commit 92905f9924e3a4795b3608528ce298157da481f2 · ryan.freumh.org/nixos

+7 -7

flake.lock

···

       429
       429
        
               ]

     

       430
       430
        
             },

     

       431
       431
        
             "locked": {

     

       432
       432
       -
               "lastModified": 1717252989,

     

       433
       433
       -
               "narHash": "sha256-qMvd1PloCsNLI9Rk584UQXoJKDxdE+TDlIVc0Is33cQ=",

     

       432
       432
       +
               "lastModified": 1718115151,

     

       433
       433
       +
               "narHash": "sha256-ZRAqW9RixSTJjzGFQb7vvf95p1ns6WPmpxJQg/r4AYY=",

     

       434
       434
        
               "owner": "RyanGibb",

     

       435
       435
        
               "repo": "eilean-nix",

     

       436
       436
       -
               "rev": "f1cab2428cf6272b763cc2322b47631214454b78",

     

       436
       436
       +
               "rev": "b354949aac308b77d742c5a6321eac53508ab700",

     

       437
       437
        
               "type": "github"

     

       438
       438
        
             },

     

       439
       439
        
             "original": {

     

       440
       440
        
               "owner": "RyanGibb",

     

       441
       441
       -
               "ref": "main",

     

       441
       441
       +
               "ref": "eon-acme",

     

       442
       442
        
               "repo": "eilean-nix",

     

       443
       443
        
               "type": "github"

     

       444
       444
        
             }

     
···

       531
       531
        
               "opam-repository": "opam-repository"

     

       532
       532
        
             },

     

       533
       533
        
             "locked": {

     

       534
       534
       -
               "lastModified": 1717328982,

     

       535
       535
       -
               "narHash": "sha256-+zR2cuBSyunBxqkW15KACPyicaotG4w/o78gvtBT1s8=",

     

       534
       534
       +
               "lastModified": 1718122335,

     

       535
       535
       +
               "narHash": "sha256-ooeplCUj5dY2KT840ecFtR+iDq1V2iB5rDsFqjbdFSs=",

     

       536
       536
        
               "owner": "RyanGibb",

     

       537
       537
        
               "repo": "eon",

     

       538
       538
       -
               "rev": "14906ebc2de360df26b45eb4224093ac00502761",

     

       538
       538
       +
               "rev": "87b7ec1cd6cb7dc0f950d8d37a91845465780faf",

     

       539
       539
        
               "type": "github"

     

       540
       540
        
             },

     

       541
       541
        
             "original": {

+2 -1

flake.nix

···

       9
       9
        
           deploy-rs.url = "github:serokell/deploy-rs";

     

       10
       10
        
           nix-on-droid.url = "github:nix-community/nix-on-droid/release-23.11";

     

       11
       11
        
           eon.url = "github:RyanGibb/eon";

     

       12
       12
       -
           eilean.url = "github:RyanGibb/eilean-nix/main";

     

       12
       12
       +
           eilean.url = "github:RyanGibb/eilean-nix/eon-acme";

     

       13
       13
        
           ryan-website.url = "git+ssh://git@github.com/RyanGibb/website.git";

     

       14
       14
        
           alec-website.url = "github:alexanderhthompson/website";

     

       15
       15
        
           fn06-website.url = "github:RyanGibb/fn06";

     
···

       96
       96
        
                         # uncomment for cross compilation (https://github.com/NixOS/nix/issues/3843)

     

       97
       97
        
                         #buildPlatform.system = "cpu-os";

     

       98
       98
        
                       };

     

       99
       99
       +
                       security.acme-eon.acceptTerms = true;

     

       99
       100
        
                     })

     

       100
       101
        
                     home-manager.nixosModule

     

       101
       102
        
                     eilean.nixosModules.default

+3 -9

hosts/duck/default.nix

···

       1
       1
        
       { pkgs, config, lib, eilean, eon, ... }:

     

       2
       2
        
       

     

       3
       3
        
       {

     

       4
       4
       -
         imports = [

     

       5
       5
       -
           ./hardware-configuration.nix

     

       6
       6
       -
           eon.nixosModules.default

     

       7
       7
       -
           eon.nixosModules.acme

     

       8
       8
       -
         ];

     

       4
       4
       +
         imports = [ ./hardware-configuration.nix ];

     

       9
       5
        
       

     

