Merge branch 'main' into feature/add-parthenon

add parthenon key
2025-07-04 00:58:37 -04:00 · 2025-07-04 00:55:53 -04:00
10 changed files with 45 additions and 88 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -19,39 +19,39 @@ creation_rules:
    - path_regex: users/alice/secrets.*\.yaml$
      key_groups:
        - pgp:
-            - *admin_alice 
+            - *admin_alice
          age:
-            - *palatine-hill 
+            - *palatine-hill
-            - *artemision 
+            - *artemision
-            - *artemision-home 
+            - *artemision-home
    - path_regex: systems/palatine-hill/secrets.*\.yaml$
      key_groups:
        - pgp:
-            - *admin_alice 
+            - *admin_alice
          age:
-            - *palatine-hill 
+            - *palatine-hill
    - path_regex: systems/artemision/secrets.*\.yaml$
      key_groups:
        - pgp:
-            - *admin_alice 
+            - *admin_alice
          age:
-            - *artemision 
+            - *artemision
    - path_regex: systems/selinunte/secrets.*\.yaml$
      key_groups:
        - pgp:
-            - *admin_alice 
+            - *admin_alice
          age:
-            - *artemision 
+            - *artemision
-            - *selinunte 
+            - *selinunte
    - path_regex: systems/palatine-hill/docker/wg/.*\.conf$
      key_groups:
        - pgp:
-            - *admin_alice 
+            - *admin_alice
          age:
-            - *palatine-hill 
+            - *palatine-hill
    - path_regex: systems/palatine-hill/docker/openvpn/.*\.ovpn$
      key_groups:
        - pgp:
-            - *admin_alice 
+            - *admin_alice
          age:
-            - *palatine-hill 
+            - *palatine-hill
--- a/flake.lock
+++ b/flake.lock
@@ -75,11 +75,11 @@
      },
      "locked": {
        "dir": "pkgs/firefox-addons",
-        "lastModified": 1751618693,
+        "lastModified": 1751515409,
-        "narHash": "sha256-bAKNekZcZd4QnBO/RUxjQAgaz67bYwFXWfQENA45Scg=",
+        "narHash": "sha256-yu+/TxHkuZ8GHKwpKTv1BpfbYD1wH1CyPsOmY72chTg=",
        "owner": "rycee",
        "repo": "nur-expressions",
-        "rev": "0c5b037915083a27a260b063b127b31443827bae",
+        "rev": "2e0dcafe8c48470e036908f34a2a1413f75bd804",
        "type": "gitlab"
      },
      "original": {
@@ -287,11 +287,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1751638848,
+        "lastModified": 1751513147,
-        "narHash": "sha256-7HiC6w4ROEbMmKtj5pilnLOJej9HkkfU9wEd5QSTyNo=",
+        "narHash": "sha256-idSXM3Y0KNf/WDDqGfthiOSQMwZYwis1JZhTkdWrr6A=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "7d9e3c35f0d46f82bac791d76260f15f53d83529",
+        "rev": "426b405d979d893832549b95f23c13537c65d244",
        "type": "github"
      },
      "original": {
@@ -427,11 +427,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1751591814,
+        "lastModified": 1751281697,
-        "narHash": "sha256-A4lgvuj4v+Pr8MniXz1FBG0DXOygi8tTECR+j53FMhM=",
+        "narHash": "sha256-abHhTXGEGYhCKOc9vQbqHFG7dxwJ6AudIy1h4MUsjm0=",
        "owner": "lilyinstarlight",
        "repo": "nixos-cosmic",
-        "rev": "fef2d0c78c4e4d6c600a88795af193131ff51bdc",
+        "rev": "78b86e37713a1111d9e37c62b242d60be3013bd1",
        "type": "github"
      },
      "original": {
@@ -486,11 +486,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1751649523,
+        "lastModified": 1751469444,
-        "narHash": "sha256-39SLBeXE+bzq5ChXYB7FFzUNa+8SCnXvwe9IEgKcxWQ=",
+        "narHash": "sha256-L5vPflQCt7WWzL66cA0ZbITfg+vzrSf6Ak5m4s6vDds=",
        "owner": "SuperSandro2000",
        "repo": "nixos-modules",
-        "rev": "d2a834e4f97a1ccb71c62e3091501a4e237fd6cb",
+        "rev": "ed24075c9b4d1cedac253f31aaa2d4729d4fdf53",
