Merge pull request #5 from RAD-Development/jeeves-jr

Seting up Jeeves jr
2023-12-29 15:25:11 -05:00 · 2023-12-29 15:25:11 -05:00 · 96f8203cb4
commit 96f8203cb4
parent 51e8302c29 55b37120ec
10 changed files with 417 additions and 29 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -2,19 +2,34 @@ keys:
  # The PGP keys in keys/
  - &admin_alice F63832C3080D6E1AC77EECF80B4245FFE305BC82
  - &admin_dennis 8F79E6CD6434700615867480D11A514F5095BFA8
+  - &admin_richie 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3

  # Generate AGE keys from SSH keys with:
  #   nix-shell -p ssh-to-age --run 'ssh some.ssh.wavelens.io cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
  - &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
  - &photon age13aqs2mx66dmnyd74sygnwavufv6a4pwnvcqj4ud4l94jk0tjgu6ss57slw
+  - &jeeves-jr age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh

+# add new users by executing: sops users/<user>/secrets.yaml
+# then have someone already in the repo run the below
+#
 # update keys by executing: sops updatekeys secrets.yaml
 creation_rules:
+  - path_regex: systems/jeeves-jr/secrets\.yaml$
+    key_groups:
+    - pgp:
+      - *admin_alice
+      - *admin_dennis
+      - *admin_richie
+      age:
+      - *jeeves-jr
+
  - path_regex: systems/palatine-hill/secrets\.yaml$
    key_groups:
    - pgp:
      - *admin_alice
      - *admin_dennis
+      - *admin_richie
      age:
      - *palatine-hill

@ -23,6 +38,7 @@ creation_rules:
    - pgp:
      - *admin_alice
      - *admin_dennis
+      - *admin_richie
      age:
      - *photon
  
@ -31,6 +47,7 @@ creation_rules:
    - pgp:
      - *admin_alice
      age:
+      - *jeeves-jr
      - *palatine-hill
      - *photon
    
@ -39,5 +56,15 @@ creation_rules:
    - pgp:
      - *admin_dennis
      age:
+      - *jeeves-jr
+      - *palatine-hill
+      - *photon
+
+  - path_regex: users/richie/secrets\.yaml$
+    key_groups: 
+    - pgp:
+      - *admin_richie
+      age:
+      - *jeeves-jr
      - *palatine-hill
      - *photon
--- a/flake.nix
+++ b/flake.nix
@ -69,9 +69,10 @@
            };
        in
        {
-          photon = constructSystem {
-            hostname = "photon";
+          jeeves-jr = constructSystem {
+            hostname = "jeeves-jr";
            users = [
+              "richie"
              "alice"
              "dennis"
            ];
@ -80,6 +81,16 @@
          palatine-hill = constructSystem {
            hostname = "palatine-hill";
            users = [
+              "richie"
+              "alice"
+              "dennis"
+            ];
+          };
+
+          photon = constructSystem {
+            hostname = "photon";
+            users = [
+              "richie"
