diff --git a/README.md b/README.md
index d213970..2370bb3 100644
--- a/README.md
+++ b/README.md
@@ -2,87 +2,6 @@
Welcome to the Nix Community infrastructure project. This project holds all the NixOS and Terraform configuration for this organization.
-## Services
-
-### `Community builder` - build01.nix-community.org
-
-We provide an x86 build machine as a public remote builder for the nix community, this machine also has an aarch64 machine configured as its own remote builder.
-
-See [here](roles/builder/README.md) for more information.
-
-### `Continuous integration`
-
-We provide x86 and aarch64 linux CI via these systems:
-
-- `Hercules` - https://hercules-ci.com/github/nix-community
-
- - To enable hercules builds go to `https://hercules-ci.com/github/nix-community/$REPO` and click "Build this repository".
-
-- `Hydra` - https://hydra.nix-community.org
-
- - To enable hydra builds add a new project in this [file](terraform/hydra-projects.tf).
-
-### `Cache` - https://nix-community.cachix.org/
-
-All of the above CI builds are pushed to the cache.
-
-Thanks to Cachix for sponsoring our binary cache!
-
-### `Search` - https://search.nix-community.org
-
-Hound code search for NixOS and nix-community GitHub organisations.
-
-### `nix-community.org DNS`
-
-DNS is managed by terraform in this [file](terraform/cloudflare_nix-community_org.tf).
-
-### `ryantm-updater bot`
-
-- Docs: https://ryantm.github.io/nixpkgs-update
-- Logs: https://r.ryantm.com/log/
-
-### `nur-update`
-
-## Support
-
-For urgent matters, create an issue here: [New Issue](https://github.com/nix-community/infra/issues/new).
-
-For repo additions, service requests and general conversation about governance and direction of the project, use the [Discussion forum](https://github.com/orgs/nix-community/discussions).
-
-For casual chat, come join us in the [nix-community](https://matrix.to/#/#nix-community:nixos.org) room.
-
-The admins can also be contacted via [admin@nix-community.org](mailto:admin@nix-community.org), email sent to this address will be forwarded to all of the admins.
-
-### nix-community administrators
-
-- [@Mic92](https://github.com/Mic92)
-- [@adisbladis](https://github.com/adisbladis)
-- [@ryantm](https://github.com/ryantm)
-- [@zimbatm](https://github.com/zimbatm)
-- [@zowoq](https://github.com/zowoq)
-
-#### Role
-
-The role of the administrators is to support the members of the org, and the Nix project in general.
-
-#### Responsibilities
-
-The administrators are responsible for serving the community to the best of their ability and availability.
-
-They provide services such as:
-
-- keep the systems updated and patched
-- reply to user requests
-- host new services that could help the project
-- on-board new projects
-- resolve conflict
-
-The administrators are the only "owners" of the github organization.
-
-#### Quorum of 5 rule
-
-To reduce the attack surface on the project, the administrative team size is limited to 5 people.
-
-## Hosts
+You're probably looking for our website [https://nix-community.org](https://nix-community.org).
See [HOSTS.md](HOSTS.md), this file also contains deployment details.
diff --git a/build01/secrets.yaml b/build01/secrets.yaml
index 462d26a..77a4964 100644
--- a/build01/secrets.yaml
+++ b/build01/secrets.yaml
@@ -1,3 +1,4 @@
