diff --git a/.sops.yaml b/.sops.yaml index 810c6cb..3cfb014 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -103,8 +103,3 @@ creation_rules: - age: - *chunk - *cy - - path_regex: secrets/services/tailscale.yaml - key_groups: - - age: - - *chunk - - *cy diff --git a/flake.lock b/flake.lock index 2acaba0..6d3125e 100644 --- a/flake.lock +++ b/flake.lock @@ -562,11 +562,11 @@ ] }, "locked": { - "lastModified": 1737669579, - "narHash": "sha256-v9WQ3c4ctwPMfdBZMZxpdM9xXev4uChce4BxOpvsu0E=", + "lastModified": 1737575492, + "narHash": "sha256-qa/D3NC1JoApnUuLrq1gseBmIxeg6icm/ojPgggMDVQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "7b9ece1bf3c8780cde9b975b28c2d9ccd7e9cdb9", + "rev": "cefb1889b96ddd1dac3dd4734e894f4cadab7802", "type": "github" }, "original": { @@ -623,11 +623,11 @@ ] }, "locked": { - "lastModified": 1737639419, - "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=", + "lastModified": 1737299073, + "narHash": "sha256-hOydnO9trHDo3qURqLSDdmE/pHNWDzlhkmyZ/gcBX2s=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e", + "rev": "64d20cb2afaad8b73f4e38de41d27fb30a782bb5", "type": "github" }, "original": { @@ -683,11 +683,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1737655283, - "narHash": "sha256-yAFGeCZXUL3GqDMeFcUEOC4m459Ld7j54Rxo8cmyuSQ=", + "lastModified": 1737579991, + "narHash": "sha256-5IKNJQP+3XWLd/s7SXGvL6ZzFwk8wDDm0QGBTQ6fw9M=", "ref": "refs/heads/main", - "rev": "963b687443b44df6c5cbdf3426454d92830d9100", - "revCount": 16671, + "rev": "1fe6064ceded2a9a81ab1725d545a670d14add28", + "revCount": 16661, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -710,11 +710,11 @@ ] }, "locked": { - "lastModified": 1737675503, - "narHash": "sha256-FUWpqPOsEJwK8oomffat+lgKnoxJHArRlWo2j17EhxQ=", + "lastModified": 1737241037, + "narHash": "sha256-6LIpS3rK1Ch6OXis4tvBTgGBTRb+NptDAfhPNzmgZSE=", "ref": "refs/heads/main", - "rev": "3e18a1ceec7df4514f5a045441e5f98dd003db09", - "revCount": 131, + "rev": "690f7c0fa2935bf591cccf4d7312b3e0f470298b", + "revCount": 129, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, @@ -737,11 +737,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1737627930, - "narHash": "sha256-oaAatwNVaX36xmI2AKIVu2oG07XJmHq2T+Y66hEprd8=", + "lastModified": 1737545000, + "narHash": "sha256-Drl0xZR/N2w3dQtZ3hpx4LA3M34Lev7OKv9qrglncfY=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "f79aa307f4bc0bfbabee404e6354fd2a1edfcb01", + "rev": "04e476cb17be7c29c18a6dbcf451321f7c9b1d98", "type": "github" }, "original": { @@ -770,11 +770,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1737623252, - "narHash": "sha256-orq/c8lOUrZfCHQhfuLEJtMZpfBYhMtGv1Xuz99Pxj0=", + "lastModified": 1737449786, + "narHash": "sha256-G/AK0T41PpxU9hjkK/tnjODigzKcpRayo1o4pi9glqI=", "owner": "YaLTeR", "repo": "niri", - "rev": "128b01e04905d833214f52a3c6fab308bcc15ce0", + "rev": "b01b8afa8c8f9070300243050d9790e38fd19145", "type": "github" }, "original": { @@ -1076,11 +1076,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1737642748, - "narHash": "sha256-VsCzuoavNERLs46aw38nmORT4F5pLOZDDe2bzFo+jsE=", + "lastModified": 1737556089, + "narHash": "sha256-hToO01UT2ENoQKWVopBuGV78ZprcxjqsPVFdddcynj4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "864f89f98b0b4e1bbcb762b025fd83da8bc1bae0", + "rev": "2fc5aeb049f44ed4f9e877cda8a1c334612e1d7a", "type": "github" }, "original": { @@ -1113,11 +1113,11 @@ ] }, "locked": { - "lastModified": 1737667561, - "narHash": "sha256-BKUapQPTji3V2uxymGq62/UWF1XMjfHvKd565jj1HlA=", + "lastModified": 1737578990, + "narHash": "sha256-49M9B1nni54cuOH6qPM90U106VSWhAVqpy6f3sz0q4Q=", "owner": "nix-community", "repo": "nixvim", - "rev": "aab2b81792567237c104b90c3936e073d28a9ac6", + "rev": "a2a4befdaf825d36a50e2fda4a004682ea6b1a22", "type": "github" }, "original": { @@ -1273,11 +1273,11 @@ ] }, "locked": { - "lastModified": 1737599167, - "narHash": "sha256-S2rHCrQWCDVp63XxL/AQbGr1g5M8Zx14C7Jooa4oM8o=", + "lastModified": 1737512878, + "narHash": "sha256-dgF6htdmfNnZzVInifks6npnCAyVsIHWSpWNs10RSW0=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "38374302ae9edf819eac666d1f276d62c712dd06", + "rev": "06b8ed0eee289fe94c66f1202ced9a6a2c59a14c", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 920750a..ac43b19 100644 --- a/flake.nix +++ b/flake.nix @@ -173,7 +173,7 @@ ./modules inputs.lanzaboote.nixosModules.lanzaboote inputs.niri.nixosModules.niri - # inputs.lix-module.nixosModules.default # broken + inputs.lix-module.nixosModules.default ]; }; chunk = lib.nixosSystem { diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 0343084..7c2b8c6 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -26,7 +26,6 @@ ./attic.nix ./forgejo.nix ./garage.nix - ./tailscale.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -67,12 +66,10 @@ "attic/env" = { sopsFile = ../../secrets/services/attic.yaml; }; + "garage/env" = { sopsFile = ../../secrets/services/garage.yaml; }; - "tailscale/auth" = { - sopsFile = ../../secrets/services/tailscale.yaml; - }; }; boot.loader.grub.enable = true; diff --git a/hosts/chunk/tailscale.nix b/hosts/chunk/tailscale.nix deleted file mode 100644 index b33da9c..0000000 --- a/hosts/chunk/tailscale.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, ... }: { - services.tailscale = { - enable = true; - authKeyFile = config.sops.secrets."tailscale/auth".path; - extraUpFlags = [ "--advertise-exit-node" ]; - useRoutingFeatures = "server"; - openFirewall = true; - }; -} diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 54f13da..c2a670a 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -9,7 +9,6 @@ ./hardware-configuration.nix ../common.nix ../zsh.nix - ./tailscale.