fix libgbm import

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

README.md

@@ -14,9 +14,7 @@ to onboard a new user or system.
 
 Although we are not actively looking for new members to join in on this repo,
 we are not strictly opposed. Please reach out to
-[@ahuston-0](https://github.com/ahuston-0) or
-[@RichieCahill](https://github.com/RichieCahill)
-for further information.
+[@ahuston-0](https://nayeonie.com/ahuston-0) for further information.
 
 ## Repo Structure
 

disko/hetzner.nix

@@ -1,47 +0,0 @@
-# USAGE in your configuration.nix.
-# Update devices to match your hardware.
-# {
-#  imports = [ ./disko-config.nix ];
-#  disko.devices.disk.main.device = "/dev/sda";
-# }
-{
-  disko.devices = {
-    disk = {
-      main = {
-        type = "disk";
-        content = {
-          type = "gpt";
-          partitions = {
-            ESP = {
-              type = "EF00";
-              size = "500M";
-              content = {
-                type = "filesystem";
-                format = "vfat";
-                mountpoint = "/boot";
-                mountOptions = [ "umask=0077" ];
-              };
-              priority = 1;
-            };
-            root = {
-              end = "-1G";
-              content = {
-                type = "filesystem";
-                format = "ext4";
-                mountpoint = "/";
-              };
-            };
-            encryptedSwap = {
-              size = "1G";
-              content = {
-                type = "swap";
-                randomEncryption = true;
-                priority = 100; # prefer to encrypt as long as we have space for it
-              };
-            };
-          };
-        };
-      };
-    };
-  };
-}

docs/CONTRIBUTING.md

@@ -107,8 +107,7 @@ rules.
 We allow secrets to be embedded in the repository using `sops-nix`. As part of
 the process everything is encrypted, however adding a new user is a change
 that every existing SOPS user needs to participate in. Please reach out to
-[@ahuston-0](https://github.com/ahuston-0) or
-[@RichieCahill](https://github.com/RichieCahill) if you are interested
+[@ahuston-0](https://nayeonie.com/ahuston-0) or if you are interested
 in using secrets on your machines.
 
 ## CI/CD

flake.lock

@@ -67,27 +67,6 @@
         "type": "github"
       }
     },
-    "disko": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1736864502,
-        "narHash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=",
-        "owner": "nix-community",
-        "repo": "disko",
-        "rev": "0141aabed359f063de7413f80d906e1d98c0c123",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "ref": "latest",
-        "repo": "disko",
-        "type": "github"
-      }
-    },
     "firefox-addons": {
       "inputs": {
         "flake-utils": [
@@ -646,7 +625,6 @@
     },
     "root": {
       "inputs": {
-        "disko": "disko",
         "firefox-addons": "firefox-addons",
         "flake-compat": "flake-compat",
         "flake-parts": "flake-parts",

flake.nix

@@ -40,12 +40,6 @@
     #     flake-parts.follows = "flake-parts";
     #   };
     # };
-    disko = {
-      url = "github:nix-community/disko/latest";
-      inputs = {
-        nixpkgs.follows = "nixpkgs";
-      };
-    };
 
     firefox-addons = {
       url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
@@ -142,7 +136,7 @@
       systems = [
         "x86_64-linux"
         # disable arm for now as hydra isn't set up for it
-        # "aarch64-linux"
+        # "aarch64-linuxa
       ];
 
       forEachSystem = lib.genAttrs systems;
@@ -158,8 +152,8 @@
           lib = self;
         }
       );
-      inherit (lib.rad-dev.systems) genSystems getImages;
-      inherit (self) outputs; # for hydra
+      inherit (lib.adev.systems) genSystems getImages;
+      inherit (self) outputs; # for hydra and packages
     in
     rec {
       inherit lib; # for allowing use of custom functions in nix repl
@@ -174,10 +168,7 @@
         qcow = getImages nixosConfigurations "qcow";
       };
 