+ssh_host_ed25519_key: ENC[AES256_GCM,data:dDy8vWXdGwJTE8Y/DoOymD9mUXFWi/OkA5fydJ+PxOR1fZAszxVWGtb61mmiVD47guAP1Dt3H5+0V+uAU07SB8T0pCXy7u0/3WhCYRnciEgeq3LmXlH4DuEZGmgn2gyHGPos+bwvn2NCzYwbu0xnG0VtogN0geg1kOSDhnMKcbAKs7cy3KGJoEROAtkVV60ehgLmbL/Zpy8Qi9fW8PTVbZC/5RauFabvc6XpE0D8iKo/jESBrj891+pg2K3sIjXsXhweW+AvAPgcBq591DnaLllbcZ1U5PVMtiCR0oopdcohoreylzWL5F77mHQBRv82RMQ5MJ/kdcJldHSauS4yAKrI3QqwlIBb2KKPJW3sY/eEoeqvMkW1cc6gRp+Gha/FDQmNc9kgOuoru0vfwp82CEFY4TqlhqOd7pqNtFFP6NCbsJNt2ixlbHK/HVm2JC1JKNuAU4sRK4sq/esrzmZsxxZoNY/epplH+CvaoVt+zD7yWPN8rYWXjb33OePsp2u3OQEA1dl9Fl8WIxi1gRy/BCnw2VlSDWd/tqykpJd6cZTcAds=,iv:SAP3WMpYW2U/IRJmUeTlntlkHYrd7d3JD1zB0hJkHnU=,tag:LwVUTelkr8HAyYSY/mGQrA==,type:str]
aarch64_nixos_community: ENC[AES256_GCM,data:NKxnuw29KQqBMNzFV2VjdW9u4w6LVmGZ7bVDdpm+LFtt09kQ+wBGbcA03JVzIJljz7D5TyqCZKD3RUqV20Her2S4eFPp874PgTjhfrbgsqPUWw6gai5Vkuvc8c9SQXtgjqiC/YH0tE5mhb3XbmMBaQ7fKgm2USTxhG1x2aROEf6csqvc7AV5MLHjhiKdR346XzrUusjxgDAz3iTIZ/B2ZHPx0uWkC/25hi2KPWvIL9cWH5CxzLBs1ONhVsv/zMjjk93ElwGrAXSO6SsIiHkPX4n8m95I023AhN06gsjJdQr+ZByht5TINSgXcRIDX6P5/YiRKyx3dJU66gPXxWD3gxz37LZYUlwu3zZOe0paqyuhX2vbKF7SrN8SCtlOCjo9QGXfSeLarriJfUEt4KoklopzNzGIg1+g1hc7IgMeXmueQoXwE6OSeqiTas83LufWiIxWF3phcL7wRhza915Y1nTUvoZ08feBJAXbZSDUBZ0k5sXt9A3Fe0Wqwu9TtezBI5NK,iv:QtukYyk5fX59Wfhua9A++rFXnAS8DEL06xZ5LUlKaLo=,tag:iEfPNa/YMF3J3/fXD4gXxA==,type:str]
sops:
kms: []
@@ -50,8 +51,8 @@ sops:
dFZvQmRaaGllN0dlVlJHN0hJcFlCeUkKysyibAXdnxdiFzEmO6vkmGcvF0/caclg
5uu+oe6Hpyy5tt9f+U0Kln7W+6xq66JTV1YxuFcMkFCO+/kFefyzvQ==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2022-10-25T12:14:01Z"
- mac: ENC[AES256_GCM,data:DEd228eLQ64rkSR+s/KSSK9prArBKlnGK7+b+waOPVr2bwtwFFl8kHDC/hT6euGHpdj1mRF4EkkCV1nWUmMWwFzcoaPLLniX53qELaGY3MmJgkJOnsMfHFotlweiJi9LVztmJjS0wka3Ua/xVB+qETVE2QF8bS7xJ4T02zadenc=,iv:OB0+RoNdBCf5i6/BqyV5gOmgpptwHxmocvX/wojRW1E=,tag:2I8l7ZITTrh1xHx9DctMrw==,type:str]
+ lastmodified: "2023-04-24T21:58:51Z"
+ mac: ENC[AES256_GCM,data:F0T6QcjxbH16vH2w1Nq+jAFtCPNYiFkoVsaEBQyl0mP9RDMwo1QzxzXGrmMKydptGecE7mJQ2DHaxOhlMWKsqCGY7LEDmkzm/DCXOs1QoCUuUg0KOc3oRqTXcveyEa8CQQ6DAq+3K2F3Er7pDehh+NjeeQ3lRcsrVN5cZ571ku8=,iv:gO7BzitWqEZ0aRBwFuOl30utGBLdNwU6qoTmgaX+oiM=,tag:cl8O6p6a731dKtzrX1It8Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3
diff --git a/build02/secrets.yaml b/build02/secrets.yaml
index bca6cd4..5f3e994 100644
--- a/build02/secrets.yaml
+++ b/build02/secrets.yaml
@@ -1,3 +1,4 @@
+ssh_host_ed25519_key: ENC[AES256_GCM,data:k4bq0nSGQgSUuNctN3Z/FeIFx5iLnj8CKw57C+XJJLpJN9HS8lW9X9COZv11VyWBzgk0zI/sLxNp7vZJhQf6c3ovQtLudt5Zbv0NcbvSWqfYvJ56h+s0u+cwmpMG1RRxFNO8sAVIxhupk0sfFqzp3LuMuNxbEA4PcH/dcFE9NTJjgGFr6RcptTkyUfFc5+UpU/rNfg6Wr49PEve8c5IrY67Dh8VhsUF6jdPg80M4apYOViIyEvaiCeKQBRVqgV2iRyj6CYd026fBLtQtTVKK4lIvGvvnbKRAT2PqHBCjQdiv5c5jWcO0Pn05+kvsf2Gu9QD3fM9rlQCTji5Vv5pFM+PyHonB+feO+uWVe345CuuWZdZ259H1CLv6Xl2ukAzqy8C+2sn5Jf7tGl6kbg9D/O/gBtaYxLsa7HC00+Syt7243zWEakXvMeM83g8LmaU7LRYc95a7ETtIUQsDT1B0porg1Xq85U/OXkkpAsdRwB/Xz5BLzKAzr5ToLBoAfUIQ3Au/c9ZJbihZQZ+yzRNT,iv:wiGEXOQ7W5AVyKxYOwAMOZQVMHJMp59ITuIwjamPZOU=,tag:jvB3SCPdhblgXUVFy5OBWw==,type:str]
