From d50f92ca1b93a884766507abc2b80a4774ec4bac Mon Sep 17 00:00:00 2001
From: Oliver Davies <oliver@oliverdavies.dev>
Date: Sun, 5 Jan 2025 15:18:56 +0000
Subject: [PATCH] Move forgejo to hetznix
---
nix/hosts/hetznix/configuration.nix | 10 ++++-
nix/hosts/hetznix/security/acme.nix | 1 +
nix/hosts/hetznix/services/default.nix | 7 +---
nix/hosts/hetznix/services/forgejo.nix | 28 ++++++++++++++
nix/hosts/hetznix/services/openssl.nix | 10 +++++
nix/hosts/lemp11/default.nix | 1 -
nix/hosts/nixedo/extra.nix | 4 --
.../nixos/features/homelab/default.nix | 1 -
.../nixos/features/homelab/forgejo.nix | 34 -----------------
nix/secrets/cloudflare-opdavies-uk.age | 33 +++++++++--------
nix/secrets/cloudflare.age | 37 ++++++++++---------
nix/secrets/secrets.nix | 4 +-
nix/secrets/tubearchivist.age | 34 ++++++++---------
nix/users/opdavies/default.nix | 15 +++++++-
14 files changed, 120 insertions(+), 99 deletions(-)
create mode 100644 nix/hosts/hetznix/services/forgejo.nix
create mode 100644 nix/hosts/hetznix/services/openssl.nix
delete mode 100644 nix/modules/nixos/features/homelab/forgejo.nix
diff --git a/nix/hosts/hetznix/configuration.nix b/nix/hosts/hetznix/configuration.nix
index 739135e3..b19b11c7 100644
--- a/nix/hosts/hetznix/configuration.nix
+++ b/nix/hosts/hetznix/configuration.nix
@@ -15,9 +15,17 @@
./secrets.nix
./security
./services
+
+ ../../users/opdavies
];
- nix.nixPath = [ "nixpkgs=${inputs.nixpkgs-2405}" ];
+ nix = {
+ extraOptions = ''
+ trusted-users = root opdavies
+ '';
+
+ nixPath = [ "nixpkgs=${inputs.nixpkgs-2405}" ];
+ };
networking.firewall.allowedTCPPorts = [
80
diff --git a/nix/hosts/hetznix/security/acme.nix b/nix/hosts/hetznix/security/acme.nix
index efabb9a1..b2616232 100644
--- a/nix/hosts/hetznix/security/acme.nix
+++ b/nix/hosts/hetznix/security/acme.nix
@@ -18,6 +18,7 @@
# TODO Refactor to use a wildcard certificate.
"2020.oliverdavies.uk"
"bootstrap-with-tailwind.oliverdavies.uk"
+ "code.oliverdavies.uk"
"florida-drupalcamp-tailwind-css.oliverdavies.uk"
"luke.oliverdavies.uk"
"phpsw-sculpin-demo.oliverdavies.uk"
diff --git a/nix/hosts/hetznix/services/default.nix b/nix/hosts/hetznix/services/default.nix
index 11aa65a0..a3c9baff 100644
--- a/nix/hosts/hetznix/services/default.nix
