1
0
mirror of https://github.com/tboerger/nixos-config synced 2024-11-26 07:43:45 +01:00

feat: add mkComputer, bootstrap without agenix

This commit is contained in:
Thomas Boerger 2022-10-26 17:52:42 +02:00
parent 2cdc9f7864
commit 759bdf8cd9
No known key found for this signature in database
GPG Key ID: 09745AFF9D63C79B
14 changed files with 277 additions and 259 deletions

@ -8,21 +8,18 @@ Provisioning for my NixOS systems based on [Nix][nix].
### Bootstrap
Copy `/etc/ssh/ssh_host_ed25519_key.pub` into [secrets](./secrets/secrets.nix)
and rekey the secrets via [agenix][agenix]. After pushing the regkeyed secrets
execute these commands:
```console
sudo loadkeys de
sudo nix-shell --packages nixUnstable
bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/scripts/chnum-partitions)"
mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --root /mnt --flake github:tboerger/nixos-config#chnum
nixos-install --root /mnt --flake github:tboerger/nixos-config#chnum-bootstrap
```
Do not forget to rekey the secrets via [agenix][agenix] including the new keys
at `/etc/ssh/ssh_host_ed25519_key.pub`, otherwise updating with the final
services won't work.
### Updates
If the repository had been cloned you could just execute `make switch`,
@ -42,12 +39,13 @@ sudo loadkeys de
sudo nix-shell --packages nixUnstable
bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/scripts/asgard-partitions)"
mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --root /mnt --flake github:tboerger/nixos-config#asgard
nixos-install --root /mnt --flake github:tboerger/nixos-config#asgard-bootstrap
```
Do not forget to rekey the secrets via [agenix][agenix] including the new keys
at `/etc/ssh/ssh_host_ed25519_key.pub`, otherwise updating with the final
services won't work.
### Updates
If the repository had been cloned you could just execute `make switch`,
@ -67,12 +65,13 @@ sudo loadkeys de
sudo nix-shell --packages nixUnstable
bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/scripts/utgard-partitions)"
mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --root /mnt --flake github:tboerger/nixos-config#utgard
nixos-install --root /mnt --flake github:tboerger/nixos-config#utgard-bootstrap
```
Do not forget to rekey the secrets via [agenix][agenix] including the new keys
at `/etc/ssh/ssh_host_ed25519_key.pub`, otherwise updating with the final
services won't work.
### Updates
If the repository had been cloned you could just execute `make switch`,
@ -92,12 +91,13 @@ sudo loadkeys de
sudo nix-shell --packages nixUnstable
mount /dev/disk/by-label/NIXOS_SD /mnt
mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --root /mnt --flake github:tboerger/nixos-config#midgard
nixos-install --root /mnt --flake github:tboerger/nixos-config#midgard-bootstrap
```
Do not forget to rekey the secrets via [agenix][agenix] including the new keys
at `/etc/ssh/ssh_host_ed25519_key.pub`, otherwise updating with the final
services won't work.
