mirror of
https://github.com/Swarsel/.dotfiles.git
synced 2025-12-06 09:07:21 +01:00
fix: sops secrets not rendered on boot
also fixes an org-caldav error that required org/appointments.org to exist
This commit is contained in:
Swarsel
parent
175078feee
commit
40e81f104b
GPG key ID:
26A54C31F2A4FD84
21 changed files with 855 additions and 1141 deletions
|
|
@ -8,6 +8,7 @@ keys:
|
|||
- &server_surface age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg
|
||||
- &server_fourside age1s3faa0due0fvp9qu2rd8ex0upg4mcms8wl936yazylv72r6nn3rq2xv5g0
|
||||
- &server_stand age1hkajkcje5xvg8jd4zj2e0s9tndpv36hwhn7p38x9lyq2z8g7v45q2nhlej
|
||||
- &server_nbl age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy
|
||||
- &server_nginx age1zyts3egct4he229klgrfkd9r442xw9r3qg3hyydh44pvk3wjhd3s2zjqvt
|
||||
- &server_calibre age1q2k4j9m6ge6dgygehulzd8vqjcdgv5s7s4zrferaq29qlu94a4uqpv76s5
|
||||
- &server_transmiss age1wevwwytv5q8wx8yttc85gly678hn4k3qe4csgnq2frf3wxes63jqlt8kqs
|
||||
|
|
@ -28,6 +29,7 @@ creation_rules:
|
|||
- *server_surface
|
||||
- *server_stand
|
||||
- *server_fourside
|
||||
- *server_nbl
|
||||
- path_regex: secrets/certs/[^/]+\.(yaml|json|env|ini)$
|
||||
key_groups:
|
||||
- pgp:
|
||||
|
|
|
|||
|
|
@ -524,8 +524,9 @@ Lastly I define some common module lists that I can simply load depending on the
|
|||
# # NixOS modules that can only be used on NixOS systems
|
||||
nixModules = [
|
||||
inputs.stylix.nixosModules.stylix
|
||||
inputs.lanzaboote.nixosModules.lanzaboote
|
||||
inputs.impermanence.nixosModules.impermanence
|
||||
# inputs.lanzaboote.nixosModules.lanzaboote
|
||||
inputs.disko.nixosModules.disko
|
||||
# inputs.impermanence.nixosModules.impermanence
|
||||
inputs.sops-nix.nixosModules.sops
|
||||
inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm
|
||||
./profiles/common/nixos
|
||||
|
|
@ -1872,153 +1873,6 @@ My old laptop, replaced by a new one, since most basic functions have stopped to
|
|||
|
||||
#+end_src
|
||||
|
||||
**** Threed (Surface Pro 3)
|
||||
:PROPERTIES:
|
||||
:CUSTOM_ID: h:7b1a8f91-ef43-433c-ba4c-c5baf50e1de4
|
||||
:END:
|
||||
|
||||
New setup for the SP3, this time using NixOS - another machine will take over the HM-only config for compatibility in the future.
|
||||
|
||||
***** NixOS
|
||||
:PROPERTIES:
|
||||
:CUSTOM_ID: h:980f1aca-28b3-4ed7-ae7f-6d8cdc28dea1
|
||||
:END:
|
||||
|
||||
#+begin_src nix :noweb yes :tangle profiles/threed/nixos.nix
|
||||
{ lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
<<wrap>>
|
||||
|
||||
services = {
|
||||
getty.autologinUser = "swarsel";
|
||||
greetd.settings.initial_session.user = "swarsel";
|
||||
};
|
||||
|
||||
hardware.bluetooth.enable = true;
|
||||
|
||||
# Bootloader
|
||||
boot = {
|
||||
loader.systemd-boot.enable = lib.mkForce false;
|
||||
lanzaboote = {
|
||||
enable = true;
|
||||
pkiBundle = "/etc/secureboot";
|
||||
};
|
||||
loader.efi.canTouchEfiVariables = true;
|
||||
# use bootspec instead of lzbt for secure boot. This is not a generally needed setting
|
||||
bootspec.enable = true;
|
||||
# kernelPackages = pkgs.linuxPackages_latest;
|
||||
};
|
||||
|
||||
networking = {
|
||||
hostName = "threed";
|
||||
enableIPv6 = false;
|
||||
firewall.enable = false;
|
||||
};
|
||||
|
||||
stylix.image = ../../wallpaper/surfacewp.png;
|
||||
<<theme>>
|
||||
|
||||
users.users.swarsel = {
|
||||
isNormalUser = true;
|
||||
description = "Leon S";
|
||||
extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ];
|
||||
packages = with pkgs; [ ];
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
];
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
|
||||
}
|
||||
|
||||
#+end_src
|
||||
|
||||
***** Home Manager
|
||||
:PROPERTIES:
|
||||
:CUSTOM_ID: h:449c20d8-338a-483c-a6f0-9a164a6071d6
|
||||
:END:
|
||||
#+begin_src nix :noweb yes :tangle profiles/threed/home.nix
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
|
||||
<<gpgagent>>
|
||||
|
||||
home = {
|
||||
username = "swarsel";
|
||||
homeDirectory = "/home/swarsel";
|
||||
stateVersion = "23.05"; # Please read the comment before changing.
|
||||
keyboard.layout = "us";
|
||||
packages = with pkgs; [
|
||||
];
|
||||
};
|
||||
|
||||
sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
|
||||
|
||||
programs.waybar.settings.mainBar = {
|
||||
cpu.format = "{icon0} {icon1} {icon2} {icon3}";
|
||||
temperature.hwmon-path = "/sys/devices/platform/coretemp.0/hwmon/hwmon1/temp3_input";
|
||||
};
|
||||
<<waybarlaptop>>
|
||||
|
||||
wayland.windowManager.sway = {
|
||||
config = rec {
|
||||
input = {
|
||||
"*" = {
|
||||
xkb_layout = "us";
|
||||
xkb_options = "grp:win_space_toggle";
|
||||
xkb_variant = "altgr-intl";
|
||||
};
|
||||
"type:touchpad" = {
|
||||
dwt = "enabled";
|
||||
tap = "enabled";
|
||||
natural_scroll = "enabled";
|
||||
middle_emulation = "enabled";
|
||||
};
|
||||
};
|
||||
|
||||
output = {
|
||||
eDP-1 = {
|
||||
mode = "2160x1440@59.955Hz";
|
||||
scale = "1";
|
||||
bg = "~/.dotfiles/wallpaper/surfacewp.png fill";
|
||||
};
|
||||
};
|
||||
|
||||
keybindings =
|
||||
let
|
||||
inherit (config.wayland.windowManager.sway.config) modifier;
|
||||
in
|
||||
{
|
||||
"${modifier}+F2" = "exec brightnessctl set +5%";
|
||||
"${modifier}+F1" = "exec brightnessctl set 5%-";
|
||||
"${modifier}+n" = "exec sway output eDP-1 transform normal, splith";
|
||||
"${modifier}+Ctrl+p" = "exec wl-mirror eDP-1";
|
||||
"${modifier}+t" = "exec sway output eDP-1 transform 90, splitv";
|
||||
"${modifier}+XF86AudioLowerVolume" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png";
|
||||
"${modifier}+XF86AudioRaiseVolume" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png";
|
||||
"${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\"";
|
||||
};
|
||||
|
||||
startup = [
|
||||
<<startupnixos>>
|
||||
];
|
||||
|
||||
keycodebindings = {
|
||||
"124" = "exec systemctl suspend";
|
||||
};
|
||||
};
|
||||
|
||||
extraConfig = "
|
||||
exec swaymsg input 7062:6917:NTRG0001:01_1B96:1B05 map_to_output eDP-1
|
||||
exec swaymsg input 7062:6917:NTRG0001:01_1B96:1B05_Stylus map_to_output eDP-1
|
||||
";
|
||||
};
|
||||
}
|
||||
#+end_src
|
||||
|
||||
**** Fourside (Lenovo Thinkpad P14s Gen2)
|
||||
:PROPERTIES:
|
||||
:CUSTOM_ID: h:6c6e9261-dfa1-42d8-ab2a-8b7c227be6d9
|
||||
|
|
@ -2161,6 +2015,7 @@ My work machine.
|
|||
inputs.nixos-hardware.nixosModules.framework-16-7040-amd
|
||||
|
||||
./hardware-configuration.nix
|
||||
./disk-config.nix
|
||||
|
||||
../optional/nixos/steam.nix
|
||||
# ../optional/nixos/virtualbox.nix
|
||||
|
|
@ -2185,6 +2040,8 @@ My work machine.
|
|||
};
|
||||
};
|
||||
|
||||
networking.networkmanager.wifi.scanRandMacAddress = false;
|
||||
|
||||
boot = {
|
||||
loader.systemd-boot.enable = true;
|
||||
loader.efi.canTouchEfiVariables = true;
|
||||
|
|
@ -2211,6 +2068,9 @@ My work machine.
|
|||
|
||||
services = {
|
||||
fwupd.enable = true;
|
||||
udev.extraRules = ''
|
||||
ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="0bda", ATTR{idProduct}=="8156", ATTR{power/autosuspend}="20"
|
||||
'';
|
||||
};
|
||||
|
||||
swarselsystems = {
|
||||
|
|
@ -2218,11 +2078,14 @@ My work machine.
