Merge branch 'b12f' into feature/ci-runner-onecommit-test

2022-08-24 20:45:05 +02:00 · 2022-08-24 20:45:05 +02:00 · b2daa8d2db
parent 9f886ce51f 6b0554f492
commit b2daa8d2db
27 changed files with 213 additions and 71 deletions
--- a/hosts/biolimo/biolimo.nix
+++ b/hosts/biolimo/biolimo.nix
@ -10,6 +10,10 @@ in
  ];
  config = {
    pub-solar.paranoia.enable = true;
    pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
    pub-solar.core.hibernation.resumeOffset = 15296512;
    hardware.cpu.intel.updateMicrocode = true;
    networking.firewall.allowedTCPPorts = [ 5000 ];
--- a/hosts/chocolatebar/chocolatebar.nix
+++ b/hosts/chocolatebar/chocolatebar.nix
@ -28,12 +28,12 @@ in
    age.secrets."vnc-key.pem" = {
      file = "${self}/secrets/vnc-key-chocolatebar.pem";
-      mode = "700";
+      mode = "400";
      owner = psCfg.user.name;
    };
    age.secrets."vnc-cert.pem" = {
      file = "${self}/secrets/vnc-cert-chocolatebar.pem";
-      mode = "700";
+      mode = "400";
      owner = psCfg.user.name;
    };
    pub-solar.sway.vnc.enable = true;
--- a/hosts/chocolatebar/virtualisation/default.nix
+++ b/hosts/chocolatebar/virtualisation/default.nix
@ -6,7 +6,7 @@ let
  createService = import ./create-service.nix;
  isolateGPU = "rx550x";
-  handOverUSBDevices = true;
+  handOverUSBDevices = false;
  isolateAnyGPU = isolateGPU != null;
 in
--- a/hosts/droppie/droppie.nix
+++ b/hosts/droppie/droppie.nix
@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib, self, ... }:
 with lib;
 let
  psCfg = config.pub-solar;
@ -26,6 +26,10 @@ in
      }
    ];
    services.openssh.knownHosts = {
      "cloud.pub.solar".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIABPJSwr9DfnqV0KoL23BcxlWtRxuOqQpnFnCv4SG/LW";
    };
    systemd.user.services.ssh-tunnel-cloud-pub-solar = {
      unitConfig = {
        Description = "Reverse SSH connection to enable backups from IPv4-only to IPv6-only host";
@ -33,10 +37,27 @@ in
      };
      serviceConfig = {
        Type = "simple";
-        ExecStart = "${pkgs.openssh}/bin/ssh -vvv -g -N -T -o 'ServerAliveInterval 10' -o 'ExitOnForwardFailure yes' -R 127.0.0.1:22022:localhost:22 cloud.pub.solar";
+        ExecStart = "${pkgs.openssh}/bin/ssh -vvv -g -N -T -o 'ServerAliveInterval 10' -o 'ExitOnForwardFailure yes' -R 127.0.0.1:22022:localhost:22 root@cloud.pub.solar";
        Restart = "always";
        RestartSec = "5s";
      };
      wantedBy = [ "default.target" ];
    };
    services.ddclient = {
      enable = true;
      ipv6 = true;
      domains = [ "backup.b12f.io" ];
      server = "ddns.hosting.de";
      username = "b12f";
      use = "web, web=http://checkip6.spdyn.de/, web-skip=''";
      passwordFile = "/run/agenix/dyndns-droppie.key";
    };
    age.secrets."dyndns-droppie.key" = {
      file = "${self}/secrets/dyndns-droppie.key";
      mode = "400";
      owner = psCfg.user.name;
    };
  };
 }
--- a/modules/core/boot.nix
+++ b/modules/core/boot.nix
@ -17,24 +17,26 @@ with lib;
  };
  config = {
-    # Enable plymouth for better experience of booting
+    boot = {
-    boot.plymouth.enable = true;
+      # Enable plymouth for better experience of booting
      plymouth.enable = true;
-    # Mount / luks device in initrd
+      # Mount / luks device in initrd
-    # Allow fstrim to work on it.
+      # Allow fstrim to work on it.
