wip on new module system, copied secrets over

hosts_old/_archive/joe/configuration.nix

@@ -0,0 +1,89 @@
+{
+  config,
+  pkgs,
+  settings,
+  ...
+}:
+{
+  imports = [
+    # Users this machine has
+    (settings.usersDir + "/root/configuration.nix")
+    (settings.usersDir + "/josh/configuration.nix")
+  ];
+
+  # My custom modules
+  mods = {
+    boot_systemd.enable = true;
+    shell_common.enable = true;
+    de_cosmic.enable = true;
+    neovim.enable = true;
+    tty_caps_esc.enable = true;
+    docker.enable = true;
+    fonts.enable = true;
+    nebula.enable = true;
+    ssh.enable = true;
+    # stormd.enable = true; # TODO figure out why this is failing
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    5173 # test
+  ];
+
+  # machine specific configuration
+  # ==============================
+  hardware.enableAllFirmware = true;
+  # Connectivity
+  networking.networkmanager.enable = true;
+  hardware.bluetooth.enable = true;
+  environment.shellAliases = {
+    wifi = "nmtui";
+  };
+
+  environment.systemPackages = with pkgs; [ nvtopPackages.full ];
+
+  # nvidia gfx https://nixos.wiki/wiki/Nvidia
+  # =========
+  # Enable OpenGL
+  hardware.opengl = {
+    enable = true;
+    # driSupport = true;
+    driSupport32Bit = true;
+  };
+  # hardware.opengl.driSupport32Bit = true;
+  # hardware.graphics.enable = true;
+
+  services.xserver.videoDrivers = [ "nvidia" ];
+  hardware.nvidia-container-toolkit.enable = true;
+  hardware.nvidia = {
+    # Modesetting is required.
+    modesetting.enable = true;
+
+    # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
+    # Enable this if you have graphical corruption issues or application crashes after waking
+    # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead 
+    # of just the bare essentials.
+    powerManagement.enable = false;
+
+    # Fine-grained power management. Turns off GPU when not in use.
+    # Experimental and only works on modern Nvidia GPUs (Turing or newer).
+    powerManagement.finegrained = false;
+
+    # Use the NVidia open source kernel module (not to be confused with the
+    # independent third-party "nouveau" open source driver).
+    # Support is limited to the Turing and later architectures. Full list of 
+    # supported GPUs is at: 
+    # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus 
+    # Only available from driver 515.43.04+
+    # Currently alpha-quality/buggy, so false is currently the recommended setting.
+    open = false;
+
+    # Enable the Nvidia settings menu,
+    # accessible via `nvidia-settings`.
+    nvidiaSettings = true;
+
+    # Optionally, you may need to select the appropriate driver version for your specific GPU.
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
+  };
+
+  system.stateVersion = "23.11";
+}

hosts_old/_archive/joe/hardware-configuration.nix

@@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-label/NIXBOOT";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts_old/_archive/joe/windows_notes.md

@@ -0,0 +1,5 @@
+- [Start menu sanity](http://startisback.com) (license in password manager)
+- [Alt Drag](https://stefansundin.github.io/altdrag/)
+  - Change to win key in config
+- Power Toys
+  - Remap caps lock to esc