### Updates
If the repository had been cloned you could just execute `make switch`,

259
flake.nix

@ -41,181 +41,144 @@
outputs = { self, nixpkgs, nur, utils, agenix, homemanager, deployrs, arion, hardware, ... }@inputs:
let
mkComputer = configurationNix: systemName: enableServices: extraModules: nixpkgs.lib.nixosSystem {
system = systemName;
modules = [
({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import nixpkgs { system = systemName; };
};
in
{
imports = [
nur-no-pkgs.repos.tboerger.modules
];
nixpkgs = {
overlays = [
(import ./overlays)
nur.overlay
];
};
})
homemanager.nixosModules.home-manager
agenix.nixosModules.age
arion.nixosModules.arion
configurationNix
] ++ extraModules;
specialArgs = {
inherit inputs;
};
};
in
{
nixosConfigurations = {
chnum = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import nixpkgs { system = "x86_64-linux"; };
};
in
{
imports = [
nur-no-pkgs.repos.tboerger.modules
];
nixpkgs = {
overlays = [
(import ./overlays)
nur.overlay
];
};
})
homemanager.nixosModules.home-manager
agenix.nixosModules.age
arion.nixosModules.arion
./machines/chnum
chnum = mkComputer
./machines/chnum
"x86_64-linux"
true
[
./profiles/thomas
# ./profiles/anna
# ./profiles/adrian
# ./profiles/tabea
];
specialArgs = {
inherit inputs;
};
};
chnum-bootstrap = mkComputer
./machines/chnum
"x86_64-linux"
false
[
./profiles/thomas
# ./profiles/anna
# ./profiles/adrian
# ./profiles/tabea
];
midgard = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
asgard = mkComputer
./machines/asgard
"x86_64-linux"
true
[
./profiles/thomas
# ./profiles/anna
# ./profiles/adrian
# ./profiles/tabea
];
modules = [
({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import nixpkgs { system = "aarch64-linux"; };
};
in
{
imports = [
nur-no-pkgs.repos.tboerger.modules
];
asgard-bootstrap = mkComputer
./machines/asgard
"x86_64-linux"
false
[
./profiles/thomas
# ./profiles/anna
# ./profiles/adrian
# ./profiles/tabea
];
nixpkgs = {
overlays = [
(import ./overlays)
nur.overlay
];
};
})
utgard = mkComputer
./machines/utgard
"x86_64-linux"
true
[
./profiles/thomas
# ./profiles/anna
# ./profiles/adrian
# ./profiles/tabea
];
utgard-bootstrap = mkComputer
./machines/utgard
"x86_64-linux"
false
[
./profiles/thomas
# ./profiles/anna
# ./profiles/adrian
# ./profiles/tabea
];
midgard = mkComputer
./machines/midgard
"aarch64-linux"
true
[
hardware.nixosModules.raspberry-pi-4
homemanager.nixosModules.home-manager
agenix.nixosModules.age
arion.nixosModules.arion
./machines/midgard
./profiles/thomas
# ./profiles/anna
# ./profiles/adrian
# ./profiles/tabea
];
specialArgs = {
inherit inputs;
};
};
utgard = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import nixpkgs { system = "x86_64-linux"; };
};
in
{
imports = [
nur-no-pkgs.repos.tboerger.modules
];
nixpkgs = {
overlays = [
(import ./overlays)
nur.overlay
];
};
nixpkgs.config.allowUnfree = true;
})
homemanager.nixosModules.home-manager
agenix.nixosModules.age
arion.nixosModules.arion
./machines/utgard
midgard-bootstrap = mkComputer
./machines/midgard
"aarch64-linux"
false
[
hardware.nixosModules.raspberry-pi-4
./profiles/thomas
# ./profiles/anna
# ./profiles/adrian
# ./profiles/tabea
];
specialArgs = {
inherit inputs;
};
};
asgard = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
({ pkgs, ... }:
let
nur-no-pkgs = import nur {
nurpkgs = import nixpkgs { system = "x86_64-linux"; };
};
in
{
imports = [
nur-no-pkgs.repos.tboerger.modules
];
nixpkgs = {
overlays = [
