···

       
1
       
1
       
-
       
[submodule "secrets"]

     

       
2
       
2
       
-
       
	path = secrets

     

       
3
       
3
       
-
       
	url = git@git.freumh.org:ryan/nixos-secrets.git

     

···

       
1
       
1
       
 
       
{

     

       
2
       
2
       
 
       
  "nodes": {

     

       
3
       
3
       
+
       
    "agenix": {

     

       
4
       
4
       
+
       
      "inputs": {

     

       
5
       
5
       
+
       
        "darwin": "darwin",

     

       
6
       
6
       
+
       
        "home-manager": "home-manager",

     

       
7
       
7
       
+
       
        "nixpkgs": "nixpkgs",

     

       
8
       
8
       
+
       
        "systems": "systems"

     

       
9
       
9
       
+
       
      },

     

       
10
       
10
       
+
       
      "locked": {

     

       
11
       
11
       
+
       
        "lastModified": 1707830867,

     

       
12
       
12
       
+
       
        "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=",

     

       
13
       
13
       
+
       
        "owner": "ryantm",

     

       
14
       
14
       
+
       
        "repo": "agenix",

     

       
15
       
15
       
+
       
        "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6",

     

       
16
       
16
       
+
       
        "type": "github"

     

       
17
       
17
       
+
       
      },

     

       
18
       
18
       
+
       
      "original": {

     

       
19
       
19
       
+
       
        "owner": "ryantm",

     

       
20
       
20
       
+
       
        "repo": "agenix",

     

       
21
       
21
       
+
       
        "type": "github"

     

       
22
       
22
       
+
       
      }

     

       
23
       
23
       
+
       
    },

     

       
3
       
24
       
 
       
    "alec-website": {

     

       
4
       
25
       
 
       
      "inputs": {

     

       
5
       
26
       
 
       
        "flake-utils": "flake-utils",

     
···

       
44
       
65
       
 
       
        "url": "ssh://git@github.com/ryangibb/colour-guesser.git"

     

       
45
       
66
       
 
       
      }

     

       
46
       
67
       
 
       
    },

     

       
68
       
68
       
+
       
    "darwin": {

     

       
69
       
69
       
+
       
      "inputs": {

     

       
70
       
70
       
+
       
        "nixpkgs": [

     

       
71
       
71
       
+
       
          "agenix",

     

       
72
       
72
       
+
       
          "nixpkgs"

     

       
73
       
73
       
+
       
        ]

     

       
74
       
74
       
+
       
      },

     

       
75
       
75
       
+
       
      "locked": {

     

       
76
       
76
       
+
       
        "lastModified": 1700795494,

     

       
77
       
77
       
+
       
        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",

     

       
78
       
78
       
+
       
        "owner": "lnl7",

     

       
79
       
79
       
+
       
        "repo": "nix-darwin",

     

       
80
       
80
       
+
       
        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",

     

       
81
       
81
       
+
       
        "type": "github"

     

       
82
       
82
       
+
       
      },

     

       
83
       
83
       
+
       
      "original": {

     

       
84
       
84
       
+
       
        "owner": "lnl7",

     

       
85
       
85
       
+
       
        "ref": "master",

     

       
86
       
86
       
+
       
        "repo": "nix-darwin",

     

       
87
       
87
       
+
       
        "type": "github"

     

       
88
       
88
       
+
       
      }

     

       
89
       
89
       
+
       
    },

     

       
47
       
90
       
 
       
    "devshell": {

     

       
48
       
91
       
 
       
      "locked": {

     

       
49
       
92
       
 
       
        "lastModified": 1642188268,

     
···

       
88
       
131
       
 
       
        ]

     

       
89
       
132
       
 
       
      },

     

       
90
       
133
       
 
       
      "locked": {

     

       
91
       
91
       
-
       
        "lastModified": 1709565128,

     

       
92
       
92
       
-
       
        "narHash": "sha256-ZhBaGudEKv84phqhSps4Y7cpneWzJvEWxZuiV/ehYSQ=",

     

       
134
       
134
       
+
       
        "lastModified": 1710294901,

     

       
135
       
135
       
+
       
        "narHash": "sha256-TehQkd+aY48m2q9O3UBjXSmkxjZwITbbZNs2bfYeSY8=",

     

       
93
       
136
       
 
       
        "owner": "RyanGibb",

     

       
94
       
137
       
 
       
        "repo": "eilean-nix",

     

       
95
       
95
       
-
       
        "rev": "ef944e2d2544dc71befca73660b7eab600185e0a",

     

       
138
       
138
       
+
       
        "rev": "be8f1b31735b86c98c2c12ba14bb16902202486e",

     

       
96
       
139
       
 
       
        "type": "github"

     

       
97
       
140
       
 
       
      },

     

       
98
       
141
       
 
       
      "original": {

     
···

       
203
       
246
       
 
       
    },

     

       
204
       
247
       
 
       
    "flake-utils_10": {

     

       
205
       
248
       
 
       
      "inputs": {

     

       
206
       
206
       
-
       
        "systems": "systems_6"

     

       
249
       
249
       
+
       
        "systems": "systems_7"

     

       
207
       
250
       
 
       
      },

     

       
208
       
251
       
 
       
      "locked": {

     

       
209
       
252
       
 
       
        "lastModified": 1685518550,

     
···

       
234
       
277
       
 
       
    },

     

       
235
       
278
       
 
       
    "flake-utils_2": {

     

       
236
       
279
       
 
       
      "inputs": {

     

       
237
       
237
       
-
       
        "systems": "systems"

     

       
280
       
280
       
+
       
        "systems": "systems_2"

     

       
238
       
281
       
 
       
      },

     

       
239
       
282
       
 
       
      "locked": {

     

       
240
       
283
       
 
       
        "lastModified": 1681202837,

     
···

       
265
       
308
       
 
       
    },

     

       
266
       
309
       
 
       
    "flake-utils_4": {

     

       
267
       
310
       
 
       
      "inputs": {

     

       
268
       
268
       
-
       
        "systems": "systems_2"

     

       
311
       
311
       
+
       
        "systems": "systems_3"

     

       
269
       
312
       
 
       
      },

     

       
270
       
313
       
 
       
      "locked": {

     

       
271
       
314
       
 
       
        "lastModified": 1701680307,

     
···

       
297
       
340
       
 
       
    },

     

       
298
       
341
       
 
       
    "flake-utils_6": {

     

       
299
       
342
       
 
       
      "inputs": {

     

       
300
       
300
       
-
       
        "systems": "systems_3"

     

       
343
       
343
       
+
       
        "systems": "systems_4"

     

       
301
       
344
       
 
       
      },

     

       
302
       
345
       
 
       
      "locked": {

     

       
303
       
346
       
 
       
        "lastModified": 1694529238,

     
···

       
330
       
373
       
 
       
    },

     

       
331
       
374
       
 
       
    "flake-utils_8": {

     

       
332
       
375
       
 
       
      "inputs": {

     

       
333
       
333
       
-
       
        "systems": "systems_4"

     

       
376
       
376
       
+
       
        "systems": "systems_5"

     

       
334
       
377
       
 
       
      },

     

       
335
       
378
       
 
       
      "locked": {

     

       
336
       
379
       
 
       
        "lastModified": 1692799911,

     
···

       
348
       
391
       
 
       
    },

     

       
349
       
392
       
 
       
    "flake-utils_9": {

     

       
350
       
393
       
 
       
      "inputs": {

     

       
351
       
351
       
-
       
        "systems": "systems_5"

     

       
394
       
394
       
+
       
        "systems": "systems_6"

     

       
352
       
395
       
 
       
      },

     

       
353
       
396
       
 
       
      "locked": {

     

       
354
       
397
       
 
       
        "lastModified": 1701680307,

     
···

       
387
       
430
       
 
       
    },

     

       
388
       
431
       
 
       
    "gomod2nix": {

     

       
389
       
432
       
 
       
      "inputs": {

     

       
390
       
390
       
-
       
        "nixpkgs": "nixpkgs",

     

       
433
       
433
       
+
       
        "nixpkgs": "nixpkgs_2",

     

       
391
       
434
       
 
       