-    # The ! makes this enabled by default
+      # The ! makes this enabled by default
-    boot.initrd = mkIf (!cfg.iso-options.enable && cfg.disk-encryption-active) {
+      initrd = mkIf (!cfg.iso-options.enable && cfg.disk-encryption-active) {
-      luks.devices."cryptroot" = {
+        luks.devices."cryptroot" = {
-        allowDiscards = true;
+          allowDiscards = true;
        };
      };
      loader.systemd-boot.enable = true;
      # Use latest LTS linux kernel by default
      kernelPackages = pkgs.linuxPackages_5_15;
      # Support ntfs drives
      supportedFilesystems = [ "ntfs" ];
    };
    boot.loader.systemd-boot.enable = true;
    # Use latest LTS linux kernel by default
    boot.kernelPackages = pkgs.linuxPackages_5_15;
    # Support ntfs drives
    boot.supportedFilesystems = [ "ntfs" ];
  };
 }
--- a/modules/core/default.nix
+++ b/modules/core/default.nix
@ -8,6 +8,7 @@ in
 {
  imports = [
    ./boot.nix
    ./hibernation.nix
    ./fonts.nix
    ./i18n.nix
    ./networking.nix
--- a/modules/core/hibernation.nix
+++ b/modules/core/hibernation.nix
@ -0,0 +1,35 @@
 { config, pkgs, lib, ... }:
 with lib;
 let
  cfg = config.pub-solar.core.hibernation;
 in
 {
  options.pub-solar.core.hibernation = {
    enable = mkOption {
      type = types.bool;
      default = false;
      description = "Whether the device can hibernate. This creates a swapfile at /swapfile.";
    };
    resumeDevice = mkOption {
      type = types.str;
      default = "/dev/sda1";
      description = "The location of the hibernation resume swap file.";
    };
    resumeOffset = mkOption {
      type = types.nullOr types.int;
      default = null;
      description = "The swap file offset. Can be found by running `filefrag -v $swap_file_location`. See https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file";
    };
  };
  config = {
    boot = mkIf cfg.enable {
      resumeDevice = cfg.resumeDevice;
      kernelParams =
        if (cfg.resumeOffset == null && cfg.enable) then builtins.abort "config.pub-solar.resumeOffset has to be set if config.pub-solar.enable is true."
        else [ "resume_offset=${builtins.toString cfg.resumeOffset}" ];
    };
  };
 }
--- a/modules/core/nix.nix
+++ b/modules/core/nix.nix
@ -2,6 +2,8 @@
 {
  nix = {
    # Use default version alias for nix package
    package = pkgs.nix;
    # Improve nix store disk usage
    autoOptimiseStore = true;
    gc.automatic = true;
--- a/modules/paranoia/default.nix
+++ b/modules/paranoia/default.nix
@ -0,0 +1,24 @@
 { config, lib, ... }:
 with lib;
 let
  psCfg = config.pub-solar;
  cfg = config.pub-solar.paranoia;
 in
 {
  options.pub-solar.paranoia = {
    enable = mkOption {
      description = ''
        Only offer hibernation instead of screen locking and sleeping. This only makes sense
        if your hard drive is encrypted, and ensures that the contents of your drive are
        encrypted if you are not actively using the device.
      '';
      default = false;
      type = types.bool;
    };
  };
  config = mkIf cfg.enable {
    pub-solar.core.hibernation.enable = true;
  };
 }
--- a/modules/sway/config/config.d/custom-keybindings.conf
+++ b/modules/sway/config/config.d/custom-keybindings.conf
@ -37,22 +37,6 @@ bindsym $mod+Ctrl+r exec record-screen
 set $menu exec alacritty --class launcher -e env TERMINAL_COMMAND="alacritty -e" sway-launcher
 bindsym $mod+Space exec $menu
 # Set shut down, restart and locking features
 set $mode_system (l)ock, (e)xit, (s)uspend, (h)ibernate, (r)eboot, (Shift+s)hutdown
 bindsym $mod+0 mode "$mode_system"
 mode "$mode_system" {
    bindsym l exec swaylock-bg, mode "default"
    bindsym e exec systemctl --user stop graphical-session.target, mode "default"
    bindsym s exec systemctl suspend, mode "default"
    bindsym h exec systemctl hibernate, mode "default"
    bindsym r exec systemctl reboot, mode "default"
    bindsym Shift+s exec systemctl poweroff, mode "default"
    # exit system mode: "Enter" or "Escape"
    bindsym Return mode "default"
    bindsym Escape mode "default"
 }
 set $mode_vncclient In VNCClient mode. Press $mod+Num_Lock or $mod+Shift+Escape to return.