(import ./overlays)
nur.overlay
];
};
})
homemanager.nixosModules.home-manager
agenix.nixosModules.age
arion.nixosModules.arion
./machines/asgard
./profiles/thomas
# ./profiles/anna
# ./profiles/adrian
# ./profiles/tabea
];
specialArgs = {
inherit inputs;
};
};
};
chnum = self.nixosConfigurations.chnum.config.system.build.toplevel;
midgard = self.nixosConfigurations.midgard.config.system.build.toplevel;
chnum-bootstrap = self.nixosConfigurations.chnum-bootstrap.config.system.build.toplevel;
utgard = self.nixosConfigurations.utgard.config.system.build.toplevel;
utgard-bootstrap = self.nixosConfigurations.utgard-bootstrap.config.system.build.toplevel;
asgard = self.nixosConfigurations.asgard.config.system.build.toplevel;
asgard-bootstrap = self.nixosConfigurations.asgard-bootstrap.config.system.build.toplevel;
midgard = self.nixosConfigurations.midgard.config.system.build.toplevel;
midgard-bootstrap = self.nixosConfigurations.midgard-bootstrap.config.system.build.toplevel;
deploy = {
nodes = {
midgard = {
sshOpts = [ "-p" "22" ];
hostname = "192.168.1.5";
fastConnection = true;
profiles.system = {
sshUser = "thomas";
user = "root";
path = deployrs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.midgard;
};
};
asgard = {
sshOpts = [ "-p" "22" ];
hostname = "192.168.1.10";
@ -239,6 +202,18 @@
path = deployrs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.utgard;
};
};
midgard = {
sshOpts = [ "-p" "22" ];
hostname = "192.168.1.5";
fastConnection = true;
profiles.system = {
sshUser = "thomas";
user = "root";
path = deployrs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.midgard;
};
};
};
};

@ -14,13 +14,13 @@
personal = {
services = {
docker = {
enable = true;
enable = config.personal.services.enable;
};
samba = {
enable = true;
enable = config.personal.services.enable;
};
tailscale = {
enable = true;
enable = config.personal.services.enable;
};
};
};

@ -14,16 +14,16 @@
personal = {
services = {
citrix = {
enable = true;
enable = config.personal.services.enable;
};
desktop = {
enable = true;
enable = config.personal.services.enable;
};
docker = {
enable = true;
enable = config.personal.services.enable;
};
libvirt = {
enable = true;
enable = config.personal.services.enable;
};
};
};

@ -14,19 +14,19 @@
personal = {
services = {
acme = {
enable = true;
enable = config.personal.services.enable;
};
adguard = {
enable = true;
enable = config.personal.services.enable;
};
coredns = {
enable = true;
enable = config.personal.services.enable;
};
docker = {
enable = true;
enable = config.personal.services.enable;
};
tailscale = {
enable = true;
enable = config.personal.services.enable;
};
};
};

@ -10,7 +10,7 @@ with lib;
users = {
root = {
shell = pkgs.zsh;
passwordFile = config.age.secrets."users/root/password".path;
hashedPassword = "$6$i1AZZ2GnRxgVnJ0X$yfWoi.SDf4mWYRAI6AbaCUMM15OOOZsabgbLo82HgEvCH3yc97N00y5m3aQPcLZ/5QHaL4BPUFRU6Ux3/ziEE/";
openssh = {
authorizedKeys = {
keys = [
@ -23,7 +23,7 @@ with lib;
description = "Admin";
shell = pkgs.zsh;
isNormalUser = true;
passwordFile = config.age.secrets."users/admin/password".path;
hashedPassword = "$6$l5FBDK2QUtR6Sfvv$N.eol4kjcwIr56wIv1iwT07qlK.gD2KU7fAwc8JLMeKLLuik2FjmzQszgglQUuLbvLPiMM39Dj8AsHxJyXwhX.";
uid = 1337;
openssh = {
authorizedKeys = {
@ -40,13 +40,5 @@ with lib;
};
};
};
age.secrets."users/root/password" = {
file = ../../secrets/users/root/password.age;
};
age.secrets."users/admin/password" = {
file = ../../secrets/users/admin/password.age;
};
};
}

