argon: init system

agenix/hosts/argon/config.nix

@@ -0,0 +1,21 @@
+{
+  age.secrets = {
+    user-daniel-password = {
+      file = ./user/danielPassword.age;
+    };
+
+    acme-credentials = {
+      file = ./acme/credentials.age;
+      owner = "acme";
+      group = "acme";
+    };
+
+    tailscale-authkey = {
+      file = ./tailscale/authkey.age;
+    };
+
+    weewx-proxy-environment = {
+      file = ./weewx-proxy/environment.age;
+    };
+  };
+}

agenix/hosts/argon/tailscale/authkey.age

@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 MtGp6g MSB4LHO5ylgHxGfLDgMKyIrC+1tbcJjg4COxsChp12c
+1mQyLIhrjT3IaqjkMolHewiZBpXQ54IrBP8VI+QmgD4
+-> ssh-ed25519 1fcLUQ Uvw/+gXv/B03o7lw8UrCGV33sPPnYc2GTHPUqJDP+Xc
+4KmZAO+nB4ZcNFSLvSw4ZiOAxwvEhcqljTDq37eUJxg
+-> 2n]G-grease 9w`dL[G K{0VS 1*\j
+
+--- assYGBPVppp1CC6zKOs677mfff+wpTfJGBIXcL5o7Ro
+<(å®
<0A><>ñ<1A>~Zt£<74>)Ê
[:ó£	„ê¢íiòɤk2uàP)@'dMÁ`ÙîN£‚›Ý<0F>®[Â@T?˜&Êú×â<C397>ÒêRü<52>ÙÆn„—VÍ!Öµ•˜è

agenix/hosts/argon/user/danielPassword.age

@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 MtGp6g U64tjf5zAbKc75lCbHo62p2KNcfXQt52yJHiUTpJg14
+FeiGVg/RnR29rmqE3Xpy4eMtsp3IHoszyxjSsOxa/Fs
+-> ssh-ed25519 1fcLUQ rIwdZ+Y34BAgOPpxgn07Y12hfdZ3WgYZSFFA5vzbvE8
+EdbSNo1esy9Cswpam5sdgoy0gEc8HkNociwsYpiUqcI
+-> =P.Kq,e;-grease 4/;kU&<q R V
+YSXJcc1Cd1KRqZVqvg
+--- GLXAST4tBdr8sc/uxG/wqn4C+YQOcZmm1AuqQOddUvg
+‚Ë#—_<E28094>[€Nò=R—F	ŸR ÈjÕ°ÐÇæBkÓ3~º}´Œs<NgÆ
7©t°Öœ
+•æPDîÉK¼ñj÷ëQ<C3AB>àXŠ´}*¤•%‰®ñ¬éÒ×É`üêb‚Í‹>”E¼í¦äÎ@ïAÁ)r`,ËSFH¯dºÏìÄZ7%æŽÇ2E7@‹2]µP\‡c

agenix/hosts/attic/acme/credentials.age

@@ -1,13 +1,9 @@
------BEGIN AGE ENCRYPTED FILE-----
+age-encryption.org/v1
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBZWEFs
+-> ssh-ed25519 MtGp6g DslZcdbEJXsgQOXutAA28YdnuVEiPLNxirSYMAD2FEk
-RWJpNlRUZ1ZFTWtRajhvU0JieWFBNk50L3hTU1VpYmYzdkw4N3hZCmpadUsvc1g3
+ODkI3TL7vI0IV/MSVWbS1D1wsjn08bzxTkBtMcC2rdU
-NC84dFJMZklKRm9KRnhMWGZ2TlJTQjlrYnJNL25vN0hwZk0KLT4gc3NoLWVkMjU1
+-> ssh-ed25519 sVf6CA TSOraE+TswUinNv50TM9Lm9oLLxtqNAh82c/MAdBgRg
-MTkgc1ZmNkNBIHdsc3N2cXJOQ0NNR293M3J3V2dPNXBDQzhXL2FwYUVSeDFkTmZW
+CB9r0e4VHevtDQL/3xNg34/QSCImVk5tQATVXQysOqc
-TEtiVHcKeVVTNFVpYnRHY2I4NnR0WGk5OStITVZKQUhiLzVKdzRMM0V5dzA4TFow
+-> 3ZTo(g'k-grease c <] zy
-TQotPiBaRGQvZHYrLWdyZWFzZSAvTTAocTUyCkFBd2I0cTZodUF3SFpZRzdaU1l4
++jjPLQTWp9/HOKUk6IiSwgbUVWDPcPa9tONiUweoYYWPnH+bL7mATIOaS34/PA
-Q3k3Q3BXZjl5eTM3em5WZ1JCcW5SZmRTWStBMkFxQ3RwV0JXU05ZSE1PbngKTE5H
+--- 90yUb8QnWQu4fS9C/ZsxhBwYnnU7fhE1KetrVeP6jBQ
-cGhPOFp0NjBoVnAyWUdLTVFNclJGM3BhZVdlU1Nnbllib2Y3S0dYSQotLS0gN2xU
+pu''-FK$Na:T·XøQ‰A¨Ž0Õˆr<>!Ýe(€²e²ðó>9ª”ê¦ø<)¼j¥@Ñyª&– Æ“hkÇM"ȼ4çߘu:ÙÚDµ®§jû¤öðƒŸY
-OE1uSXpPMG9YcFkvTVdqZ2dlalA2SFFxSXRZNFNDaVVpMVFoZE13NAq9+hYgo/p8
-DgxCfKSB+2SptR2K6Im1p5wc3MWTqb7pypm3Ag2PSc6AhQDlWmm0/ZVU49ux/lIT
-gpjAaCc0DLo7ata/rBHDpTYUt48O+Ot1pTDkM8k1te0vKoSvXi3DtZC/7w==
------END AGE ENCRYPTED FILE-----

agenix/hosts/attic/tailscale/authkey.age

@@ -1,13 +1,10 @@
------BEGIN AGE ENCRYPTED FILE-----
+age-encryption.org/v1
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyA0RWxY
+-> ssh-ed25519 MtGp6g klhDMFv4exDFJWgCvrnOKuq94w+BNW4lrs+Z67zmzGg
-emZBSTBlQ1hTRkhDaU9HaS9JMUpCaWRYcHB1enh2TGRUcmFwZDFrCmdkZDRMY0hz
+eTkqX6c2lbR+olFS7M7YDQLSLav/k+UhEW8Zg5fULFw
-MS9ERy9kcndQVC8wRzhZK1JWNGlobzcralBzSjdZTGNSSk0KLT4gc3NoLWVkMjU1
+-> ssh-ed25519 sVf6CA tCvlYnJONVV9QTb9zAUPT0D8EEkCCqKGfoF6+bOT5CE
-MTkgc1ZmNkNBIGJqRHI1R2J3dTVlUmhXNW1JaTNvNTNBcVJyTmhuVlcydlhiS1Vn
+2L+wcL/c2tw+19RykIUpFzrjtaxzmsOKinCgnWYVf0Q
-ZkVyaVUKUWJjNG83YmNmV0wwcVd1L3o4bzh4aFBjNGI1NzJYUGtKME01MDBkOEYr
+-> s}I~&9-grease \$RX.n=
-cwotPiAyaTEtZ3JlYXNlICYpR08jeiB7LCVNc0R4TyBSdGFnU0wgMT49d0hmdApW
+JH5ASx5rlWPLH/abJSr8o0QI4e17aK1HZrQQKweMEsoGXA7POgbUiow+XBt+MP8/
-N1pieTVZd3U0NVJ6VXR1dFlvSmtRVFp3Yi9SSmpxdStNTVE5SE80ZUs5RDhlNUI5
+PzKaC14zI2mTEzWiQvjlZH6pUnGUQkGE5zbxouWR3ovQVk8JtclO
-bDI5eE45NWROdTJPVE9FCkQyUUVyZkhYVldEUVlqcHFBK1ZhCi0tLSA0VVBZR2c2
+--- 5My3p+I2aFCfnzjU1oC5Joc9Q4/k2bCNZv7Ilj/h65g
-TTBIb1hTWnM0TzRpUzRqZUp2QlpLWDQ0ZUJIcFhKUWMrR0Y4Ci83j/AYh3pgxFQA
+-!×i×:¨«­é
<0A>mK}Ç“mRPú¤T© ð™*Ÿ[¾XüFÑLÝú€Áã,]׌åå´—‰že#4<>z¡xkE¶8ŸÛ'¦/ä	OGAÏ×;ñƵÈ<C2B5>Qí
-iaWWkiOCPIAh7J8D6vJhpECGSxrfFlPyzVWSVoCtvFJgcOlsrsm7kUkyisbG3O7I
-AqgBfmCyJbkhjMzKl2RbzlV1IGnJeFP/2jFnXGHC6w==
------END AGE ENCRYPTED FILE-----

