diff --git a/flake.lock b/flake.lock index f845836..2c2d38f 100644 --- a/flake.lock +++ b/flake.lock @@ -36,11 +36,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1706523465, - "narHash": "sha256-AKlrSRyoMLRUlN2fGWSWWr1nj46JUgjWDPAG/CdPZhQ=", + "lastModified": 1706092909, + "narHash": "sha256-VYb4NbVZKQDnW8TTD2ivJAaF9nyXv5bElJi9+oBt4xw=", "owner": "aciceri", "repo": "emacs", - "rev": "9ad27b6ea82ebaa3dfd635ccc0ce618d9a5ec006", + "rev": "588f7b1696d3b7da77a5ea94e921def43529cb70", "type": "github" }, "original": { @@ -78,11 +78,11 @@ ] }, "locked": { - "lastModified": 1706491084, - "narHash": "sha256-eaEv+orTmr2arXpoE4aFZQMVPOYXCBEbLgK22kOtkhs=", + "lastModified": 1706145859, + "narHash": "sha256-+iGHKwzKVW6aGAWfUmUSJW1KiE6WLYhKyTyWZMTw/cg=", "owner": "nix-community", "repo": "disko", - "rev": "f67ba6552845ea5d7f596a24d57c33a8a9dc8de9", + "rev": "5a2dc95464080764b9ca1b82b5d6d981157522be", "type": "github" }, "original": { @@ -118,11 +118,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1706519192, - "narHash": "sha256-xnlbEJxtRR6hjmRJopRe2TBAWIvEB/S/w1V6613u9Nk=", + "lastModified": 1706086435, + "narHash": "sha256-e+BqXkquFW7LtC+LCbVrVWTXXr/dCEfNAN9wmdyVJ8k=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "380a2b909774bc47385dfa9556f28f243ea87c71", + "rev": "46d30fdef02008e5f1856d4039a0b48d20a3bca6", "type": "github" }, "original": { @@ -199,11 +199,11 @@ "extra-package-indent-bars": { "flake": false, "locked": { - "lastModified": 1706410940, - "narHash": "sha256-8qi7RVjQvOJnt1ziBVPK7vQhlx93nRkomu8rEcW3Pp0=", + "lastModified": 1704855682, + "narHash": "sha256-ie7yF8rlnuJ0j6caKvxwdYH6++1Yik6UnedOg3uHKiM=", "owner": "jdtsmith", "repo": "indent-bars", - "rev": "269774df6d5030832d04c5cf067d7a3a2568a46f", + "rev": "8a4ea0ab83016f87acb94ebf3816a02382b82cad", "type": "github" }, "original": { @@ -317,27 +317,6 @@ } }, "flake-parts_3": { - "inputs": { - "nixpkgs-lib": [ - "hercules-ci-agent", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1704982712, - "narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "07f6395285469419cf9d078f59b5b49993198c00", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "hercules-ci-effects", @@ -357,7 +336,7 @@ "type": "indirect" } }, - "flake-parts_5": { + "flake-parts_4": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_3" }, @@ -416,11 +395,11 @@ "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1706569497, - "narHash": "sha256-oixb0IDb5eZYw6BaVr/R/1pSoMh4rfJHkVnlgeRIeZs=", + "lastModified": 1704982712, + "narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "60c614008eed1d0383d21daac177a3e036192ed8", + "rev": "07f6395285469419cf9d078f59b5b49993198c00", "type": "github" }, "original": { @@ -450,42 +429,6 @@ "type": "github" } }, - "haskell-flake": { - "locked": { - "lastModified": 1684780604, - "narHash": "sha256-2uMZsewmRn7rRtAnnQNw1lj0uZBMh4m6Cs/7dV5YF08=", - "owner": "srid", - "repo": "haskell-flake", - "rev": "74210fa80a49f1b6f67223debdbf1494596ff9f2", - "type": "github" - }, - "original": { - "owner": "srid", - "ref": "0.3.0", - "repo": "haskell-flake", - "type": "github" - } - }, - "hercules-ci-agent": { - "inputs": { - "flake-parts": "flake-parts_3", - "haskell-flake": "haskell-flake", - "nixpkgs": "nixpkgs_6" - }, - "locked": { - "lastModified": 