provision/hosts/default/default.nix

@@ -11,9 +11,6 @@
     };
   };
 
-  # Add user age key to identity path
-  age.identityPaths = [ "/home/${user}/.ssh/keys/age" ];
-
   # Add non-free packages
   nixpkgs.config.allowUnfree = true;
   nixpkgs.overlays = import ../../lib/overlays.nix;

provision/hosts/kestrel/configuration.nix

@@ -1,77 +0,0 @@
-{ config, pkgs, user, lib, ... }:
-{
-  imports = [ 
-    ./syncthing.nix
-    ./backup.nix
-  ];
-
-  # Use performance governor for sweet gaming performance!
-  powerManagement.cpuFreqGovernor = "performance";
-
-  # Set networking options
-  networking.hostName = "kestrel"; 
-  networking.firewall.checkReversePath = "loose";
-  networking.firewall.enable = false;
-
-  # Nvidia options
-  services.xserver.videoDrivers = ["nvidia"];
-  hardware.nvidia = {
-    modesetting.enable = true;
-    open = true;
-    powerManagement.enable = true;
-    nvidiaSettings = true;
-  };
-
-  # Enable docker 
-  virtualisation.docker.enable = true;
-  virtualisation.docker.storageDriver = "btrfs";
-  
-  environment.systemPackages = with pkgs; [
-  ];
-
-  # Secrets
-  age.secrets."wireguard/kestrel".file = ../../secrets/wireguard/kestrel.age;
-
-  # Modules 
-  modules = {
-    desktop = {
-      browser.enable = true;
-      gnome = {
-        enable = true;
-        wallpaper = "file://${../../../resources/img/wallpapers/gruvbox/kestrel.png}";
-      };
-    };
-    devel = {
-      engineering.enable = true;
-      notes.enable = true;
-      python.enable = true;
-      tooling.enable = true;
-    };
-    gaming = {
-      emulation.enable = true;
-      minecraft.enable = true;
-      steam.enable = true;
-    };
-    programs = {
-      chezmoi.apply = true;
-      kitty.enable = true;
-    };
-    services = {
-      peripherals.enable = true;
-      samba-client.enable = true;
-      virt-manager.enable = true;
-    };
-    system = {
-      backup.enable = true;
-      ssh.enable = true;
-      terminal.enable = true;
-      wireguard-client = {
-        enable = true;
-        privateKeyFile = "/run/agenix/wireguard/kestrel";
-        address = [ "192.168.3.3/24" ];
-        publicKey = "bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ=";
-        endpoint = "66.218.43.87";
-      };
-    };
-  };
-}

provision/hosts/kestrel/default.nix

@@ -1,18 +0,0 @@
-{ lib, system, user, inputs, agenix, home-manager, ... }:
-{
-  inherit system;
-  specialArgs = { inherit user inputs home-manager; };
-  modules = [
-    ../default                            # shared by all configs
-    ../default/physical/configuration.nix # shared by physical machines
-    ./configuration.nix                   # kestrel specific
-    ./hardware.nix
-    ../../modules
-    agenix.nixosModules.default
-    home-manager.nixosModules.home-manager {
-      home-manager.useGlobalPkgs = true;
-      home-manager.useUserPackages = true;
-      home-manager.extraSpecialArgs = { inherit user; };
-    }
-  ];
-}

provision/hosts/osprey/configuration.nix

@@ -13,6 +13,7 @@
 
   # Enable docker 
   virtualisation.docker.enable = true;
+  virtualisation.docker.storageDriver = "btrfs";
   
   environment.systemPackages = with pkgs; [
   ];
@@ -23,7 +24,7 @@
       browser.enable = true;
       gnome = {
         enable = true;
-        wallpaper = "file://${../../../resources/img/wallpapers/gruvbox/osprey.png}";
+        wallpaper = "file://${../../../resources/img/wallpapers/gruvbox/kestrel.png}";
       };
     };
     devel = {

provision/hosts/osprey/hardware.nix

@@ -14,16 +14,10 @@
   boot.extraModulePackages = [ ];
 
   fileSystems."/" =
-    { device = "/dev/disk/by-uuid/ab94a911-1186-405a-a2aa-fc60bfbe308f";
+    { device = "/dev/disk/by-uuid/521c9cf1-6786-4fac-beaf-fcf5404931b5";
       fsType = "ext4";
     };
 