 bindsym $mod+Num_Lock mode "$mode_vncclient"
 bindsym $mod+Shift+Escape mode "$mode_vncclient"
--- a/modules/sway/config/config.d/mode_system.conf.nix
+++ b/modules/sway/config/config.d/mode_system.conf.nix
@ -0,0 +1,21 @@
 { psCfg, ... }: ''
  # Set shut down, restart and locking features
  set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown
  bindsym $mod+0 mode "$mode_system"
  mode "$mode_system" {
      bindsym e exec swaymsg exit, mode "default"
 '' + (if psCfg.core.hibernation.enable then ''
  bindsym h exec systemctl hibernate, mode "default"
 '' else "")
 + (if !psCfg.paranoia.enable then ''
  bindsym l exec swaylock-bg, mode "default"
  bindsym s exec systemctl suspend, mode "default"
 '' else "") + ''
      bindsym r exec systemctl reboot, mode "default"
      bindsym Shift+s exec systemctl poweroff, mode "default"
      # exit system mode: "Enter" or "Escape"
      bindsym Return mode "default"
      bindsym Escape mode "default"
  }
 ''
--- a/modules/sway/default.nix
+++ b/modules/sway/default.nix
@ -2,7 +2,6 @@
 with lib;
 let
  psCfg = config.pub-solar;
  cfg = config.pub-solar.sway;
 in
 {
  options.pub-solar.sway = {
@ -23,8 +22,8 @@ in
    };
  };
-  config = mkIf cfg.enable (mkMerge [
+  config = mkIf psCfg.sway.enable (mkMerge [
-    (mkIf (cfg.v4l2loopback.enable) {
+    (mkIf (psCfg.sway.v4l2loopback.enable) {
      boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
      boot.kernelModules = [ "v4l2loopback" ];
      boot.extraModprobeConfig = ''
@ -79,7 +78,6 @@ in
          xsettingsd
          ydotool
          swaylock-bg
          sway-launcher
          record-screen
          import-gtk-settings
@ -90,20 +88,21 @@ in
        programs.waybar.enable = true;
        #programs.waybar.systemd.enable = true;
-        systemd.user.services.mako = import ./mako.service.nix pkgs;
+        systemd.user.services.mako = import ./mako.service.nix { inherit pkgs psCfg; };
-        systemd.user.services.sway = import ./sway.service.nix pkgs;
+        systemd.user.services.sway = import ./sway.service.nix { inherit pkgs psCfg; };
-        systemd.user.services.swayidle = import ./swayidle.service.nix pkgs;
+        systemd.user.services.swayidle = import ./swayidle.service.nix { inherit pkgs psCfg; };
-        systemd.user.services.xsettingsd = import ./xsettingsd.service.nix pkgs;
+        systemd.user.services.xsettingsd = import ./xsettingsd.service.nix { inherit pkgs psCfg; };
-        systemd.user.services.waybar = import ./waybar.service.nix pkgs;
+        systemd.user.services.waybar = import ./waybar.service.nix { inherit pkgs psCfg; };
-        systemd.user.targets.sway-session = import ./sway-session.target.nix pkgs;
+        systemd.user.targets.sway-session = import ./sway-session.target.nix { inherit pkgs psCfg; };
-        systemd.user.services.wayvnc = mkIf cfg.vnc.enable (import ./wayvnc.service.nix pkgs);
+        systemd.user.services.wayvnc = mkIf psCfg.sway.vnc.enable (import ./wayvnc.service.nix pkgs);
