Bump nixpkgsSisko

flake.lock

@@ -663,17 +663,17 @@
     },
     "nixpkgsSisko": {
       "locked": {
-        "lastModified": 1742288794,
+        "lastModified": 1747542820,
-        "narHash": "sha256-Txwa5uO+qpQXrNG4eumPSD+hHzzYi/CdaM80M9XRLCo=",
+        "narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "b6eaf97c6960d97350c584de1b6dcff03c9daf42",
+        "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "b6eaf97c6960d97350c584de1b6dcff03c9daf42",
+        "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043",
         "type": "github"
       }
     },

flake.nix

@@ -3,7 +3,7 @@
 
   inputs = {
     flakeParts.url = "github:hercules-ci/flake-parts";
-    nixpkgsSisko.url = "github:NixOS/nixpkgs/b6eaf97c6960d97350c584de1b6dcff03c9daf42";
+    nixpkgsSisko.url = "github:NixOS/nixpkgs/292fa7d4f6519c074f0a50394dbbe69859bb6043";
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
     nixosHardware.url = "github:NixOS/nixos-hardware";
     homeManager = {

hosts/default.nix

@@ -109,6 +109,7 @@
           "home-assistant-token".owner = "prometheus";
           "grafana-password".owner = "grafana";
           "cloudflare-dyndns-api-token" = { };
+          "cloudflare-api-tokens" = { };
           "restic-hetzner-password" = { };
           "hass-ssh-key".owner = "hass";
           "sisko-attic-environment-file".owner = "atticd";

modules/nginx-base/default.nix

@@ -14,7 +14,7 @@
         dnsProvider = "cloudflare";
         dnsPropagationCheck = true;
         group = config.services.nginx.group;
-        environmentFile = config.age.secrets.cloudflare-dyndns-api-token.path;
+        environmentFile = config.age.secrets.cloudflare-api-tokens.path;
       };
     };
   };

modules/nix/default.nix

@@ -92,7 +92,7 @@
         ];
         protocol = "ssh-ng";
         sshUser = "root";
-        sshKey = "/home/${config.ccr.username}/.ssh/id_rsa";
+        sshKey = "/home/${config.ccr.username}/.ssh/id_ed25519";
       }
       ++ (lib.lists.optional (config.networking.hostName == "picard") {
         hostName = "mac.staging.mlabs.city?remote-program=/run/current-system/sw/bin/nix-store";

secrets/cloudflare-api-tokens.age

@@ -0,0 +1,17 @@
+age-encryption.org/v1
+-> ssh-rsa /AagBw
+hD7PDjueXimBVI/rjcYxN77LHV2eGytKcUbmh17aSL1CNM+eriURFao3tj52Hiaz
+3VMB6FxWUk9kzgjMPvf5WZukuZ2WbpPH8xlDV+6ZH7e/IzmjIfx8Ny14Mr1IF/Rx
+TBiCIAM19/1/mR9MiIBW85bb+Bb/waWIZAgxW3N1RpqH5+vAVqx0iY3XRF5+0gOq
+blP3yEw3QaL6FuY0+a+d/TnCsrz2Gi1Rba9oCUmkzOP96TsJYdN58Ut6nrHFkURK
+mShL2xBMLmfA8Z5ep+D8ueyQbcYpeU3KHcIcRM6dRTwQKvWXAVkRt1nUGasKrO9Y
+oJT9BrcxjtqgF/xhHRjWpamjFSI3mlJnJNEbruddDwQUccrJOvEzvqZ7GK0WoFX2
+HmhdDOiocMGWFeBPAKlNtU3+QmtZvhvOIgbjKhNxmCt1A/qxfvRk7Y2IDIBo+CFo
+sKMrT1tCo4UYaJdZYl64XYNCQb3C2EfO7Exrq3d2urNidzUbr9OBx7CCI1nu375c
+Qol9Kr28fLtxRuSZlrqIe9vKVYyLDPznrRlh6TmgqmMLIW70Y8cZwMtT8L8sOkcm
+A8MoxpWFzK4BKo0Iqmw6eZ3nx/0LAzkz005ZEwrmi2W/XxOWJgBiaLmu7YwnoGq0
+gzwwvA5V5MT6Iy7FzkQpMi0h/H4MZ0mcbihKdPun85Q
+-> ssh-ed25519 +vdRnA 23Gviu8hfWCEBPHP7xYIaOx34kFsxJJgJ/BNUDlb9Cg
+ROiMY2gw/rpNBmJnlRVb7Qhi5+8TY3Velj8gEZcaedI
+--- dhmvfQoCjuRUJtvXNI/eCjH0W+IeJm8bFRvYk1JihD0
+qMCÐ,݈½Ô<C2BD>êì‹9-\‘K<E28098>J¡ã]Á­ÿJ ð½(¡SnŸ°.ñQpá~Z$ó±eØ"êí”’\ù£'rS’l‰ÿuÜ
+UD <äÕ<C3A4>vÐÚáÓ]|
/g[†	W_“È>-fl•›8|w­ÊÙŠÈlš–¢ÜõB•[\òá.k(W±{=w 3N}¤qGÏ-w´Mb^‰ŒQ{

secrets/secrets.nix

@@ -92,6 +92,10 @@ with keys.users;
     deltaflyer
     pike
   ];
+  "cloudflare-api-tokens.age".publicKeys = [
+    ccr-ssh
+    sisko
+  ];
   "cloudflare-dyndns-api-token.age".publicKeys = [
     ccr-ssh
     sisko