       10
       6
        
         custom = {

     

       11
       7
        
           enable = true;

     
···

       24
       20
        
         services = {

     

       25
       21
        
           eon = {

     

       26
       22
        
             enable = lib.mkForce true;

     

       27
       27
       -
             package = eon.defaultPackage.${config.nixpkgs.hostPlatform.system};

     

       28
       23
        
             # TODO make this zonefile derivation a config parameter `services.eilean.services.dns.zonefile`

     

       29
       24
        
             # TODO add module in eilean for eon

     

       30
       25
        
             zoneFiles = [

     
···

       37
       32
        
               }/cl.freumh.org"

     

       38
       33
        
             ];

     

       39
       34
        
             logLevel = 1;

     

       40
       40
       -
             application = "cap";

     

       35
       35
       +
             application = "capd";

     

       41
       36
        
             capnpAddress = "cl.freumh.org";

     

       42
       37
        
             #prod = false;

     

       43
       38
        
           };

     
···

       45
       40
        
       

     

       46
       41
        
         security.acme-eon = {

     

       47
       42
        
           acceptTerms = true;

     

       48
       48
       -
           package = eon.defaultPackage.${config.nixpkgs.hostPlatform.system};

     

       49
       43
        
           defaults.email = "${config.custom.username}@${config.networking.domain}";

     

       50
       44
        
           nginxCerts = [ config.networking.domain ];

     

       51
       51
       -
           defaults.capFile = "/var/lib/acme-eon/root.cap";

     

       45
       45
       +
           defaults.capFile = "/var/lib/eon/caps/domain/cl.freumh.org.cap";

     

       52
       46
        
         };

     

       53
       47
        
       

     

       54
       48
        
         services.nginx = {

+20 -4

hosts/elephant/services.nix

···

       9
       9
        
         custom = {

     

       10
       10
        
           nix-cache = {

     

       11
       11
        
             enable = true;

     

       12
       12
       -
             domain = "nix-cache";

     

       12
       12
       +
             domain = "nix-cache.vpn.freumh.org";

     

       13
       13
        
           };

     

       14
       14
        
         };

     

       15
       15
        
       

     

       16
       16
       +
         age.secrets."eon-vpn.freumh.org.cap" = {

     

       17
       17
       +
           file = ../../secrets/eon-vpn.freumh.org.cap.age;

     

       18
       18
       +
           mode = "770";

     

       19
       19
       +
           owner = "eon";

     

       20
       20
       +
           group = "eon";

     

       21
       21
       +
         };

     

       22
       22
       +
         security.acme-eon = {

     

       23
       23
       +
           defaults.capFile = config.age.secrets."eon-vpn.freumh.org.cap".path;

     

       24
       24
       +
           nginxCerts = [

     

       25
       25
       +
             "nix-cache.vpn.freumh.org"

     

       26
       26
       +
             "jellyfin.vpn.freumh.org"

     

       27
       27
       +
             "transmission.vpn.freumh.org"

     

       28
       28
       +
           ];

     

       29
       29
       +
         };

     

       30
       30
       +
       

     

       16
       31
        
         services.nginx = {

     

       32
       32
       +
           #requires = [ "tailscaled.service" ];

     

       17
       33
        
           virtualHosts = {

     

       18
       18
       -
             "nix-cache" = { listenAddresses = [ "100.64.0.9" ]; };

     

       19
       19
       -
             "jellyfin" = {

     

       34
       34
       +
             "nix-cache.vpn.freumh.org" = { listenAddresses = [ "100.64.0.9" ]; };

     

       35
       35
       +
             "jellyfin.vpn.freumh.org" = {

     

       20
       36
        
               listenAddresses = [ "100.64.0.9" ];

     

       21
       37
        
               locations."/" = {

     

       22
       38
        
                 proxyPass = ''

     
···

       25
       41
        
                 proxyWebsockets = true;

     

       26
       42
        
               };

     

       27
       43
        
             };

     

       28
       28
       -
             "transmission" = {

     

       44
       44
       +
             "transmission.vpn.freumh.org" = {

     

       29
       45
        
               listenAddresses = [ "100.64.0.9" ];

     

       30
       46
        
               locations."/" = {

     

       31
       47
        
                 proxyPass = ''

+17 -5

hosts/owl/default.nix

···

       1
       1
       -
       { pkgs, config, lib, eilean, patrick-nixos, ... }@inputs:

     

       1
       1
       +
       { pkgs, config, lib, eon, patrick-nixos, ... }@inputs:

     

       2
       2
        
       

     

       3
       3
        
       {

     

       4
       4
        
         imports = [

     
···

       10
       10
        
           ../../modules/fn06-website.nix

     

       11
       11
        
         ];

     

       12
       12
        
       

     

       13
       13
       -
         security.acme = {

     

       14
       14
       -
           defaults.email = "${config.custom.username}@${config.networking.domain}";

     

       13
       13
       +
         age.secrets.eon-capnp = {

     

       14
       14
       +
           file = ../../secrets/eon-capnp.age;

     

       15
       15
       +
           mode = "770";

     

       16
       16
       +
           owner = "eon";

     

       17
       17
       +
           group = "eon";

     

       18
       18
       +
         };

     

       19
       19
       +
         services.eon.capnpSecretKeyFile = config.age.secrets.eon-capnp.path;

     

       20
       20
       +
         services.eon.prod = false;

     

       21
       21
       +
       

     

       22
       22
       +
         security.acme-eon = {

     

       15
       23
        
           acceptTerms = true;

     

       24
       24
       +
           package = eon.defaultPackage.${config.nixpkgs.hostPlatform.system};

     

       25
       25
       +
           defaults.email = "${config.custom.username}@${config.networking.domain}";

     

       26
       26
       +
           defaults.capFile = "/var/lib/eon/caps/domain/freumh.org.cap";

     

       16
       27
        
         };

     

       17
       28
        
       

     

       18
       29
        
         eilean = {

     

       19
       30
        
           username = config.custom.username;

     

       20
       31
        
           serverIpv4 = "135.181.100.27";

     

       21
       32
        
           serverIpv6 = "2a01:4f9:c011:87ad:0:0:0:0";

     

       33
       33
       +
           acme-eon = true;

     

       22
       34
        
         };

     

       23
       35
        
         networking.domain = lib.mkDefault "freumh.org";

     

       24
       36
        
         eilean.publicInterface = "enp1s0";

     
···

       308
       320
        
             basicAuthFile = config.age.secrets.website-phd.path;

     

       309
       321
        
           };

     

       310
       322
        
         };

     

       323
       323
       +
       

     

       324
       324
       +
         security.acme-eon.nginxCerts = [ "capybara.fn06.org" "shrew.freumh.org" ];

     

       311
       325
        
         services.nginx.virtualHosts."capybara.fn06.org" = {

     

       312
       326
        
           forceSSL = true;

     

       313
       313
       -
           enableACME = true;

     

       314
       327
        
           locations."/" = {

     

       315
       328
        
             proxyPass = ''

     

       316
       329
        
               http://100.64.0.10:8123

     
···

       320
       333
        
         };

     

       321
       334
        
         services.nginx.virtualHosts."shrew.freumh.org" = {

     

       322
       335
        
           forceSSL = true;

     

       323
       323
       -
           enableACME = true;

     

       324
       336
        
           locations."/" = {

     

       325
       337
        
             # need to specify ip or there's a bootstrap problem with headscale

     

       326
       338
        
             proxyPass = ''

+15 -11

modules/alec-website.nix

···

       27
       27
        
         };

     

       28
       28
        
       

     

       29
       29
        
         config = mkIf cfg.enable {

     

       30
       30
       +
           security.acme-eon.nginxCerts = [ cfg.domain ];

     

       31
       31
       +
           security.acme-eon.certs.${cfg.domain}.extraDomainNames =

     

       32
       32
       +
             [ "www.${cfg.domain}" ];

     

       33
       33
       +
       

     

       30
       34
        
           services.nginx = {

     

       31
       35
        
             enable = true;

     

       32
       36
        
             virtualHosts = {

     

       33
       37
        
               "${cfg.domain}" = {

     

       34
       38
        
                 forceSSL = true;

     

       35
       35
       -
                 enableACME = true;

     

       36
       39
        
                 root =

     

       37
       40
        
                   "${alec-website.packages.${pkgs.stdenv.hostPlatform.system}.default}";

     

       38
       41
        
                 locations."/var/".extraConfig = ''

     
···

       45
       48
        
                   access_log /var/log/nginx/${cfg.domain}.log;

     