+++ b/nix/hosts/hetznix/services/default.nix
@@ -1,10 +1,7 @@
{
imports = [
- ./acme.nix
./caddy
+ ./forgejo.nix
+ ./openssl.nix
];
-
- services = {
- openssh.enable = true;
- };
}
diff --git a/nix/hosts/hetznix/services/forgejo.nix b/nix/hosts/hetznix/services/forgejo.nix
new file mode 100644
index 00000000..ea54c4bb
--- /dev/null
+++ b/nix/hosts/hetznix/services/forgejo.nix
@@ -0,0 +1,28 @@
+{ config, ... }:
+
+{
+ services = {
+ forgejo = {
+ enable = true;
+
+ settings = {
+ server = {
+ DOMAIN = "code.oliverdavies.uk";
+ HTTP_PORT = 2223;
+ };
+
+ service = {
+ DISABLE_REGISTRATION = true;
+ };
+ };
+ };
+
+ caddy.virtualHosts."${config.services.forgejo.settings.server.DOMAIN}" = {
+ useACMEHost = "oliverdavies.uk";
+
+ extraConfig = "reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";
+ };
+
+ openssh.settings.AllowUsers = [ "forgejo" ];
+ };
+}
diff --git a/nix/hosts/hetznix/services/openssl.nix b/nix/hosts/hetznix/services/openssl.nix
new file mode 100644
index 00000000..53e4fded
--- /dev/null
+++ b/nix/hosts/hetznix/services/openssl.nix
@@ -0,0 +1,10 @@
+{
+ services.openssh = {
+ enable = true;
+
+ settings = {
+ AllowUsers = [ "opdavies" ];
+ PermitRootLogin = "no";
+ };
+ };
+}
diff --git a/nix/hosts/lemp11/default.nix b/nix/hosts/lemp11/default.nix
index 57b6c7cb..83a8cb0a 100644
--- a/nix/hosts/lemp11/default.nix
+++ b/nix/hosts/lemp11/default.nix
@@ -13,7 +13,6 @@
};
homelab = {
- forgejo.enable = true;
gitea.enable = true;
immich.enable = true;
jellyfin.enable = true;
diff --git a/nix/hosts/nixedo/extra.nix b/nix/hosts/nixedo/extra.nix
index 02188827..b4e52420 100644
--- a/nix/hosts/nixedo/extra.nix
+++ b/nix/hosts/nixedo/extra.nix
@@ -2,8 +2,4 @@
programs.dconf.enable = true;
services.logind.lidSwitchExternalPower = "ignore";
-
- age.identityPaths = [
- "/home/opdavies/.ssh/id_rsa"
- ];
}
diff --git a/nix/modules/nixos/features/homelab/default.nix b/nix/modules/nixos/features/homelab/default.nix
index 897465c5..c7da8eb2 100644
--- a/nix/modules/nixos/features/homelab/default.nix
+++ b/nix/modules/nixos/features/homelab/default.nix
@@ -2,7 +2,6 @@
imports = [
./audiobookshelf.nix
./beaverhabits.nix
- ./forgejo.nix
./freshrss.nix
./gitea.nix
./immich.nix
