cargo update

Result of `find . -name '*.secrets.yaml' -exec sops updatekeys --yes {} \;`

.sops.yaml

@@ -2,6 +2,7 @@ keys:
   - &nerf age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln
   - &gonne age1epz92k2rkp43hkrg3u0jgkzhnkwx8y43kag7rvfzwl9wcddelvusyetxl7
   - &daniel age1mmpdvzy6d23qyhrl55jtv3c25pus2wwfplx9tujmqps2xsreuv8qwc6gv5
+  - &totallynotadolphin age1m7l4x2zdgn7akgg5mkm9quen3u9sm0785tzm7vl000anuqrwwg6s5urenn
 
   - &bragi age1lqvgpmlemyg9095ujck64u59ma29656zs7a4yxgz4s6u5cld2ccss69jwe
   - &lobon age12nz7dtc0m5wasxm4r9crtkgwnzvauyfp0xh0n8z8jld0arn9ea9qe0agvn
@@ -14,6 +15,7 @@ creation_rules:
         - *nerf
         - *gonne
         - *daniel
+        - *totallynotadolphin
         - *nyarlathotep
   - path_regex: nixos/machines/bragi/.*
     key_groups:
@@ -21,6 +23,7 @@ creation_rules:
         - *nerf
         - *gonne
         - *daniel
+        - *totallynotadolphin
         - *bragi
   - path_regex: nixos/machines/lobon/.*
     key_groups:
@@ -28,6 +31,7 @@ creation_rules:
         - *nerf
         - *gonne
         - *daniel
+        - *totallynotadolphin
         - *lobon
   # this is the catchall clause if nothing above machtes. Encrypt to users but not
   # to machines
@@ -36,3 +40,4 @@ creation_rules:
         - *nerf
         - *gonne
         - *daniel
+        - *totallynotadolphin

flake.lock

@@ -373,11 +373,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1738453229,
+        "lastModified": 1743550720,
-        "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=",
+        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd",
+        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
         "type": "github"
       },
       "original": {
@@ -625,14 +625,17 @@
     },
     "nixpkgs-lib": {
       "locked": {
-        "lastModified": 1738452942,
+        "lastModified": 1743296961,
-        "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=",
+        "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
-        "type": "tarball",
+        "owner": "nix-community",
-        "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
+        "repo": "nixpkgs.lib",
+        "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
+        "type": "github"
       },
       "original": {
-        "type": "tarball",
+        "owner": "nix-community",
-        "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
+        "repo": "nixpkgs.lib",
+        "type": "github"
       }
     },
     "nixpkgs_2": {
@@ -695,11 +698,11 @@
     },
     "nixpkgs_6": {
       "locked": {
-        "lastModified": 1740367490,
+        "lastModified": 1743827369,
-        "narHash": "sha256-WGaHVAjcrv+Cun7zPlI41SerRtfknGQap281+AakSAw=",
+        "narHash": "sha256-rpqepOZ8Eo1zg+KJeWoq1HAOgoMCDloqv5r2EAa9TSA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "0196c0175e9191c474c26ab5548db27ef5d34b05",
+        "rev": "42a1c966be226125b48c384171c44c651c236c22",
         "type": "github"
       },
       "original": {
@@ -816,11 +819,11 @@
         "nixpkgs": []
       },
       "locked": {
-        "lastModified": 1737465171,
+        "lastModified": 1742649964,
-        "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=",
+        "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17",
+        "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
         "type": "github"
       },
       "original": {
@@ -846,11 +849,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1739262228,
+        "lastModified": 1743910657,
-        "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=",
+        "narHash": "sha256-zr2jmWeWyhCD8WmO2aWov2g0WPPuZfcJDKzMJZYGq3Y=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975",
+        "rev": "523f58a4faff6c67f5f685bed33a7721e984c304",
         "type": "github"
       },
       "original": {