              "alice"
              "dennis"
            ];
--- a/keys/richie.asc
+++ b/keys/richie.asc
@ -0,0 +1,67 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGQ4gGgBEAC2s0Q4nQ5aTlpTg4u/Hl9gq56IAGoUW9wlgEoStHXyA1WziY2s
+1pt45l4Q6kORswXoXv0ULTWBQAGponjY3l+HNm+B0XMr6EogjV/EP/UCyEi8zpqs
+PaoJiB95s8rTsh+E7GzWR8KDhazOrGFY+QQOsTWEhLF8jkISd9aC05pf+WnKyxLC
+wFjNFXRWUgPKyKPWIUd3SJP2IH6rSSkp7SMCAUiteQx2c43thnr4c/wcfGANKbFO
+PhYrkTJKSqt38NoFtNB/Eo/MaVwdEnTMmeovF9sA2s0SLat8+FngSEcIXvL5UpA4
+K73+lOQUROWFju7LrIyOhksSZXyQvP+64PxfpbtHadH6wQ4Ckz0GYIYnDQ1q66dh
+OKQq9efIlxb7ky47qXRMY8u6d2d4bceLM4a24lYajZ70HZTEF4hy5KCMd8DAmAzU
+WLCkaz6SQVDsme60jH3Mavd18B8HZ1d5Vi75hNaylMRtq7o6IA60NnVXh07U+Zto
+n8QOze0JqO/GaM7FzfijfsW670j//FSu5wUGnBYprBz7SFh2nCy/XPZYThtHtPbI
+YeESs8WZtqkfs4RpmMkOKcTLNiTFXIsCqHIhR8lDnJl+skEMxg7L8FF2txph4ssU
+BZ6dAbFy8KsH+2Sr2qfK0yHOVs37ymv+/WaxC0d+QpLAupRhzL+s2kIYGQARAQAB
+tB9SaWNoaWUgPFJpY2hpZUB0bW13b3Jrc2hvcC5jb20+iQJOBBMBCAA4FiEEKfUB
+fJXZ5gsbHoQHBysOC4MS3+MFAmQ4gGgCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgEC
+F4AACgkQBysOC4MS3+PnKA//YUDZbuaas5MIWRqZsh02GEXVX4n727JP4iqZU4R0
+Cndq7KCl+8XJ9RqmpRZab1FhEj/DQZYisKvloMvBop4q1XLLkabaQF5NsbDvIQG6
+5TgbeSUmVWP6JS4Ka05FKIEwjKFS6ogbd1tscVs50zFWW+veewWMwwQF1mw+N5wx
+LsnHRDIBPOj8Z+p07fyYlP2RMtqdjUqHOtDBiAvbFaXd1huEHd6H2bhnVLaxsJUf
+EEGu92ND0GgW2tDrJIL+bNhZfsnHZEZPyruLZXcwW0JIyLf+sgob/iY0duDH1JDS
+ty5tS3ke9O3Q56mPogHP7jlMwtVHzQQPlviVtNvYhRamb5hUDc9Qu9uXNM0HOWdg
+MI5KE1xbdjz1OmymakfcfbVcSz1vu3k4XpqChiKt+psw8BnHGcguPchetkroCJcM
+OLwnCoKH3TFxZfaZQGPDhHCGU484Nj1M/wHo9RcoWtrPWz+Y7W0U+47EdmGM1Vpl
+9hIoXqjEWENz6Ph5DD0vxMptQPrRfmtLiJsWxAJRS9MH+ZWXxjJ2byKXiEHdR7la
+Xgj8ejtzaZB04Ow9+zptFH6nwTygGGodcRkYYFtYSS7C46aihvMRLj68uHB2yC2b
+zYutMtU6eregDaWiAeGycZcanGnU36JDifjaCF84oty6a3EpfdGCc9KkHk1Is+sR
+TVe5Ag0EZDiAaAEQANy3ekveJexjqdhWmGjqF1rp90uWYJeVwg0Dlc621SNEzrfu
+suC1BEHC2xdZz85yPbfdUPThAn/AmaMYlNIvzXmsGJdfIIsL7ZT+K6K+9ClbFhR8
+eIZZjhpSOMwLEfNroyZPcOwEua9bSr3mwU+i2ED+dCKcxG4/wAtmeK2PNOz0t0/F
+umLHW9Zk8YZBVSq7sGZ77TBi7GHOVzR/3wWy0qXgVMSQXtmOoDCmd1B1pD/BOkBA
+2iI4spRLiDPW3XVDeAGydYPPEIXtFax7ZCs4BhjT4witJ2110fddrAh6e48yU4Hn
+ca5F+QD6hVvUgHmdM/9GMqYf2mMC8tqNQf33Ib148zIhtQN5OtDz/sce5Xj8rk0j
+HUuZ3E0jViK72ZRnZD46CyIc99ZcLCAhsHZDaMTEDfWX8ToQzA+Ahyth0RMykwhX
+6NPKvOw2VqRK+j6iyYvtDXLmcsR890dzHDJLfrJWCJ0scpeWFvlLkVhQaT3NEqEK
+oUENBFf8zxfTQ7BksyV2ESTwu5xqfYeJ1g1FoTfL30+/W0003K7hoPQuU3ebj3wY
+3mMrG0hgo0iM9wHk83WWt+fDYj09yptGWAgBQNOpRR/0EbwEd74C3UxZQtUmxwPz
+YW2g1GWyEgtA76UJ00TuQHBGklcKtY0IbHKwjn7NwHbYWu67R7Le3+cj3LOVABEB
+AAGJAjYEGAEIACAWIQQp9QF8ldnmCxsehAcHKw4LgxLf4wUCZDiAaAIbDAAKCRAH
+Kw4LgxLf462sEACDweQr1ik35sbw3qlPn3b/d2UYBK+r8G3Pk1RhNra2rFtkRY8Y
+rEAlFeYOCBplsyg8swIClPjKpqIEehMV4X2E0N6WpyPzuOgNP4OPAmJngUYM9uxr