1706307588, - "narHash": "sha256-t46dB7XCBwj2FOwhFWyMOfriGny1bEOgak24fylo5j4=", - "owner": "hercules-ci", - "repo": "hercules-ci-agent", - "rev": "f01ae96b022bb12d35d7223548a0b05623a55ddf", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "hercules-ci-agent", - "type": "github" - } - }, "hercules-ci-effects": { "inputs": { "flake-parts": "flake-parts_2", @@ -507,8 +450,8 @@ }, "hercules-ci-effects_2": { "inputs": { - "flake-parts": "flake-parts_4", - "nixpkgs": "nixpkgs_7" + "flake-parts": "flake-parts_3", + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1704029560, @@ -552,11 +495,11 @@ ] }, "locked": { - "lastModified": 1706473109, - "narHash": "sha256-iyuAvpKTsq2u23Cr07RcV5XlfKExrG8gRpF75hf1uVc=", + "lastModified": 1706134977, + "narHash": "sha256-KwNb1Li3K6vuVwZ77tFjZ89AWBo7AiCs9t0Cens4BsM=", "owner": "nix-community", "repo": "home-manager", - "rev": "d634c3abafa454551f2083b054cd95c3f287be61", + "rev": "6359d40f6ec0b72a38e02b333f343c3d4929ec10", "type": "github" }, "original": { @@ -727,11 +670,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1706373441, - "narHash": "sha256-S1hbgNbVYhuY2L05OANWqmRzj4cElcbLuIkXTb69xkk=", + "lastModified": 1705916986, + "narHash": "sha256-iBpfltu6QvN4xMpen6jGGEb6jOqmmVQKUrXdOJ32u8w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "56911ef3403a9318b7621ce745f5452fb9ef6867", + "rev": "d7f206b723e42edb09d9d753020a84b3061a79d8", "type": "github" }, "original": { @@ -743,11 +686,11 @@ }, "nixpkgsStable": { "locked": { - "lastModified": 1706515015, - "narHash": "sha256-eFfY5A7wlYy3jD/75lx6IJRueg4noE+jowl0a8lIlVo=", + "lastModified": 1706098335, + "narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f4a8d6d5324c327dcc2d863eb7f3cc06ad630df4", + "rev": "a77ab169a83a4175169d78684ddd2e54486ac651", "type": "github" }, "original": { @@ -759,11 +702,11 @@ }, "nixpkgsUnstable": { "locked": { - "lastModified": 1706371002, - "narHash": "sha256-dwuorKimqSYgyu8Cw6ncKhyQjUDOyuXoxDTVmAXq88s=", + "lastModified": 1705856552, + "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c002c6aa977ad22c60398daaa9be52f2203d0006", + "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d", "type": "github" }, "original": { @@ -775,11 +718,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1706191920, - "narHash": "sha256-eLihrZAPZX0R6RyM5fYAWeKVNuQPYjAkCUBr+JNvtdE=", + "lastModified": 1705856552, + "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ae5c332cbb5827f6b1f02572496b141021de335f", + "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d", "type": "github" }, "original": { @@ -807,11 +750,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1706191920, - "narHash": "sha256-eLihrZAPZX0R6RyM5fYAWeKVNuQPYjAkCUBr+JNvtdE=", + "lastModified": 1705856552, + "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ae5c332cbb5827f6b1f02572496b141021de335f", + "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d", "type": "github" }, "original": { @@ -838,22 +781,6 @@ } }, "nixpkgs_6": { - "locked": { - "lastModified": 1705856552, - "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_7": { "locked": { "lastModified": 1703637592, "narHash": "sha256-8MXjxU0RfFfzl57Zy3OfXCITS0qWDNLzlBAdwxGZwfY=", @@ -869,7 +796,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_7": { "locked": { "lastModified": 1678470307, "narHash": "sha256-OEeMUr3ueLIXyW/OaFUX5jUdimyQwMg/7e+/Q0gC/QE=", @@ -887,11 +814,11 @@ }, "nur": { "locked": { - "lastModified": 