       46
       49
        
                 '';

     

       47
       50
        
               };

     

       48
       48
       -
               "www.${cfg.domain}" = {

     

       49
       49
       -
                 forceSSL = true;

     

       50
       50
       -
                 useACMEHost = cfg.domain;

     

       51
       51
       -
                 extraConfig = ''

     

       52
       52
       -
                   return 301 https://${cfg.domain}$request_uri;

     

       53
       53
       -
                 '';

     

       54
       54
       -
               };

     

       51
       51
       +
               "www.${cfg.domain}" =

     

       52
       52
       +
                 let certDir = config.security.acme-eon.certs.${cfg.domain}.directory;

     

       53
       53
       +
                 in {

     

       54
       54
       +
                   forceSSL = true;

     

       55
       55
       +
                   sslCertificate = "${certDir}/fullchain.pem";

     

       56
       56
       +
                   sslCertificateKey = "${certDir}/key.pem";

     

       57
       57
       +
                   sslTrustedCertificate = "${certDir}/chain.pem";

     

       58
       58
       +
                   extraConfig = ''

     

       59
       59
       +
                     return 301 https://${cfg.domain}$request_uri;

     

       60
       60
       +
                   '';

     

       61
       61
       +
                 };

     

       55
       62
        
             };

     

       56
       63
        
           };

     

       57
       57
       -
       

     

       58
       58
       -
           security.acme.certs."${cfg.domain}".extraDomainNames =

     

       59
       59
       -
             [ "www.${cfg.domain}" ];

     

       60
       64
        
       

     

       61
       65
        
           eilean.services.dns.zones.${cfg.zone}.records = [

     

       62
       66
        
             {

+1 -1

modules/colour-guesser.nix

···

       21
       21
        
         };

     

       22
       22
        
       

     

       23
       23
        
         config = lib.mkIf cfg.enable {

     

       24
       24
       +
           security.acme-eon.nginxCerts = [ cfg.domain ];

     

       24
       25
        
           services.nginx = {

     

       25
       26
        
             enable = true;

     

       26
       27
        
             recommendedProxySettings = true;

     

       27
       28
        
             virtualHosts."${cfg.domain}" = {

     

       28
       29
        
               forceSSL = true;

     

       29
       29
       -
               enableACME = true;

     

       30
       30
        
               root =

     

       31
       31
        
                 "${colour-guesser.packages.${pkgs.stdenv.hostPlatform.system}.default}";

     

       32
       32
        
             };

+15 -11

modules/fn06-website.nix

···

       23
       23
        
         };

     

       24
       24
        
       

     

       25
       25
        
         config = mkIf cfg.enable {

     

       26
       26
       +
           security.acme-eon.nginxCerts = [ cfg.domain ];

     

       27
       27
       +
           security.acme-eon.certs.${cfg.domain}.extraDomainNames =

     

       28
       28
       +
             [ "www.${cfg.domain}" ];

     

       29
       29
       +
       

     

       26
       30
        
           services.nginx = {

     

       27
       31
        
             enable = true;

     

       28
       32
        
             virtualHosts = {

     

       29
       33
        
               "${cfg.domain}" = {

     

       30
       34
        
                 forceSSL = true;

     

       31
       31
       -
                 enableACME = true;

     

       32
       35
        
                 root =

     

       33
       36
        
                   "${fn06-website.packages.${pkgs.stdenv.hostPlatform.system}.default}";

     

       34
       37
        
                 locations."/var/".extraConfig = ''

     
···

       41
       44
        
                   access_log /var/log/nginx/${cfg.domain}.log;

     

       42
       45
        
                 '';

     

       43
       46
        
               };

     

       44
       44
       -
               "www.${cfg.domain}" = {

     

       45
       45
       -
                 addSSL = true;

     

       46
       46
       -
                 useACMEHost = cfg.domain;

     

       47
       47
       -
                 extraConfig = ''

     

       48
       48
       -
                   return 301 $scheme://${cfg.domain}$request_uri;

     

       49
       49
       -
                 '';

     

       50
       50
       -
               };

     

       47
       47
       +
               "www.${cfg.domain}" =

     

       48
       48
       +
                 let certDir = config.security.acme-eon.certs.${cfg.domain}.directory;

     

       49
       49
       +
                 in {

     

       50
       50
       +
                   forceSSL = true;

     