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/69B4-4853";
-      fsType = "vfat";
-      options = [ "fmask=0077" "dmask=0077" ];
-    };
-
   swapDevices = [ ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

provision/readme.md

@@ -1,34 +1,40 @@
-# Provision NixOS
+# Provision Nixos
 > \*NixOS was a mistake.\*
 
 Set of configs files to setup NixOS.
 
-## Install
+## Usage
 
-1. Download and install [NixOS](https://nixos.org/download/) with current GNOME ISO.
+1. Install NixOS with this [guide](https://nixos.wiki/wiki/NixOS_Installation_Guide). Use the following paritions and btrfs subvolumes:
 
-2. Boot into installed system and run the following commands:
+   | Name    | Type  | Mount Point | Size         |
+   |---------|-------|-------------|--------------|
+   | EFI     | vfat  | /boot       | 512MB        |
+   | root    | btrfs | /           | rest of disk |
+   | home    | btrfs | /home       | subvol       |
+   | nix     | btrfs | /nix        | subvol       |
+   | persist | btrfs | /persist    | subvol       |
+   | log     | btrfs | /var/log    | subvol       |
+
+2. Run the following commands:
 
 ```bash
-nix-shell -p vim git neovim
+nix-shell -p vim git
 git clone https://github.com/starr-dusT/dotfiles ~/.local/share/chezmoi 
 ```
    
-3. Copy existing configuration files from another host and modify as needed. Make sure to move the installer created configuration-hardware.nix to dotfiles (e.g. `provision/hosts/<host>/hardware.nix`).
+Move the installer created hardware.nix to dotfiles. E.g. `provision/hosts/<host>/hardware.nix`.
    
-4. If required move agenix keypairs to `~/.ssh/keys/{age,age.pub}`. A new keypair may be required and agenix files will need to be rekeyed on another system.
-
-5. Rebuild the system and initialize chezmoi dotfiles to save America:
-
 ```bash
+cd ~/.local/share/chezmoi/provision
 sudo nixos-rebuild switch --flake .#<host>
 chezmoi init && chezmoi apply
 ```
 
-6. Profit!
+3. Profit!
 
 Perform additional setup found in [additional-setup](additional-setup.md)
 
 ## Update
 
-`nixos-rebuild` command is aliased to `nu` assuming the machine's flake output is named the same at the hostname of the machine.
+`nixos-rebuild` command is aliased to `nu` assuming the flake is named the same at the hostname of the machine.

provision/secrets/git/gitea-runner-1.age

@@ -1,10 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 Fz/sQw uRPe6lrPzIntOBzSYR+zM2xBihHCAsdOtix9L9221FI
-6i0DsOZhZdi0ZmKJAuG9xEX7dtK5+daGule506UNsRQ
--> ssh-ed25519 47GzQA etB0mmw8g4t0mfzBEv6Dr6V9IdoJegAjgbOY/t3M9ik
-FgN9DrAotYJ2rvvEh80+Wp5BxoEHe3W4LgCLld0G9v8
--> ssh-ed25519 wcI7nQ a3seigr8UNpEeUil+OSbf5RyjArSm03ygNw5AjtJYQ0
-Sc9J4LQI9kFUFDzFjLS8Zwo9Z/HTawBsrv4qRxftwMg
---- sGLvBOkszi11u/ukhK9iQ/FYHuqW52UXIY9kswVF7Tk
-SºaÈòüÜ2ðMÍ$õã7<C3A3>Ö´ßVÙÑ2³Ü)|QˆŽØÂC›<rP¤iMëú<8û³7?¹ßB¾Ú8(
-"A_}é÷øM¤tLÿ
+-> ssh-ed25519 Fz/sQw eWmbN5fQHK2Af4PsSY24Yo4rviqcMc1841KZEdn/ezQ
+/N3I6mOuUShNlzr2c/TnB6ax6TtkrFJQxFIaJ4STrXQ
+-> ssh-ed25519 47GzQA 7ut3vn6lXxz58Tj/OXWuueqaxRGckhpVj4Z/N8b34XU
+SBecD52O2UsCOOLQrxA/+E7VcXOj88Sdg0yA+i7bQ7s
+-> ssh-ed25519 wcI7nQ isqztqV9KZjY/CUW4+I2yHfCeZmo2IKG9g5lfQkB/V4
+ppd2WJLTLyoEp5bS+oP6bT2gVkc+J3e7tlInx5326d4
+--- 4n4s3HSUR089Q2VqEmoxUnqrhlZ+cSvl9FXvrwTAkqc
+Ççc)¼ù?à‹÷ÿ7»2,g‘õ™Ñ… Mc’1ü&éûÍH’€–—_‹®!¶g.[»•eTs%’Åó­løFд®]

