From f1ec59c3af549742fa4e8d0617013fb6b46078bb Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 16 May 2025 15:46:47 +0200 Subject: [PATCH] migrate to clan --- flake.lock | 130 ++++----------- flake.nix | 148 +++++------------- hosts/genepi/backup.nix | 95 ----------- hosts/genepi/hardware.nix | 19 --- hosts/haze/secrets/secrets.nix | 7 - {hosts => machines}/README.md | 0 .../crocus/configuration.nix | 18 ++- .../disk.nix => machines/crocus/disko.nix | 14 +- {hosts => machines}/crocus/radicle.nix | 0 {hosts => machines}/genepi/acme.nix | 0 {hosts => machines}/genepi/boot.nix | 0 {hosts => machines}/genepi/builder.nix | 4 + .../genepi/configuration.nix | 16 +- .../disk.nix => machines/genepi/disko.nix | 0 {hosts => machines}/genepi/dns.nix | 0 {hosts => machines}/genepi/freshrss.nix | 0 {hosts => machines}/genepi/glance-config.nix | 0 {hosts => machines}/genepi/glance.nix | 0 machines/genepi/hardware-configuration.nix | 23 +++ {hosts => machines}/genepi/home.nix | 9 +- {hosts => machines}/genepi/homeassistant.nix | 0 {hosts => machines}/genepi/immich.nix | 2 + .../genepi/monitoring/default.nix | 0 .../genepi/monitoring/grafana.nix | 0 .../genepi/monitoring/prometheus.nix | 2 + {hosts => machines}/genepi/mpd.nix | 2 +- {hosts => machines}/genepi/network.nix | 2 - {hosts => machines}/genepi/nginx.nix | 0 {hosts => machines}/genepi/persistence.nix | 45 +++--- {hosts => machines}/genepi/syncthing.nix | 0 {hosts => machines}/genepi/taskchampion.nix | 0 {hosts => machines}/haze/boot.nix | 0 {hosts => machines}/haze/chat.nix | 0 .../haze/configuration.nix | 11 +- {hosts => machines}/haze/discord.nix | 0 .../haze/disk.nix => machines/haze/disko.nix | 0 {hosts => machines}/haze/firefox.nix | 0 {hosts => machines}/haze/gimp.nix | 0 {hosts => machines}/haze/gnome.nix | 0 .../haze/hardware-configuration.nix | 0 {hosts => machines}/haze/hibernate.nix | 0 {hosts => machines}/haze/home.nix | 0 {hosts => machines}/haze/hyprland.nix | 0 {hosts => machines}/haze/network.nix | 2 - {hosts => machines}/haze/niri.nix | 0 machines/haze/secrets/secrets.nix | 13 ++ .../haze/secrets/syncthing-cert.pem.age | Bin .../haze/secrets/syncthing-key.pem.age | 0 {hosts => machines}/haze/ssh.nix | 0 {hosts => machines}/haze/steam.nix | 0 {hosts => machines}/haze/sway.nix | 0 {hosts => machines}/haze/syncthing.nix | 6 +- {hosts => machines}/haze/thunderbird.nix | 0 {hosts => machines}/haze/video.nix | 0 modules/borgbackup.nix | 17 ++ modules/default.nix | 5 - modules/storagebox.nix | 12 ++ system/core/default.nix | 2 +- system/core/ssh-server.nix | 2 +- .../crocus/openssh/ssh.id_ed25519/secret | 10 +- 60 files changed, 225 insertions(+), 391 deletions(-) delete mode 100644 hosts/genepi/backup.nix delete mode 100644 hosts/genepi/hardware.nix delete mode 100644 hosts/haze/secrets/secrets.nix rename {hosts => machines}/README.md (100%) rename hosts/crocus/default.nix => machines/crocus/configuration.nix (76%) rename hosts/crocus/disk.nix => machines/crocus/disko.nix (71%) rename {hosts => machines}/crocus/radicle.nix (100%) rename {hosts => machines}/genepi/acme.nix (100%) rename {hosts => machines}/genepi/boot.nix (100%) rename {hosts => machines}/genepi/builder.nix (66%) rename hosts/genepi/default.nix => machines/genepi/configuration.nix (72%) rename hosts/genepi/disk.nix => machines/genepi/disko.nix (100%) rename {hosts => machines}/genepi/dns.nix (100%) rename {hosts => machines}/genepi/freshrss.nix (100%) rename {hosts => machines}/genepi/glance-config.nix (100%) rename {hosts => machines}/genepi/glance.nix (100%) create mode 100644 machines/genepi/hardware-configuration.nix rename {hosts => machines}/genepi/home.nix (89%) rename {hosts => machines}/genepi/homeassistant.nix (100%) rename {hosts => machines}/genepi/immich.nix (91%) rename {hosts => machines}/genepi/monitoring/default.nix (100%) rename {hosts => machines}/genepi/monitoring/grafana.nix (100%) rename {hosts => machines}/genepi/monitoring/prometheus.nix (95%) rename {hosts => machines}/genepi/mpd.nix (91%) rename {hosts => machines}/genepi/network.nix (83%) rename {hosts => machines}/genepi/nginx.nix (100%) rename {hosts => machines}/genepi/persistence.nix (51%) rename {hosts => machines}/genepi/syncthing.nix (100%) rename {hosts => machines}/genepi/taskchampion.nix (100%) rename {hosts => machines}/haze/boot.nix (100%) rename {hosts => machines}/haze/chat.nix (100%) rename hosts/haze/default.nix => machines/haze/configuration.nix (86%) rename {hosts => machines}/haze/discord.nix (100%) rename hosts/haze/disk.nix => machines/haze/disko.nix (100%) rename {hosts => machines}/haze/firefox.nix (100%) rename {hosts => machines}/haze/gimp.nix (100%) rename {hosts => machines}/haze/gnome.nix (100%) rename hosts/haze/hardware.nix => machines/haze/hardware-configuration.nix (100%) rename {hosts => machines}/haze/hibernate.nix (100%) rename {hosts => machines}/haze/home.nix (100%) rename {hosts => machines}/haze/hyprland.nix (100%) rename {hosts => machines}/haze/network.nix (87%) rename {hosts => machines}/haze/niri.nix (100%) create mode 100644 machines/haze/secrets/secrets.nix rename {hosts => machines}/haze/secrets/syncthing-cert.pem.age (100%) rename {hosts => machines}/haze/secrets/syncthing-key.pem.age (100%) rename {hosts => machines}/haze/ssh.nix (100%) rename {hosts => machines}/haze/steam.nix (100%) rename {hosts => machines}/haze/sway.nix (100%) rename {hosts => machines}/haze/syncthing.nix (89%) rename {hosts => machines}/haze/thunderbird.nix (100%) rename {hosts => machines}/haze/video.nix (100%) create mode 100644 modules/borgbackup.nix delete mode 100644 modules/default.nix create mode 100644 modules/storagebox.nix diff --git a/flake.lock b/flake.lock index 90e434b..547ca88 100644 --- a/flake.lock +++ b/flake.lock @@ -39,11 +39,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1746799285, - "narHash": "sha256-wRii4X2t8bAvtJTy6O9NPCdWB2NnP9B/utYHf7Qpf2g=", + "lastModified": 1747400548, + "narHash": "sha256-zvBGXYkd8pZKkBXlLdcw0/nxSoGJOkwGbc6dz9NS4G8=", "ref": "refs/heads/main", - "rev": "b306c748b872527838b922226c2e7570937c131d", - "revCount": 6737, + "rev": "56f3fd0a454635d0449330e6848a98bab6da020e", + "revCount": 6979, "type": "git", "url": "https://git.clan.lol/clan/clan-core" }, @@ -94,39 +94,17 @@ ] }, "locked": { - "lastModified": 1746628829, - "narHash": "sha256-q77HWbHlJTXFVRD2kRnYwqGfbGmCm9XYPG0ZgLLVh8M=", - "rev": "9a3856421bd6733192b57037cdf26712d73c0871", + "lastModified": 1747329636, + "narHash": "sha256-mmyx5trq5ZQp6uShbHNfqgSxdg9OeArcZGdZKtHjhqw=", + "rev": "7afcd6f322b9839699f6f31d5bed884c6dd412c4", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/9a3856421bd6733192b57037cdf26712d73c0871.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/7afcd6f322b9839699f6f31d5bed884c6dd412c4.tar.gz" }, "original": { "type": "tarball", "url": "https://git.clan.lol/clan/data-mesher/archive/main.tar.gz" } }, - "deploy-rs": { - "inputs": { - "flake-compat": "flake-compat", - "nixpkgs": [ - "nixpkgs" - ], - "utils": "utils" - }, - "locked": { - "lastModified": 1727447169, - "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=", - "owner": "serokell", - "repo": "deploy-rs", - "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76", - "type": "github" - }, - "original": { - "owner": "serokell", - "repo": "deploy-rs", - "type": "github" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -135,11 +113,11 @@ ] }, "locked": { - "lastModified": 1746729224, - "narHash": "sha256-9R4sOLAK1w3Bq54H3XOJogdc7a6C2bLLmatOQ+5pf5w=", + "lastModified": 1747274630, + "narHash": "sha256-87RJwXbfOHyzTB9LYagAQ6vOZhszCvd8Gvudu+gf3qo=", "owner": "nix-community", "repo": "disko", - "rev": "85555d27ded84604ad6657ecca255a03fd878607", + "rev": "ec7c109a4f794fce09aad87239eab7f66540b888", "type": "github" }, "original": { @@ -155,11 +133,11 @@ ] }, "locked": { - "lastModified": 1745812220, - "narHash": "sha256-hotBG0EJ9VmAHJYF0yhWuTVZpENHvwcJ2SxvIPrXm+g=", + "lastModified": 1747274630, + "narHash": "sha256-87RJwXbfOHyzTB9LYagAQ6vOZhszCvd8Gvudu+gf3qo=", "owner": "nix-community", "repo": "disko", - "rev": "d0c543d740fad42fe2c035b43c9d41127e073c78", + "rev": "ec7c109a4f794fce09aad87239eab7f66540b888", "type": "github" }, "original": { @@ -168,22 +146,6 @@ "type": "github" } }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -233,11 +195,11 @@ ] }, "locked": { - "lastModified": 1745810134, - "narHash": "sha256-WfnYH/i7DFzn4SESQfWviXiNUZjohZhzODqLwKYHIPI=", + "lastModified": 1747374689, + "narHash": "sha256-JT/aBZqmK1LbExzwT9cPkvxKc0IC4i6tZKOPjsSWFbI=", "owner": "nix-community", "repo": "home-manager", - "rev": "be7cf1709b469a2a2c62169172a167d1fed3509f", + "rev": "d2263ce5f4c251c0f7608330e8fdb7d1f01f0667", "type": "github" }, "original": { @@ -269,11 +231,11 @@ ] }, "locked": { - "lastModified": 1746708654, - "narHash": "sha256-GeC99gu5H6+AjBXsn5dOhP4/ApuioGCBkufdmEIWPRs=", + "lastModified": 1747365160, + "narHash": "sha256-4ZVr0x+ry6ybym/VhVYACj0HlJo44YxAaPGOxiS88Hg=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "6cb36e8327421c61e5a3bbd08ed63491b616364a", + "rev": "8817b00b0011750381d0d44bb94d61087349b6ba", "type": "github" }, "original": { @@ -346,11 +308,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1745503349, - "narHash": "sha256-bUGjvaPVsOfQeTz9/rLTNLDyqbzhl0CQtJJlhFPhIYw=", + "lastModified": 1747129300, + "narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "f7bee55a5e551bd8e7b5b82c9bc559bc50d868d1", + "rev": "e81fd167b33121269149c57806599045fd33eeed", "type": "github" }, "original": { @@ -378,11 +340,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1745526057, - "narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=", + "lastModified": 1747179050, + "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f771eb401a46846c1aebd20552521b233dd7e18b", + "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e", "type": "github" }, "original": { @@ -396,7 +358,6 @@ "inputs": { "agenix": "agenix", "clan-core": "clan-core", - "deploy-rs": "deploy-rs", "disko": "disko_2", "home-manager": "home-manager_2", "impermanence": "impermanence", @@ -456,21 +417,6 @@ "type": "github" } }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -479,11 +425,11 @@ ] }, "locked": { - "lastModified": 1746216483, - "narHash": "sha256-4h3s1L/kKqt3gMDcVfN8/4v2jqHrgLIe4qok4ApH5x4=", + "lastModified": 1747299117, + "narHash": "sha256-JGjCVbxS+9t3tZ2IlPQ7sdqSM4c+KmIJOXVJPfWmVOU=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "29ec5026372e0dec56f890e50dbe4f45930320fd", + "rev": "e758f27436367c23bcd63cd973fa5e39254b530e", "type": "github" }, "original": { @@ -491,24 +437,6 @@ "repo": "treefmt-nix", "type": "github" } - }, - "utils": { - "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 1b8a7e5..5103abf 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,6 @@ inputs@{ nixpkgs, clan-core, - deploy-rs, home-manager, impermanence, nixos-generators, @@ -14,116 +13,55 @@ ... }: let - inherit (nixpkgs) lib; - hosts = { - # VivoBook laptop - haze = { - system = "x86_64-linux"; - }; - # Hetzner VPS - crocus = { - system = "x86_64-linux"; - }; - # Raspberry Pi 4 - genepi = { - system = "aarch64-linux"; - }; - }; clan = clan-core.lib.buildClan { self = self; meta.name = "blossom"; - machines = { - crocus = { - nixpkgs.hostPlatform = "x86_64-linux"; - imports = [ - ./hosts/crocus - ]; + specialArgs = { + inherit inputs self; + inherit (import ./parts) keys; + }; + inventory = { + instances = { + "rpqt-admin" = { + module.input = "clan-core"; + module.name = "admin"; + roles.default.machines = { + "crocus" = { }; + "genepi" = { }; + "haze" = { }; + }; + roles.default.settings.allowedKeys = { + rpqt_haze = (import ./parts).keys.rpqt.haze; + }; + }; + }; + services = { + zerotier.default = { + roles.controller.machines = [ + "crocus" + ]; + roles.peer.machines = [ + "haze" + "genepi" + ]; + }; + sshd.default = { + roles.server.machines = [ "crocus" ]; + }; + user-password.rpqt = { + roles.default.machines = [ + "crocus" + "genepi" + "haze" + ]; + config.user = "rpqt"; + }; }; }; }; in { inherit (clan) clanInternals nixosConfigurations; - clan = { inherit (clan) templates; }; - # nixosConfigurations = - # let - # mkNixosConfig = - # hostname: - # { system }: - # lib.nixosSystem { - # inherit system; - # specialArgs = { - # inherit inputs self; - # inherit (import ./parts) keys; - # }; - # modules = [ - # ./hosts/${hostname} - # ./modules - # ./system - # ]; - # }; - # in - # builtins.mapAttrs mkNixosConfig hosts; - - # Raspberry Pi 4 installer ISO. - packages.aarch64-linux.installer-sd-image = nixos-generators.nixosGenerate { - specialArgs = { - inherit inputs; - inherit (import ./parts) keys; - }; - system = "aarch64-linux"; - format = "sd-aarch64-installer"; - modules = [ - nixos-hardware.nixosModules.raspberry-pi-4 - ./system/core - ./hosts/genepi/network.nix - ./hosts/genepi/hardware.nix - { - nixpkgs.overlays = [ - (final: super: { - makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; }); - }) - ]; - } - ]; - }; - - homeConfigurations = { - "rpqt@haze" = home-manager.lib.homeManagerConfiguration { - extraSpecialArgs = { - inherit inputs; - }; - pkgs = nixpkgs.legacyPackages.x86_64-linux; - modules = [ - ./hosts/haze/home.nix - ]; - }; - }; - - deploy.nodes.crocus = { - hostname = "crocus"; - profiles = { - system = { - user = "root"; - sshUser = "rpqt"; - path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.crocus; - }; - }; - }; - - deploy.nodes.genepi = { - hostname = "genepi"; - profiles = { - system = { - user = "root"; - sshUser = "rpqt"; - path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.genepi; - remoteBuild = true; - }; - }; - }; - - checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; devShells = let @@ -135,7 +73,7 @@ { "${system}".default = pkgs.mkShell { packages = [ - inputs.agenix.packages.x86_64-linux.default + inputs.agenix.packages.${system}.default clan-core.packages.${system}.clan-cli pkgs.nil # Nix language server pkgs.nixfmt-rfc-style @@ -159,10 +97,6 @@ url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; - deploy-rs = { - url = "github:serokell/deploy-rs"; - inputs.nixpkgs.follows = "nixpkgs"; - }; home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/hosts/genepi/backup.nix b/hosts/genepi/backup.nix deleted file mode 100644 index 300c16a..0000000 --- a/hosts/genepi/backup.nix +++ /dev/null @@ -1,95 +0,0 @@ -{ - config, - keys, - pkgs, - ... -}: -let - storagebox-user = "u422292-sub1"; - storagebox-host = "${storagebox-user}.your-storagebox.de"; - storagebox-nightly-backup-name = "storagebox-nightly"; - storagebox-weekly-home-backup-name = "storagebox-weekly-home"; -in -{ - environment.systemPackages = [ - pkgs.sshpass - ]; - - age.secrets.restic-genepi-storagebox-key.file = ../../secrets/restic-genepi-storagebox-key.age; - age.secrets.restic-genepi-storagebox-password.file = ../../secrets/restic-genepi-storagebox-password.age; - - programs.ssh.knownHosts = { - "${storagebox-host}".publicKey = keys.hosts.storagebox-rsa; - }; - - services.restic.backups."