        xdg.configFile."sway/config".text = import ./config/config.nix { inherit config pkgs; };
        xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf;
        xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf;
        xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf;
        xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf;
        xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix { inherit psCfg; };
        xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf;
        xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf;
        xdg.configFile."wayvnc/config".text = import ./config/wayvnc/config.nix { inherit psCfg; inherit pkgs; };
--- a/modules/sway/gammastep.service.nix
+++ b/modules/sway/gammastep.service.nix
@ -1,4 +1,4 @@
-pkgs:
+{ pkgs, ... }:
 {
  Unit = {
    Description = "set color temperature of display according to time of day";
--- a/modules/sway/libinput-gestures.service.nix
+++ b/modules/sway/libinput-gestures.service.nix
@ -1,4 +1,4 @@
-pkgs:
+{ pkgs, ... }:
 {
  Unit = {
    Description = "Actions gestures on your touchpad using libinput";
--- a/modules/sway/mako.service.nix
+++ b/modules/sway/mako.service.nix
@ -1,4 +1,4 @@
-pkgs:
+{ pkgs, ... }:
 {
  Unit = {
    Description = "Lightweight Wayland notification daemon";
--- a/modules/sway/sway-session.target.nix
+++ b/modules/sway/sway-session.target.nix
@ -1,4 +1,4 @@
-pkgs:
+{ pkgs, ... }:
 {
  Unit = {
    Description = "sway compositor session";
--- a/modules/sway/sway.service.nix
+++ b/modules/sway/sway.service.nix
@ -1,4 +1,4 @@
-pkgs:
+{ pkgs, ... }:
 {
  Unit = {
    Description = "sway - SirCmpwn's Wayland window manager";
--- a/modules/sway/swayidle.service.nix
+++ b/modules/sway/swayidle.service.nix
@ -1,4 +1,4 @@
-pkgs:
+{ pkgs, psCfg, ... }:
 {
  Unit = {
    Description = "Idle manager for Wayland";
@ -9,13 +9,19 @@ pkgs:
  };
  Service = {
    Type = "simple";
-    Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin:${pkgs.swaylock}/bin:${pkgs.swaylock-bg}/bin";
+    Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin";
-    ExecStart = ''${pkgs.swayidle}/bin/swayidle -w \
+    ExecStart =
-      timeout 600 'swaylock-bg' \
+      if psCfg.paranoia.enable then ''
-      timeout 900 'swaymsg "output * dpms off"' \
+        ${pkgs.swayidle}/bin/swayidle -w \
-      resume 'swaymsg "output * dpms on"' \
+        timeout 120 'swaymsg "output * dpms off"' \
-      before-sleep 'swaylock-bg'
+        timeout 150 'systemctl hibernate' \
-    '';
+      '' else ''
        ${pkgs.swayidle}/bin/swayidle -w \
        timeout 600 'swaylock-bg' \
        timeout 900 'swaymsg "output * dpms off"' \
        resume 'swaymsg "output * dpms on"' \
        before-sleep 'swaylock-bg'
      '';
  };
  Install = {
    WantedBy = [ "sway-session.target" ];
--- a/modules/sway/waybar.service.nix
+++ b/modules/sway/waybar.service.nix
@ -1,4 +1,4 @@
-pkgs:
