From f58e9687560d1f4afd47bdd8ca7c8df13892731d Mon Sep 17 00:00:00 2001
From: Emelie Graven <emelie@graven.dev>
Date: Sat, 26 Feb 2022 16:09:12 +0100
Subject: [PATCH] Add various changes

---
 config/common/services/ssh.nix                |   5 +-
 .../hosts/grondahl/data/secrets/secrets.nix   | Bin 961 -> 1045 bytes
 .../data/secrets/ssh_host_ed25519_key         | Bin 0 -> 421 bytes
 config/hosts/rudiger/configuration.nix        |   1 +
 config/hosts/rudiger/data/secrets/secrets.nix | Bin 370 -> 454 bytes
 .../rudiger/data/secrets/ssh_host_ed25519_key | Bin 0 -> 421 bytes
 config/hosts/wind/configuration.nix           | 123 +++++++++---------
 config/hosts/wind/data/secrets/secrets.nix    | Bin 946 -> 1030 bytes
 .../wind/data/secrets/ssh_host_ed25519_key    | Bin 0 -> 421 bytes
 config/sources/nix/sources.json               |  24 ++--
 10 files changed, 77 insertions(+), 76 deletions(-)
 create mode 100644 config/hosts/grondahl/data/secrets/ssh_host_ed25519_key
 create mode 100644 config/hosts/rudiger/data/secrets/ssh_host_ed25519_key
 create mode 100644 config/hosts/wind/data/secrets/ssh_host_ed25519_key

diff --git a/config/common/services/ssh.nix b/config/common/services/ssh.nix
index 2a918d9..a454669 100644
--- a/config/common/services/ssh.nix
+++ b/config/common/services/ssh.nix
@@ -1,13 +1,14 @@
-{ ... }:
+{ config, ... }:
 {
   services.openssh = {
     enable = true;
     permitRootLogin = "no";
     passwordAuthentication = false;
     challengeResponseAuthentication = false;
-    hostKeys = [ { "path" = "/etc/ssh/ssh_host_ed25519_key"; "type" = "ed25519"; } ];
+    hostKeys = [ { path = config.secrets.files.ssh_host_ed25519_key.file; type = "ed25519"; } ];
     kexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
     macs = [ "hmac-sha2-512-etm@openssh.com" "hmac-sha2-512-etm@openssh.com" "umac-128-etm@openssh.com" ];
+
   };
 
