2024-08-08 22:37:18 +00:00
6 changed files with 525 additions and 16 deletions
--- a/flake.lock
+++ b/flake.lock
@ -44,6 +44,97 @@
        "type": "github"
      }
    },
+    "agenix-rekey_2": {
+      "inputs": {
+        "devshell": "devshell_2",
+        "flake-utils": "flake-utils_3",
+        "nixpkgs": [
+          "clicks",
+          "nixpkgs"
+        ],
+        "pre-commit-hooks": "pre-commit-hooks_2"
+      },
+      "locked": {
+        "lastModified": 1722597419,
+        "narHash": "sha256-YbMzll0Dh2ln/TryDP+S3IGm8nRHkzcSQIubI4ZEOAw=",
+        "owner": "oddlama",
+        "repo": "agenix-rekey",
+        "rev": "126b4a5133eb361cbf5bf90e44c71b6f830845ec",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oddlama",
+        "repo": "agenix-rekey",
+        "type": "github"
+      }
+    },
+    "agenix_2": {
+      "inputs": {
+        "darwin": "darwin_2",
+        "home-manager": "home-manager_2",
+        "nixpkgs": "nixpkgs_3",
+        "systems": "systems_5"
+      },
+      "locked": {
+        "lastModified": 1722339003,
+        "narHash": "sha256-ZeS51uJI30ehNkcZ4uKqT4ZDARPyqrHADSKAwv5vVCU=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "3f1dae074a12feb7327b4bf43cbac0d124488bb7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
+    "aux--docs-site": {
+      "inputs": {
+        "flake-utils": "flake-utils_4",
+        "nixpkgs": [
+          "clicks",
+          "nixpkgs"
+        ],
+        "snowfall-lib": [
+          "clicks",
+          "snowfall-lib"
+        ],
+        "wiki": [
+          "clicks",
+          "aux--wiki"
+        ]
+      },
+      "locked": {
+        "lastModified": 1716650000,
+        "narHash": "sha256-JmR6GR0gzSvtz4BdcfickEqU2m9jBIzzP0XDWA1llZA=",
+        "ref": "refs/heads/main",
+        "rev": "c403a8151b87654a0cb24ad28fb23edc3f78906e",
+        "revCount": 14,
+        "type": "git",
+        "url": "https://git.auxolotl.org/auxolotl/docs-site"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.auxolotl.org/auxolotl/docs-site"
+      }
+    },
+    "aux--wiki": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1722641105,
+        "narHash": "sha256-jdDGNg/qcsFmacZQX2RoEILoRLeMRWtA7OEre1ZRDxc=",
+        "ref": "refs/heads/main",
+        "rev": "9269687c6d49976d904516120dcf84bbe659900c",
+        "revCount": 210,
+        "type": "git",
+        "url": "https://git.auxolotl.org/auxolotl/wiki"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.auxolotl.org/auxolotl/wiki"
+      }
+    },
    "auxolotl-website": {
      "inputs": {
        "nixpkgs": [
@ -85,6 +176,42 @@
        "url": "https://git.auxolotl.org/auxolotl/buildbot-nix.git"
      }
    },
+    "clicks": {
+      "inputs": {
+        "agenix": "agenix_2",
+        "agenix-rekey": "agenix-rekey_2",
+        "aux--docs-site": "aux--docs-site",
+        "aux--wiki": "aux--wiki",
+        "deploy-rs": [
+          "deploy-rs"
+        ],
+        "flake-utils": "flake-utils_5",
+        "home-manager": "home-manager_3",
+        "impermanence": "impermanence",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "snowfall-lib": [
+          "snowfall-lib"
+        ],
+        "unstable": [
+          "unstable"
+        ]
+      },
+      "locked": {
+        "lastModified": 1723155917,
+        "narHash": "sha256-wCGcBVZs6VuE/8K0tniJk+heyeZpdpNUxBDGFk1sPvo=",
+        "ref": "refs/heads/main",
+        "rev": "4123759130ad663a3409048bbc93f3c47ae7af35",
+        "revCount": 51,
+        "type": "git",
+        "url": "https://git.clicks.codes/Infra/NixFiles.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.clicks.codes/Infra/NixFiles.git"
+      }
+    },
    "darwin": {
      "inputs": {
        "nixpkgs": [
@ -107,9 +234,32 @@
        "type": "github"
      }
    },
+    "darwin_2": {
+      "inputs": {
+        "nixpkgs": [
+          "clicks",
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1700795494,
+        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
    "deploy-rs": {
      "inputs": {
-        "flake-compat": "flake-compat_3",
+        "flake-compat": "flake-compat_4",
        "nixpkgs": [
          "nixpkgs"
        ],
@ -151,6 +301,29 @@
        "type": "github"
      }
    },
+    "devshell_2": {
+      "inputs": {
+        "nixpkgs": [
+          "clicks",
+          "agenix-rekey",
+          "nixpkgs"
+        ],
+        "systems": "systems_6"
+      },
+      "locked": {
+        "lastModified": 1695195896,
+        "narHash": "sha256-pq9q7YsGXnQzJFkR5284TmxrLNFc0wo4NQ/a5E93CQU=",
+        "owner": "numtide",
+        "repo": "devshell",
+        "rev": "05d40d17bf3459606316e3e9ec683b784ff28f16",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "devshell",
+        "type": "github"
+      }
+    },
    "flake-compat": {
      "flake": false,
      "locked": {
@ -184,6 +357,22 @@
      }
    },
    "flake-compat_3": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1673956053,
+        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-compat_4": {
      "flake": false,
      "locked": {
        "lastModified": 1696426674,
@ -199,7 +388,7 @@
        "type": "github"
      }
    },
-    "flake-compat_4": {
+    "flake-compat_5": {
      "flake": false,
      "locked": {
        "lastModified": 1650374568,
@ -274,7 +463,7 @@
    },
    "flake-utils-plus_2": {
      "inputs": {
-        "flake-utils": "flake-utils_3"
+        "flake-utils": "flake-utils_6"
      },
      "locked": {
        "lastModified": 1715533576,
@ -311,7 +500,61 @@
    },
    "flake-utils_3": {
      "inputs": {
-        "systems": "systems_6"
+        "systems": "systems_7"
+      },
+      "locked": {
