEcwRaBDoEGGP2h0 -dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9u -QXV0aG9yaXR5LmNybDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6 -Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAl -BggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0B -AQwFAAOCAgEAUtlC3e0xj/1BMfPhdQhUXeLjb0xp8UE28kzWE5xDzGKbfGgnrT2R -lw5gLIx+/cNVrad//+MrpTppMlxq59AsXYZW3xRasrvkjGfNR3vt/1RAl8iI31lG -hIg6dfIX5N4esLkrQeN8HiyHKH6khm4966IkVVtnxz5CgUPqEYn4eQ+4eeESrWBh -AqXaiv7HRvpsdwLYekAhnrlGpioZ/CJIT2PTTxf+GHM6cuUnNqdUzfvrQgA8kt1/ -ASXx2od/M+c8nlJqrGz29lrJveJOSEMX0c/ts02WhsfMhkYa6XujUZLmvR1Eq08r -48/EZ4l+t5L4wt0DV8VaPbsEBF1EOFpz/YS2H6mSwcFaNJbnYqqJHIvm3PLJHkFm -EoLXRVrQXdCT+3wgBfgU6heCV5CYBz/YkrdWES7tiiT8sVUDqXmVlTsbiRNiyLs2 -bmEWWFUl76jViIJog5fongEqN3jLIGTG/mXrJT1UyymIcobnIGrbwwRVz/mpFQo0 -vBYIi1k2ThVh0Dx88BbF9YiP84dd8Fkn5wbE6FxXYJ287qfRTgmhePecPc73Yrzt -apdRcsKVGkOpaTIJP/l+lAHRLZxk/dUtyN95G++bOSQqnOCpVPabUGl2E/OEyFrp -Ipwgu2L/WJclvd6g+ZA/iWkLSMcpnFb+uX6QBqvD6+RNxul1FaB5iHY= ------END CERTIFICATE----- - diff --git a/nix/configurations/hydrogen/nixos/connectivity/networks.nix b/nix/connectivity/networks.nix similarity index 100% rename from nix/configurations/hydrogen/nixos/connectivity/networks.nix rename to nix/connectivity/networks.nix diff --git a/nix/configurations/hydrogen/nixos/connectivity/universite_de_rennes.pem b/nix/connectivity/universite_de_rennes.pem similarity index 100% rename from nix/configurations/hydrogen/nixos/connectivity/universite_de_rennes.pem rename to nix/connectivity/universite_de_rennes.pem From f9edbdd3fa09f9a88539456e2f3d2f90a0889802 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sat, 1 Nov 2025 14:07:00 +0800 Subject: [PATCH 03/32] hydrogen: allow missing modules Related to https://github.com/NixOS/nixpkgs/issues/154163#issuecomment-1350599022 --- nix/configurations/hydrogen/nixos/misc.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/nix/configurations/hydrogen/nixos/misc.nix b/nix/configurations/hydrogen/nixos/misc.nix index b8537a11..3cb2c3d4 100644 --- a/nix/configurations/hydrogen/nixos/misc.nix +++ b/nix/configurations/hydrogen/nixos/misc.nix @@ -7,4 +7,14 @@ size = 1024; # MB } ]; + + # Related https://github.com/NixOS/nixpkgs/issues/154163#issuecomment-1350599022 + # + # modprobe: FATAL: Module sun4i-drm not found in directory /nix/store/gvvwpdckzcr4iamp1iyrqw3nzb7bg6c4-linux-rpi-6.6.51-stable_20241008-modules/lib/modules/6.6.51 + nixpkgs.overlays = [ + (final: prev: { + makeModulesClosure = x: + prev.makeModulesClosure (x // {allowMissing = true;}); + }) + ]; } From 00a2d985d025ba022522e11f410a68684b70140d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sat, 1 Nov 2025 17:42:31 +0800 Subject: [PATCH 04/32] nix/identities: add hydrogen --- nix/identities.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nix/identities.nix b/nix/identities.nix index 649c1ca8..e5789111 100644 --- a/nix/identities.nix +++ b/nix/identities.nix @@ -3,4 +3,8 @@ leana = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGPq2o9pbmLRGrOpAP76eYCAscmfakDC7wPm9fmsCCQM leana@vanadium"; root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDc55vENX+13c4s2w7zjTb8T/AnBnTi96yRC5+fy7Z2A root@vanadium"; }; + hydrogen = { + leana = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGILsk4f+Z3Dn1IBtAKwpQPBMO88LT/QnONYhSmH3kUm leana@hydrogen"; + root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMUqY9QNsUImaSRHR+jS04ffDtofPSwb1vHoBAoaoju root@hydrogen"; + }; } From 278aee022b6004a214387f5d8d9a788ab38345c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sat, 1 Nov 2025 18:02:39 +0800 Subject: [PATCH 05/32] agenix: rekey --- nix/secrets/four_pwd.age | 23 +++++++++++++---------- nix/secrets/hoot_token.age | Bin 541 -> 787 bytes nix/secrets/iambconfig.age | Bin 778 -> 1066 bytes nix/secrets/parrot_token.age | Bin 573 -> 800 bytes nix/secrets/restic_backblaze_env.age | Bin 495 -> 779 bytes nix/secrets/restic_backblaze_pwd.age | 20 ++++++++++++-------- nix/secrets/restic_backblaze_repo.age | Bin 481 -> 707 bytes nix/secrets/restic_four_pwd.age | 23 ++++++++++++++--------- nix/secrets/restic_sgbk_pwd.age | 22 +++++++++++++--------- nix/secrets/sgbk_pwd.age | 23 ++++++++++++++--------- nix/secrets/sshconfig.age | Bin 848 -> 1052 bytes nix/secrets/two_pwd.age | 21 ++++++++++++--------- nix/secrets/typst-bot_token.age | Bin 483 -> 740 bytes nix/secrets/wpa_password.age | Bin 717 -> 957 bytes 14 files changed, 78 insertions(+), 54 deletions(-) diff --git a/nix/secrets/four_pwd.age b/nix/secrets/four_pwd.age index 2ca25498..03151a9d 100644 --- a/nix/secrets/four_pwd.age +++ b/nix/secrets/four_pwd.age @@ -1,11 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 7owkuQ WbwyERolRsVLr0HxjKOzEPdaxegb+l+BESYvmMhtzXc -2CDufbW6viuui2Oqmgo/Fd23tQxJJMnFEgmaz0hYn+E --> ssh-ed25519 yg55bA qyqMmtbigot7wP0FuWNQ4mDd6GtSqECCTjf9E5r57HQ -VVYdcCpjGC0TeCoM0r1Ei/kCrYtCN55Kitr5KhyuNXU --> 9"tCN!-grease y p32_~6 -Eer9vu1p9YYXVrYVnRgnlb3htCmnM7sGcbSE9dwLMchbMYnxUNLZ2U9YQscGe4+G -9d1XaRMAKxPmALzNqap3WSbcEZLTmw ---- OfKe6yO+TKKai6mRvprUxhgq5smJqtYMLh1wT26YtlQ -Umt -sCLwǂ^  >EO?C_F \ No newline at end of file +-> ssh-ed25519 nTBfeQ 3cJ44xrQYYOSsoSnC4NB10kGVhVzTLEmsmZ4/bhVDCo +2QfkxWY+dDBD8qiiGsgETyvg5s3rWQk+OKEbz1Y306g +-> ssh-ed25519 ZyUiqQ 7yPOKYPKHW5rv7bhrf9hqVQqiYLhw41p0TcM1Pr9Fgk +NLcSlhWt50oH+TaZQabcuCdsfAli9txSWi09HbZxYB8 +-> ssh-ed25519 7owkuQ 4dtHY/OoysgE1/9E0au9wX2p32SOHaih6LxB0nL2/x8 +u39WtAr4oglV+GejfUaYCPi3UO1clfdtxvWDChABegY +-> ssh-ed25519 yg55bA nz2F//gHxAlroGuILx7saa/G9JKWETygOX0OKkOc72c +YmWCpaNTHONFzv+q+jxKlZ8mZz0PdKRPfRYcmniiTsE +-> }O<\$-grease N9F`H +oIL2uzWF13AsbFs//Qj5sr4jcCKtW/zZTKMKwwOWS8R6zpQ8mXQt127C0aj0v1cY +gjRD6hzIqsFZxHrC0ec +--- 0zFGfhx40IkxMvcyuDZ1aJ9hsIJnoCbpHXmxCPcgbDY +1Zx?wXlI7KlYs^jf{195]dF R 5?=te1>&΋C| \ No newline at end of file diff --git a/nix/secrets/hoot_token.age b/nix/secrets/hoot_token.age index 76995e5c249e96135255cd2e0763d1c7c142aa53..eedb07856f75c4c2fd4d917327749925fb475b6d 100644 GIT binary patch literal 787 zcmZXQ%Zt=@0DxDqQbzIAVkuoV_OfN;xOq%6Ga$<*lX+w^lbK|b-6XKoO!Avd9+S)@ zlgGp^i1gs4Cl9s?+X{*cUKQF)DIP==L8{$tDM%5d7mpr#tJ|yn2fmN*(=AX0z7ftR zGdu9l1);T?poQWZ6h)&VFfoEatB^0zLm)skVCR%Vrh+WME!vv~olSEPW(e!ySR^ED z+?E)$tAN~53mdfM57}vd?xHf;--0_SKkJIPFLJcWkdYQek&pfX)h2o~)2}F-nGwYNW;j8VJfbz9s#OKtj&fS%%Gv+g<`zK=D99&}EOML- z4$8XTv!?@tvBM$RLkP?4#*(SYqtMpI=pe5bWOpm|OszsysYbIrHkF9TFuo-T94>4q zyq7g3%-4VcNcF$AFD}4ED+GE3pfAtwYzx#fBqorsLTpL}81C0Xo@&BnH8ZN{R33;F zjd5l$9ok-OWT1_B^O2aMvs7=?Xr|+ZTLDrE)re2V!Xe+nL|tNMO5UYwrGBgsIN!$d zi9WB@T9tN#v-y#z#9661?3H9qHV$VMi$zGDwiGk1s_DE_kE<5rPCBR)b9A$hr~D*t zMxesbD!?|hZeeuu8EzO+Yo*kUNf9r#f-X6L0OFx_id;eTK{yhEm#FNi&FMOw-g4b>2 u!xInwa2J?<+y85A@ngZ<9{jYr`^&?7$)7LJ?n*cQ-Z}R4)ATbKTzLlu@C|PO delta 496 zcmVXH9~MtZ&Ph|GD%WL zG&xOeGgo&~LpfA;3R*FDYDh{>T6R%RNmX}eZ$>aHaxh9oRz_xLG+`@PFHu1P7wOIC4bT0}=hR#$KRbe)HO)?5c1<%iWixh9 zL~MFTbvR9Pa#0E`EiE8%Z8tAzR(N7jXL3SrZ%%SYa8P zFJ*99e>rCg_k3AUg@6P~)@48@*?v`=8rF$Oasvn!xjKZwFyoV8Yu>GIi(|F zB%jsXIXjmmfe@0{s_iKq0;zmHeNqU8P|~54$03_BL&Aas#$CzMVF&EXxGWVX+EQKv>P=}ne2$1EXKU3Fa{RwH8JL!^JmXC<0AfUUqqTsi z4r{3mDnt!Bj)OClMG+=dA<96r1fr2ERZtMMq7gxCWL#EUuFL9;U`Q!7C!K1WFOTSj zbVJg@Mp$uJ{yMhm%=h%K+?n0i$6PqvG*#NZ@izwYTmER= zP*-uUHdcA-L|b;XXDW7zuNql^vCUgHIPNWC{bki#fiJE-JaRD0)|AIrw)H;Ba4RpU zibjj zN;WG{WOiXgMPpG_3OF)QN_8+VZg*@iI97U7Z)jRGb97QMI5KB5Of*a~L3T|~b8%`~ zQ%zS@lV1TBe@ay}XiG{?bwPMoXg63wPjys6d0}g8XmC?!LSt}NRd!)?GfFZqPcyBH!yKQN>Nu=SXNGAF;PNKaZ*@hNpVY5WJ^jx3N1b$UnXWP zXL4m>b7de+OJg8YVIm?lWo{rxE_FU2d_-&tcxFR4e`r}RP*G6|EiEk|T2gv2aYu7w zQ!!$9LpEhlK~YmpVr@(^O-C?kO)q&+F++25Qb<-YRzXb)h+ArbMW1cVxwp5lUvpTW=iiP|48)rV@(pPy68?uU4x_X-PDNrvL|P# zim-V|-}cGWY3za0ukmVu6a!-i87I0KKx_dZGaoj-*)R;P4c|l`8<;2?IP7jJd#esd zikd-(QO!`Hv(PyqTb}0108k-&s=ou$@S*cT=_^9tFwURiBrFgOPE4%~-!7mCePm!ECoLE7e5^YWw3H@_z+ zxWP_?2?{Erpm=bCYzQI`@!0GN4AE#i2g3cEs0*I3vx(=@4T1up7y>{zPApD&xQQz$Gl@Wp1lvpE!O53Z~OVG+hqyd>*?(m|7lOEwW=8+jyEa3GV zq&DV&tdf{qlVpVXTqC@AC1hb1<#>IVL{vLyl|hOQk(O#jaa$nStius4I@QI9Z}dQe zg}@|0EL3s)7Fh61*W4OrJT>j7cgYD#-p3&)0%hEm}?MBLuk zh!lk{jmt7pA#DlKH81mL4&N{)-4V_}Jxj6>qFgT}gfOU!7~5~nYPp%-7~hm#85t;hnW&akd9HZ2Xsy}+DV@jtf@VwCK*NHc{sR-*D>+clJEB|M_Y2wYR6Le~2GW?!UEkJU#ZqTjk5n{l&}GzwSPH_REf~+vV|& ztve4EzJ4EE-F9hlbW&qJN3WpO0be+?{XM IPIlLS0`nUl1poj5 delta 528 zcmV+r0`L8x2E7E3C0;jgcWZS~AZIHtdU{MzX-IWxbzyZ_P&8I{P*_(+cx`xCIZkGD za#L(LIA%^`cXvZH3Qsj_Q89T;GfiY{cxzH?Zdg-vS}Rd{O+$4_L`F+9F?Kk2G+A~> zSVu)PlV1TBe@9L-MRj*oRdhm5F>p9_IBhUTXl^h_MNl+(PIXy&G;}Z&qqgNl8*`Vn}IWa#T@wF)~&PYfLvnQZ_|eQbBV?aBXiySyoP3a#VA0Z)Z_7 zYeY+FGD~w&Qg2RmWo>CxMP~{vEiE8dF;i_%HghXiQdc!*cz14PQ7}zKb~Q(OVn$;$ zNmwv&e@MrZ7-LH4)j+ zj#@HqmIUJl@QAn*c`V#r5od_%vj|gU;5mkIj);wKi0Z}ZwdFr3IaSb*pF~Pete+Ed zq$u@bw9Y1ILQ%cT2)ta(cE$FNaP(beZCOkDCWrqSyvNPOp73DL1ylTBF`m~J3E$m7 SAP@fjDAoEe?`2ty$WSoEh{;|6 diff --git a/nix/secrets/restic_backblaze_env.age b/nix/secrets/restic_backblaze_env.age index 1c5a33d1f9d979a015fade7f151d4c91f17f7cc9..c8d39238603d95a0838eabf291564d12d903e801 100644 GIT binary patch literal 779 zcmZ9_&8yP}008jIm=KhS;@$>h=A>Y)Nt&;QfwO6wyu5t3jcGF&CTYH!uQqMkCYLFQ zP7(3=o<1KaI}H>M!Wg`{T?7wK2A&4+9fDJM2vAs$aDUFPekFY4VU(sS*w6tSI~QE0(L1=&VaT1Bl7 zSxMN&j3lGHcGOZ6M)K@NOf)SyhyM4Y)h-P5mbsgAtr}jT?30F&1WXoWrei8%m*r3s zg^YMqNNqAj+dDThU4*#`qNCv|<3(#r0g^bl?Uo!VVH8ZaW{jNHi9s6DPMyHCT$=)2 zQyOGuqSW}>TtV#ornw^WZw{t5z9Jd-^iU?Y%_yjsaBOBq2 zc#UEBt`M{ePjO-r;vI^Ur2bf2#em8z4=vMVr~ZIYTs_vtSp(PbiigCsUTJcDE(i^c zX3LrVe#5!6y?UhTWsW&@z^=yk;ICR>xrD)^77KLy0x^;WrG~UIFI}4=jE&lUqwMM9 zP8}kXWi(w5ixI*w7;GpF delta 449 zcmV;y0Y3hV2JZuqC0;jgcWZS~AZ%)6Pi8|_Y&dRMV_H{6S$afGGI2*za#&edct|f% zc}I6aXmM{;OhRf^3VJI?GE{m?FgH$1S66RURBlN*HfVG~M`~zuH)}_AS6NAFHAzEO zO?Y}ylV1TBe`IDwNk(@}Sa>yaY7> ssh-ed25519 7owkuQ q458BCC+1ChqixcO2bMdBMktANq3d3nwzvs8hb9ityM -FjbGE5gA0lvPg0Ybp3WyqrfzmF9b7LsMp24vv/5hRHo --> ssh-ed25519 yg55bA lNCW4DBdwsFxGhw75WAUOTRkbY7ljMilARPNdI4sFTk -zULx2aX+PHxOEPyYfGEJEugaYHUwgBFminlXybrrTSo --> .C(--grease Mk?! JvhX04'M -s8AZa58 ---- Ja48d/9lY/dhamU1RxGqpweLwGI6Y/rr9npilNd9cp4 -eJ#tql DvΎa=uԢ8k&4J4G \ No newline at end of file +-> ssh-ed25519 nTBfeQ xYRX4OrYPpk9cGLUQiRwXhRjEa9q8DPICmZlZzVuFR0 +p7OLGY6D4+baAG4Hw/psfBLxh1o0r5/Eig13xLzYEbk +-> ssh-ed25519 ZyUiqQ h2Rj55VSVJCoCEuRVb84lQOSEu+sQmzD2HYtnQL2nno +/tZcVl63xtgMizeR4XT9TNuEy4PiVzuivBRNeqMCmUk +-> ssh-ed25519 7owkuQ tmDWdoTuklKcXo/dBfnkDPhU/qiZwvuxhOPoTg0vrGQ ++IpHJVmei6KG+Z1zs9jHP6lZ3V8o2PzeNNEWIZ9O078 +-> ssh-ed25519 yg55bA tnZhRsP6q2a20CnwwAKkJhYcDbJZqneNW00XsohhKHw +D3K1r1EStIR/3yOSZgbC5NHzxWTqnP9Sek7EXMsR0qg +-> R1{-grease z'2CN;N H~68M@*y K.[c- DJ2t +WH616XCC0SyYSpUIzT/43oOUqIfFrYTS8QOJnuvImqYxqGCBISsYfQ +--- OweZPMHb12leVVGJ5jEQcpe7AfKcxIgEh7jihDBCDi0 +wGxE艓DB%[M^ܔTNy)}HREu <7p} \ No newline at end of file diff --git a/nix/secrets/restic_backblaze_repo.age b/nix/secrets/restic_backblaze_repo.age index 167e78cd3acf345c47547dbded638d616e0c64d7..bf1bb3029d276ae75b99f4da4429dc0b6828d52b 100644 GIT binary patch literal 707 zcmZ9_JB!l*007{{DIVx14nh#_9BNI|HchJ{m!xTvOOvK~r-+&~Y2Hbjv`teHTm?Pw zCgCO#U(+ov3c83KI5`PUhae(?i-MpasOx=y;4>V%Y{#Rtn9RH+K9{5pw19!~B{0j} zvTaon1a5(`gpch3Sk+>L6!1VSV4a&1C^QeT@sNolmqCXetljd-2~VkFNhE<;%Xdpk z%`ZW7wYfrZxP>lJ#tZ7>A<+oUsD-uy78%p&B00Pb3)!3g+sp;yEtJCbrmpQ6xS5F& zT9IOx>SgUQiI9QP9?^?@e-YX`R*~S)VS(17G0rryCyp=! zqL&jqN^7IQ;d8>{VrgrI$yPg}%{XpmhquB(5EBDgQTJJoMrsZ;h$};0b1DtKLdCL` zJa&+_Voofvi&zw?CYIPYT}B*@>s$S9#WPrq3!`RG zwfRzg<>^}8&GcqxR`>%Akmw$kB>_+_mqEwSwTa@hCXNTZI;Y7&K>ETUc0I(XH^W&Y zf=3aL+5$fSKI|}?LZp1V`*UOM*^iU*?a8BiujbnB<>p8J)BW@5t>x>dZ`N(yJn`}! z@bKWyleII)&z|1i+rRQ>_gM2_`}1@4`r8M;U!2pmbC0#dfcWZS~AZ0~EX-j%cQcW~PR&+#9ZgOQuHg!cfZbNBpVJ~t< zXHI2iNLFl6Pk4EA3Tk3?Q#3+&Phn+vd2e?|D=SZFHFHZzYEVjbNNi?JR!mr8azrpj zT6$QMUI7??cX@PLPfa;fax!*hdO|o*ad${)VrOY@Y+*DuRb??`Z#GwHdTUl$Lq=5! zNJw)^NNR3QG+}ZyaY{``Qfy5*Gh}f`cQZm`S3*u}a!F1?bu%|;H&IavEj}P~RA)hF zRA?<{a%Ew2Wgt%=b0>9i3U5b8T695DFfn&HOnGO2aydhEXH0EGPc~RcPhv<>Wl(T0 zPEKr3Sz<_6QA9E@buedQaw|}8PDgA+ZedO^GHMDkK?*G`Eg&yzFH=xQK~XeqG)q!2 zPgPS)c1~<%Z%s>4OmIvwX*n-BFgY(nD{^U2Q3{4)Y{&s+2H`-%a@^ub#ZcPD>l5i6 z4U_IkF=M!FGw&r)p>>Fd%$WSNQ;`xT!YR!ux0i9`JkXGGMCG~ZsBi5#cxHR9%bq;l c_ofBGRCGjPGVSg=2Et8?loNmej`31f$tdTau>b%7 diff --git a/nix/secrets/restic_four_pwd.age b/nix/secrets/restic_four_pwd.age index 46b980de..4ee3e707 100644 --- a/nix/secrets/restic_four_pwd.age +++ b/nix/secrets/restic_four_pwd.age @@ -1,10 +1,15 @@ age-encryption.org/v1 --> ssh-ed25519 7owkuQ /LOUFKCJMDbwGmRbKmtA5YibEwXaC+bn3qzr2G5PNjU -8sFd/TH7CotBpgE9IcBUjpl1HQDoVWcBnKMs+65yWFM --> ssh-ed25519 yg55bA zfExS48sAVvVfmhoNjrqu7b6YBPF8Nj+Uz7LyAswexk -0m8ezLoCMw71c+HlEDgNA/V1IZeMsWu5MV+fvQEKsRA --> .5;c~,-grease M^}>kjw ;yYsB Z 1}Z@jDzv -2ZhEqtWhM/7boxsNVSQHc+eDs41VyWaj3JoyYPBdQf1Gm9OVToKAfM03EuTYKvGk -IgoyvRNeEsXRJA3gnApmlQC/gGsaR/bMs+/sDuZzsNpMo7cFjPcfQZ+TM3A ---- ACmisGCqSllpxxoCa1FKK79Jmf1TjNCcQe+ouccHttA -mm5f}r._%) 7G~}{ {oubN3@>V4:?, \ No newline at end of file +-> ssh-ed25519 nTBfeQ 8yNiMOP51a5F2mCuzSneDvzpd0lQlhcTthPJD1w8wmU +ZqVBEPtp8fK8fDe2F+770IaLQEJwf01ZX/ulf3xgwv0 +-> ssh-ed25519 ZyUiqQ hPTlrVUyC2iaK3XPNzoai6N81Vz1Mj/orj52HKLkals +dHiCnS4xtZ629UEfBhwQSD3HkRSALlDiYvyGGHmId34 +-> ssh-ed25519 7owkuQ dsMfFPbgmw+UYPbxBwMLuEGYB6oHONmd2R/h/mNwOA4 +bG6H71GHvhbobO/ZJ68Ihjf6YNV/W3Sq20PKBJjZyZ0 +-> ssh-ed25519 yg55bA 4c2vfb/3g5i4Icyyt2N2gbmzhlQO8HaYXU2jlqvC4nI +OFircIZDn9obQy0YBGtgDHTrUXOQwJfoYd0NWCbdlew +-> X~BYJa-grease +932lkfqsrPbCP9Td6KqW3cKp6gRsWZnfubh4ZXCI/kRUc+PylxlWqe0iTICABhDh +elZgTS7J+aTq9gi3hkqhdaLpPOX/QOwtfhsOxwxk8s9uvH1W1ZC+50YnCvN5s0Ed +LmVf +--- 18jrvwH6KppTpYHtfQV4sgw9xAN8bv6rbx+bDfvtQG4 +E5A޳xRJw|CYR-"Q3s;g]V \ No newline at end of file diff --git a/nix/secrets/restic_sgbk_pwd.age b/nix/secrets/restic_sgbk_pwd.age index 04cd71dc..27340ab6 100644 --- a/nix/secrets/restic_sgbk_pwd.age +++ b/nix/secrets/restic_sgbk_pwd.age @@ -1,10 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 7owkuQ 4qJGfzwkiTLxMp29ap8xS4Yrr4v5+WuEgR2l6kk1u3g -/ez+z5soKOZJYd1ETWcZ9WwGQkcI4hdOhS63oshjBWM --> ssh-ed25519 yg55bA is0cfph0fc3Yd4btpE4+HqN9YWWlkkQ9hj0LDtkCPwQ -K3zdjEN3dlTaticQtVi774mQOM1KUg+dk0JvjQxctnk --> zou8qv-grease $$C.n1_ # -N5iTy0ERftclPNDFgpa4ClqGCIvTDIKj03Iyzy+az2l3bs8MXUS/4hqh+uDCW3GG -t4gL59TG ---- U3g4gGvkEQKWkM6gMEA3AFK9y5y4i7jnoNWb7xgDqeo -(}A2t80_s#5kˀ|A&p@F#p \ No newline at end of file +-> ssh-ed25519 nTBfeQ fLqwnaqUg6u5ZOfyh8YazaTc3y4SbLdOlRqGu8YBB30 +5GX8Mdx4qNjky/vyj+kNiX6qYQ0yhSDkH2IoOD65HD4 +-> ssh-ed25519 ZyUiqQ B9NDw4wOxJkLuFdxZudRq6L8aHrQGbcelgZpoboKoFU +6EuyHAvpLMMLqh+vJPlk0n32plTY9Xo8htD+JtPx+kk +-> ssh-ed25519 7owkuQ dejzOKIT1WdFLhz3Vv+59qAGzxMQrbulDIZPD96s208 +SIJbP02K7zDH29ENUN4yAqV6uF98cqNyln8MGjhfkVk +-> ssh-ed25519 yg55bA pgBG1vxcCd7vEAb0Vrjihh1dvtaxItRH5hSfTPnCfW4 +kCPyQC50h+7Rl/VpT6jRe5EAooldeTlYLmku12XcTfU +-> O-grease 6#-10S F}iD% B C5 +Tr7yMxSUz768IoZd3LXpUBBkNUoedMoc6pmjW9p4/DA+k/ZImucMKOb6r2PiNHsq +HQ +--- UC6MQN5WHGlJSvNaKmT+JRgNXxhlnTxl3pHD71Wk5LE +d5`M"+3ʤΰ G x6VX?Ik \ No newline at end of file diff --git a/nix/secrets/sgbk_pwd.age b/nix/secrets/sgbk_pwd.age index 58602dda..571f0d92 100644 --- a/nix/secrets/sgbk_pwd.age +++ b/nix/secrets/sgbk_pwd.age @@ -1,10 +1,15 @@ age-encryption.org/v1 --> ssh-ed25519 7owkuQ rAj9h0wtf1gsdtlvGDmaxdHjRreUyfRpZBNnI01edhY -jCTGmhWgEy3BPdWQdv7goL0Vd2obIdRFn1HHApQdIpI --> ssh-ed25519 yg55bA 9oZRoMwVSR5W7gFufctfhQcrunzGABm0eY5Zrd30CHw -10sx6yDe/qhGSo7yfJi33bqrilLE5BBMjLuw46xZ/xo --> 6<-grease # $q0gf& d+*Zn G7~` -4wM1yc2zThJt4kjBR5Evb0sKVQTk+2/UxCyRclcj+c5WoFnZAUkweu5J9NKKZZY1 -eQDsxMy2VTCwKH21kt6GMThqd8uFLWlNIG8Rd+p1UQ ---- 4ITweNL+AK2o11O1NyophxQQsMYL4Lu6iBedFz9c7TE -BQe~n bʙk86q}gې+c;]ɣK \ No newline at end of file +-> ssh-ed25519 nTBfeQ s6oUHRmEDFfQXHeWgY9yBW0cmlv+ENPlsxzGgW+wAk0 +4suqt6lni02TBamKIpWC723J28aFOGTp5qw42cRvqYI +-> ssh-ed25519 ZyUiqQ GSErVDSe4XIt7Cx+jU6WrjpDjAzTKGSctIuGrK2WO1o +HxH/ImrXkWyEZjKz9gANik8KZfvKK+3k/WbOJvAjePY +-> ssh-ed25519 7owkuQ DedysxFLWmyahD8ujHdVcOjM5y/NNIOwq6QEiZ4spyU +Wwon12tO1EKSU7nNRo+YlzEKiExmx+YyB7O4bRcn1yg +-> ssh-ed25519 yg55bA QFgvGQsLu06oheQlR1rF7+yJG7wjzDoH0iE27db6NGw +n0jpYlseub9UmDjQEAIsu783/et8WxkTQTt4H11NiSs +-> ]5bBX@t-grease !.%UJT +uYUsUyj5hkL98AYwYjYs6neHlyJEoun2v2W6u1L3CkBrP5apOxNdgC/cB0NIQNpv +JsntXprw/iw3Ywm+BXwm +--- x0YZBFKNBhvyERkXSNvgZMT4VhYg/WkvOuQxpVWZbV8 + g5T38R'@wzz,^ԑ +>FCA], \ No newline at end of file diff --git a/nix/secrets/sshconfig.age b/nix/secrets/sshconfig.age index 7ddfaa729802317936df00a56733db93f554ede4..881d53984d552419efdd4e8f5f700ed937582125 100644 GIT binary patch literal 1052 zcmZ9|`)?Bk007_+B4Eh`8B>ESo{KJHUDx*dxE_oxU7y$MwY|QsJw)mC9_`)QyY{ZV z-dI9}DPdD#L~s}l8wd+(Vi1inu<2ryFvtePN1PDQWD6M~bI~}7k(l`7{(>+0G8|)I zirKOzDS5HjE|xiC)vPmg0$jCnUqDXhH{~z zg@eOJR!b9b)NGN2UPq$j%j(!fHpp09G;DHv{HBbtRz>nEE=5Q_t#pS%R>2yN_?$U} z&Ox`OAzSfjuCs^aLDLk;W`s&&b;$?ws~&EQELolfVqcP7xx`~bZ)-oth?9{N`rmkeC_x#NRia-2Upl zO^fxH4+$;eWMyh_Z6h(U0pHrXr?U`-pwVoXW9Wx-AN3yz?mdkyFVZIS{6EzB!|eW5 z3+d9&O*zH{6@2y|Y#A()jL!g+KaFTz$La z0@%6fgzo(xuWVUIE%bJL{>1Ux?}y{JUl;j?{8Kl7nxE4>Ceux=?c-Y?E=>$AS?-LM z?(*o!2(f|G&6Efb~QzDMmcjuVPbZ8OF4L2HdaqgdS^jTVpUm4P-9VN zQ$=Y(lV1TBe@=2WPDwUIYiVqAOKnzSRdQB(Vq{`OK{HKJG-@?gLuxB?MlWJed2wfR z3Px0UM>8^GcUVnYP;FsNQ)y*tWlC#pH#TlnOEgMYM|xvHIYM!DdN65k3N1b$d@Evm zFECj~FMbL*Id3;sbuv^=e_2;KV|qa8-Il zc1l7ubW$=!c{gfsYg$S;Ic-&LXKq4uLugQ8W@=S3W^!tBFlItGR0=IEEg*DAZC5Ka zdU8-ye`{(+YHvz8Lrq$FcU4zpNLNBcd1^OLLQ--=Vo7;NHdzV}BF(#qn~7z{U=m2! z??%>vuWJ25E%1!E#w$kZ=lrXY0FhO9R(0Z-$X7eUOgRWtcI1Du6l{V0ncSG8g0)v zP?tuj4kXb)PBfo>R0(_wvEB}3AGc$fduVZH`8$wc^n8O@g$MzRqG^OVSYcXg1!Lx@ z+w{sfN5cSe;*)RkH41geCL2I#pdxF}JN{8|u+#NiHzu$7cH#&u1LO_0PuNwaeASqP jKsxW2#{=F|ym+5pI&}Ud8a_nKNSG(nS>N!eUD(Jvv{FTu diff --git a/nix/secrets/two_pwd.age b/nix/secrets/two_pwd.age index 54ff2e64..3b2fcfa1 100644 --- a/nix/secrets/two_pwd.age +++ b/nix/secrets/two_pwd.age @@ -1,10 +1,13 @@ age-encryption.org/v1 --> ssh-ed25519 7owkuQ 19/isGgYZjRCPON85JEAYTaM766DiIvvFaaoijZivxU -OE/HYTXVW4JMx7naMAORiYfQXyfrJEuegco97PBlfs4 --> ssh-ed25519 yg55bA qsSTyN6LX3FPcfS9Mo0zZFxlv8bN+tSm3kfr7JInzE8 -OUNksovVTZjecBLo2G2EksGl/f1qMfCv2IKcgWWc7hA --> 8~-grease ^ -TtU/CcXzUV6vxDjnnSs4UHT0skFZdOOGAPZ54XYS9VI5qD5zYPdxlt4Xs293QALL -+EYnfX/02ga1Xik2diAn2/pefStizBztyrqZ6n4ZSFwbYlg66WmG7y+mW+M ---- skqsOtKqWNBNuPKITV3vEQp27npkPn8DmVvT98XFnTw -s2[>m虠JHO[{=ʆ{`sjw: 4);vRp F{9TX< \ No newline at end of file +-> ssh-ed25519 nTBfeQ 3koSzAro+n4LxSdup9/PluT77oO5nU6/VX0koWicMR0 +xws/hbp3yT2L/BOzulIKHPwPJI328axZiuxTw5HERNU +-> ssh-ed25519 ZyUiqQ +oB3JFPfKcsPoIbunaLDouBPrKHAFuIu4/U3NbOhM3A +ByJzsXtZYMajbLIpy0qL/d7x1mP6d9em/7J7tQK/yGI +-> ssh-ed25519 7owkuQ 5efBQm6io/0wx1jFr/n5cO7xT9VL9fSPyBcKdWJGAnU +R0c7uckpn1RnZfiYJzrW4eJ1AdeMqDi9aN/L7GHVn2I +-> ssh-ed25519 yg55bA T0Ei5TtuEKCe1SPrXB4IwrSQSpj7SMNDPzT0NqYVbUc +DQt2YH7jagUBH5lRZhAeHfsq9ttTAhKlzVA51/4uu+4 +-> l8FHd2t-grease 7PpUu4 [%p}'4 +p3shnCQw0c1yPA +--- dDfzulZ/6DescfUw4FzskkrFrMpvNUYX2zU3ds3senM + RQ[-o̮?CfR-{y5bL-P/eSOIr Z { \ No newline at end of file diff --git a/nix/secrets/typst-bot_token.age b/nix/secrets/typst-bot_token.age index da1052de38e996ea8c0c0dba00fb6f45d5f64624..1f6b7cefb30e3c76c24183bb5185ba77d43fb1a3 100644 GIT binary patch literal 740 zcmZ9`OKZ~r003a|7{r6@ATlt5j7jYBXw#+$YSONcv}v34l|+~{X_6*s+Ps?A$q61j zD1r#?;7P%MpfHfZ*uf_rL@hq*Kbs8oNqVeA1$nwkG7EM%^HR z8N}PoVQZAteY!8IWWlJywv(V;hi4sLPZ!N}QcA0+H1rN@V%*go7R&@`jP1Kk&ak?e z%34&=CPK%R+d{xZlf?1_h#g4T&df9cd5nwI3h6q6V8^A3(<}ywKcMqWO%)V3^h~*L zrv(~@@#VX#a$io>b^*BnQ<( z0THJbRtyz*Ml}0262}G3=Yk9=0}MfpV3jM!WfU@MUc^J3$z%}L@uh0Ss)26}(li%l zx{~}~!