${storagebox-nightly-backup-name}" = { - initialize = true; - paths = [ - "/persist" - ]; - exclude = [ - "/persist/@backup-snapshot" - ]; - passwordFile = config.age.secrets.restic-genepi-storagebox-key.path; - repository = "sftp://${storagebox-user}@${storagebox-host}/"; - extraOptions = [ - "sftp.command='${pkgs.sshpass}/bin/sshpass -f ${config.age.secrets.restic-genepi-storagebox-password.path} -- ssh ${storagebox-host} -l ${storagebox-user} -s sftp'" - ]; - timerConfig = { - OnCalendar = "03:00"; - RandomizedDelaySec = "1h"; - }; - pruneOpts = [ - "--keep-daily 7" - "--keep-weekly 5" - "--keep-monthly 12" - "--keep-yearly 10" - ]; - backupPrepareCommand = '' - set -Eeuxo pipefail - # clean old snapshot - if btrfs subvolume delete /persist/@backup-snapshot; then - echo "WARNING: previous run did not cleanly finish, removing old snapshot" - fi - - btrfs subvolume snapshot -r /persist /persist/@backup-snapshot - - umount /persist - mount -t btrfs -o subvol=/persist/@backup-snapshot /dev/disk/by-partlabel/disk-main-root /persist - ''; - backupCleanupCommand = '' - btrfs subvolume delete /persist/@backup-snapshot - ''; - }; - - systemd.services."restic-backups-${storagebox-nightly-backup-name}" = { - path = with pkgs; [ - btrfs-progs - umount - mount - ]; - serviceConfig.privateMounts = true; - }; - - # Backup home - services.restic.backups."${storagebox-weekly-home-backup-name}" = { - initialize = true; - paths = [ - "/home/rpqt" - ]; - passwordFile = config.age.secrets.restic-genepi-storagebox-key.path; - repository = "sftp://${storagebox-user}@${storagebox-host}/"; - extraOptions = [ - "sftp.command='${pkgs.sshpass}/bin/sshpass -f ${config.age.secrets.restic-genepi-storagebox-password.path} -- ssh ${storagebox-host} -l ${storagebox-user} -s sftp'" - ]; - timerConfig = { - OnCalendar = "Sat 03:30"; - RandomizedDelaySec = "1h"; - }; - pruneOpts = [ - "--keep-weekly 1" - "--keep-monthly 12" - "--keep-yearly 10" - ]; - }; -} diff --git a/hosts/genepi/hardware.nix b/hosts/genepi/hardware.nix deleted file mode 100644 index a341e1a..0000000 --- a/hosts/genepi/hardware.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ pkgs, ... }: -{ - nixpkgs.hostPlatform = "aarch64-linux"; - - hardware.enableRedistributableFirmware = true; - - hardware = { - raspberry-pi."4".apply-overlays-dtmerge.enable = true; - deviceTree = { - enable = true; - filter = "*rpi-4-*.dtb"; - }; - }; - - environment.systemPackages = with pkgs; [ - libraspberrypi - raspberrypi-eeprom - ]; -} diff --git a/hosts/haze/secrets/secrets.nix b/hosts/haze/secrets/secrets.nix deleted file mode 100644 index 23ac249..0000000 --- a/hosts/haze/secrets/secrets.nix +++ /dev/null @@ -1,7 +0,0 @@ -let - keys = import ../../../parts/keys.nix; -in -{ - "syncthing-key.pem.age".publicKeys = [ keys.hosts.haze ]; - "syncthing-cert.pem.age".publicKeys = [ keys.hosts.haze ]; -} diff --git a/hosts/README.md b/machines/README.md similarity index 100% rename from hosts/README.md rename to machines/README.md diff --git a/hosts/crocus/default.nix b/machines/crocus/configuration.nix similarity index 76% rename from hosts/crocus/default.nix rename to machines/crocus/configuration.nix index 7ea7c4b..39e52d0 100644 --- a/hosts/crocus/default.nix +++ b/machines/crocus/configuration.nix @@ -7,15 +7,17 @@ { imports = [ (modulesPath + "/profiles/qemu-guest.nix") - inputs.agenix.nixosModules.default - inputs.disko.nixosModules.disko - ./disk.nix - ./radicle.nix - ./modules - ./system + # ./radicle.nix + ../../system + inputs.clan-core.clanModules.state-version + ../../modules/remote-builder.nix + ../../modules/borgbackup.nix ]; + nixpkgs.hostPlatform = "x86_64-linux"; + networking.hostName = "crocus"; + clan.core.networking.targetHost = "root@crocus.local"; networking.useDHCP = false; systemd.network.enable = true; @@ -30,6 +32,10 @@ ]; }; + services.avahi.enable = true; + + disko.devices.disk.main.device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_48353082"; + boot.loader.grub = { efiSupport = true; efiInstallAsRemovable = true; diff --git a/hosts/crocus/disk.nix b/machines/crocus/disko.nix similarity index 71% rename from hosts/crocus/disk.nix rename to machines/crocus/disko.nix index 4dcdd36..af03c18 100644 --- a/hosts/crocus/disk.nix +++ b/machines/crocus/disko.nix @@ -1,6 +1,16 @@ { - disko.devices.disk.os = { - device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_48353082"; + clan-core, + config, + ... +}: +let + suffix = config.clan.core.vars.generators.disk-id.files.diskId.value; +in +{ + imports = [ clan-core.clanModules.disk-id ]; + + disko.devices.disk.main = { + name = "main-" + suffix; type = "disk"; content = { type = "gpt"; diff --git a/hosts/crocus/radicle.nix b/machines/crocus/radicle.nix similarity index 100% rename from hosts/crocus/radicle.nix rename to machines/crocus/radicle.nix diff --git a/hosts/genepi/acme.nix b/machines/genepi/acme.nix similarity index 100% rename from hosts/genepi/acme.nix rename to machines/genepi/acme.nix diff --git a/hosts/genepi/boot.nix b/machines/genepi/boot.nix similarity index 100% rename from hosts/genepi/boot.nix rename to machines/genepi/boot.nix diff --git a/hosts/genepi/builder.nix b/machines/genepi/builder.nix similarity index 66% rename from hosts/genepi/builder.nix rename to machines/genepi/builder.nix index cfd8db9..eeab549 100644 --- a/hosts/genepi/builder.nix +++ b/machines/genepi/builder.nix @@ -1,5 +1,9 @@ { keys, ... }: { + imports = [ + ../../modules/remote-builder.nix + ]; + roles.remote-builder = { enable = true; authorizedKeys = [ keys.hosts.haze ]; diff --git a/hosts/genepi/default.nix b/machines/genepi/configuration.nix similarity index 72% rename from hosts/genepi/default.nix rename to machines/genepi/configuration.nix index a55dd30..e86c027 100644 --- a/hosts/genepi/default.nix +++ b/machines/genepi/configuration.nix @@ -4,21 +4,16 @@ }: { imports = [ - inputs.disko.nixosModules.disko - inputs.nixos-hardware.nixosModules.raspberry-pi-4 inputs.agenix.nixosModules.default inputs.impermanence.nixosModules.impermanence ./acme.nix - ./backup.nix ./boot.nix ./builder.nix - ./disk.nix ./dns.nix ./freshrss.nix ./glance.nix - ./hardware.nix ./homeassistant.nix - ./immich.nix + # ./immich.nix ./monitoring ./mpd.nix ./network.nix @@ -27,6 +22,12 @@ ./syncthing.nix ./taskchampion.nix + ../../system + ../../modules/borgbackup.nix + + inputs.clan-core.clanModules.state-version + inputs.clan-core.clanModules.trusted-nix-caches + inputs.home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; @@ -35,6 +36,9 @@ } ]; + networking.hostName = "genepi"; + clan.core.networking.targetHost = "root@genepi.local"; + nix.gc = { automatic = true; dates = "weekly"; diff --git a/hosts/genepi/disk.nix b/machines/genepi/disko.nix similarity index 100% rename from hosts/genepi/disk.nix rename to machines/genepi/disko.nix diff --git a/hosts/genepi/dns.nix b/machines/genepi/dns.nix similarity index 100% rename from hosts/genepi/dns.nix rename to machines/genepi/dns.nix diff --git a/hosts/genepi/freshrss.nix b/machines/genepi/freshrss.nix similarity index 100% rename from hosts/genepi/freshrss.nix rename to machines/genepi/freshrss.nix diff --git a/hosts/genepi/glance-config.nix b/machines/genepi/glance-config.nix similarity index 100% rename from hosts/genepi/glance-config.nix rename to machines/genepi/glance-config.nix diff --git a/hosts/genepi/glance.nix b/machines/genepi/glance.nix similarity index 100% rename from hosts/genepi/glance.nix rename to machines/genepi/glance.nix diff --git a/machines/genepi/hardware-configuration.nix b/machines/genepi/hardware-configuration.nix new file mode 100644 index 0000000..efcb8ff --- /dev/null +++ b/machines/genepi/hardware-configuration.nix @@ -0,0 +1,23 @@ +{ inputs, pkgs, ... }: +{ + imports = [ + # inputs.nixos-hardware.nixosModules.raspberry-pi-4 + ]; + + nixpkgs.hostPlatform = "aarch64-linux"; + + hardware.enableRedistributableFirmware = true; + + # hardware = { + # raspberry-pi."4".apply-overlays-dtmerge.enable = true; + # deviceTree = { + # enable = true; + # filter = "*rpi-4-*.dtb"; + # }; + # }; + + environment.systemPackages = with pkgs; [ + libraspberrypi + raspberrypi-eeprom + ]; +} diff --git a/hosts/genepi/home.nix b/machines/genepi/home.nix similarity index 89% rename from hosts/genepi/home.nix rename to machines/genepi/home.nix index e9a9f4d..9662907 100644 --- a/hosts/genepi/home.nix +++ b/machines/genepi/home.nix @@ -1,7 +1,12 @@ -{ pkgs, inputs, ... }: +{ + config, + pkgs, + lib, + ... +}: { home.username = "rpqt"; - home.homeDirectory = "/home/rpqt"; + home.homeDirectory = lib.mkForce "/home/rpqt"; home.packages = [ pkgs.helix diff --git a/hosts/genepi/homeassistant.nix b/machines/genepi/homeassistant.nix similarity index 100% rename from hosts/genepi/homeassistant.nix rename to machines/genepi/homeassistant.nix diff --git a/hosts/genepi/immich.nix b/machines/genepi/immich.nix similarity index 91% rename from hosts/genepi/immich.nix rename to machines/genepi/immich.nix index a2ba896..7161f3c 100644 --- a/hosts/genepi/immich.nix +++ b/machines/genepi/immich.nix @@ -25,4 +25,6 @@ in ''; }; }; + + clan.core.state.userdata.folders = [ "/var/lib/immich" ]; } diff --git a/hosts/genepi/monitoring/default.nix b/machines/genepi/monitoring/default.nix similarity index 100% rename from hosts/genepi/monitoring/default.nix rename to machines/genepi/monitoring/default.nix diff --git a/hosts/genepi/monitoring/grafana.nix b/machines/genepi/monitoring/grafana.nix