+5 -5

.github/actions/nix-setup/action.yml

reviewed

··· 18 18 with: 19 19 enable-lvm-span: true 20 20 lvm-span-mountpoint: /nix 21 21 - - uses: samueldr/lix-gha-installer-action@v2025-10-27 21 21 + - uses: samueldr/lix-gha-installer-action@v2026-02-16 22 22 with: 23 23 extra_nix_config: | 24 24 extra-experimental-features = flakes nix-command pipe-operator 25 25 system = ${{ inputs.system }} 26 26 - - uses: cachix/cachix-action@v16 27 27 - with: 28 28 - name: lpchaim 29 29 - authToken: ${{ inputs.cachixAuthToken }} 30 26 - name: Override nix-daemon build directory 31 27 if: ${{ inputs.makeSpace == 'true' }} 32 28 shell: bash ··· 44 40 sudo systemctl daemon-reload 45 41 sudo systemctl restart nix-daemon 46 42 ) 43 43 + - uses: cachix/cachix-action@v16 44 44 + with: 45 45 + name: lpchaim 46 46 + authToken: ${{ inputs.cachixAuthToken }}

+3 -1

.github/workflows/build.yml

reviewed

··· 44 44 matrix: 45 45 include: ${{ fromJSON(needs.inventory.outputs.x86_64-linux) }} 46 46 fail-fast: false 47 47 - runs-on: ubuntu-latest 47 47 + runs-on: ubuntu-24.04 48 48 steps: 49 49 - uses: actions/checkout@v4 50 50 - uses: ./.github/actions/nix-setup 51 51 with: 52 52 + system: ${{ matrix.system }} 52 53 cachixAuthToken: ${{ secrets.CACHIX_AUTH_TOKEN }} 53 54 makeSpace: ${{ matrix.output == 'nixosConfigurations' }} 54 55 - run: | ··· 67 68 - uses: actions/checkout@v4 68 69 - uses: ./.github/actions/nix-setup 69 70 with: 71 71 + system: ${{ matrix.system }} 70 72 cachixAuthToken: ${{ secrets.CACHIX_AUTH_TOKEN }} 71 73 makeSpace: ${{ matrix.output == 'nixosConfigurations' }} 72 74 - run: |

-37

.sops.yaml

reviewed

··· 1 1 - keys: 2 2 - - &master1 age1tq2gcmu4hd4sd89hl7szhd0z8vg6tx9hk3xsvuljm9gsj7n0l4nsl6ad4u 3 3 - - &master2 age10fa7ce7w6q0ppk5l2gvg6d02g9cmj26rpt00ct54d4latqsnwajs90a43h 4 4 - - &desktop age1a90s9rr2t82vlx4q757pvqm88nh572567hssycczv2t5rjhzudmsvqdjuv 5 5 - - &laptop age1ke3gya92cy465lp9yxwygckgtg8tcsh366vgh4ywu6edl7a7ca0sgjxrjg 6 6 - - &raspberrypi age174ngzkzt0czudr4pu69mps5t77nzelgprl2htcwd62n7h740hayqd0zh48 7 7 - - &steamdeck age1rsz0jrlkqs2z2p3r4a6qhwnsmyhwgh72mtxvvfwm00qtn8lq9arqa29vum 8 8 - - &wsl age1cfshc5yzepc92mga9pclg6rcj084esq9a8tfe38m9c6mgzy5p5sqgc68u6 9 9 - creation_rules: 10 10 - - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ 11 11 - key_groups: 12 12 - - age: 13 13 - - *master1 14 14 - - *master2 15 15 - - *desktop 16 16 - - *laptop 17 17 - - *raspberrypi 18 18 - - *steamdeck 19 19 - - *wsl 20 20 - - path_regex: secrets/hosts/desktop.yaml 21 21 - key_groups: 22 22 - - age: 23 23 - - *master1 24 24 - - *master2 25 25 - - *desktop 26 26 - - path_regex: secrets/hosts/laptop.yaml 27 27 - key_groups: 28 28 - - age: 29 29 - - *master1 30 30 - - *master2 31 31 - - *laptop 32 32 - - path_regex: secrets/hosts/steamdeck.yaml 33 33 - key_groups: 34 34 - - age: 35 35 - - *master1 36 36 - - *master2 37 37 - - *steamdeck

+290 -133

flake.lock

reviewed

··· 1 1 { 2 2 "nodes": { 3 3 + "agenix": { 4 4 + "inputs": { 5 5 + "darwin": "darwin", 6 6 + "home-manager": "home-manager", 7 7 + "nixpkgs": "nixpkgs", 8 8 + "systems": "systems" 9 9 + }, 10 10 + "locked": { 11 11 + "lastModified": 1770165109, 12 12 + "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", 13 13 + "owner": "ryantm", 14 14 + "repo": "agenix", 15 15 + "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", 16 16 + "type": "github" 17 17 + }, 18 18 + "original": { 19 19 + "owner": "ryantm", 20 20 + "repo": "agenix", 21 21 + "type": "github" 22 22 + } 23 23 + }, 24 24 + "agenix-rekey": { 25 25 + "inputs": { 26 26 + "devshell": "devshell", 27 27 + "flake-parts": "flake-parts", 28 28 + "nixpkgs": [ 29 29 + "nixpkgs" 30 30 + ], 31 31 + "pre-commit-hooks": "pre-commit-hooks", 32 32 + "treefmt-nix": "treefmt-nix" 33 33 + }, 34 34 + "locked": { 35 35 + "lastModified": 1759699908, 36 36 + "narHash": "sha256-kYVGY8sAfqwpNch706Fy2+/b+xbtfidhXSnzvthAhIQ=", 37 37 + "owner": "oddlama", 38 38 + "repo": "agenix-rekey", 39 39 + "rev": "42362b12f59978aabf3ec3334834ce2f3662013d", 40 40 + "type": "github" 41 41 + }, 42 42 + "original": { 43 43 + "owner": "oddlama", 44 44 + "repo": "agenix-rekey", 45 45 + "type": "github" 46 46 + } 47 47 + }, 3 48 "aquamarine": { 4 49 "inputs": { 5 50 "hyprutils": [ ··· 162 207 "type": "github" 163 208 } 164 209 }, 210 210 + "darwin": { 211 211 + "inputs": { 212 212 + "nixpkgs": [ 213 213 + "agenix", 214 214 + "nixpkgs" 215 215 + ] 216 216 + }, 217 217 + "locked": { 218 218 + "lastModified": 1744478979, 219 219 + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", 220 220 + "owner": "lnl7", 221 221 + "repo": "nix-darwin", 222 222 + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", 223 223 + "type": "github" 224 224 + }, 225 225 + "original": { 226 226 + "owner": "lnl7", 227 227 + "ref": "master", 228 228 + "repo": "nix-darwin", 229 229 + "type": "github" 230 230 + } 231 231 + }, 232 232 + "devshell": { 233 233 + "inputs": { 234 234 + "nixpkgs": [ 235 235 + "agenix-rekey", 236 236 + "nixpkgs" 237 237 + ] 238 238 + }, 239 239 + "locked": { 240 240 + "lastModified": 1728330715, 241 241 + "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", 242 242 + "owner": "numtide", 243 243 + "repo": "devshell", 244 244 + "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", 245 245 + "type": "github" 246 246 + }, 247 247 + "original": { 248 248 + "owner": "numtide", 249 249 + "repo": "devshell", 250 250 + "type": "github" 251 251 + } 252 252 + }, 165 253 "disko": { 166 254 "inputs": { 167 255 "nixpkgs": [ ··· 246 334 "flake-compat": { 247 335 "flake": false, 248 336 "locked": { 249 249 - "lastModified": 1767039857, 250 250 - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", 251 251 - "owner": "NixOS", 252 252 - "repo": "flake-compat", 253 253 - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", 254 254 - "type": "github" 255 255 - }, 256 256 - "original": { 257 257 - "owner": "NixOS", 337 337 + "lastModified": 1696426674, 338 338 + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", 339 339 + "owner": "edolstra", 340 340 + "repo": "flake-compat", 341 341 + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", 342 342 + "type": "github" 343 343 + }, 344 344 + "original": { 345 345 + "owner": "edolstra", 258 346 "repo": "flake-compat", 259 347 "type": "github" 260 348 } ··· 292 380 } 293 381 }, 294 382 "flake-compat_4": { 383 383 + "flake": false, 384 384 + "locked": { 385 385 + "lastModified": 1767039857, 386 386 + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", 387 387 + "owner": "NixOS", 388 388 + "repo": "flake-compat", 389 389 + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", 390 390 + "type": "github" 391 391 + }, 392 392 + "original": { 393 393 + "owner": "NixOS", 394 394 + "repo": "flake-compat", 395 395 + "type": "github" 396 396 + } 397 397 + }, 398 398 + "flake-compat_5": { 295 399 "flake": false, 296 400 "locked": { 297 401 "lastModified": 1696426674, ··· 307 411 "type": "github" 308 412 } 309 413 }, 310 310 - "flake-compat_5": { 414 414 + "flake-compat_6": { 311 415 "flake": false, 312 416 "locked": { 313 417 "lastModified": 1733328505, ··· 325 429 }, 326 430 "flake-parts": { 327 431 "inputs": { 328 328 - "nixpkgs-lib": "nixpkgs-lib" 432 432 + "nixpkgs-lib": [ 433 433 + "agenix-rekey", 434 434 + "nixpkgs" 435 435 + ] 329 436 }, 330 437 "locked": { 331 438 "lastModified": 1769996383, ··· 343 450 }, 344 451 "flake-parts_2": { 345 452 "inputs": { 346 346 - "nixpkgs-lib": "nixpkgs-lib_2" 453 453 + "nixpkgs-lib": "nixpkgs-lib" 347 454 }, 348 455 "locked": { 349 456 "lastModified": 1769996383, ··· 361 468 }, 362 469 "flake-parts_3": { 363 470 "inputs": { 471 471 + "nixpkgs-lib": "nixpkgs-lib_2" 472 472 + }, 473 473 + "locked": { 474 474 + "lastModified": 1769996383, 475 475 + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", 476 476 + "owner": "hercules-ci", 477 477 + "repo": "flake-parts", 478 478 + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", 479 479 + "type": "github" 480 480 + }, 481 481 + "original": { 482 482 + "owner": "hercules-ci", 483 483 + "repo": "flake-parts", 484 484 + "type": "github" 485 485 + } 486 486 + }, 487 487 + "flake-parts_4": { 488 488 + "inputs": { 364 489 "nixpkgs-lib": [ 365 490 "nixpkgs-schemas", 366 491 "nixpkgs" ··· 380 505 "type": "github" 381 506 } 382 507 }, 383 383 - "flake-parts_4": { 508 508 + "flake-parts_5": { 384 509 "inputs": { 385 510 "nixpkgs-lib": [ 386 511 "nixvim", ··· 401 526 "type": "github" 402 527 } 403 528 }, 404 404 - "flake-parts_5": { 529 529 + "flake-parts_6": { 405 530 "inputs": { 406 531 "nixpkgs-lib": [ 407 532 "nur", ··· 422 547 "type": "github" 423 548 } 424 549 }, 425 425 - "flake-parts_6": { 550 550 + "flake-parts_7": { 426 551 "inputs": { 427 552 "nixpkgs-lib": [ 428 553 "stylix", ··· 443 568 "type": "github" 444 569 } 445 570 }, 446 446 - "flake-parts_7": { 571 571 + "flake-parts_8": { 447 572 "inputs": { 448 573 "nixpkgs-lib": [ 449 574 "wayland-pipewire-idle-inhibit", ··· 515 640 }, 516 641 "git-hooks-nix": { 517 642 "inputs": { 518 518 - "flake-compat": "flake-compat", 519 519 - "gitignore": "gitignore", 520 520 - "nixpkgs": "nixpkgs" 643 643 + "flake-compat": "flake-compat_2", 644 644 + "gitignore": "gitignore_2", 645 645 + "nixpkgs": "nixpkgs_2" 521 646 }, 522 647 "locked": { 523 648 "lastModified": 1770726378, ··· 567 692 "gitignore": { 568 693 "inputs": { 569 694 "nixpkgs": [ 695 695 + "agenix-rekey", 696 696 + "pre-commit-hooks", 697 697 + "nixpkgs" 698 698 + ] 699 699 + }, 700 700 + "locked": { 701 701 + "lastModified": 1709087332, 702 702 + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", 703 703 + "owner": "hercules-ci", 704 704 + "repo": "gitignore.nix", 705 705 + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", 706 706 + "type": "github" 707 707 + }, 708 708 + "original": { 709 709 + "owner": "hercules-ci", 710 710 + "repo": "gitignore.nix", 711 711 + "type": "github" 712 712 + } 713 713 + }, 714 714 + "gitignore_2": { 715 715 + "inputs": { 716 716 + "nixpkgs": [ 570 717 "git-hooks-nix", 571 718 "nixpkgs" 572 719 ] ··· 585 732 "type": "github" 586 733 } 587 734 }, 588 588 - "gitignore_2": { 735 735 + "gitignore_3": { 589 736 "inputs": { 590 737 "nixpkgs": [ 591 738 "hyprland", ··· 607 754 "type": "github" 608 755 } 609 756 }, 610 610 - "gitignore_3": { 757 757 + "gitignore_4": { 611 758 "inputs": { 612 759 "nixpkgs": [ 613 760 "lanzaboote", ··· 672 819 "home-manager": { 673 820 "inputs": { 674 821 "nixpkgs": [ 822 822 + "agenix", 823 823 + "nixpkgs" 824 824 + ] 825 825 + }, 826 826 + "locked": { 827 827 + "lastModified": 1771037579, 828 828 + "narHash": "sha256-NX5XuhGcsmk0oEII2PEtMRgvh2KaAv3/WWQsOpxAgR4=", 829 829 + "owner": "nix-community", 830 830 + "repo": "home-manager", 831 831 + "rev": "05e6dc0f6ed936f918cb6f0f21f1dad1e4c53150", 832 832 + "type": "github" 833 833 + }, 834 834 + "original": { 835 835 + "owner": "nix-community", 836 836 + "repo": "home-manager", 837 837 + "type": "github" 838 838 + } 839 839 + }, 840 840 + "home-manager_2": { 841 841 + "inputs": { 842 842 + "nixpkgs": [ 675 843 "nixpkgs" 676 844 ] 677 845 }, ··· 758 926 "hyprutils": "hyprutils", 759 927 "hyprwayland-scanner": "hyprwayland-scanner", 760 928 "hyprwire": "hyprwire", 761 761 - "nixpkgs": "nixpkgs_2", 762 762 - "pre-commit-hooks": "pre-commit-hooks", 763 763 - "systems": "systems", 929 929 + "nixpkgs": "nixpkgs_3", 930 930 + "pre-commit-hooks": "pre-commit-hooks_2", 931 931 + "systems": "systems_2", 764 932 "xdph": "xdph" 765 933 }, 766 934 "locked": { ··· 825 993 "type": "github" 826 994 } 827 995 }, 828 828 - "hyprland-hyprspace": { 829 829 - "inputs": { 830 830 - "hyprland": [ 831 831 - "hyprland" 832 832 - ], 833 833 - "systems": "systems_2" 834 834 - }, 835 835 - "locked": { 836 836 - "lastModified": 1767871242, 837 837 - "narHash": "sha256-Gge7LY1lrPc2knDnyw8GBQ2sxRPzM7W2T6jNG1HY5bA=", 838 838 - "owner": "KZDKM", 839 839 - "repo": "Hyprspace", 840 840 - "rev": "bcd969224ffeb6266c6618c192949461135eef38", 841 841 - "type": "github" 842 842 - }, 843 843 - "original": { 844 844 - "owner": "KZDKM", 845 845 - "repo": "Hyprspace", 846 846 - "type": "github" 847 847 - } 848 848 - }, 849 849 - "hyprland-plugins": { 850 850 - "inputs": { 851 851 - "hyprland": [ 852 852 - "hyprland" 853 853 - ], 854 854 - "nixpkgs": [ 855 855 - "hyprland-plugins", 856 856 - "hyprland", 857 857 - "nixpkgs" 858 858 - ], 859 859 - "systems": [ 860 860 - "hyprland-plugins", 861 861 - "hyprland", 862 862 - "systems" 863 863 - ] 864 864 - }, 865 865 - "locked": { 866 866 - "lastModified": 1770899531, 867 867 - "narHash": "sha256-UBrWjh0DR8db60aLNkTnZTJ9F4kWK0Y7rUDNJC88W7A=", 868 868 - "owner": "hyprwm", 869 869 - "repo": "hyprland-plugins", 870 870 - "rev": "e03c34ccd51280a44ea6d1f5c040cd81ecca25ed", 871 871 - "type": "github" 872 872 - }, 873 873 - "original": { 874 874 - "owner": "hyprwm", 875 875 - "repo": "hyprland-plugins", 876 876 - "type": "github" 877 877 - } 878 878 - }, 879 996 "hyprland-protocols": { 880 997 "inputs": { 881 998 "nixpkgs": [ ··· 1064 1181 "jovian": { 1065 1182 "inputs": { 1066 1183 "nix-github-actions": "nix-github-actions", 1067 1067 - "nixpkgs": "nixpkgs_3" 1184 1184 + "nixpkgs": "nixpkgs_4" 1068 1185 }, 1069 1186 "locked": { 1070 1187 "lastModified": 1770915266, ··· 1105 1222 }, 1106 1223 "make-shell": { 1107 1224 "inputs": { 1108 1108 - "flake-compat": "flake-compat_4" 1225 1225 + "flake-compat": "flake-compat_5" 1109 1226 }, 1110 1227 "locked": { 1111 1228 "lastModified": 1733933815, ··· 1123 1240 }, 1124 1241 "nix-flatpak": { 1125 1242 "locked": { 1126 1126 - "lastModified": 1768656715, 1127 1127 - "narHash": "sha256-Sbh037scxKFm7xL0ahgSCw+X2/5ZKeOwI2clqrYr9j4=", 1243 1243 + "lastModified": 1767983141, 1244 1244 + "narHash": "sha256-7ZCulYUD9RmJIDULTRkGLSW1faMpDlPKcbWJLYHoXcs=", 1128 1245 "owner": "gmodena", 1129 1246 "repo": "nix-flatpak", 1130 1130 - "rev": "123fe29340a5b8671367055b75a6e7c320d6f89a", 1247 1247 + "rev": "440818969ac2cbd77bfe025e884d0aa528991374", 1131 1248 "type": "github" 1132 1249 }, 1133 1250 "original": { 1134 1251 "owner": "gmodena", 1252 1252 + "ref": "latest", 1135 1253 "repo": "nix-flatpak", 1136 1254 "type": "github" 1137 1255 } 1138 1256 }, 1139 1257 "nix-gaming": { 1140 1258 "inputs": { 1141 1141 - "flake-parts": "flake-parts_2", 1142 1142 - "nixpkgs": "nixpkgs_4" 1259 1259 + "flake-parts": "flake-parts_3", 1260 1260 + "nixpkgs": "nixpkgs_5" 1143 1261 }, 1144 1262 "locked": { 1145 1263 "lastModified": 1771036369, ··· 1258 1376 }, 1259 1377 "nixpkgs": { 1260 1378 "locked": { 1261 1261 - "lastModified": 1770073757, 1262 1262 - "narHash": "sha256-Vy+G+F+3E/Tl+GMNgiHl9Pah2DgShmIUBJXmbiQPHbI=", 1379 1379 + "lastModified": 1767313136, 1380 1380 + "narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=", 1263 1381 "owner": "NixOS", 1264 1382 "repo": "nixpkgs", 1265 1265 - "rev": "47472570b1e607482890801aeaf29bfb749884f6", 1383 1383 + "rev": "ac62194c3917d5f474c1a844b6fd6da2db95077d", 1266 1384 "type": "github" 1267 1385 }, 1268 1386 "original": { 1269 1387 "owner": "NixOS", 1270 1270 - "ref": "nixpkgs-unstable", 1388 1388 + "ref": "nixos-25.05", 1271 1389 "repo": "nixpkgs", 1272 1390 "type": "github" 1273 1391 } ··· 1352 1470 }, 1353 1471 "nixpkgs-schemas": { 1354 1472 "inputs": { 1355 1355 - "flake-compat": "flake-compat_5", 1356 1356 - "flake-parts": "flake-parts_3", 1473 1473 + "flake-compat": "flake-compat_6", 1474 1474 + "flake-parts": "flake-parts_4", 1357 1475 "git-hooks-nix": "git-hooks-nix_2", 1358 1358 - "nixpkgs": "nixpkgs_5", 1476 1476 + "nixpkgs": "nixpkgs_6", 1359 1477 "nixpkgs-23-11": "nixpkgs-23-11", 1360 1478 "nixpkgs-regression": "nixpkgs-regression" 1361 1479 }, ··· 1376 1494 }, 1377 1495 "nixpkgs_2": { 1378 1496 "locked": { 1497 1497 + "lastModified": 1770073757, 1498 1498 + "narHash": "sha256-Vy+G+F+3E/Tl+GMNgiHl9Pah2DgShmIUBJXmbiQPHbI=", 1499 1499 + "owner": "NixOS", 1500 1500 + "repo": "nixpkgs", 1501 1501 + "rev": "47472570b1e607482890801aeaf29bfb749884f6", 1502 1502 + "type": "github" 1503 1503 + }, 1504 1504 + "original": { 1505 1505 + "owner": "NixOS", 1506 1506 + "ref": "nixpkgs-unstable", 1507 1507 + "repo": "nixpkgs", 1508 1508 + "type": "github" 1509 1509 + } 1510 1510 + }, 1511 1511 + "nixpkgs_3": { 1512 1512 + "locked": { 1379 1513 "lastModified": 1770841267, 1380 1514 "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=", 1381 1515 "owner": "NixOS", ··· 1390 1524 "type": "github" 1391 1525 } 1392 1526 }, 1393 1393 - "nixpkgs_3": { 1527 1527 + "nixpkgs_4": { 1394 1528 "locked": { 1395 1529 "lastModified": 1770562336, 1396 1530 "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", ··· 1406 1540 "type": "github" 1407 1541 } 1408 1542 }, 1409 1409 - "nixpkgs_4": { 1543 1543 + "nixpkgs_5": { 1410 1544 "locked": { 1411 1545 "lastModified": 1770537093, 1412 1546 "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", ··· 1422 1556 "type": "github" 1423 1557 } 1424 1558 }, 1425 1425 - "nixpkgs_5": { 1559 1559 + "nixpkgs_6": { 1426 1560 "locked": { 1427 1561 "lastModified": 1734359947, 1428 1562 "narHash": "sha256-1Noao/H+N8nFB4Beoy8fgwrcOQLVm9o4zKW1ODaqK9E=", ··· 1438 1572 "type": "github" 1439 1573 } 1440 1574 }, 1441 1441 - "nixpkgs_6": { 1575 1575 + "nixpkgs_7": { 1442 1576 "locked": { 1443 1577 "lastModified": 1770841267, 1444 1578 "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=", ··· 1456 1590 }, 1457 1591 "nixvim": { 1458 1592 "inputs": { 1459 1459 - "flake-parts": "flake-parts_4", 1593 1593 + "flake-parts": "flake-parts_5", 1460 1594 "nixpkgs": [ 1461 1595 "nixpkgs" 1462 1596 ], ··· 1478 1612 }, 1479 1613 "nur": { 1480 1614 "inputs": { 1481 1481 - "flake-parts": "flake-parts_5", 1482 1482 - "nixpkgs": "nixpkgs_6" 1615 1615 + "flake-parts": "flake-parts_6", 1616 1616 + "nixpkgs": "nixpkgs_7" 1483 1617 }, 1484 1618 "locked": { 1485 1619 "lastModified": 1771051892, ··· 1548 1682 }, 1549 1683 "pre-commit": { 1550 1684 "inputs": { 1551 1551 - "flake-compat": "flake-compat_3", 1552 1552 - "gitignore": "gitignore_3", 1685 1685 + "flake-compat": "flake-compat_4", 1686 1686 + "gitignore": "gitignore_4", 1553 1687 "nixpkgs": [ 1554 1688 "lanzaboote", 1555 1689 "nixpkgs" ··· 1571 1705 }, 1572 1706 "pre-commit-hooks": { 1573 1707 "inputs": { 1574 1574 - "flake-compat": "flake-compat_2", 1575 1575 - "gitignore": "gitignore_2", 1708 1708 + "flake-compat": "flake-compat", 1709 1709 + "gitignore": "gitignore", 1710 1710 + "nixpkgs": [ 1711 1711 + "agenix-rekey", 1712 1712 + "nixpkgs" 1713 1713 + ] 1714 1714 + }, 1715 1715 + "locked": { 1716 1716 + "lastModified": 1735882644, 1717 1717 + "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=", 1718 1718 + "owner": "cachix", 1719 1719 + "repo": "pre-commit-hooks.nix", 1720 1720 + "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656", 1721 1721 + "type": "github" 1722 1722 + }, 1723 1723 + "original": { 1724 1724 + "owner": "cachix", 1725 1725 + "repo": "pre-commit-hooks.nix", 1726 1726 + "type": "github" 1727 1727 + } 1728 1728 + }, 1729 1729 + "pre-commit-hooks_2": { 1730 1730 + "inputs": { 1731 1731 + "flake-compat": "flake-compat_3", 1732 1732 + "gitignore": "gitignore_3", 1576 1733 "nixpkgs": [ 1577 1734 "hyprland", 1578 1735 "nixpkgs" ··· 1637 1794 }, 1638 1795 "root": { 1639 1796 "inputs": { 1797 1797 + "agenix": "agenix", 1798 1798 + "agenix-rekey": "agenix-rekey", 1640 1799 "caelestia": "caelestia", 1641 1800 "disko": "disko", 1642 1801 "dms": "dms", 1643 1802 "ez-configs": "ez-configs", 1644 1644 - "flake-parts": "flake-parts", 1803 1803 + "flake-parts": "flake-parts_2", 1645 1804 "flake-schemas": "flake-schemas", 1646 1805 "git-hooks-nix": "git-hooks-nix", 1647 1806 "haumea": "haumea", 1648 1648 - "home-manager": "home-manager", 1807 1807 + "home-manager": "home-manager_2", 1649 1808 "hyprland": "hyprland", 1650 1650 - "hyprland-hyprspace": "hyprland-hyprspace", 1651 1651 - "hyprland-plugins": "hyprland-plugins", 1652 1809 "jovian": "jovian", 1653 1810 "lanzaboote": "lanzaboote", 1654 1811 "make-shell": "make-shell", ··· 1664 1821 "nixpkgs-schemas": "nixpkgs-schemas", 1665 1822 "nixvim": "nixvim", 1666 1823 "nur": "nur", 1667 1667 - "sops-nix": "sops-nix", 1668 1824 "spicetify-nix": "spicetify-nix", 1669 1825 "stable": "stable", 1670 1826 "stylix": "stylix", ··· 1693 1849 "type": "github" 1694 1850 } 1695 1851 }, 1696 1696 - "sops-nix": { 1697 1697 - "inputs": { 1698 1698 - "nixpkgs": [ 1699 1699 - "nixpkgs" 1700 1700 - ] 1701 1701 - }, 1702 1702 - "locked": { 1703 1703 - "lastModified": 1770683991, 1704 1704 - "narHash": "sha256-xVfPvXDf9QN3Eh9dV+Lw6IkWG42KSuQ1u2260HKvpnc=", 1705 1705 - "owner": "Mic92", 1706 1706 - "repo": "sops-nix", 1707 1707 - "rev": "8b89f44c2cc4581e402111d928869fe7ba9f7033", 1708 1708 - "type": "github" 1709 1709 - }, 1710 1710 - "original": { 1711 1711 - "owner": "Mic92", 1712 1712 - "repo": "sops-nix", 1713 1713 - "type": "github" 1714 1714 - } 1715 1715 - }, 1716 1852 "spicetify-nix": { 1717 1853 "inputs": { 1718 1854 "nixpkgs": [ ··· 1757 1893 "base16-helix": "base16-helix", 1758 1894 "base16-vim": "base16-vim", 1759 1895 "firefox-gnome-theme": "firefox-gnome-theme", 1760 1760 - "flake-parts": "flake-parts_6", 1896 1896 + "flake-parts": "flake-parts_7", 1761 1897 "gnome-shell": "gnome-shell", 1762 1898 "nixpkgs": [ 1763 1899 "nixpkgs" ··· 1786 1922 }, 1787 1923 "systems": { 1788 1924 "locked": { 1789 1789 - "lastModified": 1689347949, 1790 1790 - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", 1925 1925 + "lastModified": 1681028828, 1926 1926 + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 1791 1927 "owner": "nix-systems", 1792 1792 - "repo": "default-linux", 1793 1793 - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", 1928 1928 + "repo": "default", 1929 1929 + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 1794 1930 "type": "github" 1795 1931 }, 1796 1932 "original": { 1797 1933 "owner": "nix-systems", 1798 1798 - "repo": "default-linux", 1934 1934 + "repo": "default", 1799 1935 "type": "github" 1800 1936 } 1801 1937 }, ··· 1973 2109 "treefmt-nix": { 1974 2110 "inputs": { 1975 2111 "nixpkgs": [ 2112 2112 + "agenix-rekey", 2113 2113 + "nixpkgs" 2114 2114 + ] 2115 2115 + }, 2116 2116 + "locked": { 2117 2117 + "lastModified": 1735135567, 2118 2118 + "narHash": "sha256-8T3K5amndEavxnludPyfj3Z1IkcFdRpR23q+T0BVeZE=", 2119 2119 + "owner": "numtide", 2120 2120 + "repo": "treefmt-nix", 2121 2121 + "rev": "9e09d30a644c57257715902efbb3adc56c79cf28", 2122 2122 + "type": "github" 2123 2123 + }, 2124 2124 + "original": { 2125 2125 + "owner": "numtide", 2126 2126 + "repo": "treefmt-nix", 2127 2127 + "type": "github" 2128 2128 + } 2129 2129 + }, 2130 2130 + "treefmt-nix_2": { 2131 2131 + "inputs": { 2132 2132 + "nixpkgs": [ 1976 2133 "wayland-pipewire-idle-inhibit", 1977 2134 "nixpkgs" 1978 2135 ] ··· 2009 2166 }, 2010 2167 "wayland-pipewire-idle-inhibit": { 2011 2168 "inputs": { 2012 2012 - "flake-parts": "flake-parts_7", 2169 2169 + "flake-parts": "flake-parts_8", 2013 2170 "nixpkgs": [ 2014 2171 "nixpkgs" 2015 2172 ], 2016 2173 "systems": "systems_7", 2017 2017 - "treefmt-nix": "treefmt-nix" 2174 2174 + "treefmt-nix": "treefmt-nix_2" 2018 2175 }, 2019 2176 "locked": { 2020 2177 "lastModified": 1770348283,

