prescientmoon/satellite
1
Fork 0
Code Activity

Add emojis to more scripts

Browse source
This commit is contained in:
prescientmoon 2024-08-27 13:54:32 +02:00
parent 1b180a8a25
commit 2b2e74a75d
Signed by: prescientmoon
SSH key fingerprint: SHA256:WFp/cO76nbarETAoQcQXuV+0h7XJsEsOCI0UsyPIy6U
13 changed files with 140 additions and 74 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.sops.yaml
View file

@ -6,6 +6,7 @@ keys:
- &tethys age1avsekqqyr62urdwtpfpt0ledzm49wy0rq7wcg3rnsprdx22er5usp0jxgs - &tethys age1avsekqqyr62urdwtpfpt0ledzm49wy0rq7wcg3rnsprdx22er5usp0jxgs
- &lapetus age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4 - &lapetus age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
- &calypso age18gengezksnt0wtc3sv28ypmx546quzeg88kw5s8sywxyje5rmqyqh9daxe - &calypso age18gengezksnt0wtc3sv28ypmx546quzeg88kw5s8sywxyje5rmqyqh9daxe
- &hermes age1mcn3ty34wfugvedcamz9gscn7qh5kzl4s9s7tsrpml27gum0wfpqcw3pqt
creation_rules: creation_rules:
- path_regex: hosts/nixos/common/secrets.yaml - path_regex: hosts/nixos/common/secrets.yaml
key_groups: key_groups:
@ -15,19 +16,23 @@ creation_rules:
- *tethys - *tethys
- *lapetus - *lapetus
- *calypso - *calypso
- *hermes
- path_regex: hosts/nixos/lapetus/secrets.yaml - path_regex: hosts/nixos/lapetus/secrets.yaml
key_groups: key_groups:
- age: - age:
- *prescientmoon_tethys - *prescientmoon_tethys
- *prescientmoon_calypso - *prescientmoon_calypso
- *lapetus - *lapetus
- *hermes
- path_regex: home/features/desktop/wakatime/secrets.yaml - path_regex: home/features/desktop/wakatime/secrets.yaml
key_groups: key_groups:
- age: - age:
- *prescientmoon_tethys - *prescientmoon_tethys
- *prescientmoon_calypso - *prescientmoon_calypso
- *hermes
- path_regex: home/features/cli/productivity/secrets.yaml - path_regex: home/features/cli/productivity/secrets.yaml
key_groups: key_groups:
- age: - age:
- *prescientmoon_tethys - *prescientmoon_tethys
- *prescientmoon_calypso - *prescientmoon_calypso
- *hermes

