From a4e4bcd09401022079acf41b5a73770b4382adb5 Mon Sep 17 00:00:00 2001 From: Swarsel Date: Wed, 25 Sep 2024 17:21:24 +0200 Subject: [PATCH] fix: enable matrix on winters --- SwarselSystems.org | 114 +++++++++++++++++++++--- flake.lock | 122 +++++++++++++++++++++----- flake.nix | 9 +- profiles/mysticant/configuration.nix | 38 ++++++-- profiles/mysticant/default.nix | 48 ++++++++++ profiles/nbl-imba-2/default.nix | 2 + profiles/server/common/default.nix | 4 +- profiles/server/common/matrix.nix | 31 ++++++- profiles/server/common/navidrome.nix | 7 +- profiles/server/common/ssh.nix | 2 + profiles/server/mysticant/default.nix | 48 ++++++++++ profiles/server/winters/default.nix | 2 +- secrets/keys/mysticant.pub | 1 + 13 files changed, 377 insertions(+), 51 deletions(-) create mode 100644 profiles/mysticant/default.nix create mode 100644 profiles/server/mysticant/default.nix create mode 100644 secrets/keys/mysticant.pub diff --git a/SwarselSystems.org b/SwarselSystems.org index 7255556..8353057 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -409,7 +409,7 @@ A short overview over each input and what it does: # nix for android nix-on-droid = { - url = "github:t184256/nix-on-droid/release-23.05"; + url = "github:nix-community/nix-on-droid/release-24.05"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -450,6 +450,11 @@ A short overview over each input and what it does: zjstatus = { url = "github:dj95/zjstatus"; }; + + fw-fanctrl = { + url = "github:TamtamHero/fw-fanctrl/packaging/nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; #+end_src *** let :PROPERTIES: @@ -709,7 +714,7 @@ Nix on Android also demands an own flake output, which is provided here. default = inputs.nix-on-droid.lib.nixOnDroidConfiguration { modules = [ - ./profiles/mysticant/configuration.nix + ./profiles/mysticant ]; }; @@ -1801,6 +1806,7 @@ My work machine. Built for more security, this is the gold standard of my config imports = [ inputs.nixos-hardware.nixosModules.framework-16-7040-amd + inputs.fw-fanctrl.nixosModules.default ./hardware-configuration.nix ./disk-config.nix @@ -1845,6 +1851,7 @@ My work machine. Built for more security, this is the gold standard of my config resumeDevice = "/dev/disk/by-label/nixos"; }; + programs.fw-fanctrl.enable = true; networking = { hostName = "nbl-imba-2"; @@ -2031,7 +2038,7 @@ My work machine. Built for more security, this is the gold standard of my config networking = { hostName = "winters"; hostId = "b7778a4a"; - firewall.enable = true; + firewall.enable = false; firewall.allowedTCPPorts = [ 80 443 ]; }; @@ -2056,6 +2063,63 @@ My work machine. Built for more security, this is the gold standard of my config } +#+end_src + +**** Magicant (Phone) + + +#+begin_src nix :tangle profiles/mysticant/default.nix + + { pkgs, ... }: { + environment = { + packages = with pkgs; [ + vim + git + openssh + toybox + dig + man + gnupg + ]; + + etcBackupExtension = ".bak"; + extraOutputsToInstall = [ + "doc" + "info" + "devdoc" + ]; + motd = null; + }; + + home-manager.config = { + + imports = [ + ../common/home/ssh.nix + ]; + services.ssh-agent.enable = true; + + }; + + android-integration = { + termux-open.enable = true; + termux-xdg-open.enable = true; + termux-open-url.enable = true; + termux-reload-settings.enable = true; + termux-setup-storage.enable = true; + }; + + # Backup etc files instead of failing to activate generation if a file already exists in /etc + + # Read the changelog before changing this value + system.stateVersion = "23.05"; + + # Set up nix for flakes + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + } + + #+end_src *** Virtual hosts @@ -6574,8 +6638,8 @@ Also, the system state version is set here. No need to touch it. }; environment.shellAliases = lib.recursiveUpdate { - npswitch = "cd ${config.swarselsystems.flakePath}; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; - nswitch = "cd ${config.swarselsystems.flakePath}; nixos-rebuild --flake .