trajto(starship): aldoni oneDark temo

Miaj novaj klientoj de Mastodono

.envrc

@@ -0,0 +1,5 @@
+use flake
+watch_file flake.nix
+
+# Allow ragenix to find it's configuration
+export RULES=$(realpath ./secrets/secrets.nix)

.gitignore

@@ -1,7 +1,4 @@
 *.swp
 .direnv
-.envrc
-Deployments/syncserver.nix
 examples
 result
-secrets

README.rst

@@ -1,12 +1,12 @@
 MIO Ops
 =======
 
-NixOps_ deployment configuration for MIO_.
+NixOS_ deployment configuration for MIO_.
 
 The canonical home for this repo is
-https://source.mcwhirter.io/craige/mio-ops
+https://reciproka.dev/craige/mio-ops
 
 Support buy donating ADA: addr1q8dpxmt0xk9xr27jff25ksxxf9wpqwsdpl46d02mtqd233t3s7uvrk5la8rqv9gh4d36pm8v9f2gcjt9tt7wj32vm4aqkvunma
 
-.. _NixOps: https://nixos.org/nixops
+.. _NixOS: https://nixos.org/
 .. _MIO: https://mcwhirter.io/

default.nix

@@ -1,23 +0,0 @@
-{
-  sources ? import ./nix/sources.nix,
-  system ? builtins.currentSystem,
-  crossSystem ? null,
-  config ? {},
-  alejandraUnstable ? (import sources.nixpkgsUnstable {}).alejandra,
-  cardanoNodeProject ? import sources.cardano-node {},
-} @ args:
-with import ./nix args; {
-  shell = mkShell {
-    inherit (import sources.niv {}) niv;
-    buildInputs = [
-      alejandraUnstable # The Uncompromising Nix Code Formatter
-      cardanoNodeProject.cardano-cli # required for KES key rotation
-      niv
-      nixopsUnstable # work around for issue #127423
-      tea # Gitea official CLI client
-      treefmt # one CLI to format the code tree
-    ];
-    NIX_PATH = "nixpkgs=${sources.nixpkgs}";
-    NIXOPS_DEPLOYMENT = "${globals.deploymentName}";
-  };
-}

flake.nix

@@ -0,0 +1,24 @@
+{
+  description = "mio-ops deployment";
+
+  inputs = {
+    cardano-node.url = "github:input-output-hk/cardano-node/?ref=1.35.7";
+    colmena.url = github:zhaofengli/colmena/?ref=v0.4.0;
+    cosmicDesktop = {
+      url = github:lilyinstarlight/nixos-cosmic;
+      inputs.nixpkgs.follows = "nixpkgsUnstable";
+    };
+    daedalus.url = github:input-output-hk/daedalus/?ref=6.0.2;
+    iohkNix.url = github:input-output-hk/iohk-nix/;
+    nix.url = github:NixOS/nix/?ref=2.25.3;
+    nixpkgs.url = github:NixOS/nixpkgs/?ref=nixos-24.11;
+    nixpkgsUnstable.url = github:NixOS/nixpkgs;
+    ragenix = {
+      url = github:yaxitech/ragenix;
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs = {...} @ args: import ./outputs.nix args;
+}

globals-defaults.nix

@@ -1 +0,0 @@
-{}

globals.nix

@@ -1,11 +0,0 @@
-self: super: {
-  globals =
-    import ./globals-defaults.nix
-    // rec {
-      deploymentName = "mio-ops";
-
-      domain = "mcwhirter.io";
-
-      environment = "${deploymentName}";
-    };
-}

hardware/lenovo_x201.nix

@@ -19,7 +19,7 @@
 
   swapDevices = [{device = "/dev/disk/by-label/swap";}];
 
-  hardware.opengl.extraPackages = with pkgs; [vaapiIntel];
+  hardware.graphics.extraPackages = with pkgs; [vaapiIntel];
   nix.settings.max-jobs = lib.mkDefault 4;
 
   services.thinkfan = {

hardware/lenovo_yoga7i.nix

@@ -38,6 +38,6 @@
     {device = "/dev/disk/by-label/swap";}
   ];
 
-  hardware.opengl.extraPackages = with pkgs; [vaapiIntel];
+  hardware.graphics.extraPackages = with pkgs; [vaapiIntel];
   nix.settings.max-jobs = lib.mkDefault 4;
 }

hardware/purism_librem_15.nix

@@ -2,10 +2,11 @@
 {
   config,
   lib,
+  modulesPath,
   pkgs,
   ...
 }: {
-  imports = [<nixpkgs/nixos/modules/installer/scan/not-detected.nix>];
+  imports = [(modulesPath + "/installer/scan/not-detected.nix")];
 
   boot = {
     initrd = {
@@ -16,26 +17,28 @@
         "usbhid" # USB HID transport layer
         "usb_storage" # USB Mass Storage support
         "sd_mod" # SCSI disk support
-        "aesni_intel" # AES-NI + SSE2 implementation of AEGIS-128
-        "cryptd" # Software async crypto daemon
       ];
-      kernelModules = ["dm-snapshot"];
-      luks.devices."cryptroot".device = "/dev/disk/by-uuid/52040288-dea9-4e74-9438-d0946b48a1f4";
     };
-    kernelModules = ["kvm-intel"]; # Enable kvm for libvirtd
+    kernelModules = ["hid_multitouch" "kvm-intel" "psmouse"]; # Enable kvm for libvirtd
   };
 
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/848e15eb-992b-499f-89b1-be8bc59af41c";
-    fsType = "ext4";
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/0bdc11fc-c497-47ff-bcc2-3044f81f40be";
+      fsType = "ext4";
+    };
+    "/home" = {
+      device = "/dev/disk/by-uuid/9c8a9dd1-b234-4a6d-ad62-3962e85d4063";
+      fsType = "ext4";
+    };
   };
 
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/a9d48855-edaf-40b9-9296-58e9b7c7eb96";
-    fsType = "ext4";
-  };
+  swapDevices = [{device = "/dev/disk/by-uuid/05aed0b0-3a79-44f2-aa4d-e5e5724643f2";}];
 
-  swapDevices = [{device = "/dev/disk/by-uuid/ac308d76-cc12-4a73-83ee-64a2ad07b91e";}];
+  networking.useDHCP = lib.mkDefault true;
 
   nix.settings.max-jobs = lib.mkDefault 4;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }

hardware/raspberry_pi_3_model_B.nix

@@ -17,7 +17,7 @@
     };
     kernelPackages = pkgs.linuxPackages_5_15; # For a Raspberry Pi 2 or 3)
     kernelParams = [
-      "cma=32M" # Needed for the virtual console to work on the RPi 3
+      "cma=320M" # Needed for the virtual console to work on the RPi 3
       "console=ttyS0,115200n8" # Enable the serial console
       "console=tty0"
     ];
@@ -28,15 +28,6 @@
       grub = {
         enable = false; # NixOS wants to enable GRUB by default.
       };
-      raspberryPi = {
-        enable = false;
-        version = 3;
-        uboot.enable = true;
-        firmwareConfig = ''
-          arm_64bit=1            # Force kernel loading system to assume a 64-bit kernel
-          hdmi_force_hotplug=1   # Enable headless booting
-        '';
-      };
     };
   };
 

hardware/raspberry_pi_4_model_B.nix

@@ -23,12 +23,8 @@
       grub = {
         enable = false; # NixOS wants to enable GRUB by default.
       };
-      raspberryPi = {
-        enable = true;
-        version = 4;
-      };
     };
-    tmpOnTmpfs = true;
+    tmp.useTmpfs = true;
   };
 
   # File systems configuration for using the installer's partition layout

hardware/system76_lemurPro.nix

@@ -0,0 +1,74 @@
+# Hardware configuration file for the System76 Lemur Pro v12 (lemp12)
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [<nixpkgs/nixos/modules/installer/scan/not-detected.nix>];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [
+        "thunderbolt" # USB4 and Thunderbolt 3 support
+        "sdhci_pci" # Secure Digital Host Controller Interface (SD cards)
+        "nvme" # NVMe drives (really fast SSDs)
+        "sd_mod" # SCSI disk support
+        "usb_storage" # USB Mass Storage support
+        "xhci_pci" # USB 3.0 (eXtensible Host Controller Interface)
+      ];
+      kernelModules = ["dm-snapshot"];
+      luks = {
+        devices = {
+          "cryptroot" = {
+            device = "/dev/disk/by-label/cryptroot";
+            allowDiscards = true;
+            preLVM = true;
+          };
+          "cryptmirror" = {
+            device = "/dev/disk/by-label/cryptmirror";
+            allowDiscards = true;
+            preLVM = true;
+          };
+        };
+      };
+    };
+    kernelModules = ["kvm-intel"]; # Enable kvm for libvirtd
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-label/nixos";
+      fsType = "ext4";
+    };
+    "/boot" = {
+      device = "/dev/disk/by-label/EFI";
+      fsType = "vfat";
+    };
+    "/var/lib/backup" = {
+      device = "/dev/disk/by-label/backup";
+      fsType = "ext4";
+    };
+  };
+
+  swapDevices = [
+    {
+      device = "/dev/disk/by-label/swap";
+      discardPolicy = "both";
+    }
+  ];
+
+  networking.useDHCP = lib.mkDefault true;
+
+  nix.settings.max-jobs = lib.mkDefault 4;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware = {
+    cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+    system76 = {
+      enableAll = true; # all recommended configuration for system76 systems
+      power-daemon.enable = true;
+    };
+  };
+}

hardware/system76_thelioMira.nix

@@ -0,0 +1,74 @@
+# Hardware configuration file for the System76 Thelio Mira
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [<nixpkgs/nixos/modules/installer/scan/not-detected.nix>];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [
+        "ahci"
+        "nvme" # NVMe drives (really fast SSDs)
+        "sd_mod" # SCSI disk support
+        "usb_storage" # USB Mass Storage support
+        "usbhid"
+        "xhci_pci" # USB 3.0 (eXtensible Host Controller Interface)
+      ];
+      kernelModules = ["dm-snapshot"];
+      luks = {
+        devices = {
+          "cryptroot" = {
+            device = "/dev/disk/by-label/cryptroot";
+            allowDiscards = true;
+            preLVM = true;
+          };
+          "cryptstore" = {
+            device = "/dev/disk/by-label/cryptstore";
+            allowDiscards = true;
+            preLVM = true;
+          };
+        };
+      };
+    };
+    kernelModules = ["kvm-intel"]; # Enable kvm for libvirtd
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-label/nixos";
+      fsType = "ext4";
+    };
+    "/nix" = {
+      device = "/dev/disk/by-label/nixStore";
+      fsType = "ext4";
+    };
+    "/boot" = {
+      device = "/dev/disk/by-uuid/677E-FD28";
+      fsType = "vfat";
+    };
+  };
+
+  swapDevices = [
+    {
+      device = "/dev/disk/by-label/swap";
+      discardPolicy = "both";
+    }
+  ];
+
+  networking.useDHCP = lib.mkDefault true;
+
+  nix.settings.max-jobs = lib.mkDefault 12;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware = {
+    cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+    system76 = {
+      enableAll = true; # all recommended configuration for system76 systems
+      power-daemon.enable = true;
+    };
+  };
+}

hosts/airgead/default.nix

@@ -1,18 +1,16 @@
 # NixOps configuration for airgead
 {
   config,
+  inputs,
   pkgs,
   lib,
   ...
 }: {
   imports = [
-    ../networks/linode.nix
-    ../profiles/cardano-node.nix
-    ../secrets/airgead.nix
+    ../../networks/linode.nix
+    ../../profiles/cardano-node.nix
   ];
 
-  deployment.targetHost = "172.105.187.96";
-
   networking.hostName = "airgead"; # Define your hostname.
 
   system.stateVersion = "20.03"; # The version of NixOS originally installed

hosts/brighde/default.nix

@@ -5,9 +5,8 @@
   ...
 }: {
   imports = [
-    ../hardware/lenovo_yoga7i.nix
-    ../profiles/desktopFiona.nix
-    ../profiles/desktop_common.nix
+    ../../hardware/lenovo_yoga7i.nix
+    ../../profiles/desktopFiona.nix
   ];
 
   # Use the UEFI boot loader.
@@ -16,7 +15,6 @@
     efi.canTouchEfiVariables = true;
   };
 
-  deployment.targetHost = "10.42.0.124";
   networking.hostName = "brighde"; # A poetess, sage, woman of wisdom, healing
 
   system.stateVersion = "22.05"; # The version of NixOS originally installed

hosts/buaidheach.nix

@@ -1,19 +0,0 @@
-# NixOps configuration for buaidheach
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}: {
-  imports = [
-    ../networks/pi3B_rack.nix
-    ../profiles/transmission.nix
-    ../secrets/transmission.nix
-  ];
-
-  # Comment out deployment when building the SD Image.
-  deployment.targetHost = "10.42.0.202";
-  networking.hostName = "buaidheach"; # Define your hostname.
-
-  system.stateVersion = "22.05"; # The version of NixOS originally installed
-}

hosts/ceilidh/default.nix

@@ -5,7 +5,7 @@
   lib,
   ...
 }: {
-  imports = [../hardware/raspberry_pi_4_model_B.nix];
+  imports = [../../hardware/raspberry_pi_4_model_B.nix];
 
   # Comment out deployment when building the SD Image.
   deployment.targetHost = "10.42.0.108";

hosts/ceitidh.nix

@@ -1,22 +0,0 @@
-# NixOps configuration for ceitidh
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}: {
-  imports = [
-    ../networks/pi3B_rack.nix
-    ../profiles/cyclone-ibis.nix
-  ];
-
-  # Comment out deployment when building the SD Image.
-  deployment.targetHost = "10.42.0.203";
-  networking.hostName = "ceitidh"; # Define your hostname.
-
-  environment.systemPackages = with pkgs; [
-    gnupg # GPL OpenPGP implementation
-  ];
-
-  system.stateVersion = "22.05"; # The version of NixOS originally installed
-}

hosts/cuallaidh.nix

@@ -1,46 +0,0 @@
-# NixOps configuration for cuallaidh
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}: {
-  imports = [
-    ../modules/tmate-ssh-server.nix
-    ../networks/linode.nix
-    ../profiles/coturn.nix
-    #../profiles/cryptpad.nix
-    ../profiles/forgejo.nix
-    #../profiles/hydra.nix
-    ../profiles/iog.nix
-    ../profiles/ipv6.nix
-    ../profiles/mastodon.nix
-    ../profiles/matrix.nix
-    ../profiles/mcwhirter.io.nix
-    ../profiles/minecraftServer.nix
-    ../profiles/nextcloud.nix
-    ../profiles/nixpkgs-dev.nix
-    ../profiles/taskserver.nix
-    ../profiles/tt-rss.nix
-    ../secrets/forgejo.nix
-    ../secrets/tt-rss.nix
-  ];
-
-  deployment.targetHost = "172.105.171.16";
-
-  networking.hostName = "cuallaidh"; # Define your hostname.
-  networking.interfaces.eth0.ipv6.addresses = [
-    {
-      address = "2400:8907::f03c:92ff:fe08:f1d4";
-      prefixLength = 64;
-    }
-  ];
-
-  services.tmate = {
-    enable = true;
-    openFirewall = true;
-    sshHostname = "tmate.mcwhirter.io";
-  };
-
-  system.stateVersion = "19.03"; # The version of NixOS originally installed
-}

hosts/cuallaidh/default.nix

@@ -0,0 +1,60 @@
+# NixOps configuration for cuallaidh
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  imports = [
+    ../../modules/tmate-ssh-server.nix
+    ../../networks/linode.nix
+    ../../profiles/coturn.nix
+    ../../profiles/iog.nix
+    ../../profiles/ipv6.nix
+    ../../profiles/mastodon.nix
+    ../../profiles/matrix.nix
+    ../../profiles/mcwhirter.io.nix
+    #../../profiles/minecraftServer.nix
+    ../../profiles/nextcloud.nix
+    ../../profiles/nixpkgs-dev.nix
+    ../../profiles/taskserver.nix
+    ../../profiles/tt-rss.nix
+  ];
+
+  networking.hostName = "cuallaidh"; # Define your hostname.
+  networking.interfaces.eth0.ipv6.addresses = [
+    {
+      address = "2400:8907::f03c:92ff:fe08:f1d4";
+      prefixLength = 64;
+    }
+  ];
+
+  services = {
+    tmate = {
+      enable = true;
+      openFirewall = true;
+      sshHostname = "tmate.mcwhirter.io";
+    };
+    nginx = {
+      virtualHosts."git.mcwhirter.io" = {
+        enableACME = true;
+        forceSSL = true;
+        globalRedirect = "reciproka.dev"; # Redirect permanently to the host
+      };
+      virtualHosts."source.mcwhirter.io" = {
+        enableACME = true;
+        forceSSL = true;
+        globalRedirect = "reciproka.dev"; # Redirect permanently to the host
+      };
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "acme@mcwhirter.io";
+    certs = {"git.mcwhirter.io" = {};};
+    certs = {"source.mcwhirter.io" = {};};
+  };
+
+  system.stateVersion = "19.03"; # The version of NixOS originally installed
+}

hosts/dhu/default.nix

@@ -5,9 +5,9 @@
   ...
 }: {
   imports = [
-    ../hardware/eeepc701.nix # Include common configuration options
-    ../secrets/wireless.nix
-    ../profiles/sway.nix
+    ../../hardware/eeepc701.nix # Include common configuration options
+    ../../secrets/wireless.nix
+    ../../profiles/sway.nix
   ];
 
   deployment.targetHost = "10.42.0.119";

hosts/dionach.nix

@@ -1,218 +0,0 @@
-# NixOps configuration for dionach
-{
-  config,
-  pkgs,
-  ...
-}: {
-  imports = [
-    ../hardware/purism_librem_15.nix # Include results of the hardware scan.
-    ../profiles/android.nix # Provide an Android dev environment
-    ../profiles/cron-craige.nix # Provide Craige's cron jobs
-    ../profiles/daedalus.nix # The open source cryptocurrency wallet for ADA
-    ../profiles/desktop-feeds.nix # Tools for news feeds and podcasts
-    ../profiles/desktopCraige.nix # Craige's desktop tools and apps
-    ../profiles/haskell-dev.nix # Haskell dev environment
-    ../profiles/host_common.nix # Common host configuration options
-    ../profiles/iog.nix # IOHK environment
-    ../profiles/keyboard.nix
-    ../profiles/neomutt.nix # Neomutt email
-    ../profiles/nix-community.nix # Nix community aarch64 tooling
-    ../profiles/nix-mio-ops.nix # mio-ops Nix tooling
-    ../profiles/nixpkgs-dev.nix # Nix pkgs dev tools
-    ../profiles/openssh.nix # Enable and configure openssh
-    ../profiles/pantheon.nix # Enable and configure the pantheon desktop
-    ../profiles/pipewire.nix # Enable and pipewire audio system
-    ../profiles/powerManagement.nix # Power management for laptops
-    ../profiles/qemu.nix # Qemu virtualisation
-    ../profiles/typingTutor.nix # Typing tutorials
-    ../profiles/weechat.nix # Weechat environment
-    ../profiles/xmonad.nix # Xmonad desktop environment
-    ../profiles/yubikey.nix # Yubikey tooling
-    ../secrets/craige.nix # Ssshhhhh!
-    ../secrets/root.nix # Ssshhhhh!
-    #../secrets/wireless.nix # Hey look! A squirrel!
-  ];
-
-  deployment.targetHost = "localhost";
-
-  nixpkgs = {
-    config = {
-      allowUnfree = true;
-      permittedInsecurePackages = [
-        "openssl-1.0.2u"
-      ];
-    };
-    overlays = [(import ../overlays/ncmpcpp.nix)];
-  };
-
-  # Use the GRUB 2 boot loader.
-  boot.loader.grub.enable = true;
-  boot.loader.grub.device = "/dev/nvme0n1"; # or "nodev" for efi only
-  boot.kernel.sysctl."net.ipv4.ip_forward" = "1";
-  boot.extraModprobeConfig = "options kvm_intel nested=1";
-
-  networking = {
-    hostName = "dionach"; # Define your hostname.
-    networkmanager.enable = true; # Enables network support via NetworkManager.
-  };
-
-  systemd.network.networks.enp0s20f0u4u4i5.ipv6SendRAConfig = {
-    EmitDNS = true;
-    Managed = true;
-    OtherInformation = true;
-  };
-
-  fonts.fonts = with pkgs; [
-    anonymousPro
-    dejavu_fonts # A typeface family based on the Bitstream Vera fonts
-    fira-code # Monospace font with programming ligaturess
-    font-awesome
-    hack-font # A typeface designed for source code
-    jetbrains-mono
-    #monoid         # Customisable coding font with alternates, ligatures and contextual positioning
-    nerdfonts # Iconic font aggregator, collection, & patcher
-    open-sans # Used in in my polybar configuration
-    xkcd-font # Font based handwriting in xkcd comics
-  ];
-
-  # List packages installed in system profile. To search, run:
-  environment.systemPackages = with pkgs; [
-    bash
-    binutils
-    bluez-tools
-    bridge-utils # for brctl
-    chromium
-    clang
-    ddrescue
-    docutils # Python Documentation Utilities
-    electrum # Bitcoin wallet
-    element-desktop # A feature-rich client for Matrix.org
-    evince
-    exiftool # A tool to read, write and edit EXIF meta information
-    ffmpeg-full # record, convert and stream audio and video
-    file
-    gcc
-    gimp
-    gnumake
-    gnused
-    google-authenticator # 2FA
-    graphviz # Graph visualization tools
-    imagemagick
-    inetutils # Common network utilies
-    inotify-tools
-    iptables # iptables
-    libmtp
-    libgphoto2
-    libreoffice-fresh # Libreoffice - fresh version
-    lxmenu-data # required by pcmanfm
-    mkpasswd
-    mp3info # MP3 tag editor / query tool
-    mpd
-    mtpfs
-    ncmpcpp
-    nextcloud-client
-    nvme-cli # NVM-Express user space tooling for Linux
-    obs-studio # Free and open source software for video recording and live streaming
-    openjdk8
-    openssl # A cryptographic library that implements the SSL and TLS protocols
-    p7zip
-    pandoc
-    pavucontrol
-    pcmanfm
-    pstree # Show the set of running processes as a tree
-    pwgen
-    python3Full
-    #python311Packages.restview # ReStructuredText viewer
-    python311Packages.sphinx # A tool that makes it easy to create intelligent and beautifulul documentation for Python projects
-    radiotray-ng # Internet radio player
-    rdiff-backup # External backups
-    shared-mime-info # required by pcmanfm
-    shotwell
-    signal-desktop
-    smartmontools # Tools for monitoring the health of hard drives
-    sshfs
-    taskwarrior # Highly flexible command-line tool to manage TODO lists
-    tcpdump # tcpdump
-    tectonic
-    tdesktop # Telegram Desktop messaging app
-    texlive.combined.scheme-full
-    tmate # Instant Terminal Sharing
-    tpm-tools
-    #tor-browser-bundle-bin
-    tree # Command to produce a depth indented directory listing
-    udevil
-    unrar
-    unzip
-    vcsh
-    wget
-    wesnoth # Turn-based strategy game
-    xorg.xev
-    zip # zip all the zip's
-    zlib
-    zlib.dev
-  ];
-
-  services.acpid.enable = true;
-  services.blueman.enable = true;
-  services.gvfs.enable = true; # required by pcmanfm
-  services.kbfs.enable = true;
-
-  services.xserver.desktopManager.enlightenment.enable = true;
-
-  networking.firewall = {
-    enable = true;
-    checkReversePath = false; # Needed for libvirtd
-    allowedTCPPorts = [15000];
-  };
-
-  # Virtualisation configuration:
-  virtualisation = {
-    libvirtd = {
-      enable = true; # Enable libvirtd
-      qemu = {
-        #package = pkgs.qemu_kvm;   # Enable guest only for the same arch
-        package = pkgs.qemu; # Enable full emulation
-        verbatimConfig = ''
-          user = "craige"
-          group = "libvirtd"
-        '';
-      };
-      onShutdown = "shutdown"; # Set gust VMs to shutdown on host shutdown
-      extraConfig = ''
-        disk_bus = "virtio"
-      '';
-    };
-  };
-
-  # Enable sound.
-  sound.enable = true;
-  hardware = {
-    #pulseaudio = {
-    #  enable = true;
-    #  systemWide = false;
-    #  package = pkgs.pulseaudioFull;
-    #};
-    bluetooth = {
-      enable = true;
-      #hsphfpd.enable = true;
-      settings = {Policy = {AutoEnable = "true";};};
-    };
-    opengl.enable = true;
-  };
-
-  # The below pair are set to overcome flakey connections / busy servers that
-  # fail to respond to ssh keep alive requests, sometimes triggering:
-  # client_loop: send disconnect: Broken pipe
-  programs.ssh.extraConfig = ''
-    ServerAliveInterval 20
-    TCPKeepAlive no
-  '';
-
-  users.groups = {lp.members = ["messagebus"];};
-
-  # This value determines the NixOS release with which your system is to be
-  # compatible, in order to avoid breaking some software such as database
-  # servers. You should change this only after NixOS release notes say you
-  # should.
-  system.stateVersion = "20.03"; # Did you read the comment?
-}

hosts/dionach/default.nix

@@ -0,0 +1,46 @@
+# NixOps configuration for dionach
+{
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ../../hardware/purism_librem_15.nix # Include results of the hardware scan.
+    ../../profiles/desktop_common.nix
+    ../../profiles/steam.nix
+  ];
+
+  # Use the GRUB 2 boot loader.
+  boot = {
+    loader.grub = {
+      enable = true;
+      device = "/dev/nvme0n1"; # or "nodev" for efi only
+      useOSProber = true;
+    };
+    kernel.sysctl."net.ipv4.ip_forward" = "1";
+    extraModprobeConfig = "options kvm_intel nested=1";
+  };
+
+  networking = {
+    hostName = "dionach"; # Define your hostname.
+    firewall = {
+      enable = true;
+      checkReversePath = false; # Needed for libvirtd
+      allowedTCPPorts = [15000];
+    };
+  };
+
+  systemd.network.networks.enp0s20f0u4u4i5.ipv6SendRAConfig = {
+    EmitDNS = true;
+    Managed = true;
+    OtherInformation = true;
+  };
+
+  services.kbfs.enable = true;
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "23.11"; # Did you read the comment?
+}

hosts/doilidh/default.nix

@@ -5,10 +5,8 @@
   lib,
   ...
 }: {
-  imports = [../networks/pi3B_rack.nix];
+  imports = [../../networks/pi3B_rack.nix];
 