   programs.ssh.knownHosts = {
diff --git a/config/hosts/grondahl/data/secrets/secrets.nix b/config/hosts/grondahl/data/secrets/secrets.nix
index 2b87a11d869139930add82ebfe871e322cc9bcd0..1feacfcb4006c08b8c5ba2be61bdb614710fe5b0 100644
GIT binary patch
literal 1045
zcmV+w1nT<$M@dveQdv+`01O<P(fut2xq!%LZvzr%s(^`P8#&IYyAN?+il|#oW>#;{
z;4kx(jIs2c9#>TOEPDhK%b)S8)Ug**gLnL>u+6T-pk&e3v;1*Ld$I6Z4#7;$$YT7<
z?xJIdV$ctO2Ng-?6v)_tJICQ-4R)XfD#|JO0s!7pKESu`E8QOoG>glf(3vgx1e{+-
z<}R_$Y~Y{!H`YA#fqG|Fl8w>Gv}6YuCi{2r=eB?YZo7;ooSzcRw?cPb{50z4N70yG
z#Oi2yn9Lmzph9KWje&YrQFG#erW0y}GDv^j-g*+nQe?J@4$n)8<J*124u>lt6<4HK
zTqCi<aw>m1ufnlaj}k$a2b5ZNvC7L@YPk{V4>_W>!U@?F*HAJ%W%{B+uKnB2i!&Gv
z?G(vcdq~c&k4`;$Fg1N%2#Op@LAB;Z5Gt0>as-SMqax#y{K@{50*0a#Y@hg)6e@Y@
zWd6p-1qmcMJc#O{Ww-eM7jd{Ay-3n-S%X4kyb%7efa*3ziO0o}R)Vt=TtUb|>tH!z
zKE7{slrxSO;orq?|L$DrKh#ghR_&$k;GF$=ZJ@AkXa|<EaR@e+I$@m4JgP;1nQiS+
zpF>zoS3$HZ`!?k9k|PQ=nOdAZyr~xY*e{fk#lN`5+lxGEo6%q1yCH{O9;{p}1s^6a
z{$PwwZ#YC2W&N_*HJi}w<Ii$?k<x*Yi&$!g`aj@MgR(&uG<@GEeRAw)0t7g6<f!8j
zd!RM1N&Lc^pU-FT)B?8KuEDWHzWJ&lVJ;K}8h9Q4L?Zu~g-?UFj3}u>4#!HeUyIhg
zjJeE2<p<ARFc=+zw}B6`+NNKl8iIh^3GDmO`L~JB?!*6TUf#Ifag6w+_MG4+tC>ZA
zGY%hL4FmduyY;i~f@N{EeE8Fl`nUw#KZ8`Xv;v^w+lv9v<OOAJJfbHUg`pLf@v*jm
z``Bwbt3*TTO5a4=G$W%x;{LZjB?cry%K4fAwnw1DT5bUJg)F&9MS?ljMxFnpg}9gl
z8YH<@O92+yh1NYlGY}jxZ4i416T9Y)%*?xv^1|yhWsOEqtT4Kni<-~^_$3|&j>I#~
zNbdW!?XP&wT8k?xrX4ZF<!#gFxx4{6hIkLCct%mOE`d@)`2H3>enLrh-MA}o3cm3f
z-5kSrirpy{s5S;LPu1Zh_u6gB=5MZEKzS>1Y7{;Msp1U(OR>OLu!AclA*9r7CM9;C
zad0$}uliVsY|k_nw@1h&!ZM&j(NZ^6;Mx-On?~L?-Fwn=hq;^)k~g4~Y~6fUU1A&)
z7_q|<=Dxm~gvXJ~2h}Jc)on(O!6jQosoV}}ij|*j%GLW$IFAM~w7U04Teivk`ZsJ2
P2I(e`@M~p?ZXbK-?Z*p_

literal 961
zcmV;y13vr!M@dveQdv+`0R0Anu&bv5ciJ36+NIfw#$KuRCaw&1AofW_2z2S#XsGkF
zf4vg3>?E+e4Jtu={GE+9iJfz5gu@(`<YJWM_#y#X!|F{cGV_7b4x9iqhT)*_hna+A
z8Qg`CYqE_KogL4|QHO8&m`|Hd^LNKjfPqcsTK)k>CxCVk%lh2*en5+d=$y30es;H`
z`gHix-U0{%*Ok2hmz#?x&Ycb$dvSf-AhLO<t8_Kcrgz+816S*V%3NAx6KEbL)nYYW
zPpW|}pKIJpfNfZT^4`#moR=MqLkc}HKC`^-6)56T9YEumN`!Z?VhH>KX<c5+jT%o&
z>KHrO+M&TNov6z`F}ri)nZ~(9CNZ26$R2XkRRk4d^x*HIRU-_)grM0=Qp?r6w{eeW
z!2&9FIa7ypJ)UU!86UfQxqu@)&-_g6$JjNFe%L%Jh1B}?E+yL_z;3md2%w`!i?j{}
z5G2^s+K75VyI4Xu%v4(hv+;3A;qeZar?h6Iz6X|`%+zTq@b<FpQBDQydj|lWtN28d
zZXn>}Pyhw*ec3uo`TEGt@XBBY8dcroo>fKabgO1~SD1yUhokU*A=QSEW^jWrn8Dv1
zFU~b4)d>18Y}iF$7fWFPEmiGRtjtm3u3z36ju{Hw^TCtHeTs#pt2)p=X&|kCy?o^x
z^h9_?c{?LYd)@mwk7f10qHG^a0zYut9=&pE`2X9V2*{N?SVxp{i*I{YFlYj0z{IX<
zuCq{6CxM?zm4{(bWbyc$F;cNm0n)EHT2^}|1%+<@9(8O%G!FfC;?x}q=;ppZXT|&1
z8%Z`zP;*x<hoB;%^Fog6@#bv>q*>>7?80jB7nW&MC{PSkT?%gUu>`s*`CXkJMB?TW
z+YN>fom+EZBc8X#Ffij5kpx!`)MparSXi37e%x*>r>TqSieHB!C_!jYQvXZJ8{Zyk
zJY89@H*IUja#IZ|b5rnjzQeGQLO;s$D%pVQaVU}5fu3-;6(XMBk|Lk<c+_$_GAxaX
z<Qz@M<YpTEy};z5*^KfwDsN1*A1|j=fSreHz*IN77!nKg{Q~9e@Rj0)=lnAS-dKij
zF1i(|csB1;^&vE`#{0|HRrYyAO4a?o&<r+b)(<|8=IMwL-Z3LrS*hz;_D`*<XE*f6
zP?toY!|@G!O~z9b(DM9%F29Jk^gKg~COe&)xfdy`s{@l=v4SypQq~M@-Ua5`3=tQr
jMadCZDc)XxHoc@>)*x!^Lc+J7h4_RyXu{?ptbM>B<H_E*