@ -1,4 +1,5 @@
{ pkgs, lib, config, options, ... }:
with lib;
{
imports = [
@ -22,7 +23,11 @@
options = {
personal = {
services = { };
services = {
enable = mkEnableOption "Services" // {
default = true;
};
};
};
};
}

@ -14,16 +14,16 @@
personal = {
services = {
acme = {
enable = true;
enable = config.personal.services.enable;
};
hass = {
enable = true;
enable = config.personal.services.enable;
};
media = {
enable = true;
enable = config.personal.services.enable;
};
tailscale = {
enable = true;
enable = config.personal.services.enable;
};
};
};

@ -22,35 +22,70 @@ while true; do
esac
done
echo "----> Remove previous VGs"
for VG in $(vgs --noheadings 2>/dev/null | sed -e 's/^[[:space:]]*//' | cut -d" " -f 1); do
vgremove -y ${VG} 2>/dev/null
done
echo "----> Remove previous PVs"
for PV in $(pvs --noheadings 2>/dev/null | sed -e 's/^[[:space:]]*//' | cut -d" " -f 1); do
pvremove -y ${PV} 2>/dev/null
done
echo "----> Remove previous MDs"
if [[ -d /dev/md ]]; then
for MD in /dev/md/*; do
mdadm --stop $MD
done
fi
echo "----> Drop existing partitions"
sgdisk --zap-all /dev/sda
sgdisk -og /dev/sda
sgdisk --zap-all /dev/sdb
sgdisk -og /dev/sdb
sgdisk --zap-all /dev/sdc
sgdisk -og /dev/sdc
sgdisk --zap-all /dev/sdd
sgdisk -og /dev/sdd
sgdisk --zap-all /dev/sde
sgdisk -og /dev/sde
wipefs -a /dev/sda || true
sfdisk --delete /dev/sda || true
wipefs -a /dev/sdb || true
sfdisk --delete /dev/sdb || true
wipefs -a /dev/sdc || true
sfdisk --delete /dev/sdc || true
wipefs -a /dev/sdd || true
sfdisk --delete /dev/sdd || true
wipefs -a /dev/sde || true
sfdisk --delete /dev/sde || true
echo "-----> Wait for cleanup"
sleep 3
sync
echo "-----> Mark MBR disks"
echo yes | parted /dev/disk/by-path/pci-0000:00:14.1-ata-1 -- mklabel msdos
echo "-----> Mark GPT disks"
echo yes | parted /dev/disk/by-path/pci-0000:00:11.0-ata-1.0 -- mklabel gpt
echo yes | parted /dev/disk/by-path/pci-0000:00:11.0-ata-2.0 -- mklabel gpt
echo yes | parted /dev/disk/by-path/pci-0000:00:11.0-ata-3.0 -- mklabel gpt
echo yes | parted /dev/disk/by-path/pci-0000:00:11.0-ata-4.0 -- mklabel gpt
echo "-----> Create boot partition"
sgdisk -n 0:0:+1G -t 0:ef00 -c 0:boot /dev/disk/by-path/pci-0000:00:14.1-ata-1
parted /dev/disk/by-path/pci-0000:00:14.1-ata-1 -- mkpart primary ext4 1MB 1GB
parted /dev/disk/by-path/pci-0000:00:14.1-ata-1 -- set 1 boot on
echo "-----> Create root partition"
sgdisk -n 0:0:0 -t 0:8300 -c 0:data /dev/disk/by-path/pci-0000:00:14.1-ata-1
parted /dev/disk/by-path/pci-0000:00:14.1-ata-1 -- mkpart primary ext4 1GB 100%
echo "-----> Create tank partition"
sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/disk/by-path/pci-0000:00:11.0-ata-1
sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/disk/by-path/pci-0000:00:11.0-ata-2
sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/disk/by-path/pci-0000:00:11.0-ata-3
sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/disk/by-path/pci-0000:00:11.0-ata-4
echo "-----> Wait for data"
sleep 3
sync
echo "-----> Create data pv"
pvcreate /dev/disk/by-partlabel/data
pvcreate /dev/disk/by-path/pci-0000:00:14.1-ata-1-part2
echo "-----> Create data vg"
vgcreate system /dev/disk/by-partlabel/data
vgcreate system /dev/disk/by-path/pci-0000:00:14.1-ata-1-part2
echo "-----> Create swap volume"
lvcreate -y --size 24G --name swap system
@ -79,20 +114,22 @@ mkdir /mnt/home
mount -t ext4 /dev/system/home /mnt/home
echo "-----> Create boot filesystem"
mkfs.vfat -n boot /dev/disk/by-partlabel/boot
