Remove lingering comment

.sops.yaml

@@ -5,9 +5,6 @@ keys:
     - &personal:
       - &cap_slim7    age1a5aqj3jr3rqpjet9a7y077ak0ymstjjdnyfgn5m2ad4l2yuxr4aqym7d3d
       - &cap_nr200p   age1g45zy9m5g4e20cjejgd3x40722rlddgkmhtddrl8wyf63kt5kg7s9ke390
-    - &apollo:
-      - &cap_apollo_n01 age1ljcy90uwlfngc7vqwlf2x2ckgsdfg90c0r9yvjzpl90jkwf9g48q2leudt
-      - &cap_apollo_n02 age1vl9q7u0jkzjpdqrmg4flvz2f7gyn05luv4ka60hu5l8yn4m6rujquhyc2p
     - &cluster:
       - &cap_clust_01 age1649y4antwgfe4fu02eppnx5gr0yc3g4lj4kwd6v9guxgxgj06y9qk7l4wl
       - &cap_clust_02 age1k085uuy4fv9rfpy0ne6zl9fq0j05a4fykqe26psx2ngxqrcxcu5sksxa9u
@@ -31,8 +28,6 @@ creation_rules:
           - *caperren
           - *cap_slim7
           - *cap_nr200p
-          - *cap_apollo_n01
-          - *cap_apollo_n02
           - *cap_clust_01
           - *cap_clust_02
           - *cap_clust_03

README.md

@@ -1,9 +1,4 @@
 # nixos-configs
 
-## Miscellaneous Notes
-- To generate the sops age key for a new host
-  - `nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'`
-- Update keys after adding new host or personal key
-  - `sops updatekeys <file>`
 ## Misc references used
 * https://github.com/XNM1/linux-nixos-hyprland-config-dotfiles/tree/main

flake.nix

@@ -108,25 +108,6 @@
         ];
       };
 
-      nixosConfigurations.cap-apollo-n01 = nixpkgs.lib.nixosSystem {
-        system = "x86_64-linux";
-        specialArgs = { inherit inputs; };
-        modules = [
-          ./hosts/cap-apollo-n01/configuration.nix
-          sops-nix.nixosModules.sops
-          inputs.home-manager.nixosModules.default
-        ];
-      };
-      nixosConfigurations.cap-apollo-n02 = nixpkgs.lib.nixosSystem {
-        system = "x86_64-linux";
-        specialArgs = { inherit inputs; };
-        modules = [
-          ./hosts/cap-apollo-n02/configuration.nix
-          sops-nix.nixosModules.sops
-          inputs.home-manager.nixosModules.default
-        ];
-      };
-
       nixosConfigurations.cap-slim7 = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
         specialArgs = { inherit inputs; };

hosts/cap-apollo-n01/configuration.nix

@@ -1,28 +0,0 @@
-{ config, pkgs, ... }:
-{
-  imports = [
-    # Hardware Scan
-    ./hardware-configuration.nix
-
-    # Users
-    ../../users/apollo-admin/apollo-admin.nix
-
-    # System Configuration
-    ../../modules/system/cpu-intel.nix
-    ../../modules/system/fonts.nix
-    ../../modules/system/home-manager-settings.nix
-    ../../modules/system/internationalization.nix
-    ../../modules/system/networking.nix
-    ../../modules/system/nix-settings.nix
-    ../../modules/system/security.nix
-    ../../modules/system/systemd-boot.nix
-
-    # Application Groups
-    ../../modules/application-groups/system-utilities-cluster.nix
-    ../../modules/application-groups/virtualization.nix
-  ];
-
-  networking.hostName = "cap-apollo-n01";
-
-
-}

hosts/cap-apollo-n01/hardware-configuration.nix

@@ -1,31 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "uhci_hcd" "hpsa" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/1fa744fd-82d2-4997-a757-28ae96461a96";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/F57E-AA2D";
-      fsType = "vfat";
-      options = [ "fmask=0077" "dmask=0077" ];
-    };
-
-  swapDevices = [ ];
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}

hosts/cap-apollo-n02/configuration.nix

@@ -1,13 +0,0 @@
-{ config, pkgs, ... }:
-{
-  imports = [
-    # Hardware Scan
-    ./hardware-configuration.nix
-
-    # Host Groups
-    ../../modules/host-groups/apollo-2000.nix
-
-  ];
-
-  networking.hostName = "cap-apollo-n02";
-}

hosts/cap-apollo-n02/hardware-configuration.nix

@@ -1,31 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "uhci_hcd" "hpsa" "usbhid" "usb_storage" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/71e4a38f-1e1e-4ebb-8e7a-a9489aa61f55";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/4A99-55C6";
-      fsType = "vfat";
-      options = [ "fmask=0077" "dmask=0077" ];
-    };
-
-  swapDevices = [ ];
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}

hosts/cap-clust-04/configuration.nix

@@ -9,6 +9,4 @@
   ];
 
   networking.hostName = "cap-clust-04";
-
-
 }

hosts/cap-clust-05/configuration.nix

@@ -9,6 +9,4 @@
   ];
 
   networking.hostName = "cap-clust-05";
-
-
 }

hosts/cap-clust-06/configuration.nix

@@ -9,6 +9,4 @@
   ];
 