diff --git a/config/hosts/grondahl/data/secrets/ssh_host_ed25519_key b/config/hosts/grondahl/data/secrets/ssh_host_ed25519_key
new file mode 100644
index 0000000000000000000000000000000000000000..8e348201daf100a4b6d00f28e99279687da38809
GIT binary patch
literal 421
zcmV;W0b2e5M@dveQdv+`0HRs(k*!JvJ!+4-s&`EtY1d-Rd<w_tr1^Cw`2$bU>e-O_
zRt68FxS4su;?iG)Al<51`yJexjF{r`=B~-DPgKIcSXt?!b$X~{+3;H6{#-FZ5Rih?
zI>D>2<{kUldoNoNi<FIj@ju4(5CgpbKbmMg&=#$JG`Y+;3X9SkSb_rhGP}c57;NIz
z@o?ux9S6}V{O%!H!qh>#?fNZxk7u=eRsYjdOE@+XANRU#cK!V7Ep!(XH}(M2>f4a`
zFO89oEDKQdO`ec_r_w1~w;UAhYOzE)gHu-lXq!eWsY7vCIs^F5Il-+I#oGUt`PzdL
zt3ghw!S9EFg1-ThX4H#I1^Gwtv8<<F1QCTH@+(dHg~XhAbYdVD6%Ke&7{3Ms6O{!0
z_%1&zVY`a39>z8fnq7lo9A(~$ldkwQ@hjGjAfl_f$$dGk!kb-%ve2|?&<(UD=9Vpr
z5UrK|nq3^38J~uq7>#~0j)Eu5Pr?_)xFn*X^}^SnG+G-p@Tvv=$;?nmMcx8dRAl4T
P8uJU^tfzNyFF8@I6&us`

literal 0
HcmV?d00001

diff --git a/config/hosts/rudiger/configuration.nix b/config/hosts/rudiger/configuration.nix
index f8b5aaa..4b3c0c9 100644
--- a/config/hosts/rudiger/configuration.nix
+++ b/config/hosts/rudiger/configuration.nix
@@ -50,6 +50,7 @@
     nameservers = [ "1.1.1.1" "1.0.0.1" "2606:4700:4700::1111" "2606:4700:4700::1001" ];
   };
 
+
   nix = {
     autoOptimiseStore = true;
     trustedUsers = [
diff --git a/config/hosts/rudiger/data/secrets/secrets.nix b/config/hosts/rudiger/data/secrets/secrets.nix
index a8fc39f77ee5e4e7a4382ce78be5c867670b8470..3b435f6eb28dfb2dd7739443ddbf09238a5ed0b9 100644
GIT binary patch
literal 454
zcmV;%0XhBvM@dveQdv+`061QW!!N)1e&~0+r<aO|TDt5u*viB?E4i%OdGidC;BOf6
zO;o)n+Wc35GaR==g|Q7eUaDuSMYJcN-&+Nwvi#;EurNo>L>Y{Gus>U2i22=(otLu#
zqv<`jP;4crmI7Z(h15~deeWHl4N%?S{qJjydiA=38tTf!OYN!eSnkx25Foszv(M4w
zssj;&9yjDlQQv~5KG8p&W@6qhdAb&v{v?KJr@g*%k=lHT)aZE3-^2KXwe6e-7ih#0
zi{CJzLbyO*xLY(1G1z*8e5%=c-S5oooH$9;%sE4(w3{7F(Q61)#{pG^l2R)%(&2s9
z%5rGJHE|SEJ4Qt_ZHe4Zt7q=q-Dyi)=`JBddN5q!0)=ay#;4X<xCZH53)vVL7FM{O
zATHS79wTgIPI5l)bIu;vV>~}ClB0>81bMimy(j8rw9SA;GO^OjRS^|-Eheq<ho>fF
zhv+WDeNE5*zi6Eqdm|h}L*l+!al`e`u^n+KBJ+^pD=$c{>w19q`{L7|hQC3tO2~uh
w=}Uay#abIlp!sN*2H}9NrqhgMPzWJh5s@l{%MDI%r%T*m_mVOYe3PayP)P*lJ^%m!

