sops and photon setup

2023-12-26 02:56:52 +01:00 · 2023-12-26 02:56:52 +01:00 · 90cf8be3d2
commit 90cf8be3d2
parent d29348ec64
6 changed files with 190 additions and 41 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -0,0 +1,17 @@
+keys:
+  # The PGP keys in keys/
+  - &admins
+    - F63832C3080D6E1AC77EECF80B4245FFE305BC82 # alice
+    - 8F79E6CD6434700615867480D11A514F5095BFA8 # dennis
+  
+  # Generate AGE keys from SSH keys with:
+  #   nix-shell -p ssh-to-age --run 'ssh some.ssh.wavelens.io cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
+  - &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
+  - &photon age1rjlc6vwnz2lcrpshtd9rldlxels6l2utwmnmf3prus8drfefeywq5ljrdg
+
+creation_rules:
+  - path_regex: systems/photon/secrets\.yaml$
+    key_groups:
+    - pgp: *admins
+      age:
+      - *photon
--- a/flake.lock
+++ b/flake.lock
@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1703499046,
-        "narHash": "sha256-A6wclPJCOMEYuD28KBOBTwHEVOKy3f9yvuMFAJ55dco=",
+        "lastModified": 1703527373,
+        "narHash": "sha256-AjypRssRtS6F3xkf7rE3/bXkIF2WJOZLbTIspjcE1zM=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "d5a917bab40daf4e5f82cd27162b8a6656d3beab",
+        "rev": "80679ea5074ab7190c4cce478c600057cfb5edae",
        "type": "github"
      },
      "original": {
@ -22,11 +22,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1702453208,
-        "narHash": "sha256-0wRi9SposfE2wHqjuKt8WO2izKB/ASDOV91URunIqgo=",
+        "lastModified": 1703545041,
+        "narHash": "sha256-nvQA+k1rSszrf4kA4eK2i/SGbzoXyoKHzzyzq/Jca1w=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "7763c6fd1f299cb9361ff2abf755ed9619ef01d6",
+        "rev": "a15b6e525f5737a47b4ce28445c836996fb2ea8c",
        "type": "github"
      },
      "original": {
@ -43,11 +43,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1703466232,
-        "narHash": "sha256-euLiyAHlppxizV0aRHx9adR4fTTLQVFL5sJ4LWn6dTQ=",
+        "lastModified": 1703545968,
+        "narHash": "sha256-u5yE7Bw2mw/yu+Ljk51YOoy0rz3suGdiOS6dSu8Zgm0=",
        "owner": "SuperSandro2000",