       51
       51
       +
                   sslCertificate = "${certDir}/fullchain.pem";

     

       52
       52
       +
                   sslCertificateKey = "${certDir}/key.pem";

     

       53
       53
       +
                   sslTrustedCertificate = "${certDir}/chain.pem";

     

       54
       54
       +
                   extraConfig = ''

     

       55
       55
       +
                     return 301 https://${cfg.domain}$request_uri;

     

       56
       56
       +
                   '';

     

       57
       57
       +
                 };

     

       51
       58
        
             };

     

       52
       59
        
           };

     

       53
       53
       -
       

     

       54
       54
       -
           security.acme.certs."${cfg.domain}".extraDomainNames =

     

       55
       55
       -
             [ "www.${cfg.domain}" ];

     

       56
       60
        
         };

     

       57
       61
        
       }

+2 -1

modules/freumh.nix

···

       32
       32
        
             group = "php";

     

       33
       33
        
           };

     

       34
       34
        
           users.groups.php = { };

     

       35
       35
       +
       

     

       36
       36
       +
           security.acme-eon.nginxCerts = [ config.networking.domain ];

     

       35
       37
        
           services.nginx = {

     

       36
       38
        
             enable = true;

     

       37
       39
        
             virtualHosts."${config.networking.domain}" = {

     

       38
       38
       -
               enableACME = true;

     

       39
       40
        
               forceSSL = true;

     

       40
       41
        
               locations."/root" = let

     

       41
       42
        
                 random-root = pkgs.writeScript "random-root.php" ''

+1

modules/nix-cache.nix

···

       25
       25
        
           services.nginx = {

     

       26
       26
        
             enable = true;

     

       27
       27
        
             virtualHosts.${cfg.nix-cache.domain} = {

     

       28
       28
       +
               forceSSL = true;

     

       28
       29
        
               locations."/".extraConfig = ''

     

       29
       30
        
                 proxy_pass http://localhost:${

     

       30
       31
        
                   toString config.services.nix-serve.port

+1 -2

modules/rmfakecloud.nix

···

       35
       35
        
           mailserver.loginAccounts."misc@${domain}".aliases =

     

       36
       36
        
             [ "remarkable@${domain}" ];

     

       37
       37
        
       

     

       38
       38
       -
           # nginx handles letsencrypt

     

       38
       38
       +
           security.acme-eon.nginxCerts = [ cfg.domain ];

     

       39
       39
        
           services.nginx = {

     

       40
       40
        
             enable = true;

     

       41
       41
        
             recommendedProxySettings = true;

     
···

       44
       44
        
             clientMaxBodySize = "100M";

     

       45
       45
        
             virtualHosts."${cfg.domain}" = {

     

       46
       46
        
               forceSSL = true;

     

       47
       47
       -
               enableACME = true;

     

       48
       47
        
               locations."/".proxyPass = ''

     

       49
       48
        
                 http://localhost:${builtins.toString cfg.port}

     

       50
       49
        
               '';

+15 -11

modules/ryan-website.nix

···

       27
       27
        
         };

     

       28
       28
        
       

     

       29
       29
        
         config = mkIf cfg.enable {

     

       30
       30
       +
           security.acme-eon.nginxCerts = [ cfg.domain ];

     

       31
       31
       +
           security.acme-eon.certs.${cfg.domain}.extraDomainNames =

     

       32
       32
       +
             [ "www.${cfg.domain}" ];

     

       33
       33
       +
       

     

       30
       34
        
           services.nginx = {

     

       31
       35
        
             enable = true;

     

       32
       36
        
             virtualHosts = {

     

       33
       37
        
               "${cfg.domain}" = {

     

       34
       38
        
                 forceSSL = true;

     

       35
       35
       -
                 enableACME = true;

     

       36
       39
        
                 root =

     

       37
       40
        
                   "${ryan-website.packages.${pkgs.stdenv.hostPlatform.system}.default}";

     

       38
       41
        
                 locations."/teapot".extraConfig = ''

     
···

       48
       51
        
                   access_log /var/log/nginx/${cfg.domain}.log;

     

       49
       52
        
                 '';

     

       50
       53
        
               };

     

       51
       51
       -
               "www.${cfg.domain}" = {

     

       52
       52
       -
                 forceSSL = true;

     

       53
       53
       -
                 useACMEHost = cfg.domain;