hosts_old/configuration.nix

@@ -0,0 +1,121 @@
+{
+  settings,
+  config,
+  ...
+}:
+let
+  defaultLocal = "en_US.UTF-8";
+in
+{
+  imports = [
+    # Secrets management
+    ./ragenix.nix
+    # Include the results of the hardware scan.
+    (/${settings.hostsDir}/${settings.system.hostname}/hardware-configuration.nix)
+    # Include the specific machine's config.
+    (/${settings.hostsDir}/${settings.system.hostname}/configuration.nix)
+  ];
+
+  # Enable flakes
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
+
+  # allow mounting ntfs filesystems
+  boot.supportedFilesystems = [ "ntfs" ];
+
+  nix.settings = {
+    max-jobs = "auto";
+    # Fallback quickly if substituters are not available.
+    connect-timeout = 5;
+    download-attempts = 3;
+    # The default at 10 is rarely enough.
+    log-lines = 50;
+    # Avoid disk full issues
+    max-free = (3000 * 1024 * 1024);
+    min-free = (1000 * 1024 * 1024);
+    # Avoid copying unnecessary stuff over SSH
+    builders-use-substitutes = true;
+    # Slower but more robust during crash TODO enable once we upgrade nix
+    # fsync-store-paths = true;
+    # fsync-metadata = true;
+    auto-optimise-store = true;
+
+    # TODO should I have this set for my user...
+    trusted-users = [
+      "root"
+      "${settings.user.username}"
+    ];
+  };
+
+  # rate limiting for github
+  nix.extraOptions = ''
+    keep-outputs = true
+    keep-derivations = true
+    !include ${config.age.secrets.github_read_token.path}
+  '';
+
+  # nix helper
+  programs.nh = {
+    enable = true;
+    clean.enable = true;
+    clean.extraArgs = "--keep 10";
+    # TODO this may need to be defined higher up if it is ever different for a machine...
+    flake = "/home/${settings.user.username}/.config/nixos-config";
+  };
+
+  # Remote build off home lio computer
+  programs.ssh.extraConfig = ''
+    Host lio_
+      PubkeyAcceptedKeyTypes ssh-ed25519
+      ServerAliveInterval 60
+      IPQoS throughput
+      IdentityFile ${config.age.secrets.nix2lio.path}
+  '';
+  nix = {
+    distributedBuilds = true;
+    buildMachines = [
+      {
+        hostName = "lio";
+        system = "x86_64-linux";
+        protocol = "ssh-ng";
+        maxJobs = 32;
+        speedFactor = 2;
+        supportedFeatures = [
+          "nixos-test"
+          "benchmark"
+          "big-parallel"
+          "kvm"
+          "uid-range" # Often helpful
+        ];
+        mandatoryFeatures = [ ];
+      }
+    ];
+  };
+
+  # TODO do I want this dynamic at all? Roaming?
+  time.timeZone = "America/Chicago";
+  # Select internationalization properties.
+  i18n.defaultLocale = defaultLocal;
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = defaultLocal;
+    LC_IDENTIFICATION = defaultLocal;
+    LC_MEASUREMENT = defaultLocal;
+    LC_MONETARY = defaultLocal;
+    LC_NAME = defaultLocal;
+    LC_NUMERIC = defaultLocal;
+    LC_PAPER = defaultLocal;
+    LC_TELEPHONE = defaultLocal;
+    LC_TIME = defaultLocal;
+  };
+
+  # make shutdown faster for waiting
+  systemd.extraConfig = ''
+    DefaultTimeoutStopSec=5s
+  '';
+
+  # Some basics
+  nixpkgs.config.allowUnfree = settings.allowUnfree;
+  nixpkgs.config.allowUnfreePredicate = (pkg: true);
+}

hosts_old/gpdPocket3/configuration.nix

@@ -0,0 +1,102 @@
+{
+  config,
+  lib,
+  pkgs,
+  settings,
+  ...
+}:
+{
+  imports = [
+    # Users this machine has
+    (settings.usersDir + "/root/configuration.nix")
+    (settings.usersDir + "/josh/configuration.nix")
+  ];
+
+  # My custom modules
+  mods = {
+    boot_systemd.enable = true;
+    shell_common.enable = true;
+    de_cosmic.enable = true;
+    neovim.enable = true;
+    tty_caps_esc.enable = true;
+    docker.enable = true;
+    fonts.enable = true;
+    stormd.enable = true;
+    nebula.enable = true;
+    ssh.enable = true;
+    rustdesk.enable = true;
+  };
+
+
+  # machine specific configuration
+  # ==============================
+  hardware.enableAllFirmware = true;
+  # Connectivity
+  networking.networkmanager.enable = true;
+  hardware.bluetooth.enable = true;
+  environment.shellAliases = {
+    wifi = "nmtui";
+  };
+
+  environment.systemPackages = with pkgs; [
+    # [Laptop] Battery status
+    acpi
+  ];
+  environment.shellAliases = {
+    battery = "acpi";
+  };
+  # [Laptop] screens with brightness settings
+  programs.light.enable = true;
+
+  console = {
+    # We want to be able to read the screen so use a 32 sized font on this tiny panel
+    font = "${pkgs.terminus_font}/share/consolefonts/ter-132n.psf.gz";
+  };
+
+  # ========
+
+  # FINGERPRINTS for the sensor on GPD P3 do not work on linux yet: todo find the source of this again online for tracking...
+  # Attempting to get fingerprint scanner to work... having issues though, no device detected with all methods
+  # services.fprintd = {
+  #   enable = true;
+  #   tod = {
+  #     enable = true;
+  #     driver = pkgs.libfprint-2-tod1-elan;
+  #   };
+  # };
+
+  # TODO evaluate if any of this kernal/hardware stuff is actually needed for our pocket. This is a hodge podge of shit from online
+  # The GPD Pocket3 uses a tablet OLED display, that is mounted rotated 90° counter-clockwise.
+  # This requires cusotm kernal params.
+  boot.kernelParams = [
+    "video=DSI-1:panel_orientation=right_side_up"
+    "fbcon=rotate:1"
+    "mem_sleep_default=s2idel"
+  ];
+  boot.kernelModules = [ "btusb" ];
+  boot.initrd.availableKernelModules = [
+    "nvme"
+    "xhci_pci"
+    "usbhid"
+  ];
+  services.xserver.videoDrivers = [ "intel" ];
+  hardware.graphics.enable = true;
+  hardware.graphics.extraPackages = with pkgs; [
+    intel-media-driver
+    intel-vaapi-driver
+  ];
+  # Stuff from https://github.com/NixOS/nixos-hardware/blob/9a763a7acc4cfbb8603bb0231fec3eda864f81c0/gpd/pocket-3/default.nix
+  services.fstrim.enable = true;
+  services.libinput.enable = true;
+  services.tlp.enable = lib.mkDefault (
+    (lib.versionOlder (lib.versions.majorMinor lib.version) "21.05")
+    || !config.services.power-profiles-daemon.enable
+  );
+
+  # KVM module video
+  environment.shellAliases = {
+    kvm = "ffplay -i /dev/video2";
+  };
+
+  system.stateVersion = "23.11";
+}