   networking.hostName = "cap-clust-06";
-
-
 }

hosts/cap-clust-07/configuration.nix

@@ -9,6 +9,4 @@
   ];
 
   networking.hostName = "cap-clust-07";
-
-
 }

hosts/cap-clust-08/configuration.nix

@@ -9,6 +9,4 @@
   ];
 
   networking.hostName = "cap-clust-08";
-
-
 }

hosts/cap-clust-09/configuration.nix

@@ -9,6 +9,4 @@
   ];
 
   networking.hostName = "cap-clust-09";
-
-
 }

hosts/cap-nr200p/configuration.nix

@@ -21,7 +21,7 @@
     ../../modules/system/cpu-amd.nix
     ../../modules/system/desktop.nix
     ../../modules/system/fonts.nix
-    ../../modules/system/gpu-amd.nix
+    ../../modules/system/gpu-nvidia.nix
     ../../modules/system/home-manager-settings.nix
     ../../modules/system/hyprland.nix
     ../../modules/system/internationalization.nix

modules/application-groups/system-utilities-cluster.nix

@@ -18,7 +18,6 @@
     nmap
     nvtopPackages.full
     pciutils
-    screen
     unzip
     usbutils
     util-linux

modules/application-groups/system-utilities.nix

@@ -52,7 +52,6 @@
     rpiboot
     s-tui
     scrcpy
-    screen
     speedcrunch
     streamdeck-ui
     stress

modules/host-groups/apollo-2000.nix

@@ -1,130 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  imports = [
-    # Users
-    ../../users/apollo-admin/apollo-admin.nix
-
-    # System Configuration
-    ../../modules/system/cpu-intel.nix
-    ../../modules/system/fonts.nix
-    ../../modules/system/home-manager-settings.nix
-    ../../modules/system/internationalization.nix
-    ../../modules/system/networking.nix
-    ../../modules/system/nix-settings.nix
-    ../../modules/system/security.nix
-    ../../modules/system/systemd-boot.nix
-
-    # Application Groups
-    ../../modules/application-groups/system-utilities-cluster.nix
-    ../../modules/application-groups/virtualization.nix
-  ];
-
-  time.timeZone = "America/Los_Angeles";
-
-  sops.secrets = {
-    "ssh/ilouser/id_rsa" = {
-      sopsFile = ../../secrets/default.yaml;
-      path = "/root/.ssh/ilo_id_rsa";
-      restartUnits = [ "hpe-silent-fans.service" ];
-    };
-    "ssh/ilouser/id_rsa_pub" = {
-      sopsFile = ../../secrets/default.yaml;
-      path = "/root/.ssh/ilo_id_rsa.pub";
-    };
-  };
-
-  systemd = {
-#    services.hpe-ilo-keepalive = {
-#      enable = true;
-#      after = [
-#        "network.target"
-#        "hpe-silent-fans.service"
-#      ];
-#      wantedBy = [ "multi-user.target" ];
-#      description = "Maintains ilo ssh session via sending periodic command";
-#
-#      serviceConfig = {
-#        Type = "simple";
-#        ExecStart = ''${pkgs.screen}/bin/screen -S ilofansession -X stuff "fan info^M"'';
-#      };
-#
-#      path = with pkgs; [
-#        bash
-#        config.programs.ssh.package
-#        screen
-#      ];
-#
-#      startAt = "*:0/5";
-#    };
-    services.hpe-silent-fans = {
-      enable = true;
-      after = [ "network.target" ];
-      wantedBy = [ "multi-user.target" ];
-      description = "Lowers fan speeds by using ilo over ssh to manually set fan parameters";
-
-      serviceConfig = {
-        Type = "simple";
-        ExecStartPre = ''${pkgs.coreutils}/bin/sleep 30'';
-        ExecStart = "${pkgs.writeShellScript "hpe-silent-fans.sh" ''
-          set -e
-
-          SCREEN_NAME=ilofansession
-
-          SSH_USER=ilouser
-          SSH_HOST=cap-apollo-ilo02
-          SSH_KEY=/root/.ssh/ilo_id_rsa
-          SSH_OPTIONS="-o KexAlgorithms=diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 -o PubkeyAcceptedKeyTypes=+ssh-rsa -o HostKeyAlgorithms=ssh-rsa -o StrictHostKeyChecking=no"
-
-          # Create screen session
-          screen -dmS $SCREEN_NAME
-
-          # Make initial iLO connection
-          screen -S $SCREEN_NAME -X stuff "ssh -i $SSH_KEY -t $SSH_USER@$SSH_HOST $SSH_OPTIONS^M"
-
-          sleep 5
-
-          ##### Tune pid for all non-segmented fans
-          for sensor in 1 2 3 4 5 6 7 9 10 11 12 13 14 15 16 17 18 19 20 21 26 28 29 30 31 32 38 40 41; do
-            screen -S $SCREEN_NAME -X stuff "fan pid $sensor lo 1600^M"
-            sleep 0.5
-          done
-
-          ##### Tune pid for segmented fans
-          for sensor in 8 22 23 24 25 27 39; do
-            screen -S $SCREEN_NAME -X stuff "fan a $sensor 0 0 16 41 16 25^M"
-            sleep 0.5
-          done
-
-          ##### Set minimum for fan group
-          screen -S $SCREEN_NAME -X stuff "fan p 0 min 16^M"
-        ''}";
-
-      };
-
-      path = with pkgs; [
-        bash
-        config.programs.ssh.package
-        coreutils
-        screen
-      ];
-    };
-
-    #    timers.hpe-ilo-keepalive = {
-    #      wantedBy = [ "timers.target" ];
-    #      timerConfig = {
-    #        OnBootSec = "5m";
-    #        OnCalendar = "*-*-* *:0/5:00";
-    #        Unit = "hpe-ilo-keepalive.service";
-    #      };
-    #    };
-  };
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "25.11"; # Did you read the comment?
-}