echo "-----> Wait for boot"
sleep 3
mkfs.ext4 -L boot /dev/disk/by-path/pci-0000:00:14.1-ata-1-part1
echo "-----> Mount boot filesystem"
mkdir /mnt/boot
mount /dev/disk/by-label/boot /mnt/boot
echo "-----> Create tank partition"
sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/disk/by-path/pci-0000:00:11.0-ata-1
sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/disk/by-path/pci-0000:00:11.0-ata-2
sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/disk/by-path/pci-0000:00:11.0-ata-3
sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/disk/by-path/pci-0000:00:11.0-ata-4
echo "-----> Wait for filesystems"
sleep 3
sync
echo "----> Remove previous MDs"
if [[ -d /dev/md ]]; then
for MD in /dev/md/*; do
mdadm --stop $MD
done
fi
echo "-----> Create raid volume"
echo yes | mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/disk/by-path/pci-0000:00:11.0-ata-1.0-part1 /dev/disk/by-path/pci-0000:00:11.0-ata-2.0-part1

@ -22,14 +22,25 @@ while true; do
esac
done
echo "----> Remove previous VGs"
for VG in $(vgs --noheadings 2>/dev/null | sed -e 's/^[[:space:]]*//' | cut -d" " -f 1); do
vgremove -y ${VG} 2>/dev/null
done
echo "----> Remove previous PVs"
for PV in $(pvs --noheadings 2>/dev/null | sed -e 's/^[[:space:]]*//' | cut -d" " -f 1); do
pvremove -y ${PV} 2>/dev/null
done
echo "----> Drop existing partitions"
wipefs -a /dev/sda
sfdisk --delete /dev/sda
echo "-----> Wait for cleanup"
sleep 3
sync
echo "-----> Mark GPT disk"
echo "-----> Mark GPT disks"
echo yes | parted /dev/sda -- mklabel gpt
echo "-----> Create boot partition"
@ -40,27 +51,22 @@ sgdisk -n 0:0:0 -t 0:8300 -c 0:data /dev/sda
echo "-----> Wait for data"
sleep 3
echo "-----> Format luks partition"
cryptsetup --verify-passphrase luksFormat /dev/disk/by-partlabel/data
echo "-----> Open luks partition"
cryptsetup --allow-discards luksOpen /dev/disk/by-partlabel/data luks
sync
echo "-----> Create data pv"
pvcreate /dev/mapper/luks
pvcreate /dev/disk/by-partlabel/data
echo "-----> Create data vg"
vgcreate system /dev/mapper/luks
vgcreate system /dev/disk/by-partlabel/data
echo "-----> Create swap volume"
lvcreate --size 24G --name swap system
lvcreate -y --size 24G --name swap system
echo "-----> Create root volume"
lvcreate --size 100G --name root system
lvcreate -y --size 100G --name root system
echo "-----> Create home volume"
lvcreate --size 100G --name home system
lvcreate -y --size 100G --name home system
echo "-----> Enable swap partition"
mkswap -L swap /dev/system/swap
@ -85,3 +91,7 @@ mkfs.vfat -n boot /dev/disk/by-partlabel/boot
echo "-----> Mount boot filesystem"
mkdir /mnt/boot
mount /dev/disk/by-label/boot /mnt/boot
echo "-----> Wait for filesystems"
sleep 3
sync

@ -22,6 +22,16 @@ while true; do
esac
done
echo "----> Remove previous VGs"
for VG in $(vgs --noheadings 2>/dev/null | sed -e 's/^[[:space:]]*//' | cut -d" " -f 1); do
vgremove -y ${VG} 2>/dev/null
done
echo "----> Remove previous PVs"
for PV in $(pvs --noheadings 2>/dev/null | sed -e 's/^[[:space:]]*//' | cut -d" " -f 1); do
pvremove -y ${PV} 2>/dev/null
done
echo "----> Drop existing partitions"
wipefs -a /dev/sda
sfdisk --delete /dev/sda
@ -30,8 +40,9 @@ sfdisk --delete /dev/sdb
echo "-----> Wait for cleanup"
sleep 3
sync
echo "-----> Mark GPT disk"
echo "-----> Mark GPT disks"
echo yes | parted /dev/sda -- mklabel gpt
echo yes | parted /dev/sdb -- mklabel gpt
@ -46,21 +57,22 @@ sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/sdb
echo "-----> Wait for data"