nixos/machines/bragi/backupKey.secrets.yaml

@@ -8,38 +8,47 @@ sops:
         - recipient: age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBESHBiWEdwNVA4UHh3K3JI
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVYWRtOE4zSWdERXdCV1Z3
-            aXZIaDV6RER1YVU0Tjg5WEtoZGQ3ODNoM21VCldINWhTK1BDV3dQVDBFZ2pSQXcx
+            Q0JGajFZQ09VRityLzYrT3V3UkNXckwzMEVrClRITU1mUzQ1M2thay9waE5XVm1h
-            ZDNEMVRJOVRURE1VRmltb3psRXJvYVkKLS0tIHdzRXFWa1cxcm9QRkFtNlRhclRW
+            QlpWZEQ1RnNXdmZ3VWUzbTdPTFN5TlkKLS0tIDBHYmN5d2xFOVg3S2hUc1h1U3U3
-            SW9Dd00za2h6RGFBS2JQYzUreW9PelkKH/vpD5kFkUEXjP30GlgcDYq8DLf84Qkp
+            SWVDUGdvMm5EL2FyVnFYbmE3TUFJOVEKOvDPkHCmg4N5edpnTwebbPBJZZaNM30W
-            Bz6YfniDXw7EFVFcyXlexxrmDmd/IUxYVZ//uNwkUpal/g2CKZDHPg==
+            /J1LA9lTqYsRw2zwhR3SwZI12k5zXWE5RXa4dKXHHnvfFoQhsPwR4w==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1epz92k2rkp43hkrg3u0jgkzhnkwx8y43kag7rvfzwl9wcddelvusyetxl7
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOd2NiNW9aZWMzem1lK2NE
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtd1F5WG04aGlxUVdlWC8y
-            THVkSkcrNVdORHhpRWk3VFZ2aHBKRitTZWdFCmVrYys1aFZJSFBacStVa3NQdTFJ
+            RDl3dDlyM0RlVWlpWk1KR054MDNCaFU2TlJnCkRQcVhnZG9aS1YzUjVaVk1lNFhD
-            d0pYUENuSjYzVDlKdHMyci9NMEFNMWMKLS0tIGRTem0xdmhEbzh0dGtOdW1aT0lD
+            RmpCZWJPU051QzA1bGNRWk5Ka2lIMW8KLS0tIGZ6MVpWcmY1NmVqd21jOENSUE1k
-            aVFZVFZCNHpqY3VTOWdHNGN1MWZTRkUKYuPEc0sl65pQGVg1UiFDvJwQdf//XkDU
+            TjZ0T055Qll0UDVLYnBsa2g1bUVSK0kKRYGKOmxPMFiM/PhzKRu2PwCJUXR0x1+y
-            qb90DQtC1j71l8wscu7ZuuxzNoK0yUGvI8x6LJ5JLo7ljsIy0pTElA==
+            cNa/7xJiUkamL6Uy8hfsUQBT1r8+KBR2J5FXx20G+QRxrAHuYlD30Q==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1mmpdvzy6d23qyhrl55jtv3c25pus2wwfplx9tujmqps2xsreuv8qwc6gv5
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdFMzUXZ0RTAwR1BsbFRs
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEM1JtektNbk4yd1Mwa2RS
-            c1R4bmxlM2xQeEErYUJTazZYSmphc3pjTEJJCng2czR1eDJNUEdPd3J4dVFwSVdF
+            VXdoSEovMEJKN3krL2J5dStCaUJ0QVlsZEUwCnhHbWw4N0dOL29WN2tOVkY5cFVC