agenix/hosts/attic/user/danielPassword.age

@@ -1,15 +1,10 @@
------BEGIN AGE ENCRYPTED FILE-----
+age-encryption.org/v1
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBtY3Nl
+-> ssh-ed25519 MtGp6g LNOEk3AXwGl658cTFbFvoICbrlhAIH6DILIh+Jc5knc
-OG1NUkZKaWJ2WFdDQWkxc3B2cjFOOFZmR0RyWmtpSTRSZXJJbDFrCmhMZ2xSdGtQ
+l7dm0Q4Z8GwFSzvoHf3LFUerYBXUeps87z69zZk3+tE
-bjJpY3ZhM1YxWG5LQllGcHdGNDA0MEdydUFoak9tTHZ0cGMKLT4gc3NoLWVkMjU1
+-> ssh-ed25519 sVf6CA JwHPawkaLzeFIvtj5lC4evUdSLFXfBlqiRqGhi6mcR0
-MTkgc1ZmNkNBIFlYZHlYWnJ0YkdoK1d1NWc0K2ZoQ2FXWithMTBGYmJQNFBuK09Z
+pQP/DXnLaxNocMVok53cWGbAgvS/zEbS2uxWX+YvVQ8
-QzhzR28KSkM3L3M1cTl6bGoxN0dCenI3bUh2c1hVaTFvRXh1WFAyc0N2N1l5YTk4
+-> k3jDW:F-grease
-NAotPiB5MjMtZ3JlYXNlIGcvO3hMd2MgVSBkV0IgIjlJXigtUjcKRzFkbkxBRkMv
+ORZpRxVBdQGP1F+Zc+tsJP5/ccuQLmYEeB/i40kAZTcgeuPtN6HRZ9DfqsjLhwfx
-VURiVHhpUFdEUE9CSDBZR3Y2SEgwMk9QMkVwNzRobGk5NHZqQndOV1hzUVp2KzVz
+oAPkZDQ
-dXpsa1hWVQpZbWgrMFJUYlcrcW55dENqSnY3SXhKcG1oRzg3cDNRcTh0WlV4a3VS
+--- vvt7wsQx4VSYTSF/K+Gb4tGIpI82G91olEaqUvm9gxM
-eE1kSFlUallmOWFMR2cKLS0tIGxyaS82dFAyL0g1aXJlNGRBQXFFRTR1dlVDaGhn
+±<EFBFBD>ù´Ó÷&#¦§ôé­¾barÆyÇ.”x“”€ÉH&y¥¡Wàô‡é
õ„ý(¼Lã§,:Ý‘õ²ÏûîzK}j8|ç›yÀ»›[çXÁ	cÃðÊõÿÀÙ\ë?¥·³Ä%j-ûZÞÿÔÉ•¡h_àÚ†^úÔXNõ‰BÐw˜<77>œ‚ìÔ
-UUYzTGlhaWh6WkRUU1EKRoZpIw9V8TPzCZ1uKMFKIIQBXXMdgl4/dKha6WnjoIbk
-ASDFOC0CRcL6LE1yw1ri70BRKS575w6dSt3myRIAYuDOScVTdu6i6aceS9Llj/oz
-FNT1/Gf4cpMB6itAh27+3gGy8xiGt4wvvnDRc1R4M8M+wTvIZr0c7Sl1DMfCHcuJ
-7wvjpXpili0JOw==
------END AGE ENCRYPTED FILE-----

agenix/hosts/mediaserver/acme/credentials.age

@@ -1,11 +1,10 @@
------BEGIN AGE ENCRYPTED FILE-----
+age-encryption.org/v1
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyA1TTFz
+-> ssh-ed25519 MtGp6g kw/hxMdmfaeoZaZuzOs6D6NQDg0uw0te/xIC1ig0CRQ
-TW9lU1N2VEhQa21mV250YUFFbk1LL2xYcmEzT09SRUMxY0IyK0JJCnlCNjkwR0Nr
+75WtQJ5+yJae8ggB/Lc7Ojsf02zuGUtFmjbIrmn9pj8
-VEV5TVk0aHhjOUNodDZZaUpjVlRLa1ZsY0F1VDlqMTZCencKLT4gc3NoLWVkMjU1
+-> ssh-ed25519 Y94Yig Kole+FkRwVj74aP/M86s9gT8qNnfXSj4fVndlkCSo1E
-MTkgWTk0WWlnIGxMbVhCWEFuQ24zL0hoUkJSVzdycGNDRjlobHNma3hYM1JyZ2FX
+0Eg9XeabpYUWsZ9ACxwAshpClrl80D+vvpFimAPbIP0
-cGRIQXcKTkRWelc0dGJIb2Y3UStZZng3S21VNytQUWZQNGtRWGduY0VKNG9lVy91
+-> MWBvSZ-grease _
-WQotPiBoby8xQyJHYy1ncmVhc2UgZW0jazMKWTYyaUwwdEhyUC8vb1EKLS0tIDJT
+R7vhLfAa1heAGRRBqKbgob3fIml3HEEoB2soDw3NEU25qvqVmrGq2K7JQPmmh3vR
-SkRBK242YTA3WkNQU3N4bFJXWnlKcENZa0xjTU0xU0NJOWxNNzlKSFkK9F1rNSdf
+vWfDK6j5dyIGZHxaSElWTkL9EbFCJRoTJ3YbfAkAQl0XrSc
-76qvHTa2JYv/7S/f1EbK5Y9DX6kgnCgI2p7O2Ywh+mtzon8cFl/UtxZ45fxezFX3
+--- 7HsStyCAvdGBkspUWV3Ncjn/5hst8LxkBCBn72M8kR0
-COdO04nAScl/XCzD6RHI71Q9HxpEOwGg5qx8uqVFubePBsaFXmIXOPfmo/U=
+•üMÕƒŠü‰…=ö#Ïra5‹Ö²f Ÿ ´,ejº}m5Í	ÄNBpÍ(l4nº'Ý÷ö¨æ_È…Å<E280A6>> þ:Úv–->‚ï…º$96G™&˜8ûY͵ASâÉâ
------END AGE ENCRYPTED FILE-----