provision/secrets/secrets.nix

@@ -6,8 +6,7 @@ let
 
   tstarr_kestrel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINr2BUUToMswbAbxZMXarl2pQEomM+jADyZbEK31VGu/";
   tstarr_torus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhxsVgd8DH8c0zckjMUxSJrTimU709JLCgDGBMFoNxQ";
-  tstarr_osprey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGQEjr+yK4zdnV9kBUMo9fopsJbvF+TfQlVQexBCwuwB";
-  users = [ tstarr_kestrel tstarr_torus tstarr_osprey ];
+  users = [ tstarr_kestrel tstarr_torus ];
 in
 {
   "git/github_personal.age".publicKeys = users ++ systems;

provision/secrets/wireguard/kestrel.age

@@ -1,15 +1,14 @@
 age-encryption.org/v1
--> ssh-ed25519 c/r/0Q 2KtEwngUw7ZA/rEEaXHMwRC9JZcWrIrmdDlP0lN9tS0
-ZAKUTyCKtf2EVG6qhSWn8aXUkNfAXgrMBwUiLWx7iOA
--> ssh-ed25519 6UNP1Q 3AG6l3q1Hgv4Cj7z2a31b3g9AW1sowV71em9QSZnD2A
-+Q8/nr1yz6nZviV7srRTW0LnoNrYxW1x7gjhZwvvmOo
--> ssh-ed25519 oOIlAg RPVxwWRbDSOpyRD34uPX8vQYzOKwbc/6WQ3miIpsWnc
-QQfR/w+kh8/6WIUogDlX/iL4Y2Idw8hOQOEUHQgTwes
--> ssh-ed25519 Fz/sQw u2KqeUEobIWwbKT61etUYeY2LFRk6l8EYJ5dnuvmDDI
-bCpGnuJf+qPG+f2N04zATwngB6nwJDMSpz8mFUfkawU
--> ssh-ed25519 47GzQA e3x/3uULmh7FLg6eiATdvbG/kUfrCKOHrph1tw0HRk0
-jOVO2Irq1NxzzK+O2Lo4/bip9IFqvvzi+bIaD8Z0rqs
--> ssh-ed25519 wcI7nQ RIgZP4y5FqqmUJDc/emKdO2laRHxNer+db+TgbybLVA
-K61Q/TxQtX30Z2m3N0sHBHqBIuH7Q0QHmWVwMxthAMM
---- dlNFmAoD84TcOlyWRGjvx29SPHaC7FGiYgrJkQAsOMg
-©rÁº+{œŸè ¡Ó¶¥Æ£¨yUD ?Ò¶û%MϤó‘ã
¿†ùÝB®NÎyË'mÊ
óVÄ–ãV¸¦þ&«­é&ïs¦Œ®«2@H<>
+-> ssh-ed25519 c/r/0Q 7SZ3i1/YN6bomMnpPpC2E/qiPFa9YM3dWVSUKQVJCxY
+dSc/zPCGsJ6t0v7KFqKOYxxTeXM+7zKB0QHtHOakajo
+-> ssh-ed25519 6UNP1Q ZvbWPwHL8NfgbyRLoEsVkGdD0NmA3w8tarkiJGaqtxw
+B5GNn9oJpHIEfXo6hBSh5FbrMXKWPmAWdigC1prox10
+-> ssh-ed25519 Fz/sQw kA9TGqMf/8tpTTIBKjxslnhBV3SYy7x9rLUEMZNYZWo
+cxFmMBMwKerh50a13dkXyUVuXiMB1aemskJXfbeg8Kc
+-> ssh-ed25519 47GzQA K7lrG9mj/dy+L9FDV+/PxIjxoWAnuXxmx5SNFYO2b0g
+SutKPqVSJ7XYoC0T25jOMATTC2NG7eWVfjxaFvO45Rc
+-> ssh-ed25519 wcI7nQ QlzNUT20/KqoBOcvPoGQwQWXcROddPUTjo6VcrKJ92w
+lDvscDynwkQiMkxDy2wXNjvB6zK3sOu4bLyXFtmcNZk
+--- M4JBRY+oWI4rqCvUZSaiA+DitbFX5k/5Ad7gEx7XxLY
+ńÜB'á­Žy®ž ĺá1<C3A1>Ú ŕ
+Ő<EFBFBD>Ę2–
z>*K‰®üJ’°śÇ<C59B>Ú1{1ν0xÍL‘
ç;Á'0Hć'ĘĆeŃčuá]çA0

