recover moved kestrel config files

provision/hosts/default/default.nix

@@ -11,6 +11,9 @@
     };
   };
 
+  # Add user age key to identity path
+  age.identityPaths = [ "/home/${user}/.ssh/keys/age" ];
+
   # Add non-free packages
   nixpkgs.config.allowUnfree = true;
   nixpkgs.overlays = import ../../lib/overlays.nix;

provision/hosts/kestrel/configuration.nix

@@ -0,0 +1,77 @@
+{ config, pkgs, user, lib, ... }:
+{
+  imports = [ 
+    ./syncthing.nix
+    ./backup.nix
+  ];
+
+  # Use performance governor for sweet gaming performance!
+  powerManagement.cpuFreqGovernor = "performance";
+
+  # Set networking options
+  networking.hostName = "kestrel"; 
+  networking.firewall.checkReversePath = "loose";
+  networking.firewall.enable = false;
+
+  # Nvidia options
+  services.xserver.videoDrivers = ["nvidia"];
+  hardware.nvidia = {
+    modesetting.enable = true;
+    open = true;
+    powerManagement.enable = true;
+    nvidiaSettings = true;
+  };
+
+  # Enable docker 
+  virtualisation.docker.enable = true;
+  virtualisation.docker.storageDriver = "btrfs";
+  
+  environment.systemPackages = with pkgs; [
+  ];
+
+  # Secrets
+  age.secrets."wireguard/kestrel".file = ../../secrets/wireguard/kestrel.age;
+
+  # Modules 
+  modules = {
+    desktop = {
+      browser.enable = true;
+      gnome = {
+        enable = true;
+        wallpaper = "file://${../../../resources/img/wallpapers/gruvbox/kestrel.png}";
+      };
+    };
+    devel = {
+      engineering.enable = true;
+      notes.enable = true;
+      python.enable = true;
+      tooling.enable = true;
+    };
+    gaming = {
+      emulation.enable = true;
+      minecraft.enable = true;
+      steam.enable = true;
+    };
+    programs = {
+      chezmoi.apply = true;
+      kitty.enable = true;
+    };
+    services = {
+      peripherals.enable = true;
+      samba-client.enable = true;
+      virt-manager.enable = true;
+    };
+    system = {
+      backup.enable = true;
+      ssh.enable = true;
+      terminal.enable = true;
+      wireguard-client = {
+        enable = true;
+        privateKeyFile = "/run/agenix/wireguard/kestrel";
+        address = [ "192.168.3.3/24" ];
+        publicKey = "bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ=";
+        endpoint = "66.218.43.87";
+      };
+    };
+  };
+}

provision/hosts/kestrel/default.nix

@@ -0,0 +1,18 @@
+{ lib, system, user, inputs, agenix, home-manager, ... }:
+{
+  inherit system;
+  specialArgs = { inherit user inputs home-manager; };
+  modules = [
+    ../default                            # shared by all configs
+    ../default/physical/configuration.nix # shared by physical machines
+    ./configuration.nix                   # kestrel specific
+    ./hardware.nix
+    ../../modules
+    agenix.nixosModules.default
+    home-manager.nixosModules.home-manager {
+      home-manager.useGlobalPkgs = true;
+      home-manager.useUserPackages = true;
+      home-manager.extraSpecialArgs = { inherit user; };
+    }
+  ];
+}

provision/hosts/osprey/configuration.nix

@@ -13,7 +13,6 @@
 
   # Enable docker 
   virtualisation.docker.enable = true;
-  virtualisation.docker.storageDriver = "btrfs";
   
   environment.systemPackages = with pkgs; [
   ];
@@ -24,7 +23,7 @@
       browser.enable = true;
       gnome = {
         enable = true;
-        wallpaper = "file://${../../../resources/img/wallpapers/gruvbox/kestrel.png}";
+        wallpaper = "file://${../../../resources/img/wallpapers/gruvbox/osprey.png}";
       };
     };
     devel = {

provision/hosts/osprey/hardware.nix

@@ -14,10 +14,16 @@
   boot.extraModulePackages = [ ];
 
   fileSystems."/" =
-    { device = "/dev/disk/by-uuid/521c9cf1-6786-4fac-beaf-fcf5404931b5";
+    { device = "/dev/disk/by-uuid/ab94a911-1186-405a-a2aa-fc60bfbe308f";
       fsType = "ext4";
     };
 