-            b3JkKzgxSk5sbXJZRE5FU3NDRC9OeGMKLS0tIEZ4bXU3L1RNTFlzWHVSL0EvQ2d3
+            blpsbVRsSENUSHYwbW5YTzRoc0tITXcKLS0tIFpZZzNEZW4rQUh1N01TNlhYRHdV
-            UE0zVFFpMEEvaHhaYmlRcWlHVXl3dUUKr31P1ovm1MLGQGWCshLJpug0jsxyRqb+
+            K0FaalVQMEFOeG9pRm43bzlDQXFiR2MK7GVdlzDcWWH+yIDTyQzBSlraY77HvpNz
-            4Y4apn0eutpYfBw3zKP+2huTdMLHk/RkSHJUBs5UxgfOY18StdjIcg==
+            BauVM/f9QSFhsMC+Enx4kFq+b4iGXiJXPglfAD7t0pQovtwwMDbHNg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1m7l4x2zdgn7akgg5mkm9quen3u9sm0785tzm7vl000anuqrwwg6s5urenn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpS0VINzU3VmVKVW9lallB
+            dFdMRzE5bnlNTG1qaE9mMGhzTC8xTW1vSVQ4ClR5VlRldU9oY255c3pTOStvUldH
+            bGxjTW9JcXJ1YS94OXpDQ3ZwM2VLbWsKLS0tIDRoQmJzTWxScnhwUldBdWp2TlJt
+            Q0lXdXRaaW9NcGFSYU9neGxLaE9LYTQK4rHpTOCuUhokrshoPA9XvBrqI0jzl9YX
+            Kc1zMju0Y86RFSgE/RK9Hx2l7pKboI2BqacwNCy8AC3grdcTLz22yg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1lqvgpmlemyg9095ujck64u59ma29656zs7a4yxgz4s6u5cld2ccss69jwe
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNZk9LVmY0SlBpMWttcitK
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnY1BuWUdUYTBoUGpMN0Uy
-            L3djYzlCTENvVXFrZTV5MGd4TWF0WUZkWVQwCjVJLzJsdWVmeFBtd2x4RGw0SmV3
+            S2VjUmNZRWtldEdVSWFjVEM5dUhUMS9lSkE0CkxjT0NlVlhOdG1NdnpSYmtIYU5Y
-            clc5d3FtRFk0VWlqbk5CMXFCSllKbHMKLS0tIGRwVEJwUzBMeGFwUnNBVFRJQjIw
+            clFPeXFxWWRmeTB2UGY3MXZjUVVIQTgKLS0tIDBHNmVHSWVpQzg4YVliaHN0dHVX
-            UFhDYVF2ZHhldFRtUFJEZlBLTG5zS2sK9vvB+5PPSytzN/wNTxzXwYfXxQPEYFeq
+            QStVb0tWRUtSSDRqOVgvQmNPTzVIdkEKcl0AByrV+94EZ8ppxhO4xQoYe9mD19V0
-            IAzVWchShU6uTMMZeO88qmkZjz1kYIdjPHqny3g/ZqsW18NCtLYqfg==
+            zDx7Thq7Hr6OPnU/nSpJTwxRJnSKr1w4dGDN00v3v3KwBekI6H49XQ==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2024-03-21T16:38:08Z"
     mac: ENC[AES256_GCM,data:kEVWd988Ia6T8v3w0slQhM0lh78VhnP8qJNa6IZg0NF2B0JQbFRnQNbUfvG9Rf4mkAR/O9PD+r6HR+b3LCwzb/Ok/eD4/M3+oPaEx/JnoHrzF/1N29VEAvBHjQgw6DL05toqu5G03UDcDUFGc111AeRsexhONQRHJx3zqWyWGy4=,iv:T5Pkhl3vhSAIoKkC3r3VQn3tC4t04WxvAZDQ4PMvD84=,tag:h0/aB91SFr5q0Or5daxWUQ==,type:str]