        "utils": "utils"

     

       
392
       
435
       
 
       
      },

     

       
393
       
436
       
 
       
      "locked": {

     
···

       
407
       
450
       
 
       
    "home-manager": {

     

       
408
       
451
       
 
       
      "inputs": {

     

       
409
       
452
       
 
       
        "nixpkgs": [

     

       
453
       
453
       
+
       
          "agenix",

     

       
454
       
454
       
+
       
          "nixpkgs"

     

       
455
       
455
       
+
       
        ]

     

       
456
       
456
       
+
       
      },

     

       
457
       
457
       
+
       
      "locked": {

     

       
458
       
458
       
+
       
        "lastModified": 1703113217,

     

       
459
       
459
       
+
       
        "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",

     

       
460
       
460
       
+
       
        "owner": "nix-community",

     

       
461
       
461
       
+
       
        "repo": "home-manager",

     

       
462
       
462
       
+
       
        "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",

     

       
463
       
463
       
+
       
        "type": "github"

     

       
464
       
464
       
+
       
      },

     

       
465
       
465
       
+
       
      "original": {

     

       
466
       
466
       
+
       
        "owner": "nix-community",

     

       
467
       
467
       
+
       
        "repo": "home-manager",

     

       
468
       
468
       
+
       
        "type": "github"

     

       
469
       
469
       
+
       
      }

     

       
470
       
470
       
+
       
    },

     

       
471
       
471
       
+
       
    "home-manager_2": {

     

       
472
       
472
       
+
       
      "inputs": {

     

       
473
       
473
       
+
       
        "nixpkgs": [

     

       
410
       
474
       
 
       
          "nixpkgs"

     

       
411
       
475
       
 
       
        ]

     

       
412
       
476
       
 
       
      },

     
···

       
529
       
593
       
 
       
    "neovim": {

     

       
530
       
594
       
 
       
      "inputs": {

     

       
531
       
595
       
 
       
        "flake-utils": "flake-utils_9",

     

       
532
       
532
       
-
       
        "nixpkgs": "nixpkgs_2"

     

       
596
       
596
       
+
       
        "nixpkgs": "nixpkgs_3"

     

       
533
       
597
       
 
       
      },

     

       
534
       
598
       
 
       
      "locked": {

     

       
535
       
599
       
 
       
        "dir": "contrib",

     
···

       
616
       
680
       
 
       
    "nix-rpi5": {

     

       
617
       
681
       
 
       
      "inputs": {

     

       
618
       
682
       
 
       
        "flake-compat": "flake-compat_4",

     

       
619
       
619
       
-
       
        "nixpkgs": "nixpkgs_3"

     

       
683
       
683
       
+
       
        "nixpkgs": "nixpkgs_4"

     

       
620
       
684
       
 
       
      },

     

       
621
       
685
       
 
       
      "locked": {

     

       
622
       
686
       
 
       
        "lastModified": 1704485878,

     
···

       
665
       
729
       
 
       
    },

     

       
666
       
730
       
 
       
    "nixpkgs": {

     

       
667
       
731
       
 
       
      "locked": {

     

       
668
       
668
       
-
       
        "lastModified": 1658285632,

     

       
669
       
669
       
-
       
        "narHash": "sha256-zRS5S/hoeDGUbO+L95wXG9vJNwsSYcl93XiD0HQBXLk=",

     

       
732
       
732
       
+
       
        "lastModified": 1703013332,

     

       
733
       
733
       
+
       
        "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",

     

       
670
       
734
       
 
       
        "owner": "NixOS",

     

       
671
       
735
       
 
       
        "repo": "nixpkgs",

     

       
672
       
672
       
-
       
        "rev": "5342fc6fb59d0595d26883c3cadff16ce58e44f3",

     

       
736
       
736
       
+
       
        "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",

     

       
673
       
737
       
 
       
        "type": "github"

     

       
674
       
738
       
 
       
      },

     

       
675
       
739
       
 
       
      "original": {

     

       
676
       
740
       
 
       
        "owner": "NixOS",

     

       
677
       
677
       
-
       
        "ref": "master",

     

       
741
       
741
       
+
       
        "ref": "nixos-unstable",

     

       
678
       
742
       
 
       
        "repo": "nixpkgs",

     

       
679
       
743
       
 
       
        "type": "github"

     

       
680
       
744
       
 
       
      }

     
···

       
729
       
793
       
 
       
    },

     

       
730
       
794
       
 
       
    "nixpkgs_2": {

     

       
731
       
795
       
 
       
      "locked": {

     

       
732
       
732
       
-
       
        "lastModified": 1703013332,

     

       
733
       
733
       
-
       
        "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",

     

       
734
       
734
       
-
       
        "owner": "nixos",

     

       
735
       
735
       
-
       
        "repo": "nixpkgs",

     

       
736
       
736
       
-
       
        "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",

     

       
737
       
737
       
-
       
        "type": "github"

     

       
738
       
738
       
-
       
      },

     

       
739
       
739
       
-
       
      "original": {

     

       
740
       
740
       
-
       
        "owner": "nixos",

     

       
741
       
741
       
-
       
        "ref": "nixos-unstable",

     

       
796
       
796
       
+
       
        "lastModified": 1658285632,

     

       
797
       
797
       
+
       
        "narHash": "sha256-zRS5S/hoeDGUbO+L95wXG9vJNwsSYcl93XiD0HQBXLk=",

     

       
798
       
798
       
+
       
        "owner": "NixOS",

     

       
799
       
799
       
+
       
        "repo": "nixpkgs",

     

       
800
       
800
       
+
       
        "rev": "5342fc6fb59d0595d26883c3cadff16ce58e44f3",

     

       
801
       
801
       
+
       
        "type": "github"

     

       
802
       
802
       
+
       
      },

     

       
803
       
803
       
+
       
      "original": {

     

       
804
       
804
       
+
       
        "owner": "NixOS",

     

       
805
       
805
       
+
       
        "ref": "master",

     

       
742
       
806
       
 
       
        "repo": "nixpkgs",

     

       
743
       
807
       
 
       
        "type": "github"

     

       
744
       
808
       
 
       
      }

     
···

       
761
       
825
       
 
       
    },

     

       
762
       
826
       
 
       
    "nixpkgs_4": {

     

       
763
       
827
       
 
       
      "locked": {

     

       
764
       
764
       
-
       
        "lastModified": 1710162809,

     

       
765
       
765
       
-
       
        "narHash": "sha256-i2R2bcnQp+85de67yjgZVvJhd6rRnJbSYNpGmB6Leb8=",

     

       
828
       
828
       
+
       
        "lastModified": 1703013332,

     

       
829
       
829
       
+
       
        "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",

     

       
766
       
830
       
 
       
        "owner": "nixos",

     

       
767
       
831
       
 
       
        "repo": "nixpkgs",

     

       
768
       
768
       
-
       
        "rev": "ddcd7598b2184008c97e6c9c6a21c5f37590b8d2",

     

       
832
       
832
       
+
       
        "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",

     

       
833
       
833
       
+
       
        "type": "github"

     

       
834
       
834
       
+
       
      },

     

       
835
       
835
       
+
       
      "original": {

     

       
836
       
836
       
+
       
        "owner": "nixos",

     

       
837
       
837
       
+
       
        "ref": "nixos-unstable",

     

       
838
       
838
       
+
       
        "repo": "nixpkgs",

     

       
839
       
839
       
+
       
        "type": "github"

     

       
840
       
840
       
+
       
      }

     

       
841
       
841
       
+
       
    },

     

       
842
       
842
       
+
       
    "nixpkgs_5": {

     

       
843
       
843
       
+
       
      "locked": {

     

       
844
       
844
       
+
       
        "lastModified": 1709677081,

     

       
845
       
845
       
+
       
        "narHash": "sha256-tix36Y7u0rkn6mTm0lA45b45oab2cFLqAzDbJxeXS+c=",

     

       
846
       
846
       
+
       
        "owner": "nixos",

     

       
847
       
847
       
+
       
        "repo": "nixpkgs",

     

       
848
       
848
       
+
       
        "rev": "880992dcc006a5e00dd0591446fdf723e6a51a64",

     