        "type": "github"
      },
      "original": {
@@ -501,11 +501,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1751619433,
+        "lastModified": 1751529439,
-        "narHash": "sha256-5aZFBHQNQzrfCisewtYBDNbiKcHbxPYChiP4dkEcSXQ=",
+        "narHash": "sha256-fn4qiux6lOX2MEB5VU/KFUhjc4HuQON2SexwJnC1ibc=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "a2867cc3f8acc944cb19fe0b73c840e9fa1ba589",
+        "rev": "f596e2141c241f5cca21188543cd4dcda32f2c3c",
        "type": "github"
      },
      "original": {
@@ -627,11 +627,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1751596734,
+        "lastModified": 1751510438,
-        "narHash": "sha256-1tQOwmn3jEUQjH0WDJyklC+hR7Bj+iqx6ChtRX2QiPA=",
+        "narHash": "sha256-m8PjOoyyCR4nhqtHEBP1tB/jF+gJYYguSZmUmVTEAQE=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "e28ba067a9368286a8bc88b68dc2ca92181a09f0",
+        "rev": "7f415261f298656f8164bd636c0dc05af4e95b6b",
        "type": "github"
      },
      "original": {
@@ -647,11 +647,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1751606940,
+        "lastModified": 1750119275,
-        "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=",
+        "narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d",
+        "rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2",
        "type": "github"
      },
      "original": {
@@ -688,11 +688,11 @@
        "tinted-zed": "tinted-zed"
      },
      "locked": {
-        "lastModified": 1751648901,
+        "lastModified": 1751498047,
-        "narHash": "sha256-yC45eAT37H6rOFCGhr2iuV5dzJ/8I2N1QrKq1MwPG7U=",
+        "narHash": "sha256-2T/VKbqqp4KTz3szFl58AaI+LBg9ctLjnP1IQA8sPg8=",
        "owner": "danth",
        "repo": "stylix",
-        "rev": "dea0337e0bffeeeb941ca6caffb44e966b13a97b",
+        "rev": "d21cfb364a78ad72935625e79b8c5d497f0b7616",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -66,14 +66,6 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    #lix-module = {
    #  url = "git+https://git.lix.systems/lix-project/nixos-module?ref=stable";
    #  inputs = {
    #    nixpkgs.follows = "nixpkgs";
    #    flake-utils.follows = "flake-utils";
    #  };
    #};
    nix-index-database = {
      url = "github:Mic92/nix-index-database";
      inputs.nixpkgs.follows = "nixpkgs";
@@ -175,29 +167,6 @@
      formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);
      nixosConfigurations = genSystems inputs outputs src (src + "/systems");
      homeConfigurations = {
        "alice" = inputs.home-manager.lib.homeManagerConfiguration {
          pkgs = import nixpkgs { system = "x86_64-linux"; };
          modules = [
            inputs.stylix.homeModules.stylix
            inputs.sops-nix.homeManagerModules.sops
            inputs.nix-index-database.hmModules.nix-index
            {
              nixpkgs.config = {
                allowUnfree = true;
                allowUnfreePredicate = _: true;
              };
            }
            ./users/alice/home.nix
          ];
          extraSpecialArgs = {
            inherit inputs outputs;
            machineConfig = {
              server = false;
            };
          };
        };
      };
      images = {
        install-iso = getImages nixosConfigurations "install-iso";
        iso = getImages nixosConfigurations "iso";
--- a/hydra/jobs.nix
+++ b/hydra/jobs.nix
@@ -10,9 +10,6 @@ let
  getCfg = _: cfg: cfg.config.system.build.toplevel;
  hostToAgg = _: cfg: cfg;
  getHome = _: cfg: cfg.config.home.activationPackage;
  homeToAgg = _: cfg: cfg;
  # get per-system check derivation (with optional postfix)
  mapSystems =
    {
@@ -25,16 +22,11 @@ rec {
  inherit (outputs) formatter devShells checks;