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/69B4-4853";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
   swapDevices = [ ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

provision/readme.md

@@ -1,40 +1,34 @@
-# Provision Nixos
+# Provision NixOS
 > \*NixOS was a mistake.\*
 
 Set of configs files to setup NixOS.
 
-## Usage
+## Install
 
-1. Install NixOS with this [guide](https://nixos.wiki/wiki/NixOS_Installation_Guide). Use the following paritions and btrfs subvolumes:
+1. Download and install [NixOS](https://nixos.org/download/) with current GNOME ISO.
 
-   | Name    | Type  | Mount Point | Size         |
+2. Boot into installed system and run the following commands:
-   |---------|-------|-------------|--------------|
-   | EFI     | vfat  | /boot       | 512MB        |
-   | root    | btrfs | /           | rest of disk |
-   | home    | btrfs | /home       | subvol       |
-   | nix     | btrfs | /nix        | subvol       |
-   | persist | btrfs | /persist    | subvol       |
-   | log     | btrfs | /var/log    | subvol       |
-
-2. Run the following commands:
 
 ```bash
-nix-shell -p vim git
+nix-shell -p vim git neovim
 git clone https://github.com/starr-dusT/dotfiles ~/.local/share/chezmoi 
 ```
    
-Move the installer created hardware.nix to dotfiles. E.g. `provision/hosts/<host>/hardware.nix`.
+3. Copy existing configuration files from another host and modify as needed. Make sure to move the installer created configuration-hardware.nix to dotfiles (e.g. `provision/hosts/<host>/hardware.nix`).
+   
+4. If required move agenix keypairs to `~/.ssh/keys/{age,age.pub}`. A new keypair may be required and agenix files will need to be rekeyed on another system.
+
+5. Rebuild the system and initialize chezmoi dotfiles to save America:
 
 ```bash
-cd ~/.local/share/chezmoi/provision
 sudo nixos-rebuild switch --flake .#<host>
 chezmoi init && chezmoi apply
 ```
 
-3. Profit!
+6. Profit!
 
 Perform additional setup found in [additional-setup](additional-setup.md)
 
 ## Update
 
-`nixos-rebuild` command is aliased to `nu` assuming the flake is named the same at the hostname of the machine.
+`nixos-rebuild` command is aliased to `nu` assuming the machine's flake output is named the same at the hostname of the machine.

provision/secrets/git/gitea-runner-1.age

@@ -1,9 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 Fz/sQw eWmbN5fQHK2Af4PsSY24Yo4rviqcMc1841KZEdn/ezQ
+-> ssh-ed25519 Fz/sQw uRPe6lrPzIntOBzSYR+zM2xBihHCAsdOtix9L9221FI
-/N3I6mOuUShNlzr2c/TnB6ax6TtkrFJQxFIaJ4STrXQ
+6i0DsOZhZdi0ZmKJAuG9xEX7dtK5+daGule506UNsRQ
--> ssh-ed25519 47GzQA 7ut3vn6lXxz58Tj/OXWuueqaxRGckhpVj4Z/N8b34XU
+-> ssh-ed25519 47GzQA etB0mmw8g4t0mfzBEv6Dr6V9IdoJegAjgbOY/t3M9ik
-SBecD52O2UsCOOLQrxA/+E7VcXOj88Sdg0yA+i7bQ7s
+FgN9DrAotYJ2rvvEh80+Wp5BxoEHe3W4LgCLld0G9v8
--> ssh-ed25519 wcI7nQ isqztqV9KZjY/CUW4+I2yHfCeZmo2IKG9g5lfQkB/V4
+-> ssh-ed25519 wcI7nQ a3seigr8UNpEeUil+OSbf5RyjArSm03ygNw5AjtJYQ0
-ppd2WJLTLyoEp5bS+oP6bT2gVkc+J3e7tlInx5326d4
+Sc9J4LQI9kFUFDzFjLS8Zwo9Z/HTawBsrv4qRxftwMg
---- 4n4s3HSUR089Q2VqEmoxUnqrhlZ+cSvl9FXvrwTAkqc
+--- sGLvBOkszi11u/ukhK9iQ/FYHuqW52UXIY9kswVF7Tk
-Ççc)¼ù?à‹÷ÿ7»2,g‘õ™Ñ… Mc’1ü&éûÍH’€–—_‹®!¶g.[»•eTs%’Åó­løFд®]
+SºaÈòüÜ2ðMÍ$õã7<C3A3>Ö´ßVÙÑ2³Ü)|QˆŽØÂC›<rP¤iMëú<8û³7?¹ßB¾Ú8(
+"A_}é÷øM¤tLÿ

