nix-sops

2024-08-07 18:41:09 -05:00
parent 26cc1b223f
commit 0fc00e2d29
26 changed files with 683 additions and 202 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -0,0 +1,15 @@
 # This example uses YAML anchors which allows reuse of multiple keys 
 # without having to repeat yourself.
 # Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
 # for a more complex example.
 keys:
  - &matt age157jemphjzg6zmk373vpccuguyw6e75qnkqmz8pcnn2yue85p939swqqhy0
  - &desktop age1jv8ap5zwa49ftv0gg7wqf5ps0e68uuwxe2fekjsn0zkyql964unqyc58rf
  - &jallen-nas age1mn2afyp9my7y7hcyzum0wdwt49zufnkt8swnyy8pj30cwzs4zvgsthj0lt
 creation_rules:
  - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - age:
      - *matt
      - *desktop
      - *jallen-nas
--- a/flake.lock
+++ b/flake.lock
@@ -1,21 +1,62 @@
 {
  "nodes": {
    "authentik-nix": {
      "inputs": {
        "authentik-src": "authentik-src",
        "flake-compat": "flake-compat",
        "flake-parts": "flake-parts",
        "flake-utils": "flake-utils",
        "napalm": "napalm",
        "nixpkgs": "nixpkgs",
        "poetry2nix": "poetry2nix"
      },
      "locked": {
        "lastModified": 1722673481,
        "narHash": "sha256-IWNFRDPVo1mDd0TzHsrweTVkcC0vZblkO3eo5h3lthQ=",
        "owner": "nix-community",
        "repo": "authentik-nix",
        "rev": "9067dd09db38130c400bc7a392339f757fa5ff45",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "authentik-nix",
        "type": "github"
      }
    },
    "authentik-src": {
      "flake": false,
      "locked": {
        "lastModified": 1722437664,
        "narHash": "sha256-MtnBndHJmrp7NLIUO2/8SMy/9RKXyoTmh3X19P6KOtI=",
        "owner": "goauthentik",
        "repo": "authentik",
        "rev": "d6904b6aa1440f98f8061c3d12f7358c21b5ae2d",
        "type": "github"
      },
      "original": {
        "owner": "goauthentik",
        "ref": "version/2024.6.2",
        "repo": "authentik",
        "type": "github"
      }
    },
    "chaotic": {
      "inputs": {
        "compare-to": "compare-to",
        "flake-schemas": "flake-schemas",
        "home-manager": "home-manager",
        "jovian": "jovian",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
-        "systems": "systems",
+        "systems": "systems_3",
        "yafas": "yafas"
      },
      "locked": {
-        "lastModified": 1722269440,
+        "lastModified": 1722771754,
-        "narHash": "sha256-eUzqnxgHIfxGcXk0SwXwP011uQ41WOEHX+gg1uPSkcE=",
+        "narHash": "sha256-NXE43sBXHB5kto5dSH9afFUxug7W8bBZg75UHbydX5E=",
        "owner": "chaotic-cx",
        "repo": "nyx",
-        "rev": "a383380ec33f66ef92c4e815260271f6ad7cf286",
+        "rev": "69263a943d93c7af4429924ef66f3f64e5555089",
        "type": "github"
      },
      "original": {
@@ -41,16 +82,17 @@
    },
    "cosmic": {
      "inputs": {
-        "flake-compat": "flake-compat",
+        "flake-compat": "flake-compat_2",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs_3",
-        "nixpkgs-stable": "nixpkgs-stable"
+        "nixpkgs-stable": "nixpkgs-stable",
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1722449994,
+        "lastModified": 1722811556,
-        "narHash": "sha256-xcpJE83RMrMPcfmoSScTs8yxGGIexOaHCt2lb3rKzzU=",
+        "narHash": "sha256-tqmK+5gBOBogsoFY/0t8y+7VQGfoIddsWtb5brM7tyI=",
        "owner": "lilyinstarlight",
        "repo": "nixos-cosmic",
-        "rev": "7bccbcaafaf1e1e8077c0440c9e2defc8f5a2a75",
+        "rev": "c0a1d2525807a87ea27cb5ff8d2026e1792d2da0",
        "type": "github"
      },
      "original": {
@@ -122,6 +164,22 @@
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
        "lastModified": 1696426674,
        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
        "owner": "edolstra",
        "repo": "flake-compat",
        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
        "type": "github"
      },
      "original": {
        "owner": "edolstra",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-compat_2": {
      "flake": false,
      "locked": {
        "lastModified": 1717312683,
@@ -137,7 +195,7 @@
        "type": "github"
      }
    },
-    "flake-compat_2": {
+    "flake-compat_3": {
      "flake": false,
      "locked": {
        "lastModified": 1696426674,
@@ -153,7 +211,7 @@
        "type": "github"
      }
    },
-    "flake-compat_3": {
+    "flake-compat_4": {
      "locked": {
        "lastModified": 1688025799,
        "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
@@ -169,6 +227,24 @@
      }
    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
        "lastModified": 1719745305,
        "narHash": "sha256-xwgjVUpqSviudEkpQnioeez1Uo2wzrsMaJKJClh+Bls=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "rev": "c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "type": "github"
      }
    },
    "flake-parts_2": {
      "inputs": {
        "nixpkgs-lib": [
          "lanzaboote",
@@ -205,7 +281,25 @@
    },
    "flake-utils": {
      "inputs": {
-        "systems": "systems_2"
+        "systems": "systems"
      },
      "locked": {