+7 -13

flake.nix

reviewed

··· 14 14 imports = [ 15 15 (importApply' ./nix/flakeModules) 16 16 (importApply' ./nix/apps) 17 17 + (importApply' ./nix/checks) 17 18 (importApply' ./nix/overlays) 18 19 (importApply' ./nix/packages) 19 20 (importApply' ./nix/legacyPackages) ··· 72 73 inputs.nixpkgs.follows = "nixpkgs"; 73 74 }; 74 75 hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1"; 75 75 - hyprland-hyprspace = { 76 76 - url = "github:KZDKM/Hyprspace"; 77 77 - inputs.hyprland.follows = "hyprland"; 78 78 - }; 79 79 - hyprland-plugins = { 80 80 - url = "github:hyprwm/hyprland-plugins"; 81 81 - inputs.hyprland.follows = "hyprland"; 82 82 - }; 83 76 84 77 # Misc 78 78 + agenix.url = "github:ryantm/agenix"; 79 79 + agenix-rekey = { 80 80 + url = "github:oddlama/agenix-rekey"; 81 81 + inputs.nixpkgs.follows = "nixpkgs"; 82 82 + }; 85 83 disko = { 86 84 url = "github:nix-community/disko"; 87 85 inputs.nixpkgs.follows = "nixpkgs"; ··· 104 102 inputs.nixpkgs.follows = "nixpkgs"; 105 103 }; 106 104 make-shell.url = "github:nicknovitski/make-shell"; 107 107 - nix-flatpak.url = "github:gmodena/nix-flatpak"; 105 105 + nix-flatpak.url = "github:gmodena/nix-flatpak/latest"; 108 106 nix-gaming.url = "github:fufexan/nix-gaming"; 109 107 nix-index-database = { 110 108 url = "github:nix-community/nix-index-database"; ··· 112 110 }; 113 111 nix-std.url = "github:chessai/nix-std"; 114 112 nur.url = "github:nix-community/NUR"; 115 115 - sops-nix = { 116 116 - url = "github:Mic92/sops-nix"; 117 117 - inputs.nixpkgs.follows = "nixpkgs"; 118 118 - }; 119 113 spicetify-nix = { 120 114 url = "github:Gerg-L/spicetify-nix"; 121 115 inputs.nixpkgs.follows = "nixpkgs";

-9

just/secrets.just

reviewed

··· 1 1 - # Updates secret files, run after adding new keys 2 2 - update: 3 3 - #!/usr/bin/env zsh 4 4 - sops updatekeys secrets/**/* 5 5 - 6 6 - # Opens a secrets file for editing 7 7 - @edit file='secrets/default.yaml': 8 8 - sops {{ file }} 9 9 - 10 1 # Grabs a host's SSH key and generates the corresponding age key 11 2 @get-host-key host: 12 3 nix shell nixpkgs#ssh-to-age nixpkgs#openssh \

+5

nix/checks/default.nix

reviewed

··· 1 1 + {...}: { 2 2 + imports = [ 3 3 + ./homeConfigurations.nix 4 4 + ]; 5 5 + }

+14

nix/checks/homeConfigurations.nix

reviewed

··· 1 1 + {inputs, ...}: let 2 2 + inherit (inputs.nixpkgs) lib; 3 3 + in { 4 4 + perSystem = {system, ...}: { 5 5 + checks = 6 6 + inputs.self.homeConfigurations 7 7 + |> lib.filterAttrs (_: home: 8 8 + (home.pkgs.stdenv.hostPlatform.system == system) 9 9 + && home._module.specialArgs.osConfig == {}) 10 10 + |> lib.concatMapAttrs (name: home: { 11 11 + "homeConfigurations.${name}" = home.activationPackage; 12 12 + }); 13 13 + }; 14 14 + }

+12

nix/flakeModules/agenixRekey.nix

reviewed

··· 1 1 + {inputs, ...}: { 2 2 + imports = [ 3 3 + inputs.agenix-rekey.flakeModule 4 4 + ]; 5 5 + 6 6 + perSystem = {pkgs, ...}: { 7 7 + agenix-rekey = { 8 8 + inherit (inputs.self) homeConfigurations nixosConfigurations; 9 9 + agePackage = pkgs.rage; 10 10 + }; 11 11 + }; 12 12 + }

+1

nix/flakeModules/default.nix

reviewed

··· 1 1 {...}: { 2 2 imports = [ 3 3 + ./agenixRekey.nix 3 4 ./ezConfigs.nix 4 5 ./gitHooks.nix 5 6 ];

+9 -1

nix/home/configs/cheina@pc082.nix

reviewed

··· 1 1 { 2 2 config, 3 3 + inputs, 3 4 lib, 4 5 pkgs, 5 6 ... 6 6 - }: { 7 7 + }: let 8 8 + inherit (inputs.self.lib.secrets.paths) root; 9 9 + in { 7 10 home = { 8 11 username = "cheina"; 9 12 homeDirectory = "/home/cheina"; ··· 20 23 profiles = { 21 24 standalone = true; 22 25 }; 26 26 + }; 27 27 + 28 28 + age.rekey = { 29 29 + hostPubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsmGjx90M2NbHLmhVYvvYtvRy0h1mr1JLZA7fTP/lo8hMmecIToyMpaNeZDXIVdMCwp5LdUltXDmhqs/AicWQZml+oBgkPzdy8DduLxQRKGwrckglVzhESzijfblbgeP8jEa1n8cxz/TAdOF5mc9QI08QdwrkeNTK0UkYQPFmkMRDPeDyFkscmSWqsxmCKDNX6Q/z9n9KAr8OHxfJomVjsR+BxG6pLXYTg4S85BbzWCE5s6idtLZmt9M5mdrQurUc/xiLwW4JIYH+4XpGvrpWyuUwkgrjYVqqJyMy+Nryl97oD1sfdl5yzrgIHmtQ1baj188cOcsDHQdHZUh115teudAKWIpqaM+veaXrvbYSX8QYXamy0V7KuXfUzw8JiSPSiFs4s7vVGTgIEFmA776zeL0SpXtJxSX8ox3WEW8bqxBt4Ab5xxiOWL+GqWwnbpYbqt6RMFFYmm/lQVVqP0O3NLn4R2IRVUAZmfKX+J4AGvRGJSLyKMM0xvL+wKzlY5TU="; 30 30 + localStorageDir = root + "/rekeyed/pc082-cheina"; 23 31 }; 24 32 25 33 home.sessionVariables.XDEBUG_MODE = "off";

+2 -2

nix/home/configs/lpchaim.nix

reviewed

··· 1 1 { 2 2 - inputs, 2 2 + config, 3 3 lib, 4 4 osConfig ? {}, 5 5 ... 6 6 }: let 7 7 - inherit (inputs.self.lib.config) name; 7 7 + inherit (config.my.config) name; 8 8 in { 9 9 home = rec { 10 10 username = "${name.user}";

+1 -4

nix/home/modules/bars/caelestia/default.nix

reviewed

··· 1 1 { 2 2 config, 3 3 - inputs, 4 3 lib, 5 5 - osConfig ? {}, 6 4 ... 7 5 }: let 8 8 - inherit (inputs.self.lib) isNvidia; 9 6 cfg = config.my.bars.caelestia; 10 7 in { 11 8 options.my.bars.caelestia.enable = lib.mkEnableOption "Caelestia"; ··· 67 64 services = { 68 65 audioIncrement = 0.05; 69 66 gpuType = 70 70 - if (isNvidia osConfig) 67 67 + if (config.my.profiles.hardware.gpu.nvidia) 71 68 then "nvidia" 72 69 else ""; 73 70 useFahrenheit = false;

+3 -7

nix/home/modules/bars/dank-material-shell/default.nix

reviewed

··· 1 1 { 2 2 config, 3 3 - inputs, 4 3 lib, 5 5 - osConfig ? {}, 6 4 ... 7 5 }: let 8 8 - inherit (inputs.self.lib) isNvidia; 9 9 - inherit (inputs.self.lib.config) wallpaper; 6 6 + inherit (config.my.config) wallpaper; 10 7 cfg = config.my.bars.dank-material-shell; 11 11 - isNvidia' = isNvidia osConfig; 12 8 in { 13 9 options.my.bars.dank-material-shell.enable = lib.mkEnableOption "Dank material shell"; 14 10 ··· 41 37 isLightMode = false; 42 38 nightModeEnabled = false; 43 39 wallpaperPath = wallpaper; 44 44 - nvidiaGpuTempEnabled = isNvidia'; 45 45 - nonNvidiaGpuTempEnabled = !isNvidia'; 40 40 + nvidiaGpuTempEnabled = config.my.profiles.hardware.gpu.nvidia; 41 41 + nonNvidiaGpuTempEnabled = !config.my.profiles.hardware.gpu.nvidia; 46 42 }; 47 43 48 44 clipboardSettings = {