modules/system/cpu-intel.nix

@@ -1,4 +0,0 @@
-{ config, lib, ... }:
-{
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}

secrets/default.yaml

@@ -1,136 +1,115 @@
-ssh:
+default: ENC[AES256_GCM,data:hblL4UM//g==,iv:pu+XlfdZl8XZFk16iwV5juImHosUfOhZJ54UAzi9iwo=,tag:8h2ybkmNoqUT85L2JfXLrA==,type:str]
-    ilouser:
-        id_rsa: ENC[AES256_GCM,data:BuoM1E1pf9srSfWWV+bIy9H/JAQIMsucJv8T+Sky6HgSsR1WLdOX8pYJSVukuMMisSBG8DJiGy7PgzqeZohrFbkaHpc7gI0S3+803pZQjILzs9kEIrpTzqb+i5UgGPNn7Q9Rk2Etm7UlQAaUSLZg1XfCWV421YeTDFnM42bLy8Lhpb5J/GyP4iYJN5osmlQdjUbzR4wWaYIofWHjTqbNo0yNdMTDPf/bVDw+/34Xx/Xcvc90KtbO/k/gWpOam/Mq/jMoaA0IcZu7p6pu3WWFlilkeBtLefLo8nDEGi13hT2KxrB89npTNWWXf4sejQxkZgp8x1FxA8LH9v6vRunvdBRNTw/JjmtxaF8vKfjd2oxaKztLA8NROYQRpavqv6/NGlyBCU+yncq/E5dl51t7BwDwpSUvYvVEP20qH1JBKtiyuHlLOTOwTJtigOE3EuNxuEViz56Q0tVpQOcPQuSRmwdOg8hMZx/HnaDv52JVxeQHdF8jpzz3E3noB1AbRIAb84XXWVo2QLxFb8W8t5ta5cdOq/Pqte5PNXfT+2pjBIOlfg5mzA9kjH4QOZaO7zBbMj/ZD480gZY+kUMgeXgOtoLSZCPvdBbSjd7Lsd7xYbZSk6m4jOtvbTzpaFX8ZIT4ompC/+G84t3HyxE+UUeBip7mTeOJBCc1WjguKSzdBMmYZUxJAGMmWJ+TQDZSFu2m7bMmLGTgya5isqtcqGN5cGcICxIfOVfuoJ5T6vO3t2ZdUuV2U4+gfCYhtEZbsT/lhgRC0NlMWBhowCRpzhowYLHHGqmUfl5M+JTCAOS1QDmZvaGVc8BC0WWkc+162NGME1D+GRolHF44TfB5IuTQ1cfrv+VvK4DIsEslleAMCxqHPPQPGpCTcCNfe/3Yylkl/Pmogas2P8Q1fyGVTZCsS2G5wugptt8AdfdM+tvmqzlyponw3lNKe+mj1ehunJ8V93ea95cdmVikM6OLykzSrbxsejX8EgIQ0BChAFly38ot7YcmqgfqABCGeiYwOnL/90EuRmYRaMuUihbiRVzGPd5oc0OKDj5xdM2Eq/VRaODCFuhmwK5eLHB3tGab2Bin/8VGZkpWjQsd3H/UYRfPpJqjnhI3/dxD619ouZPfsTfQCVnBaZMYVKzpmeb3geNMeV1h8cDxNsAk85nAnG6RUF7xlqmgF6yUZ/vFtjUq/vCoNHsKvS5sSy73LPXljrVvZyG2K9P6dfTR4n8yYGJCoj95ahCAD4djsr9ylRzj1YTFQ7XdZGxw3GML7rmzuMS/Kk0qMKNYSlS9ru0yIL2baZmntjUKjcl0qigzO74bi3TxyoylmxXA2/80AcRU/fWi0t9g9aTJmuVztPiRQpCLsDzSS/xTjriwThx6v7tgmVwO05SdlBQ5Fk6R1nOsC+4X35l2f6pWJ91nlkfimJM3mY/MZDxWusfgXcS3SBswj59n7zX7AwykcX6/XHVWg91EfB6sRUZyHWsMxwn+i/P5aoIiO43leCD9KX5T0KjRAxa0DG092zM6pRaKEJWeBXTgcFTS5AQdMLVlt5GBHBHw2Slr6SMsUo7A1ycJqP7nw+YdLje86h4edfvbAtowhaBT3WPFoxbtAoBWqkYPgTGs/AiKRsfjecypuCm52bz8VTiw8laRkYFO0nqyYZBm4u2BbVODS6Ji9ZxNpjN/NIDh/5ffhQ611iwL2xgob/yFrjqaRyzPx1DXseMO+Lc0TMEhdSVGG9i8fTJXN8VasDDHxWCQD/ZSyERGCqIDc1+pZBjwABiECsDtQy3DI+oQ3UEPLOFHGS95Kc5+KKij3ptvf61o2J6XKEUY0jqv+puNvmjz7jqsNBY+S524G+06zzcvXsUnWQ3o1lOseFDSl4ZV+a2GiRA+AHj5gSKXTNVUMDsEu7E+4Sg1WVFKLw4KgZ0KubHYQYz56QLojv2TUL3NrK1mUfdn9jeJ01L+CIMTVjz+4UjVI/AZJA370Le01pl0ZMxaFRa0fep1Pa6MikTS7SO8NBtTtbOI2Dt/hBrXpzbicfRU/2pNJ8hEn9in0eXkZ3h0/nHm5J/OrrbVOdvQK9RkF9J0sdgmLtnAxdQjKK7r8Tg17q4vefFRtTEFPz1hV8sOrNXJZc3GRnvINE/7CVYdBQZuq7Bqze9WS+Yqzo2Z7T+cgpLTThBWlL7uGRsNcOdxQOctvoHCDFMV+9+QSH9Cc55Jdbd1T/clludubmyCJLvd5+25haXtRNSivJ/qB/ZbaZq/1PrJw2rl9XuiTczVrG/5Gwpz7a7PVrP8ydIEoTAglMdr9WICKl2cqHo1+k7HOFZluJAugNTV5aRwCvb6roKXsENH6TE68RuiYI8GXD/AzrY86TADCZroeQ+arLW+UuDqQfsnJ6MM02NcSOriAqTbwikGSzNIwkOiuZmwc5Y1pVqe1pyVDf5gN6Q=,iv:IDe6vkBvgAzfxee+/odkLk1TLZRghVEf8hqH2r3+V9I=,tag:OFCA57fQjQxc+CT9DOq+VA==,type:str]
