rename 'uninsane' machine -> 'servo'

.sops.yaml

@@ -1,11 +1,11 @@
 keys:
   - &user_desko_colin age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x
   - &user_lappy_colin age1ml8kkppftygu2wag57yld98jlrkh4avp54eheq7q0fa2rup843csqjajs6
-  - &user_uninsane_colin age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu
+  - &user_servo_colin age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu
   - &user_moby_colin age1lt739n2tq7dmpglvntjr9j2r7426md7rat7x9w930gagtx4jyvnqwts2al
   - &host_desko age1vnw7lnfpdpjn62l3u5nyv5xt2c965k96p98kc43mcnyzpetrts9q54mc9v
   - &host_lappy age1w7mectcjku6x3sd8plm8wkn2qfrhv9n6zhzlf329e2r2uycgke8qkf9dyn
-  - &host_uninsane age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf
+  - &host_servo age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf
   - &host_moby age1t957gf0z865gya0khgc9x59wy76hzps3sgejjqtwcngn2xl273msxsmpe6
 creation_rules:
   - path_regex: secrets/universal.yaml$
@@ -13,18 +13,18 @@ creation_rules:
     - age:
       - *user_desko_colin
       - *user_lappy_colin
-      - *user_uninsane_colin
+      - *user_servo_colin
       - *user_moby_colin
       - *host_desko
       - *host_lappy
-      - *host_uninsane
+      - *host_servo
       - *host_moby
-  - path_regex: secrets/uninsane.yaml$
+  - path_regex: secrets/servo.yaml$
     key_groups:
     - age:
       - *user_desko_colin
-      - *user_uninsane_colin
-      - *host_uninsane
+      - *user_servo_colin
+      - *host_servo
   - path_regex: secrets/desko.yaml$
     key_groups:
     - age:

flake.nix

@@ -19,7 +19,7 @@
   };
 
   outputs = { self, nixpkgs, mobile-nixos, home-manager, nurpkgs, sops-nix }: {
-    machines.uninsane = self.decl-bootable-machine { name = "uninsane"; system = "aarch64-linux"; };
+    machines.servo = self.decl-bootable-machine { name = "servo"; system = "aarch64-linux"; };
     machines.desko = self.decl-bootable-machine { name = "desko"; system = "x86_64-linux"; };
     machines.lappy = self.decl-bootable-machine { name = "lappy"; system = "x86_64-linux"; };
 

machines/servo/default.nix

@@ -25,7 +25,7 @@
   colinsane.services.duplicity.enable = true;
 
   sops.secrets.duplicity_passphrase = {
-    sopsFile = ../../secrets/uninsane.yaml;
+    sopsFile = ../../secrets/servo.yaml;
   };
 
   # This value determines the NixOS release from which the default

machines/servo/net.nix

@@ -88,7 +88,7 @@
   };
 
   sops.secrets."wg_ovpns_privkey" = {
-    sopsFile = ../../secrets/uninsane.yaml;
+    sopsFile = ../../secrets/servo.yaml;
   };
 
   # HURRICANE ELECTRIC CONFIG:

machines/servo/services/ddns-he.nix

@@ -24,6 +24,6 @@
   };
 
   sops.secrets."ddns_he" = {
-    sopsFile = ../../../secrets/uninsane.yaml;
+    sopsFile = ../../../secrets/servo.yaml;
   };
 }

machines/servo/services/matrix.nix

@@ -157,7 +157,7 @@
   };
 
   sops.secrets.matrix_synapse_secrets = {
-    sopsFile = ../../../secrets/uninsane.yaml;
+    sopsFile = ../../../secrets/servo.yaml;
     owner = config.users.users.matrix-synapse.name;
   };
 }

machines/servo/services/nix-serve.nix

@@ -10,6 +10,6 @@
   };
 
   sops.secrets.nix_serve_privkey = {
-    sopsFile = ../../../secrets/uninsane.yaml;
+    sopsFile = ../../../secrets/servo.yaml;
   };
 }

machines/servo/services/pleroma.nix

@@ -125,7 +125,7 @@
   # };
 
   sops.secrets.pleroma_secrets = {
-    sopsFile = ../../../secrets/uninsane.yaml;
+    sopsFile = ../../../secrets/servo.yaml;
     owner = config.users.users.pleroma.name;
   };
 }

machines/servo/services/postfix.nix

@@ -132,7 +132,7 @@ in
   ];
 
   sops.secrets.dovecot_passwd = {
-    sopsFile = ../../../secrets/uninsane.yaml;
+    sopsFile = ../../../secrets/servo.yaml;
     owner = config.users.users.dovecot2.name;
     # TODO: debug why mail can't be sent without this being world-readable
     mode = "0444";

modules/universal/fs.nix

@@ -24,6 +24,7 @@ in
   };
   fileSystems."/mnt/media-uninsane-lan" = {
     # device = "sshfs#colin@uninsane.org:/opt/uninsane/media";
+    # TODO: use mdns, and replace this with `servo` instead
     device = "colin@192.168.0.5:/opt/uninsane/media";
     inherit (uninsane) fsType options;
   };

modules/universal/users.nix

@@ -29,10 +29,11 @@
     # XXX colin: create ssh key for THIS user by logging in and running:
     #   ssh-keygen -t ed25519
     openssh.authorizedKeys.keys = [
+      # TODO: is this key dead?
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGSDe/y0e9PSeUwYlMPjzhW0UhNsGAGsW3lCG3apxrD5 colin@colin.desktop"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG+MZ/l5d8g5hbxMB9ed1uyvhV85jwNrSVNVxb5ujQjw colin@lappy"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPU5GlsSfbaarMvDA20bxpSZGWviEzXGD8gtrIowc1pX colin@desko"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPS1qFzKurAdB9blkWomq8gI1g0T3sTs9LsmFOj5VtqX colin@uninsane"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPS1qFzKurAdB9blkWomq8gI1g0T3sTs9LsmFOj5VtqX colin@servo"
       # TODO: should probably only let this authenticate to my server
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGCLCA9KbjXaXNNMJJvqbPO5KQQ64JCdG8sg88AfdKzi colin@moby"
     ];

readme.md

@@ -1,6 +1,6 @@
 to build:
 ```sh
-nixos-rebuild --flake "/etc/nixos/#uninsane" {build,switch}
+nixos-rebuild --flake "/etc/nixos/#servo" {build,switch}
 ```
 
 query with:
@@ -18,7 +18,7 @@ see helpers/universal/secrets.nix for some tips.
 
 to build a distributable image (GPT-formatted image with rootfs and /boot partition):
 ```sh
-nix build .#imgs.lappy
+nix build ./#imgs.lappy
 ```
 this can then be `dd`'d onto a disk and directly booted from a EFI system.
 there's some post-processing to do before running a rebuild on the deployed system (e.g. change fstab UUIDs)