-  # Comment out deployment when building the SD Image.
-  deployment.targetHost = "10.42.0.204";
   networking.hostName = "doilidh"; # Define your hostname.
 
   environment.systemPackages = with pkgs; [];

hosts/eamhair/default.nix

@@ -5,10 +5,8 @@
   lib,
   ...
 }: {
-  imports = [../networks/pi3B_rack.nix];
+  imports = [../../networks/pi3B_rack.nix];
 
-  # Comment out deployment when building the SD Image.
-  deployment.targetHost = "10.42.0.205";
   networking.hostName = "eamhair"; # Define your hostname.
 
   environment.systemPackages = with pkgs; [];

hosts/iolear-beag/default.nix

@@ -5,16 +5,15 @@
   ...
 }: {
   imports = [
-    ../hardware/lenovo_x201.nix
-    ../profiles/desktop_common.nix
-    ../profiles/wine.nix
+    ../../hardware/lenovo_x201.nix
+    ../../profiles/desktop_common.nix
+    ../../profiles/wine.nix
   ];
 
   # Use the GRUB 2 boot loader.
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/sda";
 
-  deployment.targetHost = "10.42.0.127";
   networking.hostName = "iolear-beag"; # Define your hostname.
 
   system.stateVersion = "18.09"; # The version of NixOS originally installed

hosts/paidh-uachdar/default.nix

@@ -6,14 +6,12 @@
   ...
 }: {
   imports = [
-    ../hardware/raspberry_pi_3_model_B.nix
-    ../profiles/host_common.nix
-    ../profiles/openssh.nix
-    ../profiles/pi_common.nix
-    #../profiles/xmonad.nix
-    ../secrets/craige.nix # Ssshhhhh!
-    ../secrets/root.nix # Ssshhhhh!
-    ../secrets/wireless.nix # Hey look! A squirrel!
+    ../../hardware/raspberry_pi_3_model_B.nix
+    ../../profiles/host_common.nix
+    ../../profiles/openssh.nix
+    ../../profiles/pi_common.nix
+    ../../profiles/users-ops.nix # MIO Ops users
+    #../../secrets/wireless.nix # Hey look! A squirrel!
   ];
 
   # Comment out deployment when building the SD Image.

hosts/sanganto/default.nix

@@ -0,0 +1,112 @@
+# NixOS configuration for ŝanĝanto
+{
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ../../hardware/system76_thelioMira.nix # Include results of the hardware scan.
+    ../../profiles/cron-craige.nix # Provide Craige's cron jobs
+    ../../profiles/haskell-dev.nix # Haskell dev environment
+    ../../profiles/host_common.nix # Common host configuration options
+    ../../profiles/iog.nix # IOHK environment
+    ../../profiles/keyboard.nix
+    ../../profiles/neomutt.nix # Neomutt email
+    ../../profiles/nix-community.nix # Nix community aarch64 tooling
+    ../../profiles/nixpkgs-dev.nix # Nix pkgs dev tools
+    ../../profiles/openssh.nix # Enable and configure openssh
+    ../../profiles/pipewire.nix # Enable and pipewire audio system
+    ../../profiles/xmonad.nix # Xmonad desktop environment
+    ../../profiles/yubikey.nix # Yubikey tooling
+    ../../profiles/users-ops.nix # MIO Ops users
+  ];
+
+  nixpkgs = {
+    config = {
+      allowUnfree = true;
+      permittedInsecurePackages = [
+        "openssl-1.0.2u"
+      ];
+    };
+    overlays = [(import ../../overlays/ncmpcpp.nix)];
+  };
+
+  boot = {
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+    kernel.sysctl."net.ipv4.ip_forward" = "1";
+    extraModprobeConfig = "options kvm_intel nested=1";
+  };
+
+  networking = {
+    hostName = "sanganto"; # Define your hostname.
+    networkmanager.enable = true; # Enables network support via NetworkManager.
+  };
+
+  fonts.packages = with pkgs; [
+    anonymousPro
+    cascadia-code # onospaced font that includes programming ligatures
+    dejavu_fonts # A typeface family based on the Bitstream Vera fonts
+    fira-code # Monospace font with programming ligaturess
+    font-awesome
+    hack-font # A typeface designed for source code
+    iosevka # Versatile typeface for code, from code
+    jetbrains-mono
+    open-sans # Used in in my polybar configuration
+    xkcd-font # Font based handwriting in xkcd comics
+  ];
+
+  # List packages installed in system profile. To search, run:
+  environment.systemPackages = with pkgs; [
+  ];
+
+  services = {
+    acpid.enable = true;
+    blueman.enable = true;
+    gvfs.enable = true; # required by pcmanfm
+    kbfs.enable = true;
+  };
+
+  networking.firewall = {
+    enable = true;
+    checkReversePath = false; # Needed for libvirtd
+    allowedTCPPorts = [15000];
+  };
+
+  # Virtualisation configuration:
+  virtualisation = {
+    libvirtd = {
+      enable = true; # Enable libvirtd
+      qemu = {
+        #package = pkgs.qemu_kvm;   # Enable guest only for the same arch
+        package = pkgs.qemu; # Enable full emulation
+        verbatimConfig = ''
+          user = "craige"
+          group = "libvirtd"
+        '';
+      };
+      onShutdown = "shutdown"; # Set gust VMs to shutdown on host shutdown
+      extraConfig = ''
+        disk_bus = "virtio"
+      '';
+    };
+  };
+
+  # The below pair are set to overcome flakey connections / busy servers that
+  # fail to respond to ssh keep alive requests, sometimes triggering:
+  # client_loop: send disconnect: Broken pipe
+  programs.ssh.extraConfig = ''
+    ServerAliveInterval 20
+    TCPKeepAlive no
+  '';
+
+  users.groups = {lp.members = ["messagebus"];};
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "23.05"; # Did you read the comment?
+}

hosts/sercanto/default.nix

@@ -0,0 +1,108 @@
+# NixOS configuration for serĉanto
+{
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ../../hardware/system76_lemurPro.nix # Include results of the hardware scan.
+    ../../profiles/cron-craige.nix # Provide Craige's cron jobs
+    ../../profiles/haskell-dev.nix # Haskell dev environment
+    ../../profiles/host_common.nix # Common host configuration options
+    ../../profiles/iog.nix # IOHK environment
+    ../../profiles/keyboard.nix
+    ../../profiles/neomutt.nix # Neomutt email
+    ../../profiles/nix-community.nix # Nix community aarch64 tooling
+    ../../profiles/nix-mio-ops.nix # mio-ops Nix tooling
+    ../../profiles/nixpkgs-dev.nix # Nix pkgs dev tools
+    ../../profiles/openssh.nix # Enable and configure openssh
+    ../../profiles/pipewire.nix # Enable and pipewire audio system
+    ../../profiles/xmonad.nix # Xmonad desktop environment
+    ../../profiles/yubikey.nix # Yubikey tooling
+    ../../profiles/users-ops.nix # MIO Ops users
+  ];
+
+  nixpkgs = {
+    config = {
+      allowUnfree = true;
+      permittedInsecurePackages = [
+        "openssl-1.0.2u"
+      ];
+    };
+    overlays = [(import ../../overlays/ncmpcpp.nix)];
+  };
+
+  boot = {
+    loader.efi.canTouchEfiVariables = true;
+    kernel.sysctl."net.ipv4.ip_forward" = "1";
+    extraModprobeConfig = "options kvm_intel nested=1";
+  };
+
+  networking = {
+    hostName = "sercanto"; # Define your hostname.
+    networkmanager.enable = true; # Enables network support via NetworkManager.
+  };
+
+  fonts.packages = with pkgs; [
+    anonymousPro
+    dejavu_fonts # A typeface family based on the Bitstream Vera fonts
+    fira-code # Monospace font with programming ligaturess
+    font-awesome
+    hack-font # A typeface designed for source code
+    jetbrains-mono
+    open-sans # Used in in my polybar configuration
+    xkcd-font # Font based handwriting in xkcd comics
+  ];
+
+  # List packages installed in system profile. To search, run:
+  environment.systemPackages = with pkgs; [
+  ];
+
+  services = {
+    acpid.enable = true;
+    blueman.enable = true;
+    gvfs.enable = true; # required by pcmanfm
+    kbfs.enable = true;
+  };
+
+  networking.firewall = {
+    enable = true;
+    checkReversePath = false; # Needed for libvirtd
+    allowedTCPPorts = [15000];
+  };
+
+  # Virtualisation configuration:
+  virtualisation = {
+    libvirtd = {
+      enable = true; # Enable libvirtd
+      qemu = {
+        #package = pkgs.qemu_kvm;   # Enable guest only for the same arch
+        package = pkgs.qemu; # Enable full emulation
+        verbatimConfig = ''
+          user = "craige"
+          group = "libvirtd"
+        '';
+      };
+      onShutdown = "shutdown"; # Set gust VMs to shutdown on host shutdown
+      extraConfig = ''
+        disk_bus = "virtio"
+      '';
+    };
+  };
+
+  # The below pair are set to overcome flakey connections / busy servers that
+  # fail to respond to ssh keep alive requests, sometimes triggering:
+  # client_loop: send disconnect: Broken pipe
+  programs.ssh.extraConfig = ''
+    ServerAliveInterval 20
+    TCPKeepAlive no
+  '';
+
+  users.groups = {lp.members = ["messagebus"];};
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "23.05"; # Did you read the comment?
+}

hosts/sithlainnir/default.nix

@@ -5,16 +5,15 @@
   ...
 }: {
   imports = [
-    ../hardware/lenovo_x201.nix
-    ../profiles/desktopFiona.nix
-    ../profiles/desktop_common.nix
+    ../../hardware/lenovo_x201.nix
+    ../../profiles/desktopFiona.nix
+    ../../profiles/desktop_common.nix
   ];
 
   # Use the GRUB 2 boot loader.
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/sda";
 
-  deployment.targetHost = "10.42.0.114";
   networking.hostName = "sithlainnir"; # Define your hostname.
 
   system.stateVersion = "18.09"; # The version of NixOS originally installed

hosts/teintidh/default.nix

@@ -5,17 +5,16 @@
   ...
 }: {
   imports = [
-    ../hardware/lenovo_x201.nix
-    ../profiles/desktop_common.nix
-    ../profiles/haskell-dev.nix
-    ../profiles/kids-dev.nix
+    ../../hardware/lenovo_x201.nix
+    ../../profiles/desktop_common.nix
+    ../../profiles/haskell-dev.nix
+    ../../profiles/kids-dev.nix
   ];
 
   # Use the GRUB 2 boot loader.
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/sda";
 
-  deployment.targetHost = "10.42.0.127";
   networking.hostName = "teintidh"; # Define your hostname.
 
   system.stateVersion = "18.09"; # The version of NixOS originally installed

images/sd-image_buaidheach.nix

@@ -1,4 +0,0 @@
-# SD image for buaidheach
-{...}: {
-  imports = [./sd-image_paidh-aarch64.nix ../hosts/buaidheach.nix];
-}

modules/default.nix

@@ -0,0 +1,28 @@
+{
+  self,
+  inputs,
+  nixpkgs,
+  ragenix,
+  ...
+}: let
+  nixosSystem = nixpkgs.lib.makeOverridable nixpkgs.lib.nixosSystem;
+  customModules = import ./module-list.nix;
+  baseModules = [
+    {
+      imports = [
+        ({pkgs, ...}: {
+          nix.nixPath = [
+            "nixpkgs=${pkgs.path}"
+          ];
+          nix.extraOptions = ''
+            experimental-features = nix-command flakes
+          '';
+          documentation.info.enable = false;
+        })
+      ];
+    }
+  ];
+  defaultModules = baseModules ++ customModules;
+in {
+  imports = defaultModules;
+}

modules/module-list.nix

@@ -0,0 +1,7 @@
+[
+  ./profiles/cosmicDesktop
+  ./profiles/starship
+  ./profiles/toxvpn
+  ./roles/desktop
+  ./roles/desktopCraige
+]

modules/profiles/cosmicDesktop/default.nix

@@ -0,0 +1,29 @@
+# Cosmic is a software platform for designing beautiful user experiences
+{
+  config,
+  inputs,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.profiles.cosmicDesktop;
+  cosmicDesktop = inputs.cosmicDesktop;
+  cosmic-tweaks = cosmicDesktop.packages."${pkgs.system}".cosmic-tweaks;
+in {
+  options.profiles.cosmicDesktop = {
+    enable = mkEnableOption "to enable the Cosmic desktop.";
+  };
+  config = mkIf (cfg.enable) {
+    nix.settings = {
+      substituters = ["https://cosmic.cachix.org/"];
+      trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="];
+    };
+    environment.systemPackages = with pkgs; [
+    ];
+    services = {
+      desktopManager.cosmic.enable = true;
+      displayManager.cosmic-greeter.enable = true;
+    };
+  };
+}

modules/profiles/starship/catppuccin.toml

@@ -0,0 +1,134 @@
+# Get editor completions based on the config schema
+"$schema" = 'https://starship.rs/config-schema.json'
+
+# Sets user-defined palette
+# Palettes must be defined _after_ this line
+palette = "catppuccin_mocha"
+
+# Starship modules
+[character]
+# Note the use of Catppuccin color 'peach'
+success_symbol = "[[󰄛](green) ❯](peach)"
+error_symbol = "[[󰄛](red) ❯](peach)"
+vimcmd_symbol = "[󰄛 ❮](subtext1)" # For use with zsh-vi-mode
+
+[git_branch]
+style = "bold mauve"
+
+[directory]
+truncation_length = 4
+style = "bold lavender"
+
+# Palette definitions
+[palettes.catppuccin_latte]
+rosewater = "#dc8a78"
+flamingo = "#dd7878"
+pink = "#ea76cb"
+mauve = "#8839ef"
+red = "#d20f39"
+maroon = "#e64553"
+peach = "#fe640b"
+yellow = "#df8e1d"
+green = "#40a02b"
+teal = "#179299"
+sky = "#04a5e5"
+sapphire = "#209fb5"
+blue = "#1e66f5"
+lavender = "#7287fd"
+text = "#4c4f69"
+subtext1 = "#5c5f77"
+subtext0 = "#6c6f85"
+overlay2 = "#7c7f93"
+overlay1 = "#8c8fa1"
+overlay0 = "#9ca0b0"
+surface2 = "#acb0be"
+surface1 = "#bcc0cc"
+surface0 = "#ccd0da"
+base = "#eff1f5"
+mantle = "#e6e9ef"
+crust = "#dce0e8"
+
+[palettes.catppuccin_frappe]
+rosewater = "#f2d5cf"
+flamingo = "#eebebe"
+pink = "#f4b8e4"
+mauve = "#ca9ee6"
+red = "#e78284"
+maroon = "#ea999c"
+peach = "#ef9f76"
+yellow = "#e5c890"
+green = "#a6d189"
+teal = "#81c8be"
+sky = "#99d1db"
+sapphire = "#85c1dc"
+blue = "#8caaee"
+lavender = "#babbf1"
+text = "#c6d0f5"
+subtext1 = "#b5bfe2"
+subtext0 = "#a5adce"
+overlay2 = "#949cbb"
+overlay1 = "#838ba7"
+overlay0 = "#737994"
+surface2 = "#626880"
+surface1 = "#51576d"
+surface0 = "#414559"
+base = "#303446"
+mantle = "#292c3c"
+crust = "#232634"
+
+[palettes.catppuccin_macchiato]
+rosewater = "#f4dbd6"
+flamingo = "#f0c6c6"
+pink = "#f5bde6"
+mauve = "#c6a0f6"
+red = "#ed8796"
+maroon = "#ee99a0"
+peach = "#f5a97f"
+yellow = "#eed49f"
+green = "#a6da95"
+teal = "#8bd5ca"
+sky = "#91d7e3"
+sapphire = "#7dc4e4"
+blue = "#8aadf4"
+lavender = "#b7bdf8"
+text = "#cad3f5"
+subtext1 = "#b8c0e0"
+subtext0 = "#a5adcb"
+overlay2 = "#939ab7"
+overlay1 = "#8087a2"
+overlay0 = "#6e738d"
+surface2 = "#5b6078"
+surface1 = "#494d64"
+surface0 = "#363a4f"
+base = "#24273a"
+mantle = "#1e2030"
+crust = "#181926"
+
+[palettes.catppuccin_mocha]
+rosewater = "#f5e0dc"
+flamingo = "#f2cdcd"
+pink = "#f5c2e7"
+mauve = "#cba6f7"
+red = "#f38ba8"
+maroon = "#eba0ac"
+peach = "#fab387"
+yellow = "#f9e2af"
+green = "#a6e3a1"
+teal = "#94e2d5"
+sky = "#89dceb"
+sapphire = "#74c7ec"
+blue = "#89b4fa"
+lavender = "#b4befe"
+text = "#cdd6f4"
+subtext1 = "#bac2de"
+subtext0 = "#a6adc8"
+overlay2 = "#9399b2"
+overlay1 = "#7f849c"
+overlay0 = "#6c7086"
+surface2 = "#585b70"
+surface1 = "#45475a"
+surface0 = "#313244"
+base = "#1e1e2e"
+mantle = "#181825"
+crust = "#11111b"
+

modules/profiles/starship/chrisTitusTech.toml

@@ -0,0 +1,129 @@
+format = """
+[](#3B4252)\
+$python\
+$username\
+[](bg:#434C5E fg:#3B4252)\
+$directory\
+[](fg:#434C5E bg:#4C566A)\
+$git_branch\
+$git_status\
+[](fg:#4C566A bg:#86BBD8)\
+$c\
+$elixir\
+$elm\
+$golang\
+$haskell\
+$java\
+$julia\
+$nodejs\
+$nim\
+$rust\
+[](fg:#86BBD8 bg:#06969A)\
+$docker_context\
+[](fg:#06969A bg:#33658A)\
+$time\
+[ ](fg:#33658A)\
+"""
+command_timeout = 5000
+# Disable the blank line at the start of the prompt
+# add_newline = false
+
+# You can also replace your username with a neat symbol like  to save some space
+[username]
+show_always = true
+style_user = "bg:#3B4252"
+style_root = "bg:#3B4252"
+format = '[$user ]($style)'
+
+[directory]
+style = "bg:#434C5E"
+format = "[ $path ]($style)"
+truncation_length = 3
+truncation_symbol = "…/"
+
+# Here is how you can shorten some long paths by text replacement
+# similar to mapped_locations in Oh My Posh:
+[directory.substitutions]
+"Documents" = "󰈙 "
+"Downloads" = " "
+"Music" = " "
+"Pictures" = " "
+# Keep in mind that the order matters. For example:
+# "Important Documents" = "  "
+# will not be replaced, because "Documents" was already substituted before.
+# So either put "Important Documents" before "Documents" or use the substituted version:
+# "Important  " = "  "
+
+[c]
+symbol = " "
+style = "bg:#86BBD8"
+format = '[ $symbol ($version) ]($style)'
+
+[docker_context]
+symbol = " "
+style = "bg:#06969A"
+format = '[ $symbol $context ]($style) $path'
+
+[elixir]
+symbol = " "
+style = "bg:#86BBD8"
+format = '[ $symbol ($version) ]($style)'
+
+[elm]
+symbol = " "
+style = "bg:#86BBD8"
+format = '[ $symbol ($version) ]($style)'
+
+[git_branch]
+symbol = ""
+style = "bg:#4C566A"
+format = '[ $symbol $branch ]($style)'
+
+[git_status]
+style = "bg:#4C566A"
+format = '[$all_status$ahead_behind ]($style)'
+
+[golang]
+symbol = " "
+style = "bg:#86BBD8"
+format = '[ $symbol ($version) ]($style)'
+
+[haskell]
+symbol = " "
+style = "bg:#86BBD8"
+format = '[ $symbol ($version) ]($style)'
+
+[java]
+symbol = " "
+style = "bg:#86BBD8"
+format = '[ $symbol ($version) ]($style)'
+
+[julia]
+symbol = " "
+style = "bg:#86BBD8"
+format = '[ $symbol ($version) ]($style)'
+
+[nodejs]
+symbol = ""
+style = "bg:#86BBD8"
+format = '[ $symbol ($version) ]($style)'
+
+[nim]
+symbol = " "
+style = "bg:#86BBD8"
+format = '[ $symbol ($version) ]($style)'
+
+[python]
+style = "bg:#3B4252"
+format = '[(\($virtualenv\) )]($style)'
+
+[rust]
+symbol = ""
+style = "bg:#86BBD8"
+format = '[ $symbol ($version) ]($style)'
+
+[time]
+disabled = false
+time_format = "%R" # Hour:Minute Format
+style = "bg:#33658A"
+format = '[ $time ]($style)'

