From 90f1da3ccc0151e0c84c5348d8a5da38a0368385 Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Thu, 6 Nov 2025 11:57:51 +0100 Subject: [PATCH 1/5] fix: import and inherit missing lib causing undefined variable error --- hosts/luna/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/luna/default.nix b/hosts/luna/default.nix index ae21cb1..d490efb 100644 --- a/hosts/luna/default.nix +++ b/hosts/luna/default.nix @@ -1,4 +1,5 @@ { + lib, modulesPath, pkgs, ... @@ -7,6 +8,7 @@ let username = "shorty"; in +with lib; { imports = [ (modulesPath + "/installer/scan/not-detected.nix") From 6247c5a71404af165a0e1523f8d8af8da944896d Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Thu, 6 Nov 2025 23:20:49 +0100 Subject: [PATCH 2/5] refactor(sops): regenerate master key --- .sops.yaml | 2 +- hosts/luna/users/shorty/secrets/id_ed25519 | 6 +++--- hosts/luna/users/shorty/secrets/id_ed25519.pub | 6 +++--- hosts/luna/users/shorty/secrets/passwd | 6 +++--- hosts/mars/users/shorty/secrets/id_ed25519 | 6 +++--- hosts/mars/users/shorty/secrets/id_ed25519.pub | 6 +++--- hosts/mars/users/shorty/secrets/passwd | 6 +++--- hosts/shared/secrets/rclone.conf | 8 ++++---- 8 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index d27ccad..c17ff2c 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,5 +1,5 @@ keys: - - &master age1hy523tlslqas8qgs0lxgxanp9gx06fjekn608w4qf66mxkjzmucqh0g6vg + - &master age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr - &host_luna age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez - &host_mars age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy creation_rules: diff --git a/hosts/luna/users/shorty/secrets/id_ed25519 b/hosts/luna/users/shorty/secrets/id_ed25519 index aa701de..a9cfd14 100644 --- a/hosts/luna/users/shorty/secrets/id_ed25519 +++ b/hosts/luna/users/shorty/secrets/id_ed25519 @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1hy523tlslqas8qgs0lxgxanp9gx06fjekn608w4qf66mxkjzmucqh0g6vg", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCUzljQWlRb0ZyNHA1cUNN\nZ09QNXhFS2Q0UEJ5MDRkc29nVWJKQzZabWlZCmdpTjlIbU50Y2hPNU5mS2JGdTFJ\nTHltNEJJRWs0SVBEK2JzcklzaWp6emsKLS0tIFVTbHlOWnNhbWorSndFTmlCMjVj\nZjJkaHZaSUl2YW00MUttaWFFczZOUFEKO6+2ZzBOTwC6bFSf/y34l/okKgy2jYhj\n++IQltnjSEuoVZO9CaBiB0c2eknz382fd4N2uiepF8mRCd7dBHhvqw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvOXI0Z0ZIM2MydzUwWTBX\nVTVhQ0lVR0lIS3JjSjN3VzNmMU1qWFIyWVdRCmhUeHd6elRuM0RMYW5QdHBSdnlo\nWmxPRXdlQjJtMUpxREluSHpPZUlpeWsKLS0tIGtKTExwTG5XMlFHTUQ3eXRDL2w3\nRTZTWGZkQUtHT2pVUU45RTEySmxsMTgKyrJUCN5ooCRoZe+VJeEW1mIPLnTIWxRw\nZ3PzJkw0YPEq8B+RvWjKDeip5uj1RWJOgU5sl1ngf5CbN37uUIAlAQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYajRJUTIzdnp4VE5zVnVB\nVHFjbXpZeU11L1JreURNaHNQYWkvM2hmTnhvCjR0V3M3SGJXcDN3NkVoV3NUZ1NV\nNVNlaVdQcXYvYVI3Nm9qMWlPK1VVQVkKLS0tIEFNOGNhTVdKd3h1d3l6czVXQXpX\nRXJHeXExbDRtRkJWUXVxRjZ4OWloSjQKcajyJcZCZoel1qXKES5NmZ/iHgQtiG2Y\npjZqIBrw6FNH1oTXmErLJIBxVW9d5I3bU/xQ2A5jNd3o8OAC9MsTAw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVzFOQlMxdzJLRmtOMmd5\nQVIzYWwwbkRlb0tJOTRKcFlzUlVqNnNUSFRVCkd3SzNBbGhQNU5LL2RKbWlGcEh2\nM2Y0NlNicEl1S2thSHNPZDFubUIvOUkKLS0tIGNTQTR6dmxaV21UNGN2T3FoUWFG\nMDcxN0pIZjVORDRTcmhMd1RUaGZ6djQKySiQjwuQwTx8WmAqrqu94pByd+cUM5O8\nG38dnvUaRhC5DjShbinPJiVdchV9lqllU2dYaWq9voY/RCJH4EMm6Q==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-24T11:14:20Z", diff --git a/hosts/luna/users/shorty/secrets/id_ed25519.pub b/hosts/luna/users/shorty/secrets/id_ed25519.pub index dbf3de6..59b587b 100644 --- a/hosts/luna/users/shorty/secrets/id_ed25519.pub +++ b/hosts/luna/users/shorty/secrets/id_ed25519.pub @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1hy523tlslqas8qgs0lxgxanp9gx06fjekn608w4qf66mxkjzmucqh0g6vg", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2SFdqdUZkenRqUjV3d2o5\nS0VXTE1Cak80SHdXcnpCd0FmSTBBR0FwVjNRCjFEYXlLOCtHbUg4RlhmVkV6aldB\nbWxTRDhBd3grcnloMHNSSnFuN3RtTTQKLS0tIGNtTUI2WDVKV0pDU0NwQjRxdFZF\nK3IvQ1pyS3BSbVk5QjUyZk9tVmtFak0KW//YyXr6+6NSlUdatMX00O5dlioLBnqv\njq84ZsgCrzm7KAhStvH3icOGdP1skQ82Wp8B76X3IQQvIqTXLT+Jkw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0MUNCU0VEaWF5cVNydGNQ\nZXRKNzlla3k5RkRNZkM1dE5oN29HeXVRRDI0CmkrM2U0TEFMMk9LUEhDQzlBMGpQ\nKzB5bHFWRnFhR2xrMHpYMVdnUmJSNUUKLS0tIEVuUWF6N0YzUTVzR1lscnphWWxy\nNy9UaVNITFlxQ3NnNWNDMzRWVnkxUGcKvKmoT3SqPcyM2Fhoxc8mSJl06rV8hlhI\nFftuxCOO/04lIA7FHHrEHRwON/OZKSwe8ZHkq8ojvUyhPsS9CF3COg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvUUxkNVFDVlFYOXpQVk45\nMEtTdEQvMEwramdLQW9XNVBNVDN5Z1JqMlFzClZTakNJVFBSSEFWdlBRN0xITXlS\nYkE2dk0rNDFrcnFwZ2FPL3ZvRTlINEUKLS0tIFhhdkF6ZWwvR3JJMTA2L0hITGsz\nYkhac0FKeHhqUUplblMrd1dpNldNdUUKGQZlACAnWYpxAVO5tHnHg/cJXypujWEk\n9t4pSQIamiFJQ7zeUuNjEPRppQYKuPCkGx6hZ7PUiuLLDNWdL/GzpQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOOUZmOHRBR0NkUkdmRnk3\nMGI2QlBVc2RqbHMvS1FCSmV1WHBNSjRYZkdRCjhaNk1OZ2lCbGhtTml5SStsc1ZN\nOWY2ODNCdGt1ekJKZjE2NnQwVjNGMzAKLS0tIFFoZndSVWR5cmhMTGZmVnUyNk0x\naS9FSWU1SS9zakRIWnpYTEladUxTR2cKdJUuLUlnb4/wrooyOx1rCt/sOcrBNna3\nAkglRjSmmgAmU8xkdA3ul/3ROIwn22xgp61BIRCwPVCLDOx5KfQ8/w==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-26T18:29:50Z", diff --git a/hosts/luna/users/shorty/secrets/passwd b/hosts/luna/users/shorty/secrets/passwd index 7a3f9df..d0eb601 100644 --- a/hosts/luna/users/shorty/secrets/passwd +++ b/hosts/luna/users/shorty/secrets/passwd @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1hy523tlslqas8qgs0lxgxanp9gx06fjekn608w4qf66mxkjzmucqh0g6vg", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaNXJ4TDNxa2FQS2FRSCs2\nVUNSME5SSEtUWTE5OHUveUtHWGVXMHRZZ3pvClljV0Z5OFNyWVpRU3ZTQlVjZng2\nTkc2S0pod01Oa3dHeWlHQWdYTTFnQTAKLS0tIEJpSHk2RHFabG54eGNPTVRIMHBU\nNkZTWVRMenZZamdzTHBzUUFJbGVsT3MKTwwrMTNUIOq8lTvC7uPyYV0n/6eVsF1v\nDIWopzau+JLckuGeddi5W++D3qT2V1Y+37u9MqbBeks1oQ7NENtbvw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBY1ZtdkVEUjRBZkZHNXox\ndWFhY3dIR2UzRmljNWU2cHk0dC9IU2pxVEVjCnhObHUzdVE3Sm9zdGEwK2pKVldP\neUtCZlk3VHhrQk1mMjFaSjI5ZTZqc3cKLS0tIFJyRjlLbk9ZUWVaZEd6UVRNOElt\ncTFPN0x1ckZXVFVGdVhYU2k0SjFiZG8KhvILNAzA44RmuvHlzmqVozyB6r2ZbQch\nl3S8pq0pQ5yN+4DKWKeNK8QEFZ5QCs8Ts/14wbJpdrVsQCkHy5R29w==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPalNaM2s3MU5uTTNrY0Zz\naTRmbktXVjhmYnZZTTl0WVJZYnZSZHBmclZVClFiYXBpM2xDc2JJZmV1V2dPVEIv\nTjdnU0dmSy96czhMV3YyZGxxRnBEQUUKLS0tIHNoazhXd3M0Wks2Vk1BSTArd1Rt\nNWQ0QTI4bm83U0xhN21ZWmxOTjhVK1UK9jKeX87VhO40kEUG4JDkLOgTKHb5i+5d\nEVJY3KEsbbF0V3H0ND9GJ8MuF1b9RMWjGMkEcardkLuy1M1nmtetDw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvWGJwaC9MMUJnZ0hVNG1H\nWGhKZzBkbEFpU1g3ZWJCUWlWRFdjMUY4cWxvCmhGUzFhU1ZJMW9Yc1E3Z1FLVXl2\nODhSWEJaUG9EQUhpSE5sd3MrNFA5U3cKLS0tIDlzY1gvMGI5WG83OTh4aVB2UWNO\nd2hoUGVnN01EZnhCY3MyL3FFWm1GTkUKpHob+VsJ7nmI+6avBOl2+hNz+9RQge9Y\n4WJQWkjokBNDVe/UOzRBWBWFzP/BmBzDSSepeqGWLP33ZP8R2wUnjQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-03-11T21:49:48Z", diff --git a/hosts/mars/users/shorty/secrets/id_ed25519 b/hosts/mars/users/shorty/secrets/id_ed25519 index 60f244a..2b57b2d 100644 --- a/hosts/mars/users/shorty/secrets/id_ed25519 +++ b/hosts/mars/users/shorty/secrets/id_ed25519 @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1hy523tlslqas8qgs0lxgxanp9gx06fjekn608w4qf66mxkjzmucqh0g6vg", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtY3RYcThGR25EalVJYkZZ\nLzUrOFZTTnI3VkRzTCt3WFVMaHdKN0JldkdjCjQyN0RkeEpxZGxRNTdScHVCTlhP\nUXltd0N2eXIxNjZ1ZzJMNjBlV3NwcFUKLS0tIEU2VEVXcTFWazcvZjJZTkVDVHpU\nbDlTK0tPam5CL0dtWi9LQVl6TVZFZFEKIl9wJGCTj/nvVABbetcZOZZw3jXvGAI2\nnAqhoEKTtiMexBmip2eiIt+bKFSTD4TAlsd+uayFZ7J7ACbJecXlTw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuaDlMUVZwMExGNk1mU3lX\nWG94RmxXckg3R1BIOTZnbnQ1MTFBVmxobWdnCkZoUDZzNGkyRjRRRlBJdDF3QUt3\nVGltVzhSY2tzMEo0eTltQ08zWkN1dTgKLS0tIHhDRFRyL2I4Qnp1OHhWV2ZaUld2\nOXh0V1BuTkN0NUJHTm53UzNzcmRKMG8K6IBsrkRwRFJDt4jjhUUg7UcWLQK94t02\nZggif+q3yDuFkVRfVS6yxyMXti9BdcoCmcGS7O/fBRcdh61LMEwxRw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzSmtzM044em9sR3R2TnN5\nSmUybWNKMmZtTmszcVRTbURjdk9zdnQ3ajNFCktaZTVmZWQzWUNMSGZLQmFBMkdx\nWUFUNXNmYzFSazhGZTVzbU41eFBhUFkKLS0tIGwxNzFydHYwR1dnSFdqZGJ3MkFj\neVk5TUhoa1orYlJHcm1jNVBPemJVTncK6qiqkJT9UOFjxv+NiYmYuVB1EMXRU1R3\nsMagZ7ZNkr+ZXEkxl2HhHHTa/vvQvzFfimppIIg9x/+Hz/ACc/5wxw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTmJtemFEVzhSay9HamdM\nMzBiMC8zZnpXcVFlNHJQNG41K0FiSTBsQlZ3CmkzRUI2a21hcmFNbDBva25JcTFk\nbWNpQldhZG5qM2pxZCtWcER0S2lEMFEKLS0tIGRDa0JEZkFOaThGMTh1TTFpSmRh\nSm9LYlhqSzNhRDlnTUF6MEhjZlBSanMKHzSjslqK/HiSNMaBtNYNX06Dkfjb7Auf\nDwC+LzRhpSJdi6W99OLYiCyIOMeeCZs73u9gOw2ZwXRaCxE0lMM8mQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-24T11:14:20Z", diff --git a/hosts/mars/users/shorty/secrets/id_ed25519.pub b/hosts/mars/users/shorty/secrets/id_ed25519.pub index 58d3a1c..b95abe5 100644 --- a/hosts/mars/users/shorty/secrets/id_ed25519.pub +++ b/hosts/mars/users/shorty/secrets/id_ed25519.pub @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1hy523tlslqas8qgs0lxgxanp9gx06fjekn608w4qf66mxkjzmucqh0g6vg", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOR1R0eTI4cnpWRkZacjl5\nZVlxNkFBYmcyZS9DQU10REx6OFhXckliVmwwCkhWMk5GQWExT2YrWHVlcTN4M3hJ\nNWVRQkF1dHR1aFllWmZuT1VkZzNBbFkKLS0tIEtEaVFVQ3JSY205aFpzZU4rTjE4\nejlFWFdzSW5RL2IwY3NCZGdBSUk5S2cK30gyNvKixN2YVjnfeKPvHZ8whO9E2LmC\n3TgQMWonEpK6YNw/7KNSjvs9N2dcIg3xq9kSJJe2I0oX+Zihv2GZvw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdkEwN3V1eEZSSXBhZmJN\nMnQvdFpqcFVZazNQN3hJV21QN3I0MmpWZms4Cno2V0xyemJBUXhXVHE5SEdrUmFr\nYWsvdXJOaWNYcE5jN0M3MGhmclpXY2MKLS0tIEJvb2F3UEVkY0UxUlp5TWNua2RF\nZmdzQWpYclBBeXFITzlLbVp5QmNrdkUKK/AzjA5MyrKAhTrKy5V+NwaUW93QATcP\n6TjphiCafQhquVI1bc+E9R9tUSnrUrwRveIUfbmHipXAn1xB/H0n/g==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyaFJyN3BneSs4RWFtQWVz\nblM5N245TzFGRzdPRzNyQk43SldWN1JHbmprCjFZajhhbTJBd0xlYTB2RVZmOTVT\nM2FCU1VQVTRaQlVKRDVncExuU09GZzgKLS0tIFlDM1NRZFJMUUk4YjJxSThNWTJp\nMXVOTkEzbWJuL1RNQ29MNzkwcTdNMUkKp8Ad8LB5s1h4dbbuVX/s+AgZaee6Un9M\nRhq1xtvDh/7vfpGu/btfoivBhU+OO4eyTHxo54llcsnRgkrqAxj1GA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxQ0orSWRzZE03RHRUZVdS\ndUkwRzFJN3h4WUxVSGtyMVlkemt4aHNRQWcwCjdBMUJUaUpCYUpvREFyVmxVdTlJ\nZWZTaTV5aVd6eW1NUkNnQXF5RlJqRE0KLS0tIFVTd0ZxQm5jVkhLVUQ0UFZCN3RK\nYW1CM2psaUgyZSswK1RJVkJHN0l1aFEK5j6BWgI40tvPDhSLCqOSytfwKQWwtueZ\n+VaBhRjy5yw2UQ6k/2/hb8oCLja7DFGoirnZMCZewLhX38Rnvp7hxQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-26T18:29:50Z", diff --git a/hosts/mars/users/shorty/secrets/passwd b/hosts/mars/users/shorty/secrets/passwd index 286f0fb..2dc2586 100644 --- a/hosts/mars/users/shorty/secrets/passwd +++ b/hosts/mars/users/shorty/secrets/passwd @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1hy523tlslqas8qgs0lxgxanp9gx06fjekn608w4qf66mxkjzmucqh0g6vg", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPTU93dlZWekh2d1NURGd5\nOHF2RDlqejhROXZNSXdWT1p6cXg2eTFhQlNFCkdBUVgxRTVWMmFSaFJEdlpjSW90\nT1NCaThMYUFMSFdTY3pCd3NES05lakEKLS0tIE1aK2JYSEdJWlhobWFnTkFrdDJv\nbGdJRzd5YmFIN0lISkEzUkROSVMrcXMK2ewODkbZIp/zS7MqCMP65eg/y/WiqWFX\nx4Tc1vFiH7AYnG9eW+jidsmbc4OOs1CzU03MmqJcnhuIcTLh1TdRwg==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJMTRWM2RBdHVob21nK2o2\nY29MM3JEc1lUNFNjcFdKVEdzem9FbC9lWFhRCjZMeituVzlTVExTc2UxU21jWis2\nRFViS055Ump6OXozYTJhSXVUSUlRNlUKLS0tIDFBTU4xZ21YUVhPTUgraFdlSTVY\nZEdrb0huVmVXWUw3SHNLTVg2enZMR0kKpbLnkp0Qjph+EwcKRwOdcqSmIIDXR6XH\nopLe7bAwLlzZWK4Vvs3UuXfOtSZaCvHUAEvi1QMDgO92q2EZw1tTrw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzQzhjVmJJdmNRYmNleWk1\nU2JIeWFpajc1UlFXdHhXRnVBOStUTmVvakZFCm9hYll3NXR2OG1Fd0hZejZmcVhj\naUc4a1NGYWU0clY3bm4xdThhSXZsemcKLS0tIG9idWxGdDVUbGc3YWtVcjNaMm9p\nMUtQL3gvblEwNENBblNPdnJpYXJaUTAKzsw8wrJhMuBw7z+Ewj6/lyMwgVnMOgaG\nMTMN6nUiaX4WjL1OPJrcdthNICTW73niale2vCNZPt9LQqL8l51SuA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4dmhOMmlYWnB0Y3Z6NWdW\ncThUbWg1empjbVRnS3FvY0MxTzlQczJod1dZCkFiRXB5eDg0TWptbUl3YVVJTGpH\ncW1SOThXejZDa1lFWG9NMnNIOG5aWEUKLS0tIElpOFJuL05sQTY3ZHJoOEdqRjJL\nUFRqY0Z4L3B5eFRFR2xOWVJtL3V3Nk0KKHTY3ErygB7/sSCjIrEDI2IY68/QKGUX\nmzgaDB2tqFDFMmNm9jLiawBprtTXxbaY0W7mwF+mBXQMF3IFj3BQ0w==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-03-11T21:49:48Z", diff --git a/hosts/shared/secrets/rclone.conf b/hosts/shared/secrets/rclone.conf index a71f0a3..5fd0f5e 100644 --- a/hosts/shared/secrets/rclone.conf +++ b/hosts/shared/secrets/rclone.conf @@ -3,16 +3,16 @@ "sops": { "age": [ { - "recipient": "age1hy523tlslqas8qgs0lxgxanp9gx06fjekn608w4qf66mxkjzmucqh0g6vg", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4MGM2dnMwNGlSQ1JhYys2\nSGUwRis4YzVDZVdlWllVajhrV3puR2x6VnhzCitXU2N0cWJISEdqeFlRUVltdEw2\nT2s1eUpBT1A2VXowYWhhMXJoV2RKUVUKLS0tIHlJWm5QUktpU0dFWlJpZnNsY3FR\na3B2ZVBYeXZtenhHVFNhb2ZWTFprNEEKTiMVhH4bRAp7+qy4MhZTZirW8Iusi7/w\nMirjR7WtHYI1fHtg09ZBRqxAbclxFah1f3Lpe5PzvZ09Aa3pMyuzEA==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjV3R6b2wvZ0U3RjdMbVJO\naElNLzN5MkQ3L3pheUZOcHJ1Qm81RXJnVGlnClliUFFOOTJrTWtmRFJkWlNPa05i\ndlVYNEExVDBYRkNSd2ZUMHFkWG1DVU0KLS0tICttSHo4K3JVeDlsQVNJTDZJNExX\nVnViWWV1VzVZUkpyN29FczRSVjNTSDQKUevwEgjQDm+kNG27/NLyU6L5eOG2JRB3\nUqInB7bdt6+VknQszVUShce+FFep+7aKg6Pwi0CpZ7cNKUBRbSviDw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxNUV4VE03dHNZeEh3SU5t\nbjJDdUxSMHN4OWpIbitHZk9wQ1k1b3dBOGprCkdNbThOM0xPS04wNENtVEY2MmZM\nY0NsM2FKK2ZyZm5xMTI4Q3FsZ0Vkd0UKLS0tIC8vY3I5VmoxbmM2a0xrVFI5am9G\naHJVVnJqTytLTFpoQ3h0WXN2ZFVIaGsKV14Jcw9BNzqqPDWLetPBFKMdJgKKzuAG\nY6m2UYcYZwNUW+PEldrJw9EKz+LmsVRccB+k7SrenlMpazdKhjS2Ag==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqcFYrZHpLanRIK0Q4c1hr\nYktmYStKd0loRlpTQmVQUkE3NDZWS1I5YlFrCnJoYW5lRGNvdEhPTGJzRzVSQXJI\nQUx4ZFN2TnV4WnN6M3Q3Y3RkL2xGdUEKLS0tIFl1eWw4enY5QlZCdEp3SlF3RFVR\nRkJERldsamFpNG5SekpIc2ZwcHowQmMK0TiAWqcBk0nft+PzRWJBGmhhQrxZJRie\nrBf5hVmseKAWTVeuSeBVi1XVGLqQttsLClNmu8J7g2nPmHaiAqztOg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4c0hkN0VTSGdkdjJyaUZ6\nSUE4K0YwNnpOaDg0MnUzVFNWK01jY1FQUWtVCnBvTEZYVW5Oc3lZWW5FREI1QXgy\nZ3d4Ny9IdWN0cU5HOEZNWEJEWml2SncKLS0tIGd3THh0TXZHbU03T2YrNUdGbjdN\nNlB2L0R1dFNOdzZyY2FxaVVPMlJjNkkKgCSaMuigobeNLC19vzGT/loYkHIHPCke\nFzAIKJpyi3LVCYFxKAxH3H6yHnrZE0Tl00lO+h3yo8pyJUqEhVSNEA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2SFZOSWZidWZBSlczOGVm\nZzdNcG4wMlROSDkzQ0NjN2ZINU5GYXVldVNJCnBYM1N2TUZXVHRCbzByRE91Q1F4\nM2JTajgrK3MvZElqdEJ2SXF3OFhKN00KLS0tIFZFL28xM3VjMHB6UVBubWx6c0dz\nVk1xcGpOUFdWNUlpUk5PK2tCblVEdE0Kp1uoxyEGpW06HmeXQHN5yigoqPBYtFv7\nPQG2F0YaWGqR6HNREgQB276qEmjkIRHEhHE1RnCxw900UvuOw4HsTQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-02-12T10:44:19Z", From 67d69c6cedf90924825c80cb51ba623a9e734ce1 Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Thu, 6 Nov 2025 23:55:39 +0100 Subject: [PATCH 3/5] fix(impermanence): mount /persist to resolve decryption and as a result, start-up issues --- hosts/luna/disko.nix | 1 + modules/btrfs.nix | 8 ++++++++ modules/impermanence.nix | 44 +++++++++++++++++++++++----------------- 3 files changed, 34 insertions(+), 19 deletions(-) diff --git a/hosts/luna/disko.nix b/hosts/luna/disko.nix index bbe7ab8..001f0a1 100644 --- a/hosts/luna/disko.nix +++ b/hosts/luna/disko.nix @@ -69,6 +69,7 @@ in ]; }; "/persist" = { + mountpoint = "/persist"; mountOptions = [ "compress=zstd" "noatime" diff --git a/modules/btrfs.nix b/modules/btrfs.nix index f7c71f8..2bb29fb 100644 --- a/modules/btrfs.nix +++ b/modules/btrfs.nix @@ -33,6 +33,14 @@ with lib; "compress=zstd" "noatime" ]; + "/persist" = { + options = [ + "subvol=persist" + "compress=zstd" + "noatime" + ]; + neededForBoot = true; + }; "/var/log" = { options = [ "subvol=log" diff --git a/modules/impermanence.nix b/modules/impermanence.nix index e420f75..8446808 100644 --- a/modules/impermanence.nix +++ b/modules/impermanence.nix @@ -1,4 +1,9 @@ -{ config, lib, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.host.impermanence; @@ -25,30 +30,31 @@ with lib; boot.initrd.systemd = { services.rollback = { - description = "Rollback BTRFS root subvolume to a pristine state"; - wantedBy = [ "initrd.target" ]; after = [ "systemd-cryptsetup@pool0_0.service" ]; before = [ "sysroot.mount" ]; - unitConfig.DefaultDependencies = "no"; - serviceConfig.Type = "oneshot"; - script = # sh - '' - mkdir -p /mnt - mount -o subvol=/ /dev/mapper/pool0_0 /mnt + description = "Rollback BTRFS root subvolume to a pristine state"; + serviceConfig = { + Type = "oneshot"; + ExecStart = + pkgs.writeShellScript "btrfs-rollback" # sh + '' + mkdir -p /mnt + mount -o subvol=/ /dev/mapper/pool0_0 /mnt - btrfs subvolume list -o /mnt/root | cut -f9 -d ' ' | while read subvolume; do - echo "deleting /$subvolume subvolume..." - btrfs subvolume delete "/mnt/$subvolume" - done + btrfs subvolume list -o /mnt/root | cut -f9 -d ' ' | while read subvolume; do + echo "deleting /$subvolume subvolume..." + btrfs subvolume delete "/mnt/$subvolume" + done - echo "deleting /root subvolume..." - btrfs subvolume delete /mnt/root + echo "deleting /root subvolume..." + btrfs subvolume delete /mnt/root - echo "restoring blank /root subvolume..." - btrfs subvolume snapshot /mnt/root-blank /mnt/root + echo "restoring blank /root subvolume..." + btrfs subvolume snapshot /mnt/root-blank /mnt/root - umount /mnt - ''; + umount /mnt + ''; + }; }; }; }; From 6772373de727f73549c32b3154ec2e1b0e0416a0 Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Thu, 6 Nov 2025 23:56:25 +0100 Subject: [PATCH 4/5] feat(docker): persist docker configuration, images and volumes --- modules/docker.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/docker.nix b/modules/docker.nix index 7379fcd..c35a23c 100644 --- a/modules/docker.nix +++ b/modules/docker.nix @@ -103,5 +103,8 @@ with lib; }; }; + host.impermanence.directories = mkIf config.host.impermanence.enable [ + "/var/lib/docker" + ]; }; } From 819208d09ea01a51c6ff3274629cedd05cc52e1b Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Fri, 7 Nov 2025 00:38:05 +0100 Subject: [PATCH 5/5] fix(dns): use ipv4 DNS servers for the time being While I've not disabled IPv6 I noticed that some domain names being hit on their v6 address were not resolving (looking at you pecl.php.net you ancient beast). This seemed to resolve that issue for the time being. To be further researched.. --- modules/network/dnsmasq.nix | 6 ++---- modules/network/manager.nix | 6 ++++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/network/dnsmasq.nix b/modules/network/dnsmasq.nix index ea3242f..4f9bcaf 100644 --- a/modules/network/dnsmasq.nix +++ b/modules/network/dnsmasq.nix @@ -36,12 +36,10 @@ with lib; server = [ "9.9.9.9" "149.112.112.112" - "2620:fe::fe" - "2620:fe::9" "1.1.1.1" "1.0.0.1" - "2606:4700:4700::1111" - "2606:4700:4700::1001" + "8.8.8.8" + "8.8.4.4" ]; }; }; diff --git a/modules/network/manager.nix b/modules/network/manager.nix index 32bac06..519d903 100644 --- a/modules/network/manager.nix +++ b/modules/network/manager.nix @@ -22,8 +22,10 @@ with lib; nameservers = [ "9.9.9.9" "149.112.112.112" - "2620:fe::fe" - "2620:fe::9" + "1.1.1.1" + "1.0.0.1" + "8.8.8.8" + "8.8.4.4" ]; resolvconf.enable = false; stevenblack.enable = true; # stevenblack hosts file blocklist