+22 -11

nix/home/modules/cli/atuin/default.nix

reviewed

··· 1 1 { 2 2 config, 3 3 + inputs, 3 4 lib, 4 5 osConfig ? {}, 5 6 pkgs, 6 7 ... 7 8 }: let 9 9 + inherit (inputs.self.lib.secrets.helpers) mkSecret; 8 10 cfg = config.my.cli.atuin; 11 11 + atuinLogin = pkgs.writeShellScriptBin "atuin-login" '' 12 12 + if atuin status | grep -q "not logged in"; then 13 13 + atuin login \ 14 14 + --username '${config.home.username}' \ 15 15 + --password "$(cat ${config.my.secrets."atuin-password".path})" \ 16 16 + --key "$(cat ${config.my.secrets."atuin-key".path})" 17 17 + fi 18 18 + ''; 9 19 in { 10 20 options.my.cli.atuin.enable = lib.mkEnableOption "atuin"; 21 21 + 11 22 config = lib.mkIf cfg.enable { 23 23 + my.secretDefinitions = { 24 24 + "atuin-password" = mkSecret "atuin-password" {}; 25 25 + "atuin-key" = mkSecret "atuin-key" {}; 26 26 + }; 27 27 + 28 28 + home.packages = [ 29 29 + atuinLogin 30 30 + ]; 31 31 + 12 32 programs.mcfly.enable = lib.mkForce false; 13 33 programs.atuin = { 14 34 enable = true; ··· 31 51 workspaces = true; 32 52 }; 33 53 }; 54 54 + 34 55 systemd.user.services.atuin-login = lib.mkIf (osConfig != {}) { 35 56 Install.WantedBy = ["network-online.target"]; 36 57 Service = { 37 58 Type = "oneshot"; 38 38 - ExecStart = let 39 39 - inherit (osConfig.sops) secrets; 40 40 - in 41 41 - pkgs.writeShellScriptBin "atuin-login" '' 42 42 - if atuin status | grep -q "not logged in"; then 43 43 - atuin login \ 44 44 - --username "$(cat ${secrets."atuin/username".path})" \ 45 45 - --password "$(cat ${secrets."atuin/password".path})" \ 46 46 - --key "$(cat ${secrets."atuin/key".path})" 47 47 - fi 48 48 - ''; 59 59 + ExecStart = atuinLogin; 49 60 }; 50 61 Unit = { 51 62 Description = "atuin login";

+4 -2

nix/home/modules/cli/essentials/default.nix

reviewed

··· 1 1 { 2 2 config, 3 3 - inputs, 4 3 lib, 5 4 pkgs, 6 5 ... 7 6 }: let 8 8 - inherit (inputs.self.lib.config) flake shell; 7 7 + inherit (config.my.config) flake shell; 9 8 cfg = config.my.cli.essentials; 10 9 in { 11 10 options.my.cli.essentials.enable = lib.mkEnableOption "essentials"; ··· 29 28 ffmpeg 30 29 file 31 30 fx 31 31 + gnutar 32 32 hexyl 33 33 htop 34 34 imagemagick 35 35 inotify-tools 36 36 inshellisense 37 37 + jocalsend 37 38 jq 38 39 neofetch 39 40 ncdu ··· 52 53 tig 53 54 yazi 54 55 wget 56 56 + zip 55 57 ]) 56 58 ++ config.stylix.fonts.packages; 57 59 sessionVariables = {

+1 -2

nix/home/modules/cli/git/default.nix

reviewed

··· 1 1 { 2 2 config, 3 3 - inputs, 4 3 lib, 5 4 ... 6 5 }: let 7 7 - inherit (inputs.self.lib.config) email name; 6 6 + inherit (config.my.config) email name; 8 7 cfg = config.my.cli.git; 9 8 in { 10 9 options.my.cli.git = {

+26 -27

nix/home/modules/cli/nushell/commands.nu

reviewed

··· 1 1 # Wrapper for git branch 2 2 + @complete external 2 3 def --wrapped "git branch" [ 3 3 - ...rest: string@__git_branch_completions, 4 4 + ...rest: string, 4 5 ] { 5 6 ^git branch ...$rest 6 7 | lines ··· 10 11 } 11 12 } 12 13 13 13 - def __git_branch_completions [] { 14 14 - __get_completions git branch 15 15 - } 16 16 - 17 17 - # More nu-friendly fzf wrapper 14 14 + # Nushell-friendly fzf wrapper 15 15 + # 16 16 + # Supports plain lists and tables with optional cell path 17 17 + @complete external 18 18 def --wrapped fzf [ 19 19 - path: cell-path, 20 20 - ...rest: string@__fzf_completions, 19 19 + --path: cell-path, # The cell path to use for the description 20 20 + ...rest: string, 21 21 ]: list -> list { 22 22 - let picked = $in 23 23 - | get $path 24 24 - | to text 25 25 - | ^fzf ...$rest 22 22 + let input = $in; 23 23 + let hasPath = $path != null 24 24 + let isRecord = ($input | first | describe --detailed | get type) == "record" 25 25 + $input 26 26 + | if ($isRecord and not $hasPath) { 27 27 + enumerate 28 28 + | each { |it| {...$it.item, index: $it.index} } 29 29 + | to tsv 30 30 + | ^fzf --with-nth 1..-2 --delimiter "\t" --header-lines 1 ...$rest 31 31 + } else { 32 32 + each { if ($path != null) { get $path } else { $in } | to nuon } 33 33 + | enumerate 34 34 + | each { $"($in.item)\t($in.index)" } 35 35 + | to text 36 36 + | ^fzf --with-nth 1..-2 --delimiter "\t" ...$rest 37 37 + } 26 38 | lines 27 27 - $in 28 28 - | where { |$it| ($it | get $path) in $picked } 29 29 - } 30 30 - 31 31 - def __fzf_completions [] { 32 32 - __get_completions fzf 39 39 + | each { split row "\t" | last | into int } 40 40 + | each { |index| $input | get $index } 33 41 } 34 42 35 43 # Cast to list, for e.g. ranges 36 44 def "into list" []: any -> list<any> { 37 45 each {} 38 46 } 39 39 - 40 40 - # Helper to generate completion functions 41 41 - def __get_completions [ 42 42 - command: string, 43 43 - ...context: string, 44 44 - ] { 45 45 - ^carapace $command nushell $command ...$context '-' 46 46 - | from json 47 47 - }

+1 -2

nix/home/modules/de/gnome/theming/default.nix

reviewed

··· 1 1 { 2 2 config, 3 3 - inputs, 4 3 lib, 5 4 pkgs, 6 5 ... 7 6 }: let 8 8 - inherit (inputs.self.lib.config) profilePicture wallpaper; 7 7 + inherit (config.my.config) wallpaper; 9 8 cfg = config.my.de.gnome.theming; 10 9 in { 11 10 options.my.de.gnome.theming = {

+1 -4

nix/home/modules/de/hyprland/default.nix

reviewed

··· 1 1 { 2 2 config, 3 3 - inputs, 4 3 lib, 5 4 pkgs, 6 5 ... 7 6 }: let 8 8 - inherit (inputs.self.lib.config) kb; 7 7 + inherit (config.my.config) kb; 9 8 cfg = config.my.de.hyprland; 10 9 in { 11 10 imports = [ ··· 14 13 ./hyprlock 15 14 ./launchers 16 15 ./osd 17 17 - ./plugins 18 16 ]; 19 17 20 18 options.my.de.hyprland.enable = lib.mkEnableOption "Hyprland customizations"; ··· 28 26 hyprlock.enable = lib.mkDefault cfg.enable; 29 27 launchers.rofi.enable = lib.mkDefault cfg.enable; 30 28 osd.swayosd.enable = lib.mkDefault false; 31 31 - plugins.enable = lib.mkDefault false; 32 29 }; 33 30 } 34 31 {

-23

nix/home/modules/de/hyprland/plugins/default.nix

reviewed

··· 1 1 - { 2 2 - config, 3 3 - inputs, 4 4 - lib, 5 5 - pkgs, 6 6 - ... 7 7 - }: let 8 8 - inherit (pkgs.stdenv.hostPlatform) system; 9 9 - cfg = config.my.de.hyprland.plugins; 10 10 - in { 11 11 - options.my.de.hyprland.plugins.enable = lib.mkEnableOption "Hyprland plugins"; 12 12 - 13 13 - config = lib.mkIf cfg.enable { 14 14 - wayland.windowManager.hyprland.settings = { 15 15 - bind = [ 16 16 - "SUPER, apostrophe, hyprexpo:expo, toggle" 17 17 - ]; 18 18 - }; 19 19 - wayland.windowManager.hyprland.plugins = with inputs.hyprland-plugins.packages.${system}; [ 20 20 - hyprexpo 21 21 - ]; 22 22 - }; 23 23 - }

+3 -1

nix/home/modules/default.nix

reviewed

··· 7 7 in { 8 8 imports = 9 9 (with inputs; [ 10 10 + agenix.homeManagerModules.default 11 11 + (agenix-rekey.homeManagerModules.default // {_class = "homeManager";}) # Don't ask 10 12 caelestia.homeManagerModules.default 11 13 dms.homeModules.dank-material-shell 12 14 nix-index-database.homeModules.nix-index 13 15 nix-flatpak.homeManagerModules.nix-flatpak 14 16 nixvim.homeModules.nixvim 15 15 - sops-nix.homeManagerModules.sops 16 17 spicetify-nix.homeManagerModules.default 17 18 stylix.homeModules.stylix 18 19 wayland-pipewire-idle-inhibit.homeModules.default ··· 29 30 ./nix 30 31 ./scripts 31 32 ./security 33 33 + ./secrets 32 34 ./ssh 33 35 ./syncthing 34 36 ./theming

+1 -2

nix/home/modules/development/nixd.nix

reviewed

··· 1 1 { 2 2 - inputs, 3 2 config, 4 3 lib, 5 4 osConfig ? {}, ··· 31 30 command = "${lib.getExe pkgs.nixd-lix}"; 32 31 args = ["--semantic-tokens=true"]; 33 32 config.nixd = let 34 34 - inherit (inputs.self.lib.config) flake; 33 33 + inherit (config.my.config) flake; 35 34 inherit (pkgs.stdenv.hostPlatform) system; 36 35 inherit (config.home) username; 37 36 absoluteFlakePath = builtins.replaceStrings ["~"] [config.home.homeDirectory] flake.path;

+1 -3

nix/home/modules/gui/chromium.nix

reviewed

··· 2 2 config, 3 3 inputs, 4 4 lib, 5 5 - osConfig ? {}, 6 5 pkgs, 7 6 ... 8 7 }: let 9 8 inherit (inputs.home-manager.lib) hm; 10 10 - inherit (inputs.self.lib) isNvidia; 11 9 cfg = config.my.gui.chromium; 12 10 in { 13 11 options.my.gui.chromium.enable = ··· 21 19 [ 22 20 "--password-store=gnome" 23 21 ] 24 24 - ++ (lib.optionals (isNvidia osConfig) [ 22 22 + ++ (lib.optionals (config.my.profiles.hardware.gpu.nvidia) [ 25 23 "--disable-gpu-compositing" # @TODO Remove after NVIDIA figures this out 26 24 ]); 27 25 package = pkgs.brave;

+11 -10

nix/home/modules/gui/default.nix

reviewed

··· 1 1 { 2 2 config, 3 3 - inputs, 4 3 pkgs, 5 4 lib, 6 5 osConfig ? {}, ··· 16 15 ./media.nix 17 16 ]; 18 17 19 19 - options.my.gui.enable = lib.mkEnableOption "gui apps"; 18 18 + options.my.gui.enable = 19 19 + lib.mkEnableOption "gui apps" 20 20 + // {default = osConfig.my.gui.enable or false;}; 20 21 21 22 config = lib.mkIf cfg.enable { 22 23 assertions = [ ··· 27 28 ]; 28 29 29 30 home.packages = with pkgs; [ 31 31 + element-desktop 32 32 + file-roller 33 33 + gnome-system-monitor 30 34 libreoffice-qt6-fresh 35 35 + loupe 36 36 + nautilus 31 37 obsidian 32 38 pavucontrol 33 39 qbittorrent ··· 36 42 ]; 37 43 38 44 home.file = let 39 39 - inherit (inputs.self.lib.config) profilePicture wallpaper; 45 45 + inherit (config.my.config) profilePicture wallpaper; 40 46 in { 41 47 "${config.home.homeDirectory}/.face".source = profilePicture; 42 48 "${config.xdg.userDirs.pictures}/Wallpapers/${baseNameOf wallpaper}".source = wallpaper; ··· 74 80 ]; 75 81 76 82 services.flatpak = { 77 77 - overrides.global.Environment.XCURSOR_PATH = "/run/host/user-share/icons:/run/host/share/icons"; 78 78 - packages = [ 79 79 - "com.fightcade.Fightcade" 80 80 - "com.github.tchx84.Flatseal" 81 81 - ]; 82 82 - uninstallUnmanaged = false; 83 83 - update.auto.enable = true; 83 83 + enable = osConfig == {}; 84 84 + packages = ["com.github.tchx84.Flatseal"]; 84 85 }; 85 86 }; 86 87 }

+14 -18

nix/home/modules/nix/default.nix

reviewed

··· 3 3 inputs, 4 4 lib, 5 5 osConfig ? {}, 6 6 - pkgs, 7 6 ... 8 7 }: let 9 9 - inherit (inputs.self.lib.config) nix; 8 8 + inherit (config.my.config) nix; 9 9 + inherit (inputs.self.lib.secrets.helpers) mkSecret; 10 10 cfg = config.my.nix; 11 11 in { 12 12 options.my.nix.enable = lib.mkEnableOption "nix"; 13 13 + 13 14 config = lib.mkIf (cfg.enable) { 14 14 - nix = 15 15 - { 16 16 - inherit (nix) settings; 17 17 - gc = { 18 18 - automatic = osConfig == {}; 19 19 - dates = "daily"; 20 20 - options = "--delete-older-than 7d"; 21 21 - }; 22 22 - package = lib.mkForce (osConfig.nix.package or pkgs.lixPackageSets.stable.lix); 23 23 - } 24 24 - // (lib.optionalAttrs (osConfig != {}) { 25 25 - inherit (osConfig.nix) extraOptions; 26 26 - }); 27 27 - nixpkgs = lib.mkIf (osConfig == {}) { 28 28 - inherit (nix.pkgs) config; 29 29 - overlays = builtins.attrValues inputs.self.overlays; 15 15 + my.secretDefinitions = { 16 16 + "nix-extra-access-tokens" = mkSecret "nix-extra-access-tokens" {}; 30 17 }; 18 18 + 19 19 + nix = { 20 20 + extraOptions = '' 21 21 + !include ${config.my.secrets."nix-extra-access-tokens".path} 22 22 + ''; 23 23 + gc.automatic = osConfig == {}; 24 24 + }; 25 25 + 26 26 + nixpkgs = lib.mkIf (osConfig == {}) nix.pkgs; 31 27 }; 32 28 }

+24

nix/home/modules/secrets/default.nix

reviewed

··· 1 1 + { 2 2 + config, 3 3 + inputs, 4 4 + lib, 5 5 + osConfig ? {}, 6 6 + ... 7 7 + }: let 8 8 + inherit (inputs.self.lib.secrets.paths) root; 9 9 + in { 10 10 + config = let 11 11 + osSecrets = osConfig.age.secrets or {}; 12 12 + homeSecrets = config.my.secretDefinitions; 13 13 + standaloneHomeSecrets = lib.removeAttrs homeSecrets (builtins.attrNames osSecrets); 14 14 + in { 15 15 + my.secrets = osSecrets // config.age.secrets; 16 16 + age = { 17 17 + secrets = standaloneHomeSecrets; 18 18 + rekey = lib.mkIf (osConfig != {}) { 19 19 + inherit (osConfig.age.rekey) hostPubkey; 20 20 + localStorageDir = root + "/rekeyed/${osConfig.networking.hostName}-${config.home.username}"; 21 21 + }; 22 22 + }; 23 23 + }; 24 24 + }

+14 -5

nix/home/modules/syncthing/default.nix

reviewed

··· 5 5 osConfig ? {}, 6 6 ... 7 7 }: let 8 8 - syncthing = osConfig.services.syncthing.package; 8 8 + syncthing = osConfig.services.syncthing.package or config.services.syncthing.package; 9 9 syncthingtray = config.services.syncthing.tray.package; 10 10 - in 11 11 - lib.mkIf (osConfig.services.syncthing.enable or false) { 10 10 + cfg = config.my.syncthing; 11 11 + in { 12 12 + options.my.syncthing.enable = 13 13 + lib.mkEnableOption "syncthing" 14 14 + // {default = osConfig.my.syncthing.enable or false;}; 15 15 + 16 16 + config = lib.mkIf cfg.enable { 12 17 home.packages = [syncthingtray]; 13 13 - services.syncthing.tray.enable = true; 18 18 + services.syncthing = { 19 19 + enable = osConfig == {}; 20 20 + tray.enable = true; 21 21 + }; 14 22 systemd.user.services.syncthingtray = { 15 23 Service.ExecStart = lib.mkForce (pkgs.writeShellScript "syncthingtray-wait" '' 16 24 ${syncthingtray}/bin/syncthingtray --wait ··· 113 121 ]; 114 122 Unit.X-SwitchMethod = "restart"; 115 123 }; 116 116 - } 124 124 + }; 125 125 + }

+1

nix/home/profiles/default.nix

reviewed

··· 2 2 imports = [ 3 3 ./de 4 4 ./graphical.nix 5 5 + ./hardware 5 6 ./llm 6 7 ./standalone.nix 7 8 ];

+5

nix/home/profiles/hardware/cpu/default.nix

reviewed

··· 1 1 + { 2 2 + imports = [ 3 3 + ./intel.nix 4 4 + ]; 5 5 + }

+9

nix/home/profiles/hardware/cpu/intel.nix

reviewed

··· 1 1 + { 2 2 + lib, 3 3 + osConfig ? {}, 4 4 + ... 5 5 + }: { 6 6 + options.my.profiles.hardware.cpu.intel = 7 7 + lib.mkEnableOption "Intel CPU profile" 8 8 + // {default = osConfig.my.profiles.hardware.cpu.intel or false;}; 9 9 + }

+6

nix/home/profiles/hardware/default.nix

reviewed

··· 1 1 + { 2 2 + imports = [ 3 3 + ./cpu 4 4 + ./gpu 5 5 + ]; 6 6 + }

+5

nix/home/profiles/hardware/gpu/default.nix

reviewed

··· 1 1 + { 2 2 + imports = [ 3 3 + ./nvidia.nix 4 4 + ]; 5 5 + }

+9

nix/home/profiles/hardware/gpu/nvidia.nix

reviewed

··· 1 1 + { 2 2 + lib, 3 3 + osConfig, 4 4 + ... 5 5 + }: { 6 6 + options.my.profiles.hardware.gpu.nvidia = 7 7 + lib.mkEnableOption "NVIDIA GPU profile" 8 8 + // {default = osConfig.my.profiles.hardware.gpu.nvidia or false;}; 9 9 + }

+11 -3

nix/lib/config.nix

reviewed

··· 1 1 - {lib, ...}: let 1 1 + { 2 2 + inputs, 3 3 + lib, 4 4 + ... 5 5 + }: let 2 6 assets = ../../assets; 3 7 filter = prefix: (name: type: type == "regular" && lib.strings.hasPrefix prefix name); 4 8 assetWithPrefix = prefix: ··· 17 21 wallpaper = assetWithPrefix "wallpaper"; 18 22 profilePicture = assetWithPrefix "profile-picture"; 19 23 nix = { 20 20 - pkgs.config = { 21 21 - allowUnfree = true; 24 24 + pkgs = { 25 25 + config = { 26 26 + allowUnfree = true; 27 27 + }; 28 28 + overlays = builtins.attrValues inputs.self.overlays; 22 29 }; 23 30 settings = { 24 31 accept-flake-config = true; ··· 39 46 keep-derivations = true; 40 47 keep-outputs = true; 41 48 max-jobs = "auto"; 49 49 + trusted-users = ["root" "@wheel"]; 42 50 }; 43 51 }; 44 52 kb = rec {

+1

nix/lib/default.nix

reviewed

··· 5 5 in { 6 6 config = import ./config.nix args; 7 7 loaders = import ./loaders.nix args; 8 8 + secrets = import ./secrets.nix; 8 9 storage = import ./storage args; 9 10 strings = import ./strings.nix args; 10 11