modules/profiles/starship/craige.toml

@@ -0,0 +1,263 @@
+"$schema" = 'https://starship.rs/config-schema.json'
+
+# Use the color palette
+palette = 'one_dark'
+
+[aws]
+style = "color_orange"
+
+[cmd_duration]
+style = "color_yellow"
+
+[hostname]
+style = "color_purple"
+
+# Define Dracula color palette
+[palettes.dracula]
+background = "#282a36"
+current_line = "#44475a"
+foreground = "#f8f8f2"
+comment = "#6272a4"
+cyan = "#8be9fd"
+green = "#50fa7b"
+orange = "#ffb86c"
+pink = "#ff79c6"
+purple = "#bd93f9"
+red = "#ff5555"
+yellow = "#f1fa8c"
+
+# Sets the colors of the "one_dark" palette.
+[palettes.one_dark]
+mono0 = '#d7dae0' # terminal white, from the One Dark Pro VSCode theme.
+mono1 = '#abb2bf' # syntax_fg.
+mono2 = '#828997'
+mono3 = '#5c6370'
+mono4 = '#3f4451' # terminal black, from the One Dark Pro VSCode theme.
+color_red0 = '#e06c75'
+color_red1 = '#be5046'
+color_green = '#98c379'
+color_yellow = '#e5c07b'
+color_blue = '#61afef'
+color_purple = '#c678dd'
+color_cyan = '#56b6c2'
+color_orange = '#d19a66'
+syntax_fg = '#abb2bf'
+syntax_bg = '#282c34'
+color_bg2 = '#665c54'
+syntax_gutter = '#647382'
+syntax_accent = '#528cff'
+
+# Module that displays the current OS.
+#[os]
+#disabled = false # Disabled by default
+#style = "color_blue"
+#format = '[ $symbol ]($style)'
+
+# Sets custom symbols for each OS.
+#[os.symbols]
+#NixOS = "󱄅"
+
+# Module that displays the current username.
+[username]
+show_always = false
+style_user = "bold fg:color_red0"
+style_root = "bold italic bg:color_red0 fg:syntax_bg"
+format = '[ $user ]($style)'
+
+# Module that displays the current directory.
+[directory]
+style = "fg:color_orange"
+format = "[ $path ]($style)"
+truncation_length = 3
+truncation_symbol = "…/"
+
+# Sets the custom symbols for directories.
+[directory.substitutions]
+"Documents" = "󰈙 "
+"Downloads" = " "
+"Music" = "󰝚 "
+"Pictures" = " "
+"Developer" = "󰲋 "
+
+# Module that displays the current git branch.
+[git_branch]
+symbol = ""
+style = "fg:color_yellow"
+format = '[[ $symbol $branch ](fg:color_yellow)]($style)'
+
+# Module that displays the current git status.
+[git_status]
+style = "bg:color_green"
+format = '[[($all_status$ahead_behind )](fg:color_yellow)]($style)'
+
+# Language specific modules
+[nodejs]
+symbol = ""
+style = "bg:color_green"
+format = '[[ $symbol( $version) ](fg:syntax_bg bg:color_green)]($style)'
+
+[c]
+symbol = " "
+style = "bg:color_green"
+format = '[[ $symbol( $version) ](fg:syntax_bg bg:color_green)]($style)'
+
+[dotnet]
+symbol = "󰪮"
+style = "bg:color_green"
+format = '[[ $symbol( $version) ](fg:syntax_bg bg:color_green)]($style)'
+
+[rust]
+symbol = ""
+style = "bg:color_green"
+format = '[[ $symbol( $version) ](fg:syntax_bg bg:color_green)]($style)'
+
+[golang]
+symbol = ""
+style = "bg:color_green"
+format = '[[ $symbol( $version) ](fg:syntax_bg bg:color_green)]($style)'
+
+[php]
+symbol = " "
+style = "bg:color_green"
+format = '[[ $symbol( $version) ](fg:syntax_bg bg:color_green)]($style)'
+
+[java]
+symbol = " "
+style = "bg:color_green"
+format = '[[ $symbol( $version) ](fg:syntax_bg bg:color_green)]($style)'
+
+[kotlin]
+symbol = " "
+style = "bg:color_green"
+format = '[[ $symbol( $version) ](fg:syntax_bg bg:color_green)]($style)'
+
+[haskell]
+symbol = " "
+style = "bg:color_green"
+format = '[[ $symbol( $version) ](fg:syntax_bg bg:color_green)]($style)'
+
+[python]
+symbol = " "
+style = "bg:color_green"
+format = '[[ $symbol( $version) ](fg:syntax_bg bg:color_green)]($style)'
+
+[elixir]
+symbol = " "
+style = "bg:color_green"
+format = '[[ $symbol ($version) ](fg:syntax_bg bg:color_green)]($style)'
+
+[elm]
+symbol = " "
+style = "bg:color_green"
+format = '[[ $symbol ($version) ](fg:syntax_bg bg:color_green)]($style)'
+
+[gradle]
+symbol = " "
+style = "bg:color_green"
+format = '[[ $symbol ($version) ](fg:syntax_bg bg:color_green)]($style)'
+
+[julia]
+symbol = " "
+style = "bg:color_green"
+format = '[[ $symbol ($version) ](fg:syntax_bg bg:color_green)]($style)'
+
+[nim]
+symbol = "󰆥 "
+style = "bg:color_green"
+format = '[[ $symbol ($version) ](fg:syntax_bg bg:color_green)]($style)'
+
+[scala]
+symbol = " "
+style = "bg:color_green"
+format = '[[ $symbol ($version) ](fg:syntax_bg bg:color_green)]($style)'
+
+# Module that displays the docker context.
+[docker_context]
+symbol = " "
+style = "bg:mono3"
+format = '[[ $symbol( $context) ](fg:syntax_fg bg:mono3)]($style)'
+
+# Module that fills the space between the left and right segments.
+[fill]
+symbol = " "
+
+# Module that displays the time.
+#[time]
+#disabled = false # Disabled by default
+#use_12hr = true # Disable for 24h format without seconds
+#style = "bg:mono4"
+#format = '[[ 󰥔 $time ](fg:syntax_fg bg:mono4)]($style)'
+
+# Module that displays the battery level and status.
+[battery]
+format = '[$symbol $percentage ]($style)'
+
+# Battery symbols and colors for each threshold.
+[[battery.display]]
+threshold = 10
+style = "bold bg:mono4 fg:color_red1"
+discharging_symbol = "󰁺"
+charging_symbol = "󰢜"
+
+[[battery.display]]
+threshold = 20
+style = "bold bg:mono4 fg:color_red0"
+discharging_symbol = "󰁻"
+charging_symbol = "󰂆"
+
+[[battery.display]]
+threshold = 30
+style = "bold bg:mono4 fg:color_yellow"
+discharging_symbol = "󰁼"
+charging_symbol = "󰂇"
+
+[[battery.display]]
+threshold = 40
+style = "bold bg:mono4 fg:color_yellow"
+discharging_symbol = "󰁽"
+charging_symbol = "󰂈"
+
+[[battery.display]]
+threshold = 50
+style = "bold bg:mono4 fg:color_yellow"
+discharging_symbol = "󰁾"
+charging_symbol = "󰢝"
+
+[[battery.display]]
+threshold = 60
+style = "bold bg:mono4 fg:color_green"
+discharging_symbol = "󰁿"
+charging_symbol = "󰂉"
+
+[[battery.display]]
+threshold = 70
+style = "bold bg:mono4 fg:color_green"
+discharging_symbol = "󰂀"
+charging_symbol = "󰢞"
+
+[[battery.display]]
+threshold = 80
+style = "bold bg:mono4 fg:color_green"
+discharging_symbol = "󰂁"
+charging_symbol = "󰂊"
+
+[[battery.display]]
+threshold = 90
+style = "bold bg:mono4 fg:color_green"
+discharging_symbol = "󰂂"
+charging_symbol = "󰂋"
+
+[[battery.display]]
+style = "bold bg:mono4 fg:color_green"
+discharging_symbol = "󰁹"
+charging_symbol = "󰂅"
+threshold = 100
+
+# New line character
+[character]
+success_symbol = "[λ:](bold fg:color_green)"
+error_symbol = "[λ:](bold fg:color_red1)"
+vimcmd_symbol = '[󰅁](bold fg:syntax_accent)'
+vimcmd_replace_one_symbol = '[󰅁](bold fg:color_purple)'
+vimcmd_replace_symbol = '[󰅁](bold fg:color_purple)'
+vimcmd_visual_symbol = '[󰅁](bold fg:color_yellow)'

modules/profiles/starship/deepOceanic.toml

@@ -0,0 +1,124 @@
+# Get editor completions based on the config schema
+"$schema" = 'https://starship.rs/config-schema.json'
+
+format = """
+[](fg:#003b46 bg:#004f5e)\
+[](fg:#004f5e bg:#006374)\
+[](fg:#006374 bg:#007a8a)\
+[](fg:#007a8a bg:#0093a3)\
+[](fg:#0093a3 bg:#003b46)\
+[](fg:#003b46 bg:#e6454b)\
+$username\
+[](fg:#e6454b bg:#ff6a4b)\
+$battery\
+[](fg:#ff6a4b bg:#ffcc66)\
+$directory\
+[](fg:#ffcc66 bg:#85b57a)\
+$git_branch\
+$git_status\
+[](fg:#85b57a bg:#4da6a6)\
+$cmd_duration\
+[](fg:#4da6a6 bg:#3a82e6)\
+[](fg:#3a82e6 bg:#8c4de6)\
+[](fg:#8c4de6)\
+$fill\
+[---](fg:#ffcc66)
+$character\
+"""
+
+right_format = """
+[󰇥](bold fg:#ffcc66 )
+"""
+# scheme: "Deep Oceanic Next"
+# author: "spearkkk (https://github.com/spearkkk/deep-oceanic-next)"
+# base00: "003b46" # background
+# base01: "004f5e" # black
+# base02: "006374" # bright black
+# base03: "007a8a" # grey
+# base04: "0093a3" # light grey
+# base05: "dce3e8" # foreground
+# base06: "e6ebf0" # white
+# base07: "f0f5f5" # bright white
+# base08: "e6454b" # red
+# base09: "ff6a4b" # orange
+# base0A: "ffcc66" # yellow
+# base0B: "85b57a" # green
+# base0C: "4da6a6" # cyan/aqua
+# base0D: "3a82e6" # blue
+# base0E: "8c4de6" # magenta/purple
+# base0F: "e673a3" # pink
+# base10: "001114" # darker black
+# base11: "000a0d" # darkest black
+# base12: "ff5a61" # bright red
+# base13: "ffdd80" # bright yellow
+# base14: "99d8a0" # bright green
+# base15: "66cccc" # bright cyan
+# base16: "4da6ff" # bright blue
+# base17: "a366ff" # bright purple
+
+palette = "deep_oceanic_next"
+
+[palettes.deep_oceanic_next]
+black = "#003b46"
+red = "#e6454b"
+green = "#85b57a"
+blue = "#3a82e6"
+yellow = "#ffcc66"
+purple = "#8c4de6"
+cyan = "#4da6a6"
+white = "#dce3e8"
+
+bright-black = "#004f5e"
+bright-red = "#ff9999"
+bright-green = "#c7e6c7"
+bright-blue = "#99ccff"
+bright-yellow = "#ffb380"
+bright-purple = "#d4a1ff"
+bright-cyan = "#99e6e6"
+bright-white = "#e6ebf0"
+
+[os]
+disabled = true
+
+[username]
+show_always = true
+style_user = "bg:#f99157 bold fg:#003b46"
+style_root = "bg:#f99157 bold fg:#003b46"
+format = "[ 󰀄 $user ](bold fg:#003b46 bg:#e6454b)"
+
+# Battery configuration
+[battery]
+format = "[ $symbol$percentage ](bold fg:#003b46 bg:#ff6a4b)"
+
+[[battery.display]]
+threshold = 100
+
+[directory]
+truncation_symbol = "…/"
+truncation_length = 6
+format = "[ $path ](bold fg:#003b46 bg:#ffcc66)"
+
+[git_branch]
+symbol = ""
+format = "[ $symbol $branch ](bold fg:#003b46 bg:#85b57a)"
+
+[git_status]
+format = "[$all_status$ahead_behind ](bold fg:#003b46 bg:#85b57a)"
+
+[package]
+disabled = true
+
+[time]
+disabled = false
+time_format = "%r"
+style = "bg:#003b46 fg:white"
+format = "[ $time ](bold fg:#003b46 bg:#b26cff)"
+
+[cmd_duration]
+format = "[ $duration ](bold fg:#003b46 bg:#4da6a6)"
+
+[fill]
+symbol = " "
+
+[character]
+error_symbol = "[✗](bold red)"

modules/profiles/starship/default.nix

@@ -0,0 +1,21 @@
+# A minimal, blazing fast, and extremely customizable prompt for any shell
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.profiles.starship;
+in {
+  options.profiles.starship = {
+    enable = mkEnableOption "to enable the starship prompt.";
+  };
+  config = mkIf (cfg.enable) {
+    programs.starship = {
+      enable = true;
+      presets = ["nerd-font-symbols"];
+      settings = pkgs.lib.importTOML ./craige.toml;
+    };
+  };
+}

modules/profiles/starship/deverebor.toml

@@ -0,0 +1,137 @@
+# code ~/.config/starship.toml
+
+format = """
+╭─[  ](bg:#303030 fg:#c7c7c7)\
+$username\
+[](bg:#303030 fg:#707070)\
+$directory\
+$git_branch\
+$git_status\
+[](#303030)\
+\n╰─$character
+"""
+
+# Disable the blank line at the start of the prompt
+add_newline = false
+
+# You can also replace your username with a neat symbol like   or disable this
+# and use the os module below
+[username]
+show_always = true
+style_user = "fg:#b69676 bg:#303030"
+style_root = "fg:white bg:#303030"
+format = '[$user]($style)'
+disabled = false
+
+[status]
+style = 'bg:#303030'
+symbol = '[✘ ](fg:red bg:#303030)'
+success_symbol = '[✔ ](fg:green bg:#303030)'
+format = '[[$signal_name ](fg:red bg:#303030)$symbol]($style)'
+map_symbol = false
+disabled = false
+
+[character]
+success_symbol = '[❯](bold green)'
+error_symbol = '[✘](fg:red)'
+
+[cmd_duration]
+min_time = 1
+style = 'bg:#303030 fg:#909090'
+format = '[ took [$duration](bold fg:#909090 bg:#303030)  ]($style)'
+
+[hostname]
+ssh_only = false
+style = 'fg:white bg:#303030'
+format = '[@$hostname ]($style)'
+disabled = false
+
+# An alternative to the username module which displays a symbol that
+# represents the current operating system
+[os]
+style = "bg:#303030"
+disabled = true # Disabled by default
+
+[directory]
+style = "fg:white bg:#303030"
+format = "[  $path ]($style)"
+truncation_length = 9
+truncation_symbol = "~/…/"
+truncate_to_repo = true
+home_symbol = '~'
+
+# Here is how you can shorten some long paths by text replacement
+# similar to mapped_locations in Oh My Posh:
+[directory.substitutions]
+#"~/" = "~./"
+"~" = " ~"
+
+
+[fill]
+symbol = ' '
+#symbol = '・'
+
+[c]
+symbol = ""
+style = "bg:#303030"
+format = '[ $symbol ]($style)'
+
+[docker_context]
+symbol = " "
+style = "bg:#303030"
+format = '[ $symbol $context ]($style) $path'
+
+[git_branch]
+style = "fg:white bg:#303030"
+format = '[](fg:#707070 bg:#303030)[  ](fg:#D6D5CB bg:#303030)[](fg:#FFC0CB bg:#303030)[ $branch ](bold $style)'
+truncation_length = 15
+
+[git_status]
+style = "fg:#0a96d6 bg:#303030"
+conflicted = "~"
+up_to_date = " "
+untracked = "?"
+ahead = "⇡${count}"
+diverged = "⇕⇡${ahead_count}⇣${behind_count}"
+behind = "⇣${count}"
+stashed = "*"
+modified = " "
+staged = '[++\($count\)](fg:#56b60a bg:#303030)'
+renamed = " "
+deleted = " "
+format = '[$all_status$ahead_behind ]($style)'
+
+[golang]
+symbol = "go"
+style = "fg:#FFFFFF bg:#303030"
+format = '[ $symbol ](bold $style)'
+
+[java]
+symbol = ""
+style = "fg:#0a96d6 bg:#303030"
+format = '[ $symbol ]($style)'
+
+[nodejs]
+symbol = ""
+style = "fg:#0a96d6 bg:#303030"
+format = '[ $symbol ]($style)'
+
+[python]
+# Display the version of python from inside a local venv.
+#
+# Note this will only work when the venv is inside the project and it will only
+# work in the directory that contains the venv dir but maybe this is ok?
+symbol = ' '
+style = "fg:#0a96d6 bg:#303030"
+format = '[ $symbol ]($style)'
+
+[rust]
+symbol = ""
+style = "fg:#0a96d6 bg:#303030"
+format = '[ $symbol ]($style)'
+
+[time]
+disabled = false
+time_format = "%R" # Hour:Minute Format
+style = "bg:#303030 fg:#567676"
+format = '[$time ]($style)'

modules/profiles/starship/dracula.toml

@@ -0,0 +1,42 @@
+# Use the color palette
+palette = "dracula"
+
+[aws]
+style = "bold orange"
+
+[character]
+error_symbol = "[λ](bold red)"
+success_symbol = "[λ](bold green)"
+
+[cmd_duration]
+style = "bold yellow"
+
+[directory]
+style = "bold green"
+
+[git_branch]
+style = "bold pink"
+
+[git_status]
+style = "bold red"
+
+[hostname]
+style = "bold purple"
+
+[username]
+format = "[$user]($style) on "
+style_user = "bold cyan"
+
+# Define Dracula color palette
+[palettes.dracula]
+background = "#282a36"
+current_line = "#44475a"
+foreground = "#f8f8f2"
+comment = "#6272a4"
+cyan = "#8be9fd"
+green = "#50fa7b"
+orange = "#ffb86c"
+pink = "#ff79c6"
+purple = "#bd93f9"
+red = "#ff5555"
+yellow = "#f1fa8c"

modules/profiles/starship/jaredmontoya.toml

@@ -0,0 +1,212 @@
+format = """
+$os\
+[\uE0B0](fg:bar_one bg:bar_two)\
+$custom$directory\
+[\uE0B0](fg:bar_two bg:bar_three)\
+$git_branch\
+$git_status\
+[\uE0B0](fg:bar_three bg:bar_four)\
+$c\
+$dart\
+$elixir\
+$elm\
+$golang\
+$haskell\
+$java\
+$julia\
+$lua\
+$nodejs\
+$nim\
+$php\
+$python\
+$rlang\
+$ruby\
+$rust\
+$scala\
+[\uE0B0](fg:bar_four)\
+"""
+
+right_format = """
+[\uE0B2](fg:bar_three)\
+$time\
+"""
+
+palette = 'theme'
+
+# Defines the colour palette for the theme
+[palettes.theme]
+bar_one = '#C0CAF5'
+bar_two = '#6992D7'
+bar_three = '#394260'
+bar_four = '#212736'
+bar_five = '#1D2230'
+text_one = '#090C0C'
+text_two = '#EEEEEE'
+text_three = '#A3AED2'
+
+[os]
+style = 'bg:bar_one fg:text_one'
+format = '[ $symbol ]($style)'
+disabled = false
+
+[os.symbols]
+Alpine = ''
+Amazon = ''
+Android = ''
+Arch = ''
+CentOS = ''
+Debian = ''
+DragonFly = ''
+Emscripten = ''
+EndeavourOS = ''
+Fedora = ''
+FreeBSD = ''
+Garuda = '󰛓'
+Gentoo = ''
+HardenedBSD = '󰞌'
+Illumos = '󰈸'
+Linux = ''
+Macos = ''
+Manjaro = ''
+Mariner = ''
+MidnightBSD = ''
+Mint = ''
+NetBSD = ''
+NixOS = ''
+OpenBSD = '󰈺'
+SUSE = ''
+OracleLinux = '󰌷'
+Pop = ''
+Raspbian = ''
+Redhat = ''
+RedHatEnterprise = ''
+Redox = '󰀘'
+Solus = '󰠳'
+openSUSE = ''
+Ubuntu = ''
+Unknown = ''
+Windows = '󰍲'
+
+[directory]
+truncation_length = 0
+truncation_symbol = '.../'
+truncate_to_repo = false
+fish_style_pwd_dir_length = 1
+style = 'bold fg:text_two bg:bar_two'
+format = '[ $path ]($style)'
+
+[custom.home]
+when = ' test "$HOME" = "$PWD" '
+style = 'bold fg:text_two bg:bar_two'
+symbol = ' '
+
+[custom.folder]
+when = ' test "$HOME" != "$PWD" '
+style = 'bold fg:text_two bg:bar_two'
+symbol = ' '
+
+[directory.substitutions]
+'Documents' = ' '
+'Downloads' = ' '
+'Music' = ' '
+'Pictures' = ' '
+
+[git_branch]
+symbol = ' '
+style = 'fg:text_three bg:bar_three'
+format = '[ $symbol $branch ]($style)'
+
+[git_status]
+style = 'fg:text_three bg:bar_three'
+format = '[$all_status$ahead_behind ]($style)'
+
+[c]
+symbol = ' '
+style = 'fg:text_three bg:bar_four'
+format = '[ $symbol ($version) ]($style)'
+
+[dart]
+symbol = ' '
+style = 'fg:text_three bg:bar_four'
+format = '[ $symbol ($version) ]($style)'
+
+[elixir]
+symbol = ' '
+style = 'fg:text_three bg:bar_four'
+format = '[ $symbol ($version) ]($style)'
+
+[elm]
+symbol = ' '
+style = 'fg:text_three bg:bar_four'
+format = '[ $symbol ($version) ]($style)'
+
+[golang]
+symbol = ' '
+style = 'fg:text_three bg:bar_four'
+format = '[ $symbol ($version) ]($style)'
+
+[haskell]
+symbol = ' '
+style = 'fg:text_three bg:bar_four'
+format = '[ $symbol ($version) ]($style)'
+
+[java]
+symbol = ' '
+style = 'fg:text_three bg:bar_four'
+format = '[ $symbol ($version) ]($style)'
+
+[julia]
+symbol = ' '
+style = 'fg:text_three bg:bar_four'
+format = '[ $symbol ($version) ]($style)'
+
+[lua]
+symbol = ' '
+style = 'fg:text_three bg:bar_four'
+format = '[ $symbol ($version) ]($style)'
+
+[nodejs]
+symbol = ' '
+style = 'fg:text_three bg:bar_four'
+format = '[ $symbol ($version) ]($style)'
+
+[nim]
+symbol = ' '
+style = 'fg:text_three bg:bar_four'
+format = '[ $symbol ($version) ]($style)'
+
+[php]
+symbol = ' '
+style = 'fg:text_three bg:bar_four'
+format = '[ $symbol ($version) ]($style)'
+
+[python]
+symbol = ' '
+style = 'fg:text_three bg:bar_four'
+format = '[ $symbol ($version) (\($virtualenv\) )]($style)'
+
+[rlang]
+symbol = 'ﳒ '
+style = 'fg:text_three bg:bar_four'
+format = '[ $symbol ($version) ]($style)'
+
+[ruby]
+symbol = ' '
+style = 'fg:text_three bg:bar_four'
+format = '[ $symbol ($version) ]($style)'
+
+[rust]
+symbol = ' '
+style = 'fg:text_three bg:bar_four'
+format = '[ $symbol ($version) ]($style)'
+
+[scala]
+symbol = ' '
+style = 'fg:text_three bg:bar_four'
+format = '[ $symbol ($version) ]($style)'
+
+[time]
+disabled = false
+time_format = '%R'                   # Hour:Minute Format
+style = 'fg:text_three bg:bar_three'
+format = '[   $time ]($style)'

modules/profiles/starship/minimalTokyoNight.toml

@@ -0,0 +1,41 @@
+format = """
+$directory\
+[](fg:#769ff0 bg:#394260)\
+$git_branch\
+$git_status\
+[](fg:#394260)\
+"""
+
+right_format = """
+[](fg:#292E42)\
+$character\
+[](fg:#1d2230 bg:#292E42)\
+$time
+"""
+
+add_newline = false
+
+[character]
+format = "$symbol"
+success_symbol = "[✔ ](fg:#c3e88d bg:#292E42)"
+error_symbol = "[✘ ](fg:#c53b53 bg:#292E42)"
+
+[directory]
+truncation_length = 6
+style = "fg:#1a1b26 bg:#769ff0"
+format = "[ $path ]($style)"
+
+[git_branch]
+symbol = ""
+style = "bg:#394260"
+format = '[[ $symbol $branch ](fg:#769ff0 bg:#394260)]($style)'
+
+[git_status]
+style = "bg:#394260"
+format = '[[($all_status$ahead_behind )](fg:#769ff0 bg:#394260)]($style)'
+
+[time]
+disabled = false
+time_format = "%R" # Hour:Minute Format
+style = "bg:#1d2230"
+format = '[[  $time ](fg:#a0a9cb bg:#1d2230)]($style)'