29
home/features/cli/productivity/secrets.yaml
View file

@ -12,20 +12,29 @@ sops:
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs - recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYTk5WWWlsK2ZyTEJEQjFH YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiTWtJd3AwRnVuYVZuVU84
ZW1XWm9uTlZBeXB2ZUFzaDVYUTNlSDh3aWpnClRmbExNQmRXMVVNS3BYODF1d2Ez cUFsbUhvbzRvL2hvcEhWQjBobnpDWGdlS0JnCmhwN2hoVVdEYU9vYjk2OWZPa3Z3
bVQ3UGZ5TTMrdm5GVjlQMk5sak55Qk0KLS0tIEVLVys2cnJ0Z0EvRmpUV3B2Nk9J SWRFcklJeUh5ZlVMUE02MjFaTnFuTHcKLS0tIGNXNHlmU3c5Z0tiWHg2RDI4akg3
NzVJZmpmODYramRNaHFxL0wzOHduSTgKgq0kqWffjhQnXoiBvsBYCTxHoA6u1jug amhpOG55cTRCbFU1MU1ROFhiSzZqZkEKPk9WWkCDRIgeVMVlYrOy6zJx8yg8Aqqf
xb5LuisZElikx3BVKoNV1HpuUwWe83VSK2hJw1lfpQZ/DFByrv5YfA== HJKDzzS7o2NEzvgiV80Od5JFm84NHZJXBt2JyPXhXjCU31q9wOSOrA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8 - recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLcFlQYjZ1N0JrSnVoUENB YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6ejRmdWEzb3BrbkluTVcy
MXl2Um9PMEhCVHFySU1MWnpqNjcxamZJRjJ3CjlMS1N3TjdxOVl1REZ3M2hSYlhi MFA2djQvV0hRT0xTRlBIVjBoVnZEbk9FcmtBCktzVEZaeDZ5a1VhYnlNR2VUaVR2
VW9qZy9FbnJqKy9ObVc5bGNNRksrT3MKLS0tIDY5aGVZUVpkVUgvSVFHbFcwOWVY WW9sWlNCbWdhNEJFbTM3QXdLWTZGaDQKLS0tIHd6Rk4vV1pFOXVkSE1DeFIyK0I2
SFVUTlpIaDlZUDhJT3hicWpxRzBia2sK6hu2aJMyHMYRwlEkbcPDtqUlU9VsDCsR WTkwVHR0ckdnWUFGMG1Wa2Y1ZkFxUEkKNlKX6dpEgspT8PgCCoN+U7YLhfh8RcHd
fBXvietF/w/TpfY+G2fCEDcWJAtQ7lLM0tNiiNqbUQwWBWddPVyPBA== aYRuOCW1/AwwjRLHgs4uDDUsmb5yG4AbcXeWnyPiAp3PvU24eDwzbg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mcn3ty34wfugvedcamz9gscn7qh5kzl4s9s7tsrpml27gum0wfpqcw3pqt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwdWc5NXJEd1BMMHZ2dXFM
cVhLYnlBeFFOeFdKMlVQMmNTYk54YlZybmpNClFHWjZjUitmLzc5M1c3aUM2MGhK
N2VybC8yaU1hUVdRSzh4MGh3ckJuY2sKLS0tIGNnWm5pVjB3ZFA3NFVId25VWVhm
NE02V21NV1MzcHdXSXFaK0tLdmswczAKLwk2NUGYonLiM/yElm+5oeMEQ+PV20aC
vGC0J2OQXD00xiAym+YdlHh10P0FsVjdoURMZSxMHA28ST/o/l6/7g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-12T23:55:37Z" lastmodified: "2024-02-12T23:55:37Z"
mac: ENC[AES256_GCM,data:RvJMumDJ2S8JgHwRLG/jhyj1a/ekBmjbzFFk7+6hrDg1/Zi8UzzATLEsEBUhX0X4vlqHBUxv4r61SQEroCl5GXBst+Wtac/zxMGIKm5PDH92HccjJhi4aftGP22PHlYCEOis7+D/Vw7W8ovRCFpEYVxxslxibCIo9RuUf8vDE94=,iv:kavw38JSPem1eChO+ntLwLFt6bAJT1rd8s00nmHNzGY=,tag:QuncWa50NvpLqMZGS0F9ug==,type:str] mac: ENC[AES256_GCM,data:RvJMumDJ2S8JgHwRLG/jhyj1a/ekBmjbzFFk7+6hrDg1/Zi8UzzATLEsEBUhX0X4vlqHBUxv4r61SQEroCl5GXBst+Wtac/zxMGIKm5PDH92HccjJhi4aftGP22PHlYCEOis7+D/Vw7W8ovRCFpEYVxxslxibCIo9RuUf8vDE94=,iv:kavw38JSPem1eChO+ntLwLFt6bAJT1rd8s00nmHNzGY=,tag:QuncWa50NvpLqMZGS0F9ug==,type:str]