        "lastModified": 1710146030,
        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flake-utils_2": {
      "inputs": {
        "systems": "systems_4"
      },
      "locked": {
        "lastModified": 1710146030,
@@ -251,11 +345,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1722119539,
+        "lastModified": 1722462338,
-        "narHash": "sha256-2kU90liMle0vKR8exJx1XM4hZh9CdNgZGHCTbeA9yzY=",
+        "narHash": "sha256-ss0G8t8RJVDewA3MyqgAlV951cWRK6EtVhVKEZ7J5LU=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "d0240a064db3987eb4d5204cf2400bc4452d9922",
+        "rev": "6e090576c4824b16e8759ebca3958c5b09659ee8",
        "type": "github"
      },
      "original": {
@@ -292,11 +386,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1722407237,
+        "lastModified": 1722630065,
-        "narHash": "sha256-wcpVHUc2nBSSgOM7UJSpcRbyus4duREF31xlzHV5T+A=",
+        "narHash": "sha256-QfM/9BMRkCmgWzrPDK+KbgJOUlSJnfX4OvsUupEUZvA=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "58cef3796271aaeabaed98884d4abaab5d9d162d",
+        "rev": "afc892db74d65042031a093adb6010c4c3378422",
        "type": "github"
      },
      "original": {
@@ -322,7 +416,7 @@
    },
    "jovian": {
      "inputs": {
-        "nix-github-actions": "nix-github-actions",
+        "nix-github-actions": "nix-github-actions_2",
        "nixpkgs": [
          "chaotic",
          "nixpkgs"
@@ -345,14 +439,14 @@
    "lanzaboote": {
      "inputs": {
        "crane": "crane",
-        "flake-compat": "flake-compat_2",
+        "flake-compat": "flake-compat_3",
-        "flake-parts": "flake-parts",
+        "flake-parts": "flake-parts_2",
-        "flake-utils": "flake-utils",
+        "flake-utils": "flake-utils_2",
        "nixpkgs": [
          "nixpkgs-unstable"
        ],
        "pre-commit-hooks-nix": "pre-commit-hooks-nix",
-        "rust-overlay": "rust-overlay"
+        "rust-overlay": "rust-overlay_2"
      },
      "locked": {
        "lastModified": 1718178907,
@@ -385,6 +479,31 @@
        "type": "github"
      }
    },
    "napalm": {
      "inputs": {
        "flake-utils": [
          "authentik-nix",
          "flake-utils"
        ],
        "nixpkgs": [
          "authentik-nix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1717929455,
        "narHash": "sha256-BiI5xWygriOJuNISnGAeL0KYxrEMnjgpg+7wDskVBhI=",
        "owner": "nix-community",
        "repo": "napalm",
        "rev": "e1babff744cd278b56abe8478008b4a9e23036cf",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "napalm",
        "type": "github"
      }
    },
    "nci": {
      "inputs": {
        "crane": "crane_2",
@@ -395,7 +514,7 @@
          "nixpkgs"
        ],
        "parts": "parts",
-        "rust-overlay": "rust-overlay_2",
+        "rust-overlay": "rust-overlay_3",
        "treefmt": "treefmt"
      },
      "locked": {
@@ -414,14 +533,14 @@
    },
    "nix-darwin": {
      "inputs": {
-        "nixpkgs": "nixpkgs_3"
+        "nixpkgs": "nixpkgs_4"
      },
      "locked": {
-        "lastModified": 1722445220,
+        "lastModified": 1722609272,
-        "narHash": "sha256-PW5FRqLhqg0xGpPjY2Poa464tyBQiyKd0tQGZ0HnMiU=",
+        "narHash": "sha256-Kkb+ULEHVmk07AX+OhwyofFxBDpw+2WvsXguUS2m6e4=",
        "owner": "LnL7",
        "repo": "nix-darwin",
-        "rev": "7e08a9dd34314fb8051c28b231a68726c54daa7b",
+        "rev": "f7142b8024d6b70c66fd646e1d099d3aa5bfec49",
        "type": "github"
      },
      "original": {
@@ -431,6 +550,28 @@
      }
    },
    "nix-github-actions": {
      "inputs": {
        "nixpkgs": [
          "authentik-nix",
          "poetry2nix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1703863825,
        "narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=",
        "owner": "nix-community",
        "repo": "nix-github-actions",
        "rev": "5163432afc817cf8bd1f031418d1869e4c9d5547",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "nix-github-actions",
        "type": "github"
      }
    },
    "nix-github-actions_2": {
      "inputs": {
        "nixpkgs": [
          "chaotic",
@@ -456,7 +597,7 @@
    "nix-inspect": {
      "inputs": {
        "nci": "nci",
-        "nixpkgs": "nixpkgs_4",
+        "nixpkgs": "nixpkgs_5",
        "parts": "parts_2"
      },
      "locked": {
@@ -475,9 +616,9 @@
    },
    "nixos-apple-silicon": {
      "inputs": {
-        "flake-compat": "flake-compat_3",
+        "flake-compat": "flake-compat_4",
-        "nixpkgs": "nixpkgs_5",
+        "nixpkgs": "nixpkgs_6",
-        "rust-overlay": "rust-overlay_3"
+        "rust-overlay": "rust-overlay_4"
      },
      "locked": {
        "lastModified": 1717784003,
@@ -511,11 +652,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1722062969,
+        "lastModified": 1720542800,
-        "narHash": "sha256-QOS0ykELUmPbrrUGmegAUlpmUFznDQeR4q7rFhl8eQg=",
+        "narHash": "sha256-ZgnNHuKV6h2+fQ5LuqnUaqZey1Lqqt5dTUAiAnqH0QQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "b73c2221a46c13557b1b3be9c2070cc42cf01eb3",
+        "rev": "feb2849fdeb70028c70d73b848214b00d324a497",