agenix/hosts/mediaserver/tailscale/authkey.age

@@ -1,13 +1,9 @@
------BEGIN AGE ENCRYPTED FILE-----
+age-encryption.org/v1
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyB0MUhv
+-> ssh-ed25519 MtGp6g h74pL3awChmTkZzkbne2+rzjNwk067747QW5Z+6yUhQ
-MDhGSEh3SHdZM2xRU0E4REQrRlIySTdwVUpYRUJGZ0VvSTg2bHc0CmhXRms3TFR0
+7Xtv1G5K+t2tKsByHiVz7nmBEMXAzeznrNd1XeJr6ls
-T0NlZ2FLUXBKbGF5WDRIV2VHczB6VE92OUczcnJmenhVWlEKLT4gc3NoLWVkMjU1
+-> ssh-ed25519 Y94Yig +Tf9z/WZbA5bgQ1H8R5QZRB6OnUq83xM2zDAXXBLjWU
-MTkgWTk0WWlnIGNFdGZDL2ZNQ2xaTlB6ZTNwRG1YbGVjbkhSaVNDNTBOQkdHdy9q
+wYSY5rCQYWXFPWVL0cCLcFOLAgisq+5L9LI9RyUFM7E
-dEpoVTQKcE1YdUpWc0RDSmRiNUh4UU43aTlYQlJZN3Y0VmlmRnpxSnc1MmhpS1lZ
+-> 0e-grease LB fw E5
-SQotPiBrW2YtZ3JlYXNlIEw2cyRtRCBoZHUoLSUKd0dyOGhPY1J3U0tJbll3ZnJC
+YA
-Sjh2Yi9leEZyS3gyckdPZlFhMUNOK2wvclFmcjJQQTBCTDBrZXl3bFNnVVR0SQpE
+--- Sd0E1+Qg5kuFVEY60MlMux3HCFq2T+Qh+oWQaMnNc1A
-bzlidWtwMXdlM3NLS3dBTkVpZllRCi0tLSBrUmtBNVJjNnVwQkdvaDgyemdtM2Fo
+WùVCOsåΫ3Zܯý4dwþ0Aè‡vºH¨ð[´¹’Võl¼O~fÛ±O᪷úº¦jY/Pwx]ì+>L<>ydz!ÿ-í·MJ`i­Fdš´–î
-Sjd1V1VjMW5RemR5aHNyMWhML3hFCk8aT0cMr6BOGrcE2LDgs/MWh0cWOjw1C7v4
-rHVokUPFnSYDVosSV3eDmglyNYPiZVtbXkskHoEVu0OB5zkTDOXsmC0Ihd127ygA
-e+qWyqFq4eMblaoBIc+dUQ==
------END AGE ENCRYPTED FILE-----

agenix/hosts/mediaserver/user/danielPassword.age

@@ -1,13 +1,10 @@
------BEGIN AGE ENCRYPTED FILE-----
+age-encryption.org/v1
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBMUzZP
+-> ssh-ed25519 MtGp6g QCyzjaRfHcYzhP9g4/XGHYqJffhAL32EmSTugohV+EM
-MS9jajNJaUZnQzU2cjlLUlZSU0k5YzNEdTF2VlZ1WVhRa3daaVNRCmM2OHJtYXVt
+AShFBy/bjE5VKmErWCWpn9A/kVGHigNFDuPuRNdnd4s
-akpqS3IxUHloR3N1R2tvM1FXZm9XL2t6Y2xYaDFpUVVPZ3MKLT4gc3NoLWVkMjU1
+-> ssh-ed25519 Y94Yig 9BQgoUAgCwAtCBZAl7ntpo5QI6odSB0XvaEycNAu8Fo
-MTkgWTk0WWlnIDB6OEdkc0JoQjdTQjM2RmNQK1NLVDF0OXEvM09EQVJqQ1c0Z3Rl
+b2eThql79+kIEROlnEgq0DipdGLS61XIfXawOZb9VA0
-dXZaRHMKcGQwK2dwNEI4R0MwZFkwT0hSNithc1FjZkxna2RzbHd5bEx5N2w3bjZt
+-> E|Gn+z?-grease F2 f
-dwotPiBASEAhLWdyZWFzZSBUKwpGTXUvOHhFMEJSc0tEWUF4dFB3dTJNZ3dvc1p4
+tX4movu8fpFPkoBpkwftCwk1iiVslnRCJLJ5gVOAdhPIPB6SfxWnXuA+vvU
-R0c1VS9EQ2kKLS0tIDQ4T2RzQTJXZ0tSOTN4bnM1NzIrb2JrVHA0ODM5NkxYczN4
+--- YdkGvLa55xej0+6O86ZYQvFq6qm1tncqppNflhq/bLk
-aW55eFp2VlkKflcGYpyoxjqM+0ZWERBYXstYzpWVW/2FWBRbfDFUBwISHp5qJdJz
+ãé]W/rS$«-Âö$¸`ME«á°<C3A1>ZSTSžsX	ˆ…${ýéÌÛ'_Ÿó”¦*7y±PJ¦Û©Qœ«_AŽqqý먥,JEH	@âëòæä_rºË%õ&‹‰	™úšbq~QöWã•Õ¦ÑÃýR
-joR+bIe2Gf18qRZf7NOvpqfOsl8sU+kfYKb1mG4bTZ4fsR8X24fDFgsJw6VLHgPj
+ê׼ʺÓW<d&2<>vXÒ–*«i‰i
-7ksFOkH+VEFEsIBTdccYs9QMUvBA0PrDbk/UylQGpCpzRjEGyCijLGpuPjWZ+O+Y
-ZeKPaQ==
------END AGE ENCRYPTED FILE-----

agenix/hosts/sail/acme/credentials.age

@@ -1,14 +1,10 @@
------BEGIN AGE ENCRYPTED FILE-----
+age-encryption.org/v1
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBDa08x
+-> ssh-ed25519 MtGp6g /0mUj2HFKLDNi68WSNo7AUzVPzYo2P6FYL7s2wezywk
-ZG5Vb2tJQVBubUladFk2T0wzSll2QW1TbG5wRWw4emZmUmpITkZNCjRkeTRPZnUy
+axlQ+U9bJAws8svdsQ2yrEhpvrgjmvukuAPjpr+eJc0
-TjZ4VUZlTnRGdUxxdW8xQ29pempXdHVoRnpzUEJ5b0M4MEkKLT4gc3NoLWVkMjU1
+-> ssh-ed25519 NbV4hw 5xhDSZOlPky3UvTHpznrB8AqQjyssU5HJqEpoGQ0wkw
-MTkgTmJWNGh3IEJVOWtXRFNzdEk3NkhocWtyb3JYekJ6MEFNN2dDM2N4cXlaL1Rr
+N+XSv3maCLpMu8bEawrk7rUk+ZimKJRJKbrePUcsqOs
-YkdFRjgKM2VNTFNQTWdqbE9VanJVL3FmeWQ4c0ZuOThaVWlRdDlnTmFMeEJYU0lG
+-> e-grease `*$0X[e 6)& M3<a2_ lstkG
-OAotPiBEQTZTa0d+PC1ncmVhc2UgMSB7a3QvKUxTOCBJM344Vj5ZCndISGdYVTI4
+rYBL9bPjctGG45xU/OfmmJgKcOKflNBE61tjH17IKaT2dPIMYXzNTJ5z7jg5NSWH
-ZG5ja3FNUTlYeTlEczBiSXdySVNHVEo1SElvdHZ1ZnZ0eWhCZmlKclo3VWpJSlox
+q9ECE1y9Q+o
-b0ZtSkk1VXYKMDF3cTFGNXVwMnd1Zm1pVnptY3VjRExHT2t1RklwQlEycEN4T1Jj
+--- mE52mLHBr4dAn+4T6Sg/WCdn2jtfDUlhy35sWzB/TUY
-U25zdlNTYmcKLS0tIFZUcGZrTUtTT3djZ3d0VU05aDdFcDk1Tm9KN3NTMnl3alh3
+a}>nc´<63>	À[r¤HŸD2ŸË¾\v§étahX“3Ü(ØP<C398>&ï5 çá¸!<19>|õò€Ë®`nêÁ•LtÅ_LVê`nÏðå,Ã`X_¯+eÍ… EÕÊ[mO_‹×˜Î
-QWlLN3BaNWMKFSyXplcynqnH04rkNdl+7Deq0sUTr32SvZJsYTWaqGK2x6BT3tYY
-C9qbNY7N0kG8XAtWFUvIdlhOTQPgouiyBc94OtUioJgqx/j8+85REXqjiio1Emkj
-7EPYwRgeatQl4CA=
------END AGE ENCRYPTED FILE-----