-        id_rsa_pub: ENC[AES256_GCM,data:hYdf7KifFqkHDa8UF1zvhirc2AkrYpL2VrmV2IJjHzzgbrJxshdA629mTXwXwXORbLwNcMpRR7DFLyHCRDu5cWsxluZ04rNU9sJFmL+6pPUonaa4Wc+9z5VysV8UItY/BZ/5mOMQ2ph/wMQ3pkFnBD58vOFOYsmZ7OCir5dQZfm8GdGDX76bOlOI/CAg/LtwFveHK4trY3EUkxbJQ1soZdpm7ML/7bDN52klaS/EEgwk+FJrNAcm8M+N3kMSZoJyJW7c1OG81d4G84tryt2fa7s2HGT79IX6h4wI0GGu+bl87MgmFC48KdvjPdWowfh2QxkphSLduYQ4ss4EQYgJrmkQznQtt67acCFxNrEyE5psSMQPXtgAbwV94xeqtc+QHzmjHAwICTzk7Q4sFF85cDV54ZyoQDYdfubjpJ6mdE65dftN2eYD/5ywdTq09vRpnlh24PTrp7nn4H+Yddakv5KGhQOnj0p6JHNytXEClmiqxANrsYyhKvZe9gS+5w1RIcrsv9dHr5uL7Q==,iv:PQiVjFf2LlOKa6i7V/DcxYU54m/AbJGwTwUmA9asKI4=,tag:y27R0sMuOno0Al9iD3+MsQ==,type:str]
 sops:
     age:
         - recipient: age1xjnkqv32a5nqftw6pqthapnzmgjl4lnqfpxy9utqm56yzm2mvfhqzch648
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5OURyTktBK0tLUFNvK3JV
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJWUtjYmxwWVJtekY5RTcz
-            cGZ0a1BNOUgyZHgvZlNEM091Z01pdlNWcHdrCjRyV2Vlamk1SGNGa2lOZjFZUlZW
+            Yno1M0Z6RnRYRkowRmVWMWVTNWRTc0RWWWprCjlRZ0dVYnkzaU1CTmljR2VxVDZX
-            NXlSaFRuUkVkV2ZWcm51N1ozbGp1Zk0KLS0tIFA3TmNueE5hSGxwZVlXeW9mOXZG
+            a1lzNUNCb0FrdGhvcUV1NTUxa0RRMG8KLS0tIG9PVWMzbHA4Q2YrbTQ2cWFpTU1F
-            bWxNZVphblFnV3J2RnBnRjhIV1psTUkKvuHFAmPg7AgSgpSv3cRDDSYRRiG2pWIv
+            NE9TN3QyNEZEM1BoeFFSRHZqUmF0TlkKSvm5PXarwX2/034Y2LThEVQWgGm4emWU
-            qs3gUknD2QAuo1dBGol6p3lzvuGNYaBLML9tgCgN60Y66RVHR1zEVA==
+            abvCD566vlA+MZdRx0CUo1S8xqXDse9inAwroPs3nZ2TabtvCAqNGA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1a5aqj3jr3rqpjet9a7y077ak0ymstjjdnyfgn5m2ad4l2yuxr4aqym7d3d
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1a2FqYXZpWmRrVEhhazF2
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4Y2J5a1V5Q1U0eVZPOGlB
-            akl3RjErZDc1TVZNZnBCQ3F1a2szUTB1bUVzCkJSV2F1RUNvR3FldmxnbEsyejB6
+            R2dBcElMQ0kwQUJCTkJuT0J2Tm9ETVlNcUYwCm0wbndXdFBZUllRZm5zdEVEczl4
-            QU9xTTlud1BrVW1WQ0RCbFRhVCtiRW8KLS0tIG9UeTg3d0pUOUswaUdWdGVscHNM
+            b1NYVXFqVlhTb0R5YTZSUnBlMGNYSkUKLS0tIGJXOUNYV0NNZUlnd3I2OUhjSCs0
-            NEZFUS9sNVJXSllNdXhRWDFYKzg0ZFkK1jEL736B5stLQw6BLxJmm8Z98uvD2qGZ
+            QzA3SXcwQmI4WE5qTElVWFhmRVhyN28KE2br0ZBj8dUep8O6hf0W1mrOXTDhTq/X
-            O98ByT6SrjQnYnr/8u0qY7dQ71ThzB5v3LSrk8/x06CzLmpAYgc6IQ==
+            xR6zx93tpGdqg+jT0BS+7GMaxj4jM5VMmrTYQrIZc0g9ah34AbFT6g==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1g45zy9m5g4e20cjejgd3x40722rlddgkmhtddrl8wyf63kt5kg7s9ke390
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFbjh3YkhPd1o3M0h4bkhY
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyQzl1MWtYczd5aEpacFNZ
-            dS9QV203STh5OTF0Y3k2VEdFaFYwQmJNL3lBCkg4UnN2NW82a2F0a28zQ2h6Tng2
+            elpwaC90d2xTWUFJeGdMTjkxSVhZTUU4a3hnCnFOZ1ViS0hqbW45aU0vajh5NjVv
-            ckkrb1AyMUZ0UDM3ZDgvd2FWSTlCTmsKLS0tIGc0ckd1NW1Tc04zOUZhRjlwYmMx
+            VmNYcmNGT21lMDl4QnljOS9oSHNpTjAKLS0tIGpndTNQU21PSVU1UzErTjFtOVYw
-            NktCNXd3WE04VzgyczdNVVZ4Z0FIbk0K3999tMUUAerQhWeIST5W9v9sahnl/bub
+            ZU1IRWdacUtKeEloQjM0TFU3Q1A0OUkKiFY+UfTgGtPuQBuHfmRKEVV6nyi7ggLT
-            Wh2wQPSC6pN6t60CMrs4N5NgXhXG6KADiWi9oMwR18RAqwQTRVKRzg==
+            x81Gl5COm0zCuXJuQw5FQutFXnYRC/9ndlNpO1HmrDHnEDp1osdNqg==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1ljcy90uwlfngc7vqwlf2x2ckgsdfg90c0r9yvjzpl90jkwf9g48q2leudt