        "repo": "nixos-modules",
-        "rev": "d428b73701f49f1fe5f47720db4d093d60818f18",
+        "rev": "c5ae5e9b02fddb35ae37479c77238fc3dd9a1589",
        "type": "github"
      },
      "original": {
--- a/keys/alice.asc
+++ b/keys/alice.asc
@ -0,0 +1,134 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGNBF/33QABDADHZbNJTaBGLHyTN+Bjw0MQPzWcpPlUoY3LoyjDrllsSNVhAGP/
+soCIda2Hw4oKEZb4A/YHQiJlddKcHgvaWQpDVKo94ZQ8ctPdEA2bmbIqcBxWzC8
+KRKX4iYBZVLljG4SqjUV+ImTI1baJPY1RETo+imi2pR99wZFtXxAciZkhLTVoJWL
+Tx6Ph0qHzxrCBRHjCK6WsTv4RRDAWLhS5tX88m6mbX3riOGNS/MJ0kFweP+5w0qj
+dg9tEaSPpgblpRWyGMwibaaSKwgnTqR7uoxhqiNjC8KP9pwJPjKd5L0K1uRjVXOI
+rJIxWA0g1KCbUwCeaayYliGZ6I3IMOan6Bx+Gap27TqyjmAwlI0YgYGQIS9h/wVO
+aSK0onVwSu4sZoIGW0DnyKF18QpRfLViAaWptoCtaShkXfIXlPVhsPAKHOnJK+Zw
+06Ucgie8em1YQHWyCaPqGSO5Fo3weFF+SDvwpY4mWFHpnRx6JcThVTaYUkgNMiBA
+2lOlqLw2okcyftcAEQEAAbQlQWxpY2UgSHVzdG9uIDxhbGljZWdodXN0b25AZ21h
+aWwuY29tPokB1AQTAQgAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBPY4
+MsMIDW4ax37s+AtCRf/jBbyCBQJkGxpkBQkGBHDkAAoJEAtCRf/jBbyCMWAMAKgL
+r2W63NwYGj0QfV4/+6Va8LWzkFSi9qjBrdzpQjdKBfzIOrKtnToO+iAaeTSzhIdr
+CyCH8z/AOv+7D6sGGsVGtiu/f0zoLNlEmp3wH1RenxBq9XK1lT2oPsiUL5setHec
+ba/z6ErLvIKjpWIu+UtrAHFkJIh6VvXhgyIUYkB1dIzy297B3nyvpxsRHoxJSpr4
+aej/TFdpawZinDoJ0tWd9vKpDTEMIiXtQBhcgzV+NNFRfQdR0jJDnsoz7oCjsgnD
+ILCLMR7IzMerTN/hypGMDOeANX3F9M7yQlLgGYUSt6ViXjYru4lb3zMEm3UyT8Bi
+qQICj2RK8I8pDqMqBN/hP6bZjKAFfxPdQlvwmNfAIJuxNKJHYUJHqHfT3r71YJps
+vws+RtnA8hKLVWr9c45BaGWvVRx9BS6z/5LznWkKvsnpW2iIHkF8+/RKFC8xtK3m
+h3yOjVrBYKHGHwFtFhTO0/fi+RZOPk7eGaySJpb3f4Hdorr4b2Bp0XtnVgVcoYkB
+1AQTAQgAPhYhBPY4MsMIDW4ax37s+AtCRf/jBbyCBQJf990AAhsDBQkB4TOABQsJ
+CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEAtCRf/jBbyCbb0MAJ2YB3mwk8umPWbG
+Th0vwzJYhNNZF/GnrAxRehWmxR+15zO5g2S9J9Mx1C8X4AHY0DkZJSanGj++xhXP
+pV7CccC/4Pfip7Doz3aV1baB3kTBtwvuNES6OXv8/09Dq2OFi76ArfJBNSNLQdNk
+9YKnWS358C51wmXYM4ZF7KLSYxRNtr0Y2hwxIq+JPvBMJ1N+vx3AIxFqKIEfVaEp
+IwMNaCJBojY7P/UBKLOq/2w0tTbMSsO4xHIElGZQnke4tBFiQIrR4W7+KZpfPL34
+KRwB2c1dNyYO/en0cRCYJHquSbAkgg/gWYmkj2cUglPjksJKXEq3VJPmkfMjU9+d
+TK2wHW/4V9ELp3z/zDorptCkUNY2+Asf3W4YfvXrqSDAynA5s6KBN357wvYxwImd