&aA4|4su>0aqe$Nd&PAjGKT(Q8=q!>H-yAhd5GYJPhGtf;1#oAo>aHLLu2$ zRZFd2Awl4*s^uuOQEJfT732gWR0^~W&*B@Xim+{C z5=(B6wwqzXb%t3*PMBeoBXGnbfmizGiz91$Pj~M8W|n_!%^x4^9F^xAf5flc zbL*c%mAGR-lIYn-qJn`_^!SZ+Jd_;2JuDo5j*ydC0;jgcWZS~AWLyib#GxtLqb<+P*HbbM^`yWY*aRz`DbIZSwS3Q}TKQAJWvQ$j~*T5(EPOHwsLGC68&IYMK4HCAIwNpM7Sc{xsW zHaRy@lV1TBe{oiCHZM*yHZ^%pa8Ff3WNKAHYNRZC|}NqBHkH7ibVSxr|tGEh@jWJ^$PdPYY%MsasIL^U#Lb#G!c3N1b$buDLd zWnpt=ASxhoS$=pZN^~G~b6_bZSxX9PN_cKdW@BPBe^EwucWhC0D>P$daZG1oMK*IV zW^+L|YePkNGIe1wD>5(&EiEk|ZBuqgc2jv!Z&hVWI`F~2A0=R~BCM97-e1XnM3*&TJe27jT5 diff --git a/nix/secrets/wpa_password.age b/nix/secrets/wpa_password.age index 805ead8d7f71ee66b2043c2481d39bc92dad0fb3..42bdf24d0b2b0eca35b3b98dce8f7660781f43c1 100644 GIT binary patch literal 957 zcmZ9_>uVbY003|%x=CUMWqz>w;h@-!-O}76_sCW|F1cKi%j0s%T^=V+F3G)e$z5`J z$Ej6Q>nNAsK&B~UEQR;YxHm{v>NxJiA{ zXz+j*U`%3wHRGa+QvxdMnFwQ57`bN_C@dHkGJ|N3jYo1cZ@L^j&2nY49&D5is}mkL zF>iwe>9EbU%9##S?Ufqc6a*Vc$hUDL?5^47fp#C%VXt2e*BDI`*l2_oe1z)PB`%R5 z$N-rF?TW8eC(}a66$sOaW%Gn&Vql37DIE2|bt{*{Q(UJ*R6?j)tt%2*Xo1?st*>EN zkpg6%tPiS4IzVt#IuL}*v4{h)ZMaeI>M@2)Nd-7lr=v7qpKKV=Gm-5N zSeEamJB~w2ZM55=svI3DLNp$)HviwGr#zaY$V~+Z?*$6-4t!hD6^KOqU5t%2bOx>V z;xMCRn4(>yAxAS}e%6e6>%{~Q8kM5m$6>;2F81gtpU0sSA}DzBsboDh`$*gkfC zdU1Cwe`ERVtE=-D^iL}b6ZxNhcJI28J?-Avc;WKMxOx4>vmMdD@cFjk{B|Tu921|w aKOA2;_V(}d?mNFtt-VX0ngo`w7XAac`(!Er delta 673 zcmV;S0$%;S2h9bLC0;jgcWZS~AY@o`MomgDP)=%UZ!2V4N?J{ANHujaNMTE1PGxjC zXLxFPdUI4OWH4?x3PN@;Mk_W;V=yvma&L8OZfb7dfHC@3IJNk(`eOKw;r3QJQ;YGz0@H+5lGe`9b?Z*etgI9D=ORBvH5XHaQ+ zR(Ux~c2##qVnR|(cTG1>VQqF{bTe9ca9MOVIWTcWLo*6)VNYi>MLA@5bZ$8@Q3@?B zEg)ujXGAeIRCH2kL03{|b#5zeb#6ydSV~rBY8C8~O-%f03@NrQ9Q@q??5By>dkT#L45L*{g~ed2xZ=?rQey+cy;zxv-jF zX@Q2dDJsq^(LgAX(8az*1%7ttG~WDusyuGz@r#0IixHH;vRL}c5IjFq`j$bi@vQ}N zLO>Q^u4p4u?tQ_E)C`2ZRi3M7J^RfDVnnhye*_vL_v=M9zH5bQn3ZF!cH!g>ADgX+ zl&~qgs6=v!gv`Mj0fOENN_25F@sfBAin9eh3c^7*;3=n9VxV6W-u>fQ-0;s>v%8In zKK@&@#QIRbRfn`CpzHIrmr_z;@v-30Q+4ML1UIp`<$N_=YfZwTOcEOf^IgT)SN Date: Sat, 1 Nov 2025 18:19:35 +0800 Subject: [PATCH 06/32] README: document how to install for raspberry pi --- README.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/README.md b/README.md index 402fc97f..7da3091b 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,23 @@ This repo is managed with Nix + GNU stow # profit ``` +## Installation for Raspberry Pi +Raspberry Pi uses the same configuration as the installer. +The `(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")` allows this. + +- Build the image `nixosConfigurations..config.system.build.sdImage`. + Disable stuff like Lix to build this. + You might want to use raw password once so you don't have agenix decryption + problem while trying to have wpa_supplicant have the right passwords. + +- Burn the image to the sd card. + ```bash + zstdcat result/sd-image/nixos-image-sd-card--aarch64-linux.img.zst | + doas dd of=/dev/sdb status=progress + ``` + +- profit + # Pitfalls ## `users.mutableUsers` NEVER set this to true without declaratively setting the passwords. From 92584fda31b354a80d3ac5a7a6d238f914bf36eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sat, 1 Nov 2025 18:50:55 +0800 Subject: [PATCH 07/32] nix/identities: add hydrogen --- nix/identities.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nix/identities.nix b/nix/identities.nix index e5789111..9e94fd65 100644 --- a/nix/identities.nix +++ b/nix/identities.nix @@ -4,7 +4,7 @@ root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDc55vENX+13c4s2w7zjTb8T/AnBnTi96yRC5+fy7Z2A root@vanadium"; }; hydrogen = { - leana = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGILsk4f+Z3Dn1IBtAKwpQPBMO88LT/QnONYhSmH3kUm leana@hydrogen"; - root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMUqY9QNsUImaSRHR+jS04ffDtofPSwb1vHoBAoaoju root@hydrogen"; + leana = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEXzNdCA0zZ+WmeKZnhQSQtUcxnQhhDl59E3BPQfLj7Q leana@hydrogen"; + root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIMVDmEt/12u9U4QGDZBx/Sx8itzqfQ4zWJvcC3pRZqP root@hydrogen"; }; } From 0220caac8812c48d5cacca4edb6815e2c2b21882 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sat, 1 Nov 2025 18:51:19 +0800 Subject: [PATCH 08/32] agenix: rekey --- nix/secrets/four_pwd.age | 26 +++++++++++----------- nix/secrets/hoot_token.age | Bin 787 -> 749 bytes nix/secrets/iambconfig.age | Bin 1066 -> 1054 bytes nix/secrets/parrot_token.age | Bin 800 -> 813 bytes nix/secrets/restic_backblaze_env.age | Bin 779 -> 695 bytes nix/secrets/restic_backblaze_pwd.age | 25 ++++++++++----------- nix/secrets/restic_backblaze_repo.age | 27 +++++++++++------------ nix/secrets/restic_four_pwd.age | 27 +++++++++++------------ nix/secrets/restic_sgbk_pwd.age | 26 +++++++++++----------- nix/secrets/sgbk_pwd.age | 27 +++++++++++------------ nix/secrets/sshconfig.age | 30 +++++++++++++------------- nix/secrets/two_pwd.age | 25 ++++++++++----------- nix/secrets/typst-bot_token.age | Bin 740 -> 776 bytes nix/secrets/wpa_password.age | Bin 957 -> 867 bytes 14 files changed, 106 insertions(+), 107 deletions(-) diff --git a/nix/secrets/four_pwd.age b/nix/secrets/four_pwd.age index 03151a9d..cb33568c 100644 --- a/nix/secrets/four_pwd.age +++ b/nix/secrets/four_pwd.age @@ -1,14 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 nTBfeQ 3cJ44xrQYYOSsoSnC4NB10kGVhVzTLEmsmZ4/bhVDCo -2QfkxWY+dDBD8qiiGsgETyvg5s3rWQk+OKEbz1Y306g --> ssh-ed25519 ZyUiqQ 7yPOKYPKHW5rv7bhrf9hqVQqiYLhw41p0TcM1Pr9Fgk -NLcSlhWt50oH+TaZQabcuCdsfAli9txSWi09HbZxYB8 --> ssh-ed25519 7owkuQ 4dtHY/OoysgE1/9E0au9wX2p32SOHaih6LxB0nL2/x8 -u39WtAr4oglV+GejfUaYCPi3UO1clfdtxvWDChABegY --> ssh-ed25519 yg55bA nz2F//gHxAlroGuILx7saa/G9JKWETygOX0OKkOc72c -YmWCpaNTHONFzv+q+jxKlZ8mZz0PdKRPfRYcmniiTsE --> }O<\$-grease N9F`H -oIL2uzWF13AsbFs//Qj5sr4jcCKtW/zZTKMKwwOWS8R6zpQ8mXQt127C0aj0v1cY -gjRD6hzIqsFZxHrC0ec ---- 0zFGfhx40IkxMvcyuDZ1aJ9hsIJnoCbpHXmxCPcgbDY -1Zx?wXlI7KlYs^jf{195]dF R 5?=te1>&΋C| \ No newline at end of file +-> ssh-ed25519 0LL3PQ pZvOUiznF408OPkjuasLZmbQZLS5RuRJwVucLpTe2xQ +OgLqiLgT/4Df13l2l2CdsYnMUZSmfh3xZWb3k0ALjdY +-> ssh-ed25519 0dJ6Mg SzGIUfJrv6L09LhVbzMvvaSpP4Cwr6hFFNbcCH6RO3E +jsFof9xMH73XPH/PWv//j9Fc0MPTSwwwIyNzdXd8FxM +-> ssh-ed25519 7owkuQ xtSm22EfAFkscUZ3r69V+S3guCJJu0KjXtWcE+Tv1S4 +13QkwIuZFMz1zIrWRZUfOzPVmc2eK56ruBgUD8lK+aE +-> ssh-ed25519 yg55bA 9ie4rBiJfwrUg/952DPXOY6sHFeTf8Os3bwJ8ZBphFg +PAuEQKfravJxYejS10EgB7aR+pwadl+zVtG57UGj6rA +-> p-grease TV+^qU1F ^'dkwO+: UF.{ e#KV!IV +/ASx0x3SOZzaktns0hYlSYnTzOkfn3SPaiPNbYGuSnzTSzcPEjUBTGAuk7/u7g95 +o8M5T14bFx1Mqyk +--- XGK2yNNL5UzmgLZiQvOK0jB13HiioVOHGzAwzVte7no + )7dYФ?GgYĴlr4E0]DpuD3t E&Ԕx!}I ot]KQd \ No newline at end of file diff --git a/nix/secrets/hoot_token.age b/nix/secrets/hoot_token.age index eedb07856f75c4c2fd4d917327749925fb475b6d..dce00a0828fa539f93deecbebec157e2197de39f 100644 GIT binary patch delta 685 zcmWmAOKZ~r003YF=ON-rVFNuBbSeuaNt-kYh%9Z=HeDWV+BI!=7)_g`O_QZb+NSAY zJ-CCQhq-|aK^R_iI420YgQDBPvky?2f(pB+IPrl99)|e+gm3xK-pJzk5azgOHW$J@ z2V`QTihwO#)I88};{&Y}t+;7fFi{Sdqa7bbWyVU{0AsMdX3mgfNgC^u0d32E-SrUJ zEcBH*zQJc4$InsiL6qi!@cEGEHNt8=f?)_5g6o+WuZMWWcj0)Xr@OqCf~ah)CEE~= zw%i8cz!_2!dDxRGbT_L-86YR)NzNzp(qps&rT zPR6kCN|7`z7N`;eXRw1QHYsRitQv@wOfAzjx;}+8=NON&1{zn*1zg(m|1X{L{jlz; zRZk5;6ToyQp!Jvv%A)O*{tEToE zfz6e2f!_wIX(Sba>M8@GU_Fv$nk7!muslytKsX!@DHu_i;;R^BW6@4WFGGTqLk2ae zz+z2kAon6*T=1(@pDGf7=^~_u8n=3Vg8QYoc(a)<E7zbKfww47ytkO literal 787 zcmZXQ%Zt=@0DxDqQbzIAVkuoV_OfN;xOq%6Ga$<*lX+w^lbK|b-6XKoO!Avd9+S)@ zlgGp^i1gs4Cl9s?+X{*cUKQF)DIP==L8{$tDM%5d7mpr#tJ|yn2fmN*(=AX0z7ftR zGdu9l1);T?poQWZ6h)&VFfoEatB^0zLm)skVCR%Vrh+WME!vv~olSEPW(e!ySR^ED z+?E)$tAN~53mdfM57}vd?xHf;--0_SKkJIPFLJcWkdYQek&pfX)h2o~)2}F-nGwYNW;j8VJfbz9s#OKtj&fS%%Gv+g<`zK=D99&}EOML- z4$8XTv!?@tvBM$RLkP?4#*(SYqtMpI=pe5bWOpm|OszsysYbIrHkF9TFuo-T94>4q zyq7g3%-4VcNcF$AFD}4ED+GE3pfAtwYzx#fBqorsLTpL}81C0Xo@&BnH8ZN{R33;F zjd5l$9ok-OWT1_B^O2aMvs7=?Xr|+ZTLDrE)re2V!Xe+nL|tNMO5UYwrGBgsIN!$d zi9WB@T9tN#v-y#z#9661?3H9qHV$VMi$zGDwiGk1s_DE_kE<5rPCBR)b9A$hr~D*t zMxesbD!?|hZeeuu8EzO+Yo*kUNf9r#f-X6L0OFx_id;eTK{yhEm#FNi&FMOw-g4b>2 u!xInwa2J?<+y85A@ngZ<9{jYr`^&?7$)7LJ?n*cQ-Z}R4)ATbKTzLlu@C|PO diff --git a/nix/secrets/iambconfig.age b/nix/secrets/iambconfig.age index 83f44048717f9244e8ca3ac2471bdb0a94e94082..707377f3cd7fcbb756c8b4ad92f88701d30481ba 100644 GIT binary patch delta 993 zcmV<710MXU2%ZR#C4VqXOfyhXAVq6oa%C|=YfNHnSy3@BbVF@2c5Y%YdPO*9b4Ex- zX*MuLXe%>BLP0`j3RgLGXjC*cI50_dGFeMZNH1hWMr1^6F+^EVWLj%+OIAlYPB2Mm zH)mQ!3N1b$b8~1dWn?lnH8D9LFl0(LO=lolXEsY}GEqcBI8AP5Vl^~mMmKkPOId1b zV^C&nSVA*KMQv9rS~xLdQ)@5^OgB+SYFBqLY;;*#YHw3?Nke*VOL}8YMqzPqD{*u% zNN99dL{&3Uc12Z@@fTNEa8YkkHh3~ZMpATlLseFBPjN4EW^+z3SUF~HQ*LirYD#xW zYEfY}XKM;|Z#ijCR!}iaGEO#ZM`BAaWHD@bOiD9uZfZtSWp8*vZaG+JL1$5MO*E5V z0T+KYOGR>QFH3MzST|ZoFEVv6Qgl~DI8kLyc|~PQRbostHE?QKMMHQ&QB?|AN<%Pl zD|0wyW@>kHc{EI8c2jmQZA4Icb67D$D>+11d1z;0HfVNsS3wFbJ|HPwaZ+O~XL4m> zb7deSBp`QDATnxUM{a64Zy-%kZE_`53UhyFHB&N7F+o*SHhD62dQW9DOfh9yN?0&M zXhAnKW@j)}NqJ~>L`p+KOfqXYMo3|FNK;I9b}vO(N^L?xMG7q~Eg(aARb*yDX=*_; zXlrXnNJ=m?b4gM~MKCx-Z#85$Ph@XnRC9P$L~uD-Gz!(|xKh+xeG9w0(*LP(QR{!0 z>myUMQMZVl**r1)Cp~>ybNCYIk)%J($lZA;c4kolh0dorWB z92BkByVbF@bHjXoIMlU>N_-%TMS(hx6NBZ>sY~5WzO1Z;1yN3ugmDGtHtNW*doCkE zNs%~Pv`6_$d0oK6LR!sf=xU_0^Fx1g;JI=9#$3c2o3yJf`LG{<*2d=VVh0F6X*jQ; z*N8>)6mU!abD~u!uMSNfn(W>FRJ()$TnaDfM9)T8)E?M!F8N)na=$Rw7`-%raX`N9 zLel;sr?!#xx(38i3|1o#((`wfKb$A3my=s{WC=0RYejr?6gdUAAbSVy_K|;JO$kQ$ z%j7tP3$;e;_&cZj_W`oZnnH^qjYKEyx7K3+D|}1QI;GDF^c>YMOBB7WoUU*&npPz- zl20Xv=q-_88#0wW`C1tZkqlN3GU>Ra(K2{7Ux$ommzEUyCe^ALdE4{bQipZg;KpGa zqlm(BZJ~Ugzb^T2#~vn|#ttnzg2zskBGh>!7;JhC4X*ILS|)AAZ1rsS5r4cdPi?obVFh@R5vzwM0rhOaA<01WNBW@fTNAFEA@GMQ}|*R5eX;D@9^qPE~L?GiG5mYHMvtX<2MoH*IJy zVMJ+6YE24tH)M2ePd6}EWLRiUNJ%qFI7U%NF?wZJFi~u4ZgyH@FGN9fF;Y%bFL#q) z0T+KsS8Y^lQCBl%H*+?2GGbFiLsCU~VtFxmWpXu1Vl`1>cSliYN?LI%ZcPepH)Bmu zRdO^zK{;huY;Qz2c4>E4Z%$8hVMjt?b3=GzR%}vvR7*upGEE9CJ|HnKbS-CcWnpt= zAUR4xAwnr2U@A#SDQGhaG(~A?H+5H1Gi!fQIBHi%VrNb{LozlvHE2RpLTq*`N@ZD7 zO)^DyMoKSgHZV|eSV2@{dO1dRbTn~NXKZIHYYJFLM>RoLS5Y~0NjO4fV^MHaYYHtb zEg)2CNlbD`LpN_PMP+F+OleG5cWQD=T5@`NH$_otF>zx~Zdzz!Zc9W%Q3_Wn(@TFO zu}(-Z2EHIeWjeN2Tq_NWY@3-jcIpBz!sWw>S^jKb4z8Sc(CWi*A!f0$&4v}r`Gn{? z_8xt$PS$Y|S&T+b{)Unx;!lHvwcHKaXt(XBD~lF9e%1m)FVe^_{_9^iOvNJ=?ViZs zL%|3q*-+D|Yb4Y`yVFgi{Y!777#CRl!;f+x>)Lh)#Q+r{R(Sw&aNWXufw9QMh56cvBH0Q`x^ z1fS&H$NgA(jimVH+bE!Aw1qs;5ncxAWi@0{?mGo47UwB$7~+smcm0jgZj^Ez!r?bb z3=aiX=j2JG6eANLug~*|Tz6+A6>s<#p7nKU_zO4y#Q;^hz|TA6ph{In$+f}RcGlB| z>f1CQ8sR%oS8ZOCT`sIHmM}RzJ)-_zQRZ@_Bi_hkGFH&ST7?IK80e*S-VPoIrPt=k b#C;8A-1y#%R~yH2l=mZLd`YJCptql1{(X>w diff --git a/nix/secrets/parrot_token.age b/nix/secrets/parrot_token.age index a41ce0e4da15a83d3d20463b94d91676027640e0..8cbf311f1e94a4b3ca9247e57874f95d473f9885 100644 GIT binary patch literal 813 zcmZY2&8yo4008iVo0GiT2Ad#A4}OewwMm*!#y--dX_BT*(xk~trm(d6Z1dHmOJBX$ZAz1nWJ4K{T_OM59042p4bh~jXo$in zHS!dyq-;|zCz%+|a5h&5+Y5_kSVZOvV`l=Obgt)$6Hwz(NUt;0^J9er(P9cOz`DJu znO+pe7zU9@`s9YE)nctQhNJ$pQ?s5eG*it4_0iV3gPF5=Z)MIAuJ&OGS1J!m=i4i9x@rx>}s5f z*O^pBlmE8UFK)>5EkAed!foUy)w6!!KmaQb7E?`h(Zx>96dk9h4{Ty6;3=^}Bmrsr z5|~snib_JHqfj!Ice27E4Z{ia5)3dBz~|PeOS2^HcX2pa%d9nSqo7vKRuV79{aEu7 zz69f};MutuAqto0*ix?7oC363t%feZ_`0HdmTH(PNhTa5@u4{y_~dw*Kub+YhBT#X z(-P|e&tr$k{nvu;Z~XYuIqT5VTYtas-3MFmB>Jr*KkwezfBg}Cb=-My_~7c^Uy1hV zXYjF0-$uvx&YaNSKeM@Z@zEU4JG=LA_{5EGe!oAuJFp_=hwE4PKX!jPb@cE*&uxAA-g)uf1^v%U Q2dCeDqujf8lzI2=zuXZT1^@s6 delta 737 zcmWmA-;2|B008jG`~d;=^uYsn2YC@rN|&^0n)bw#)U-|d^YXJz?m^n-S93|z_M7IH zLIo9k8dFi&iR@sqhfNX3Kt#lcZ8y9pWx`&D9LR9sgA*qHc$nhnPx##2xxVx3L(_p! z&@~pe%qR+rT8i_V9NU$0!9+0gX6*B^Ob2{IEaJ4yd1;*O*P*PZuSzAJCY5m<_%5={ zl*g$$rs-j!)%5xk+e@enXbTl*6-q9_0GLTlP2+ef4=a(_AF(h!DLMm75j>-wNQ7R) z#88O|C!MC*;By@Uu_>`Ydbz4wEM}n9o=5{Sv0URt2`61*TpIbNpR<75aF9Zm1F}kD zazT<2=EAGl7K?Jc-VS}L>Q%BJLfc41wfvwekZfGzhzcF)qR*Eapu|F;=b=IMc$1ae zC}lZm0gOF0W8gumFbGh!-pdoQ%rkwXwtDHrw%IA570u13(_DGNRYAtreX0iJcvy}> zW2EG44ymB2v@|MP8K`54QYRp~R;6qbSf2^fl;>-HNR6Ws&w%4f(8hVi1uB~RwDe`t z7;7D%!PZd)J_P5L0S$R<9c!_Jfm!qj+g76~?P3)iYfBnRO-2)B(C8YzqVSn+Rz`B9 zEg`z*#^a&GmyBM$gELUWk}QPC7Be9sw2C6eHY>wIVyKrouHl3O4(Jl6N_0sjEQUY= zD49&cOa>!J$H>?%Iw2a>ut^G5-|kYqcuG-tcG+kRqdXh6kx8!(ee?6N-EZz(Xzky% zVV-#K&*hEg==mOI=87=?{D=0N+RF7sXXgKfR~KiN?%%$*@XOYd?;k&YdG_tD|G3Xm zn@676@6YYK`}%7BC-L3d%I^zTqRS^=E8A;-%-_oY_Gs(xujXdIkh^oUhfk&UzV+@T z58jx+cVtmNv;N@WpZk6^jUCsv-FWfW^xyNRW$|0b|3LJ9eF|gWZ64TItAG9xTpJA< diff --git a/nix/secrets/restic_backblaze_env.age b/nix/secrets/restic_backblaze_env.age index c8d39238603d95a0838eabf291564d12d903e801..a456d90b45b27e31b44cf7a15553f06db5e229a2 100644 GIT binary patch delta 630 zcmWmAOKZ~r003ZR=pi6OL=+JzICp7dlBQ{zgTpj^<<+K5o2)&^nn#l+=_5(oHPNwy z&Icm+V1gG1>Pau&WO@)3b+BDz$S&#>yy!ttn1@{yzn}13-~Vji%~Ojo$Du+w(&%74 zLCtivgo%V1Dvim8&K`W-Wy)m2dqz zB0+dkOHnKXX|1H3LGz^^*%+WrVpJh)2d}y)Jnt|_1y_*-(C910C~dJ2OKEhRvw5AV zTTz{LAbXfjcXU?h5^|xP%PM!y?LE5Kw#%r(Q+9MD8E%k3vrJ-W$$_0ONJ+1ar)nv& zZ+k`9HG2RfRO||liCDnb=POwU*Udoc&?6avMw*N%nWEn>VKBL zWSEE}~&N&ciBF9q;Vw%Dv0u1M=jm5R%Z+<30CZ-=6pfI3ME> literal 779 zcmZ9_&8yP}008jIm=KhS;@$>h=A>Y)Nt&;QfwO6wyu5t3jcGF&CTYH!uQqMkCYLFQ zP7(3=o<1KaI}H>M!Wg`{T?7wK2A&4+9fDJM2vAs$aDUFPekFY4VU(sS*w6tSI~QE0(L1=&VaT1Bl7 zSxMN&j3lGHcGOZ6M)K@NOf)SyhyM4Y)h-P5mbsgAtr}jT?30F&1WXoWrei8%m*r3s zg^YMqNNqAj+dDThU4*#`qNCv|<3(#r0g^bl?Uo!VVH8ZaW{jNHi9s6DPMyHCT$=)2 zQyOGuqSW}>TtV#ornw^WZw{t5z9Jd-^iU?Y%_yjsaBOBq2 zc#UEBt`M{ePjO-r;vI^Ur2bf2#em8z4=vMVr~ZIYTs_vtSp(PbiigCsUTJcDE(i^c zX3LrVe#5!6y?UhTWsW&@z^=yk;ICR>xrD)^77KLy0x^;WrG~UIFI}4=jE&lUqwMM9 zP8}kXWi(w5ixI*w7;GpF diff --git a/nix/secrets/restic_backblaze_pwd.age b/nix/secrets/restic_backblaze_pwd.age index 3b7605f3..d3a3ee25 100644 --- a/nix/secrets/restic_backblaze_pwd.age +++ b/nix/secrets/restic_backblaze_pwd.age @@ -1,13 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 nTBfeQ xYRX4OrYPpk9cGLUQiRwXhRjEa9q8DPICmZlZzVuFR0 -p7OLGY6D4+baAG4Hw/psfBLxh1o0r5/Eig13xLzYEbk --> ssh-ed25519 ZyUiqQ h2Rj55VSVJCoCEuRVb84lQOSEu+sQmzD2HYtnQL2nno -/tZcVl63xtgMizeR4XT9TNuEy4PiVzuivBRNeqMCmUk --> ssh-ed25519 7owkuQ tmDWdoTuklKcXo/dBfnkDPhU/qiZwvuxhOPoTg0vrGQ -+IpHJVmei6KG+Z1zs9jHP6lZ3V8o2PzeNNEWIZ9O078 --> ssh-ed25519 yg55bA tnZhRsP6q2a20CnwwAKkJhYcDbJZqneNW00XsohhKHw -D3K1r1EStIR/3yOSZgbC5NHzxWTqnP9Sek7EXMsR0qg --> R1{-grease z'2CN;N H~68M@*y K.[c- DJ2t -WH616XCC0SyYSpUIzT/43oOUqIfFrYTS8QOJnuvImqYxqGCBISsYfQ ---- OweZPMHb12leVVGJ5jEQcpe7AfKcxIgEh7jihDBCDi0 -wGxE艓DB%[M^ܔTNy)}HREu <7p} \ No newline at end of file +-> ssh-ed25519 0LL3PQ kAkdTH8kPHnYR5GncurnYL6atChq9B2ugqJYK0xUAHs +doCoG+lJAlbygvWg31BycpMf4K6dWihcJ4Vb3308ypA +-> ssh-ed25519 0dJ6Mg aWeQi7cyFZwEgcJb4GkROumwptaRTPrCBQCCpMdKQXA +ORlGsAxLgWIeRhDwv58FFIZP3vUqTipOl3Q2bdq1nEs +-> ssh-ed25519 7owkuQ aUTN8z+aD4ltDJ/7oBRhZZlsyp6blSGoeJdDDzwTsiI +00/DiiSDI3N2c1l4apPYKwQwWX/7FaxzupPnTPSzgDw +-> ssh-ed25519 yg55bA QN8RxfPk+yAL/veq7aLX7Z9LMBaMPiq7edju0xSbOjU ++Q+IADzBZB5H5PwFD3jVZOsPJdwbsiN0t6vs5tqF5HQ +-> 1-grease "[wrG8^D YH)pk=`h +OFsK01MRbG/Ds1s+xEDF5D37ijhhCuRCWAXHL+kXlJ3lXulkMpAA/QBUj2/Y9RIY +veiOf8/qizBR +--- rpmIeN8PqT0PRmiykzweztzDkzVNp1mCetqj1WJNerM +hjr@oپ$'@#ʚ 3G.U'0+|ϭna/ \ No newline at end of file diff --git a/nix/secrets/restic_backblaze_repo.age b/nix/secrets/restic_backblaze_repo.age index bf1bb302..3c0928ff 100644 --- a/nix/secrets/restic_backblaze_repo.age +++ b/nix/secrets/restic_backblaze_repo.age @@ -1,15 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 nTBfeQ 2Xn5ERBkSy1YNqC7/ulAfZKnmhK7ZFAD9jEpPHWS+SE -t9jh+V3j+/uW8z7B197x7Kik4fZC6lbm979kM5fIrvo --> ssh-ed25519 ZyUiqQ 2bvKivVyhiqhegaBbsSm70TnhHLsDf/gi/q1i6/j3TM -zqNer6sdmyVmSsVnq0RwO/l71CRViUHIR26wHiP53wM --> ssh-ed25519 7owkuQ o9jOtVaoytlpXJjNSCeqWClK/rLCLmjjvleYA0T1lgM -9v6fsXELScAa/IxpBmr3ckgPwCiNnTJzAUdDmIbnn8s --> ssh-ed25519 yg55bA MSYjMiI53g/Qn0ZPXg06P0HnUdowe1vzrKHMwfTwwWU -/CGyUNdNTHSuFYm+yzbGhs+UkEFN2ORL5AMRzdKYW4I --> I:w&&-grease 7`k; bT<@ -3WKMBng5DVbpdSG5dHEWodSObhKScf4JOG0iaMXNlm8k2eP+4ziYX4hsY8FtyjQX -TILAsok ---- gaYXpVjMbBBkPWuIEQkEjRQnhi5a48lt6m1cmP7eRPQ -ْK@RmV& UpuX\8P:rxé%eYb -ߍ ',"^8ߎW{ʣjH}&x_dY %CR% \ No newline at end of file +-> ssh-ed25519 0LL3PQ T/cXi55d6piVdR6JLJSwDkRZZUosRmp+aqVwAoVfPFA +9qrb9A37THHtfuC8auJZvAxLJ2BNRjlSsR/I37fU8yw +-> ssh-ed25519 0dJ6Mg gJKha4ebtaBDlKGARtTg/P3DHZ71DrCg3HeEeNpkEQc +gFKI6brdafHh2j0dJ8TGOLjC1h40+9Aie9DH8mH7Vj8 +-> ssh-ed25519 7owkuQ U+Gja1vezscwMJcLU4EVxuKI3Gl+ipIFYCjG33VifX8 +xxmwm/4zFbiZQkvruSZX7FLQ+3vQXA4tTccWgUODu8Y +-> ssh-ed25519 yg55bA AGlvhXKS9pazSsJ/U3VZ8bM5PMR/u3g9FOLpgSAljkg +kdOMWIgbFtpmYJWBvoL/0gwpRm0bfkyf/ITz/BsgXwY +-> gZmc-grease Cr hyPB5 |D/ Ahl +dpHaveRNwJwPxTGDEmN371ODXoaZ1yfi+x659RLEfIotEaJT/CmJZ8caF32DLF2n +pkA +--- m19Tq1Ptb7ranZor+pcrHGRuCKv/+NHGJISyhrOiESU +(Vq]C@tKTˊJַiwaD3> JV uOQj;UzI-_P&ZjWe ٽ HJJ( \ No newline at end of file diff --git a/nix/secrets/restic_four_pwd.age b/nix/secrets/restic_four_pwd.age index 4ee3e707..b67cc300 100644 --- a/nix/secrets/restic_four_pwd.age +++ b/nix/secrets/restic_four_pwd.age @@ -1,15 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 nTBfeQ 8yNiMOP51a5F2mCuzSneDvzpd0lQlhcTthPJD1w8wmU -ZqVBEPtp8fK8fDe2F+770IaLQEJwf01ZX/ulf3xgwv0 --> ssh-ed25519 ZyUiqQ hPTlrVUyC2iaK3XPNzoai6N81Vz1Mj/orj52HKLkals -dHiCnS4xtZ629UEfBhwQSD3HkRSALlDiYvyGGHmId34 --> ssh-ed25519 7owkuQ dsMfFPbgmw+UYPbxBwMLuEGYB6oHONmd2R/h/mNwOA4 -bG6H71GHvhbobO/ZJ68Ihjf6YNV/W3Sq20PKBJjZyZ0 --> ssh-ed25519 yg55bA 4c2vfb/3g5i4Icyyt2N2gbmzhlQO8HaYXU2jlqvC4nI -OFircIZDn9obQy0YBGtgDHTrUXOQwJfoYd0NWCbdlew --> X~BYJa-grease -932lkfqsrPbCP9Td6KqW3cKp6gRsWZnfubh4ZXCI/kRUc+PylxlWqe0iTICABhDh -elZgTS7J+aTq9gi3hkqhdaLpPOX/QOwtfhsOxwxk8s9uvH1W1ZC+50YnCvN5s0Ed -LmVf ---- 18jrvwH6KppTpYHtfQV4sgw9xAN8bv6rbx+bDfvtQG4 -E5A޳xRJw|CYR-"Q3s;g]V \ No newline at end of file +-> ssh-ed25519 0LL3PQ xLhj3/Y4owHlZ9wSvSUO6J5QRDbAwbaMO2MNAIW/S34 +T86CtE8vACVDH34OnmUVokUY4NctvHcaVunoCvGUxEo +-> ssh-ed25519 0dJ6Mg 0sZCeLLGHhQ/ZppSTuyeZBOKdypMBNaJrI84Sdya6C0 +3koAeP0eIaSj/TQEGHYJ0GSUx9T35WQiALzLj8cykM8 +-> ssh-ed25519 7owkuQ fOjqhSibMqCebX44ODbi5B6T1KGBVjgAl78XcQbGnUs +LqRR+NxqMGi0gW3DLubo0k00mkW5onuhKWw4Oaq4o2g +-> ssh-ed25519 yg55bA xl59uoVVAsDwAik1iN+aMxAvmX2yBW6Tgngt6nrAy38 +NnAGx9qDQScgbA8eMd6JmOWV14Kp3enpuzMeTpVLSQM +-> *-grease 8-(+ vYaB m6U +8gdvu5Df7a7QJC+s3/x4OMEp3nGRQo+v6GKMo957cTIofYQrX1zPIscugjB+Ua/R +mqSUmYM +--- IYRDnT9/tIxleM47lmOA5wp3e5TrJGqn/faxfMTq7po +Q&]cӵҷrJիϘzaBd $Y['s8pZ \ No newline at end of file diff --git a/nix/secrets/restic_sgbk_pwd.age b/nix/secrets/restic_sgbk_pwd.age index 27340ab6..ea4711ba 100644 --- a/nix/secrets/restic_sgbk_pwd.age +++ b/nix/secrets/restic_sgbk_pwd.age @@ -1,14 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 nTBfeQ fLqwnaqUg6u5ZOfyh8YazaTc3y4SbLdOlRqGu8YBB30 -5GX8Mdx4qNjky/vyj+kNiX6qYQ0yhSDkH2IoOD65HD4 --> ssh-ed25519 ZyUiqQ B9NDw4wOxJkLuFdxZudRq6L8aHrQGbcelgZpoboKoFU -6EuyHAvpLMMLqh+vJPlk0n32plTY9Xo8htD+JtPx+kk --> ssh-ed25519 7owkuQ dejzOKIT1WdFLhz3Vv+59qAGzxMQrbulDIZPD96s208 -SIJbP02K7zDH29ENUN4yAqV6uF98cqNyln8MGjhfkVk --> ssh-ed25519 yg55bA pgBG1vxcCd7vEAb0Vrjihh1dvtaxItRH5hSfTPnCfW4 -kCPyQC50h+7Rl/VpT6jRe5EAooldeTlYLmku12XcTfU --> O-grease 6#-10S F}iD% B C5 -Tr7yMxSUz768IoZd3LXpUBBkNUoedMoc6pmjW9p4/DA+k/ZImucMKOb6r2PiNHsq -HQ ---- UC6MQN5WHGlJSvNaKmT+JRgNXxhlnTxl3pHD71Wk5LE -d5`M"+3ʤΰ G x6VX?Ik \ No newline at end of file +-> ssh-ed25519 0LL3PQ KHSf9ndwbU+gp/EjEqb6BizoDld2P0IUE+NyNq41qRU +nnjQ6RxRj/oVI4lrmGx3YA9xru2wIkV6tyYnF/Qj4gA +-> ssh-ed25519 0dJ6Mg FoLEamzgj2WZxiEGjWEacLtP+YvwPK4S961Mz4QVo0Q +LRV7YndQRyZxFWgxjZ8+KhnHY3NmQjtBx9D9SkEfdBk +-> ssh-ed25519 7owkuQ +ERZ/SyjyHNDMUcZftWjPPg/+Y4vNNhY9qcXYJTocEo +WvRkkgWh+t1O2574vvIRYkDav6XJaZe1H8+bMk6Rt2U +-> ssh-ed25519 yg55bA T1koZe8t1aK3Z8t102m9Q3sTFo68ml8hjbm5oTDxqXg +OuVwNZFJokgz3ZubnQJbhdmgfYnpKSyt+2f0pfJ0zMM +-> 1I-grease SAO!z + 1 +dor0+AdeMZtvH6XIh/8UOwtKIeqTckMwS64fXpQC15sQN4s01iZ0E2fmfxlOd7sF +CEjwIjD/c76eWsm4HXnFKPMn +--- PtcipNj2Ol00OQXMJnvGfBPLxAkxB5/JrqUNXWKRqEE +p3ו!3`S^' To[F"WQF5H$ \ No newline at end of file diff --git a/nix/secrets/sgbk_pwd.age b/nix/secrets/sgbk_pwd.age index 571f0d92..ddc824b7 100644 --- a/nix/secrets/sgbk_pwd.age +++ b/nix/secrets/sgbk_pwd.age @@ -1,15 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 nTBfeQ s6oUHRmEDFfQXHeWgY9yBW0cmlv+ENPlsxzGgW+wAk0 -4suqt6lni02TBamKIpWC723J28aFOGTp5qw42cRvqYI --> ssh-ed25519 ZyUiqQ GSErVDSe4XIt7Cx+jU6WrjpDjAzTKGSctIuGrK2WO1o -HxH/ImrXkWyEZjKz9gANik8KZfvKK+3k/WbOJvAjePY --> ssh-ed25519 7owkuQ DedysxFLWmyahD8ujHdVcOjM5y/NNIOwq6QEiZ4spyU -Wwon12tO1EKSU7nNRo+YlzEKiExmx+YyB7O4bRcn1yg --> ssh-ed25519 yg55bA QFgvGQsLu06oheQlR1rF7+yJG7wjzDoH0iE27db6NGw -n0jpYlseub9UmDjQEAIsu783/et8WxkTQTt4H11NiSs --> ]5bBX@t-grease !.%UJT -uYUsUyj5hkL98AYwYjYs6neHlyJEoun2v2W6u1L3CkBrP5apOxNdgC/cB0NIQNpv -JsntXprw/iw3Ywm+BXwm ---- x0YZBFKNBhvyERkXSNvgZMT4VhYg/WkvOuQxpVWZbV8 - g5T38R'@wzz,^ԑ ->FCA], \ No newline at end of file +-> ssh-ed25519 0LL3PQ EaH3FSFURTrKNRQgBzRJHwScLs+0++zx8L5xtiv2Thg +zb9BAe2Mh3Dnq7xQTsV3FKSLfti6qk1fMuVU3jnkvSE +-> ssh-ed25519 0dJ6Mg wOmgGAMbqQD3agi6iH7ncke5yIuWwI3JK2+Z4Z6LAGQ +aPyfZ96NlrP7/XIMpKJkgvONfzdgjrm18CFGpE8rWjo +-> ssh-ed25519 7owkuQ Siq/BgJuW1G34eBHL5rUTaR/D1R8AKxo3oWNfKkjNjg +8/qCD7Z8Pnnpz2fwzcZuRKi/NqU4sOUdEn97JT5sy7U +-> ssh-ed25519 yg55bA JHUJBdwb6/vcw3g2JCZVSs/dm96PE7dhOW1gEi5Nokc +NiT7i0XArZPVz4UqN4IR+Dc47tjU1jVe8SFUbM17fBo +-> %-grease R +5njLYJJMaDrRkP6qA1AUGy375lHVqP2WzUlhYX8HLtBL95VysXoW+PTzIEc+PQNs +UMxNTezEFXnww4E06+rPE5JN/VN+lOtb1uaEFdc +--- TKX4YuCK4DPsLEB0A1XSywqEt2gysGHbYtL59hudEkQ +|oKw5tU|Gg(f\@9â0_j \ No newline at end of file diff --git a/nix/secrets/sshconfig.age b/nix/secrets/sshconfig.age index 881d5398..cf24cc70 100644 --- a/nix/secrets/sshconfig.age +++ b/nix/secrets/sshconfig.age @@ -1,16 +1,16 @@ age-encryption.org/v1 --> ssh-ed25519 nTBfeQ xJU6sL7vbCSnq/Mf53A5l23qDWg1bm/fvp4IjOXWm2I -9Ie/MwP7e077rjuN2DzoHRk67M2e+gY3yDQpAGepZ4w --> ssh-ed25519 ZyUiqQ UGZKWlWC/gimEZthNPNOWukunxZNb9yzGP3fwuIbIXg -wFbXFtE9mRCayKM6xxybfgpV31FtLkkXcy6LpJYRjEM --> ssh-ed25519 7owkuQ tZtsAktppNk8deX3wvNhNn3g9O/fyYW9R13pkz8UqGc -fUcLe3Cd90DEH0a/xvIiwQpPZjYtBNN4k4TPGAhIZjU --> ssh-ed25519 yg55bA SkJ7ZXGb+jwkCvCEzmeoHg2uqWYEPRag9AeGYf+ITD0 -KIKWdS09Xk4L6Jtjw14sMt0GbK7M7K1pWWR+bTy1aiw --> 8tLV-grease O7H<^ XS9V 2Ur<( =QH2-/ -SV62s4bYT6y20++WYB1AoQYg/CEIKodhQye8iFf1qFttqdFwyZQqVMrdZk9HeXZS -FegHreHI9E29tlJ8vobhXmc4mQuDfKY ---- DSGiksBfVrSssrsbKfqNMIc++kOVIdT80/CowQwjKVI - jtsaђ5-][Ї(/M;0b,![U*Ki5K`c&8xLa (\wVƲ:NtGXKoaB8dS|fuoaH|V:ljk(ouʋWQ*`>mO77c?8թL{Md01bfYqٽY{O&)"?9?IkŪ.􋧡Mr_gL4<;E?&Uay, IXJԂ%FyH dFvy]m˔<2> -bz<xT݆oji -sd"*.3ߡqjKW rm,jL&6H| htf ")Pdp>$ɟVj۹=OL \ No newline at end of file +-> ssh-ed25519 0LL3PQ 1ix/iY1ciQ5TLqNHLidJo74p7U6xk0W+0zrFPCMmxGQ +Gify32vMCcZtow1mHKOambrFypS0g8M+7TU0GSZTxJg +-> ssh-ed25519 0dJ6Mg 1vMlO6MnEZkQC2D5kBHFSL2rcAEdGjC5obEKIKABAnY +Bp3havFr2QLOq8pFZWl/U0gtEsOfcTl9bjDoSr6RlBI +-> ssh-ed25519 7owkuQ 3yeuQvDvcpXWWwPr/NusblZ17SYYZQv/uslVTWDd0mE +tMsGUXiKvnMK+VLUOlcQlgFshKobhTlABQYwL88qJyk +-> ssh-ed25519 yg55bA xDjHHyqk5W2o4JCumczUPqSRzGyRRXx9uWU818sijE0 +NqQj61QgFqyqqR9w2+cUVt1Y5gdGaaV8H3WUrzz4Gjg +-> .>G!b"-grease ! ~IZl= i_: Z~' +byYr7fXy2XziAJJtw8HZMyStMRWfP1XwPB8wS3OzOBqw7sBi+hkjzouiebi483jK +2fkxdi8SCo+DvxUHREXIS//ixmZqIKnzhZW1x90 +--- nNgeCy03rYViLtzv4WSvpNJY4QJzIYOyS8CmszKss7I +OޜɍTgiZM(XF/4Vvj (rojĠ=}LYf#X,iŌ&f`Ԁhς50ƛhuwD@U +R5ݽ,4(]P>+Sg_I Fƛq敎Ry bԸcyu7ZY# uMH]QQ>2r2X=|j:J+RSɢ#nQ3 #V:% 1oLkhM~ +oZht q!E fg1[]K.{\?(b88 }=s[Wj, ssh-ed25519 nTBfeQ 3koSzAro+n4LxSdup9/PluT77oO5nU6/VX0koWicMR0 -xws/hbp3yT2L/BOzulIKHPwPJI328axZiuxTw5HERNU --> ssh-ed25519 ZyUiqQ +oB3JFPfKcsPoIbunaLDouBPrKHAFuIu4/U3NbOhM3A -ByJzsXtZYMajbLIpy0qL/d7x1mP6d9em/7J7tQK/yGI --> ssh-ed25519 7owkuQ 5efBQm6io/0wx1jFr/n5cO7xT9VL9fSPyBcKdWJGAnU -R0c7uckpn1RnZfiYJzrW4eJ1AdeMqDi9aN/L7GHVn2I --> ssh-ed25519 yg55bA T0Ei5TtuEKCe1SPrXB4IwrSQSpj7SMNDPzT0NqYVbUc -DQt2YH7jagUBH5lRZhAeHfsq9ttTAhKlzVA51/4uu+4 --> l8FHd2t-grease 7PpUu4 [%p}'4 -p3shnCQw0c1yPA ---- dDfzulZ/6DescfUw4FzskkrFrMpvNUYX2zU3ds3senM - RQ[-o̮?CfR-{y5bL-P/eSOIr Z { \ No newline at end of file +-> ssh-ed25519 0LL3PQ bOMlgebRdu00Y6AMCMzfMDHz20hmxFZKXZXTV0GxrXI +h8g+yA6VbtKmSpJQd7jRXbI3XZ4t9onF9HAAFZqGfjo +-> ssh-ed25519 0dJ6Mg re3MAlJT/+Cv3JuX32+DDsCpX2fyjmbf6lHWEPo2cS4 +eoGwzNSWZsz7MraRl+WszHPtV/Js5miEpyPW80qE2Rk +-> ssh-ed25519 7owkuQ jVPzIG/BaqhF0pDsQGyTszSYk9uqxgT+gkI3isFfXjw +KNYecxPhASdkrX9HksZvd3PklumBxhT56cwuAvrjrCI +-> ssh-ed25519 yg55bA RQqNeR7/CnTikL1PmjuB8wbrbB/ePXDL5Vc68nwglms +XSdnfZRny11PwqNz2RQXZTJkebgpcIlLPH41anP+bE0 +-> Fwm.uTZQ-grease 0 l*:+ KkJHBhG ++GHIrzesQEN5gofR9foQBAispJYm7Q+ZpcaGA5c +--- BeBZdmPhZssR+92iYgQ/62hlCIiY6SUQaggAZkXTw8I +|.hv"՟i +|pw4ni؟WB?l`[2(ᨿ_i' \ No newline at end of file diff --git a/nix/secrets/typst-bot_token.age b/nix/secrets/typst-bot_token.age index 1f6b7cefb30e3c76c24183bb5185ba77d43fb1a3..82ff09f70d27f78294142c915949f7611700b4b8 100644 GIT binary patch literal 776 zcmZY4&C8Pv008i)n-yK6TV$7@#&Uj5C8(UwGu_;D&Q0Bj$fCzvMTdflh&mK>?hq00B{~%J!9$mbE*+w4{RKaMx@}dhg%Oo&i4!dL2ayeBFi<@R z#__CbnFx-<6jXVYEv6 z<#K2fCTV!agq68G3=3AWS#O~#G+<~6gTrM@#WKtnAw;n1<|s>oJXJ`|so@h;rEFbX zGt$2_BFN{d1bVE=Qp;dopfxH$U6v1$hCf4>1~zXXZb%q$TaxltpOY~FtH4GpUrpmw z4N2IFgvJaRq#0g^5 z#LBFv&czG>s?{n;MHI7^5JF^f0zdBy9aTVRGZZ*I#RfChCp{Q)?2#UmL*US>=CfN5 z_V3=KeWebJwqN{loIEREp$|X4vn4K<*T9!Bx7pft@hq*Kbs8oNqVeA1$nwkG7EM%^HR z8N}PoVQZAteY!8IWWlJywv(V;hi4sLPZ!N}QcA0+H1rN@V%*go7R&@`jP1Kk&ak?e z%34&=CPK%R+d{xZlf?1_h#g4T&df9cd5nwI3h6q6V8^A3(<}ywKcMqWO%)V3^h~*L zrv(~@@#VX#a$io>b^*BnQ<( z0THJbRtyz*Ml}0262}G3=Yk9=0}MfpV3jM!WfU@MUc^J3$z%}L@uh0Ss)26}(li%l zx{~}~!&aA4|4su>0aqe$Nd&PAjGKT(Q8=q!>H-yAhd5GYJPhGtf;1#oAo>aHLLu2$ zRZFd2Awl4*s^uuOQEJfT732gWR0^~W&*B@Xim+{C z5=(B6wwqzXb%t3*PMBeoBXGnbfmizGiz91$Pj~M8W|n_!%^x4^9F^xAf5flc zbL*c%mAGR-lIYn-qJn`_^!SZ+Jd_;2JuDo5j0XJlkDHf~u}dP^^DO*U~d zZc$M$Ha0O?Xh?67@fTNRdTnr8NJ~agZg5&^ZAeRQP()XGw5lHArSuNkceMM0ag5Xn1!sRz!D8V^ULEI6+D@R!c-tQcVgtN;FS; zQ873-IC61tZ&Pz*Y-ManX=+MoR%K;jD?>O?RZ>@OOh{Bpd3OpeJ|Hc0bSqagEoX9N zVRK~)X=`a%PIOvyO>S;yOGs5RH!CxIzM*+Vh3f$JjZaH+fGkh>vfKi&6#ib{GAh5FZLU!#4k+*0&>eZX$1OKh(Q^%h zkj;1pna%e53`@kKdOz1@gE=zhm3eUgMiOiiplJpk*9aps7(5!rOW?i{JzQ7egT75E zizK~~)qeV8o)a}}gE(G$0lgzz>f%KmKY)(@e)N7f25J^H(217QZdXqnFN>W$1%6r< iKC;Sed|nmE#psY}-~$IK*@wwWs9a9xx7J8jcm;%W|2Gu? delta 895 zcmWmA>uVbY003|*+Dc*tWiqUOI4JAJZfWk3dt|E}ms~EnyIe1q+~slNMqZb@JTA%Q z9j96ARFJ9D;bR{PnTWWDRdh_poKuTBti|Dm4E<7CHkcnqyD-Pj%QyJBcWMoi3u5K#8(%q+r$+n`0WN)pSQTgJ2l!2GovXR3#wiVG2YSs|6K7 z!zmd}>X86r=9y%>kf1PcP>yujHWv)UXsKYc@GvK43KefPW0*~U*W#U35~TfQv7U)E zp<+8-ZG|A%Kzy#ZHnzqZ9Z-jzZp~j}aygk}1Cs0_G`FsbfV=+7=Hk(A=hib)2Rz(waFn4tS(AHj3A}ie@67~=x74~@H z3?Hx{t^rpoEuCk`keYxa6`G}`JY~Zb)M${cbkh*nnh@=DIZkSYo0dhY4YbvyiXt6I zK{OsL*8X2opLOJ{Y_gUG{QH1Jawon$W%C3A?iR-JRh>bL?I7G^vJoa#F42&cGk7;w z;GLC}Ac00cRqo(0;WU|CLW2sTNQM!vk)N??nToD<^eXM+btZv;-DD};MzUZ6i$Wo{ zfaM?_B2q1z!{GqpcnOn;lornwm1tCs!eS)p54z+M%!+2JR_40BYO#>WVx$Gx2Aip~ zyAECh{~GL>xwHGw)TLMYr%(L-Xld?pJoen5zi9b!q0)r>Rri^)p|e zQTtP`50zJ1wZ(5om!_{y3XU!0<{I0AODIk_da-nm@Tbexj$p%AKb`kJasj-nEe$_*d-1?ichPTh zwRg5~{o$S0C+^>wJ5KNIKm6)Gc;(n(^z%dSfB$9h24vVryr)CcR$KT*8GNXN+MD;% zpB%aA{O9}&OS2B(__0aHiM`s03anV)0i7S;&TOL6oa|Nq;CGB(o?6_)$2XQQzP37l zMgJ_nFdqNuXZ!Ar=sEkYYHw{|+`jeF#irt3_+op1eg_gIPAc2*kH!{G9{qjZe($%* N^>@j$6TtF~#DC=TR4@Pl From fedc010290311e20fcd2c007793aab1c82096dfc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sat, 1 Nov 2025 19:12:53 +0800 Subject: [PATCH 09/32] age: update sshconfig --- nix/secrets/sshconfig.age | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/nix/secrets/sshconfig.age b/nix/secrets/sshconfig.age index cf24cc70..75bd6ee3 100644 --- a/nix/secrets/sshconfig.age +++ b/nix/secrets/sshconfig.age @@ -1,16 +1,17 @@ age-encryption.org/v1 --> ssh-ed25519 0LL3PQ 1ix/iY1ciQ5TLqNHLidJo74p7U6xk0W+0zrFPCMmxGQ -Gify32vMCcZtow1mHKOambrFypS0g8M+7TU0GSZTxJg --> ssh-ed25519 0dJ6Mg 1vMlO6MnEZkQC2D5kBHFSL2rcAEdGjC5obEKIKABAnY -Bp3havFr2QLOq8pFZWl/U0gtEsOfcTl9bjDoSr6RlBI --> ssh-ed25519 7owkuQ 3yeuQvDvcpXWWwPr/NusblZ17SYYZQv/uslVTWDd0mE -tMsGUXiKvnMK+VLUOlcQlgFshKobhTlABQYwL88qJyk --> ssh-ed25519 yg55bA xDjHHyqk5W2o4JCumczUPqSRzGyRRXx9uWU818sijE0 -NqQj61QgFqyqqR9w2+cUVt1Y5gdGaaV8H3WUrzz4Gjg --> .>G!b"-grease ! ~IZl= i_: Z~' -byYr7fXy2XziAJJtw8HZMyStMRWfP1XwPB8wS3OzOBqw7sBi+hkjzouiebi483jK -2fkxdi8SCo+DvxUHREXIS//ixmZqIKnzhZW1x90 ---- nNgeCy03rYViLtzv4WSvpNJY4QJzIYOyS8CmszKss7I -OޜɍTgiZM(XF/4Vvj (rojĠ=}LYf#X,iŌ&f`Ԁhς50ƛhuwD@U -R5ݽ,4(]P>+Sg_I Fƛq敎Ry bԸcyu7ZY# uMH]QQ>2r2X=|j:J+RSɢ#nQ3 #V:% 1oLkhM~ -oZht q!E fg1[]K.{\?(b88 }=s[Wj, ssh-ed25519 0LL3PQ bDFQQmhL1lT5KkGv9T2KCpx85TeBgraFtnCmvDXwwRA +xoBjy0hm1CkfHxHlY9S2BHDYYewX2ytPeoR9YbTtlCs +-> ssh-ed25519 0dJ6Mg MRGlK8OdIJsPAXTVSyYAyxB8gXHwRlUnEzWiaGTpjlI ++WtL6d+fYkyFGpNKGOR8VSyxcPclprDrXBJIqjs7hqw +-> ssh-ed25519 7owkuQ CjpFcjgDgQ5tVGA69U0I8rs7BW91IJYeHoooyNTCqhw +k9Lml3gfrZkWD9wTlztjd3cS0AhgD0uLlVutu1PyTQ4 +-> ssh-ed25519 yg55bA wvVfTxH9R30CJLS8q/ou2tVNM6okXVPNFb688NqTgjQ +6KD94cu8bXhsqqalVtxv3wqNQgcR2WavZkIebMwu4ic +-> %4r7Ea3-grease o~`[:vH l>_)R:w3 +EvEthNDe7whC0/7kbvwvLBiGLH4wG2rKEGKMzsIvNW+tiswH3vAWIfyQZGAQ/82T +WpN2wY4fqBmbyvQgwTSP3jCeVVQ9Ko8lkbm+n9mNFSv3cs2zcxbBd5bd24a0Q2El +EA +--- nA+Y/Mjk/CRL//AvmoOhR5WZAvw/xTD4mXiBtEhX6q4 +w( +[Y .sܸ_?4Ce[JG~PJsA:pǑK$LIGR?<1 5c3>eǯg6$Hu;`YX m78-%ͺ߁p R3bCױ8oڭS~'&*k8q#W (9& +TV}tkkߘ_8 *@V  Date: Sat, 1 Nov 2025 19:37:10 +0800 Subject: [PATCH 10/32] hydrogen: some minor tweaks for the build to work --- nix/configurations/hydrogen.nix | 4 +++- nix/configurations/hydrogen/nixos/connectivity.nix | 9 ++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/nix/configurations/hydrogen.nix b/nix/configurations/hydrogen.nix index 4bb8d997..a9a2d7c8 100644 --- a/nix/configurations/hydrogen.nix +++ b/nix/configurations/hydrogen.nix @@ -43,7 +43,9 @@ in ] # use lix everywhere and wrap it with nom ++ [ - (import (sources.lix-module + "/overlay.nix") {inherit (sources) lix;}) + # TODO + # Can't get it build for now + # (import (sources.lix-module + "/overlay.nix") {inherit (sources) lix;}) (import ../overlays/nix-monitored.nix) ]; diff --git a/nix/configurations/hydrogen/nixos/connectivity.nix b/nix/configurations/hydrogen/nixos/connectivity.nix index 2c04b047..c07dac6b 100644 --- a/nix/configurations/hydrogen/nixos/connectivity.nix +++ b/nix/configurations/hydrogen/nixos/connectivity.nix @@ -62,8 +62,15 @@ }; in lib.mkMerge (map go ns); + + allowList = builtins.filter (x: x.ssid == "~"); in - fromList (import ../../../connectivity/networks.nix); + fromList ( + # We only want to use my own network + allowList ( + import ../../../connectivity/networks.nix + ) + ); }; }; From 6ebbf455f0202196ee1c0dfb9bd9ff61e0cf62bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sat, 1 Nov 2025 19:50:02 +0800 Subject: [PATCH 11/32] treewide: fix lix overlay --- nix/configurations/hydrogen.nix | 23 +++++++--------- nix/configurations/vanadium.nix | 47 +++++++++++++++------------------ nix/overlays/lix.nix | 10 +++++++ 3 files changed, 41 insertions(+), 39 deletions(-) create mode 100644 nix/overlays/lix.nix diff --git a/nix/configurations/hydrogen.nix b/nix/configurations/hydrogen.nix index a9a2d7c8..c79e53a0 100644 --- a/nix/configurations/hydrogen.nix +++ b/nix/configurations/hydrogen.nix @@ -33,21 +33,16 @@ in # { nixpkgs = { - overlays = - map import - [ - ../overlays/agenix.nix - ../overlays/nur.nix - ../overlays/nix-tree.nix - ../packages/overlay.nix - ] + overlays = map import [ + ../overlays/agenix.nix + ../overlays/nur.nix + ../overlays/nix-tree.nix + ../packages/overlay.nix + # use lix everywhere and wrap it with nom - ++ [ - # TODO - # Can't get it build for now - # (import (sources.lix-module + "/overlay.nix") {inherit (sources) lix;}) - (import ../overlays/nix-monitored.nix) - ]; + ../overlays/lix.nix + ../overlays/nix-monitored.nix + ]; # Set NIX_PATH and flake registry at the same time # https://github.com/NixOS/nixpkgs/pull/254405 diff --git a/nix/configurations/vanadium.nix b/nix/configurations/vanadium.nix index 5be9bac1..1ed762c7 100644 --- a/nix/configurations/vanadium.nix +++ b/nix/configurations/vanadium.nix @@ -42,35 +42,32 @@ in rocmSupport = true; }; - overlays = - map import - [ - ../overlays/agenix.nix - ../overlays/disko.nix - ../overlays/nur.nix - ../overlays/wired-notify.nix - ../overlays/nix-tree.nix - ../overlays/wallpapers.nix - ../overlays/nil.nix - ../overlays/dix.nix - ../overlays/eepy.nix - ../overlays/calibre-no-mime.nix - ../overlays/fcitx5-table-extra-taiwanese.nix + overlays = map import [ + ../overlays/agenix.nix + ../overlays/disko.nix + ../overlays/nur.nix + ../overlays/wired-notify.nix + ../overlays/nix-tree.nix + ../overlays/wallpapers.nix + ../overlays/nil.nix + ../overlays/dix.nix + ../overlays/eepy.nix + ../overlays/calibre-no-mime.nix + ../overlays/fcitx5-table-extra-taiwanese.nix - ../overlays/iosevka.nix - ../packages/overlay.nix + ../overlays/iosevka.nix + ../packages/overlay.nix - ./vanadium/overlay.nix - ./vanadium/kernel-overlay.nix + ./vanadium/overlay.nix + ./vanadium/kernel-overlay.nix + + # removed, but I need it for PLFA! + ../overlays/pin-emacs28.nix - # removed, but I need it for PLFA! - ../overlays/pin-emacs28.nix - ] # use lix everywhere and wrap it with nom - ++ [ - (import (sources.lix-module + "/overlay.nix") {inherit (sources) lix;}) - (import ../overlays/nix-monitored.nix) - ]; + ../overlays/lix.nix + ../overlays/nix-monitored.nix + ]; # Set NIX_PATH and flake registry at the same time # https://github.com/NixOS/nixpkgs/pull/254405 diff --git a/nix/overlays/lix.nix b/nix/overlays/lix.nix new file mode 100644 index 00000000..0c47da25 --- /dev/null +++ b/nix/overlays/lix.nix @@ -0,0 +1,10 @@ +final: _: { + nix = final.lixPackageSets.stable.lix; + inherit + (final.lixPackageSets.stable) + nixpkgs-review + nix-eval-jobs + nix-fast-build + colmena + ; +} From 0e1f28cf6d5cbb1f0d917ff82ed16672881abc4c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sat, 1 Nov 2025 19:50:42 +0800 Subject: [PATCH 12/32] npins: remove lix{,-module} --- npins/sources.json | 34 ---------------------------------- 1 file changed, 34 deletions(-) diff --git a/npins/sources.json b/npins/sources.json index 7df0bc2f..4201f4b0 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -135,40 +135,6 @@ "url": "https://codeberg.org/api/v1/repos/amjoseph/infuse.nix/archive/v2.4.tar.gz", "hash": "1s3d1v27jxsw5050qi0bq6agpf5gpw6jmcyigzpdgwfm9d6w6wz1" }, - "lix": { - "type": "GitRelease", - "repository": { - "type": "Forgejo", - "server": "https://git.lix.systems/", - "owner": "lix-project", - "repo": "lix" - }, - "pre_releases": false, - "version_upper_bound": null, - "release_prefix": null, - "submodules": false, - "version": "2.93.3", - "revision": "017e93ae637ce6dfc958001e5cdc2a3e0182be6f", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2.93.3.tar.gz", - "hash": "152xjnlr733z34ndyxnhdaw7d4f3zcj5w028mlmwy378wvhk9b1s" - }, - "lix-module": { - "type": "GitRelease", - "repository": { - "type": "Forgejo", - "server": "https://git.lix.systems/", - "owner": "lix-project", - "repo": "nixos-module" - }, - "pre_releases": false, - "version_upper_bound": null, - "release_prefix": null, - "submodules": false, - "version": "2.93.1", - "revision": "c3c78a32273e89d28367d8605a4c880f0b6607e3", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/2.93.1.tar.gz", - "hash": "1m1lk9mjmcjfi30h1yckjrbdy9yf4msav2dnk8lpn0hrj4mkkw0i" - }, "nil": { "type": "Git", "repository": { From a1024668db529d2cb1fcfbba5ff6c00f57cd279f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sun, 2 Nov 2025 11:55:17 +0800 Subject: [PATCH 13/32] sudo-conf: make doas inherit PATH for just --- nix/nixosModules/common/sudo-conf.nix | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/nix/nixosModules/common/sudo-conf.nix b/nix/nixosModules/common/sudo-conf.nix index b2b66182..ad4c6a6a 100644 --- a/nix/nixosModules/common/sudo-conf.nix +++ b/nix/nixosModules/common/sudo-conf.nix @@ -1,8 +1,18 @@ {pkgs, ...