nixos/machines/ghatanothoa/configuration.nix

@@ -4,7 +4,6 @@
     ../../modules/jitsi.nix
     ../../roles
     ../../roles/vm.nix
-    ../../modules/vmNetwork.nix
   ];
 
   services.mathebau-jitsi = {
@@ -14,6 +13,5 @@
 
   # System configuration here
   networking.hostName = "ghatanothoa";
-  vmNetwork.ipv4 = "192.168.0.25";
   system.stateVersion = "23.11";
 }

nixos/machines/lobon/allowlistPass.secrets.yaml

@@ -8,38 +8,47 @@ sops:
         - recipient: age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhQTRPaXNNUWlwU0hTdHA4
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaTU9oYXNXQXMwRmlMVk1V
-            RTAycU12SFZXRGJqbTZVV1Rkd3NFQVJrWGtvCkNzc1FzemkxaGNzd0FjU3hPcWl6
+            UUlvZi9PY0RhU3JFREhmZkJ1UWRIUXdkakZvCkZ3YTNrbElHalRKRDlqbjFBZHJK
-            U3J1V3Q5WVcwNVZ0ZTUxckY2Z0RBa2cKLS0tIHBHVzVGVHg5N1FyTFhOd3JPVEJy
+            QnBBMm14LzBtS0R0SGZMb2RuY0E1cG8KLS0tIFJuZzFZUTdLOFpYc3UzYUhYYTdT
-            Kys4SjE2cGpVeGZDenFGN3VsQjZLUWMKThmZnM0wYLVh0xEsr8bqtgvo50sPn4rp
+            TUlxS0c4QXp0QVF3M21sS09iTVBiLzgKY2PsrhMeS/OZ6YvRsjbSMLnVJJ7MyyqA
-            vo4Cn+7osvABl4BJKKhcrLoxgIrz9NcdQLToOZHn7YfHRpAGH+VIAg==
+            0boT6Nx539FxKQUd9uXSAsXIlkolKRvXEBi7jujg4wgxqYb8atXhKA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1epz92k2rkp43hkrg3u0jgkzhnkwx8y43kag7rvfzwl9wcddelvusyetxl7
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxNUhhM1NlRDFoMHQzYVN0
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSSnhSbURXakcza2lBVDBQ
-            MW9hcUZPQXc1YTJQeWRsL2pXYjBPSUZJQ25zCnNSREszRFo2cnFVd055WWlMR3A5
+            amdJdVNOSlpTaEdvUXB6a3VuQnNaSTBGVHpjCmNtWllnL3MyS0JyVFVscWJrdFBr
-            NWdINkdKRnU0M3ZIeEtXSGY3UVZkUGMKLS0tIHpUeEc5Yk9sMkVucnlHeWtTaHdj
+            dUprRXc0L2lkRnMwTFhzYVJoMTRkcVEKLS0tIGVYTGcwejJVUi9FdHMvTUJyY3A2
-            TVdZVDd1Q3UrS2JoNHR3RVhoZFB1VUkKmo0HHSwh1pzqoeKUtiDD5UAa44efv11c
+            ekxiK2cvMHBESGhrZjU2RGVicnJVY1UK2FCXLTqHhgYZl0vCG1V246FAicBkg2CY
-            9QymycpZ7e//69uKHlY+r19TIvBz6s6jTguFY6JhQ9VeqfIlFLuokg==
+            Z8PKxVEOchBptR6y64EXoeUKFN+5jMoTj/+vUC7bJjNKlNrM9gnI2w==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1mmpdvzy6d23qyhrl55jtv3c25pus2wwfplx9tujmqps2xsreuv8qwc6gv5
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvU0QvQy9jdmVRTzZzSnFI
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtRFJlRWRRa1h5UzJpR015