hosts_old/gpdPocket3/hardware-configuration.nix

@@ -0,0 +1,37 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-label/NIXBOOT";
+      fsType = "vfat";
+    };
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp175s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts_old/h002/configuration.nix

@@ -0,0 +1,41 @@
+{
+  pkgs,
+  settings,
+  ...
+}:
+{
+  imports = [
+    # Users this machine has
+    (settings.usersDir + "/root/configuration.nix")
+    (settings.usersDir + "/luser/configuration.nix")
+  ];
+
+  # My custom modules
+  mods = {
+    boot_grub.enable = true;
+    shell_common.enable = true;
+    # de_gnome_xorg.enable = true;
+    # audio.enable = true;
+    de_cosmic.enable = true;
+    neovim.enable = true;
+    tty_caps_esc.enable = true;
+    docker.enable = true;
+    stormd.enable = true;
+    nebula.enable = true;
+    ssh.enable = true;
+  };
+
+  # machine specific configuration
+  # ==============================
+  hardware.enableAllFirmware = true;
+  # Connectivity
+  networking.networkmanager.enable = true;
+  hardware.bluetooth.enable = true;
+  environment.shellAliases = {
+    wifi = "nmtui";
+  };
+
+  environment.systemPackages = with pkgs; [ nvtopPackages.full ];
+
+  system.stateVersion = "23.11";
+}

hosts_old/h002/hardware-configuration.nix

@@ -0,0 +1,37 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "firewire_ohci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-label/NIXBOOT";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts_old/lio/configuration.nix

@@ -0,0 +1,50 @@
+{
+  settings,
+  ...
+}:
+{
+  imports = [
+    # Users this machine has
+    (settings.usersDir + "/root/configuration.nix")
+    (settings.usersDir + "/josh/configuration.nix")
+  ];
+
+  # My custom modules
+  mods = {
+    boot_systemd.enable = true;
+    shell_common.enable = true;
+    # de_cosmic.enable = true;
+    audio.enable = true;
+    de_gnome_xorg.enable = true;
+    # de_gnome_wayland.enable = true;
+    neovim.enable = true;
+    tty_caps_esc.enable = true;
+    docker.enable = true;
+    fonts.enable = true;
+    ssh.enable = true;
+    stormd.enable = true;
+    nebula.enable = true;
+    rustdesk.enable = true;
+    saber.enable = true;
+  };
+
+  # opening this port for dev purposes
+  networking.firewall.allowedTCPPorts = [
+    5173 # Vite
+  ];
+
+  # machine specific configuration
+  # ==============================
+  hardware.enableAllFirmware = true;
+  # Connectivity
+  networking.networkmanager.enable = true;
+  hardware.bluetooth.enable = true;
+  environment.shellAliases = {
+    wifi = "nmtui";
+  };
+
+  # System76
+  hardware.system76.enableAll = true;
+
+  system.stateVersion = "23.11";
+}

hosts_old/lio/hardware-configuration.nix

@@ -0,0 +1,65 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "nvme"
+    "xhci_pci"
+    "ahci"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/NIXROOT";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/NIXBOOT";
+    fsType = "vfat";
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
+  };
+
+  fileSystems."/mnt/nvme1tb" = {
+    device = "/dev/disk/by-uuid/7ddb48bd-160c-4049-a4fa-a5ac2b6a5402";
+    fsType = "ext4";
+  };
+
+  swapDevices = [
+    {
+      device = "/.swapfile";
+      size = 64 * 1024; # 64GB
+    }
+  ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp11s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts_old/oren/configuration.nix