agenix/hosts/sail/atuin/environment.age

@@ -1,14 +1,10 @@
------BEGIN AGE ENCRYPTED FILE-----
+age-encryption.org/v1
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBCdE14
+-> ssh-ed25519 MtGp6g 0hWrwfexWC7VgGb6GGZi7hbACRDxYRNXlsFrmXAIEiw
-R2tjZkJINUFjTVBwOUR2cmx3SEZ4NUpKYlZmcFBLSWRrMU1zQzJRClRUaFhMSzdV
+QcICViQGVktlUalatvBBHD/H3uASbcwK9SCO5F4xbQ8
-MGZLYnNSMWRKOWIzOXVtS3pmRDNyTlZSWkVmUS9WNkk2NncKLT4gc3NoLWVkMjU1
+-> ssh-ed25519 NbV4hw oFVVxqJeZjbmHkSLsg96kCKgARheMYkvJf1pKMSUqn4
-MTkgTmJWNGh3IFJuS3NkQ2UzTjRjTGV4cjByRW1mRHl1VmpEQnRSS3RyRkxlTHRC
+QT/d4FQT858lIqrNngI0xOT7pLlJVn64VIEhSeoYcEg
-bzRyekEKZCtiSitaejhmRDZyS2pPR0ZROE00ckRtbUx1bHIySmVkWmZnQVBXc0xQ
+-> D"A\4L4-grease TiT>[b%D #aq q[;-n EdXt&&Y
-RQotPiB6azY1LWdyZWFzZSBSNFBENyQ0ICZACmNkR0h6OXFwT3JnTnhINUoKLS0t
+5EdxN4sgedRoDPWsWFKvQjHLLyagraSy/GQP8OhaZS0Litb0ipxgFIoheGDNyyX4
-IFJCKzRXSW1kR2d6bHR6bjNGVVZYWWRjeEdkZzJkdlhtN0pHVG5FbTY1dlEK70F/
+HJnXx5SQ/hkVuyMv8HGM9GwFRHodDVdM9w
-nw+k8Orhf2kaTlLfXD5BKdKLaCAgEBr7TN0hVy7kq8SNUCjr5cnRbdVy/AAhcp+T
+--- nJbxhp1UbqWzLvBTiZDS4nIV7nTIdA7oS0wC2nvzEl4
-JzAcd83FN8nFyRnVxPOdlgDsFqMyhdrvqneGkmtvhqCkuME6AmL4Q6x1SqCIc2BM
+¡9ˆ%PtêMŒÔ±À>0ÏYPEƒ¢³LØ{.<2E>æ<>[·>Тíï<C3AD>£×
Æû¬Õß¿*Y¹Š	¹³‡ú¶ø–¥4–†·n)Æ §ÇIK80ÎÉoðiãƒüiG2€ý–klþhíFÎÒÐîà@ZÄÜëMôø%•úÌR¾&–ÜV½«îœžA¶KUY ú|K<>nkÆ%™yk„®þ½°ËˆSÇ®ÕC>=.ªÎ•d!^ÓJÒ[ôz°5›ÔÛyÇެѮU=Å÷ÄiýS¤Î-/½ÒEÖ
-AlTWmyfYHcZXjQmOoPyPjVl2SGBTy7D7bozZiqT5xsV8e0M4deBbqWBAngtPNOWd
-6bePMyUnUjPko7OfI+2/JPUs24FsdAUbs/7gPjGC04aXZrRJdEms8jJ6RRw0QTYy
-1XuTRVHpOM62Rn1jukVfavihumowyg==
------END AGE ENCRYPTED FILE-----

agenix/hosts/sail/mastodon/databasePassword.age

@@ -1,9 +1,11 @@
 age-encryption.org/v1
--> ssh-ed25519 MtGp6g kj+4E2M6w0BeKDFju23lE5jzo2NKSu7dq54WYZ6Ev2I
+-> ssh-ed25519 MtGp6g BHVqOYqAxl88lFQQs1D2oxHAuZ7E4HSAUlZysn9kmQs
-tYCT8sTAN/CPspF0CpuJGZs+v7SohqoPS603KIuC9P0
+asPKs1JpbUk9gfGbZOQyyT567c+XCMSrM/JizXVgGj4
--> ssh-ed25519 NbV4hw u2SbT+zAyUOklReSOWAixVG+xLDqHZJBFB+WRKIRMh8
+-> ssh-ed25519 NbV4hw eCuSnWhbg8swZtNMZIirU6sri3Hc5+5rLQi9DUI82Hs
-OQF6gfP+l6tkxQuOnLyJjRPuBqqEJodEkepPCziAS/4
+mAjvnx+NybVEh6rN1PrBXZgVp2eMDCDU6pm+eSALehM
--> kd_S`/h-grease
+-> DtQ5-grease @$2={ Y' !Qw6C
-3LGIeeHj8FVmvvGbWRqpHJ5hq+HF2a+aexz3VEdiD21A/oY84iE
+ZVoPVcXGSqGvwFlT+L+OwDGus0Au5sXx2wtESOpzwEgImUndNxzgARLAuO+oOzX/
---- BmBLCcoSzVhteAy3BObVbIKIIENsMjaFxTCatrMSP4Y
+722ju53IqUGnvMh5IybU8suMm3R1CBo9FoL5Vc0MUBQEp+kHG4UbCU5pjkLld1a5
-%<ã"õ;Óö3îŽm…Gy^ãáËaa ÷Y‰%
`"0©±F«²$F˜5LuÕó{"(
+
+--- zew38IQLg8t/0n4Nmf7PpEI2uACfZdbHZDrMWj9v3PU
+(<28><`•ÇÖŁ
fâ%/Ç7ı+Č?Š2Ż*Ż
j«=g”
[Â<> «8?ăś˙Ľ|

agenix/hosts/sail/mastodon/otpSecret.age

@@ -1,10 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 MtGp6g fnK6JuXaG6Ui6QyyrZatt8lTWgT12LbuyEl9fi/atBc
+-> ssh-ed25519 MtGp6g hsE2kvTf8occU2CJg+Ro52qm+ec1gNxBoQtCeHzZflg
-9JQqyq0n/jwti4M7LSBovfAUIoyq3/z55S4ibxExBhk
+b85OF5ipJIYlBOlgpUqNw7XK/MB+Ftd4pHMqjN+ArGI
--> ssh-ed25519 NbV4hw ya3y2RsNpSDpI7d6wIHTg8j3FYb0LPDXsAtumPtBFxU
+-> ssh-ed25519 NbV4hw dYum1uJ8J+Nbrz2UWZiijdJQ68QEac+NS9YM/h3dj0c
-eKsy13xWUvErMsieOKijxQsWegh3x+Y8gQeI9gzCNu8
+5lGJ2SdUnEp01oTr/Hm7IEj/0he9be37RXxmaNsOhpY
--> vV(u$9-grease #<.W T +
+-> =-~;<1--grease Zhb7zWk ]\1S-]W 1!$YB[ UM
-tjkBjlXnISe371f8BEZ7qOnQ7jtdCuvu8Lnr0JHjMPl++HC8R6fOlzcwNtMiNSC/
+urANgmNT3fiJft53WEhRmALdnBMcU2f9hjGfYrmBduXQYbqF50EUCBqLt+3hrmw
-bZ+YiTl/eEPQDGwY8WlAS/e/rGWy+w
+--- 3QCLu9/P+Dyvd2iVSo7d1fO0YC5D0gglZIFYIDrMGV4
---- sNqULAmuZaO3IvYjUJQamlpOw/GGQSUcTW0lJVXGhCU
+És`Ë
Oâ<4F>âÐ5m‰Cy)ÅÆÑg„
Û¹Û2ÜßÍFG_Ü8h$Öz«€àÇ¿J©ŠS†kO»ziL¡úR·EŒdœB
ƒB ,47É*Sj<53>$Ö'u#%½<>cª‹ÃŒí#«šåRöà®ÅnסNÈBbØÀÜäß·©«ç3È<'s>ß bœÏZô|AÅíLðŽåUõlCÀ{þ)!£I€
-÷“*…âˆû,\èAÌ`sR$^Ì•?`ŽL;ÞÂ<[ž"ØÞ×"þ’*=÷ç1Û/Þ+)²ªZ<>Áj×¾<Áæ‚æ=ÎFX<ñbÞµb?vXÐ!¦æhé(²C}ÐBÔÂv̓µñq¾£EïÛ6Àª¥K„Ó˜wYžô‡œ#˜Š²E9.³Å=åYý(Í<14>WŽ ¯ôOÕa¢²ná