}: { - security.doas.enable = true; security.sudo.enable = false; environment.systemPackages = [ pkgs.doas-sudo-shim ]; + security.doas = { + enable = true; + extraRules = [ + { + # invoke just with doas directly as a nixos-rebuild helper + users = [":wheel"]; + setEnv = ["PATH"]; + cmd = "just"; + } + ]; + }; } From 87bcb693bcbc80be5d5676a2afbfde06b5b7a000 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sat, 1 Nov 2025 13:04:03 +0800 Subject: [PATCH 14/32] hydrogen: init --- default.nix | 4 + nix/configurations/hydrogen.nix | 133 ++++++++++++++++++ nix/configurations/hydrogen/home/programs.nix | 64 +++++++++ .../hydrogen/nixos/connectivity.nix | 71 ++++++++++ .../hydrogen/nixos/connectivity/networks.nix | 97 +++++++++++++ .../connectivity/universite_de_rennes.pem | 97 +++++++++++++ nix/configurations/hydrogen/nixos/misc.nix | 10 ++ .../hydrogen/nixos/programs.nix | 16 +++ .../hydrogen/nixos/secure_dns.nix | 57 ++++++++ nix/configurations/vanadium/nixos/misc.nix | 7 +- 10 files changed, 555 insertions(+), 1 deletion(-) create mode 100644 nix/configurations/hydrogen.nix create mode 100644 nix/configurations/hydrogen/home/programs.nix create mode 100644 nix/configurations/hydrogen/nixos/connectivity.nix create mode 100644 nix/configurations/hydrogen/nixos/connectivity/networks.nix create mode 100644 nix/configurations/hydrogen/nixos/connectivity/universite_de_rennes.pem create mode 100644 nix/configurations/hydrogen/nixos/misc.nix create mode 100644 nix/configurations/hydrogen/nixos/programs.nix create mode 100644 nix/configurations/hydrogen/nixos/secure_dns.nix diff --git a/default.nix b/default.nix index 7deece54..7445744d 100644 --- a/default.nix +++ b/default.nix @@ -8,6 +8,10 @@ system = "x86_64-linux"; modules = [./nix/configurations/vanadium.nix]; }; + hydrogen = { + system = "aarch64-linux"; + modules = [./nix/configurations/hydrogen.nix]; + }; installer = { system = "x86_64-linux"; modules = [./nix/configurations/installer.nix]; diff --git a/nix/configurations/hydrogen.nix b/nix/configurations/hydrogen.nix new file mode 100644 index 00000000..4bb8d997 --- /dev/null +++ b/nix/configurations/hydrogen.nix @@ -0,0 +1,133 @@ +let + sources = import ../../npins; + + hostname = "hydrogen"; + username = "leana"; +in + { + modulesPath, + config, + pkgs, + lib, + ... + }: let + inherit (lib.modules) mkAliasOptionModule; + in { + imports = [ + # The generator and hardware configuration + (modulesPath + "/installer/sd-card/sd-image-aarch64.nix") + + # + # Shorthands + # + (mkAliasOptionModule ["me"] ["users" "users" username]) + (mkAliasOptionModule ["hm"] ["home-manager" "users" username]) + + # + # hostname + # + {_module.args = {inherit hostname;};} + + # + # nixpkgs + # + { + nixpkgs = { + overlays = + map import + [ + ../overlays/agenix.nix + ../overlays/nur.nix + ../overlays/nix-tree.nix + ../packages/overlay.nix + ] + # use lix everywhere and wrap it with nom + ++ [ + (import (sources.lix-module + "/overlay.nix") {inherit (sources) lix;}) + (import ../overlays/nix-monitored.nix) + ]; + + # Set NIX_PATH and flake registry at the same time + # https://github.com/NixOS/nixpkgs/pull/254405 + flake.source = sources.nixpkgs; + }; + + nix.package = pkgs.nix-monitored; + + system.nixos.version = lib.substring 0 8 sources.nixpkgs.revision; + } + + ./hydrogen/nixos/misc.nix + ./hydrogen/nixos/programs.nix + ./hydrogen/nixos/connectivity.nix + ./hydrogen/nixos/secure_dns.nix + + ../nixosModules/common/disable-command-not-found.nix + ../nixosModules/common/network.nix + ../nixosModules/common/sudo-conf.nix + ../nixosModules/common/system-nixconf.nix + + ../nixosModules/extra/leana.nix + + # + # Extern modules + # + (sources.agenix + "/modules/age.nix") + + (sources.nixos-hardware + "/raspberry-pi/4") + + # + # home-manager + # + (sources.home-manager + "/nixos") + { + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + sharedModules = [{home.stateVersion = lib.mkDefault config.system.stateVersion;}]; + }; + + hm.imports = [ + # + # hostname + # + {_module.args = {inherit hostname;};} + + # + # home modules + # + ./hydrogen/home/programs.nix + + ../homeModules/common/btop + ../homeModules/common/fish + ../homeModules/common/starship + ../homeModules/common/tmux + ../homeModules/common/vim + ../homeModules/common/direnv.nix + ../homeModules/common/git.nix + ../homeModules/common/gpg.nix + ../homeModules/common/leana.nix + ../homeModules/common/locale.nix + ../homeModules/common/packages.nix + ../homeModules/common/tealdeer.nix + + ../homeModules/extra/tmux-fish-integration.nix + + # + # Extern modules + # + (sources.agenix + "/modules/age-home.nix") + (import sources.wired-notify).homeManagerModules.default + ]; + } + + # + # Secrets + # + { + age.secrets = { + wpa_password.file = "${../secrets/wpa_password.age}"; + }; + } + ]; + } diff --git a/nix/configurations/hydrogen/home/programs.nix b/nix/configurations/hydrogen/home/programs.nix new file mode 100644 index 00000000..32ed2b56 --- /dev/null +++ b/nix/configurations/hydrogen/home/programs.nix @@ -0,0 +1,64 @@ +{ + pkgs, + lib, + config, + ... +}: { + home.sessionVariables = let + fishCfg = config.programs.fish; + in { + "SHELL" = lib.mkIf fishCfg.enable (lib.getExe fishCfg.package); + }; + + home.packages = [ + pkgs.nmap + pkgs.stow + pkgs.zip + pkgs.unzip + pkgs.gnutar + pkgs.p7zip + pkgs.bc + pkgs.dig + pkgs.hutils + pkgs.miniserve + pkgs.agenix + pkgs.nix-which + + # pretty tui tools + pkgs.du-dust + pkgs.tokei + pkgs.hyperfine + pkgs.watchexec + pkgs.onefetch + pkgs.just + + # nix tools + pkgs.alejandra + pkgs.nurl + pkgs.npins + pkgs.nix-tree + pkgs.nh + ]; + + programs = { + neovim = { + enable = true; + defaultEditor = true; + }; + lazygit.enable = true; + fish.enable = true; + starship.enable = true; + tmux.enable = true; + direnv.enable = true; + ripgrep.enable = true; + + btop.enable = true; + + # OCaml fails to build on aarch64-linux + git.patdiff.enable = lib.mkForce false; + }; + + services = { + gpg-agent.enable = true; + }; +} diff --git a/nix/configurations/hydrogen/nixos/connectivity.nix b/nix/configurations/hydrogen/nixos/connectivity.nix new file mode 100644 index 00000000..2f24dbb5 --- /dev/null +++ b/nix/configurations/hydrogen/nixos/connectivity.nix @@ -0,0 +1,71 @@ +{ + config, + lib, + ... +}: { + # https://unix.stackexchange.com/questions/592775/how-can-i-enable-apple-ios-fast-charge-support + services.udev.extraRules = '' + SUBSYSTEM=="usb", ACTION=="add", DRIVER=="apple-mfi-fastcharge", RUN+="/bin/sh -c 'echo Fast > /sys/class/power_supply/apple_mfi_fastcharge/charge_type'" + ''; + + users.users.root.openssh.authorizedKeys.keys = let + ids = import ../../../identities.nix; + in + builtins.concatMap builtins.attrValues (builtins.attrValues ids); + + networking = { + networkmanager.enable = lib.mkForce false; + + firewall.allowedTCPPorts = [ + 8080 + + # For 'localsend' + # https://github.com/localsend/localsend?tab=readme-ov-file#setup + 53317 + ]; + + # To enable roaming https://wiki.archlinux.org/title/Wpa_supplicant#Roaming + wireless = { + enable = true; + userControlled.enable = true; + secretsFile = config.age.secrets.wpa_password.path; + scanOnLowSignal = false; + networks = let + # wpa_supplicant uses `strchr` to seek to the first `=`, so the only forbidden character is `=`. + escapePwdKey = lib.replaceStrings ["="] ["_"]; + + fromList = ns: let + go = networkArgs @ { + ssid, + # Custom fields wrapping nixpkgs module options + hasPassword ? false, + scanOnLowSignal ? false, + randomizeMac ? false, + ... + }: { + ${ssid} = lib.mkMerge [ + (builtins.removeAttrs networkArgs ["ssid" "hasPassword" "scanOnLowSignal" "randomizeMac"]) + (lib.optionalAttrs hasPassword { + pskRaw = "ext:${escapePwdKey ssid}"; + }) + (lib.optionalAttrs scanOnLowSignal { + extraConfig = '' + bgscan="simple:30:-70:3600" + ''; + }) + (lib.optionalAttrs randomizeMac { + extraConfig = '' + mac_addr=1 + ''; + }) + ]; + }; + in + lib.mkMerge (map go ns); + in + fromList (import ./connectivity/networks.nix); + }; + }; + + hardware.bluetooth.enable = true; +} diff --git a/nix/configurations/hydrogen/nixos/connectivity/networks.nix b/nix/configurations/hydrogen/nixos/connectivity/networks.nix new file mode 100644 index 00000000..e87052ce --- /dev/null +++ b/nix/configurations/hydrogen/nixos/connectivity/networks.nix @@ -0,0 +1,97 @@ +let + preferredPriority = 20; + privatePriority = 10; + limitedPriority = -10; +in [ + { + ssid = "~"; + priority = preferredPriority; + hasPassword = true; + } + { + ssid = "Pei’s Wifi"; + priority = privatePriority; + hasPassword = true; + } + { + ssid = "girlypop-net"; + priority = privatePriority; + hasPassword = true; + } + + { + ssid = "annapurna"; + priority = privatePriority; + hasPassword = true; + scanOnLowSignal = true; + } + { + ssid = "5526-1"; # TODO: set bssid preference ? + priority = privatePriority; + hasPassword = true; + } + + { + ssid = "eduroam"; + priority = privatePriority; + scanOnLowSignal = true; + + authProtocols = ["WPA-EAP"]; + auth = '' + pairwise=CCMP + group=CCMP TKIP + eap=PEAP + ca_cert="${./universite_de_rennes.pem}" + identity="ychiang@etudiant.univ-rennes.fr" + altsubject_match="DNS:radius.univ-rennes1.fr;DNS:radius1.univ-rennes1.fr;DNS:radius2.univ-rennes1.fr;DNS:vmradius-psf1.univ-rennes1.fr;DNS:vmradius-psf2.univ-rennes1.fr" + phase2="auth=MSCHAPV2" + password=ext:EDUROAM + anonymous_identity="anonymous@univ-rennes.fr" + ''; + } + + { + ssid = "A-WAY"; + priority = privatePriority; + hasPassword = true; + randomizeMac = true; + } + { + ssid = "CAT.jpgcafe"; + priority = privatePriority; + hasPassword = true; + randomizeMac = true; + } + { + ssid = "LOUISA"; # 區公所 + priority = privatePriority; + hasPassword = true; + randomizeMac = true; + } + { + ssid = "LouisaCoffee"; # 七張 + priority = privatePriority; + hasPassword = true; + randomizeMac = true; + } + { + ssid = "MetroTaipei x Louisa"; # 大安 + priority = privatePriority; + hasPassword = true; + randomizeMac = true; + } + + {ssid = "_SNCF_WIFI_INOUI";} + {ssid = "_WIFI_LYRIA";} + {ssid = "EurostarTrainsWiFi";} + {ssid = "SBB-FREE";} + {ssid = "AOT Airport Free Wi-Fi by NT";} + {ssid = "NewTaipei";} + {ssid = "Fami-WiFi";} + + { + ssid = "iPhone de Léana 江"; + priority = limitedPriority; + hasPassword = true; + } +] diff --git a/nix/configurations/hydrogen/nixos/connectivity/universite_de_rennes.pem b/nix/configurations/hydrogen/nixos/connectivity/universite_de_rennes.pem new file mode 100644 index 00000000..ac4d2e1f --- /dev/null +++ b/nix/configurations/hydrogen/nixos/connectivity/universite_de_rennes.pem @@ -0,0 +1,97 @@ +-----BEGIN CERTIFICATE----- +MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb +MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow +GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj +YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM +GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua +BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe +3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 +YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR +rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm +ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU +oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF +MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v +QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t +b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF +AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q +GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz +Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 +G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi +l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 +smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7 +MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD +VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE +AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4 +MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5 +MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO +ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI +s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG +vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ +Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb +IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0 +tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E +xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV +icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5 +D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ +WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ +5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG +KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg +EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID +ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG +BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t +L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr +BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA +A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+ +rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+ +/czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA +CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F +zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA +vGp4z7h/jnZymQyd/teRCBaho1+V +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIG5TCCBM2gAwIBAgIRANpDvROb0li7TdYcrMTz2+AwDQYJKoZIhvcNAQEMBQAw +gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK +ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD +VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIw +MDIxODAwMDAwMFoXDTMzMDUwMTIzNTk1OVowRDELMAkGA1UEBhMCTkwxGTAXBgNV +BAoTEEdFQU5UIFZlcmVuaWdpbmcxGjAYBgNVBAMTEUdFQU5UIE9WIFJTQSBDQSA0 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApYhi1aEiPsg9ZKRMAw9Q +r8Mthsr6R20VSfFeh7TgwtLQi6RSRLOh4or4EMG/1th8lijv7xnBMVZkTysFiPmT +PiLOfvz+QwO1NwjvgY+Jrs7fSoVA/TQkXzcxu4Tl3WHi+qJmKLJVu/JOuHud6mOp +LWkIbhODSzOxANJ24IGPx9h4OXDyy6/342eE6UPXCtJ8AzeumTG6Dfv5KVx24lCF +TGUzHUB+j+g0lSKg/Sf1OzgCajJV9enmZ/84ydh48wPp6vbWf1H0O3Rd3LhpMSVn +TqFTLKZSbQeLcx/l9DOKZfBCC9ghWxsgTqW9gQ7v3T3aIfSaVC9rnwVxO0VjmDdP +FNbdoxnh0zYwf45nV1QQgpRwZJ93yWedhp4ch1a6Ajwqs+wv4mZzmBSjovtV0mKw +d+CQbSToalEUP4QeJq4Udz5WNmNMI4OYP6cgrnlJ50aa0DZPlJqrKQPGL69KQQz1 +2WgxvhCuVU70y6ZWAPopBa1ykbsttpLxADZre5cH573lIuLHdjx7NjpYIXRx2+QJ +URnX2qx37eZIxYXz8ggM+wXH6RDbU3V2o5DP67hXPHSAbA+p0orjAocpk2osxHKo +NSE3LCjNx8WVdxnXvuQ28tKdaK69knfm3bB7xpdfsNNTPH9ElcjscWZxpeZ5Iij8 +lyrCG1z0vSWtSBsgSnUyG/sCAwEAAaOCAYswggGHMB8GA1UdIwQYMBaAFFN5v1qq +K0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQWBBRvHTVJEGwy+lmgnryK6B+VvnF6DDAO +BgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggr +BgEFBQcDAQYIKwYBBQUHAwIwOAYDVR0gBDEwLzAtBgRVHSAAMCUwIwYIKwYBBQUH +AgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMFAGA1UdHwRJMEcwRaBDoEGGP2h0 +dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9u +QXV0aG9yaXR5LmNybDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6 +Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAl +BggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0B +AQwFAAOCAgEAUtlC3e0xj/1BMfPhdQhUXeLjb0xp8UE28kzWE5xDzGKbfGgnrT2R +lw5gLIx+/cNVrad//+MrpTppMlxq59AsXYZW3xRasrvkjGfNR3vt/1RAl8iI31lG +hIg6dfIX5N4esLkrQeN8HiyHKH6khm4966IkVVtnxz5CgUPqEYn4eQ+4eeESrWBh +AqXaiv7HRvpsdwLYekAhnrlGpioZ/CJIT2PTTxf+GHM6cuUnNqdUzfvrQgA8kt1/ +ASXx2od/M+c8nlJqrGz29lrJveJOSEMX0c/ts02WhsfMhkYa6XujUZLmvR1Eq08r +48/EZ4l+t5L4wt0DV8VaPbsEBF1EOFpz/YS2H6mSwcFaNJbnYqqJHIvm3PLJHkFm +EoLXRVrQXdCT+3wgBfgU6heCV5CYBz/YkrdWES7tiiT8sVUDqXmVlTsbiRNiyLs2 +bmEWWFUl76jViIJog5fongEqN3jLIGTG/mXrJT1UyymIcobnIGrbwwRVz/mpFQo0 +vBYIi1k2ThVh0Dx88BbF9YiP84dd8Fkn5wbE6FxXYJ287qfRTgmhePecPc73Yrzt +apdRcsKVGkOpaTIJP/l+lAHRLZxk/dUtyN95G++bOSQqnOCpVPabUGl2E/OEyFrp +Ipwgu2L/WJclvd6g+ZA/iWkLSMcpnFb+uX6QBqvD6+RNxul1FaB5iHY= +-----END CERTIFICATE----- + diff --git a/nix/configurations/hydrogen/nixos/misc.nix b/nix/configurations/hydrogen/nixos/misc.nix new file mode 100644 index 00000000..b8537a11 --- /dev/null +++ b/nix/configurations/hydrogen/nixos/misc.nix @@ -0,0 +1,10 @@ +{ + system.stateVersion = "25.05"; + + swapDevices = [ + { + device = "/var/swapfile"; + size = 1024; # MB + } + ]; +} diff --git a/nix/configurations/hydrogen/nixos/programs.nix b/nix/configurations/hydrogen/nixos/programs.nix new file mode 100644 index 00000000..0e605d66 --- /dev/null +++ b/nix/configurations/hydrogen/nixos/programs.nix @@ -0,0 +1,16 @@ +{pkgs, ...}: { + environment.systemPackages = [ + pkgs.man-pages + pkgs.man-pages-posix + ]; + + # + # Programs + # + programs = { + vim.enable = true; + vim.defaultEditor = true; + + git.enable = true; + }; +} diff --git a/nix/configurations/hydrogen/nixos/secure_dns.nix b/nix/configurations/hydrogen/nixos/secure_dns.nix new file mode 100644 index 00000000..1aeeff7f --- /dev/null +++ b/nix/configurations/hydrogen/nixos/secure_dns.nix @@ -0,0 +1,57 @@ +# https://nixos.wiki/wiki/Encrypted_DNS +{ + lib, + pkgs, + ... +}: { + networking = { + nameservers = ["127.0.0.1" "::1"]; + dhcpcd.extraConfig = "nohook resolv.conf"; + # networkmanager.dns = "none"; + }; + + services.resolved.enable = false; + + services.dnscrypt-proxy2 = { + enable = true; + # Settings reference: + # https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml + settings = { + listen_addresses = ["127.0.0.1:53"]; + ipv4_servers = true; + + require_dnssec = true; + require_nolog = true; + require_nofilter = true; + + lb_strategy = "p2"; + lb_estimator = true; + + # Blocklists are made of one pattern per line. + # https://github.com/DNSCrypt/dnscrypt-proxy/blob/fa59f990431a49b6485f63f96601bc7e64017bf8/dnscrypt-proxy/example-dnscrypt-proxy.toml#L583C4-L583C75 + blocked_names.blocked_names_file = pkgs.concatText "dnsblocklist_combined" [ + # Prevent building up reliance on chatbots + # Gotta preserve that thinking ability of my smoof bwain + pkgs.ai_blocklist + pkgs.hategroup_blocklist + + # Gotta purify my smoos brain for a while + (pkgs.writeText "extra_dns_blocklist" '' + instagram.com + youtube.com + '') + ]; + + # Add this to test if dnscrypt-proxy is actually used to resolve DNS requests + # query_log.file = "/var/log/dnscrypt-proxy/query.log"; + sources.public-resolvers = { + urls = [ + "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md" + "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md" + ]; + cache_file = "/var/cache/dnscrypt-proxy/public-resolvers.md"; + minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3"; + }; + }; + }; +} diff --git a/nix/configurations/vanadium/nixos/misc.nix b/nix/configurations/vanadium/nixos/misc.nix index db83b159..91579fc2 100644 --- a/nix/configurations/vanadium/nixos/misc.nix +++ b/nix/configurations/vanadium/nixos/misc.nix @@ -1,4 +1,4 @@ -{ +{config, ...