github-r-ryantm-key: ENC[AES256_GCM,data:Z6kGGGGLClFWxBu4RpPw3F/QrkLVIgkvLzi5ALUAjD/xUvrKvgylRoJVTBWEK6bVoZePxzXbdzNo7JzDvheRnDx4x/qQNiLjCixObzIqsIAEIqj2orJmNVRks2gLmFOCR3MS++tOV/tb3iRmjRSnzzSCdZE4Fzo/iUXVRZpTcO5ONxwTXd0i9Hlk9D6An0mbJD7cR93eBtWpyZM0LwYN5aEukUW/HYfsHKtqj43OlaaaBylIX3cMQzOT9Gup0uYb3yWVsvfqKC0WekAgakn6V1JM0wUJiO/dPQe6Su7nP5gEAxLXd6J8Y6lRT6KnWsQDf5GaIs5FoCJb3QXu1Pkv61fx5X8rdmKCbggp9cbtIcpGFhKM9vyLZnILdpCGGYLJGhNh/7XQvQLeaLuyi456m/fCm2j1vQ9uhON5caQMeFwNuvnaDErrZtNyTKUDcxgY6gtXIqmd7s2c+o1AQqC+dJf0jy/z2tYFwJrXety80CA4yc/yyvlfRLO+tPfhfsQPTbSMIof8oZhcHZNjPj6IjPpn5NbhWbFvtYbER5fSRhyvvwG5jPNtUnAK+k9OIOHo68tjbm7t8B55nm7Kd7gv3eajNl8V2M7jEidIhaIAW7SWhL0/FiRJWosHAq4p/G+URB1Ll9Ay/hKZ/78+hh4M2UQKT8HnoFleevxWFeMmmZDmk3YTGW5WWogrAQ3bA361/ggQwhs+07Bbl2e0VIMdY/gMvY1ppOuGHvoXhvfIQHLdOlgOMQW5MYBMwleMffrPJpsxGBMgwmXP0CmEwTE3Zg7G7cuNFxhR0z6W27ck06tLbn68P9z9GKh9TLnrbRsQHZVYr1eFt9ewr71vAs5t4iqGr5yzVT7fJRO1BZaifwybEDKRFScCJXEeEEu6l3/eqaq/tTHvJ/0TSl2udMuxzgtpUxx26RPvSJFWB7ACyFpMMJncUVKTxyr2vzP3WNLbqvAjEL1AmGVucHxi7zUfvDPw1gCeAgit8u0xuDH2T6Ws4kF6AuXqo5qC1MmIA8d8T3aw9q9iWj58/PMWC85uYwf3Od8WAD9BK3nb74v4TsthgxaY5JVOspnG1vKDZQKfjzHQk3kvT08sGgs438KFj+58Fe+9vqKNLH2DBizEKF4aJ8drbTBOItn/RFpoDtAdGKByeWjd3+0UDCJ1bI+6JB2PZo1CvpEz7GkjcK7y3vaEOnMyqGOzjnfVmfLQhVX3Vnx6mC1Z54slNlKTKTaeqoWrpqCT78NnC44c/Jqt7r6wuH/jqZt/uBXvENNyEn8kf8qbMcCjEtHZkzMoDuaoPbdlDCzOJbCiTEmyI/zvPC1qMxI2GfjNUSRNZIbKU5d47sgMqHJ40KN9paJZRt6hxLduk0BouzSF3DK1eV1x96Mi+lydOyLt34k/TlZzpVG3P3K/BIjlGQipNw7iRKxxF7QRvJJl6GjiHNIw3krHTvR5PPxBWL2BtQY6kemlenwVvpOfXSKVwTcMzq6V5gDrf2ks9DrzG8TD0zoPu3xw5SMoEq8DjE4MSvriw3jlgkAp9uxfqlksUXCayEqbuJpwa9O43LwwVVJbUFKlA/iWPU0zc4ejIBSyufnePcEZv7yYoPQEZIphPHKumqySND5p0WbmToNqYZgF7sdrxaIc2zh/jucE0TTI3jwn5i1D2RUpxvGOCjtPw29n7j8clRlrRQHK22628eKV1WpO4BI+jDZbNrkjDr43hhOKmJ0HTTkDkRP8CGjBV2qdnBWDKL98ksqfs2aXprtB9B4TrS0unUzHz1WH1R9BrAEOF/WoTKo/TXNc7AiwPxCm+FdGLgWsoMLuzwdq66QmdGAMIbtrzRHq/J1lHubt9ht9xYYJP/JwNuFjFoFOUubw/1ZkdFUrLaN7pN0Ll0ImoU/CudU8ehcwIyXx1dSYT8pcKNXp55Kw7MlydpcZvRVO7PJ0/HWMD+sLfm6OPTIPX/lFLo9NQwe/3xgfM0EJopQi7KFn2xoU0BGqsaSoO1UyOJr6NCDsXih58bPSbv2ho8ffIQxU289h1SjSQbxmVbH3R6sCN0YIJM7YmJ5oaZMJOCFX/Qg2RrtzN0dOp47GZQA+AXRwiccPaiJf+AlBODl0TUJHhqsCNbfp9mSz40wrrtxlXzbpelyzRNqyed8x5vFzEnLXUWGiQX6kh43anHpPO7rJOliWIudUo5R2Mi5sajZv04Og1V4BBcchjoW7ApnpsHOoIYeMtb7TsKxvAakAXrXwG0f1jr2/Wvi3k1/nLb9jv77IIlMqSejmPnkAjDmmDiFXwhu6WWw0tXCa4jQRu6PanpgTCOgt/UhdUpRC+CDM0EnLpkS2+TCspE/X75emx3VRaDo/aFKuF05FVS0U1nnH495ityljx141ztYnRlrzJyGS/Ps9v9NWR6CdTJBw1gOLCb2EwhBgJL6KZutkHir3uQfzRcBdw4O5QZ0VUPeUhMlUwtay6O/33RqAMpQIiLe0f/cRil/Ib3Xa05Gfdm2hLUgBsIl8ceScduMvl7bFnk18SFcWVWYU5CFaDuhsgD9vZE3BYjcCmAyKTqHhFyMZMZEnWE3vu/8u+0VgoUe0B2n4F8/vWSW7AEQ27hTpePNiUpTpI9ZtWUae/ZrBnbRV09SIfceZCrgCce7EtrHiILC5k6/HGsaoYFWT0B/cpBDJ5XnNNkbH8oOFd/yaNDHxcDhERje6Y5H9bRgPaZPt/H0xKBXxIYb6V9JZ4rc4qWaXWlZwyuNpjvwcm4GRTDyIp2Hdof6nBdn7AQrP5O0AXH3P1qqqIxEhx7uy4CNesFkbvt9zCtJQ9Od7kAWXWNp3YTRqKmmHQ00Tq5MYPwO3yybNRl2DiiBaA0a+l0CFNfGIgUwUvioZZ5p9yk+/CkqWuymkgbb+ChvXEZMskkkTJveZNhgNR4iFEHdMjaZhdMNPnfaFKf2rvu8pfAh7BFoWJOYNwkRXqI2eJNkXCVLbOuyez6Rcs0rDeCz5tgEGO5zPTTZg/VFD3p8dV5PyDSz+mIpe9M54I/FX0He4ws++u5AyDnN0CL//1rdZjyaEL2ZAD7l1yhH1WPttjikb9XS+SQ0kyxEnx/HMD0aNcIpVLbubRY/ll4JvkPG1KBKZfrm+cs8iaVTmyHcsfIPwnDOVTiVoHPoBH4Z35ULxVfNGzdw1S/qLuNLHCph+UNIrk/Ck8L27eobVetjzxqtBcdewVAZT7pOm34BKpukUvhe/zzUStUDZoMWdV005eLC76FH0JJyz8TCVrW1y1eHQzX8rMeBZEdoBseQqbU5LlptamZ7rUOJhkC/QLnZW0lSDOj17awQDxAFS5R7cewFo55Pe8XVu0fGZVdXO59biBuFOgtYiMrKoxGondhuiOTggjSQt1HLA7eAgRRrPG6npubPUAgpdwMsqRT6BS47WVL75vRu4TliPVKjElqWN3iQSze4ZwF71zNS775PqjaDXLRPKYMszpNgX7OMPbSb6EAiCQyT6R7gvPOgIVOrERCEF/0Vm7HjNHqTLOfW1M8um7e8gntYokVZtdGew/x2Dmb2PTj58gnYowH00ZrWbOw7DwW3nq0vpcAwB4Yo+H618dThdk3HDd+zOKHBJmoDP70QvNDyD5wDX+GkMTAL8/kfvZs98yvn3T7kw+qIm/pPfNJaigqutEmRFE7CRCewoohzQ0z/Glt0D1kh+OOnULIPrT2Pfq3nDhivJXC3HQZ1PFn9cKNwR/hl0Cslphm2sOwK3gpbba0vNvqXjh3w7TkJ3gTYQa81qiJbRwKvCOlAi3pt+KZalQ/DdG6/DBqVyYKqsJmAj/Y6NVQGpDBBn9uqlZ3G/nRZWaVEDKTdTXh4lPFMKU+o6b3fKsco4Bln4LfqB8BJU8xawTXx1sb6lHAcVZjEoWDU+u9VaGNNtI47jjxev0oeT+oID63xqz19ZY8pkJGSXtTbo/6jEkvSTx/l9v1mfSCytxMV6gney0Cx+QHAta7VHzKymgXcq0N1pt6XVoExLQTOIkPjIg2KUF9JPUg99WCsXZfLtqoinEYUZ/Alq7HOYKOdpjH+huID7Y2vda5Ivk8UuZpIeseQ4yhSoqA45QO+RQxX09xSUBjzLa8f6CJTfci5M0gY5P4QhmEdkYdMq14XG1dE3gK3Qw7FcpOB11GEamki5VT6+f512QH0h2V4dIf8sJFTHCYxHt16mXWv5HkmZAgv2QxchXq40aheKXwtMGmo/Ofi9iyX0qae6/t0XpRaXZiz0EJALZ8LXXfV0B8KUKe2o6RthDrhNXYzB2BZydWjf7yF1GWEc9a4TSTl1AUPAx5ExhayNATF0NMKRvanJVjJXRSZaN8QZnP0EKQycDwTmbHTXNg44oPx1cxGnBTfdSoB4n3XbDjOn8sSfMyllPe3k6dSGtJx3vHnVIjafdWcsRdUnSxu8rGg0HEIEwBkp6MsLbT9OTVYpqO4XoYe6KMaGJeWfAiaPSQTyZZkisblAGzAx5NnM51Rudo8hysu9BXlJtSvxHqXKdIGuF3/3gyZmxqezeHskbi0=,iv:Qg8SdZVOeOA1rHt/CCo1Fj9sqUvq5zhaetboYUIe2co=,tag:UNGFeWqBY46lK6/cEr4/Kg==,type:str]
github-r-ryantm-token: ENC[AES256_GCM,data:X77cQQQDFcUe9VcHZwbhZdyg6wFsAEwRMDaDojWYyHJf4RxWwRm8Vg==,iv:/PxtdHM1eTbRZb0KrjuSSutxBVwmFaSejp62qb+/D10=,tag:K/EH8Rl6CeZcigftKO3hNw==,type:str]
github-token-with-username: ENC[AES256_GCM,data:9k+TaxVIQ6BUASckGTAAdDsSS1OQ7WfF6oUdY8t/24VU5bK3M2Uozbfh6qUtmZFLcA==,iv:4AE/eoXHm1/gd3SdRYY+LyI56YFod8YD7ZKZ6uG840k=,tag:fboN3lX6vKVZHEtaZ+C8Gw==,type:str]
@@ -53,8 +54,8 @@ sops:
bnVKS2EyaFZBMUkrMTNVY3E3ckZuancKmVMCfroqIMsOcfLYCnWpMU8kP03zLawz
jb3VKAx8d19yDm9ZIcGMoLmjQlkcB3UGdJc+ZuN9iDi28amaIFmuCw==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2022-08-13T16:01:35Z"
- mac: ENC[AES256_GCM,data:0wv2yGprOR7vS0cN6n4/ZjbFaWu89nQsodJD0CnqpVIZ2XpvJX5KkgIhQ3RObDTW1h+zJlfBMApOsBaaUcd8rLhkSIiuZwXV5h317cI5kiE8wEdEAdAmErBUPHnpkR1XYOmvfgojOu8grWJLG9CBtd+QRnYudrNxlCwakHo6zek=,iv:EOLclMgS0L1Y8ZEvanAJ/9w0yDHrnnCd4xn0/RzPUOE=,tag:cK0zBeYE7BggamLI3bE3dw==,type:str]
+ lastmodified: "2023-04-24T21:59:21Z"
+ mac: ENC[AES256_GCM,data:EhLarLKw1mwwvrjMaxRS+BkNaACQ/MOexWFvtKFqyvLnRPtnKM6mUTtRwS+/62g3DNmOi9hRzJyeYd3Qg1q5W/ev/c6A6+p2eyBxuqPjmeEiaQEjvT8iWzNhwHXinkte8jD3hvVUXKK7nh9kdTV8DWkI/XTuNPlt7SeX19BVbkk=,iv:X/iDTLTM8vfyLkxPdNPlNds7KCURYlGG9n6i62VhODk=,tag:K1K2WqOsaTUcC1Qk41WyUg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3
diff --git a/build03/secrets.yaml b/build03/secrets.yaml
index 2fe0ba1..a459c86 100644
--- a/build03/secrets.yaml
+++ b/build03/secrets.yaml
@@ -1,3 +1,4 @@
+ssh_host_ed25519_key: ENC[AES256_GCM,data:FFHBBUVBMU/nqglYgKpzS+H1O/bIc7zBUfOf20TmLxOjz4qCtwfPsKI3h5pUVZtlmZYh8oBHGDENYdGeoJDOrXmDHKuSv96gVeQ+78F0C0JTPHHYuZeWTCXxgIJHuwLTLkuf3Q6ziClnKPaLnHXnKZ+nMgJ9U2ZhJ1TuQuLpCmkybG6jTH7Km3mqDAuBPU1gmIm5VQ3ooDhFTUmC0PmHDvrpKNY4tbtmYrs/8hchVg2jZh7P/ZBmyu0Pzehuijfzal64OEj5WqqgWal/icgMSq785r5FhtbzW44ZtLFDcFBAhoqtCHG9je2+HX7A8W5xCADxNac1FWKFDdJf7nIZmbhRZ6qemoZC4QpaByM1+ZXMZotjnQDlCJ3swWYN7St4zOirm/Hs/k6L3g6SuVwUMSnGaZMGMMd1lcVY9Gfll5CfSqkvGPyYrGpINSzX4UdXZVfM7wLSPvpDl95Y3GeRYVzNp1NCjyeYLIDtshNRYC6mkakBc1Eu89yULU04TAYjdKf+DX4h5buIQu4SWME6OSzPlvfw5CeDNOQVXdmXMs9rong=,iv:+bSiR0HSQzSu5ZWIW7VeLERr+sWcnfx5j6O4ImQdhF8=,tag:KFQwC3giekzexvJfoU22YQ==,type:str]