1706643926, - "narHash": "sha256-GOBRsUCZ3a9GgaLvbm2wpmsnZGY41IvEp9C3rQLXaTI=", + "lastModified": 1706174248, + "narHash": "sha256-VNN7md+kJhBvl5bINEXybSG4jHavrQIlXdywpcaEEwc=", "owner": "nix-community", "repo": "NUR", - "rev": "68b210c7240de86b3639cf9542df9dcb9c504914", + "rev": "20f64c7125413fc19372f11b45db99363bea7c1f", "type": "github" }, "original": { @@ -929,11 +856,11 @@ ] }, "locked": { - "lastModified": 1706424699, - "narHash": "sha256-Q3RBuOpZNH2eFA1e+IHgZLAOqDD9SKhJ/sszrL8bQD4=", + "lastModified": 1705757126, + "narHash": "sha256-Eksr+n4Q8EYZKAN0Scef5JK4H6FcHc+TKNHb95CWm+c=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "7c54e08a689b53c8a1e5d70169f2ec9e2a68ffaf", + "rev": "f56597d53fd174f796b5a7d3ee0b494f9e2285cc", "type": "github" }, "original": { @@ -984,9 +911,9 @@ "rock5b": { "inputs": { "fan-control": "fan-control", - "flake-parts": "flake-parts_5", + "flake-parts": "flake-parts_4", "kernel-src": "kernel-src", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_7", "nixpkgs-kernel": "nixpkgs-kernel", "panfork": "panfork", "tow-boot": "tow-boot", @@ -1013,7 +940,6 @@ "disko": "disko", "dream2nix": "dream2nix", "flakeParts": "flakeParts", - "hercules-ci-agent": "hercules-ci-agent", "hercules-ci-effects": "hercules-ci-effects_2", "homeManager": "homeManager", "homeManagerGitWorkspace": "homeManagerGitWorkspace", @@ -1139,11 +1065,11 @@ ] }, "locked": { - "lastModified": 1706462057, - "narHash": "sha256-7dG1D4iqqt0bEbBqUWk6lZiSqqwwAO0Hd1L5opVyhNM=", + "lastModified": 1706111218, + "narHash": "sha256-ueC4DvzFzN9Ft3kLSv8g6uuT3Ghz+jZ7UlGQFPZxBrg=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "c6153c2a3ff4c38d231e3ae99af29b87f1df5901", + "rev": "23f601bfdef75e21fe8854e24a043bb642201794", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 84b47c3..1f8a1e8 100644 --- a/flake.nix +++ b/flake.nix @@ -43,7 +43,6 @@ }; hercules-ci-effects.url = "github:hercules-ci/hercules-ci-effects"; dream2nix.url = "github:nix-community/dream2nix"; - hercules-ci-agent.url = "github:hercules-ci/hercules-ci-agent"; }; outputs = inputs @ {flakeParts, ...}: diff --git a/hosts/default.nix b/hosts/default.nix index 66865e8..47676d5 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -99,7 +99,6 @@ }; extraModules = [ inputs.disko.nixosModules.disko - # inputs.hercules-ci-agent.nixosModules.agent-service ]; extraHmModules = [ inputs.ccrEmacs.hmModules.default @@ -128,7 +127,6 @@ }; extraModules = with inputs; [ disko.nixosModules.disko - # inputs.hercules-ci-agent.nixosModules.agent-service; # rock5b.nixosModules.default ]; secrets = { @@ -142,8 +140,6 @@ "restic-hetzner-password" = {}; "minio-credentials".owner = "minio"; "aws-credentials".owner = "hercules-ci-agent"; - "hass-ssh-key".owner = "hass"; - "matrix-registration-shared-secret".owner = "matrix-synapse"; }; }; }; diff --git a/hosts/picard/default.nix b/hosts/picard/default.nix index 79c6557..2423303 100644 --- a/hosts/picard/default.nix +++ b/hosts/picard/default.nix @@ -2,7 +2,6 @@ fleetModules, lib, config, - pkgs, ... }: { imports = @@ -33,7 +32,6 @@ "binfmt" "greetd" "syncthing" - "hass-poweroff" ] ++ [ ./disko.nix @@ -108,6 +106,6 @@ # TODO move away from here (how can the interface name be retrieved programmatically?) networking.interfaces.enp11s0.wakeOnLan = { enable = true; - policy = ["magic"]; + policy = ["broadcast" "magic"]; }; } diff --git a/hosts/sisko/default.nix