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmb2ZIQlpNRmZaczlGMWFT
-            aVZWYmJ4RWxJYkJ1YkJhYkV4c1pKZGVESzFvCjh0d0RPUHNSQThLQ29vTzloRGJI
-            cnNQMXpTVUs3NjUzeGtGbTFDMUE3azgKLS0tIHM4cS9GUi9XUXNITTJsakxxOXhk
-            U3hNMjNQNHhhTTRTZk9EV05FMEtlSlEK3zLfM19AjFadzWzcTbvmUwQnL0yG8A6K
-            JMNzwbUvPqLIBxniTuSNRHceCcyPvs4vnCRDQPeEIHV6r1dGMV90Gw==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1vl9q7u0jkzjpdqrmg4flvz2f7gyn05luv4ka60hu5l8yn4m6rujquhyc2p
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3TWN6WEM4WkFqKzFoVkZi
-            K2hnd2JzczY2YStKcDZjd1RPNGlRVklQL1U0Cmo1VTNkWnVQY2tSNzRBY3JrMW9x
-            Smx4STlKMzJGQUdrMmpXVCtYekZmWU0KLS0tIE1ycnR1MTVvMUgvcko2VlM0NEUy
-            Nk1vSWtQWlJWVlNIZEUyOEc5ZS80QjgKqyFL4+3Oqx92nDGJ/D8/+RkPmHZ5R9Yv
-            HXlyUrO+tmbSU5JkBO7tSZ9Ho89Imwf8b6r76ZozHOjpmhSL5RBvfg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1649y4antwgfe4fu02eppnx5gr0yc3g4lj4kwd6v9guxgxgj06y9qk7l4wl
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3S0pSVFdiMzBFaFZReEhY
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSUnFJVWNYYlNLSk1xbFYy
-            eVFWNzc4eno5Zm1ScEpSUHNmeWVkaTdjQnlzCnZoS3hjeGlyUmd3U1lnc0xOUGVP
+            WGlBYzZHYVc5USt2eXNKdzlabWhYMWExZTFvCmZTeTJxWVhISWt5cjBwT3gvcnJ6
-            OXFweG5YTGV0NDZucWpuZ1lybG43dEEKLS0tIDk2NVZHUEtScklSQlZBQ0ZCMFZ4
+            QzNRL0lFUGcraURLVnBGQXpXUzFiVG8KLS0tIEpobkwvaHBRU0FjQ3NIWDc2bWRj
-            N21xTTZpRm81cGM5elVWNnk5NU5PTGcKhfvVyHzhH9A1NDoyHwBAxHy5Dj8brkt5
+            ZWpwYURSc2dGTzJGaWgrWDRKZlRDZzQK0BZeC4JAbP8sHVy48O5rTyojRIkL8SUe
-            280NVHI33SQ+R3mgdAcFB34jJW25ntq9Jd7f8V0FeqelGCzHttMy1A==
+            JPTYEa/wIDWOgp9Kkxa6QwVMr061pdEnIF6pal2efJjtvS0Q8JaegQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1k085uuy4fv9rfpy0ne6zl9fq0j05a4fykqe26psx2ngxqrcxcu5sksxa9u
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaVHhXYnhkTjdPT0xqbE1D
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQVzUwSkQrTGhBQ1VVR25D
-            LzliRGZzQWpiUFdmbE9LZktLN21GbUp5Y0U0CnAwTFlRN3M5OFpKNUNJNTlERVl0
+            ZU5BY1NnUVVhVTJ2VUxPTWpqVXNhQWhpc0dnCk5EQ3JYdmUvQWo3QzdqcXVaN2Q4
-            MysvREhWdkZLOWdPODh2dXZlclRHMlUKLS0tIDF6c3pUUEh6bk5YeDJob0Rham1S
+            ODFIeVhZWFAwV0hvUm5UTyt3VEZ3NFUKLS0tIElZL2NqQTY0dGJzVjJNWEh2U0pp
-            TlF5ZVp1Z21DU0hUdFJLMGNIRnVxZE0KGl0PT9mmCu+8yf2K7ADpeALk4xNG/Xld
+            Nk94MldCTnZQRG00S1NGZWlsbmxLencKkeUHuYFIwQYdAAwfBcJ4F/1oR8mQfK9t
-            IG1zlOPvAmmApoNKOx4FOlBVO8MAX922WsUgX6OSyw8U0PjdRn4rKQ==
+            ka9WdGJZ+w2UDU0zOdkaD01lnqHenV/MhkzQ+SYnFEETDNLWt+OkwQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1tpeqfhc4n7swpgzx6qfdfxanx0uqh7nksr7eksnvjea70n8vaf5sntxu2l
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3MGJTd2cxRG5MNkJSdXBo
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWdktET3FCUmw2TVhSWXcv
-            bXNuZXdPUDZjZC84S0g3N1ZENzIvWWVOaFN3Cmxpb08wSExqaTNQQ1RROGU4bk9h
+            MTlHYlR2KzhPS2ZrdHA5ekcxZVZSc1JNM3lVCndQZUFKTFJFZG1GVWJvWllobGJU
-            K2lXMDhuVGpWa0NXOGlXMkxaMzZyWkEKLS0tIDUvckRYWXFhdW1wdUZlL083ZFhH
+            eERoSmFMZWh5ZmZHM3Z3UWc5aVpab0EKLS0tIFIrdkdyaHg1NFVpM1JGWlBSWWpu