|
|||
hasBluetooth = true;
|
||||
hasFingerprint = true;
|
||||
initialSetup = true;
|
||||
impermanence = false;
|
||||
isBtrfs = true;
|
||||
};
|
||||
|
||||
home-manager.users.swarsel.swarselsystems = {
|
||||
isLaptop = true;
|
||||
isNixos = true;
|
||||
isBtrfs = true;
|
||||
# temperatureHwmon = {
|
||||
# isAbsolutePath = true;
|
||||
# path = "/sys/devices/platform/thinkpad_hwmon/hwmon/";
|
||||
|
|
@ -2231,241 +2094,51 @@ My work machine.
|
|||
# ------ -----
|
||||
# | DP-4 | |eDP-1|
|
||||
# ------ -----
|
||||
# monitors = {
|
||||
# main = {
|
||||
# name = "California Institute of Technology 0x1407 Unknown";
|
||||
# mode = "1920x1080"; # TEMPLATE
|
||||
# scale = "1";
|
||||
# position = "2560,0";
|
||||
# workspace = "2:二";
|
||||
# output = "eDP-1";
|
||||
# };
|
||||
# homedesktop = {
|
||||
# name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320";
|
||||
# mode = "2560x1440";
|
||||
# scale = "1";
|
||||
# position = "0,0";
|
||||
# workspace = "1:一";
|
||||
# output = "DP-4";
|
||||
# };
|
||||
# };
|
||||
# inputs = {
|
||||
# "1:1:AT_Translated_Set_2_keyboard" = {
|
||||
# xkb_layout = "us";
|
||||
# xkb_options = "grp:win_space_toggle";
|
||||
# xkb_variant = "altgr-intl";
|
||||
# };
|
||||
# };
|
||||
keybindings = {
|
||||
monitors = {
|
||||
main = {
|
||||
name = "BOE 0x0BC9 Unknown";
|
||||
mode = "2560x1600"; # TEMPLATE
|
||||
scale = "1";
|
||||
position = "2560,0";
|
||||
workspace = "2:二";
|
||||
output = "eDP-2";
|
||||
};
|
||||
homedesktop = {
|
||||
name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320";
|
||||
mode = "2560x1440";
|
||||
scale = "1";
|
||||
position = "0,0";
|
||||
workspace = "1:一";
|
||||
output = "DP-11";
|
||||
};
|
||||
workdesktop = {
|
||||
name = "LG Electronics LG Ultra HD 0x000305A6";
|
||||
mode = "2560x1440";
|
||||
scale = "1";
|
||||
position = "0,0";
|
||||
workspace = "1:一";
|
||||
output = "DP-10";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
#+end_src
|
||||
|
||||
**** Winters (Framwork Laptop 16)
|
||||
:PROPERTIES:
|
||||
:CUSTOM_ID: h:6c6e9261-dfa1-42d8-ab2a-8b7c227be6d9
|
||||
:END:
|
||||
|
||||
My work machine.
|
||||
|
||||
***** NixOS
|
||||
:PROPERTIES:
|
||||
:CUSTOM_ID: h:ab6fefc4-aabd-456c-8a21-5fcb20c02869
|
||||
:END:
|
||||
|
||||
Mostly just sets some opened ports for several games, enables virtualbox (which I do not want everywhere because of resource considerations) and enables thinkfan, which allows for better fan control on Lenovo Thinkpad machines.
|
||||
|
||||
#+begin_src nix :noweb yes :tangle profiles/winters/nixos.nix
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
|
||||
# <<wrap>>
|
||||
imports =
|
||||
[
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
services = {
|
||||
getty.autologinUser = "swarsel";
|
||||
greetd.settings.initial_session.user = "swarsel";
|
||||
};
|
||||
|
||||
boot = {
|
||||
loader.systemd-boot.enable = true;
|
||||
loader.efi.canTouchEfiVariables = true;
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
};
|
||||
|
||||
networking = {
|
||||
hostName = "winters"; # Define your hostname.
|
||||
nftables.enable = true;
|
||||
enableIPv6 = true;
|
||||
firewall.checkReversePath = "strict";
|
||||
firewall = {
|
||||
enable = true;
|
||||
allowedUDPPorts = [ ];
|
||||
allowedTCPPorts = [ ];
|
||||
allowedTCPPortRanges = [
|
||||
];
|
||||
allowedUDPPortRanges = [
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
virtualisation.virtualbox = {
|
||||
host = {
|
||||
enable = true;
|
||||
enableExtensionPack = true;
|
||||
};
|
||||
# leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch
|
||||
guest = {
|
||||
enable = false;
|
||||
};
|
||||
};
|
||||
|
||||
stylix.image = ../../wallpaper/lenovowp.png;
|
||||
<<theme>>
|
||||
|
||||
hardware = {
|
||||
graphics = {
|
||||
enable = true;
|
||||
enable32Bit = true;
|
||||
extraPackages = with pkgs; [
|
||||
];
|
||||
};
|
||||
bluetooth.enable = true;
|
||||
};
|
||||
|
||||
programs.steam = {
|
||||
enable = true;
|
||||
extraCompatPackages = [
|
||||
pkgs.proton-ge-bin
|
||||
];
|
||||
};
|
||||
|
||||
services.power-profiles-daemon.enable = true;
|
||||
|
||||
users.users.swarsel = {
|
||||
isNormalUser = true;
|
||||
description = "Leon S";
|
||||
extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ];
|
||||
packages = with pkgs; [ ];
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
sbctl
|
||||
teams-for-linux
|
||||
# gog games installing
|
||||
heroic
|
||||
# minecraft
|
||||
temurin-bin-17
|
||||
(prismlauncher.override {
|
||||
glfw = pkgs.glfw-wayland-minecraft;
|
||||
})
|
||||
];
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
|
||||
|
||||
}
|
||||
|
||||
#+end_src
|
||||
|
||||
***** TODO Home Manager
|
||||
:PROPERTIES:
|
||||
:CUSTOM_ID: h:85f7110c-2f25-4506-b64a-fce29f29d0d0
|
||||
:END:
|
||||
|
||||
TODO: Adjust =hwmon= path, I/O modules and XF86 keys once laptop arrives.
|
||||
|
||||
#+begin_src nix :noweb yes :tangle profiles/winters/home.nix
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
|
||||
<<gpgagent>>
|
||||
home = {
|
||||
username = "swarsel";
|
||||
homeDirectory = "/home/swarsel";
|
||||
stateVersion = "23.05"; # TEMPLATE -- Please read the comment before changing.