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -33,9 +32,6 @@ sopsFile = ../../secrets/newsboat.yaml; owner = "yt"; }; - "tailscale/auth" = { - sopsFile = ../../secrets/services/tailscale.yaml; - }; }; boot = { @@ -62,7 +58,6 @@ pkiBundle = "/var/lib/sbctl"; }; kernel.sysctl."kernel.sysrq" = 1; - binfmt.emulatedSystems = [ "aarch64-linux" ]; }; networking = { @@ -133,7 +128,6 @@ "wheel" "libvirtd" "docker" - "disk" ]; environment.systemPackages = with pkgs; [ @@ -320,8 +314,4 @@ programs.niri.enable = true; programs.niri.package = pkgs.niri-unstable; programs.xwayland.enable = true; - - services.udev.extraHwdb = '' - SUBSYSTEM=="usb", SYSFS{idVendor}=="090c", SYSFS{idProduct}=="1000", ACTION=="add", GROUP="users", MODE="0664" - ''; } diff --git a/hosts/ytnix/tailscale.nix b/hosts/ytnix/tailscale.nix deleted file mode 100644 index 71d47c8..0000000 --- a/hosts/ytnix/tailscale.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, ... }: { - services.tailscale = { - enable = true; - authKeyFile = config.sops.secrets."tailscale/auth".path; - openFirewall = true; - useRoutingFeatures = "client"; - extraUpFlags = [ - "--exit-node=100.122.132.30" - ]; - }; -} diff --git a/justfile b/justfile deleted file mode 100644 index e15ec8b..0000000 --- a/justfile +++ /dev/null @@ -1,14 +0,0 @@ -update: - git switch -c update - git push - git switch main - -upgrade: - git switch update - sudo nixos-rebuild switch -L --flake . --use-substitutes - nixos-rebuild switch -L --flake .#chunk --target-host root@2a0f:85c1:840:2bfb::1 --use-substitutes - nixos-rebuild switch -L --flake .#titan --target-host root@www.cything.io --use-substitutes - home-manager -L switch --flake . - git switch main - git merge update - git branch -d update diff --git a/secrets/services/tailscale.yaml b/secrets/services/tailscale.yaml deleted file mode 100644 index 27997b8..0000000 --- a/secrets/services/tailscale.yaml +++ /dev/null @@ -1,31 +0,0 @@ -tailscale: - auth: ENC[AES256_GCM,data:7gGiUBRUK25Tp5y/5DDZKOTxKPFFfN1UUeBOdMLLQqobq643MKdJ9imxkKmKFg/FwgLYft/uzdxQGGlE7Q==,iv:HRmd+T1QuTYP8VrX/bZt8dWSwm5rcUvpEMqCMPfxjE4=,tag:PRZn2Pm6yydfEULrYGM6yg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Z1JZZmZMaDQ3UHYvbXYr - c05RaEMxUGJXSGczUDBkL1UxT0hjQ0VNNkJNClFUNmJ5d3gyaHFwMTdNVW9GQ2ly - V3haMkx5Z1B5dmJ0SE4wY0UzMWswQ0EKLS0tIGNpZVo3UmtHcjFZVE5FMmdpOGMx - UFZGb3I1L3FJYVE2VjJ5aTVoZlo4bFUKwH2sPBwuLQXrHmiKYSu4Eut/H2j/2tUW - 1y8Eph7l6w3kfhZRRbo6cZ8gcbZNHPSPeAvWf/TpYumiTt1WBt8SMw== - -----END AGE ENCRYPTED FILE----- - - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSVXBMTEMrY1NGa1NBSjZP - R04wYUsrdGlVa3FnL1NYVG4xdUdqeHNnM0ZJCmhMSzFoRVFSOFBrQlU3VUtwaU0r - TEtad1B5NGh3OW1oajNvckhJcExrU0kKLS0tIFc5K3JOVTUvSFU1dmQxMUFRZ1o3 - em5IemlsM29zVy9GK3RmTlgzVnRpMDAKRatmFgCdoXcypQ+1EDedCuVctl0SFMf4 - kjtHrTSpept/y9bpTUy656aPRQ1LvqvfPs7Co1ssC/YWFroDsLgv4w== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-24T05:26:20Z" - mac: ENC[AES256_GCM,data:GbQrLESUR/x+eLzukOR1FaJsd8zxlrz9dc/2kDBKUYAgI8L4QwLmwRuzpaIJgNLv2PdLTW83oSC8ekxR8fmsap40DpiygcrmPdPUeVFbEPaz7SSvU+DCgB0UX+qNQ9aOQ0BIbeKKOIj3r9enGv2o6DKY8I85n7VXjnGZAmCf1C8=,iv:UrtVqRGwvOpXOH3X3qF6ZF+VwqO0VGt+hFG7r6oUqCg=,tag:TD4mG3t5ORYgAS0GBmA7Eg==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.3