diff --git a/.sops.yaml b/.sops.yaml index c17ff2c..75617bd 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,6 +1,6 @@ keys: - - &master age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr - - &host_luna age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez + - &master age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt + - &host_luna age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr - &host_mars age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy creation_rules: - path_regex: hosts/shared/secrets/.* diff --git a/hosts/luna/default.nix b/hosts/luna/default.nix index cbf4d31..ef61018 100644 --- a/hosts/luna/default.nix +++ b/hosts/luna/default.nix @@ -92,6 +92,22 @@ with lib; geoProviderUrl = "https://beacondb.net/v1/geolocate"; }; getty.autologinUser = "${username}"; # hardcoded because this is a single user system + pipewire.wireplumber.extraConfig."luna-20" = { + "monitor.alsa.rules" = [ + { + matches = [ + { + "device.name" = "alsa_input.pci-0000_00_1f.3.analog-stereo"; + } + ]; + actions = { + update-props = { + "node.volume" = 0.1; + }; + }; + } + ]; + }; udisks2.enable = true; undervolt = { enable = true; diff --git a/hosts/luna/users/shorty/secrets/id_ed25519 b/hosts/luna/users/shorty/secrets/id_ed25519 index a9cfd14..29e38cb 100644 --- a/hosts/luna/users/shorty/secrets/id_ed25519 +++ b/hosts/luna/users/shorty/secrets/id_ed25519 @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvOXI0Z0ZIM2MydzUwWTBX\nVTVhQ0lVR0lIS3JjSjN3VzNmMU1qWFIyWVdRCmhUeHd6elRuM0RMYW5QdHBSdnlo\nWmxPRXdlQjJtMUpxREluSHpPZUlpeWsKLS0tIGtKTExwTG5XMlFHTUQ3eXRDL2w3\nRTZTWGZkQUtHT2pVUU45RTEySmxsMTgKyrJUCN5ooCRoZe+VJeEW1mIPLnTIWxRw\nZ3PzJkw0YPEq8B+RvWjKDeip5uj1RWJOgU5sl1ngf5CbN37uUIAlAQ==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzQ3R0SW9vck5YdmtkaDlD\nTDJIbWFkeTVMOUpaY2hUemMrK2c2aDJjbzNVCjdNVmovb3VGQ2VWTnhaVS9kZyt5\nN04wNXNVblJzN2o2THlXMGRyY3l2MGcKLS0tIEQ2a2tiTktpWlViditZUU9CbDJJ\nN1FkWkdIZjl5elJiWS92Z2U2N1BYcTAKSWthfiDVJ5A41/GdUaLHOOP7JU+vGmEO\n7bj84M7Gcq4o09EZo9BIIVfUGsKQ6vH+dRb5NrjELK0ngeybsPF3dQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVzFOQlMxdzJLRmtOMmd5\nQVIzYWwwbkRlb0tJOTRKcFlzUlVqNnNUSFRVCkd3SzNBbGhQNU5LL2RKbWlGcEh2\nM2Y0NlNicEl1S2thSHNPZDFubUIvOUkKLS0tIGNTQTR6dmxaV21UNGN2T3FoUWFG\nMDcxN0pIZjVORDRTcmhMd1RUaGZ6djQKySiQjwuQwTx8WmAqrqu94pByd+cUM5O8\nG38dnvUaRhC5DjShbinPJiVdchV9lqllU2dYaWq9voY/RCJH4EMm6Q==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYUXF5U3dKM1NKUVYyTFNE\nZTNYR2txSzd0cHpsR055S0lnRWRuZXpVN2hzCm1MQ1dqbzRGUVIyVXhIWTBqeDQ3\nS21QRHJsRTJEOFBMK0YxUVZyYVlDejQKLS0tIGRRbE94S3dBWFBBVk9QM1FYRGNO\neXF5V21Uc0dIamdKdGNiYzltWlVyN0EKZf/zyXhbN9DJHeyrWFAhaTJr5yR05KIP\nT6Jy2cgOxt6MaqjeOcxyWdF8mA1BZBoAdipi1mD68L6Uth91gZGHBg==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-24T11:14:20Z", diff --git a/hosts/luna/users/shorty/secrets/id_ed25519.pub b/hosts/luna/users/shorty/secrets/id_ed25519.pub index 59b587b..64c23b1 100644 --- a/hosts/luna/users/shorty/secrets/id_ed25519.pub +++ b/hosts/luna/users/shorty/secrets/id_ed25519.pub @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0MUNCU0VEaWF5cVNydGNQ\nZXRKNzlla3k5RkRNZkM1dE5oN29HeXVRRDI0CmkrM2U0TEFMMk9LUEhDQzlBMGpQ\nKzB5bHFWRnFhR2xrMHpYMVdnUmJSNUUKLS0tIEVuUWF6N0YzUTVzR1lscnphWWxy\nNy9UaVNITFlxQ3NnNWNDMzRWVnkxUGcKvKmoT3SqPcyM2Fhoxc8mSJl06rV8hlhI\nFftuxCOO/04lIA7FHHrEHRwON/OZKSwe8ZHkq8ojvUyhPsS9CF3COg==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBScElsRFpOeCtTQVM5bUgw\nZk41QStsY2k5TE0rVUZ0a3Fic2hCSVM1ZGljClA4Y1M2ekF4Z1BmRFlZbFFoSjY4\na3ZkaGF2L2hTZXB0VVExWWVKbTZiRlUKLS0tIFBnbVhMREJVeHAwYWM0dlNUbEV4\nbUNOK3FVakZkQzR3QjFGemRPUE52L0EK+wlAjUa2D8w5z10lf04OJ9U5ZHqqeyuc\nVPo7wy8p1/aH0D1RN3882c90khDYrL5AF55mj8BC4VEOpEUsKwR1Dg==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOOUZmOHRBR0NkUkdmRnk3\nMGI2QlBVc2RqbHMvS1FCSmV1WHBNSjRYZkdRCjhaNk1OZ2lCbGhtTml5SStsc1ZN\nOWY2ODNCdGt1ekJKZjE2NnQwVjNGMzAKLS0tIFFoZndSVWR5cmhMTGZmVnUyNk0x\naS9FSWU1SS9zakRIWnpYTEladUxTR2cKdJUuLUlnb4/wrooyOx1rCt/sOcrBNna3\nAkglRjSmmgAmU8xkdA3ul/3ROIwn22xgp61BIRCwPVCLDOx5KfQ8/w==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhZEJNTFpQa0lCUW0xcGdj\nSytGVS9GN2pJUWN3ZUtSSWlWcjZ6dkN0Yms0CldFc1FwWHo3WjJ3MktVR2lwQ2tR\nd3ZMeGhRNHhJYWVOYXNYR3Yxci9zOE0KLS0tIC83c3dvdlFUeFlvdzlkWlplZVF3\nZzIwcE9JMlBZSEVyNlovWEt1dnpmVDQKIq6NfaH84i9E3wE3WKRWW+rHTYFrv32b\njiT/2vqNTNxiiY8U0KtGZN9x5MP6c+g9xY0WSMTv8ZDoODRUlKUzBw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-26T18:29:50Z", diff --git a/hosts/luna/users/shorty/secrets/passwd b/hosts/luna/users/shorty/secrets/passwd index d0eb601..4ad9e9e 100644 --- a/hosts/luna/users/shorty/secrets/passwd +++ b/hosts/luna/users/shorty/secrets/passwd @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBY1ZtdkVEUjRBZkZHNXox\ndWFhY3dIR2UzRmljNWU2cHk0dC9IU2pxVEVjCnhObHUzdVE3Sm9zdGEwK2pKVldP\neUtCZlk3VHhrQk1mMjFaSjI5ZTZqc3cKLS0tIFJyRjlLbk9ZUWVaZEd6UVRNOElt\ncTFPN0x1ckZXVFVGdVhYU2k0SjFiZG8KhvILNAzA44RmuvHlzmqVozyB6r2ZbQch\nl3S8pq0pQ5yN+4DKWKeNK8QEFZ5QCs8Ts/14wbJpdrVsQCkHy5R29w==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1aG1HcDNQSjcwZWJUYk1U\nNjQzUXNEM0tKL0o0U0swUlp4UlZ5a01PVTJJCmN6NjUrN3hSdnBZbjFRYnFPdkR2\neGloNE9Ga1BPMFdwdGk4RC9ISVhQK28KLS0tIHJJVE5mTXh3azJEYXNtWm9FTkd4\nbVlUUlBmcG1VTFJrRFlYb0xackl1ak0KXSzw2EaC7IL1L/S+j9Qh+FxqwcBpwgqY\ngSM2tIvQ7xdwQG2P3lNTHX+l34MwjaQJKChREemZySTFMgvm866kEA==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvWGJwaC9MMUJnZ0hVNG1H\nWGhKZzBkbEFpU1g3ZWJCUWlWRFdjMUY4cWxvCmhGUzFhU1ZJMW9Yc1E3Z1FLVXl2\nODhSWEJaUG9EQUhpSE5sd3MrNFA5U3cKLS0tIDlzY1gvMGI5WG83OTh4aVB2UWNO\nd2hoUGVnN01EZnhCY3MyL3FFWm1GTkUKpHob+VsJ7nmI+6avBOl2+hNz+9RQge9Y\n4WJQWkjokBNDVe/UOzRBWBWFzP/BmBzDSSepeqGWLP33ZP8R2wUnjQ==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGa2hNbzJZck92UTFNb1Ni\ndXp1TFR1emVhaFFqMHZZa05TVlNzc0ZEOVhVCkl6b09IVnFONTJFTVJqRk04MW5L\nOHdrSXRjVmQxWXJEVHZESENOOVg2YjQKLS0tIG1MWlU0bmFWTGxBcGN3OXlPMWZp\neEk2Mm9jVDk5RjBYMzl2UHI3UVAvYmsKZQAWNxU9AwlgohjgdOgbUi6xpRJvdth0\nsI+P2unsIEtABw98TfIjGpC9/3w95NkMKkJgRbZ/bwuttdseW8jnMA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-03-11T21:49:48Z", diff --git a/hosts/mars/default.nix b/hosts/mars/default.nix index 16923d7..cd57fc1 100644 --- a/hosts/mars/default.nix +++ b/hosts/mars/default.nix @@ -30,22 +30,19 @@ in host = { user.${username}.enable = true; - network = { - hostname = "mars"; - }; + network.hostname = "mars"; docker = { enable = true; rootless.enable = false; }; - k3s.enable = true; openssh.enable = true; rclone.enable = true; restic.enable = true; }; services = { - restic.paths = [ + restic.backups.remotebackup.paths = [ "/home/shorty/.config/server01/" "/home/shorty/.config/piratenportaal/" "/var/lib/docker/volumes" diff --git a/hosts/mars/users/shorty/secrets/id_ed25519 b/hosts/mars/users/shorty/secrets/id_ed25519 index 2b57b2d..b0267b8 100644 --- a/hosts/mars/users/shorty/secrets/id_ed25519 +++ b/hosts/mars/users/shorty/secrets/id_ed25519 @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuaDlMUVZwMExGNk1mU3lX\nWG94RmxXckg3R1BIOTZnbnQ1MTFBVmxobWdnCkZoUDZzNGkyRjRRRlBJdDF3QUt3\nVGltVzhSY2tzMEo0eTltQ08zWkN1dTgKLS0tIHhDRFRyL2I4Qnp1OHhWV2ZaUld2\nOXh0V1BuTkN0NUJHTm53UzNzcmRKMG8K6IBsrkRwRFJDt4jjhUUg7UcWLQK94t02\nZggif+q3yDuFkVRfVS6yxyMXti9BdcoCmcGS7O/fBRcdh61LMEwxRw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArTSs1eldFb1ZaWFBSVTIz\ncFhKK0gzbm85OWs0WnpFWU44NWNQcmk2WjE0CjI2ekZBOC8vam4vTzE2Z2xDaFRB\naUZVOXh2RUFNblErSWk2dlVYSUFmRDAKLS0tIDJHZkN6YmVraEE5dWxUdFN0VmpD\nTmc4MVRoQ0FrM1RhMFlONnhiakRnUGMK3+2YZ7ch2KMHbvjzTrOBoWnLhzXnsn4G\nqQtVWhMbPn3Zv5xiYHNcGKOdrAJyBUlWT3OsaVaBDcBHaX7gKM6YMQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTmJtemFEVzhSay9HamdM\nMzBiMC8zZnpXcVFlNHJQNG41K0FiSTBsQlZ3CmkzRUI2a21hcmFNbDBva25JcTFk\nbWNpQldhZG5qM2pxZCtWcER0S2lEMFEKLS0tIGRDa0JEZkFOaThGMTh1TTFpSmRh\nSm9LYlhqSzNhRDlnTUF6MEhjZlBSanMKHzSjslqK/HiSNMaBtNYNX06Dkfjb7Auf\nDwC+LzRhpSJdi6W99OLYiCyIOMeeCZs73u9gOw2ZwXRaCxE0lMM8mQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnaVoySVNOaTBFSGlVNEov\nelpiWnQ0aFFoaE9qYWVoVVVFUXAyclpVVTBrCmt4akxYbllWUG9EQ2tYNExmQ0E4\nNWM2eVVkdHRydW4ybzhmeFp6VlhjbUEKLS0tIDdxRXNXOCtnTXlGRHArSUk1NnNk\nTWMwcGFoNXVsWlp5TTJ0NXhtdy9XQ2cKiLuO2+MCU2e50d4WIDAVDj055/h877ZG\nXTUEbQ0gDO0F8Rf72EzoqjebUvJV8UEGMEsEMpKNAyx6C6ceget4Kw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-24T11:14:20Z", diff --git a/hosts/mars/users/shorty/secrets/id_ed25519.pub b/hosts/mars/users/shorty/secrets/id_ed25519.pub index b95abe5..a679ddc 100644 --- a/hosts/mars/users/shorty/secrets/id_ed25519.pub +++ b/hosts/mars/users/shorty/secrets/id_ed25519.pub @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdkEwN3V1eEZSSXBhZmJN\nMnQvdFpqcFVZazNQN3hJV21QN3I0MmpWZms4Cno2V0xyemJBUXhXVHE5SEdrUmFr\nYWsvdXJOaWNYcE5jN0M3MGhmclpXY2MKLS0tIEJvb2F3UEVkY0UxUlp5TWNua2RF\nZmdzQWpYclBBeXFITzlLbVp5QmNrdkUKK/AzjA5MyrKAhTrKy5V+NwaUW93QATcP\n6TjphiCafQhquVI1bc+E9R9tUSnrUrwRveIUfbmHipXAn1xB/H0n/g==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSKytFSE5YU0hUaTZCWHRw\nYTREV1ZFcnphQVlLb1RzeUx6T2ZxZmt2TGlvCkk5eG4rYkE4UHdXTENxcldwQytM\nWi9pRGdNLy9zKzhaS2w2UDl1SFYzU00KLS0tIFo4SW51WXpoa21SUUxKSjdwd3I1\nRnR2bjB3eHdTbytTV3hOODYvbDlCNVUK8a2OpDlgGc3HYgvVYy6hMi2EV6aGwlm5\ndXn9Po14OOX/En7VL3KaEUpNvTvf8n3PNayK+1/J82wwjlaOcc0Q6A==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxQ0orSWRzZE03RHRUZVdS\ndUkwRzFJN3h4WUxVSGtyMVlkemt4aHNRQWcwCjdBMUJUaUpCYUpvREFyVmxVdTlJ\nZWZTaTV5aVd6eW1NUkNnQXF5RlJqRE0KLS0tIFVTd0ZxQm5jVkhLVUQ0UFZCN3RK\nYW1CM2psaUgyZSswK1RJVkJHN0l1aFEK5j6BWgI40tvPDhSLCqOSytfwKQWwtueZ\n+VaBhRjy5yw2UQ6k/2/hb8oCLja7DFGoirnZMCZewLhX38