@@ -0,0 +1,29 @@
+{
+  settings,
+  ...
+}:
+{
+  imports = [
+    # Users this machine has
+    (settings.usersDir + "/root/configuration.nix")
+    (settings.usersDir + "/josh/configuration.nix")
+  ];
+
+  # My custom modules
+  mods = {
+    boot_systemd.enable = true;
+    shell_common.enable = true;
+    de_cosmic.enable = true;
+    neovim.enable = true;
+    tty_caps_esc.enable = true;
+    docker.enable = true;
+    fonts.enable = true;
+    stormd.enable = true;
+    nebula.enable = true;
+    ssh.enable = true;
+    # rustdesk.enable = true;
+  };
+
+  # Use the systemd-boot EFI boot loader.
+  system.stateVersion = "24.11"; # Did you read the comment?
+}

hosts_old/oren/hardware-configuration.nix

@@ -0,0 +1,60 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "nvme"
+    "xhci_pci"
+    "thunderbolt"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/NIXROOT";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/NIXBOOT";
+    fsType = "vfat";
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
+  };
+
+  swapDevices = [
+    {
+      device = "/.swapfile";
+      size = 64 * 1024; # 64GB
+    }
+  ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp196s0f4u1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts_old/ragenix.nix

@@ -0,0 +1,81 @@
+# TODO check out the by host way this person does: https://github.com/hlissner/dotfiles/blob/089f1a9da9018df9e5fc200c2d7bef70f4546026/modules/agenix.nix
+{
+  settings,
+  lib,
+  pkgs,
+  ragenix,
+  ...
+}:
+# TODO auto import secret files here
+# secretsFile = (settings.secretsDir + /secrets.nix);
+{
+  imports = [ ragenix.nixosModules.age ];
+  environment.systemPackages = [
+    ragenix.packages.${settings.system.system}.default
+    pkgs.rage
+  ];
+
+  age = {
+    secrets =
+      # builtins.mapAttrs
+      #   (name: _value: lib.nameValuePair (lib.removeSuffix ".age" name) {
+      #     file = (settings.secretsDir + "/${name}");
+      #     owner = lib.mkDefault settings.user.username;
+      #   })
+      #   (import secretsFile);
+      {
+        nix2github = {
+          file = /${settings.secretsDir}/nix2github.age;
+          owner = settings.user.username;
+        };
+        nix2bitbucket = {
+          file = /${settings.secretsDir}/nix2bitbucket.age;
+          owner = settings.user.username;
+        };
+        nix2gitjosh = {
+          file = /${settings.secretsDir}/nix2gitjosh.age;
+          owner = settings.user.username;
+        };
+        nix2h001 = {
+          file = /${settings.secretsDir}/nix2h001.age;
+          owner = settings.user.username;
+        };
+        nix2h002 = {
+          file = /${settings.secretsDir}/nix2h002.age;
+          owner = settings.user.username;
+        };
+        nix2joe = {
+          file = /${settings.secretsDir}/nix2joe.age;
+          owner = settings.user.username;
+        };
+        nix2gpdPocket3 = {
+          file = /${settings.secretsDir}/nix2gpdPocket3.age;
+          owner = settings.user.username;
+        };
+        nix2t = {
+          file = /${settings.secretsDir}/nix2t.age;
+          owner = settings.user.username;
+        };
+        nix2l001 = {
+          file = /${settings.secretsDir}/nix2l001.age;
+          owner = settings.user.username;
+        };
+        nix2l002 = {
+          file = /${settings.secretsDir}/nix2l002.age;
+          owner = settings.user.username;
+        };
+        nix2lio = {
+          file = /${settings.secretsDir}/nix2lio.age;
+          owner = settings.user.username;
+        };
+        nix2oren = {
+          file = /${settings.secretsDir}/nix2oren.age;
+          owner = settings.user.username;
+        };
+        github_read_token = {
+          file = /${settings.secretsDir}/github_read_token.age;
+          owner = settings.user.username;
+        };
+      };
+  };
+}