id_buildfarm: ENC[AES256_GCM,data:18qi8jBCsntp/6mM8iFkpUS+4yQAsaL6JtLBR9fT51XSWLOVgShRpqe6mTZTxvp7WeUA0QxIN5ZwIihk1KmUapTF8O7NIX3ulaustzu30A4Rm//oaS7xwV5GNji7TTTK0dtag6eLYiXqgguZ2aGuabDcn06f7wNzru7BWgJWJRVWi+yAnuTrZzOrhCvQ6uw34WXOa7BYxvXpHrLlIkm1mH54x86kqWpSkIhGoifW5kgx3WLyI6N0OnVISh4Uh6p7qH/UIAtDPrSAjpMsTcS0r9s4gaIClDbWNnq72JOGUmwH11dx1jhujMtaI6lY+i6+JIwSGJFI9+c6Rfl7dIAwY5f61Fv6r7f9O2eN1g4xvzVgTnkU47/yK79ePT4We/OSyxH66eKBmfXb1ds3kq+EF5hnNiWFNETIQIYXvcM9dBTrNwU8CVIrZkDRmvG5/dK3xAibTGYwNZ9fbCuYirE4XspurwFczsH2nchVMBbEYl/LlZYcUh/UgRvEhqjeTVqz9XkcWX5UJfSViaRbNYFZ07B74oPOK9hcdAPs,iv:RKMh8cCfoiU6AmafVtqVizfeamAkuqEU8HxTOppAitA=,tag:gJvEUhGLw+03YxpSCxaAag==,type:str]
hydra-admin-password: ENC[AES256_GCM,data:t0vmchbXXIAzvM2nxm4j16N9W67yWRb439M=,iv:qr/OfyMvTzi6Znw446KtxE2erh3XWi2VTJvVL2Ot2UI=,tag:mS6HlE6nojkemjp4F59+wQ==,type:str]
nur-update-github-token: ENC[AES256_GCM,data:KIZCx9IeuBHZei2V13iiyHzCedhkkGEd08mVJEc6F0DWQn1wtzC7+w==,iv:pNVRj/RR7wj64g640F7Vo4H10ijsxnrfFQnt6YHBug4=,tag:UlvOMNB5JZbuJaD9TcJ2UQ==,type:str]
@@ -53,8 +54,8 @@ sops:
eVZGYTA5SElDd2lLS2RUTk9wQlAwekUKfLBi6UPZGB0pY0G/2VMefO8KU6qhpCXc
COpm12JE6h/+dMsFQw75l+x3FPCrGD83qJdYWyM7/v0cQg4SfA+cPg==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2023-02-05T03:30:53Z"
- mac: ENC[AES256_GCM,data:7slqHIruEJ6de6Al8Tmnm/Zk0iuxuYyuTbUBvk7L5y1KOoeDwO2gAlCViSlhBPC1h+63tj5nzP+C/SEe5QMzUdNg4GOF89Tsu1Q0M8Llq1Xnt6JDFNG32PNEujZ/3cxpixVTs0VmpacOfWwN4K+qusmW1nQX8tUFtygezSXEqRY=,iv:4Ifgj4ENkVCVsaSL5V9Suhx8f2JvptUByn5sgvzp/50=,tag:qoXUMovToWcjIVoiGe0jgQ==,type:str]
+ lastmodified: "2023-04-24T21:59:57Z"
+ mac: ENC[AES256_GCM,data:OlS4htYXpBjYSFR5zsyr7H/cjT0DEsy4OQT3Bj7NkpZVpgS6zZ5s5BlND0wzgvvqwbACUjkiwZsEjIPD4xLfPsMlUm14NjZarBeePGN+/5hGpTjMHxJsboByZtsnOzkOk0eGhSc51tYhWBd1cPRfMJ0hR63eM0BU/8gzyF1onPc=,iv:sI8Nln8lLbpjJAIIRn3eEZjT/cb99VB02pyAzEz/wrI=,tag:6/9zhsaxDdS27m5y9d2z+Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3
diff --git a/build04/secrets.yaml b/build04/secrets.yaml
index e69de29..629a6db 100644
--- a/build04/secrets.yaml
+++ b/build04/secrets.yaml
@@ -0,0 +1,57 @@
+ssh_host_ed25519_key: ENC[AES256_GCM,data:C/cTIJ8KipLWdcushEzeb9MoeBwEXQgV6Nichj1xXcc3X0iFaGf5btiWvkGppH7GS35GPk1EHa19SYzjogtaLTb6skiIc2U4j/ssIu57X4kfz1s0LNCYivJsC3Uz0CeR0Idh+EyuVQD5K/IPCsmOBp5RBJOaSO6t+3bfoekfLieRN+biFiB6YB/PiINZm7XktRIaog80Q1mhlt9Ci9uOcGgjbMgDvM38kB9otSd9hi141l+CeZoiimi5WYlBCKxniwmgoNaNJj35Bk0MU/RPp9GyHGilGY+niLRE4/SwGmSv/bray+wmUO8qad32ypzip/ocO49c7MParmkSI0ARGEKic+kZEqZyloPZHX/bSBgb7i2Dq3bKIz1n3RJrJ9Xx+tcvsKZ1G4mybTYhlor3Xx8vRtTBMKf4xC5W8QDBa7hYVDoBD6M/xOpSRxC5Nn7TcbqKn4XLEWNNkXHnaYOhE6bQCvP6Gn2SV1Y8XRP5MapsJoOPR8NDb5/sj1s8i5tKBp9nLXUZSBbVa9CF1DR9xkTCcnDnwV4jRPNjgCICdXRW0IjISjMNgj4xKNyrjiF6,iv:/2g3bTlzgs+SU41czsMkn/WxSjRgmK2j3ION2eh4778=,tag:NUYzuyey2QZu69T9Lo5HuA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1r464z5e2shvnh9ekzapgghevr9wy7spd4d7pt5a89ucdk6kr6yhqzv5gkj
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMSVhHQ01sM0pnSHlGZzJH
+ aDhuSjVXWk5iZEhqYVRJMzdZR3ZGWnV1K21rCk1kYklsSWtKbExIcXN3ODVoSDd0
+ bitrQTJZN3Y3NWIrS2dZVDBWajdWbXcKLS0tIEppWXMzaEY1cEtwQnhVMUhJeVR0
+ SDZYdGUyMzB6anpEUVRvNXdhNDkzTk0KBvmQ3s6WkwRgL/Dkhj1jTbHa/uvid1WN
+ EK3Iyl+dzw/7sJXRk+vfl1FJ9+YonO2PECgmXEMSjT5UPu2UPtbrYA==
+ -----END AGE ENCRYPTED FILE-----
+ - recipient: age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBERXgzOU05aERmeXJYd2hy
+ QmNXSmFoNDM4Mnd5RFVsL0VnVWV0Ly9QeWtvCmR5R0oxQWRydmdNMUdSR1F1NmtW
+ bVM0K1d4R0VDd1haYm54SnN6SmJyTEkKLS0tIHNmK253Y3REK1kyYytZaHdkSnB3