+41

nix/lib/secrets.nix

reviewed

··· 1 1 + rec { 2 2 + paths = rec { 3 3 + root = ../../secrets; 4 4 + identities = root + /identities; 5 5 + perHost = root + /perHost; 6 6 + perUser = root + /perUser; 7 7 + }; 8 8 + identities = { 9 9 + primaryYubikey = { 10 10 + identity = paths.identities + /age-yubikey-identity-25388788.pub; 11 11 + pubkey = "age1yubikey1qd4evthtmz779wrj5j92j46jgxu87are20rxagx609vs3z3g5535j2jtsrt"; 12 12 + }; 13 13 + secondaryYubikey = { 14 14 + identity = paths.identities + /age-yubikey-identity-26583315.pub; 15 15 + pubkey = "age1yubikey1qvsexaz0mrwzd6eadgmnupexs0csw6esdzmfzs3eehmn4w4hdlch5j7xrxs"; 16 16 + }; 17 17 + }; 18 18 + helpers = { 19 19 + mkSecret = name: args: 20 20 + args 21 21 + // { 22 22 + rekeyFile = paths.root + /${name}.age; 23 23 + }; 24 24 + mkHostSecret = configOrHost: name: args: 25 25 + args 26 26 + // { 27 27 + rekeyFile = let 28 28 + host = configOrHost.networking.hostName or configOrHost; 29 29 + in 30 30 + paths.perHost + /${host}/${name}.age; 31 31 + }; 32 32 + mkUserSecret = configOrUser: name: args: 33 33 + args 34 34 + // { 35 35 + rekeyFile = let 36 36 + user = configOrUser.home.username or configOrUser; 37 37 + in 38 38 + paths.perUser + /${user}/${name}.age; 39 39 + }; 40 40 + }; 41 41 + }

+4 -2

nix/nixos/configs/desktop/default.nix

reviewed

··· 1 1 - {inputs, ...}: let 2 2 - inherit (inputs.self.lib.config) name; 1 1 + {config, ...}: let 2 2 + inherit (config.my.config) name; 3 3 in { 4 4 imports = [ 5 5 ./hardware-configuration.nix ··· 10 10 ci.build = true; 11 11 gaming.enable = true; 12 12 networking.tailscale.trusted = true; 13 13 + users.emily.enable = true; 13 14 profiles = { 14 15 formfactor.desktop = true; 15 16 hardware.gpu.nvidia = true; ··· 22 23 23 24 networking.interfaces.enp6s0.wakeOnLan.enable = true; 24 25 26 26 + age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNf+oynlWr+Xq3UYKpCy8ih/w9sT6IuIKAtYjo6sfJr"; 25 27 system.stateVersion = "23.11"; 26 28 home-manager.users.${name.user}.home.stateVersion = "24.11"; 27 29 }

+2 -1

nix/nixos/configs/desktop/storage.nix

reviewed

··· 1 1 { 2 2 + config, 2 3 inputs, 3 4 lib, 4 5 ... 5 6 }: let 6 7 inherit (inputs.self.lib.storage.btrfs) mkSecondaryStorage mkStorage; 7 7 - inherit (inputs.self.lib.config) name; 8 8 + inherit (config.my.config) name; 8 9 in 9 10 lib.mkMerge [ 10 11 (mkStorage {

+3 -2

nix/nixos/configs/laptop/default.nix

reviewed

··· 1 1 - {inputs, ...}: let 2 2 - inherit (inputs.self.lib.config) name; 1 1 + {config, ...}: let 2 2 + inherit (config.my.config) name; 3 3 in { 4 4 imports = [ 5 5 ./hardware-configuration.nix ··· 19 19 }; 20 20 }; 21 21 22 22 + age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHh5IZnZipti8mCt0NPCVrJ5XTU2z+nb7d2hgMG4/B3C"; 22 23 system.stateVersion = "23.11"; 23 24 home-manager.users.${name.user}.home.stateVersion = "23.05"; 24 25 }

+4 -2

nix/nixos/configs/raspberrypi/default.nix

reviewed

··· 1 1 { 2 2 - inputs, 2 2 + config, 3 3 pkgs, 4 4 ... 5 5 }: let 6 6 - inherit (inputs.self.lib.config) name; 6 6 + inherit (config.my.config) name; 7 7 in { 8 8 imports = [ 9 9 ./hardware-configuration.nix ··· 13 13 my = { 14 14 ci.build = true; 15 15 security.u2f.relaxed = true; 16 16 + syncthing.enable = false; 16 17 }; 17 18 18 19 boot.kernelPackages = pkgs.linuxPackages_latest; 19 20 nixpkgs.hostPlatform = "aarch64-linux"; 20 21 22 22 + age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILr9pl4qaL/+DV//lhE5y6V7xJ2eh1BSlwNYD9L9a2sQ"; 21 23 system.stateVersion = "24.05"; 22 24 home-manager.users.${name.user}.home.stateVersion = "24.05"; 23 25 }

+2 -1

nix/nixos/configs/steamdeck/default.nix

reviewed

··· 1 1 { 2 2 + config, 2 3 inputs, 3 4 ezModules, 4 5 ... 5 6 }: let 6 6 - inherit (inputs.self.lib.config) name; 7 7 + inherit (config.my.config) name; 7 8 in { 8 9 imports = [ 9 10 inputs.jovian.nixosModules.default

+2 -1

nix/nixos/configs/steamdeck/storage.nix

reviewed

··· 1 1 { 2 2 + config, 2 3 inputs, 3 4 lib, 4 5 ... 5 6 }: let 6 6 - inherit (inputs.self.lib.config) name; 7 7 inherit (inputs.self.lib.storage.btrfs) mkStorage; 8 8 + inherit (config.my.config) name; 8 9 in 9 10 lib.mkMerge [ 10 11 (mkStorage {

+6 -2

nix/nixos/modules/default.nix

reviewed

··· 1 1 { 2 2 - config, 3 2 inputs, 4 3 lib, 5 4 pkgs, ··· 10 9 in { 11 10 imports = 12 11 (with inputs; [ 12 12 + agenix.nixosModules.default 13 13 + agenix-rekey.nixosModules.default 13 14 disko.nixosModules.disko 14 15 home-manager.nixosModules.home-manager 15 16 lanzaboote.nixosModules.lanzaboote 17 17 + nix-flatpak.nixosModules.nix-flatpak 16 18 nix-gaming.nixosModules.pipewireLowLatency 17 19 nix-gaming.nixosModules.platformOptimizations 18 20 nur.modules.nixos.default 19 19 - sops-nix.nixosModules.sops 20 21 stylix.nixosModules.stylix 21 22 ]) 22 23 ++ [ ··· 25 26 ./ci 26 27 ./desktop 27 28 ./gaming 29 29 + ./gui 28 30 ./hardware 29 31 ./kdeconnect 30 32 ./kernel ··· 55 57 pipewire.enable = mkDefault true; 56 58 security.enable = mkDefault true; 57 59 ssh.enable = mkDefault true; 60 60 + syncthing.enable = mkDefault true; 58 61 theming.enable = mkDefault true; 59 62 users.enable = mkDefault true; 63 63 + users.lpchaim.enable = mkDefault true; 60 64 zram.enable = mkDefault true; 61 65 }; 62 66

+5 -2

nix/nixos/modules/gaming/default.nix

reviewed

··· 1 1 { 2 2 config, 3 3 - inputs, 4 3 lib, 5 4 pkgs, 6 5 ... 7 6 }: let 8 8 - inherit (inputs.self.lib.config) name; 7 7 + inherit (config.my.config) name; 9 8 cfg = config.my.gaming; 10 9 in { 11 10 imports = [ ··· 46 45 services.pipewire.lowLatency.enable = true; 47 46 48 47 users.extraUsers.${name.user}.extraGroups = ["gamemode"]; 48 48 + 49 49 + services.flatpak.packages = [ 50 50 + "com.fightcade.Fightcade" 51 51 + ]; 49 52 }) 50 53 (lib.mkIf cfg.steam.enable { 51 54 hardware.steam-hardware.enable = true;

+18

nix/nixos/modules/gui/default.nix

reviewed

··· 1 1 + { 2 2 + config, 3 3 + lib, 4 4 + ... 5 5 + }: let 6 6 + cfg = config.my.gui; 7 7 + in { 8 8 + options.my.gui.enable = lib.mkEnableOption "GUI apps"; 9 9 + 10 10 + config = lib.mkIf cfg.enable { 11 11 + programs = { 12 12 + localsend.enable = true; 13 13 + }; 14 14 + services = { 15 15 + flatpak.enable = true; 16 16 + }; 17 17 + }; 18 18 + }

+2 -2

nix/nixos/modules/locale/default.nix

reviewed

··· 1 1 - {inputs, ...}: { 1 1 + {config, ...}: { 2 2 time = { 3 3 timeZone = "America/Sao_Paulo"; 4 4 hardwareClockInLocalTime = true; ··· 12 12 }; 13 13 console.useXkbConfig = true; # use xkb.options in tty. 14 14 services.xserver.xkb = { 15 15 - inherit (inputs.self.lib.config.kb.default) layout options variant; 15 15 + inherit (config.my.config.kb.default) layout options variant; 16 16 }; 17 17 }

+5 -15

nix/nixos/modules/nix/default.nix

reviewed

··· 1 1 { 2 2 config, 3 3 - inputs, 4 3 lib, 5 5 - pkgs, 6 4 ... 7 5 }: let 8 8 - inherit (inputs.self.lib.config) nix; 6 6 + inherit (config.my.config) nix; 9 7 cfg = config.my.nix; 10 8 in { 11 9 options.my.nix.enable = lib.mkEnableOption "nix"; ··· 13 11 environment.sessionVariables = { 14 12 NIXPKGS_ALLOW_UNFREE = "1"; 15 13 }; 16 16 - nix.gc = { 17 17 - automatic = let 18 18 - nhCfg = config.programs.nh; 19 19 - in 20 20 - !nhCfg.enable || !nhCfg.clean.enable; 21 21 - dates = "weekly"; 22 22 - }; 23 23 - nix.package = pkgs.lixPackageSets.stable.lix; 24 24 - nixpkgs = { 25 25 - inherit (nix.pkgs) config; 26 26 - overlays = builtins.attrValues inputs.self.overlays; 27 27 - }; 14 14 + 15 15 + nix.gc.automatic = !config.programs.nh.enable || !config.programs.nh.clean.enable; 16 16 + 17 17 + nixpkgs = nix.pkgs; 28 18 }; 29 19 }

-27

nix/nixos/modules/secrets/atuin.nix

reviewed

··· 1 1 - { 2 2 - config, 3 3 - inputs, 4 4 - lib, 5 5 - pkgs, 6 6 - ... 7 7 - }: let 8 8 - inherit (inputs.self.lib.config) name; 9 9 - in { 10 10 - sops.secrets = 11 11 - lib.genAttrs 12 12 - [ 13 13 - "atuin/key" 14 14 - "atuin/password" 15 15 - "atuin/username" 16 16 - ] 17 17 - (_: {owner = name.user;}); 18 18 - environment = { 19 19 - systemPackages = [ 20 20 - (pkgs.writeShellScriptBin "atuin-init" '' 21 21 - atuin login --username "$(cat ${config.sops.secrets."atuin/username".path})" \ 22 22 - --password "$(cat ${config.sops.secrets."atuin/password".path})" \ 23 23 - --key "$(cat ${config.sops.secrets."atuin/key".path})" 24 24 - '') 25 25 - ]; 26 26 - }; 27 27 - }

+23 -13

nix/nixos/modules/secrets/default.nix

reviewed

··· 1 1 - {inputs, ...}: { 2 2 - imports = [ 3 3 - ./atuin.nix 4 4 - ./extraNixOptions.nix 5 5 - ]; 6 6 - 7 7 - sops = { 8 8 - defaultSopsFile = inputs.self + /secrets/default.yaml; 9 9 - age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; 10 10 - secrets = { 11 11 - "tailscale/oauth/secret" = {}; 12 12 - "user/emily/password".neededForUsers = true; 13 13 - "user/lpchaim/password".neededForUsers = true; 1 1 + { 2 2 + config, 3 3 + inputs, 4 4 + lib, 5 5 + ... 6 6 + }: let 7 7 + inherit (inputs.self.lib.secrets.paths) root; 8 8 + in { 9 9 + my.secrets = config.age.secrets; 10 10 + age = { 11 11 + secrets = let 12 12 + osSecrets = config.my.secretDefinitions; 13 13 + homeConfigs = config.home-manager.users; 14 14 + homeSecrets = 15 15 + homeConfigs 16 16 + |> lib.mapAttrs (_: val: val.my.secretDefinitions) 17 17 + |> builtins.attrValues 18 18 + |> lib.mergeAttrsList; 19 19 + in 20 20 + osSecrets // homeSecrets; 21 21 + rekey = { 22 22 + localStorageDir = root + /rekeyed/${config.networking.hostName}; 23 23 + forceRekeyOnSystem = "x86_64-linux"; 14 24 }; 15 25 }; 16 26 }

-15

nix/nixos/modules/secrets/extraNixOptions.nix

reviewed

··· 1 1 - { 2 2 - config, 3 3 - inputs, 4 4 - ... 5 5 - }: let 6 6 - inherit (inputs.self.lib.config) name; 7 7 - in { 8 8 - sops.secrets."nix/extraAccessTokens" = { 9 9 - mode = "0400"; 10 10 - owner = name.user; 11 11 - }; 12 12 - nix.extraOptions = '' 13 13 - !include ${config.sops.secrets."nix/extraAccessTokens".path} 14 14 - ''; 15 15 - }

+9 -5

nix/nixos/modules/security/default.nix

reviewed

··· 1 1 { 2 2 config, 3 3 + inputs, 3 4 lib, 4 5 options, 5 6 pkgs, 6 7 ... 7 8 }: let 9 9 + inherit (inputs.self.lib.secrets.helpers) mkSecret; 8 10 cfg = config.my.security; 9 11 in { 10 12 options.my.security = { ··· 27 29 }; 28 30 }; 29 31 config = lib.mkIf cfg.enable { 32 32 + my.secretDefinitions = { 33 33 + "u2f-mappings" = mkSecret "u2f-mappings" { 34 34 + group = "wheel"; 35 35 + mode = "0440"; 36 36 + }; 37 37 + }; 30 38 environment.etc = let 31 39 patch = svc: 32 40 lib.replaceStrings ··· 50 58 u2f = { 51 59 inherit (cfg.u2f) control; 52 60 enable = true; 53 53 - settings.authfile = "${config.sops.secrets."u2f-mappings".path}"; 61 61 + settings.authfile = "${config.my.secrets."u2f-mappings".path}"; 54 62 settings = { 55 63 cue = true; 56 64 appid = "pam://auth"; ··· 77 85 pam_u2f 78 86 pamtester 79 87 ]; 80 80 - sops.secrets.u2f-mappings = { 81 81 - group = "wheel"; 82 82 - mode = "0440"; 83 83 - }; 84 88 }; 85 89 }

+1 -2

nix/nixos/modules/steamos.nix

reviewed

··· 1 1 { 2 2 config, 3 3 - inputs, 4 3 lib, 5 4 ... 6 5 }: let 7 7 - inherit (inputs.self.lib.config) name; 6 6 + inherit (config.my.config) name; 8 7 cfg = config.my.steamos; 9 8 in { 10 9 options.my.steamos.enable = lib.mkEnableOption "SteamOS";

+19 -17

nix/nixos/modules/syncthing/default.nix

reviewed

··· 4 4 lib, 5 5 ... 6 6 }: let 7 7 - inherit (inputs.self.lib.config) name; 8 8 - home = "/home/${name.user}"; 9 9 - sopsFile = "${inputs.self}/secrets/hosts/${config.networking.hostName}.yaml"; 10 10 - in 11 11 - lib.mkIf (lib.pathExists sopsFile) { 12 12 - sops.secrets = 13 13 - lib.genAttrs 14 14 - [ 15 15 - "syncthing/cert" 16 16 - "syncthing/key" 17 17 - ] 18 18 - (_: { 19 19 - inherit sopsFile; 7 7 + inherit (config.my.config) name; 8 8 + inherit (inputs.self.lib.secrets.helpers) mkHostSecret; 9 9 + cfg = config.my.syncthing; 10 10 + home = config.home-manager.users.lpchaim.home.homeDirectory; 11 11 + in { 12 12 + options.my.syncthing.enable = lib.mkEnableOption "syncthing"; 13 13 + 14 14 + config = lib.mkIf cfg.enable { 15 15 + my.secretDefinitions = { 16 16 + "host.syncthing-cert" = mkHostSecret config "syncthing-cert" { 17 17 + mode = "0440"; 18 18 + }; 19 19 + "host.syncthing-key" = mkHostSecret config "syncthing-key" { 20 20 mode = "0440"; 21 21 - }); 21 21 + }; 22 22 + }; 22 23 23 24 systemd.services.syncthing.preStart = let 24 25 paths = builtins.attrNames config.services.syncthing.settings.folders; ··· 33 34 openDefaultPorts = true; 34 35 user = name.user; 35 36 group = name.user; 36 36 - cert = config.sops.secrets."syncthing/cert".path; 37 37 - key = config.sops.secrets."syncthing/key".path; 37 37 + cert = config.my.secrets."host.syncthing-cert".path; 38 38 + key = config.my.secrets."host.syncthing-key".path; 38 39 dataDir = "${home}/Syncthing"; 39 40 configDir = "${home}/.config/syncthing"; 40 41 settings = { ··· 97 98 }; 98 99 }; 99 100 }; 100 100 - } 101 101 + }; 102 102 + }

+7 -2

nix/nixos/modules/tailscale/default.nix

reviewed

··· 5 5 options, 6 6 ... 7 7 }: let 8 8 - inherit (inputs.self.lib.config) name; 8 8 + inherit (config.my.config) name; 9 9 + inherit (inputs.self.lib.secrets.helpers) mkSecret; 9 10 cfg = config.my.networking.tailscale; 10 11 in { 11 12 options.my.networking.tailscale = { ··· 33 34 }; 34 35 }; 35 36 config = lib.mkIf cfg.enable { 37 37 + my.secretDefinitions = { 38 38 + "tailscale-oauth-secret" = mkSecret "tailscale-oauth-secret" {}; 39 39 + }; 40 40 + 36 41 services.tailscale = let 37 42 tags = 38 43 cfg.advertise.tags ··· 44 49 in { 45 50 inherit (cfg) authKeyParameters; 46 51 enable = true; 47 47 - authKeyFile = config.sops.secrets."tailscale/oauth/secret".path; 52 52 + authKeyFile = config.my.secrets."tailscale-oauth-secret".path; 48 53 extraUpFlags = 49 54 [ 50 55 "--accept-dns"

+15 -39

nix/nixos/modules/users/default.nix

reviewed

··· 1 1 - # Edit this configuration file to define what should be installed on 2 2 - # your system. Help is available in the configuration.nix(5) man page, on 3 3 - # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 1 { 5 2 config, 6 6 - inputs, 7 3 lib, 8 8 - pkgs, 9 4 ... 10 5 }: let 11 11 - inherit (inputs.self.lib.config) name shell; 12 12 - userName = name.user; 13 6 cfg = config.my.users; 14 7 in { 15 15 - options.my.users.enable = lib.mkEnableOption "user tweaks"; 16 16 - config = lib.mkIf cfg.enable { 17 17 - users = let 18 18 - defaults = { 8 8 + imports = [ 9 9 + ./lpchaim.nix 10 10 + ./emily.nix 11 11 + ]; 12 12 + 13 13 + options.my.users = { 14 14 + enable = lib.mkEnableOption "user tweaks"; 15 15 + defaultUserAttrs = lib.mkOption { 16 16 + default = { 19 17 isNormalUser = true; 20 18 extraGroups = ["i2c" "networkmanager" "storage" "wheel"]; 21 19 }; 22 22 - in { 20 20 + }; 21 21 + }; 22 22 + 23 23 + config = lib.mkIf cfg.enable { 24 24 + users = { 23 25 mutableUsers = false; 24 24 - groups.${userName}.gid = 1000; 25 25 - groups.emily.gid = 1001; 26 26 - extraUsers = { 27 27 - ${userName} = 28 28 - defaults 29 29 - // { 30 30 - uid = 1000; 31 31 - home = "/home/${userName}"; 32 32 - description = name.full; 33 33 - group = userName; 34 34 - shell = pkgs.${shell}; 35 35 - hashedPasswordFile = "${config.sops.secrets."user/lpchaim/password".path}"; 36 36 - }; 37 37 - emily = 38 38 - defaults 39 39 - // { 40 40 - uid = 1001; 41 41 - home = "/home/emily"; 42 42 - description = "emily"; 43 43 - group = "emily"; 44 44 - shell = pkgs.fish; 45 45 - hashedPasswordFile = "${config.sops.secrets."user/emily/password".path}"; 46 46 - }; 47 47 - root.hashedPassword = null; 48 48 - }; 26 26 + extraUsers.root.hashedPassword = null; 49 27 }; 50 50 - nix.settings.trusted-users = ["root" "@wheel"]; 51 51 - systemd.services.ollama.serviceConfig.ReadWritePaths = [config.users.extraUsers.${userName}.home]; 52 28 }; 53 29 }