Rnvp7hxQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCa2NVa0U3QTZkK283dkY1\ncVBDTFBQVU1wU0VDaUZuOUFZUjEzM09IUm00CmJOM0NBRmROOHpUWk11amxFbDJB\nelNaQVlJdld6aStEbTY4UURCUlBpYmcKLS0tIFFjWmZtY09JNW1kc0FiUi8rNVhP\nUk5sUURFSUFmclo4T25ybzc0cFRaUmcK8z1z//9A09ZG/Hh3hyCHkxSWhhRPKTSn\nwxYtI1yBI5tL3SUjJFKEqvYKETUJUnTBZuYj6b64TmTiKQTVfahOIQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-26T18:29:50Z", diff --git a/hosts/mars/users/shorty/secrets/passwd b/hosts/mars/users/shorty/secrets/passwd index 2dc2586..69cf33d 100644 --- a/hosts/mars/users/shorty/secrets/passwd +++ b/hosts/mars/users/shorty/secrets/passwd @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJMTRWM2RBdHVob21nK2o2\nY29MM3JEc1lUNFNjcFdKVEdzem9FbC9lWFhRCjZMeituVzlTVExTc2UxU21jWis2\nRFViS055Ump6OXozYTJhSXVUSUlRNlUKLS0tIDFBTU4xZ21YUVhPTUgraFdlSTVY\nZEdrb0huVmVXWUw3SHNLTVg2enZMR0kKpbLnkp0Qjph+EwcKRwOdcqSmIIDXR6XH\nopLe7bAwLlzZWK4Vvs3UuXfOtSZaCvHUAEvi1QMDgO92q2EZw1tTrw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0aWk2MDRBYVhhOUJ5L0ww\nWWZROTM2eTFxaWNaa3Foem05MTM0ZFcyampnClp3NWJyYndCK250UXJXM2ZYdWli\nZFNTUlZBV1VhUU5WQUx3cHhsVEtMTjAKLS0tIFBrajdqenhPelV2K20zRjBpLzlL\nc1FyTDI5cFF5RVlIMmUrZ3pSbk1OVW8K2MCisplW4s51i73uqBJk7xLiJI2VEtMo\n7M3quafMdlu6JlNHAs4NbMHCmzgFOTKUA/wuVIVoTmI5YMc/8XJXbQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4dmhOMmlYWnB0Y3Z6NWdW\ncThUbWg1empjbVRnS3FvY0MxTzlQczJod1dZCkFiRXB5eDg0TWptbUl3YVVJTGpH\ncW1SOThXejZDa1lFWG9NMnNIOG5aWEUKLS0tIElpOFJuL05sQTY3ZHJoOEdqRjJL\nUFRqY0Z4L3B5eFRFR2xOWVJtL3V3Nk0KKHTY3ErygB7/sSCjIrEDI2IY68/QKGUX\nmzgaDB2tqFDFMmNm9jLiawBprtTXxbaY0W7mwF+mBXQMF3IFj3BQ0w==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuNzFNK1hrbXRQeVFHT1h0\nd002dllYT3F4bFFDQUttazV1T2FJNXRqekFJCnZRSzd1SWJsT3A1Mmk3TGdPOGtj\nWjNEQUNNZTBOeng0a3MraXlIUGk4MW8KLS0tIEY5djFvVThRODR5aFh4ZFRJVWV6\nM0t5MlN6K2lQclREMjhSSFdhNjdFS0kK4cXvECjpN7/bwfpHrpDYIXsJsW0yQDvy\nzRGc95fITnQ1wm117vjc2ypYhrgHOxKmqzWKOLrIZAFvxitaO22vtA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-03-11T21:49:48Z", diff --git a/hosts/shared/default.nix b/hosts/shared/default.nix index 8fa2b55..21494ea 100644 --- a/hosts/shared/default.nix +++ b/hosts/shared/default.nix @@ -13,6 +13,18 @@ with lib; sops.enable = true; }; + boot = { + initrd = { + systemd.enable = true; + }; + }; + + networking.hostName = config.host.network.hostname; + + programs = { + dconf.enable = true; + }; + services = { keyd = { enable = true; diff --git a/hosts/shared/secrets/rclone.conf b/hosts/shared/secrets/rclone.conf index 5fd0f5e..56b5721 100644 --- a/hosts/shared/secrets/rclone.conf +++ b/hosts/shared/secrets/rclone.conf @@ -3,16 +3,16 @@ "sops": { "age": [ { - "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjV3R6b2wvZ0U3RjdMbVJO\naElNLzN5MkQ3L3pheUZOcHJ1Qm81RXJnVGlnClliUFFOOTJrTWtmRFJkWlNPa05i\ndlVYNEExVDBYRkNSd2ZUMHFkWG1DVU0KLS0tICttSHo4K3JVeDlsQVNJTDZJNExX\nVnViWWV1VzVZUkpyN29FczRSVjNTSDQKUevwEgjQDm+kNG27/NLyU6L5eOG2JRB3\nUqInB7bdt6+VknQszVUShce+FFep+7aKg6Pwi0CpZ7cNKUBRbSviDw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkaHdNWlZkWkFGdDNVblJW\nS2xSREIrR0hMT1IyNk9VazE2SDlYMEZFNkZRCmFFYU95VXdubmFVNE5ld0YwdUdo\nL2NySllwR2luSklEdU12amRkUENsYjAKLS0tIFcvNjNqcUR0bUNySmVINEJQK2N6\nTHV2bS9CS3VzTFN1dHdsVjdPQitaZ3MKwM4Z46yVulFEe/Pu33TDyKF6NprjSrsE\nLqr597GUP1jtn9Tp/VJdysP+ZZHhEkd0qaChMuB3igTvaUmfl5ZDEA==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqcFYrZHpLanRIK0Q4c1hr\nYktmYStKd0loRlpTQmVQUkE3NDZWS1I5YlFrCnJoYW5lRGNvdEhPTGJzRzVSQXJI\nQUx4ZFN2TnV4WnN6M3Q3Y3RkL2xGdUEKLS0tIFl1eWw4enY5QlZCdEp3SlF3RFVR\nRkJERldsamFpNG5SekpIc2ZwcHowQmMK0TiAWqcBk0nft+PzRWJBGmhhQrxZJRie\nrBf5hVmseKAWTVeuSeBVi1XVGLqQttsLClNmu8J7g2nPmHaiAqztOg==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUT2JPK0FZVGdtYWdGc21O\ncjFRQVpnNnFrYTJDNTQrbWNsbVRJZHJDM0VrClUxYmVXQTZ5bkQzblBVa0dWSXF1\nZnpDTUtyRTRvck1Sam50NEI5ejRReFEKLS0tIGxXT051cGlKK1JMeWFRVEtoNzg2\nVDRpTGo0Sk5FNTFyQ2pFdEtBRlorb0UKo7W0LQjArTceUyfbUZgoPsFV+o1i8/h/\nPb2isy2odFLCmAUH9F6bzi2i6bzFaqmWQVk0iBApFuVtjQ/kwEacxg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2SFZOSWZidWZBSlczOGVm\nZzdNcG4wMlROSDkzQ0NjN2ZINU5GYXVldVNJCnBYM1N2TUZXVHRCbzByRE91Q1F4\nM2JTajgrK3MvZElqdEJ2SXF3OFhKN00KLS0tIFZFL28xM3VjMHB6UVBubWx6c0dz\nVk1xcGpOUFdWNUlpUk5PK2tCblVEdE0Kp1uoxyEGpW06HmeXQHN5yigoqPBYtFv7\nPQG2F0YaWGqR6HNREgQB276qEmjkIRHEhHE1RnCxw900UvuOw4HsTQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLejlNRjgyNDNaMEZ6RXJs\nbi9BT21NeDVueUFXYTczWndaZkRyTmNXODJjClZwVzJDS3VPd091cjNncmdKYkRQ\nUXlSbkJ1dEoyN1U0VmtwUjBtckpsSmsKLS0tIDZpUm11VWE1dGt1KzBHTUtRNDVP\nTnRKckFoM01LaXNvOUJFM1FJekoxZlkK1xGz4lnmDvK6nNSB/Ri6hclK/hDg1dzX\nApZDPM/AoCkDL0ET8fBN3D+uQKaBDG5tSHDG+NX6o2RHlajFe3pfIQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-02-12T10:44:19Z", diff --git a/hosts/shared/secrets/restic.passwd