b/hosts/sisko/default.nix index 1e33ebf..01818df 100644 --- a/hosts/sisko/default.nix +++ b/hosts/sisko/default.nix @@ -28,7 +28,6 @@ "restic" "syncthing" "minio" - "matrix" ] ++ [ ./disko.nix diff --git a/modules/cloudflare-dyndns/default.nix b/modules/cloudflare-dyndns/default.nix index d9c40b5..3fa36c0 100644 --- a/modules/cloudflare-dyndns/default.nix +++ b/modules/cloudflare-dyndns/default.nix @@ -2,17 +2,15 @@ services.cloudflare-dyndns = { enable = true; ipv4 = true; - ipv6 = false; # not anymore 😭 + ipv6 = true; domains = [ - "aciceri.dev" - "git.aciceri.dev" + # "sevenofnix.aciceri.dev" "home.aciceri.dev" "torrent.aciceri.dev" "search.aciceri.dev" "invidious.aciceri.dev" "vpn.aciceri.dev" "cache.aciceri.dev" - "matrix.aciceri.dev" ]; apiTokenFile = config.age.secrets.cloudflare-dyndns-api-token.path; }; diff --git a/modules/hass-poweroff/default.nix b/modules/hass-poweroff/default.nix deleted file mode 100644 index 4312093..0000000 --- a/modules/hass-poweroff/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{pkgs, ...}: { - # Creates an user that home assistant can log in as to power off the system - users.users.hass = { - openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFcoVVrMFili8UBjziIu2wyFgcDGTlT1avBh2nLTa9aM"]; - isNormalUser = true; - isSystemUser = false; - group = "hass"; - createHome = false; - }; - - users.groups.hass = {}; - - security.sudo.extraConfig = '' - hass ALL=NOPASSWD:${pkgs.systemd}/bin/systemctl - ''; -} diff --git a/modules/home-assistant/default.nix b/modules/home-assistant/default.nix index 78da7e6..8bc51d0 100644 --- a/modules/home-assistant/default.nix +++ b/modules/home-assistant/default.nix @@ -21,6 +21,12 @@ rev = "9a40a2fa09b0f74aee0b278e2858f5600b3487a9"; hash = "sha256-i+82EUamV1Fhwhb1vhRqn9aA9dJ0FxSSMD734domyhw="; }; + localtuya = pkgs.fetchFromGitHub { + owner = "rospogrigio"; + repo = "localtuya"; + rev = "f06e4848e67997edfa696aa9a89372fb17077bd0"; + hash = "sha256-hA/1FxH0wfM0jz9VqGCT95rXlrWjxV5oIkSiBf0G0ac="; + }; in { services.home-assistant = { enable = true; @@ -52,7 +58,6 @@ in { "webostv" "media_player" "wyoming" - "wake_on_lan" ]; extraPackages = python3Packages: with python3Packages; [ @@ -94,18 +99,6 @@ in { # data.mac = "20:28:bc:74:14:c2"; # }; # }]; - wake_on_lan = {}; - switch = [ - { - name = "Picard"; - platform = "wake_on_lan"; - mac = "74:56:3c:37:17:bd"; # this shouldn't be public - host = "picard.fleet"; - turn_off.service = "shell_command.turn_off_picard"; - } - ]; - shell_command.turn_off_picard = ''${pkgs.openssh}/bin/ssh -i /var/lib/hass/.ssh/id_ed25519 -o StrictHostKeyChecking=no hass@picard.fleet "exec sudo \$(readlink \$(which systemctl)) poweroff"''; - # shell_command.turn_off_picard = ''whoami''; }; }; @@ -121,12 +114,10 @@ in { systemd.tmpfiles.rules = [ "d ${config.services.home-assistant.configDir}/custom_components 770 hass hass" "L+ ${config.services.home-assistant.configDir}/custom_components/pun_sensor - - - - ${pun_sensor}/custom_components/pun_sensor" - - "d ${config.services.home-assistant.configDir}/.ssh 770 hass hass" - "C ${config.services.home-assistant.configDir}/.ssh/id_ed25519 700 hass hass - ${config.age.secrets.hass-ssh-key.path}" - + "L+ ${config.services.home-assistant.configDir}/custom_components/cozy_life - - - - ${cozy_life}/custom_components/cozylife" + "L+ ${config.services.home-assistant.configDir}/custom_components/localtuya - - - - ${localtuya}/custom_components/localtuya" "d ${config.services.home-assistant.configDir}/www 770 hass hass" - "C ${config.services.home-assistant.configDir}/www/home.png 770 hass hass - - ${config.age.secrets.home-planimetry.path}" + "C ${config.services.home-assistant.configDir}/www/home.png - - - - ${config.age.secrets.home-planimetry.path}" ]; networking.firewall.interfaces."wg0" = { diff --git a/modules/home-assistant/home.png b/modules/home-assistant/home.png new file mode 100644 index 0000000..8a65c4f Binary files /dev/null and b/modules/home-assistant/home.png differ diff --git a/modules/matrix/default.nix b/modules/matrix/default.nix deleted file mode 100644 index c248ac3..0000000 --- a/modules/matrix/default.nix +++ /dev/null @@ -1,77 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - clientConfig."m.homeserver".base_url = "https://matrix.aciceri.dev"; - serverConfig."m.server" = "matrix.aciceri.dev:443"; - mkWellKnown = data: '' - default_type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON data}'; - ''; -in { - imports = [../nginx-base]; - - services.nginx.virtualHosts = { - "aciceri.dev" = { - enableACME = true; - forceSSL = true; - locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; - locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; - }; - "matrix.aciceri.dev" = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://127.0.0.1:${builtins.toString (lib.head config.services.matrix-synapse.settings.listeners).port}"; - locations."/_matrix".proxyPass = "http://localhost:8008"; - locations."/_synapse/client".proxyPass = "http://localhost:8008"; - }; - }; - - services.postgresql = { - enable = true; - initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; - }; - - services.matrix-synapse = { - enable = true; - settings = { - server_name = "aciceri.dev"; - public_baseurl = "https://matrix.aciceri.dev"; - listeners = [ - { - port = 8008; - bind_addresses = ["127.0.0.1"]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { - names = ["client" "federation"]; - compress = true; - } - ]; - } - ]; - }; - extraConfigFiles = [config.age.secrets.matrix-registration-shared-secret.path]; - }; - - backup.paths = [ - "/var/lib/matrix-synapse" - "/var/backup/postgresql/matrix-synapse.sql.gz" - ]; - - services.postgresqlBackup = { - enable = true; - databases = ["matrix-synapse"]; - }; -} diff --git a/modules/nix/default.nix b/modules/nix/default.nix index 1568d5c..f0c669c 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -16,7 +16,7 @@ ]; netrc-file = "/etc/nix/netrc"; substituters = [ - "s3://cache?profile=default®ion=eu-south-1&scheme=https&endpoint=cache.aciceri.dev" + "https://cache.aciceri.dev" ]; trusted-public-keys = [ "cache.aciceri.dev~1:nJMfcBnYieY2WMbYDG0s9S5qUhU+V4RPL+X9zcxXxZY=" diff --git a/modules/ssh-initrd/default.nix b/modules/ssh-initrd/default.nix index 9e1ef67..f1c4f9a 100644 --- a/modules/ssh-initrd/default.nix +++ b/modules/ssh-initrd/default.nix @@ -1,38 +1,24 @@ -{ - config, - pkgs, - ... -}: { +{config, ...