agenix/hosts/sail/mastodon/vapidPrivateKey.age

@@ -1,9 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 MtGp6g wI6SPDxCjA42XGOHMAIjDljbxs58O9EBMvNqmP/sOl0
+-> ssh-ed25519 MtGp6g pfAwifbGls2XDS+Pn08B4B88XgB3DgizQytPLURZlVI
-0QD7wfkHZwrx2YX7197cP38rxbjWfsaobb+ZqGuSRhI
+/f/CEHzojiwlVnA8mCcg8JwVAre419Sudk/MMJYOiO0
--> ssh-ed25519 NbV4hw KbzBiDjXZ3ucC53mA4+F/Wk4zCqYCjxQvQCH0SMxshI
+-> ssh-ed25519 NbV4hw 8DaGuQ9G6cZr9GSlqMBlHoTk0HcOKlmVWzz2ytvGB3I
-u1Yz/41HavMr8EedK0aITWix5jFbjW/7r2o0QD4W4H8
+bEEtNtIPiS2RdxwMLhNVU4We1+gf1N6bL9f2gjS1wVA
--> 7l"<0f-grease
+-> Em:17j-grease G1mw> $hkViHO
-IoNM0Lcjd38O+RHgZbI54BVLvQd7osB9OnaMkSE
+0StibfZj6Bt54P+9csvjWxHJfPaTL72gK+bnmPVDBUNsTAXVwoO6Ed25t0LwsY5s
---- 8X+0/9QuJP+F9//y1TOz+cw4Ry603mia6dTb5ZUNbB0
+PbnGF3EjbMba6/lte1aDS3uaWqUcx4OT0NQ3joF0je10m5gPd9VptKKWSEg
-Íô«“ñ¨ˆHg?ìÌï}»Pýˆ.‡.%>¡îúÈΪØeùh9ÜƇ¾·ù9ßûcÑyÍ ú[ºs¡×æð†z+á<>Ú¼óàפ
+--- zHAFp0QAwZsfUf8v+KIqSHo2UutjLHqm6WGXqW2iy9Y
+_›aťü*bKĚpNiů Î’ÖCšN9™¨‘ÎöóAŠělżťâá<C3A2>\g(bÁ-ž‹WB±uq¬\Ż’<C5BB>ÎŹ÷šěpéťfń–,ŔŁţ)

agenix/hosts/sail/tailscale/authkey.age

@@ -1,12 +1,11 @@
------BEGIN AGE ENCRYPTED FILE-----
+age-encryption.org/v1
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBGMEx1
+-> ssh-ed25519 MtGp6g Sk2HTzPviEFNJaD/G4FfYC1bv7aH4fQbEoEdvI/PMUo
-MDZxTTlPM3I0OW1jeHFoV1pneDNLUjIvazBZRGhYQ3oxak84RmlnCmRMU2VkMi83
+f0lLi1o/RyadEbkHbXjpxzbuRT0WSMM/ZVM/eT3J6tk
-Sy9vTEVoaUpGZEljMEExU05jZmxvS3RZakVTWmhidWxVN1EKLT4gc3NoLWVkMjU1
+-> ssh-ed25519 NbV4hw TAR37t4C167S7DhZSJnRjV6YUtRCiXFI/ISMdT9rhVU
-MTkgTmJWNGh3IFgyS0pZRTRScDU2REppODhQYlZMeENMU1FlbDVzM2UramgyNktR
+rn7TyQNB2oXlns5NU6DwHMVYCBFp/vKFilc7z6FDrss
-K3RCdzAKT1QwZVVKa2krZERxeVlqYjQ4WFZBZ1d5eDR5Sm4vZ0hCKzhnNk9Vdjlw
+-> ]-grease
-SQotPiAxfThiLWdyZWFzZSBFe0kgPVp4R2IiTSA0bgo2MzU5K0U3UFZqS2NQUDF5
+RmlKK+z9Gjb0eNJ3GLbC9DjuX4Rvj/aq6w
-dENQNUNhSkVvdwotLS0geFBEM0d2MHQzdTIrL25Ka21FaGxjUjNpazFhdGJoQ25w
+--- sNgUQAHFGfm3s3cK7GnUeLWfmDuCgNIsJ2Y8uKDSuvI
-Uk5XS1ZJaHhwcwq968fFE3WeIkYgzqjHkDbJU6t0vBqII6/urAckSzfR/2PIrSJX
+&ÚW¨Y]*t:Ž’ŽJÄV”áEøîö(˜¨ÊÅb¦Ê[. ¹³$y’&
=upBÜz§ãm™âãW¿­
-1pg/U1U/CnTe15PnIopE9qB7gttNaaec0z6f2lzvYudfIrydhUzr2hHy8rx79XJS
+ª!>šŸýÑx4
-L0CBK+E=
+IIü’QÇ,(¶¤7xõS
------END AGE ENCRYPTED FILE-----

flake.lock

@@ -253,11 +253,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1685885003,
+        "lastModified": 1686142265,
-        "narHash": "sha256-+OB0EvZBfGvnlTGg6mtyUCqkMnUp9DkmRUU4d7BZBVE=",
+        "narHash": "sha256-IP0xPa0VYqxCzpqZsg3iYGXarUF+4r2zpkhwdHy9WsM=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "607d8fad96436b134424b9935166a7cd0884003e",
+        "rev": "39c7d0a97a77d3f31953941767a0822c94dc01f5",
         "type": "github"
       },
       "original": {
@@ -276,11 +276,11 @@
       },
       "locked": {
         "dir": "contrib",
-        "lastModified": 1685945365,
+        "lastModified": 1686106284,
-        "narHash": "sha256-pnxdrmkacMD+WafBM/j1bpRgIK84gsmRLRtLFf5K2gI=",
+        "narHash": "sha256-UsJTmzpM6gtQDo4QnMNjCNSQSlqlRoUWwH8JL4ZLRxw=",
         "owner": "neovim",
         "repo": "neovim",
-        "rev": "16561dac39490921715a9a8a14dab884659ffc3e",
+        "rev": "a217675a67233ca2032cd668e919858d2aed92e7",
         "type": "github"
       },
       "original": {
@@ -297,14 +297,15 @@
         "neovim-flake": "neovim-flake",
         "nixpkgs": [
           "nixpkgs"
-        ]
+        ],
+        "weewx-proxy-flake": "weewx-proxy-flake"
       },
       "locked": {
-        "lastModified": 1685953207,
+        "lastModified": 1686126028,
-        "narHash": "sha256-yfxHv80GSbVeDFubq6rIlLs7eF/1kZpn170wDbj9g/s=",
+        "narHash": "sha256-qZcjDerxaAejZWOKIZ/BRzlO6Dk3kSAcGScImAjHKuo=",
         "owner": "nifoc",
         "repo": "nix-overlay",
-        "rev": "6764c13526e83394aceb8c235f561934b9663c23",
+        "rev": "34792fe066ac58e2441ffc6c854ef6c809c3d91d",
         "type": "github"
       },
       "original": {
@@ -313,13 +314,29 @@
         "type": "github"
       }
     },
+    "nixos-hardware": {
+      "locked": {
+        "lastModified": 1684899633,
+        "narHash": "sha256-NtwerXX8UFsoNy6k+DukJMriWtEjQtMU/Urbff2O2Dg=",
+        "owner": "NixOS",
+        "repo": "nixos-hardware",
+        "rev": "4cc688ee711159b9bcb5a367be44007934e1a49d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "master",
+        "repo": "nixos-hardware",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1685938391,
+        "lastModified": 1686089707,
-        "narHash": "sha256-96Jw6TbWDLSopt5jqCW8w1Fc1cjQyZlhfBnJ3OZGpME=",
+        "narHash": "sha256-LTNlJcru2qJ0XhlhG9Acp5KyjB774Pza3tRH0pKIb3o=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "31cd1b4afbaf0b1e81272ee9c31d1ab606503aed",
+        "rev": "af21c31b2a1ec5d361ed8050edd0303c31306397",
         "type": "github"
       },
       "original": {
@@ -371,6 +388,7 @@
         "deploy-rs": "deploy-rs",
         "home-manager": "home-manager_2",
         "nifoc-overlay": "nifoc-overlay",
+        "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs"
       }
     },
@@ -415,6 +433,31 @@
         "repo": "flake-utils",
         "type": "github"
       }
+    },
+    "weewx-proxy-flake": {
+      "inputs": {
+        "flake-parts": [
+          "nifoc-overlay",
+          "flake-parts"
+        ],
+        "nixpkgs": [
+          "nifoc-overlay",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1686080637,
+        "narHash": "sha256-qM6kb5cf9eC94KRdkfAaDhLYPjlRq525KtCP6TyIaok=",
+        "owner": "nifoc",
+        "repo": "weewx-proxy",
+        "rev": "2c21daf3c42190fde7bda45d94f603fdd314ae44",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nifoc",
+        "repo": "weewx-proxy",
+        "type": "github"
+      }
     }
   },
   "root": "root",

flake.nix

@@ -12,6 +12,8 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
+
     agenix = {
       url = "github:ryantm/agenix";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -56,6 +58,11 @@
         inherit inputs;
       };
 