       
769
       
849
       
 
       
        "type": "github"

     

       
770
       
850
       
 
       
      },

     

       
771
       
851
       
 
       
      "original": {

     
···

       
997
       
1077
       
 
       
    },

     

       
998
       
1078
       
 
       
    "root": {

     

       
999
       
1079
       
 
       
      "inputs": {

     

       
1080
       
1080
       
+
       
        "agenix": "agenix",

     

       
1000
       
1081
       
 
       
        "alec-website": "alec-website",

     

       
1001
       
1082
       
 
       
        "colour-guesser": "colour-guesser",

     

       
1002
       
1083
       
 
       
        "eeww": "eeww",

     

       
1003
       
1084
       
 
       
        "eilean": "eilean",

     

       
1004
       
1085
       
 
       
        "eon": "eon",

     

       
1005
       
1086
       
 
       
        "fn06-website": "fn06-website",

     

       
1006
       
1006
       
-
       
        "home-manager": "home-manager",

     

       
1087
       
1087
       
+
       
        "home-manager": "home-manager_2",

     

       
1007
       
1088
       
 
       
        "hyperbib-eeg": "hyperbib-eeg",

     

       
1008
       
1089
       
 
       
        "i3-workspace-history": "i3-workspace-history",

     

       
1009
       
1090
       
 
       
        "matrix-appservices": "matrix-appservices",

     
···

       
1011
       
1092
       
 
       
        "nix-on-droid": "nix-on-droid",

     

       
1012
       
1093
       
 
       
        "nix-rpi5": "nix-rpi5",

     

       
1013
       
1094
       
 
       
        "nixos-hardware": "nixos-hardware",

     

       
1014
       
1014
       
-
       
        "nixpkgs": "nixpkgs_4",

     

       
1095
       
1095
       
+
       
        "nixpkgs": "nixpkgs_5",

     

       
1015
       
1096
       
 
       
        "nixpkgs-compat": "nixpkgs-compat",

     

       
1016
       
1097
       
 
       
        "nixpkgs-unstable": "nixpkgs-unstable",

     

       
1017
       
1098
       
 
       
        "ryan-cv": "ryan-cv",

     
···

       
1136
       
1217
       
 
       
      }

     

       
1137
       
1218
       
 
       
    },

     

       
1138
       
1219
       
 
       
    "systems_6": {

     

       
1220
       
1220
       
+
       
      "locked": {

     

       
1221
       
1221
       
+
       
        "lastModified": 1681028828,

     

       
1222
       
1222
       
+
       
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",

     

       
1223
       
1223
       
+
       
        "owner": "nix-systems",

     

       
1224
       
1224
       
+
       
        "repo": "default",

     

       
1225
       
1225
       
+
       
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",

     

       
1226
       
1226
       
+
       
        "type": "github"

     

       
1227
       
1227
       
+
       
      },

     

       
1228
       
1228
       
+
       
      "original": {

     

       
1229
       
1229
       
+
       
        "owner": "nix-systems",

     

       
1230
       
1230
       
+
       
        "repo": "default",

     

       
1231
       
1231
       
+
       
        "type": "github"

     

       
1232
       
1232
       
+
       
      }

     

       
1233
       
1233
       
+
       
    },

     

       
1234
       
1234
       
+
       
    "systems_7": {

     

       
1139
       
1235
       
 
       
      "locked": {

     

       
1140
       
1236
       
 
       
        "lastModified": 1681028828,

     

       
1141
       
1237
       
 
       
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",

     

···

       
6
       
6
       
 
       
    nixos-hardware.url = "github:nixos/nixos-hardware";

     

       
7
       
7
       
 
       
    #home-manager.url = "github:nix-community/home-manager/release-23.11";

     

       
8
       
8
       
 
       
    home-manager.url = "github:RyanGibb/home-manager/fork";

     

       
9
       
9
       
+
       
    agenix.url = "github:ryantm/agenix";

     

       
9
       
10
       
 
       
    nix-on-droid.url = "github:nix-community/nix-on-droid/release-23.05";

     

       
10
       
11
       
 
       
    eeww.url = "github:RyanGibb/eeww/nixos";

     

       
11
       
12
       
 
       
    eon.url = "github:RyanGibb/eon";

     
···

       
45
       
46
       
 
       
    nixpkgs-compat,

     

       
46
       
47
       
 
       
    nixos-hardware,

     

       
47
       
48
       
 
       
    home-manager,

     

       
49
       
49
       
+
       
    agenix,

     

       
48
       
50
       
 
       
    nix-on-droid,

     

       
49
       
51
       
 
       
    eeww,

     

       
50
       
52
       
 
       
    eon,

     
···

       
70
       
72
       
 
       
                inherit system;

     

       
71
       
73
       
 
       
                config = nixpkgsConfig;

     

       
72
       
74
       
 
       
              };

     

       
75
       
75
       
+
       
              agenix = agenix.packages.${system}.default;

     

       
73
       
76
       
 
       
              eeww = eeww.defaultPackage.${system};

     

       
74
       
77
       
 
       
              eon = eon.defaultPackage.${system};

     

       
75
       
78
       
 
       
              mautrix-whatsapp = prev.callPackage ./pkgs/mautrix-whatsapp.nix { };

     
···

       
167
       
170
       
 
       
                eon.nixosModules.default

     

       
168
       
171
       
 
       
                matrix-appservices.nixosModule

     

       
169
       
172
       
 
       
                hyperbib-eeg.nixosModules.default

     

       
173
       
173
       
+
       
                agenix.nixosModules.default

     

       
170
       
174
       
 
       
              ];

     

       
171
       
175
       
 
       
            };

     

       
172
       
176
       
 
       
        readModes = dir:

     

···

       
33
       
33
       
 
       
    '';

     

       
34
       
34
       
 
       
  };

     

       
35
       
35
       
 
       


     

       
36
       
36
       
+
       
  age.secrets."restic.env".file = ../../secrets/restic.env.age;

     

       
37
       
37
       
+
       
  age.secrets.restic-repo.file = ../../secrets/restic-repo.age;

     

       
38
       
38
       
+
       
  age.secrets.restic-elephant.file = ../../secrets/restic-elephant.age;

     

       
36
       
39
       
 
       
  services.restic.backups.sync = {

     

       
37
       
37
       
-
       
    environmentFile = "${config.custom.secretsDir}/restic.env";

     

       
38
       
38
       
-
       
    repositoryFile = "${config.custom.secretsDir}/restic-repo";

     

       
39
       
39
       
-
       
    passwordFile = "${config.custom.secretsDir}/restic-password-elephant";

     

       
40
       
40
       
+
       
    environmentFile = config.age.secrets."restic.env".path;

     

       
41
       
41
       
+
       
    repositoryFile = config.age.secrets.restic-repo.path;

     

       
42
       
42
       
+
       
    passwordFile = config.age.secrets.restic-elephant.path;

     

       
40
       
43
       
 
       
    initialize = true;

     

       
41
       
44
       
 
       
    paths = [

     

       
42
       
45
       
 
       
      "/tank/family/mp4/"

     

···

       
84
       
84
       
 
       
    };

     

       
85
       
85
       
 
       
  };

     

       
86
       
86
       
 
       


     

       
87
       
87
       
+
       
  age.secrets.nextcloud = {

     

       
88
       
88
       
+
       
    file = ../../secrets/nextcloud.age;

     

       
89
       
89
       
+
       
    mode = "770";

     

       
90
       
90
       
+
       
    owner = "nextcloud";

     

       
91
       
91
       
+
       
    group = "nextcloud";

     

       
92
       
92
       
+
       
  };

     

       
87
       
93
       
 
       
  services.nextcloud = {

     

       
88
       
94
       
 
       
    enable = true;

     

       
89
       
95
       
 
       
    package = pkgs.nextcloud28;

     

       
90
       
96
       
 
       
    hostName = "nextcloud";

     

       
91
       
91
       
-
       
    config.adminpassFile = "${config.custom.secretsDir}/nextcloud";

     

       
97
       
97
       
+
       
    config.adminpassFile = config.age.secrets.nextcloud.path;