+        "lastModified": 1694529238,
+        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_4": {
+      "inputs": {
+        "systems": "systems_8"
+      },
+      "locked": {
+        "lastModified": 1710146030,
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_5": {
+      "inputs": {
+        "systems": "systems_9"
+      },
+      "locked": {
+        "lastModified": 1710146030,
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_6": {
+      "inputs": {
+        "systems": "systems_11"
      },
      "locked": {
        "lastModified": 1694529238,
@ -349,6 +592,29 @@
        "type": "github"
      }
    },
+    "gitignore_2": {
+      "inputs": {
+        "nixpkgs": [
+          "clicks",
+          "agenix-rekey",
+          "pre-commit-hooks",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1660459072,
+        "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@ -370,6 +636,64 @@
        "type": "github"
      }
    },
+    "home-manager_2": {
+      "inputs": {
+        "nixpkgs": [
+          "clicks",
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1703113217,
+        "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "home-manager_3": {
+      "inputs": {
+        "nixpkgs": [
+          "clicks",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1722630065,
+        "narHash": "sha256-QfM/9BMRkCmgWzrPDK+KbgJOUlSJnfX4OvsUupEUZvA=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "afc892db74d65042031a093adb6010c4c3378422",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "impermanence": {
+      "locked": {
+        "lastModified": 1719091691,
+        "narHash": "sha256-AxaLX5cBEcGtE02PeGsfscSb/fWMnyS7zMWBXQWDKbE=",
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "rev": "23c1f06316b67cb5dabdfe2973da3785cfe9c34a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "type": "github"
+      }
+    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1703013332,
@ -402,6 +726,22 @@
        "type": "github"
      }
    },
+    "nixpkgs-stable_2": {
+      "locked": {
+        "lastModified": 1685801374,
+        "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c37ca420157f4abc31e26f436c1145f8951ff373",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-23.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1721838734,
@ -419,6 +759,22 @@
      }
    },
    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1703013332,
+        "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_4": {
      "locked": {
        "lastModified": 1721743106,
        "narHash": "sha256-adRZhFpBTnHiK3XIELA3IBaApz70HwCYfv7xNrHjebA=",
@ -462,14 +818,45 @@
        "type": "github"
      }
    },
+    "pre-commit-hooks_2": {
+      "inputs": {
+        "flake-compat": "flake-compat_3",
+        "flake-utils": [
+          "clicks",
+          "agenix-rekey",
+          "flake-utils"
+        ],
+        "gitignore": "gitignore_2",
+        "nixpkgs": [
+          "clicks",
+          "agenix-rekey",
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": "nixpkgs-stable_2"
+      },
+      "locked": {
+        "lastModified": 1694364351,
+        "narHash": "sha256-oadhSCqopYXxURwIA6/Anpe5IAG11q2LhvTJNP5zE6o=",
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "rev": "4f883a76282bc28eb952570afc3d8a1bf6f481d7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "type": "github"
+      }
+    },
    "root": {
      "inputs": {
        "agenix": "agenix",
        "agenix-rekey": "agenix-rekey",
        "auxolotl-website": "auxolotl-website",
        "buildbot-nix": "buildbot-nix",
+        "clicks": "clicks",
        "deploy-rs": "deploy-rs",
-        "nixpkgs": "nixpkgs_3",
+        "nixpkgs": "nixpkgs_4",
        "snowfall-lib": "snowfall-lib_2",
        "unstable": "unstable"
      }
@ -499,23 +886,22 @@
    },
    "snowfall-lib_2": {
      "inputs": {
-        "flake-compat": "flake-compat_4",
+        "flake-compat": "flake-compat_5",
        "flake-utils-plus": "flake-utils-plus_2",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1717625599,
-        "narHash": "sha256-qX9VJizFEoiRWDEiVs5+2w4FclQNQVVPvGPESsZ1F8k=",
+        "lastModified": 1719005984,
+        "narHash": "sha256-mpFl3Jv4fKnn+5znYXG6SsBjfXHJdRG5FEqNSPx0GLA=",
        "owner": "snowfallorg",
        "repo": "lib",
-        "rev": "5a10d2e37b6c6223763fa7c00b974875e49f93cc",
+        "rev": "c6238c83de101729c5de3a29586ba166a9a65622",
        "type": "github"
      },
      "original": {
        "owner": "snowfallorg",
-        "ref": "dev",
        "repo": "lib",
        "type": "github"
      }
@ -535,6 +921,36 @@
        "type": "github"
      }
    },
+    "systems_10": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_11": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
    "systems_2": {
      "locked": {
        "lastModified": 1681028828,
@ -610,6 +1026,51 @@
        "type": "github"
      }
    },
+    "systems_7": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_8": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_9": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
    "treefmt-nix": {
      "inputs": {
        "nixpkgs": [
@ -649,7 +1110,7 @@
    },
    "utils": {
      "inputs": {
-        "systems": "systems_5"
+        "systems": "systems_10"
      },
      "locked": {
        "lastModified": 1701680307,
--- a/flake.nix
+++ b/flake.nix
@ -9,7 +9,7 @@
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    unstable.url = "github:nixos/nixpkgs/nixos-unstable";
    snowfall-lib = {
-      url = "github:snowfallorg/lib/dev";
+      url = "github:snowfallorg/lib";
      inputs.nixpkgs.follows = "nixpkgs";
    };