#$(hostname) switch; cd -;"; + npswitch = "cd ${config.swarselsystems.flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;"; + nswitch = "cd ${config.swarselsystems.flakePath}; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;"; } config.swarselsystems.shellAliases; @@ -6721,9 +6785,11 @@ Also, the system state version is set here. No need to touch it. }; users.users.swarsel.openssh.authorizedKeys.keyFiles = [ ../../../secrets/keys/authorized_keys + ../../../secrets/keys/mysticant.pub ]; users.users.root.openssh.authorizedKeys.keyFiles = [ ../../../secrets/keys/authorized_keys + ../../../secrets/keys/mysticant.pub ]; } @@ -6851,7 +6917,7 @@ Also, the system state version is set here. No need to touch it. hardware = { - opengl.enable = true; + # opengl.enable = true; enableAllFirmware = true; }; @@ -6861,7 +6927,7 @@ Also, the system state version is set here. No need to touch it. enable = true; openFirewall = true; settings = { - LogLevel = "trace"; + LogLevel = "error"; Address = "0.0.0.0"; Port = 4040; MusicFolder = "/Vault/Eternor/Musik"; @@ -6870,11 +6936,12 @@ Also, the system state version is set here. No need to touch it. Scanner.GroupAlbumReleases = true; ScanSchedule = "@every 24h"; MPVPath = "${pkgs.mpv}/bin/mpv"; + MPVCommandTemplate = "mpv --audio-device=%d --no-audio-display --pause %f"; Jukebox = { Enabled = true; Default = "pch"; Devices = [ - "pch" + [ "pch" "alsa/sysdefault:CARD=PCH" ] ]; }; # Insert these values locally as sops-nix does not work for them @@ -7012,6 +7079,14 @@ Also, the system state version is set here. No need to touch it. { config, lib, pkgs, modulesPath, sops, ... }: let matrixDomain = "swatrix.swarsel.win"; + baseUrl = "https://${matrixDomain}"; + clientConfig."m.homeserver".base_url = baseUrl; + serverConfig."m.server" = "${matrixDomain}:443"; + mkWellKnown = data: '' + default_type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON data}'; + ''; in { @@ -7162,7 +7237,7 @@ Also, the system state version is set here. No need to touch it. services.mautrix-whatsapp = { enable = true; - registerToSynapse = true; + registerToSynapse = false; settings = { homeserver = { address = "http://localhost:8008"; @@ -7209,7 +7284,7 @@ Also, the system state version is set here. No need to touch it. services.mautrix-signal = { enable = true; - registerToSynapse = true; + registerToSynapse = false; settings = { homeserver = { address = "http://localhost:8008"; @@ -7269,13 +7344,30 @@ Also, the system state version is set here. No need to touch it. enableACME = true; forceSSL = true; acmeRoot = null; + listen = [ + { + addr = "0.0.0.0"; + port = 8448; + ssl = true; + extraParameters = [ + "default_server" + ]; + } + { + addr = "0.0.0.0"; + port = 443; + ssl = true; + } + ]; locations = { "~ ^(/_matrix|/_synapse/client)" = { - proxyPass = "http://192.168.1.2:8008"; + proxyPass = "http://localhost:8008"; extraConfig = '' client_max_body_size 0; ''; }; + "= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; + "= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; }; }; }; diff --git a/flake.lock b/flake.lock index ea0b85e..7166f62 100644 --- a/flake.lock +++ b/flake.lock @@ -215,6 +215,7 @@ } }, "flake-compat_2": { + "flake": false, "locked": { "lastModified": 1696426674, "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", @@ -230,6 +231,21 @@ } }, "flake-compat_3": { + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_4": { "flake": false, "locked": { "lastModified": 1673956053, @@ -389,6 +405,28 @@ "type": "github" } }, + "fw-fanctrl": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1724704488, + "narHash": "sha256-QmAanotjk81zsCwHI52XS4u9Cjv6KjNzTkYsAYFrubM=", + "owner": "TamtamHero", + "repo": "fw-fanctrl", + "rev": "db96c5962cff24f4c5977e30ca1c7626fb4171c7", + "type": "github" + }, + "original": { + "owner": "TamtamHero", + "ref": "packaging/nix", + "repo": "fw-fanctrl", + "type": "github" + } + }, "gitignore": { "inputs": { "nixpkgs": [ @@ -509,7 +547,7 @@ "lanzaboote": { "inputs": { "crane": "crane", - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "flake-parts": "flake-parts", "nixpkgs": "nixpkgs", "pre-commit-hooks-nix": "pre-commit-hooks-nix", @@ -531,7 +569,7 @@ }, "nix-alien": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_3", "flake-utils": "flake-utils_2", "nix-filter": "nix-filter", "nix-index-database": "nix-index-database", @@ -637,20 +675,21 @@ "nixpkgs": [ "nixpkgs" ], + "nixpkgs-docs": "nixpkgs-docs", "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap", "nmd": "nmd_2" }, "locked": { - "lastModified": 1688144254, - "narHash": "sha256-8KL1l/7eP2Zm1aJjdVaSOk0W5kTnJo9kcgW03gqWuiI=", - "owner": "t184256", + "lastModified": 1720396533, + "narHash": "sha256-UFzk/hZWO1VkciIO5UPaSpJN8s765wsngUSvtJM6d5Q=", + "owner": "nix-community", "repo": "nix-on-droid", - "rev": "2301e01d48c90b60751005317de7a84a51a87eb6", + "rev": "f3d3b8294039f2f9a8fb7ea82c320f29c6b0fe25", "type": "github" }, "original": { - "owner": "t184256", - "ref": "release-23.05", + "owner": "nix-community", + "ref": "release-24.05", "repo": "nix-on-droid", "type": "github" } @@ -742,19 +781,35 @@ "type": "github" } }, - "nixpkgs-for-bootstrap": { + "nixpkgs-docs": { "locked": { - "lastModified": 1686921029, - "narHash": "sha256-J1bX9plPCFhTSh6E3TWn9XSxggBh/zDD4xigyaIQBy8=", + "lastModified": 1705957679, + "narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c7ff1b9b95620ce8728c0d7bd501c458e6da9e04", + "rev": "9a333eaa80901efe01df07eade2c16d183761fa3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-for-bootstrap": { + "locked": { + "lastModified": 1720244366, + "narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", "type": "github" }, "original": { "owner": "NixOS", "repo": "nixpkgs", - "rev": "c7ff1b9b95620ce8728c0d7bd501c458e6da9e04", + "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", "type": "github" } }, @@ -962,19 +1017,25 @@ } }, "nmd_2": { - "flake": false, + "inputs": { + "nixpkgs": [ + "nix-on-droid", + "nixpkgs-docs" + ], + "scss-reset": "scss-reset" + }, "locked": { - "lastModified": 1666190571, - "narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=", - "owner": "rycee", + "lastModified": 1705050560, + "narHash": "sha256-x3zzcdvhJpodsmdjqB4t5mkVW22V3wqHLOun0KRBzUI=", + "owner": "~rycee", "repo": "nmd", - "rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169", - "type": "gitlab" + "rev": "66d9334933119c36f91a78d565c152a4fdc8d3d3", + "type": "sourcehut" }, "original": { - "owner": "rycee", + "owner": "~rycee", "repo": "nmd", - "type": "gitlab" + "type": "sourcehut" } }, "nmt": { @@ -1058,6 +1119,7 @@ "inputs": { "disko": "disko", "emacs-overlay": "emacs-overlay", + "fw-fanctrl": "fw-fanctrl", "home-manager": "home-manager", "impermanence": "impermanence", "lanzaboote": "lanzaboote", @@ -1119,6 +1181,22 @@ "type": "github" } }, + "scss-reset": { + "flake": false, + "locked": { + "lastModified": 1683906868, + "narHash": "sha256-cif5Sx8Ca5vxdw/mNAgpulLH15TwmzyJFNM7JURpoaE=", + "owner": "andreymatin", + "repo": "scss-reset", + "rev": "5a7bd491ac82441e6283fb0d5d54644b913b30c7", + "type": "github" + }, + "original": { + "owner": "andreymatin", + "repo": "scss-reset", + "type": "github" + } + }, "sops-nix": { "inputs": { "nixpkgs": "nixpkgs_6", @@ -1147,7 +1225,7 @@ "base16-kitty": "base16-kitty", "base16-tmux": "base16-tmux", "base16-vim": "base16-vim", - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_4", "flake-utils": "flake-utils_4", "gnome-shell": "gnome-shell", "home-manager": "home-manager_3", diff --git a/flake.nix b/flake.nix index f6447ec..fa08fcf 100644 --- a/flake.nix +++ b/flake.nix @@ -52,7 +52,7 @@ # nix for android nix-on-droid = { - url = "github:t184256/nix-on-droid/release-23.05"; + url = "github:nix-community/nix-on-droid/release-24.05"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -93,6 +93,11 @@ zjstatus = { url = "github:dj95/zjstatus"; }; + + fw-fanctrl = { + url = "github:TamtamHero/fw-fanctrl/packaging/nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = @@ -323,7 +328,7 @@ default = inputs.nix-on-droid.lib.nixOnDroidConfiguration { modules = [ - ./profiles/mysticant/configuration.nix + ./profiles/mysticant ]; }; diff --git a/profiles/mysticant/configuration.nix b/profiles/mysticant/configuration.nix index 37ac102..2dec045 100644 --- a/profiles/mysticant/configuration.nix +++ b/profiles/mysticant/configuration.nix @@ -1,13 +1,37 @@ { pkgs, ... }: { - environment.packages = with pkgs; [ - vim - git - man - gnupg - ]; + environment = { + packages = with pkgs; [ + vim + git + openssh + toybox + dig + man + gnupg + ]; + + etcBackupExtension = ".bak"; + extraOutputsToInstall = [ + "doc" + "info" + "devdoc" + ]; + motd = null; + }; + + home-manager.config = { + services.ssh-agent.enable = true; + }; + + android-integration = { + termux-open.enable = true; + termux-xdg-open.enable = true; + termux-open-url.enable = true; + termux-reload-settings.enable = true; + termux-setup-storage.enable = true; + }; # Backup etc files instead of failing to activate generation if a file already exists in /etc - environment.etcBackupExtension = ".bak"; # Read the changelog before changing this value system.stateVersion = "23.05"; diff --git a/profiles/mysticant/default.nix b/profiles/mysticant/default.nix new file mode 100644 index 0000000..baee810 --- /dev/null +++ b/profiles/mysticant/default.nix @@ -0,0 +1,48 @@ +{ pkgs, ... }: { + environment = { + packages = with pkgs; [ + vim + git + openssh + toybox + dig + man + gnupg + ]; + + etcBackupExtension = ".bak"; + extraOutputsToInstall = [ + "doc" + "info" + "devdoc" + ]; + motd = null; + }; + + home-manager.config = { + + imports = [ + ../common/home/ssh.nix + ]; + services.ssh-agent.enable = true; + + }; + + android-integration = { + termux-open.enable = true; + termux-xdg-open.enable = true; + termux-open-url.enable = true; + termux-reload-settings.enable = true; + termux-setup-storage.enable = true; + }; + + # Backup etc files instead of failing to activate generation if a file already exists in /etc + + # Read the changelog before changing this value + system.stateVersion = "23.05"; + + # Set up nix for flakes + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; +} diff --git a/profiles/nbl-imba-2/default.nix b/profiles/nbl-imba-2/default.nix index 8324f07..a9476a5 100644 --- a/profiles/nbl-imba-2/default.nix +++ b/profiles/nbl-imba-2/default.nix @@ -3,6 +3,7 @@ imports = [ inputs.nixos-hardware.nixosModules.framework-16-7040-amd + inputs.fw-fanctrl.nixosModules.default ./hardware-configuration.nix ./disk-config.nix @@ -47,6 +48,7 @@ resumeDevice = "/dev/disk/by-label/nixos"; }; + programs.fw-fanctrl.enable = true; networking = { hostName = "nbl-imba-2"; diff --git a/profiles/server/common/default.nix b/profiles/server/common/default.nix index 7610c66..44dfcc7 100644 --- a/profiles/server/common/default.nix +++ b/profiles/server/common/default.nix @@ -43,8 +43,8 @@ environment.shellAliases = lib.recursiveUpdate { - npswitch = "cd ${config.swarselsystems.flakePath}; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; - nswitch = "cd ${config.swarselsystems.flakePath}; nixos-rebuild --flake .#$(hostname) switch; cd -;"; + npswitch = "cd ${config.swarselsystems.flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;"; + nswitch = "cd ${config.swarselsystems.flakePath}; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;"; } config.swarselsystems.shellAliases; diff --git a/profiles/server/common/matrix.nix b/profiles/server/common/matrix.nix index 9d36d93..96240f1 100644 --- a/profiles/server/common/matrix.nix +++ b/profiles/server/common/matrix.nix @@ -1,6 +1,14 @@ { config, lib, pkgs, modulesPath, sops, ... }: let matrixDomain = "swatrix.swarsel.win"; + baseUrl = "https://${matrixDomain}"; + clientConfig."m.homeserver".base_url = baseUrl; + serverConfig."m.server" = "${matrixDomain}:443"; + mkWellKnown = data: '' + default_type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON data}'; + ''; in { @@ -151,7 +159,7 @@ in services.mautrix-whatsapp = { enable = true; - registerToSynapse = true; + registerToSynapse = false; settings = { homeserver = { address = "http://localhost:8008"; @@ -198,7 +206,7 @@ in services.mautrix-signal = { enable = true; - registerToSynapse = true; + registerToSynapse = false; settings = { homeserver = { address = "http://localhost:8008"; @@ -258,13 +266,30 @@ in enableACME = true; forceSSL = true; acmeRoot = null; + listen = [ + { + addr = "0.0.0.0"; + port = 8448; + ssl = true; + extraParameters = [ + "default_server" + ]; + } + { + addr = "0.0.0.0"; + port = 443; + ssl = true; + } + ]; locations = { "~ ^(/_matrix|/_synapse/client)" = { - proxyPass = "http://192.168.1.2:8008"; + proxyPass = "http://localhost:8008"; extraConfig = '' client_max_body_size 0; ''; }; + "= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; + "= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; }; }; }; diff --git a/profiles/server/common/navidrome.nix b/profiles/server/common/navidrome.nix index f9f15e1..cf118a0 100644 --- a/profiles/server/common/navidrome.nix +++ b/profiles/server/common/navidrome.nix @@ -26,7 +26,7 @@ hardware = { - opengl.enable = true; + # opengl.enable = true; enableAllFirmware = true; }; @@ -36,7 +36,7 @@ enable = true; openFirewall = true; settings = { - LogLevel = "trace"; + LogLevel = "error"; Address = "0.0.0.0"; Port = 4040; MusicFolder = "/Vault/Eternor/Musik"; @@ -45,11 +45,12 @@ Scanner.GroupAlbumReleases = true; ScanSchedule = "@every 24h"; MPVPath = "${pkgs.mpv}/bin/mpv"; + MPVCommandTemplate = "mpv --audio-device=%d --no-audio-display --pause %f"; Jukebox = { Enabled = true; Default = "pch"; Devices = [ - "pch" + [ "pch" "alsa/sysdefault:CARD=PCH" ] ]; }; # Insert these values locally as sops-nix does not work for them diff --git a/profiles/server/common/ssh.nix b/profiles/server/common/ssh.nix index 174bd78..05dd3d8 100644 --- a/profiles/server/common/ssh.nix +++ b/profiles/server/common/ssh.nix @@ -6,9 +6,11 @@ _: }; users.users.swarsel.openssh.authorizedKeys.keyFiles = [ ../../../secrets/keys/authorized_keys + ../../../secrets/keys/mysticant.pub ]; users.users.root.openssh.authorizedKeys.keyFiles = [ ../../../secrets/keys/authorized_keys + ../../../secrets/keys/mysticant.pub ]; } diff --git a/profiles/server/mysticant/default.nix b/profiles/server/mysticant/default.nix new file mode 100644 index 0000000..baee810 --- /dev/null +++ b/profiles/server/mysticant/default.nix @@ -0,0 +1,48 @@ +{ pkgs, ... }: { + environment = { + packages = with pkgs; [ + vim + git + openssh + toybox + dig + man + gnupg + ]; + + etcBackupExtension = ".bak"; + extraOutputsToInstall = [ + "doc" + "info" + "devdoc" + ]; + motd = null; + }; + + home-manager.config = { + + imports = [ + ../common/home/ssh.nix + ]; + services.ssh-agent.enable = true; + + }; + + android-integration = { + termux-open.enable = true; + termux-xdg-open.enable = true; + termux-open-url.enable = true; + termux-reload-settings.enable = true; + termux-setup-storage.enable = true; + }; + + # Backup etc files instead of failing to activate generation if a file already exists in /etc + + # Read the changelog before changing this value + system.stateVersion = "23.05"; + + # Set up nix for flakes + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; +} diff --git a/profiles/server/winters/default.nix b/profiles/server/winters/default.nix index 222e69d..cc5343e 100644 --- a/profiles/server/winters/default.nix +++ b/profiles/server/winters/default.nix @@ -28,7 +28,7 @@ networking = { hostName = "winters"; hostId = "b7778a4a"; - firewall.enable = true; + firewall.enable = false; firewall.allowedTCPPorts = [ 80 443 ]; }; diff --git a/secrets/keys/mysticant.pub b/secrets/keys/mysticant.pub new file mode 100644 index 0000000..23253be --- /dev/null +++ b/secrets/keys/mysticant.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN4REr8UMRxIr2gxx5DHpEE9WKNgBlgcz8TZQal23aF3 nix-on-droid@localhost \ No newline at end of file