+32

nix/nixos/modules/users/emily.nix

reviewed

··· 1 1 + { 2 2 + config, 3 3 + inputs, 4 4 + lib, 5 5 + pkgs, 6 6 + ... 7 7 + }: let 8 8 + inherit (inputs.self.lib.secrets.helpers) mkUserSecret; 9 9 + cfg = config.my.users.emily; 10 10 + in { 11 11 + options.my.users.emily.enable = lib.mkEnableOption "emily user"; 12 12 + 13 13 + config = lib.mkIf cfg.enable { 14 14 + my.secretDefinitions = { 15 15 + "user.emily.password" = mkUserSecret "emily" "password" {}; 16 16 + }; 17 17 + 18 18 + users = { 19 19 + extraGroups.emily.gid = 1001; 20 20 + extraUsers.emily = 21 21 + config.my.users.defaultUserAttrs 22 22 + // { 23 23 + uid = 1001; 24 24 + home = "/home/emily"; 25 25 + description = "emily"; 26 26 + group = "emily"; 27 27 + shell = pkgs.fish; 28 28 + hashedPasswordFile = "${config.my.secrets."user.emily.password".path}"; 29 29 + }; 30 30 + }; 31 31 + }; 32 32 + }

+35

nix/nixos/modules/users/lpchaim.nix

reviewed

··· 1 1 + { 2 2 + config, 3 3 + inputs, 4 4 + lib, 5 5 + pkgs, 6 6 + ... 7 7 + }: let 8 8 + inherit (config.my.config) name shell; 9 9 + inherit (inputs.self.lib.secrets.helpers) mkUserSecret; 10 10 + userName = name.user; 11 11 + cfg = config.my.users.lpchaim; 12 12 + in { 13 13 + options.my.users.lpchaim.enable = lib.mkEnableOption "lpchaim user"; 14 14 + 15 15 + config = lib.mkIf cfg.enable { 16 16 + my.secretDefinitions = { 17 17 + "user.lpchaim.password" = mkUserSecret "lpchaim" "password" {}; 18 18 + }; 19 19 + 20 20 + users = { 21 21 + extraGroups.${userName}.gid = 1000; 22 22 + extraUsers.${userName} = 23 23 + config.my.users.defaultUserAttrs 24 24 + // { 25 25 + uid = 1000; 26 26 + home = "/home/${userName}"; 27 27 + description = name.full; 28 28 + group = userName; 29 29 + shell = pkgs.${shell}; 30 30 + hashedPasswordFile = "${config.my.secrets."user.lpchaim.password".path}"; 31 31 + }; 32 32 + }; 33 33 + systemd.services.ollama.serviceConfig.ReadWritePaths = [config.users.extraUsers.${userName}.home]; 34 34 + }; 35 35 + }

-5

nix/nixos/profiles/de/gnome.nix

reviewed

··· 23 23 environment.gnome.excludePackages = with pkgs; [ 24 24 gnome-tour # GNOME Shell detects the .desktop file on first log-in. 25 25 ]; 26 26 - environment.systemPackages = with pkgs; [ 27 27 - gnome-system-monitor 28 28 - loupe 29 29 - nautilus 30 30 - ]; 31 26 }; 32 27 }

+2 -4

nix/nixos/profiles/graphical.nix

reviewed

··· 8 8 options.my.profiles.graphical = lib.mkEnableOption "graphical profile"; 9 9 config = lib.mkIf cfg { 10 10 my = { 11 11 + gui.enable = true; 11 12 wayland.enable = true; 12 13 }; 13 14 ··· 16 17 graphics.enable = true; 17 18 graphics.enable32Bit = true; 18 19 }; 19 19 - services = { 20 20 - flatpak.enable = true; 21 21 - xserver.enable = lib.mkDefault true; 22 22 - }; 20 20 + services.xserver.enable = lib.mkDefault true; 23 21 xdg.portal = { 24 22 enable = true; 25 23 xdgOpenUsePortal = true;

+1 -1

nix/nixos/profiles/hardware/gpu/nvidia.nix

reviewed

··· 5 5 }: let 6 6 cfg = config.my.profiles.hardware.gpu.nvidia; 7 7 in { 8 8 - options.my.profiles.hardware.gpu.nvidia = lib.mkEnableOption "nvidia profile"; 8 8 + options.my.profiles.hardware.gpu.nvidia = lib.mkEnableOption "NVIDIA GPU profile"; 9 9 config = lib.mkIf cfg { 10 10 boot.kernelParams = [ 11 11 "nvidia.NVreg_PreserveVideoMemoryAllocations=1"

+1

nix/overlays/default.nix

reviewed

··· 6 6 (loadNonDefault ./. args) 7 7 // { 8 8 external = lib.composeManyExtensions [ 9 9 + inputs.agenix-rekey.overlays.default 9 10 inputs.nix-gaming.overlays.default 10 11 inputs.nixneovimplugins.overlays.default 11 12 ];

+11 -3

nix/shared/default.nix

reviewed

··· 1 1 - {inputs, ...}: let 1 1 + { 2 2 + inputs, 3 3 + lib, 4 4 + ... 5 5 + }: let 2 6 inherit (inputs) self; 3 3 - inherit (self.lib.config.nix) settings; 4 7 in { 5 8 imports = [ 9 9 + ./flatpak.nix 10 10 + ./nix.nix 11 11 + ./secrets.nix 6 12 ./theming.nix 7 13 ]; 8 14 9 9 - nix = {inherit settings;}; 15 15 + options = { 16 16 + my.config = lib.mkOption {default = self.lib.config;}; 17 17 + }; 10 18 }

+9

nix/shared/flatpak.nix

reviewed

··· 1 1 + { 2 2 + services.flatpak = { 3 3 + overrides.global.Environment = { 4 4 + XCURSOR_PATH = "/run/host/user-share/icons:/run/host/share/icons"; 5 5 + }; 6 6 + uninstallUnmanaged = false; 7 7 + update.auto.enable = true; 8 8 + }; 9 9 + }

+18

nix/shared/nix.nix

reviewed

··· 1 1 + { 2 2 + inputs, 3 3 + lib, 4 4 + pkgs, 5 5 + ... 6 6 + }: let 7 7 + inherit (inputs.self.lib.config.nix) settings; 8 8 + in { 9 9 + nix = { 10 10 + inherit settings; 11 11 + gc = { 12 12 + automatic = lib.mkDefault true; 13 13 + dates = "daily"; 14 14 + options = "--delete-older-than 7d"; 15 15 + }; 16 16 + package = lib.mkForce pkgs.lixPackageSets.stable.lix; 17 17 + }; 18 18 + }

+26

nix/shared/secrets.nix

reviewed

··· 1 1 + { 2 2 + inputs, 3 3 + lib, 4 4 + ... 5 5 + }: let 6 6 + inherit (inputs.self.lib.secrets) identities; 7 7 + in { 8 8 + options.my = { 9 9 + secretDefinitions = lib.mkOption { 10 10 + description = "Secret definitions"; 11 11 + default = []; 12 12 + }; 13 13 + secrets = lib.mkOption { 14 14 + description = "Rendered secrets"; 15 15 + default = []; 16 16 + }; 17 17 + }; 18 18 + 19 19 + config.age.rekey = { 20 20 + masterIdentities = [ 21 21 + identities.primaryYubikey 22 22 + identities.secondaryYubikey 23 23 + ]; 24 24 + storageMode = "local"; 25 25 + }; 26 26 + }

+12 -28

nix/shells/default.nix

reviewed

··· 2 2 imports = [ 3 3 inputs.make-shell.flakeModules.default 4 4 ./deploy.nix 5 5 + ./maintenance.nix 6 6 + ./minimal.nix 5 7 ./nix.nix 6 8 ./rust.nix 7 7 - ./minimal.nix 8 9 ]; 9 10 10 10 - perSystem = { 11 11 - config, 12 12 - self', 13 13 - ... 14 14 - }: { 15 15 - devShells.default = self'.devShells.nix; 11 11 + perSystem = {self', ...}: { 12 12 + devShells.default = self'.devShells.maintenance; 16 13 make-shell.imports = [ 17 17 - ({ 18 18 - lib, 19 19 - pkgs, 20 20 - ... 21 21 - }: { 22 22 - env = { 23 23 - EDITOR = "hx"; 24 24 - }; 25 25 - packages = 26 26 - (with pkgs; [ 27 27 - bat 28 28 - fish 29 29 - git 30 30 - helix 31 31 - just 32 32 - ]) 33 33 - ++ config.pre-commit.settings.enabledPackages 34 34 - ++ (lib.optionals (config.pre-commit.settings.package != null) [ 35 35 - config.pre-commit.settings.package 36 36 - ]); 37 37 - shellHook = config.pre-commit.installationScript; 14 14 + ({pkgs, ...}: { 15 15 + env.EDITOR = "hx"; 16 16 + packages = with pkgs; [ 17 17 + bat 18 18 + fish 19 19 + git 20 20 + helix 21 21 + ]; 38 22 }) 39 23 ]; 40 24 };

+5 -1

nix/shells/deploy.nix

reviewed

··· 5 5 in { 6 6 make-shells.deploy = { 7 7 additionalArguments.meta.description = "Extra deployment utilities built-in"; 8 8 - inputsFrom = [self'.devShells.nix]; 8 8 + 9 9 + inputsFrom = with self'.devShells; [ 10 10 + maintenance 11 11 + nix 12 12 + ]; 9 13 packages = with pkgs; [ 10 14 disko 11 15 home-manager

+47

nix/shells/maintenance.nix

reviewed

··· 1 1 + {inputs, ...}: let 2 2 + inherit (inputs.self.lib.secrets.identities) primaryYubikey secondaryYubikey; 3 3 + in { 4 4 + perSystem = { 5 5 + config, 6 6 + lib, 7 7 + pkgs, 8 8 + self', 9 9 + ... 10 10 + }: { 11 11 + make-shells.maintenance = { 12 12 + additionalArguments.meta.description = "Maintenance environment"; 13 13 + additionalArguments.passthru.my.ci.buildFor = ["x86_64-linux"]; 14 14 + 15 15 + env = { 16 16 + AGENIX_PUBKEY_PRIMARY = primaryYubikey.pubkey; 17 17 + AGENIX_PUBKEY_SECONDARY = secondaryYubikey.pubkey; 18 18 + }; 19 19 + inputsFrom = with self'.devShells; [ 20 20 + nix 21 21 + ]; 22 22 + packages = 23 23 + (with pkgs; [ 24 24 + age-plugin-yubikey 25 25 + agenix-rekey 26 26 + just 27 27 + rage 28 28 + ]) 29 29 + ++ config.pre-commit.settings.enabledPackages 30 30 + ++ lib.optionals (config.agenix-rekey.package != null) [ 31 31 + config.agenix-rekey.package 32 32 + ] 33 33 + ++ lib.optionals (config.pre-commit.settings.package != null) [ 34 34 + config.pre-commit.settings.package 35 35 + ]; 36 36 + shellHook = 37 37 + config.pre-commit.installationScript 38 38 + + '' 39 39 + if [[ "$HOSTNAME" == "desktop" ]]; then 40 40 + export AGENIX_REKEY_PRIMARY_IDENTITY="$AGENIX_PUBKEY_PRIMARY" 41 41 + else 42 42 + export AGENIX_REKEY_PRIMARY_IDENTITY="$AGENIX_PUBKEY_SECONDARY" 43 43 + fi 44 44 + ''; 45 45 + }; 46 46 + }; 47 47 + }

+1 -3

nix/shells/nix.nix

reviewed

··· 3 3 make-shells.nix = { 4 4 additionalArguments.meta.description = "Nix development environment"; 5 5 additionalArguments.passthru.my.ci.buildFor = ["x86_64-linux"]; 6 6 + 6 7 packages = with pkgs; [ 7 7 - age 8 8 alejandra 9 9 nil 10 10 nixd 11 11 nixpkgs-fmt 12 12 - sops 13 13 - ssh-to-age 14 12 ]; 15 13 }; 16 14 };

+1

nix/shells/rust.nix

reviewed

··· 2 2 perSystem = {pkgs, ...}: { 3 3 make-shells.rust = { 4 4 additionalArguments.meta.description = "For building Rust projects"; 5 5 + 5 6 packages = with pkgs; [ 6 7 cargo 7 8 libx11

+10

secrets/atuin-key.age

reviewed

··· 1 1 + age-encryption.org/v1 2 2 + -> piv-p256 0D9K1g AgfQzuK8zTSAmT6w9FFj2NdvlhzB51Ji7GtuX4J0CG8I 3 3 + vDUTAGVLkU64Vv7VOSRhR+rkUKgToUbPpoMn0df7c80 4 4 + -> piv-p256 4lCx1w AiifLJqWEV/tgNQ0SfeDBlIdNLrvnOpBuDbiiB0I8hTv 5 5 + +Vgej94UsvIDGttpRvzCvPmo7QE6+ELd9mKKeXoMX8s 6 6 + -> /-grease uSox(G`H uO 7 7 + xlZXv1i5Q2yH1KVSjQqXPQwoDfHUi96mvbqxNIs18744B5ldfqBrn84mpkdbN6tP 8 8 + tie0KgCvAgOnyVLD3Ac5HDT8dTI+/cl/l/4IvBUi 9 9 + --- eNKI5Gl6vJVkGrcpXIXS4WKku70O/K+xvy63BOq1OUU 10 10 + ��u�7t|k7�0���Z����N<�� ��"3���s�C�_�H���O�}�C�jyZ6�|��=K���������Pg^��l*�W�%�N_X�՚B=A�עbh:��]�^$u
�2ՂCҒ=d!�0''���-�I�G��) ���I��j������z��պ���h��������pi�gL

secrets/atuin-password.age

reviewed

This is a binary file and will not be displayed.

+10

secrets/atuin-username.age

reviewed

··· 1 1 + age-encryption.org/v1 2 2 + -> piv-p256 0D9K1g A+iPyQjYjgQe9/AqnaibB8277yU3LiKxg4rKRT92wu7U 3 3 + ODsm9yPaeF+4YW0sJXbTwJHbK7tDVi3Bf1LgkHq4M7s 4 4 + -> piv-p256 4lCx1w AzeUxwfPqRQ4WsaBYGWs55ZhFci8bvZp+cUfJ2I2aPUV 5 5 + 8LwzolJ+HjOPjOyCe9X9iDZiK28D1iIAH2k3xCGP8es 6 6 + -> &{-grease 7 7 + 4lmPvJXO5DJP7cbVjE9c7BlGYrf3NI23o0S5ZxmHOCsaIhCpRUnzSilES5e+C6ii 8 8 + nzvvKo4tz6zLJJ7HM0/+xIYdlI5GBzBI 9 9 + --- bH717Zt05yqytuKpUffqTS3evTjS4Ro9bX7x3uUWauA 10 10 + �
v� �2��-d��^^�}����Y��L�P6���B�}X