     

       
92
       
98
       
 
       
  };

     

       
93
       
99
       
 
       


     

       
94
       
100
       
 
       
  services.transmission = {

     
···

       
102
       
108
       
 
       
    };

     

       
103
       
109
       
 
       
  };

     

       
104
       
110
       
 
       


     

       
111
       
111
       
+
       
  age.secrets.restic-owl.file = ../../secrets/restic-owl.age;

     

       
112
       
112
       
+
       
  age.secrets.restic-gecko.file = ../../secrets/restic-gecko.age;

     

       
105
       
113
       
 
       
  services.restic = {

     

       
106
       
114
       
 
       
    #backups.owl = {

     

       
107
       
115
       
 
       
    #  repository = "${config.services.restic.server.dataDir}/owl";

     

···

       
20
       
20
       
 
       
    interval = "Tue, 02:00";

     

       
21
       
21
       
 
       
  };

     

       
22
       
22
       
 
       


     

       
23
       
23
       
+
       
  age.secrets.email-elephant.file = ../../secrets/email-system.age;

     

       
23
       
24
       
 
       
  programs.msmtp = {

     

       
24
       
25
       
 
       
    enable = true;

     

       
25
       
26
       
 
       
    setSendmail = true;

     
···

       
34
       
35
       
 
       
    accounts = {

     

       
35
       
36
       
 
       
      default = {

     

       
36
       
37
       
 
       
        host = "mail.${config.networking.domain}";

     

       
37
       
37
       
-
       
        passwordeval = "cat ${config.custom.secretsDir}/email-pswd-unhashed";

     

       
38
       
38
       
-
       
        user = "misc@${config.networking.domain}";

     

       
38
       
38
       
+
       
        passwordeval = "cat ${config.age.secrets.email-elephant.path}";

     

       
39
       
39
       
+
       
        user = "system@${config.networking.domain}";

     

       
39
       
40
       
 
       
        from = "nas@${config.networking.domain}";

     

       
40
       
41
       
 
       
      };

     

       
41
       
42
       
 
       
    };

     

···

       
93
       
93
       
 
       
      '';

     

       
94
       
94
       
 
       
  };

     

       
95
       
95
       
 
       


     

       
96
       
96
       
+
       
  age.secrets.restic-gecko.file = ../../secrets/restic-gecko.age;

     

       
96
       
97
       
 
       
  services.restic.backups.${config.networking.hostName} = {

     

       
97
       
98
       
 
       
    repository = "rest:http://100.64.0.9:8000/${config.networking.hostName}/";

     

       
98
       
98
       
-
       
    passwordFile = "${config.custom.secretsDir}/restic-password-gecko";

     

       
99
       
99
       
+
       
    passwordFile = config.age.secrets.restic-gecko.path;

     

       
99
       
100
       
 
       
    initialize = true;

     

       
100
       
101
       
 
       
    paths = [

     

       
101
       
102
       
 
       
      "/home/${config.custom.username}"

     

···

       
10
       
10
       
 
       
    inputs.fn06-website.nixosModules.default

     

       
11
       
11
       
 
       
  ];

     

       
12
       
12
       
 
       


     

       
13
       
13
       
-
       
  eilean = {

     

       
14
       
14
       
-
       
    publicInterface = "enp1s0";

     

       
13
       
13
       
+
       
  eilean.publicInterface = "enp1s0";

     

       
15
       
14
       
 
       


     

       
16
       
16
       
-
       
    mailserver.enable = true;

     

       
17
       
17
       
-
       
    matrix.enable = true;

     

       
18
       
18
       
-
       
    turn.enable = true;

     

       
19
       
19
       
-
       
    mastodon.enable = true;

     

       
20
       
20
       
-
       
    headscale.enable = true;

     

       
21
       
21
       
-
       
    #dns.enable = lib.mkForce false;

     

       
15
       
15
       
+
       
  eilean.mailserver.enable = true;

     

       
16
       
16
       
+
       


     

       
17
       
17
       
+
       
  eilean.matrix.enable = true;

     

       
18
       
18
       
+
       
  age.secrets.matrix-shared-secret = {

     

       
19
       
19
       
+
       
    file = ../../secrets/matrix-shared-secret.age;

     

       
20
       
20
       
+
       
    mode = "770";

     

       
21
       
21
       
+
       
    owner = "${config.systemd.services.matrix-synapse.serviceConfig.User}";

     

       
22
       
22
       
+
       
    group = "${config.systemd.services.matrix-synapse.serviceConfig.Group}";

     

       
23
       
23
       
+
       
  };

     

       
24
       
24
       
+
       
  eilean.matrix.registrationSecretFile = config.age.secrets.matrix-shared-secret.path;

     

       
25
       
25
       
+
       


     

       
26
       
26
       
+
       
  eilean.turn.enable = true;

     

       
27
       
27
       
+
       
  age.secrets.coturn = {

     

       
28
       
28
       
+
       
    file = ../../secrets/coturn.age;

     

       
29
       
29
       
+
       
    mode = "770";

     

       
30
       
30
       
+
       
    owner = "${config.systemd.services.coturn.serviceConfig.User}";

     

       
31
       
31
       
+
       
    group = "${config.systemd.services.coturn.serviceConfig.Group}";

     

       
22
       
32
       
 
       
  };

     

       
33
       
33
       
+
       
  eilean.turn.secretFile = config.age.secrets.coturn.path;

     

       
34
       
34
       
+
       


     

       
35
       
35
       
+
       
  eilean.mastodon.enable = true;

     

       
36
       
36
       
+
       
  eilean.headscale.enable = true;

     

       
37
       
37
       
+
       
  #eilean.dns.enable = lib.mkForce false;

     

       
23
       
38
       
 
       


     

       
24
       
39
       
 
       
  hosting = {

     

       
25
       
40
       
 
       
    freumh.enable = true;

     
···

       
97
       
112
       
 
       
    };

     

       
98
       
113
       
 
       
  '';

     

       
99
       
114
       
 
       


     

       
100
       
100
       
-
       
  services.nginx = {

     

       
101
       
101
       
-
       
    commonHttpConfig = ''

     

       
102
       
102
       
-
       
      add_header Strict-Transport-Security max-age=31536000 always;

     

       
103
       
103
       
-
       
      add_header X-Frame-Options SAMEORIGIN always;

     

       
104
       
104
       
-
       
      add_header X-Content-Type-Options nosniff always;

     

       
105
       
105
       
-
       
      add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; frame-src 'self'; frame-ancestors 'self'; form-action 'self';" always;

     

       
106
       
106
       
-
       
      add_header Referrer-Policy 'same-origin';

     

       
115
       
115
       
+
       
  

     

       
116
       
116
       
+
       
  services.nginx.commonHttpConfig = ''

     

       
117
       
117
       
+
       
    add_header Strict-Transport-Security max-age=31536000 always;

     

       
118
       
118
       
+
       
    add_header X-Frame-Options SAMEORIGIN always;

     

       
119
       
119
       
+
       
    add_header X-Content-Type-Options nosniff always;

     

       
120
       
120
       
+
       
    add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; frame-src 'self'; frame-ancestors 'self'; form-action 'self';" always;

     

       
121
       
121
       
+
       
    add_header Referrer-Policy 'same-origin';

     

       
122
       
122
       
+
       
  '';

     

       
123
       
123
       
+
       
  services.nginx.virtualHosts."teapot.${config.networking.domain}" = {

     

       
124
       
124
       
+
       
    extraConfig = ''

     

       
125
       
125
       
+
       
      return 418;

     

       
107
       
126
       
 
       
    '';

     

       
108
       
108
       
-
       
    virtualHosts = {

     

       
109
       
109
       
-
       
      "teapot.${config.networking.domain}" = {

     

       
110
       
110
       
-
       
        extraConfig = ''

     

       
111
       
111
       
-
       
          return 418;

     

       
112
       
112
       
-
       
        '';

     

       
113
       
113
       
-
       
      };

     

       
114
       
114
       
-
       
      "${config.services.ryan-website.domain}" = {

     

       
115
       
115
       
-
       
        locations."/phd/" = {

     