-            TFJtcEdFS2pPcHN4bjd1a3QwcktXTzgKy7mTdf495H9solOwE8qJgQQXg+4HYYoF
+            N0Q4YzZCbmd6bUc0U3FaZ3lLNUJOTXMKHC/emqz88i9dq+rWaw7Lh92pdu2D1aDD
-            6ytA/0bA+UlDeziHS4opnlooXcyQ6isMUoi9+F3GlrDaS9NZx+v5vA==
+            K7G4d5AgRuSZxPWxwQMGTsCS3arsex0KrxdWE2ksZYTwVdi5CU3zTA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1pux20jlyzdexztdmm3lelzn2mslxhuahae4wjy74hkxfytslsfpqj708e2
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZeEVoR2dscEg3Mlk5WlBP
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM1BWd08zNFNPdTlUa1Vt
-            UHFvR2RUTTh2Zm1UcStncEUxVnRwamM4eXdvCkdWbWcwajFXdkI3S1pkT01sZkoz
+            TzBJcDNIbHl3aXFUMXpkMmE1ajVwVFcrUVZBCkFDUnEyRktNRDlLdmFZT3Y0cVNT
-            U2pYdDJ1Wmw3V1prWUh5TVhCSUtlK1kKLS0tIG5XUjhMak45UzlXek5vTDZMN3Nv
+            UCtQQmhjT2hvbWdSOGh1WkMxcFFBWGMKLS0tIE1NQ3AraGVxVUxvZUVDOC9NY2xE
-            d1JJc3FvZjJadTVUSXJzWVQ3ckxQSVUKQ8Bw9tQdlgrH+e4QrkFhx9AVz7F6asDZ
+            UHJZOWp6RmU2SFR4bU5hTDJnbHo5Rk0K/6Loz0GabBTy1VxePYwiuDtFCiDniGTv
-            rblgfXuYh+rnoDsuMh6gUciA9WDXBmlPgs09ny4T29T9uGwLjPnitw==
+            RP7SKgMbN0SUjeaXwTmksC9DmfhWzXwDJqh/n/cNrtE2yuKR2AGzQA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1f5039syajzz75s9lkdzwnv2dsvlcp69puuaucgwt05sqjdl7hels25nsfr
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1TndrMmZMOG5tT1FnWmgr
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6d1lFaGxEOElxYjBVV2w5
-            OGlxek5ndGxFOFdmbXhKTFZidzRGS1NVWWhVCjNFK2U5bTM1OXhKcTV0Q3F6bG5U
+            dVJyUnNveklTbXJQSzA4UlVHYTlWZUUyVlIwCnRwS1RTejAzNllHdWVaYU5tZXhq
-            T0xnYTloZStMbTBFTFovdHlBU2s2eTQKLS0tIEY2emp4ZVVDbzhLbGxuOUx5VG1G
+            bzZVcnpjYXBhWFFnWjY1cFhQZ0JuZ3cKLS0tIE1zYWlJTTV2VWRma2JjWlRZZ2Ro
-            R1B1VldGM3BONUoxUVpDeGhBK1orQXcKPHvqPhOE7j687dBQlfuTdsLIr7t8HzX+
+            NitqbEFuUENKaDZWY2dVRU9tWUF4b1kKAZAVyohLFZPMC0O6AF7GUXaE/8Q9bF2s
-            IWOkgUe9Lu+ruHmx0FbDsLlqJZbZOVisaWGD7CEm4Ku1ZnOSejFZcw==
+            o1rS/8Cg0KqmalQ992wSMjUj1Z0y+najuaF6Kp9r2Q+6b9IVe7HQFA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age19m6f3xtkdf3gwxqxgp9w9gyla4hk24f85l2tyjx6dxu0akzux3cs657dhz
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1K2x6VWx5TUJTcDdEbExr
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzN01Db01QMVdudC9idjBm
-            V0t2VkdOV3NuUC9nUStZM3JwdmRqdThyUWtzCnFlTm13OFVlL205L0dPVzVrRlVh
+            N3B4a3hUR2ZNYUQzL3RVVlQvelFFNUZFTlhFCnpaMDFpcVpkcThFanJRcEVxOFNP
-            b3BTTEFwcHlrL204alNlU2N0aExjVW8KLS0tIEQ5ZWpCeTMwNmpjcGl1WmtQdkNU
+            cC9xL29MVTd0R1FUQzMzazVoNDUvMkkKLS0tIEVYRTlZSkVUcmZIVWJ2dmlBVGxq
-            TVJBMjlNaWtHMlMzd3ViaGVpMERPVncKh7czaPxra9mRidJgrfaT0QWFU7d1li4e
+            R0E2MmdSZDFPTG9WMmhzT0dRYWRkclkK6Hg6rNuEhWb1PLA8z5l2YPDBMXxo0VwA
-            60tD8Gkaoshs0KjQt6Vs2OrW5cJhMkBnUv7kulEEvn+ouukZOz4jTw==
+            GrpQjbrcFKXTxOpi9FU5m1Dy0HSkEkUnmcFiVr98g6xJwWQjp9Xduw==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1en6vdtxspam9s3nmsyfrcrxzrzu4t9v72ztqyekpzsc35rd06a2sza7ehw
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsbnFqcnE2bjNqVmJlVmNR