modules/profiles/starship/rishavnandi.toml

@@ -0,0 +1,35 @@
+# ~/.config/starship.toml
+
+# Inserts a blank line between shell prompts
+add_newline = true
+
+# Change the default prompt format
+format = """\
+[╭╴](238)$env_var\
+$all[╰─](238)$character"""
+
+# Change the default prompt characters
+[character]
+success_symbol = "[](238)"
+error_symbol = "[](238)"
+
+# Shows the username
+[username]
+style_user = "white bold"
+style_root = "black bold"
+format = "者 [$user]($style) "
+disabled = false              # disable in powershell
+show_always = true
+
+[hostname]
+ssh_only = false
+format = "on [$hostname](bold yellow) "
+disabled = false
+
+[directory]
+truncation_length = 3
+truncation_symbol = "…/"
+home_symbol = " ~"
+read_only_style = "197"
+read_only = "  "
+format = "at [$path]($style)[$read_only]($read_only_style) "

modules/profiles/toxvpn/default.nix

@@ -0,0 +1,23 @@
+# VPN configuration for MIO.
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.profiles.toxvpn;
+in {
+  options.profiles.toxvpn = {
+    enable = mkEnableOption "to enable toxvpn.";
+  };
+  config = mkIf (cfg.enable) {
+    services.toxvpn = {
+      enable = true;
+      auto_add_peers = [
+        "4b921c107cd25b9bc62dfa4a040a9409f51d3aa001d4f12e15f01b4eba9e2f7f8ecc3b68cd13" # sanganto
+        "a18dfff426f5a752eb1bdc90ea307850982c1dff1444caf72b75f73483e358213b60281235a4" # eamhair
+      ];
+    };
+  };
+}

modules/roles/desktop/default.nix

@@ -0,0 +1,166 @@
+# Desktop role
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.roles.desktop;
+in {
+  options.roles.desktop = {
+    enable = mkEnableOption "to enable the desktop role.";
+  };
+  config = mkIf (cfg.enable) {
+    boot.loader.systemd-boot = {
+      enable = true;
+      configurationLimit = 5;
+    };
+    environment.systemPackages = with pkgs; [
+      brave # Privacy-oriented browser
+      chromium
+      element-desktop # A feature-rich client for Matrix.org
+      evince # document viewer
+      gnome-tweaks # A tool to customize advanced GNOME 3 options
+      krita # A free and open source painting application
+      libreoffice-fresh # Comprehensive, professional-quality productivity suite
+      mplayer # A movie player that supports many video formats
+      nextcloud-client # Nextcloud desktop client
+      pavucontrol # PulseAudio Volume Control
+      pwgen # Password generator
+      rsync
+      shotwell # Photo organizer
+      signal-desktop # Private, simple, and secure messenger
+      usbutils # Tools for working with USB devices, such as lsusb
+      xorg.libxcb # X C binding
+    ];
+    fonts.packages = with pkgs; [
+      atkinson-hyperlegible # Typeface designed to offer greater legibility
+      atkinson-monolegible # Mono variant of the Atkinson Hyperlegible typeface
+      nerdfonts # Iconic font aggregator, collection, & patcher
+    ];
+    networking = {
+      networkmanager.enable = true; # Enables network support via NetworkManager.
+      firewall.enable = true;
+    };
+    nix.settings = {
+      substituters = ["https://cosmic.cachix.org/"];
+      trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="];
+    };
+    services = {
+      acpid.enable = true; # A daemon for delivering ACPI events to userspace programs
+      blueman.enable = true; # GTK-based Bluetooth Manager
+      devmon.enable = true; # Enable external device automounting.`
+      displayManager = {
+        defaultSession = "cosmic"; # Set GNOME as the default session
+      };
+      libinput = {
+        enable = true; # Enable touchpad support.
+        touchpad = {
+          tapping = true;
+          tappingButtonMap = "lrm"; # Set the touchpad button mappeing
+        };
+      };
+      pipewire = {
+        enable = true;
+        alsa = {
+          enable = true;
+          support32Bit = true;
+        };
+        pulse.enable = true;
+      };
+      udev.packages = [
+        pkgs.android-udev-rules # Android udev rules list
+      ];
+      udisks2.enable = true; # Enable udisks2
+    };
+    security.rtkit.enable = true; # realtime scheduling for sound
+
+    # Configure common hardware settings
+    hardware = {
+      pulseaudio = {
+        enable = false;
+      };
+      bluetooth = {
+        enable = true; # Enable bluetooth
+        settings = {
+          General = {
+            Enable = "Source,Sink,Media,Socket";
+            NoPlugin = "sap";
+          };
+          Policy = {AutoEnable = "true";};
+        };
+      };
+      graphics.enable = true;
+    };
+
+    # Configure libreWolf and Chromium
+    nixpkgs.config = {allowUnfree = true;};
+
+    profiles.cosmicDesktop.enable = true;
+
+    programs = {
+      chromium = {
+        enable = true;
+        homepageLocation = "https://start.duckduckgo.com/";
+      };
+      firefox = {
+        enable = true;
+        package = pkgs.librewolf;
+        policies = {
+          DisableTelemetry = true;
+          DisableFirefoxStudies = true;
+          Preferences = {
+            "cookiebanners.service.mode" = 2; # Block cookie banners
+            "cookiebanners.service.mode.privateBrowsing" = 2; # Block cookie banners in private browsing
+            "privacy.donottrackheader.enabled" = true;
+            "privacy.fingerprintingProtection" = true;
+            "privacy.resistFingerprinting" = true;
+            "privacy.trackingprotection.emailtracking.enabled" = true;
+            "privacy.trackingprotection.enabled" = true;
+            "privacy.trackingprotection.fingerprinting.enabled" = true;
+            "privacy.trackingprotection.socialtracking.enabled" = true;
+            "webgl.disabled" = false;
+          };
+          ExtensionSettings = {
+            "CanvasBlocker@kkapsner.de" = {
+              install_url = "https://addons.mozilla.org/firefox/downloads/latest/canvasblocker/latest.xpi";
+              installation_mode = "force_installed";
+            }; # prevents fingerprinting when webgl is enabled
+            "CookieAutoDelete@kennydo.com" = {
+              install_url = "https://addons.mozilla.org/firefox/downloads/latest/cookie-autodelete/latest.xpi";
+              installation_mode = "force_installed";
+            }; # cookie deletion
+            "floccus@handmadeideas.org" = {
+              install_url = "https://addons.mozilla.org/firefox/downloads/latest/floccus/latest.xpi";
+              installation_mode = "force_installed";
+            }; # bookmark sync
+            "jid1-MnnxcxisBPnSXQ@jetpack" = {
+              install_url = "https://addons.mozilla.org/firefox/downloads/latest/privacy-badger17/latest.xpi";
+              installation_mode = "force_installed";
+            }; # privacy
+            "jid1-ZAdIEUB7XOzOJw@jetpack" = {
+              install_url = "https://addons.mozilla.org/firefox/downloads/latest/duckduckgo-for-firefox/latest.xpi";
+              installation_mode = "force_installed";
+            }; # private search
+            "uBlock0@raymondhill.net" = {
+              install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
+              installation_mode = "force_installed";
+            }; # add blocking
+            "{446900e4-71c2-419f-a6a7-df9c091e268b}" = {
+              install_url = "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi";
+              installation_mode = "force_installed";
+            }; # password management
+          };
+        };
+      };
+    };
+
+    # Groups to add
+    users.groups = {
+      audio.members = ["craige" "fiona" "hamish" "logan" "xander"];
+      libvirtd.members = ["craige" "fiona" "hamish" "logan" "xander"];
+      networkmanager.members = ["craige" "fiona" "hamish" "logan" "xander"];
+    };
+  };
+}

modules/roles/desktopCraige/default.nix

@@ -0,0 +1,51 @@
+# Craige's addiotnal desktop requirements
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.roles.desktopCraige;
+in {
+  options.roles.desktopCraige = {
+    enable = mkEnableOption "to enable Craige's desktop role.";
+  };
+  config = mkIf (cfg.enable) {
+    environment.systemPackages = with pkgs; [
+      ffmpeg-full # record, convert and stream audio and video
+      gimp # The GNU Image Manipulation Program
+      kdePackages.kasts # Kirigami-based podcast player
+      kitty # The fast, feature-rich, GPU based terminal emulator
+      mpd # A flexible, powerful daemon for playing music
+      ncmpcpp # A featureful ncurses based MPD client inspired by ncmpc
+      nvme-cli # NVM-Express user space tooling for Linux
+      pandoc # Conversion between documentation formats
+      pavucontrol # PulseAudio Volume Control
+      siji # An iconic bitmap font based on Stlarch with additional glyphs
+      shared-mime-info # A database of common MIME types
+      shotwell # Photo organizer
+      sshfs # allows remote filesystems to be mounted over SSH
+      taskwarrior # Highly flexible command-line tool to manage TODO lists
+      termonad # Terminal emulator configurable in Haskell
+      texliveFull # TeX Live environment
+      tmate # Instant Terminal Sharing
+      toot # Mastodon CLI interface
+      tor-browser-bundle-bin # Tor Browser Bundle built by torproject.org
+      tuba # Fediverse client
+      unzip # An extraction utility for archives compressed in .zip format
+      vcsh # Version Control System for $HOME
+      yt-dlp # Command-line tool to download videos
+    ];
+    programs.firefox.policies.ExtensionSettings = {
+      "{eceab40b-230a-4560-98ed-185ad010633f}" = {
+        install_url = "https://addons.mozilla.org/firefox/downloads/latest/nixos-packages-search-engine/latest.xpi";
+        installation_mode = "force_installed";
+      }; # package search
+      "{530f7c6c-6077-4703-8f71-cb368c663e35}" = {
+        install_url = "https://addons.mozilla.org/firefox/downloads/latest/yoroi/latest.xpi";
+        installation_mode = "force_installed";
+      }; # package search
+    };
+  };
+}

networks/pi3B_rack.nix

@@ -6,7 +6,6 @@
     ../profiles/host_common.nix
     ../profiles/pi_common.nix
     ../profiles/server_common.nix
-    ../secrets/wireless-pi3B.nix
   ];
 
   # Ensure the right package architecture is used
@@ -17,7 +16,7 @@
   };
 
   networking.wireless.enable =
-    true; # Toggles wireless support via wpa_supplicant.
+    false; # Toggles wireless support via wpa_supplicant.
 
   systemd.network.networks.eth0.ipv6SendRAConfig = {
     EmitDNS = true;

nix/sources.json

@@ -1,95 +0,0 @@
-{
-    "cardano-node": {
-        "branch": "refs/tags/1.35.7",
-        "description": "The core component that is used to participate in a Cardano decentralised blockchain.",
-        "homepage": "https://cardano.org",
-        "owner": "input-output-hk",
-        "repo": "cardano-node",
-        "rev": "f0b4ac897dcbefba9fa0d247b204a24543cf55f6",
-        "sha256": "0s2jkj4mwl03hxg4ff9kyw41s32xbf31rnhag2m1qrglgsh8wzw9",
-        "type": "tarball",
-        "url": "https://github.com/input-output-hk/cardano-node/archive/f0b4ac897dcbefba9fa0d247b204a24543cf55f6.tar.gz",
-        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
-    },
-    "daedalus": {
-        "branch": "release/5.2.0",
-        "description": "The open source cryptocurrency wallet for ada, built to grow with the community",
-        "homepage": "https://daedaluswallet.io/",
-        "owner": "input-output-hk",
-        "repo": "daedalus",
-        "rev": "2990f5a44189097b3de2e7e7a19caa8062a8ae7b",
-        "sha256": "1w2w7qfashbqimcywzvhh0z5jrlfaja04sgi6p5hp08adwad6r92",
-        "type": "tarball",
-        "url": "https://github.com/input-output-hk/daedalus/archive/2990f5a44189097b3de2e7e7a19caa8062a8ae7b.tar.gz",
-        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
-    },
-    "iohk-nix": {
-        "branch": "master",
-        "description": "nix scripts shared across projects",
-        "homepage": null,
-        "owner": "input-output-hk",
-        "repo": "iohk-nix",
-        "rev": "df1da282f996ec46b33379407df99613a1fbafdd",
-        "sha256": "0vpcyrswxkynn2q37qsrhvf62whk2ijpcwqnamxcchcq6lwfpn0l",
-        "type": "tarball",
-        "url": "https://github.com/input-output-hk/iohk-nix/archive/df1da282f996ec46b33379407df99613a1fbafdd.tar.gz",
-        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
-    },
-    "mcwhirter-io": {
-        "branch": "consensus",
-        "rev": "a53a2f8a8a23eb0579ba6d0ec1c6e749bfcf8467",
-        "sha256": "1b72841hbj6wqsb37ma4y148lx287qjmcbr9p1dbzras6k4xvdlz",
-        "type": "tarball",
-        "url": "https://source.mcwhirter.io/craige/mcwhirter.io/archive/a53a2f8a8a23eb0579ba6d0ec1c6e749bfcf8467.tar.gz",
-        "url_template": "https://source.mcwhirter.io/craige/mcwhirter.io/archive/<rev>.tar.gz"
-    },
-    "niv": {
-        "branch": "master",
-        "description": "Easy dependency management for Nix projects",
-        "homepage": "https://github.com/nmattia/niv",
-        "owner": "nmattia",
-        "repo": "niv",
-        "rev": "82e5cd1ad3c387863f0545d7591512e76ab0fc41",
-        "sha256": "090l219mzc0gi33i3psgph6s2pwsc8qy4lyrqjdj4qzkvmaj65a7",
-        "type": "tarball",
-        "url": "https://github.com/nmattia/niv/archive/82e5cd1ad3c387863f0545d7591512e76ab0fc41.tar.gz",
-        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
-    },
-    "nixos2111": {
-        "branch": "nixos-21.11",
-        "description": "Nix Packages collection",
-        "homepage": "",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "63198c9ccefdbd337cef0d85db0ea2689f4ce418",
-        "sha256": "05gc6xyv8a2dppngm1q44j85j769lr90lg20s6jv62gfg344i50r",
-        "type": "tarball",
-        "url": "https://github.com/nixos/nixpkgs/archive/63198c9ccefdbd337cef0d85db0ea2689f4ce418.tar.gz",
-        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
-    },
-    "nixpkgs": {
-        "branch": "nixos-23.05",
-        "builtin": false,
-        "description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
-        "homepage": "https://github.com/NixOS/nixpkgs",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "da4024d0ead5d7820f6bd15147d3fe2a0c0cec73",
-        "sha256": "1y12a4hgxx2lixrcbyhycwxvrrfik1lxjnwkprar0r6173rwy9ax",
-        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/da4024d0ead5d7820f6bd15147d3fe2a0c0cec73.tar.gz",
-        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
-    },
-    "nixpkgsUnstable": {
-        "branch": "nixos-unstable",
-        "description": "Nix Packages collection",
-        "homepage": "",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb",
-        "sha256": "0992mbqdvvkxy1gz8bzmqdx3kz5and17xik6d836p65vkll64ksz",
-        "type": "tarball",
-        "url": "https://github.com/nixos/nixpkgs/archive/85f1ba3e51676fa8cc604a3d863d729026a6b8eb.tar.gz",
-        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
-    }
-}

nix/sources.nix

@@ -1,141 +0,0 @@
-# This file has been generated by Niv.
-let
-  #
-  # The fetchers. fetch_<type> fetches specs of type <type>.
-  #
-  fetch_file = pkgs: spec:
-    if spec.builtin or true
-    then builtins_fetchurl {inherit (spec) url sha256;}
-    else pkgs.fetchurl {inherit (spec) url sha256;};
-
-  fetch_tarball = pkgs: spec:
-    if spec.builtin or true
-    then builtins_fetchTarball {inherit (spec) url sha256;}
-    else pkgs.fetchzip {inherit (spec) url sha256;};
-
-  fetch_git = spec:
-    builtins.fetchGit {
-      url = spec.repo;
-      inherit (spec) rev ref;
-    };
-
-  fetch_builtin-tarball = spec:
-    builtins.trace ''
-      WARNING:
-        The niv type "builtin-tarball" will soon be deprecated. You should
-        instead use `builtin = true`.
-
-        $ niv modify <package> -a type=tarball -a builtin=true
-    ''
-    builtins_fetchTarball {inherit (spec) url sha256;};
-
-  fetch_builtin-url = spec:
-    builtins.trace ''
-      WARNING:
-        The niv type "builtin-url" will soon be deprecated. You should
-        instead use `builtin = true`.
-
-        $ niv modify <package> -a type=file -a builtin=true
-    '' (builtins_fetchurl {inherit (spec) url sha256;});
-
-  #
-  # Various helpers
-  #
-
-  # The set of packages used when specs are fetched using non-builtins.
-  mkPkgs = sources: let
-    sourcesNixpkgs =
-      import (builtins_fetchTarball {inherit (sources.nixpkgs) url sha256;})
-      {};
-    hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
-    hasThisAsNixpkgsPath = <nixpkgs> == ./.;
-  in
-    if builtins.hasAttr "nixpkgs" sources
-    then sourcesNixpkgs
-    else if hasNixpkgsPath && !hasThisAsNixpkgsPath
-    then import <nixpkgs> {}
-    else
-      abort ''
-        Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
-        add a package called "nixpkgs" to your sources.json.
-      '';
-
-  # The actual fetching function.
-  fetch = pkgs: name: spec:
-    if !builtins.hasAttr "type" spec
-    then abort "ERROR: niv spec ${name} does not have a 'type' attribute"
-    else if spec.type == "file"
-    then fetch_file pkgs spec
-    else if spec.type == "tarball"
-    then fetch_tarball pkgs spec
-    else if spec.type == "git"
-    then fetch_git spec
-    else if spec.type == "builtin-tarball"
-    then fetch_builtin-tarball spec
-    else if spec.type == "builtin-url"
-    then fetch_builtin-url spec
-    else
-      abort
-      "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
-
-  # Ports of functions for older nix versions
-
-  # a Nix version of mapAttrs if the built-in doesn't exist
-  mapAttrs =
-    builtins.mapAttrs
-    or (f: set:
-      with builtins;
-        listToAttrs (map (attr: {
-          name = attr;
-          value = f attr set.${attr};
-        }) (attrNames set)));
-
-  # fetchTarball version that is compatible between all the versions of Nix
-  builtins_fetchTarball = {
-    url,
-    sha256,
-  } @ attrs: let
-    inherit (builtins) lessThan nixVersion fetchTarball;
-  in
-    if lessThan nixVersion "1.12"
-    then fetchTarball {inherit url;}
-    else fetchTarball attrs;
-
-  # fetchurl version that is compatible between all the versions of Nix
-  builtins_fetchurl = {
-    url,
-    sha256,
-  } @ attrs: let
-    inherit (builtins) lessThan nixVersion fetchurl;
-  in
-    if lessThan nixVersion "1.12"
-    then fetchurl {inherit url;}
-    else fetchurl attrs;
-
-  # Create the final "sources" from the config
-  mkSources = config:
-    mapAttrs (name: spec:
-      if builtins.hasAttr "outPath" spec
-      then
-        abort
-        "The values in sources.json should not have an 'outPath' attribute"
-      else spec // {outPath = fetch config.pkgs name spec;})
-    config.sources;
-
-  # The "config" used by the fetchers
-  mkConfig = {
-    sourcesFile ? ./sources.json,
-    sources ? builtins.fromJSON (builtins.readFile sourcesFile),
-    pkgs ? mkPkgs sources,
-  }: rec {
-    # The sources, i.e. the attribute set of spec name to spec
-    inherit sources;
-
-    # The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers
-    inherit pkgs;
-  };
-in
-  mkSources (mkConfig {})
-  // {
-    __functor = _: settings: mkSources (mkConfig settings);
-  }

nixops.nix

@@ -1,33 +0,0 @@
-# NixOps configuration for the mio-ops nodes
-{
-  network = {
-    description = "mio-ops nodes";
-    enableRollback = true;
-  };
-
-  network.storage.legacy = {databasefile = "~/.nixops/deployments.nixops";};
-
-  defaults = {
-    config,
-    pkgs,
-    lib,
-    ...
-  }: {
-    system.autoUpgrade.enable = false; # Disabled as it conflicts with NixOps
-  };
-
-  airgead = import hosts/airgead.nix;
-  brighde = import hosts/brighde.nix;
-  ceilidh = import hosts/ceilidh.nix;
-  cuallaidh = import hosts/cuallaidh.nix;
-  dhu = import hosts/dhu.nix;
-  dionach = import hosts/dionach.nix;
-  iolear-beag = import hosts/iolear-beag.nix;
-  doilidh = import hosts/doilidh.nix;
-  eamhair = import hosts/eamhair.nix;
-  buaidheach = import hosts/buaidheach.nix;
-  ceitidh = import hosts/ceitidh.nix;
-  paidh-uachdar = import hosts/paidh-uachdar.nix;
-  sithlainnir = import hosts/sithlainnir.nix;
-  teintidh = import hosts/teintidh.nix;
-}

outputs.nix

@@ -0,0 +1,189 @@
+{
+  self,
+  cardano-node,
+  colmena,
+  cosmicDesktop,
+  daedalus,
+  nix,
+  nixpkgs,
+  nixpkgsUnstable,
+  ragenix,
+  utils,
+  ...
+} @ inputs:
+(utils.lib.eachDefaultSystem (system: let
+  deploymentName = "mio-ops";
+  pkgs = nixpkgs.legacyPackages."${system}";
+  nix_path = "nixpkgs=${nixpkgs}";
+in {
+  devShell =
+    pkgs.callPackage
+    ./shell.nix {
+      inherit (colmena.packages."${pkgs.system}") colmena;
+      inherit (nix.packages."${pkgs.system}") nix;
+      inherit (ragenix.packages."${pkgs.system}") ragenix;
+      inherit deploymentName;
+      inherit nix_path;
+    };
+}))
+// {
+  colmena = {
+    meta = {
+      description = "mio-ops deployment";
+      name = "deploymentName";
+      nixpkgs = import nixpkgs {
+        system = "x86_64-linux";
+        overlays = [];
+      };
+    };
+    defaults = {pkgs, ...}: {
+      imports = [
+        ./modules
+        cosmicDesktop.nixosModules.default
+      ];
+      # make flake inputs accessible in NixOS
+      _module.args.inputs = inputs;
+      nixpkgs.overlays = [
+        (super: self: {
+          inherit (nixpkgsUnstable.legacyPackages."${pkgs.system}") toxvpn;
+        })
+      ];
+      profiles.starship.enable = true;
+      profiles.toxvpn.enable = false;
+    };
+    # Comment out deployment line when building the SD Image.
+    airgead = {
+      imports = [
+        hosts/airgead
+        cardano-node.nixosModules.cardano-node
+        ragenix.nixosModules.default
+      ];
+      deployment = {
+        tags = ["active" "vps"];
+        targetHost = "172.105.187.96";
+      };
+    };
+    brighde = {
+      imports = [
+        hosts/brighde
+        ragenix.nixosModules.default
+      ];
+      deployment = {
+        tags = ["active"];
+        targetHost = "10.69.0.122";
+      };
+      roles.desktop.enable = true;
+    };
+    ceilidh = {
+      imports = [
+        hosts/ceilidh
+        ragenix.nixosModules.default
+      ];
+    };
+    cuallaidh = {
+      imports = [
+        hosts/cuallaidh
+        ragenix.nixosModules.default
+      ];
+      deployment = {
+        tags = ["active" "vps"];
+        targetHost = "172.105.171.16";
+      };
+    };
+    #dhu = {
+    #  imports = [
+    #    hosts/dhu
+    #    ragenix.nixosModules.default
+    #  ];
+    #};
+    dionach = {
+      imports = [
+        hosts/dionach
+        ragenix.nixosModules.default
+      ];
+      deployment = {
+        tags = ["active"];
+        targetHost = "10.42.0.190";
+      };
+    };
+    doilidh = {
+      imports = [
+        hosts/doilidh
+        ragenix.nixosModules.default
+      ];
+      deployment = {
+        tags = ["active" "rPi"];
+        targetHost = "10.69.0.204";
+      };
+    };
+    eamhair = {
+      imports = [
+        hosts/eamhair
+        ragenix.nixosModules.default
+      ];
+      deployment = {
+        tags = ["active" "rPi"];
+        targetHost = "10.69.0.205";
+      };
+      services.toxvpn.localip = "10.37.0.205";
+    };
+    iolear-beag = {
+      imports = [
+        hosts/iolear-beag
+        ragenix.nixosModules.default
+      ];
+      deployment = {
+        tags = ["inactive"];
+        targetHost = "10.42.0.127";
+      };
+    };
+    #paidh-uachdar = {
+    #  imports = [
+    #    hosts/paidh-uachdar
+    #    ragenix.nixosModules.default
+    #  ];
+    #};
+    sanganto = {
+      imports = [
+        hosts/sanganto
+        ragenix.nixosModules.default
+      ];
+      deployment.targetHost = "10.69.0.11";
+      roles.desktop.enable = true;
+      roles.desktopCraige.enable = true;
+      services.toxvpn.localip = "10.37.0.11";
+    };
+    sercanto = {
+      imports = [
+        hosts/sercanto
+        ragenix.nixosModules.default
+      ];
+      deployment = {
+        targetHost = "10.69.0.149";
+        tags = ["active"];
+      };
+      roles.desktop.enable = true;
+      roles.desktopCraige.enable = true;
+    };
+    sithlainnir = {
+      imports = [
+        hosts/sithlainnir
+        ragenix.nixosModules.default
+      ];
+      deployment = {
+        tags = ["inactive"];
+        targetHost = "10.42.0.114";
+      };
+    };
+    teintidh = {
+      imports = [
+        hosts/teintidh
+        ragenix.nixosModules.default
+      ];
+      deployment = {
+        tags = ["inactive"];
+        targetHost = "10.42.0.127";
+      };
+    };
+  };
+}