}: { # For unlocking the disk connect using ssh and type # systemctl start initrd-nixos-activation boot.initrd = { network = { + enable = true; ssh = { enable = true; ignoreEmptyHostKeys = true; extraConfig = '' HostKey /ssh_initrd_host_ed25519_key ''; - authorizedKeys = with (import ../../lib).keys.users; [ - ccr-gpg - ccr-ssh - ]; }; }; systemd = { enable = true; - network.enable = true; - storePaths = [ - "${config.programs.ssh.package}/bin/ssh-keygen" - "${pkgs.bashInteractive}/bin/bash" - ]; + storePaths = ["${config.programs.ssh.package}/bin/ssh-keygen"]; services.sshd.preStart = '' - [ ! -f /ssh_initrd_host_ed25519_key ] && ${config.programs.ssh.package}/bin/ssh-keygen -t ed25519 -N "" -f /ssh_initrd_host_ed25519_key + ${config.programs.ssh.package}/bin/ssh-keygen -t ed25519 -N "" -f /ssh_initrd_host_ed25519_key chmod 600 /ssh_initrd_host_ed25519_key ''; }; }; - - boot.initrd.systemd.additionalUpstreamUnits = ["debug-shell.service"]; - boot.kernelParams = ["rd.systemd.debug_shell"]; } diff --git a/secrets/hass-ssh-key.age b/secrets/hass-ssh-key.age deleted file mode 100644 index 689dc4a..0000000 Binary files a/secrets/hass-ssh-key.age and /dev/null differ diff --git a/secrets/matrix-registration-shared-secret.age b/secrets/matrix-registration-shared-secret.age deleted file mode 100644 index cd63cd9..0000000 --- a/secrets/matrix-registration-shared-secret.age +++ /dev/null @@ -1,29 +0,0 @@ -age-encryption.org/v1 --> ssh-rsa /AagBw -UlR5iCI7jZnIqgfUm7fHrwgJroFYlqA+F8aZudS/i/RjJ6b8ldqdZnefydc+XY9i -PeAAqAdEVpC0Dae5q4BoWFb0uS5PQPOBmnYqnSm0NMEcGizzpnF+XJL1wPLur/J9 -TRUHHA9MRvVF5QoXrm2wsqQxstnUPZU4ObA+JgnXArMw31aTPOc8KmZWTQKPg2YM -PyH1Q2Vc3HHKi4CyY2rl18e8JaJGiifrIATl0+/hsfJnOT8o54HcT11b096hiRqU -NEdH92y4x+hF0dStTPBIEwzLiM2CVght5lR89Lvh3ZP7b10yswB+EKkH1kwcziyn -3Hq7RM0+jNKbedyViCAuVeis5PezQlFe3yf9eR9YMJdSjhgflLU2KQ3NnXHYoJJ/ -A1XitzFOwKTSEQqHQs2yjTNa3XcoyNDxH49q/svECHmYZamPsc1Ac8cIJOeFf+Id -xoa0zKJhSZOBwIz5+PrbNN4lYD88sbT6wspQoJwFOvqCx87kwb3HouG0rwDq57BN -QxybvD7Vz7JPr6D15uWGhNldabvhr+pMt+17wS+DmdjO08iHrwxTrzyvvc86vxhg -9IvAF3mhIQvBuV9yLSTGE+J8ngp3f6PUfj0CHZTpLpsBvmr83b1gqjVIpxnmJwIW -MZpPv/x3o81kxyibFA75T+PhGlOPOybZpleRwmLazy4 --> ssh-rsa QHr3/A -HjOVYJ5qow3EL+ccqD/8azBdhynKeoSYDMOf9etmemrnBLigJzpoFFjlqyMmfFVj -vjGvVok/iPO6rrmA27UpEiU6arW8IO1N0IUTulpMYNoDUEWPUHdCQv0pHfArEMi0 -KN37mpm22nusOL3bm8goIcyVFzqP83wGsQXamVjwYLI34XlD2d4ugxWtejoYK/rR -4xbpgnQv3KuyWuxa5eehBuSPZVcBTwzF3sE9/7UFWZxSeHIpV+S8qoj/kfezqVUl -lUoXC1uupwT5iNYs7NJ3WZZxWjYdpZdR01K8Z8GAh2BDsVXBBZfxmPZwcr+Ri7Gk -Ai3AGyw7JyO7YeVXeiGze52fkxzxZmCuN8fKoxi5fgrt3sJMUurXnsCTOAPPj9oE -FCUT9eGO3mxf213XHEySfhS1C0yEruCtJnmclr3bkFNKVFyM71ABOp8sQwsNuBeB -3WeufPGCXliV7w+NuNBfa0NAemqDOWmTqZHQEv/D3gLBAiUxtm3Rd5wVkcY0Qy3X -nq0VyMU+LEcC5h9HvJNnEbUzADR0bab/5jbKfbTrJVimCr6fQmkd8+ua6oGa++Jh -7BrHauQnVKp5tKnvgUaMWfOp40pjMxUzb1JQMkVD5+uKqD+aUD2SDKODC/FKOLC0 -wNoSoE4m5vNy3SLjY66cVT2Mh80fs6GULqE05k2r5SQ --> ssh-ed25519 OgJHCw OjjSmtLRB+pMtn+5NfDQ1FGMgQttjkoN04gs0aIuRHM -vRwkDC8EewSDLTbB3ZNZO1d3TjulShkeDjjrAFpu2Cc ---- 4q2bfImq0xXD0apHMUgoP+oNRg9Yr8t1SXpHYtCW0ZE -[jlE; CoR&lPo5Z>tl h/o~r3+KLg9P l#FN{7tSg+Y)kt T>p \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 1c7a8ca..d0162d1 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -20,8 +20,6 @@ in "chatgpt-token.age".publicKeys = [ccr-ssh ccr-gpg kirk mothership picard]; "cloudflare-dyndns-api-token.age".publicKeys = [ccr-ssh ccr-gpg sisko]; "restic-hetzner-password.age".publicKeys = [ccr-ssh ccr-gpg picard sisko kirk]; - "hass-ssh-key.age".publicKeys = [ccr-ssh ccr-gpg sisko]; - "matrix-registration-shared-secret.age".publicKeys = [ccr-ssh ccr-gpg sisko]; # WireGuard "picard-wireguard-private-key.age".publicKeys = [ccr-ssh ccr-gpg picard];