+kcVhYubgp2Hcxk5TkbvHIc31P5ItCl7UUYC3bXf32K5GVeOAxsZBS6elwdxlFteY
+WKjkwoZklPPfce4ctG/phy8dnn+pFMFnyisFFp81R2P+ztdSDLm/U27d8g9cjcWK
+mhZtGox4zf7250p+gIUnlnBdtXIWBaUFidha5qql0/iSsMrhu2m12XaLc5HiubYY
+RNIHcCRitG0Qc/pWVjZAD/bqOTl4/M1AeN7qZ/8Y1II1tCdBZ1MGinKS/3aGjTn5
+RzvYrQeP7YTInyah7MpUTYoxI+VHHeD7hTy/y0GPZBtZ24B/s3ICuMemejILeI8M
+aHj8FmBSXJ3dD8195QyONuQB5hNB3qGhc995KsDK3leCwJc3+MFLZPaEZnB+f+uo
+pdngVsKH2IAVOtJN+QULmuEFmiEGRAghJwxfA4M92Bn0jSa9KMyTsM41b3zdSVU
+ipnn9FVX7RemSdF/z2SXAczwMLwVjai4j8b/U9O3oc0wrDF4QgrKKKIESlID/0Jf
+QLwhRYHy03r2yENO9lEeTBaSF94HsN1UjrZtzpGx6QTGBohA2RrztXkosLgzBGWP
+FicWCSsGAQQB2kcPAQEHQBlJ0lXDQnpcV7nR/MWPifi0WVTDPe0njjVIHNq/Z/xI
+iQKtBBgBCAAgFiEEKfUBfJXZ5gsbHoQHBysOC4MS3+MFAmWPFicCGwIAgQkQBysO
+C4MS3+N2IAQZFgoAHRYhBAA/2xaaamErUuSen5+R1096JyceBQJljxYnAAoJEJ+R
+1096Jycejy0A/2BmBatOihlxnO1G0U5qy3eiFkzmYKhm9WEW+w461hjuAP40cTMS
+xgnpUzUrsEs6+3Om7TLAa0VAqYLjA8NTVJs6AiPGEACuGgYn4uBzeXGLgHHUmLsY
+25rOajs/zAZnQkMz1epMKJDZ658cIDKyjJ6mLkkBwHwARrMhb38AEphXgyuAtHMN
+mEPRzABZutleW33KCk6zzVLyYVFBDWEI7hIFdNfJcJjXsDX0oGKB/oT5vlU25YgN
+cBAC7q9PGfq/XkeFOz9j3UOXMuzTKmtrX28IiSPqk+IkzeL35otzrG1wsUPLDLRS
+nlmwtnP4oQ50cUvTiDesk3QqPQn+2wPYakMydq7bvUcv/jakCADJq8Lsg4AmUxpQ
+bZNj2Zu/j8g+0KYUTriuQpZHf+mjVoNzwxiDKobMvKNzyNrZwMnZhAcDnCXSHpZL
+KnBcQGpsOjZicA9HodVRdU80DM46MSsncxAN+jwdHUOtCtONP059kF8JegwyevFS
+1hY/6ZTMETtKckWbs2gMTEK48SXF3EQ2jMq8lbD9SccuEi6R19R5qiLwQBgUHawT
+PcirlASclpR2zjLH1/MovxMFykCUUaQgGH0TjCe5X95Y7QdVgw6ocHkSFUsLN8V1
+L3UfOIobFFW6EuRg5urKpljoi20dYsAyorqye9q825RyuWa5oLDtqXshCuOzLy6O
+BgnM2FIvUpxAFmlXlC9eG8bUChfqEakio68Iwl6LUQouDR9gprWcookZV716YBVC
+/IKQxyKTQK+nas4pfaUhYw==
+=in5n
+-----END PGP PUBLIC KEY BLOCK-----
--- a/systems/jeeves-jr/configuration.nix
+++ b/systems/jeeves-jr/configuration.nix
@ -0,0 +1,55 @@
+{ pkgs, ... }:
+{
+  time.timeZone = "America/New_York";
+  console.keyMap = "us";
+  networking.hostId = "1beb3026";
+
+  boot = {
+    # TODO add pool name
+    zfs.extraPools = [ "Main" ];
+    filesystem = "zfs";
+    useSystemdBoot = true;
+  };
+
+  virtualisation = {
+    docker = {
+      enable = true;
+      recommendedDefaults = true;
+      logDriver = "local";
+      daemon."settings" = {
+        experimental = true;
+        exec-opts = [ "native.cgroupdriver=systemd" ];
+        log-opts = {
+          max-size = "10m";
+          max-file = "5";
+        };
+        data-root = "/var/lib/docker";
+      };
+      storageDriver = "overlay2";
+    };
+
+    podman = {
+      enable = true;
+      recommendedDefaults = true;
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    docker-compose
+  ];
+
+  services = {
+    nfs.server.enable = true;
+
+    openssh.ports = [ 352 ];
+    smartd.enable = true;
+    zfs = {
+      trim.enable = true;