overlays/ncmpcpp.nix

@@ -0,0 +1,6 @@
+# Enable the visualiser in ncmpcpp
+self: super: {
+  ncmpcpp = super.ncmpcpp.override {
+    visualizerSupport = true;
+  };
+}

profiles/bash.nix

@@ -6,9 +6,6 @@
       export TERM="xterm-256color"
       test -r ~/.dir_colors && eval $(dircolors ~/.dir_colors)
     '';
-    promptInit = ''
-      eval "$(starship init bash)"
-    '';
     vteIntegration = true;
   };
 }

profiles/cardano-node.nix

@@ -1,19 +1,42 @@
 # NixOps configuration for the hosts running a Cardano node
 {
   config,
+  inputs,
   pkgs,
   lib,
   ...
 }: let
-  sources = import ../nix/sources.nix;
-  cardanoNodeProject = import (sources.cardano-node + "/nix") {
-    gitrev = sources.cardano-node.rev;
+  cardanoNodeProject = import (inputs.cardano-node + "/nix") {
+    gitrev = inputs.cardano-node.rev;
   };
-  iohkNix = import (sources.iohk-nix) {};
 in {
-  imports = [../secrets/cardano/producers.nix "${sources.cardano-node}/nix/nixos"];
+  age.secrets = {
+    cardano-kes = {
+      file = ../secrets/cardano/cardano-kes.age;
+      path = "/run/keys/cardano-kes";
+      owner = "cardano-node";
+      group = "cardano-node";
+      mode = "0600";
+    };
+    cardano-opcert = {
+      file = ../secrets/cardano/cardano-opcert.age;
+      path = "/run/keys/cardano-opcert";
+      owner = "cardano-node";
+      group = "cardano-node";
+      mode = "0600";
+    };
+    cardano-vrf = {
+      file = ../secrets/cardano/cardano-vrf.age;
+      path = "/run/keys/cardano-vrf";
+      owner = "cardano-node";
+      group = "cardano-node";
+      mode = "0600";
+    };
+  };
 
-  environment.systemPackages = [cardanoNodeProject.cardano-cli];
+  #imports = [../secrets/cardano/producers.nix];
+
+  environment.systemPackages = [inputs.cardano-node.packages.${pkgs.system}.cardano-cli];
 
   services = {
     cardano-node = {
@@ -21,8 +44,9 @@ in {
       environment = "mainnet";
       hostAddr = "0.0.0.0";
       nodeConfig =
-        iohkNix.cardanoLib.environments.mainnet.nodeConfig
+        inputs.cardano-node.environments.x86_64-linux.mainnet
         // {
+          Protocol = "Cardano";
           hasPrometheus = ["127.0.0.1" 12798];
           setupScribes = [
             {
@@ -33,9 +57,9 @@ in {
           ];
           defaultScribes = [["JournalSK" "cardano"]];
         };
-      kesKey = "/run/keys/cardano-kes";
-      vrfKey = "/run/keys/cardano-vrf";
-      operationalCertificate = "/run/keys/cardano-opcert";
+      kesKey = "${config.age.secrets.cardano-kes.path}";
+      vrfKey = "${config.age.secrets.cardano-vrf.path}";
+      operationalCertificate = "${config.age.secrets.cardano-opcert.path}";
     };
   };
 

profiles/coturn.nix

@@ -5,7 +5,14 @@
   lib,
   ...
 }: {
-  imports = [../secrets/coturn.nix];
+  age.secrets = {
+    coturn = {
+      file = ../secrets/coturn.age;
+      owner = "turnserver";
+      group = "turnserver";
+      mode = "0640";
+    };
+  };
 
   services = {
     coturn = {
@@ -20,6 +27,7 @@
       no-tcp-relay = true; # Disable TCP relay endpoints
       extraConfig = "\n        cipher-list=\"HIGH\"\n        no-loopback-peers\n        no-multicast-peers\n      ";
       secure-stun = true; # Require authentication of the STUN Binding request
+      static-auth-secret-file = config.age.secrets.coturn.path;
       cert = "/var/lib/acme/turn.mcwhirter.io/fullchain.pem";
       pkey = "/var/lib/acme/turn.mcwhirter.io/key.pem";
       min-port = 49152; # Lower bound of UDP relay endpoints

profiles/daedalus.nix

@@ -1,17 +1,14 @@
 # NixOps configuration for the hosts running Daedalus
 {
   config,
-  pkgs,
+  inputs,
   lib,
+  pkgs,
   ...
-}: let
-  sources = import ../nix/sources.nix;
-  daedalusProject = import sources.daedalus {};
-  daedalusMainnet = daedalusProject.daedalus;
-  #daedalusFlight = daedalusProject.daedalus {--argstr cluster mainnet_flight -o daedalusFlight};
-in {
+}: {
   environment.systemPackages = [
-    daedalusMainnet
-    #daedalusFlight
+    inputs.daedalus.packages."${pkgs.system}".daedalus-mainnet
+    #inputs.daedalus.packages."${pkgs.system}".daedalus-preprod
+    #inputs.daedalus.packages."${pkgs.system}".daedalus-preview
   ];
 }

profiles/desktopCraige.nix

@@ -1,26 +0,0 @@
-# Craige's desktop requirements
-{
-  config,
-  pkgs,
-  ...
-}: {
-  # Craige's Desktop Packages
-  imports = [
-    ../profiles/ebooks.nix
-    ../profiles/minecraftClient.nix
-    ../profiles/spotify.nix # Spotify settings
-  ];
-
-  environment.systemPackages = with pkgs; [
-    byobu # text-based window manager and terminal multiplexer.
-    caprine-bin # an elegant Facebook Messenger desktop app
-    firefox # A web browser built from Firefox source tree
-    gopass # password file manager
-    shared-mime-info # A database of common MIME types
-    sweethome3d.application # design and visualise homes
-    termonad # Terminal emulator configurable in Haskell
-    tor-browser-bundle-bin # Tor Browser Bundle built by torproject.org
-    whalebird # Mastodon client
-    yt-dlp # Command-line tool to download videos
-  ];
-}

profiles/desktopFiona.nix

@@ -6,7 +6,7 @@
 }: {
   # Fiona's Desktop Packages
   environment.systemPackages = with pkgs; [
-    slack-dark # Slack desktop client
+    slack # Slack desktop client
     zoom-us # zoom.us video conferencing application
   ];
 }

profiles/desktop_common.nix

@@ -1,5 +1,6 @@
 # Common configuration for MIO desktops
 {
+  inputs,
   config,
   pkgs,
   ...
@@ -11,12 +12,8 @@
     ../profiles/daedalus.nix
     ../profiles/openssh.nix
     ../profiles/powerManagement.nix
-    ../secrets/user-craige.nix
-    ../secrets/user-fiona.nix
-    ../secrets/user-hamish.nix
-    ../secrets/user-logan.nix
-    ../secrets/user-root.nix
-    ../secrets/user-xander.nix
+    ../profiles/users-core.nix
+    ../profiles/users.nix
   ];
 
   # Common Desktop Packages
@@ -25,12 +22,13 @@
     chromium
     element-desktop # A feature-rich client for Matrix.org
     librewolf # Firefox fork, focused on privacy, security and freedom
-    gnome.gnome-tweaks # A tool to customize advanced GNOME 3 options
+    gnome-tweaks # A tool to customize advanced GNOME 3 options
     krita # A free and open source painting application
     libreoffice-fresh
     mplayer # A movie player that supports many video formats
     nextcloud-client # Nextcloud desktop client
     pwgen # Password generator
+    rsync
     shotwell # Photo organizer
     signal-desktop # Private, simple, and secure messenger
     usbutils # Tools for working with USB devices, such as lsusb
@@ -46,6 +44,16 @@
       true; # A daemon for delivering ACPI events to userspace programs
     blueman.enable = true; # GTK-based Bluetooth Manager
     devmon.enable = true; # Enable external device automounting.`
+    displayManager = {
+      defaultSession = "pantheon"; # Set GNOME as the default session
+    };
+    libinput = {
+      enable = true; # Enable touchpad support.
+      touchpad = {
+        tapping = true;
+        tappingButtonMap = "lrm"; # Set the touchpad button mappeing
+      };
+    };
     udev.packages = [
       pkgs.android-udev-rules # Android udev rules list
     ];
@@ -63,25 +71,30 @@
         pantheon.enable = true; # Enable Pantheon desktop environment
       };
       displayManager = {
-        defaultSession = "pantheon"; # Set GNOME as the default session
         gdm.enable = false; # Enable the GNOME display manager
         lightdm.greeters.pantheon.enable = true;
       };
-      libinput.enable = true; # Enable touchpad support.
+    };
+
+    pipewire = {
+      enable = true;
+      alsa = {
+        enable = true;
+        support32Bit = true;
+      };
+      pulse.enable = true;
     };
   };
 
-  sound.enable = true; # Enable sound.
+  security.rtkit.enable = true; # realtime scheduling for sound
 
   # Configure common hardware settings
   hardware = {
     pulseaudio = {
-      enable = true;
-      package = pkgs.pulseaudioFull;
+      enable = false;
     };
     bluetooth = {
       enable = true; # Enable bluetooth
-      hsphfpd.enable = true;
       settings = {
         General = {
           Enable = "Source,Sink,Media,Socket";
@@ -90,7 +103,7 @@
         Policy = {AutoEnable = "true";};
       };
     };
-    opengl.enable = true;
+    graphics.enable = true;
   };
 
   # Configure libreWolf and Chromium

profiles/forgejo.nix

@@ -1,121 +0,0 @@
-# NixOps configuration for the hosts running Forgejo
-{
-  config,
-  pkgs,
-  lib,
-  sources,
-  ...
-}: let
-  sources = import ../nix/sources.nix;
-  unstable = import sources.nixpkgsUnstable {};
-in {
-  services.gitea = {
-    enable = true; # Enable Forgejo
-    appName = "mcwhirter.io: Forgejo Service"; # Give the site a name
-    database = {
-      type = "postgres"; # Database type
-      passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password
-    };
-    disableRegistration = true;
-    domain = "source.mcwhirter.io"; # Domain name
-    rootUrl = "https://source.mcwhirter.io/"; # Root web URL
-    httpPort = 3002; # Provided unique port
-    package = pkgs.forgejo; # a soft fork of gitea
-    settings = let
-      docutils = pkgs.python39.withPackages (ps:
-        with ps; [
-          docutils # Provides rendering of ReStructured Text files
-          pygments # Provides syntax highlighting
-        ]);
-    in {
-      mailer = {
-        ENABLED = true;
-        FROM = "gitea@mcwhirter.io";
-      };
-      repository = {DEFAULT_BRANCH = "consensus";};
-      service = {REGISTER_EMAIL_CONFIRM = true;};
-      "markup.restructuredtext" = {
-        ENABLED = true;
-        FILE_EXTENSIONS = ".rst";
-        RENDER_COMMAND = "${docutils}/bin/rst2html.py";
-        IS_INPUT_FILE = false;
-      };
-      ui = {
-        DEFAULT_THEME = "forgejo-auto"; # Set the default theme
-        THEMES = "forgejo-auto,forgejo-light,forgejo-dark,auto,arc-green,gitea";
-      };
-    };
-  };
-
-  systemd = {
-    services = {
-      gitea = {
-        # Ensure gitea starts after nixops keys are loaded
-        after = ["gitea-dbpass-key.service"];
-        wants = ["gitea-dbpass-key.service"];
-      };
-    };
-  };
-
-  services.postgresql = {
-    enable = true; # Ensure postgresql is enabled
-    authentication = ''
-      local gitea all ident map=gitea-users
-    '';
-    identMap =
-      # Map the gitea user to postgresql
-      ''
-        gitea-users gitea gitea
-      '';
-    ensureDatabases = ["gitea"]; # Ensure the database persists
-    ensureUsers = [
-      {
-        name = "gitea"; # Ensure the database user persists
-        ensurePermissions = {
-          # Ensure the database permissions persist
-          "DATABASE gitea" = "ALL PRIVILEGES";
-          "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
-        };
-      }
-    ];
-  };
-
-  services.postgresqlBackup.databases = ["gitea"];
-
-  services.nginx = {
-    enable = true; # Enable Nginx
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-    virtualHosts."source.mcwhirter.io" = {
-      # Forgejo hostname
-      enableACME = true; # Use ACME certs
-      forceSSL = true; # Force SSL
-      locations."/".proxyPass = "http://localhost:3002/"; # Proxy Forgejo
-    };
-    virtualHosts."git.mcwhirter.io" = {
-      # Hostname to be redirected
-      enableACME = true; # Use ACME certs
-      forceSSL = true; # Force SSL
-      globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host
-    };
-    virtualHosts."code.mcwhirter.io" = {
-      # Hostname to be redirected
-      enableACME = true; # Use ACME certs
-      forceSSL = true; # Force SSL
-      globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host
-    };
-  };
-
-  security.acme = {
-    acceptTerms = true;
-    certs = {
-      "code.mcwhirter.io".email = "craige@mcwhirter.io";
-      "git.mcwhirter.io".email = "craige@mcwhirter.io";
-      "source.mcwhirter.io".email = "craige@mcwhirter.io";
-    };
-  };
-
-  users.groups.keys.members = ["gitea"]; # Required due to NixOps issue #1204
-}

profiles/games-kids.nix

@@ -2,11 +2,9 @@
 {
   config,
   pkgs,
+  nixpkgsUnstable,
   ...
-}: let
-  sources = import ../nix/sources.nix;
-  unstable = import sources.nixpkgsUnstable {};
-in {
+}: {
   imports = [
     ../profiles/minecraftClient.nix # Play Minecraft :-)
   ];
@@ -20,7 +18,6 @@ in {
     freeciv # Multiplayer (or single player), turn-based strategy game
     freedroidrpg # Isometric 3D RPG similar to game Diablo
     gcompris # Educational software suite, kids aged 2 to 10
-    unstable.grapejuice # Simple Wine+Roblox management tool
     #lincity_ng      # City building game
     meritous # Action-adventure dungeon crawl game
     minetest # Infinite-world block sandbox game

profiles/gitea_home.nix

@@ -1,76 +0,0 @@
-# NixOps configuration for the hosts running Gitea
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}: {
-  services.gitea = {
-    enable = true; # Enable Gitea
-    appName = "taigh,mcwhirter.io: Gitea Service"; # Give the site a name
-    database = {
-      type = "postgres"; # Database type
-      passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password
-    };
-    domain = "source.taigh.mcwhirter.io"; # Domain name
-    rootUrl = "http://source.taigh.mcwhirter.io/"; # Root web URL
-    httpPort = 3001; # Provided unique port
-    extraConfig = let
-      docutils = pkgs.python37.withPackages (ps:
-        with ps; [
-          docutils # Provides rendering of ReStructured Text files
-          pygments # Provides syntax highlighting
-        ]);
-    in ''
-      [mailer]
-      ENABLED = true
-      FROM = "gitea@mcwhirter.io"
-      [service]
-      REGISTER_EMAIL_CONFIRM = true
-      [markup.restructuredtext]
-      ENABLED = true
-      FILE_EXTENSIONS = .rst
-      RENDER_COMMAND = ${docutils}/bin/rst2html.py
-      IS_INPUT_FILE = false
-    '';
-  };
-
-  services.postgresql = {
-    enable = true; # Ensure postgresql is enabled
-    authentication = ''
-      local gitea all ident map=gitea-users
-    '';
-    identMap =
-      # Map the gitea user to postgresql
-      ''
-        gitea-users gitea gitea
-      '';
-  };
-
-  services.nginx = {
-    enable = true; # Enable Nginx
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    recommendedProxySettings = true;
-    #recommendedTlsSettings = true;
-    virtualHosts."source.taigh.mcwhirter.io" = {
-      # Gitea hostname
-      #enableACME = true;                                    # Use ACME certs
-      #forceSSL = true;                                      # Force SSL
-      locations."/".proxyPass = "http://localhost:3001/"; # Proxy Gitea
-    };
-  };
-
-  # Configure firewall defaults:
-  networking = {
-    firewall = {
-      enable = true;
-      allowedTCPPorts = [80];
-      trustedInterfaces = ["lo"];
-    };
-  };
-
-  #security.acme.certs = {
-  #    "source.mcwhirter.io".email = "craige@mcwhirter.io";
-  #};
-}

profiles/host_common.nix

@@ -10,7 +10,6 @@
     ./chrony.nix
     ../profiles/neovim.nix
     ../profiles/logrotate.nix
-    ../profiles/starship.nix
     ./tmux.nix
     ./zsh.nix
   ];
@@ -26,7 +25,8 @@
   # Set the defaul console properties
   console = {
     keyMap = "us"; # Set the default console key map
-    font = "ter-powerline-v16Rv"; # Set the default console font
+    font = "ter-powerline-v32n"; # Set the default console font
+    packages = with pkgs; [powerline-fonts];
   };
 
   time.timeZone = "Australia/Brisbane"; # Set your preferred timezone:
@@ -37,12 +37,15 @@
   security.sudo.wheelNeedsPassword = false;
 
   # Configure and install required fonts
-  fonts.enableDefaultFonts = true;
-  fonts.fontDir.enable = true;
-  fonts.fonts = with pkgs; [
-    powerline-fonts # Required for Powerline prompts
-  ];
-  fonts.fontconfig.includeUserConf = false;
+  fonts = {
+    enableDefaultPackages = true;
+    fontDir.enable = true;
+    packages = with pkgs; [
+      powerline-fonts # Required for Powerline prompts
+      powerline-symbols # Powerline symbols
+    ];
+    fontconfig.includeUserConf = false;
+  };
 
   # Adapted from gchristensen and clever
   nix = {

profiles/iog.nix

@@ -1,36 +1,32 @@
 # NixOps configuration for the hosts utilising IOHK resources
 {
   config,
+  inputs,
   pkgs,
   lib,
   ...
 }: let
-  sources = import ../nix/sources.nix;
-  nixVersion = (import sources.nixpkgs {}).nixVersions.nix_2_13;
+  nix = inputs.nix.packages."${pkgs.system}".nix;
 in {
   imports = [../profiles/terminal-recording.nix ../profiles/nix-direnv.nix];
 
   nix = {
-    package = nixVersion;
+    package = nix;
     settings = {
+      netrc-file = "/home/craige/.netrc";
       substituters = [
+        "https://runner.blockfrost.io/bin-cache"
         "https://cache.nixos.org"
-        "https://erc20.cachix.org"
         "https://cache.iog.io"
-        "s3://iohk-vit-bitte/infra/binary-cache/?region=eu-central-1"
       ];
       trusted-public-keys = [
         "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
-        "erc20.cachix.org-1:SSf1RXfccF4/rwiwgBrbV7n8EBn0xciuU/TMdtor8LE="
         "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ="
         "iohk.cachix.org-1:DpRUyj7h7V830dp/i6Nti+NEO2/nhblbov/8MW7Rqoo="
-        "vit-testnet-0:0lvkEoYh+XrBh7pr4bXjsUisUkUxsyLvvWBIJwym/RM="
+        "runner1:W6f2fUzWauzS9ruoN0WHFGtPJnqngUbqgD5oqCMsoJg=" # runner.blockfrost.io
       ];
+      experimental-features = ["nix-command" "flakes"];
     };
-    extraOptions = ''
-      #repeat = 1   # Ensure reproducibility of builds
-      experimental-features = nix-command flakes
-    '';
   };
 
   # Set the system-wide environment
@@ -41,7 +37,6 @@ in {
       brave # Privacy-oriented browser
       buildkite-agent # Buildkite for IOHK
       cue # A data constraint language
-      discord # cross-platform voice and text chat
       docker # Pack, ship and run any application as a lightweight container
       docker-compose # Multi-container orchestration for Docker
       freerdp # A Remote Desktop Protocol Client, xfreerdp
@@ -51,10 +46,9 @@ in {
       jq # A lightweight and flexible command-line JSON processor
       keybase-gui # The Keybase official client
       magic-wormhole # Securely transfer data between computers
-      python38Packages.grip # Preview GitHub Markdown files like locally
       s3fs # Mount an S3 bucket as filesystem through FUSE
       shellcheck # Shell script analysis tool
-      slack-dark # Slack desktop client
+      slack # Slack desktop client
       xxd # make a hexdump or do the reverse
     ];
     variables = {
@@ -66,9 +60,6 @@ in {
 
   services = {
     keybase.enable = true;
-    #postgresql = {
-    #  enable = true;                  # Ensure postgresql is enabled
-    #  package = pkgs.postgresql_10;   # Set the required version, if needed
   };
 
   users.groups.docker.members = ["craige"];

profiles/ipv6.nix

@@ -0,0 +1,12 @@
+# NixOps configuration for the hosts running a TURN server (coturn)
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  networking = {
+    enableIPv6 = true;
+    tempAddresses = "disabled";
+  };
+}

profiles/mastodon.nix

@@ -17,6 +17,7 @@
       extraConfig = {
         WEB_DOMAIN = "social.mcwhirter.io";
       };
+      streamingProcesses = 5;
     };
   };
 