     

       54
       54
       -
                 extraConfig = ''

     

       55
       55
       -
                   return 301 https://${cfg.domain}$request_uri;

     

       56
       56
       -
                 '';

     

       57
       57
       -
               };

     

       54
       54
       +
               "www.${cfg.domain}" =

     

       55
       55
       +
                 let certDir = config.security.acme-eon.certs.${cfg.domain}.directory;

     

       56
       56
       +
                 in {

     

       57
       57
       +
                   forceSSL = true;

     

       58
       58
       +
                   sslCertificate = "${certDir}/fullchain.pem";

     

       59
       59
       +
                   sslCertificateKey = "${certDir}/key.pem";

     

       60
       60
       +
                   sslTrustedCertificate = "${certDir}/chain.pem";

     

       61
       61
       +
                   extraConfig = ''

     

       62
       62
       +
                     return 301 https://${cfg.domain}$request_uri;

     

       63
       63
       +
                   '';

     

       64
       64
       +
                 };

     

       58
       65
        
             };

     

       59
       66
        
           };

     

       60
       60
       -
       

     

       61
       61
       -
           security.acme.certs."${cfg.domain}".extraDomainNames =

     

       62
       62
       -
             [ "www.${cfg.domain}" ];

     

       63
       67
        
       

     

       64
       68
        
           eilean.services.dns.zones.${cfg.zone}.records = [

     

       65
       69
        
             {

+4 -3

modules/use-nix-cache.nix

···

       12
       12
        
             settings = {

     

       13
       13
        
               substituters = [

     

       14
       14
        
                 "https://cache.nixos.org?priority=100"

     

       15
       15
       -
                 "http://nix-cache?priority=10"

     

       15
       15
       +
                 "https://nix-cache.vpn.freumh.org?priority=10"

     

       16
       16
       +
               ];

     

       17
       17
       +
               trusted-public-keys = [

     

       18
       18
       +
                 "nix-cache.vpn.freumh.org:Go6ACovVBhR4P6Ug3DsE0p0DIRQtkIBHui1DGM7qK5c="

     

       16
       19
        
               ];

     

       17
       17
       -
               trusted-public-keys =

     

       18
       18
       -
                 [ "nix-cache:Go6ACovVBhR4P6Ug3DsE0p0DIRQtkIBHui1DGM7qK5c=" ];

     

       19
       20
        
             };

     

       20
       21
        
           };

     

       21
       22
        
         };

secrets/eon-capnp.age

This is a binary file and will not be displayed.

+8

secrets/eon-vpn.freumh.org.cap.age

···

       1
       1
       +
       age-encryption.org/v1

     

       2
       2
       +
       -> ssh-ed25519 2wDnOw hfRIc1k6R2zsMOwhlrXETwhD4SvhvygZwziRqqX+eFc

     

       3
       3
       +
       VOudzuyYYNMJeBOTtky7rtwUmQ07j/ZGgifykSLLkf8

     

       4
       4
       +
       -> ssh-ed25519 hFxbYA YW2zopuilo/OyygdjXB9D+Xe8fi5Gt8J6pl8gCuxLVM

     

       5
       5
       +
       SX7B7a3qYe5x8djofgZtvLfTBF2WqWUH2ZXGyACv3Kk

     

       6
       6
       +
       --- fIJfMEx1XyrzmDkWEpcf0/kqlq8ZXFBJEhWISniWgpE

     

       7
       7
       +
       ��^4����X-���!bǦ��2�M�fl��Q�ƺ크[Ar���

     

       8
       8
       +
       7���t/�q1?�{i�cd:�TAo3W�zdHuDq��r��P���d�StM��9Se#BC^1w��Z�}��#�1ǌD
�u�(�$�)������<8PۚF{x��q��:v �7

+2

secrets/secrets.nix

···

       27
       27
        
         "restic-repo.age".publicKeys = user ++ [ elephant ];

     

       28
       28
        
         "nextcloud.age".publicKeys = user ++ [ elephant ];

     

       29
       29
        
         "headscale.age".publicKeys = user ++ [ owl ];

     

       30
       30
       +
         "eon-capnp.age".publicKeys = user ++ [ owl ];

     

       31
       31
       +
         "eon-vpn.freumh.org.cap.age".publicKeys = user ++ [ elephant ];

     

       30
       32
        
       }