+      autoScrub.enable = true;
+    };
+  };
+
+  networking.firewall.enable = false;
+
+  system.stateVersion = "23.05";
+}
--- a/systems/jeeves-jr/hardware.nix
+++ b/systems/jeeves-jr/hardware.nix
@ -0,0 +1,39 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/c59f7261-ebab-4cc9-8f1d-3f4c2e4b1971";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/7295-A442";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/9d4ef549-d426-489d-8332-0a49589c6aed"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/systems/jeeves-jr/secrets.yaml
+++ b/systems/jeeves-jr/secrets.yaml
@ -0,0 +1,73 @@
+hello: ENC[AES256_GCM,data:y98ZcYZQSYP8GBFysKvD292lU1EPa0o/wV7EHPLelIIHl8bWE5Lz27KUsCnzNQ==,iv:zU9zBeNyAyiLs30ftxrATG/X/U7Z7euLqjDKmg0Lh7Y=,tag:MG61sKRBEvE7T/oWO3rGpA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDc0JiUzQvWlZoTk5yN1Y4
+            WVdiVE96YzdFOUJmcENDN0YwajVQbWFtclFBCmMyc0J1aWIwYi9hZlk2aXNNbjJa
+            WXk4UWowV05MMkR6dWw4VTZlYXM3d1UKLS0tIGxXTEpRZUpMdEphN09XczVLajhB
+            Q2lVZndGa3p6ZWlBSzBJNlVEZmpuTFUKykfMMUhiVnpyU+Wuo+eHFrjfNjeq3byA
+            ktvpewY946v/rUBiyruaaOdCmL0U0Metc+m8gzTdbuTsM7EuY+cTyA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-12-29T20:01:04Z"
+    mac: ENC[AES256_GCM,data:9tUmPHyKY42lT1EfbDK7Es9MIdiR5A0rs/ST89baJMANGIN+oKQzkzDujG2WM8hxvgApl/GuIdy5ZBNZlUM0iYxFUd2a0UBDyjw+xTzWIuQr2/TuI8/cOgp04Kk+M9wNlLzE/dJAXsaqBo0EaHpfwKo/3/J53UfiIZrOtAZv+Qg=,iv:E79aJdvhkG2PfsO06QQa2Pzs3yiSHDARpZtM+uxiZJE=,tag:UwEcwBm22Ep2U2mhDgpQ0w==,type:str]
+    pgp:
+        - created_at: "2023-12-29T20:00:57Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQILA84hNUGIgI/nAQ/4/do2eDz0KPLhCY7MH0HCyf9m2tZXvOy7+2pqYxdrKtwP
+            H5+3O9R3iobBfksnaW8bTU2WK5t7OP4SlKYAeBi0uHoWVt8w/RcrZmVaItOlrDHA
+            4ER64Izuc9ih6Ug/SOGvkE2NymUpPgsJ6YHyQESy8JdETr1swNOemlbgOYXgg1h2
+            T7hLdEKQtnYNLMMsO8jZOcPlbCGM0PXZQrWN67kXlWJwkx6qls6XmuXDvAofIQ2C
+            +GiaR6RDrsa9eofe34TT/FJG2IlAfPnE1sCcy9EYgU+nw6xwMCNn/d7qMqMDZGw/
+            xRMmnH5ujULsAohZFvCnmZue2BXkhSRrsuLePs4edOS1gm97qaPHQUv3vmDTCpWY
+            581K0CaauIHq9Gz8zK999jJNFG0Hmi4w9nRajErC8QvzIymgvzbsJHXkVjzYJjT2
+            NYZ3D/YKbu7zyt3EYLZ0wtHysjdYD9PUsg16X5XxNUV7EHGhUt6mpX+P/h13ZSMq
+            uwog7ByMUG70cQwqLpJFL40rFpq5mlK4JnonVN0+0PWy7LGxYM8q2WvylP6SDiZy
+            3EqaqMlAwQsNO+7YStk7IonxoWZ6ff7fD8MtKZ/faBjmSzYsjl7F6o5HUd7APtV/
+            /HMjbauqHomCoWEyfDNiDKu2lla1MM/wUEacgvpYbW5BAlZoxUtO1MXDRDpIKNJc
+            AR99EIS9Q1KBmfuzqHuIMrRBy4iHg1nHyvtj/Zh/2AjetnQgdDc5skPuHRL/Bo/2
+            V8PrlL8j1AHrdL4id31drlLQS4zA0QiJj1gDT1fJgInSU29vPed3ZGDCKCU=
+            =BkkQ
+            -----END PGP MESSAGE-----
+          fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82