        "type": "github"
      },
      "original": {
@@ -525,13 +666,25 @@
        "type": "github"
      }
    },
    "nixpkgs-lib": {
      "locked": {
        "lastModified": 1717284937,
        "narHash": "sha256-lIbdfCsf8LMFloheeE6N31+BMIeixqyQWbSr2vk79EQ=",
        "type": "tarball",
        "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
      },
      "original": {
        "type": "tarball",
        "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
      }
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1722221733,
+        "lastModified": 1722519197,
-        "narHash": "sha256-sga9SrrPb+pQJxG1ttJfMPheZvDOxApFfwXCFO0H9xw=",
+        "narHash": "sha256-VEdJmVU2eLFtLqCjTYJd1J7+Go8idAcZoT11IewFiRg=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "12bf09802d77264e441f48e25459c10c93eada2e",
+        "rev": "05405724efa137a0b899cce5ab4dde463b4fd30b",
        "type": "github"
      },
      "original": {
@@ -559,11 +712,11 @@
    },
    "nixpkgs-stable_3": {
      "locked": {
-        "lastModified": 1722221733,
+        "lastModified": 1722651103,
-        "narHash": "sha256-sga9SrrPb+pQJxG1ttJfMPheZvDOxApFfwXCFO0H9xw=",
+        "narHash": "sha256-IRiJA0NVAoyaZeKZluwfb2DoTpBAj+FLI0KfybBeDU0=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "12bf09802d77264e441f48e25459c10c93eada2e",
+        "rev": "a633d89c6dc9a2a8aae11813a62d7c58b2c0cc51",
        "type": "github"
      },
      "original": {
@@ -573,13 +726,29 @@
        "type": "github"
      }
    },
-    "nixpkgs-unstable": {
+    "nixpkgs-stable_4": {
      "locked": {
-        "lastModified": 1722185531,
+        "lastModified": 1721524707,
-        "narHash": "sha256-veKR07psFoJjINLC8RK4DiLniGGMgF3QMlS4tb74S6k=",
+        "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "52ec9ac3b12395ad677e8b62106f0b98c1f8569d",
+        "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "release-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-unstable": {
      "locked": {
        "lastModified": 1722630782,
        "narHash": "sha256-hMyG9/WlUi0Ho9VkRrrez7SeNlDzLxalm9FwY7n/Noo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "d04953086551086b44b6f3c6b7eeb26294f207da",
        "type": "github"
      },
      "original": {
@@ -591,11 +760,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1722185531,
+        "lastModified": 1722630782,
-        "narHash": "sha256-veKR07psFoJjINLC8RK4DiLniGGMgF3QMlS4tb74S6k=",
+        "narHash": "sha256-hMyG9/WlUi0Ho9VkRrrez7SeNlDzLxalm9FwY7n/Noo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "52ec9ac3b12395ad677e8b62106f0b98c1f8569d",
+        "rev": "d04953086551086b44b6f3c6b7eeb26294f207da",
        "type": "github"
      },
      "original": {
@@ -606,6 +775,22 @@
      }
    },
    "nixpkgs_3": {
      "locked": {
        "lastModified": 1722421184,
        "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_4": {
      "locked": {
        "lastModified": 1718149104,
        "narHash": "sha256-Ds1QpobBX2yoUDx9ZruqVGJ/uQPgcXoYuobBguyKEh8=",
@@ -619,7 +804,7 @@
        "type": "indirect"
      }
    },
-    "nixpkgs_4": {
+    "nixpkgs_5": {
      "locked": {
        "lastModified": 1709961763,
        "narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=",
@@ -635,7 +820,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_5": {
+    "nixpkgs_6": {
      "locked": {
        "lastModified": 1716293225,
        "narHash": "sha256-pU9ViBVE3XYb70xZx+jK6SEVphvt7xMTbm6yDIF4xPs=",
@@ -651,6 +836,22 @@
        "type": "github"
      }
    },
    "nixpkgs_7": {
      "locked": {
        "lastModified": 1721466660,
        "narHash": "sha256-pFSxgSZqZ3h+5Du0KvEL1ccDZBwu4zvOil1zzrPNb3c=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "6e14bbce7bea6c4efd7adfa88a40dac750d80100",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "parts": {
      "inputs": {
        "nixpkgs-lib": [
@@ -694,6 +895,34 @@
        "type": "github"
      }
    },
    "poetry2nix": {
      "inputs": {
        "flake-utils": [
          "authentik-nix",
          "flake-utils"
        ],
        "nix-github-actions": "nix-github-actions",
        "nixpkgs": [
          "authentik-nix",
          "nixpkgs"
        ],
        "systems": "systems_2",
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
        "lastModified": 1719549552,
        "narHash": "sha256-efvBV+45uQA6r7aov48H6MhvKp1QUIyIX5gh9oueUzs=",
        "owner": "nix-community",
        "repo": "poetry2nix",
        "rev": "4fd045cdb85f2a0173021a4717dc01d92d7ab2b2",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "poetry2nix",
        "type": "github"
      }
    },
    "pre-commit-hooks-nix": {
      "inputs": {
        "flake-compat": [
@@ -764,6 +993,7 @@
    },
    "root": {
      "inputs": {
        "authentik-nix": "authentik-nix",
        "chaotic": "chaotic",
        "cosmic": "cosmic",
        "home-manager": "home-manager_2",
@@ -775,10 +1005,32 @@
        "nixos-apple-silicon": "nixos-apple-silicon",
        "nixos-hardware": "nixos-hardware",
        "nixpkgs-stable": "nixpkgs-stable_3",