}: { system.stateVersion = "24.11"; boot.loader = { @@ -13,4 +13,9 @@ # https://community.frame.work/t/stability-issues-random-crashes-reboots-and-boot-freezes/62675/4 "pcie_aspm=off" ]; + + # Cross building + # https://discourse.nixos.org/t/how-do-i-get-my-aarch64-linux-machine-to-build-x86-64-linux-extra-platforms-doesnt-seem-to-work/38106/2?u=leana8959 + boot.binfmt.emulatedSystems = ["aarch64-linux"]; + nix.settings.extra-platforms = config.boot.binfmt.emulatedSystems; } From 10066ca81e91efaedbe3dfdaec06cf9edf0d8bc8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sat, 1 Nov 2025 13:05:49 +0800 Subject: [PATCH 15/32] tree-wide: unify network settings across hosts --- .../hydrogen/nixos/connectivity.nix | 2 +- .../vanadium/nixos/connectivity.nix | 2 +- .../vanadium/nixos/connectivity/networks.nix | 97 ------------------- .../connectivity/universite_de_rennes.pem | 97 ------------------- .../nixos => }/connectivity/networks.nix | 0 .../connectivity/universite_de_rennes.pem | 0 6 files changed, 2 insertions(+), 196 deletions(-) delete mode 100644 nix/configurations/vanadium/nixos/connectivity/networks.nix delete mode 100644 nix/configurations/vanadium/nixos/connectivity/universite_de_rennes.pem rename nix/{configurations/hydrogen/nixos => }/connectivity/networks.nix (100%) rename nix/{configurations/hydrogen/nixos => }/connectivity/universite_de_rennes.pem (100%) diff --git a/nix/configurations/hydrogen/nixos/connectivity.nix b/nix/configurations/hydrogen/nixos/connectivity.nix index 2f24dbb5..2c04b047 100644 --- a/nix/configurations/hydrogen/nixos/connectivity.nix +++ b/nix/configurations/hydrogen/nixos/connectivity.nix @@ -63,7 +63,7 @@ in lib.mkMerge (map go ns); in - fromList (import ./connectivity/networks.nix); + fromList (import ../../../connectivity/networks.nix); }; }; diff --git a/nix/configurations/vanadium/nixos/connectivity.nix b/nix/configurations/vanadium/nixos/connectivity.nix index 5a0891fc..ab4aa177 100644 --- a/nix/configurations/vanadium/nixos/connectivity.nix +++ b/nix/configurations/vanadium/nixos/connectivity.nix @@ -70,7 +70,7 @@ in lib.mkMerge (map go ns); in - fromList (import ./connectivity/networks.nix); + fromList (import ../../../connectivity/networks.nix); }; }; diff --git a/nix/configurations/vanadium/nixos/connectivity/networks.nix b/nix/configurations/vanadium/nixos/connectivity/networks.nix deleted file mode 100644 index e87052ce..00000000 --- a/nix/configurations/vanadium/nixos/connectivity/networks.nix +++ /dev/null @@ -1,97 +0,0 @@ -let - preferredPriority = 20; - privatePriority = 10; - limitedPriority = -10; -in [ - { - ssid = "~"; - priority = preferredPriority; - hasPassword = true; - } - { - ssid = "Pei’s Wifi"; - priority = privatePriority; - hasPassword = true; - } - { - ssid = "girlypop-net"; - priority = privatePriority; - hasPassword = true; - } - - { - ssid = "annapurna"; - priority = privatePriority; - hasPassword = true; - scanOnLowSignal = true; - } - { - ssid = "5526-1"; # TODO: set bssid preference ? - priority = privatePriority; - hasPassword = true; - } - - { - ssid = "eduroam"; - priority = privatePriority; - scanOnLowSignal = true; - - authProtocols = ["WPA-EAP"]; - auth = '' - pairwise=CCMP - group=CCMP TKIP - eap=PEAP - ca_cert="${./universite_de_rennes.pem}" - identity="ychiang@etudiant.univ-rennes.fr" - altsubject_match="DNS:radius.univ-rennes1.fr;DNS:radius1.univ-rennes1.fr;DNS:radius2.univ-rennes1.fr;DNS:vmradius-psf1.univ-rennes1.fr;DNS:vmradius-psf2.univ-rennes1.fr" - phase2="auth=MSCHAPV2" - password=ext:EDUROAM - anonymous_identity="anonymous@univ-rennes.fr" - ''; - } - - { - ssid = "A-WAY"; - priority = privatePriority; - hasPassword = true; - randomizeMac = true; - } - { - ssid = "CAT.jpgcafe"; - priority = privatePriority; - hasPassword = true; - randomizeMac = true; - } - { - ssid = "LOUISA"; # 區公所 - priority = privatePriority; - hasPassword = true; - randomizeMac = true; - } - { - ssid = "LouisaCoffee"; # 七張 - priority = privatePriority; - hasPassword = true; - randomizeMac = true; - } - { - ssid = "MetroTaipei x Louisa"; # 大安 - priority = privatePriority; - hasPassword = true; - randomizeMac = true; - } - - {ssid = "_SNCF_WIFI_INOUI";} - {ssid = "_WIFI_LYRIA";} - {ssid = "EurostarTrainsWiFi";} - {ssid = "SBB-FREE";} - {ssid = "AOT Airport Free Wi-Fi by NT";} - {ssid = "NewTaipei";} - {ssid = "Fami-WiFi";} - - { - ssid = "iPhone de Léana 江"; - priority = limitedPriority; - hasPassword = true; - } -] diff --git a/nix/configurations/vanadium/nixos/connectivity/universite_de_rennes.pem b/nix/configurations/vanadium/nixos/connectivity/universite_de_rennes.pem deleted file mode 100644 index ac4d2e1f..00000000 --- a/nix/configurations/vanadium/nixos/connectivity/universite_de_rennes.pem +++ /dev/null @@ -1,97 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb -MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow -GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj -YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL -MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE -BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM -GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua -BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe -3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 -YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR -rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm -ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU -oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF -MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v -QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t -b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF -AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q -GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz -Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 -G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi -l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 -smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7 -MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD -VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE -AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4 -MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5 -MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO -ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0 -aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI -s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG -vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ -Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb -IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0 -tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E -xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV -icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5 -D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ -WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ -5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG -KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg -EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID -ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG -BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t -L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr -BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA -A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+ -rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+ -/czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA -CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F -zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA -vGp4z7h/jnZymQyd/teRCBaho1+V ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIG5TCCBM2gAwIBAgIRANpDvROb0li7TdYcrMTz2+AwDQYJKoZIhvcNAQEMBQAw -gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK -ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD -VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIw -MDIxODAwMDAwMFoXDTMzMDUwMTIzNTk1OVowRDELMAkGA1UEBhMCTkwxGTAXBgNV -BAoTEEdFQU5UIFZlcmVuaWdpbmcxGjAYBgNVBAMTEUdFQU5UIE9WIFJTQSBDQSA0 -MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApYhi1aEiPsg9ZKRMAw9Q -r8Mthsr6R20VSfFeh7TgwtLQi6RSRLOh4or4EMG/1th8lijv7xnBMVZkTysFiPmT -PiLOfvz+QwO1NwjvgY+Jrs7fSoVA/TQkXzcxu4Tl3WHi+qJmKLJVu/JOuHud6mOp -LWkIbhODSzOxANJ24IGPx9h4OXDyy6/342eE6UPXCtJ8AzeumTG6Dfv5KVx24lCF -TGUzHUB+j+g0lSKg/Sf1OzgCajJV9enmZ/84ydh48wPp6vbWf1H0O3Rd3LhpMSVn -TqFTLKZSbQeLcx/l9DOKZfBCC9ghWxsgTqW9gQ7v3T3aIfSaVC9rnwVxO0VjmDdP -FNbdoxnh0zYwf45nV1QQgpRwZJ93yWedhp4ch1a6Ajwqs+wv4mZzmBSjovtV0mKw -d+CQbSToalEUP4QeJq4Udz5WNmNMI4OYP6cgrnlJ50aa0DZPlJqrKQPGL69KQQz1 -2WgxvhCuVU70y6ZWAPopBa1ykbsttpLxADZre5cH573lIuLHdjx7NjpYIXRx2+QJ -URnX2qx37eZIxYXz8ggM+wXH6RDbU3V2o5DP67hXPHSAbA+p0orjAocpk2osxHKo -NSE3LCjNx8WVdxnXvuQ28tKdaK69knfm3bB7xpdfsNNTPH9ElcjscWZxpeZ5Iij8 -lyrCG1z0vSWtSBsgSnUyG/sCAwEAAaOCAYswggGHMB8GA1UdIwQYMBaAFFN5v1qq -K0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQWBBRvHTVJEGwy+lmgnryK6B+VvnF6DDAO -BgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggr -BgEFBQcDAQYIKwYBBQUHAwIwOAYDVR0gBDEwLzAtBgRVHSAAMCUwIwYIKwYBBQUH -AgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMFAGA1UdHwRJMEcwRaBDoEGGP2h0 -dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9u -QXV0aG9yaXR5LmNybDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6 -Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAl -BggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0B -AQwFAAOCAgEAUtlC3e0xj/1BMfPhdQhUXeLjb0xp8UE28kzWE5xDzGKbfGgnrT2R -lw5gLIx+/cNVrad//+MrpTppMlxq59AsXYZW3xRasrvkjGfNR3vt/1RAl8iI31lG -hIg6dfIX5N4esLkrQeN8HiyHKH6khm4966IkVVtnxz5CgUPqEYn4eQ+4eeESrWBh -AqXaiv7HRvpsdwLYekAhnrlGpioZ/CJIT2PTTxf+GHM6cuUnNqdUzfvrQgA8kt1/ -ASXx2od/M+c8nlJqrGz29lrJveJOSEMX0c/ts02WhsfMhkYa6XujUZLmvR1Eq08r -48/EZ4l+t5L4wt0DV8VaPbsEBF1EOFpz/YS2H6mSwcFaNJbnYqqJHIvm3PLJHkFm -EoLXRVrQXdCT+3wgBfgU6heCV5CYBz/YkrdWES7tiiT8sVUDqXmVlTsbiRNiyLs2 -bmEWWFUl76jViIJog5fongEqN3jLIGTG/mXrJT1UyymIcobnIGrbwwRVz/mpFQo0 -vBYIi1k2ThVh0Dx88BbF9YiP84dd8Fkn5wbE6FxXYJ287qfRTgmhePecPc73Yrzt -apdRcsKVGkOpaTIJP/l+lAHRLZxk/dUtyN95G++bOSQqnOCpVPabUGl2E/OEyFrp -Ipwgu2L/WJclvd6g+ZA/iWkLSMcpnFb+uX6QBqvD6+RNxul1FaB5iHY= ------END CERTIFICATE----- - diff --git a/nix/configurations/hydrogen/nixos/connectivity/networks.nix b/nix/connectivity/networks.nix similarity index 100% rename from nix/configurations/hydrogen/nixos/connectivity/networks.nix rename to nix/connectivity/networks.nix diff --git a/nix/configurations/hydrogen/nixos/connectivity/universite_de_rennes.pem b/nix/connectivity/universite_de_rennes.pem similarity index 100% rename from nix/configurations/hydrogen/nixos/connectivity/universite_de_rennes.pem rename to nix/connectivity/universite_de_rennes.pem From 5ca93b040d3f8d9e108ef059206509c94bd8f604 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sat, 1 Nov 2025 14:07:00 +0800 Subject: [PATCH 16/32] hydrogen: allow missing modules Related to https://github.com/NixOS/nixpkgs/issues/154163#issuecomment-1350599022 --- nix/configurations/hydrogen/nixos/misc.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/nix/configurations/hydrogen/nixos/misc.nix b/nix/configurations/hydrogen/nixos/misc.nix index b8537a11..3cb2c3d4 100644 --- a/nix/configurations/hydrogen/nixos/misc.nix +++ b/nix/configurations/hydrogen/nixos/misc.nix @@ -7,4 +7,14 @@ size = 1024; # MB } ]; + + # Related https://github.com/NixOS/nixpkgs/issues/154163#issuecomment-1350599022 + # + # modprobe: FATAL: Module sun4i-drm not found in directory /nix/store/gvvwpdckzcr4iamp1iyrqw3nzb7bg6c4-linux-rpi-6.6.51-stable_20241008-modules/lib/modules/6.6.51 + nixpkgs.overlays = [ + (final: prev: { + makeModulesClosure = x: + prev.makeModulesClosure (x // {allowMissing = true;}); + }) + ]; } From eecff000f6713b8e2b21f0adb51888921e2f8c29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sat, 1 Nov 2025 17:42:31 +0800 Subject: [PATCH 17/32] nix/identities: add hydrogen --- nix/identities.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nix/identities.nix b/nix/identities.nix index 649c1ca8..e5789111 100644 --- a/nix/identities.nix +++ b/nix/identities.nix @@ -3,4 +3,8 @@ leana = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGPq2o9pbmLRGrOpAP76eYCAscmfakDC7wPm9fmsCCQM leana@vanadium"; root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDc55vENX+13c4s2w7zjTb8T/AnBnTi96yRC5+fy7Z2A root@vanadium"; }; + hydrogen = { + leana = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGILsk4f+Z3Dn1IBtAKwpQPBMO88LT/QnONYhSmH3kUm leana@hydrogen"; + root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMUqY9QNsUImaSRHR+jS04ffDtofPSwb1vHoBAoaoju root@hydrogen"; + }; } From 96f4a1aa859271fd3a81f14a34a971ae63aed1e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sat, 1 Nov 2025 18:02:39 +0800 Subject: [PATCH 18/32] agenix: rekey --- nix/secrets/four_pwd.age | 23 +++++++++++++---------- nix/secrets/hoot_token.age | Bin 541 -> 787 bytes nix/secrets/iambconfig.age | Bin 778 -> 1066 bytes nix/secrets/parrot_token.age | Bin 573 -> 800 bytes nix/secrets/restic_backblaze_env.age | Bin 495 -> 779 bytes nix/secrets/restic_backblaze_pwd.age | 20 ++++++++++++-------- nix/secrets/restic_backblaze_repo.age | Bin 481 -> 707 bytes nix/secrets/restic_four_pwd.age | 23 ++++++++++++++--------- nix/secrets/restic_sgbk_pwd.age | 22 +++++++++++++--------- nix/secrets/sgbk_pwd.age | 23 ++++++++++++++--------- nix/secrets/sshconfig.age | Bin 848 -> 1052 bytes nix/secrets/two_pwd.age | 21 ++++++++++++--------- nix/secrets/typst-bot_token.age | Bin 483 -> 740 bytes nix/secrets/wpa_password.age | Bin 717 -> 957 bytes 14 files changed, 78 insertions(+), 54 deletions(-) diff --git a/nix/secrets/four_pwd.age b/nix/secrets/four_pwd.age index 2ca25498..03151a9d 100644 --- a/nix/secrets/four_pwd.age +++ b/nix/secrets/four_pwd.age @@ -1,11 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 7owkuQ WbwyERolRsVLr0HxjKOzEPdaxegb+l+BESYvmMhtzXc -2CDufbW6viuui2Oqmgo/Fd23tQxJJMnFEgmaz0hYn+E --> ssh-ed25519 yg55bA qyqMmtbigot7wP0FuWNQ4mDd6GtSqECCTjf9E5r57HQ -VVYdcCpjGC0TeCoM0r1Ei/kCrYtCN55Kitr5KhyuNXU --> 9"tCN!-grease y p32_~6 -Eer9vu1p9YYXVrYVnRgnlb3htCmnM7sGcbSE9dwLMchbMYnxUNLZ2U9YQscGe4+G -9d1XaRMAKxPmALzNqap3WSbcEZLTmw ---- OfKe6yO+TKKai6mRvprUxhgq5smJqtYMLh1wT26YtlQ -Umt -sCLwǂ^  >EO?C_F \ No newline at end of file +-> ssh-ed25519 nTBfeQ 3cJ44xrQYYOSsoSnC4NB10kGVhVzTLEmsmZ4/bhVDCo +2QfkxWY+dDBD8qiiGsgETyvg5s3rWQk+OKEbz1Y306g +-> ssh-ed25519 ZyUiqQ 7yPOKYPKHW5rv7bhrf9hqVQqiYLhw41p0TcM1Pr9Fgk +NLcSlhWt50oH+TaZQabcuCdsfAli9txSWi09HbZxYB8 +-> ssh-ed25519 7owkuQ 4dtHY/OoysgE1/9E0au9wX2p32SOHaih6LxB0nL2/x8 +u39WtAr4oglV+GejfUaYCPi3UO1clfdtxvWDChABegY +-> ssh-ed25519 yg55bA nz2F//gHxAlroGuILx7saa/G9JKWETygOX0OKkOc72c +YmWCpaNTHONFzv+q+jxKlZ8mZz0PdKRPfRYcmniiTsE +-> }O<\$-grease N9F`H +oIL2uzWF13AsbFs//Qj5sr4jcCKtW/zZTKMKwwOWS8R6zpQ8mXQt127C0aj0v1cY +gjRD6hzIqsFZxHrC0ec +--- 0zFGfhx40IkxMvcyuDZ1aJ9hsIJnoCbpHXmxCPcgbDY +1Zx?wXlI7KlYs^jf{195]dF R 5?=te1>&΋C| \ No newline at end of file diff --git a/nix/secrets/hoot_token.age b/nix/secrets/hoot_token.age index 76995e5c249e96135255cd2e0763d1c7c142aa53..eedb07856f75c4c2fd4d917327749925fb475b6d 100644 GIT binary patch literal 787 zcmZXQ%Zt=@0DxDqQbzIAVkuoV_OfN;xOq%6Ga$<*lX+w^lbK|b-6XKoO!Avd9+S)@ zlgGp^i1gs4Cl9s?+X{*cUKQF)DIP==L8{$tDM%5d7mpr#tJ|yn2fmN*(=AX0z7ftR zGdu9l1);T?poQWZ6h)&VFfoEatB^0zLm)skVCR%Vrh+WME!vv~olSEPW(e!ySR^ED z+?E)$tAN~53mdfM57}vd?xHf;--0_SKkJIPFLJcWkdYQek&pfX)h2o~)2}F-nGwYNW;j8VJfbz9s#OKtj&fS%%Gv+g<`zK=D99&}EOML- z4$8XTv!?@tvBM$RLkP?4#*(SYqtMpI=pe5bWOpm|OszsysYbIrHkF9TFuo-T94>4q zyq7g3%-4VcNcF$AFD}4ED+GE3pfAtwYzx#fBqorsLTpL}81C0Xo@&BnH8ZN{R33;F zjd5l$9ok-OWT1_B^O2aMvs7=?Xr|+ZTLDrE)re2V!Xe+nL|tNMO5UYwrGBgsIN!$d zi9WB@T9tN#v-y#z#9661?3H9qHV$VMi$zGDwiGk1s_DE_kE<5rPCBR)b9A$hr~D*t zMxesbD!?|hZeeuu8EzO+Yo*kUNf9r#f-X6L0OFx_id;eTK{yhEm#FNi&FMOw-g4b>2 u!xInwa2J?<+y85A@ngZ<9{jYr`^&?7$)7LJ?n*cQ-Z}R4)ATbKTzLlu@C|PO delta 496 zcmVXH9~MtZ&Ph|GD%WL zG&xOeGgo&~LpfA;3R*FDYDh{>T6R%RNmX}eZ$>aHaxh9oRz_xLG+`@PFHu1P7wOIC4bT0}=hR#$KRbe)HO)?5c1<%iWixh9 zL~MFTbvR9Pa#0E`EiE8%Z8tAzR(N7jXL3SrZ%%SYa8P zFJ*99e>rCg_k3AUg@6P~)@48@*?v`=8rF$Oasvn!xjKZwFyoV8Yu>GIi(|F zB%jsXIXjmmfe@0{s_iKq0;zmHeNqU8P|~54$03_BL&Aas#$CzMVF&EXxGWVX+EQKv>P=}ne2$1EXKU3Fa{RwH8JL!^JmXC<0AfUUqqTsi z4r{3mDnt!Bj)OClMG+=dA<96r1fr2ERZtMMq7gxCWL#EUuFL9;U`Q!7C!K1WFOTSj zbVJg@Mp$uJ{yMhm%=h%K+?n0i$6PqvG*#NZ@izwYTmER= zP*-uUHdcA-L|b;XXDW7zuNql^vCUgHIPNWC{bki#fiJE-JaRD0)|AIrw)H;Ba4RpU zibjj zN;WG{WOiXgMPpG_3OF)QN_8+VZg*@iI97U7Z)jRGb97QMI5KB5Of*a~L3T|~b8%`~ zQ%zS@lV1TBe@ay}XiG{?bwPMoXg63wPjys6d0}g8XmC?!LSt}NRd!)?GfFZqPcyBH!yKQN>Nu=SXNGAF;PNKaZ*@hNpVY5WJ^jx3N1b$UnXWP zXL4m>b7de+OJg8YVIm?lWo{rxE_FU2d_-&tcxFR4e`r}RP*G6|EiEk|T2gv2aYu7w zQ!!$9LpEhlK~YmpVr@(^O-C?kO)q&+F++25Qb<-YRzXb)h+ArbMW1cVxwp5lUvpTW=iiP|48)rV@(pPy68?uU4x_X-PDNrvL|P# zim-V|-}cGWY3za0ukmVu6a!-i87I0KKx_dZGaoj-*)R;P4c|l`8<;2?IP7jJd#esd zikd-(QO!`Hv(PyqTb}0108k-&s=ou$@S*cT=_^9tFwURiBrFgOPE4%~-!7mCePm!ECoLE7e5^YWw3H@_z+ zxWP_?2?{Erpm=bCYzQI`@!0GN4AE#i2g3cEs0*I3vx(=@4T1up7y>{zPApD&xQQz$Gl@Wp1lvpE!O53Z~OVG+hqyd>*?(m|7lOEwW=8+jyEa3GV zq&DV&tdf{qlVpVXTqC@AC1hb1<#>IVL{vLyl|hOQk(O#jaa$nStius4I@QI9Z}dQe zg}@|0EL3s)7Fh61*W4OrJT>j7cgYD#-p3&)0%hEm}?MBLuk zh!lk{jmt7pA#DlKH81mL4&N{)-4V_}Jxj6>qFgT}gfOU!7~5~nYPp%-7~hm#85t;hnW&akd9HZ2Xsy}+DV@jtf@VwCK*NHc{sR-*D>+clJEB|M_Y2wYR6Le~2GW?!UEkJU#ZqTjk5n{l&}GzwSPH_REf~+vV|& ztve4EzJ4EE-F9hlbW&qJN3WpO0be+?{XM IPIlLS0`nUl1poj5 delta 528 zcmV+r0`L8x2E7E3C0;jgcWZS~AZIHtdU{MzX-IWxbzyZ_P&8I{P*_(+cx`xCIZkGD za#L(LIA%^`cXvZH3Qsj_Q89T;GfiY{cxzH?Zdg-vS}Rd{O+$4_L`F+9F?Kk2G+A~> zSVu)PlV1TBe@9L-MRj*oRdhm5F>p9_IBhUTXl^h_MNl+(PIXy&G;}Z&qqgNl8*`Vn}IWa#T@wF)~&PYfLvnQZ_|eQbBV?aBXiySyoP3a#VA0Z)Z_7 zYeY+FGD~w&Qg2RmWo>CxMP~{vEiE8dF;i_%HghXiQdc!