@@ -30,6 +31,8 @@
       # Required to redirect requests to the mastodon service
       "mcwhirter.io" = {
         locations."/.well-known/host-meta".extraConfig = "return 301 $scheme://social.mcwhirter.io$request_uri;";
+        enableACME = true; # Use ACME certs
+        forceSSL = true; # Force SSL
       };
       "social.mcwhirter.io" = {
         enableACME = true; # Use ACME certs

profiles/matrix.nix

@@ -5,8 +5,6 @@
   lib,
   ...
 }: {
-  imports = [../secrets/matrix.nix];
-
   i18n = {
     extraLocaleSettings = {
       LC_COLLATE = "C.UTF-8"; # Ensure correct locale for postgres
@@ -66,7 +64,7 @@
         server_name = "mcwhirter.io"; # Server's public domain name
         tls_certificate_path = "/var/lib/acme/mcwhirter.io/fullchain.pem";
         tls_private_key_path = "/var/lib/acme/mcwhirter.io/key.pem";
-        turn_shared_secret = "IZI43ylg6aJdMwy5MyhUPqT8SJD4C3P1vDcIFMzqGvTXJiCjAEvnPcDCBZfig5Q6";
+        turn_shared_secret = "${config.services.coturn.static-auth-secret-file}";
         turn_uris = [
           "turn:turn.mcwhirter.io:5349?transport=udp"
           "turn:turn.mcwhirter.io:5350?transport=udp"
@@ -129,11 +127,7 @@
       ensureUsers = [
         {
           name = "matrix-synapse"; # Ensure the database user persists
-          ensurePermissions = {
-            # Ensure the database permissions persist
-            "DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES";
-            "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
-          };
+          ensureDBOwnership = true;
         }
       ];
       # Initial database creation

profiles/mcwhirter.io.nix

@@ -4,8 +4,8 @@
   pkgs,
   ...
 }: let
-  sources = import ../nix/sources.nix;
-  mcwhirter-io = import sources.mcwhirter-io {};
+  #sources = import ../nix/sources.nix;
+  #mcwhirter-io = import sources.mcwhirter-io {};
   webdomain = "mcwhirter.io";
 in {
   environment.sessionVariables = {
@@ -23,7 +23,7 @@ in {
         # website hostname
         enableACME = true; # Use ACME certs
         forceSSL = true; # Force SSL
-        root = "${mcwhirter-io}"; # Wesbite root
+        #root = "${mcwhirter-io}"; # Wesbite root
       };
       "www.${webdomain}" = {
         # Respect our elders :-)

profiles/neovim.nix

@@ -11,6 +11,8 @@
       configure = {
         packages.myPlugins = with pkgs.vimPlugins; {
           start = [
+            ale # Asynchronous Lint Engine
+            deoplete-nvim # an extensible and asynchronous completion framework
             formatter-nvim # A format runner for neovim
             fugitive # Vim Git wrapper
             fzf-vim # Full path fuzzy file, buffer, mru, tag, finder for Vim
@@ -18,15 +20,15 @@
             indentLine # Display thin vertical lines at each indentation level
             lualine-nvim
             YouCompleteMe # A code-completion engine for Vim
+            neomake # asynchronously run programs like vim-terraform
             nerdcommenter # Comment functions so powerful—no comment necessary
             nerdtree # File system explorer
             nerdtree-git-plugin # Plugin for nerdtree showing git status
             nvim-treesitter # configurations and abstraction layer for Neovim.
             onedarkpro-nvim # Dark and light themes for Neovim
-            #statix                # Lints and suggestions for the nix programming language
             supertab # Allows you to use <Tab> for all your insert completion
-            syntastic # Syntax checking hacks
-            vim-addon-nix # Scripts assisting writing .nix files
+            vim-terraform # tab completion, syntax highlighting, indentation
+            vim-terraform-completion
             vim-cue # Cue filetype plugin for Vim
             vim-lastplace
             vim-markdown-toc # Generate table of contents for Markdown files
@@ -327,6 +329,7 @@
                 javascript = treefmt,
                 lua = treefmt,
                 mint = treefmt,
+                markdown = treefmt,
                 nix = treefmt,
                 rego = treefmt,
                 ruby = treefmt,

profiles/nextcloud.nix

@@ -5,8 +5,22 @@
   lib,
   ...
 }: {
-  imports = [../secrets/nextcloud.nix];
-
+  age.secrets = {
+    nextcloud-dbpass = {
+      file = ../secrets/nextcloud-dbpass.age;
+      path = "/run/keys/nextcloud-dbpass";
+      mode = "0640";
+      owner = "nextcloud";
+      group = "nextcloud";
+    };
+    nextcloud-adminpass = {
+      file = ../secrets/nextcloud-adminpass.age;
+      path = "/run/keys/nextcloud-adminpass";
+      mode = "0640";
+      owner = "nextcloud";
+      group = "nextcloud";
+    };
+  };
   services.nextcloud = {
     enable = true; # Enable Nextcloud
     hostName = "cloud.mcwhirter.io"; # FQDN for the Nextcloud instance
@@ -17,18 +31,23 @@
       dbname = "nextcloud"; # Set the database name
       dbhost = "/run/postgresql"; # Set the database connection
       dbuser = "nextcloud"; # Set the database user
-      dbpassFile = "/run/keys/nextcloud-dbpass"; # Where to find the database password
-      adminpassFile = "/run/keys/nextcloud-admin"; # Where to find the admin password
+      dbpassFile = config.age.secrets.nextcloud-dbpass.path;
+      adminpassFile = config.age.secrets.nextcloud-adminpass.path;
       adminuser = "root"; # Set the admin user name
-      overwriteProtocol = "https"; # Force Nextcloud to always use HTTPS
-      defaultPhoneRegion = "AU"; # Country code for automatic phone-number detection
     };
     autoUpdateApps = {
       enable = true; # Run regular auto update of all apps installed
       startAt = "01:00:00"; # When to run the update
     };
-    enableBrokenCiphersForSSE = false; # force upgrade to SSL v3
-    package = pkgs.nextcloud27;
+    package = pkgs.nextcloud30;
+    extraApps = with config.services.nextcloud.package.packages.apps; {
+      inherit bookmarks calendar contacts deck gpoddersync news notes tasks twofactor_webauthn;
+    };
+    extraAppsEnable = true;
+    settings = {
+      default_phone_region = "AU"; # Country code for automatic phone-number detection
+      overwriteprotocol = "https"; # Force Nextcloud to always use HTTPS
+    };
   };
 
   systemd = {
@@ -43,15 +62,19 @@
 
   services.postgresql = {
     enable = true; # Ensure postgresql is enabled
+    authentication = ''
+      local nextcloud all ident map=nextcloud-users
+    '';
+    identMap =
+      # Map the nextcloud user to postgresql
+      ''
+        nextcloud-users nextcloud nextcloud
+      '';
     ensureDatabases = ["nextcloud"]; # Ensure the database persists
     ensureUsers = [
       {
         name = "nextcloud"; # Ensure the database user persists
-        ensurePermissions = {
-          # Ensure the database permissions persist
-          "DATABASE nextcloud" = "ALL PRIVILEGES";
-          "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
-        };
+        ensureDBOwnership = true;
       }
     ];
   };
@@ -70,7 +93,8 @@
       forceSSL = true; # Force SSL
     };
     virtualHosts."owncloud.mcwhirter.io" = {
-      # Hostname to be redirected
+      enableACME = true;
+      forceSSL = true;
       globalRedirect = "cloud.mcwhirter.io"; # Redirect permanently to the host
     };
   };
@@ -83,7 +107,10 @@
 
   security.acme = {
     acceptTerms = true;
-    certs = {"cloud.mcwhirter.io" = {email = "craige@mcwhirter.io";};};
+    certs = {
+      "cloud.mcwhirter.io" = {email = "craige@mcwhirter.io";};
+      "owncloud.mcwhirter.io" = {email = "craige@mcwhirter.io";};
+    };
   };
 
   users.groups.keys.members = ["nextcloud"]; # Required due to NixOps issue #1204

profiles/nix-community.nix

@@ -1,6 +1,10 @@
 # Use the Nix community aarch64 server as a build server
 # https://github.com/nix-community/aarch64-build-box
 {
+  programs.ssh.knownHosts."aarch64.nixos.community" = {
+    publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUTz5i9u5H2FHNAmZJyoJfIGyUm/HfGhfwnc142L3ds";
+  };
+
   nix = {
     distributedBuilds = true;
     buildMachines = [

profiles/nix-direnv.nix

@@ -23,7 +23,7 @@
 
   nixpkgs.overlays = [
     (self: super: {
-      nix-direnv = super.nix-direnv.override {enableFlakes = true;};
+      #nix-direnv = super.nix-direnv.override {enableFlakes = true;};
     })
   ];
 }

profiles/nixpkgs-dev.nix

@@ -4,28 +4,21 @@
   pkgs,
   lib,
   ...
-}:
-#let
-#  sources = import ../nix/sources.nix;
-#  unstable = import sources.nixpkgsUnstable {};
-#in
-{
+}: {
   nixpkgs = {config = {allowUnfree = true;};};
 
   environment = {
     systemPackages = with pkgs; [
       cabal2nix # Convert Cabal files into Nix build instructions
-      nixfmt # An opinionated formatter for Nix
+      nixfmt-rfc-style # An opinionated formatter for Nix
       nix-prefetch-github # Prefetch sources from github
       nix-prefetch-git # Prefetch sources from git
-      nix-review # Review pull-requests on https://github.com/NixOS/nixpkgs
+      nixpkgs-review # Review pull-requests on https://github.com/NixOS/nixpkgs
       nix-top # Tracks what nix is building
-      nix-universal-prefetch # Uses nixpkgs fetchers to figure out hashes
       nodePackages.node2nix # Generate Nix expressions to build NPM packages
       nox # Tools to make Nix nicer
       sqlite # To query the nixpkgs sqlite database
       tig # Text-mode interface for git
-      #unstable.statix          # Lints and suggestions for the nix programming language
     ];
   };
 }

profiles/pantheon.nix

@@ -0,0 +1,24 @@
+# Configuration for my pantheon desktop requirements
+{
+  config,
+  pkgs,
+  ...
+}: {
+  services = {
+    libinput.enable = true; # Enable touchpad support.
+    pantheon = {
+      apps.enable = true;
+      contractor.enable = true;
+    };
+    xserver = {
+      enable = true; # Enable the X11 windowing system.
+      desktopManager = {
+        pantheon.enable = true;
+      };
+    };
+  };
+  programs = {
+    dconf.enable = true;
+    pantheon-tweaks.enable = true; # additional system settings
+  };
+}

profiles/pipewire.nix

@@ -0,0 +1,30 @@
+# Common configuration for pipewire on MIO desktops
+{
+  config,
+  pkgs,
+  ...
+}: {
+  security.rtkit.enable = true;
+
+  services = {
+    pipewire = {
+      enable = true;
+      alsa.enable = true;
+      alsa.support32Bit = true;
+      pulse.enable = true;
+    };
+  };
+
+  environment.etc = {
+    "wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
+      bluez_monitor.properties = {
+      	["bluez5.enable-sbc-xq"] = true,
+      	["bluez5.enable-msbc"] = true,
+      	["bluez5.enable-hw-volume"] = true,
+      	["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
+      }
+    '';
+  };
+
+  hardware.pulseaudio.enable = false;
+}

profiles/powerManagement.nix

@@ -13,10 +13,16 @@
 
   services = {
     logind = {
-      lidSwitch = "hibernate";
+      lidSwitch = "suspend-then-hibernate";
       lidSwitchDocked = "ignore";
+      # powerKey = "suspend-then-hibernate"; # Enable in 23.11
+      extraConfig = ''
+        HandlePowerKey=suspend-then-hibernate
+        IdleAction=suspend-then-hibernate
+        IdleActionSec=10m
+      '';
     };
-    tlp.enable = false;
+    thermald.enable = true;
     upower = {
       enable = true; # Enable application power managemetn support
       percentageCritical = 15;
@@ -24,4 +30,14 @@
       criticalPowerAction = "Hibernate";
     };
   };
+
+  programs.xss-lock = {
+    enable = true;
+    lockerCommand = "${pkgs.xscreensaver}/bin/screensaver-command -lock";
+    extraOptions = [
+      "-n ${pkgs.libnotify}/bin/notify-send \"Locking screen now\""
+      "IdleAction=lock"
+      "IdleActionSec=5m"
+    ];
+  };
 }

profiles/server_common.nix

@@ -4,14 +4,10 @@
   pkgs,
   lib,
   ...
-}: let
-  sources = import ../nix/sources.nix;
-  nixpkgs2111 = (import sources.nixos2111 {}).pkgs;
-in {
+}: {
   imports = [
     ../profiles/openssh.nix
-    ../secrets/user-craige.nix
-    ../secrets/user-root.nix
+    ../profiles/users-core.nix
   ];
 
   programs.mosh = {
@@ -20,7 +16,7 @@ in {
   };
 
   services.postgresql = {
-    package = pkgs.postgresql_11;
+    package = pkgs.postgresql_16;
   };
 
   security.polkit.enable = false; # avoid CVE-2021-4034 (PwnKit)

profiles/starship.nix

@@ -1,5 +0,0 @@
-{pkgs, ...}: {
-  environment.systemPackages = with pkgs; [
-    starship # A minimal, blazing fast, and extremely customizable prompt for any shell
-  ];
-}

profiles/steam.nix

@@ -0,0 +1,19 @@
+# Steam configuration for NixOS
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  programs.steam = {
+    enable = true;
+    remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
+    dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
+  };
+  nixpkgs.config.allowUnfreePredicate = pkg:
+    builtins.elem (lib.getName pkg) [
+      "steam"
+      "steam-original"
+      "steam-run"
+    ];
+}

profiles/taskserver.nix

@@ -9,6 +9,7 @@
     enable = true; # Enable Taskwarrior server
     fqdn = "task.mcwhirter.io"; # Server's public domain name
     listenHost = "task.mcwhirter.io"; # Sets listening IP & opens firewall
+    openFirewall = true;
     organisations = {
       teaghlach = {
         groups = ["teaghlach"];

profiles/tt-rss.nix

@@ -5,12 +5,20 @@
   lib,
   ...
 }: {
+  age.secrets = {
+    tt-rss-dbpass = {
+      file = ../secrets/tt-rss-dbpass.age;
+      owner = "tt_rss";
+      group = "tt_rss";
+      mode = "0640";
+    };
+  };
   services.tt-rss = {
     enable = true; # Enable TT-RSS
     database = {
       # Configure the database
       type = "pgsql"; # Database type
-      passwordFile = "/run/keys/tt-rss-dbpass"; # Where to find the password
+      passwordFile = "${config.age.secrets.tt-rss-dbpass.path}"; # Where to find the password
     };
     email = {
       fromAddress = "news@mcwhirter.io"; # Address for outgoing email
@@ -34,25 +42,11 @@
     ensureUsers = [
       {
         name = "tt_rss"; # Ensure the database user persists
-        ensurePermissions = {
-          # Ensure the database permissions persist
-          "DATABASE tt_rss" = "ALL PRIVILEGES";
-          "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
-        };
+        ensureDBOwnership = true;
       }
     ];
   };
 
-  systemd = {
-    services = {
-      tt-rss = {
-        # Ensure tt-rss starts after nixops keys are loaded
-        after = ["tt-rss-dbpass-key.service"];
-        wants = ["tt-rss-dbpass-key.service"];
-      };
-    };
-  };
-
   services.postgresqlBackup.databases = ["tt_rss"];
 
   services.nginx = {
@@ -69,6 +63,4 @@
   };
 
   security.acme.certs = {"news.mcwhirter.io".email = "craige@mcwhirter.io";};
-
-  users.groups.keys.members = ["tt_rss"]; # Required due to NixOps issue #1204
 }

profiles/users-core.nix

@@ -0,0 +1,39 @@
+# User configuration common to all MIO hosts
+{
+  config,
+  pkgs,
+  ...
+}: {
+  age.secrets = {
+    root.file = ../secrets/root.age;
+    craige.file = ../secrets/craige.age;
+  };
+
+  # MIO Groups:
+  users.groups = {
+    craige.gid = 1000;
+  };
+
+  # MIO Users
+  users.users = {
+    root = {
+      hashedPasswordFile = config.age.secrets.root.path;
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDtjE0YstRzlh+Zhlj03th9DYOkMqJ5xHUcderBq151K"
+      ];
+    };
+    craige = {
+      isNormalUser = true;
+      description = "Craige McWhirter";
+      uid = 1000;
+      group = "craige";
+      extraGroups = [
+        "wheel"
+      ];
+      hashedPasswordFile = config.age.secrets.craige.path;
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDtjE0YstRzlh+Zhlj03th9DYOkMqJ5xHUcderBq151K"
+      ];
+    };
+  };
+}

profiles/users-ops.nix

@@ -0,0 +1,41 @@
+# User configuration common to all MIO Opshosts
+{
+  config,
+  pkgs,
+  ...
+}: {
+  age.secrets = {
+    root.file = ../secrets/root-ops.age;
+    craige.file = ../secrets/craige-ops.age;
+  };
+
+  # MIO Groups:
+  users.groups.craige.gid = 1000;
+
+  # MIO Users
+  users.users.root = {
+    hashedPasswordFile = config.age.secrets.root.path;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDtjE0YstRzlh+Zhlj03th9DYOkMqJ5xHUcderBq151K"
+    ];
+  };
+  users.users.craige = {
+    isNormalUser = true;
+    home = "/home/craige";
+    description = "Craige McWhirter";
+    uid = 1000;
+    group = "craige";
+    extraGroups = [
+      "audio"
+      "libvirtd"
+      "networkmanager"
+      "qemu-libvirtd"
+      "video"
+      "wheel"
+    ];
+    hashedPasswordFile = config.age.secrets.craige.path;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDtjE0YstRzlh+Zhlj03th9DYOkMqJ5xHUcderBq151K"
+    ];
+  };
+}

profiles/users.nix

@@ -0,0 +1,57 @@
+# User configuration common to all MIO hosts
+{
+  config,
+  pkgs,
+  ...
+}: {
+  age.secrets = {
+    fiona.file = ../secrets/fiona.age;
+    hamish.file = ../secrets/hamish.age;
+    logan.file = ../secrets/logan.age;
+    xander.file = ../secrets/xander.age;
+  };
+
+  # MIO Groups:
+  users.groups = {
+    fiona.gid = 1004;
+    hamish.gid = 1001;
+    logan.gid = 1002;
+    xander.gid = 1003;
+  };
+
+  # MIO Users
+  users.users = {
+    fiona = {
+      isNormalUser = true;
+      description = "Fiona McWhirter";
+      uid = 1004;
+      group = "fiona";
+      extraGroups = ["networkmanager"];
+      hashedPasswordFile = config.age.secrets.fiona.path;
+    };
+    hamish = {
+      isNormalUser = true;
+      description = "Hamish McWhirter";
+      uid = 1001;
+      group = "hamish";
+      extraGroups = ["networkmanager"];
+      hashedPasswordFile = config.age.secrets.hamish.path;
+    };
+    logan = {
+      isNormalUser = true;
+      description = "Logan Stoddart";
+      uid = 1002;
+      group = "logan";
+      extraGroups = ["networkmanager"];
+      hashedPasswordFile = config.age.secrets.logan.path;
+    };
+    xander = {
+      isNormalUser = true;
+      description = "Xander Stoddart";
+      uid = 1003;
+      group = "xander";
+      extraGroups = ["networkmanager"];
+      hashedPasswordFile = config.age.secrets.logan.path;
+    };
+  };
+}

profiles/xmonad.nix

@@ -8,6 +8,17 @@
 
   services = {
     devmon.enable = true; # Enable external device automounting.
+    displayManager = {
+      defaultSession = "none+xmonad"; # Set to use xmonad as default
+      sddm.enable = false; # Enable the Plasma display manager
+    };
+    libinput = {
+      enable = true; # Enable touchpad support.
+      touchpad = {
+        tapping = true;
+        tappingButtonMap = "lrm"; # Set the touchpad button mappeing
+      };
+    };
     udisks2.enable = true; # Enable udisks2.
 
     xserver = {
@@ -15,16 +26,12 @@
       desktopManager = {
         xterm.enable = false; # Disable NixOS default desktop manager.
         gnome.enable = false; # Enable GNOME desktop environment
-        plasma5.enable = true; # Enable Plasma desktop environment
+        plasma5.enable = false; # Enable Plasma desktop environment
       };
       displayManager = {
-        defaultSession = "none+xmonad"; # Set to use xmonad as default
         gdm.enable = false; # Enable the GNOME display manager
-        sddm.enable = false; # Enable the Plasma display manager
-        lightdm.greeters.pantheon.enable = true;
+        lightdm.greeters.pantheon.enable = false;
       };
-      layout = "us"; # Set your preferred keyboard layout.
-      libinput.enable = true; # Enable touchpad support.
       windowManager = {
         # Open configuration for the window manager.
         xmonad.enable = true; # Enable xmonad.
@@ -38,19 +45,14 @@
           haskellPackages.xmonad
         ];
       };
-    };
-  };
-
-  sound = {
-    mediaKeys = {
-      enable = true;
-      volumeStep = "5%";
+      xkb.layout = "us"; # Set your preferred keyboard layout.
     };
   };
 
   # Install any additional fonts that I require to be used with xmonad
-  fonts.fonts = with pkgs; [
+  fonts.packages = with pkgs; [
     open-sans # Used in in my polybar configuration
+    siji # An iconic bitmap font based on Stlarch with additional glyphs
   ];
 
   # Install other packages that I require to be used with xmonad.

profiles/yubikey.nix

@@ -40,8 +40,8 @@
   environment = {
     systemPackages = with pkgs; [
       paperkey # Store OpenPGP or GnuPG on paper
-      pinentry_curses # GnuPG’s interface to passphrase input
-      pinentry_qt # GnuPG’s interface to passphrase input
+      pinentry-curses # GnuPG’s interface to passphrase input
+      pinentry-qt # GnuPG’s interface to passphrase input
       yubikey-manager # CLI tool for configuring any YubiKey over USB
       yubikey-manager-qt # Configure any YubiKey over USB interfaces
       yubikey-personalization # Lib & CLI tool to personalize YubiKeys
@@ -57,10 +57,10 @@
 
   programs = {
     ssh.startAgent = false; # Disable the SSH Agent
-    gnupg.agent = {
+    gnupg.agent = with pkgs; {
       enable = true; # Enable GPG Agent
       enableSSHSupport = true; # Enable SSH agent support in GnuPG agent
-      pinentryFlavor = "qt";
+      pinentryPackage = pinentry-qt;
     };
   };
 }

profiles/zsh.nix

@@ -25,9 +25,6 @@
       enable = true;
       plugins = ["fzf" "git"];
     };
-    promptInit = ''
-      eval "$(starship init zsh)"
-    '';
     vteIntegration = true;
   };
 