+{ pkgs, ... }:
 {
  Unit = {
    Description = "Highly customizable Wayland bar for Sway and Wlroots based compositors.";
--- a/modules/sway/xsettingsd.service.nix
+++ b/modules/sway/xsettingsd.service.nix
@ -1,4 +1,4 @@
-pkgs:
+{ pkgs, ... }:
 {
  Unit = {
    Description = "X Settings Daemon";
--- a/modules/sway/ydotool.service.nix
+++ b/modules/sway/ydotool.service.nix
@ -1,4 +1,4 @@
-pkgs:
+{ pkgs, ... }:
 {
  Unit = {
    Description = "ydotool - Generic command-line automation tool (no X!)";
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@ -13,15 +13,11 @@ with final; {
  s = writeShellScriptBin "s" (import ./s.nix final);
  sway-launcher = writeScriptBin "sway-launcher" (import ./sway-launcher.nix final);
  sway-service = writeShellScriptBin "sway-service" (import ./sway-service.nix final);
-  swaylock-bg = writeScriptBin "swaylock-bg" (import ./swaylock-bg.nix final);
+  swaylock-bg = writeShellScriptBin "swaylock-bg" (import ./swaylock-bg.nix final);
  toggle-kbd-layout = writeShellScriptBin "toggle-kbd-layout" (import ./toggle-kbd-layout.nix final);
  uhk-agent = import ./uhk-agent.nix final;
  wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final);
  drone-docker-runner = writeShellScriptBin "drone-docker-runner" (import ./drone-docker-runner.nix final);
  record-screen = writeShellScriptBin "record-screen" (import ./record-screen.nix final);
  # ps-fixes
  scan2paperless = writeShellScriptBin "scan2paperless" (import ./scan2paperless.nix final);
  drone-docker-runner = writeShellScriptBin "drone-docker-runner" (import ./drone-docker-runner.nix final);
 }
--- a/secrets/dyndns-droppie.key
+++ b/secrets/dyndns-droppie.key
@ -0,0 +1,27 @@
 age-encryption.org/v1
 -> ssh-rsa kFDS0A
 lbrJzpCXpf3BJYL80d2vD/b4raoPnUKV0D9Ka9yKb72W3ATfA/Cqq7vpisHRnwyj
 3pt1TfrPzti/8ZKDqY/Zw171jQbOF6zW45z4m8yJu4J1LYXh8yYrTR3YPwhPoGYm
 eZJWWj2YghqCFC7vdL/wZFjkStxwBGgrJfNOxJBcXOpUX2TOzfdNAgJ/pEkvdd/L
 jktiU5ITt7KXruwSEXRzHVfmntl4SaqDqYfeb0Y0q2a1oMpxTnBKcYXj6dYcZIHv
 Lm8HX0JsIiThz/DXB4sP2O5GlGeYyibj2iMSCsCqadwDpUndVtJnzFgjSQD5A0gd
 enNTYly3GSmC9TWt/r2VHHyneAnJ3HQKB5hUEqxPz9peemnvfTA89SIGHddmkXfY
 XSeN5WJnSG0+WAOwrpJjzl9CgUg9xJS7dDqVob3CwL9oVEQP8FcuuyqCg72ppd4J
 fdseq5/R+HuVnh6sEUHoaHEDidHtTrpE2Rd49Tesj/BT+YrJyQ/kQqHmy9RiLU2f
 DSRwLO4/qHF6W8UfuF2N08aMxRpxqXPWTjI/vHxoSJRcSqaofF42x50OQU8lY96c
 8bPlDPB7HOBg+7bVvOQCaR3+KRuOx+HYpeMwEokQTwCke+frPfXorilNbAcaFUp4
 QiU1sUZia/FOZ+j47+6pkfC2DfLpiNL2TLWYcNtIzUc
 -> ssh-ed25519 7Wns0A aKiZ8iw+Ub5rByBef0apOn6lG5Bv6tzFCiBu3DN6sSg
 58+9kySg3ajO7E5V87b/qRu9axpu2hQUuY/cVTt2YdI
 -> ssh-rsa wVtlwQ
 RbrfuwS5zQzL9yMWFDSnWj9cQFLirTH37Xf79Dis2CJIDd83vmlmGNY5x1aPpZoZ
 J6XDhibGTJc02DYuNVIE1IXm0x9tc6Z9PTT+WiAFt1JuKHguXTWLRMM9HmyvWWDg
 bFsRDAcYup+SK5d+ME+XooDGueC822rAjkGIRHNSCimGwuLpDRKqyyVfYA+dcfiP
 EoYH7x4S09jYRr1C5EkbraLbm1vijc5ikJw3b42KKbyo3wDwKga+Vk2nl2AtgjZp
 KipZlyjs+IjMRXX5IBpgoRtXcvHuidsOSc+guRo0ihF9MbzRc/Tt2g0V7t3KjeT0
 SJDLmHOos2RKTmx06aidDg
 -> Dz(k-grease ~FF p m)E{J3E