       
116
       
116
       
-
       
          basicAuthFile= "${config.custom.secretsDir}/website-phd";

     

       
117
       
117
       
-
       
        };

     

       
118
       
118
       
-
       
      };

     

       
119
       
119
       
-
       
      "capybara.fn06.org" = {

     

       
120
       
120
       
-
       
        forceSSL = true;

     

       
121
       
121
       
-
       
        enableACME = true;

     

       
122
       
122
       
-
       
        locations."/" = {

     

       
123
       
123
       
-
       
          proxyPass = ''

     

       
124
       
124
       
-
       
            http://100.64.0.10:8123

     

       
125
       
125
       
-
       
          '';

     

       
126
       
126
       
-
       
          proxyWebsockets = true;

     

       
127
       
127
       
-
       
        };

     

       
128
       
128
       
-
       
      };

     

       
129
       
129
       
-
       
      "shrew.freumh.org" = {

     

       
130
       
130
       
-
       
        forceSSL = true;

     

       
131
       
131
       
-
       
        enableACME = true;

     

       
132
       
132
       
-
       
        locations."/" = {

     

       
133
       
133
       
-
       
          # need to specify ip or there's a bootstrap problem with headscale

     

       
134
       
134
       
-
       
          proxyPass = ''

     

       
135
       
135
       
-
       
            http://100.64.0.6:8123

     

       
136
       
136
       
-
       
          '';

     

       
137
       
137
       
-
       
          proxyWebsockets = true;

     

       
138
       
138
       
-
       
        };

     

       
139
       
139
       
-
       
      };

     

       
127
       
127
       
+
       
  };

     

       
128
       
128
       
+
       
  age.secrets.website-phd = {

     

       
129
       
129
       
+
       
    file = ../../secrets/website-phd.age;

     

       
130
       
130
       
+
       
    mode = "770";

     

       
131
       
131
       
+
       
    owner = "${config.systemd.services.nginx.serviceConfig.User}";

     

       
132
       
132
       
+
       
    group = "${config.systemd.services.nginx.serviceConfig.Group}";

     

       
133
       
133
       
+
       
  };

     

       
134
       
134
       
+
       
  services.nginx.virtualHosts."${config.services.ryan-website.domain}" = {

     

       
135
       
135
       
+
       
    locations."/phd/" = {

     

       
136
       
136
       
+
       
      basicAuthFile = config.age.secrets.website-phd.path;

     

       
137
       
137
       
+
       
    };

     

       
138
       
138
       
+
       
  };

     

       
139
       
139
       
+
       
  services.nginx.virtualHosts."capybara.fn06.org" = {

     

       
140
       
140
       
+
       
    forceSSL = true;

     

       
141
       
141
       
+
       
    enableACME = true;

     

       
142
       
142
       
+
       
    locations."/" = {

     

       
143
       
143
       
+
       
      proxyPass = ''

     

       
144
       
144
       
+
       
        http://100.64.0.10:8123

     

       
145
       
145
       
+
       
      '';

     

       
146
       
146
       
+
       
      proxyWebsockets = true;

     

       
147
       
147
       
+
       
    };

     

       
148
       
148
       
+
       
  };

     

       
149
       
149
       
+
       
  services.nginx.virtualHosts."shrew.freumh.org" = {

     

       
150
       
150
       
+
       
    forceSSL = true;

     

       
151
       
151
       
+
       
    enableACME = true;

     

       
152
       
152
       
+
       
    locations."/" = {

     

       
153
       
153
       
+
       
      # need to specify ip or there's a bootstrap problem with headscale

     

       
154
       
154
       
+
       
      proxyPass = ''

     

       
155
       
155
       
+
       
        http://100.64.0.6:8123

     

       
156
       
156
       
+
       
      '';

     

       
157
       
157
       
+
       
      proxyWebsockets = true;

     

       
140
       
158
       
 
       
    };

     

       
141
       
159
       
 
       
  };

     

       
142
       
160
       
 
       


     
···

       
263
       
281
       
 
       
    "net.ipv6.conf.all.forwarding" = 1;

     

       
264
       
282
       
 
       
  };

     

       
265
       
283
       
 
       


     

       
266
       
266
       
-
       
  mailserver.loginAccounts."${config.custom.username}@${config.networking.domain}".sieveScript = ''

     

       
267
       
267
       
-
       
    require ["fileinto", "mailbox"];

     

       
268
       
268
       
-
       


     

       
269
       
269
       
-
       
    if header :contains ["to", "cc"] ["~rjarry/aerc-discuss@lists.sr.ht"] {

     

       
270
       
270
       
-
       
      fileinto :create "lists.aerc";

     

       
271
       
271
       
-
       
      stop;

     

       
272
       
272
       
-
       
    }

     

       
273
       
273
       
-
       
  '';

     

       
274
       
274
       
-
       


     

       
275
       
284
       
 
       
  services.headscale.settings.dns_config.extra_records = [

     

       
276
       
285
       
 
       
    {

     

       
277
       
286
       
 
       
      name = "jellyfin.vpn.${config.networking.domain}";

     
···

       
290
       
299
       
 
       
    }

     

       
291
       
300
       
 
       
  ];

     

       
292
       
301
       
 
       


     

       
302
       
302
       
+
       
  age.secrets.restic-owl.file = ../../secrets/restic-owl.age;

     

       
293
       
303
       
 
       
  services.restic.backups.${config.networking.hostName} = {

     

       
294
       
304
       
 
       
    repository = "rest:http://100.64.0.9:8000/${config.networking.hostName}/";

     

       
295
       
295
       
-
       
    passwordFile = "${config.custom.secretsDir}/restic-password-owl";

     

       
305
       
305
       
+
       
    passwordFile = config.age.secrets.restic-owl.path;

     

       
296
       
306
       
 
       
    initialize = true;

     

       
297
       
307
       
 
       
    paths = [

     

       
298
       
308
       
 
       
      "/var/"

     
···

       
311
       
321
       
 
       
      dates = lib.mkForce "03:00";

     

       
312
       
322
       
 
       
      randomizedDelaySec = "1hr";

     

       
313
       
323
       
 
       
      options = lib.mkForce "--delete-older-than 3d";

     

       
324
       
324
       
+
       
    };

     

       
325
       
325
       
+
       
  };

     

       
326
       
326
       
+
       


     

       
327
       
327
       
+
       
  age.secrets.email-ryan.file = ../../secrets/email-ryan.age;

     

       
328
       
328
       
+
       
  age.secrets.email-system.file = ../../secrets/email-system.age;

     

       
329
       
329
       
+
       
  eilean.mailserver.systemAccountPasswordFile = config.age.secrets.email-system.path;

     

       
330
       
330
       
+
       
  mailserver.loginAccounts = {

     

       
331
       
331
       
+
       
    "${config.eilean.username}@${config.networking.domain}" = {

     

       
332
       
332
       
+
       
      passwordFile = config.age.secrets.email-ryan.path;

     

       
333
       
333
       
+
       
      aliases = [

     

       
334
       
334
       
+
       
        "dns@${config.networking.domain}"

     

       
335
       
335
       
+
       
        "postmaster@${config.networking.domain}"

     

       
336
       
336
       
+
       
      ];

     

       
337
       
337
       
+
       
      sieveScript = ''

     

       
338
       
338
       
+
       
        require ["fileinto", "mailbox"];

     

       
339
       
339
       
+
       
    

     

       
340
       
340
       
+
       
        if header :contains ["to", "cc"] ["~rjarry/aerc-discuss@lists.sr.ht"] {

     

       
341
       
341
       
+
       
          fileinto :create "lists.aerc";

     

       
342
       
342
       
+
       
          stop;

     

       
343
       
343
       
+
       
        }

     

       
344
       
344
       
+
       
      '';

     

       
345
       
345
       
+
       
    };

     

       
346
       
346
       
+
       
    "misc@${config.networking.domain}" = {

     

       
347
       
347
       
+
       
      passwordFile = config.age.secrets.email-ryan.path;

     

       
348
       
348
       
+
       
      catchAll = [ "${config.networking.domain}" ];

     

       
349
       
349
       
+
       
    };