-            NU1rQjRpWWV5WFUrMWZzV2huVGhIUU8ySG44CjllRUh3T3MzcmF6cjg5RjIxZHds
+            akx6SlpVUEY2L2x5SzdteTN3T2ZxSDM3YVhVCmpDSDEyTkJON3d6Vzd3ODhRR2dk
-            QUc4b3krZi9CWjRjUENNUnZrNTdlN1kKLS0tIDNtRW9IZlVxVlk1THBNMzhtQmw2
+            Rk1ROVBjdHNGUWVsR01HN3RNZEtPT3cKLS0tIEUwT0R3Q0tIKzlPSkkxYnloVXlV
-            TTExeG5hMnNOdHF1djlmM0xaM05XODAK2XnV+iluWnpC7snAEpGaYRADKbZbNlx2
+            dXBmNXJhbWZrL2hZV1JIV2dIWFBrTEUKfKy7+dfkl76D2LiOOKRCsUVsHT/4Te+J
-            yIplp4Mj8nakS1OKMTK+FdwP/qmEs7e804AfPFtI9j/ljYKub4gKgQ==
+            SEb9rRE1BSS3E2+F6zlIhbfkklH24dXMcgAtkQ8wX+tNAnpTecASdg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1m7l4x2zdgn7akgg5mkm9quen3u9sm0785tzm7vl000anuqrwwg6s5urenn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4aUFheWFyNk5MWVZzYXZR
+            OEZkUVFQcS9SdEpZMU04ZWtqL2k4SWQrRlRJCkhxdUdmbUQ2UTJ4bEhjMTRoTXlO
+            ZGJMZTN2TDh5cTJjZ05aMnh0RzJSczQKLS0tIFpMT0Iza0FVYi9NaytWN2NaZ2x0
+            YWUydW1GRHZQdHE0eWhlc3Z1d3hUd0EK5UOePSGLZy9viOP4Opuq6r0S1n9U19IB
+            Q68mv/8LvRXKPyqKBDJk9UgNo5L6tTHxYkrByXFV95SMBiTC0NrAXA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age12nz7dtc0m5wasxm4r9crtkgwnzvauyfp0xh0n8z8jld0arn9ea9qe0agvn
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDUTFrbUh3M0JNTDQrQVlv
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhZndKQ2I4MldzeFVkL0Za
-            cnRrQ3hsN1FkMkUycnNxZXQwYlg1YldWdERRCmZZYk1nQk5RT0orUXc4UzlIcWR3
+            QlBnaGN1djJmQXRZN3F2bnlmQlFESXNaNmpFClJUL0x5RnJ2UlFoUlZNYlk0Smk4
-            L0VJZHNRSW5VdDAwVU1GWE5FUm1DencKLS0tIFhaVklqSUZoNmRqZkV4YUJoTTZi
+            emp1M1RUQmkwdWQ3Vzc1RVFzWnA0YjQKLS0tIFVNMXk3OWo1bmVhTGh2RmEwdys2
-            cEtEN1ZCZW11eFZrUGlQd254cHVIRXcKiYx1tsJ5Y6kuOZLMooV2lNXb83q9FCvr
+            dlBBSzU2UWlQbWhIWDUxcERrSUpLdUkK9USI2NzWc6iTIzlUV9Dp5KktVpz50n2y
-            sOm7rWsMjWb083QgbiWpkY1ndMA6bOODDVII5HEKypy6rp1IIytScQ==
+            3/AjjqMJXZK5BNVGxfyFVuLW33H+dlWFCZgeEuseF1dbYTeJgd2NxA==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2024-03-31T14:34:54Z"
     mac: ENC[AES256_GCM,data:sjWiO96NcFUT4L9mdBuQwt6Zl5cS16o73zes30SYJxzM1R3ZBIg9oOmhXxY9BC3yKjEb6bVuemj/bnnopSR/m3RPH7xfaYCBfz97Zgc4SGtoqLIra5OUCRpWnKSsD6Nf09Qss5Pbla9EIrI0kQt7fpf4iKLF7VJwrQryslnvfcM=,iv:ilnbLK6sttweEyqszVHxVnjbTq8jF5ZTO24OEIPMprE=,tag:3XgAlXMl/RIaUfkVwHJeBQ==,type:str]