29
home/features/desktop/wakatime/secrets.yaml
View file

@ -8,20 +8,29 @@ sops:
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs - recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2dDhCMWVSY280NUlsd3Bu YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0c1BZdnRyclNycUtkWTdM
L3QreE1zSGdQWnV3Tm1SQzh2SUF0VDlBcTMwCjNhdE51VzlRdXlRY241VXpaVkFR aURwQWpDUkd1d0V3cGdiazFYZEhWMVBwTTIwCmRIOC81WG8zUjJGUm9STU5rcmMx
MndqZTQxQ0FCQ3pvb3BXcXRrR3BYc2cKLS0tIElLYkVLL2h2NXNabW5CRXVla0pa cG91TkIzdjRvMmlhTHpWVkFBblFQN2sKLS0tIGRDVmVUQTM2VXozVGVMN2c0SFA5
LzY0ejRvMDVmR21ISkdraHZzTndmRmcKVcQeKFytVs8QlkQpMA1GfLL8ccrbSqD+ ZWZOMlJNWjQ0VDFhQmtlM0EzdDV6dGsKUl+msoR/nTC4sl5ZFvBtp2Hoh+tl5Gnw
7+5YJoDMiHS01Jgbh+4HNFIg/P3S3yIOCRx+ukvWF2/p7GP55Braxg== U02PyhGSCFAJasUNH0ChOYAHnFKFR738NQQC/WCyOxjnqh7kZch/HA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8 - recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBackQ3NzRMZ25RekM5cjNz YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpdjBXU2ZnMkdVS3RJNWJX
dlRXeTUyTVFlSDFRSC9jeFFoYlVKbWJRbEFNCnpKZHViK2F2VWJYTTBlNXpITUo1 TGlGTGhmSkwyUHdhdjdFY2V0ckNwME5JMTBjCjhoMDErL2RrQlhvb1NxclJYNVJt
SFlUZUR0WTE4cUFZQlE0YzJJdS9TVVEKLS0tIE45Y25Bam5mdUNkTXkwOGkzb09t bmlOQTNBN2E1QTJqL3pvRnhtbHNvMU0KLS0tIDB3dnZvaGYvSTlnOG43bExFT3d6
ejU0YlVQR3JhaUE2aHBRUFhXaEdTV1EKgsHa/nufIXbLnrkvXNsZJ30dH1L2tMKf b0NNZW5vQ1hNTlg3YTE3ZDhRMnJJMUkK3WrhOBVZXgTCEQUVsTqye+B1XjINaEvh
jZufrpkQuPXWYzubUYejgQ0/yHGTDQtT9ptn72isGKKgSJZllCnPiA== sXB0qVi5ArTY0qNO7Amy5wQkQLb5wZNfjB3FFHQmfIkk5A8RqG1xtg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mcn3ty34wfugvedcamz9gscn7qh5kzl4s9s7tsrpml27gum0wfpqcw3pqt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByN2VDNWVvVE56QWpvZmRO
Y0RDZzdNVi9vYmhheFpjam5SbGYvd0d3enlNCnUxbTVoWUkxS2ptZkwxTUpQb1JG
R1h3eVdocTYyc2tPaVpuT0FGOElqNHcKLS0tIFk2WEhHNmRDMUhwbVMrZzRkSlV6
Zmg2NnR1dURmRW5jNlhLZjBMd1BPc1EKYPKoWXg1X+kd8wcScPK/W9xnw7hVry7U
/C1MPIQFeZPRbYVZg7w4eN7tZXuR42QcnNKWl/MpNdqYWxGeqWOeBg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-09T13:00:44Z" lastmodified: "2024-05-09T13:00:44Z"
mac: ENC[AES256_GCM,data:pvcHe28Vnv/Trq84YwQjDKNiITdX5HbdRaLtoq0gzVGzuN9VL5GtufQN+rtZY3RLFDdEt6qeJe4ichVSK88S0VUEsc5CtsvR1QR59aZ20dsiELI6a9qyOLlCJCP80J9XWCe3Gr93v7AoelKdpPFo2BcRL7TNbkYxJC9t0JienSY=,iv:PtIH5IeCA7SmgekT8hs9p0kXtg4xrivhOz3HWG9UpTA=,tag:1B+POnrhCXFP/WsrfOnn3w==,type:str] mac: ENC[AES256_GCM,data:pvcHe28Vnv/Trq84YwQjDKNiITdX5HbdRaLtoq0gzVGzuN9VL5GtufQN+rtZY3RLFDdEt6qeJe4ichVSK88S0VUEsc5CtsvR1QR59aZ20dsiELI6a9qyOLlCJCP80J9XWCe3Gr93v7AoelKdpPFo2BcRL7TNbkYxJC9t0JienSY=,iv:PtIH5IeCA7SmgekT8hs9p0kXtg4xrivhOz3HWG9UpTA=,tag:1B+POnrhCXFP/WsrfOnn3w==,type:str]