-        "nixpkgs-unstable": "nixpkgs-unstable"
+        "nixpkgs-unstable": "nixpkgs-unstable",
        "sops-nix": "sops-nix"
      }
    },
    "rust-overlay": {
      "inputs": {
        "nixpkgs": [
          "cosmic",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1722738111,
        "narHash": "sha256-cWD5pCs9AYb+512/yCx9D0Pl5KcmyuXHeJpsDw/D1vs=",
        "owner": "oxalica",
        "repo": "rust-overlay",
        "rev": "27ec296d93cb4b2d03e8cbd019b1b4cde8c34280",
        "type": "github"
      },
      "original": {
        "owner": "oxalica",
        "repo": "rust-overlay",
        "type": "github"
      }
    },
    "rust-overlay_2": {
      "inputs": {
        "flake-utils": [
          "lanzaboote",
@@ -803,7 +1055,7 @@
        "type": "github"
      }
    },
-    "rust-overlay_2": {
+    "rust-overlay_3": {
      "flake": false,
      "locked": {
        "lastModified": 1710123130,
@@ -819,7 +1071,7 @@
        "type": "github"
      }
    },
-    "rust-overlay_3": {
+    "rust-overlay_4": {
      "flake": false,
      "locked": {
        "lastModified": 1686795910,
@@ -859,7 +1111,55 @@
        "type": "github"
      }
    },
    "sops-nix": {
      "inputs": {
        "nixpkgs": "nixpkgs_7",
        "nixpkgs-stable": "nixpkgs-stable_4"
      },
      "locked": {
        "lastModified": 1722114803,
        "narHash": "sha256-s6YhI8UHwQvO4cIFLwl1wZ1eS5Cuuw7ld2VzUchdFP0=",
        "owner": "Mic92",
        "repo": "sops-nix",
        "rev": "eb34eb588132d653e4c4925d862f1e5a227cc2ab",
        "type": "github"
      },
      "original": {
        "owner": "Mic92",
        "repo": "sops-nix",
        "type": "github"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "systems_2": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "id": "systems",
        "type": "indirect"
      }
    },
    "systems_3": {
      "locked": {
        "lastModified": 1689347949,
        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@@ -874,7 +1174,7 @@
        "type": "github"
      }
    },
-    "systems_2": {
+    "systems_4": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -911,6 +1211,28 @@
        "type": "github"
      }
    },
    "treefmt-nix": {
      "inputs": {
        "nixpkgs": [
          "authentik-nix",
          "poetry2nix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1718522839,
        "narHash": "sha256-ULzoKzEaBOiLRtjeY3YoGFJMwWSKRYOic6VNw2UyTls=",
        "owner": "numtide",
        "repo": "treefmt-nix",
        "rev": "68eb1dc333ce82d0ab0c0357363ea17c31ea1f81",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "treefmt-nix",
        "type": "github"
      }
    },
    "yafas": {
      "inputs": {
        "flake-schemas": [
--- a/flake.nix
+++ b/flake.nix
@@ -9,6 +9,9 @@
    # Nix Inspect
    nix-inspect.url = "github:bluskript/nix-inspect";
    # Authentik
    authentik-nix.url = "github:nix-community/authentik-nix";
    # Chaotic-nix
    chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
@@ -31,6 +34,9 @@
    # Nix hardware
    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
    # Sops-nix
    sops-nix.url = "github:Mic92/sops-nix";
    #Apple
    nixos-apple-silicon.url = "github:mjallen18/nixos-apple-silicon";
    nix-darwin.url = "github:LnL7/nix-darwin";
@@ -53,6 +59,8 @@
      home-manager-stable,
      nix-inspect,
      cosmic,
      authentik-nix,
      sops-nix,
    }@inputs:
    let
      inherit (self) outputs;
@@ -85,6 +93,8 @@
            nixos-hardware.nixosModules.common-hidpi
            nixos-hardware.nixosModules.common-pc
            sops-nix.nixosModules.sops
            cosmic.nixosModules.default
          ];
        };
@@ -96,7 +106,9 @@
            inherit inputs outputs;
          };
          modules = [
            impermanence.nixosModules.impermanence
            ./hosts/nas/configuration.nix
            ./hosts/nas/impermanence.nix
            home-manager.nixosModules.home-manager
            {
              home-manager.useGlobalPkgs = true;
@@ -104,6 +116,10 @@
              home-manager.users.admin = import ./hosts/nas/home.nix;
            }
            authentik-nix.nixosModules.default
            sops-nix.nixosModules.sops
            nixos-hardware.nixosModules.common-pc
            nixos-hardware.nixosModules.common-cpu-amd
            nixos-hardware.nixosModules.common-hidpi
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -2,6 +2,8 @@
  config,
  lib,
  pkgs,
  inputs,
  globals,
  ...
 }:
 let
@@ -96,6 +98,8 @@ in
  environment.systemPackages = with pkgs; [ pinentry-curses ];
  # users.mutableUsers = lib.mkDefault false;
  # Security config
  security = {
--- a/hosts/desktop/configuration.nix
+++ b/hosts/desktop/configuration.nix
@@ -54,7 +54,7 @@ in
        displayManager.defaultSession = "gnome";
        # Enable Flatpak
-        flatpak.enable = false;
+        flatpak.enable = true;
        # disable plasma
        displayManager.sddm.enable = false;
@@ -149,6 +149,8 @@ in
  apps.discover-wrapped.enable = false;
  nix.settings.trusted-users = [ "root" "matt" ];