provision/secrets/secrets.nix

@@ -6,7 +6,8 @@ let
 
   tstarr_kestrel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINr2BUUToMswbAbxZMXarl2pQEomM+jADyZbEK31VGu/";
   tstarr_torus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhxsVgd8DH8c0zckjMUxSJrTimU709JLCgDGBMFoNxQ";
-  users = [ tstarr_kestrel tstarr_torus ];
+  tstarr_osprey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGQEjr+yK4zdnV9kBUMo9fopsJbvF+TfQlVQexBCwuwB";
+  users = [ tstarr_kestrel tstarr_torus tstarr_osprey ];
 in
 {
   "git/github_personal.age".publicKeys = users ++ systems;

provision/secrets/wireguard/kestrel.age

@@ -1,14 +1,15 @@
 age-encryption.org/v1
--> ssh-ed25519 c/r/0Q 7SZ3i1/YN6bomMnpPpC2E/qiPFa9YM3dWVSUKQVJCxY
+-> ssh-ed25519 c/r/0Q 2KtEwngUw7ZA/rEEaXHMwRC9JZcWrIrmdDlP0lN9tS0
-dSc/zPCGsJ6t0v7KFqKOYxxTeXM+7zKB0QHtHOakajo
+ZAKUTyCKtf2EVG6qhSWn8aXUkNfAXgrMBwUiLWx7iOA
--> ssh-ed25519 6UNP1Q ZvbWPwHL8NfgbyRLoEsVkGdD0NmA3w8tarkiJGaqtxw
+-> ssh-ed25519 6UNP1Q 3AG6l3q1Hgv4Cj7z2a31b3g9AW1sowV71em9QSZnD2A
-B5GNn9oJpHIEfXo6hBSh5FbrMXKWPmAWdigC1prox10
++Q8/nr1yz6nZviV7srRTW0LnoNrYxW1x7gjhZwvvmOo
--> ssh-ed25519 Fz/sQw kA9TGqMf/8tpTTIBKjxslnhBV3SYy7x9rLUEMZNYZWo
+-> ssh-ed25519 oOIlAg RPVxwWRbDSOpyRD34uPX8vQYzOKwbc/6WQ3miIpsWnc
-cxFmMBMwKerh50a13dkXyUVuXiMB1aemskJXfbeg8Kc
+QQfR/w+kh8/6WIUogDlX/iL4Y2Idw8hOQOEUHQgTwes
--> ssh-ed25519 47GzQA K7lrG9mj/dy+L9FDV+/PxIjxoWAnuXxmx5SNFYO2b0g
+-> ssh-ed25519 Fz/sQw u2KqeUEobIWwbKT61etUYeY2LFRk6l8EYJ5dnuvmDDI
-SutKPqVSJ7XYoC0T25jOMATTC2NG7eWVfjxaFvO45Rc
+bCpGnuJf+qPG+f2N04zATwngB6nwJDMSpz8mFUfkawU
--> ssh-ed25519 wcI7nQ QlzNUT20/KqoBOcvPoGQwQWXcROddPUTjo6VcrKJ92w
+-> ssh-ed25519 47GzQA e3x/3uULmh7FLg6eiATdvbG/kUfrCKOHrph1tw0HRk0
-lDvscDynwkQiMkxDy2wXNjvB6zK3sOu4bLyXFtmcNZk
+jOVO2Irq1NxzzK+O2Lo4/bip9IFqvvzi+bIaD8Z0rqs
---- M4JBRY+oWI4rqCvUZSaiA+DitbFX5k/5Ad7gEx7XxLY
+-> ssh-ed25519 wcI7nQ RIgZP4y5FqqmUJDc/emKdO2laRHxNer+db+TgbybLVA
-ńÜB'á­Žy®ž ĺá1<C3A1>Ú ŕ
+K61Q/TxQtX30Z2m3N0sHBHqBIuH7Q0QHmWVwMxthAMM
-Ő<EFBFBD>Ę2–
z>*K‰®üJ’°śÇ<C59B>Ú1{1ν0xÍL‘
ç;Á'0Hć'ĘĆeŃčuá]çA0
+--- dlNFmAoD84TcOlyWRGjvx29SPHaC7FGiYgrJkQAsOMg
+©rÁº+{œŸè ¡Ó¶¥Æ£¨yUD ?Ò¶û%MϤó‘ã
¿†ùÝB®NÎyË'mÊ
óVÄ–ãV¸¦þ&«­é&ïs¦Œ®«2@H<>