59
hosts/nixos/common/secrets.yaml
View file

@ -11,47 +11,56 @@ sops:
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs - recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFRVRLdlFuS3I5aXRKRmdF YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCL01hU3ZMcEY5R0MvMkRC
TjFHY3Yvc2NUUlpYRUR6Y2JHRVgzTkhOZjFNCkhnZjU0R0VIbDJSNVNSb2hZUDd3 YnV5eW4zR2NWYUJiNXBDbEk1dnk4SEZTaERBClRQNWt6UWswaHZMN1RXdEoxdUIz
SERkaExNdkRDOXRSWlg5enluY3dXRUUKLS0tIFZBNTJYaHhxbmZhMG56UGFtd25u ZlRXSFI0ZVJNd2xaZEZqY1MvbW1UbzQKLS0tIGRCZ0JnL0hyS0txODNGbXFPekJH
aVNDS2h1NnFmMERIMzdUanp1MitBTGcKp4s32NVcyeJNI6BDeU1GGz5xjoSW/iH7 cVNRRlVZbGpDTWpsazZMMmlyb0NXOGMKWPlUnuzZWKrWXNiybz0+FNcXZZz2E9YZ
hUxXrZaRqtiVegq7Ukv7mXCVjAy1x/Flb4dDag4Ym4ReTsyKZpQf/w== 4RnnwPZqhrYrP/knL0SFFv7RBoqf63NtOCjCC2qr7Ex3n6A+6BIQuQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8 - recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZzNPU0pBVjJPREF2SGhQ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSVp4SCtPR0FPK1V4b3pr
REl2ckdxakwrdHFPU0RPN0J1K0s1TWFsK0NzCjMzeGgyRktTWWpVVkFxQUpFZDBC ZWl0N0ptWVlsL1VJTUJZMW5WU25jWFdXUEhVCkFpekxWb2tqeEIybkUzdzFPVXUv
bDRuRHZOOU5ueHN6RlY2VUwxQThmNXcKLS0tIEtVU3F3VUZSRGJtU0VBcVh0NXRh VGVoRkZ5WVN5WUdMSC9DTGUyM1R6dVkKLS0tIHM2dGY0MmdZY2tGM0lvMkt3aGkw
eFA2TWtCYmpGN2paWnRSQlBoZk83MkkKwIDlq6u31cc1toMfBHvA932dJyozUYa0 d1RQalZhU0ZxNGd4MnYxTkhWTHk4RjAKIUZiSeLOfLkVmLJ2gak7fTMMQa1jXxJ9
e45KrBC3gy/5wZWcN7MktBgqd2khufa+KEMQv7c3ldyixKXokuBRhw== BVrArTPAoD8nArPNXKLPGc0Q69ylAWIDOpD3Lsc6MwT20Iqq/xSBTw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1avsekqqyr62urdwtpfpt0ledzm49wy0rq7wcg3rnsprdx22er5usp0jxgs - recipient: age1avsekqqyr62urdwtpfpt0ledzm49wy0rq7wcg3rnsprdx22er5usp0jxgs
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2VC9ia21rTWpPSnJaamM3 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0dFFQdVZLTjJBcEJsU05n
YzZqMzNJZDA4Q095OTMrR0JGTzczU2RWMVJNCnE0QzNvWWhscnQyWk5WOTV4Vld4 WHZEMk00emx6RUpNR2JqOTBUZnNQVTAxY0VJCjNNU0Q3Y1l0ZXg5STE4MkZsSjEx
SmJSdVdOMTRWWDFxUzJxc3hWZmxzUTQKLS0tIE9LWEtjc0x5WkpGWTUwMEt2d25K TXowUWt6ZXhxQXY2TkVFSmgwR1hYOFkKLS0tIGZCbUthQ1lkR3lGQ0J1MHU5c0pM
TVJJWktOdW1Ic2E4MWpIbjQrdllkMzgK6M8T6M4rAMGgnWcVao/tp0PWG4NXvTTZ Q0FVSHBoTzAyR3F5dDkyWXo1MmY0VUkKTc3qevUOPmiWhpKB2en6ZPZqiEDEVzHP
/yNJgLZdBeHQevceLc4madD42IcrX7P2zeb6TM7l0DQVWCy+cBTN8w== c5yo9zc+CH5zqeJI8xAC5EsQfeZ0R/4IxhfWpmCo3Z9dSza80rNBIw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4 - recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGNmRXMFVKWnB3QjN3dDNj YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBYmtDeGYvbkxYUGlzbnpV