@ -28,6 +28,16 @@
    buildbot-nix.url = "git+https://git.auxolotl.org/auxolotl/buildbot-nix.git";
    # Do not override nixpkgs in buildbot-nix (see https://github.com/nix-community/buildbot-nix)

+    clicks = {
+      url = "git+https://git.clicks.codes/Infra/NixFiles.git";
+      inputs = {
+        deploy-rs.follows = "deploy-rs";
+        nixpkgs.follows = "nixpkgs";
+        snowfall-lib.follows = "snowfall-lib";
+        unstable.follows = "unstable";
+      };
+    };
+
    deploy-rs = {
      url = "github:serokell/deploy-rs";
      inputs.nixpkgs.follows = "nixpkgs";
@ -56,7 +66,7 @@
        inputs.agenix-rekey.nixosModules.default
        inputs.buildbot-nix.nixosModules.buildbot-master
        inputs.buildbot-nix.nixosModules.buildbot-worker
-      ];
+      ] ++ (lib.attrsets.attrValues inputs.clicks.nixosModules);

      deploy = lib.mkDeploy {
        inherit (inputs) self;
@ -67,7 +77,10 @@
      };

      agenix-rekey = inputs.agenix-rekey.configure {
-        userFlake = inputs.self;
+        userFlake = inputs.self // { outPath = lib.pipe "" [
+          lib.snowfall.fs.get-snowfall-file
+          (lib.strings.removeSuffix "/")
+        ]; };
        nodes = inputs.self.nixosConfigurations;
      };