  services = {
    # Enable Desktop Environment.
    displayManager = {
@@ -161,7 +163,7 @@ in
    desktopManager.plasma6.enable = lib.mkDefault true;
    # Enable Flatpak
-    flatpak.enable = lib.mkDefault false;
+    flatpak.enable = lib.mkDefault true;
  };
  # xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-kde ];
--- a/hosts/desktop/home.nix
+++ b/hosts/desktop/home.nix
@@ -19,9 +19,9 @@
      shellAliases = {
        ll = "ls -alh";
-        update = "sudo nixos-rebuild switch";
+        update = "sudo nixos-rebuild switch --max-jobs 10";
        update-flake = "sudo nix flake update ~/nix-config";
-        update-specialisation = "sudo nixos-rebuild switch --specialisation";
+        update-specialisation = "sudo nixos-rebuild switch --specialisation --max-jobs 10";
        nas-update = "nixos-rebuild switch --use-remote-sudo --target-host admin@jallen-nas.local --build-host localhost --flake ~/nix-config#jallen-nas";
        nas-ssh = "ssh admin@jallen-nas.local";
      };
@@ -55,6 +55,7 @@
  home.packages = with pkgs; [
    # gamescope # using chaotic git version
    # gamescope-wsi # using chaotic git version
    age
    bottles
    chromium
    deadnix
@@ -67,6 +68,7 @@
    goverlay
    heroic
    home-manager
    jq
    libreoffice-qt6-fresh
    lm_sensors
    lutris
@@ -88,8 +90,11 @@
    python312Packages.pytest
    python312Packages.pytest-cov
    python312Packages.pyaml
    sops
    spotify
    ssh-to-pgp
    tree
    vesktop
    virt-manager
    vmware-horizon-client
    vorta
--- a/hosts/nas/apps.nix
+++ b/hosts/nas/apps.nix
@@ -12,7 +12,10 @@
    beszel-agent.enable = true;
-    collabora.enable = true;
+    collabora = {
      enable = true;
      environmentFiles = [ config.sops.secrets."jallen-nas/collabora".path ];
    };
    deluge.enable = true;
@@ -22,11 +25,18 @@
    jellyseerr.enable = true;
-    mariadb.enable = true;
+    mariadb = {
      enable = true;
      environmentFiles = [ 
        config.sops.secrets."jallen-nas/mariadb/db_pass".path
        config.sops.secrets."jallen-nas/mariadb/root_pass".path
        ];
    };
    mealie = {
      enable = true;
      baseUrl = "https://mealie.mjallen.dev";
      port = "9001";
      maxConcurrency = "4";
      maxWorkers = "4";
      allowSignup = "false";
@@ -35,7 +45,8 @@
    nextcloud = {
      enable = true;
      httpPort = "9981";
-      httpsPort = "9443";
+      httpsPort = "9943";
      redisSock = "/var/run/redis-nextcloud/redis.sock";
    };
    ollama.enable = true;
@@ -46,8 +57,6 @@
    radarr.enable = true;
    redis.enable = true;
    sabnzbd.enable = true;
    sonarr.enable = true;
--- a/hosts/nas/configuration.nix
+++ b/hosts/nas/configuration.nix
@@ -12,7 +12,7 @@
 }:
 let
  user = "admin";
-  password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
+  passwordFile = config.sops.secrets."jallen-nas/admin_password".path;
 in
 {
  imports = [
@@ -25,9 +25,15 @@ in
    ./ups.nix
    ./samba.nix
    ./services.nix
    ./sops.nix
    ../default.nix
  ];
  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
  ];
  # Cockpit
  services.cockpit = {
    enable = true;
@@ -78,42 +84,39 @@ in
    };
    systemPackages = with pkgs; [
-      vim
+      authentik
      wget
      nano
      efibootmgr
      sbctl
      pciutils
      vulkan-tools
      clinfo
      glances
      python3
      nix-ld
      binutils
-      gcc
+      cryptsetup
      clinfo
      cmake
      duperemove
      efibootmgr
      ffmpeg
      gcc
      glances
      htop
      lm_sensors
      nano
      ninja
      nix-inspect
      nix-ld
      nmon
      nodejs-18_x
      nut
      nmon
      pass
      protonvpn-cli
      protonmail-bridge
      pass
      cockpit
      packagekit
-      # gnome.gnome-packagekit
+      pass
-      unstable.nix-inspect
+      pciutils
-      unstable.gpt4all
+      protonmail-bridge
-      lm_sensors
+      protonvpn-cli
-      htop
+      python3
      sbctl
      speedtest-cli
      tailscale
      tpm2-tools
      tpm2-tss
-      cryptsetup
+      vim
-      duperemove
+      vulkan-tools
-      speedtest-cli
+      wget
    ];
  };
@@ -158,7 +161,7 @@ in
        "nix-apps"
        "jallen-nas"
      ]; # Enable ‘sudo’ for the user.
-      initialHashedPassword = password;
+      hashedPasswordFile = passwordFile;
      shell = pkgs.zsh;
      openssh.authorizedKeys.keys = [
        # macBook
@@ -192,7 +195,7 @@ in
        "docker"
        "podman"
      ]; # Enable ‘sudo’ for the user.
-      hashedPassword = password;
+      hashedPasswordFile = passwordFile;
    };
    groups.nut.name = "nut";
@@ -202,7 +205,7 @@ in
      isSystemUser = true;
      createHome = true;
      home = "/var/lib/nut";
-      hashedPassword = password;
+      hashedPasswordFile = passwordFile;
    };
  };
--- a/hosts/nas/impermanence.nix
+++ b/hosts/nas/impermanence.nix
@@ -0,0 +1,38 @@
 {
  pkgs,
  lib,
  LT,
  config,
  utils,
  inputs,
  ...