nixos/machines/lobon/backupKey.secrets.yaml

@@ -8,38 +8,47 @@ sops:
         - recipient: age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5TjF6RzNpTlVOMWlmU0pm
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzdGtWbFBMbnp4QmFzTjRE
-            YUJTZzNBMU9PMlFsZ2dyTCswR3FJRkwvb0c4CnlFc3lWeHpYRVl3ZlJYWEtVNnNj
+            N0Y4MVhoRXU0bjB3N3MrVFgzdmNhbXNsYlJJCk5obUgxVFlkRHNXcDE2L3BjZnFS
-            RE9RTWtmbHFvVGJ5QUkvUUNjU21zWmMKLS0tIFVJMnladmwreGJFYWkwZU5kd0RE
+            ZTlIamtjS0h3OXhBTUF3dG1yeUZEa3MKLS0tIFM4cnUzd2U5R096YXlkVkVEQ3Jm
-            L1REeU44a1dkbDYyMFJXSTRZaGpzRG8KtXgSQsLBYln5IvME2hL9ih8arLZBZS11
+            VnV5SDRmSm5wSHBkTnpkeE5sQzdWTzQKTYVpaggjlDIjwi/iKGyZlQL0LnuPGucG
-            dKAXCO2HWxP4lOBOO4Mpzc/q4iyLzq/n7HLamrfyfT9HhjDtP39MGg==
+            BfL32bECad27F/QWQi9Jvr/7DAH+Oxww95+qNL7GTByNGtnHNXPbLQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1epz92k2rkp43hkrg3u0jgkzhnkwx8y43kag7rvfzwl9wcddelvusyetxl7
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQS080clRBemY4bnRhdm5o
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiL0F1MnZyaHYrNFZ4RHdk
-            dXpjVjI3YkpTdVZHbXpsenBweUtMT0lZTWxRCmNzbk5GVHdpd0V3V3JaWVYwZEFM
+            MDdGaDkreUpzTURwdU1PRitLeDE2Tlk3VHdzCnpoV00ycGxPMVl6bmIrM2hwZjNh
-            SEdRV1hHRGRpNXh1TTdxZmR4VlpXRkkKLS0tIG83bSttTDJLa3NBRW9tMjRKR2FB
+            dzU5ZnJacTFBUEtURTBHRTRzNVc4TzQKLS0tIHBoM21PdWVFV3FQRXhHQnJyMmdK
-            WmJ0Ky95eC96a2pTQ3FjaTBKTVFhTEkKzW8WguQ2wO93DLETao6FDxaVRshz+aqZ
+            eXlYdHdJdlBFTjdHY2ZQc3dSUXFNeFEKXAIdZNGusMHSgNwzRD+grjTcVXIoRR53
-            7pQnbun/Q+Bu3GT7PX1zFKjNRem4pUI7wYzvhpAUwmrs78bc8TUH1A==
+            VT5WsLnfY3iFxMcfAMRonG95hafFRK/O3qCjwxr8+aOwXSvn5sq2kg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1mmpdvzy6d23qyhrl55jtv3c25pus2wwfplx9tujmqps2xsreuv8qwc6gv5
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxcUpQMmZDdVIzTmdNUnM3
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNSjN2ckZ0b0QzSHM3d0NY
-            ZVdaQlVkTmdjT1dBZ2ZPbUppRkg3WlFMYXpnClMrU01LOGFNTmRRMmsya0hmQ3VZ
+            VE9XMU1zMDN1R1g3VGRJenIrZmpZOVRpS3lNCnNreS9TcmZlMmx1VnM0YXFDamg0
-            S1k3bGFSemZDYzZYUVlXUnFSYzVyejQKLS0tIGR0ZjFyWmF4MitNSlZZdk5lYjFH
+            Mk92YXFRSlFPSmdlNUYvN3Y3YTRHaGMKLS0tIFJoS21UckNMVnVNSFVjUElWK0tB
-            STRvNTZ0RG5pNmdaNmcrZ3AwYkFjU2sKlynGN6YUeNQiyWWuspphLpgcZbC2Sqkj
+            ZFdaQjBNZTZJQWlVY0prUXB0UE1KQ0UKFEu9mgN+g/JZQNzyFGwfcmPMoBAtw4sB
-            8E7tWHSWqIc6rmuRi9+xu83MDL4197wlidT0IIZm/tNO36u85fruXQ==