|
||||
keyboard.layout = "us"; # TEMPLATE
|
||||
packages = with pkgs; [
|
||||
];
|
||||
};
|
||||
sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
|
||||
|
||||
# waybar config - TEMPLATE - update for cores and temp
|
||||
programs.waybar.settings.mainBar = {
|
||||
cpu.format = "{icon0} {icon1} {icon2} {icon3} {icon4} {icon5} {icon6} {icon7}";
|
||||
|
||||
temperature.hwmon-path.abs = "/sys/devices/platform/thinkpad_hwmon/hwmon/";
|
||||
temperature.input-filename = "temp1_input";
|
||||
};
|
||||
|
||||
<<waybarlaptop>>
|
||||
|
||||
wayland.windowManager.sway = {
|
||||
config = rec {
|
||||
# update for actual inputs here,
|
||||
input = {
|
||||
"36125:53060:splitkb.com_Kyria_rev3" = {
|
||||
xkb_layout = "us";
|
||||
xkb_variant = "altgr-intl";
|
||||
};
|
||||
"1:1:AT_Translated_Set_2_keyboard" = {
|
||||
# TEMPLATE
|
||||
inputs = {
|
||||
"12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = {
|
||||
xkb_layout = "us";
|
||||
xkb_options = "grp:win_space_toggle";
|
||||
xkb_variant = "altgr-intl";
|
||||
};
|
||||
"type:touchpad" = {
|
||||
"2362:628:PIXA3854:00_093A:0274_Touchpad" = {
|
||||
dwt = "enabled";
|
||||
tap = "enabled";
|
||||
natural_scroll = "enabled";
|
||||
middle_emulation = "enabled";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
output = {
|
||||
eDP-1 = {
|
||||
mode = "1920x1080"; # TEMPLATE
|
||||
scale = "1";
|
||||
position = "1920,0";
|
||||
# bg = "~/.dotfiles/wallpaper/lenovowp.png fill";
|
||||
};
|
||||
# external monitor
|
||||
HDMI-A-1 = {
|
||||
mode = "2560x1440";
|
||||
scale = "1";
|
||||
# bg = "~/.dotfiles/wallpaper/lenovowp.png fill";
|
||||
position = "0,0";
|
||||
};
|
||||
};
|
||||
|
||||
workspaceOutputAssign = [
|
||||
{ output = "eDP-1"; workspace = "1:一"; }
|
||||
{ output = "HDMI-A-1"; workspace = "2:二"; }
|
||||
];
|
||||
|
||||
|
||||
# keybindings = let
|
||||
# inherit (config.wayland.windowManager.sway.config) modifier;
|
||||
# in {
|
||||
|
||||
# };
|
||||
|
||||
startup = [
|
||||
<<startupnixos>>
|
||||
];
|
||||
keybindings = {
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
#+end_src
|
||||
|
||||
*** Virtual hosts
|
||||
|
|
@ -4791,6 +4464,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
|
|||
hardware = import ./hardware.nix;
|
||||
setup = import ./setup.nix;
|
||||
impermanence = import ./impermanence.nix;
|
||||
filesystem = import ./filesystem.nix;
|
||||
}
|
||||
#+end_src
|
||||
|
||||
|
|
@ -4845,6 +4519,16 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
|
|||
}
|
||||
#+end_src
|
||||
|
||||
***** Filesystem
|
||||
|
||||
#+begin_src nix :tangle modules/nixos/filesystem.nix
|
||||
{ lib, ... }:
|
||||
|
||||
{
|
||||
options.swarselsystems.isBtrfs = lib.mkEnableOption "use btrfs filesystem";
|
||||
}
|
||||
#+end_src
|
||||
|
||||
|
||||
**** home-manager
|
||||
|
||||
|
|
@ -4858,6 +4542,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
|
|||
waybar = import ./waybar.nix;
|
||||
startup = import ./startup.nix;
|
||||
wallpaper = import ./wallpaper.nix;
|
||||
filesystem = import ./filesystem.nix;
|
||||
}
|
||||
#+end_src
|
||||
|
||||
|
|
@ -5079,6 +4764,16 @@ in
|
|||
|
||||
#+end_src
|
||||
|
||||
***** Filesystem
|
||||
|
||||
#+begin_src nix :tangle modules/home/filesystem.nix
|
||||
{ lib, ... }:
|
||||
|
||||
{
|
||||
options.swarselsystems.isBtrfs = lib.mkEnableOption "use btrfs filesystem";
|
||||
}
|
||||
#+end_src
|
||||
|
||||
** NixOS
|
||||
*** Common
|
||||
:PROPERTIES:
|
||||
|
|
@ -5139,12 +4834,7 @@ First, we enable the use of =home-manager= as a NixoS module
|
|||
|
||||
#+end_src
|
||||
|
||||
**** General
|
||||
:PROPERTIES:
|
||||
:CUSTOM_ID: h:5a114da6-ef8d-404d-b31b-b51472908e77
|
||||
:END:
|
||||
|
||||
***** Setup login keymap
|
||||
**** Setup login keymap
|
||||
:PROPERTIES:
|
||||
:CUSTOM_ID: h:7248f338-8cad-4443-9060-deae7955b26f
|
||||
:END:
|
||||
|
|
@ -5163,7 +4853,7 @@ Next, we setup the keymap in case we are not in a graphical session. At this poi
|
|||
}
|
||||
#+end_src
|
||||
|
||||
***** Make users non-mutable
|
||||
**** Make users non-mutable
|
||||
:PROPERTIES:
|
||||
:CUSTOM_ID: h:48959890-fbc7-4d28-b33c-f33e028ab473
|
||||
:END:
|
||||
|
|
@ -5186,7 +4876,7 @@ This ensures that all user-configuration happens here in the config file.
|
|||
}
|
||||
#+end_src
|
||||
|
||||
***** Environment setup
|
||||
**** Environment setup
|
||||
:PROPERTIES:
|
||||
:CUSTOM_ID: h:f4006367-0965-4b4f-a3b0-45f63b07d2b8
|
||||
:END:
|
||||
|
|
@ -5212,7 +4902,7 @@ Next, we will setup some environment variables that need to be set on the system
|
|||
}
|
||||
#+end_src
|
||||
|
||||
***** Enable PolicyKit
|
||||
**** Enable PolicyKit
|
||||
:PROPERTIES:
|
||||
:CUSTOM_ID: h:e2d40df9-0026-4caa-8476-9dc2353055a1
|
||||
:END:
|
||||
|
|
@ -5226,7 +4916,7 @@ Needed for control over system-wide privileges etc.
|
|||
}
|
||||
#+end_src
|
||||
|
||||
***** Enable automatic garbage collection
|
||||
**** Enable automatic garbage collection
|
||||
:PROPERTIES:
|
||||
:CUSTOM_ID: h:9a3b7f1f-d0c3-417e-a262-c920fb25f3ee
|
||||
:END:
|
||||
|
|
@ -5245,7 +4935,7 @@ The nix store fills up over time, until =/boot/efi= is filled. This snippet clea
|
|||
}
|
||||
#+end_src
|
||||
|
||||
***** Enable automatic store optimisation
|
||||
**** Enable automatic store optimisation
|
||||
:PROPERTIES:
|
||||
:CUSTOM_ID: h:97a2b9f7-c835-4db8-a0e9-e923bab69ee8
|
||||
:END:
|
||||
|
|
@ -5263,7 +4953,7 @@ This enables hardlinking identical files in the nix store, to save on disk space
|
|||
|
||||
#+end_src
|
||||
|
||||
***** Reduce systemd timeouts
|
||||
**** Reduce systemd timeouts
|
||||
:PROPERTIES:
|
||||
:CUSTOM_ID: h:12858442-c129-4aa1-9c9c-a0916e36b302
|
||||
:END:
|
||||
|
|
@ -5281,7 +4971,7 @@ There is a persistent bug over Linux kernels that makes the user wait 1m30s on s
|
|||
}
|
||||
#+end_src
|
||||
|
||||
***** Hardware settings
|
||||
**** Hardware settings
|
||||
:PROPERTIES:
|
||||
:CUSTOM_ID: h:1fa7cf61-5c03-43a3-a7f0-3d6ee246b31b
|
||||
:END:
|
||||
|
|
@ -5327,7 +5017,7 @@ Enable OpenGL, Sound, Bluetooth and various drivers.
|
|||
}
|
||||
#+end_src
|
||||
|
||||
***** Common network settings
|
||||
**** Common network settings
|
||||
:PROPERTIES:
|
||||
:CUSTOM_ID: h:7d696b64-debe-4a95-80b5-1e510156a6c6
|
||||
:END:
|
||||
|
|
@ -5554,7 +5244,7 @@ Here I only enable =networkmanager=. Most of the 'real' network config is done i
|
|||
}
|
||||
#+end_src
|
||||
|
||||
***** Time, locale settings
|
||||
**** Time, locale settings
|
||||
:PROPERTIES:
|
||||
:CUSTOM_ID: h:852d59ab-63c3-4831-993d-b5e23b877796
|
||||
:END:
|
||||
|
|
@ -5599,12 +5289,19 @@ I use sops-nix to handle secrets that I want to have available on my machines at
|
|||
- update entry for sops.age.sshKeyPaths
|
||||
|
||||
#+begin_src nix :tangle profiles/common/nixos/sops.nix
|
||||
{ config, ... }:
|
||||
{ config, lib, ... }:
|
||||
let
|
||||
mkIfElse = p: yes: no: lib.mkMerge [
|
||||
(lib.mkIf p yes)
|
||||
(lib.mkIf (!p) no)
|
||||
];
|
||||
in
|
||||
{
|
||||
sops = {
|
||||
|
||||
age.sshKeyPaths = [ "${config.users.users.swarsel.home}/.ssh/sops" ];
|
||||
defaultSopsFile = "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml";
|
||||
defaultSopsFile = mkIfElse config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml";
|
||||
|
||||
validateSopsFiles = false;
|
||||
|
||||
secrets = {
|
||||
|
|
@ -6074,7 +5771,7 @@ This section houses the greetd related settings. I do not really want to use a d
|
|||
|
||||
# We first mount the btrfs root to /mnt
|
||||
# so we can manipulate btrfs subvolumes.
|
||||
mount -o subvol=/ /dev/mapper/enc /mnt
|
||||
mount -o subvol=/ /dev/mapper/cryptroot /mnt
|
||||
btrfs subvolume list -o /mnt/root
|
||||
|
||||
# While we're tempted to just delete /root and create
|
||||
|
|
@ -6107,12 +5804,14 @@ This section houses the greetd related settings. I do not really want to use a d
|
|||
|
||||
|
||||
environment.persistence."/persist" = lib.mkIf config.swarselsystems.impermanence {
|
||||
hideMounts = true;
|
||||
directories =
|
||||
[
|
||||
"/.cache/nix/"
|
||||
"/srv"
|
||||
"/etc/nixos"
|
||||
"/etc/nix"
|
||||
"/home/swarsel/.dotfiles"
|
||||
"/etc/NetworkManager/system-connections"
|
||||
"/etc/secureboot"
|
||||
"/var/db/sudo/"
|
||||
|
|
@ -6121,8 +5820,6 @@ This section houses the greetd related settings. I do not really want to use a d
|
|||
];
|
||||
|
||||
files = [
|
||||
# important state
|
||||
"/etc/machine-id"
|
||||
# ssh stuff
|
||||
/*
|
||||
"/etc/ssh/ssh_host_ed25519_key"
|
||||
|
|
@ -6223,6 +5920,9 @@ This section houses the greetd related settings. I do not really want to use a d
|
|||
{
|
||||
programs._1password.enable = true;
|
||||
programs._1password-gui.enable = true;
|
||||
environment.systemPackages = with pkgs; [
|
||||
];
|
||||
|
||||
}
|
||||
#+end_src
|
||||
|
||||
|
|
@ -6344,6 +6044,7 @@ Programming languages and default lsp's are defined here: [[#h:0e7e8bea-ec58-499
|
|||
nixpkgs-fmt
|
||||
deadnix
|
||||
statix
|
||||
nix-tree
|
||||
|
||||
# local file sharing
|
||||
wormhole-rs
|
||||
|
|
@ -6536,11 +6237,18 @@ I use sops-nix to handle secrets that I want to have available on my machines at
|
|||
Since we are using the home-manager implementation here, we need to specify the runtime path.