QmRaRDRGUVJiczUzWE5WdFNReldBdkNOWlVvCmZCKzY4MThrUmNXeGVPTC9LSGtl YWViZDNyUnNpeVhYb1NWeG9NOEt6cW1MTDFVClg1WXoxT2MxakNZZVArS1hmOE9a
OFJOcGZVbVVjY0RveXR5WXNjU3p6UjgKLS0tIENyUHRpbjRyZjZpdjNlUktuL1g5 cWpBNldFenN2RkpveVFIQnB0WVpJVkUKLS0tIHVudTVsVHpKVnVNTG1VWHJDRk1v
QmNJVlIvTlhSRXJldUZhZjdsR0gwaHMKuNZcv3s65MtylIYzgDUd0qss4OEeJr8V VU9FQ3JMT0ZrU010a1dtcEgySHBUejAKheEAtjE7lk3tYmoZWsUfwDo7WaKPBUAy
aI82/McWGJ6Lg0BVmvTUHbYcF09aMEJHeYEZNAzLiJ1a77tlhmY/jw== RaLK+dXq8vaLt9yMciGYRizeB/CetK5CMPfVdRBu29w824bTSYh+Cw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age18gengezksnt0wtc3sv28ypmx546quzeg88kw5s8sywxyje5rmqyqh9daxe - recipient: age18gengezksnt0wtc3sv28ypmx546quzeg88kw5s8sywxyje5rmqyqh9daxe
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlVVU5Wis5dkJRSE5lRy9U YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpSnVuNFdIM09XQUVvUlhO
QjFHb21uc0Z3Zmc4Z2J3NTVaajhmQy9nb2xJCjRqK1htbk82M0dnOWNEV0hHcmFz L0hTMWlJRmlkbmVlNnduMDVsZDIzcEM5a1ZJCk12dzNsSUN1MmtqS0JnZ1phU0Z4
RXFrSGE2UjdhTWh6RmwvR1psV05lbnMKLS0tIDRidEFBY0x2cXMrSHJXaXBuaE4r bWlCS2czbGF0L3lNdkVJWFFXUU1iWkEKLS0tIEZ1SXZLcHI2OXZ4T2NWZEJPVTFj
WXFQQXh2cjlMdzhpa1JUdVVBK3pNbTQK6peUF0mWtmfSuN6KnoYPTEg8sIp/t0R2 TmRJM2djd2E5VEg5VnJwNlo1T3RJOWMKpia96s9vF5qt0PrxoBDzGcEDtg2argan
ygJEf8cpNiVxN0vsF/4kwyC/V4JE4XllsKrKF4NhVrBq96m1RmKlYg== UqF9Cgyw4vVtWhoP3sir90Yo4isodhuvJf6H1IiWad6FPCYUZnLJFg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mcn3ty34wfugvedcamz9gscn7qh5kzl4s9s7tsrpml27gum0wfpqcw3pqt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkTFVDUzN2OUlZYmdBZGpG
ODFGWndVQTJsd0NWNXl6bW1WQ3pJdDliVEhFClBDRzc5QTN1M1ZLQTlrQ3NNMlpa
UThyT1IzQjg5czN0MzI0dXFGRmdCZ28KLS0tIGVrUUhGNXI4S0RJT3ZmQkFmSDFa
d1BtSGJYLzdsMDJWSUR5UGkxUGRmSEEKIEY0Tg8AoeavIAuIaOeDZL4j2qrQ6vmf
h34qifSejgnpxZlmempL5c9WUjgMNXvFc8kIR0P3/eOj8MWGRFo89Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-29T19:34:39Z" lastmodified: "2024-07-29T19:34:39Z"
mac: ENC[AES256_GCM,data:ruCV2JKgFN6BiTYjOwlhNmjDCh9ZRJ9E+H0x0uVevZnsTEcFlTUh5iNSiw3uJtcKcA4H4kuGPXlolyxuGVGsAhVFD4G3zR84i9TTHmGT4STC2dNebcA9VUXVnfPhEUFAExrPRxbEqvx3o0QPZIfGonPQzl3xhJzOPahYsRJOwTQ=,iv:rSuuhOgzOgE7DosgVEWDT1jenF3m+NqnCSEKjoCBrfE=,tag:7pAV4jKvJYG1vPqEEMqOPg==,type:str] mac: ENC[AES256_GCM,data:ruCV2JKgFN6BiTYjOwlhNmjDCh9ZRJ9E+H0x0uVevZnsTEcFlTUh5iNSiw3uJtcKcA4H4kuGPXlolyxuGVGsAhVFD4G3zR84i9TTHmGT4STC2dNebcA9VUXVnfPhEUFAExrPRxbEqvx3o0QPZIfGonPQzl3xhJzOPahYsRJOwTQ=,iv:rSuuhOgzOgE7DosgVEWDT1jenF3m+NqnCSEKjoCBrfE=,tag:7pAV4jKvJYG1vPqEEMqOPg==,type:str]