*cz14PQ7}zKb~Q(OVn$;$ zNmwv&e@MrZ7-LH4)j+ zj#@HqmIUJl@QAn*c`V#r5od_%vj|gU;5mkIj);wKi0Z}ZwdFr3IaSb*pF~Pete+Ed zq$u@bw9Y1ILQ%cT2)ta(cE$FNaP(beZCOkDCWrqSyvNPOp73DL1ylTBF`m~J3E$m7 SAP@fjDAoEe?`2ty$WSoEh{;|6 diff --git a/nix/secrets/restic_backblaze_env.age b/nix/secrets/restic_backblaze_env.age index 1c5a33d1f9d979a015fade7f151d4c91f17f7cc9..c8d39238603d95a0838eabf291564d12d903e801 100644 GIT binary patch literal 779 zcmZ9_&8yP}008jIm=KhS;@$>h=A>Y)Nt&;QfwO6wyu5t3jcGF&CTYH!uQqMkCYLFQ zP7(3=o<1KaI}H>M!Wg`{T?7wK2A&4+9fDJM2vAs$aDUFPekFY4VU(sS*w6tSI~QE0(L1=&VaT1Bl7 zSxMN&j3lGHcGOZ6M)K@NOf)SyhyM4Y)h-P5mbsgAtr}jT?30F&1WXoWrei8%m*r3s zg^YMqNNqAj+dDThU4*#`qNCv|<3(#r0g^bl?Uo!VVH8ZaW{jNHi9s6DPMyHCT$=)2 zQyOGuqSW}>TtV#ornw^WZw{t5z9Jd-^iU?Y%_yjsaBOBq2 zc#UEBt`M{ePjO-r;vI^Ur2bf2#em8z4=vMVr~ZIYTs_vtSp(PbiigCsUTJcDE(i^c zX3LrVe#5!6y?UhTWsW&@z^=yk;ICR>xrD)^77KLy0x^;WrG~UIFI}4=jE&lUqwMM9 zP8}kXWi(w5ixI*w7;GpF delta 449 zcmV;y0Y3hV2JZuqC0;jgcWZS~AZ%)6Pi8|_Y&dRMV_H{6S$afGGI2*za#&edct|f% zc}I6aXmM{;OhRf^3VJI?GE{m?FgH$1S66RURBlN*HfVG~M`~zuH)}_AS6NAFHAzEO zO?Y}ylV1TBe`IDwNk(@}Sa>yaY7> ssh-ed25519 7owkuQ q458BCC+1ChqixcO2bMdBMktANq3d3nwzvs8hb9ityM -FjbGE5gA0lvPg0Ybp3WyqrfzmF9b7LsMp24vv/5hRHo --> ssh-ed25519 yg55bA lNCW4DBdwsFxGhw75WAUOTRkbY7ljMilARPNdI4sFTk -zULx2aX+PHxOEPyYfGEJEugaYHUwgBFminlXybrrTSo --> .C(--grease Mk?! JvhX04'M -s8AZa58 ---- Ja48d/9lY/dhamU1RxGqpweLwGI6Y/rr9npilNd9cp4 -eJ#tql DvΎa=uԢ8k&4J4G \ No newline at end of file +-> ssh-ed25519 nTBfeQ xYRX4OrYPpk9cGLUQiRwXhRjEa9q8DPICmZlZzVuFR0 +p7OLGY6D4+baAG4Hw/psfBLxh1o0r5/Eig13xLzYEbk +-> ssh-ed25519 ZyUiqQ h2Rj55VSVJCoCEuRVb84lQOSEu+sQmzD2HYtnQL2nno +/tZcVl63xtgMizeR4XT9TNuEy4PiVzuivBRNeqMCmUk +-> ssh-ed25519 7owkuQ tmDWdoTuklKcXo/dBfnkDPhU/qiZwvuxhOPoTg0vrGQ ++IpHJVmei6KG+Z1zs9jHP6lZ3V8o2PzeNNEWIZ9O078 +-> ssh-ed25519 yg55bA tnZhRsP6q2a20CnwwAKkJhYcDbJZqneNW00XsohhKHw +D3K1r1EStIR/3yOSZgbC5NHzxWTqnP9Sek7EXMsR0qg +-> R1{-grease z'2CN;N H~68M@*y K.[c- DJ2t +WH616XCC0SyYSpUIzT/43oOUqIfFrYTS8QOJnuvImqYxqGCBISsYfQ +--- OweZPMHb12leVVGJ5jEQcpe7AfKcxIgEh7jihDBCDi0 +wGxE艓DB%[M^ܔTNy)}HREu <7p} \ No newline at end of file diff --git a/nix/secrets/restic_backblaze_repo.age b/nix/secrets/restic_backblaze_repo.age index 167e78cd3acf345c47547dbded638d616e0c64d7..bf1bb3029d276ae75b99f4da4429dc0b6828d52b 100644 GIT binary patch literal 707 zcmZ9_JB!l*007{{DIVx14nh#_9BNI|HchJ{m!xTvOOvK~r-+&~Y2Hbjv`teHTm?Pw zCgCO#U(+ov3c83KI5`PUhae(?i-MpasOx=y;4>V%Y{#Rtn9RH+K9{5pw19!~B{0j} zvTaon1a5(`gpch3Sk+>L6!1VSV4a&1C^QeT@sNolmqCXetljd-2~VkFNhE<;%Xdpk z%`ZW7wYfrZxP>lJ#tZ7>A<+oUsD-uy78%p&B00Pb3)!3g+sp;yEtJCbrmpQ6xS5F& zT9IOx>SgUQiI9QP9?^?@e-YX`R*~S)VS(17G0rryCyp=! zqL&jqN^7IQ;d8>{VrgrI$yPg}%{XpmhquB(5EBDgQTJJoMrsZ;h$};0b1DtKLdCL` zJa&+_Voofvi&zw?CYIPYT}B*@>s$S9#WPrq3!`RG zwfRzg<>^}8&GcqxR`>%Akmw$kB>_+_mqEwSwTa@hCXNTZI;Y7&K>ETUc0I(XH^W&Y zf=3aL+5$fSKI|}?LZp1V`*UOM*^iU*?a8BiujbnB<>p8J)BW@5t>x>dZ`N(yJn`}! z@bKWyleII)&z|1i+rRQ>_gM2_`}1@4`r8M;U!2pmbC0#dfcWZS~AZ0~EX-j%cQcW~PR&+#9ZgOQuHg!cfZbNBpVJ~t< zXHI2iNLFl6Pk4EA3Tk3?Q#3+&Phn+vd2e?|D=SZFHFHZzYEVjbNNi?JR!mr8azrpj zT6$QMUI7??cX@PLPfa;fax!*hdO|o*ad${)VrOY@Y+*DuRb??`Z#GwHdTUl$Lq=5! zNJw)^NNR3QG+}ZyaY{``Qfy5*Gh}f`cQZm`S3*u}a!F1?bu%|;H&IavEj}P~RA)hF zRA?<{a%Ew2Wgt%=b0>9i3U5b8T695DFfn&HOnGO2aydhEXH0EGPc~RcPhv<>Wl(T0 zPEKr3Sz<_6QA9E@buedQaw|}8PDgA+ZedO^GHMDkK?*G`Eg&yzFH=xQK~XeqG)q!2 zPgPS)c1~<%Z%s>4OmIvwX*n-BFgY(nD{^U2Q3{4)Y{&s+2H`-%a@^ub#ZcPD>l5i6 z4U_IkF=M!FGw&r)p>>Fd%$WSNQ;`xT!YR!ux0i9`JkXGGMCG~ZsBi5#cxHR9%bq;l c_ofBGRCGjPGVSg=2Et8?loNmej`31f$tdTau>b%7 diff --git a/nix/secrets/restic_four_pwd.age b/nix/secrets/restic_four_pwd.age index 46b980de..4ee3e707 100644 --- a/nix/secrets/restic_four_pwd.age +++ b/nix/secrets/restic_four_pwd.age @@ -1,10 +1,15 @@ age-encryption.org/v1 --> ssh-ed25519 7owkuQ /LOUFKCJMDbwGmRbKmtA5YibEwXaC+bn3qzr2G5PNjU -8sFd/TH7CotBpgE9IcBUjpl1HQDoVWcBnKMs+65yWFM --> ssh-ed25519 yg55bA zfExS48sAVvVfmhoNjrqu7b6YBPF8Nj+Uz7LyAswexk -0m8ezLoCMw71c+HlEDgNA/V1IZeMsWu5MV+fvQEKsRA --> .5;c~,-grease M^}>kjw ;yYsB Z 1}Z@jDzv -2ZhEqtWhM/7boxsNVSQHc+eDs41VyWaj3JoyYPBdQf1Gm9OVToKAfM03EuTYKvGk -IgoyvRNeEsXRJA3gnApmlQC/gGsaR/bMs+/sDuZzsNpMo7cFjPcfQZ+TM3A ---- ACmisGCqSllpxxoCa1FKK79Jmf1TjNCcQe+ouccHttA -mm5f}r._%) 7G~}{ {oubN3@>V4:?, \ No newline at end of file +-> ssh-ed25519 nTBfeQ 8yNiMOP51a5F2mCuzSneDvzpd0lQlhcTthPJD1w8wmU +ZqVBEPtp8fK8fDe2F+770IaLQEJwf01ZX/ulf3xgwv0 +-> ssh-ed25519 ZyUiqQ hPTlrVUyC2iaK3XPNzoai6N81Vz1Mj/orj52HKLkals +dHiCnS4xtZ629UEfBhwQSD3HkRSALlDiYvyGGHmId34 +-> ssh-ed25519 7owkuQ dsMfFPbgmw+UYPbxBwMLuEGYB6oHONmd2R/h/mNwOA4 +bG6H71GHvhbobO/ZJ68Ihjf6YNV/W3Sq20PKBJjZyZ0 +-> ssh-ed25519 yg55bA 4c2vfb/3g5i4Icyyt2N2gbmzhlQO8HaYXU2jlqvC4nI +OFircIZDn9obQy0YBGtgDHTrUXOQwJfoYd0NWCbdlew +-> X~BYJa-grease +932lkfqsrPbCP9Td6KqW3cKp6gRsWZnfubh4ZXCI/kRUc+PylxlWqe0iTICABhDh +elZgTS7J+aTq9gi3hkqhdaLpPOX/QOwtfhsOxwxk8s9uvH1W1ZC+50YnCvN5s0Ed +LmVf +--- 18jrvwH6KppTpYHtfQV4sgw9xAN8bv6rbx+bDfvtQG4 +E5A޳xRJw|CYR-"Q3s;g]V \ No newline at end of file diff --git a/nix/secrets/restic_sgbk_pwd.age b/nix/secrets/restic_sgbk_pwd.age index 04cd71dc..27340ab6 100644 --- a/nix/secrets/restic_sgbk_pwd.age +++ b/nix/secrets/restic_sgbk_pwd.age @@ -1,10 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 7owkuQ 4qJGfzwkiTLxMp29ap8xS4Yrr4v5+WuEgR2l6kk1u3g -/ez+z5soKOZJYd1ETWcZ9WwGQkcI4hdOhS63oshjBWM --> ssh-ed25519 yg55bA is0cfph0fc3Yd4btpE4+HqN9YWWlkkQ9hj0LDtkCPwQ -K3zdjEN3dlTaticQtVi774mQOM1KUg+dk0JvjQxctnk --> zou8qv-grease $$C.n1_ # -N5iTy0ERftclPNDFgpa4ClqGCIvTDIKj03Iyzy+az2l3bs8MXUS/4hqh+uDCW3GG -t4gL59TG ---- U3g4gGvkEQKWkM6gMEA3AFK9y5y4i7jnoNWb7xgDqeo -(}A2t80_s#5kˀ|A&p@F#p \ No newline at end of file +-> ssh-ed25519 nTBfeQ fLqwnaqUg6u5ZOfyh8YazaTc3y4SbLdOlRqGu8YBB30 +5GX8Mdx4qNjky/vyj+kNiX6qYQ0yhSDkH2IoOD65HD4 +-> ssh-ed25519 ZyUiqQ B9NDw4wOxJkLuFdxZudRq6L8aHrQGbcelgZpoboKoFU +6EuyHAvpLMMLqh+vJPlk0n32plTY9Xo8htD+JtPx+kk +-> ssh-ed25519 7owkuQ dejzOKIT1WdFLhz3Vv+59qAGzxMQrbulDIZPD96s208 +SIJbP02K7zDH29ENUN4yAqV6uF98cqNyln8MGjhfkVk +-> ssh-ed25519 yg55bA pgBG1vxcCd7vEAb0Vrjihh1dvtaxItRH5hSfTPnCfW4 +kCPyQC50h+7Rl/VpT6jRe5EAooldeTlYLmku12XcTfU +-> O-grease 6#-10S F}iD% B C5 +Tr7yMxSUz768IoZd3LXpUBBkNUoedMoc6pmjW9p4/DA+k/ZImucMKOb6r2PiNHsq +HQ +--- UC6MQN5WHGlJSvNaKmT+JRgNXxhlnTxl3pHD71Wk5LE +d5`M"+3ʤΰ G x6VX?Ik \ No newline at end of file diff --git a/nix/secrets/sgbk_pwd.age b/nix/secrets/sgbk_pwd.age index 58602dda..571f0d92 100644 --- a/nix/secrets/sgbk_pwd.age +++ b/nix/secrets/sgbk_pwd.age @@ -1,10 +1,15 @@ age-encryption.org/v1 --> ssh-ed25519 7owkuQ rAj9h0wtf1gsdtlvGDmaxdHjRreUyfRpZBNnI01edhY -jCTGmhWgEy3BPdWQdv7goL0Vd2obIdRFn1HHApQdIpI --> ssh-ed25519 yg55bA 9oZRoMwVSR5W7gFufctfhQcrunzGABm0eY5Zrd30CHw -10sx6yDe/qhGSo7yfJi33bqrilLE5BBMjLuw46xZ/xo --> 6<-grease # $q0gf& d+*Zn G7~` -4wM1yc2zThJt4kjBR5Evb0sKVQTk+2/UxCyRclcj+c5WoFnZAUkweu5J9NKKZZY1 -eQDsxMy2VTCwKH21kt6GMThqd8uFLWlNIG8Rd+p1UQ ---- 4ITweNL+AK2o11O1NyophxQQsMYL4Lu6iBedFz9c7TE -BQe~n bʙk86q}gې+c;]ɣK \ No newline at end of file +-> ssh-ed25519 nTBfeQ s6oUHRmEDFfQXHeWgY9yBW0cmlv+ENPlsxzGgW+wAk0 +4suqt6lni02TBamKIpWC723J28aFOGTp5qw42cRvqYI +-> ssh-ed25519 ZyUiqQ GSErVDSe4XIt7Cx+jU6WrjpDjAzTKGSctIuGrK2WO1o +HxH/ImrXkWyEZjKz9gANik8KZfvKK+3k/WbOJvAjePY +-> ssh-ed25519 7owkuQ DedysxFLWmyahD8ujHdVcOjM5y/NNIOwq6QEiZ4spyU +Wwon12tO1EKSU7nNRo+YlzEKiExmx+YyB7O4bRcn1yg +-> ssh-ed25519 yg55bA QFgvGQsLu06oheQlR1rF7+yJG7wjzDoH0iE27db6NGw +n0jpYlseub9UmDjQEAIsu783/et8WxkTQTt4H11NiSs +-> ]5bBX@t-grease !.%UJT +uYUsUyj5hkL98AYwYjYs6neHlyJEoun2v2W6u1L3CkBrP5apOxNdgC/cB0NIQNpv +JsntXprw/iw3Ywm+BXwm +--- x0YZBFKNBhvyERkXSNvgZMT4VhYg/WkvOuQxpVWZbV8 + g5T38R'@wzz,^ԑ +>FCA], \ No newline at end of file diff --git a/nix/secrets/sshconfig.age b/nix/secrets/sshconfig.age index 7ddfaa729802317936df00a56733db93f554ede4..881d53984d552419efdd4e8f5f700ed937582125 100644 GIT binary patch literal 1052 zcmZ9|`)?Bk007_+B4Eh`8B>ESo{KJHUDx*dxE_oxU7y$MwY|QsJw)mC9_`)QyY{ZV z-dI9}DPdD#L~s}l8wd+(Vi1inu<2ryFvtePN1PDQWD6M~bI~}7k(l`7{(>+0G8|)I zirKOzDS5HjE|xiC)vPmg0$jCnUqDXhH{~z zg@eOJR!b9b)NGN2UPq$j%j(!fHpp09G;DHv{HBbtRz>nEE=5Q_t#pS%R>2yN_?$U} z&Ox`OAzSfjuCs^aLDLk;W`s&&b;$?ws~&EQELolfVqcP7xx`~bZ)-oth?9{N`rmkeC_x#NRia-2Upl zO^fxH4+$;eWMyh_Z6h(U0pHrXr?U`-pwVoXW9Wx-AN3yz?mdkyFVZIS{6EzB!|eW5 z3+d9&O*zH{6@2y|Y#A()jL!g+KaFTz$La z0@%6fgzo(xuWVUIE%bJL{>1Ux?}y{JUl;j?{8Kl7nxE4>Ceux=?c-Y?E=>$AS?-LM z?(*o!2(f|G&6Efb~QzDMmcjuVPbZ8OF4L2HdaqgdS^jTVpUm4P-9VN zQ$=Y(lV1TBe@=2WPDwUIYiVqAOKnzSRdQB(Vq{`OK{HKJG-@?gLuxB?MlWJed2wfR z3Px0UM>8^GcUVnYP;FsNQ)y*tWlC#pH#TlnOEgMYM|xvHIYM!DdN65k3N1b$d@Evm zFECj~FMbL*Id3;sbuv^=e_2;KV|qa8-Il zc1l7ubW$=!c{gfsYg$S;Ic-&LXKq4uLugQ8W@=S3W^!tBFlItGR0=IEEg*DAZC5Ka zdU8-ye`{(+YHvz8Lrq$FcU4zpNLNBcd1^OLLQ--=Vo7;NHdzV}BF(#qn~7z{U=m2! z??%>vuWJ25E%1!E#w$kZ=lrXY0FhO9R(0Z-$X7eUOgRWtcI1Du6l{V0ncSG8g0)v zP?tuj4kXb)PBfo>R0(_wvEB}3AGc$fduVZH`8$wc^n8O@g$MzRqG^OVSYcXg1!Lx@ z+w{sfN5cSe;*)RkH41geCL2I#pdxF}JN{8|u+#NiHzu$7cH#&u1LO_0PuNwaeASqP jKsxW2#{=F|ym+5pI&}Ud8a_nKNSG(nS>N!eUD(Jvv{FTu diff --git a/nix/secrets/two_pwd.age b/nix/secrets/two_pwd.age index 54ff2e64..3b2fcfa1 100644 --- a/nix/secrets/two_pwd.age +++ b/nix/secrets/two_pwd.age @@ -1,10 +1,13 @@ age-encryption.org/v1 --> ssh-ed25519 7owkuQ 19/isGgYZjRCPON85JEAYTaM766DiIvvFaaoijZivxU -OE/HYTXVW4JMx7naMAORiYfQXyfrJEuegco97PBlfs4 --> ssh-ed25519 yg55bA qsSTyN6LX3FPcfS9Mo0zZFxlv8bN+tSm3kfr7JInzE8 -OUNksovVTZjecBLo2G2EksGl/f1qMfCv2IKcgWWc7hA --> 8~-grease ^ -TtU/CcXzUV6vxDjnnSs4UHT0skFZdOOGAPZ54XYS9VI5qD5zYPdxlt4Xs293QALL -+EYnfX/02ga1Xik2diAn2/pefStizBztyrqZ6n4ZSFwbYlg66WmG7y+mW+M ---- skqsOtKqWNBNuPKITV3vEQp27npkPn8DmVvT98XFnTw -s2[>m虠JHO[{=ʆ{`sjw: 4);vRp F{9TX< \ No newline at end of file +-> ssh-ed25519 nTBfeQ 3koSzAro+n4LxSdup9/PluT77oO5nU6/VX0koWicMR0 +xws/hbp3yT2L/BOzulIKHPwPJI328axZiuxTw5HERNU +-> ssh-ed25519 ZyUiqQ +oB3JFPfKcsPoIbunaLDouBPrKHAFuIu4/U3NbOhM3A +ByJzsXtZYMajbLIpy0qL/d7x1mP6d9em/7J7tQK/yGI +-> ssh-ed25519 7owkuQ 5efBQm6io/0wx1jFr/n5cO7xT9VL9fSPyBcKdWJGAnU +R0c7uckpn1RnZfiYJzrW4eJ1AdeMqDi9aN/L7GHVn2I +-> ssh-ed25519 yg55bA T0Ei5TtuEKCe1SPrXB4IwrSQSpj7SMNDPzT0NqYVbUc +DQt2YH7jagUBH5lRZhAeHfsq9ttTAhKlzVA51/4uu+4 +-> l8FHd2t-grease 7PpUu4 [%p}'4 +p3shnCQw0c1yPA +--- dDfzulZ/6DescfUw4FzskkrFrMpvNUYX2zU3ds3senM + RQ[-o̮?CfR-{y5bL-P/eSOIr Z { \ No newline at end of file diff --git a/nix/secrets/typst-bot_token.age b/nix/secrets/typst-bot_token.age index da1052de38e996ea8c0c0dba00fb6f45d5f64624..1f6b7cefb30e3c76c24183bb5185ba77d43fb1a3 100644 GIT binary patch literal 740 zcmZ9`OKZ~r003a|7{r6@ATlt5j7jYBXw#+$YSONcv}v34l|+~{X_6*s+Ps?A$q61j zD1r#?;7P%MpfHfZ*uf_rL@hq*Kbs8oNqVeA1$nwkG7EM%^HR z8N}PoVQZAteY!8IWWlJywv(V;hi4sLPZ!N}QcA0+H1rN@V%*go7R&@`jP1Kk&ak?e z%34&=CPK%R+d{xZlf?1_h#g4T&df9cd5nwI3h6q6V8^A3(<}ywKcMqWO%)V3^h~*L zrv(~@@#VX#a$io>b^*BnQ<( z0THJbRtyz*Ml}0262}G3=Yk9=0}MfpV3jM!WfU@MUc^J3$z%}L@uh0Ss)26}(li%l zx{~}~!&aA4|4su>0aqe$Nd&PAjGKT(Q8=q!>H-yAhd5GYJPhGtf;1#oAo>aHLLu2$ zRZFd2Awl4*s^uuOQEJfT732gWR0^~W&*B@Xim+{C z5=(B6wwqzXb%t3*PMBeoBXGnbfmizGiz91$Pj~M8W|n_!%^x4^9F^xAf5flc zbL*c%mAGR-lIYn-qJn`_^!SZ+Jd_;2JuDo5j*ydC0;jgcWZS~AWLyib#GxtLqb<+P*HbbM^`yWY*aRz`DbIZSwS3Q}TKQAJWvQ$j~*T5(EPOHwsLGC68&IYMK4HCAIwNpM7Sc{xsW zHaRy@lV1TBe{oiCHZM*yHZ^%pa8Ff3WNKAHYNRZC|}NqBHkH7ibVSxr|tGEh@jWJ^$PdPYY%MsasIL^U#Lb#G!c3N1b$buDLd zWnpt=ASxhoS$=pZN^~G~b6_bZSxX9PN_cKdW@BPBe^EwucWhC0D>P$daZG1oMK*IV zW^+L|YePkNGIe1wD>5(&EiEk|ZBuqgc2jv!Z&hVWI`F~2A0=R~BCM97-e1XnM3*&TJe27jT5 diff --git a/nix/secrets/wpa_password.age b/nix/secrets/wpa_password.age index 805ead8d7f71ee66b2043c2481d39bc92dad0fb3..42bdf24d0b2b0eca35b3b98dce8f7660781f43c1 100644 GIT binary patch literal 957 zcmZ9_>uVbY003|%x=CUMWqz>w;h@-!-O}76_sCW|F1cKi%j0s%T^=V+F3G)e$z5`J z$Ej6Q>nNAsK&B~UEQR;YxHm{v>NxJiA{ zXz+j*U`%3wHRGa+QvxdMnFwQ57`bN_C@dHkGJ|N3jYo1cZ@L^j&2nY49&D5is}mkL zF>iwe>9EbU%9##S?Ufqc6a*Vc$hUDL?5^47fp#C%VXt2e*BDI`*l2_oe1z)PB`%R5 z$N-rF?TW8eC(}a66$sOaW%Gn&Vql37DIE2|bt{*{Q(UJ*R6?j)tt%2*Xo1?st*>EN zkpg6%tPiS4IzVt#IuL}*v4{h)ZMaeI>M@2)Nd-7lr=v7qpKKV=Gm-5N zSeEamJB~w2ZM55=svI3DLNp$)HviwGr#zaY$V~+Z?*$6-4t!hD6^KOqU5t%2bOx>V z;xMCRn4(>yAxAS}e%6e6>%{~Q8kM5m$6>;2F81gtpU0sSA}DzBsboDh`$*gkfC zdU1Cwe`ERVtE=-D^iL}b6ZxNhcJI28J?-Avc;WKMxOx4>vmMdD@cFjk{B|Tu921|w aKOA2;_V(}d?mNFtt-VX0ngo`w7XAac`(!Er delta 673 zcmV;S0$%;S2h9bLC0;jgcWZS~AY@o`MomgDP)=%UZ!2V4N?J{ANHujaNMTE1PGxjC zXLxFPdUI4OWH4?x3PN@;Mk_W;V=yvma&L8OZfb7dfHC@3IJNk(`eOKw;r3QJQ;YGz0@H+5lGe`9b?Z*etgI9D=ORBvH5XHaQ+ zR(Ux~c2##qVnR|(cTG1>VQqF{bTe9ca9MOVIWTcWLo*6)VNYi>MLA@5bZ$8@Q3@?B zEg)ujXGAeIRCH2kL03{|b#5zeb#6ydSV~rBY8C8~O-%f03@NrQ9Q@q??5By>dkT#L45L*{g~ed2xZ=?rQey+cy;zxv-jF zX@Q2dDJsq^(LgAX(8az*1%7ttG~WDusyuGz@r#0IixHH;vRL}c5IjFq`j$bi@vQ}N zLO>Q^u4p4u?tQ_E)C`2ZRi3M7J^RfDVnnhye*_vL_v=M9zH5bQn3ZF!cH!g>ADgX+ zl&~qgs6=v!gv`Mj0fOENN_25F@sfBAin9eh3c^7*;3=n9VxV6W-u>fQ-0;s>v%8In zKK@&@#QIRbRfn`CpzHIrmr_z;@v-30Q+4ML1UIp`<$N_=YfZwTOcEOf^IgT)SN Date: Sat, 1 Nov 2025 18:19:35 +0800 Subject: [PATCH 19/32] README: document how to install for raspberry pi --- README.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/README.md b/README.md index 402fc97f..7da3091b 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,23 @@ This repo is managed with Nix + GNU stow # profit ``` +## Installation for Raspberry Pi +Raspberry Pi uses the same configuration as the installer. +The `(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")` allows this. + +- Build the image `nixosConfigurations..config.system.build.sdImage`. + Disable stuff like Lix to build this. + You might want to use raw password once so you don't have agenix decryption + problem while trying to have wpa_supplicant have the right passwords. + +- Burn the image to the sd card. + ```bash + zstdcat result/sd-image/nixos-image-sd-card--aarch64-linux.img.zst | + doas dd of=/dev/sdb status=progress + ``` + +- profit + # Pitfalls ## `users.mutableUsers` NEVER set this to true without declaratively setting the passwords. From a8c5036092ba0cefd41e41c42822167c83cf2834 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sat, 1 Nov 2025 18:50:55 +0800 Subject: [PATCH 20/32] nix/identities: add hydrogen --- nix/identities.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nix/identities.nix b/nix/identities.nix index e5789111..9e94fd65 100644 --- a/nix/identities.nix +++ b/nix/identities.nix @@ -4,7 +4,7 @@ root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDc55vENX+13c4s2w7zjTb8T/AnBnTi96yRC5+fy7Z2A root@vanadium"; }; hydrogen = { - leana = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGILsk4f+Z3Dn1IBtAKwpQPBMO88LT/QnONYhSmH3kUm leana@hydrogen"; - root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMUqY9QNsUImaSRHR+jS04ffDtofPSwb1vHoBAoaoju root@hydrogen"; + leana = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEXzNdCA0zZ+WmeKZnhQSQtUcxnQhhDl59E3BPQfLj7Q leana@hydrogen"; + root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIMVDmEt/12u9U4QGDZBx/Sx8itzqfQ4zWJvcC3pRZqP root@hydrogen"; }; } From 0d36d5f132ad1f5a218ab90752f7f6f2fc22656d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sat, 1 Nov 2025 18:51:19 +0800 Subject: [PATCH 21/32] agenix: rekey --- nix/secrets/four_pwd.age | 26 +++++++++++----------- nix/secrets/hoot_token.age | Bin 787 -> 749 bytes nix/secrets/iambconfig.age | Bin 1066 -> 1054 bytes nix/secrets/parrot_token.age | Bin 800 -> 813 bytes nix/secrets/restic_backblaze_env.age | Bin 779 -> 695 bytes nix/secrets/restic_backblaze_pwd.age | 25 ++++++++++----------- nix/secrets/restic_backblaze_repo.age | 27 +++++++++++------------ nix/secrets/restic_four_pwd.age | 27 +++++++++++------------ nix/secrets/restic_sgbk_pwd.age | 26 +++++++++++----------- nix/secrets/sgbk_pwd.age | 27 +++++++++++------------ nix/secrets/sshconfig.age | 30 +++++++++++++------------- nix/secrets/two_pwd.age | 25 ++++++++++----------- nix/secrets/typst-bot_token.age | Bin 740 -> 776 bytes nix/secrets/wpa_password.age | Bin 957 -> 867 bytes 14 files changed, 106 insertions(+), 107 deletions(-) diff --git a/nix/secrets/four_pwd.age b/nix/secrets/four_pwd.age index 03151a9d..cb33568c 100644 --- a/nix/secrets/four_pwd.age +++ b/nix/secrets/four_pwd.age @@ -1,14 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 nTBfeQ 3cJ44xrQYYOSsoSnC4NB10kGVhVzTLEmsmZ4/bhVDCo -2QfkxWY+dDBD8qiiGsgETyvg5s3rWQk+OKEbz1Y306g --> ssh-ed25519 ZyUiqQ 7yPOKYPKHW5rv7bhrf9hqVQqiYLhw41p0TcM1Pr9Fgk -NLcSlhWt50oH+TaZQabcuCdsfAli9txSWi09HbZxYB8 --> ssh-ed25519 7owkuQ 4dtHY/OoysgE1/9E0au9wX2p32SOHaih6LxB0nL2/x8 -u39WtAr4oglV+GejfUaYCPi3UO1clfdtxvWDChABegY --> ssh-ed25519 yg55bA nz2F//gHxAlroGuILx7saa/G9JKWETygOX0OKkOc72c -YmWCpaNTHONFzv+q+jxKlZ8mZz0PdKRPfRYcmniiTsE --> }O<\$-grease N9F`H -oIL2uzWF13AsbFs//Qj5sr4jcCKtW/zZTKMKwwOWS8R6zpQ8mXQt127C0aj0v1cY -gjRD6hzIqsFZxHrC0ec ---- 0zFGfhx40IkxMvcyuDZ1aJ9hsIJnoCbpHXmxCPcgbDY -1Zx?wXlI7KlYs^jf{195]dF R 5?=te1>&΋C| \ No newline at end of file +-> ssh-ed25519 0LL3PQ pZvOUiznF408OPkjuasLZmbQZLS5RuRJwVucLpTe2xQ +OgLqiLgT/4Df13l2l2CdsYnMUZSmfh3xZWb3k0ALjdY +-> ssh-ed25519 0dJ6Mg SzGIUfJrv6L09LhVbzMvvaSpP4Cwr6hFFNbcCH6RO3E +jsFof9xMH73XPH/PWv//j9Fc0MPTSwwwIyNzdXd8FxM +-> ssh-ed25519 7owkuQ xtSm22EfAFkscUZ3r69V+S3guCJJu0KjXtWcE+Tv1S4 +13QkwIuZFMz1zIrWRZUfOzPVmc2eK56ruBgUD8lK+aE +-> ssh-ed25519 yg55bA 9ie4rBiJfwrUg/952DPXOY6sHFeTf8Os3bwJ8ZBphFg +PAuEQKfravJxYejS10EgB7aR+pwadl+zVtG57UGj6rA +-> p-grease TV+^qU1F ^'dkwO+: UF.{ e#KV!IV +/ASx0x3SOZzaktns0hYlSYnTzOkfn3SPaiPNbYGuSnzTSzcPEjUBTGAuk7/u7g95 +o8M5T14bFx1Mqyk +--- XGK2yNNL5UzmgLZiQvOK0jB13HiioVOHGzAwzVte7no + )7dYФ?GgYĴlr4E0]DpuD3t E&Ԕx!}I ot]KQd \ No newline at end of file diff --git a/nix/secrets/hoot_token.age b/nix/secrets/hoot_token.age index eedb07856f75c4c2fd4d917327749925fb475b6d..dce00a0828fa539f93deecbebec157e2197de39f 100644 GIT binary patch delta 685 zcmWmAOKZ~r003YF=ON-rVFNuBbSeuaNt-kYh%9Z=HeDWV+BI!=7)_g`O_QZb+NSAY zJ-CCQhq-|aK^R_iI420YgQDBPvky?2f(pB+IPrl99)|e+gm3xK-pJzk5azgOHW$J@ z2V`QTihwO#)I88};{&Y}t+;7fFi{Sdqa7bbWyVU{0AsMdX3mgfNgC^u0d32E-SrUJ zEcBH*zQJc4$InsiL6qi!@cEGEHNt8=f?)_5g6o+WuZMWWcj0)Xr@OqCf~ah)CEE~= zw%i8cz!_2!dDxRGbT_L-86YR)NzNzp(qps&rT zPR6kCN|7`z7N`;eXRw1QHYsRitQv@wOfAzjx;}+8=NON&1{zn*1zg(m|1X{L{jlz; zRZk5;6ToyQp!Jvv%A)O*{tEToE zfz6e2f!_wIX(Sba>M8@GU_Fv$nk7!muslytKsX!@DHu_i;;R^BW6@4WFGGTqLk2ae zz+z2kAon6*T=1(@pDGf7=^~_u8n=3Vg8QYoc(a)<E7zbKfww47ytkO literal 787 zcmZXQ%Zt=@0DxDqQbzIAVkuoV_OfN;xOq%6Ga$<*lX+w^lbK|b-6XKoO!Avd9+S)@ zlgGp^i1gs4Cl9s?