secrets/cardano/cardano-kes.age

@@ -0,0 +1,61 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBpMC84
+S09IcHB5aFVVb3pIRkhUbWNuRGRkbHlUUlZDTG5WakZFSENaVEJvCk1RUVhaNGpQ
+SURDQ0YydStCcDg5OGl1NEYzYjJ2TWNHZTlHdUZRYURNb0UKLT4gc3NoLWVkMjU1
+MTkgSk00dDZBIEd4dEtMdXY1TnFNaWwwbDdURGlXNWJDb3V0SXYybURpdVZqM21n
+STJmMU0KV1JaYmRXbjhoK1QvWXBEZzc5a09EMGhZZWhzb0tReGkxSW80aWFqb0ZN
+MAotPiBzc2gtZWQyNTUxOSA5aEV5RFEgbVg5c1RqVHBOQUxreDg5c2pnNEJ2dzFD
+ZkFiRnEvQUZ0dmFDdEhQOTN3WQp5cE0zOWE1cVhFR0czUitxa1ovOWtrayt5WG1z
+Yk4vZGkzZTJoaUpNMEdnCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyBmYmQ1YTZQRmtu
+bmtoalNXSFRrdUFRRVEzTHZ6YVh1Nlh2YWY2WE5Vam5VCkdtWGZWdnNRNDByL3Zh
+QkpVMFNya1IwY1BkMWRlY0ovT21QN21yMVpTSWMKLT4gc3NoLWVkMjU1MTkgV2c5
+M3J3IHRKaWVuTUM1b0hoQ1ZkS29RWFVyQ3FDcXhUWWlEd0FBOGhwWnQ5a2Rqd2MK
+WXF4ZmQvUU81Z0RnWTNIZFRUVTVJSkNHcDFOclUzSGxMMWpBMlpvLzZEWQotPiBz
+c2gtZWQyNTUxOSBQeEt3alEgZVNudVB1UDBTd0FTVjB4andQWEJ0SXpsWUszR3dI
+OFlmakh0NTZIemJrNAo4OE1lNlJpZ3NWVHdvSG8rK0laN3J3cGxKd2t5K1Jnb1lV
+NmZCOGhFNE5jCi0+IHNzaC1lZDI1NTE5IEIzZFhTQSA5TjdkL21wcmhTdE9Td2Z5
+c1FrdU1pVFRCNzMyKzIwYTNvNjBzZStoUTFnCkx5UjUwUzYyWm53dWg1ZDUrazNy
+NUFLMlJwUWNhSVIwc2haenBmL0lQcU0KLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIEZG
+cDZLTlA4cUxqR08xbCtDRldRZkNzK2c1Z1lBZGNvNTh3NjJwM2tpM2cKYlBTRDYz
+aGlMMWxUV2MyOTVwMndBWTM0SDhKaTlTS0hsYm1kZUJNYnd3QQotPiBzc2gtZWQy
+NTUxOSAwZHBkZ1EgWk9uTTM1TjdzWDZXODU3UUVZdGJ1d1c2eWNnOGRaaEowUDQ1
+clRGWkN5ZwpGd2RDYWtHYW1YTURmN1dNZEtCdFF4YWZjV1NhS0ZqdE01czYwcXkr
+czRBCi0+IHNzaC1lZDI1NTE5IHVsMGt4USBTd2pKTFptK01WZVhEQ0g2by81SlUz
+MTc1eFE0T3g5TnhGKzIxbU5YRDFJCnJHWVNWV0dNUXFXaFdIRUZMVVdnbUI5TzV2
+WURGWXhMQmFYQUphMDluaGsKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IHhXUk9qTktH
+NHJySXp3ZS9XVEFGUFU5VFM3OUN0NDZUOC9lY2NZbkV6d1EKVUhXQ1VEQVUralls
+b1Job3BtK2JmSFZQTWZRb1hrMFc5aUNEczdZY3dRVQotPiBzc2gtZWQyNTUxOSB6
+RzMrMXcgUjlOcmg5cXVSdTlHVVJDZUE3THdjb1YybmZmSExCM2IvZ29lNVpNYi9R
+MApjOEVmditLQXM0Zzd2WFRSeThBaEo4aEtnME5BQWJsYUxUUTZWSXlQREEwCi0+
+IFA1Y0w8LWdyZWFzZSAmQWogcixOK34Kc1cvRVpiandaUHAvMXJvSUZoVzZPaWpx
+L1ozeTdKZkcKLS0tIGcxTi9hZVVuWDZxblg2TEFNSk5zTk00SmtmWUhKb2FHc3JV
+aFMrdUFPTGsK0DCthsP/cg/SkY56up9zt7WqxzMtLvo4Bv3O+EMK2WknyR/g+QJx
+QKKBkILmt07R+MpDBlHA1X8AOH5iT7tNNNplp2dztzFC6pRL/v2hBIVL+abqmAMj
+pG9TEt+FISgd1PxTS55cHugUaC8LJNi7wa/4sBwTTI+Rnl4KHZBo5BiGUq61dX6j
+fd6pZXSmptT4dBVV2ZETyBYoOqe74cPe5gVQfVMzXI4xnKRhe9va4qnmoEZV2YQD
+MUl8JtRGVbeIPvQdM8fQjcaZNNw5rhYMMadJtuo5beqG1z+i+tAxJISBv+NU3rNv
+FTaDPKXlP1UvsK+SgPFZYI6VMZiFo9ZoMYSYiirO6jHXOQutzo11qy0wzToQTpU8
+zRe9QbMzuhgGewQEfZYayQzTQa5yQDvCH1fTVqtcDeQVB1/xw9DpwLFDfV/kGN8o
+T2KBv3d2hOqP74vNOoSMsBE9PxcB9hdKQ347mBueN9c245FuRH188+VV1wYG0CTD
+ogd4zyt3NRT2HM06YiR5fNGo7kHLjoREPQFabiyKmpWIQ/Mpa3/fC7LaBZqQe1hS
+fnhh3/STGv4kpAJN7iADrsqN/JDNAiAkTSWVHabu5zxPwOgRyQ4/HS3SpvhatNxG
+TuNNiMKbn28rjaoRK2pepkw5RHbGLjtapiTqDF0uqoyQfPCL02NDToKprbuJYM7v
+/4xhmREPA/FJWxMMDEGY+vvIlyYYHfaogipZpodT02+mjSLTeLIv7bTBFh+sD1M+
+el7T6bKhfZo8dXqoaFyhAj8b0yCwVMeGmDIfnJmPWTnHAHPvM7iX2Xd1Q0fshgN+
+BtU1GKIQs0g7W8JTcvtpZbxtB0phFQT0SJXdDoFbE1lQl13wcecy2QL7KHywG8/R
+tSMKgSrhcb23BffId5a2xtLoYvr4EmxWHT8+4boWF0UwPArOLCH1kz2OiQb0/avC
+Lm78KVqlIC0ck8dk6wDRUzGAFB4kQpsFEhfk+OHTQuhSzqFlo/AWsldNhosZF2SA
+roOMZlfmabJPPPcidpnV+xbyzL7NWF5uPgJvVN4pDCcfow79g+QH2sztIjcFOLHt
+5hZimXHm/0aVpxRbTKFOrEiDIthDK0QWZCxJCvl0BmeFrRzTtSNPUHlEEcVdcCFo
+15kKS5BS4r4Ma7xD4Hdwn0DxjeWN69TGSrHJTNgCTiy9SG2roAp/gaB9aXHBTvRh
+53kKFLNRe5yKuOeMIjH1Kbvh4G4nUoSKK0bFRbG6KUsDFh66g/OD84zQi53k2l/X
+liGARABrqmmmuzUJEdfrV2EZuxj7xFAey8MBFGqdTn0ERugIPueJEM2znSkp6w+m
+7fxx8JxL2B0oXLEZaV+N6jc9unBA/IhrczF3Mal1zVFx8GlrZyO+ZQmr9J1FkICc
+BM6oxuMLb74J3O7gURSaSBBQJd3/bWukyGDZzSkhphiRwHQ+KAfbtEM18XknFiwZ
+XG0bXNjMSGXMCDoo9z1YcD8DJRa07H4JoH2rElniTUVmussgi/k+thHojW2BURk1
+iNrtBqIbP0YWnqBsxE/UWX630qY15+OfkWW0fd+wUUtV5CYFOaLDp273VOhSYLPB
+3YBFdZH0VE8YH/ZJy6Dn8xigX4EWHB1ZdslHWwyPPRMX0CWIJN0flXdnQhAtBhHe
+J2an1vTb7K+H0149FP5R9pJLMZDZu+TEY972c3Td/v4A2hQkEPqLnKy5sXqajFDk
+u9y25CR1i4oSVeZqI5M6cFeiVchmzeP3TPKV9duLpL8iw63uUi+hKzkxC/CCA000
+5RRvoN4+QaZnmkl3y2OuVbYVGdW1fK54
+-----END AGE ENCRYPTED FILE-----

secrets/cardano/cardano-opcert.age

@@ -0,0 +1,41 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBxQWlJ
+ejRsWG1HY2hHUDFoK1IrV1B6UUxSa2o2c3NiTTI1V2w5QmROR2hrCmI3OEV4cm4y
+NlFVRm9BWjl6dTJkazY5bXIyRU56T3pLVnNkeDA5dXp5L0UKLT4gc3NoLWVkMjU1
+MTkgSk00dDZBIEJ5b1EwQ3RuUEZXNCt6LzJ0YW0zc040czBDbVhwdDhCSGZkVUZV
+UnVjbjAKYXNnUzFUS1BCTVJvaEg1dDNRNFk3Z3IrL0pBM3BKZitpNUFzVUFnWk5K
+MAotPiBzc2gtZWQyNTUxOSA5aEV5RFEgcmJKOTN6L3NaR1NzSnhFTlNGQTc1MFhn
+VVI2WWdhekdvS3RNOVdmd1hDQQpLSFNwMWhZZzkrZVRqdU55QlZkd0pmSUl1WjVw
+QlhhTHRvNDIyZzN4UDQwCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyB2c20yY3lWS1Zu
+eDliNi9CWHZSaWxiUkFtR0tGaEZhaDcreWlnRG0zRTE4CnFtQ0tkUGxLKzhKNWhR
+VFVhcHMvK2ZUVFpBV2FMdUx1NEpzcmRIMUIvU0UKLT4gc3NoLWVkMjU1MTkgV2c5
+M3J3IG42eUxQTW4va3BRbW1JbnhxWTA5NE8vazNUVzhzcEJ2SDhJYk85VGhqUjAK
+Sk1LMXhSUXg0WmhnUVNKWDJyNTlCUFAxL3VpRWdkV3lqeXRwallKeU1hawotPiBz
+c2gtZWQyNTUxOSBQeEt3alEgVzBFa3hjNjFYQjAvaHRZNk5qNE81OFRZLzdsUWRz
+dDFNdjNXOVlXeStHUQp1Q3ZYMU45Vk84VENnYzlrWU81Uk5wTXlRaGZ2d1lwdGNN
+NWQyNzdhQ0JrCi0+IHNzaC1lZDI1NTE5IEIzZFhTQSBCc1lDWEU1ajVENHpncURG
+c3hERzBERStDN3BTZ1I2dEZNM3ExMDNSVjB3CkdGaGkrb1ozRjRpRmxBYmJleUN5
+ODlscXdzY09VM3pBNjluSHJ5Mk5WaFkKLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIHZW
+MFYvY1hXa1YvcEU4OVlaRkdPU2dWMFJCMjdvekluV01RTDB2ZjdOVkEKYTNhaFJB
+cHVpRGJXNCszTmxTVGw2c0lhM3BnNWREVDFJUTZKL2oxWnQ0WQotPiBzc2gtZWQy
+NTUxOSAwZHBkZ1EgTHFuS0VvRjNrRVo4UHRLVzQ0QSswN1dUeDEvQUhTTVBNeC9C
+em5kaEpSVQpQMGNxZ2xrRnpQTFZXMGVUeXhYZWEvTUdRSVZMSDhrOWpiZ0MvbVZk
+VUF3Ci0+IHNzaC1lZDI1NTE5IHVsMGt4USBsZWsyNmhRRGdZVDVya0VtUFUzSU11
+bmdTU29CTmJrazl4REFMMGx4Q0JzClVtWUtJcUZ6V0lDODc5dFJDTHU0WklkT1Mr
+ajMzaGtwNGRHM3FsQm1yaUEKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IHVJYnZrWnoz
+WlJvWEkrVHFDSGhORC8rMWlsaUV0eTdoempCOG9yRDJ0RWMKMk5GY3FRWElYdXd0
+bVBCajA5YjNaREtLNTZLZ00yaWFPMDVwR2djWU1DZwotPiBzc2gtZWQyNTUxOSB6
+RzMrMXcgQW5iaHZJS3I5OVRHa3B4OXptQjdSbkUyRDRsNlVLVFd2WXBxVmpYeVlV
+RQpONThJRU9vTHBUdWRpZTJ2UXRNL1RzNzU1cjVlMXN2RjNCeTVtcncyZ1BBCi0+
+IDxHLWdyZWFzZSBPX24yIHhCPF9WRzkgRjEkYSBOWDM4ClhTd1RGVUx4NVNCSFAr
+a0RHL3lnYnNsUEp2MFFJeVJha0EKLS0tIHNVVlBNeTZESUppNW93ZmlvcmNTWFV3
+aFRhcFc4RCtzL2hOWCtabnU1K00K09y1sG6p0grkLk3YzDMSayhsnIyHVgTX7R7H
+BxpIPqQXH9kvw6Bm5XkG10hmgSraLKfKN+tGceWGSZRj1AC/kicY6NmixppUpBRb
+5ZrffqerYsgqPa7j2b/Cy/2ifmbT1/YfGhFHb3SImc7XeDZpvVxy4GJWDcUTkfu5
+3434k3ZHGTDAULEx47Vd0o+QLCCGBIXIAzOXpJifzPuc1jjxTv4+VI2COQdD3cw/
+2eSTQrxuJo+2iTgNkssE39xTyHxssKCZTBJ7ig1dRmI7B+xkCEGKgT33if03KvqZ
+nPNJ8ul4Y6n+hrBa0LuI3suLW95wk/D5WjWouX3A8JAp+B3BN/Zl1Ov9LowccvF5
+y6yTLTqbVZsCpccVr+lasJYl6/K5PEqReoMVpoWrEO+AZA3VEPu7GA/J8NBF8/fS
+I6pPVI7SDTmpnA4/05izvNJtGgfc5q2BL83xkL5yy6wsDm+YhaoxJpb1zVPPmAVX
+MdqFods3EfzXTlaKihLp9GghfQsZbq15HwAF3Q3szf11YQwR98w=
+-----END AGE ENCRYPTED FILE-----

secrets/cardano/cardano-vrf.age

@@ -0,0 +1,38 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBGQ0hB
+K012ZWtYKzFYL3dGcG4zK2RCYjk3R0wyWnBNTFNQajNINDVVNFNVCkpsalhDTEtj
+blJQY0MyV3lwc2p1M1dkdVAxSWpWY29IOUdoeGxFeFFrRDgKLT4gc3NoLWVkMjU1
+MTkgSk00dDZBIDNpbUQvd3ZBdlZDQzY1UU9FWk5rK2loYkNDaTlmcG5VWm00WCto
+RXlUR1UKbnVGNnZ3dTA5Q3hTc3YzYlV1SkxqMFNEQmJBVU5Yd215ZmtEQTFhN2dK
+SQotPiBzc2gtZWQyNTUxOSA5aEV5RFEgbGYvYkhyWlJNQzQ4NUFUbENHQlZxZlVM
+UjE4d0FEN2pJUDVFVGRjTy9XZwpyRE1hWHpNZ0pMems3TnhJMCt0RTFObnFSYWpC
+dFpUTEFIOEVpU3BTWXBJCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyA0QmF1ZkVRR05w
+cDV3TjVNWVgwTE1YSS8xbGJkaGFvZmVWZm4yWm5xRG5rCjRKQnJKbGozeUFqTmt6
+NVVqV3hoZms5Z240TU4wY1lCL1l3UHFJdnpGbzAKLT4gc3NoLWVkMjU1MTkgV2c5
+M3J3IDBSS3R2dXk3NFBaZElYWDI3d3Btai9sMjBHV2xvSnJyMXJIbDZheFZiMWsK
+MW9rMkZ1UEJ1VkJJSGNCcDdVWXdZeFgraTBhbFphT21ITmVSWUpDYUJqYwotPiBz
+c2gtZWQyNTUxOSBQeEt3alEgY3VKSmNaWG9uYnZaRG9oZHVCek5vQUQ1dmwzSGZC
+UHhSZ21NQ292RXpqcwp6WVU1MFV4NjYxaUhkVHIvWHpQb3AwaU5zRFVRRjBSZEtj
+UXN0amtncUg0Ci0+IHNzaC1lZDI1NTE5IEIzZFhTQSBxU0dWSnVPaUJEYmdpSXdQ
+NW4zcjAyN2NwTUpRY0Z4OVNLTEFhczJDazBVCnNNYm9wNXpBWmJjSzVUQWw1amE4
+ZGFwdFNoUHFvVXpZTWk2YzdWakNTOG8KLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIGxm
+eTgvWjBIRTNUVzdlSitoZ3RrY2JpR0UxTWNBdVNmRk1VbGd6S0FBV1UKaWRnZ3hG
+M3grNDN1Q2FIbmVLTGp6Vkp4YTVwSWpnT1E5WjA5M3VDRFJPQQotPiBzc2gtZWQy
+NTUxOSAwZHBkZ1EgdXBucnhOVThEVFJKNXJTUXNpOVVHV0FzR0ZBbjF3V01oeG5i
+NTZieTgyawpPak45UmRXOUpVREJ2MWhZZ1orWnFaVTJ0Rmc1TzlVb3BhUS9jVU1T
+NXpvCi0+IHNzaC1lZDI1NTE5IHVsMGt4USBrS3AxaGFHd3JKcWtHUWt2V2xUNGZs
+ZjFqR29yNWdxQzM5MU5PQytGaVdvCjdpVEZaZnZjQnU3bmIyTVp3UlRuTnJxYzZp
+NWxIN0FIZ0ZENzhLNUk5SHMKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IGZrZ0U3N0M5
+Lzc1ZlovK29OV1h5QU5ZNkhaRFdjNWRQcHF2OWl1M1Jzd1EKYzVHdktjZFZ5S2Ev
+TWsvd2hMV1ljS1EybHVjNHdYNUt2b0wxTzA2TGtGVQotPiBzc2gtZWQyNTUxOSB6
+RzMrMXcgV0RrU1lnTTZ0L0o5RlIwbUZUNVlQaEgzbGZadmtIeVpmQWhxV1NyY1J4
+VQpVQWNKTGlTUElBczNuTlVmbnUzQXNIbVhYYW1jK1RyRlZWN0F1WXVHamVvCi0+
+IGNycy1ncmVhc2UgLzdHXk1HQCBCCjQ2a05YbFp6Ni9DRmJoQ1lVVEFpNXEydFpI
+cHB3TVphSXcKLS0tIDdOajBjU1NqaXM1dFo2Rk5mWWMvMnpMdWJVcEZZY2g0MWlx
+NWhkaTJPKzgKOTYgpJXvf47nS1vCC2kA3G7+oplnot1p73dyTg7kW/mJUeBhXqjf
+OX24j8Ovx9paVbyCMIvyRjEJzL58m8S0hFo1wDTL2HGIopyAFIXNTu6ScUJKqWMw
+HsB8wZcMxlQghYv0ABmqZJwNqFCRf+CbXeGBqGLNC1WtYndHXj68i7diqTF3IxYs
+wpxk3rjLaeJdgSh6+frIb9rh7mck7brKJrPU04/RZBx9EJ3nGPFVBPYK8zTezqCD
+cN4rv7deV2dwS7nj7laPtzhignXP0tJVvuSgHYwqh39U//1Lv9y1xoMyEbDNJqcP
+AIkapF5A0uv5sL8OoQbfUYqO1xbf8/IRsxJP4ybTiA==
+-----END AGE ENCRYPTED FILE-----

secrets/coturn.age

@@ -0,0 +1,35 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSB4c1pK
+YkY3THNkS1BXN3F0bVlkYjB0S0syQzNEbDJNVit2M2Rab2RCSjJ3CnpTM3k0QnVE
+UWU2QU8yV01rY2FuaGJsZTZjd2dWY2ViT3BxWExhUTRNU1UKLT4gc3NoLWVkMjU1
+MTkgSk00dDZBIFlJQjJGOHpkQXJtdkM3QkxSdEtTeDVzU3Y1MzNtVWZOU0tDRDd2
+blJJZzQKdWlTVi9sN0wvd1NIQUVhV0RXUktIQW12aUdaWDRUUUlkeXB3QVRENndS
+bwotPiBzc2gtZWQyNTUxOSA5aEV5RFEgVHBrRk5LbHpPSkFNTVVFTXRJQW03RkJQ
+QWkzdDQ2RCt1aHpTdHdZTnlrRQpVYkRDTzhtQ0lYMnlZV3pFZlgxdzBVVkdMeVQz
+WlJkQjIvUlNaNmgwbkZjCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyBndVpMWnNOVzZO
+VTRHRlc2NHU0UkEzMEpOWHByUXluVFpSOCtRWVhEcHpNCnhIaUhUUHVjTlhPY0lW
+TFd2MmIvNForbjZPZFJKVDh3QWZSejh1V1hSVmMKLT4gc3NoLWVkMjU1MTkgV2c5
+M3J3IGErUzhFd0tUUndMbmVqakt3SE0yd2Y0TGRSRjBoMVFPR2RPMzV3V0RHbTgK
+eHo5dE1oM0RNL0RuZEVMWThlUUJiZGI2VmZvVDlpY21WMisrR01oK3VmSQotPiBz
+c2gtZWQyNTUxOSBQeEt3alEgVUwyL3VFUVlSYjQ0OFhweUxOWTNablQxU01KZjBD
+eUNrd2wwMVlwZFJFRQpPWjUra3k2TE81R3V6WXRFY2pXWXVvVS9qRjZOMjdPZHVu
+Ri9lV3poKzRFCi0+IHNzaC1lZDI1NTE5IEIzZFhTQSBpa0NxNTJnNXZNZ0JtUmly
+cldrTVZ0MFU1d0R1ZnNzUUNOR0RmdWlTUmljCnhuWmdZNndwVW8vYWlxclZQK0FM
+RVVnN0dWZ212U1pvdUd0dnB6SmtUNnMKLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIDFs
+ZEtBZlc4MDNmcWtXUU9mKytZN2NxUmJ6SFZvcFBkditiNE1CN0piaWsKajJWMHVQ
+bHh6ekV1d3M2T1RzaVdDZFhaNlJyOFRlUGV1YnloZFo0OHl3MAotPiBzc2gtZWQy
+NTUxOSAwZHBkZ1Egd3doZGorWWpPem1kak42dWRicGV3ZVlKYjkwaUxEQXZQcDdU
+SkN3a29Scwo1UVVoWGpucEtxRUZXd3czeDkva1YyejQ5YzN4SGx5eDFhTHNidFNj
+SXVVCi0+IHNzaC1lZDI1NTE5IHVsMGt4USBCd2srQVF3RkJWbE8wRkJNWnNCU3Mw
+cWNDbzN4YmhBL1ZlYURuZjVVT1M0ClBUQm9FVG9mcENSZkNCK1ptcVRVQWUrL2Zq
+ZERWSFNPWGpXSll1d3BkOTAKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IERKQzZZd2FK
+VGJvdGlEL2ZvOGRlcXNXOUpybjhCZmJ2NFdmQ1gxWERKRVEKTXpwWmUvZG9UWUNR
+enRNUXBoa1RKUmpCTzVRWFJtL29MNHl3WWl5b2R1awotPiBzc2gtZWQyNTUxOSB6
+RzMrMXcgeE1nMm1HdmhQU1ZYZkRBYml1NGdDaHZ4TDB5cXd5WHgxTldxckZaTEJ3
+MAp4NUlKYWZmZU9GZjVtVWNOQkJmRk1lWXpXY2dZdXFQT2g1VWp0QU56WU5RCi0+
+IHhRTC1ncmVhc2UKR01SMi8wNnRmNFloUDM4WksyREYyVGJ2ekVrdW9rZkg3MGk4
+bXJtRgotLS0gaDhiRHR0TVRObUppaDFjZFljYjVTN3lzTzVKVWdyZFRXNkFteEFs
+UG43NArxMjjfXgYBXhon0SSpyPNqUQXp7jU5s7WKzj1OnjNgFYT4/9FxuUWVmf0A
+wJjib8jXUERlIahSbcBUyTo3kLLLBegQRIbwjZdYhAFekYUE/Lr6pvQAaDwDf1R0
+1LaHz9Zy
+-----END AGE ENCRYPTED FILE-----