sleep 3
sync
echo "-----> Create data pv"
pvcreate /dev/disk/by-partlabel/data /dev/disk/by-partlabel/tank
echo "-----> Create data vg"
vgcreate system /dev/disk/by-partlabel/data
vgcreate system /dev/disk/by-partlabel/data /dev/disk/by-partlabel/tank
echo "-----> Create swap volume"
lvcreate --size 24G --name swap system
lvcreate -y --size 24G --name swap system
echo "-----> Create root volume"
lvcreate --size 50G --name root system
lvcreate -y --size 50G --name root system
echo "-----> Create home volume"
lvcreate --size 50G --name home system
lvcreate -y --size 50G --name home system
echo "-----> Enable swap partition"
mkswap -L swap /dev/system/swap
@ -86,20 +98,12 @@ echo "-----> Mount boot filesystem"
mkdir /mnt/boot
mount /dev/disk/by-label/boot /mnt/boot
for PARTITION in acme nzbget jellyfin bazarr lidarr prowlarr radarr readarr sonarr; do
echo "-----> Create ${PARTITION} volume"
lvcreate --size 5G --name ${PARTITION} system
echo "-----> Create ${PARTITION} filesystem"
mkfs.ext4 -L ${PARTITION} /dev/system/${PARTITION}
echo "-----> Mount ${PARTITION} filesystem"
mkdir /mnt/var/lib/${PARTITION}
mount -t ext4 /dev/system/${PARTITION} /mnt/var/lib/${PARTITION}
done
echo "-----> Wait for filesystems"
sleep 3
sync
echo "-----> Create downloads volume"
lvcreate --size 200G --name downloads system
lvcreate -y --size 200G --name downloads system
echo "-----> Create downloads filesystem"
mkfs.ext4 -L downloads /dev/system/downloads
@ -108,3 +112,15 @@ echo "-----> Mount downloads filesystem"
mkdir -p /mnt/var/lib/downloads
mount -t ext4 /dev/tank/downloads /mnt/var/lib/downloads
chown 20000:20000 /mnt/var/lib/downloads
for PARTITION in acme nzbget jellyfin bazarr lidarr prowlarr radarr readarr sonarr; do
echo "-----> Create ${PARTITION} volume"
lvcreate -y --size 5G --name ${PARTITION} system
echo "-----> Create ${PARTITION} filesystem"
mkfs.ext4 -L ${PARTITION} /dev/system/${PARTITION}
echo "-----> Mount ${PARTITION} filesystem"
mkdir /mnt/var/lib/${PARTITION}
mount -t ext4 /dev/system/${PARTITION} /mnt/var/lib/${PARTITION}
done

@ -14,13 +14,10 @@ in
"services/nixbuild/sshkey.age".publicKeys = users ++ systems;
"services/tailscale/authkey.age".publicKeys = users ++ systems;
"users/media/password.age".publicKeys = users ++ systems;
"users/media/smbpasswd.age".publicKeys = users ++ systems;
"users/media/password.age".publicKeys = users ++ systems;
"users/printer/password.age".publicKeys = users ++ systems;
"users/root/password.age".publicKeys = users ++ systems;
"users/admin/password.age".publicKeys = users ++ systems;
"users/thomas/password.age".publicKeys = users ++ systems;
"users/anna/password.age".publicKeys = users ++ systems;
"users/adrian/password.age".publicKeys = users ++ systems;

@ -1,14 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 ptT1OQ m41ZYkxBg3ngM4ZpFHCb4Ft/ElZjPSf1s2a5lSvz4xg
rvMP6Ue5ZDOElRrW2GC1b43F/ZyS+5vQC8lQxVSBUy4
-> ssh-ed25519 vDK6kA O8UeamU3Zx4cxCardgxbe9ftFmkR0sSXEUSu8DHnhxk
AmgswlByLQGJeUzrAu9gJ4vOoxkAF+FNIaXBuY/MRqk
-> ssh-ed25519 gBo+cg UFDVPaFYhVypXE8h7wIp5yvCpKpeXR81JwXVDHNpIAI
3GcUg0kPP/GwYZXjh1CraS/qsopwrTrjTmegyE1fhO0
-> ssh-ed25519 QkapZw kn/5bNeJnnEDdFlk9TklUbzb3mRHdgnfw8qyBxJM7yA
HONZGOxZZuOny0jj2+N0lKKrdAZZhV3vlWEV8FHHqWk
-> Xavbo#^^-grease I
6kc1UvDDimkMwSlrUtx5+s6TmG2l4KHsRYSNibGisCEXPTOZnZdV5G9WO4DqxuHI
+aje2p6qtOB1+6i3S/BDDyhI82UFMXT2gZt7Jk7gz/Ylsm4z
--- q/EYv2kRnAnW0Xg4DrPanJRPVH1r7RMdxacyK3TIQA4
E.z…Æc ]2îdð<64>KØÀ¤pRÌ…™&ÊÙéäe?—øNºø›

Binary file not shown.