5
hosts/nixos/iso/default.nix
View file

@ -1,4 +1,4 @@
{ modulesPath, ... }: { modulesPath, lib, ... }:
{ {
imports = [ imports = [
"${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
@ -10,6 +10,9 @@
# Tell sops-nix to use the hermes keys for decrypting secrets # Tell sops-nix to use the hermes keys for decrypting secrets
sops.age.sshKeyPaths = [ "/hermes/secrets/hermes/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "/hermes/secrets/hermes/ssh_host_ed25519_key" ];
# Override tailscale service enabled by the `global/default.nix` file
services.tailscale.enable = lib.mkForce false;
# {{{ Automount hermes # {{{ Automount hermes
fileSystems."/hermes" = { fileSystems."/hermes" = {
device = "/dev/disk/by-uuid/7FE7-CA68"; device = "/dev/disk/by-uuid/7FE7-CA68";

39
hosts/nixos/lapetus/secrets.yaml
View file

@ -18,29 +18,38 @@ sops:
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs - recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYQzgvU0NQZUFWT0pjZVBZ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqUTI3MUtJZ0hDemhUTTht
ZThMRTVMWStMRThFYTF6Nkl2MlBXTWhkNUNZCmpVWW52NHNyTjZkZTN3c1NoajFR eHVWZ2hmUnVzamJiWnBQRWkxa0ZtMW4yY21VCk4xeXQrTmhYVldsRitZVHU2dCtj
M2MyZHFDM2czZHdPMUg2MDNPMnNqaVUKLS0tIHhwRThOYnBHY2FUajN0b0pBQ1Fn UDM4bDJIbzZmOTE5NXFkSURtWmpOd1EKLS0tIDQyUE05d01RQWQrQXd3L0o1L3pa
dmZtT0xXR3RjVzd1ckNyVGpaRktnSkkKlPSmdYTQ5Qc3PVn9PhxmetF0fO7rWOwM UDVOVXMvV3lZYktLTnExQ0lLNmlEOVkKIfKDp+Wo4rodd2pYR6UacrhGQ9Txvtuk
OTt7EF41IWwCwwhyQLpUcaCnO08jddPui1C5qnvjSFb/LZILiWQkFA== acj6cndu2uzAfDBe/9xem7wwgiQYuhye46X/Rk4/nyZ9oJil0g6zXg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8 - recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtMjdib09GZC9DNGVoNCtK YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJc3p0TkFCbnh6aFY0Uldk
Z3BnZGNXNzNEb1U3aU1xb1pkaUhPcituSEQwClhiVlMvNlU5OUZhbFE0MnZGTGha dENQMEljZ1JVYk8wY3hiZHdpN21DRVZjbUZZClZpQjNENW1ZMkV6NEt1RHY0SC9n
eHpRSHlXaExzNnV0VlNEdnpqQmlDa2MKLS0tIFpPc0ovVnhnZ1IyWGNWTEFYZG81 ZGZpeUwzR0c2UUU2a3hIcEZJKzY1bFEKLS0tIC9seitzR3ZpR0ttSVZpS2dBSlhZ