 }@args:
 {
  # Set up impernance configuration for things like bluetooth
  # In this configuration with /etc and /var/log being persistent, only directories outside of that need to be done here. See hardware configuration for all mountpoints.
  environment.persistence."/nix/persist/system" = {
    hideMounts = true;
    directories = [
      "/var/lib/bluetooth"
      "/var/lib/nixos"
      "/var/lib/systemd/coredump"
      "/etc/NetworkManager/system-connections"
      "/etc/secureboot"
      {
        directory = "/var/lib/colord";
        user = "colord";
        group = "colord";
        mode = "u=rwx,g=rx,o=";
      }
    ];
    files = [
      {
        file = "/etc/nix/id_rsa";
        parentDirectory = {
          mode = "u=rwx,g=,o=";
        };
      }
    ];
  };
 }
--- a/hosts/nas/networking.nix
+++ b/hosts/nas/networking.nix
@@ -10,12 +10,12 @@ let
  hostname = "jallen-nas";
  ipAddress = "10.0.1.18";
  gateway = "10.0.1.1";
  password = "kR8v&3Qd";
  allowedPorts = [
    2342
    3493
    61208
    9090
    9000
    #    config.services.tailscale.port
    #    22
  ];
@@ -44,9 +44,10 @@ in
    wireless = {
      enable = true;
      environmentFile = config.sops.secrets."wifi".path;
      networks = {
       "Joey's Jungle 5G" = {
-          psk = password;
+          psk = "@PSK@";
        };
      };
    };
--- a/hosts/nas/services.nix
+++ b/hosts/nas/services.nix
@@ -127,10 +127,11 @@ in
    };
    tailscale = {
-      enable = false;
+      enable = true;
      openFirewall = true;
      useRoutingFeatures = "client";
      extraUpFlags = [ "--advertise-exit-node" ];
      authKeyFile = "/media/nas/ssd/nix-app-data/tailscale/auth";
    };
    btrfs = {
@@ -153,6 +154,39 @@ in
        "/media/nas/main/isos"
      ];
    };
    authentik = {
      enable = true;
      environmentFile = "/media/nas/ssd/nix-app-data/authentik/.env";
    };
    postgresql = {
      enable = true;
      package = pkgs.postgresql_16;
      dataDir = "/media/nas/ssd/nix-app-data/postgresql";
      ensureDatabases = [ "authentik" ];
      ensureUsers = [
        {
          name = "authentik";
          ensureDBOwnership = true;
        }
      ];
    };
    redis = {
      servers = {
        authentik = {
          enable = true;
          port = 6379;
        };
        nextcloud = {
          enable = true;
          port = 6380;
        };
      };
    };
  };
  systemd.user.services = {
--- a/hosts/nas/sops.nix
+++ b/hosts/nas/sops.nix
@@ -0,0 +1,23 @@
 {
  ...
 }:
 {
  sops.defaultSopsFile = ../../secrets/secrets.yaml;
  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
  sops.secrets."jallen-nas/admin_password" = {};
  sops.secrets."jallen-nas/admin_password".neededForUsers = true;
  sops.secrets."wifi" = {};
  sops.secrets."jallen-nas/collabora" = {
    restartUnits = [ "podman-collabora.service" ];
  };
  sops.secrets."jallen-nas/mariadb/db_pass" = {
    restartUnits = [ "podman-mariadb.service" ];
  };
  sops.secrets."jallen-nas/mariadb/root_pass" = {
    restartUnits = [ "podman-mariadb.service" ];
  };
 }
--- a/hosts/pi4/configuration.nix
+++ b/hosts/pi4/configuration.nix
@@ -106,8 +106,6 @@ in
    };
  };
  virtualisation.docker.enable = true;
  # This option defines the first version of NixOS you have installed on this particular machine,
  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
  #
--- a/modules/apps/collabora/default.nix
+++ b/modules/apps/collabora/default.nix
@@ -23,12 +23,13 @@ in
      volumes = [
        # ...
      ];
      environmentFiles = cfg.environmentFiles;
      environment = {
        PUID = cfg.puid;
        PGID = cfg.pgid;
        TZ = cfg.timeZone;
        username = cfg.username;
-        password = cfg.password;
+        # password = cfg.password; # get from env file
        domain = "office.mjallen.dev";
        aliasgroup1 = "https://cloud\.mjallen\.dev:443";
        aliasgroup2 = "https://cloud\.mjallen\.dev:443";
--- a/modules/apps/collabora/options.nix
+++ b/modules/apps/collabora/options.nix
@@ -44,9 +44,9 @@ with lib;
      default = "mjallen";
    };
-    password = mkOption {
+    environmentFiles = mkOption {
-      type = types.str;
+      type = with types; listOf path;
-      default = "BogieDudie1";
+      default = [];
    };
    dontGenSslCert = mkOption {
--- a/modules/apps/deluge/default.nix
+++ b/modules/apps/deluge/default.nix
@@ -13,36 +13,34 @@ in
  config = mkIf cfg.enable {
-    systemd.services.deluge-docker = {
+    virtualisation.oci-containers.containers."${cfg.name}" = {
-      path = [