literal 370
zcmV-&0ge6uM@dveQdv+`0NEw0n++cRf984OcO2B#4Z;AMn8NINC7Fkvp*%!a+tmYf
zi~W`MJMsIixA{Mrqq4?2pVsYBR&;-cvDCpaOZqyai5{zow=Y^zhF}qSrJ7oX9%HL-
z!^h^wz1SnLWc8=(M{EAcEd3U}P-$&k9<L=E1#Z7Z#vfQ~u$TmJ+n#6o&pM<XA!e~c
zZ8|fndsG5|bn|fe*4fP%WI_f>86bFj<D?sWz6uw?v`y$9-@8Tv%L!V;F1g$Fx9td~
zzdLXV1*=8qyb*ihdhhH&D5H*9f2)&lgWeabLounW(+~oOJ(rv{>3a}N<dB4>H(V_@
zX}=yjlCo4Kfzre$8%f}rN8LUx5C_XNPhp6w{A!3myk~P_ce5RhxA{GFy?@j>4c1cV
zjEKy!n!3n9*#I<f+Md&6$e((sLfTltpuy|;>%VnLv_K8Gs5l<FUFxV9UkXFKhwNig
QGTf37LV!<nhrPnxs#SZqvj6}9

diff --git a/config/hosts/rudiger/data/secrets/ssh_host_ed25519_key b/config/hosts/rudiger/data/secrets/ssh_host_ed25519_key
new file mode 100644
index 0000000000000000000000000000000000000000..ed3dbe5e513859a91eee2a86f5754ed2db9ff8b8
GIT binary patch
literal 421
zcmV;W0b2e5M@dveQdv+`04owx71Hb5I+(DR?F+mGKNnMk-?beP<Kh5I<y~en2QRn{
zI9EJD6*u<<66)>IeG?Rh*DQj5RFlU}pS}4s8y#7D30K(rgzJixI0`gYH7?M%B-I!+
z^e3I8i?$9-9b{4gbh$>W%VPi>RUx*2B>~l3hl=Su?{spQ17`X$vL`M84>^EK*Hr@t
zuc00&-KdijB=y=kkis7cN|d?3{#6(qA7c@$mO!*|)2jlNo-#BQLk5l;Y$YQ5|0kTs
zQ%LsO*4!QS45MG}o^%SPWgUES_|2-QHWXdfs9L9^=*;b?!Xy#sb-he)5V&zP;&ia-
zfi4=&^mF0rNni_>M;L$0c{Nfj@4l~29BF4y0n6Bh?GsH}?U?Q{3YG2Z^16NxV&<!$
zVOJ(+Sk^j2mujHrZ(=sGb02$hM(h>dfENwgS&Y?A3RyN<uLfpZzP|2R|LJ5z6Z6y@
z>tML;jEYA?h%rkVz=N}UE_-mNwmBITiO|d9rZ)hh`N`|V`=5%hzaglC^)@%245QPf
Pa4qax<lQ^;upLgzLNmo+

literal 0
HcmV?d00001

diff --git a/config/hosts/wind/configuration.nix b/config/hosts/wind/configuration.nix
index 2e4c450..b909657 100644
--- a/config/hosts/wind/configuration.nix
+++ b/config/hosts/wind/configuration.nix
@@ -1,75 +1,74 @@
 { config, pkgs, lib, ... }:
 
