diff --git a/.sops.yaml b/.sops.yaml index d27ccad..c17ff2c 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,5 +1,5 @@ keys: - - &master age1hy523tlslqas8qgs0lxgxanp9gx06fjekn608w4qf66mxkjzmucqh0g6vg + - &master age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr - &host_luna age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez - &host_mars age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy creation_rules: diff --git a/hosts/luna/default.nix b/hosts/luna/default.nix index ae21cb1..d490efb 100644 --- a/hosts/luna/default.nix +++ b/hosts/luna/default.nix @@ -1,4 +1,5 @@ { + lib, modulesPath, pkgs, ... @@ -7,6 +8,7 @@ let username = "shorty"; in +with lib; { imports = [ (modulesPath + "/installer/scan/not-detected.nix") diff --git a/hosts/luna/disko.nix b/hosts/luna/disko.nix index bbe7ab8..001f0a1 100644 --- a/hosts/luna/disko.nix +++ b/hosts/luna/disko.nix @@ -69,6 +69,7 @@ in ]; }; "/persist" = { + mountpoint = "/persist"; mountOptions = [ "compress=zstd" "noatime" diff --git a/hosts/luna/users/shorty/secrets/id_ed25519 b/hosts/luna/users/shorty/secrets/id_ed25519 index aa701de..a9cfd14 100644 --- a/hosts/luna/users/shorty/secrets/id_ed25519 +++ b/hosts/luna/users/shorty/secrets/id_ed25519 @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1hy523tlslqas8qgs0lxgxanp9gx06fjekn608w4qf66mxkjzmucqh0g6vg", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCUzljQWlRb0ZyNHA1cUNN\nZ09QNXhFS2Q0UEJ5MDRkc29nVWJKQzZabWlZCmdpTjlIbU50Y2hPNU5mS2JGdTFJ\nTHltNEJJRWs0SVBEK2JzcklzaWp6emsKLS0tIFVTbHlOWnNhbWorSndFTmlCMjVj\nZjJkaHZaSUl2YW00MUttaWFFczZOUFEKO6+2ZzBOTwC6bFSf/y34l/okKgy2jYhj\n++IQltnjSEuoVZO9CaBiB0c2eknz382fd4N2uiepF8mRCd7dBHhvqw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvOXI0Z0ZIM2MydzUwWTBX\nVTVhQ0lVR0lIS3JjSjN3VzNmMU1qWFIyWVdRCmhUeHd6elRuM0RMYW5QdHBSdnlo\nWmxPRXdlQjJtMUpxREluSHpPZUlpeWsKLS0tIGtKTExwTG5XMlFHTUQ3eXRDL2w3\nRTZTWGZkQUtHT2pVUU45RTEySmxsMTgKyrJUCN5ooCRoZe+VJeEW1mIPLnTIWxRw\nZ3PzJkw0YPEq8B+RvWjKDeip5uj1RWJOgU5sl1ngf5CbN37uUIAlAQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYajRJUTIzdnp4VE5zVnVB\nVHFjbXpZeU11L1JreURNaHNQYWkvM2hmTnhvCjR0V3M3SGJXcDN3NkVoV3NUZ1NV\nNVNlaVdQcXYvYVI3Nm9qMWlPK1VVQVkKLS0tIEFNOGNhTVdKd3h1d3l6czVXQXpX\nRXJHeXExbDRtRkJWUXVxRjZ4OWloSjQKcajyJcZCZoel1qXKES5NmZ/iHgQtiG2Y\npjZqIBrw6FNH1oTXmErLJIBxVW9d5I3bU/xQ2A5jNd3o8OAC9MsTAw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVzFOQlMxdzJLRmtOMmd5\nQVIzYWwwbkRlb0tJOTRKcFlzUlVqNnNUSFRVCkd3SzNBbGhQNU5LL2RKbWlGcEh2\nM2Y0NlNicEl1S2thSHNPZDFubUIvOUkKLS0tIGNTQTR6dmxaV21UNGN2T3FoUWFG\nMDcxN0pIZjVORDRTcmhMd1RUaGZ6djQKySiQjwuQwTx8WmAqrqu94pByd+cUM5O8\nG38dnvUaRhC5DjShbinPJiVdchV9lqllU2dYaWq9voY/RCJH4EMm6Q==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-24T11:14:20Z", diff --git a/hosts/luna/users/shorty/secrets/id_ed25519.pub b/hosts/luna/users/shorty/secrets/id_ed25519.pub index dbf3de6..59b587b 100644 --- a/hosts/luna/users/shorty/secrets/id_ed25519.pub +++ b/hosts/luna/users/shorty/secrets/id_ed25519.pub @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1hy523tlslqas8qgs0lxgxanp9gx06fjekn608w4qf66mxkjzmucqh0g6vg", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2SFdqdUZkenRqUjV3d2o5\nS0VXTE1Cak80SHdXcnpCd0FmSTBBR0FwVjNRCjFEYXlLOCtHbUg4RlhmVkV6aldB\nbWxTRDhBd3grcnloMHNSSnFuN3RtTTQKLS0tIGNtTUI2WDVKV0pDU0NwQjRxdFZF\nK3IvQ1pyS3BSbVk5QjUyZk9tVmtFak0KW//YyXr6+6NSlUdatMX00O5dlioLBnqv\njq84ZsgCrzm7KAhStvH3icOGdP1skQ82Wp8B76X3IQQvIqTXLT+Jkw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0MUNCU0VEaWF5cVNydGNQ\nZXRKNzlla3k5RkRNZkM1dE5oN29HeXVRRDI0CmkrM2U0TEFMMk9LUEhDQzlBMGpQ\nKzB5bHFWRnFhR2xrMHpYMVdnUmJSNUUKLS0tIEVuUWF6N0YzUTVzR1lscnphWWxy\nNy9UaVNITFlxQ3NnNWNDMzRWVnkxUGcKvKmoT3SqPcyM2Fhoxc8mSJl06rV8hlhI\nFftuxCOO/04lIA7FHHrEHRwON/OZKSwe8ZHkq8ojvUyhPsS9CF3COg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvUUxkNVFDVlFYOXpQVk45\nMEtTdEQvMEwramdLQW9XNVBNVDN5Z1JqMlFzClZTakNJVFBSSEFWdlBRN0xITXlS\nYkE2dk0rNDFrcnFwZ2FPL3ZvRTlINEUKLS0tIFhhdkF6ZWwvR3JJMTA2L0hITGsz\nYkhac0FKeHhqUUplblMrd1dpNldNdUUKGQZlACAnWYpxAVO5tHnHg/cJXypujWEk\n9t4pSQIamiFJQ7zeUuNjEPRppQYKuPCkGx6hZ7PUiuLLDNWdL/GzpQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOOUZmOHRBR0NkUkdmRnk3\nMGI2QlBVc2RqbHMvS1FCSmV1WHBNSjRYZkdRCjhaNk1OZ2lCbGhtTml5SStsc1ZN\nOWY2ODNCdGt1ekJKZjE2NnQwVjNGMzAKLS0tIFFoZndSVWR5cmhMTGZmVnUyNk0x\naS9FSWU1SS9zakRIWnpYTEladUxTR2cKdJUuLUlnb4/wrooyOx1rCt/sOcrBNna3\nAkglRjSmmgAmU8xkdA3ul/3ROIwn22xgp61BIRCwPVCLDOx5KfQ8/w==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-26T18:29:50Z", diff --git a/hosts/luna/users/shorty/secrets/passwd b/hosts/luna/users/shorty/secrets/passwd index 7a3f9df..d0eb601 100644 --- a/hosts/luna/users/shorty/secrets/passwd +++ b/hosts/luna/users/shorty/secrets/passwd @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1hy523tlslqas8qgs0lxgxanp9gx06fjekn608w4qf66mxkjzmucqh0g6vg", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaNXJ4TDNxa2FQS2FRSCs2\nVUNSME5SSEtUWTE5OHUveUtHWGVXMHRZZ3pvClljV0Z5OFNyWVpRU3ZTQlVjZng2\nTkc2S0pod01Oa3dHeWlHQWdYTTFnQTAKLS0tIEJpSHk2RHFabG54eGNPTVRIMHBU\nNkZTWVRMenZZamdzTHBzUUFJbGVsT3MKTwwrMTNUIOq8lTvC7uPyYV0n/6eVsF1v\nDIWopzau+JLckuGeddi5W++D3qT2V1Y+37u9MqbBeks1oQ7NENtbvw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBY1ZtdkVEUjRBZkZHNXox\ndWFhY3dIR2UzRmljNWU2cHk0dC9IU2pxVEVjCnhObHUzdVE3Sm9zdGEwK2pKVldP\neUtCZlk3VHhrQk1mMjFaSjI5ZTZqc3cKLS0tIFJyRjlLbk9ZUWVaZEd6UVRNOElt\ncTFPN0x1ckZXVFVGdVhYU2k0SjFiZG8KhvILNAzA44RmuvHlzmqVozyB6r2ZbQch\nl3S8pq0pQ5yN+4DKWKeNK8QEFZ5QCs8Ts/14wbJpdrVsQCkHy5R29w==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPalNaM2s3MU5uTTNrY0Zz\naTRmbktXVjhmYnZZTTl0WVJZYnZSZHBmclZVClFiYXBpM2xDc2JJZmV1V2dPVEIv\nTjdnU0dmSy96czhMV3YyZGxxRnBEQUUKLS0tIHNoazhXd3M0Wks2Vk1BSTArd1Rt\nNWQ0QTI4bm83U0xhN21ZWmxOTjhVK1UK9jKeX87VhO40kEUG4JDkLOgTKHb5i+5d\nEVJY3KEsbbF0V3H0ND9GJ8MuF1b9RMWjGMkEcardkLuy1M1nmtetDw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvWGJwaC9MMUJnZ0hVNG1H\nWGhKZzBkbEFpU1g3ZWJCUWlWRFdjMUY4cWxvCmhGUzFhU1ZJMW9Yc1E3Z1FLVXl2\nODhSWEJaUG9EQUhpSE5sd3MrNFA5U3cKLS0tIDlzY1gvMGI5WG83OTh4aVB2UWNO\nd2hoUGVnN01EZnhCY3MyL3FFWm1GTkUKpHob+VsJ7nmI+6avBOl2+hNz+9RQge9Y\n4WJQWkjokBNDVe/UOzRBWBWFzP/BmBzDSSepeqGWLP33ZP8R2wUnjQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-03-11T21:49:48Z", diff --git a/hosts/mars/users/shorty/secrets/id_ed25519 b/hosts/mars/users/shorty/secrets/id_ed25519 index 60f244a..2b57b2d 100644 --- a/hosts/mars/users/shorty/secrets/id_ed25519 +++ b/hosts/mars/users/shorty/secrets/id_ed25519 @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1hy523tlslqas8qgs0lxgxanp9gx06fjekn608w4qf66mxkjzmucqh0g6vg", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtY3RYcThGR25EalVJYkZZ\nLzUrOFZTTnI3VkRzTCt3WFVMaHdKN0JldkdjCjQyN0RkeEpxZGxRNTdScHVCTlhP\nUXltd0N2eXIxNjZ1ZzJMNjBlV3NwcFUKLS0tIEU2VEVXcTFWazcvZjJZTkVDVHpU\nbDlTK0tPam5CL0dtWi9LQVl6TVZFZFEKIl9wJGCTj/nvVABbetcZOZZw3jXvGAI2\nnAqhoEKTtiMexBmip2eiIt+bKFSTD4TAlsd+uayFZ7J7ACbJecXlTw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuaDlMUVZwMExGNk1mU3lX\nWG94RmxXckg3R1BIOTZnbnQ1MTFBVmxobWdnCkZoUDZzNGkyRjRRRlBJdDF3QUt3\nVGltVzhSY2tzMEo0eTltQ08zWkN1dTgKLS0tIHhDRFRyL2I4Qnp1OHhWV2ZaUld2\nOXh0V1BuTkN0NUJHTm53UzNzcmRKMG8K6IBsrkRwRFJDt4jjhUUg7UcWLQK94t02\nZggif+q3yDuFkVRfVS6yxyMXti9BdcoCmcGS7O/fBRcdh61LMEwxRw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzSmtzM044em9sR3R2TnN5\nSmUybWNKMmZtTmszcVRTbURjdk9zdnQ3ajNFCktaZTVmZWQzWUNMSGZLQmFBMkdx\nWUFUNXNmYzFSazhGZTVzbU41eFBhUFkKLS0tIGwxNzFydHYwR1dnSFdqZGJ3MkFj\neVk5TUhoa1orYlJHcm1jNVBPemJVTncK6qiqkJT9UOFjxv+NiYmYuVB1EMXRU1R3\nsMagZ7ZNkr+ZXEkxl2HhHHTa/vvQvzFfimppIIg9x/+Hz/ACc/5wxw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTmJtemFEVzhSay9HamdM\nMzBiMC8zZnpXcVFlNHJQNG41K0FiSTBsQlZ3CmkzRUI2a21hcmFNbDBva25JcTFk\nbWNpQldhZG5qM2pxZCtWcER0S2lEMFEKLS0tIGRDa0JEZkFOaThGMTh1TTFpSmRh\nSm9LYlhqSzNhRDlnTUF6MEhjZlBSanMKHzSjslqK/HiSNMaBtNYNX06Dkfjb7Auf\nDwC+LzRhpSJdi6W99OLYiCyIOMeeCZs73u9gOw2ZwXRaCxE0lMM8mQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-24T11:14:20Z", diff --git a/hosts/mars/users/shorty/secrets/id_ed25519.pub b/hosts/mars/users/shorty/secrets/id_ed25519.pub index 58d3a1c..b95abe5 100644 --- a/hosts/mars/users/shorty/secrets/id_ed25519.pub +++ b/hosts/mars/users/shorty/secrets/id_ed25519.pub @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1hy523tlslqas8qgs0lxgxanp9gx06fjekn608w4qf66mxkjzmucqh0g6vg", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOR1R0eTI4cnpWRkZacjl5\nZVlxNkFBYmcyZS9DQU10REx6OFhXckliVmwwCkhWMk5GQWExT2YrWHVlcTN4M3hJ\nNWVRQkF1dHR1aFllWmZuT1VkZzNBbFkKLS0tIEtEaVFVQ3JSY205aFpzZU4rTjE4\nejlFWFdzSW5RL2IwY3NCZGdBSUk5S2cK30gyNvKixN2YVjnfeKPvHZ8whO9E2LmC\n3TgQMWonEpK6YNw/7KNSjvs9N2dcIg3xq9kSJJe2I0oX+Zihv2GZvw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdkEwN3V1eEZSSXBhZmJN\nMnQvdFpqcFVZazNQN3hJV21QN3I0MmpWZms4Cno2V0xyemJBUXhXVHE5SEdrUmFr\nYWsvdXJOaWNYcE5jN0M3MGhmclpXY2MKLS0tIEJvb2F3UEVkY0UxUlp5TWNua2RF\nZmdzQWpYclBBeXFITzlLbVp5QmNrdkUKK/AzjA5MyrKAhTrKy5V+NwaUW93QATcP\n6TjphiCafQhquVI1bc+E9R9tUSnrUrwRveIUfbmHipXAn1xB/H0n/g==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyaFJyN3BneSs4RWFtQWVz\nblM5N245TzFGRzdPRzNyQk43SldWN1JHbmprCjFZajhhbTJBd0xlYTB2RVZmOTVT\nM2FCU1VQVTRaQlVKRDVncExuU09GZzgKLS0tIFlDM1NRZFJMUUk4YjJxSThNWTJp\nMXVOTkEzbWJuL1RNQ29MNzkwcTdNMUkKp8Ad8LB5s1h4dbbuVX/s+AgZaee6Un9M\nRhq1xtvDh/7vfpGu/btfoivBhU+OO4eyTHxo54llcsnRgkrqAxj1GA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxQ0orSWRzZE03RHRUZVdS\ndUkwRzFJN3h4WUxVSGtyMVlkemt4aHNRQWcwCjdBMUJUaUpCYUpvREFyVmxVdTlJ\nZWZTaTV5aVd6eW1NUkNnQXF5RlJqRE0KLS0tIFVTd0ZxQm5jVkhLVUQ0UFZCN3RK\nYW1CM2psaUgyZSswK1RJVkJHN0l1aFEK5j6BWgI40tvPDhSLCqOSytfwKQWwtueZ\n+VaBhRjy5yw2UQ6k/2/hb8oCLja7DFGoirnZMCZewLhX38Rnvp7hxQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-26T18:29:50Z", diff --git a/hosts/mars/users/shorty/secrets/passwd b/hosts/mars/users/shorty/secrets/passwd index 286f0fb..2dc2586 100644 --- a/hosts/mars/users/shorty/secrets/passwd +++ b/hosts/mars/users/shorty/secrets/passwd @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1hy523tlslqas8qgs0lxgxanp9gx06fjekn608w4qf66mxkjzmucqh0g6vg", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPTU93dlZWekh2d1NURGd5\nOHF2RDlqejhROXZNSXdWT1p6cXg2eTFhQlNFCkdBUVgxRTVWMmFSaFJEdlpjSW90\nT1NCaThMYUFMSFdTY3pCd3NES05lakEKLS0tIE1aK2JYSEdJWlhobWFnTkFrdDJv\nbGdJRzd5YmFIN0lISkEzUkROSVMrcXMK2ewODkbZIp/zS7MqCMP65eg/y/WiqWFX\nx4Tc1vFiH7AYnG9eW+jidsmbc4OOs1CzU03MmqJcnhuIcTLh1TdRwg==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJMTRWM2RBdHVob21nK2o2\nY29MM3JEc1lUNFNjcFdKVEdzem9FbC9lWFhRCjZMeituVzlTVExTc2UxU21jWis2\nRFViS055Ump6OXozYTJhSXVUSUlRNlUKLS0tIDFBTU4xZ21YUVhPTUgraFdlSTVY\nZEdrb0huVmVXWUw3SHNLTVg2enZMR0kKpbLnkp0Qjph+EwcKRwOdcqSmIIDXR6XH\nopLe7bAwLlzZWK4Vvs3UuXfOtSZaCvHUAEvi1QMDgO92q2EZw1tTrw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzQzhjVmJJdmNRYmNleWk1\nU2JIeWFpajc1UlFXdHhXRnVBOStUTmVvakZFCm9hYll3NXR2OG1Fd0hZejZmcVhj\naUc4a1NGYWU0clY3bm4xdThhSXZsemcKLS0tIG9idWxGdDVUbGc3YWtVcjNaMm9p\nMUtQL3gvblEwNENBblNPdnJpYXJaUTAKzsw8wrJhMuBw7z+Ewj6/lyMwgVnMOgaG\nMTMN6nUiaX4WjL1OPJrcdthNICTW73niale2vCNZPt9LQqL8l51SuA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4dmhOMmlYWnB0Y3Z6NWdW\ncThUbWg1empjbVRnS3FvY0MxTzlQczJod1dZCkFiRXB5eDg0TWptbUl3YVVJTGpH\ncW1SOThXejZDa1lFWG9NMnNIOG5aWEUKLS0tIElpOFJuL05sQTY3ZHJoOEdqRjJL\nUFRqY0Z4L3B5eFRFR2xOWVJtL3V3Nk0KKHTY3ErygB7/sSCjIrEDI2IY68/QKGUX\nmzgaDB2tqFDFMmNm9jLiawBprtTXxbaY0W7mwF+mBXQMF3IFj3BQ0w==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-03-11T21:49:48Z", diff --git a/hosts/shared/secrets/rclone.conf b/hosts/shared/secrets/rclone.conf index a71f0a3..5fd0f5e 100644 --- a/hosts/shared/secrets/rclone.conf +++ b/hosts/shared/secrets/rclone.conf @@ -3,16 +3,16 @@ "sops": { "age": [ { - "recipient": "age1hy523tlslqas8qgs0lxgxanp9gx06fjekn608w4qf66mxkjzmucqh0g6vg", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4MGM2dnMwNGlSQ1JhYys2\nSGUwRis4YzVDZVdlWllVajhrV3puR2x6VnhzCitXU2N0cWJISEdqeFlRUVltdEw2\nT2s1eUpBT1A2VXowYWhhMXJoV2RKUVUKLS0tIHlJWm5QUktpU0dFWlJpZnNsY3FR\na3B2ZVBYeXZtenhHVFNhb2ZWTFprNEEKTiMVhH4bRAp7+qy4MhZTZirW8Iusi7/w\nMirjR7WtHYI1fHtg09ZBRqxAbclxFah1f3Lpe5PzvZ09Aa3pMyuzEA==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjV3R6b2wvZ0U3RjdMbVJO\naElNLzN5MkQ3L3pheUZOcHJ1Qm81RXJnVGlnClliUFFOOTJrTWtmRFJkWlNPa05i\ndlVYNEExVDBYRkNSd2ZUMHFkWG1DVU0KLS0tICttSHo4K3JVeDlsQVNJTDZJNExX\nVnViWWV1VzVZUkpyN29FczRSVjNTSDQKUevwEgjQDm+kNG27/NLyU6L5eOG2JRB3\nUqInB7bdt6+VknQszVUShce+FFep+7aKg6Pwi0CpZ7cNKUBRbSviDw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxNUV4VE03dHNZeEh3SU5t\nbjJDdUxSMHN4OWpIbitHZk9wQ1k1b3dBOGprCkdNbThOM0xPS04wNENtVEY2MmZM\nY0NsM2FKK2ZyZm5xMTI4Q3FsZ0Vkd0UKLS0tIC8vY3I5VmoxbmM2a0xrVFI5am9G\naHJVVnJqTytLTFpoQ3h0WXN2ZFVIaGsKV14Jcw9BNzqqPDWLetPBFKMdJgKKzuAG\nY6m2UYcYZwNUW+PEldrJw9EKz+LmsVRccB+k7SrenlMpazdKhjS2Ag==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqcFYrZHpLanRIK0Q4c1hr\nYktmYStKd0loRlpTQmVQUkE3NDZWS1I5YlFrCnJoYW5lRGNvdEhPTGJzRzVSQXJI\nQUx4ZFN2TnV4WnN6M3Q3Y3RkL2xGdUEKLS0tIFl1eWw4enY5QlZCdEp3SlF3RFVR\nRkJERldsamFpNG5SekpIc2ZwcHowQmMK0TiAWqcBk0nft+PzRWJBGmhhQrxZJRie\nrBf5hVmseKAWTVeuSeBVi1XVGLqQttsLClNmu8J7g2nPmHaiAqztOg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4c0hkN0VTSGdkdjJyaUZ6\nSUE4K0YwNnpOaDg0MnUzVFNWK01jY1FQUWtVCnBvTEZYVW5Oc3lZWW5FREI1QXgy\nZ3d4Ny9IdWN0cU5HOEZNWEJEWml2SncKLS0tIGd3THh0TXZHbU03T2YrNUdGbjdN\nNlB2L0R1dFNOdzZyY2FxaVVPMlJjNkkKgCSaMuigobeNLC19vzGT/loYkHIHPCke\nFzAIKJpyi3LVCYFxKAxH3H6yHnrZE0Tl00lO+h3yo8pyJUqEhVSNEA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2SFZOSWZidWZBSlczOGVm\nZzdNcG4wMlROSDkzQ0NjN2ZINU5GYXVldVNJCnBYM1N2TUZXVHRCbzByRE91Q1F4\nM2JTajgrK3MvZElqdEJ2SXF3OFhKN00KLS0tIFZFL28xM3VjMHB6UVBubWx6c0dz\nVk1xcGpOUFdWNUlpUk5PK2tCblVEdE0Kp1uoxyEGpW06HmeXQHN5yigoqPBYtFv7\nPQG2F0YaWGqR6HNREgQB276qEmjkIRHEhHE1RnCxw900UvuOw4HsTQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-02-12T10:44:19Z", diff --git a/modules/btrfs.nix b/modules/btrfs.nix index f7c71f8..2bb29fb 100644 --- a/modules/btrfs.nix +++ b/modules/btrfs.nix @@ -33,6 +33,14 @@ with lib; "compress=zstd" "noatime" ]; + "/persist" = { + options = [ + "subvol=persist" + "compress=zstd" + "noatime" + ]; + neededForBoot = true; + }; "/var/log" = { options = [ "subvol=log" diff --git a/modules/docker.nix b/modules/docker.nix index 7379fcd..c35a23c 100644 --- a/modules/docker.nix +++ b/modules/docker.nix @@ -103,5 +103,8 @@ with lib; }; }; + host.impermanence.directories = mkIf config.host.impermanence.enable [ + "/var/lib/docker" + ]; }; } diff --git a/modules/impermanence.nix