b/hosts/shared/secrets/restic.passwd index 841ec06..0dadf2f 100644 --- a/hosts/shared/secrets/restic.passwd +++ b/hosts/shared/secrets/restic.passwd @@ -3,16 +3,16 @@ "sops": { "age": [ { - "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHZ1BnWG5Fa0FUMHVEdjhW\nZGdCNDhEVFUrbXh4L0tweTJsbmZINFRhOXdVCisydk4vU2lxRFgxWG9PQ1d3cGFD\naVlhM1hEaVd2Kzg3VTBrc0JRRm9NL28KLS0tIDRSeHhtQ1dTMzRRZXZhU2pHVFBN\nSVZldUY0VkdtbVBYdFp3eEJJVm4ybkkKndRG4Yp0UjYlCGMwMFRJZb443OIumjCN\nW4QqvUDCwD+uKP6ZADdWITgVN2IOWRu/RROUSoiLfpZlAIle/LNc/g==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3ZDErTmtXZDVZV2RVRFZT\nYzF1d0VWejZQWWZ3bVpKWDdhYk8xazI0TmlzCmV4a1ZiWDMvZW9xQllzNkRiWEIx\nbFJwNWJHclQyTG5LYzFGbnJ0Qlh2aEkKLS0tIDJwMDd4VERacHBjNzBtV214NkF6\nd1E3QmZvd0FmeExPYTdYZHBEOGt2d2cKAEJ49oaS1kH2/5nQsYknpEi4uU1985Qy\nDKEj71DP/xkdhQdG+mYoT9uvW++oaJBbQen5VehD0SHVC0+bl5iE0w==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwZUJFdGpBajFUaHNpOTMx\nUlNLb1diZFlFRDZ4S29tQklHRXJ1cmZiUFhVCmNIaXNsRmxDdFY1Q3BRK09HUnlP\nVnZ1clVkY1BucUdBVHpUNUpXQ3hwRlEKLS0tIDhPTHl3VlVhUUdYWlZWb3hqWXdP\naG5pYm9SUzBnVWp6OE10VnVhbWpXR0UKmEbSZZQBjbTFFqW6L97gk99fc3ctmLGz\nxVgIokBqRqKAf/W3L8zURaaJ50BGu2gL6kZIVwF/DsaWY/iY8vv7ww==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5REZVV2tzOHphNlJjTENM\ndWk2Ny94dm9ITXVpREQ1MEptMkp3bUl0YVVJCkROTy9Jb1NvWk4yZ1ZmZWg3bW5y\nU0MrTmJKdEZKNU5KMTd1T2l5czExTFkKLS0tIFBKcUFoK1M0T2Q4SWRPM1hjS25B\nT00yWEhXVVpKSGJCSFpDRXBDUGpybEkKflues3wAVHf5mSsAG2CYlwTKtiOYANfx\nAlamfuWFTHruEN0JpwgmNrSjzE4KgPjIMaeLYXRPEo3s2QUgdanPJw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVWGluR1lVdVlqM2YvNGtT\nZUpaK29XaVR0d0EyR2kxUzA5NHJJN0lSN1RvCk9lR0tlQ0VyNmxtWXZCZmJjNFh3\nT2xDYm90OW84K2I1MXlGUXlwUUdtZ0kKLS0tIFp3SjdJMUJ1cnFHNURiR0o3Vkxp\nQlJrYTJJODJLS2xoWDBhUWxjOW9kdHMKJepnVD8ocxh1LmQBJDNe9PnwvLePogG5\n+eYtK9JfuoogRRAk2hAJKmNBemAW99CjpVJGD9aGMaQ9i3YvyiBYMg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjbEs0cUVFcVNBVlhIYXZ5\nMHROMGJ1ekh3MFE0c2RQbXhhaktubU9zbkVrCnh1ZEtVdnFZUGtIbWdEUkVocURa\nL2VUdmlVRkNFaEVneEQrb1BlK2IxMTAKLS0tIDlUMThXMVJrdlBlaDFJaXMvN0Vv\nbGRBZ1lEVWF3elE0YWhZUlIrN1lrZFkKwBCKcnkCdEKfV6hL+Y4KNihdhumuxAmm\n7YG49Fh27WOQedgoBuODLQ2Fo+BBWGOsYc6e/aDranOrCFrtmXvnGQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2026-01-12T16:32:07Z", diff --git a/modules/default.nix b/modules/default.nix index c920bba..b50878b 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,4 +1,9 @@ -{ lib, self, ... }: +{ + config, + lib, + self, + ... +}: let files = lib.filesystem.listFilesRecursive ./.; @@ -19,11 +24,5 @@ with lib; host = { root = self.outPath; }; - - boot = { - initrd = { - systemd.enable = true; - }; - }; }; } diff --git a/modules/network/manager.nix b/modules/network/manager.nix index 519d903..1b32b4f 100644 --- a/modules/network/manager.nix +++ b/modules/network/manager.nix @@ -18,7 +18,6 @@ with lib; config = mkIf cfg.enable { networking = { - hostName = config.host.network.hostname; nameservers = [ "9.9.9.9" "149.112.112.112" diff --git a/modules/network/static/systemd-networkd.nix b/modules/network/static/systemd-networkd.nix index 63d7daa..e2abbc8 100644 --- a/modules/network/static/systemd-networkd.nix +++ b/modules/network/static/systemd-networkd.nix @@ -56,7 +56,6 @@ with lib; }; networking = { - hostName = config.host.network.hostname; dhcpcd.enable = false; useDHCP = false; useNetworkd = true; diff --git a/modules/sound.nix b/modules/sound.nix index 79dde63..7989b4f 100644 --- a/modules/sound.nix +++ b/modules/sound.nix @@ -28,11 +28,22 @@ with lib; pulse.enable = true; wireplumber = { enable = true; - extraConfig = { - "wireplumber.settings" = { - "device.routes.default-sink-volume" = 0.5; - "device.routes.default-source-volume" = 0.32; - }; + extraConfig."overrides-10" = { + "monitor.bluez.rules" = [ + { + matches = [ + { + "device.name" = "~bluez_card.*"; + } + ]; + actions = { + update-props = { + # set quality to high quality instead of the default variable bitrate ("auto") + "bluez5.a2dp.ldac.quality" = "hq"; + }; + }; + } + ]; }; }; }; diff --git a/modules/virtualization.nix b/modules/virtualization.nix index eef6cb2..f6ae449 100644 --- a/modules/virtualization.nix +++ b/modules/virtualization.nix @@ -16,7 +16,6 @@ with lib; config = mkIf cfg.enable { programs = { - dconf.enable = true; virt-manager.enable = true; }; diff --git a/nixos b/nixos index 4f86009..e11e5be 100755 --- a/nixos +++ b/nixos @@ -20,6 +20,7 @@ Options: Commands: help Show this help message + rekey Re-encrypt secrets with (updated) .sops.yaml keys deploy Remotely install a new NixOS system using nixos-anywhere Examples: @@ -102,6 +103,11 @@ case "${1-help}" in "help") show_help ;; +"rekey") + shift + sops_rekey "$@" + exit 0 + ;; "deploy") menu_deploy ssh_generate_host_ssh_key