+oMICYwUkD+eQGQA56RIeF6W/i6EndBIBNeygr+ysVKdycEEokNN53iHujCfXcKLV
+wXNnDyNFZ+NGZ4ybFdADMpg6gWdvOaiTcW++x/h1cUe8TFjzrbkBjQRf990AAQwA
+2S0HRUcJELtXnA/ZQWLxgpLpe1WgDKGSlVIecggX15awJboMAOs7r2itYYX7Rjl0
+CJh4SyWZ3jDu+aP6U1xo+Q1l4eyOtkrIvqSJkOxXAdOM+oNpIdNLkf4mn08WvfU4
+mKCH9E0jwT6r7EdR9CutzNZ1GnwHeCFW8xOtsFoef3S6WIrcP9cWjhQ2QPkV3XOd
+wIUG8t9qtpC26rzMadJSWj9NFy3tIyl3zOw5mrc/bgPQ8wca51ZcxNG2QIxegD33
+3lMLFtQHVZJl5i6+xJu50CCQi/z3d3APzk5oSsEo5tr7+D4mkpsd67gW4lXEX1cO
+11zGV+PUw+i+zYgLQmSBHWgYOoLvA76DhNimOoN9EAdeIl6P7Y+gWmW+ZvGk9z0g
+/ZKpihdKYhIGn5flR8mQIWnArNk8ASEYKWSA5y+et6KioGGqSyhtIgEepWNuQoFj
+mQh+cCfJSumFzJRhCPQWbQsmuAlK4MOnWT2vaFk6qyWP52aJesjtNC+4dfGZdU8R
+ABEBAAGJAcwEKAEIADYWIQT2ODLDCA1uGsd+7PgLQkX/4wW8ggUCYsyZvRgdASJl
+eHBpcmluZyBvbGQgc3Via2V5cyIACgkQC0JF/+MFvIIk/AwAppJGiYK+fg3ogHYX
+PkWMTgN2riXp/8hIwKB6I3Hq9C+dg5qKQhSOsi2Kw9g7QrJ+Yd8yKhCS73GnnOJg
+/LT4BPV7siRBqYkuLvad454obsd6XNCsEA7xPyeWNqUnC7uwiAb/y+uyOx1aFaf9
+ZJZ0novc7yZxmp4IynEon6QplTg+uj6iLYoqFTlSN6X8wm+piJXqBK2l0mp/ZvxB
+xZ9ARu7eVvgQ4Q43sekId5RqHZsNbsUP6hpKTpMQhtWsEpv+W1EKvw0K6wgdxgT4
+/55S66gc0WTRY6AeES/aQA11XNe2VXmmjNdpF0wcV/UKQliYL6jd/fBWhdWpd0Jj
+Fj+RzGJXkW93ppUgyK+KBAggXDW3JxTCM0x99PVwPGxN0bd6NJFW7X8RYeHEFgZu
+Z5GJBFjDEzE4EDvUqfVFyLlDKdtTinFAaqTujaBb7refp1jwdY1pIXk7wVmfoF/H
+QsE6wkedD1ArKKBtn+gr/KjdWjtwfhgq14uAz+dgdF3o1X5eiQG8BBgBCAAmAhsM
+FiEE9jgywwgNbhrHfuz4C0JF/+MFvIIFAmHbv2MFCQLRMGMACgkQC0JF/+MFvIJD
+ZQwApRq1BDKclyPvQdejX1UyON/GnlDsSzQhu0SQALNVANsVJXNJgJOmjpnPEVnu
+FLH/LtdrtEUBs62UzDofhwtgy6/KBDfQONPtCTiZAdJ8P9MDmJzmKAZj9d3oA+1m
+C6t9ZVuIEA5ucspjxXDV2KM1NDzQrW5a1x6eidTrHiVnaTZtTd+6TOYMtonRn2n5
+grpRzh80PwPFjWxrdpo0gkPsbaSNts4VhIv6RvO8x+T9pIoHbFXK58jWHGH5c6E0
+NCLrlocxRI2m51PAUcJFohsA0/queLNi7NXmetw4C9nRKJaMflgfdKssM9YDk4/n
+7bv3wqVmXvelljpzdmKb8CKEQAYTiXgU89ldO2aSBWKz4iHQS8rfr4dRZVxt7wUY
+3Vh1X0O/21s5CXSp/Inj+EHskbUVsymWf1VKPjLkMqYTpGUVT7bTwMSguNDy16OY
+cG/pcwb+S0j4JAprZX0UBwGpdgxcbsoipFXZjbpJgjAAiM+s3LWfqFyxELuT8hgB
+kPeDuQINBGHmRxQBEACzWKaz7Mqy7BuN42Re11xloHZYfLUEDCUPM9ITdw6v6tJ5
+nNhlXJotpHy9PP0/y73j4CbmooKVkGeXzXrPmYKvuFbyvwBrQUo6w5K5dMzv6Ift
+SZwaX/09u6+y715uoEiYqlXrtJ0uLdgb+ljI/uNeoR88hyRhNLtHRhnoC0M2jIum