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoQ0tJRDYzMDQvdVBDZ1ZD
-            b2huRnVITTJOU3J2bE43d1V3VzZiRUc0cVZnCmRoTU5YZWQ3TmdZN3A0WUQxZHJr
+            NjJyc2x4NFhhd3oycjRxSFZhaHZTN25kc1NFCldvMy9IWUNadzRNWFh0QVQrczhB
-            Tjd4d3FkNHpPSThBemc5STR4VXEvRG8KLS0tIGdSZFgvL2c4MTB2eml0dWtWQVVV
+            aFhyd1d3cWlad3RCWVN0VWQzNkU5eWsKLS0tIDZSbmxLbnNTYmJhL0l6L1JwRWFN
-            YkJJT294RWRsaHlrYThuQ2RMa3pERkkK0G9ShhLOZVVjGinlUyk/sc9OjWmukLgR
+            ZUQ4cVlyL3VYQ0RFdHgvalFnWnU1Z1EKTkQZ14qvVykxfkD1smBd7aXzqji4sUGi
-            JNTFWAePS/k1O/bO4Myxc9wX4R9UrZOpG/Q6v66ilNOApWD7i/2eBw==
+            dI0PoKWAy4rqVbNMsNTOutNk8KMxJG+d9Qw947W2O7fA2XIY7/hnug==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1vujvq5rdzppkkdhkwyhnl6xhuvm8s5yf2wc8ke05m8jwrdwsdf0qfx5w4r
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaUUJzYVBzLzlWc2QzUitS
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiQnNCR2w4YjlzUSt5bDE3
-            M3JrSGUxcXV2NlA4Q2lDVGpCU0NnZTY2Q0RVCmZ0Tmp0M2FMUVcvY1JrQmoyNk9B
+            c0VMWmQ4M00zMVErd21DYnlPb0JtelFDeml3CjNGV1ZJMVZOTFNpT1RSc3FXV0No
-            VDFqUUlQMVJ3L3JoaE5ISDV0YU5ydTQKLS0tIGRjM2ZxUzRMRGxzL0ZBR0F2Ti9Y
+            d25GUGVzTi9WWlVDeWRzd3BDOXNHb1UKLS0tIHFVdVRRb2l4YjlaY0NlUFpiRmxs
-            Tnp0djVFV0hPTkJGYXJSTWRHdkUzWVEK2bWcz9/qrHjAO0FWzjwsuBnZMm42XzKl
+            aE91WkxSYittL2Y5aWZBUFpYS0tzR28KK7B4TLpgtcRj8zttl/oHaYuedm2r8LDd
-            h1tQwqF7A3jdcezZXYmOn5R1nJX5NTXLySgPZapvOhrPmuHZk4UULQ==
+            6C/cMrD+hQEb45OiDcn4V1L444vwbAZJvzgoiQWem6+1Wvepqe+P0A==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1uyuudfya8etgztlt6hlssr9hkstyyhg65wdq3pj9rud2czzkaqqssg7yvp
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJUHlzOEtpUnFoU0VmNmpl
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmbjJKSGlLbFBCd011bHBG
-            TDgwdVAzeENBd3dvY2U3TFVkSy96Mi8rVERjCmhaU0hpeUR2cjh3ckNKVWNtaTRG
+            emM4MVJCKy9UejY3M0E4VWFKTDFUeGZQQkVFCk1ZTkpUYm5adVZOU1hpR0xqOUdi
-            STRpaHFGWmU5TjRFWEhabWZTaC9FMk0KLS0tIHBsN3BxNXRIQ2ptNHZjQ0tlZ2Ro
+            ZXppQ3lFdlBxQWdRdW9TbUFkcDJFbG8KLS0tIEhycFp1WGRCVUxBVzJRamptYnli
-            YWttOHNEeDFTemh2OFEvNGNOZmkzeEUKL9yGY1L35y+ZIFyTFKyvgIirWSGe5lkT
+            dW1YMTBIa202Tkp3WC9KRUhTckFCMUEKgUhihP1CN+kNOcbtfsr/gofI0tVzMVwo
-            jYAPmt/RJmskzNBQdo3KGnPKqpVK5nEBUwmzKVre4AOOSTYJ4ER+0g==
+            4aQPOxmvp3gyKdvPtUUTxJ3QrZ3laAHcVmsxPjEPnaAjfmGSUZh/YQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-12-31T05:09:48Z"
+    lastmodified: "2025-12-13T11:02:46Z"
-    mac: ENC[AES256_GCM,data:VP4URW/zRZFa4A3Q0gVzs06Zre+GzT3DNcrYxOcktgR1ooyvCjPE6l5t3Jf2LvVanSuBfIQMP7w67OcBar89QqGjn38E6V/U5Lyj7hHF9AtqNd/3l3P91xt+69UBOEqhZI0oASrTA3MKAZVeg6kWtU7YWajPH0PVxOsxMHeD9g4=,iv:LciFXM9JdXwmR56dgO6OskfcGauy8Q5gYIKZH2sES90=,tag:VJbexnwD+N1mGzADfXhp7g==,type:str]
+    mac: ENC[AES256_GCM,data:roAByCemPPNz6kkAX1nOL/TU3p2Jv67paQKlouek40FEf5cwVRMmygKDhs1vV8ZO4Ot0xGjXwiq+ylD0aSzbzvdcD/gG+cZ67XpqcW7CQMMtCrQ3Rt+U7q4rxyUeR55VxJdusjwtPp8qPVutKNJlebOUdBgaSKzDzwbnRppDUxk=,iv:PZVwlU3uUO+hHisHaoQAAfcBR2jlB0UHSU7ZFRXYfPo=,tag:0hPLfuSoSLRR1LiOWHFpfQ==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.11.0