+        - created_at: "2023-12-29T20:00:57Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hF4DqDJbhoEBo+ISAQdApXkJrfSY9LoDQLwRS8ZVY63huJelc3KtOVccvM64kxUw
+            zhXvuT0ZGQA4PwpvZYK1NOu+T73S5khrbIDe9QzTveyKt6zOqxwK6tn22bs3DLAk
+            1GYBCQIQKypNWKA8hJina5Dng/h/qA0ZmRJaAJJmQA/1uRFi582CpE+fzBsCjmNQ
+            1x2YgfPRHobReKl0khPml7hMmLbdcVvaJ9vIb/gluazT1htu6Ozox/zEwHweUZmX
+            xozdi1jGYcw=
+            =n5SU
+            -----END PGP MESSAGE-----
+          fp: 8F79E6CD6434700615867480D11A514F5095BFA8
+        - created_at: "2023-12-29T20:00:57Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA29thaGx06tOARAAmhgBXtcqr5bttn6DLFBqNWaLX34FgjTjHlogiKgX3WTv
+            ZOluzpxbS7jylBHC0cnbgjz9vWEgg3LVzglrlOHl35SX/E09eBn/qs8I7na3o+7K
+            WdmJG7j3VtYdNyu4BULjGmAUIZE75/aSiIPnIDR3PwKpY6LtKI/jhs69hhmiZ+2r
+            M3Q91Kk4M7CsqBMUXxFFUOD7r8ZlKfsAn80gpdb/pN8gp0U1pp5JkT9Kz2WjJkzK
+            /vf/5f7+/8OA/WFbuY488LVSuckHvGGDXjrmoLA78/agYaH1J6qTvar5eCvIetu9
+            wU9cm6ieztHMOV0Nok46gYWWaKQkH6jmAVneYLAsvBm7QxEJGLlFGF5pUsniqx4A
+            PtDIw9EmKNnumnsHyfR+8qOgG/4/8AqPklEo9Dxsqcjj++EEvHN2lE9BwdqVNSw9
+            ZHJ9DXhPKjwq7VD7jvBeElituUzvPb5aPruTL2AxjQ3h0cMj/QmegO5FtBDpRpnN
+            TpW2FGuayueEgJSV3YJVTJUwmtxgTkL2SMHgW80I7pAq85O4fKETIAR97DCEDPrH
+            jgI/EEjJg+PlfuAaqo2kgVgYyE6DVkDbIKgF2k8VNFX7XBmnN7xB4apVKx8nJXc+
+            l7AbJiJy89giQpYWGE5A8fBrYMbvexLMfeKYtZR7t82gkNxOoKBOl0F2T+Ol+L7S
+            XAGgZuN612AlW9QhZCgjwIxFPK+MR2ff9hIZBVPqx4F45/Gooqxw1iCyitQwlgqL
+            bpTlKyuZbrgTVekV9vxnYhms6Uvyys1V9bUrKGgpV+9YS4Zfzh+5fN8wQ8Pw
+            =HVMH
+            -----END PGP MESSAGE-----
+          fp: 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
--- a/users/alice/secrets.yaml
+++ b/users/alice/secrets.yaml
@ -6,45 +6,54 @@ sops:
    azure_kv: []
    hc_vault: []
    age:
+        - recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1di9UUkxaSVJLcmJyWlNw
+            LzE3R1RKQzd2QkwyV3JGYmF4M093WGpYRTBjCllKdk8rVmwxZEIzMjd1UkFNaFdO
+            aEJld3BxY25WWTU3R0VDZWlTdUtMb00KLS0tIDBUb2l6dUpOUE9wK1hTMzVFVzlX
+            NmxVTUkzdEtCMk12ZkN1Y0FwT2xad28K1mhtbCSVeLM6zHTSplvn5V7Jk01zRu0G
+            Mxsd+8RmdJx2mSyz+/XDQIwEL1626y5nlwoJFcNwx0mz+s0MPGJ6yA==
+            -----END AGE ENCRYPTED FILE-----
        - recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkZnlZNmFXVVFaSks5R0ds
-            SWtXTitBY1BmWHltVkxtanpaMkt5S1N4ZzBRCkpkQ2Z2Sld0U3BnVXIyZFNEUHdn
-            RDBaMklHZXk1VTk2ZUIxMGQrbkJZZ0kKLS0tIGVDQ2cxQ2d1TWptSUZCOW9BanlJ
-            UzNxS0I4NEdGcTNNdUcwamZTRDBXcVEKgin2jqp4tEBnKYnQF5Ki2Btt/+lP3zEJ
-            FlcK7rU3pe8AijwWx3Ybgzv/10/YOzDn6dL6MYwtB80ZFe6NOavBlQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtdWc1YVY3Mk5pSnNGL2Er