provision/secrets/wireguard/torus.age

@@ -1,9 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 Fz/sQw 7/YCPJS/50qCCQjXo2FzANZ6CMqX05DP4Qk+qCgXjyU
-BAMi2jaNirVy0SiKecdKbKIQn+TUzZOeykRoRmxg0PQ
--> ssh-ed25519 47GzQA eEojsbTRfeimfI1ZFFk1Na/CVBdDd0xr3iQrMFHxiBE
-vPfgDfYoYmZ64cUIwIFXsoUj0Tc/jvpSmml7IoCd3+o
--> ssh-ed25519 wcI7nQ 8rWj9DNjix0FynR0itooK6h9B3OokzGYzcZskNi6gSU
-58WsoNAWUBz1lXSXWasaqXBzVC4e3+SqpCIEwQyHVj4
---- c9NO0AuVc8azutlxHEp9WEJEKkMK/5ygbZF++5ovQeQ
-I:®B.±ÛN+žN”.qŽjÀŒœi?}©¿
ûÁš¿Ð†i8\_ç¾Jà~<7E>åá‰þæ
‡J@è.øZâšÁût½±r.‰ê`Çø×ó
+-> ssh-ed25519 Fz/sQw sTJYlfFdSBl+xqi0+Yysl6NNWH8IABznrbF1MLi8p0c
+xp0OvKeTPOK7CEUlPJOF9ZT3G55jYzGx/KI311YXzIM
+-> ssh-ed25519 47GzQA Dc5kR+oUGLMcL5V+ul8NQTw4xr/ihd4qItpwlVDcLj8
+RZFPMVRFxBaosGvXRLcJA8gLIeaI8i2QIWflcsHY8uQ
+-> ssh-ed25519 wcI7nQ 1lgpi/CuZpYLgjEnWYBD/2x5EMfPLfyR+9xJVqbfGEc
+wmzNKHObcWs9tbU8nIZ6/iP3cJKusAIRwsoPnszxdbM
+--- BAh4R0xMUi7v8eoI6R9aW5YHbGULsZR+lBw6JnGKsbQ
+
+魺稩3<E7A8A9>S脍镶H璇|v贩假际鴎稾斩l舖ㄈ<E88896>廭b<>V圁C湉gM廤i蕜z;狢|鞄詧桘琓}?fr

resources/img/wallpapers/readme.md

@@ -1,5 +0,0 @@
-Create wallpapers by combining "blank" templates with desired FTL ships like the following example command:
-
-```
-magick gruvbox/blank.png osprey.png -gravity Center -composite gruvbox/osprey.png
-```