+OPvNWCEmdvdZXEEyiZWxK1fYytCfCgzhuWPODPwiBT1qLk5dZwneK69HRogV0tcF
+LNW5Sf5oUTRMJtpAv31W3g+g/NnpmbWLW2ewcgBORNPG2y6X2JYZ+a12zqU3afKr
+r2d/QUOcjjWytbXz2YBh8ys5EQkD0dp8Tnl3woL63qXHT7P5jeiGnVexSXa5lbWq
+VDT70RSoJT+bnbC3c609eQqdDW7bThY2naVzpuYpjvUPG/KunDrbEp31p4IUa1hZ
+Jclg17Ns3VTNMdJPee8rVFpQD7avVT11SzOGgBuNlzIySUT3CaLz3zTIh60UPv1u
+ZKwSlbXrAonq9O36UjDYePK7UuaH1Ec9sJmP9JlEW0FBlMRCWQ/IevgCmpPTcQfq
+/5RGupB8wb0vh4wYDo0JgSDfcvxFmxuHdficTCZQpLyuiA3FgIdq28RJgyKLQT9Y
+4M20rNfOZ+HKrCF9iq/pi9VL2us4xXu3NpMNBUDUvaUjcopyLu52xpA3OSspuwAR
+AQABiQHMBCgBCAA2FiEE9jgywwgNbhrHfuz4C0JF/+MFvIIFAmLMmb0YHQEiZXhw
+aXJpbmcgb2xkIHN1YmtleXMiAAoJEAtCRf/jBbyC2kUMAMUpWzErKbY1Fhb5N3TM
+/esAsiwYZjdEYRc5O5hnzZhmePZDQHU0mvUPCBqRJQOUZLHB3ABxaK4MjTGnJmYr
+segfrjz64ivTMbSq+kNurg71n5nkxijB+f/qoZ8BFG/goKKPevJIQzXBnXzkJeld
+xcQ9yV86kfHG90gXuseR4qPwflOgUWFlqBkK4itqtTICLc1a3rIIEqaba8g80v75
+XIOliPXJDjqTQhW5BT8l2cJPCeOj91MxopVKCt8D15223rjF1v9sso6QNogfELl
+z4tQkIlw8mmJQ5t5rzu8gKqLfSweoyk6zJNoLeaLpibFVBK/NTQ96U0BrpXl6yEP
+5d9uuv5sdEA3ioIv3L6mDzAjLrTI+dBVZefrEndrPfpJ+gijY+aIow4Ec+Ek3iw+
+rqetnQKObtVUKMFg9xjTrf4jqA05jfEbOsUhB/UWliX+m3C72DjuYFK4gc8h50YE
+6mY1UfPKa4LZjkZWimcdpBoZk8rvvGKJ5yxetUVpc8Vv6IkD8gQYAQgAJhYhBPY4
+MsMIDW4ax37s+AtCRf/jBbyCBQJh5kcUAhsCBQkA7U4AAkAJEAtCRf/jBbyCwXQg
+BBkBCAAdFiEEpDCS4Uu1iKD+tP9UJ181DjcuqJMFAmHmRxQACgkQJ181DjcuqJOa
+0hAAsKW4uaBdfE4ZL6LMBoWomi2fpwHS5zfnG+gXFygZM/9Yi0HJew1wSat5V/pM
+jGQfnXABNQBx9sQmArazJlrXXx3+l/OOxvKsY2SdeGLIKpy3ufgc0q09oc6NiuTq
+6qRw869YaACrdbYK9yAuqnX95KlDcVPrFdu6BA5Vwz2grvAZFNTyJs8prkDibp8E
+JqsEpk543KgEhIREHWqC9LCAsPoQE1YKZ0a9FjrNW7NE5dHXE7rv1OJ1P1ScuxYe
+dnDXNyQsx4I+fenzmPx1ql2j9UMYpnQFtyemYz9phIN1qclA86+qLd2rYOANUzdH
+yQYhjuxxacXVVDvnXImdgkal/Mp7+g7Pi6vyzvgQt/1vDmRm/XIauhXCnOTX4rBm
+/NTdnaaVuF9CjpSKeLi7hFJYyLaywr41Pd7x/VULd53P6jSqesn8s2U3Rob+8GJS
+7clJpL8DRbxRGBx12Oih+CzqCqa18lqBmWqOsyv5keV2vWnBFDGtS3vQqdvAH4TL
+cVp3t3sy0oURaFeg+4zwlSOGFPwFG/G0z8F5shKq9zMCDqd2aTBgnW1V9wCXC5d1
+FV7VeT6JzfSvDSqWr0zS3ciMdinYLtmSHPv5NfNQmQCu0oOytyn1KxQ3efOuSsc5
+83U8Y0u/4RiAmm7muFKaNnH6GBc1iDTdbibtvU1eVQFfVnxLTQv+N6S39uc3SMSI