-93

secrets/default.yaml

reviewed

··· 1 1 - atuin: 2 2 - username: ENC[AES256_GCM,data:9cA9z/hkgA==,iv:V+lQ5cSrlbdcdWNbUELopnsFDdWxjvBV6EBvqFqZB/o=,tag:rT4VUx5iO5xL5wp8jYzjng==,type:str] 3 3 - password: ENC[AES256_GCM,data:4edw5Isf0XCLtyfyzyQ19aqTouePgVasQxoX84OMqD8vl6pYA/hK6LmCbRXWnZDvVmgKvfvSYaOfjzZpud4a21mEhTa32/24CGpjvn7oJujmiNQUxQHc8iz1/GxnTLYVWVay+wXK,iv:097d5cjMwb+xOvaAzMnWfUQWIR35M+MAmJZvyZii070=,tag:k2bCA5U4pJhLB3co8jI/Pg==,type:str] 4 4 - key: ENC[AES256_GCM,data:oPo5e02Dn0RR1jbfJXXivVK8X+FmxjZgItqJk3XaKFRUWS/CBvCAJE7Hiwz0F79MW48kIPQCXPV15yAtnfIddnowKPfSDkx+8JH6AeXGKohUpRMyN0SqGiLJneWVCz/YDPa/eKhs19zPsWZo/IC+ab1Y0W3CjAt+cxnsZpNQsDa3mdVFtrBF32bROvVuKrI=,iv:wnif68ePe/oQ2KXbhgxpoB4YRjR7pXVG/vqswY5RO8I=,tag:lr+EThqiBFVgPprKgZG1qw==,type:str] 5 5 - nix: 6 6 - extraAccessTokens: ENC[AES256_GCM,data:4y9B/wV5YiRHdHKCoRdVUxuRipe2VSBllisWUd0c1NPHak8dOOcYjemr01rIhlu2L2/gO30MCGm3lAAnd/jIca8DRAIq43vt+gE=,iv:fh6lOK1dbaCU2vvVxW5DtiDqJhXZ78RhwlC53vqUr6E=,tag:/KAlYhJKVsBSWdhL/EJ6pg==,type:str] 7 7 - tailscale: 8 8 - oauth: 9 9 - secret: ENC[AES256_GCM,data:NnGm2EdkgWERgWNNoJ6cWRyuMiF4tyDb1S8jrhzVo57OB+KHCyUfWTya6AMuYjy8wspCxTgxlAarMJMJlUld,iv:4SkacHAC6m4sVnwT2PjSBuQvjy+EsrnZkpaJetUcMuw=,tag:UMfXu2eN4R0+37YQvyq1/A==,type:str] 10 10 - u2f-mappings: ENC[AES256_GCM,data:NdeT8S8chO/b4zbcb1Jxqj2/W0jMvp3W0cXVasV2gp7j/dogIoDQ7YfDqiiGuUs5EeoevNm7AR94tYo5bHhzGQ4yBzE2OgCzHl3XQct4fTaf+FROktZg9aI98teFbuaTMZQQrwgrlU8oqMurH+HM4BJVHuBSClrLM8DFaBR5w81+sk13E/xVgrdldtdhV9KxIxGNTk1+IQL6eoHkZotHJRH9BVhsSjrdUTpy8e4ItG1EgWKtI1x3p1/g7eA4SWHzqYXUR21/AUcp4zXPDieMvLRpokEIFRNuASqOj0hGDOwzUFRdVGnH/yiWBgNQYH9dp4IrrwP9Glk9K7J3ReH5IL/0btChnEVAV+abPfr4noVXo7KQQ5EV4doPzQO7/WaVN2W0qDep462FkT8FX9Q8Y2CeG/a8cShIpLmSNiOf1UIXHB3dpjTr5H4DC36lUKRJ2cur2BJ/Vmq+DA8JE/OERtaeFggMnFlTsu3SYaAx9GO9GjHUWNQsCTTFFyKIM0sHmZ06AJiNx+XgJtE=,iv:n9CNS8O+nW3Pl4yfCzGcKBW6e/IdPNDcFSY5PjblO4s=,tag:N/micx7CYZYNGa7JW7mONw==,type:str] 11 11 - user: 12 12 - lpchaim: 13 13 - password: ENC[AES256_GCM,data:429T+RBs0N7sjh5flaBteU/NYzEaZiBhElsSTGpa5pTkkCR09/h6I81O8PgImnsw3DRwiXVRBSWEyBZ2DdDiExSITJj+KbdJOQ==,iv:xL2gnxGNH0L6wBzBHYk58AoKZnOZhHe7q/ns17NGElo=,tag:WAyN9NcDlLNcYTXK3EWL+w==,type:str] 14 14 - emily: 15 15 - password: ENC[AES256_GCM,data:67se12C/IuhLhe7iY+AuXcGhQaCNEUx3D4OzV5GKqU2MfMUuFQFkWDt2MFF8lM0BkevORd2AwCbRjuovEhpT5ARd6RgDlMjFUg==,iv:uLfFC4tIK+kejVffgKmk7Yqz+d4GLnRRX/L8aJOOYi4=,tag:169agLpBuFLU9fHB859fcQ==,type:str] 16 16 - yubikey: 17 17 - "25388788": 18 18 - ssh: 19 19 - public: ENC[AES256_GCM,data:QeC74Wc5YD1xQzTnpeZT3rsUXe/VaZYf27DI5SSvOXETk6AlIOSM0KYYSRtWUhbAIkMGM7zjnQAo92aQPMAIQi0XJR85BZctxWuZoQVGLwrUdEvnIGGr8bQPqUrNtF7OLhHMf8q030bhX1MNi/OsXSX6HsgHaYv7MVpM0p78xrSPh2uj8Apl4WQ/K8+pXE0loohr,iv:sGAR12/lLS4udyAMJUCk3zCmi99twqInDNaFvWWYhuM=,tag:IgDtnEGtRnkpWgmVB9dN9w==,type:str] 20 20 - private: ENC[AES256_GCM,data:RlX1k5dIjC6sNwDhPVgxk2klW1w94I1MNkeeErA33xOsTemTKxVHUazsXMLtU72tNR17SQUlyXUqzSSoWPaFf145E5JYIdxzMxAeW1dwh6nOK3hcGZuQ5jV+d9jTSBqwx+sfOt9oJAFWEJZQMnnV07wc3ILqdCknHCIcH7y2UE1eBfqdV/+kGslRIMhaUzF8Fs0GArukAJcCOQv0co0+d9C5J/B0SeVYcrrwAHbCseGmqHFQMky7w1BL7x5h9pyZZI6SPsq2lyd6sPq6KQ76sUfJHErv/KEdxFEtu2GnmTcMGzlKY+V7bmVO/wjvD9dIjfyuY5vwqCWd/1UzWF8/fosw6EgE74AKp1wbr0O6SwIjPr21mfOpndN0UVnvEZe6f/bhTEG69EQtLRsKzbJgPmcsQEO4td2x33wZ8cPeUOKiEPrObJlMuLJa8bNZRvbw61Dx3F0HCBGUA1E73sbcSmolVI13StB9zYG2JZX4huFk0QoUjp2YO/6RDyKR0AinMD2d/N2VdPTS9T3W7+3Vz30f1uOY02F+UT7dBpsSx65wkAPfwSM9fe/inlAYqUf/g9t7zkrtpcKInENBZLJwsSd2fMUdrx3RN+E/uw==,iv:ld5tyR46Q5iRMZhtbOb/NKWok+lNwiYXvg1pUeuc8iQ=,tag:hYNoyrOfaXtxfoHDRgRxJA==,type:str] 21 21 - "26583315": 22 22 - ssh: 23 23 - public: ENC[AES256_GCM,data:pWaWlDp586TAZsaPGCytIIQRTs8t20azvOKFBtkba9zsuNJZO2rLjlHPHU5GSw/FSdLyXzn0RN+4/+zhfJh5qKOb/I9QYGuJFVcmXQP/NMWIbiBCYODeeCNu5xKuwBa09TKbp5PewXWJUlwri+vQf1i+ioE6YjrJD9HH4viQz4jnJnc9y+vCPur4J8PhRkOiHuQm,iv:CcaMR5vS+Xn+fLnL5AGE4bIMNoDimgmnjhwqf1osqcA=,tag:dZvQR7etapNzPycPwUGGlQ==,type:str] 24 24 - private: ENC[AES256_GCM,data:B+nr04woe2bgEf8a6I65+KsGiuU6uCLeYKmU/VNh3OhVQXszI3HD8BBnHjMQExJor3VBjaCGIMkI+sTBqdxHs/iITSmMCXXkW5QAPGtiA5vo9YKUXXnr/bntk+FpYASY1LK4OXLCcycY7hI3VnyDEm+Lttubd3SeqPYdcI1CP5NKXdJF+v7JXGAc6auEaAqdI3Yi58Bpt3r+pRJqXHAgp6DlzeL5m4h9IN9gZPHrN6WpCjapiYLmN+qrQF3sSOUeSegDrJ6dCZNcMwsVRoKwc9STX4DGBMhRUgcmhR+FmWrszcEGpba2J/xMY1KsitkjKVTwu5VrA3hM5i5kanVh1cjr96ZsEhbkc/mOsPQNT1tnOIp30qE097Uh4D4swR8LrT4w49z11yziQ8zo/ReOwsP0eZZHpIgajCFbqxsduFQotw3fcmCxAuxvJnHh0BTh8XkhQaMMbFrhEfxM750qkEurPFGvnEv7bjo2N3bs4vexdiQhHn4+qnMRu/Tqo6/RnxD0wI/fYVcr5lM9bUhRDJsk5PUavmVvMTcQNHn6MLyAPb38ejcF5FDFt83Am1ahKb4Oz/66l68OcktxedYFZeQK8D39GDWqgFA1aQ==,iv:H0DFPh8JtARGyNZbUlGEng7tJ57jMtBN9ZJLnhvnQ9Y=,tag:2sgvJyrHmahh5HxmrmJNUQ==,type:str] 25 25 - sops: 26 26 - age: 27 27 - - recipient: age1tq2gcmu4hd4sd89hl7szhd0z8vg6tx9hk3xsvuljm9gsj7n0l4nsl6ad4u 28 28 - enc: | 29 29 - -----BEGIN AGE ENCRYPTED FILE----- 30 30 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhdWtKWXdmeHJNUUxrNkhT 31 31 - dS8rUWxBdWdpaXJxNlN6am8xT2poME1JMUQ4Cjg0YnJvQ20zekFUZ2h4alBVL0hI 32 32 - bHU3ZFlVTW5Zc2xiMmhyYzRlNTZndnMKLS0tIG1PakpaU2Z2M3pLQUhtdDI0Ry91 33 33 - WVc5RXpraE9iQTRIYlBsV29DOFhWMkEKkfZPtpEnkjQxUl2M+LRw8zvkj708mneQ 34 34 - YsIJZlhCYxsCb360XSX8V3g0cmY+mL0PIbSlutI2XCS4+8EBytf83g== 35 35 - -----END AGE ENCRYPTED FILE----- 36 36 - - recipient: age10fa7ce7w6q0ppk5l2gvg6d02g9cmj26rpt00ct54d4latqsnwajs90a43h 37 37 - enc: | 38 38 - -----BEGIN AGE ENCRYPTED FILE----- 39 39 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKbTJBT2s5NmxiblRqdFk4 40 40 - dmNTME1QeitmNEU1Mzk2MmRiTHR2bmRQaERBClNoY0wvL2dMYUo2WlBUSWhIZVdH 41 41 - enFlVlVrY0xvdVE5YzNTMytiU0dpRFkKLS0tIHRIRHYwZTJDYjVsWHgwKzl5SXhu 42 42 - UURxL3hQbEhFOFB0NXJhd1ZJU0FyVzAKzec25rG/rSxzzq1MlPJNzQKBl5yPdvNk 43 43 - Y7lD0YDiSeZeBAVxueY+SAtn3sECq6WqvYfO+pfvoE2Li+skh3Ef8g== 44 44 - -----END AGE ENCRYPTED FILE----- 45 45 - - recipient: age1a90s9rr2t82vlx4q757pvqm88nh572567hssycczv2t5rjhzudmsvqdjuv 46 46 - enc: | 47 47 - -----BEGIN AGE ENCRYPTED FILE----- 48 48 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaZmJ4UFc4T0h6SkFaRVRD 49 49 - alhyWEtrTGJJRjU2NWdobWVISkQ5V2tpUEg0CmpxelFtMU1DOXpJeFNSVTYrLzhF 50 50 - UmhaMDAxNFV6R0pyU1BIeFlZMS9sYlUKLS0tIDJBYUV1QlNFY1FZeGp5MWVXNzEw 51 51 - QTcxREtPbDZ2dWRTNnUyOU84bUI0SXcKoHIdaQdQXjw2JlDrCKKlyAp0tT6W2Fof 52 52 - bg/nFZJerTIGc1Od9qYYTShZGmUM8zUPWXomI18z5vL6yQaI1Op0Aw== 53 53 - -----END AGE ENCRYPTED FILE----- 54 54 - - recipient: age1ke3gya92cy465lp9yxwygckgtg8tcsh366vgh4ywu6edl7a7ca0sgjxrjg 55 55 - enc: | 56 56 - -----BEGIN AGE ENCRYPTED FILE----- 57 57 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQQkp3RzBPOHhpZFN3ZTNQ 58 58 - Zk11SkpxMmg2UWgrdU5xcnk3a1N0SFZ4ZnhnCk0vdGRQQkI3V0NnSE9CTjdua0FY 59 59 - L0JHSklveDVXaytKaElianR3SmJvVWcKLS0tIE9WdCtXNnJtY3dHcEZBSCtsMTJH 60 60 - Z0FFTGd2NUo4Slk3MVViWkErVVBVNlEK2hvRHcZFltNY9I8Qutn8CncWFBFahKi1 61 61 - ozZ+MOYxCtYnAuNCWib1QZNesWR72EFqpboTQ1VoXj6sSFCMtONg2g== 62 62 - -----END AGE ENCRYPTED FILE----- 63 63 - - recipient: age174ngzkzt0czudr4pu69mps5t77nzelgprl2htcwd62n7h740hayqd0zh48 64 64 - enc: | 65 65 - -----BEGIN AGE ENCRYPTED FILE----- 66 66 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWRGxDVkpLc2hlQVJndXcr 67 67 - SU45OW9EVWpBUFV3bWtzdE10SDZRNVBKdFg0CkZOQ1pOaitVWmNQdXgxWVJoZ3JP 68 68 - R0FiczNndWwxSEFwUVhqZ2ZyMkVOR0UKLS0tIGdVOUwxMUc4U1ZMbTlVSXdhYnRw 69 69 - V3kxaVA5RjBTSW1OakJnaWJaVE9HK3cK85bFaACe/UAQPR/xagBJz11bQnzgvcVo 70 70 - sMD9q+PRUVBAO7hy9d+vFf754Ac73JQ9PZEvYM7Y25w6Ak1WM4xByg== 71 71 - -----END AGE ENCRYPTED FILE----- 72 72 - - recipient: age1rsz0jrlkqs2z2p3r4a6qhwnsmyhwgh72mtxvvfwm00qtn8lq9arqa29vum 73 73 - enc: | 74 74 - -----BEGIN AGE ENCRYPTED FILE----- 75 75 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDTytQMWIyR0xWeU1LNklL 76 76 - WXRTZnNFbXB3L2s0aEZkSHJCckNiTVYxMWd3Cmt5WUVJaU41T0lBRjV6Mm05MEdQ 77 77 - M0xRemxFS3g2NldNS28vY2lRcDBWSE0KLS0tIG93dktNQStjeUhDeHZsbG5tV01H 78 78 - ZjU3WHZiSmFIQ1dscHVjZ25jcEcwMTAKuZ0AnlGJMfO91UgFsuYGMjPa29ndUu1/ 79 79 - vQB5nJ7Hc9WvIr6SiqhX74cwj4dCtShUQnwSPRYfrE1uKrAiTZ4juw== 80 80 - -----END AGE ENCRYPTED FILE----- 81 81 - - recipient: age1cfshc5yzepc92mga9pclg6rcj084esq9a8tfe38m9c6mgzy5p5sqgc68u6 82 82 - enc: | 83 83 - -----BEGIN AGE ENCRYPTED FILE----- 84 84 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqbHhDK2Y4N2R4ZXpBQWRj 85 85 - dDJrTTJTZFFHS2YyeEc2Szgway83eHVWMld3ClR6dTBVQ3ZxeTFRckg2SmF5bGhY 86 86 - Y2MyNjhONnpSNnRDc3N0cEJMNEM1VDAKLS0tIHkrSlNhQkd1am44WHprRDgvUHBs 87 87 - d0tBMXZkQnpCenZHdW9SMUs0dUlsTWcKEgypYl2f9UteYvnNlyS30OG3wZXPUEt0 88 88 - 9rwMktnBaYvS8aekWw+zUy+WJZ3YtRDFm4fqykG12mvV1eAqq/Tq9Q== 89 89 - -----END AGE ENCRYPTED FILE----- 90 90 - lastmodified: "2025-11-19T17:22:10Z" 91 91 - mac: ENC[AES256_GCM,data:4eFOQZYosaCTEgWTz2O/+k0NgGHS6Uk4qcNAYZDia4qMUkWipnpueoNG1r9qoDNWpdleTDodYlQ/9lTr6FnA3t7yR9o7KlqAtFB6Z7988IW7mqMmtuaO/ctsKMFrbvYPsQpXkn7+zuYFvWEj7nK27j8TBrPCsnyn2gnCNvEXWMs=,iv:ndiSrNvTL4V9TLX/EqiBHRUQhiDtwrz87HioLelr9mU=,tag:JmFqYRySAK2434Sj1PfUqg==,type:str] 92 92 - unencrypted_suffix: _unencrypted 93 93 - version: 3.11.0

-41

secrets/hosts/desktop.yaml

reviewed

··· 1 1 - syncthing: 2 2 - cert: ENC[AES256_GCM,data:0WeUAZidnJXEDumpWQ+h/UsW6ae3kCPLtJKKbqK3IktVrkklE/3RPli+1q4IRZq0wvXwLIGFKYkynCZhxgM286ITo9rbCKv+Jg7Nz/1gNeExZ+dWgAlHwy5PTYBwp0TTBjwUxjxsIvpphvJwWil7LPbabBaeTY3sHmYvIcAD1hycQDwsLQL0h6Lj6dEZrzQYOg+NsdT9eL28xA1x4Ij/U3qAMHZViY2INpo1ZK+QBEQ3eIIF4/wyPFqHZxk6JqNYTiHr1K0d1HWFHrCWRI/Vke3nKFifnQ3OWAFGhr6edfFTQj9y8wZwZHUEBaNhmUwYdTOWoByL6uCzSiwOUwAz69Bfxt1yrPPEwmpZYwZ6ULmfFKTCtVJX1dIwna6xbVfDZiHrI6lWpKDfrTecDb28tXoKQHG9FauQwf/9XTc4Ny/LaHM0Pu/ovSE3R3aEF2rtELnMWRizrdzNNMq7E58OEvrRSDVLWWZiRLtHmCsmWdaY741EtQQ0tz+bZXEVKwIdxvrglq5eafQBKeW/VGbkYa8VZJkM60tMxJktkhj/OzF9AJEJhTZfmcVNAdugufcsxBd10kMdmtIJoSX17+TOAT3mA4w5E/w8Cz0Kre8JfYYhA7TI4knHdzc6h63XYLvwt+ObbpAH0gzaoHXxw9nnZXAkK0ggprqFeLwgGMbfFqttDWdPeyvx0SesrG9tlQCz+Sx7iYmVXYDAWKRtRLfwOEtOVaCvfw1wN4j4Yra4BfZKUK47MLE4Q36Bhi054hMuh9RoOSmcLZkFCux8PJV64DNNZqE4n0Eed7s/u00QmBzqsqgarXZZXxYntwtT2H0KFBD/5Ma1a7bXnsxs1ln+m3oT2qlabCgz1b7jPQhb+tXMY3+HZcqRlt6Py5Zqh2LYLMYVYvY7vDObSynluEQU+fEpk5WXI9HbYyCibEl+nbqico+4+X61+27p+EBmNlkwpWGeIZJ9uP/Sr7FlhflUdL7JfBUp7MZ8qlQwlNH6SGIbWrK+35+9yybHkqqcg8Rm0xfRHnhsit2tFnfy0VJpTiSSOqUHMQ==,iv:O5gDY8jB2hkv5iqVL3yQ3v0la7J6kBFJFIX58JLmsYQ=,tag:rpnIgU3FXrN1d2n+SBj4Hw==,type:str] 3 3 - key: ENC[AES256_GCM,data:pt9C2XgLsybsOeqYHuLbrGltndZ22bN8kdtVtBoMRiqo2olnswiEnOmGU01ljS/wtPRWpK2SZR6a4SjkCHoK3lpoVSHDUb12lOKqOXQMD9DLtCUg7644Z6C+PTgtkfxd7wD/kAKW2PJKeHDjtH5eDaOI3VOK+SFmFmzdlJas1o6fkbnyFGEnqqkVqMHq4bNSAxk55R9kbAAiHKmIcohHGDF6IBMxrNXekA6YW2e9kmnvxzlnqUNXX9ky6LYUWoZjRCxi5/u5/9+LImmhGAjJyqovKtwQWqS2Bk5xRGoVELgBhEiEGUljdw5DWXxRBbwVveh4xOb+BHh59Wpyzqpo/CLQDbJ+kmg3X3Y6yPXD4LvFELCpE44/AwqiMWGygBBM,iv:ez/v3hepUx5WcxUfYhSFHn6qdz1i9v+bVSgC/GFKYLE=,tag:MS8TPXwRzQ8JgmZVQicfWQ==,type:str] 4 4 - sops: 5 5 - kms: [] 6 6 - gcp_kms: [] 7 7 - azure_kv: [] 8 8 - hc_vault: [] 9 9 - age: 10 10 - - recipient: age1tq2gcmu4hd4sd89hl7szhd0z8vg6tx9hk3xsvuljm9gsj7n0l4nsl6ad4u 11 11 - enc: | 12 12 - -----BEGIN AGE ENCRYPTED FILE----- 13 13 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdXc3R1NzOExVVTZhY0xJ 14 14 - OUhXNkZiN2pEdDFRUEJwMWM5cmYzSGFNVTFJCmlIQ1M0cEVJV0MySTM2amVhczJI 15 15 - YTFyR0ZyQ0dXV2xYUXJncHROTzBIWHcKLS0tIGpaM1A4TkllQTFFSEgrUFpVTWZC 16 16 - ZkZBSFRGSjBjZUlseXNpeGlDVzdRcE0KPs1GIdC02sW1+xw7dfx0ruXcR5VMhnxy 17 17 - 86ioofd+eTyDXr7qAPZ/NBbwN5G/IMT0xxCzsX3oZ1PjM4VKre7eqQ== 18 18 - -----END AGE ENCRYPTED FILE----- 19 19 - - recipient: age10fa7ce7w6q0ppk5l2gvg6d02g9cmj26rpt00ct54d4latqsnwajs90a43h 20 20 - enc: | 21 21 - -----BEGIN AGE ENCRYPTED FILE----- 22 22 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpbElDNG9VNkhiUzF4VXJB 23 23 - K1JMb2ZHSCtsTHdjeFJzMEpiRmxGQUl6NVhVCnZNS3AwWTNITERueGpGZEFjckF2 24 24 - aStwcUs3QTk4YTY5Q08wWm1IeG1aZUUKLS0tIDdITEdUamZIM0N4bk10Vk92V0lJ 25 25 - bTY5dnczdTdkRVBVT0t1ZklyUDd6YWsKwwuYi45ibAA0WEXBYupTeeo2DUy2ZhGW 26 26 - XUglq1UB4Jynps8D7BlFrCnvdJ/d2rfQXkfYZ5MV6MSqtpbChNCCHA== 27 27 - -----END AGE ENCRYPTED FILE----- 28 28 - - recipient: age1a90s9rr2t82vlx4q757pvqm88nh572567hssycczv2t5rjhzudmsvqdjuv 29 29 - enc: | 30 30 - -----BEGIN AGE ENCRYPTED FILE----- 31 31 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3aEpjdmxqbTAxbDAzWUxH 32 32 - RzhCZVl2Z2FtRmtxQkRvbkpJNkxIQnJjR0QwCldPSUVTM3NNVS9iS2g0bm12Zkxj 33 33 - WGZLalJKeUZVL0dGeDZZR3Fob092UlUKLS0tIDJkL1dwYVRDbThFb3JnbkRqbmlN 34 34 - cWRIeElnNWZqSzRZQWI3eEUvRVd5UjQKcN7ne7wQXcvKhqrNS1xe4wISn2Ykb5Yx 35 35 - EITcdR6FSX/v4TvTGxFiq5SJkxbssVzadoIzyPIxGiYaoeMY/hdCjw== 36 36 - -----END AGE ENCRYPTED FILE----- 37 37 - lastmodified: "2024-10-06T00:19:47Z" 38 38 - mac: ENC[AES256_GCM,data:T6EAlyxfQHNvEvqPo9RjHLkyTpSDo3w85MNnTjJoKH9MCcshb1UjbNacQ2NZa95562BTndKB+LU4U6iUf0P9q4nBif3M7GxXyFyObmflqOTpZvxKelsYawqF5aNRnQmAT2voen0EoQ9VYp7XLYKaeZgP5tk4qGqKfcvwmYzPI2c=,iv:XtyEWIwto7kQD1ba21YxWdzQaF3XPTrhvSLuzmvxWnc=,tag:yQvcEp/20xj1coTsg0nHuw==,type:str] 39 39 - pgp: [] 40 40 - unencrypted_suffix: _unencrypted 41 41 - version: 3.9.0

