diff --git a/flakes/secrets-bao/nixos-module.nix b/flakes/secrets-bao/nixos-module.nix index aed19c58..4f87af58 100644 --- a/flakes/secrets-bao/nixos-module.nix +++ b/flakes/secrets-bao/nixos-module.nix @@ -417,3 +417,4 @@ in ) cfg.secrets; }; } + diff --git a/hosts/juni/flake.lock b/hosts/juni/flake.lock index b721bbcc..3a1fb62e 100644 --- a/hosts/juni/flake.lock +++ b/hosts/juni/flake.lock @@ -6,11 +6,11 @@ }, "locked": { "dir": "flakes/beszel", - "lastModified": 1767293741, - "narHash": "sha256-mqcZB2uthea2TMcFmEgfPYGDC+O2px5hc/XPrlqsYMs=", + "lastModified": 1767575724, + "narHash": "sha256-L+3hoO4t3RCXkp9RXyXpJlCkzj6AdTOsstUv7RphEBM=", "ref": "refs/heads/master", - "rev": "8fff3be0425341a048167db5385d9639f6355133", - "revCount": 1031, + "rev": "f86b8085c2ad39986c194b28d51260f8f402572a", + "revCount": 1041, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" }, @@ -22,11 +22,11 @@ }, "beszel-nixpkgs": { "locked": { - "lastModified": 1765472234, - "narHash": "sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0=", + "lastModified": 1767379071, + "narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2fbfb1d73d239d2402a8fe03963e37aab15abe8b", + "rev": "fb7944c166a3b630f177938e478f0378e64ce108", "type": "github" }, "original": { @@ -39,11 +39,11 @@ "common": { "locked": { "dir": "flakes/common", - "lastModified": 1767293741, - "narHash": "sha256-mqcZB2uthea2TMcFmEgfPYGDC+O2px5hc/XPrlqsYMs=", + "lastModified": 1767575724, + "narHash": "sha256-L+3hoO4t3RCXkp9RXyXpJlCkzj6AdTOsstUv7RphEBM=", "ref": "refs/heads/master", - "rev": "8fff3be0425341a048167db5385d9639f6355133", - "revCount": 1031, + "rev": "f86b8085c2ad39986c194b28d51260f8f402572a", + "revCount": 1041, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" }, @@ -59,11 +59,11 @@ }, "locked": { "dir": "flakes/de_plasma", - "lastModified": 1767293741, - "narHash": "sha256-mqcZB2uthea2TMcFmEgfPYGDC+O2px5hc/XPrlqsYMs=", + "lastModified": 1767575724, + "narHash": "sha256-L+3hoO4t3RCXkp9RXyXpJlCkzj6AdTOsstUv7RphEBM=", "ref": "refs/heads/master", - "rev": "8fff3be0425341a048167db5385d9639f6355133", - "revCount": 1031, + "rev": "f86b8085c2ad39986c194b28d51260f8f402572a", + "revCount": 1041, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" }, @@ -79,11 +79,11 @@ }, "locked": { "dir": "flakes/flatpaks", - "lastModified": 1767293741, - "narHash": "sha256-mqcZB2uthea2TMcFmEgfPYGDC+O2px5hc/XPrlqsYMs=", + "lastModified": 1767575724, + "narHash": "sha256-L+3hoO4t3RCXkp9RXyXpJlCkzj6AdTOsstUv7RphEBM=", "ref": "refs/heads/master", - "rev": "8fff3be0425341a048167db5385d9639f6355133", - "revCount": 1031, + "rev": "f86b8085c2ad39986c194b28d51260f8f402572a", + "revCount": 1041, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" }, @@ -120,11 +120,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1767280655, - "narHash": "sha256-YmaYMduV5ko8zURUT1VLGDbVC1L/bxHS0NsiPoZ6bBM=", + "lastModified": 1767514898, + "narHash": "sha256-ONYqnKrPzfKEEPChoJ9qPcfvBqW9ZgieDKD7UezWPg4=", "owner": "rycee", "repo": "home-manager", - "rev": "d49d2543f02dbd789ed032188c84570d929223cb", + "rev": "7a06e8a2f844e128d3b210a000a62716b6040b7f", "type": "github" }, "original": { @@ -199,11 +199,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1767116409, - "narHash": "sha256-5vKw92l1GyTnjoLzEagJy5V5mDFck72LiQWZSOnSicw=", + "lastModified": 1767379071, + "narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "cad22e7d996aea55ecab064e84834289143e44a0", + "rev": "fb7944c166a3b630f177938e478f0378e64ce108", "type": "github" }, "original": { @@ -215,11 +215,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1767047869, - "narHash": "sha256-tzYsEzXEVa7op1LTnrLSiPGrcCY6948iD0EcNLWcmzo=", + "lastModified": 1767325753, + "narHash": "sha256-yA/CuWyqm+AQo2ivGy6PlYrjZBQm7jfbe461+4HF2fo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "89dbf01df72eb5ebe3b24a86334b12c27d68016a", + "rev": "64049ca74d63e971b627b5f3178d95642e61cedd", "type": "github" }, "original": { @@ -231,11 +231,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1767047869, - "narHash": "sha256-tzYsEzXEVa7op1LTnrLSiPGrcCY6948iD0EcNLWcmzo=", + "lastModified": 1767480499, + "narHash": "sha256-8IQQUorUGiSmFaPnLSo2+T+rjHtiNWc+OAzeHck7N48=", "owner": "nixos", "repo": "nixpkgs", - "rev": "89dbf01df72eb5ebe3b24a86334b12c27d68016a", + "rev": "30a3c519afcf3f99e2c6df3b359aec5692054d92", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1767026758, - "narHash": "sha256-7fsac/f7nh/VaKJ/qm3I338+wAJa/3J57cOGpXi0Sbg=", + "lastModified": 1767364772, + "narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "346dd96ad74dc4457a9db9de4f4f57dab2e5731d", + "rev": "16c7794d0a28b5a37904d55bcca36003b9109aaa", "type": "github" }, "original": { @@ -1147,11 +1147,11 @@ }, "locked": { "dir": "flakes/opencode", - "lastModified": 1767293741, - "narHash": "sha256-mqcZB2uthea2TMcFmEgfPYGDC+O2px5hc/XPrlqsYMs=", + "lastModified": 1767575724, + "narHash": "sha256-L+3hoO4t3RCXkp9RXyXpJlCkzj6AdTOsstUv7RphEBM=", "ref": "refs/heads/master", - "rev": "8fff3be0425341a048167db5385d9639f6355133", - "revCount": 1031, + "rev": "f86b8085c2ad39986c194b28d51260f8f402572a", + "revCount": 1041, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" }, @@ -1166,11 +1166,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1767126722, - "narHash": "sha256-bXBpPQ9altAzsuFKhIS83LKwuLIxKJ4gWMAG5xzk+fM=", + "lastModified": 1767556352, + "narHash": "sha256-iYP/fa9guprb2hn8ONJrJe6U076zbeKHdqyyL0gvH8s=", "owner": "sst", "repo": "opencode", - "rev": "3fe5d91372fdf859e09ed5a2aefe359e0648ed10", + "rev": "c545fa2a289518fda35be66d1c81936a54962702", "type": "github" }, "original": { @@ -1310,8 +1310,8 @@ }, "secrets-bao": { "locked": { - "lastModified": 1767301838, - "narHash": "sha256-rQCAZ5A9ozbDfkzdZpH30BBqzcxKXN3BJmL74BoPSsA=", + "lastModified": 1767587118, + "narHash": "sha256-O6QCLO/csAiO8e5ejB43m7PQc7+EePWkX39Z2CZdqZ4=", "path": "/home/josh/.config/nixos-config/flakes/secrets-bao", "type": "path" }, diff --git a/hosts/juni/flake.nix b/hosts/juni/flake.nix index 8bac7468..efff5d1f 100644 --- a/hosts/juni/flake.nix +++ b/hosts/juni/flake.nix @@ -87,6 +87,7 @@ inputs.common.nixosModules.tty_caps_esc inputs.common.nixosModules.zsh # inputs.common.nixosModules.tailnet + inputs.common.nixosModules.remote_lio_builds ({ ringofstorms.secretsBao = { diff --git a/hosts/juni/impermanence.nix b/hosts/juni/impermanence.nix index 23b2b22d..9564267b 100644 --- a/hosts/juni/impermanence.nix +++ b/hosts/juni/impermanence.nix @@ -12,7 +12,6 @@ "/etc/nixos" "/etc/ssh" - "/etc/shadow" # keep passwords "/etc/NetworkManager/system-connections" "/var/lib/bluetooth" @@ -21,7 +20,16 @@ "/var/lib/fail2ban" ]; files = [ + "/machine-key.json" "/etc/machine-id" + "/etc/resolv.conf" # TODO describe + "/etc/shadow" # keep passwords + "/etc/group" + "/etc/passwd" + "/etc/sudoers" + "/etc/localtime" + "/etc/timezone" + "/etc/adjtime" ]; users."${primaryUser}" = { directories = [