b/modules/impermanence.nix index e420f75..8446808 100644 --- a/modules/impermanence.nix +++ b/modules/impermanence.nix @@ -1,4 +1,9 @@ -{ config, lib, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.host.impermanence; @@ -25,30 +30,31 @@ with lib; boot.initrd.systemd = { services.rollback = { - description = "Rollback BTRFS root subvolume to a pristine state"; - wantedBy = [ "initrd.target" ]; after = [ "systemd-cryptsetup@pool0_0.service" ]; before = [ "sysroot.mount" ]; - unitConfig.DefaultDependencies = "no"; - serviceConfig.Type = "oneshot"; - script = # sh - '' - mkdir -p /mnt - mount -o subvol=/ /dev/mapper/pool0_0 /mnt + description = "Rollback BTRFS root subvolume to a pristine state"; + serviceConfig = { + Type = "oneshot"; + ExecStart = + pkgs.writeShellScript "btrfs-rollback" # sh + '' + mkdir -p /mnt + mount -o subvol=/ /dev/mapper/pool0_0 /mnt - btrfs subvolume list -o /mnt/root | cut -f9 -d ' ' | while read subvolume; do - echo "deleting /$subvolume subvolume..." - btrfs subvolume delete "/mnt/$subvolume" - done + btrfs subvolume list -o /mnt/root | cut -f9 -d ' ' | while read subvolume; do + echo "deleting /$subvolume subvolume..." + btrfs subvolume delete "/mnt/$subvolume" + done - echo "deleting /root subvolume..." - btrfs subvolume delete /mnt/root + echo "deleting /root subvolume..." + btrfs subvolume delete /mnt/root - echo "restoring blank /root subvolume..." - btrfs subvolume snapshot /mnt/root-blank /mnt/root + echo "restoring blank /root subvolume..." + btrfs subvolume snapshot /mnt/root-blank /mnt/root - umount /mnt - ''; + umount /mnt + ''; + }; }; }; }; diff --git a/modules/network/dnsmasq.nix b/modules/network/dnsmasq.nix index ea3242f..4f9bcaf 100644 --- a/modules/network/dnsmasq.nix +++ b/modules/network/dnsmasq.nix @@ -36,12 +36,10 @@ with lib; server = [ "9.9.9.9" "149.112.112.112" - "2620:fe::fe" - "2620:fe::9" "1.1.1.1" "1.0.0.1" - "2606:4700:4700::1111" - "2606:4700:4700::1001" + "8.8.8.8" + "8.8.4.4" ]; }; }; diff --git a/modules/network/manager.nix b/modules/network/manager.nix index 32bac06..519d903 100644 --- a/modules/network/manager.nix +++ b/modules/network/manager.nix @@ -22,8 +22,10 @@ with lib; nameservers = [ "9.9.9.9" "149.112.112.112" - "2620:fe::fe" - "2620:fe::9" + "1.1.1.1" + "1.0.0.1" + "8.8.8.8" + "8.8.4.4" ]; resolvconf.enable = false; stevenblack.enable = true; # stevenblack hosts file blocklist