-41

secrets/hosts/laptop.yaml

reviewed

··· 1 1 - syncthing: 2 2 - cert: ENC[AES256_GCM,data:B9xpRnRVkSv9o9jUrFsW4xFeCNqLYonfftRJ93zgiBXGllkg1H2AJHIbXEwX1R2knRPXcMwobu2mdiRZ4cbE4ov8U1WDL6ADm2SY7r4U1NeZej46PFbDjsRtf8PyvAC52wQc3xRCsM2/ZVx+zILiBnPrCk5PORgPsh3uVBq0IFkMXyAoT30/4jk8Apk6XRViQe8tjWqDPtalsJYxW5ax4HR5anTsmomwxeMOhqdCiTWTzmh/QuIBMRkoCx6Q/b583vkjfho4+7MHa5zj6Nqvf3l4g8yhUJgv65lbDCNsOuDzYvSikNFZnrj9JUf34j26lmDNndU9EzBQdEjd0hv6/pygdzUdeRJ0ngylwsy3TZ4xY7YorFtsSli+l5hy6watIvklwkn3VOLRj+1HUlQtfSl6BMloGxjrwAbmW3n0hMk2tH6AKgBSMmRnblfuolnOnS5Ak++/gMQe7vwqV7rdBFRH1TTky6dWhElhA1dnlC1p5Ztn8Q5G8fa3CVF9H2EjaG3HIa0c9ySwx3JsFHK0Aqx62d1CYyFUaYWiDmHitklVOiQ33tm3Nk1jlhNHJhnK4CptyUbOYvQebSA+MWffXK772JM23xZHAV24B4dmbBf3PrKnMG7w7dcONAEPAHTA0JlwjrP04oNFM3XNdXr+BQbQ8NDf1Lqp4OVX78a7vMsDZUAUxRsMvQ5XWcavsCLkIvVoK5kei6bPmRguOeCvqO0QpWnaiOxxwG0TXO06WOWr9muVuP/45vyB2h/XuJu+dOHOvi1P72VEOlks9yX+NNmHWLJWnIkdMBe9SxayI06mQAzVOdDwF5HeHabUkzNZuOB1xRdNz/wcJa3w3nQ7/XxzYptpx16swcJtdfuo7jVRNztpk7AhnWlTyQJ/KbrHvxOL7w/NrWdbUgzqBu0yNU4PrxTXyupdTSTHxGTSB/TLkMxsONGSAueguKqY0bhJodi4aumd4Sl7X3fHrmEjYDvtnqCW3RlHBLi1jY4m1VmMkMs780q9chmttlsP8Nd9qDi+xuz1rh1IJWeS8+Xxz0IZAQB5oBRf3uA=,iv:TlZjBUqK07OqVv2QvHkjnDkJ3YiAv0z5lC+9BPZ+8UE=,tag:oywNslbLySpKvvLaZrE8fw==,type:str] 3 3 - key: ENC[AES256_GCM,data:mThL6ORqr46srmHZ3aDkyfd+AqkL0JM6X2WsdkfXnHq3OdcC0zFLnYpffQDRIRWMX8UNk4+cRQvEp525x8NXGIK0vin/szADdtRKYXh/UsnvUHkJjVU+E7XoXsPOLB5QQQ8GlfFRToCV9u+ZO6eQix4e4V4VgnGcu+IiNMdm2K/RgFZBD4Tx7MBW4IuiM/Vy7Z3hczJVmuTk5KqCx0SDeSHw8Z4/zhe8YLBGvghMjbwJr3yLZpmXiTMQhmYv/HI+Omh6y/bHaEPgepsP1nk1kdsrBnYIPs6phxvklVLLdJ7zUrmDVOpDY46hFSvIXHM33a/BUBj8AKQwIpqcp+rDpSsWbVModOy/mJnqu/8lKMwvxA+k4Fs6oI8yG4L/gR4f,iv:HaVkg7jRbNKdS0qXPNnON8gmT8rS+y7MdzeCvwCPRq8=,tag:7rgwfA58pGtyz7hGjLi+Yg==,type:str] 4 4 - sops: 5 5 - kms: [] 6 6 - gcp_kms: [] 7 7 - azure_kv: [] 8 8 - hc_vault: [] 9 9 - age: 10 10 - - recipient: age1tq2gcmu4hd4sd89hl7szhd0z8vg6tx9hk3xsvuljm9gsj7n0l4nsl6ad4u 11 11 - enc: | 12 12 - -----BEGIN AGE ENCRYPTED FILE----- 13 13 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0M2JFc2IvQlRvNWFQY3R2 14 14 - YjQ3ejFjZEtTNHBIdzkvMURhRDl0WVhtdUE0ClBwTjE3Z3QzMVp6MWozZXBidUVh 15 15 - ZUxBbHFFRDdhVWRNajloeHRqSDYwdHMKLS0tIDdGRlFPRm0vSTJVdnVFam5jY1FX 16 16 - M0cyWEhZUzdHZEtaMzJza3VUbzRvdWcK77RKdJlexwrDXURM330/9ELVB5bheQNH 17 17 - fKE4ZXKdbe4GJH9N5g4BIYBbvjHbzdBoju+/pGo0//qAts8ljRMRZg== 18 18 - -----END AGE ENCRYPTED FILE----- 19 19 - - recipient: age10fa7ce7w6q0ppk5l2gvg6d02g9cmj26rpt00ct54d4latqsnwajs90a43h 20 20 - enc: | 21 21 - -----BEGIN AGE ENCRYPTED FILE----- 22 22 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBERzBad1JHWXl6M2lkY1ZT 23 23 - b0dLSjVSd0pGNExCSEFkdW90eVVoNWNZV1VNCmdLajllUE9UQ013bldZTHV6WlFL 24 24 - MGtrNXJOWWc2ZWpIeFVDMUg3bjJpUVkKLS0tIFd0SW5pNFZrS3lOODR1NmJOY0dL 25 25 - aEtnWXpBdGZDb3F1N0FPbDBBUlpDUVEK9v/TI4HAgPZDnTzCmxfVqsmfvoNbX6do 26 26 - wn56ZTwkn52YweFRTQ0zB2xfTD/kgSHrJ+Rc+oDX1NPs9uKsJpVpbQ== 27 27 - -----END AGE ENCRYPTED FILE----- 28 28 - - recipient: age1ke3gya92cy465lp9yxwygckgtg8tcsh366vgh4ywu6edl7a7ca0sgjxrjg 29 29 - enc: | 30 30 - -----BEGIN AGE ENCRYPTED FILE----- 31 31 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5MG1SOXZaTHROcXlXMmJI 32 32 - bGRHQjQxcnQwZnRtY0s3TGx6TDJFeTFVbkNzCmRrbzdOSDdVZWJMRWIyekQ4bHdP 33 33 - NWtzc0h3d1RzanMvMHVYcW5VZ3Q4cTgKLS0tIGpyTExBTk9XM25JNGdWK05qL2R3 34 34 - a3JNMVBzTUJXbWQ1QXEvOWcyRHpQdjQKZUESMU0pVBWlVBZR9tMJ7Q+S1bvcIlha 35 35 - 5VS+W8aANb7L8kJQ6SSD5x87Ay15eimwQyvhvPx5Iq6NnEbxEa0Mlg== 36 36 - -----END AGE ENCRYPTED FILE----- 37 37 - lastmodified: "2024-10-06T12:27:44Z" 38 38 - mac: ENC[AES256_GCM,data:bkQ8/hYQI+oCW30leILWUef50JSdevJtDA2SmHgVMtefI1G1sSfHIOke29FNl1wGexkj8OFLoQlm4zegnt6WJDqN4Q2GoTAHTki2tdf7YNq+ocMs8HCqcsAikQtjoRTRmO2bhU+9JYnAA1M18upbfi+gUGxNCgyGaF7uRbNp4wE=,iv:yGgALEOO//qR3mXVKJP3y3TfxLtkiXkOiU4tGT0V4OI=,tag:IdirrNVQFJ8AQNP1ozCQVA==,type:str] 39 39 - pgp: [] 40 40 - unencrypted_suffix: _unencrypted 41 41 - version: 3.9.0

-41

secrets/hosts/steamdeck.yaml

reviewed

··· 1 1 - syncthing: 2 2 - cert: ENC[AES256_GCM,data:MTVLUjGNEzZjZ8q3rBxBOQ2BeXdQuiqfPh40eh+/lNOf7eeKh2q8ZNKGR0ZI8TxhyKiK1oO0mq65KlvrVDhsTuNpXUVBSrQ5nvVuETJJNn9FVi0UIUOqELfGtaKq6xw+RbKv3TBnKDyz5P9co1rfoVa5hvWF7rBkXNrkiH1FFXxtvpgEeYy8j5vMfKkW0YhTUth+4mhQiMUu2QJtv4efXeEceY+SCihPc/fOC20Fq/fkXCoNg4OblRJmrrQWyZzZeIV5uCfg2c13t76IyINpC2XX1SL3+I4/ugsF+jerKe9p6B/Zk6PSxaDR+IwGmP2UcwRClheL/XS0B9z8rWXlgS0tIhH5whod27pTkPePyeGH7XqMQsfP75u0bdtfyCKws4LQ8RrU8BjmS60g0VRcSu4Ren/E1+mwZPGtVJfkjwMxVt/OsVR2936069PElKrZmFsTEM8SmLHwD6fRwPHHSDrVu7w3QsrhZbu5Qn+QramGRqkKKJYvr4Pd2PrP8pHwxRVRN2VgUg1LhSiL+2Xk2eA+g+HUk1N5BM+V/6KZ7lXCOrphURZr+F7T6UDJQjkAI4jkeff/ynKFlkOwffvUfuOvtkfwdGvYaxRvydfiy8HuGqnHX0JgnXUSZ609zzs47x5uREquVURjKw+slmfUviXRMCBP0FbtUmYqHYB+xoMnhhdEZqDTueRQo6ULVJFMSvrY28FydR79doQ3CPhnuB+yGr2ymKwezWFhiZk8yXJv05Zc0iDAfjeWTY6YxyM7bGkjFXXC5vegZaswvWtmpjEF5kiTIUEhM1cIdzcj4uyzJq2Vc7drFdgo0RCpYgK5G6PBAVr2LOZ0+e0VKp2O8nWbhR+1mlxwBDsAvKysqtBRw9wRrptHIXs7FYF+eIEpmvQD7wZnMecole8AEz0vbSwXR7gOUcqaoZF1qv7tVeSWnDjbsPG16RwsEJHDOfc+IRr0WXnHyrS6D5Nwyf90UvHsf7qnNTHsIWV4AHefzgSpMEaMtLjJmM9wi73KmFSGtk69Ez/OjKpShsRCTPcJlujWBfPJtb/8e88=,iv:BglGigx6p50q4Nuhis5KDkzipdqXgjIcvrvGDmhA+5I=,tag:fNZRZy9EWPDDQWiuBfdNVA==,type:str] 3 3 - key: ENC[AES256_GCM,data:zKrD3G4mGAG6RUjI/9c8toT1uuSoAm1jsv/7g0t97wGolIkzKUCo7NgSQzgo5X8p2qXU2RBG4nuATVkdPjf9lyQX1V2IWv4mO1w2SYww9ChqY/vw1PKfVaf9GVfIi03Ckj835f7BUBjpNm6CaTIIOjlxgiIHKscEggPF9fwDrpSJsykaoH1ypKjs0OtuRIVK//v8VQw5W6U83asqQlyS9S5yQMsDBR+AW+HXn84yWT1rY5U97bwZaTUvYcdZY4Z6tVanNnx68bL9Rx45ytkrelO0tdc2rLafg7rMF5b4YrUBz+638T4ZJeSXUoYrmSTReOk8LWf68MOdmoePdkSzXdts4xNGmbYeu1XiPDhLMT6F4480Zy1jwhQtjC8Kry4R,iv:+7pmMjoIHQX8JPB188xCASG1JwXDS6KT4NooASuLkF8=,tag:d9Gh+v5RYwoI6v6sYl8/zw==,type:str] 4 4 - sops: 5 5 - kms: [] 6 6 - gcp_kms: [] 7 7 - azure_kv: [] 8 8 - hc_vault: [] 9 9 - age: 10 10 - - recipient: age1tq2gcmu4hd4sd89hl7szhd0z8vg6tx9hk3xsvuljm9gsj7n0l4nsl6ad4u 11 11 - enc: | 12 12 - -----BEGIN AGE ENCRYPTED FILE----- 13 13 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1VXpXMzVqTVFOdzFDZGVU 14 14 - OTFtajBzK1NodTUrekNnWDNPd2gwZXAzU0Y4CnN4bkM3ampHdjF0OWNsRkY2SDMz 15 15 - TmpWbHJyYTIybEFybXU1Skp3cmNsZWcKLS0tIHloMXh0STVJaWkza1krSzNTRElV 16 16 - ckNKbVVKdGlhSXdzeStzZFRPb2hDODQKptZyFl1fSo6S8Hdf3U/CQ/a7ALSuZx0c 17 17 - 3V0+y/pqwE5ok0BJ48ktc7zmpvDLxc1sD3vkqY6oSj79pIhHVQNSYQ== 18 18 - -----END AGE ENCRYPTED FILE----- 19 19 - - recipient: age10fa7ce7w6q0ppk5l2gvg6d02g9cmj26rpt00ct54d4latqsnwajs90a43h 20 20 - enc: | 21 21 - -----BEGIN AGE ENCRYPTED FILE----- 22 22 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZ1UxNGhkOHlkSGlQV2dF 23 23 - azdSeXVXWXhsME5nSFRXa2lNQ1BXOG9uSGprCkQrcW9TZnZmajBTTVd5VFV0SFBn 24 24 - Y3hpWmttSWxpNitHbWxvQ0lHOUdsajgKLS0tICtmKzhPTFhLNVU5UDFURHc2U3Nu 25 25 - UCtzZTAwOU4wU1RmcXRXcG15OTNGTFkKPbbfEN4oaoSn3JoMMkXY4q/kObEkAvrL 26 26 - QuOc+Mkl73qFYNvDL76NH5wqkHKmC+wIPSAaPujC3DK96sO3jLkW2g== 27 27 - -----END AGE ENCRYPTED FILE----- 28 28 - - recipient: age1rsz0jrlkqs2z2p3r4a6qhwnsmyhwgh72mtxvvfwm00qtn8lq9arqa29vum 29 29 - enc: | 30 30 - -----BEGIN AGE ENCRYPTED FILE----- 31 31 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxVkNGb0I1bkRMb3IxOWxX 32 32 - eDlqWmxlYTI1YmhZNldkSXVrajRId240MzFZCjJ5U0EwYTBwaDF1SVUrRUdWWTBW 33 33 - TzFqQ0hRS1NxanZuTWpMZFB4eFRLWUEKLS0tIEc2S1VSL0k0R202aUkvbHNHNHR1 34 34 - NnVDaEVqc2NFZDhFQUtXSUQxWWxram8KjPoPNp7eLhHXzTDQDB/LzK3S7pYPNmvs 35 35 - rndU+MpNz9OSDh+z/wa79U4eFIPHt4LSzYr8k1+8wQo3ZKaVCLn1CA== 36 36 - -----END AGE ENCRYPTED FILE----- 37 37 - lastmodified: "2024-10-06T23:10:32Z" 38 38 - mac: ENC[AES256_GCM,data:jWxddYdQuhu5qmPMbSAT3ELS137PSbWei/L0X2JEZIcZ8/n2YK09Qpr8EIzu51kWMIbwSM958kBvBiShL+DaHqnaEdx47xWP9FYvh5APk4VRlSZa3aLpG+WkYUkRHPZBo/9wNCRyMtbZs0Pq/gs184LxoSIC04dfs0WhdPJNXiU=,iv:BZPGcgq2PoU+OdPVRazP4vnnzCXVgjmrxN7GFZgMd7U=,tag:3RGKNJvt2a/30iJUqZ25xg==,type:str] 39 39 - pgp: [] 40 40 - unencrypted_suffix: _unencrypted 41 41 - version: 3.9.0

+7

secrets/identities/age-yubikey-identity-25388788.pub

reviewed

··· 1 1 + # Serial: 25388788, Slot: 20 2 2 + # Name: age 3 3 + # Created: Sat, 14 Feb 2026 22:08:52 +0000 4 4 + # PIN policy: Once (A PIN is required once per session, if set) 5 5 + # Touch policy: Never (A physical touch is NOT required to decrypt) 6 6 + # Recipient: age1yubikey1qd4evthtmz779wrj5j92j46jgxu87are20rxagx609vs3z3g5535j2jtsrt 7 7 + AGE-PLUGIN-YUBIKEY-173NGXQV46QL544S4ADJM6

+7

secrets/identities/age-yubikey-identity-26583315.pub

reviewed

··· 1 1 + # Serial: 26583315, Slot: 20 2 2 + # Name: age 3 3 + # Created: Sat, 14 Feb 2026 22:09:37 +0000 4 4 + # PIN policy: Once (A PIN is required once per session, if set) 5 5 + # Touch policy: Never (A physical touch is NOT required to decrypt) 6 6 + # Recipient: age1yubikey1qvsexaz0mrwzd6eadgmnupexs0csw6esdzmfzs3eehmn4w4hdlch5j7xrxs 7 7 + AGE-PLUGIN-YUBIKEY-1ZWSE2QV4UFGTR4CPNAGWZ

+9

secrets/nix-extra-access-tokens.age

reviewed

··· 1 1 + age-encryption.org/v1 2 2 + -> piv-p256 0D9K1g A1rzJIhLG8nNJmThsQVMSKrjoi1qx4hHOTydXP9fnTLq 3 3 + 6E9gF6Wtx62hsCJDEVhZKcGwGyRwUVlLGZxYcRvpYx0 4 4 + -> piv-p256 4lCx1w AkKvO+uOWtL90s/MV/9una66nZaeVDvcfMqFYl8IWYlR 5 5 + K9778FQfKienpuxssr9TRPOEu4fX6awf8hiaR/8o+Nw 6 6 + -> )k>e<-grease K ^)TN;40i ; 7 7 + rHA 8 8 + --- MOVKbVgwjZu+sMZ5z7da4cqyQP96K2r/DECZKgXMBtg 9 9 + _w|
���k�d�a2�������y,��յ0J���ڙ��L`�����-��j��KO�Y��~�d�/�ӉJ����lzﵲ�܁_K��������6(��*q���!

secrets/perHost/desktop/syncthing-cert.age

reviewed

This is a binary file and will not be displayed.

secrets/perHost/desktop/syncthing-key.age

reviewed

This is a binary file and will not be displayed.

secrets/perHost/laptop/syncthing-cert.age

reviewed

This is a binary file and will not be displayed.

secrets/perHost/laptop/syncthing-key.age

reviewed

This is a binary file and will not be displayed.

secrets/perHost/steamdeck/syncthing-cert.age

reviewed

This is a binary file and will not be displayed.

secrets/perHost/steamdeck/syncthing-key.age

reviewed

This is a binary file and will not be displayed.