+      argon = import ./system/flakes/argon.nix {
+        inherit (inputs) nixpkgs nixos-hardware deploy-rs home-manager agenix;
+        inherit inputs;
+      };
+
       adsb-antenna = import ./system/flakes/adsb-antenna.nix {
         inherit (inputs) nixpkgs deploy-rs home-manager;
         inherit inputs;
@@ -70,6 +77,7 @@
         sail = sail.system;
         attic = attic.system;
         mediaserver = mediaserver.system;
+        argon = argon.system;
         adsb-antenna = adsb-antenna.system;
       };
 
@@ -77,6 +85,7 @@
         sail = sail.deployment;
         attic = attic.deployment;
         mediaserver = mediaserver.deployment;
+        argon = argon.deployment;
         adsb-antenna = adsb-antenna.deployment;
       };
     };

hardware/hosts/argon.nix

@@ -0,0 +1,33 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot = {
+    kernelModules = [ "tcp_bbr" ];
+
+    kernel.sysctl = {
+      "net.core.default_qdisc" = "fq";
+      "net.ipv4.tcp_congestion_control" = "bbr";
+      "net.ipv4.tcp_syncookies" = 0;
+      "net.ipv4.tcp_timestamps" = 1;
+      "net.ipv4.tcp_window_scaling" = 1;
+    };
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/NIXOS_SD";
+    fsType = "ext4";
+  };
+
+  swapDevices = [
+    {
+      device = "/var/lib/swapfile";
+      size = 4096;
+    }
+  ];
+
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
+}

home/hosts/argon.nix

@@ -0,0 +1,27 @@
+args@{ pkgs, ... }:
+
+{
+  imports = [
+    ../programs/fish.nix
+    ../programs/atuin.nix
+    ../programs/starship.nix
+
+    ../programs/git.nix
+
+    ../programs/bat.nix
+
+    ../programs/fzf.nix
+
+    ../programs/jq.nix
+
+    ../programs/scripts.nix
+  ];
+
+  home = {
+    stateVersion = "22.11";
+
+    packages = with pkgs; [
+      ripgrep
+    ];
+  };
+}

home/programs/nvim/plugins.nix

@@ -107,12 +107,12 @@ in
   };
   nvim-treesitter = buildVimPluginFrom2Nix {
     pname = "nvim-treesitter";
-    version = "2023-06-05";
+    version = "2023-06-07";
     src = fetchFromGitHub {
       owner = "nvim-treesitter";
       repo = "nvim-treesitter";
-      rev = "1b5a7334bb9862abafcf6676d2a2a6973d15ae3a";
+      rev = "46ddea9deccb0608df416822228786d1a5a2b7d1";
-      sha256 = "0rf603j2i7a1y1xli2yvv2ddl82qnr2sraii5mc442k1lmwbbk8d";
+      sha256 = "17rlv3gqh9glskr3ncnvwa6pgk6iansdl6b2fjyrk3zw5kj99gak";
       fetchSubmodules = false;
     };
   };
@@ -140,12 +140,12 @@ in
   };
   telescope-nvim = buildVimPluginFrom2Nix {
     pname = "telescope.nvim";
-    version = "2023-05-25";
+    version = "2023-06-07";
     src = fetchFromGitHub {
       owner = "nvim-telescope";
       repo = "telescope.nvim";
-      rev = "6d3fbffe426794296a77bb0b37b6ae0f4f14f807";
+      rev = "be49680937e821e4d8522329727e50734fdb9b97";
-      sha256 = "171f5lprqfdyh2lg2wkakzdxkxpzxdd9x2nhmvhv63rbskf0v00l";
+      sha256 = "15bq92f9vvqhzhr6djm8r0vybsm0z030xp5wpf904kir1svpwdgb";
       fetchSubmodules = false;
     };
   };
@@ -220,12 +220,12 @@ in
   };
   nvim-lspconfig = buildVimPluginFrom2Nix {
     pname = "nvim-lspconfig";
-    version = "2023-06-05";
+    version = "2023-06-07";
     src = fetchFromGitHub {
       owner = "neovim";
       repo = "nvim-lspconfig";
-      rev = "664de12a7816dfa348bb475607edfa4fe0122025";
+      rev = "1028360e0f2f724d93e876df3d22f63c1acd6ff9";
-      sha256 = "0f2068l6kcrxxvk9wk8gxswqj0f3f6w6dm1nzmbcvqv4j5mvwnps";
+      sha256 = "17n18dkhd39vkbqx0hxgg6zf1yq1052rlnxpqj0x5p7s0zxwqhmr";
       fetchSubmodules = false;
     };
   };
@@ -297,23 +297,23 @@ in
   };
   LuaSnip = buildVimPluginFrom2Nix {
     pname = "LuaSnip";
-    version = "2023-05-31";
+    version = "2023-06-07";
     src = fetchFromGitHub {
       owner = "L3MON4D3";
       repo = "LuaSnip";
-      rev = "51ebb4b6637290e1b8e0fb0d6f38b605d3c24940";
+      rev = "a13af80734eb28f744de6c875330c9d3c24b5f3b";
-      sha256 = "1ncdr76izf38s9ia11f32byskz2spmb0x22ixvras2g19w2bk63q";
+      sha256 = "050f0rh8mb7v6zg0d779i7hxl3l2bmbjg608rsb34hr8h0qkk5qd";
       fetchSubmodules = false;
     };
   };
   friendly-snippets = buildVimPluginFrom2Nix {
     pname = "friendly-snippets";
-    version = "2023-06-04";
+    version = "2023-06-06";
     src = fetchFromGitHub {
       owner = "rafamadriz";
       repo = "friendly-snippets";
-      rev = "9025d37189f26b6ca0b965a9e5eec3e69c37d2e9";
+      rev = "b471f5419155ce832eff71ad8920ea8cfbd54840";
-      sha256 = "0y3lbpqm2yby1i3mvybkkxn8sfiwbwxs685zpvpjq6l3b184h9jc";
+      sha256 = "14yjacmzryd8mkbi7dkacq0zqc8r52dipdsjyzak45pqacc4wzvs";
       fetchSubmodules = false;
     };
   };
@@ -539,12 +539,12 @@ in
   };
   gitsigns-nvim = buildVimPluginFrom2Nix {
     pname = "gitsigns.nvim";
-    version = "2023-05-25";
+    version = "2023-06-07";
     src = fetchFromGitHub {
       owner = "lewis6991";
       repo = "gitsigns.nvim";
-      rev = "f868d82a36f7f7f5e110eb0a9659993984f59875";
+      rev = "4455bb5364d29ff86639dfd5533d4fe4b48192d4";
-      sha256 = "1pbrm7y6z1b96yy8v9chn69jfbznlzrkygp802cb4946snnb5dj7";
+      sha256 = "0zhsrfr5gqij7yg28q0ds9qnxadjxnms0ws345rj3drz2lmysrhf";
       fetchSubmodules = false;
     };
   };
@@ -572,12 +572,12 @@ in
   };
   noice-nvim = buildVimPluginFrom2Nix {
     pname = "noice.nvim";
-    version = "2023-06-04";
+    version = "2023-06-06";
     src = fetchFromGitHub {
       owner = "folke";
       repo = "noice.nvim";
-      rev = "7b14678f83ad1a875b1bcea34de4377ebfb50973";
+      rev = "acf47e2b863eb20f177aa1bd5398041513e731e1";
-      sha256 = "05y8lz4r4rmjbnma7zv3fz0lknlgby6385sai92zkh5a959bj51x";
+      sha256 = "1w4vzkashi7yqkzgb9cdq7nv27ibkw94ih041jf36k9axmlffqbr";
       fetchSubmodules = false;
     };
   };