+ eWFXblhIUU9FRi9FWDdoYWpYVXl6ZGcKcf8u9AdFmrcTS/agm6KvqnRm1Xxq0NJq
+ J7qewFywCArrpb/9h4AWVXCxyk2cxu49x3qVeuT9rYvRn0PSRtSYPA==
+ -----END AGE ENCRYPTED FILE-----
+ - recipient: age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3QXNBeDA3cjc2ZGFWRks3
+ MkVNV0tMNHp0K2hKYUhiZnBmbjFtTmpTOFh3CjBUREkweWYzb280eUtoOE9MV3ZG
+ NTlhSDRYRm1nS3NZcVJ6aWkwditoVzQKLS0tIGJRWHBGUmJWVm5veGVUSmhTMVFr
+ RFczc0hpRXRVVFRhdjhZdkhvVDU5aWcKphaklookZQWZN2f/WwcbMbHJ/pYVaHdK
+ G1nnIUhY+4yVY5Rfato9UlCTu+ch6VQaor9q8wmqMM5VIoKR3loT4g==
+ -----END AGE ENCRYPTED FILE-----
+ - recipient: age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5NEpITnJsdTFyRWJHTDh2
+ RWsyck5MaUdOdW5sY1hoMHRLUkRPZks1YndNCnZiVjlia0R1UUVaampKZTM1K2hV
+ cWFQclA5YVZscjNPZUJ0YnIyblJIcm8KLS0tIFpDZThlZzA4YU5vYXdQVjBZcE52
+ MmVmUTU5S0plSkV5QTVIaWl5dlVVMUUKg1hiDYFPF6rr8F+IIjO0E0QoDuJUrkFi
+ F8S2GVtxgiSqjTIkDHW3I22SFsRNJsEBINLSV+Z8xSPPQn9rP/TcNA==
+ -----END AGE ENCRYPTED FILE-----
+ - recipient: age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNNzN1MEJwYzNkaTRDMExR
+ Wk8vVzNkenp4dnp4QWlrMTdEMzArZUpFR1ZjCjFmR0JZYUp3a1RwWlhNRXgwY0hT
+ aW1RY2YrOGFvMTYwYk10REsxUGF1NEEKLS0tIFMzVTZjN1lGVjM4VmVVQ0hRNU9V
+ Tm56UGVrRDE5YVM1WG91TGcrdDh5UzgKsGrlTPWXjRvz5KxHTOASX4TMftMGKckP
+ mnfhHhjjwtKTbbZowmhUm+hFROjPt6GQVxWs4aWWJeEFA19833QQnA==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2023-04-24T22:00:21Z"
+ mac: ENC[AES256_GCM,data:wYHcsuy8NNABlkPoHalvV8sbbeC0R5Vztp0sCAbPF3rRzoaJp3HN7Ax27xupC1M0wVXgp3VGghxm3RTZG5K8wFoiaziemFeEgDZ0uavW1rqYUMH7gDYoCH6isLOKiqYqIgd3CI1EWqp1OwatHmab2GRDqOeWJEpjJUMGFbo/giI=,iv:7TZEAjTqXMbnLh4nonpJM+DsJ71IkMcoUUjDhZHz5DU=,tag:1un9KAPXupORhfrgoiw8Fw==,type:str]
+ pgp: []
+ unencrypted_suffix: _unencrypted
+ version: 3.7.3
diff --git a/docs/README.md b/docs/README.md
deleted file mode 100644
index 2297e6b..0000000
--- a/docs/README.md
+++ /dev/null
@@ -1,62 +0,0 @@
-<img src="nix-community-logo.svg" width="100" height="100" alt="Nix community">
-
-@nix-community is a GitHub organization that works alongside the @NixOS organization.
-
-The @NixOS organization holds all the mission-critical projects such as Nix, Nixpkgs, NixOps, Hydra, etc.
-
-The @nix-community organization is the community playground. We don't need to be as strict with permissions. The org can host any projects that benefit from a shared ownership. We provide infrastructure and support for those projects as well as visibility.
-
-## Infrastructure
-
-To support our activities we have a little bit of infrastructure in place.
-
-See https://github.com/nix-community/infra for the list of services and configuration.
-
-## FAQ
-
-### How do I get my project included?
-
-Ideally the type of projects that are accepted have some level of maturity and can benefit from a shared ownership. The goal is to have as much projects maintained and not for the org to become a graveyard.
-
-We don't have a strict procedure. For now, ping one of the [nix-community administrators](#nix-community-administrators).
-
-### What are the rules of engagement?
-
-The Nix community is nice. Be nice! Typically this means:
-
-1. Argument on technical details, not the people.
-2. Give the benefit of the doubt as much as possible. We all have different lives with different backgrounds.
-3. Keep in mind that all the work here is done by volunteers.
