From fd789bfc4ac312674f2cbf955a18fe1c342b4f53 Mon Sep 17 00:00:00 2001
From: magnus <magnus@lensch.org>
Date: Tue, 24 Jun 2025 15:04:19 +0200
Subject: [PATCH 1/3] Add keys from magnus

---
 nixos/roles/admins.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/nixos/roles/admins.nix b/nixos/roles/admins.nix
index 1539d75..56a653c 100644
--- a/nixos/roles/admins.nix
+++ b/nixos/roles/admins.nix
@@ -38,6 +38,15 @@ with lib; let
         "ocean.mathebau.de-1:G3Jz3mErIy8Mq8Ih+A5pbwDrx7vREcOpKgY8JCQ9dAk="
       ];
     };
+    magnus = {
+      hashedPassword = "$6$54ip1KDxZCj6hWqm$.jIHeZ4iaoOkFZbx1z5Abb1YPW2vJ.R7mLqqYJgWCNRO26Xgkq4lilo/cWkRo7hRmiKamieEoQERbr0c6tAUH1";
+      sshKeys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILM7LCeZl1T2dd/+lnUlINhgCO6s4nJsrIs9pRs7gRpH mangus@pop-os"
+      ];
+      nixKeys = [
+        "magnus:SNrfMnghIqVVD4QHiOiJEA1WtQ8Z15cyLTdPQeXZtR8="
+      ];
+    };
   };
 
   mkAdmin = name: {

From 8def445ac0484b359c536315c0852c735ef4b0c0 Mon Sep 17 00:00:00 2001
From: Gonne <gonne@mathebau.de>
Date: Tue, 24 Jun 2025 16:14:42 +0200
Subject: [PATCH 2/3] Enable cleartext diffs for SOPS secrets

---
 .gitattributes | 1 +
 README.md      | 2 ++
 2 files changed, 3 insertions(+)
 create mode 100644 .gitattributes

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..6cbe6fb
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+*.secrets.yaml diff=sopsdiffer
diff --git a/README.md b/README.md
index a756522..62bf3fa 100644
--- a/README.md
+++ b/README.md
@@ -233,6 +233,8 @@ If the accessing process is not root it must be member of the group `config.user
 for systemd services this can be archived by setting `serviceConfig.SupplementaryGroups = [ config.users.groups.keys.name ];`
 it the service configuration.
 
+For cleartext diffs configure your local clone with `git config diff.sopsdiffer.textconv "sops decrypt"` (see [Github](https://github.com/getsops/sops?tab=readme-ov-file#showing-diffs-in-cleartext-in-git)).
+
 ## impermanence
 
 These machines are setup with `"/"` as a tmpfs. This is there to keep the machines clean. So no clutter in home

From ed6f682085a3123254a59108d98b8af6feea91a6 Mon Sep 17 00:00:00 2001
From: Gonne <gonne@mathebau.de>
Date: Thu, 26 Jun 2025 12:53:06 +0200
Subject: [PATCH 3/3] nix flake update

Should fix in particular mailman (https://github.com/NixOS/nixpkgs/pull/418664)
---
 flake.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/flake.lock b/flake.lock
index 1724d15..1429838 100644
--- a/flake.lock
+++ b/flake.lock
@@ -698,11 +698,11 @@
     },
     "nixpkgs_6": {
       "locked": {
-        "lastModified": 1750506804,
-        "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=",
+        "lastModified": 1750776420,
+        "narHash": "sha256-/CG+w0o0oJ5itVklOoLbdn2dGB0wbZVOoDm4np6w09A=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "4206c4cb56751df534751b058295ea61357bbbaa",
+        "rev": "30a61f056ac492e3b7cdcb69c1e6abdcf00e39cf",
         "type": "github"
       },
       "original": {
@@ -819,11 +819,11 @@
         "nixpkgs": []
       },
       "locked": {
-        "lastModified": 1749636823,
-        "narHash": "sha256-WUaIlOlPLyPgz9be7fqWJA5iG6rHcGRtLERSCfUDne4=",
+        "lastModified": 1750779888,
+        "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "623c56286de5a3193aa38891a6991b28f9bab056",
+        "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
         "type": "github"
       },
       "original": {