--- a/modules/nixos/auxolotl/security/secrets/default.nix
+++ b/modules/nixos/auxolotl/security/secrets/default.nix
@ -12,7 +12,7 @@
      "${inputs.self}/secrets/keys/minion/iyubikey.pub"
    ];
    storageMode = "local";
-    generatedSecretsDir = "${inputs.self}/secrets/generated/${config.networking.hostName}";
-    localStorageDir = "${inputs.self}/secrets/rekeyed/${config.networking.hostName}";
+    generatedSecretsDir = lib.snowfall.fs.get-snowfall-file "secrets/generated/${config.networking.hostName}";
+    localStorageDir = lib.snowfall.fs.get-snowfall-file "secrets/rekeyed/${config.networking.hostName}";
  };
 }
--- a/secrets/generated/axol/clicks.services.headscale.database_password_path.age
+++ b/secrets/generated/axol/clicks.services.headscale.database_password_path.age
@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> piv-p256 xE4ypg AotC1OcKc0ti5K6mtsUMYAqbatTWQDKp/2FrnOlzkjdO
+0rQChKMRXxIcSYDstypsXuielQrocv4BA5A1sl13OI4
+-> piv-p256 Hpt/+Q ApUzYGw2STuEvWzD9ApOVYZt6chkddNNUqMdFrHVLfob
+fuEK2OPd+RZ6NyTGDkT9XDqKoRM3PKIH+7uXT2vloeQ
+-> piv-p256 zfskmQ A6tQg5bZLRhR6P7Ch1OYGB+8epuYWVgY8NHVt2/duCX4
+UZ/siP1+Ee5fOucjCuy9OdJdYr2+HA4UElUJKfR/Z+w
+-> :98mk-F1-grease . NZ)[K^Y dH
+lNVgE+LU+g
+--- jnqRYlJ+O2Gyyq3F+Bg6wbeWnr+BrvnyS7yZJSBVdMA
+¾2<ž½úG<7F>²öw;Á•–¨É2}æAmw˜Y6ºa©5TÖÉd<EÍ„Ñ×0Î9]µÍpŒ}„ÄçÆ7.À¤™¤Ë¨. ‹äé\FN¢)@µ
--- a/secrets/rekeyed/axol/c8d99c55c1546d3c2295c1e91c6db9e6-6d7837d2fe4c729d0aee7dabf3958b9dc8070761e8e3a0425d8e4dcbbe86325d.age
+++ b/secrets/rekeyed/axol/c8d99c55c1546d3c2295c1e91c6db9e6-6d7837d2fe4c729d0aee7dabf3958b9dc8070761e8e3a0425d8e4dcbbe86325d.age
@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 JMblKQ K3PuGxokm5IVyWvKINebQ78IludSXmPQ6TszMlJ+y2Y
+gSIZJVDNkGEwKqMoqnVWQnZlCtquX8OiY+zokAE3qCs
+-> y`qQqQ*-grease K-
+uoC/
+--- psxc2ttdWjZPh1yijDIrFPs4Mc7naugmqC58dH2UKD4
+4¥S0íRî)x´¬Úb’Ú‘ð¤hì˜W±Záö•·?‚U|ì÷é!qéK¶Œ±ÙŽsö³Û	Ÿßù·^‰]‡ºå)ïªð1§Á®A‚˜>Ù
--- a/systems/x86_64-linux/axol/default.nix
+++ b/systems/x86_64-linux/axol/default.nix
@ -6,13 +6,17 @@
 # 137.184.177.239
 {
  pkgs,
+  lib,
  modulesPath,
+  config,
  ...
 }: {
  imports = [
    (modulesPath + "/virtualisation/digital-ocean-config.nix")
  ];

+  age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG+vSEiWVIn53Jyhs0QmVa7d7qkoArCWVbP1yKv46FDX";
+
  boot.loader.grub.enable = true;

  virtualisation.digitalOcean.rebuildFromUserData = false;
@ -47,5 +51,18 @@
    };
  };

+  clicks.services.headscale = {
+    enable = true;
+    domain = "vpn.auxolotl.org";
+    database_password_path = config.age.secrets."clicks.services.headscale.database_password_path".path;
+  };
+
+  age.secrets."clicks.services.headscale.database_password_path" = {
+    generator.script = "alnum";
+    group = "headscale";
+    mode = "0440"; # Needed to allow headscale group to read
+    unstableName = true; # Clicks option to base the name on a hash of the contents ... helps with autorestarting services
+  };
+
  system.stateVersion = "23.11";
 }