-4. :)
-
-Nothing is set in stone. Think of these as the guidelines for our interactions.
-
-The maintainer of a project gets admin access to the project they maintain. The maintainer can request that more people be invited into the org so they can join their projects team.
-
-If you see a project that is under-maintained, submit PRs to fix it as if it was your own project. If the PRs don't get merged, ping the [nix-community administrators](#nix-community-administrators).
-
-## Support
-
-For urgent matters, create an issue here: [New Issue](https://github.com/nix-community/infra/issues/new).
-
-For repo additions, service requests and general conversation about governance and direction of the project, use the [Discussion forum](https://github.com/orgs/nix-community/discussions).
-
-For casual chat, come join us in the [nix-community](https://matrix.to/#/#nix-community:nixos.org) room.
-
-## nix-community administrators
-
-If you need to contact the nix-community admins, they are listed [here](https://github.com/nix-community/infra#nix-community-administrators).
-
-## Sponsors
-
-Thanks to all our sponsors.
-
-<!-- prettier-ignore-start -->
-|[<img src="https://raw.githubusercontent.com/cachix/docs.cachix.org/master/source/logo.png" width="200" alt="Cachix">](https://cachix.org)|
-|:-:|
-|Cachix provides us with 1TB of free cache.|
-
-|[<img src="https://raw.githubusercontent.com/Gandi/.github/b1f21a402d9223c672476b41148429f538be5303/logos/black.svg" width="200" alt="Gandi">](https://www.gandi.net/)|
-|:-:|
-|Gandi provides us with a free domain and a virtual private server.|
-<!-- prettier-ignore-end -->
diff --git a/docs/_config.yml b/docs/_config.yml
deleted file mode 100644
index 77fdd3b..0000000
--- a/docs/_config.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-theme: jekyll-theme-primer
-url: "https://nix-community.org"
-title: nix-community
-description: ""
-
-# see https://github.com/github/pages-gem/blob/754a725e4766d4329bb1dd0e07c638a045ad2c04/lib/github-pages/plugins.rb#L6-L42
-plugins:
- - jemoji
- - jekyll-avatar
- - jekyll-default-layout
- - jekyll-feed
- - jekyll-mentions
- - jekyll-readme-index
- - jekyll-sitemap
-
-markdown: CommonMarkGhPages
-# see https://github.com/gjtorikian/commonmarker#parse-options
-commonmark:
- options:
- - FOOTNOTES
- - SMART
- - UNSAFE
- extensions:
- - autolink
- - strikethrough
- - table
diff --git a/docs/administrators.md b/docs/administrators.md
new file mode 100644
index 0000000..1ee4409
--- /dev/null
+++ b/docs/administrators.md
@@ -0,0 +1,27 @@
+- [@Mic92](https://github.com/Mic92)
+- [@adisbladis](https://github.com/adisbladis)
+- [@ryantm](https://github.com/ryantm)
+- [@zimbatm](https://github.com/zimbatm)
+- [@zowoq](https://github.com/zowoq)
+
+#### Role
+
+The role of the administrators is to support the members of the org, and the Nix project in general.
+
+#### Responsibilities
+
+The administrators are responsible for serving the community to the best of their ability and availability.
+
+They provide services such as:
+
+- keep the systems updated and patched
+- reply to user requests
+- host new services that could help the project
+- on-board new projects
+- resolve conflict
+
+The administrators are the only "owners" of the github organization.
+
+#### Quorum of 5 rule
+
+To reduce the attack surface on the project, the administrative team size is limited to 5 people.
diff --git a/roles/builder/README.md b/docs/community-builder.md
similarity index 81%
rename from roles/builder/README.md
rename to docs/community-builder.md
index e6258ba..aeae8f6 100644
--- a/roles/builder/README.md
+++ b/docs/community-builder.md
@@ -1,6 +1,6 @@
-## Community builder
+### Access
-If you want access read the security guide lines on [aarch64-build-box](https://github.com/nix-community/aarch64-build-box). Than add your username to [`roles/builder/users.nix`](users.nix). Don't keep any important data in your home! We will regularly delete `/home` without further notice.
+If you want access read the security guide lines on [aarch64-build-box](https://github.com/nix-community/aarch64-build-box). Than add your username to [`roles/builder/users.nix`](https://github.com/nix-community/infra/blob/master/roles/builder/users.nix). Don't keep any important data in your home! We will regularly delete `/home` without further notice.
### Using your NixOS home-manager configuration on the hosts
diff --git a/docs/contact.md b/docs/contact.md
new file mode 100644
index 0000000..fa3c30c
--- /dev/null
+++ b/docs/contact.md
@@ -0,0 +1,7 @@
+For urgent matters, create an issue here: [New Issue](https://github.com/nix-community/infra/issues/new).
+
+For repo additions, service requests and general conversation about governance and direction of the project, use the [Discussion forum](https://github.com/orgs/nix-community/discussions).
+
+For casual chat, come join us in the [nix-community](https://matrix.to/#/#nix-community:nixos.org) room.
+
+The admins can also be contacted via [admin@nix-community.org](mailto:admin@nix-community.org), email sent to this address will be forwarded to all of the admins.
diff --git a/docs/faq.md b/docs/faq.md
new file mode 100644
index 0000000..a89ab05
--- /dev/null
+++ b/docs/faq.md
@@ -0,0 +1,20 @@
+### How do I get my project included?
+
+Ideally the type of projects that are accepted have some level of maturity and can benefit from a shared ownership. The goal is to have as much projects maintained and not for the org to become a graveyard.
+
+We don't have a strict procedure. For now, ping one of the [nix-community administrators](./administrators.md).
+
+### What are the rules of engagement?
+
+The Nix community is nice. Be nice! Typically this means:
+
+1. Argument on technical details, not the people.
+2. Give the benefit of the doubt as much as possible. We all have different lives with different backgrounds.
+3. Keep in mind that all the work here is done by volunteers.
+4. :)
+
+Nothing is set in stone. Think of these as the guidelines for our interactions.
+
+The maintainer of a project gets admin access to the project they maintain. The maintainer can request that more people be invited into the org so they can join their projects team.