provision/secrets/wireguard/torus.age

@@ -1,10 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 Fz/sQw sTJYlfFdSBl+xqi0+Yysl6NNWH8IABznrbF1MLi8p0c
+-> ssh-ed25519 Fz/sQw 7/YCPJS/50qCCQjXo2FzANZ6CMqX05DP4Qk+qCgXjyU
-xp0OvKeTPOK7CEUlPJOF9ZT3G55jYzGx/KI311YXzIM
+BAMi2jaNirVy0SiKecdKbKIQn+TUzZOeykRoRmxg0PQ
--> ssh-ed25519 47GzQA Dc5kR+oUGLMcL5V+ul8NQTw4xr/ihd4qItpwlVDcLj8
+-> ssh-ed25519 47GzQA eEojsbTRfeimfI1ZFFk1Na/CVBdDd0xr3iQrMFHxiBE
-RZFPMVRFxBaosGvXRLcJA8gLIeaI8i2QIWflcsHY8uQ
+vPfgDfYoYmZ64cUIwIFXsoUj0Tc/jvpSmml7IoCd3+o
--> ssh-ed25519 wcI7nQ 1lgpi/CuZpYLgjEnWYBD/2x5EMfPLfyR+9xJVqbfGEc
+-> ssh-ed25519 wcI7nQ 8rWj9DNjix0FynR0itooK6h9B3OokzGYzcZskNi6gSU
-wmzNKHObcWs9tbU8nIZ6/iP3cJKusAIRwsoPnszxdbM
+58WsoNAWUBz1lXSXWasaqXBzVC4e3+SqpCIEwQyHVj4
---- BAh4R0xMUi7v8eoI6R9aW5YHbGULsZR+lBw6JnGKsbQ
+--- c9NO0AuVc8azutlxHEp9WEJEKkMK/5ygbZF++5ovQeQ
-
+I:®B.±ÛN+žN”.qŽjÀŒœi?}©¿
ûÁš¿Ð†i8\_ç¾Jà~<7E>åá‰þæ
‡J@è.øZâšÁût½±r.‰ê`Çø×ó
-魺稩3<E7A8A9>S脍镶H璇|v贩假际鴎稾斩l舖ㄈ<E88896>廭b<>V圁C湉gM廤i蕜z;狢|鞄詧桘琓}?fr

resources/img/wallpapers/readme.md

@@ -0,0 +1,5 @@
+Create wallpapers by combining "blank" templates with desired FTL ships like the following example command:
+
+```
+magick gruvbox/blank.png osprey.png -gravity Center -composite gruvbox/osprey.png
+```