diff --git a/nix/modules/nixos/features/homelab/forgejo.nix b/nix/modules/nixos/features/homelab/forgejo.nix
deleted file mode 100644
index 509c34c9..00000000
--- a/nix/modules/nixos/features/homelab/forgejo.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{ config, lib, ... }:
-
-with lib;
-
-{
- options.features.homelab.forgejo.enable = mkEnableOption "Enable forgejo";
-
- config = mkIf config.features.homelab.forgejo.enable {
- services = {
- forgejo = {
- enable = true;
- group = "media";
- stateDir = "/mnt/media/forgejo";
-
- settings = {
- server = {
- DOMAIN = "forgejo.opdavies.uk";
- HTTP_PORT = 2223;
- };
-
- service = {
- DISABLE_REGISTRATION = true;
- };
- };
- };
-
- caddy.virtualHosts."${config.services.forgejo.settings.server.DOMAIN}" = {
- useACMEHost = "opdavies.uk";
-
- extraConfig = "reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";
- };
- };
- };
-}
diff --git a/nix/secrets/cloudflare-opdavies-uk.age b/nix/secrets/cloudflare-opdavies-uk.age
index 835ebf71..bdf25619 100644
--- a/nix/secrets/cloudflare-opdavies-uk.age
+++ b/nix/secrets/cloudflare-opdavies-uk.age
@@ -1,18 +1,19 @@
age-encryption.org/v1
--> ssh-ed25519 IsVD3g kacSrvgn/CGIwU05AkK6UGhxVm5oO/FRK2jgH1qHVg0
-JXzp1+Al5O8sBw3a4td7RA3HVP6C9tIdvvgZFZ9Se5w
+-> ssh-ed25519 IsVD3g ZdGzOgZfbKkfBzwZRUvUm9HMBpJIJZhtcaxGSYOiXCM
+99CJFSIYTpHX86rx2msqZudPCUBoW1hP9+uySFIuTfg
-> ssh-rsa +vTWQw
-ndPfUjqCzN5uqcrRvb/OGKmBouyM6qwf5ZmnfMg49NXcxt7bwCK0v7iPtOOOgDI2
-34Oi1EGgjkJ/YY+nxKuHZtRlq+wySbqeLVXUmb52reW4sj4PHEZOsFIO8Dnxmx9P
-9AtISLIrdJd3V39v4+pXOo9tBvBcTAs7JKqDGFcfp7gcVH0vLga0l3jLUspZiNB9
-DXW6Gbttg8Z6El9J1fAqVXcDE3q7pPZE//zu/cIRyt4/kbK76bx7yEaKAy2GycZS
-SCjjxsRtkBHOKQEQnFdKfWD/AG1USNmoiv4zHx1G9pIVJJA47yNWLwsx8Q7VrfNS
-CXpxQt+ElOH5pRTpXMAx1/rHs/NpXMMUm0EVvWKTNbrbHvepTUvEYABo+DKicRVI
-3H6RYWedXZ9ggpfID66CbF4HFtVJTXwHhvdzGfdna8J1Dy7nJyevT/fCz8tqlVIa
-EFEFqUardSWj0zFL3PQgk2qmrC9W1+isp83Rioi/n/ow8O0Q+XlzO3rQjNYWtEgp
-jufzw+3YI9HuNLPXB0xBfSgwP8Ao6iYskE+8IL+xu4ITCec/ItpoYk1Yeb38G2HQ
-6JlIseQIgpOzw8DlMMWtWjO4U+9JAZh5XOlEgwFPFL25m//24UM7RB3/Yd1/it8i
-cNaHR1L2/P8k5FnbR2jhxcTb2tEzlFo422brC0r/Ilc
---- MqcbFcs1myK1Dn1h/PQKZ59BdgYXIifkp0DkvoNQaL4
-��W������y
-�j`����$�E��n��_<�������%s`�#�d,x�MG�df:��*`z���R�X����>��KJ�0���B�����D�j<ţ���=%