a1NaNzE4VVFNRlBwUHRWdTFwWjJ5a00KJvIyBz6XGV2+lfawWzHqFOMILTXt0Vlx RmQ4R0RkelduMVJPbkJPWDhkWk1qcW8K2iaTXl88VurRDhXSnCZGJMkBu5mcJgQo
OTs0i0tNER2kMucEo3LHIayIM/SB1ncXv+vl0rwHCVfbKdQ0ABhb2Q== u3n4XFekHr5YerHjxPwJr8if8nNyEgkVTtBq1wn5OtgSVoyHJORlZA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4 - recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZTGIzcjYyLyt2QVh1QzJZ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByQ3BOYjFvcUprQks5SXB5
L2NKK0ZFaS9kckdKbjNCd0lBckxlNWV2Qm5NCkoyLy8rOXVPOWt0U1BwTHB3ZTNl b1NIVDcxUDNmU1pVYU9HUTlZUTFiSStId2lZCmJicmwwOXRSYUJ3bW5OU2ljczgx
NWVzdEQ0TUU4UjgrbzliRU5kZ0FqWjgKLS0tIE9YNkN1OWFLMVhDd1I3T1Y4Qi9O M01uaEcza0t4R0JNMHQ1SVYwbzZMSEEKLS0tIE5HdmR3K1dIVEtjQ3RtdS9kaW1l
VGNDUEo4NmxYR0JQR0NPcUZVdFl1MVEKISsE+UOuBXLZ/5qOeWSf9tPw6XOsNrWa dTdnUGJ2YkQxY1N4enZHbnlJUDJQNzAKENtjuGqLYIAY07FmtrthmlFLLEvrD0mY
09bm8O66Ai0AQGhbn0G3Qf/AlcqF+8eRFYZDmpk0HXryuNZYuj7hBw== 5KnND5NgujZyuAvcr7nHngAvgi2NyL7h1b/j9CTO5WNNTytiCrR4Vg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mcn3ty34wfugvedcamz9gscn7qh5kzl4s9s7tsrpml27gum0wfpqcw3pqt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVZkkwWHUvYVlUV2I3MFBC
cDgxQkcyNUZyTVJrd0hWUkRxQ3ZVQTRpUEdjCnRCWHB2ckNMOEx2dmZrVW4rVlJa
eWUxWGpMWUFYcUdiUUhxSFd4ZWEzOGsKLS0tIDFPcFdSQlR2VHNuQWlDVFUva013
cGtPeVFDU21RTHZuWDdSRFRFYVpFNmcKubVcqGdtg7JvFnZ10qfgvB3TQBvdHPXd
moux/Ild9iNbXyrbZHJvQgklE6XTOqnStDiI8bQ8+sveDRBLkHpmFg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-13T14:52:30Z" lastmodified: "2024-06-13T14:52:30Z"
mac: ENC[AES256_GCM,data:EXVbpc8P8SzTSYw0TWwJBEWYZRpGOAXm4wFS0JbzeiNaWEybZk6Y07Vr5tyaEWucpu52VxLrVwoZn8YSdF9JPAHtTQYYY35MccBkB01+GVXpVDQfxCG9UNYO24qExNboQIs5QRWmtaX7zTbut+ETcOFKHlkqR9g95PZQhsNZx4c=,iv:1Bu9g4/V2ixRvJJBijlkdNO9pdoR+qwDGTeUgr24dsg=,tag:gyF34lCSbF0It4KPmtQYJA==,type:str] mac: ENC[AES256_GCM,data:EXVbpc8P8SzTSYw0TWwJBEWYZRpGOAXm4wFS0JbzeiNaWEybZk6Y07Vr5tyaEWucpu52VxLrVwoZn8YSdF9JPAHtTQYYY35MccBkB01+GVXpVDQfxCG9UNYO24qExNboQIs5QRWmtaX7zTbut+ETcOFKHlkqR9g95PZQhsNZx4c=,iv:1Bu9g4/V2ixRvJJBijlkdNO9pdoR+qwDGTeUgr24dsg=,tag:gyF34lCSbF0It4KPmtQYJA==,type:str]