 7Igp3pclCAzAmeky5cPqlIzcITT+0jvieQe7ruSxRYRYqpYU7tMQFmHuNUahp+BP
 MzOYiM+PIQmn
 --- IC9SI76EjaFZxQ5odEeIv49n/O8uOdpM6LE1Z7dtHg4
 l%Àu¯¯ÃE„\ÎüÔ?2\&ÚwG&@¡W£~9"úŠ^ÊÆ†ý¼Á<>oån^šë<C5A1>ã»³xšèOI‡¢uOíò‡21c*ãm¸%ô)ý#”Ø¬eõIÙ6îA/i
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -8,6 +8,9 @@ let
  chocolatebar-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINZT3QrKugNTWNOwYziQnxrT5zFqWQDafWjScDuIpMhN root@chocolatebar";
  chocolatebar-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDwyNsGCMuyI9x2IxYEbYIL6oYsEfe1wqhHaRxSnK9oc10ge1LJni5o7g6XgryoQpCD9YenImcCxwkKblmlLQ2327uoVC2PUo07li1uT0eIPk0TQoxwp6besFs7/LEzZlgWQsc3gkEXmjk/E0mu0U6z2fkqciJ/ZxWYt9fLP6jBG47U9878rSaZ7k7Ilv6oRA3suArH189k1nerk/tonS4EWXeHZxHh/Eu0tqwmxN/6+g2GicYn6b+MbFQVdQAkctqT5Yz9USm9UKzbaAuZ799u0dJzagHm9JJZOr8r11ENtAkY9kAzRzm3u/ACiSdVzyLdjAK6m0dIPhp3OhedzuHiI6/wRll60tYtQTH1XwUpVbtir3+DT+jwZgO1zH3yL4iNh79kuUo+UEg1ZmGkSZRzSS2vb5qr0J5aSJmCd5sNB7a01PTtSlQPOqSF9PB+UmcLDF7JoKFub0KT/gRZ5neZkXTYQ/Y05qtaaFVlOVISijnm+sLUvKBv6OW8oYXIHBk= ben@chocolatebar";
  droppie-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDuXuPPDXTyJgy4JRwbKcPbawvVB1Il2neyRWb4O5sJ root@nixos";
  droppie-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnYTlTmHCl6LOkexqRR9LqjOoFgt9TQ4VzHQGRHJMzF/AGcDRoqC+pBLFSTzRb5/ikAOsb32XHyKVg4nNdJeQshO11QtDmkCB02D/XcIXxnNQ5A8CztT2az5xJtbbWSdamMnHBLcqLiwoLmXbERpdlt8jNqMHrz+bjCUGYVAFSfc/WdIs6EATJ1eF0VFxv7nUh4qhgStABSwhNsnoYOC/DOBSA9aBP1f5Fz9QHUioPTGi2hRwbTbtFUvTrymPpWVFRApa1zvGXcr4YUCm7ia1ZlZKzRpsPkwLxb8Omm4bGmR0cAVwVhVRySnhpCTwbIBLyw+H8PvKWBBba1NAKyMij root@droppie";
  allKeys = [
    bbcom
@ -31,6 +34,13 @@ let
    chocolatebar-host
    chocolatebar-user
  ];
  droppieKeys = [
    bbcom
    droppie-host
    droppie-user
  ];
 in
 {
  "keyfile-biolimo.bin".publicKeys = biolimoKeys;
@ -42,7 +52,9 @@ in
  "vnc-cert-chocolatebar.pem".publicKeys = chocolatebarKeys;
  "vnc-key-chocolatebar.pem".publicKeys = chocolatebarKeys;
-  "drone-runner-exec-config".publicKeys = allKeys; 
+  "drone-runner-exec-config".publicKeys = allKeys;
  "dyndns-droppie.key".publicKeys = droppieKeys;
  "mopidy.conf".publicKeys = allKeys;
 }
--- a/shell/devos.nix
+++ b/shell/devos.nix
@ -6,7 +6,7 @@ let
    cachix
    editorconfig-checker
    mdbook
-    nixUnstable
+    nix
    nixpkgs-fmt
    nvfetcher
    ;
--- a/users/ben/home.nix
+++ b/users/ben/home.nix
@ -63,6 +63,12 @@ in
            MACs = "hmac-sha2-512-etm@openssh.com";
          };
        };
        "laurakirst.de" = {
          hostname = "webj4bsux.wh.hosting.zone";
          user = "webj4bsux_36qkrk";
          port = 2244;
        };
      };
    };
--- a/users/yule/default.nix
+++ b/users/yule/default.nix
@ -24,6 +24,8 @@ in
          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw= b12f Yubi Backup"
          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a teutat3s"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKa5elEXgBc2luVBOHVWZisJgt0epFQOercPi0tZzPU root@cloud.pub.solar"
        ];
      };
    };