-      packages.x86_64-linux.lego-latest =
-        nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/lego-latest/default.nix
-          { };
-
+      packages = import ./pkgs { pkgs = nixpkgs.legacyPackages.x86_64-linux; };
       checks = import ./checks.nix { inherit inputs forEachSystem formatter; };
       devShells = import ./shell.nix { inherit inputs forEachSystem checks; };
 

lib/default.nix

@@ -1,7 +1,7 @@
 { lib, ... }:
 {
-  # create rad-dev namespace for lib
-  rad-dev = rec {
+  # create adev namespace for lib
+  adev = rec {
     systems = import ./systems.nix { inherit lib; };
     container-utils = import ./container-utils.nix { inherit lib; };
 

lib/systems.nix

@@ -128,6 +128,7 @@ rec {
   # configPath: path to the folder containing hardware.nix & configuration.nix
   # hostname: hostname of the server
   # inputs: flake inputs to be used
+  # outputs: flake outputs to be used, primarily for accessing custom packages
   # src: base path of the repo
   # users: list of users to be added
   # home: enables home-manager on this machine (requires all users to have home-manager)
@@ -149,7 +150,7 @@ rec {
       configPath,
       hostname,
       inputs,
-      outputs,
+      outputs ? { },
       src,
       users,
       home ? true,
@@ -176,7 +177,7 @@ rec {
           (configPath + "/configuration.nix")
         ]
         ++ modules
-        ++ (lib.rad-dev.fileList (src + "/modules"))
+        ++ (lib.adev.fileList (src + "/modules"))
         ++ genWrapper sops genSops args
         ++ genWrapper home genHome args
         ++ genWrapper true genUsers args
@@ -191,6 +192,7 @@ rec {
   #
   # args:
   # inputs: flake-inputs to be distributed to each system config
+  # outputs: flake-outputs to be distributed to each system config
   # src: the base path to the repo
   # path: the path to read the systems from, should be a directory containing one directory per machine, each having at least the following
   #   - default.nix (with the extra params for constructSystem in it, see systems/palatine-hill/default.nix for an example)
@@ -219,10 +221,10 @@ rec {
                 ;
               hostname = name;
             }
-            // import configPath { inherit inputs; }
+            // import configPath { inherit inputs outputs; }
           );
         }
-      ) (lib.rad-dev.lsdir path)
+      ) (lib.adev.lsdir path)
     );
 
   # gets all the images of a specified format

modules/autopull.nix

@@ -61,7 +61,7 @@ in
     lib.mkIf cfg.enable {
       environment.systemPackages =
         [ pkgs.git ]
-        ++ lib.optionals (lib.any (ssh-key: ssh-key != "") (lib.rad-dev.mapGetAttr "ssh-key" repos)) [
+        ++ lib.optionals (lib.any (ssh-key: ssh-key != "") (lib.adev.mapGetAttr "ssh-key" repos)) [
           pkgs.openssh
         ];
 

modules/kub_net.nix

@@ -1,10 +1,10 @@
 { lib, config, ... }:
 let
-  cfg = config.services.rad-dev.k3s-net;
+  cfg = config.services.adev.k3s-net;
 in
 {
   options = {
-    services.rad-dev.k3s-net = {
+    services.adev.k3s-net = {
       enable = lib.mkOption {
         default = false;
         example = true;

modules/nix.nix

@@ -1,4 +1,9 @@
-{ lib, pkgs, ... }:
+{
+  lib,
+  pkgs,
+  outputs,
+  ...
+}:
 {
   nix = {
     package = pkgs.nixVersions.latest;
@@ -46,4 +51,11 @@
       dates = [ "01:00" ];
     };
   };
+
+  nixpkgs.overlays = [
+    (_: _: {
+      # bring all packages into a namespace called rad-pkgs
+      rad-pkgs = lib.genAttrs (lib.attrNames outputs.packages) (pkg: outputs.packages.${pkg});
+    })
+  ];
 }

modules/yubikey.nix

@@ -5,11 +5,11 @@
   ...
 }:
 let
-  cfg = config.services.rad-dev.yubikey;
+  cfg = config.services.adev.yubikey;
 in
 {
   options = {
-    services.rad-dev.yubikey = {
+    services.adev.yubikey = {
       enable = lib.mkEnableOption "enable yubikey defaults";
       enable-desktop-app = lib.mkEnableOption "installs desktop application";
     };