 {
-  imports = [ 
-    ./hardware-configuration.nix 
-    ../../common/services/ssh.nix
+	imports = [ 
+		./hardware-configuration.nix 
+		../../common/services/ssh.nix
 		../../common/users.nix
-    ./services/acme.nix
-    ./services/coturn.nix
-    ./services/nginx.nix
-    ./services/postgres.nix
-    ./services/synapse.nix
-    ./services/ttrss.nix
-    ./services/gitea.nix
-    ./services/restic.nix
-    ./services/vaultwarden.nix
+		./services/acme.nix
+		./services/coturn.nix
+		./services/nginx.nix
+		./services/postgres.nix
+		./services/synapse.nix
+		./services/ttrss.nix
+		./services/gitea.nix
+		./services/restic.nix
+		./services/vaultwarden.nix
 		./services/wireguard.nix
-    ./data/secrets/secrets.nix
-    ];
+		./data/secrets/secrets.nix
+		];
 
-  boot.loader.grub.enable = true;
-  boot.loader.grub.version = 2;
-  boot.loader.grub.device = "/dev/sda";
-  boot.kernelPackages = pkgs.linuxPackages_5_10;
-  boot.supportedFilesystems = ["zfs"];
-  services.zfs.autoSnapshot.enable = true;
-  services.zfs.autoScrub.enable = true;
+	boot.loader.grub.enable = true;
+	boot.loader.grub.version = 2;
+	boot.loader.grub.device = "/dev/sda";
+	boot.kernelPackages = pkgs.linuxPackages_5_10;
+	boot.supportedFilesystems = ["zfs"];
+	services.zfs.autoSnapshot.enable = true;
+	services.zfs.autoScrub.enable = true;
 
-  networking.hostName = "wind";
-  networking.hostId = "929e7fb7";
-  time.timeZone = "Europe/Copenhagen";
-  networking.useDHCP = false;
-  networking.interfaces.ens3.useDHCP = true;
-  networking.interfaces.ens3.ipv6.addresses = [ { address = "2a01:4f9:c010:34cb::1"; prefixLength = 64; } ];
-  networking.defaultGateway6 = { address = "fe80::1"; interface = "ens3"; };
+	networking.hostName = "wind";
+	networking.hostId = "929e7fb7";
+	time.timeZone = "Europe/Copenhagen";
+	networking.useDHCP = false;
+	networking.interfaces.ens3.useDHCP = true;
+	networking.interfaces.ens3.ipv6.addresses = [ { address = "2a01:4f9:c010:34cb::1"; prefixLength = 64; } ];
+	networking.defaultGateway6 = { address = "fe80::1"; interface = "ens3"; };
+
+	users.users.deploy-web = {
+		isNormalUser = true;
+		extraGroups = [ "nginx" ];
+		openssh.authorizedKeys.keys = [ 
+			"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILk4m1uJzxd7pDmMZgnZxqD6lEIfVPf+I4tKPo0jJJrK deploy@drone.data.coop"
+		];
+	};
+
+	security.sudo.wheelNeedsPassword = false;
+
+	environment.systemPackages = with pkgs; [
+		vim
+		htop
+		iotop
+		dig
+	];
+
+	nix = {
+		autoOptimiseStore = true;
+		trustedUsers = [
+			"root"
+			"@wheel"
+		];
+	};
 
 
-  users.users.deploy-web = {
-    isNormalUser = true;
-    extraGroups = [ "nginx" ];
-    openssh.authorizedKeys.keys = [ 
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILk4m1uJzxd7pDmMZgnZxqD6lEIfVPf+I4tKPo0jJJrK deploy@drone.data.coop"
-    ];
-  };
+	# Use hetzner firewall instead
+	networking.firewall.enable = false;
+	# networking.firewall.allowedTCPPorts = [ 22 80 443 3478 5349 ];
+	# networking.firewall.allowedUDPPorts = [ 3478 5349 ]
+	# networking.firewall.allowedUDPPortsRanges = [ { from = 49152; to = 49999; } ];
 
-  security.sudo.wheelNeedsPassword = false;
+	users.groups.acme.members = [ "nginx" "turnserver" "gitea" ];
+	users.groups.backup.members = [ "matrix-synapse" "postgres" "gitea" "vaultwarden" ];
 