+            OWJWRWN4djN2NlhaRERRaEdqdlVpUkRvUkRnCms1dm80YVZjamZXTndMMFd0S3p6
+            eGtWSlg4TGNzVk9GZFloNjFlbHF2QVkKLS0tIEdsUHJjNWtVQVpPT1M1SWt5ZVhY
+            SWcxei94Y1lReURjVjVDNWNSVEpRaHMK4TrinhjpUeeSfRYPiEyLRL7PsBcAevpU
+            bJorDQi64NeNxI8+yEVPQb+4Uewm5p8LqOFU9otWK6wTPwCRVSmueg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age13aqs2mx66dmnyd74sygnwavufv6a4pwnvcqj4ud4l94jk0tjgu6ss57slw
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrUTN1UHlpeXBxYWtUQis0
-            MDZFc3BPai9xWmVVWkRxdjNYNlo2R3IzbUNjCncyRlczNTdXcnpMMkxzdU5BTEs3
-            NDVGb3ROL2xaWUthUDA5Y3V2c0Z4a1UKLS0tIEJYSHN3eEFBQ2JkK2tJZld5Y3Fz
-            aVZVTnBGNGpadFdVOFlTdkZ3TDJmSjAKF1d47FC7hCdLbqfzqK5LqB3xfMCpEU8R
-            XThuRWwRHWKqmG19K5GMaHMZp9sYVMW8dVPh/LG/3gbiMploUDmK0w==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0VW1WUEw0eDlzTkpXdHd5
+            R0tXUXJYRG1WeWIxQXUxVGU5NmcyTjd5dzNNCnoxdVpnbThtUFlpN1lSYjdYWHZQ
+            UitHd3ExTnZlUWgyZVNTUEdvSmczRzQKLS0tIEVZUml0ejJVOUlJb3RUVGx0V2hJ
+            THdwZG9QQ01mamYrclhHT2dQUXhIWTQK9fxQV7RDYij2aCdfgCufUToWgoais1KI
+            UQ7bPV0ZPhaBX4h2Q7kUk7FJwK5aGAsoBxf4KW4V78tSbz+XIyd3JQ==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2023-12-29T14:45:28Z"
    mac: ENC[AES256_GCM,data:kyE+9X3l0PjzcOsau1X1LmqSFpMLnQrQKldDVM/rrA/Hct+qP0iiapV6529HpCFOkguwtjD/V0d3XC/WlUnFubK2JPUBbYH/1Wa7xJhM577bENKhztTOCpQZGSREdyhEqpXiz6jf+a3ch50AMDY773meKf/1+y76NVBVPv5Cc7E=,iv:W0nvCEbF/kVoOM892EBrINWe/+2ts3jPLBa3Tjm4ULE=,tag:rcMVaWgmwIEXzCBzstfKmQ==,type:str]
    pgp:
-        - created_at: "2023-12-28T18:03:08Z"
+        - created_at: "2023-12-29T19:22:00Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----

-            hQIMA84hNUGIgI/nAQ/+OTWLMMznF7u83v2fDUjvRtG6Zf5dR1wsJjeYUFZzxQoF
-            wJwKPbOPNP4HuEIbvXANFfuuUEZNwq+czUPSPqjmeEjf3DfE/JcIzQ8J6AP7Q2b4
-            OstgK5MGKo9/IXrIDUK2fRuwGaXKyq/TG2fP10ljTlXzMlfm9OZA71QPZYBpwtSe
-            1lR3gDIpha1yYTQP0STsnusvQkbNyKHNiIwjmkitjgdkreLPqhXlfwievcYcwOCp
-            8UKAqAWJIQVZfHAZJzDWcmnWPK+wR2/pjNKklgYLcSn961o5GMu+6Z64pP3c9BXh
-            GRogv1f3bvH1aDcP+cB0eaQCyDLFkWKbRgBWubyCGJbJFovzpHNmcYkrlwNmGXoe
-            9yrUICQB52gMOSSNCIM39T/yWLOV9O/ga20BUwaoR4duvFNrxktmJXGBGMCfhR2p
-            y74vVhm54Lqw5hwW54eLq14qQzOGhDIyeuuboFGm2BAYgdp4gUmOqTDMWS8Vt1lU
-            oKJOEeT83h2cxXnb0hJ6IWLyEns37+/aB4LWIvnQOgq8yaYEVI4JksKsM+cLVQVZ
-            V3FKWZBTNvCZd6jiWjZdfd3q+Q9QbSQEg1DrKwNXQuF9DMrxg+3xyzQVMYpRbGKr
-            pfB6u1CB6jw/NdajgCyHLJN44QELfcWhqriLWP7uEz9jl8di5g5NCP0l+agJjNzS
-            XgEaZapnHWm3E2v+1IQ8xrMdTl9t/cRLtIG71Y+rz3DH6jtixNv9pZn7BNqdeKlR