+
+If you see a project that is under-maintained, submit PRs to fix it as if it was your own project. If the PRs don't get merged, ping the [nix-community administrators](./administrators.md).
diff --git a/docs/index.md b/docs/index.md
new file mode 100644
index 0000000..b698ff7
--- /dev/null
+++ b/docs/index.md
@@ -0,0 +1,28 @@
+[nix-community]: https://github.com/nix-community
+[NixOS]: https://github.com/NixOS
+
+<img src="nix-community-logo.svg" width="100" height="100" alt="Nix community">
+
+[@nix-community][nix-community] is a GitHub organization that works alongside the [@NixOS][NixOS] organization.
+
+The [@NixOS][NixOS] organization holds all the mission-critical projects such as Nix, Nixpkgs, NixOps, Hydra, etc.
+
+The [@nix-community][nix-community] organization is the community playground. We don't need to be as strict with permissions. The org can host any projects that benefit from a shared ownership. We provide infrastructure and support for those projects as well as visibility.
+
+## Infrastructure and services
+
+To support our activities we have a little bit of infrastructure in place, see [services](./services.md). The configuration is kept in [nix-community/infra](https://github.com/nix-community/infra).
+
+## Sponsors
+
+Thanks to all our sponsors.
+
+<!-- prettier-ignore-start -->
+|[<img src="https://raw.githubusercontent.com/cachix/docs.cachix.org/master/source/logo.png" width="200" alt="Cachix">](https://cachix.org)|
+|:-:|
+|Cachix provides us with 1TB of free cache.|
+
+|[<img src="https://raw.githubusercontent.com/Gandi/.github/b1f21a402d9223c672476b41148429f538be5303/logos/black.svg" width="200" alt="Gandi">](https://www.gandi.net/)|
+|:-:|
+|Gandi provides us with a free domain and a virtual private server.|
+<!-- prettier-ignore-end -->
diff --git a/docs/services.md b/docs/services.md
new file mode 100644
index 0000000..073edd6
--- /dev/null
+++ b/docs/services.md
@@ -0,0 +1,46 @@
+## Community builder
+
+We provide an x86 build machine (`build01.nix-community.org`) as a public remote builder for the nix community, this machine also has an aarch64 machine configured as its own remote builder.
+
+See [here](./community-builder.md) for more information.
+
+## Continuous integration
+
+We provide x86_64 and aarch64 linux CI via these systems:
+
+#### Hercules
+
+[https://hercules-ci.com/github/nix-community](https://hercules-ci.com/github/nix-community)
+
+To enable hercules builds go to `https://hercules-ci.com/github/nix-community/$REPO` and click "Build this repository".
+
+#### Hydra
+
+[https://hydra.nix-community.org](https://hydra.nix-community.org)
+
+To enable hydra builds add a new project in this [file](https://github.com/nix-community/infra/blob/master/terraform/hydra-projects.tf).
+
+## Cache
+
+[https://nix-community.cachix.org/](https://nix-community.cachix.org/)
+
+All of the above CI builds are pushed to the cache.
+
+## Search
+
+[https://search.nix-community.org](https://search.nix-community.org)
+
+Hound code search for NixOS and nix-community GitHub organisations.
+
+## nix-community.org DNS
+
+DNS is managed by terraform in this [file](https://github.com/nix-community/infra/blob/master/terraform/cloudflare_nix-community_org.tf).
+
+## ryantm-updater bot
+
+- Docs: [https://ryantm.github.io/nixpkgs-update](https://ryantm.github.io/nixpkgs-update)
+- Logs: [https://r.ryantm.com/log/](https://r.ryantm.com/log/)
+
+## nur-update
+
+[https://github.com/nix-community/nur-update](https://github.com/nix-community/nur-update)
diff --git a/flake.nix b/flake.nix
index 1adf6f0..d8520e8 100644
--- a/flake.nix
+++ b/flake.nix
@@ -62,7 +62,21 @@
./shell.nix
];
- perSystem.treefmt.imports = [ ./treefmt.nix ];
+ hercules-ci.github-pages.branch = "master";
+
+ perSystem = { config, pkgs, ... }: {
+ treefmt.imports = [ ./treefmt.nix ];
+
+ packages.pages = pkgs.runCommand "pages"
+ {
+ buildInputs = [ pkgs.python3.pkgs.mkdocs-material ];
+ } ''
+ cp -r ${pkgs.lib.cleanSource ./.}/* .
+ mkdocs build --strict --site-dir $out
+ '';
+
+ hercules-ci.github-pages.settings.contents = config.packages.pages;
+ };
flake.nixosConfigurations =
let
diff --git a/mkdocs.yml b/mkdocs.yml
new file mode 100644
index 0000000..d60d215
--- /dev/null
+++ b/mkdocs.yml
@@ -0,0 +1,35 @@
+nav:
+ - Nix Community: index.md
+ - Services:
+ - services.md
+ - community-builder.md
+ - About:
+ - FAQ: faq.md
+ - administrators.md
+ - contact.md
+
+theme:
+ name: material
+ features:
+ - content.action.edit
+ - content.code.annotate
+ - content.tabs.link
+ - navigation.expand
+ - navigation.instant
+ - navigation.tabs
+ - navigation.tracking
+ favicon: nix-community-logo.png
+ logo: nix-community-logo.png
+ icon:
+ repo: fontawesome/brands/github
+
+extra:
+ social:
+ - icon: fontawesome/brands/github
+ link: https://github.com/nix-community
+
+site_name: Nix Community
+site_url: https://nix-community.org
+copyright: Copyright © 2023 Nix community projects
+repo_name: "nix-community/infra"
+repo_url: https://github.com/nix-community/infra
diff --git a/roles/security.nix b/roles/security.nix
index 962765f..4539e83 100644
--- a/roles/security.nix
+++ b/roles/security.nix
@@ -25,6 +25,12 @@
};
};
+ services.openssh = {
+ hostKeys = [
+ { path = "/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; }
+ ];
+ };
+
# Ban brute force SSH
services.fail2ban.enable = true;
}
diff --git a/shell.nix b/shell.nix
index bd90878..325eca8 100644
--- a/shell.nix
+++ b/shell.nix
@@ -14,6 +14,7 @@
]
))
rsync
+ config.packages.pages.buildInputs
config.treefmt.build.wrapper
];
};