     

       
350
       
350
       
+
       
    "system@${config.networking.domain}" = {

     

       
351
       
351
       
+
       
      aliases = [

     

       
352
       
352
       
+
       
        "nas@${config.networking.domain}"

     

       
353
       
353
       
+
       
      ];

     

       
314
       
354
       
 
       
    };

     

       
315
       
355
       
 
       
  };

     

       
316
       
356
       
 
       
}

     

···

       
25
       
25
       
 
       
    ./hosting/rmfakecloud.nix

     

       
26
       
26
       
 
       
  ];

     

       
27
       
27
       
 
       


     

       
28
       
28
       
-
       
  options.custom = {

     

       
29
       
29
       
-
       
    username = lib.mkOption {

     

       
30
       
30
       
-
       
      type = lib.types.str;

     

       
31
       
31
       
-
       
      default = "ryan";

     

       
32
       
32
       
-
       
    };

     

       
33
       
33
       
-
       
    secretsDir = lib.mkOption {

     

       
34
       
34
       
-
       
      type = lib.types.path;

     

       
35
       
35
       
-
       
      default = "/etc/nixos/secrets";

     

       
36
       
36
       
-
       
    };

     

       
28
       
28
       
+
       
  options.custom.username = lib.mkOption {

     

       
29
       
29
       
+
       
    type = lib.types.str;

     

       
30
       
30
       
+
       
    default = "ryan";

     

       
37
       
31
       
 
       
  };

     

       
38
       
32
       
 
       


     

       
39
       
33
       
 
       
  config = let nixPath = "/etc/nix-path"; in {

     

       
40
       
34
       
 
       
    eilean = {

     

       
41
       
35
       
 
       
      username = config.custom.username;

     

       
42
       
42
       
-
       
      secretsDir = config.custom.secretsDir;

     

       
43
       
36
       
 
       
      serverIpv4 = "135.181.100.27";

     

       
44
       
37
       
 
       
      serverIpv6 = "2a01:4f9:c011:87ad:0:0:0:0";

     

       
45
       
38
       
 
       
    };

     

···

       
5
       
5
       
 
       
  options.hosting.nix-cache.enable = lib.mkEnableOption "nix-cache";

     

       
6
       
6
       
 
       


     

       
7
       
7
       
 
       
  config = lib.mkIf cfg.nix-cache.enable {

     

       
8
       
8
       
+
       
    age.secrets."cache-priv-key.pem" = {

     

       
9
       
9
       
+
       
      file = ../../secrets/cache-priv-key.pem.age;

     

       
10
       
10
       
+
       
      mode = "770";

     

       
11
       
11
       
+
       
      owner = "${config.systemd.services.nix-serve.serviceConfig.User}";

     

       
12
       
12
       
+
       
      group = "${config.systemd.services.nix-serve.serviceConfig.Group}";

     

       
13
       
13
       
+
       
    };

     

       
8
       
14
       
 
       
    services.nix-serve = {

     

       
9
       
15
       
 
       
      enable = true;

     

       
10
       
10
       
-
       
      secretKeyFile = "${config.custom.secretsDir}/cache-priv-key.pem";

     

       
16
       
16
       
+
       
      secretKeyFile = config.age.secrets."cache-priv-key.pem".path;

     

       
11
       
17
       
 
       
    };

     

       
12
       
18
       
 
       


     

       
13
       
19
       
 
       
    services.nginx = {

     

···

       
20
       
20
       
 
       
  };

     

       
21
       
21
       
 
       


     

       
22
       
22
       
 
       
  config = lib.mkIf cfg.enable {

     

       
23
       
23
       
+
       
    age.secrets.rmfakecloud.file = ../../secrets/rmfakecloud.age;

     

       
23
       
24
       
 
       
    services.rmfakecloud = {

     

       
24
       
25
       
 
       
      enable = true;

     

       
25
       
26
       
 
       
      storageUrl = "https://${cfg.domain}";

     

       
26
       
27
       
 
       
      port = cfg.port;

     

       
27
       
27
       
-
       
      environmentFile = "${config.custom.secretsDir}/rmfakecloud.env";

     

       
28
       
28
       
+
       
      environmentFile = config.age.secrets.rmfakecloud.path;

     

       
28
       
29
       
 
       
      extraSettings = {

     

       
29
       
30
       
 
       
        RM_SMTP_SERVER = "mail.freumh.org:465";

     

       
30
       
31
       
 
       
        RM_SMTP_USERNAME = "misc@${domain}";

     

···

       
1
       
1
       
-
       
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGNcdBuEeoJiMH8TMO4k/w3OVKfiSZ9IZ3xrzFOZEi8 ryan@dell-xps

     

       
2
       
2
       
-
       
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDvc+NPAI/8+2HurPFG2cRbbToIrEJCmaaHDOlle6D6n ryan@desktop

     

       
1
       
1
       
+
       
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGNcdBuEeoJiMH8TMO4k/w3OVKfiSZ9IZ3xrzFOZEi8 ryan@gecko

     

       
2
       
2
       
+
       
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDvc+NPAI/8+2HurPFG2cRbbToIrEJCmaaHDOlle6D6n ryan@vulpine

     

       
3
       
3
       
 
       
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAzkZA+GFmHqkvk3xNhmj5LSKYujLP3lPMtG/XW0ND+c ryan@pixel-7a

     

···

       
34
       
34
       
 
       
    environment = {

     

       
35
       
35
       
 
       
      systemPackages = with pkgs; [

     

       
36
       
36
       
 
       
        nix

     

       
37
       
37
       
+
       
        agenix

     

       
37
       
38
       
 
       
        tree

     

       
38
       
39
       
 
       
        htop

     

       
39
       
40
       
 
       
        bind

     

This is a binary file and will not be displayed.

···

       
1
       
1
       
+
       
age-encryption.org/v1

     

       
2
       
2
       
+
       
-> ssh-ed25519 2wDnOw yYow/p+dJOB7q2c6d3xAudf/qnib45GNo1ZoeZG3ARw

     

       
3
       
3
       
+
       
f8EUVRWMuKY80KZM4vyXZIaMspofNbtQRE9hqKLv0kM

     

       
4
       
4
       
+
       
-> ssh-ed25519 suwb0g zkyX7V+nDvx4LErnGf13RaHqihuEou9c2p5dgWq55jQ

     

       
5
       
5
       
+
       
tsVexMsDalEbQy0hMmkWB5Vl9oK5pN4MfLhbK/VXskQ

     

       
6
       
6
       
+
       
--- jtrLTqGGp/e0ofSd6yuy90Sz9OUQ3V8iKSRmeWWPqZI

     

       
7
       
7
       
+
       
���n�}Q9�h���Kv��e���/G����t��\��%�}�%�RB���Cڊq����
     

···

       
1
       
1
       
+
       
age-encryption.org/v1

     

       
2
       
2
       
+
       
-> ssh-ed25519 2wDnOw HicTBNJMbqbFCO13MqTZgUCd5v/lZG8fQG4VJJqvF04

     

       
3
       
3
       
+
       
ZEIdrLvXBPj+tMmKeA9eIBdQKvfhWNbS6HxXzJLQTts

     

       
4
       
4
       
+
       
-> ssh-ed25519 kGzv/A Eu4S6fZNcXdm88bFjzpGj8SHg92/oKglfOAlaArcnlo

     

       
5
       
5
       
+
       
Vgf0hMeLEktJjYC1Y+6zgCR4rAHwetiEDHX0DfnNgaI

     

       
6
       
6
       
+
       
-> ssh-ed25519 suwb0g o+vUNNvXlYT4xOdeqxn64+glCZ6kAWrg9pf8Khewiis

     

       
7
       
7
       
+
       
4NmqCp7J9DDPttCoSKgriTmdpPCQiF85jw0aC0GYdhI

     

       
8
       
8
       
+
       
--- xjN0cRDJdH5Mh19CzkWo/zaC9jOdjofvRrM9mstifKA

     

       
9
       
9
       
+
       

~�����$��aY�C��v���bw����

     

       
10
       
10
       
+
       
w�*�
JoȻ���O��`
     

···

       
1
       
1
       
+
       
age-encryption.org/v1

     