\ No newline at end of file
+KJKWXbY/qa2pZ9Xb6v4ca41rVY0nm6b/+pgcoKU6dbkRiHR3KLFw+E8CZT1dHkXY
+3Az85roddG6O0nb39TQcteVqd0fKwQxmvFcpUsEaStDQiHtHc9r1A0mbUgmEcleP
+dRo9U+jWuSnSFhnlNmul58/T5C92edlLvbGBo28BKIG2Jg4bdonDX4FUGmyfnUof
+EicxZ2UxlEq6NdOm4FdV7df7GOMjyCSfRZ0XaZ4sPU/aa7iV6Nm6pIXgKZZtviNf
+9ef/a5z6HgsQpHZ2Df7GE38I6qLKhG7Aau2gAiE+d4amg+djKmm2++WKvWN2Y5YF
+PtxFvLhpc4vjzBOhwiKYjd3BcFCuJZQ2+SsLyNxhdb4J/v1MNAxNFKLdLX+/cvpk
+pnITQShIRDZAd2GEBdOk+4PCCoEnBW6Y0IJGLv5NLYyLTSL0pKLIiTN0GKnWAv7B
+1n+yHFRekC0G7AaHMB/JIemFwoTLq9Wm/mFTPol9UJTfAgem6F7895IpFkZAe3Lv
++0QHOgBQpNwVTtqZWi8cTgul+b9FLKd/99pSk72b7hIFF36AoyS5KeJfoUfXLONc
+gZa1wra+VIaqV5gMihfb5Ll49QYRhlGn7x3KUkyuxlw6JWby6r6sAYRWprh0JGRb
+LmFQzI4KiokzD8fq2wCUcr8T90EeAqkTUp6D3b0azoQ
+--- lTlcpuKW/KS2v/85o9veQsuWTVRGl+ucx511oqQF8uY
+��������[����(����Ŝ�:�`��e�o�,'��P0
+���Z7k�
+��D����^�|mP��
rW���v�F���*����v�;ydX���i�N��bT��ε�
\ No newline at end of file
diff --git a/nix/secrets/cloudflare.age b/nix/secrets/cloudflare.age
index d13366d4..dc666f54 100644
--- a/nix/secrets/cloudflare.age
+++ b/nix/secrets/cloudflare.age
@@ -1,20 +1,21 @@
age-encryption.org/v1
--> ssh-ed25519 nmofLg X3PF+8zBQJgqyt8PckMdeThC89nOXHlCuVdZ8SJzDi8
-bi7GBOC2TyAtFCYW6RjtZnMeb04Eld0TNcS8yPY2eLU
--> ssh-ed25519 IsVD3g 248O8+OBY5b0Y5r23rWZf+MQZH+Mcz3+dbiXxiu96S8
-r7gDLWAn0vfk/FYxyXOhd1sQSz48PnW2MNY1gwjAMZg
+-> ssh-ed25519 M7i4ow DupawEkDJ8n4DcTLZyW6O13ow5OGZ0TGR074SLo49A8
+Q+DnroHs3Yl1/El80FH4VMXgophJGaJ9/HhubisZtkE
+-> ssh-ed25519 IsVD3g 9yROmUaS4kVmTJUv39qdDvpYxsyegYOHdWwGreWG3XY
+xe4D/5aP6zdQMEuQEMin3sqJHhJt/hXSbAIuqDEvDfY
-> ssh-rsa +vTWQw
-pqQzjCL1Nh31rkMtmN767I5V/7arkR2enx6Zt2IG8Wp+h7wkiziZjGWxIebqOulF
-nmnxolpqtv1+OQiMnDfmXMQsMaLwuIbk+EoMuIEmFQrFRKvYrZL/uNJv3WKRYfif
-x2fgJwfv1+lmj0vij6wo5QuWV7QmNSXd0kU7s69whxysgz+PzUnMnQXAee7kek3P
-5TsOMWd3/zqIE1VWtroJjtaWYZRN0zaTU1DWeQN33u0TFVXakFwzvAT0u8YCa//C
-VzfGTCj3SCXrmVU1h0RcXUsxr0Z+BNb3NYcsDUKK9hFA+DETugwll63FmU1Et9tR
-LEysFpTKvkpjg8OHWlqA8ax1Lkv5B1QCFua1CPixk7G/XSQKGq45n8VNtxeBOhzp
-BdQwxMu2LuNwYxHB9zSuTXnUA16WukTpPLmC21akGaQj6QDLr+KSCOOjR94QG07l
-n3PuDVbjWOcpegmdfvKtBaLol4bL8dHIcGJqa30OW4RdHSKR+7dfg0rZt2BpAN3p
-F3cC0Gy73DIYYGdEsg9iXjqIMDVHe051VfbsjETiMuQOOxDc1onrWRhAKV3BVhge
-FGNU9oJ+xLkDtMH50ksngVvZw/zu7NwP45wzeGQOOmlKI3RGUX81xrt0QXGpI6dH