-  environment.systemPackages = with pkgs; [
-    vim
-    htop
-    iotop
-    dig
-  ];
-
-  nix = {
-    autoOptimiseStore = true;
-    trustedUsers = [
-      "root"
-      "@wheel"
-    ];
-  };
-
-
-  # Use hetzner firewall instead
-  networking.firewall.enable = false;
-  # networking.firewall.allowedTCPPorts = [ 22 80 443 3478 5349 ];
-  # networking.firewall.allowedUDPPorts = [ 3478 5349 ]
-  # networking.firewall.allowedUDPPortsRanges = [ { from = 49152; to = 49999; } ];
-
-  users.groups.acme.members = [ "nginx" "turnserver" "gitea" ];
-  users.groups.backup.members = [ "matrix-synapse" "postgres" "gitea" "vaultwarden" ];
-
-  system.stateVersion = "21.05";
+	system.stateVersion = "21.05";
 
 }
diff --git a/config/hosts/wind/data/secrets/secrets.nix b/config/hosts/wind/data/secrets/secrets.nix
index 75790f5334b5fc708c3e04b172965785344026f5..5592aaf52288f4f30d9c3f15c700d2555915670c 100644
GIT binary patch
literal 1030
zcmV+h1o`^_M@dveQdv+`0NT)*bSL{?=g|uNyFL18VNEOu9L-MpO81{_?ErQt^44oE
z-sqZGA+bD#8-?U4*OGxh=gJz7-~sbdLMGbYhC>m>(^Z5k77Qu-+oosj4p59A5t!Z^
zG)`vBa(*cvb=08kxbATFQZ$L!jJoGz`{*;~QZ1E8Fpced&U$tuk{>$2>B!fuA9*;Y
zrPTc!X!q1Oy0jo}AZ&QP{g@>y8~eQQg=L8c%x>T{%#Ouw=V-%fKE?xPuOjff1vU#;
z_Y(^iSod}WzzvK2voFxnY90KXd=sNVeu);2<1Cd8YnWS#pIYnE_#-i}gLT?~n_drn
zTy8(O3gAV=#y`IdJQ8i}RV@{CkabYtg1z@XC$~2SFUfK>fux2b>)1EkA#1#`tFhYC
zBH4ts7Sn04?eZ}<*j+Q|u^T*0o_%Hb1bT)O?TIFs7hzQe(tu^{&*x&~%ZDP+l&cYr
zt4eRgiy&n(HELyl;gG0bSSYLWqGem(Km*<2KuUEnX<*>Wy`HE&rtMss6EV_1<<R1E
z77AV)ud=lRvzMP<C4qDmMrv!j)(Z0?n5o4LoNmPk(pD_w(S;aILvtXNNs&%Sg(1l_
zSkUwCM+uJgzh+?4K$K4d2KJsXx|=r9w7|FLXRU2QE8^94pwIq~+0BxpS_Etb0_Vs+
z^4aYEM(EN6aN&PyS4io>AxcMA@jyUxj%Li|shs4C0>mVMR6}N9sdV)bWxqxYAMxY-
zS^!!%4bOPpG1mhGP&)?ljJ22!-*cAUqYp>4y`&_#X@JNfhHQIeywQ3Lo8x_Naw1z)
zs_$;t93@<ovAi&zedvWwwO~D!=4~En6c6s~gAj6)-QW4<v(sC*La*V$Z2)1cex`nZ
zZR6M&Rn1Zg2ZM@>&PNri&&=f7X|BA^)(C|~gM%P1FJls!kINV{ENu2zDtbUNH$%AD
z^X7XJ;_CPS0$DCp0_@jlvJn+}cZ5&*g+&m#biVAvs>zN4lQ))q7_>*ey)MZYsKz3u
ztVn0o$U>u&xBCku-E<9hf0v&^Pe&KqWV(koSnJCn8arez<&VCNYBR)bxYJz<?pgzn
zH(y^%ig-Ou6A&gdMDSKie1vr|ngRZ`?Kree7dX&WsCIBxIRC}Mkl#4nELo6Gp?&Oc
zH<9r|;JyD=DsUKBUI=-iUwHNNz<S86dU-^`pIxg$YAzel6LOmO=6|`d_rdry)Arn1
z`?Zyp)r5`apU{j69j`Fzn$SgS`Y#*4RInzEZ@*G)okr+Ttg$2H(!Dw`)wL@~qg)`&
zr0rfU66nA0&wA2059V`-3P*u@)|@lFS+LG$_%efjFnUS@N;$qTu&T!?Cac9Ye9HF%
A2><{9