+9

secrets/perUser/emily/password.age

reviewed

··· 1 1 + age-encryption.org/v1 2 2 + -> piv-p256 0D9K1g A2MM3fc8jjxgYnOGuexvk4BvC3g01LWDED3yjAcQ8+ll 3 3 + jM+L15RVScXduhape4lga6PSY6WrTwWv9o86L/qYdI4 4 4 + -> piv-p256 4lCx1w AhqVivIIw5tvU0fdulTiaheDg45XcyFb3arD6HHhch8Q 5 5 + bt9gd4C4dYO87r7e1CvIMJ3r5jS0qdgLg23CfApw5Do 6 6 + -> G"%R|6lK-grease $jrj~(U s| I_nz Z>gjF8MJ 7 7 + RN1dq8wA4FaoQlnMbzS/um4CQ6U9kgDn3p6a2OvWKnb2CoL8GLJ7BUepYn65yw 8 8 + --- pneQxoaynVRUvRcOMkKy4ihaA8XFE4HL7Gz4orRrD14 9 9 + ��_l`���� �5�l�hQk�+��0s�_'h�t��Ztlz�gK�����ct���R�M3e?b�z�����GW9SĜ��N%�+.�lR�><���L$孺���;�

secrets/perUser/lpchaim/password.age

reviewed

This is a binary file and will not be displayed.

secrets/rekeyed/.gitkeep

reviewed

This is a binary file and will not be displayed.

secrets/rekeyed/desktop/022fbda9b7a6fe324d5439baad56d4db-atuin-key.age

reviewed

This is a binary file and will not be displayed.

+8

secrets/rekeyed/desktop/1e2511d7b48b8cf010cd3fbad0797c94-user.emily.password.age

reviewed

··· 1 1 + age-encryption.org/v1 2 2 + -> ssh-ed25519 RuV4dQ Ifr0eg9PQp6RvDk6FvpS0WGjJ9GAWBgucnutsNpbhEA 3 3 + DUZmaqNKVgGF6iDRQULBizEsXEXnAF1ZcQ/xfYSm7D0 4 4 + -> !-grease o {g&O 5 5 + 0PVLNr40M2Uo9UEYSDQE35t/eN9QXuQKWSrsfUdq2AQrAw5xbmswPl4G4oMcVdK0 6 6 + zZm3amUPt8/n4a/kIEMBvpXrRqFYJX/MXWC9jySVrs9gkfdp0BwDZA 7 7 + --- L28uQDHmjI3SbTWMOXm8+2oiuEyDyDO45xhrgrujQ6A 8 8 + ��F�mک*~# a?�.���[Z�I����DZq���_���Q~3�S<��u8X
�]����cF�Ϛ��� ��V)W����˅)z�q*3Bg��ϵ ݻ3�?�A��

secrets/rekeyed/desktop/253812df1777d3e6b3c9eb79068ad6e4-host.syncthing-cert.age

reviewed

This is a binary file and will not be displayed.

secrets/rekeyed/desktop/3de6f93d67eced91f4cfe2c09faf04d6-u2f-mappings.age

reviewed

This is a binary file and will not be displayed.

secrets/rekeyed/desktop/7110400b00825a3032f877aafd4f0d3d-user.lpchaim.password.age

reviewed

This is a binary file and will not be displayed.

secrets/rekeyed/desktop/9b9e75a1cfecce50ef3df20e2c47f339-atuin-password.age

reviewed

This is a binary file and will not be displayed.

secrets/rekeyed/desktop/9f35beec5db9fd76b1ffb3a8c6eb9e88-tailscale-oauth-secret.age

reviewed

This is a binary file and will not be displayed.

+7

secrets/rekeyed/desktop/b431478dc5dd243430445b51a3d6c1ce-nix-extra-access-tokens.age

reviewed

··· 1 1 + age-encryption.org/v1 2 2 + -> ssh-ed25519 RuV4dQ LtzsMZ9Hp+ZsgtKTQ5H0ZIYD4apvj1PR4GjYAfH5jXs 3 3 + wjvylqUMUYkjp3e//L4+Md07l4e3dIc23d1qlepSIc8 4 4 + -> R-grease 5 5 + yuWbR4AR75fY+LoQqJ+5kZQlqW0mPawZ8ddVLs5oH1H5P/YH+If0albZ 6 6 + --- XAaooPquUG7MaT5MYKSY+A7udEbsEILM/M6+fge/3Kk 7 7 + �m��ɸ�VzQ�A\�&�_�@����Zji��!�n�<�ݱV�t�и���Ӻ^�@]�U�\5bB���m�8�.��}ļ<�a"��?����>�ӈ����a�J��u

+10

secrets/rekeyed/desktop/bdece0a54bdc381440fdaeaa33276a18-host.syncthing-key.age

reviewed

··· 1 1 + age-encryption.org/v1 2 2 + -> ssh-ed25519 RuV4dQ ocIEnm40lW0GS6A010vBNZD2GQquw40CSNDXwY1uOx8 3 3 + kcqvZn90mKW3n9Kd+SCmbi5fTYaH2e8UbgcnGjaBBaU 4 4 + -> Z;Qk-grease F*<|C( 5 5 + iWNtHsahhZrUYaG/BvZ2dLQ9rPV8ynaqb4bTq07kKjzAg8SoY9tBQBFZ4Q 6 6 + --- XTSwXeIQ21gPXKmyI0igT6Fj7yTMbfn084X2OqIgmlg 7 7 + Di6]x�Za"�������-��f�`�T��$�c��^�c�n
�E�XX+dzmn9hf��C������R1G?�#`]uW���-�̾����R����ש7��R�Z�}�b%�[v��g�k^�7�R�[�f�0^f,��#^A�C��� 8 8 +  9 9 + �2ƳBŲ(A�M��[v�0���9:B�)MecDR 10 10 + ��C ���+��E�[���2���yF���G�iρ�}������|&�T��LF�pj�_AW��|�$��K�~P��"T���{�I���߃+��=�h�W|Ϸ���$8k�v��K��W��L;�cFjL�)��#�

+9

secrets/rekeyed/laptop/032041edaffdc743c79c0ae7fae9e22b-user.lpchaim.password.age

reviewed

··· 1 1 + age-encryption.org/v1 2 2 + -> ssh-ed25519 9M20hg kFqVPYvudixlbpfZsHHsJQ5ZZbTFavk5gex65RBqBk4 3 3 + wNgVCK0eGwT1d3rJnogGAsLZQ2dBQnuKuhpnzRjO/TQ 4 4 + -> 'mBW-grease 3 }M9tb$re 5 5 + dvZJi8nSGBP5ICrE0hagfmfUj95Dq+IVy6ejLNfji3kzpeKz/HHzs/aW8oPMVkfw 6 6 + l9XtMaE/6CF0l1p1o7ykXGWTMQPfOmQwuQ 7 7 + --- i0w4Z4vy+7BPL9WI23Rt21cO0O89wcbSB/Need5OIto 8 8 + ��-���r��֦���l�,����f��)�4��;9B���$*���}L�-�>�(��JJ 9 9 + u3P!3�kT�tcL�}��h�1?�C��:��|Z���r9�^���1

secrets/rekeyed/laptop/0a2654ce82949ab68784f9891f20c5a1-u2f-mappings.age

reviewed

This is a binary file and will not be displayed.

+7

secrets/rekeyed/laptop/172f7636c66c8d21322e1700fb12222f-nix-extra-access-tokens.age

reviewed

··· 1 1 + age-encryption.org/v1 2 2 + -> ssh-ed25519 9M20hg moRHAC3tKBTR42GATGMd+bDGcTJu/+uJ0YfBHnfcdTg 3 3 + Wyy+tDMLLTpTqfOCAsfxBXZp4ybjTsyG45JbS0wuQTM 4 4 + -> ?m[Q@J-grease 5 5 + ClAEOekjeS7ED+5jYSg7gFlqE8KMWk/qg2wvxsEgku2NsC5iYDWZaiY0fw 6 6 + --- 9f7NP8TnOF2+PAL08RvM8ybekQ+AaPDaSXrWD6bqMRw 7 7 + AL�1�~K>�ȴVt���<Z���Nn��������n><K�Q�zCd�Z��b#|[�)1�œ�jcǃP�&�@J��[_�˟��!�����l���t\*��D�|�a���

secrets/rekeyed/laptop/317f983cb1f84c2b53cfd6b6d10938ac-tailscale-oauth-secret.age

reviewed

This is a binary file and will not be displayed.

secrets/rekeyed/laptop/436ec0f4a8351cc704f0e9341a61bcf9-user.emily.password.age

reviewed

This is a binary file and will not be displayed.

+11

secrets/rekeyed/laptop/4e668d1464851bf35f50089c076c4c95-atuin-password.age

reviewed

··· 1 1 + age-encryption.org/v1 2 2 + -> ssh-ed25519 9M20hg bK5yt1xFLgALpcR+R8D9R1ORZV9zO3SS80aR8HIogXo 3 3 + K+OTS7G/UOJSZZqN2K2V6sesDfDYvGt/PmKDMqxlC3I 4 4 + -> fhtS2-grease ~x5jv \1*<;A MH2HVf e9\ 5 5 + 1T9dQFRrCl+UBThgW7K26EuFWQhWUHif6x2jyVZBOxw0ckC7T3XNkfGuKj4obwaZ 6 6 + 3kUcqFCPqfAudgPcr17p6s1DVrI 7 7 + --- bxU5Rj+72nPciPdaYe2zxVfiv2wAhhP3wO3uJBImlac 8 8 + I�ڄ 9 9 + i���Զj�sC!7�(8N��`���/w�$�6 10 10 + 11 11 + ���_�(DL�>�n���n:��EEz���[*oe�1�g� �z�8�XJah�����m�~:�tT50��T�E\�Q�W4+��@��F���(A9�

secrets/rekeyed/laptop/69a31001645c8b6c8a697a43d180cea7-host.syncthing-cert.age

reviewed

This is a binary file and will not be displayed.

secrets/rekeyed/laptop/97cfd008557ea6c347300727429cc32f-atuin-key.age

reviewed

This is a binary file and will not be displayed.

secrets/rekeyed/laptop/e982e750ad2f9276e3eb51c29c3e0f5f-host.syncthing-key.age

reviewed

This is a binary file and will not be displayed.

+16

secrets/rekeyed/pc082-cheina/1e2d70ea3ce9583a3e598ffe413c7206-nix-extra-access-tokens.age

reviewed

··· 1 1 + age-encryption.org/v1 2 2 + -> ssh-rsa EE65jg 3 3 + lz5+8w+jdDGsAcS2npo8jJYUTyCOypArq9PUWH8SWNJbFikReFBSkxs6E6v4fLzf 4 4 + 6rgnWr+lpN6F9nq0FRfIEYSElcfVj5PhfFBLCIBAXq37R6jFdvHBv6BFN6wPvkBi 5 5 + YwkWDdw1CZPGg/adhSN51QuBDGstwAMX/QFBx4gIQgxmFETpXKNvC8/akuHFcrqh 6 6 + tawJHIBFbB/PrlFs1A93AZOsh7/bzHDGdG8HaSGH9jIgPxmrxVl9IRGsAqPCLLxl 7 7 + ACE06YYJP/CPobZpWMnPZn/T1b4m/YUAFXnA5i53iVTF1yVl63SYrkATARReJYkd 8 8 + Ty11lLKeoZz8o/eqSPRFVNclCkIT0T2d8mgFboldUgcpD2+V0SWs36KrAV+CRYwm 9 9 + Srkp4bbG4kOSTWuJdbpcoRJuJQwZ9sL8ILNwP8E9xsOtXCIB2MUT7QIJ22yuy2q0 10 10 + +5Sp3NcqQWPmk23O98sqQeSei+Sk7EE8Gnba5E0hqtB2JBnuqfdxyBO5lqDevL3a 11 11 + 12 12 + -> QSKsS(h-grease 13 13 + +ity495A4ejza66OAH3zvIFSWZh+59JFIzq9EztAeSP5H+sYucy56O106rhb6eIP 14 14 + /H81ZjeJOZjz2zj2zWvhy0FPe3NVDEPMqRKr6JJBFOwt0qc9VA 15 15 + --- D7T90tboraTMpEN/jAE1Bu+j+afdCHptWmJRjVTEz2k 16 16 + "�3WBv@��n)42�j���������|�Bp�����!7M�+ʋ���F�f�C�D&���]�!��O���x^�F���rB����||�73h���L���X5wI

secrets/rekeyed/pc082-cheina/3a4950c9424dcdb01f7a9300984d0154-atuin-key.age

reviewed

This is a binary file and will not be displayed.

+15

secrets/rekeyed/pc082-cheina/d3a5e341a3b2e26748a0853ea1587fd0-atuin-password.age

reviewed

··· 1 1 + age-encryption.org/v1 2 2 + -> ssh-rsa EE65jg 3 3 + SEUEsKulxuOMviFskL29iVTr1KW6GXTMLFZQhGGDmO4SliqaXwfBRUh3ltHGEEuA 4 4 + C9l0dgjnFS7iH0JoQZmOlbA3IJ8J+1Y0k6lnWLfSKB4V8hh94HNDklAnonWZJ+Ul 5 5 + C8iNiILlhZNYar16t6l2trqvIA8lhwEqWWu/z6UNjwRtgmGa+lxk6zQvnshBzv+m 6 6 + R16SbSjDBvnPAwMWPmU89jFvnkhsm2+q8kgDsrBX2m+7EpqK/7WKCvWE0XvVgs+2 7 7 + zdBP0dSEWD3Na6kTHxT7UM8o0Xsdbt2DzzkRI2R9HsbwMv1Ry4U+hRMXo9y+krr3 8 8 + Sdfp4rYq5t4+sjjlzT09/aPdC9crN/aL7nwPmZYNWHVr2L6zcD0/QdH0WyV4PtXq 9 9 + w5ZrvLallYpNB0Rq+V/WbE2/nAPxH97N4jtgjglqyLVIOMSCHxI204FVrx1QyX7r 10 10 + Di5Hh5xuAPV7M10kYuQgyuHZ59NV3cYQlHAYzuvGgiiEHgJwFQAHY/V5fHu8UPdo 11 11 + 12 12 + -> I-grease yE4Y;S h)'w wq 13 13 + Qpvv2Py3j766s81Ewb/1wxiFVPvBjlRqHU79Grv8k0AK+u9ld6I 14 14 + --- GdFBe5oeQRursjEbrqm/3Ma6Vfam2sLwnOgMO0Lr7zg 15 15 + ���_��]���g��z�:u�cp���v�l�;�0���a�o��'����gnx ��#�8�Ї-����N �j��>�s��|:<�m���ܿ����<MW ����ڈ/ך�J�#B��_�RZ������S

+9

secrets/rekeyed/raspberrypi/112f3b76f728ad9c47ebbe0b0454823c-user.lpchaim.password.age

reviewed

··· 1 1 + age-encryption.org/v1 2 2 + -> ssh-ed25519 7Q9N6w Gl+tUPC2cAE7WHZ9vcJ1v5HFr5asjB46NzFkgc6VbUc 3 3 + /KoIZ2HgdeTem65oU0r3jEwkhfl8LqUQ1gtBJ/rhMQo 4 4 + -> D8qK-grease ~J^ 5 5 + 8znWPj0rhD46wr+2lsk9EfqFFu4eBCPUyRpjoPJ1ZaE8oSRT5SUlutnp7bUrEeuZ 6 6 + N9wf14ffGeQh/3SayVSV9mvwoVInTLT16N1q9WyCo3WaUUlbOQQ 7 7 + --- Cts48uwAud8aUmwvk1WfOHYNkWRPUfR9J3upRVCluCg 8 8 + Q�8���1����r-��pZ������[ɼ'^�g9y��$�D����z��P@�c�V2e �K�9�[���{���%�,{9?� 9 9 + f�X���P����m@

+8

secrets/rekeyed/raspberrypi/2b0fef94f833700897a85aea61f2b7ff-atuin-key.age

reviewed

··· 1 1 + age-encryption.org/v1 2 2 + -> ssh-ed25519 7Q9N6w 3SMy/L4HwR+UAnb806dOMEZZdsV9rFRDLNBI47IsfCM 3 3 + x3iUOXK3i8KobLTHPwC7lqun349k91bgFWOJt1sTjyU 4 4 + -> /GK=.Ot-grease =X glI6 ?** e$[UHWNP 5 5 + /TswQ+LqjbF6qg/S4+dq7FNLndQrIo7pEZ57dkmc9zHOJNMYphfO3qoC8FuVMn3x 6 6 + 3eVYrv6Ij82y9MWIDbrWdoh5198UZFvPy9ogWFNtjxtU6Cm9pl9OVrOdqA 7 7 + --- zVIVUAvBQTX7AHBzSUH9Z6B00hasFM4xvGPBmQJ0/So 8 8 + �E
�����ϞxS`�`B���J���e����9���Hh�vV�Y
;TokR�F��qJe{�(;B`����V��Z�Cy��t)�4�D�z9e����1�H�}fRN�3�Q�(�m9�>��#�������a~��q&s�s3�?ʫ��ۿC�l�5�9h�.� F�}������

+8

secrets/rekeyed/raspberrypi/7232a8f6a2fc258876fa4d2e1ec1d8e8-atuin-password.age

reviewed

··· 1 1 + age-encryption.org/v1 2 2 + -> ssh-ed25519 7Q9N6w 2/ePx4S284SB1gT5OJM0AA8J5pGycOD27Da40zGRaAU 3 3 + hyE6lTLOtG5D/HHo0B24SsfrF8rPip6tkJEW4V19KsU 4 4 + -> 7sn-`.-grease S >= MI\TM^ 5 5 + qmx0n7QbGdl8WODZvKUi4tAJx9dloaRVGJToTCJ0umJLAOHE2vxe 6 6 + --- jxNAx5w+CrYlNQGp4jVmymfxVliMT7+dIi4j9fLd6+M 7 7 + ��NL|�q.0����ҵ�C/�1.���X]9��c_��p��o� s�]c�m���㛊���:w])mo�}�x�������Mڝ� 8 8 + oS�?�!(�Eq7��(��d�y�=j�e`�'� M��������o� �o

secrets/rekeyed/raspberrypi/9a5085ce424755d2a3048a8e43f8b403-nix-extra-access-tokens.age

reviewed

This is a binary file and will not be displayed.

+9

secrets/rekeyed/raspberrypi/aec123d2d994452a929f46a9f3328ad8-tailscale-oauth-secret.age

reviewed

··· 1 1 + age-encryption.org/v1 2 2 + -> ssh-ed25519 7Q9N6w NXgfB328+a9nMohLNItW/yF3MQWEx8nQrJj6vGOydhY 3 3 + uyfBgb7pmygptL/1qpZOuvPwQ8WqjK0gWI5uYj84j0g 4 4 + -> IXbg~o8'-grease 5 5 + pBlPftSQDw/3SXNQyMBZAfvJF4Y151TQZMKiDryH4+WHu0G2uRLrye5DqGhbeNNO 6 6 + w+bURiSKXg 7 7 + --- Edv9UQJzFK8DBVE0SJkeotu3qieCrXW56WD9VfxFsAI 8 8 + ��?��w:�=ǚ<�IJ����k3Rf�Q��Y=zx��YG
A�d�$��rc24z�B�V��4�b��y�~�� �G�{�I�W�T� 9 9 + ^(�p���m=wй

secrets/rekeyed/raspberrypi/df6b34c90fcbdf12dccd55c27804ca79-user.emily.password.age

reviewed

This is a binary file and will not be displayed.

secrets/rekeyed/raspberrypi/f042f14639e0c43ecfe76cf43e72f600-u2f-mappings.age

reviewed

This is a binary file and will not be displayed.

+9

secrets/tailscale-oauth-secret.age

reviewed

··· 1 1 + age-encryption.org/v1 2 2 + -> piv-p256 0D9K1g A4iPqYikWrbYFNvVzW2gs2GfhoQIpEfc9DilhCiCctjr 3 3 + q0um7wfdAWFrd0QVSIL+gisBMZS1wbyV4W4ZDSZlQlQ 4 4 + -> piv-p256 4lCx1w At8o398WWqIoKdZQN50CjmW3naIjvNSjn9H80e6Q43y1 5 5 + VPz3s9+ZwdAOYA06iRmyWYeQ7/qfx1S/b3egVBRigAw 6 6 + -> zw4[q-grease 7 7 + k7YR8Hxmq5pTcBexkqS5mjiZ4DpVdp+ixaU9HCYdQYAXRtqvrQ 8 8 + --- caOeKMw+a4Vw6C/a+0DfVBrZ1W0XeX4wu1pfKNZSqC4 9 9 + g��������}2�+��J*`�^�\ႺKnҊ�9�QiI$������3((��lf��4ܽ�mp�k�R��OX�vU��fP{A��݌@��d��۪E˖

secrets/u2f-mappings.age

reviewed

This is a binary file and will not be displayed.