|
||||
|
||||
#+begin_src nix :tangle profiles/common/home/sops.nix
|
||||
{ config, ... }:
|
||||
{ config, lib, ... }:
|
||||
let
|
||||
mkIfElse = p: yes: no: lib.mkMerge [
|
||||
(lib.mkIf p yes)
|
||||
(lib.mkIf (!p) no)
|
||||
];
|
||||
in
|
||||
{
|
||||
sops = {
|
||||
age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
|
||||
defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml";
|
||||
defaultSopsFile = mkIfElse config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml";
|
||||
|
||||
validateSopsFiles = false;
|
||||
secrets = {
|
||||
mrswarsel = { path = "/run/user/1000/secrets/mrswarsel"; };
|
||||
|
|
@ -11468,6 +11176,7 @@ Yes, I am aware that I am exposing my university-calendar to the public here. I
|
|||
(setq org-caldav-calendars
|
||||
'((:calendar-id "personal"
|
||||
:inbox "~/Calendars/leon_cal.org")))
|
||||
(setq org-caldav-files '("~/Calendars/leon_cal.org"))
|
||||
;; (setq org-caldav-backup-file "~/org-caldav/org-caldav-backup.org")
|
||||
;; (setq org-caldav-save-directory "~/org-caldav/")
|
||||
|
||||
|
|
@ -11863,7 +11572,7 @@ Special things to note here: We are running xcape to allow =CAPS= to act as =CTR
|
|||
#keyboard config
|
||||
home.keyboard.layout = "us";
|
||||
|
||||
sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/sops" ];
|
||||
|
||||
# waybar config
|
||||
programs.waybar.settings.mainBar.cpu.format = "{icon0} {icon1} {icon2} {icon3}";
|
||||
|
|
|
|||
|
|
@ -127,8 +127,9 @@
|
|||
# # NixOS modules that can only be used on NixOS systems
|
||||
nixModules = [
|
||||
inputs.stylix.nixosModules.stylix
|
||||
inputs.lanzaboote.nixosModules.lanzaboote
|
||||
inputs.impermanence.nixosModules.impermanence
|
||||
# inputs.lanzaboote.nixosModules.lanzaboote
|
||||
inputs.disko.nixosModules.disko
|
||||
# inputs.impermanence.nixosModules.impermanence
|
||||
inputs.sops-nix.nixosModules.sops
|
||||
inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm
|
||||
./profiles/common/nixos
|
||||
|
|
|
|||
1087
index.html
1087
index.html
File diff suppressed because it is too large
Load diff
|
|
@ -7,4 +7,5 @@
|
|||
waybar = import ./waybar.nix;
|
||||
startup = import ./startup.nix;
|
||||
wallpaper = import ./wallpaper.nix;
|
||||
filesystem = import ./filesystem.nix;
|
||||
}
|
||||
|
|
|
|||
5
modules/home/filesystem.nix
Normal file
5
modules/home/filesystem.nix
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
{ lib, ... }:
|
||||
|
||||
{
|
||||
options.swarselsystems.isBtrfs = lib.mkEnableOption "use btrfs filesystem";
|
||||
}
|
||||
|
|
@ -3,4 +3,5 @@
|
|||
hardware = import ./hardware.nix;
|
||||
setup = import ./setup.nix;
|
||||
impermanence = import ./impermanence.nix;
|
||||
filesystem = import ./filesystem.nix;
|
||||
}
|
||||
|
|
|
|||
5
modules/nixos/filesystem.nix
Normal file
5
modules/nixos/filesystem.nix
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
{ lib, ... }:
|
||||
|
||||
{
|
||||
options.swarselsystems.isBtrfs = lib.mkEnableOption "use btrfs filesystem";
|
||||
}
|
||||
|
|
@ -31,6 +31,7 @@
|
|||
nixpkgs-fmt
|
||||
deadnix
|
||||
statix
|
||||
nix-tree
|
||||
|
||||
# local file sharing
|
||||
wormhole-rs
|
||||
|
|
|
|||
|
|
@ -1,8 +1,15 @@
|
|||
{ config, ... }:
|
||||
{ config, lib, ... }:
|
||||
let
|
||||
mkIfElse = p: yes: no: lib.mkMerge [
|
||||
(lib.mkIf p yes)
|
||||
(lib.mkIf (!p) no)
|
||||
];
|
||||
in
|
||||
{
|
||||
sops = {
|
||||
age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
|
||||
defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml";
|
||||
defaultSopsFile = mkIfElse config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml";
|
||||
|
||||
validateSopsFiles = false;
|
||||
secrets = {
|
||||
mrswarsel = { path = "/run/user/1000/secrets/mrswarsel"; };
|
||||
|
|
|
|||
|
|
@ -25,7 +25,8 @@
|
|||
./login.nix
|
||||
./stylix.nix
|
||||
./power-profiles-daemon.nix
|
||||
./impermanence.nix
|
||||
# ./impermanence.nix
|
||||
./nix-ld.nix
|
||||
];
|
||||
|
||||
nix.settings.trusted-users = [ "swarsel" ];
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@
|
|||
|
||||
# We first mount the btrfs root to /mnt
|
||||
# so we can manipulate btrfs subvolumes.
|
||||
mount -o subvol=/ /dev/mapper/enc /mnt
|
||||
mount -o subvol=/ /dev/mapper/cryptroot /mnt
|
||||
btrfs subvolume list -o /mnt/root
|
||||
|
||||
# While we're tempted to just delete /root and create
|
||||
|
|
@ -58,12 +58,14 @@
|
|||
|
||||
|
||||
environment.persistence."/persist" = lib.mkIf config.swarselsystems.impermanence {
|
||||
hideMounts = true;
|
||||
directories =
|
||||
[
|
||||
"/.cache/nix/"
|
||||
"/srv"
|
||||
"/etc/nixos"
|
||||
"/etc/nix"
|
||||
"/home/swarsel/.dotfiles"
|
||||
"/etc/NetworkManager/system-connections"
|
||||
"/etc/secureboot"
|
||||
"/var/db/sudo/"
|
||||
|
|
@ -72,8 +74,6 @@
|
|||
];
|
||||
|
||||
files = [
|
||||
# important state
|
||||
"/etc/machine-id"
|
||||
# ssh stuff
|
||||
/*
|
||||
"/etc/ssh/ssh_host_ed25519_key"
|
||||
|
|
|
|||
|
|
@ -1,9 +1,16 @@
|
|||
{ config, ... }:
|
||||
{ config, lib, ... }:
|
||||
let
|
||||
mkIfElse = p: yes: no: lib.mkMerge [
|
||||
(lib.mkIf p yes)
|
||||
(lib.mkIf (!p) no)
|
||||
];
|
||||
in
|
||||
{
|
||||
sops = {
|
||||
|
||||
age.sshKeyPaths = [ "${config.users.users.swarsel.home}/.ssh/sops" ];
|
||||
defaultSopsFile = "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml";
|
||||
defaultSopsFile = mkIfElse config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml";
|
||||
|
||||
validateSopsFiles = false;
|
||||
|
||||
secrets = {
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@
|
|||
inputs.nixos-hardware.nixosModules.framework-16-7040-amd
|
||||
|
||||
./hardware-configuration.nix
|
||||
./disk-config.nix
|
||||
|
||||
../optional/nixos/steam.nix
|
||||
# ../optional/nixos/virtualbox.nix
|
||||
|
|
@ -29,6 +30,8 @@
|
|||
};
|
||||
};
|
||||
|
||||
networking.networkmanager.wifi.scanRandMacAddress = false;
|
||||
|
||||
boot = {
|
||||
loader.systemd-boot.enable = true;
|
||||
loader.efi.canTouchEfiVariables = true;
|
||||
|
|
@ -55,6 +58,9 @@
|
|||
|
||||
services = {
|
||||
fwupd.enable = true;
|
||||
udev.extraRules = ''
|
||||
ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="0bda", ATTR{idProduct}=="8156", ATTR{power/autosuspend}="20"
|
||||
'';
|
||||
};
|
||||
|
||||
swarselsystems = {
|
||||
|
|
@ -62,11 +68,14 @@
|
|||
hasBluetooth = true;
|
||||
hasFingerprint = true;
|
||||
initialSetup = true;
|
||||
impermanence = false;
|
||||
isBtrfs = true;
|
||||
};
|
||||
|
||||
home-manager.users.swarsel.swarselsystems = {
|
||||
isLaptop = true;
|
||||
isNixos = true;
|
||||
isBtrfs = true;
|
||||
# temperatureHwmon = {
|
||||
# isAbsolutePath = true;
|
||||
# path = "/sys/devices/platform/thinkpad_hwmon/hwmon/";
|