users/apollo-admin/apollo-admin.nix

@@ -1,45 +0,0 @@
-{ config, pkgs, ... }:
-let
-  sshCaperrenDesktopPubkey = builtins.readFile ../caperren/pubkeys/cap-nr200p.pub;
-  sshCaperrenLaptopPubkey = builtins.readFile ../caperren/pubkeys/cap-slim7.pub;
-in
-{
-  users.users.apollo-admin = {
-    initialPassword = "changeme";
-    isNormalUser = true;
-    description = "Cluster Admin";
-    extraGroups = [
-      "docker"
-      "networkmanager"
-      "wheel"
-    ];
-    openssh.authorizedKeys.keys = [
-      sshCaperrenDesktopPubkey
-      sshCaperrenLaptopPubkey
-    ];
-  };
-
-  home-manager.users.apollo-admin = {
-    home.username = "apollo-admin";
-    home.homeDirectory = "/home/apollo-admin";
-    home.stateVersion = "25.05";
-
-    home.packages = with pkgs; [ ];
-
-    programs.bash.enable = true;
-
-    programs.git = {
-      enable = true;
-      settings.user = {
-        name = "Corwin Perren";
-        email = "caperren@gmail.com";
-      };
-
-    };
-
-    programs.kitty = {
-      enable = true;
-      font.name = "JetBrains Mono";
-    };
-  };
-}