pkgs/default.nix

@@ -0,0 +1,9 @@
+{ pkgs, ... }:
+let
+  rad-maintainers = import ./maintainers.nix;
+in
+{
+
+  ftb-app = pkgs.callPackage ./ftb-app { inherit rad-maintainers; };
+  lego-latest = pkgs.callPackage ./lego-latest { inherit rad-maintainers; };
+}

pkgs/ftb-app/default.nix

@@ -0,0 +1,112 @@
+{
+  alsa-lib,
+  at-spi2-atk,
+  cairo,
+  cups,
+  dbus,
+  dpkg,
+  expat,
+  fetchurl,
+  gtk3,
+  gdk-pixbuf,
+  jre,
+  lib,
+  libdrm,
+  libgbm,
+  libxkbcommon,
+  makeWrapper,
+  mesa,
+  nspr,
+  nss,
+  pango,
+  rad-maintainers,
+  stdenv,
+  xorg,
+  ...
+}:
+# source_aarch64=("https://piston.feed-the-beast.com/app/ftb-app-${pkgver}-arm64.deb")
+# sha256sums_aarch64=(ad1197556a187693cbc488142562a0c17144e33056f1c914950c2f1496a4c532)
+stdenv.mkDerivation rec {
+  pname = "ftb-app";
+  version = "1.27.3";
+
+  src = fetchurl {
+    url = "https://piston.feed-the-beast.com/app/ftb-app-linux-${version}-amd64.deb";
+    sha256 = "031a73g58vj35h33pmp3swjrjlg09ismdx46810sp7ihrpvs0ad6";
+  };
+
+  nativeBuildInputs = [
+    dpkg
+    makeWrapper
+  ];
+
+  unpackPhase = ''
+    runHook preUnpack
+
+    dpkg -x $src ./ftb-app
+
+    runHook postUnpack
+  '';
+
+  installPhase = ''
+    runHook preInstall
+
+    mkdir -p "$out"
+    cp -r ftb-app/* "$out"
+
+    # Flatten /usr and manually merge lib/ and usr/lib/, since mv refuses to.
+    mv "$out"'/opt/FTB Electron App' "$out/bin"
+    mv "$out/usr/"* "$out/"
+    rmdir "$out/usr"
+    rmdir "$out/opt"
+
+    for f in "$out/share/applications/"*.desktop; do
+       substituteInPlace "$f" \
+           --replace-fail '/opt/FTB Electron App/ftb-app' "$out/bin/ftb-app"
+    done
+
+    # prevent self-upgrade with dpkg
+    rm "$out/bin/resources/package-type"
+
+    chmod +x "$out/bin/ftb-app"
+
+    libs="${nss}/lib/libnss3.so ${nss}/lib/libnssutil3.so ${nss}/lib/libsmime3.so "
+    libs+="${nspr}/lib/libnspr4.so ${dbus.lib}/lib/libdbus-1.so.3 "
+    libs+="${at-spi2-atk}/lib/libatk-1.0.so.0 ${cups.lib}/lib/libcups.so.2 "
+    libs+="${at-spi2-atk}/lib/libatk-bridge-2.0.so.0 "
+    libs+="${libdrm}/lib/libdrm.so.2 ${gtk3}/lib/libgtk-3.so.0 "
+    libs+="${pango.out}/lib/libpango-1.0.so.0 ${cairo}/lib/libcairo.so.2 "
+    libs+="${xorg.libX11}/lib/libX11.so.6 ${xorg.libXext}/lib/libXext.so.6 "
+    libs+="${xorg.libXcomposite}/lib/libXcomposite.so.1 "
+    libs+="${xorg.libXdamage}/lib/libXdamage.so.1 "
+    libs+="${xorg.libXfixes}/lib/libXfixes.so.3 ${expat}/lib/libexpat.so.1 "
+    libs+="${xorg.libXrandr}/lib/libXrandr.so.2  "
+    libs+="${xorg.libxcb}/lib/libxcb.so.1 ${alsa-lib}/lib/libasound.so.2 "
+    libs+="${libxkbcommon}/lib/libxkbcommon.so.0 "
+    libs+="${at-spi2-atk}/lib/libatspi.so.0 ${xorg.libXtst}/lib/libXtst.so.6 "
+    libs+="${gdk-pixbuf}/lib/libgdk_pixbuf-2.0.so.0 ${libgbm}/lib/libgbm.so.1"
+
+    echo "$libs"
+
+
+    for p in "$out/bin/ftb-app"; do
+        wrapProgram "$p" \
+            --set LD_PRELOAD "$libs" \
+            --set NIX_REDIRECTS "/usr/share=$out/share:"'/opt/FTB Electron Application'"=$out/bin" \
+            --set JAVA_HOME "${jre.home}"
+            # --prefix PATH : "{lib.makeBinPath [ gzip gnutar ]}"
+    done
+
+    runHook postInstall
+  '';
+
+  meta = with lib; {
+    description = "A new Modpack launcher for FTB and Curse modpacks.";
+    homepage = "https://feed-the-beast.com/app";
+    license = with licenses; [ lgpl21Only ];
+    sourceProvenance = with sourceTypes; [ binaryNativeCode ];
+    maintainers = with rad-maintainers; [ ahuston-0 ];
+    platforms = [ "x86_64-linux" ];
+    mainProgram = "ftb-app";
+  };
+}