||||
|
|
@ -75,31 +84,45 @@
|
|||
# ------ -----
|
||||
# | DP-4 | |eDP-1|
|
||||
# ------ -----
|
||||
# monitors = {
|
||||
# main = {
|
||||
# name = "California Institute of Technology 0x1407 Unknown";
|
||||
# mode = "1920x1080"; # TEMPLATE
|
||||
# scale = "1";
|
||||
# position = "2560,0";
|
||||
# workspace = "2:二";
|
||||
# output = "eDP-1";
|
||||
# };
|
||||
# homedesktop = {
|
||||
# name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320";
|
||||
# mode = "2560x1440";
|
||||
# scale = "1";
|
||||
# position = "0,0";
|
||||
# workspace = "1:一";
|
||||
# output = "DP-4";
|
||||
# };
|
||||
# };
|
||||
# inputs = {
|
||||
# "1:1:AT_Translated_Set_2_keyboard" = {
|
||||
# xkb_layout = "us";
|
||||
# xkb_options = "grp:win_space_toggle";
|
||||
# xkb_variant = "altgr-intl";
|
||||
# };
|
||||
# };
|
||||
monitors = {
|
||||
main = {
|
||||
name = "BOE 0x0BC9 Unknown";
|
||||
mode = "2560x1600"; # TEMPLATE
|
||||
scale = "1";
|
||||
position = "2560,0";
|
||||
workspace = "2:二";
|
||||
output = "eDP-2";
|
||||
};
|
||||
homedesktop = {
|
||||
name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320";
|
||||
mode = "2560x1440";
|
||||
scale = "1";
|
||||
position = "0,0";
|
||||
workspace = "1:一";
|
||||
output = "DP-11";
|
||||
};
|
||||
workdesktop = {
|
||||
name = "LG Electronics LG Ultra HD 0x000305A6";
|
||||
mode = "2560x1440";
|
||||
scale = "1";
|
||||
position = "0,0";
|
||||
workspace = "1:一";
|
||||
output = "DP-10";
|
||||
};
|
||||
};
|
||||
inputs = {
|
||||
"12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = {
|
||||
xkb_layout = "us";
|
||||
xkb_options = "grp:win_space_toggle";
|
||||
xkb_variant = "altgr-intl";
|
||||
};
|
||||
"2362:628:PIXA3854:00_093A:0274_Touchpad" = {
|
||||
dwt = "enabled";
|
||||
tap = "enabled";
|
||||
natural_scroll = "enabled";
|
||||
middle_emulation = "enabled";
|
||||
};
|
||||
};
|
||||
keybindings = { };
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -33,30 +33,30 @@
|
|||
"--perf-no_write_workqueue"
|
||||
];
|
||||
# https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html
|
||||
settings = {crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];};
|
||||
settings = { crypttabExtraOpts = [ "fido2-device=auto" "token-timeout=10" ]; };
|
||||
content = {
|
||||
type = "btrfs";
|
||||
extraArgs = ["-L" "nixos" "-f"];
|
||||
extraArgs = [ "-L" "nixos" "-f" ];
|
||||
subvolumes = {
|
||||
"/root" = {
|
||||
mountpoint = "/";
|
||||
mountOptions = ["subvol=root" "compress=zstd" "noatime"];
|
||||
mountOptions = [ "subvol=root" "compress=zstd" "noatime" ];
|
||||
};
|
||||
"/home" = {
|
||||
mountpoint = "/home";
|
||||
mountOptions = ["subvol=home" "compress=zstd" "noatime"];
|
||||
mountOptions = [ "subvol=home" "compress=zstd" "noatime" ];
|
||||
};
|
||||
"/nix" = {
|
||||
mountpoint = "/nix";
|
||||
mountOptions = ["subvol=nix" "compress=zstd" "noatime"];
|
||||
mountOptions = [ "subvol=nix" "compress=zstd" "noatime" ];
|
||||
};
|
||||
"/persist" = {
|
||||
mountpoint = "/persist";
|
||||
mountOptions = ["subvol=persist" "compress=zstd" "noatime"];
|
||||
mountOptions = [ "subvol=persist" "compress=zstd" "noatime" ];
|
||||
};
|
||||
"/log" = {
|
||||
mountpoint = "/var/log";
|
||||
mountOptions = ["subvol=log" "compress=zstd" "noatime"];
|
||||
mountOptions = [ "subvol=log" "compress=zstd" "noatime" ];
|
||||
};
|
||||
"/swap" = {
|
||||
mountpoint = "/swap";
|
||||
|
|
|
|||
|
|
@ -5,7 +5,8 @@
|
|||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
[
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "usbhid" "sd_mod" ];
|
||||
|
|
@ -13,50 +14,57 @@
|
|||
boot.kernelModules = [ "kvm-amd" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/3554892c-9d0b-49b2-b74a-8b5ef45569f7";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=root" ];
|
||||
};
|
||||
# fileSystems."/" =
|
||||
# {
|
||||
# device = "/dev/disk/by-uuid/3554892c-9d0b-49b2-b74a-8b5ef45569f7";
|
||||
# fsType = "btrfs";
|
||||
# options = [ "subvol=root" ];
|
||||
# };
|
||||
|
||||
boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/98b9bf76-ca01-49f5-91ee-1884ae9ce383";
|
||||
# boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/98b9bf76-ca01-49f5-91ee-1884ae9ce383";
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/5236-F44A";
|
||||
fsType = "vfat";
|
||||
};
|
||||
# fileSystems."/boot" =
|
||||
# {
|
||||
# device = "/dev/disk/by-uuid/5236-F44A";
|
||||
# fsType = "vfat";
|
||||
# };
|
||||
|
||||
fileSystems."/home" =
|
||||
{ device = "/dev/disk/by-uuid/3554892c-9d0b-49b2-b74a-8b5ef45569f7";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=home" ];
|
||||
};
|
||||
# fileSystems."/home" =
|
||||
# {
|
||||
# device = "/dev/disk/by-uuid/3554892c-9d0b-49b2-b74a-8b5ef45569f7";
|
||||
# fsType = "btrfs";
|
||||
# options = [ "subvol=home" ];
|
||||
# };
|
||||
|
||||
fileSystems."/nix" =
|
||||
{ device = "/dev/disk/by-uuid/3554892c-9d0b-49b2-b74a-8b5ef45569f7";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=nix" ];
|
||||
};
|
||||
# fileSystems."/nix" =
|
||||
# {
|
||||
# device = "/dev/disk/by-uuid/3554892c-9d0b-49b2-b74a-8b5ef45569f7";
|
||||
# fsType = "btrfs";
|
||||
# options = [ "subvol=nix" ];
|
||||
# };
|
||||
|
||||
fileSystems."/persist" =
|
||||
{ device = "/dev/disk/by-uuid/3554892c-9d0b-49b2-b74a-8b5ef45569f7";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=persist" ];
|
||||
};
|
||||
# fileSystems."/persist" =
|
||||
# {
|
||||
# device = "/dev/disk/by-uuid/3554892c-9d0b-49b2-b74a-8b5ef45569f7";
|
||||
# fsType = "btrfs";
|
||||
# options = [ "subvol=persist" ];
|
||||
# };
|
||||
|
||||
fileSystems."/swap" =
|
||||
{ device = "/dev/disk/by-uuid/3554892c-9d0b-49b2-b74a-8b5ef45569f7";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=swap" ];
|
||||
};
|
||||
# fileSystems."/swap" =
|
||||
# {
|
||||
# device = "/dev/disk/by-uuid/3554892c-9d0b-49b2-b74a-8b5ef45569f7";
|
||||
# fsType = "btrfs";
|
||||
# options = [ "subvol=swap" ];
|
||||
# };
|
||||
|
||||
fileSystems."/var/log" =
|
||||
{ device = "/dev/disk/by-uuid/3554892c-9d0b-49b2-b74a-8b5ef45569f7";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=log" ];
|
||||
};
|
||||
# fileSystems."/var/log" =
|
||||
# {
|
||||
# device = "/dev/disk/by-uuid/3554892c-9d0b-49b2-b74a-8b5ef45569f7";
|
||||
# fsType = "btrfs";
|
||||
# options = [ "subvol=log" ];
|
||||
# };
|
||||
|
||||
swapDevices = [ ];
|
||||
# swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
|
|
|
|||
|
|
@ -2,4 +2,7 @@
|
|||
{
|
||||
programs._1password.enable = true;
|
||||
programs._1password-gui.enable = true;
|
||||
environment.systemPackages = with pkgs; [
|
||||
];
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1716,6 +1716,7 @@ create a new one."