secrets/craige-ops.age

@@ -0,0 +1,35 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSAxQXRV
+TE5GcXp0ckxqbml4Z0tmdERnT1QxcVpOSUxPUER6bFBSbEhZbTJ3ClJGWnlTN1Rr
+ZStKcmRIOTRyWDhkMVRpYW50cnJUSzRYcm9LampkRWYreHcKLT4gc3NoLWVkMjU1
+MTkgSk00dDZBIERxU2V5VDlJd1RsQWQyQ213NzVTcFR4UkpKWXFKUzZUTmxmUjlw
+M2NRaXMKWjI1OEdDaFQrK1R4TVdwRVhGSlo3dzVoSTBTR3RwYWprSG82cTU4Z0xo
+QQotPiBzc2gtZWQyNTUxOSA5aEV5RFEgYXU2Z0ZvNTd1U010TUcwVUtUeUVqUitC
+dHpRQWdUYnNzQStVSTAxMGUzSQp4K2hPSkRINTRlOWNic1lIU1kwQk1YT0RGYU5y
+OStONjFSMlF1OHlIT2JjCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyBDOW9Zd0NXazJM
+ODVDYkRoSWdoK2JDZzI2UkVpb25NTTVpNFNDN2VXcUFFCmFpTVNZN29TNzlYa3I2
+V0VWMU5aWDZqV1E5cUpwcCtHL0RuUkVuSlpRbDQKLT4gc3NoLWVkMjU1MTkgV2c5
+M3J3IGgzZGM3d3J0Wk01RVM1U2FkL09vRUFHMkliSnBiN0dMbUJ5TjYxdDJEMlUK
+QzdqVjgveUhlbkRZdTk2cUNmenpjM0o2MnkrL1g3c0VGUDJQZHgzWncxawotPiBz
+c2gtZWQyNTUxOSBQeEt3alEgWnhIQlgrYUI5UzdqOU5ENHZteFd5bFd3UEVVeUE5
+NkFubFpzQ24xVXZndwpkc1NtSStzYU5hWnZXNXRiYjBqMWtSSmcyMkFUeUR1cDJq
+eWNnNkZoK0RnCi0+IHNzaC1lZDI1NTE5IEIzZFhTQSBmRUViME5ZYUZ6TExwVW5H
+ZUZaTzhmWktzSjZ2TDdLY2IySzRSL1AvUzBvCllVaTF6NFJuUi9CcHBFT3huWS84
+Z21Xak1RbmI1Ykh5ckR2V3BiK3VLYmcKLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIE9z
+L3ZDUkhDbDFxZGQ0bHppVWtMTlc1M1Fpd2pGZEFaV0lad00rZXVRRU0KaUNPT3JT
+aEJ5U3l4RzVkSnV3MmM4OFZXQ0RKQWs3NmtnYXB1RTMxc3FXTQotPiBzc2gtZWQy
+NTUxOSAwZHBkZ1EgMi96OFRxcjNveUdoeVNtbnV6YnlOOS9TRGxGWWJRYjJDWXlB
+R0Ixc1ZnbwpDOGVrQktzSWRETWErTDBOSHBsamlIeng2akJ0Ri8wcWZidTY0eUJV
+cnlzCi0+IHNzaC1lZDI1NTE5IHVsMGt4USBaYjRFZXdjcUdsZVBjYjY3bTMvRU1a
+c05WY09kMUNCYjRtRGtYZG1iNjJzClRWUnVnQU56QWZOTkF6ODFvOTlnZkNUeWNC
+OVB5bHBwVzRVK3BRdjRpa2MKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IHJGa1poNzR5
+cTRpNStvd0N4N0lFS0tJYVB0UDZzSHVFM1FHOWtMVFNMaFUKK2pKNUFNNE55ZGJj
+TWNBbzZNSnQ4eERHOWs3YnpQSDlwS2lzREVsQzhuSQotPiBzc2gtZWQyNTUxOSB6
+RzMrMXcgUEdobnlFUkNZRkliaVRJR0dHMDBDN1dLK3FaMFdwQ2gxUTIzWlZ4SkJ6
+MApLbjk0QVVPbytHazNqL2o5RWM2clZzRzA4TkFDVHlPM3U1aE9EZUJ1VTJZCi0+
+IEdFWn5dJCUtZ3JlYXNlCkpwUzlWd0VPNFp5QmFKWG5PUGF2NnpLQm1kODFJNXpN
+NjBvCi0tLSB6cmJDT0lVZEFiZlBoQUd6NlZubU83QkNIRVlqSjhUZXRrUUFPVXMx
+QVF3CqjMyxbHnczjBeKEemv2tEz9t9yDBYttGCcKCNfVKOpaKHMLcHU0ycC6dZbf
+1d3fXDeAh/87g8RUSMpJfchDB6VpM8xXJgb/214VHDNyPBbNuzSrZvlA1ibwPWKh
+U+XInONTk29sg7jHiJlgS6+9Y1aL1vXVOkdNMq718/lJBwSSu1+v
+-----END AGE ENCRYPTED FILE-----

secrets/craige.age

@@ -0,0 +1,36 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBhSE56
+N3RlOElYWkJYbWE1MXBFV1lVcW9Cdk1Uc1huUmp5NU1ZNVJjOVJBCkNqai9UcDIx
+RWxpaEZJQmlKamZTWVVyd3pBRUNCajhSR2M1Z05ja2QwMkUKLT4gc3NoLWVkMjU1
+MTkgSk00dDZBIE1DY1hwNmdzZDhqYzZ6Z1NpY0tBZmUyQ3ErdXBSa1ZUV29hci9i
+VE5jbFUKbW1pSWc4d3p6S2F3dUFwb25wMHJsZzZYMzZUQjFrM2gwYTNSRlhKUHl3
+WQotPiBzc2gtZWQyNTUxOSA5aEV5RFEgeXlzbmllaUpzbWFoUnpkU1RwVDNkd3Fm
+Y1p2VVIrRmdISFdsUllOaHYwWQo1ZTY0N0UzUjdVTWpKK0VIbXJJdC9QbCtaa2Fn
+Qm54S1lxSVliYzdPWXNJCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyB0MncxeVdkdWZ0
+MXhvVnhtTVFLVkw2d0gvb01yakx5ZGQ3c2ZKSU1mZ0RrCmZiYnQ1bFJMeUQweFpz
+YzBtNUpSYWI0TW9oNzFRWWxVekFmcEEwRXk3bjQKLT4gc3NoLWVkMjU1MTkgV2c5
+M3J3IHJZUXdMWktKNGdMb0t2ZWxkcE5CeWI2Y2xpaFBVNEFRQ2hlb0FxRzhla1kK
+clg3cmpVSTJZQlU4aDhoWG1zNzRiR0tLTjI1VS94VkM3eVhUU3JRbmg3cwotPiBz
+c2gtZWQyNTUxOSBQeEt3alEgSzd6TUp5ajA3enFxdnpuenl2TlJzSW02LzdJS3J3
+a014NW9wWVNiZVB5ZwpacXNXQ3JHeHUxMVorN0xISFZRUm5RSXl4RlgyYWJLNlJN
+TllKME0rZ2Z3Ci0+IHNzaC1lZDI1NTE5IEIzZFhTQSBTRXYrYk9FVGV5UkZUcmZ3
+T1AvT2l1d0NmeUhJM25POVFFQVdXdk5NaGlZCi9xbkt5VHQ1V0gvMzVXZ25CNlYv
+dDBpMURza3MxZzNyVm9VbWZYdnc2NkkKLT4gc3NoLWVkMjU1MTkgUWZwS1ZnICtT
+cG5uYWFtZUNYUkNpMlNyb1JkOVFkUDA4WERQaWQ0Z2JEOFBnOFdweHMKdGtxV3hV
+ZUNTS2hpOU41NkVxMk5yUFdka0x1WlhSZ1RMMFNHd2lrTG5xYwotPiBzc2gtZWQy
+NTUxOSAwZHBkZ1EgUm1uc2FJOUdKbHpkSXRvcHBINEU5QzQ5aWliYm42OFNZMWx4
+OTRURGVSYwpJZVpoL09QcW9JZGJZc21BNUliVWVKQlMraXV3U05seTVQUUNJZ1lF
+TjVNCi0+IHNzaC1lZDI1NTE5IHVsMGt4USAxWWhMK1lGUFhBanFMbEQwVTgreEcw
+a2JJcVFla3ZmOHZJK1VPTFZuRkNBClB2ZDVBYTc4QWZnUDdEdFdOZkx6dnpRZTkx
+MDlOZitJd0NZM2V2amNUcmsKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IHpiTGZmMFUy
+MlZyZlJMa01GVmRsQ0hFRUxBWituMkE3S3RPRUJLdU1LbE0KN1M4RUJoVjVhZTRs
+K1g2dGEzMjIyaWFEaHhIQ0tkSDFGMVd1WTh0Um1kZwotPiBzc2gtZWQyNTUxOSB6
+RzMrMXcgSkNsTUlxZ05jcmp5bDJhclhEVldjWXR2TWFreTdSSXl5MFNXMUNxWDJX
+QQpHQ01ZLzRXUTNJTVJvK0dHNDZoTEtFaUpRRFoxUGFUampSRzREUzBtbU1BCi0+
+IF5bSEdnXH0tZ3JlYXNlCjBmSlA2SHREd2cycEdsZGhIMVJhUDZ1dXVjYnI1eURL
+dUVDcGlZb2ZwaFZPTUNZeFNXSC94OEtYc3pFN3RtZUsKUU1qS056SmVidHZ2c28w
+Ci0tLSB4SEdpRXd0RUxmVm5lVXJaWWQwbFFNVlo0SGxBK25jaHg1Umt2K1dsL3VR
+CrLdgAdAyLUrzRwPhN0rl5DD6Z97AYiH44VcKrqZzkZYbhTfhHEHE/LwJIePAOiO
+WHEYkWQtMOfaz1t6Nwe/bjG1VLRkttWRQNKWEewxG5c5NppWcgDIrd05DDX6oiRi
+/oGAp7PVaZwkvgOwAxtD5OS/jTT+BzV2yGCBoLNSuqxF9VCL1yYtYzllBQ==
+-----END AGE ENCRYPTED FILE-----

secrets/fiona.age

@@ -0,0 +1,37 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBqb2N3
+cWFZNUpscUpmRm9oRTgwOWU4Mkhpcm1CdUQ2alB5RW1Ib2p5S21zCjJqQjhobFI0
+MW9SeWJldWdiMjMvQWxDYkpBQ3VMUkFnT1N6M2ZkNEdGTFUKLT4gc3NoLWVkMjU1
+MTkgSk00dDZBIFlIZEFwSVFydytDNXIwdlFuNC9iWnFXOERhV3BNY3lxdzJmelU5
+OGpRMDgKc3VGa3NBWFQ0UVR3WSs1TVBIQ3BQK0t1eU5FOTVpVnAvWjJpT2hoSGtN
+TQotPiBzc2gtZWQyNTUxOSA5aEV5RFEgbS8xemZwQVhnSXB4amdNQWsybUdTblI0
+anYrWWltYnFTaEd0SGpxamlYMApTTXNwZ0E0RnV6NHVNalFGc3p0VDRFRXJEWW4r
+ai94aHdyeGIwdzdHT293Ci0+IHNzaC1lZDI1NTE5IHU3WjNqdyBxSHZyTkdodWtl
+dGdKemxTd3JEdzE1MFVVM1lsM2d3UE5JYkxsM1F3ZzBBCmNpN3FHaDlGOG1kSVFl
+Y2NuN2NYajV4K2pWdDhMa2E3eTFWRmJacXo3UGcKLT4gc3NoLWVkMjU1MTkgV2c5
+M3J3IHV3TzYzZnlvNFpBQVE5MzRpYlc5QmZUOHlYbGs1QXJZZE1VdkdLcloyVWMK
+RTdDakloVzBnYkNNQU1FOGtCWnlkRUdjZVFtcEczNkRwN1VUcHhveVQvMAotPiBz
+c2gtZWQyNTUxOSBQeEt3alEga0xYNjlOR2JmLzd3amcxQ1AwQ3VONXIySDNHNG51
+cWlYMWNUd25mRVFtawpzdjRpR0pwN0QzOWdEeHFTYTJQdmc4YzlkMkhNUnBaL3l1
+T0JoeFVMUHkwCi0+IHNzaC1lZDI1NTE5IEIzZFhTQSBvaE50ZjMvTTdDMUo5ODFn
+M2tMcWtvb3VqbWNBNFh1NlhIaVVnUk42d2dzClVOSWw4YnB4eXI3cysvQ2ZTeFdK
+dFR2d0EzR25DSDByaFRyZkJzblpwUDQKLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIEla
+QWcxUW90eHFkbUx5b2VpOTA3WXQ1Undud1ZBV3BOdWp4Yk1jV1UxU00KRzZpQWpF
+Y0NOZDZYWE1uanFYMGU3YitVcUVhMG5rdkcySHU1NTB3bk5CMAotPiBzc2gtZWQy
+NTUxOSAwZHBkZ1EgbkdKWlJDYXpVbmE0aGZrR0pQYnFFVFpsbzFaZm1rSU8rY2hP
+aFBaU0FGSQp3V3gwQTdhZG5UVDhvc3hwZlZEaGtMc2U1ZGJsY2dvcE5GMi9MUnIx
+c1MwCi0+IHNzaC1lZDI1NTE5IHVsMGt4USB5dTBSa3hVbmpBWEFyNDFvU3gxQlpE
+c3krU1c1ZWVlY3FkbjREMzN0czFNClJKalV5VDdxbnErcENOWnFzSXkwajhKcmt6
+QW5sdGtlTzZiR01sdkZEcUUKLT4gc3NoLWVkMjU1MTkgWnc1SGt3ICtsSHdFaGlP
+Vyt6TWJ1Q2kyZDhmNUFQbnltcHdhaXh2NXM0dS9Bb2dwamcKcjg2VWZudGFvZDVK
+M2pQSUtFdU03c1hWWWNqcXQzTDF5RHJVZ3lPVFNqVQotPiBzc2gtZWQyNTUxOSB6
+RzMrMXcgMEk0RGFQa2YvcHhRTklLSjBCaFEvb09seU9pMHVwMXhzL05HY2xhWTFt
+QQpXdGNUeE5vbDNXb3FDVGxMdWt6MHpDVXQ2UWc2R1lzdnJvSEhLalRxMFRBCi0+
+IENKKjlNTU5dLWdyZWFzZQpHT3BtNFJPdEdFdzhSbk9Ud1JjdmZmbEJIaFlYbkxz
+N3VCMTYxbEhrN1VFckQ2ZDc3aUt5MEE0SU0vYTE3Nlg0CnI2UTljOGdiK0h0SEps
+WmN1K0hqa2VUVnJxMk94Tm9ORVZ4ZTdqLzBidk5FNmh1OEFjblpTdwotLS0gYVQ2
+dC85STBXYi9IRnFWVFdvTmRkUG15RjkwTkFnQlE4Ly9hVGk3TWp3NAo4cVH9Y1Kg
+1Z1zTvAW9/e6QpBBUQo/9eoyXpwmCE1hLaowxGUf8gvsWAMbVQTdI8NsejCyM44A
+l1+EhywFfBNQXGwnsBjPUdnenDcqNhdO2LHybqvvdhWOYC+J5JQjczxdZ7myLtP7
+VKyEh2ac3E9d6OQqul5zaWfbiM2vcwf+0O1r04Gfvc7j
+-----END AGE ENCRYPTED FILE-----

secrets/hamish.age

@@ -0,0 +1,37 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBNZHA0
+TisvQWwyUXJJU3JBd1pFeWZSVWNPYnBQNW5MMHN2ZUVCbWY1S3lrClBobFVsbFJj
+QjNrQ3B4eUJBVTNrSUxYd0R5eXd1NUpkQ0R0Ymd2ajlPdFUKLT4gc3NoLWVkMjU1
+MTkgSk00dDZBIDFMY0tKRU1jazFscFRSdTlXMDBPdWpldVZIRjdiNGhBM2kzcGxx
+UXNjbGcKZ2N1V0dWN21zZ0V2SUxMQUNJK0R1VlZCa0RKMVBLL0lhQjN1RXBEbXVN
+QQotPiBzc2gtZWQyNTUxOSA5aEV5RFEgb1RhSWtKTUJMVGpxSysvbExxRUY3bGg5
+U3VvdHNOaWE0b2piYkcvdjBDawpiOC9LV2FldXQ4YkNRbjJqT25sdEpabG9TRHZV
+cVVvZm1MVFR1QmZmVkdRCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyBZUE9uYVg2WDg1
+S0dtV3BFYmppbnZ3MklFRFFXdVlGZkpmUjg2d211RW1jClNad2VZU0REOTVrREJE
+U0lGc1pUejBzRkFHL05HZ0k4czgvUTNWR3NaMXcKLT4gc3NoLWVkMjU1MTkgV2c5
+M3J3IGR0ekF4L0FSaEVBR3BJVXFaQXZjNktHVmN6TWVXbWdkY0JBOWtGVzczd0EK
+RjUyQTJrWVdsSXZUcTFFM0dzTW5HTHJxeUR3VDVnaXpHMWdTeHVXclhybwotPiBz
+c2gtZWQyNTUxOSBQeEt3alEgWndrODAxRlE3cmxNL0ZtTW0zTlI3a0MvZncxZFE3
+NS9xWWdMck9pbkF5UQoxRUZNUUZaMlI2bG1JNk5kTUd1WXhoZXNrcitlNThVeU90
+K0ZvNEN2Y2RNCi0+IHNzaC1lZDI1NTE5IEIzZFhTQSBqNlF1akNrQ1o0UXdJeEc0
+dkgrUXNuMHp5VUU1eXNJUytRY1VXdW9aTjBFCkl2dHFyNkF5ckdTU0IzVzF3bU91
+eWhReElJaysxMXdsd0hFVHYwMk1qajQKLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIGd5
+eXlUMEpSZGRWb0Z4OVFFelN3YlB3dklqT0ZrMVcxMlE1Ulc4ZHkxbHcKOFZvd2I4
+NUNHOTRrc1NWOGxzeTZhOFMxbUdpNklPNE43bFBMLzdxcVZHcwotPiBzc2gtZWQy
+NTUxOSAwZHBkZ1EgUXR6dzlqaFhCS2FJSERndFJSaEkwRFIrMFpybnd5UTdaQUZM
+cmQ1Q3ZSawp0T1ZnZGxIZ0V4QnFsTTB1V1NWNDdMajR6dEc5MmpVMThKSHNrMHVV
+STFnCi0+IHNzaC1lZDI1NTE5IHVsMGt4USBqV3hXSGlrRDBNdWhmTEZRN2NLQkNu
+aWFOeERHNm5UWllqRVdFMnMwN2tVCkVQL2lCMXhCYTVpTWJydEJHZmd1UlJ0T3J4
+Y3RLcGFqOVhuQTVncEc4QmMKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IGJrYlljWndR
+aysyNVExcnZKY1V4OHVnSzhpNFYyWUJTZy8yb2NpVE1FMHMKbGFhQlBOanhUaVRT
+L21UWjNTNUwvMnh5dnpsTWRGNWJnbERoZ0cxMXVKdwotPiBzc2gtZWQyNTUxOSB6
+RzMrMXcgb0RSWXhSYk1USjRLdk0xVndRWFNrVVZpVE1ldG5qQUNGWFd2ZFRkM3lR
+WQphYkdyMjBlRkkxRUR5eEdxOE1SMHh5N1VQUHJmRFdKNHdrQUxWUWIzZ0ZFCi0+
+IGA+TXxpRiFgLWdyZWFzZSAsIDZxfSVBeCA4fjZyCkFuYlBPWnQ1SDkwVFdiUFpr
+ZC9MblJJSE0yRWRXQ1RuZFduMVoyU0cxRjh6UE5qWHpQeDNKY1FHKzJHUkcxcDAK
+bVBXZmV6YWp3RFRaalkrT2JPcldaZ1NhNFljCi0tLSAxUUM4b0N4YTdMOW5rWWZ3
+RUtNV3VBYWV4bENhbFJZS2ZMUzkveGtabUZ3Cs10FGWYdOYr63rRA2P7jM9HI/9a
+t2gFVJyA+AC0hPl/pDVabyrF48d8lWzk1IwVe3jfP5QHZxhHwc9vuu0crw3EJAmK
+Q+QgythEzjF0ftCosDXLg5J8A3lkPlAe+km6T294oFxTW8pG/h8tu4rKukJWnYSU
+E09AHZ795YX07jKvrN/U11HRd8g=
+-----END AGE ENCRYPTED FILE-----

secrets/logan.age

@@ -0,0 +1,37 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBsSURv
+VzMrb2x4ZHBEdjB2N01nZTBtTzlOOW9JYnpLZ0hhRHFJRmd2cFZRClFVaUtVTWFD
+MWdtMTczcEhZSEVRK25aM1djN3p3MVlzSkp4UEFnOStxUkkKLT4gc3NoLWVkMjU1
+MTkgSk00dDZBIGRFeXkxMDhBYVFqNjdyLzRyQ0xHQWtib0JHbkZnK0R0ZTdVeHRm
+T0l6azgKUWZobTdUYkphUmZBQWRocjhIcEF5eEk2amt4RDRxWjBFOFBjcWZ2dXQ1
+bwotPiBzc2gtZWQyNTUxOSA5aEV5RFEgK21WdkxyQmNFeXhMUXF4SGhWczFqczRG
+ZHR2ZlIzaDNvc2Yrd2FPOG5RWQp5YzNBTGlZcXZlZ2M0VmEvdkxRNzNVMXh5K3FV
+Ny9pZmt4S0dIakd4S2c0Ci0+IHNzaC1lZDI1NTE5IHU3WjNqdyBDbHFFRTFDaGRi
+MWxpbzFYa0tUTUsxWFJya3hGUjVVVTIwcEpxNFhyNWpNClUwV2pCRlhXNWhwM2pk
+TWlTeTVrbS9lN2wyU2JTVnhUb094Tm9OQ1VCMDgKLT4gc3NoLWVkMjU1MTkgV2c5
+M3J3IE1nL1ZaMzVZc1RHNXJycW0xaFBuVCtDS2YzRTVPYWZ2SUVpVmN3NVBBUU0K
+TWc0Um4zNTcyaW5NUHRxS2dsZWNZa3FwWVVnSU9EVk9LNEVoUVN0SGg4ZwotPiBz
+c2gtZWQyNTUxOSBQeEt3alEgemRWUm9LVEwvYkRtcHRjUzExeGZENHRUMWxGSkU0
+TWE1NnkraStwa0REUQo3Q0ZtWk9UTmsxMG9aNE9uaVptd3htZ1FCQzFZM0d0Q1Bw
+TVFoWGlaamVNCi0+IHNzaC1lZDI1NTE5IEIzZFhTQSBuSUVqVHlJTGVKSTlydGxN
+eUZjS2tybjJ0Tkw1ajBoRkJSN3E4SnV4RnlBCldES1ZvT1VObDhnL0FHUUVreW9F
+bTRCMCtES3NJbDRhRjE4ZFU2VDdHTDAKLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIGh5
+M3NBcFhpWXdjWklqNk1vMVZXRFMybDgzVTVXZE9uUDhMY3BQOXZIMVkKak5reisr
+NkVqSFV1UFZVVWFxVmNBN2xGZ0F5RW10QmU1U05lNllHR21XdwotPiBzc2gtZWQy
+NTUxOSAwZHBkZ1EgVzRWSFRCSitURWxEcW1Oa0ZXdkQ4SyswODM5cDVzWFpwT0hO
+aGE3OXVVcwo4SFJsRGlGdWhEK0JUTlR0am0xVG1JcjR3Y2lJblVsTUJtWFFlZnVn
+ajlNCi0+IHNzaC1lZDI1NTE5IHVsMGt4USB1L2d5SDJVTUp1Q01kYmE3M2wxc0JT
+QzdtS0hOTlY2NUhHaFJHUU5HVGxNCkkxV0J0OC92TUNIMXh6aUJIMkxYc2x0bzF4
+OGRNcDlneUdTWUR4TWdvbTQKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IC9XeWdBR1lB
+RThIbytIK2pJUjl0Q1NyV1FETUtad1BPTzczVTVwK0pSQmMKUjJpRW12Z3hOQ1Js
+V0h0bjg2UVhFbllTK3ZNOEZJVjlnS0d6bS96bUpMTQotPiBzc2gtZWQyNTUxOSB6
+RzMrMXcgVFFnMXBuVkMxOWxMaUJKMmRRQ2J1TXlhOHFITzF2ZlMwWUwwYjFzcFFo
+dwpGdUJsdHhCSUplMTZnWkhPM1RBZWs3cmFiSlhhTnBBZlRTTGtiZWFjTEZJCi0+
+IE93OCk9Ly1ncmVhc2UgalVrLFEmMSAwb09BMFEKZUV4YWZabnU4S2V6T3FyUUk5
+bEZYU21WN2s5czA4WGg2T3V2dmM2bmE0QUMxbVNYNjlOcUVvTkJvZmY0V0libgp2
+M1pOUnRVCi0tLSBXTEhsQmhlZCtwMVNyY0dadlcyKzV2U25sRWoxMzhEY1l5KzNS
+cVVaVnJBCsyrUAefxlWiCVPCOzXHaPlmcXrvChiS7udyIfSXKaiN4N/dxW2Y1h/F
+unCbKUkW/qGO8cqyHzbudwl72iwRK6aqqmRVkTk8wd6+0XeWdPmxJCR07AMe1DEx
+afv5xFidKkuaiglMPxI6TCy+YVH+2BQPhkEquvSkhJjnWJXqj7S/KQ9+Fjlz/ZcQ
+zR8=
+-----END AGE ENCRYPTED FILE-----