pkgs/lego-latest/default.nix

@@ -2,6 +2,7 @@
   lib,
   fetchFromGitHub,
   buildGoModule,
+  rad-maintainers,
 }:
 
 buildGoModule rec {
@@ -31,7 +32,7 @@ buildGoModule rec {
     description = "Let's Encrypt client and ACME library written in Go";
     license = licenses.mit;
     homepage = "https://go-acme.github.io/lego/";
-    maintainers = teams.acme.members;
+    maintainers = teams.acme.members ++ [ rad-maintainers.ahuston-0 ];
     mainProgram = "lego";
   };
 

pkgs/maintainers.nix

@@ -0,0 +1,77 @@
+/*
+  Borrowed this from nixpkgs :)
+  List of NixOS maintainers.
+   ```nix
+   handle = {
+     # Required
+     name = "Your name";
+
+     # Optional, but at least one of email, matrix or githubId must be given
+     email = "address@example.org";
+     matrix = "@user:example.org";
+     github = "GithubUsername";
+     githubId = your-github-id;
+
+     keys = [{
+       fingerprint = "AAAA BBBB CCCC DDDD EEEE  FFFF 0000 1111 2222 3333";
+     }];
+   };
+   ```
+
+   where
+
+   - `handle` is the handle you are going to use in nixpkgs expressions,
+   - `name` is a name that people would know and recognize you by,
+   - `email` is your maintainer email address,
+   - `matrix` is your Matrix user ID,
+   - `github` is your GitHub handle (as it appears in the URL of your profile page, `https://github.com/<userhandle>`),
+   - `githubId` is your GitHub user ID, which can be found at `https://api.github.com/users/<userhandle>`,
+   - `keys` is a list of your PGP/GPG key fingerprints.
+
+   Specifying a GitHub account ensures that you automatically:
+   - get invited to the @NixOS/nixpkgs-maintainers team ;
+   - once you are part of the @NixOS org, OfBorg will request you review
+     pull requests that modify a package for which you are a maintainer.
+
+   `handle == github` is strongly preferred whenever `github` is an acceptable attribute name and is short and convenient.
+
+   If `github` begins with a numeral, `handle` should be prefixed with an underscore.
+   ```nix
+   _1example = {
+     github = "1example";
+   };
+   ```
+
+   Add PGP/GPG keys only if you actually use them to sign commits and/or mail.
+
+   To get the required PGP/GPG values for a key run
+   ```shell
+   gpg --fingerprint <email> | head -n 2
+   ```
+
+   !!! Note that PGP/GPG values stored here are for informational purposes only, don't use this file as a source of truth.
+
+   More fields may be added in the future, however, in order to comply with GDPR this file should stay as minimal as possible.
+
+   When editing this file:
+    * keep the list alphabetically sorted, check with:
+        nix-instantiate --eval maintainers/scripts/check-maintainers-sorted.nix
+    * test the validity of the format with:
+        nix-build lib/tests/maintainers.nix
+
+   See `./scripts/check-maintainer-github-handles.sh` for an example on how to work with this data.
+
+   When adding a new maintainer, be aware of the current commit conventions
+   documented at [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#commit-conventions)
+   file located in the root of the Nixpkgs repo.
+*/
+
+{
+  ahuston-0 = {
+    name = "ahuston-0";
+    email = "aliceghuston@gmail.com";
+    github = "ahuston-0";
+    githubId = 43225907;
+    keys = [ { fingerprint = "F638 32C3 080D 6E1A C77E  ECF8 0B42 45FF E305 BC82"; } ];
+  };
+}