BIN
img/2924-04-29-zathura-neovim.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 2.1 MiB

4
scripts/dns/delete-all-records.sh
View file

@ -1,10 +1,14 @@
zoneid=$1 zoneid=$1
bearer=$2 bearer=$2
# Taken from https://developers.cloudflare.com/dns/zone-setups/troubleshooting/delete-all-records/ # Taken from https://developers.cloudflare.com/dns/zone-setups/troubleshooting/delete-all-records/
curl --silent "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records?per_page=50000" \ curl --silent "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records?per_page=50000" \
--header "Authorization: Bearer $bearer" \ --header "Authorization: Bearer $bearer" \
| jq --raw-output '.result[].id' | while read id | jq --raw-output '.result[].id' | while read id
do do
echo "🧹 Deleting '$id' record in zone '$zoneid'"
curl --silent --request DELETE "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records/$id" \ curl --silent --request DELETE "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records/$id" \
--header "Authorization: Bearer $bearer" --header "Authorization: Bearer $bearer"
done done
echo "🚀 All done!"

0
scripts/github/README.md Normal file → Executable file
View file

26
scripts/emergency.sh → scripts/live.sh
View file

@ -4,7 +4,7 @@
# Check if at least one argument is provided # Check if at least one argument is provided
if [ "$#" != "2" ] && [ "$#" != "3" ]; then if [ "$#" != "2" ] && [ "$#" != "3" ]; then
echo "Usage: $0 <host> <disko-mode> [action]" echo "Usage: $0 <host> <disko-mode> [action]"
exit 1 exit 1
fi fi
@ -14,56 +14,56 @@ action=$3
# Ensure correct first argument type # Ensure correct first argument type
if [ "$mode" != "disko" ] && [ "$mode" != "mount" ]; then if [ "$mode" != "disko" ] && [ "$mode" != "mount" ]; then
echo "Disko action must be either 'disko' or 'mount'" echo "Disko action must be either 'disko' or 'mount'"
exit 1 exit 1
fi fi
# Ensure correct second argument type # Ensure correct second argument type
if [ "$#" != "2" ] && [ "$action" != "install" ] && [ "$action" != "enter" ]; then if [ "$#" != "2" ] && [ "$action" != "install" ] && [ "$action" != "enter" ]; then
echo "Action must either be empty, 'install' or 'enter'" echo "Action must either be empty, 'install' or 'enter'"
exit 1 exit 1
fi fi
if mountpoint -q /hermes; then if mountpoint -q /hermes; then
echo "Keys already mounted" echo "📂 Keys already mounted"
else else
echo "Mounting keys" echo "📁 Mounting keys"
mkdir -p /hermes mkdir -p /hermes
mount /dev/disk/by-uuid/7FE7-CA68 /hermes mount /dev/disk/by-uuid/7FE7-CA68 /hermes
fi fi
if [ "$mode" = "mount" ] && [ "$host" = "lapetus" ]; then if [ "$mode" = "mount" ] && [ "$host" = "lapetus" ]; then
echo "Importing zpool" echo "🏊 Importing zpool"
zpool import -lfR /mnt zroot zpool import -lfR /mnt zroot
fi fi
echo "Running disko" echo "💣 Running disko"
nix run disko -- --mode $mode ./hosts/nixos/$host/filesystems/partitions.nix nix run disko -- --mode $mode ./hosts/nixos/$host/filesystems/partitions.nix
if [ "$action" = "install" ]; then if [ "$action" = "install" ]; then
echo "Generating hardware config" echo "🛠️ Generating hardware config"
nixos-generate-config --no-filesystems --show-hardware-config \ nixos-generate-config --no-filesystems --show-hardware-config \
> ./hosts/nixos/$host/hardware/generated.nix > ./hosts/nixos/$host/hardware/generated.nix
git add . git add .
echo "Installing nixos" echo "❄️ Installing nixos"
nixos-install --flake ".#$host" nixos-install --flake ".#$host"
echo "Copying user ssh keys" echo "🔑 Copying user ssh keys"
for dir in /mnt/persist/state/home/*; do for dir in /mnt/persist/state/home/*; do
mkdir -p "$dir/ssh/.ssh" mkdir -p "$dir/ssh/.ssh"
cp /hermes/secrets/$host/id* "$dir/ssh/.ssh" cp /hermes/secrets/$host/id* "$dir/ssh/.ssh"
done done
echo "Copying host ssh keys" echo "🔑 Copying host ssh keys"
mkdir -p /mnt/persist/state/home/ mkdir -p /mnt/persist/state/home/
cp /hermes/secrets/$host/ssh* /mnt/persist/state/etc/ssh/ cp /hermes/secrets/$host/ssh* /mnt/persist/state/etc/ssh/
fi fi
if [ "$action" = "enter" ]; then if [ "$action" = "enter" ]; then
echo "Entering nixos" echo "❄️ Entering nixos"
nixos-enter --root /mnt nixos-enter --root /mnt
fi fi
echo "All done!" echo "🚀 All done!"

3
scripts/setup-rsync-ssh.sh
View file

@ -1,9 +1,12 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# Create tmp file # Create tmp file
tmpfile=$(mktemp) tmpfile=$(mktemp)
# Concat files # Concat files
cat hosts/nixos/*/keys/id_*.pub > $tmpfile cat hosts/nixos/*/keys/id_*.pub > $tmpfile
# Copy concat result # Copy concat result
scp $tmpfile $(cat hosts/nixos/common/optional/services/restic/url.txt):.ssh/authorized_keys scp $tmpfile $(cat hosts/nixos/common/optional/services/restic/url.txt):.ssh/authorized_keys
# Cleanup file # Cleanup file
rm -rf $tmpfile rm -rf $tmpfile

13
scripts/sops-rekey.sh Executable file
View file

@ -0,0 +1,13 @@
#!/usr/bin/env nix-shell
#!nix-shell -p sops -i bash
# https://askubuntu.com/questions/1010707/how-to-enable-the-double-star-globstar-operator
# Enable the ** operator
shopt -s globstar
for file in ./**/secrets.yaml; do
echo "🔑 Rekeying $file"
sops updatekeys --yes $file
done
echo "🚀 All done!"

2
scripts/ssh-to-age.sh
View file

@ -1,6 +1,8 @@
#!/usr/bin/env bash #!/usr/bin/env bash
echo "📁 Creating sops directory" echo "📁 Creating sops directory"
mkdir -p ~/.config/sops/age mkdir -p ~/.config/sops/age
echo "🔑 Converting ssh key to age" echo "🔑 Converting ssh key to age"
nix-shell -p ssh-to-age --run "ssh-to-age -private-key -i ~/.ssh/id_ed25519 > ~/.config/sops/age/keys.txt" nix-shell -p ssh-to-age --run "ssh-to-age -private-key -i ~/.ssh/id_ed25519 > ~/.config/sops/age/keys.txt"
echo "🚀 All done" echo "🚀 All done"