|
|||
(setq org-caldav-calendars
|
||||
'((:calendar-id "personal"
|
||||
:inbox "~/Calendars/leon_cal.org")))
|
||||
(setq org-caldav-files '("~/Calendars/leon_cal.org"))
|
||||
;; (setq org-caldav-backup-file "~/org-caldav/org-caldav-backup.org")
|
||||
;; (setq org-caldav-save-directory "~/org-caldav/")
|
||||
|
||||
|
|
|
|||
22
scripts/fs-diff.sh
Normal file
22
scripts/fs-diff.sh
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
#!/usr/bin/env bash
|
||||
# fs-diff.sh
|
||||
set -euo pipefail
|
||||
|
||||
OLD_TRANSID=$(sudo btrfs subvolume find-new /mnt/root-blank 9999999)
|
||||
OLD_TRANSID=${OLD_TRANSID#transid marker was }
|
||||
|
||||
sudo btrfs subvolume find-new "/mnt/root" "$OLD_TRANSID" |
|
||||
sed '$d' |
|
||||
cut -f17- -d' ' |
|
||||
sort |
|
||||
uniq |
|
||||
while read path; do
|
||||
path="/$path"
|
||||
if [ -L "$path" ]; then
|
||||
: # The path is a symbolic link, so is probably handled by NixOS already
|
||||
elif [ -d "$path" ]; then
|
||||
: # The path is a directory, ignore
|
||||
else
|
||||
echo "$path"
|
||||
fi
|
||||
done
|
||||
|
|
@ -1,18 +1,18 @@
|
|||
mrswarsel: ENC[AES256_GCM,data:KorCRr6QGzwXXXVcuox5lhSQrg==,iv:rdAlpEYnQaeLH/cXDLixVOZj0mmkynewNlp53L/U4lo=,tag:gE19U/CPl2hU38VYgdLlGQ==,type:str]
|
||||
nautilus: ENC[AES256_GCM,data:KTBIwO/m/O3RfYBf0kTdgM83mQ==,iv:fCVfS3eYE0F9Jhju+uT0rHcFPBMLYtsJURILMATvjYA=,tag:pzpVeK8YYYl6NgC0FRnCoQ==,type:str]
|
||||
leon: ENC[AES256_GCM,data:5OAaO/8XiOJEUicx+otLoUUG9w==,iv:cxoNYOQCFIjX53ZgaL/Pu4ZDeL2EByClCIWG2JcRHMw=,tag:954bA4bjcLZsv2hFbtykSQ==,type:str]
|
||||
caldav: ENC[AES256_GCM,data:CfWibtX+/BJcpXJNlpO8dpYJsdORzQZX5pEXX82CB2z+ZpIhIF66+x1GsXFFgP+MnQOS6O7hSUgckxtJBh7Bmy9jLmcdf3VMwnaAcg==,iv:bcahyj8MXSxvFOveFnXbEWHG03yHURb2zWelT5MiDo0=,tag:EguaYYuYNZUQlrKE8zjjrQ==,type:str]
|
||||
restic: ENC[AES256_GCM,data:YZv3dsx2U1XHfv4=,iv:82WoS3n6nlZpPLrwKFRiYwVSvB4R3AfQQDSR6vjiyno=,tag:Y88Lz2i43UEjUduUmfz/OQ==,type:str]
|
||||
swarselmail: ENC[AES256_GCM,data:QqOGUsip/nmbwFcCX5EhM9u3hCNN4onZpsQAg6qS6lw=,iv:LvQEHkhHJ7+7r4iV1VhxxPW23hJ+h6RMcNIX3NTlB0Y=,tag:/+iH0P/Dmc5m6DLUeUikGw==,type:str]
|
||||
swarseluser: ENC[AES256_GCM,data:sBfmHzW4Abu/rMHopLWmSglC+l7e6UwiobIQ3+FewlnOnUzj0sD1GASq4q+VwIv141CHT+0d0iGk880iVIQpx2jxh+EefnxRUQ==,iv:/KzkOkMab6oTbWIT6ZZdIJNNlaJiiAy9SfTBsvumGBc=,tag:ZNfk7EXK5xX7W8NpdRyAJQ==,type:str]
|
||||
ernest: ENC[AES256_GCM,data:jgzoxnhq3Sk=,iv:oDhm5MA7vR3y/osIbancG4OUQ4HansY6MhB2FxYdzuw=,tag:wYmCak6t0CAhCj8oWhC27g==,type:str]
|
||||
frauns: ENC[AES256_GCM,data:zRnPcOCmwHs=,iv:Un3iCZU7Btp2F6xrJs7e4Kyy0YdP/N+o03sDHOIbr1s=,tag:v+PD9BJl+j2V8fKFb2Tr/g==,type:str]
|
||||
hotspot: ENC[AES256_GCM,data:8SWbiTvii+E=,iv:6aU6JNLVeCM520Sc8EQkXB+DFPqhu6CI9eYqSzC1Aw0=,tag:gNbZHFL09yyfet7YB59FVw==,type:str]
|
||||
eduid: ENC[AES256_GCM,data:OR5yB7pfunrHMCWqsBPU13wDwgbw6qBj2Bn5q4Q=,iv:2tUTXUGpd3sDU44h203xU7VuEGV/7yUMzW073N/WEp8=,tag:+FyxO1wK9vsOeZ7+xnNYLQ==,type:str]
|
||||
edupass: ENC[AES256_GCM,data:iLH0v9pAGWLt7PU=,iv:wJbW71SnKyi07UMropNYHAyPhf9P7VSO8GZpDY5TAsg=,tag:hAt+atdz5QR9GaQJauLwmg==,type:str]
|
||||
handyhotspot: ENC[AES256_GCM,data:Am6KgE4VAV4=,iv:wcn9F6bRqPN368ZkGRvl9r4+2cvShfWnm+dI4AbAK6Q=,tag:mBfYH3segy9u4qOJfsCPcw==,type:str]
|
||||
vpnuser: ENC[AES256_GCM,data:JOwgeXVc+U8=,iv:m5/iyZloymJ5WqX0O6lAMNFauh755R76Vae89vkULhk=,tag:Y+ecq8rPKMGSwXeXLdfAGA==,type:str]
|
||||
vpnpass: ENC[AES256_GCM,data:8PAAEfmNFLOTDA==,iv:GBQAF2IxqL6rfrxwm69GsAkfACSzTPac+7Cl6EX9bpw=,tag:S8/+TzL2icVouFVhkxc0OQ==,type:str]
|
||||
mrswarsel: ENC[AES256_GCM,data:WEKMUQL7gmw1Jy7nVQ75B76PNw==,iv:4W//eaU5ccAMW1+y1pspergCbEmMWx/k+sw9aLV0QMw=,tag:J6NoHtrr2s5SeneMu2I2pQ==,type:str]
|
||||
nautilus: ENC[AES256_GCM,data:Yj+P+i+geMKXRyQhR2EZXvU9kQ==,iv:jgkOF8lB2bqcQHsUUR9SwbcS0s5E1n05kmuqZGMjXm8=,tag:HS0iwSYdj0Hoq2V1IlR0MA==,type:str]
|
||||
leon: ENC[AES256_GCM,data:XPPOTZVtWuUhfrLRZ9+myTYdXQ==,iv:JjSluv6liOjbdswK5FcDqFaGfgc8lSxYcde0oVVAOB4=,tag:XzyfN8ak82dFUTzbNox1iQ==,type:str]
|
||||
caldav: ENC[AES256_GCM,data:Hmb0K0zvZMtFwkWVJOJVe7117qfqShoUCzYbyySpVHY/ggf88t33znVqthi+HhvZP7o7mFRbxQKXVOSru3Erzruo5WsHFK/TJMZQyQ==,iv:XXS5jTpX/yFSSoHb51X/ZTHdTkqFRBIwu0UC4pcGk9g=,tag:ToCo6nL2tkc3oKdlvDTq/A==,type:str]
|
||||
restic: ENC[AES256_GCM,data:oFM5eeKQi9zr1sU=,iv:mNdJO+Snc14PWu1GIHhgwI4tZp0KcroA+eVmFZ3RBic=,tag:1m9764NXm8A1g2TuZEAcFg==,type:str]
|
||||
swarselmail: ENC[AES256_GCM,data:e+oqHFy1Ui1uepKhFBtYbAkn752qxRb6Xvx5gOEjQyc=,iv:oUo8HVHKog+YxWb5u3AuhHGDVeXZIUo1Heq9m/O5igM=,tag:VNhO2vf8l546AjEx+dNjIQ==,type:str]
|
||||
swarseluser: ENC[AES256_GCM,data:jaNRDSLSSB60aA7FnEO25FzrH1EL1FOW33hrXtPJEFkpeJKbdWypR+f3m/z6s1pmFtL/2x8kAdJUC42kZAg20/o9ZuD4KfDoKg==,iv:f5t5Kh9k/6D0+Fs1UEn95Dbgb3pF4lertBTZqdF1Fmk=,tag:Qb6RrMMGiMIBoLzRPXhTPg==,type:str]
|
||||