home/programs/ssh/shared/builder.nix

@@ -23,5 +23,13 @@
       identityFile = "~/.ssh/LAN.pub";
       identitiesOnly = true;
     };
+
+    "builder-argon" = {
+      hostname = "argon.ts.kempkens.network";
+      port = 22;
+      user = "root";
+      identityFile = "~/.ssh/LAN.pub";
+      identitiesOnly = true;
+    };
   };
 }

home/programs/ssh/shared/private.nix

@@ -75,5 +75,14 @@
       identityFile = "~/.ssh/LAN.pub";
       identitiesOnly = true;
     };
+
+    "argon" = {
+      hostname = "argon.ts.kempkens.network";
+      port = 22;
+      user = "daniel";
+      forwardAgent = true;
+      identityFile = "~/.ssh/LAN.pub";
+      identitiesOnly = true;
+    };
   };
 }

secrets.nix

@@ -4,10 +4,12 @@ let
   system-sail = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJMs1BqZ+MC7XBwV+dZW8EmaZt2cOg/xcOBPS9KSzIl";
   system-attic = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHe6N3LfPxu7KNsyuI8YE3R0OHLTxNw5+WhuQjKL6PUr";
   system-mediaserver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDlB0cL5CtTOyARWSE2yUsNU4JHUPmr71710mZHzsmbX";
+  system-argon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPP9ygczyi6g8abvj1I0eAj7N2Rli9UMlkC8VT6SnWLU";
 
   sail = [ user-daniel system-sail ];
   attic = [ user-daniel system-attic ];
   mediaserver = [ user-daniel system-mediaserver ];
+  argon = [ user-daniel system-argon ];
 in
 {
   # sail
@@ -71,4 +73,13 @@ in
   "agenix/hosts/mediaserver/aria2/config.age".publicKeys = mediaserver;
 
   "agenix/hosts/mediaserver/unpackerr/config.age".publicKeys = mediaserver;
+
+  # argon
+  "agenix/hosts/argon/user/danielPassword.age".publicKeys = argon;
+
+  "agenix/hosts/argon/acme/credentials.age".publicKeys = argon;
+
+  "agenix/hosts/argon/tailscale/authkey.age".publicKeys = argon;
+
+  "agenix/hosts/argon/weewx-proxy/environment.age".publicKeys = argon;
 }

system/flakes/argon.nix

@@ -0,0 +1,61 @@
+{ nixpkgs, nixos-hardware, deploy-rs, home-manager, agenix, inputs, ... }:
+
+let
+  default-system = "aarch64-linux";
+
+  overlay-attic = inputs.attic.overlays.default;
+  overlay-deploy-rs = _: _: { inherit (inputs.deploy-rs.packages.${default-system}) deploy-rs; };
+  overlay-nifoc = inputs.nifoc-overlay.overlay;
+
+  nixpkgsConfig = {
+    overlays = [
+      overlay-attic
+      overlay-deploy-rs
+      overlay-nifoc
+    ];
+
+    config = {
+      allowUnfree = true;
+      allowBroken = true;
+
+      permittedInsecurePackages = [
+        "openssl-1.1.1t"
+      ];
+    };
+  };
+in
+rec {
+  system = nixpkgs.lib.nixosSystem {
+    system = default-system;
+    modules = [
+      ../hosts/argon.nix
+
+      nixos-hardware.nixosModules.raspberry-pi-4
+
+      home-manager.nixosModules.home-manager
+
+      agenix.nixosModules.default
+
+      {
+        nixpkgs = nixpkgsConfig;
+        nix.nixPath = [ "nixpkgs=${nixpkgs}" ];
+        nix.registry.nixpkgs.flake = nixpkgs;
+        home-manager.useGlobalPkgs = true;
+        home-manager.useUserPackages = true;
+        home-manager.users.daniel = import ../../home/hosts/argon.nix;
+      }
+    ];
+  };
+
+  deployment = {
+    hostname = "argon";
+    sshUser = "root";
+    remoteBuild = true;
+    autoRollback = false;
+    magicRollback = false;
+
+    profiles.system = {
+      path = deploy-rs.lib.${default-system}.activate.nixos system;
+    };
+  };
+}

system/hosts/Styx.nix

@@ -59,6 +59,12 @@
         systems = [ "x86_64-linux" "aarch64-linux" ];
         maxJobs = 1;
       }
+
+      {
+        hostName = "builder-argon";
+        systems = [ "aarch64-linux" ];
+        maxJobs = 1;
+      }
     ];
 
     gc = {

system/hosts/adsb-antenna.nix

@@ -71,10 +71,9 @@ in
     dhcpcd.denyInterfaces = [ "veth*" ];
 
     timeServers = [
-      "ntp1.hetzner.de"
+      "ptbtime1.ptb.de"
-      "ntp2.hetzner.com"
+      "ptbtime2.ptb.de"
-      "ntp3.hetzner.net"
+      "ptbtime3.ptb.de"
-      "time.cloudflare.com"
     ];
   };
 

system/hosts/argon.nix

@@ -0,0 +1,172 @@
+args@{ pkgs, config, lib, ... }:
+
+let
+  secret = import ../../secret/hosts/argon.nix;
+  ssh-keys = import ../shared/ssh-keys.nix;
+in
+{
+  imports = [
+    ../../hardware/hosts/argon.nix
+    ../../agenix/hosts/argon/config.nix
+    ../shared/show-update-changelog.nix
+    ../nixos/raspberry.nix
+    ../nixos/ssh.nix
+
+    ../nixos/git.nix
+
+    ../nixos/acme-argon.nix
+    ../nixos/nginx.nix
+
+    (import ../nixos/adguardhome.nix (args // { inherit secret; }))
+
+    ../nixos/attic.nix
+
+    ../nixos/tailscale.nix
+
+    ../nixos/weewx-proxy.nix
+  ];
+
+  system.stateVersion = "22.11";
+
+  nix = {
+    package = pkgs.nixVersions.stable;
+
+    settings = {
+      auto-optimise-store = true;
+
+      substituters = [
+        "https://attic.cache.daniel.sx/nifoc-systems"
+        "https://nifoc.cachix.org"
+        "https://nix-community.cachix.org"
+      ];
+
+      trusted-public-keys = [
+        "nifoc-systems:eDDqVP5BFR6/1KvXbF9oUL8JahDdmbrsYtxlQ57LOTU="
+        "nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II="
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      ];
+    };
+
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 14d";
+    };
+
+    extraOptions = ''
+      experimental-features = nix-command flakes
+      keep-derivations = true
+      keep-outputs = true
+      post-build-hook = ${../../home/programs/scripts/attic-system-cache}
+    '';
+  };
+
+  environment.etc."nix/netrc".source = ../../secret/shared/nix-netrc;
+
+  boot = {
+    loader = {
+      grub.enable = false;
+      generic-extlinux-compatible.enable = true;
+    };
+
+    tmp.cleanOnBoot = true;
+  };
+
+  networking = {
+    hostName = "argon";
+    useNetworkd = true;
+  };
+
+  systemd.network = {
+    enable = true;
+
+    netdevs = {
+      "20-vlan10" = {
+        netdevConfig = {
+          Kind = "vlan";
+          Name = "vlan51";
+        };
+        vlanConfig.Id = 51;
+      };
+
+      "20-vlan20" = {
+        netdevConfig = {
+          Kind = "vlan";
+          Name = "vlan777";
+        };
+        vlanConfig.Id = 777;
+      };
+    };
+
+    networks = {
+      "10-lan" = {
+        matchConfig.Name = "end0";
+        vlan = [ "vlan51" "vlan777" ];
+        networkConfig = {
+          DHCP = "yes";
+          IPv6AcceptRA = true;
+          IPv6PrivacyExtensions = true;
+        };
+        linkConfig.RequiredForOnline = "routable";
+
+        ntp = [
+          "ptbtime1.ptb.de"
+          "ptbtime2.ptb.de"
+          "ptbtime3.ptb.de"
+        ];
+      };
+
+      "20-iot" = {
+        matchConfig.Name = "vlan51";
+        networkConfig = {
+          DHCP = "no";
+          IPv6AcceptRA = false;
+        };
+        address = [ "10.0.51.5/24" ];
+        linkConfig.RequiredForOnline = "routable";
+      };
+
+      "30-modem" = {
+        matchConfig.Name = "vlan777";
+        networkConfig = {
+          DHCP = "no";
+          IPv6AcceptRA = false;
+        };
+        address = [ "192.168.1.5/24" ];
+        linkConfig.RequiredForOnline = "routable";
+      };
+    };
+
+    wait-online.extraArgs = [
+      "--interface=end0"
+    ];
+  };
+
+  services.journald.extraConfig = ''
+    SystemMaxUse=512M
+  '';
+
+  documentation = {
+    nixos.enable = false;
+    doc.enable = false;
+  };
+
+  services.hardware.argonone.enable = true;
+  programs.fish.enable = true;
+
+  users.users = {
+    root = {
+      openssh.authorizedKeys.keys = [ ssh-keys.LAN ];
+    };
+
+    daniel = {
+      passwordFile = config.age.secrets.user-daniel-password.path;
+      isNormalUser = true;
+      home = "/home/daniel";
+      description = "Daniel";
+      extraGroups = [ "wheel" ];
+      shell = pkgs.fish;
+      openssh.authorizedKeys.keys = [ ssh-keys.LAN ];
+    };
+  };
+}