+YZzofnGthGWg2gkaVF7UXwKP5UH9HRTBUjVgiIfWvU3weaTsKVsBFRv9pJ4WA2+y
+uOH4Ew0LnkkbLynpgmpCHD3STqNQiOtuVqs21vID8+BL1AtSQga6CJ08uDVXi1pQ
+OnwdMzISWiEIj+dylCjfQrHFu1MMU+PolcSf5VPszetmI2R526veCwW9uzhb2kPH
+gyT0aRlW01rAU1On87vgxiD6TQVFvOBF/IwbqnQrR+98RlxavHpkHsjv13PpWgT0
+Hl9AnySQKzTjdvRpViD3JanowcwC6eaWLZu71o/e+/aYqgzW+rGL66ROwKZoDlaR
+VplmQwq1b8/DU6PSCZrfdiu3ycTEu5Bv7mjwSDu0l1dZx07Cs5RJ5/IvhvNeX4WH
+TbnAwJjgHiyQCxqTJnhhhRkYjAAbFhmCstGk3wWzubr8rqb5Dy04O6R/jZET3+WH
+UFSAGngE1+PGim7kDEgWqI/D2XDCECiqYq45Nso8fGHqRWZ4ne8GuQINBGLMmf4B
+EADukvOEQUe2VD/5i1LFsgyBfuCMbs3Uq+mm2fYDSLfQrHaOUTq4AiwJTeUtixAu
+Pov/kt1BQf/KOnqEiiZKgQIGYpTdnmpf3XjWPEU/veSSa9Smy2IG6N3u7o97rcbl
+F/NXxarYMzQhDm842qxSHiafVYvZJAmJGsgTJ+ZTv0NUHOdOEMlgg1nZrZIv7PYW
+yNyMD4sXHO3Opuzfa8AXBQuICmBM/Nuv5/l3lhcRYXSImMB+xlAZCvS2pyAZODk9
+mXzFVHpctjUezHkfQrUsI6FFOvo0h9QbBB8rMxrGEedla+gdTa+8Hgs/Ou5G5YdN
+Xo0tfK1/u+RqFtk2piAF3/5u9Ov9qox/n1akFlFZM89mmu0DgiUH8y1YFNAuPHRT
+tzFRwvExT1JFZaUgezZY5ivPxctjJLDaD1A1T72pc7FMcBX6iLqMkt2/2AeDa/JV
+MzwYOm2/q4rP8vra8Id2Op6M4RIzlKXMbjW9RkP90pzzYECttvyLWXPRGNJSNEDl
+djENbJbdSm+j2STLukk8qW1reYRmU7DsOtCSM8lyvuJjZp0yYVheIjBFnWPs4fKw
+DX4lVC+MEWqMDagi9AmJOCVwB32dR5N8GXLFth67otmzwDhF4qZcLAuGFWyjj+4s
+2LDxqe45mTBEkI/Yns08WGjxkyCbFZUbSvc723SGzYP3GwARAQABiQPyBBgBCAAm
+AhsCFiEE9jgywwgNbhrHfuz4C0JF/+MFvIIFAmQbGpoFCQMvtBwCQMF0IAQZAQgA
+HRYhBHVlUgxu5Aa5g2fDvx+s9AdeMhL3BQJizJn+AAoJEB+s9AdeMhL3euYQAJNq
+ds6s+55fiT1ldpnK/5MG6VX4OnBBl9crShNZykLKMRpOTw/6/JpO82M6vSUexYVX
+TZzc6GWZMwzWVighrkQr+SkvuF2U+1fKR4mYGtqE7eO04Nz6Sn9y6ADhS2Ulsp4k
+z35X8h5UpIBaHnLD8vuvPZwcvkvF+UMPQLHD2xwojrN6RcCYl6mk9Uobd8yqrs+q
+nlGNk3iwNhx/YwCINsvm0LcFw0eOKLdClSSrjcEMyrk9ELP1KXJEgU9hGzyBrsGx
+GDeUGX+mSCSIH0nm9wHDTpFsaPHGRBqDHvx54ZntWTeCjtw2/xMN7GbOO8j75G0S
+DQv5aCQuvrNUBxH0F7FZdZfy5fer0lOrNf+tq4XTc0GB7Nyf1oaAzVQdHGqVm6sd
+1/B9rSqrpIh7VjcEaO2pHzKGy1n1RIlXVNT+rAqSwAgRZosmW43u9fOiHluQ1Bxw
+ieePdK8MG59WipBJo7qs0djm0jX5cXBDa7UTIcJMHYaU5tf3cJVoHnKz2Vdn5Jk
+Z2BRY9pZwnnFO0AoOHMLwEG5f2bjAcTZmdW7haS075inAEqA28dBJHQzi8kROxgS
+uypTjQDrI66Us4KQPCzKG7CLGdSrM3udqD7CmmEUiMjfPfe+xVhTE5EhZcAzwRSF
+KSKxCSSNnjQ7RX6ZLAJOnhSszHy8Lu4OiAEFVZpCCRALQkX/4wW8giiVC/9Uo4Jt