shell.nix

@@ -38,7 +38,7 @@ forEachSystem (
     };
 
     # constructs a custom shell with commonly used utilities
-    rad-dev = pkgs.mkShell {
+    adev = pkgs.mkShell {
       packages = with pkgs; [
         deadnix
         pre-commit
@@ -56,7 +56,7 @@ forEachSystem (
     default = pkgs.mkShell {
       inputsFrom = [
         pre-commit
-        rad-dev
+        adev
         sops
       ];
     };

systems/artemision/configuration.nix

@@ -75,7 +75,7 @@
     fprintd.enable = lib.mkForce false;
     openssh.enable = lib.mkForce false;
 
-    rad-dev.yubikey = {
+    adev.yubikey = {
       enable = true;
       enable-desktop-app = true;
     };

systems/artemision/desktop.nix

@@ -30,6 +30,10 @@
   };
   # Optional, hint electron apps to use wayland:
   environment.sessionVariables.NIXOS_OZONE_WL = "1";
+  xdg.portal = {
+    enable = true;
+    extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
+  };
 
   services = {
     xserver = {

systems/artemision/programs.nix

@@ -72,6 +72,7 @@
     protontricks
     proxychains
     qrencode
+    rad-pkgs.ftb-app
     redshift
     restic
     ripgrep

systems/hetzner-bridge/configuration.nix

@@ -1,28 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-
-{
-  imports = [
-    ../../disko/hetzner.nix
-    ./networking.nix
-  ];
-  disko.devices.disk.main.device = "scsi-0QEMU_QEMU_HARDDISK_55513992";
-
-  boot = {
-    useSystemdBoot = true;
-  };
-
-  virtualisation.docker.enable = false;
-  services = {
-    locate.enable = false;
-    endlessh-go.enable = false;
-  };
-
-  #hardware.enableAllFirmware = true;
-
-  system.stateVersion = "24.05";
-}

systems/hetzner-bridge/default.nix

@@ -1,8 +0,0 @@
-{ inputs, ... }:
-{
-  users = [ "alice" ];
-  modules = [
-    # inputs.attic.nixosModules.atticd
-    inputs.disko.nixosModules.disko
-  ];
-}

systems/hetzner-bridge/hardware.nix

@@ -1,39 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}:
-
-{
-  imports = [
-    (modulesPath + "/profiles/qemu-guest.nix")
-  ];
-
-  boot = {
-    initrd.availableKernelModules = [
-      "ahci"
-      "xhci_pci"
-      "virtio_pci"
-      "virtio_scsi"
-      "sd_mod"
-      "sr_mod"
-    ];
-    initrd.kernelModules = [ ];
-    kernelModules = [ ];
-    extraModulePackages = [ ];
-  };
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  # networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-}

systems/hetzner-bridge/networking.nix

@@ -1,19 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-
-{
-  networking.useDHCP = false;
-
-  systemd.network = {
-    enable = true;
-    networks."10-wan" = {
-      #matchConfig.Name = "enp1s0"; # either ens3 or enp1s0 depending on system, check 'ip addr'
-      matchConfig.Name = "ether";
-      networkConfig.DHCP = "ipv4";
-    };
-  };
-}

systems/palatine-hill/acme.nix

@@ -31,7 +31,7 @@
       openssl
     ]
     ++ [
-      outputs.packages.x86_64-linux.lego-latest
+      outputs.packages.lego-latest
     ]
   );
 

systems/palatine-hill/docker/archiveteam.nix

@@ -122,7 +122,7 @@ let
     cmd = lib.splitString " " "--concurrent 6 AmAnd0";
 