+      autoStart = cfg.autoStart;
-        pkgs.bash
+      image = cfg.image;
-        pkgs.docker
+      ports = [
        "${toString cfg.port1}:8112"
        "${toString cfg.port2}:8118"
        "${toString cfg.port3}:58846"
        "${toString cfg.port4}:58966"
      ];
-      script = ''
+      extraOptions = [
-        set -e
+        "--cap-add=NET_ADMIN"
-        exec docker run \
+      ];
-          --rm \
+      volumes = [ 
-          --cap-add=NET_ADMIN \
+        "${cfg.configPath}:/config"
-          --name=${cfg.name} \
+        "${cfg.moviesPath}:/data/downloads"
-          -e PUID=${cfg.puid} \
+        "${cfg.tvPath}:/data/downloads-icomplete"
-          -e PGID=${cfg.pgid} \
+        "/etc/localtime:/etc/localtime:ro"
-          -e TZ=${cfg.timeZone} \
+        ];
-          -p 8112:8112 \
+      environment = {
-          -p 8118:8118 \
+        PUID = cfg.puid;
-          -p 58846:58846 \
+        PGID = cfg.pgid;
-          -p 58946:58966 \
+        TZ = cfg.timeZone;
-          -v '${cfg.configPath}:/config' \
+        VPN_ENABLED = "yes";
-          -v '${cfg.moviesPath}:/data/downloads' \
+        VPN_PROV = "custom";
-          -v '${cfg.tvPath}:/data/downloads-icomplete' \
+        VPN_CLIENT = "openvpn";
-          -v /etc/localtime:/etc/localtime:ro \
+        LAN_NETWORK = "10.0.1.0/24";
-          -e VPN_ENABLED=yes \
+        NAME_SERVERS = "1.1.1.1";
-          -e VPN_PROV=custom \
+      };
          -e VPN_CLIENT=openvpn \
          -e LAN_NETWORK=10.0.1.0/24 \
          -e NAME_SERVERS=1.1.1.1 \
          ${cfg.image}:latest
      '';
      wantedBy = [ "multi-user.target" ];
    };
  };
 }
--- a/modules/apps/deluge/options.nix
+++ b/modules/apps/deluge/options.nix
@@ -14,6 +14,26 @@ with lib;
      default = "deluge";
    };
    port1 = mkOption {
      type = types.str;
      default = "8112";
    };
    port2 = mkOption {
      type = types.str;
      default = "8118";
    };
    port3 = mkOption {
      type = types.str;
      default = "58846";
    };
    port4 = mkOption {
      type = types.str;
      default = "58966";
    };
    image = mkOption {
      type = types.str;
      default = "binhex/arch-delugevpn";
--- a/modules/apps/mariadb/default.nix
+++ b/modules/apps/mariadb/default.nix
@@ -17,14 +17,15 @@ in
      image = cfg.image;
      ports = [ "${cfg.port}:3306" ];
      volumes = [ "${cfg.configPath}:/config" ];
      environmentFiles = cfg.environmentFiles;
      environment = {
        PUID = cfg.puid;
        PGID = cfg.pgid;
        TZ = cfg.timeZone;
-        MYSQL_ROOT_PASSWORD = cfg.rootPassword;
+        # MYSQL_ROOT_PASSWORD = cfg.rootPassword; # get from env file
        MYSQL_DATABASE = cfg.databaseName;
        MYSQL_USER = cfg.databaseUser;
-        MYSQL_PASSWORD = cfg.databasePassword;
+        # MYSQL_PASSWORD = cfg.databasePassword; # get from env file
      };
    };
  };
--- a/modules/apps/mariadb/options.nix
+++ b/modules/apps/mariadb/options.nix
@@ -44,11 +44,6 @@ with lib;
      default = "America/Chicago";
    };
    rootPassword = mkOption {
      type = types.str;
      default = "BogieDudie1";
    };
    databaseName = mkOption {
      type = types.str;
      default = "jallen_nextcloud";
@@ -59,9 +54,9 @@ with lib;
      default = "nextcloud";
    };
-    databasePassword = mkOption {
+    environmentFiles = mkOption {
-      type = types.str;
+      type = with types; listOf path;
-      default = "BogieDudie1";
+      default = [];
    };
  };
 }
--- a/modules/apps/nextcloud/default.nix
+++ b/modules/apps/nextcloud/default.nix
@@ -22,14 +22,12 @@ in
      volumes = [
        "${cfg.configPath}:/config"
        "${cfg.dataPath}:/data"
        "${cfg.redisSock}:/var/redis/redis.sock"
      ];
      environment = {
        PUID = cfg.puid;
        PGID = cfg.pgid;
        TZ = cfg.timeZone;
        REDIS_HOST = "10.0.1.18";
        REDIS_PORT = "6379";
        REDIS_HOST_PASSWORD = "BogieDudie1";
      };
    };
  };
--- a/modules/apps/nextcloud/options.nix
+++ b/modules/apps/nextcloud/options.nix
@@ -39,6 +39,11 @@ with lib;
      default = "/media/nas/main/nextcloud";
    };
    redisSock = mkOption {
      type = types.str;
      default = "";
    };
    puid = mkOption {
      type = types.str;
      default = "911";
--- a/modules/apps/redis/default.nix
+++ b/modules/apps/redis/default.nix
@@ -1,26 +0,0 @@
 {
  lib,
  pkgs,
  config,
  ...
 }:
 with lib;
 let
  cfg = config.nas-apps.redis;
 in
 {
  imports = [ ./options.nix ];
  config = mkIf cfg.enable {