similarity index 100% rename from hosts/genepi/monitoring/grafana.nix rename to machines/genepi/monitoring/grafana.nix diff --git a/hosts/genepi/monitoring/prometheus.nix b/machines/genepi/monitoring/prometheus.nix similarity index 95% rename from hosts/genepi/monitoring/prometheus.nix rename to machines/genepi/monitoring/prometheus.nix index fcf4d20..401a422 100644 --- a/hosts/genepi/monitoring/prometheus.nix +++ b/machines/genepi/monitoring/prometheus.nix @@ -58,4 +58,6 @@ in }; }; }; + + clan.core.state.userdata.folders = [ "/var/lib/prometheus2" ]; } diff --git a/hosts/genepi/mpd.nix b/machines/genepi/mpd.nix similarity index 91% rename from hosts/genepi/mpd.nix rename to machines/genepi/mpd.nix index 9b09438..3f869b5 100644 --- a/hosts/genepi/mpd.nix +++ b/machines/genepi/mpd.nix @@ -19,7 +19,7 @@ services.pulseaudio.systemWide = true; # Fixes the stutter when changing volume (found this randomly) - hardware.pulseaudio.daemon.config.flat-volumes = "no"; + services.pulseaudio.daemon.config.flat-volumes = "no"; users.users.${config.services.mpd.user}.extraGroups = [ "pulse-access" ]; diff --git a/hosts/genepi/network.nix b/machines/genepi/network.nix similarity index 83% rename from hosts/genepi/network.nix rename to machines/genepi/network.nix index a1e1bf7..49b5992 100644 --- a/hosts/genepi/network.nix +++ b/machines/genepi/network.nix @@ -1,6 +1,4 @@ { - networking.hostName = "genepi"; - # Tailscale seems to break when not using resolved services.resolved.enable = true; networking.useDHCP = true; diff --git a/hosts/genepi/nginx.nix b/machines/genepi/nginx.nix similarity index 100% rename from hosts/genepi/nginx.nix rename to machines/genepi/nginx.nix diff --git a/hosts/genepi/persistence.nix b/machines/genepi/persistence.nix similarity index 51% rename from hosts/genepi/persistence.nix rename to machines/genepi/persistence.nix index 0dee4f2..bca3d3e 100644 --- a/hosts/genepi/persistence.nix +++ b/machines/genepi/persistence.nix @@ -25,35 +25,36 @@ users.rpqt = { directories = [ ]; files = [ ]; + home = "/home/rpqt"; }; }; # Empty root and remove snapshots older than 30 days - boot.initrd.postDeviceCommands = lib.mkAfter '' - mkdir /btrfs_tmp - mount /dev/disk/by-label/nixos /btrfs_tmp - if [[ -e /btrfs_tmp/root ]]; then - mkdir -p /btrfs_tmp/old_roots - timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") - mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" - fi + # boot.initrd.postDeviceCommands = lib.mkAfter '' + # mkdir /btrfs_tmp + # mount /dev/disk/by-label/nixos /btrfs_tmp + # if [[ -e /btrfs_tmp/root ]]; then + # mkdir -p /btrfs_tmp/old_roots + # timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") + # mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" + # fi - delete_subvolume_recursively() { - IFS=$'\n' - for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do - delete_subvolume_recursively "/btrfs_tmp/$i" - done - btrfs subvolume delete "$1" - } + # delete_subvolume_recursively() { + # IFS=$'\n' + # for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + # delete_subvolume_recursively "/btrfs_tmp/$i" + # done + # btrfs subvolume delete "$1" + # } - for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do - delete_subvolume_recursively "$i" - done + # for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do + # delete_subvolume_recursively "$i" + # done - btrfs subvolume create /btrfs_tmp/root - umount /btrfs_tmp - rmdir /btrfs_tmp - ''; + # btrfs subvolume create /btrfs_tmp/root + # umount /btrfs_tmp + # rmdir /btrfs_tmp + # ''; # Give agenix persistent paths so it can load secrets before the mount age.identityPaths = [ diff --git a/hosts/genepi/syncthing.nix b/machines/genepi/syncthing.nix similarity index 100% rename from hosts/genepi/syncthing.nix rename to machines/genepi/syncthing.nix diff --git a/hosts/genepi/taskchampion.nix b/machines/genepi/taskchampion.nix similarity index 100% rename from hosts/genepi/taskchampion.nix rename to machines/genepi/taskchampion.nix diff --git a/hosts/haze/boot.nix b/machines/haze/boot.nix similarity index 100% rename from hosts/haze/boot.nix rename to machines/haze/boot.nix diff --git a/hosts/haze/chat.nix b/machines/haze/chat.nix similarity index 100% rename from hosts/haze/chat.nix rename to machines/haze/chat.nix diff --git a/hosts/haze/default.nix b/machines/haze/configuration.nix similarity index 86% rename from hosts/haze/default.nix rename to machines/haze/configuration.nix index 5890e56..f66d604 100644 --- a/hosts/haze/default.nix +++ b/machines/haze/configuration.nix @@ -4,12 +4,10 @@ }: { imports = [ - inputs.disko.nixosModules.disko + # inputs.disko.nixosModules.disko inputs.agenix.nixosModules.default - inputs.impermanence.nixosModules.impermanence ./boot.nix ./chat.nix - ./disk.nix ./firefox.nix ./gimp.nix ./gnome.nix @@ -18,10 +16,12 @@ ./ssh.nix ./steam.nix ./thunderbird.nix - ./hardware.nix ./network.nix ./syncthing.nix ./video.nix + ../../system + + inputs.clan-core.clanModules.state-version inputs.home-manager.nixosModules.home-manager { @@ -32,6 +32,9 @@ } ]; + networking.hostName = "haze"; + clan.core.networking.targetHost = "rpqt@haze.local"; + specialisation = { hyprland.configuration = { ... }: diff --git a/hosts/haze/discord.nix b/machines/haze/discord.nix similarity index 100% rename from hosts/haze/discord.nix rename to machines/haze/discord.nix diff --git a/hosts/haze/disk.nix b/machines/haze/disko.nix similarity index 100% rename from hosts/haze/disk.nix rename to machines/haze/disko.nix diff --git a/hosts/haze/firefox.nix b/machines/haze/firefox.nix similarity index 100% rename from hosts/haze/firefox.nix rename to machines/haze/firefox.nix diff --git a/hosts/haze/gimp.nix b/machines/haze/gimp.nix similarity index 100% rename from hosts/haze/gimp.nix rename to machines/haze/gimp.nix diff --git a/hosts/haze/gnome.nix b/machines/haze/gnome.nix similarity index 100% rename from hosts/haze/gnome.nix rename to machines/haze/gnome.nix diff --git a/hosts/haze/hardware.nix b/machines/haze/hardware-configuration.nix similarity index 100% rename from hosts/haze/hardware.nix rename to machines/haze/hardware-configuration.nix diff --git a/hosts/haze/hibernate.nix b/machines/haze/hibernate.nix similarity index 100% rename from hosts/haze/hibernate.nix rename to machines/haze/hibernate.nix diff --git a/hosts/haze/home.nix b/machines/haze/home.nix similarity index 100% rename from hosts/haze/home.nix rename to machines/haze/home.nix diff --git a/hosts/haze/hyprland.nix b/machines/haze/hyprland.nix similarity index 100% rename from hosts/haze/hyprland.nix rename to machines/haze/hyprland.nix diff --git a/hosts/haze/network.nix b/machines/haze/network.nix similarity index 87% rename from hosts/haze/network.nix rename to machines/haze/network.nix index 915320b..d6d4675 100644 --- a/hosts/haze/network.nix +++ b/machines/haze/network.nix @@ -1,7 +1,5 @@ { pkgs, ... }: { - networking.hostName = "haze"; - networking.networkmanager = { enable = true; wifi.powersave = true; diff --git a/hosts/haze/niri.nix b/machines/haze/niri.nix similarity index 100% rename from hosts/haze/niri.nix rename to machines/haze/niri.nix diff --git a/machines/haze/secrets/secrets.nix b/machines/haze/secrets/secrets.nix new file mode 100644 index 0000000..1f012b4 --- /dev/null +++ b/machines/haze/secrets/secrets.nix @@ -0,0 +1,13 @@ +let + keys = import ../../../parts/keys.nix; +in +{ + "syncthing-key.pem.age".publicKeys = [ + keys.hosts.haze + keys.rpqt.haze + ]; + "syncthing-cert.pem.age".publicKeys = [ + keys.hosts.haze + keys.rpqt.haze + ]; +} diff --git a/hosts/haze/secrets/syncthing-cert.pem.age b/machines/haze/secrets/syncthing-cert.pem.age similarity index 100% rename from hosts/haze/secrets/syncthing-cert.pem.age rename to machines/haze/secrets/syncthing-cert.pem.age diff --git a/hosts/haze/secrets/syncthing-key.pem.age b/machines/haze/secrets/syncthing-key.pem.age similarity index 100% rename from hosts/haze/secrets/syncthing-key.pem.age rename to machines/haze/secrets/syncthing-key.pem.age diff --git a/hosts/haze/ssh.nix b/machines/haze/ssh.nix similarity index 100% rename from hosts/haze/ssh.nix rename to machines/haze/ssh.nix diff --git a/hosts/haze/steam.nix b/machines/haze/steam.nix similarity index 100% rename from hosts/haze/steam.nix rename to machines/haze/steam.nix diff --git a/hosts/haze/sway.nix b/machines/haze/sway.nix similarity index 100% rename from hosts/haze/sway.nix rename to machines/haze/sway.nix diff --git a/hosts/haze/syncthing.nix b/machines/haze/syncthing.nix similarity index 89% rename from hosts/haze/syncthing.nix rename to machines/haze/syncthing.nix index 0199de1..00806c4 100644 --- a/hosts/haze/syncthing.nix +++ b/machines/haze/syncthing.nix @@ -7,11 +7,11 @@ let home = config.users.users.${user}.home; in { - age.secrets.syncthing-key.file = ./secrets/syncthing-key.pem.age; - age.secrets.syncthing-cert.file = ./secrets/syncthing-cert.pem.age; + # age.secrets.syncthing-key.file = ./secrets/syncthing-key.pem.age; + # age.secrets.syncthing-cert.file = ./secrets/syncthing-cert.pem.age; services.syncthing = { - enable = true; + enable = false; user = user; group = "users"; dataDir = home; diff --git a/hosts/haze/thunderbird.nix b/machines/haze/thunderbird.nix similarity index 100% rename from hosts/haze/thunderbird.nix rename to machines/haze/thunderbird.nix diff --git a/hosts/haze/video.nix b/machines/haze/video.nix similarity index 100% rename from hosts/haze/video.nix rename to machines/haze/video.nix diff --git a/modules/borgbackup.nix b/modules/borgbackup.nix new file mode 100644 index 0000000..63b59a7 --- /dev/null +++ b/modules/borgbackup.nix @@ -0,0 +1,17 @@ +{ config, inputs, ... }: +let + user = "u422292"; + sub-user = "${user}"; + host = "${user}.your-storagebox.de"; +in +{ + imports = [ + ./storagebox.nix + inputs.clan-core.clanModules.borgbackup + ]; + + clan.borgbackup.destinations."storagebox-${config.networking.hostName}" = { + repo = "${sub-user}@${host}:./borgbackup/${config.networking.hostName}"; + rsh = "ssh -oPort=23 -i ${config.clan.core.vars.generators.borgbackup.files."borgbackup.ssh".path}"; + }; +} diff --git a/modules/default.nix b/modules/default.nix deleted file mode 100644 index 1458053..0000000 --- a/modules/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - imports = [ - ./remote-builder.nix - ]; -} diff --git a/modules/storagebox.nix b/modules/storagebox.nix new file mode 100644 index 0000000..bee2255 --- /dev/null +++ b/modules/storagebox.nix @@ -0,0 +1,12 @@ +let + user = "u422292"; + host = "${user}.your-storagebox.de"; +in +{ + programs.ssh.knownHosts = { + storagebox-ed25519 = { + hostNames = [ "[${host}]:23" ]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs"; + }; + }; +} diff --git a/system/core/default.nix b/system/core/default.nix index 7412c6c..53ecc66 100644 --- a/system/core/default.nix +++ b/system/core/default.nix @@ -19,7 +19,7 @@ wheelNeedsPassword = false; }; - system.stateVersion = lib.mkDefault "24.11"; + # system.stateVersion = lib.mkDefault "24.11"; time.timeZone = lib.mkDefault "Europe/Paris"; } diff --git a/system/core/ssh-server.nix b/system/core/ssh-server.nix index 6ff892f..dd8d9df 100644 --- a/system/core/ssh-server.nix +++ b/system/core/ssh-server.nix @@ -2,7 +2,7 @@ services.openssh = { enable = true; settings = { - PermitRootLogin = "no"; + # PermitRootLogin = "no"; PasswordAuthentication = false; KbdInteractiveAuthentication = false; AuthenticationMethods = "publickey"; diff --git a/vars/per-machine/crocus/openssh/ssh.id_ed25519/secret b/vars/per-machine/crocus/openssh/ssh.id_ed25519/secret index aac3e26..1bd1ef2 100644 --- a/vars/per-machine/crocus/openssh/ssh.id_ed25519/secret +++ b/vars/per-machine/crocus/openssh/ssh.id_ed25519/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:dpuDys5W+OwLcqY61eg5dUWhvmr7/QtxYB0ksY0lVkheFdtnoEF4E8PSAir0Jw8X2jryGNj69Uiu/rIyyPqQfI4YH3AI5km8MnDphmBnXpFdf0FUm/zOXiBAWMoPrG7L1lwJfugW/N8uo0zOxuDU/zdPzu/PXxEAphxpHLl0ddliaYYU08XdaGVK+x01S21amhasJ4wXz7lcB1uxe+Mod4v/BWx3uOilcJ8NH4StMrpLdZhi7JEpXBmtifHofNqgBMyU7nKkbxb+sJ9RZawVoPBAlDfnE6uHoGQt4sLOyE3Ws8mfRRI0ii1Loi4J3nfjeYg6gq0eq6Lqn62XBdYyaMs9aw7217UTy0DCeKiq5Oa8SxIHS8+883Kfk83gUokHe9zj4dTbjxv3uvx09YbVdUoGGlr17F+PVxhpvgUD5NE/sdgRBLEj1JqLAr69hJHgYNbobrfIkNiJ8oLDLDybPNxxokf4vGjijThbW8kTyX/Vk9C25U67cUhQLNz4pceOueUujgbGfapB860XIlur,iv:0YNYcOGci/NzOdazLYqEQZY3nGlPDLPHenom2BCd5yw=,tag:Wok845AMLGoTvc2JfXbhDg==,type:str]", + "data": "ENC[AES256_GCM,data:NuuwsBJ5E33VfWQwHnCujrU44VN9YUi4QD3ZJBaBMgfmjMA=,iv:f/8P5xs/0DWvaashUP9pYbigU4EyQsHoTh/hj8tP/sc=,tag:afZMpL4jyLWiNIUnDo5nzQ==,type:str]", "sops": { "age": [ { "recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBveWxMTGgxenl5ekluU2NX\nU3htdkV3UEVrTWFGaVMyYzA4dlVzQlhjMGxJCmcrbDNWcjRPSStYeXQyQkZia2t0\nSTV3L1M5QlJpQmEvU0xQUWZBUjYzeDAKLS0tICtscDBCeDc0UUhCNW1pL3hITy9z\nNVBhR3IyYjZOTVNVOXA3SURnZjlzZ2MKIornVOhZIImo+/MlnsdDCaER7OQgLrkQ\nOlzf1SciYxDBkkPPyhEngm61GLx8qc7y0lyEbiwSZ/Vp7z1Yzza2IA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoQkF0MEo2UlN6bFhualpV\nL1NteXpYdUhpZmlqWWY4eGNpTFdKeVRkTUQwCnVVWnpkbUNxTjlhRTU0eXJZRytt\ncDJJN2JmWkJrbnhPU09SSzBaM2VGWVkKLS0tIGVMZHpSNFY4WFBoczc2N3VnMHVB\nZWEvRHBSZUN2dk9nYmVPbjViV1hUbFEKjJ3fWv7LdCwuS4VpdZR7wbvtdUYkCZQK\neQuZ0SG9zF87kL4BpdpXlX2f6yuN4ZdgSPZ5IXc1SFwPJZz3v3Vg5Q==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBySUJJdEE4T1ZmVnpWQWk1\nNEZiSjBuaW82R2k3S2l4VmczWjJ2REJaSW5FCldIME5abkJham1hZGFYQ1B1NU0y\neXFmaVJZb1Q5ZlZzSnhNbUtpbHI5NWMKLS0tIFV1OEtIaExOWHRzdFJBOEdqcDRa\nMU1CQzlhM2l3dWRpb2hPUW1WU2NKUDgKx8C2mZ50JQ2QnhSiff/q5J1AgH+HbTIw\nwb0wDruuEUm5cBYNStXJCLFSMZ2v2UnPQ7uor1YE6XuwNh1YTwJm5A==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQaStpMDR4ejlwZzJzWnlS\ndkZDam1qZWpQbzVWc25aem1QcldZMHZmeGdJCnE1andLY2JWKzF1Wlh2Q09rWkw5\nc2psZEdFbWFtRi9ic0VDTi9hQVREYTAKLS0tIDB0ajhRNW9wZ055dkFRZGgxcDFk\nYWsreVBwOUxiejNoMVhGMVNET1JydXMK7wH41osgGbCHOWTYpRnw58RvT+vEJTeO\nspdyEnP4hqYl/+CGzYkZ0crJuVvo8oULAAfbXbWtOkVglqHJ2LxGCw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-05-09T22:28:08Z", - "mac": "ENC[AES256_GCM,data:jSX6HCuqQdulvzLQO58IvXWaaBJ76JjKDs5rElBz30+RM/bEfHvRCZgszS3frmP6aDPO+YDZldAG2J1bhi2VddbjhkETLXV/101qmaWvm9ZoMmOV5CzrBkBpD16HloWJZ4j9dpHbBiIJbDjjjq0VBp/PZccHR0O0kLK5B/g4nkQ=,iv:7fqaUTH1yFR2uuDjvkRmInv6bvjwnyOC4FAXeLb3aGc=,tag:N3tScjqzfmzGsol9It9pGQ==,type:str]", + "lastmodified": "2025-05-14T20:56:58Z", + "mac": "ENC[AES256_GCM,data:EyS804VI4ogWs0SELwfV6de1Yt8PU2qckwBBKuWws7W9EfHdDNWqYA15tUwn4hLjPrW8mgm7FF2/uf0KN9vi43tXUPH9eGnp9NW+BVQL6NObabaYRO/5jwPpxz05qy+HVDw0XF/trGeOwGImmbeSGtKzrLzBmh+vr7/ElzthCyQ=,iv:NRAiTCxS/zBNhGF5l4mGPuEJzWZk/V5BJoOeLtGyqK0=,tag:bCJYDt6xFzoTDG6AUsM0tw==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" }