ernest: ENC[AES256_GCM,data:C7ppu1S0RR0=,iv:zB07MW/bAQwNWJUHEIbvo5Ug9QYTDmk6jx3znnOqjOc=,tag:EzUEyA6HalGTKgWv7gqgmg==,type:str]
|
||||
frauns: ENC[AES256_GCM,data:A5n9whHLCAI=,iv:2UTWu1Fqp9iSGcykXElGNko9fPOzEW/Sb4I+9hBMLfw=,tag:FnTXC7qZkO+R4GLJBg66Cw==,type:str]
|
||||
hotspot: ENC[AES256_GCM,data:PAcHBVuKCIQ=,iv:mGKtXOMZuBV+97dQiQcM3BJs2G8j58dx0c6UN6rnG3M=,tag:6xf+NBS2OvU3X/L3Hao4MQ==,type:str]
|
||||
eduid: ENC[AES256_GCM,data:/qfAWRxwIGRGK5HEsYsNtes9VJHfkx2C0WL8igw=,iv:znQJUPTbX/ZBpX5JB5QAUWTsbISZR2CAa9vZ9N3V2x0=,tag:2NiZ5Ynt3CFvsZ0i5s71xA==,type:str]
|
||||
edupass: ENC[AES256_GCM,data:StcWMBpiRQk4tro=,iv:RGQ0i27eErOaTvHJINSgCh/sO48IJWoR5nwdk4Kgfic=,tag:M1zPdKrNLXdXLSJ9A8Ay7w==,type:str]
|
||||
handyhotspot: ENC[AES256_GCM,data:6XS3MI1sFbQ=,iv:2QQDbWre66cZxcQJqjMfYC6Uxfw6RBcgypWb31uJJxU=,tag:2gbd3tdFlSTv84GpTMQHiQ==,type:str]
|
||||
vpnuser: ENC[AES256_GCM,data:/fRpq/wyKuM=,iv:er+BKrfzihyRNzyTx3LIlecpyXlelh8OE8LZrGw6PNg=,tag:h7weTZXh43myaf35UwW0ZQ==,type:str]
|
||||
vpnpass: ENC[AES256_GCM,data:Vrhex2J5MmGdxw==,iv:rauPM5/cGfj5btQaUVIeMpr/hjKInl31+semAfZchCQ=,tag:3hshXzNp9rtp2en1lxi5mg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
|
@ -22,71 +22,80 @@ sops:
|
|||
- recipient: age1zdjm8qa5t25mca0xxhhkpuh85mgg4l267mqjj2pdttksq7zg4unqdmqyp4
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmN3pCM0l5VEQ4ZERDRVBx
|
||||
MllTOXQwSEtjeDNSM1JqVFU2YmlzTmYrekFvClp2eG51VXlnb3dQTzJDbmw2czVv
|
||||
NEM0OHBCNDJmbnIwWkxsYzg0Z3ZteVUKLS0tIDZLTW1GVUtPcUVKNmpvd0swREZF
|
||||
ZEF0SCtWNEE4b2FJaVZBdGZLWXJMNGMKAcZCLU47OB8n3RhZOxMqUPxrjp2lXfuX
|
||||
kG4MITOw/lw067YP1REpTqwPj4Ylleqx7KBafEsfzXPuuUh9gPgKKg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaR3NldGhjcTNXR0lhNU1Q
|
||||
TWE4dyswREM3ekllV1huOWhTN00wWjFEdDFVCnc4UG5RRng3Qm5VMkJRdHl5TmxJ
|
||||
TG5iMDFGSXJPekZQeHl1L2ZpYnR0aFkKLS0tIER3cWlkS01KSlhjNit2L0NkZXRV
|
||||
WHVtNVJkc3VnZmFiZzk0Mm1vWDZwRU0Kif4fwm3AEv3DJZXEoYRfWbYbPei2dO4m
|
||||
OisWDDWKqeZ6vZF+BVk3eak+wY+Vy853k6nDg+PhvSMM31V4vL8NDg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMVFoQTFGYmRreVhqQ2Zl
|
||||
aTZlb3VrZjJzZUp5OUM4SEhGcjg0YlBWdWhBCk1ISzhCZ1FsVjdYaUpKOXlVMkxU
|
||||
b0doSlVKN0hmSTRtTWFnL0JNR0JWSTQKLS0tIFVWZGNqVWVZa3dkSllqZ2Z2emdt
|
||||
M3VYZW4yd2hza1pBUGhnSTlsRWJOd0kKebxg9WhWN4PI7GUNZJrKF9z5KWU6ZCS/
|
||||
UpnaXNQJVGihJ5QaO+WxyCG5ivAwyToHA2aJEgLrHTF9eK1Rd4Wb6w==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTNHM4bUxISUNQWUE4Tm5H
|
||||
L3pZUVlGTk1hOEpCQmJZbEZoL24zWXUwY0hBClV5K2FLUFp1a05zQURpeXo2T09W
|
||||
Q001L3dLSk5KZTUwdHAxQXhxMnVoMWMKLS0tIEt5YWF2VU1VMUdOZXNPMXd0L0xo
|
||||
Q1FCVGNGY1EybklSTWJMTERJREo4TUUKSXFdoiK1NfjEK93Rl6sq7/RxkrS49N13
|
||||
bfPdkiwwNe85YavOFSQ18EXGQkw4CvuX4IpIScsyiKdo31o1r/ys9Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hkajkcje5xvg8jd4zj2e0s9tndpv36hwhn7p38x9lyq2z8g7v45q2nhlej
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMdEtIWnJnY0JYMHlRUjZ4
|
||||
OGx4MlE3N3JnaURnUU1NTyt0Sm82T3N6ZldBCjRkMkxSRG0rajNQczlOUXdFOVcx
|
||||
VGRhVDJOUW8wN0IvL1lSa3ZSeGlCODQKLS0tIFp3STl1amR5MGd1UDBaRXU4N3J4
|
||||
YzhlVnJRU1VFQkxwQmJQaHAwZy8rK1EKlQCB+gtblDchGxZeMgzRLWzpINXHTo6L
|
||||
UAAHdlvUd3yql5W1RzFvfyepuyG9JzzgP0q5geMoMaQdS4ADUfZ6Ww==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxU0diQ2hjcmRsdEpWTm1X
|
||||
SmJwZlRTakt0RkVIU0VhRnN3d1c0aTYrODFvCjF2NVNkR2pBS3NVdjFiWnFPZ25T
|
||||
N0tHc2lRdnlmdXliRE5UVUdOQ0xtczAKLS0tIEZ0SGhUd1p6V1RrSjl5Y09JZ3Bu
|
||||
Q2cvQ1BMTTEyYmFSS3VKM1lRbkZFa1kK99zAahCmxYTfGDzUYJwboUs3uZ46raZS
|
||||
7Lc9NbNF/V5WhF91d8B0LUWkoreouWsV2qhV2y1hjl8jsiFV16FOoQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1s3faa0due0fvp9qu2rd8ex0upg4mcms8wl936yazylv72r6nn3rq2xv5g0
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyT2xMc2lYWCtHTHU0ZjAz
|
||||
NUNHRVlnOThJbmFxN1liSTVvVXNMb2lsVVFJCjdES2dES3grVGI1bStrNHltbHFj
|
||||
M0QwaXhZUEExYUJtVHRLVllIVDc2aDAKLS0tIFcrZkRjckJXc1N6Q3VweFJJYWo2
|
||||
Q0NTRzR0cFVPT2phTlUyL0phU25TdncKD/4ZFw/oR2FEm0U8hUkF6ts5AkxfdXrS
|
||||
2KdJTSXqy+UmbMHSoapcMQoeaOkfpIpmHZZzwhHzOBd3YPtBYMc91Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBidm5OQ25LamQ5dlBYZGdN
|
||||
TEdNVjF5U2lZZ0xRaXFGd0k0aERRci9yN2pvCklQUmZHYW0xdjZvWTI0TGc4SXly
|
||||
SzFJN0RTb2UzdUdTY2dBNUJKMW9kNnMKLS0tIEZoLzRqb0ZTbDJWRHhPYmhTSUE1
|
||||
OUNMVFhQdnRHcitQVUFub0ZhZW1FMTQKMCETAd193P5dLGMoY3bv0V2+J3HSty5X
|
||||
zCfOxBLsK4X30dudIHLVj8aRsfv2nSWEqELs9e4UeEASVle/leVY9w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-07-16T23:20:25Z"
|
||||
mac: ENC[AES256_GCM,data:o/VXKsxpvHbXCynyPMoVHpFPjJTDLZASIJ13yntB42fYg5xKEAQJE7+AVlL/HEprP8NlJ2yV2KSC64nALqucz1gkzFjZTNBYINpz6bgehkZ1/58Qoln/1cUvn3jwgbHY+cxvYsAeA+cmTYQf3yD7Eng2HmfN4r/jKbQpOgssSBY=,iv:7GwCMJH7v61KBBfiyLFXe+PcnAjk8/nF3Qrsne7GhIA=,tag:XHrconuMvauPoF3JlVhEhQ==,type:str]
|
||||