+UtV9Z4uc+WWWg2CbAp4Mn+pu77lTXe50GykYTOE14B5UARXz0K42EZ1DhjSJBpGS
+w8rrB1HMRgofWXwschnnYsLnxnkcacGGazvQM2PV2HSWQ8xTyn4IysfeHT55buA0
+sI8VQFm5MjDc/tUCnpFgp9v5q9+gncexo9GWVxaO+3oa4Y2B4Ypi8JHE0Osp9klG
+XZt+kAuJXDhtd0MViYrPQaHMgI1zyx2vyak2hSXpbI9ao9klqiQTXTzoLh08xP3j
+Dgoy5o9TbyYcDCf2bthqlpCOZyXgGS6DiF280hq9ZBeLSUdE675CZ6xY9RmvVmut
+tYYvZca+JdINjvNTJHO4BjqJc83Cm08u1R/e+km+jOc52GJJxXdmev+AzYsoe3ol
+vn8mp6C1/K2XJxOF+vcXb9gK+wA1FE/E5x7iNb4xlMzMy0+4AdM9MRWB2U7R2S2m
+5AnihX03lwZzHk2GghGbJj1eEeyq0fRcg7VQh45e660HV2ytLgvFEWn8KNI=
+=U1yy
+-----END PGP PUBLIC KEY BLOCK-----
--- a/keys/dennis.asc
+++ b/keys/dennis.asc
@ -0,0 +1,26 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEZHhWiRYJKwYBBAHaRw8BAQdApLSB6EIA/rIChQzJ/DTuZo0xjZqLd0YanYZN
+Hk65RDe0LkRlbm5pcyBXdWl0eiAoTUFJTikgPGRlbm5pcy5oZW5yaXF1ZUB3dWl0
+ei5kZT6IkwQTFgoAOxYhBI955s1kNHAGFYZ0gNEaUU9Qlb+oBQJkeFaJAhsDBQsJ
+CAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJENEaUU9Qlb+oJEkA/jV6SgEqfLBH
+Te5cctEeKi1I6NhF9ygQaQ3E1iOawKjNAP9AKaJU9FZxBkkdQYRUwBT1HT5a9AE5
+Sc9Kv0gGjJOxBrg4BGR4VokSCisGAQQBl1UBBQEBB0CIoOJNjVR40yMwH/tJRfvE
+FvVc8Vf6S/H0Gn0jqMT5QQMBCAeIeAQYFgoAIBYhBI955s1kNHAGFYZ0gNEaUU9Q
+lb+oBQJkeFaJAhsMAAoJENEaUU9Qlb+ozsYA/1WRuFNfGvkGnfxekqZVSFWzV8+7
+dxTsdFH6Rp4ShU2IAQC7p0YlJ86tH4cUKX1vgp3Fd5MwysFgwoI9GmPkIjX4BLgz
+BGR4V2kWCSsGAQQB2kcPAQEHQJYHv/LMo8N6iM3zFvOKrF7ZLp3eAG/cOED0yDzr
+vgkdiO8EGBYKACAWIQSPeebNZDRwBhWGdIDRGlFPUJW/qAUCZHhXaQIbIgCBCRDR
+GlFPUJW/qHYgBBkWCgAdFiEErfK/dQolfE3HjkAfURC2OXTM6bgFAmR4V2kACgkQ
+URC2OXTM6bjzbwD9Hpa0WcBU6yeSXR/6rmXImdEZSQUrT2T/KGBQQGMoDO8BAO2Z
+hb8Twi+tkgabc4+6QzrnnF8owCNi0snngcaqXBwIECoA/io/Rc9XwHYgwI8QkQjU
+SwRrkWSL2nHJBOyTNr51aw6jAPwJGFgjiiiqaTPtVJmGhVvjr06W66RMK6IRejPl
+AwNBBrgzBGR4WCQWCSsGAQQB2kcPAQEHQAoyEdbEjTAt540SMi4qA3YqioPuE2Y0
+omU1cNECTDpKiO8EGBYKACAWIQSPeebNZDRwBhWGdIDRGlFPUJW/qAUCZHhYJAIb
+AgCBCRDRGlFPUJW/qHYgBBkWCgAdFiEEaRWBxbY0svsuEwNkS1ay/lwzFeQFAmR4
+WCQACgkQS1ay/lwzFeRL6AEAy+o1W/rY3Bwqws+NtEQmZp8ImuNL/VryMy/fvV1g
+WJcA/Rr7pVW424dMWNz9MzAJBtxT8DLzwqC+lLl4uduoEIkAPcIA+wSosu1Stl03
+qaZg4TW6yawfUu9ixjKRbIv/THjQ26n8AP42LYM+BgT98KHYpCvP5TnNDJ3EX3Jy
+1lnOvas0EEuhAA==
+=tFtY
+-----END PGP PUBLIC KEY BLOCK-----