+X{*cUKQF)DIP==L8{$tDM%5d7mpr#tJ|yn2fmN*(=AX0z7ftR zGdu9l1);T?poQWZ6h)&VFfoEatB^0zLm)skVCR%Vrh+WME!vv~olSEPW(e!ySR^ED z+?E)$tAN~53mdfM57}vd?xHf;--0_SKkJIPFLJcWkdYQek&pfX)h2o~)2}F-nGwYNW;j8VJfbz9s#OKtj&fS%%Gv+g<`zK=D99&}EOML- z4$8XTv!?@tvBM$RLkP?4#*(SYqtMpI=pe5bWOpm|OszsysYbIrHkF9TFuo-T94>4q zyq7g3%-4VcNcF$AFD}4ED+GE3pfAtwYzx#fBqorsLTpL}81C0Xo@&BnH8ZN{R33;F zjd5l$9ok-OWT1_B^O2aMvs7=?Xr|+ZTLDrE)re2V!Xe+nL|tNMO5UYwrGBgsIN!$d zi9WB@T9tN#v-y#z#9661?3H9qHV$VMi$zGDwiGk1s_DE_kE<5rPCBR)b9A$hr~D*t zMxesbD!?|hZeeuu8EzO+Yo*kUNf9r#f-X6L0OFx_id;eTK{yhEm#FNi&FMOw-g4b>2 u!xInwa2J?<+y85A@ngZ<9{jYr`^&?7$)7LJ?n*cQ-Z}R4)ATbKTzLlu@C|PO diff --git a/nix/secrets/iambconfig.age b/nix/secrets/iambconfig.age index 83f44048717f9244e8ca3ac2471bdb0a94e94082..707377f3cd7fcbb756c8b4ad92f88701d30481ba 100644 GIT binary patch delta 993 zcmV<710MXU2%ZR#C4VqXOfyhXAVq6oa%C|=YfNHnSy3@BbVF@2c5Y%YdPO*9b4Ex- zX*MuLXe%>BLP0`j3RgLGXjC*cI50_dGFeMZNH1hWMr1^6F+^EVWLj%+OIAlYPB2Mm zH)mQ!3N1b$b8~1dWn?lnH8D9LFl0(LO=lolXEsY}GEqcBI8AP5Vl^~mMmKkPOId1b zV^C&nSVA*KMQv9rS~xLdQ)@5^OgB+SYFBqLY;;*#YHw3?Nke*VOL}8YMqzPqD{*u% zNN99dL{&3Uc12Z@@fTNEa8YkkHh3~ZMpATlLseFBPjN4EW^+z3SUF~HQ*LirYD#xW zYEfY}XKM;|Z#ijCR!}iaGEO#ZM`BAaWHD@bOiD9uZfZtSWp8*vZaG+JL1$5MO*E5V z0T+KYOGR>QFH3MzST|ZoFEVv6Qgl~DI8kLyc|~PQRbostHE?QKMMHQ&QB?|AN<%Pl zD|0wyW@>kHc{EI8c2jmQZA4Icb67D$D>+11d1z;0HfVNsS3wFbJ|HPwaZ+O~XL4m> zb7deSBp`QDATnxUM{a64Zy-%kZE_`53UhyFHB&N7F+o*SHhD62dQW9DOfh9yN?0&M zXhAnKW@j)}NqJ~>L`p+KOfqXYMo3|FNK;I9b}vO(N^L?xMG7q~Eg(aARb*yDX=*_; zXlrXnNJ=m?b4gM~MKCx-Z#85$Ph@XnRC9P$L~uD-Gz!(|xKh+xeG9w0(*LP(QR{!0 z>myUMQMZVl**r1)Cp~>ybNCYIk)%J($lZA;c4kolh0dorWB z92BkByVbF@bHjXoIMlU>N_-%TMS(hx6NBZ>sY~5WzO1Z;1yN3ugmDGtHtNW*doCkE zNs%~Pv`6_$d0oK6LR!sf=xU_0^Fx1g;JI=9#$3c2o3yJf`LG{<*2d=VVh0F6X*jQ; z*N8>)6mU!abD~u!uMSNfn(W>FRJ()$TnaDfM9)T8)E?M!F8N)na=$Rw7`-%raX`N9 zLel;sr?!#xx(38i3|1o#((`wfKb$A3my=s{WC=0RYejr?6gdUAAbSVy_K|;JO$kQ$ z%j7tP3$;e;_&cZj_W`oZnnH^qjYKEyx7K3+D|}1QI;GDF^c>YMOBB7WoUU*&npPz- zl20Xv=q-_88#0wW`C1tZkqlN3GU>Ra(K2{7Ux$ommzEUyCe^ALdE4{bQipZg;KpGa zqlm(BZJ~Ugzb^T2#~vn|#ttnzg2zskBGh>!7;JhC4X*ILS|)AAZ1rsS5r4cdPi?obVFh@R5vzwM0rhOaA<01WNBW@fTNAFEA@GMQ}|*R5eX;D@9^qPE~L?GiG5mYHMvtX<2MoH*IJy zVMJ+6YE24tH)M2ePd6}EWLRiUNJ%qFI7U%NF?wZJFi~u4ZgyH@FGN9fF;Y%bFL#q) z0T+KsS8Y^lQCBl%H*+?2GGbFiLsCU~VtFxmWpXu1Vl`1>cSliYN?LI%ZcPepH)Bmu zRdO^zK{;huY;Qz2c4>E4Z%$8hVMjt?b3=GzR%}vvR7*upGEE9CJ|HnKbS-CcWnpt= zAUR4xAwnr2U@A#SDQGhaG(~A?H+5H1Gi!fQIBHi%VrNb{LozlvHE2RpLTq*`N@ZD7 zO)^DyMoKSgHZV|eSV2@{dO1dRbTn~NXKZIHYYJFLM>RoLS5Y~0NjO4fV^MHaYYHtb zEg)2CNlbD`LpN_PMP+F+OleG5cWQD=T5@`NH$_otF>zx~Zdzz!Zc9W%Q3_Wn(@TFO zu}(-Z2EHIeWjeN2Tq_NWY@3-jcIpBz!sWw>S^jKb4z8Sc(CWi*A!f0$&4v}r`Gn{? z_8xt$PS$Y|S&T+b{)Unx;!lHvwcHKaXt(XBD~lF9e%1m)FVe^_{_9^iOvNJ=?ViZs zL%|3q*-+D|Yb4Y`yVFgi{Y!777#CRl!;f+x>)Lh)#Q+r{R(Sw&aNWXufw9QMh56cvBH0Q`x^ z1fS&H$NgA(jimVH+bE!Aw1qs;5ncxAWi@0{?mGo47UwB$7~+smcm0jgZj^Ez!r?bb z3=aiX=j2JG6eANLug~*|Tz6+A6>s<#p7nKU_zO4y#Q;^hz|TA6ph{In$+f}RcGlB| z>f1CQ8sR%oS8ZOCT`sIHmM}RzJ)-_zQRZ@_Bi_hkGFH&ST7?IK80e*S-VPoIrPt=k b#C;8A-1y#%R~yH2l=mZLd`YJCptql1{(X>w diff --git a/nix/secrets/parrot_token.age b/nix/secrets/parrot_token.age index a41ce0e4da15a83d3d20463b94d91676027640e0..8cbf311f1e94a4b3ca9247e57874f95d473f9885 100644 GIT binary patch literal 813 zcmZY2&8yo4008iVo0GiT2Ad#A4}OewwMm*!#y--dX_BT*(xk~trm(d6Z1dHmOJBX$ZAz1nWJ4K{T_OM59042p4bh~jXo$in zHS!dyq-;|zCz%+|a5h&5+Y5_kSVZOvV`l=Obgt)$6Hwz(NUt;0^J9er(P9cOz`DJu znO+pe7zU9@`s9YE)nctQhNJ$pQ?s5eG*it4_0iV3gPF5=Z)MIAuJ&OGS1J!m=i4i9x@rx>}s5f z*O^pBlmE8UFK)>5EkAed!foUy)w6!!KmaQb7E?`h(Zx>96dk9h4{Ty6;3=^}Bmrsr z5|~snib_JHqfj!Ice27E4Z{ia5)3dBz~|PeOS2^HcX2pa%d9nSqo7vKRuV79{aEu7 zz69f};MutuAqto0*ix?7oC363t%feZ_`0HdmTH(PNhTa5@u4{y_~dw*Kub+YhBT#X z(-P|e&tr$k{nvu;Z~XYuIqT5VTYtas-3MFmB>Jr*KkwezfBg}Cb=-My_~7c^Uy1hV zXYjF0-$uvx&YaNSKeM@Z@zEU4JG=LA_{5EGe!oAuJFp_=hwE4PKX!jPb@cE*&uxAA-g)uf1^v%U Q2dCeDqujf8lzI2=zuXZT1^@s6 delta 737 zcmWmA-;2|B008jG`~d;=^uYsn2YC@rN|&^0n)bw#)U-|d^YXJz?m^n-S93|z_M7IH zLIo9k8dFi&iR@sqhfNX3Kt#lcZ8y9pWx`&D9LR9sgA*qHc$nhnPx##2xxVx3L(_p! z&@~pe%qR+rT8i_V9NU$0!9+0gX6*B^Ob2{IEaJ4yd1;*O*P*PZuSzAJCY5m<_%5={ zl*g$$rs-j!)%5xk+e@enXbTl*6-q9_0GLTlP2+ef4=a(_AF(h!DLMm75j>-wNQ7R) z#88O|C!MC*;By@Uu_>`Ydbz4wEM}n9o=5{Sv0URt2`61*TpIbNpR<75aF9Zm1F}kD zazT<2=EAGl7K?Jc-VS}L>Q%BJLfc41wfvwekZfGzhzcF)qR*Eapu|F;=b=IMc$1ae zC}lZm0gOF0W8gumFbGh!-pdoQ%rkwXwtDHrw%IA570u13(_DGNRYAtreX0iJcvy}> zW2EG44ymB2v@|MP8K`54QYRp~R;6qbSf2^fl;>-HNR6Ws&w%4f(8hVi1uB~RwDe`t z7;7D%!PZd)J_P5L0S$R<9c!_Jfm!qj+g76~?P3)iYfBnRO-2)B(C8YzqVSn+Rz`B9 zEg`z*#^a&GmyBM$gELUWk}QPC7Be9sw2C6eHY>wIVyKrouHl3O4(Jl6N_0sjEQUY= zD49&cOa>!J$H>?%Iw2a>ut^G5-|kYqcuG-tcG+kRqdXh6kx8!(ee?6N-EZz(Xzky% zVV-#K&*hEg==mOI=87=?{D=0N+RF7sXXgKfR~KiN?%%$*@XOYd?;k&YdG_tD|G3Xm zn@676@6YYK`}%7BC-L3d%I^zTqRS^=E8A;-%-_oY_Gs(xujXdIkh^oUhfk&UzV+@T z58jx+cVtmNv;N@WpZk6^jUCsv-FWfW^xyNRW$|0b|3LJ9eF|gWZ64TItAG9xTpJA< diff --git a/nix/secrets/restic_backblaze_env.age b/nix/secrets/restic_backblaze_env.age index c8d39238603d95a0838eabf291564d12d903e801..a456d90b45b27e31b44cf7a15553f06db5e229a2 100644 GIT binary patch delta 630 zcmWmAOKZ~r003ZR=pi6OL=+JzICp7dlBQ{zgTpj^<<+K5o2)&^nn#l+=_5(oHPNwy z&Icm+V1gG1>Pau&WO@)3b+BDz$S&#>yy!ttn1@{yzn}13-~Vji%~Ojo$Du+w(&%74 zLCtivgo%V1Dvim8&K`W-Wy)m2dqz zB0+dkOHnKXX|1H3LGz^^*%+WrVpJh)2d}y)Jnt|_1y_*-(C910C~dJ2OKEhRvw5AV zTTz{LAbXfjcXU?h5^|xP%PM!y?LE5Kw#%r(Q+9MD8E%k3vrJ-W$$_0ONJ+1ar)nv& zZ+k`9HG2RfRO||liCDnb=POwU*Udoc&?6avMw*N%nWEn>VKBL zWSEE}~&N&ciBF9q;Vw%Dv0u1M=jm5R%Z+<30CZ-=6pfI3ME> literal 779 zcmZ9_&8yP}008jIm=KhS;@$>h=A>Y)Nt&;QfwO6wyu5t3jcGF&CTYH!uQqMkCYLFQ zP7(3=o<1KaI}H>M!Wg`{T?7wK2A&4+9fDJM2vAs$aDUFPekFY4VU(sS*w6tSI~QE0(L1=&VaT1Bl7 zSxMN&j3lGHcGOZ6M)K@NOf)SyhyM4Y)h-P5mbsgAtr}jT?30F&1WXoWrei8%m*r3s zg^YMqNNqAj+dDThU4*#`qNCv|<3(#r0g^bl?Uo!VVH8ZaW{jNHi9s6DPMyHCT$=)2 zQyOGuqSW}>TtV#ornw^WZw{t5z9Jd-^iU?Y%_yjsaBOBq2 zc#UEBt`M{ePjO-r;vI^Ur2bf2#em8z4=vMVr~ZIYTs_vtSp(PbiigCsUTJcDE(i^c zX3LrVe#5!6y?UhTWsW&@z^=yk;ICR>xrD)^77KLy0x^;WrG~UIFI}4=jE&lUqwMM9 zP8}kXWi(w5ixI*w7;GpF diff --git a/nix/secrets/restic_backblaze_pwd.age b/nix/secrets/restic_backblaze_pwd.age index 3b7605f3..d3a3ee25 100644 --- a/nix/secrets/restic_backblaze_pwd.age +++ b/nix/secrets/restic_backblaze_pwd.age @@ -1,13 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 nTBfeQ xYRX4OrYPpk9cGLUQiRwXhRjEa9q8DPICmZlZzVuFR0 -p7OLGY6D4+baAG4Hw/psfBLxh1o0r5/Eig13xLzYEbk --> ssh-ed25519 ZyUiqQ h2Rj55VSVJCoCEuRVb84lQOSEu+sQmzD2HYtnQL2nno -/tZcVl63xtgMizeR4XT9TNuEy4PiVzuivBRNeqMCmUk --> ssh-ed25519 7owkuQ tmDWdoTuklKcXo/dBfnkDPhU/qiZwvuxhOPoTg0vrGQ -+IpHJVmei6KG+Z1zs9jHP6lZ3V8o2PzeNNEWIZ9O078 --> ssh-ed25519 yg55bA tnZhRsP6q2a20CnwwAKkJhYcDbJZqneNW00XsohhKHw -D3K1r1EStIR/3yOSZgbC5NHzxWTqnP9Sek7EXMsR0qg --> R1{-grease z'2CN;N H~68M@*y K.[c- DJ2t -WH616XCC0SyYSpUIzT/43oOUqIfFrYTS8QOJnuvImqYxqGCBISsYfQ ---- OweZPMHb12leVVGJ5jEQcpe7AfKcxIgEh7jihDBCDi0 -wGxE艓DB%[M^ܔTNy)}HREu <7p} \ No newline at end of file +-> ssh-ed25519 0LL3PQ kAkdTH8kPHnYR5GncurnYL6atChq9B2ugqJYK0xUAHs +doCoG+lJAlbygvWg31BycpMf4K6dWihcJ4Vb3308ypA +-> ssh-ed25519 0dJ6Mg aWeQi7cyFZwEgcJb4GkROumwptaRTPrCBQCCpMdKQXA +ORlGsAxLgWIeRhDwv58FFIZP3vUqTipOl3Q2bdq1nEs +-> ssh-ed25519 7owkuQ aUTN8z+aD4ltDJ/7oBRhZZlsyp6blSGoeJdDDzwTsiI +00/DiiSDI3N2c1l4apPYKwQwWX/7FaxzupPnTPSzgDw +-> ssh-ed25519 yg55bA QN8RxfPk+yAL/veq7aLX7Z9LMBaMPiq7edju0xSbOjU ++Q+IADzBZB5H5PwFD3jVZOsPJdwbsiN0t6vs5tqF5HQ +-> 1-grease "[wrG8^D YH)pk=`h +OFsK01MRbG/Ds1s+xEDF5D37ijhhCuRCWAXHL+kXlJ3lXulkMpAA/QBUj2/Y9RIY +veiOf8/qizBR +--- rpmIeN8PqT0PRmiykzweztzDkzVNp1mCetqj1WJNerM +hjr@oپ$'@#ʚ 3G.U'0+|ϭna/ \ No newline at end of file diff --git a/nix/secrets/restic_backblaze_repo.age b/nix/secrets/restic_backblaze_repo.age index bf1bb302..3c0928ff 100644 --- a/nix/secrets/restic_backblaze_repo.age +++ b/nix/secrets/restic_backblaze_repo.age @@ -1,15 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 nTBfeQ 2Xn5ERBkSy1YNqC7/ulAfZKnmhK7ZFAD9jEpPHWS+SE -t9jh+V3j+/uW8z7B197x7Kik4fZC6lbm979kM5fIrvo --> ssh-ed25519 ZyUiqQ 2bvKivVyhiqhegaBbsSm70TnhHLsDf/gi/q1i6/j3TM -zqNer6sdmyVmSsVnq0RwO/l71CRViUHIR26wHiP53wM --> ssh-ed25519 7owkuQ o9jOtVaoytlpXJjNSCeqWClK/rLCLmjjvleYA0T1lgM -9v6fsXELScAa/IxpBmr3ckgPwCiNnTJzAUdDmIbnn8s --> ssh-ed25519 yg55bA MSYjMiI53g/Qn0ZPXg06P0HnUdowe1vzrKHMwfTwwWU -/CGyUNdNTHSuFYm+yzbGhs+UkEFN2ORL5AMRzdKYW4I --> I:w&&-grease 7`k; bT<@ -3WKMBng5DVbpdSG5dHEWodSObhKScf4JOG0iaMXNlm8k2eP+4ziYX4hsY8FtyjQX -TILAsok ---- gaYXpVjMbBBkPWuIEQkEjRQnhi5a48lt6m1cmP7eRPQ -ْK@RmV& UpuX\8P:rxé%eYb -ߍ ',"^8ߎW{ʣjH}&x_dY %CR% \ No newline at end of file +-> ssh-ed25519 0LL3PQ T/cXi55d6piVdR6JLJSwDkRZZUosRmp+aqVwAoVfPFA +9qrb9A37THHtfuC8auJZvAxLJ2BNRjlSsR/I37fU8yw +-> ssh-ed25519 0dJ6Mg gJKha4ebtaBDlKGARtTg/P3DHZ71DrCg3HeEeNpkEQc +gFKI6brdafHh2j0dJ8TGOLjC1h40+9Aie9DH8mH7Vj8 +-> ssh-ed25519 7owkuQ U+Gja1vezscwMJcLU4EVxuKI3Gl+ipIFYCjG33VifX8 +xxmwm/4zFbiZQkvruSZX7FLQ+3vQXA4tTccWgUODu8Y +-> ssh-ed25519 yg55bA AGlvhXKS9pazSsJ/U3VZ8bM5PMR/u3g9FOLpgSAljkg +kdOMWIgbFtpmYJWBvoL/0gwpRm0bfkyf/ITz/BsgXwY +-> gZmc-grease Cr hyPB5 |D/ Ahl +dpHaveRNwJwPxTGDEmN371ODXoaZ1yfi+x659RLEfIotEaJT/CmJZ8caF32DLF2n +pkA +--- m19Tq1Ptb7ranZor+pcrHGRuCKv/+NHGJISyhrOiESU +(Vq]C@tKTˊJַiwaD3> JV uOQj;UzI-_P&ZjWe ٽ HJJ( \ No newline at end of file diff --git a/nix/secrets/restic_four_pwd.age b/nix/secrets/restic_four_pwd.age index 4ee3e707..b67cc300 100644 --- a/nix/secrets/restic_four_pwd.age +++ b/nix/secrets/restic_four_pwd.age @@ -1,15 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 nTBfeQ 8yNiMOP51a5F2mCuzSneDvzpd0lQlhcTthPJD1w8wmU -ZqVBEPtp8fK8fDe2F+770IaLQEJwf01ZX/ulf3xgwv0 --> ssh-ed25519 ZyUiqQ hPTlrVUyC2iaK3XPNzoai6N81Vz1Mj/orj52HKLkals -dHiCnS4xtZ629UEfBhwQSD3HkRSALlDiYvyGGHmId34 --> ssh-ed25519 7owkuQ dsMfFPbgmw+UYPbxBwMLuEGYB6oHONmd2R/h/mNwOA4 -bG6H71GHvhbobO/ZJ68Ihjf6YNV/W3Sq20PKBJjZyZ0 --> ssh-ed25519 yg55bA 4c2vfb/3g5i4Icyyt2N2gbmzhlQO8HaYXU2jlqvC4nI -OFircIZDn9obQy0YBGtgDHTrUXOQwJfoYd0NWCbdlew --> X~BYJa-grease -932lkfqsrPbCP9Td6KqW3cKp6gRsWZnfubh4ZXCI/kRUc+PylxlWqe0iTICABhDh -elZgTS7J+aTq9gi3hkqhdaLpPOX/QOwtfhsOxwxk8s9uvH1W1ZC+50YnCvN5s0Ed -LmVf ---- 18jrvwH6KppTpYHtfQV4sgw9xAN8bv6rbx+bDfvtQG4 -E5A޳xRJw|CYR-"Q3s;g]V \ No newline at end of file +-> ssh-ed25519 0LL3PQ xLhj3/Y4owHlZ9wSvSUO6J5QRDbAwbaMO2MNAIW/S34 +T86CtE8vACVDH34OnmUVokUY4NctvHcaVunoCvGUxEo +-> ssh-ed25519 0dJ6Mg 0sZCeLLGHhQ/ZppSTuyeZBOKdypMBNaJrI84Sdya6C0 +3koAeP0eIaSj/TQEGHYJ0GSUx9T35WQiALzLj8cykM8 +-> ssh-ed25519 7owkuQ fOjqhSibMqCebX44ODbi5B6T1KGBVjgAl78XcQbGnUs +LqRR+NxqMGi0gW3DLubo0k00mkW5onuhKWw4Oaq4o2g +-> ssh-ed25519 yg55bA xl59uoVVAsDwAik1iN+aMxAvmX2yBW6Tgngt6nrAy38 +NnAGx9qDQScgbA8eMd6JmOWV14Kp3enpuzMeTpVLSQM +-> *-grease 8-(+ vYaB m6U +8gdvu5Df7a7QJC+s3/x4OMEp3nGRQo+v6GKMo957cTIofYQrX1zPIscugjB+Ua/R +mqSUmYM +--- IYRDnT9/tIxleM47lmOA5wp3e5TrJGqn/faxfMTq7po +Q&]cӵҷrJիϘzaBd $Y['s8pZ \ No newline at end of file diff --git a/nix/secrets/restic_sgbk_pwd.age b/nix/secrets/restic_sgbk_pwd.age index 27340ab6..ea4711ba 100644 --- a/nix/secrets/restic_sgbk_pwd.age +++ b/nix/secrets/restic_sgbk_pwd.age @@ -1,14 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 nTBfeQ fLqwnaqUg6u5ZOfyh8YazaTc3y4SbLdOlRqGu8YBB30 -5GX8Mdx4qNjky/vyj+kNiX6qYQ0yhSDkH2IoOD65HD4 --> ssh-ed25519 ZyUiqQ B9NDw4wOxJkLuFdxZudRq6L8aHrQGbcelgZpoboKoFU -6EuyHAvpLMMLqh+vJPlk0n32plTY9Xo8htD+JtPx+kk --> ssh-ed25519 7owkuQ dejzOKIT1WdFLhz3Vv+59qAGzxMQrbulDIZPD96s208 -SIJbP02K7zDH29ENUN4yAqV6uF98cqNyln8MGjhfkVk --> ssh-ed25519 yg55bA pgBG1vxcCd7vEAb0Vrjihh1dvtaxItRH5hSfTPnCfW4 -kCPyQC50h+7Rl/VpT6jRe5EAooldeTlYLmku12XcTfU --> O-grease 6#-10S F}iD% B C5 -Tr7yMxSUz768IoZd3LXpUBBkNUoedMoc6pmjW9p4/DA+k/ZImucMKOb6r2PiNHsq -HQ ---- UC6MQN5WHGlJSvNaKmT+JRgNXxhlnTxl3pHD71Wk5LE -d5`M"+3ʤΰ G x6VX?Ik \ No newline at end of file +-> ssh-ed25519 0LL3PQ KHSf9ndwbU+gp/EjEqb6BizoDld2P0IUE+NyNq41qRU +nnjQ6RxRj/oVI4lrmGx3YA9xru2wIkV6tyYnF/Qj4gA +-> ssh-ed25519 0dJ6Mg FoLEamzgj2WZxiEGjWEacLtP+YvwPK4S961Mz4QVo0Q +LRV7YndQRyZxFWgxjZ8+KhnHY3NmQjtBx9D9SkEfdBk +-> ssh-ed25519 7owkuQ +ERZ/SyjyHNDMUcZftWjPPg/+Y4vNNhY9qcXYJTocEo +WvRkkgWh+t1O2574vvIRYkDav6XJaZe1H8+bMk6Rt2U +-> ssh-ed25519 yg55bA T1koZe8t1aK3Z8t102m9Q3sTFo68ml8hjbm5oTDxqXg +OuVwNZFJokgz3ZubnQJbhdmgfYnpKSyt+2f0pfJ0zMM +-> 1I-grease SAO!z + 1 +dor0+AdeMZtvH6XIh/8UOwtKIeqTckMwS64fXpQC15sQN4s01iZ0E2fmfxlOd7sF +CEjwIjD/c76eWsm4HXnFKPMn +--- PtcipNj2Ol00OQXMJnvGfBPLxAkxB5/JrqUNXWKRqEE +p3ו!3`S^' To[F"WQF5H$ \ No newline at end of file diff --git a/nix/secrets/sgbk_pwd.age b/nix/secrets/sgbk_pwd.age index 571f0d92..ddc824b7 100644 --- a/nix/secrets/sgbk_pwd.age +++ b/nix/secrets/sgbk_pwd.age @@ -1,15 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 nTBfeQ s6oUHRmEDFfQXHeWgY9yBW0cmlv+ENPlsxzGgW+wAk0 -4suqt6lni02TBamKIpWC723J28aFOGTp5qw42cRvqYI --> ssh-ed25519 ZyUiqQ GSErVDSe4XIt7Cx+jU6WrjpDjAzTKGSctIuGrK2WO1o -HxH/ImrXkWyEZjKz9gANik8KZfvKK+3k/WbOJvAjePY --> ssh-ed25519 7owkuQ DedysxFLWmyahD8ujHdVcOjM5y/NNIOwq6QEiZ4spyU -Wwon12tO1EKSU7nNRo+YlzEKiExmx+YyB7O4bRcn1yg --> ssh-ed25519 yg55bA QFgvGQsLu06oheQlR1rF7+yJG7wjzDoH0iE27db6NGw -n0jpYlseub9UmDjQEAIsu783/et8WxkTQTt4H11NiSs --> ]5bBX@t-grease !.%UJT -uYUsUyj5hkL98AYwYjYs6neHlyJEoun2v2W6u1L3CkBrP5apOxNdgC/cB0NIQNpv -JsntXprw/iw3Ywm+BXwm ---- x0YZBFKNBhvyERkXSNvgZMT4VhYg/WkvOuQxpVWZbV8 - g5T38R'@wzz,^ԑ ->FCA], \ No newline at end of file +-> ssh-ed25519 0LL3PQ EaH3FSFURTrKNRQgBzRJHwScLs+0++zx8L5xtiv2Thg +zb9BAe2Mh3Dnq7xQTsV3FKSLfti6qk1fMuVU3jnkvSE +-> ssh-ed25519 0dJ6Mg wOmgGAMbqQD3agi6iH7ncke5yIuWwI3JK2+Z4Z6LAGQ +aPyfZ96NlrP7/XIMpKJkgvONfzdgjrm18CFGpE8rWjo +-> ssh-ed25519 7owkuQ Siq/BgJuW1G34eBHL5rUTaR/D1R8AKxo3oWNfKkjNjg +8/qCD7Z8Pnnpz2fwzcZuRKi/NqU4sOUdEn97JT5sy7U +-> ssh-ed25519 yg55bA JHUJBdwb6/vcw3g2JCZVSs/dm96PE7dhOW1gEi5Nokc +NiT7i0XArZPVz4UqN4IR+Dc47tjU1jVe8SFUbM17fBo +-> %-grease R +5njLYJJMaDrRkP6qA1AUGy375lHVqP2WzUlhYX8HLtBL95VysXoW+PTzIEc+PQNs +UMxNTezEFXnww4E06+rPE5JN/VN+lOtb1uaEFdc +--- TKX4YuCK4DPsLEB0A1XSywqEt2gysGHbYtL59hudEkQ +|oKw5tU|Gg(f\@9â0_j \ No newline at end of file diff --git a/nix/secrets/sshconfig.age b/nix/secrets/sshconfig.age index 881d5398..cf24cc70 100644 --- a/nix/secrets/sshconfig.age +++ b/nix/secrets/sshconfig.age @@ -1,16 +1,16 @@ age-encryption.org/v1 --> ssh-ed25519 nTBfeQ xJU6sL7vbCSnq/Mf53A5l23qDWg1bm/fvp4IjOXWm2I -9Ie/MwP7e077rjuN2DzoHRk67M2e+gY3yDQpAGepZ4w --> ssh-ed25519 ZyUiqQ UGZKWlWC/gimEZthNPNOWukunxZNb9yzGP3fwuIbIXg -wFbXFtE9mRCayKM6xxybfgpV31FtLkkXcy6LpJYRjEM --> ssh-ed25519 7owkuQ tZtsAktppNk8deX3wvNhNn3g9O/fyYW9R13pkz8UqGc -fUcLe3Cd90DEH0a/xvIiwQpPZjYtBNN4k4TPGAhIZjU --> ssh-ed25519 yg55bA SkJ7ZXGb+jwkCvCEzmeoHg2uqWYEPRag9AeGYf+ITD0 -KIKWdS09Xk4L6Jtjw14sMt0GbK7M7K1pWWR+bTy1aiw --> 8tLV-grease O7H<^ XS9V 2Ur<( =QH2-/ -SV62s4bYT6y20++WYB1AoQYg/CEIKodhQye8iFf1qFttqdFwyZQqVMrdZk9HeXZS -FegHreHI9E29tlJ8vobhXmc4mQuDfKY ---- DSGiksBfVrSssrsbKfqNMIc++kOVIdT80/CowQwjKVI - jtsaђ5-][Ї(/M;0b,![U*Ki5K`c&8xLa (\wVƲ:NtGXKoaB8dS|fuoaH|V:ljk(ouʋWQ*`>mO77c?8թL{Md01bfYqٽY{O&)"?9?IkŪ.􋧡Mr_gL4<;E?&Uay, IXJԂ%FyH dFvy]m˔<2> -bz<xT݆oji -sd"*.3ߡqjKW rm,jL&6H| htf ")Pdp>$ɟVj۹=OL \ No newline at end of file +-> ssh-ed25519 0LL3PQ 1ix/iY1ciQ5TLqNHLidJo74p7U6xk0W+0zrFPCMmxGQ +Gify32vMCcZtow1mHKOambrFypS0g8M+7TU0GSZTxJg +-> ssh-ed25519 0dJ6Mg 1vMlO6MnEZkQC2D5kBHFSL2rcAEdGjC5obEKIKABAnY +Bp3havFr2QLOq8pFZWl/U0gtEsOfcTl9bjDoSr6RlBI +-> ssh-ed25519 7owkuQ 3yeuQvDvcpXWWwPr/NusblZ17SYYZQv/uslVTWDd0mE +tMsGUXiKvnMK+VLUOlcQlgFshKobhTlABQYwL88qJyk +-> ssh-ed25519 yg55bA xDjHHyqk5W2o4JCumczUPqSRzGyRRXx9uWU818sijE0 +NqQj61QgFqyqqR9w2+cUVt1Y5gdGaaV8H3WUrzz4Gjg +-> .>G!b"-grease ! ~IZl= i_: Z~' +byYr7fXy2XziAJJtw8HZMyStMRWfP1XwPB8wS3OzOBqw7sBi+hkjzouiebi483jK +2fkxdi8SCo+DvxUHREXIS//ixmZqIKnzhZW1x90 +--- nNgeCy03rYViLtzv4WSvpNJY4QJzIYOyS8CmszKss7I +OޜɍTgiZM(XF/4Vvj (rojĠ=}LYf#X,iŌ&f`Ԁhς50ƛhuwD@U +R5ݽ,4(]P>+Sg_I Fƛq敎Ry bԸcyu7ZY# uMH]QQ>2r2X=|j:J+RSɢ#nQ3 #V:% 1oLkhM~ +oZht q!E fg1[]K.{\?(b88 }=s[Wj, ssh-ed25519 nTBfeQ 3koSzAro+n4LxSdup9/PluT77oO5nU6/VX0koWicMR0 -xws/hbp3yT2L/BOzulIKHPwPJI328axZiuxTw5HERNU --> ssh-ed25519 ZyUiqQ +oB3JFPfKcsPoIbunaLDouBPrKHAFuIu4/U3NbOhM3A -ByJzsXtZYMajbLIpy0qL/d7x1mP6d9em/7J7tQK/yGI --> ssh-ed25519 7owkuQ 5efBQm6io/0wx1jFr/n5cO7xT9VL9fSPyBcKdWJGAnU -R0c7uckpn1RnZfiYJzrW4eJ1AdeMqDi9aN/L7GHVn2I --> ssh-ed25519 yg55bA T0Ei5TtuEKCe1SPrXB4IwrSQSpj7SMNDPzT0NqYVbUc -DQt2YH7jagUBH5lRZhAeHfsq9ttTAhKlzVA51/4uu+4 --> l8FHd2t-grease 7PpUu4 [%p}'4 -p3shnCQw0c1yPA ---- dDfzulZ/6DescfUw4FzskkrFrMpvNUYX2zU3ds3senM - RQ[-o̮?CfR-{y5bL-P/eSOIr Z { \ No newline at end of file +-> ssh-ed25519 0LL3PQ bOMlgebRdu00Y6AMCMzfMDHz20hmxFZKXZXTV0GxrXI +h8g+yA6VbtKmSpJQd7jRXbI3XZ4t9onF9HAAFZqGfjo +-> ssh-ed25519 0dJ6Mg re3MAlJT/+Cv3JuX32+DDsCpX2fyjmbf6lHWEPo2cS4 +eoGwzNSWZsz7MraRl+WszHPtV/Js5miEpyPW80qE2Rk +-> ssh-ed25519 7owkuQ jVPzIG/BaqhF0pDsQGyTszSYk9uqxgT+gkI3isFfXjw +KNYecxPhASdkrX9HksZvd3PklumBxhT56cwuAvrjrCI +-> ssh-ed25519 yg55bA RQqNeR7/CnTikL1PmjuB8wbrbB/ePXDL5Vc68nwglms +XSdnfZRny11PwqNz2RQXZTJkebgpcIlLPH41anP+bE0 +-> Fwm.uTZQ-grease 0 l*:+ KkJHBhG ++GHIrzesQEN5gofR9foQBAispJYm7Q+ZpcaGA5c +--- BeBZdmPhZssR+92iYgQ/62hlCIiY6SUQaggAZkXTw8I +|.hv"՟i +|pw4ni؟WB?l`[2(ᨿ_i' \ No newline at end of file diff --git a/nix/secrets/typst-bot_token.age b/nix/secrets/typst-bot_token.age index 1f6b7cefb30e3c76c24183bb5185ba77d43fb1a3..82ff09f70d27f78294142c915949f7611700b4b8 100644 GIT binary patch literal 776 zcmZY4&C8Pv008i)n-yK6TV$7@#&Uj5C8(UwGu_;D&Q0Bj$fCzvMTdflh&mK>?hq00B{~%J!9$mbE*+w4{RKaMx@}dhg%Oo&i4!dL2ayeBFi<@R z#__CbnFx-<6jXVYEv6 z<#K2fCTV!agq68G3=3AWS#O~#G+<~6gTrM@#WKtnAw;n1<|s>oJXJ`|so@h;rEFbX zGt$2_BFN{d1bVE=Qp;dopfxH$U6v1$hCf4>1~zXXZb%q$TaxltpOY~FtH4GpUrpmw z4N2IFgvJaRq#0g^5 z#LBFv&czG>s?{n;MHI7^5JF^f0zdBy9aTVRGZZ*I#RfChCp{Q)?2#UmL*US>=CfN5 z_V3=KeWebJwqN{loIEREp$|X4vn4K<*T9!Bx7pft@hq*Kbs8oNqVeA1$nwkG7EM%^HR z8N}PoVQZAteY!8IWWlJywv(V;hi4sLPZ!N}QcA0+H1rN@V%*go7R&@`jP1Kk&ak?e z%34&=CPK%R+d{xZlf?1_h#g4T&df9cd5nwI3h6q6V8^A3(<}ywKcMqWO%)V3^h~*L zrv(~@@#VX#a$io>b^*BnQ<( z0THJbRtyz*Ml}0262}G3=Yk9=0}MfpV3jM!WfU@MUc^J3$z%}L@uh0Ss)26}(li%l zx{~}~!&aA4|4su>0aqe$Nd&PAjGKT(Q8=q!>H-yAhd5GYJPhGtf;1#oAo>aHLLu2$ zRZFd2Awl4*s^uuOQEJfT732gWR0^~W&*B@Xim+{C z5=(B6wwqzXb%t3*PMBeoBXGnbfmizGiz91$Pj~M8W|n_!%^x4^9F^xAf5flc zbL*c%mAGR-lIYn-qJn`_^!SZ+Jd_;2JuDo5j0XJlkDHf~u}dP^^DO*U~d zZc$M$Ha0O?Xh?67@fTNRdTnr8NJ~agZg5&^ZAeRQP()XGw5lHArSuNkceMM0ag5Xn1!sRz!D8V^ULEI6+D@R!c-tQcVgtN;FS; zQ873-IC61tZ&Pz*Y-ManX=+MoR%K;jD?>O?RZ>@OOh{Bpd3OpeJ|Hc0bSqagEoX9N zVRK~)X=`a%PIOvyO>S;yOGs5RH!CxIzM*+Vh3f$JjZaH+fGkh>vfKi&6#ib{GAh5FZLU!