-            K1wloUtBbLjgHwDvPIGiUB+dcrHPo2OQTVO5bgax8mAyKuPDKQBLjLsWn2+H6eI=
-            =8fVd
+            hQIMA84hNUGIgI/nARAAkukuQibWzzEQYmvp9z3f7wUq2vDAhAfE247gNaNwJknx
+            sY39C48o6VelCC2aD0VJ3X39t9aUzgKKF5+QEmyM1FMi/ulU5OoLvsAz1SkxaA0Q
+            QDYbCzwzVPNIxjcrdeLnj3GRM47ji9mpsLDWPOuA6ugDE2pp9epOnK9xddPRQs9J
+            /sEaYprJypETj2Dt9kUsjbm1vWkxtrMb4Zuop1gJ6p6LazeM01GkmGGf1UzkLYAk
+            69QK8QF7S93QBXZvZe1xlsabGbd06yZU1AsSVdsd1rp0RxW2gwhYF9OPTwbyCnGh
+            zisT7nB0iPja9ZR2KMAWCgUi4A3xafYpJQg5HOvqrpFT90lKeP9aLm0fGMnB4dwc
+            5BbT7VK8qI8yHSqtfGexbY9Q0lBIKu5Gx18oFi15RPkqwGisaBtUsSH+OADF4xei
+            Khhhvzu3Ov+2F4rIIFXt3i+smhpYbpwhk3RLNf0rZ8P3SqsnOnY7mgX1KflIt1Mu
+            tVisPtW2mCHl/iZEdlG9N/0TIBQ0cmUyxqFoLO0aTWWmOAjcU6YC5Iwmc0zktTvC
+            MD+82NGWzc8CbhjtXEXGv5BTQTCFSTe+Ptr8gJscuIeD8SbRTZmdt9rh9s3asiOz
+            /xJveWDLeBOR9hkr/ArzmLOd/H1E+Wca9wVZ9ZyuTgp6MPapHrMug6aMO39i/MbS
+            XgFPlJy8Ouu9F2R3nDhHaz4GDrtSfQibZ4AcchIQPq3tEJSn6IeC46zkNnHY4msL
+            N0Py3gaPolxCEMMtWNyxL4PqfVBXVV8S47ztae6OPC/21Cc9RPxA81gIqwctDSU=
+            =Xf3o
            -----END PGP MESSAGE-----
          fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82
    unencrypted_suffix: _unencrypted
--- a/users/richie/default.nix
+++ b/users/richie/default.nix
@ -0,0 +1,8 @@
+{ pkgs, lib, config, name, ... }:
+import ../default.nix {
+  inherit pkgs lib config name;
+  publicKeys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtRuAqeERMet9sFh1NEkG+pHLq/JRAAGDtv29flXF59 Richie@tmmworkshop.com Desktop"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJSlv8ujrMpr8qjpX2V+UBXSP5FGhM1l+/5aGnfb2MV Richie@tmmworkshop.com Laptop"
+  ];
+}
--- a/users/richie/home.nix
+++ b/users/richie/home.nix
@ -0,0 +1,39 @@
+{ pkgs, ... }:
+
+{
+  home.username = "richie";
+  home.homeDirectory = "/home/richie";
+
+  home.packages = with pkgs; [
+    # Rust packages
+    topgrade
+    trunk
+    wasm-pack
+    cargo-watch
+    #pkgs.cargo-tarpaulin
+    cargo-generate
+    cargo-audit
+    cargo-update
+    diesel-cli
+    # gitoxide currently broke 09182023
+    gitoxide
+    tealdeer
+    helix
+
+    # nix specific packages
+    nil
+    nixfmt
+
+    # markdown
+    nodePackages.markdownlint-cli
+
+    # doom emacs dependencies
+    fd
+    ripgrep
+    clang
+  ];
+
+  programs.zsh.enable = true;
+
+  home.stateVersion = "23.11";
+}
--- a/users/richie/secrets.yaml
+++ b/users/richie/secrets.yaml
@ -0,0 +1,60 @@
+richie:
+    user-password: ENC[AES256_GCM,data:gcQaaFXQJSXgYR6L,iv:rO7hXTuiCDt4UWnnYfQrhSBMrhU359tyCjSGFde60BA=,tag:yfbD+BItaMkZQ4balezzLA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvZ3lTRWRGb1FHSCtRR21u
+            ZldONWFsVUYyZGRmSHVkcXFNQzBEbW1IMFFvCnBVblJXdVZQdEhGSnhsbnRWZVVn