--- a/modules/boot.nix
+++ b/modules/boot.nix
@ -39,9 +39,9 @@ in
    tmp.useTmpfs = true;
    kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
    kernelParams = [
-      "ip=<ip-addr>::<ip-gateway>:<netmask>"
      "nordrand"
-    ] ++ lib.optional (cfg.cpuType == "amd") "kvm-amd";
+    ] ++ lib.optional (cfg.cpuType == "amd") "kvm-amd"
+    ++ lib.optional cfg.fullDiskEncryption "ip=<ip-addr>::<ip-gateway>:<netmask>";

    zfs = {
      enableUnstable = true;
--- a/users/alice/home.nix
+++ b/users/alice/home.nix
@ -1,31 +1,10 @@
-{ config, lib, pkgs, ... }:
+{ pkgs, ... }:

 {
-  # Home Manager needs a bit of information about you and the paths it should
-  # manage.
  home.username = "alice";
  home.homeDirectory = "/home/alice";

-  # The home.packages option allows you to install Nix packages into your
-  # environment.
  home.packages = with pkgs; [
-    # # Adds the 'hello' command to your environment. It prints a friendly
-    # # "Hello, world!" when run.
-    # pkgs.hello
-
-    # # It is sometimes useful to fine-tune packages, for example, by applying
-    # # overrides. You can do that directly here, just don't forget the
-    # # parentheses. Maybe you want to install Nerd Fonts with a limited number of
-    # # fonts?
-    # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; })
-
-    # # You can also create simple shell scripts directly inside your
-    # # configuration. For example, this adds a command 'my-hello' to your
-    # # environment:
-    # (pkgs.writeShellScriptBin "my-hello" ''
-    #   echo "Hello, ${config.home.username}!"
-    # '')
-
    # Rust packages
    topgrade
    trunk
@ -41,11 +20,6 @@
    tealdeer
    helix

-    # pipx packages
-    # Not sure that I need these right now
-    #python311Packages.python-lsp-server
-    #python311Packages.pycodestyle
-
    # nix specific packages
    nil
    nixfmt
@ -61,7 +35,5 @@

  programs.zsh.enable = true;

-  home.stateVersion = "23.05";
-  # Let Home Manager install and manage itself.
-  # programs.home-manager.enable = false;
+  home.stateVersion = "23.11";
 }