       
2
       
2
       
+
       
-> ssh-ed25519 2wDnOw gAkaa1kB+guzV9cnSbYYIVEuvIhsFI5QoBXa0yRlkwc

     

       
3
       
3
       
+
       
WcvrbIgsSPMlxpGW+vhgTyj+c60WJ0x7gylEXFWE/Uo

     

       
4
       
4
       
+
       
-> ssh-ed25519 kGzv/A M027fX5r/bn6SIdyOnwL9TAaPsuJQwSlp1HC5GC3wEg

     

       
5
       
5
       
+
       
puBA4aEVjHT9xlDQ5qgxxLYqB9ObwzIzdABI2dyC/Tg

     

       
6
       
6
       
+
       
-> ssh-ed25519 suwb0g pXmkXEI12HOLE1N9uUr46ZiB39aNA40GLFhX4Lmz9Rg

     

       
7
       
7
       
+
       
URMeJAJ/1vhP8Sz9Okbk21+KPs++rNkLPsLSU3Ch1VI

     

       
8
       
8
       
+
       
-> ssh-ed25519 hFxbYA 95YBwgvPfZg4tqu0kufH3SZsoYDgquEwAJbxZYZ9L0E

     

       
9
       
9
       
+
       
FWioYSWLIqo4x4mu1tPRfGoGcZlsluRgZcrigG6s6Go

     

       
10
       
10
       
+
       
--- YY1gpBzACyfugLfnMjFfMXLMP9EM/E9P2mQEN6jBkYM

     

       
11
       
11
       
+
       
@eH�~5<���:r3

     

       
12
       
12
       
+
       
_3"

     

       
13
       
13
       
+
       
Po����D*m���)���XuјV
     

···

       
1
       
1
       
+
       
age-encryption.org/v1

     

       
2
       
2
       
+
       
-> ssh-ed25519 2wDnOw G6q6+o1E83IlyXnSaA4qA7LCZgpag/FZ7BrEmex/iGE

     

       
3
       
3
       
+
       
dwPcnIpdkWTYXq81BsoPx1gwR3XxZyAqKiMS0QFgjTw

     

       
4
       
4
       
+
       
-> ssh-ed25519 suwb0g pb4/NyjIrHn/+HD+1mwimeq24Rbfh64haxOmnF8+zXw

     

       
5
       
5
       
+
       
mgnRcBTCwL8A0T0/8Xrfhhsy+TlrP6R72IJEjvmt1hY

     

       
6
       
6
       
+
       
--- rQLXeCL+dLX/5W0qWzhSh9YplMURRVEfBPQUVgQisZU

     

       
7
       
7
       
+
       
��l��׃���8���[dJ�';u:{�Sg��7��Qw��EUp�ƫJ>���㠃�

     

       
8
       
8
       
+
       
�ew��Q�v��!Me�.��:t
     

···

       
1
       
1
       
+
       
age-encryption.org/v1

     

       
2
       
2
       
+
       
-> ssh-ed25519 2wDnOw r96HKuvrpe6trVLJKL7VQEYargBTo2MPRO479kV3Bgw

     

       
3
       
3
       
+
       
dgMzEvqgu45tmia1QxLxyhdEJ+GEfqTF8Z5uwjFKZc0

     

       
4
       
4
       
+
       
-> ssh-ed25519 suwb0g LDk/kskgo/NyOt90jOPbDD9w10txyqNqJW9M4ozR+gg

     

       
5
       
5
       
+
       
ycwKI/aSoTXOeFR+pIDZSgKA/GPVYouiz3Jb8Fgxlwc

     

       
6
       
6
       
+
       
--- JyYD3MxYrXI2N/o2XZcFHe0K/sf0rZ2HInhUSBz/Z34

     

       
7
       
7
       
+
       
̸����u+�����"l)�O��ѭYVL��E;:�t����&;&腵ء�
     

···

       
1
       
1
       
+
       
age-encryption.org/v1

     

       
2
       
2
       
+
       
-> ssh-ed25519 2wDnOw bah7x/Aq1GfU+JeF59dCLGJaiyDoYX60Zlwt7463LmY

     

       
3
       
3
       
+
       
vFuXN0qlAxzbxdew/JDISIQBtiJqVh/Abrfwxm+i7uY

     

       
4
       
4
       
+
       
-> ssh-ed25519 suwb0g kKLy2jN9nt6mGIHIy0wIQrNOrlVHdkmu+0D6g/kyJRE

     

       
5
       
5
       
+
       
nOxpbnavQ4xKi0viRQbauhH+nQcCItUZz4ygO/172/I

     

       
6
       
6
       
+
       
--- 4Wt/0ts+PjMHG2vn1JSYhs0Ds/yeOw5F/bbc0oduI4A

     

       
7
       
7
       
+
       
��2��
�Uef���P�&�I��ox�
�@��$%,�et&@
�a��vv��

     

       
8
       
8
       
+
       
Nr�Jz�*�=T=� V
�9���N;7$�
     

···

       
1
       
1
       
+
       
age-encryption.org/v1

     

       
2
       
2
       
+
       
-> ssh-ed25519 2wDnOw DrjReYI+IVUCx7Au47vYbBiT9EhknCm4ieDrgOVeOhc

     

       
3
       
3
       
+
       
6q4L9FgIAUEw+JGutCsZVi97fyBZ6Ubw9gEBC1C4ofQ

     

       
4
       
4
       
+
       
-> ssh-ed25519 hFxbYA FncIavgK4kGxaj8mmzKPRejp58ylekt024o2Ju/EpVA

     

       
5
       
5
       
+
       
+PgokBmcKd1I8d9mzPqN8xN1zFQuVhodSIqGD2G/dhc

     

       
6
       
6
       
+
       
--- 3iBjML8PUt5vo6HTW2QEvlCyrT1m8GOCe0ZNsC5unz4

     

       
7
       
7
       
+
       
����k��TZ�A�I-��;��bt�Ǥ����Z�m�O՛Q%,�6~��
     

···

       
1
       
1
       
+
       
age-encryption.org/v1

     

       
2
       
2
       
+
       
-> ssh-ed25519 2wDnOw zM/UVwI1BZ1DbNFS35G1S6v7JgvGrDaYRA3VPAnFmU0

     

       
3
       
3
       
+
       
1Agnb8DOQjiYb8j5eDZJuhgCuNyRMszY86FziZjdKFg

     

       
4
       
4
       
+
       
-> ssh-ed25519 hFxbYA Hb7HnaSwjvBEz6QRTe64cg9W+STnt/Ld00q+mpXLYXk

     

       
5
       
5
       
+
       
Q6vxVGaJwtkl3I25U9kQyPZ8NiWyEwMO3wAzMa9wYtA

     

       
6
       
6
       
+
       
--- mgBy5AGa0ThwD4AU7D1Xbxl03UG7DgG17Jt3No38t4w

     

       
7
       
7
       
+
       
�=���r����}��٦�V�Q	%j�&��9�kB!����P>�]�@�
     

···

       
1
       
1
       
+
       
age-encryption.org/v1

     

       
2
       
2
       
+
       
-> ssh-ed25519 2wDnOw eyiRwvCVX25HnDBOqBoX+jff1VyS6+a3iM1pGgHM52U

     

       
3
       
3
       
+
       
15+c4VdyybARvUUm5WsamLgG7d9l1VezbqCLUqQ5IbY

     

       
4
       
4
       
+
       
-> ssh-ed25519 kGzv/A HPy/dvPROQ7Mmd6dwMZ4E64XTxDCI5jADULgoAi54HA

     

       
5
       
5
       
+
       
VXfRu7XXgYwAj3lG2aKkL8Zqm+hlVb57xcpFJG5o790

     

       
6
       
6
       
+
       
-> ssh-ed25519 hFxbYA iwkB/Q2kL2Qk8p/2r/IJSQedhrtuNCvucaIFCbz2SS8

     

       
7
       
7
       
+
       
X6+8OWi1DrihdHZQAjig3MBfraE/oaPJpsxY+b2DmAQ

     