#4k+*0&>eZX$1OKh(Q^%h zkj;1pna%e53`@kKdOz1@gE=zhm3eUgMiOiiplJpk*9aps7(5!rOW?i{JzQ7egT75E zizK~~)qeV8o)a}}gE(G$0lgzz>f%KmKY)(@e)N7f25J^H(217QZdXqnFN>W$1%6r< iKC;Sed|nmE#psY}-~$IK*@wwWs9a9xx7J8jcm;%W|2Gu? delta 895 zcmWmA>uVbY003|*+Dc*tWiqUOI4JAJZfWk3dt|E}ms~EnyIe1q+~slNMqZb@JTA%Q z9j96ARFJ9D;bR{PnTWWDRdh_poKuTBti|Dm4E<7CHkcnqyD-Pj%QyJBcWMoi3u5K#8(%q+r$+n`0WN)pSQTgJ2l!2GovXR3#wiVG2YSs|6K7 z!zmd}>X86r=9y%>kf1PcP>yujHWv)UXsKYc@GvK43KefPW0*~U*W#U35~TfQv7U)E zp<+8-ZG|A%Kzy#ZHnzqZ9Z-jzZp~j}aygk}1Cs0_G`FsbfV=+7=Hk(A=hib)2Rz(waFn4tS(AHj3A}ie@67~=x74~@H z3?Hx{t^rpoEuCk`keYxa6`G}`JY~Zb)M${cbkh*nnh@=DIZkSYo0dhY4YbvyiXt6I zK{OsL*8X2opLOJ{Y_gUG{QH1Jawon$W%C3A?iR-JRh>bL?I7G^vJoa#F42&cGk7;w z;GLC}Ac00cRqo(0;WU|CLW2sTNQM!vk)N??nToD<^eXM+btZv;-DD};MzUZ6i$Wo{ zfaM?_B2q1z!{GqpcnOn;lornwm1tCs!eS)p54z+M%!+2JR_40BYO#>WVx$Gx2Aip~ zyAECh{~GL>xwHGw)TLMYr%(L-Xld?pJoen5zi9b!q0)r>Rri^)p|e zQTtP`50zJ1wZ(5om!_{y3XU!0<{I0AODIk_da-nm@Tbexj$p%AKb`kJasj-nEe$_*d-1?ichPTh zwRg5~{o$S0C+^>wJ5KNIKm6)Gc;(n(^z%dSfB$9h24vVryr)CcR$KT*8GNXN+MD;% zpB%aA{O9}&OS2B(__0aHiM`s03anV)0i7S;&TOL6oa|Nq;CGB(o?6_)$2XQQzP37l zMgJ_nFdqNuXZ!Ar=sEkYYHw{|+`jeF#irt3_+op1eg_gIPAc2*kH!{G9{qjZe($%* N^>@j$6TtF~#DC=TR4@Pl From 24d514b9fe17ae2510b278b378b7b8e13427f8e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sat, 1 Nov 2025 19:12:53 +0800 Subject: [PATCH 22/32] age: update sshconfig --- nix/secrets/sshconfig.age | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/nix/secrets/sshconfig.age b/nix/secrets/sshconfig.age index cf24cc70..75bd6ee3 100644 --- a/nix/secrets/sshconfig.age +++ b/nix/secrets/sshconfig.age @@ -1,16 +1,17 @@ age-encryption.org/v1 --> ssh-ed25519 0LL3PQ 1ix/iY1ciQ5TLqNHLidJo74p7U6xk0W+0zrFPCMmxGQ -Gify32vMCcZtow1mHKOambrFypS0g8M+7TU0GSZTxJg --> ssh-ed25519 0dJ6Mg 1vMlO6MnEZkQC2D5kBHFSL2rcAEdGjC5obEKIKABAnY -Bp3havFr2QLOq8pFZWl/U0gtEsOfcTl9bjDoSr6RlBI --> ssh-ed25519 7owkuQ 3yeuQvDvcpXWWwPr/NusblZ17SYYZQv/uslVTWDd0mE -tMsGUXiKvnMK+VLUOlcQlgFshKobhTlABQYwL88qJyk --> ssh-ed25519 yg55bA xDjHHyqk5W2o4JCumczUPqSRzGyRRXx9uWU818sijE0 -NqQj61QgFqyqqR9w2+cUVt1Y5gdGaaV8H3WUrzz4Gjg --> .>G!b"-grease ! ~IZl= i_: Z~' -byYr7fXy2XziAJJtw8HZMyStMRWfP1XwPB8wS3OzOBqw7sBi+hkjzouiebi483jK -2fkxdi8SCo+DvxUHREXIS//ixmZqIKnzhZW1x90 ---- nNgeCy03rYViLtzv4WSvpNJY4QJzIYOyS8CmszKss7I -OޜɍTgiZM(XF/4Vvj (rojĠ=}LYf#X,iŌ&f`Ԁhς50ƛhuwD@U -R5ݽ,4(]P>+Sg_I Fƛq敎Ry bԸcyu7ZY# uMH]QQ>2r2X=|j:J+RSɢ#nQ3 #V:% 1oLkhM~ -oZht q!E fg1[]K.{\?(b88 }=s[Wj, ssh-ed25519 0LL3PQ bDFQQmhL1lT5KkGv9T2KCpx85TeBgraFtnCmvDXwwRA +xoBjy0hm1CkfHxHlY9S2BHDYYewX2ytPeoR9YbTtlCs +-> ssh-ed25519 0dJ6Mg MRGlK8OdIJsPAXTVSyYAyxB8gXHwRlUnEzWiaGTpjlI ++WtL6d+fYkyFGpNKGOR8VSyxcPclprDrXBJIqjs7hqw +-> ssh-ed25519 7owkuQ CjpFcjgDgQ5tVGA69U0I8rs7BW91IJYeHoooyNTCqhw +k9Lml3gfrZkWD9wTlztjd3cS0AhgD0uLlVutu1PyTQ4 +-> ssh-ed25519 yg55bA wvVfTxH9R30CJLS8q/ou2tVNM6okXVPNFb688NqTgjQ +6KD94cu8bXhsqqalVtxv3wqNQgcR2WavZkIebMwu4ic +-> %4r7Ea3-grease o~`[:vH l>_)R:w3 +EvEthNDe7whC0/7kbvwvLBiGLH4wG2rKEGKMzsIvNW+tiswH3vAWIfyQZGAQ/82T +WpN2wY4fqBmbyvQgwTSP3jCeVVQ9Ko8lkbm+n9mNFSv3cs2zcxbBd5bd24a0Q2El +EA +--- nA+Y/Mjk/CRL//AvmoOhR5WZAvw/xTD4mXiBtEhX6q4 +w( +[Y .sܸ_?4Ce[JG~PJsA:pǑK$LIGR?<1 5c3>eǯg6$Hu;`YX m78-%ͺ߁p R3bCױ8oڭS~'&*k8q#W (9& +TV}tkkߘ_8 *@V  Date: Sat, 1 Nov 2025 19:37:10 +0800 Subject: [PATCH 23/32] hydrogen: some minor tweaks for the build to work --- nix/configurations/hydrogen.nix | 4 +++- nix/configurations/hydrogen/nixos/connectivity.nix | 9 ++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/nix/configurations/hydrogen.nix b/nix/configurations/hydrogen.nix index 4bb8d997..a9a2d7c8 100644 --- a/nix/configurations/hydrogen.nix +++ b/nix/configurations/hydrogen.nix @@ -43,7 +43,9 @@ in ] # use lix everywhere and wrap it with nom ++ [ - (import (sources.lix-module + "/overlay.nix") {inherit (sources) lix;}) + # TODO + # Can't get it build for now + # (import (sources.lix-module + "/overlay.nix") {inherit (sources) lix;}) (import ../overlays/nix-monitored.nix) ]; diff --git a/nix/configurations/hydrogen/nixos/connectivity.nix b/nix/configurations/hydrogen/nixos/connectivity.nix index 2c04b047..c07dac6b 100644 --- a/nix/configurations/hydrogen/nixos/connectivity.nix +++ b/nix/configurations/hydrogen/nixos/connectivity.nix @@ -62,8 +62,15 @@ }; in lib.mkMerge (map go ns); + + allowList = builtins.filter (x: x.ssid == "~"); in - fromList (import ../../../connectivity/networks.nix); + fromList ( + # We only want to use my own network + allowList ( + import ../../../connectivity/networks.nix + ) + ); }; }; From 89e137711fe2684ed6a9743cc23d0683eceef095 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sat, 1 Nov 2025 19:50:02 +0800 Subject: [PATCH 24/32] treewide: fix lix overlay --- nix/configurations/hydrogen.nix | 23 +++++++--------- nix/configurations/vanadium.nix | 47 +++++++++++++++------------------ nix/overlays/lix.nix | 10 +++++++ 3 files changed, 41 insertions(+), 39 deletions(-) create mode 100644 nix/overlays/lix.nix diff --git a/nix/configurations/hydrogen.nix b/nix/configurations/hydrogen.nix index a9a2d7c8..c79e53a0 100644 --- a/nix/configurations/hydrogen.nix +++ b/nix/configurations/hydrogen.nix @@ -33,21 +33,16 @@ in # { nixpkgs = { - overlays = - map import - [ - ../overlays/agenix.nix - ../overlays/nur.nix - ../overlays/nix-tree.nix - ../packages/overlay.nix - ] + overlays = map import [ + ../overlays/agenix.nix + ../overlays/nur.nix + ../overlays/nix-tree.nix + ../packages/overlay.nix + # use lix everywhere and wrap it with nom - ++ [ - # TODO - # Can't get it build for now - # (import (sources.lix-module + "/overlay.nix") {inherit (sources) lix;}) - (import ../overlays/nix-monitored.nix) - ]; + ../overlays/lix.nix + ../overlays/nix-monitored.nix + ]; # Set NIX_PATH and flake registry at the same time # https://github.com/NixOS/nixpkgs/pull/254405 diff --git a/nix/configurations/vanadium.nix b/nix/configurations/vanadium.nix index 5be9bac1..1ed762c7 100644 --- a/nix/configurations/vanadium.nix +++ b/nix/configurations/vanadium.nix @@ -42,35 +42,32 @@ in rocmSupport = true; }; - overlays = - map import - [ - ../overlays/agenix.nix - ../overlays/disko.nix - ../overlays/nur.nix - ../overlays/wired-notify.nix - ../overlays/nix-tree.nix - ../overlays/wallpapers.nix - ../overlays/nil.nix - ../overlays/dix.nix - ../overlays/eepy.nix - ../overlays/calibre-no-mime.nix - ../overlays/fcitx5-table-extra-taiwanese.nix + overlays = map import [ + ../overlays/agenix.nix + ../overlays/disko.nix + ../overlays/nur.nix + ../overlays/wired-notify.nix + ../overlays/nix-tree.nix + ../overlays/wallpapers.nix + ../overlays/nil.nix + ../overlays/dix.nix + ../overlays/eepy.nix + ../overlays/calibre-no-mime.nix + ../overlays/fcitx5-table-extra-taiwanese.nix - ../overlays/iosevka.nix - ../packages/overlay.nix + ../overlays/iosevka.nix + ../packages/overlay.nix - ./vanadium/overlay.nix - ./vanadium/kernel-overlay.nix + ./vanadium/overlay.nix + ./vanadium/kernel-overlay.nix + + # removed, but I need it for PLFA! + ../overlays/pin-emacs28.nix - # removed, but I need it for PLFA! - ../overlays/pin-emacs28.nix - ] # use lix everywhere and wrap it with nom - ++ [ - (import (sources.lix-module + "/overlay.nix") {inherit (sources) lix;}) - (import ../overlays/nix-monitored.nix) - ]; + ../overlays/lix.nix + ../overlays/nix-monitored.nix + ]; # Set NIX_PATH and flake registry at the same time # https://github.com/NixOS/nixpkgs/pull/254405 diff --git a/nix/overlays/lix.nix b/nix/overlays/lix.nix new file mode 100644 index 00000000..0c47da25 --- /dev/null +++ b/nix/overlays/lix.nix @@ -0,0 +1,10 @@ +final: _: { + nix = final.lixPackageSets.stable.lix; + inherit + (final.lixPackageSets.stable) + nixpkgs-review + nix-eval-jobs + nix-fast-build + colmena + ; +} From 549144ec2103930c5869dd69b88313b7e0adf74a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sat, 1 Nov 2025 19:50:42 +0800 Subject: [PATCH 25/32] npins: remove lix{,-module} --- npins/sources.json | 34 ---------------------------------- 1 file changed, 34 deletions(-) diff --git a/npins/sources.json b/npins/sources.json index 7df0bc2f..4201f4b0 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -135,40 +135,6 @@ "url": "https://codeberg.org/api/v1/repos/amjoseph/infuse.nix/archive/v2.4.tar.gz", "hash": "1s3d1v27jxsw5050qi0bq6agpf5gpw6jmcyigzpdgwfm9d6w6wz1" }, - "lix": { - "type": "GitRelease", - "repository": { - "type": "Forgejo", - "server": "https://git.lix.systems/", - "owner": "lix-project", - "repo": "lix" - }, - "pre_releases": false, - "version_upper_bound": null, - "release_prefix": null, - "submodules": false, - "version": "2.93.3", - "revision": "017e93ae637ce6dfc958001e5cdc2a3e0182be6f", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2.93.3.tar.gz", - "hash": "152xjnlr733z34ndyxnhdaw7d4f3zcj5w028mlmwy378wvhk9b1s" - }, - "lix-module": { - "type": "GitRelease", - "repository": { - "type": "Forgejo", - "server": "https://git.lix.systems/", - "owner": "lix-project", - "repo": "nixos-module" - }, - "pre_releases": false, - "version_upper_bound": null, - "release_prefix": null, - "submodules": false, - "version": "2.93.1", - "revision": "c3c78a32273e89d28367d8605a4c880f0b6607e3", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/2.93.1.tar.gz", - "hash": "1m1lk9mjmcjfi30h1yckjrbdy9yf4msav2dnk8lpn0hrj4mkkw0i" - }, "nil": { "type": "Git", "repository": { From 9667557cc6b3a30d4040a91d6ed4a96031eedc5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sun, 2 Nov 2025 10:05:39 +0800 Subject: [PATCH 26/32] overlays/lix: fix infrec --- nix/overlays/lix.nix | 7 ------- 1 file changed, 7 deletions(-) diff --git a/nix/overlays/lix.nix b/nix/overlays/lix.nix index 0c47da25..6be56324 100644 --- a/nix/overlays/lix.nix +++ b/nix/overlays/lix.nix @@ -1,10 +1,3 @@ final: _: { nix = final.lixPackageSets.stable.lix; - inherit - (final.lixPackageSets.stable) - nixpkgs-review - nix-eval-jobs - nix-fast-build - colmena - ; } From fe93ed45842b49ae16f62a22749c3655a71d6aa8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sun, 2 Nov 2025 10:16:58 +0800 Subject: [PATCH 27/32] hydrogen: enable termInfo --- nix/configurations/hydrogen/nixos/programs.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nix/configurations/hydrogen/nixos/programs.nix b/nix/configurations/hydrogen/nixos/programs.nix index 0e605d66..5f281024 100644 --- a/nix/configurations/hydrogen/nixos/programs.nix +++ b/nix/configurations/hydrogen/nixos/programs.nix @@ -13,4 +13,7 @@ git.enable = true; }; + + # Helps with kitty when ssh from remote + environment.enableAllTerminfo = true; } From ecb06aaa84c331dfbee3ef968c3b9a7e69762731 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sun, 2 Nov 2025 10:21:01 +0800 Subject: [PATCH 28/32] home: notify when patdiff is being enabled on aarch64-linux --- nix/configurations/hydrogen/home/programs.nix | 1 - nix/homeModules/common/git.nix | 12 +++++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/nix/configurations/hydrogen/home/programs.nix b/nix/configurations/hydrogen/home/programs.nix index 32ed2b56..463485a7 100644 --- a/nix/configurations/hydrogen/home/programs.nix +++ b/nix/configurations/hydrogen/home/programs.nix @@ -54,7 +54,6 @@ btop.enable = true; - # OCaml fails to build on aarch64-linux git.patdiff.enable = lib.mkForce false; }; diff --git a/nix/homeModules/common/git.nix b/nix/homeModules/common/git.nix index a50ba2a5..68f151c6 100644 --- a/nix/homeModules/common/git.nix +++ b/nix/homeModules/common/git.nix @@ -1,12 +1,22 @@ { lib, config, + pkgs, ... }: { # git plugins programs.git = { lfs.enable = true; - patdiff.enable = true; + patdiff.enable = lib.mkMerge [ + # known to fail on aarch64-linux + (lib.mkIf (pkgs.system == "aarch64-linux") ( + # TODO: investigate this + lib.warn "patdiff has been forcibly disabled because it has previously failed to build" + lib.mkForce + false + )) + (lib.mkDefault true) + ]; }; # 懶惰鬼賴皮 From ad8a114feb916155b8eda59b0652395273b33a2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sun, 2 Nov 2025 10:23:10 +0800 Subject: [PATCH 29/32] hydrogen: include fzf --- nix/configurations/hydrogen.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/configurations/hydrogen.nix b/nix/configurations/hydrogen.nix index c79e53a0..6cdc248b 100644 --- a/nix/configurations/hydrogen.nix +++ b/nix/configurations/hydrogen.nix @@ -98,6 +98,7 @@ in ../homeModules/common/btop ../homeModules/common/fish ../homeModules/common/starship + ../homeModules/common/fzf.nix ../homeModules/common/tmux ../homeModules/common/vim ../homeModules/common/direnv.nix From 3982973947d63546e4906d1569d9ffd0f1acb0ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sun, 2 Nov 2025 12:00:17 +0800 Subject: [PATCH 30/32] hydrogen/home: remove host-wise patdiff disable --- nix/configurations/hydrogen/home/programs.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/nix/configurations/hydrogen/home/programs.nix b/nix/configurations/hydrogen/home/programs.nix index 463485a7..bfe508c8 100644 --- a/nix/configurations/hydrogen/home/programs.nix +++ b/nix/configurations/hydrogen/home/programs.nix @@ -53,8 +53,6 @@ ripgrep.enable = true; btop.enable = true; - - git.patdiff.enable = lib.mkForce false; }; services = { From 2dd16cded807500f90e8c071f6a4c3efe8683ad2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sun, 2 Nov 2025 12:01:10 +0800 Subject: [PATCH 31/32] hydrogen/connectivity: disable mfi fastcharge --- nix/configurations/hydrogen/nixos/connectivity.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/nix/configurations/hydrogen/nixos/connectivity.nix b/nix/configurations/hydrogen/nixos/connectivity.nix index c07dac6b..a71fc30c 100644 --- a/nix/configurations/hydrogen/nixos/connectivity.nix +++ b/nix/configurations/hydrogen/nixos/connectivity.nix @@ -3,11 +3,6 @@ lib, ... }: { - # https://unix.stackexchange.com/questions/592775/how-can-i-enable-apple-ios-fast-charge-support - services.udev.extraRules = '' - SUBSYSTEM=="usb", ACTION=="add", DRIVER=="apple-mfi-fastcharge", RUN+="/bin/sh -c 'echo Fast > /sys/class/power_supply/apple_mfi_fastcharge/charge_type'" - ''; - users.users.root.openssh.authorizedKeys.keys = let ids = import ../../../identities.nix; in From 6f73ad90fe7f08bf5cfa1912a932d0119a60d549 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= Date: Sun, 2 Nov 2025 12:08:40 +0800 Subject: [PATCH 32/32] tree-wide: make secure_dns a shared module --- nix/configurations/hydrogen.nix | 5 +- nix/configurations/vanadium.nix | 2 +- .../vanadium/nixos/secure_dns.nix | 57 ------------------- .../extra}/secure_dns.nix | 6 +- 4 files changed, 6 insertions(+), 64 deletions(-) delete mode 100644 nix/configurations/vanadium/nixos/secure_dns.nix rename nix/{configurations/hydrogen/nixos => nixosModules/extra}/secure_dns.nix (98%) diff --git a/nix/configurations/hydrogen.nix b/nix/configurations/hydrogen.nix index 6cdc248b..d0196449 100644 --- a/nix/configurations/hydrogen.nix +++ b/nix/configurations/hydrogen.nix @@ -57,8 +57,11 @@ in ./hydrogen/nixos/misc.nix ./hydrogen/nixos/programs.nix ./hydrogen/nixos/connectivity.nix - ./hydrogen/nixos/secure_dns.nix + # QUIRK: + # Had issue when building the installer as it fails to bootstrap itself + # Might be useful to disable for the first build. + ../nixosModules/extra/secure_dns.nix ../nixosModules/common/disable-command-not-found.nix ../nixosModules/common/network.nix ../nixosModules/common/sudo-conf.nix diff --git a/nix/configurations/vanadium.nix b/nix/configurations/vanadium.nix index 1ed762c7..0e72a47e 100644 --- a/nix/configurations/vanadium.nix +++ b/nix/configurations/vanadium.nix @@ -90,7 +90,6 @@ in ./vanadium/nixos/audio.nix ./vanadium/nixos/connectivity.nix - ./vanadium/nixos/secure_dns.nix ./vanadium/nixos/input.nix ./vanadium/nixos/misc.nix @@ -108,6 +107,7 @@ in ../nixosModules/common/system-nixconf.nix ../nixosModules/common/xscreensaver.nix + ../nixosModules/extra/secure_dns.nix ../nixosModules/extra/zram.nix ../nixosModules/extra/leana.nix diff --git a/nix/configurations/vanadium/nixos/secure_dns.nix b/nix/configurations/vanadium/nixos/secure_dns.nix deleted file mode 100644 index 1aeeff7f..00000000 --- a/nix/configurations/vanadium/nixos/secure_dns.nix +++ /dev/null @@ -1,57 +0,0 @@ -# https://nixos.wiki/wiki/Encrypted_DNS -{ - lib, - pkgs, - ... -}: { - networking = { - nameservers = ["127.0.0.1" "::1"]; - dhcpcd.extraConfig = "nohook resolv.conf"; - # networkmanager.dns = "none"; - }; - - services.resolved.enable = false; - - services.dnscrypt-proxy2 = { - enable = true; - # Settings reference: - # https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml - settings = { - listen_addresses = ["127.0.0.1:53"]; - ipv4_servers = true; - - require_dnssec = true; - require_nolog = true; - require_nofilter = true; - - lb_strategy = "p2"; - lb_estimator = true; - - # Blocklists are made of one pattern per line. - # https://github.com/DNSCrypt/dnscrypt-proxy/blob/fa59f990431a49b6485f63f96601bc7e64017bf8/dnscrypt-proxy/example-dnscrypt-proxy.toml#L583C4-L583C75 - blocked_names.blocked_names_file = pkgs.concatText "dnsblocklist_combined" [ - # Prevent building up reliance on chatbots - # Gotta preserve that thinking ability of my smoof bwain - pkgs.ai_blocklist - pkgs.hategroup_blocklist - - # Gotta purify my smoos brain for a while - (pkgs.writeText "extra_dns_blocklist" '' - instagram.com - youtube.com - '') - ]; - - # Add this to test if dnscrypt-proxy is actually used to resolve DNS requests - # query_log.file = "/var/log/dnscrypt-proxy/query.log"; - sources.public-resolvers = { - urls = [ - "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md" - "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md" - ]; - cache_file = "/var/cache/dnscrypt-proxy/public-resolvers.md"; - minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3"; - }; - }; - }; -} diff --git a/nix/configurations/hydrogen/nixos/secure_dns.nix b/nix/nixosModules/extra/secure_dns.nix similarity index 98% rename from nix/configurations/hydrogen/nixos/secure_dns.nix rename to nix/nixosModules/extra/secure_dns.nix index 1aeeff7f..f662db89 100644 --- a/nix/configurations/hydrogen/nixos/secure_dns.nix +++ b/nix/nixosModules/extra/secure_dns.nix @@ -1,9 +1,5 @@ # https://nixos.wiki/wiki/Encrypted_DNS -{ - lib, - pkgs, - ... -}: { +{pkgs, ...}: { networking = { nameservers = ["127.0.0.1" "::1"]; dhcpcd.extraConfig = "nohook resolv.conf";