+            cyszaUszVlY1Y0c1NnlkZ20wSUtGNUkKLS0tIEhzRTV5alJHelI3c1NnbUVaOGZO
+            VEEyemgrVDhvQkhqQjdhYjlHaXd4MmsKW9XvJbDiJ4/eoPb4sGz6/fr7Hr7q3e+6
+            UNoguO9UgbgXUMmjlBeRJwlMLu91eevct5pPyhrGsJYzar/3jnsnSA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2TEZwYkJrNjdzVmZDM0xO
+            REV0NEYvWmNJblNiTmJoOXhYQXNESmFDTVdRCkJYRU9GSk9qZnBiYTF0MEhPQ3hQ
+            YWNHQ3hPSEVqRnIyTUgxajRBWlZjRXcKLS0tIHVodFJ0RnhsVUwya29IdFFrS2FK
+            dmJ1MDZURzlzaUR4d29SSTc1SE5hVFkK+KKi1PiXNMa98otrLO87k3JmHSc37Dvv
+            IAZDB6umTlyYulfh1TQuC5GXXKEVBm8Bu3plk3Wi9uNoiC+nnXflBg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age13aqs2mx66dmnyd74sygnwavufv6a4pwnvcqj4ud4l94jk0tjgu6ss57slw
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQem9YOTVhdzM0QzRVSWI2
+            dERHMmR4Z1FMV0UyaE84S0RZdVhQOEhibVdBCmtCbnhkb3JPeUdrMDhVVXU1M01q
+            dTZpdmV5WjUyaENCNmxYUkMxVjdLWFEKLS0tIERHWFdSM2l0cUcrWHNGV1lTMkhj
+            Q0U1OUtUM1N4MGQyZnAwd1l5alVOSUUK9xe9xmC4zFpy7sukTzdHsQQjc3eFphXD
+            2zx2PkAvHh5lN8k+ZRd9UvZG4olrIe9KwXfmIb+6i02HgVIhA94SWw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-12-29T19:13:11Z"
+    mac: ENC[AES256_GCM,data:47aPXQ6n7AvYuYpvhk7jWjeqQnjXsSShrcboiwLja5p+VIJsOUWYtNonq45Owtlo30eQE46wJK4IJLEl8AAdotYLrpqAb0d+ox4tZq/HgVRAqG7j7aLw846KpogTUeRHH577ieoWo82+70DT1+HIyO+qB44ZYuJ7TY3BUt0MX7Q=,iv:OxDzGBEr2xBiOvPl7iUK0mwsaqHrZ/pQVLdrdTSm9tM=,tag:/2vQLyL/WmR02kWO3GHGNA==,type:str]
+    pgp:
+        - created_at: "2023-12-29T19:12:08Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA29thaGx06tOAQ//bMYIEq2Iwerw6y06vvpC1GPCr+lqe96ascw8MRxzObYJ
+            DMW/ZK/BoTFDjIKcUfrKDUj/RU+qX2Q3YMYn5mzDWozLoquJLUDU9iMnD0hhjYmE
+            nayUvXH8r+mqqOA7hhhNoFim0QkVUNjdZaZ46k6iD6a3PYp1Hn/Lpc53kgnsYxxh
+            p/Qf5glo5IuShZAbgZHyLyj02YKTzPmItKX1Z5/nAx4oMjstv4eCABCauNM5QRoQ
+            f9HAUVJql3gce2CFbot28DG8zYwJKhcatfa2PjIYIb6xSpMg4VRCOM/UWRyqdes4
+            C79QTovTE9+lbP3UBZXGPuHKwRrcbtLUIQYyujNrooXuymWAbzzrR8WmTHQRfuEt
+            ui6lwJzbxuRcnNF/fIZ2YUCRIlEzGkpJ3PvAqFBLT8Q3GuD8bVfcuulE4EwTTaYq
+            R/yRtOPRkXdYfLlc1WRzVSg/uRZyNSZXhMD+BUiXxDY1hdMnJ2Z9xBLB0fP+Edd7
+            yGEbDO16EswZ4gJZviCPs4hWdB/kOKQAvREKomUBUN+d6uEgVGFM3y8xzLfqZUx9
+            qHspGEpRxSJQruNt//hAFy8bQZCRaWS23Dn+YR95IiZKZIt4dipTaiZWRZXdN3TN
+            X18vR6fkbVLLlGzl5a/+PCV7N8tdPSD77IvgV3KzVG42XFG2CcJ1ut8l7zmmWTbS
+            XgHj8lYLbFh2cWBFb/F1dqnHeJ/tTSzTsqyn8jV8f7jKeieUBNMNHugTYDYzeY5j
+            bvrR4yhICJVYCVNaeRA04cFG0k3/krujqVJ2S5FDd3C25qdT5sJ2sBBcDman3hE=
+            =d8jh
+            -----END PGP MESSAGE-----
+          fp: 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1