-OBOMVA3kMEVnNf2mWaFpJnmAvkiSnPvlN3+Iaigc758
---- PFEOB74ICKKmUBSAbcK+91U7KC8wjhKsibwzbn+7owk
-z��-��b�!����ޡ�+%J��Z�c����r��l�
-t�-$����Ie�����5ÌW����|���O&A�*�L�0�3Т"��y�(�v����|���3f�
\ No newline at end of file
+ZlK8ThN/NUf9o2/yshAM3we/MTp0S02RprfjmXE5sXpLwQp/V9VFtoDfYpi++Caq
+l84x0r1/QofJRfaRuWdtVEh9SPrAYqXRnz3BqGHmdu0ds5YxvkXr51nWly9RzNrH
+JWVMLnuNMq509Xp+GLDxCTqPhM6qMa6t7gWkfv67FxTmw4+RT6BOBSnF2BUN8jnB
+wOWS1T5l/n+Y/YSG8TGuUG1ftDm/60wEtbCQmwV3nmEtHDkZVYLH289GFhf4jiym
+kpmUxJMK87s/Kj5w3w2IfDOJwSJ6G6UmoQIcZBXdszLTUjRZFzioqGDvs4h5hu6P
+XbvpTN8ajXH4gg8rzB/Jczl9K8L2ojQNH/qTKdnyUP5RP8njEsHSEFzCwtjupi8R
++BJla2EcrDx5vuulE1nbHy9cFrtwdLDhp+DlU9DcKyUUZ5Zv96ao+5Jf1yRAcm86
+OubYiu3eakds3AssCYXW+pNoxa76P8ez9bcjVJrgaMFjiElXxMq8qUyDMqAc+UBF
+Sk2/Bw7oD2OTVQINdWM+BwqNaDH1aGs/Y+ua0x+ahkuYf/6L9PHyWe85sBCekhSI
+D0Qx/RTMlOSDPbN9PoJFO39STIfA6Eo/k4y8UoVk1A6yYeT9c6/0YXTyjNaSazGV
+5Alc7y4ovF1+vVoIrHo5toTj9HWfolTQEKlj3GhnsFU
+-> ssh-ed25519 DCAArw YSWPa5Kp+3Xgtdd+CAjkmFKZGNijCeqdfmn3Pya50VY
+kF8ko6J5D1WRJfbtcei7xrQbLhpiHvcwi7JUWI65x6s
+--- JJYs6WWGpPxT0s1tEFA/5vZswQiF59V5BHejKwrxJps
+`a�1+ʎZ2������_f�r�Z��Y�m,̽��BOj����#�=��[���-?z�����S�r�/�1��b�Y6����G�K~Z�u���-���7@�G�tb��g J
\ No newline at end of file
diff --git a/nix/secrets/secrets.nix b/nix/secrets/secrets.nix
index 0bfbf804..38b175b5 100644
--- a/nix/secrets/secrets.nix
+++ b/nix/secrets/secrets.nix
@@ -1,6 +1,6 @@
let
hosts = {
- hetznix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMk8n03VeShc0q4ztcaNrmScwM7u0j6fFVtmupy2RlM2";
+ hetznix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN/Lylteb1le173In/X94jls+CXFg9RGCyJPBOL90zDD";
lemp11 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEZ+ljJKd6uqdAk+fqxwtObI4Stab2N9Bjo4QFHY/v8n";
nixedo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvtcGJnc94k6wCPfvK9oBvGey0WWVCR8IYSqg5vqage";
t490 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvtcGJnc94k6wCPfvK9oBvGey0WWVCR8IYSqg5vqage";
@@ -8,6 +8,7 @@ let
users = {