system/nixos/acme-argon.nix

@@ -0,0 +1,23 @@
+{ config, ... }:
+
+{
+  security.acme = {
+    acceptTerms = true;
+
+    defaults = {
+      email = "acme@kempkens.io";
+      group = "nginx";
+      dnsProvider = "cloudflare";
+      credentialsFile = config.age.secrets.acme-credentials.path;
+      dnsResolver = "1.1.1.1:53";
+      dnsPropagationCheck = true;
+      reloadServices = [ "nginx.service" ];
+    };
+
+    certs = {
+      "internal.kempkens.network" = {
+        domain = "*.internal.kempkens.network";
+      };
+    };
+  };
+}

system/nixos/adguardhome.nix

@@ -1,3 +1,5 @@
+{ lib, config, secret, ... }:
+
 {
   services.adguardhome = {
     enable = true;
@@ -6,11 +8,17 @@
       bind_host = "127.0.0.1";
       bind_port = 3000;
 
+      users = [
+        {
+          inherit (secret.adguardhome.users.daniel) name password;
+        }
+      ];
+
       auth_attempts = 3;
       debug_pprof = false;
 
       dns = {
-        bind_hosts = [ "0.0.0.0" ];
+        bind_hosts = [ "127.0.0.1" "10.0.0.5" ];
         port = 53;
 
         bootstrap_dns = [
@@ -30,13 +38,63 @@
     };
   };
 
-  services.nginx.virtualHosts."dns.internal.kempkens.network" = {
+  networking.firewall.interfaces =
+    let
+      interfaces = lib.mapAttrsToList (_: value: lib.attrsets.attrByPath [ "matchConfig" "Name" ] null value) config.systemd.network.networks;
+    in
+    builtins.listToAttrs
+      (builtins.map
+        (iface:
+          {
+            name = iface;
+            value = {
+              allowedTCPPorts = [ 53 9053 ];
+              allowedUDPPorts = [ 53 9053 ];
+            };
+          })
+        (builtins.filter builtins.isString interfaces));
+
+  services.nginx.virtualHosts."agh.internal.kempkens.network" = {
+    serverAliases = [ "dns.internal.kempkens.network" ];
+
+    listen = [
+      {
+        addr = "0.0.0.0";
+        port = 443;
+        ssl = true;
+      }
+
+      {
+        addr = "[::0]";
+        port = 443;
+        ssl = true;
+      }
+
+      {
+        addr = "0.0.0.0";
+        port = 9053;
+        ssl = true;
+      }
+
+      {
+        addr = "[::0]";
+        port = 9053;
+        ssl = true;
+      }
+    ];
+
     quic = true;
     http3 = true;
 
     onlySSL = true;
     useACMEHost = "internal.kempkens.network";
 
+    extraConfig = ''
+      set_real_ip_from 100.76.233.31/32;
+      set_real_ip_from fd7a:115c:a1e0:ab12:4843:cd96:624c:e91f/128;
+      real_ip_header X-Forwarded-For;
+    '';
+
     locations."/" = {
       recommendedProxySettings = true;
       proxyPass = "http://127.0.0.1:3000";

system/nixos/chrony.nix

@@ -0,0 +1,29 @@
+{ lib, ... }:
+
+{
+  services.chrony = {
+    enable = true;
+
+    servers = [
+      "ptbtime1.ptb.de"
+      "ptbtime2.ptb.de"
+      "time.cloudflare.com"
+      "ntp1.hetzner.de"
+    ];
+
+    extraConfig = ''
+      bindaddress 0.0.0.0
+      port 123
+      allow
+    '';
+  };
+
+  systemd.services.chronyd = {
+    after = lib.mkForce [ "network-online.target" "nss-lookup.target" ];
+  };
+
+  networking.firewall.interfaces."end0" = {
+    allowedUDPPorts = [ 123 ];
+    allowedTCPPorts = [ 123 ];
+  };
+}

system/nixos/home-proxy.nix

@@ -4,16 +4,49 @@
   services.nginx.streamConfig = ''
     resolver 1.1.1.1 ipv6=off;
 
-    upstream home {
+    upstream video {
-      server ${secret.nginx.upstream.home.hostname}:${builtins.toString secret.nginx.upstream.home.upstreamPort};
+      server ${secret.nginx.upstream.video.hostname}:${builtins.toString secret.nginx.upstream.video.upstreamPort};
     }
 
     server {
-      listen ${builtins.toString secret.nginx.upstream.home.externalPort};
+      listen ${builtins.toString secret.nginx.upstream.video.externalPort};
       proxy_protocol on;
-      proxy_pass home;
+      proxy_pass video;
     }
   '';
 
-  networking.firewall.interfaces."enp1s0".allowedTCPPorts = [ secret.nginx.upstream.home.externalPort ];
+  services.nginx = {
+    commonHttpConfig = ''
+      resolver 1.1.1.1;
+    '';
+
+    upstreams.dns = {
+      servers = {
+        "${secret.nginx.upstream.dns.primary.hostname}:${builtins.toString secret.nginx.upstream.dns.primary.upstreamPort}" = { };
+      };
+    };
+
+    virtualHosts."${secret.nginx.upstream.dns.fqdn}" = {
+      quic = true;
+      http3 = true;
+
+      onlySSL = true;
+      useACMEHost = "cache.daniel.sx";
+
+      locations."/${secret.adguardhome.auth}/dns-query" = {
+        recommendedProxySettings = true;
+        proxyPass = "https://dns";
+
+        extraConfig = ''
+          rewrite ^/${secret.adguardhome.auth}(.*)$ $1 break;
+
+          proxy_hide_header alt-svc;
+        '';
+      };
+    };
+  };
+
+  networking.firewall.interfaces."enp1s0".allowedTCPPorts = [
+    secret.nginx.upstream.video.externalPort
+  ];
 }

system/nixos/weewx-proxy.nix

@@ -0,0 +1,22 @@
+{ pkgs, config, ... }:
+
+{
+  systemd.services.weewx-proxy = {
+    description = "A proxy service for WeeWX sources";
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network-online.target" ];
+    serviceConfig = {
+      DynamicUser = true;
+      StateDirectory = "weewx-proxy";
+      EnvironmentFile = [ config.age.secrets.weewx-proxy-environment.path ];
+      ExecStart = "${pkgs.weewx-proxy}/bin/weewx_proxy start";
+      Type = "notify";
+      WatchdogSec = "10s";
+      Restart = "on-failure";
+    };
+  };
+
+  networking.firewall.interfaces."vlan51" = {
+    allowedTCPPorts = [ 4040 ];
+  };
+}