literal 946
zcmV;j15Nw@M@dveQdv+`006=O2uC8E&V8GvT|j%pMdx-TZ6#93Y`5<%sg^*8fqY!{
zNSpTI<Nrt`J=>|?xy(76gHjs4;>0sQ<+K{3?Ojxyu^304tNhy(0t|F1LsbzDf*QCy
zu99~T`LCkuTN4!v({V-OSGdnMud|F57^84w!PQol6~y73`4E{lYkDwkgOWewnb-41
zZ?_TTujf5=t7KCvC~u>n;N0q#kV_}vset#nd|?A<7bzYGa7S%qxQ>jI69_HHT1!~T
z0P}sv9ozA>(MU74=s<*D834b+c$8u3&sjnlmX%-=p{x4k?|!JYW_}>y8GTwGJ(aiN
zaW2_s_yNpsW=5TRswf4FhPD{y`PqwICJxZ?GMF6SG7yyv)DFtxFQ96q9zPvEDO~I?
zcdhttMameWejn~oZ-@z0CocmH*~!s=yHFvN?BySz$ugMtg6fVb2~vHlkZg%_{+06f
zY;5Qsx(SQYKXY5?lwR$BL^e=5&+2J{%+H3gibN5em-U>Yxmh1XSn_bw#nze1xeJL~
zaVO>Q_J%~9Q(bYPeyr2Za?S-qb(-U>zKq9$mZvzG652#UbRO(UM6E=v8@&DdMFdba
zEKp7I)i_6Gbx<LZlRqQFx%_UKuatR&x-5PPU}oBw!k8UUtI6c*aApoSP6Tzk=lb0I
zNCuUB<WxPzhM}bO=pBXe7n^1m#VmzMo7p3Vgx(jdwsk@M6nP)%k<(re&Q+v~VnP{Q
z|E~jE&o#V66FbNYJ2HF$m>mO7K@+?=6cK_syI<tR)qL^@C!u_K5HrqdyV;L<Q_E*H
z$xgh4o+q4QC)}_^!fzkV6){4s<!w;v_z3d9-leq%gS5nt&l8VBKV19NAu9}Aq^&BP
zd|H2+z<LLIOB1!%@IBIP(IfTRomfPzc4${ypUQEd=yt+<c~0ah&mq6sSb}pB+Iz!4
zTsY<&1R59L2|*cWQ1C8lLsNQU3eI!?U>S_|Is7#QQ=A<B#p)X+=!}jp=75p&*<VtU
zb?o~XUbcM@!x?r;?<~i6ROIeNi=WUgA^2e(!XBuQi8{8=Qng5q09?mC_Yl-E(2;w=
z^36bFxmBrAAi3ND8>7a=oh?=-HmJ-G^ZDqZaKHgb;WV5XC{$^-YvVdQuwjZ#aD((x
z{@c%-*s54S)EcBltE(X=4fngO#>q1#&8!6-f;&pajQHt>!&@)<$G=x)BufMXDyFoa
Usmd2R7mm(>R8M7SgRTcsn{!IgeE<Le

diff --git a/config/hosts/wind/data/secrets/ssh_host_ed25519_key b/config/hosts/wind/data/secrets/ssh_host_ed25519_key
new file mode 100644
index 0000000000000000000000000000000000000000..bdb47e8ee0327b4c86c6ccc5ea84fb1b256a4cbf
GIT binary patch
literal 421
zcmV;W0b2e5M@dveQdv+`0NuFg1zXqke?}cjti+=bWNuM-IyO-%GY;v0AE_&>$Loek
zYXj@n1RR<bz{~upX?eo-XS*3_PO>p~Ww~5;t*M^6=Djyn1e}kN5EretpnSv(N40}a
zzEv$!D?Cbo!X2@ZEWC8AygLpMU3fqDMh4Ps+?mhM#8wj70%6ms2`bAq@X(3`SGf<H
zGiurPpj(U(PU!00#2?m|jkUIgbUFSMVaa%?7){&pMShWznaNxuy>g@my6s0kn}lqe
z^$)74ay~ET701uP^4nDOavsRd3)&-tV*Pggqx$+8z%za#aRY{rWXC-~A1w(;xhH=n
z2=g~L9)iLWwj+dF7jw1XuZZKNFkHRm`=z#|G#*9%3Uygh+F{UxeI>d;q7Cr6nDm*F
z08rlO{NO?BX>5zQKpH>_Kz33<K^$QDyClzG-iO^{W#YsaX$*;@Of)(y8%Z@%;91T0
zR{cfQG4oj+rj(-5UP1P?D?L*pOt{Z6O%za27<{AuR|Bp2050aK(<(T2YojbgS#(G*
P->EZUF9H0&@hGl>Ci%))

