diff --git a/.sops.yaml b/.sops.yaml index 673f5d3..0c68796 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -6,6 +6,7 @@ keys: - &tethys age1avsekqqyr62urdwtpfpt0ledzm49wy0rq7wcg3rnsprdx22er5usp0jxgs - &lapetus age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4 - &calypso age18gengezksnt0wtc3sv28ypmx546quzeg88kw5s8sywxyje5rmqyqh9daxe + - &hermes age1mcn3ty34wfugvedcamz9gscn7qh5kzl4s9s7tsrpml27gum0wfpqcw3pqt creation_rules: - path_regex: hosts/nixos/common/secrets.yaml key_groups: @@ -15,19 +16,23 @@ creation_rules: - *tethys - *lapetus - *calypso + - *hermes - path_regex: hosts/nixos/lapetus/secrets.yaml key_groups: - age: - *prescientmoon_tethys - *prescientmoon_calypso - *lapetus + - *hermes - path_regex: home/features/desktop/wakatime/secrets.yaml key_groups: - age: - *prescientmoon_tethys - *prescientmoon_calypso + - *hermes - path_regex: home/features/cli/productivity/secrets.yaml key_groups: - age: - *prescientmoon_tethys - *prescientmoon_calypso + - *hermes diff --git a/home/features/cli/productivity/secrets.yaml b/home/features/cli/productivity/secrets.yaml index 5845add..5f6fbe2 100644 --- a/home/features/cli/productivity/secrets.yaml +++ b/home/features/cli/productivity/secrets.yaml @@ -12,20 +12,29 @@ sops: - recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYTk5WWWlsK2ZyTEJEQjFH - ZW1XWm9uTlZBeXB2ZUFzaDVYUTNlSDh3aWpnClRmbExNQmRXMVVNS3BYODF1d2Ez - bVQ3UGZ5TTMrdm5GVjlQMk5sak55Qk0KLS0tIEVLVys2cnJ0Z0EvRmpUV3B2Nk9J - NzVJZmpmODYramRNaHFxL0wzOHduSTgKgq0kqWffjhQnXoiBvsBYCTxHoA6u1jug - xb5LuisZElikx3BVKoNV1HpuUwWe83VSK2hJw1lfpQZ/DFByrv5YfA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiTWtJd3AwRnVuYVZuVU84 + cUFsbUhvbzRvL2hvcEhWQjBobnpDWGdlS0JnCmhwN2hoVVdEYU9vYjk2OWZPa3Z3 + SWRFcklJeUh5ZlVMUE02MjFaTnFuTHcKLS0tIGNXNHlmU3c5Z0tiWHg2RDI4akg3 + amhpOG55cTRCbFU1MU1ROFhiSzZqZkEKPk9WWkCDRIgeVMVlYrOy6zJx8yg8Aqqf + HJKDzzS7o2NEzvgiV80Od5JFm84NHZJXBt2JyPXhXjCU31q9wOSOrA== -----END AGE ENCRYPTED FILE----- - recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLcFlQYjZ1N0JrSnVoUENB - MXl2Um9PMEhCVHFySU1MWnpqNjcxamZJRjJ3CjlMS1N3TjdxOVl1REZ3M2hSYlhi - VW9qZy9FbnJqKy9ObVc5bGNNRksrT3MKLS0tIDY5aGVZUVpkVUgvSVFHbFcwOWVY - SFVUTlpIaDlZUDhJT3hicWpxRzBia2sK6hu2aJMyHMYRwlEkbcPDtqUlU9VsDCsR - fBXvietF/w/TpfY+G2fCEDcWJAtQ7lLM0tNiiNqbUQwWBWddPVyPBA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6ejRmdWEzb3BrbkluTVcy + MFA2djQvV0hRT0xTRlBIVjBoVnZEbk9FcmtBCktzVEZaeDZ5a1VhYnlNR2VUaVR2 + WW9sWlNCbWdhNEJFbTM3QXdLWTZGaDQKLS0tIHd6Rk4vV1pFOXVkSE1DeFIyK0I2 + WTkwVHR0ckdnWUFGMG1Wa2Y1ZkFxUEkKNlKX6dpEgspT8PgCCoN+U7YLhfh8RcHd + aYRuOCW1/AwwjRLHgs4uDDUsmb5yG4AbcXeWnyPiAp3PvU24eDwzbg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1mcn3ty34wfugvedcamz9gscn7qh5kzl4s9s7tsrpml27gum0wfpqcw3pqt + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwdWc5NXJEd1BMMHZ2dXFM + cVhLYnlBeFFOeFdKMlVQMmNTYk54YlZybmpNClFHWjZjUitmLzc5M1c3aUM2MGhK + N2VybC8yaU1hUVdRSzh4MGh3ckJuY2sKLS0tIGNnWm5pVjB3ZFA3NFVId25VWVhm + NE02V21NV1MzcHdXSXFaK0tLdmswczAKLwk2NUGYonLiM/yElm+5oeMEQ+PV20aC + vGC0J2OQXD00xiAym+YdlHh10P0FsVjdoURMZSxMHA28ST/o/l6/7g== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-02-12T23:55:37Z" mac: ENC[AES256_GCM,data:RvJMumDJ2S8JgHwRLG/jhyj1a/ekBmjbzFFk7+6hrDg1/Zi8UzzATLEsEBUhX0X4vlqHBUxv4r61SQEroCl5GXBst+Wtac/zxMGIKm5PDH92HccjJhi4aftGP22PHlYCEOis7+D/Vw7W8ovRCFpEYVxxslxibCIo9RuUf8vDE94=,iv:kavw38JSPem1eChO+ntLwLFt6bAJT1rd8s00nmHNzGY=,tag:QuncWa50NvpLqMZGS0F9ug==,type:str] diff --git a/home/features/desktop/wakatime/secrets.yaml b/home/features/desktop/wakatime/secrets.yaml index b3c2e8b..1041d41 100644 --- a/home/features/desktop/wakatime/secrets.yaml +++ b/home/features/desktop/wakatime/secrets.yaml @@ -8,20 +8,29 @@ sops: - recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2dDhCMWVSY280NUlsd3Bu - L3QreE1zSGdQWnV3Tm1SQzh2SUF0VDlBcTMwCjNhdE51VzlRdXlRY241VXpaVkFR - MndqZTQxQ0FCQ3pvb3BXcXRrR3BYc2cKLS0tIElLYkVLL2h2NXNabW5CRXVla0pa - LzY0ejRvMDVmR21ISkdraHZzTndmRmcKVcQeKFytVs8QlkQpMA1GfLL8ccrbSqD+ - 7+5YJoDMiHS01Jgbh+4HNFIg/P3S3yIOCRx+ukvWF2/p7GP55Braxg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0c1BZdnRyclNycUtkWTdM + aURwQWpDUkd1d0V3cGdiazFYZEhWMVBwTTIwCmRIOC81WG8zUjJGUm9STU5rcmMx + cG91TkIzdjRvMmlhTHpWVkFBblFQN2sKLS0tIGRDVmVUQTM2VXozVGVMN2c0SFA5 + ZWZOMlJNWjQ0VDFhQmtlM0EzdDV6dGsKUl+msoR/nTC4sl5ZFvBtp2Hoh+tl5Gnw + U02PyhGSCFAJasUNH0ChOYAHnFKFR738NQQC/WCyOxjnqh7kZch/HA== -----END AGE ENCRYPTED FILE----- - recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBackQ3NzRMZ25RekM5cjNz - dlRXeTUyTVFlSDFRSC9jeFFoYlVKbWJRbEFNCnpKZHViK2F2VWJYTTBlNXpITUo1 - SFlUZUR0WTE4cUFZQlE0YzJJdS9TVVEKLS0tIE45Y25Bam5mdUNkTXkwOGkzb09t - ejU0YlVQR3JhaUE2aHBRUFhXaEdTV1EKgsHa/nufIXbLnrkvXNsZJ30dH1L2tMKf - jZufrpkQuPXWYzubUYejgQ0/yHGTDQtT9ptn72isGKKgSJZllCnPiA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpdjBXU2ZnMkdVS3RJNWJX + TGlGTGhmSkwyUHdhdjdFY2V0ckNwME5JMTBjCjhoMDErL2RrQlhvb1NxclJYNVJt + bmlOQTNBN2E1QTJqL3pvRnhtbHNvMU0KLS0tIDB3dnZvaGYvSTlnOG43bExFT3d6 + b0NNZW5vQ1hNTlg3YTE3ZDhRMnJJMUkK3WrhOBVZXgTCEQUVsTqye+B1XjINaEvh + sXB0qVi5ArTY0qNO7Amy5wQkQLb5wZNfjB3FFHQmfIkk5A8RqG1xtg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1mcn3ty34wfugvedcamz9gscn7qh5kzl4s9s7tsrpml27gum0wfpqcw3pqt + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByN2VDNWVvVE56QWpvZmRO + Y0RDZzdNVi9vYmhheFpjam5SbGYvd0d3enlNCnUxbTVoWUkxS2ptZkwxTUpQb1JG + R1h3eVdocTYyc2tPaVpuT0FGOElqNHcKLS0tIFk2WEhHNmRDMUhwbVMrZzRkSlV6 + Zmg2NnR1dURmRW5jNlhLZjBMd1BPc1EKYPKoWXg1X+kd8wcScPK/W9xnw7hVry7U + /C1MPIQFeZPRbYVZg7w4eN7tZXuR42QcnNKWl/MpNdqYWxGeqWOeBg== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-05-09T13:00:44Z" mac: ENC[AES256_GCM,data:pvcHe28Vnv/Trq84YwQjDKNiITdX5HbdRaLtoq0gzVGzuN9VL5GtufQN+rtZY3RLFDdEt6qeJe4ichVSK88S0VUEsc5CtsvR1QR59aZ20dsiELI6a9qyOLlCJCP80J9XWCe3Gr93v7AoelKdpPFo2BcRL7TNbkYxJC9t0JienSY=,iv:PtIH5IeCA7SmgekT8hs9p0kXtg4xrivhOz3HWG9UpTA=,tag:1B+POnrhCXFP/WsrfOnn3w==,type:str] diff --git a/hosts/nixos/common/secrets.yaml b/hosts/nixos/common/secrets.yaml index 8f3bc52..2628713 100644 --- a/hosts/nixos/common/secrets.yaml +++ b/hosts/nixos/common/secrets.yaml @@ -11,47 +11,56 @@ sops: - recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFRVRLdlFuS3I5aXRKRmdF - TjFHY3Yvc2NUUlpYRUR6Y2JHRVgzTkhOZjFNCkhnZjU0R0VIbDJSNVNSb2hZUDd3 - SERkaExNdkRDOXRSWlg5enluY3dXRUUKLS0tIFZBNTJYaHhxbmZhMG56UGFtd25u - aVNDS2h1NnFmMERIMzdUanp1MitBTGcKp4s32NVcyeJNI6BDeU1GGz5xjoSW/iH7 - hUxXrZaRqtiVegq7Ukv7mXCVjAy1x/Flb4dDag4Ym4ReTsyKZpQf/w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCL01hU3ZMcEY5R0MvMkRC + YnV5eW4zR2NWYUJiNXBDbEk1dnk4SEZTaERBClRQNWt6UWswaHZMN1RXdEoxdUIz + ZlRXSFI0ZVJNd2xaZEZqY1MvbW1UbzQKLS0tIGRCZ0JnL0hyS0txODNGbXFPekJH + cVNRRlVZbGpDTWpsazZMMmlyb0NXOGMKWPlUnuzZWKrWXNiybz0+FNcXZZz2E9YZ + 4RnnwPZqhrYrP/knL0SFFv7RBoqf63NtOCjCC2qr7Ex3n6A+6BIQuQ== -----END AGE ENCRYPTED FILE----- - recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZzNPU0pBVjJPREF2SGhQ - REl2ckdxakwrdHFPU0RPN0J1K0s1TWFsK0NzCjMzeGgyRktTWWpVVkFxQUpFZDBC - bDRuRHZOOU5ueHN6RlY2VUwxQThmNXcKLS0tIEtVU3F3VUZSRGJtU0VBcVh0NXRh - eFA2TWtCYmpGN2paWnRSQlBoZk83MkkKwIDlq6u31cc1toMfBHvA932dJyozUYa0 - e45KrBC3gy/5wZWcN7MktBgqd2khufa+KEMQv7c3ldyixKXokuBRhw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSVp4SCtPR0FPK1V4b3pr + ZWl0N0ptWVlsL1VJTUJZMW5WU25jWFdXUEhVCkFpekxWb2tqeEIybkUzdzFPVXUv + VGVoRkZ5WVN5WUdMSC9DTGUyM1R6dVkKLS0tIHM2dGY0MmdZY2tGM0lvMkt3aGkw + d1RQalZhU0ZxNGd4MnYxTkhWTHk4RjAKIUZiSeLOfLkVmLJ2gak7fTMMQa1jXxJ9 + BVrArTPAoD8nArPNXKLPGc0Q69ylAWIDOpD3Lsc6MwT20Iqq/xSBTw== -----END AGE ENCRYPTED FILE----- - recipient: age1avsekqqyr62urdwtpfpt0ledzm49wy0rq7wcg3rnsprdx22er5usp0jxgs enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2VC9ia21rTWpPSnJaamM3 - YzZqMzNJZDA4Q095OTMrR0JGTzczU2RWMVJNCnE0QzNvWWhscnQyWk5WOTV4Vld4 - SmJSdVdOMTRWWDFxUzJxc3hWZmxzUTQKLS0tIE9LWEtjc0x5WkpGWTUwMEt2d25K - TVJJWktOdW1Ic2E4MWpIbjQrdllkMzgK6M8T6M4rAMGgnWcVao/tp0PWG4NXvTTZ - /yNJgLZdBeHQevceLc4madD42IcrX7P2zeb6TM7l0DQVWCy+cBTN8w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0dFFQdVZLTjJBcEJsU05n + WHZEMk00emx6RUpNR2JqOTBUZnNQVTAxY0VJCjNNU0Q3Y1l0ZXg5STE4MkZsSjEx + TXowUWt6ZXhxQXY2TkVFSmgwR1hYOFkKLS0tIGZCbUthQ1lkR3lGQ0J1MHU5c0pM + Q0FVSHBoTzAyR3F5dDkyWXo1MmY0VUkKTc3qevUOPmiWhpKB2en6ZPZqiEDEVzHP + c5yo9zc+CH5zqeJI8xAC5EsQfeZ0R/4IxhfWpmCo3Z9dSza80rNBIw== -----END AGE ENCRYPTED FILE----- - recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGNmRXMFVKWnB3QjN3dDNj - QmRaRDRGUVJiczUzWE5WdFNReldBdkNOWlVvCmZCKzY4MThrUmNXeGVPTC9LSGtl - OFJOcGZVbVVjY0RveXR5WXNjU3p6UjgKLS0tIENyUHRpbjRyZjZpdjNlUktuL1g5 - QmNJVlIvTlhSRXJldUZhZjdsR0gwaHMKuNZcv3s65MtylIYzgDUd0qss4OEeJr8V - aI82/McWGJ6Lg0BVmvTUHbYcF09aMEJHeYEZNAzLiJ1a77tlhmY/jw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBYmtDeGYvbkxYUGlzbnpV + YWViZDNyUnNpeVhYb1NWeG9NOEt6cW1MTDFVClg1WXoxT2MxakNZZVArS1hmOE9a + cWpBNldFenN2RkpveVFIQnB0WVpJVkUKLS0tIHVudTVsVHpKVnVNTG1VWHJDRk1v + VU9FQ3JMT0ZrU010a1dtcEgySHBUejAKheEAtjE7lk3tYmoZWsUfwDo7WaKPBUAy + RaLK+dXq8vaLt9yMciGYRizeB/CetK5CMPfVdRBu29w824bTSYh+Cw== -----END AGE ENCRYPTED FILE----- - recipient: age18gengezksnt0wtc3sv28ypmx546quzeg88kw5s8sywxyje5rmqyqh9daxe enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlVVU5Wis5dkJRSE5lRy9U - QjFHb21uc0Z3Zmc4Z2J3NTVaajhmQy9nb2xJCjRqK1htbk82M0dnOWNEV0hHcmFz - RXFrSGE2UjdhTWh6RmwvR1psV05lbnMKLS0tIDRidEFBY0x2cXMrSHJXaXBuaE4r - WXFQQXh2cjlMdzhpa1JUdVVBK3pNbTQK6peUF0mWtmfSuN6KnoYPTEg8sIp/t0R2 - ygJEf8cpNiVxN0vsF/4kwyC/V4JE4XllsKrKF4NhVrBq96m1RmKlYg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpSnVuNFdIM09XQUVvUlhO + L0hTMWlJRmlkbmVlNnduMDVsZDIzcEM5a1ZJCk12dzNsSUN1MmtqS0JnZ1phU0Z4 + bWlCS2czbGF0L3lNdkVJWFFXUU1iWkEKLS0tIEZ1SXZLcHI2OXZ4T2NWZEJPVTFj + TmRJM2djd2E5VEg5VnJwNlo1T3RJOWMKpia96s9vF5qt0PrxoBDzGcEDtg2argan + UqF9Cgyw4vVtWhoP3sir90Yo4isodhuvJf6H1IiWad6FPCYUZnLJFg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1mcn3ty34wfugvedcamz9gscn7qh5kzl4s9s7tsrpml27gum0wfpqcw3pqt + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkTFVDUzN2OUlZYmdBZGpG + ODFGWndVQTJsd0NWNXl6bW1WQ3pJdDliVEhFClBDRzc5QTN1M1ZLQTlrQ3NNMlpa + UThyT1IzQjg5czN0MzI0dXFGRmdCZ28KLS0tIGVrUUhGNXI4S0RJT3ZmQkFmSDFa + d1BtSGJYLzdsMDJWSUR5UGkxUGRmSEEKIEY0Tg8AoeavIAuIaOeDZL4j2qrQ6vmf + h34qifSejgnpxZlmempL5c9WUjgMNXvFc8kIR0P3/eOj8MWGRFo89Q== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-07-29T19:34:39Z" mac: ENC[AES256_GCM,data:ruCV2JKgFN6BiTYjOwlhNmjDCh9ZRJ9E+H0x0uVevZnsTEcFlTUh5iNSiw3uJtcKcA4H4kuGPXlolyxuGVGsAhVFD4G3zR84i9TTHmGT4STC2dNebcA9VUXVnfPhEUFAExrPRxbEqvx3o0QPZIfGonPQzl3xhJzOPahYsRJOwTQ=,iv:rSuuhOgzOgE7DosgVEWDT1jenF3m+NqnCSEKjoCBrfE=,tag:7pAV4jKvJYG1vPqEEMqOPg==,type:str] diff --git a/hosts/nixos/iso/default.nix b/hosts/nixos/iso/default.nix index a19095a..8e99364 100644 --- a/hosts/nixos/iso/default.nix +++ b/hosts/nixos/iso/default.nix @@ -1,4 +1,4 @@ -{ modulesPath, ... }: +{ modulesPath, lib, ... }: { imports = [ "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" @@ -10,6 +10,9 @@ # Tell sops-nix to use the hermes keys for decrypting secrets sops.age.sshKeyPaths = [ "/hermes/secrets/hermes/ssh_host_ed25519_key" ]; + # Override tailscale service enabled by the `global/default.nix` file + services.tailscale.enable = lib.mkForce false; + # {{{ Automount hermes fileSystems."/hermes" = { device = "/dev/disk/by-uuid/7FE7-CA68"; diff --git a/hosts/nixos/lapetus/secrets.yaml b/hosts/nixos/lapetus/secrets.yaml index 4d27a7e..882a5d7 100644 --- a/hosts/nixos/lapetus/secrets.yaml +++ b/hosts/nixos/lapetus/secrets.yaml @@ -18,29 +18,38 @@ sops: - recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYQzgvU0NQZUFWT0pjZVBZ - ZThMRTVMWStMRThFYTF6Nkl2MlBXTWhkNUNZCmpVWW52NHNyTjZkZTN3c1NoajFR - M2MyZHFDM2czZHdPMUg2MDNPMnNqaVUKLS0tIHhwRThOYnBHY2FUajN0b0pBQ1Fn - dmZtT0xXR3RjVzd1ckNyVGpaRktnSkkKlPSmdYTQ5Qc3PVn9PhxmetF0fO7rWOwM - OTt7EF41IWwCwwhyQLpUcaCnO08jddPui1C5qnvjSFb/LZILiWQkFA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqUTI3MUtJZ0hDemhUTTht + eHVWZ2hmUnVzamJiWnBQRWkxa0ZtMW4yY21VCk4xeXQrTmhYVldsRitZVHU2dCtj + UDM4bDJIbzZmOTE5NXFkSURtWmpOd1EKLS0tIDQyUE05d01RQWQrQXd3L0o1L3pa + UDVOVXMvV3lZYktLTnExQ0lLNmlEOVkKIfKDp+Wo4rodd2pYR6UacrhGQ9Txvtuk + acj6cndu2uzAfDBe/9xem7wwgiQYuhye46X/Rk4/nyZ9oJil0g6zXg== -----END AGE ENCRYPTED FILE----- - recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtMjdib09GZC9DNGVoNCtK - Z3BnZGNXNzNEb1U3aU1xb1pkaUhPcituSEQwClhiVlMvNlU5OUZhbFE0MnZGTGha - eHpRSHlXaExzNnV0VlNEdnpqQmlDa2MKLS0tIFpPc0ovVnhnZ1IyWGNWTEFYZG81 - a1NaNzE4VVFNRlBwUHRWdTFwWjJ5a00KJvIyBz6XGV2+lfawWzHqFOMILTXt0Vlx - OTs0i0tNER2kMucEo3LHIayIM/SB1ncXv+vl0rwHCVfbKdQ0ABhb2Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJc3p0TkFCbnh6aFY0Uldk + dENQMEljZ1JVYk8wY3hiZHdpN21DRVZjbUZZClZpQjNENW1ZMkV6NEt1RHY0SC9n + ZGZpeUwzR0c2UUU2a3hIcEZJKzY1bFEKLS0tIC9seitzR3ZpR0ttSVZpS2dBSlhZ + RmQ4R0RkelduMVJPbkJPWDhkWk1qcW8K2iaTXl88VurRDhXSnCZGJMkBu5mcJgQo + u3n4XFekHr5YerHjxPwJr8if8nNyEgkVTtBq1wn5OtgSVoyHJORlZA== -----END AGE ENCRYPTED FILE----- - recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZTGIzcjYyLyt2QVh1QzJZ - L2NKK0ZFaS9kckdKbjNCd0lBckxlNWV2Qm5NCkoyLy8rOXVPOWt0U1BwTHB3ZTNl - NWVzdEQ0TUU4UjgrbzliRU5kZ0FqWjgKLS0tIE9YNkN1OWFLMVhDd1I3T1Y4Qi9O - VGNDUEo4NmxYR0JQR0NPcUZVdFl1MVEKISsE+UOuBXLZ/5qOeWSf9tPw6XOsNrWa - 09bm8O66Ai0AQGhbn0G3Qf/AlcqF+8eRFYZDmpk0HXryuNZYuj7hBw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByQ3BOYjFvcUprQks5SXB5 + b1NIVDcxUDNmU1pVYU9HUTlZUTFiSStId2lZCmJicmwwOXRSYUJ3bW5OU2ljczgx + M01uaEcza0t4R0JNMHQ1SVYwbzZMSEEKLS0tIE5HdmR3K1dIVEtjQ3RtdS9kaW1l + dTdnUGJ2YkQxY1N4enZHbnlJUDJQNzAKENtjuGqLYIAY07FmtrthmlFLLEvrD0mY + 5KnND5NgujZyuAvcr7nHngAvgi2NyL7h1b/j9CTO5WNNTytiCrR4Vg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1mcn3ty34wfugvedcamz9gscn7qh5kzl4s9s7tsrpml27gum0wfpqcw3pqt + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVZkkwWHUvYVlUV2I3MFBC + cDgxQkcyNUZyTVJrd0hWUkRxQ3ZVQTRpUEdjCnRCWHB2ckNMOEx2dmZrVW4rVlJa + eWUxWGpMWUFYcUdiUUhxSFd4ZWEzOGsKLS0tIDFPcFdSQlR2VHNuQWlDVFUva013 + cGtPeVFDU21RTHZuWDdSRFRFYVpFNmcKubVcqGdtg7JvFnZ10qfgvB3TQBvdHPXd + moux/Ild9iNbXyrbZHJvQgklE6XTOqnStDiI8bQ8+sveDRBLkHpmFg== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-06-13T14:52:30Z" mac: ENC[AES256_GCM,data:EXVbpc8P8SzTSYw0TWwJBEWYZRpGOAXm4wFS0JbzeiNaWEybZk6Y07Vr5tyaEWucpu52VxLrVwoZn8YSdF9JPAHtTQYYY35MccBkB01+GVXpVDQfxCG9UNYO24qExNboQIs5QRWmtaX7zTbut+ETcOFKHlkqR9g95PZQhsNZx4c=,iv:1Bu9g4/V2ixRvJJBijlkdNO9pdoR+qwDGTeUgr24dsg=,tag:gyF34lCSbF0It4KPmtQYJA==,type:str] diff --git a/img/2924-04-29-zathura-neovim.png b/img/2924-04-29-zathura-neovim.png deleted file mode 100644 index 567b58c..0000000 Binary files a/img/2924-04-29-zathura-neovim.png and /dev/null differ diff --git a/scripts/dns/delete-all-records.sh b/scripts/dns/delete-all-records.sh index 7da8d74..565c1f6 100755 --- a/scripts/dns/delete-all-records.sh +++ b/scripts/dns/delete-all-records.sh @@ -1,10 +1,14 @@ zoneid=$1 bearer=$2 + # Taken from https://developers.cloudflare.com/dns/zone-setups/troubleshooting/delete-all-records/ curl --silent "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records?per_page=50000" \ --header "Authorization: Bearer $bearer" \ | jq --raw-output '.result[].id' | while read id do + echo "๐Ÿงน Deleting '$id' record in zone '$zoneid'" curl --silent --request DELETE "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records/$id" \ --header "Authorization: Bearer $bearer" done + +echo "๐Ÿš€ All done!" diff --git a/scripts/github/README.md b/scripts/github/README.md old mode 100644 new mode 100755 diff --git a/scripts/emergency.sh b/scripts/live.sh similarity index 71% rename from scripts/emergency.sh rename to scripts/live.sh index 3b68d1a..d6f4988 100755 --- a/scripts/emergency.sh +++ b/scripts/live.sh @@ -4,7 +4,7 @@ # Check if at least one argument is provided if [ "$#" != "2" ] && [ "$#" != "3" ]; then - echo "Usage: $0 [action]" + echo "โ“ Usage: $0 [action]" exit 1 fi @@ -14,56 +14,56 @@ action=$3 # Ensure correct first argument type if [ "$mode" != "disko" ] && [ "$mode" != "mount" ]; then - echo "Disko action must be either 'disko' or 'mount'" + echo "โ“ Disko action must be either 'disko' or 'mount'" exit 1 fi # Ensure correct second argument type if [ "$#" != "2" ] && [ "$action" != "install" ] && [ "$action" != "enter" ]; then - echo "Action must either be empty, 'install' or 'enter'" + echo "โ“ Action must either be empty, 'install' or 'enter'" exit 1 fi if mountpoint -q /hermes; then - echo "Keys already mounted" + echo "๐Ÿ“‚ Keys already mounted" else - echo "Mounting keys" + echo "๐Ÿ“ Mounting keys" mkdir -p /hermes mount /dev/disk/by-uuid/7FE7-CA68 /hermes fi if [ "$mode" = "mount" ] && [ "$host" = "lapetus" ]; then - echo "Importing zpool" + echo "๐ŸŠ Importing zpool" zpool import -lfR /mnt zroot fi -echo "Running disko" +echo "๐Ÿ’ฃ Running disko" nix run disko -- --mode $mode ./hosts/nixos/$host/filesystems/partitions.nix if [ "$action" = "install" ]; then - echo "Generating hardware config" + echo "๐Ÿ› ๏ธ Generating hardware config" nixos-generate-config --no-filesystems --show-hardware-config \ > ./hosts/nixos/$host/hardware/generated.nix git add . - echo "Installing nixos" + echo "โ„๏ธ Installing nixos" nixos-install --flake ".#$host" - echo "Copying user ssh keys" + echo "๐Ÿ”‘ Copying user ssh keys" for dir in /mnt/persist/state/home/*; do mkdir -p "$dir/ssh/.ssh" cp /hermes/secrets/$host/id* "$dir/ssh/.ssh" done - echo "Copying host ssh keys" + echo "๐Ÿ”‘ Copying host ssh keys" mkdir -p /mnt/persist/state/home/ cp /hermes/secrets/$host/ssh* /mnt/persist/state/etc/ssh/ fi if [ "$action" = "enter" ]; then - echo "Entering nixos" + echo "โ„๏ธ Entering nixos" nixos-enter --root /mnt fi -echo "All done!" +echo "๐Ÿš€ All done!" diff --git a/scripts/setup-rsync-ssh.sh b/scripts/setup-rsync-ssh.sh index a117f30..470da9c 100755 --- a/scripts/setup-rsync-ssh.sh +++ b/scripts/setup-rsync-ssh.sh @@ -1,9 +1,12 @@ #!/usr/bin/env bash # Create tmp file tmpfile=$(mktemp) + # Concat files cat hosts/nixos/*/keys/id_*.pub > $tmpfile + # Copy concat result scp $tmpfile $(cat hosts/nixos/common/optional/services/restic/url.txt):.ssh/authorized_keys + # Cleanup file rm -rf $tmpfile diff --git a/scripts/sops-rekey.sh b/scripts/sops-rekey.sh new file mode 100755 index 0000000..aa59227 --- /dev/null +++ b/scripts/sops-rekey.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env nix-shell +#!nix-shell -p sops -i bash + +# https://askubuntu.com/questions/1010707/how-to-enable-the-double-star-globstar-operator +# Enable the ** operator +shopt -s globstar + +for file in ./**/secrets.yaml; do + echo "๐Ÿ”‘ Rekeying $file" + sops updatekeys --yes $file +done + +echo "๐Ÿš€ All done!" diff --git a/scripts/ssh-to-age.sh b/scripts/ssh-to-age.sh index 2fcfe2d..875c544 100755 --- a/scripts/ssh-to-age.sh +++ b/scripts/ssh-to-age.sh @@ -1,6 +1,8 @@ #!/usr/bin/env bash echo "๐Ÿ“ Creating sops directory" mkdir -p ~/.config/sops/age + echo "๐Ÿ”‘ Converting ssh key to age" nix-shell -p ssh-to-age --run "ssh-to-age -private-key -i ~/.ssh/id_ed25519 > ~/.config/sops/age/keys.txt" + echo "๐Ÿš€ All done"