opdavies = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDkkbYaCD9NUIQT0NnsmlyfepwjxBYeiJSBCotOpdPTyc5inFAd29DiVw98j4skfaHdzjcqWmMFmDQWM6tGkK7eg8n0WuaABmsjdEbzTtfjHwM0tRDCIh5AtoT4IvoLhwLjEI2jKM05BGCQ2m5lS//AYJK1DjiV4UH+IjXHz6oy/3eFzQwANjxWS+mbR565p21yuAu1DKEyaGeVzT1xDhgzlnZG7Cys/rFgUYpIvYDHMOFxG6hsDB8vqyHiTXniniti5tdvGGYHgRGQcynRTU12aerrqHTIOefrElXJdf3/PA8FIY/Pd3MmZocY/vvQe0EVHXWrNtnHOF3MFQ1tFyfubKO51Dcp9KmzHnyBvO4CtvGVr/upSVWfo0I/EqkIqvCvBbdSIPeH9V5hAcyWENGF4Wf0/Yqtc0dBhfXJmPVBsC2ghZp9oERK+h5Xs7DpzkT0vtkN+wjgA5weIuG8e2UVNO29LWASzlychVqb7BVa6kNn5CyGwauyIGsYvAFnUjkyJpK8qleNM3VO5x9aw26IhSKlnSE9PAdX8p7PpdoWfxWRekKTc4h6iAe7pFOENvuokAvCNsE5LolR4VrYKXjA0m3nupDNWYexAWfR3lSeSlKd9nD3OENS0biJKayZHs11iDUTxm5u5gm/U60b4z0zDXjh1H/DI/pSCG6jjaXDpw==";
+ opdavies-hetznix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJStz4WQ5IerIyi8HqLB1gwoiKr87uH/bI+Q9sDxVu+a";
};
in
{
@@ -15,6 +16,7 @@ in
hosts.hetznix
hosts.t490
users.opdavies
+ users.opdavies-hetznix
];
"cloudflare-opdavies-uk.age".publicKeys = [
diff --git a/nix/secrets/tubearchivist.age b/nix/secrets/tubearchivist.age
index 3687be7e..3825f5d8 100644
--- a/nix/secrets/tubearchivist.age
+++ b/nix/secrets/tubearchivist.age
@@ -1,19 +1,19 @@
age-encryption.org/v1
--> ssh-ed25519 sHhprA 51laRPX9Ekpa1X63TQKvlZSFTBOLwC8s2aDzvD2OmlE
-Xs7z0c2uQxHJFgmDsczy8zpRl9wnacmBMr81xxJ4D0c
--> ssh-ed25519 IsVD3g BWtBEJcfYhG00l3QLLW4xN9v57FwOSxjvdU2eZJ2tmE
-TzEo/OkjGQgWDInAj6zEYbPwMGxOX7bdkG/Z+qsbe2E
+-> ssh-ed25519 sHhprA Nsfwkbjh1xMbkfvYoJQ2eX4Os7eW/ync1TVDSRUtTwE
+DIYEChpd5XLo7+8Bp8b4KKR6WjRkBOCFKvYs9HMaDXY
+-> ssh-ed25519 IsVD3g I+0C0X1Yjw7CFIko83N0AUB5uxcc2xAw4MMuifQiEgw
+rBx/qs+c7l74ehORmS/eXO1X62AaW7Q4V6pVNTK92Mg
-> ssh-rsa +vTWQw
-pi7x6nnLM4UgQAmY2y+EhQJK+W6nwL0atKIhSTt257lWeXy+AloOeTKlhbrGxagi
-KTEO807hRMaKfxINUX4l9ui+8beXBfszgmGAISm8QSj3h3HKg48/hUrLJbsf+LvF
-HbN+5rAuGk4Of7ogotbTK+kC7dD2sv66lIX22RdiuaYv+hjfV/NWrgDLbmBtJxjL
-04uzxXC9bCyhZuVr7MduXMgOK7YkvDOd2yDqawq7u4K/H8Sf6EmFwT7eY0AlkKXO
-3rBu/59Hu4I4gY3uqeqQyfdwQTpy12Ke6Aqs3vMEs1FTlf6Tpp/5aVFFckcl/F4M
-dUTQurBudb4ECnYDGnaCFFb7nnBiUbe7ZvPfJnJNSOOdWH1v5ugo/KVqCJkB3Nbv
-PAOvBo08/kmxl6+gZvNRyEjy1TY+1REYX8W4Rfpo5QjdUvCrBCxuybM7eVYMPVv5
-LWfymQ61wNRV+AQx+/pOC5K/S9xXnPyJCoqqH9OnPLSMLuOizMo+IcZyP67EnP2L
-uESGw15697pCVf0oMuNmX2K/KkC+RcVkf6ZWNAECCYSox9Z/aHQCixLWFQoX1XN7
-9lajTEB/XFGCFTNZ/0C6Vj34vvSr9ymZOtLRdAX5IZjpZKmzQroZo1YMxsRRg0C4
-weEc0dVqdYi9bNSr+2QotCs1G2ezTbw7LY911GEMJzY
---- Tjaef+2qN//4+3hnlMoE+ViliwMOFDdN3LB3RO9hQL0
-_�V�u��R���a��������@Ų����x.�F2���K��b��W����A.}� �|��(��7���g����z5tLU�ҳ�'(P���s�����}z���3�K?��H<��(���
\ No newline at end of file
+g8aLlLKplkGAapAxZVIEmWqAOYBghIIN6TB1p9qGjsIGx9g6wG0qRcMkLL6rqmry
+c7MPi9Lk4k65+mijhFL6d1rwwi0o0tHGK913xdCv1OxwjjyqCWAXGAawgtjMDEZz
+bj9jj1Kpm+qvWf5KpVtEzkwe/Im4TXfoEhNC4rAGz3pDNy6OBV5Ztlt/icVhzVPy
+yFSLkpLOgy2/fBMjesdLFgoeTK2kB3GoMioXNpCpAKHl8J8tiVHr4vFsE+mGJQ6y
+bTG0BWacmGuuqXYYWfmJ8TyduMCkWQAqmHEPqMInpCmXYU1QS+vgULeM4Zw5II5j
+/XQ1Bms50qlBOYkVitRWEz8R83PFqsIvtAsKf+xkjluJAI1fhlF/+YKLzfDfQRLL
+I4RDfLpC6QaCvbYixKHaScfQYq+L389o6m4kHBoqj8diaN26lewADrMULxNhW7Lc
+bVnUkU/yA22hMW22vhIlq2JJlIE9kUh/GXWxriM6bLI2hkCeWIH1IkjTELl+8RtL
+aDyO+Dg68IzEx6yA6MuUoF7oeL6bgT+p7+huPAyg9ZHuJHEX6j8oi2WxHqzi7g54
+qH+iEw6jiaYabl/XYnrx1EsX4prGuGNvpbivOMPnjU3eIyo//U0pmioPMct9a3e0
+ZUwAjidqvIsrUKD1iibTgUlIIIpehqRfEwxJ+fZ2xCs
+--- FjYSFcft/ABIEmVoaPiwxBMzI0TYHAHnsdxUVwbyTSE
+���z@��љ���\��T����$~�x��3�-hت��լ�����<!,����o������8^t����v����O3PL��+����U���vwCB����6=՜������A�����[g�<
\ No newline at end of file
diff --git a/nix/users/opdavies/default.nix b/nix/users/opdavies/default.nix
index 68c83302..4806156d 100644
--- a/nix/users/opdavies/default.nix
+++ b/nix/users/opdavies/default.nix
@@ -1,8 +1,13 @@
-{ pkgs, ... }:
+{
+ pkgs,
+ headless,
+ ...
+}:
{
users.users.opdavies = {
description = "Oliver Davies";
+ initialPassword = "opdavies";
isNormalUser = true;
extraGroups = [
@@ -11,6 +16,10 @@
"wheel"
];
+ openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDkkbYaCD9NUIQT0NnsmlyfepwjxBYeiJSBCotOpdPTyc5inFAd29DiVw98j4skfaHdzjcqWmMFmDQWM6tGkK7eg8n0WuaABmsjdEbzTtfjHwM0tRDCIh5AtoT4IvoLhwLjEI2jKM05BGCQ2m5lS//AYJK1DjiV4UH+IjXHz6oy/3eFzQwANjxWS+mbR565p21yuAu1DKEyaGeVzT1xDhgzlnZG7Cys/rFgUYpIvYDHMOFxG6hsDB8vqyHiTXniniti5tdvGGYHgRGQcynRTU12aerrqHTIOefrElXJdf3/PA8FIY/Pd3MmZocY/vvQe0EVHXWrNtnHOF3MFQ1tFyfubKO51Dcp9KmzHnyBvO4CtvGVr/upSVWfo0I/EqkIqvCvBbdSIPeH9V5hAcyWENGF4Wf0/Yqtc0dBhfXJmPVBsC2ghZp9oERK+h5Xs7DpzkT0vtkN+wjgA5weIuG8e2UVNO29LWASzlychVqb7BVa6kNn5CyGwauyIGsYvAFnUjkyJpK8qleNM3VO5x9aw26IhSKlnSE9PAdX8p7PpdoWfxWRekKTc4h6iAe7pFOENvuokAvCNsE5LolR4VrYKXjA0m3nupDNWYexAWfR3lSeSlKd9nD3OENS0biJKayZHs11iDUTxm5u5gm/U60b4z0zDXjh1H/DI/pSCG6jjaXDpw=="
+ ];
+
packages =
with pkgs;
[ ]
@@ -19,4 +28,8 @@
firefox
];
};
+
+ age.identityPaths = [
+ "/home/opdavies/.ssh/id_ed25519"
+ ];
}