       
8
       
8
       
+
       
--- EZbLc+7OoHmFU4zUstw8YfopHzPuVMZYm7aPeyzK1DA

     

       
9
       
9
       
+
       
�tR��3֌�^����sw+[�	���!`��s,�=�ܦEa�!.y��NV��

     

···

       
1
       
1
       
+
       
age-encryption.org/v1

     

       
2
       
2
       
+
       
-> ssh-ed25519 2wDnOw WO7KQIsaIvyu/0LIDe5XCdD10nmvhxnscYaAfBLuDSo

     

       
3
       
3
       
+
       
brTFl87oaAJM8WiP7EZg3Rtn/Wv/waFkAEeXdzIWxG8

     

       
4
       
4
       
+
       
-> ssh-ed25519 suwb0g CrhB1lj3TFawcN9Y5kh95oshWAMCl1irYB27n04pBRk

     

       
5
       
5
       
+
       
2YJjubEi3JQJpqIxwlNcprSuBbaQHp3DZMYA7qF5NWs

     

       
6
       
6
       
+
       
-> ssh-ed25519 hFxbYA IXQcsKt1VL58qXb/VUbrNeOMblrFHfp2pou4Dm/LTCM

     

       
7
       
7
       
+
       
yk5jERwP10elSANCGtyjl3jaYYwZw0XraAlzF7VRLJU

     

       
8
       
8
       
+
       
--- siBkW7thasO4RVe7uODHXH2a6qSXELxDVh92g1kzajc

     

       
9
       
9
       
+
       
;X�Y�_��o��D�7���!M�^���%�'N$�1(Z��4�:��
     

···

       
1
       
1
       
+
       
age-encryption.org/v1

     

       
2
       
2
       
+
       
-> ssh-ed25519 2wDnOw jTVgYavqQDKvCiM1nshz2UOephg8Yj+wqx2AMYVHm1g

     

       
3
       
3
       
+
       
VThYUo4lcaTKonmEaj3Fnrhd+hTc3Ysku0s4YKf/WvU

     

       
4
       
4
       
+
       
-> ssh-ed25519 hFxbYA PfswIpX5ypDAhpgq7niJNcHqQHtMITaMWxGB1dD8aB4

     

       
5
       
5
       
+
       
9+3jWKIycqutXGEzRu6/jW0+D5GcMxx1aovs+H9mdwA

     

       
6
       
6
       
+
       
--- ELFkLcStgKTPx2xaUqa4FgE6uDDlpd5JypbQO0BhXQE

     

       
7
       
7
       
+
       
[�t���ߣ�n��>�U��}��v��B�XIs۵7�3+�'�w�4WkW��Q�
     

···

       
1
       
1
       
+
       
age-encryption.org/v1

     

       
2
       
2
       
+
       
-> ssh-ed25519 2wDnOw fskgfBZTQmDGSndoDQEFGm5/hu7BYKTlBM1a0YqKgGQ

     

       
3
       
3
       
+
       
qPRneBQV++l1ephtxiuGqTjyKelDEzJgVxo0RJW5Pgk

     

       
4
       
4
       
+
       
-> ssh-ed25519 hFxbYA S6O9RUO8T2YwqyXAtfg95gyeTBZCI9EWRzyQ6Qr0m0c

     

       
5
       
5
       
+
       
01HvlsSN5mYiUa8hLcR7koIVeuw1WjYI75yn6xPxjuY

     

       
6
       
6
       
+
       
--- 4R2yEzRVDtpwZD+vLOfuthkQo02sDOCDUKsIuVL1yYs

     

       
7
       
7
       
+
       
i������|��30ߡ%6څ�C]'����3���v �����(�
�n'Ñd��v��)��z�i���r�cw��ܚ��Gٛ�7���^=KZ��/��LH��)�ɢ�2�RX����Qxp��7eݵ
     

···

       
1
       
1
       
+
       
age-encryption.org/v1

     

       
2
       
2
       
+
       
-> ssh-ed25519 2wDnOw cZAHymi1bx5cJOnV85KT5Dl7zbxq/fa5iG/gGlSsfjc

     

       
3
       
3
       
+
       
bKbYQAV9gDXuVppL651POALVyaHEOWs9nlzn6TBCgIs

     

       
4
       
4
       
+
       
-> ssh-ed25519 suwb0g OlpsG/YuFrNV9HC5sXH4OioW9GVFpjXMemeamN4hpTk

     

       
5
       
5
       
+
       
4c4eIz0V0yPIsuIB2QbD7EZ/OY25C5HdBbj158TNhfo

     

       
6
       
6
       
+
       
--- PPbup/ff9S0ZPbmELCQtQY6lYwMTcGbwf33046/Bphc

     

       
7
       
7
       
+
       
��tm�&�Ic���y�a��'z�

     

       
8
       
8
       
+
       
%�����a���X��teo^
\�

     

       
9
       
9
       
+
       
,��b�^�"�d��K.�/�f����
9����[�,�A�ko���[3 "�8�r<,�E<����^8�����(����
�=�Z9NyY�ǤpfFC�`��r����!-�^�T�����~��Z�A�W�W|(�c!�oC?lY���qM�u��K��R8ڧsJ{����^����?�ޗaC�W��:)�*���Ҋc+�5����+��N�6�������}�
     

···

       
1
       
1
       
+
       
let

     

       
2
       
2
       
+
       
  user = [

     

       
3
       
3
       
+
       
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGNcdBuEeoJiMH8TMO4k/w3OVKfiSZ9IZ3xrzFOZEi8 ryan@dell-xps"

     

       
4
       
4
       
+
       
  ];

     

       
5
       
5
       
+
       


     

       
6
       
6
       
+
       
  gecko = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGLEtqkSlJx219h1aYRXRjP60vBmJmhrCp0Mj1FIF25N root@gecko";

     

       
7
       
7
       
+
       
  owl = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILP6Cgm/BWnJvuGgU1SjWwjOCjuE5AXGqEdQonWYR7BA root@owl";

     

       
8
       
8
       
+
       
  elephant = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+ddohsRFrypCVJqIhI3p3R12pJI8iwuMfRu0TJWuPe root@elephant";

     

       
9
       
9
       
+
       
  shrew = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHLiZ0xdXSlF1eMibrs320lVQaushEpEDMrR6lp9uFkx root@shrew";

     

       
10
       
10
       
+
       
in

     

       
11
       
11
       
+
       
{

     

       
12
       
12
       
+
       
  "cache-priv-key.pem.age".publicKeys = user ++ [ owl ];

     

       
13
       
13
       
+
       
  "email-ryan.age".publicKeys = user ++ [ gecko owl ];

     

       
14
       
14
       
+
       
  "email-system.age".publicKeys = user ++ [ gecko owl elephant ];

     

       
15
       
15
       
+
       
  "matrix-shared-secret.age".publicKeys = user ++ [ owl ];

     

       
16
       
16
       
+
       
  "matrix-turn-shared-secret.age".publicKeys = user ++ [ owl ];

     

       
17
       
17
       
+
       
  "coturn.age".publicKeys = user ++ [ owl ];

     

       
18
       
18
       
+
       
  "website-phd.age".publicKeys = user ++ [ owl ];

     

       
19
       
19
       
+
       
  "rmfakecloud.age".publicKeys = user ++ [ owl ];

     

       
20
       
20
       
+
       
  "restic-owl.age".publicKeys = user ++ [ owl elephant ];

     

       
21
       
21
       
+
       
  "restic-gecko.age".publicKeys = user ++ [ gecko elephant ];

     

       
22
       
22
       
+
       
  "restic-elephant.age".publicKeys = user ++ [ elephant ];

     

       
23
       
23
       
+
       
  "restic.env.age".publicKeys = user ++ [ elephant ];

     

       
24
       
24
       
+
       
  "restic-repo.age".publicKeys = user ++ [ elephant ];

     

       
25
       
25
       
+
       
  "nextcloud.age".publicKeys = user ++ [ elephant ];

     

       
26
       
26
       
+
       
  "headscale.age".publicKeys = user ++ [ owl ];

     

       
27
       
27
       
+
       
}

     

This is a binary file and will not be displayed.