  host = lib.mapAttrs getCfg outputs.nixosConfigurations;
  home = lib.mapAttrs getHome outputs.homeConfigurations; # homeConfigurations.alice.config.home.activationPackage
  hosts = pkgs.releaseTools.aggregate {
    name = "hosts";
    constituents = lib.mapAttrsToList hostToAgg host;
  };
  homes = pkgs.releaseTools.aggregate {
    name = "homes";
    constituents = lib.mapAttrsToList homeToAgg home;
  };
  devChecks = pkgs.releaseTools.aggregate {
    name = "devChecks";
--- a/lib/systems.nix
+++ b/lib/systems.nix
@@ -156,7 +156,6 @@ rec {
      modules ? [ ],
      server ? true,
      sops ? true,
      lix ? false,
      system ? "x86_64-linux",
    }@args:
    lib.nixosSystem {
@@ -172,7 +171,6 @@ rec {
      modules =
        [
          inputs.nixos-modules.nixosModule
          inputs.nix-index-database.nixosModules.nix-index
          (genHostName hostname)
          (configPath + "/hardware.nix")
          (configPath + "/configuration.nix")
@@ -182,7 +180,6 @@ rec {
        ++ genWrapper sops genSops args
        ++ genWrapper home genHome args
        ++ genWrapper true genUsers args
        #++ genWrapper lix ({ ... }: [ inputs.lix-module.nixosModules.default ]) args
        ++ genWrapper (system != "x86_64-linux") genNonX86 args;
    };
--- a/systems/artemision/default.nix
+++ b/systems/artemision/default.nix
@@ -3,7 +3,6 @@
  system = "x86_64-linux";
  home = true;
  sops = true;
  lix = true;
  server = false;
  users = [ "alice" ];
  modules = [
--- a/systems/palatine-hill/attic/default.nix
+++ b/systems/palatine-hill/attic/default.nix
@@ -10,6 +10,10 @@
    attic-client
  ];
  systemd.services.atticd.environment = {
    RUST_LOG = "INFO";
  };
  services = {
    atticd = {
      enable = true;
@@ -67,9 +71,6 @@
  # configured default webstore for this on root user separately
  systemd = {
    services = {
      atticd.environment = {
        RUST_LOG = "INFO";
      };
      attic-watch-store = {
        wantedBy = [ "multi-user.target" ];
        after = [
--- a/systems/palatine-hill/docker/restic.nix
+++ b/systems/palatine-hill/docker/restic.nix
@@ -10,7 +10,7 @@ in
      image = "restic/rest-server:latest";
      volumes = [ "${restic_path}:/data" ];
      environment = {
-        OPTIONS = "--prometheus --private-repos --htpasswd-file /data/.htpasswd";
+        OPTIONS = "--prometheus --htpasswd-file /data/.htpasswd";
      };
      ports = [ "8010:8000" ];
      extraOptions = [
--- a/users/alice/home.nix
+++ b/users/alice/home.nix
@@ -76,7 +76,6 @@
      nix-prefetch
      nix-tree
      nh
      home-manager
      # doom emacs dependencies
      fd
--- a/users/alice/home/zsh.nix
+++ b/users/alice/home/zsh.nix
@@ -72,7 +72,7 @@
      "sgc" = "sudo git -C /root/dotfiles";
      ## SSH
      "ssh-init" =
-        "ssh-add -t 2h  ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails  ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine ~/.ssh/id_ed25519_rota ~/.ssh/id_ed25519_gh ~/.ssh/id_ed25519";
+        "ssh-add -t 2h  ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails  ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine ~/.ssh/id_ed25519_rota ~/.ssh/id_ed25519_gh";
      ## Backups
      "borgmatic-backup-quick" =
Author	SHA1	Message	Date
ahuston-0	f063b8827e	Merge branch 'main' into feature/add-parthenon All checks were successful Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 45s Details Check Nix flake / Perform Nix flake checks (pull_request) Successful in 6m14s Details	2025-07-04 00:58:37 -04:00
ahuston-0	84b16ff0c1	add parthenon key All checks were successful Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 14s Details Check Nix flake / Perform Nix flake checks (pull_request) Successful in 5m41s Details	2025-07-04 00:55:53 -04:00