literal 0
HcmV?d00001

diff --git a/config/sources/nix/sources.json b/config/sources/nix/sources.json
index e00fe14..32b4231 100644
--- a/config/sources/nix/sources.json
+++ b/config/sources/nix/sources.json
@@ -5,10 +5,10 @@
         "homepage": "https://github.com/nmattia/niv",
         "owner": "nmattia",
         "repo": "niv",
-        "rev": "5830a4dd348d77e39a0f3c4c762ff2663b602d4c",
-        "sha256": "1d3lsrqvci4qz2hwjrcnd8h5vfkg8aypq3sjd4g3izbc8frwz5sm",
+        "rev": "9cb7ef336bb71fd1ca84fc7f2dff15ef4b033f2a",
+        "sha256": "1ajyqr8zka1zlb25jx1v4xys3zqmdy3prbm1vxlid6ah27a8qnzh",
         "type": "tarball",
-        "url": "https://github.com/nmattia/niv/archive/5830a4dd348d77e39a0f3c4c762ff2663b602d4c.tar.gz",
+        "url": "https://github.com/nmattia/niv/archive/9cb7ef336bb71fd1ca84fc7f2dff15ef4b033f2a.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "nixos-hardware": {
@@ -17,10 +17,10 @@
         "homepage": "",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "46df95ca81e7e4cf3458cdb4b7d1714b5fce9da5",
-        "sha256": "0rxff15a2z9hcs4xkaymdwgqlkjxvyyylcg66qhi23lia995f2ga",
+        "rev": "c361b954759195c2ac085fbbed5ad7d513e1585b",
+        "sha256": "0grx60c7qhidnna8d5i6mq4mymwpq8rlkrl275dgchv5yfy451js",
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixos-hardware/archive/46df95ca81e7e4cf3458cdb4b7d1714b5fce9da5.tar.gz",
+        "url": "https://github.com/NixOS/nixos-hardware/archive/c361b954759195c2ac085fbbed5ad7d513e1585b.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "nixpkgs": {
@@ -29,10 +29,10 @@
         "homepage": "",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "c6019d8efb5530dcf7ce98086b8e091be5ff900a",
-        "sha256": "1havpwch8wkbhw0y2q3rnx4z0dz66msxb1agynrgvkw4qmm2hbpj",
+        "rev": "c28fb0a4671ff2715c1922719797615945e5b6a0",
+        "sha256": "1qzvhxcsxb6s410xlfs4ggcvm1xbbd4jrazy6cpxc1rkrxbyz0kk",
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/c6019d8efb5530dcf7ce98086b8e091be5ff900a.tar.gz",
+        "url": "https://github.com/NixOS/nixpkgs/archive/c28fb0a4671ff2715c1922719797615945e5b6a0.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "nixus": {
@@ -41,10 +41,10 @@
         "homepage": "",
         "owner": "Infinisil",
         "repo": "nixus",
-        "rev": "817ef8a9a9e37e9fbf414507daaf8e477640e1c7",
-        "sha256": "1lrns4lm7kskg7vcdw3m3kpwn669q7qbrmj8n24399ghr699v70h",
+        "rev": "60ea7eb5e18d58ac7742234855b7192112fd4049",
+        "sha256": "0c9jkhd6xmgaw2gzbcsf7k1p42sn8dyhla71x1bp902mnfdgjsxx",
         "type": "tarball",
-        "url": "https://github.com/Infinisil/nixus/archive/817ef8a9a9e37e9fbf414507daaf8e477640e1c7.tar.gz",
+        "url": "https://github.com/Infinisil/nixus/archive/60ea7eb5e18d58ac7742234855b7192112fd4049.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     }
 }