    virtualisation.oci-containers.containers."${cfg.name}" = {
      autoStart = cfg.autoStart;
      image = cfg.image;
      cmd = [
        "redis-server"
        "--requirepass"
        "BogieDudie1"
      ];
      ports = [ "6379:6379" ];
    };
  };
 }
--- a/modules/apps/redis/options.nix
+++ b/modules/apps/redis/options.nix
@@ -1,27 +0,0 @@
 { lib, ... }:
 with lib;
 {
  options.nas-apps.redis = {
    enable = mkEnableOption "redis docker service";
    autoStart = mkOption {
      type = types.bool;
      default = true;
    };
    name = mkOption {
      type = types.str;
      default = "redis";
    };
    image = mkOption {
      type = types.str;
      default = "redis";
    };
    cmd = mkOption {
      type = types.str;
      default = "redis-server --requirepass BogieDudie1";
    };
  };
 }
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -17,7 +17,6 @@
    ./apps/open-webui
    ./apps/orca-slicer
    ./apps/radarr
    ./apps/redis
    ./apps/sabnzbd
    ./apps/sonarr
    ./apps/swag
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -0,0 +1,49 @@
 #ENC[AES256_GCM,data:HkOno2ohMSLs46g=,iv:7KHzoElBP/GMIVubcIBya42SoFKVyt/+YRIxkgRE3Cw=,tag:U87dYHrKu/qqbLf5r7XEiA==,type:comment]
 wifi: ENC[AES256_GCM,data:Rs+4Km4DogO7XatA,iv:JUv9HkNWsv/l4Fli5sFeUeYuWG1Yju95G59FJ/Q5W50=,tag:gRFCG4d5OBMRx1QayRV8Zg==,type:str]
 jallen-nas:
    admin_password: ENC[AES256_GCM,data:RGb0UQkLhqfBWflIc5r8yWgYvc0EZuM49uhnXH1r6o9d7Ya7eAoTn2DHdWmYnd9/LpTXPmLF07Nf8s1+/odYx8RBmaji56yWbQ==,iv:dGlvZtZFB8jsI33Qkmmb3iHTXqpVWfbd0EfNK0uX3i4=,tag:z6THeY0UmG64VwOdwnL/AA==,type:str]
    collabora: ENC[AES256_GCM,data:A01H7FzgSplAEn0dsENgllyWza4=,iv:L9bPHKdeIHn7caYn78XOkdmuSk1RIuSVcIW5HFQL8PY=,tag:h0kiClGAwGB6iP327flWew==,type:str]
    mariadb:
        root_pass: ENC[AES256_GCM,data:YLPfEG4/6FeCnrKdfXv9z4hHwtpM/KtBCYqlm4IUvA==,iv:pc9Ljasy76bfkmFRJ4M+wfEtjXBUD7Kb0S0WQZhCmOs=,tag:Wk/7gpKidirhRqw4+Pu96g==,type:str]
        db_pass: ENC[AES256_GCM,data:zC+BPQ5EvQAyK/ZSReBmuOtluYg4ZePKA7U=,iv:WarwZCPlpcLMjZLCs1SjKE9vZ1udZ13aNuziX2ReHJo=,tag:oT8slCgO8w8Iam2Of4HyfA==,type:str]
    redis_nextcloud: ENC[AES256_GCM,data:BIQOGBdYh5KefMk=,iv:jeVj1PZG0RsCwal0zMg4zT16r23tCWcfRVGg4kdqdQo=,tag:VfPR6ygR1CeT0RU+DVM0pA==,type:str]
 desktop:
    matt_password: ENC[AES256_GCM,data:z/Jjzr+/PREpNEQsAVl4soeKAwW3sdteIqjhZT2txQDiR0FvGvEBoE/aYCM9NS7XSCgTeTuOqgBGfq4xDLc5/ZBAl7KoGHmKIQ==,iv:qVONkw8PDI2ydqybqGIU2XFq4+qC1BeXnfwxbxbWBww=,tag:eYOD2EoBn9XMiYOaBDFlRw==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age157jemphjzg6zmk373vpccuguyw6e75qnkqmz8pcnn2yue85p939swqqhy0
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwVUNkY2tOS2NBWk9ZdExr
            VHIvVDRYN2l2Smxzb1pYY1VGdisrZnpsUWhNCjhQdGg4OGo0dDJhTzh2LzcxTThh
            NHRvRHVscE96VXpjQTM5U3lndys1WUEKLS0tICtOVDdEV0hUTldHRktBNURIOTRa
            eU80cmFjTnlQZnhqVk0zQjZ0blhoY0EKnrNm0BY1ePJjeKGcXqir02+DB1VfqQxh
            7ZXHouXdzv/K11tun59BuBy6VEgwGX2GmVDVpAs1r/d/GEZ4IyFccA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1jv8ap5zwa49ftv0gg7wqf5ps0e68uuwxe2fekjsn0zkyql964unqyc58rf
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWWC91OXMwRmY0V0I1cTlN
            K2RSKytQaEdSN1plUElaMDc0MU9FY2ZNTVg4CkFReVJVeW40dUU0NVpiMXpmWGJZ
            M2RGSWNWSnBFWlJ2SWNLa0Jtd0tPYzAKLS0tIGpZd2ZlU2NUOVdBUE1oaHZmdHky
            ZjhvZWE3N2xIOUoyaXhtTGRpaHhEN2MKAvMYbkWVVM4oXxrZfUUOnmb2pU1eO8Ia
            HGMNfpo/LDcGbk4BJKWbFPOJnJeCzMH5/IL2Z+ZhxnnK11j57y/88g==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1mn2afyp9my7y7hcyzum0wdwt49zufnkt8swnyy8pj30cwzs4zvgsthj0lt
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNbUEyMVYvZ3VtUndST01p
            dHIvMklKVkRFZGZXR2ozZTI5aVJlbUJobFN3CktoWHc3M0phN0tiMm9WbXVPajcz
            c3VqRkRFSWpycVNyalFOaWpISnp4a2cKLS0tIGlCQXBaaVhiSDdvdEJtMzkzd1BX
            UGhsN2N0Mjl3UEJvUVlGRlJiN05WaUkKW37lU4G4CLTo6JoHC2OyhKsG/FuO+BiN
            pzlVJwzRnmAqwklRbc6RMbQLl2EQrp6KQcgYsUxCMH9OQ/9WJ98dxQ==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-08-07T21:24:21Z"
    mac: ENC[AES256_GCM,data:79381C9vRsWWD5MNmsqjm86/KqvXmOvCzcpN0bvBtu3jHr1EOPmWwmstfnsZiRLo1r9SxJECyuYsrRilpPY1yorURipp3vGtHRVKLb1YZmN1LtoA0yVAPD49YACGTWU4ogdiRkrfAqDfI9sRshHK98axHv72Q7FZJFnsJ6QpPak=,iv:hFtp5t+m9Hsh5zUsA3RA7uTPJ5fEZ7PD04gBfAq0dYA=,tag:tK3zCY3YWEurDIkegH+U2g==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.0
--- a/share/nvidia/default.nix
+++ b/share/nvidia/default.nix
@@ -59,8 +59,6 @@ in
    };
    # Virtualisation
    virtualisation.docker.enableNvidia = cfg.enableNvidiaDocker;
    hardware.nvidia-container-toolkit.enable = cfg.enableNvidiaDocker;
  };
 }