   };
-  inherit (lib.rad-dev.container-utils) createTemplatedContainers;
+  inherit (lib.adev.container-utils) createTemplatedContainers;
 
   vars = import ../vars.nix;
   at_path = vars.primary_archiveteam;

systems/palatine-hill/docker/minecraft.nix

@@ -46,7 +46,7 @@ in
       cmd = [
         (
           "--mapping=mc.alicehuston.xyz=${defaultServer}:25565"
-          + (lib.rad-dev.mapAttrsToString (hostname: url: "," + url + "=" + hostname + ":25565") servers)
+          + (lib.adev.mapAttrsToString (hostname: url: "," + url + "=" + hostname + ":25565") servers)
         )
       ];
     };

users/alice/home.nix

@@ -76,6 +76,7 @@
       nix-prefetch
       nix-tree
       nh
+      nix-prefetch-scripts
 
       # doom emacs dependencies
       fd
@@ -90,6 +91,7 @@
       nodejs_20
       nodePackages.prettier
       treefmt
+
     ];
   };
 

utils/hetzner-install.sh

@@ -1,27 +0,0 @@
-#!/usr/bin/env nix
-#! nix shell nixpkgs#bash nixpkgs#git --command bash
-
-set -o errexit   # abort on nonzero exitstatus
-set -o nounset   # abort on unbound variable
-set -o pipefail  # don't hide errors within pipes
-
-MACHINENAME="hetzner-bridge"
-
-sudo mkdir /root/.ssh
-sudo chmod 700 /root/.ssh
-sudo ssh-keygen -t ed25519 -o -a 100 -f "/root/.ssh/id_ed25519_giteadeploy" -q -N "" -C "$MACHINENAME" || echo "key already exists"
-
-sudo cat /root/.ssh/id_ed25519_giteadeploy.pub
-
-sudo ssh-keygen -A
-
-nix --extra-experimental-features 'flakes nix-command' shell nixpkgs#git
-nix --extra-experimental-features 'flakes nix-command' store gc
-FLAKE="git+ssh://gitea@nayeonie.com:2222/ahuston-0/nix-dotfiles?ref=feature/hetzner-bridge#hetzner-bridge"
-DISK_DEVICE=/dev/sda
-sudo nix \
-    --extra-experimental-features 'flakes nix-command' \
-    run github:nix-community/disko#disko-install -- \
-    --flake "$FLAKE" \
-    --write-efi-boot-entries \
-    --disk main "$DISK_DEVICE"

utils/hetzner-nixos-anywhere.sh

@@ -1,35 +0,0 @@
-#!/usr/bin/env nix
-#! nix shell nixpkgs#bash nixpkgs#mktemp nixpkgs#openssh nixpkgs#nixos-anywhere nixpkgs#sops --command bash
-
-echoerr() { printf "%s\n" "$*" >&2; }
-
-if (( $# != 1 )); then
-    echoerr "usage: $0 <hostname>"
-fi
-
-HOSTNAME=$1
-
-# Create a temporary directory
-temp=$(mktemp -d)
-
-# Function to cleanup temporary directory on exit
-cleanup() {
-  rm -rf "$temp"
-}
-trap cleanup EXIT
-
-# Create the directory where sshd expects to find the host keys
-install -d -m755 "$temp/etc/ssh"
-
-# Create host keys
-ssh-keygen -A -f "$temp/etc/ssh/"
-
-# Set the correct permissions so sshd will accept the key
-chmod 600 "$temp/etc/ssh/ssh_host_ed25519_key"
-
-AGEKEY=$(ssh-to-age < "$temp/etc/ssh/ssh_host_ed25519_key.pub")
-
-echo "$AGEKEY" | tee "./$HOSTNAME.age"
-
-# Install NixOS to the host system with our secrets
-nixos-anywhere --extra-files "$temp" --flake '.#your-host' root@yourip