- recipient: age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhTGxlOVZJRW5VTHJmOGZo
|
||||
M0cyQ1ZUTG1TWWFlVFcvZEhzeURCQld5TUFjCmRBOEc0bjlWNTgyeWlhWTRuMVZ0
|
||||
WGNCUHRWUFRLb05jeWsyeFBlTkhOamsKLS0tIE0zSHhSQ0FZMm9PUDU4bkhyaTQ4
|
||||
cUxsRjB5MUVkQk14Mng5bEk2eW8xY0UKFcPwc3iVpmjPwogW2t48IdKOc/AiN+r1
|
||||
AJryUc2CZ3PK/njAnIxKqkCwsR527Txn0ulpaimqfv9nyJSVdbVXIQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-08-02T00:34:14Z"
|
||||
mac: ENC[AES256_GCM,data:vI3IAz0MQF9Ub1KQmHDuDSvoUaPlBhZjE66pS9ZWT5wsLKOjSdbFbXvpGGieUh9MdgALNPSXqDvNMExsiRHNTgbQHf0yA2Esni5WoHVgXDPRiq9dB6ixJwsO8UlygIsdQyKJo+DdbXRA15hR2I1xDpY6YnhdIOCDI/fyD95Nlt4=,iv:Vi/RDx1BPmSKnihP0NtkCf+GukeQojxhGtoSLH7fOtA=,tag:4MEZjDELRHlVxV/Kk1a0rA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-02-07T21:17:55Z"
|
||||
- created_at: "2024-08-02T00:34:07Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAwDh3VI7VctTAQ//QHYJAlJUacTFHu7iIK2q3mPdE3Zrn7AFK/JmhSIjyiS1
|
||||
fJ8EzsPdgydlDiwGPoQqpyWZRccblek1PEVyxjQSjnGSU5hmAfYQCnT3zvBGgljS
|
||||
UY2pnaFeXO7Tvo0rGgrUEAkkFD9WTC3UFcb1ZDo/OmybA3eVLMbvMsPXDGXln2Pg
|
||||
KkxoblQIE7OAOMWg+YaS60J1DFGIY2Zj6BQ5K8LkA4lfgYWkmpvmwU8CzE/rlv2s
|
||||
hsRL7pa1WMYAgdYsCemk2egohJA3kOmdlsGiIguY22AeeVadsJJEHOEucsIs36El
|
||||
7u9b/TxusncNa2eQvnVak18zr4LPOr/1fmMxzmQWwDhRZeKhK1Y6LBU1XqvOggaL
|
||||
rcAx42oCR16MEiMFty2iFyRvBSCCXOur45L/TsCDUTkKLdgunU8HFyyE0NIJ+Qig
|
||||
Ffum+hfZ6UYv/nkz6Agfeu5ZSikok97+Lagh1GF0VawCSi5xq49Ky0i9NLFlPq3G
|
||||
cFcI2qaei3EtY9CKeYmU1OdT4RX2aO8XwXH4LyC6TPQ4hgjV/DlLMSQIUd6RDLyT
|
||||
2Aw3HkeKm2CfEkxTLlCvGjcYGB/b0tH5Y6n2dJUcFocUlxQem8xf+FFbyeR8CBDK
|
||||
b9LXbBC0ywO9WHFXFIcjYU+Pb+O0MAK6nxTVDLoTmZXn61v041Nfonz9q1M2K72F
|
||||
AgwDC9FRLmchgYQBEAC9IUmTrFZowCCWg18VWPr5sH7wV1QqMLkCIFsT+mAdZ2dC
|
||||
96DzY2Y+8wSOnQVIlqWU8168v0qYtjN2J/wBTjlAWX6e7Yeg6mhulqiMLG6VrGyh
|
||||
+M3u6Tfyp5LHIJbGkHTrlVrfdfU7J3pk3yercWyd2GW6Rq/W5bwvmvebseHiC6VS
|
||||
N3NrH/MggW1g/V92ARIuNylK96mrVq7BuCB7VNlCIDEmmoI5G/AN822UXauvXZ1K
|
||||
my/F6W+QOZFCtzgIAe7qM8MGsA2SYWb+yAfhxQJdlwT3V0lIX1q8brv/VPd+kL/1
|
||||
ABP3NyU3zZ/x1q9Ur3HZGd3MdvumHZd4pCZuMHiYJMfXpmnYKrk6Fmw9sMw6ztfx
|
||||
VRI6ZoiRiK/R391WPrF14PuN9ji0tALPAZ1SubKYSI7FwSSEFyVTTCAsS/EkXUo/
|
||||
5SI+edynod8UtYSMqLfMEDqwXYnH2YHol4yhdiaa54CoOz9bc+O8PuYYyZGhzmrb
|
||||
nfEItWOuHEf4VNZSjj93Rrg/7rhJLScK+Sx8ylSMoT6nNE9k3Hw3G4TeEgbR3lTn
|
||||
v55xILKqN2BjeVab3KSvEac+yooz3xFmkCmB6wzSu5wMfz5HhO1ASUHs7TSey6B4
|
||||
o/oRxR9uIUg/vXfR49750krKrs6V2u6x7DCLwpyNcQUyprltJfoxPvz4viA9kdJc
|
||||
AUEOAMtiSSudTdKEH9Xx4x2ioMKRRcPgB1FuvDz/+Bl8VBj7db7zs5v0qPHg1/p7
|
||||
4LRZ04XghV3qSmwI8va1RFPMOnQbOCkz0wWZsprCQMYAAktc6VrCj6rhJHQ=
|
||||
=FV09
|
||||
hQIMAwDh3VI7VctTAQ/+MfOhtax5VRg/OtVPoj4T/qTYTymbKZkvQZ/Cd6vox4WO
|
||||
xAADZ9kVbkUATDfhSpM7HjtsxLZTq1gmzXQCrSKDcAuVP0qZ0ZHs3TI+dk09m1R0
|
||||
3aBLWsIbo3oLLdawmyWwpIJ9aSaP711MsIY6nv7sH1a3DpFYGpETgx/D4sC77zVg
|
||||
WQX6xTbjr8Y+0vJg1P9ShNE0V/7KUFEmLkmDU6e9bAZiLem7x4ydxcZvA/l5avSy
|
||||
T+HqPQGUg7DO9wa9vlpRAkxF5OaW0XMt4Lfq+rFohronCkQYfEKJ2MpEBdX/yNZC
|
||||
UzK6ZQe/8pcCJ3wqrvH9pIvwTY0v7goYPhzyPXtmjMjLMObSw9avd0upTvkMmHvg
|
||||
DQlZeFGDSCY7+E6d68JCbCuSnH8P8aE5WGxP/d58j54lTybtiiM15b8djmHaOaKd
|
||||
64H08mDX1Utig7BFYIX9OGAcC+Kk/XA6J+QsISL+VVO7+AiAqQGXQiwSB6hAvPZ1
|
||||
a0OKT5NaFqpzCBjJNkhy168n7hx1XZYNsydHfxGamLeU+/o/3+2eUxbVnO31PZ22
|
||||
HZpR8Czsxd1q9UKmKP1WUc9mQfBVEyltqsRzQWQwCGN8pscKOjzjqZsKP6Ro/zfZ
|
||||
08nKAioUFwNAGaOYbscFANZVCwkqsstpSUhu5teBFRApLiZO3/mZuMIGKdjNb2yF
|
||||
AgwDC9FRLmchgYQBEACVBDESKyqIBkkETsLRHY8y4oFtDgiZPMTM7YTJe+cA52JE
|
||||
J0ut6FmBSqpIrrCSeGydvHN3OI0CirnEuXsQ/i0XAjx5/zXGWcQZqFZEfW9yJ7KM
|
||||
M3PkqC45ybeiUslqRy4P89vrhE1+6YLvepUxYJiFVNOVQKkF55NBF5MDeehhenkO
|
||||
O7PzHRF1cZ2yWpiM6UhtspOVoygdAeP1+fdSeRoIvicmAG5NmhtJPdST+8St+er8
|
||||
LO2ON5iU2SpvN8Lx03dW/Pjoy9Wv8mqh3lZWt1NHRJ2GBWaUu58e0lECL0TAyzRf
|
||||
NFYQ3mOwyxXl2Fn41qXr/HWWh5IDi3diZwWfgTJAPclxKTvJs+2Tc1V71RqFVHeA
|
||||
ES//vLQyjWGefze7HvryEiGwkG3WFp76v10msP0TBrhRCBVHJk7ni3Q2OfV7ZI8S
|
||||
YMPj3wftqp4tbUN5qtkKv3unb1+s8Kwh741xNUcupH5a8RsaDCxloLeOhpIfqwX3
|
||||
lowV2ogYujrPWwnmm3Jya7Kkxf+mvb/rgU0lho/YyIGif1dDLvtKoOyfhoqKh8J3
|
||||
7Ru3yvmarN9guDM9b17gF9pOXEdHQW2nRjBuePr6RiRXU6iTxr7W7DaG6dYMBxkT
|
||||
x3Z4M2f6uIokMEGGplBWLo7VI/meaQ6/0v0iazbxHRDScFw6AYqhb+esF32Yx9Je
|
||||
AXF9GBITGTM9h9beEiF6tA19QPBLQumT0SIGdlXaCe49gD8c5p3nslhcc4uqDkXF
|
||||
Y6h4pRiuamgCqReHDFGJjofRoXleew0ILFI2wOOOHkFdE99A2RI+zBqM/9dWpg==
|
||||
=oTeC
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
|
||||
unencrypted_suffix: _unencrypted
|
||||
|
|
|
|||
1
secrets/keys/nbl.pub
Normal file
1
secrets/keys/nbl.pub
Normal file
|
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC001+6mmxNrM7GtywMVY/ZJi+wx8f+kS6MMjc6260Ed nbl sops
|
||||
Loading…
Add table
Add a link
Reference in a new issue