+            aIS9IF/V6VzirGTDBfZwpAvSWCAosLhIMXzqc32ffIKoJstarI6r+g==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1m7l4x2zdgn7akgg5mkm9quen3u9sm0785tzm7vl000anuqrwwg6s5urenn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4SDBWWktlT2lIamFyWW5z
+            YW5lUjlzZFFPVlFYUDlVc3BCSUpqa1AzeWxBCkxsZlN0SFdJc1N6YlBheURLbFI5
+            MkRudDQ1aEVtU2tsa1NqNWoxU205ZXcKLS0tIGJpT0VVb2FXOFpGZG1QdHFBalNs
+            aFJzZkFqRWFZdnNKWUt4dkVKRHBmMHcK8ttinrMTIUDkw9boyeIecddjMR7rNZFL
+            b8BFgRRj9AxacoimSx/zfyHCg88Ls+Jdj1W+wmpJBJKEoxZPVy/nlQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age12nz7dtc0m5wasxm4r9crtkgwnzvauyfp0xh0n8z8jld0arn9ea9qe0agvn
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzNHNhUk5zdXlGS1huUjk1
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6dEdJZURTS2ZoTkRKTVh2
-            UnUwb2VFOE9BaEp0ZHlpcDJ3M0JtdytFQmpnCkNKYmplSDRIejVoV05BdTE2Y2NG
+            bE05MG9PbU5nZFNTWkpCR0YzV1dQVGs3L0M0ClF6RERNaW9HcWFPNFU3ajN2elI4
-            SXVJWFZ3b1hrVmwrUDgwanVHRDFxb00KLS0tIEtLMWZDQzl6aUFMcHlRUi84a3ps
+            OU1oL3ZuK3NXZUFlNW1vR3pIaHRxWm8KLS0tIHd1WCttVkJoWnhVa1JFRnk2T093
-            cWNaUEJJWFRQU05RcS80ZFN2YnlKUGMKdBvUcdULwbsoo/n2tgow+qDlWmJAJUqP
+            SDhGU2NnTHlvQVJIclNGNjh3SGt0c0UKA8qAglvfcHGMSeaPnU7q4LD3ao4NbIl7
-            wcPf1SiP0i15jza2+MU1MzAfv58uwfvAiA2kdHawLXtqv9nZD0qeag==
+            4q6UEWS7dREi7JtFvsW2wy5BdjnmG+kwRavKx3fVLslnDGXXF4RFYA==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2024-03-31T16:01:00Z"
     mac: ENC[AES256_GCM,data:AawTzIXyX+3FyFpw8pXFeVJJtXN7ZpTFnUqhedC2vcbbNUzMMt1X0SaxtNNJ5chZI/tYHn59FT6zznl1eO4Xn29Zc2Up4dkT1BE4yqkEG0hiCFXrXMz/PaHfROzBhIWCVyF4fYj6MZKg1iBBxhWRqhJlQ1q4UVkoaITRUKpFJgs=,iv:3lTPOQ8VjmP3WNGbFK2yLU4Ks1KviNS/l7TH4SnvSUs=,tag:KUbAU6+76/Uxj2Wn9EnqnA==,type:str]

nixos/machines/lobon/configuration.nix

@@ -4,7 +4,6 @@
     ../../modules/mailman.nix
     ../../roles
     ../../roles/vm.nix
-    ../../modules/vmNetwork.nix
   ];
 
   # System configuration here
@@ -16,7 +15,6 @@
   };
 
   networking.hostName = "lobon";
-  vmNetwork.ipv4 = "192.168.0.22";
   system.stateVersion = "23.11";
 
   sops.secrets = {

nixos/machines/nodens/configuration.nix

@@ -3,7 +3,6 @@
     ./hardware-configuration.nix
     ../../roles
     ../../roles/vm.nix
-    ../../modules/vmNetwork.nix
   ];
 
   # System configuration here
@@ -11,6 +10,5 @@
   environment.systemPackages = [pkgs.git];
 
   networking.hostName = "nodens";
-  vmNetwork.ipv4 = "192.168.0.18";
   system.stateVersion = "24.11";
 }

nixos/machines/nyarlathotep/allowlistPass.secrets.yaml

@@ -12,38 +12,47 @@ sops:
         - recipient: age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiL2dqdWhPRmFHcjhqeTE1
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4R3NHZDJYNmtPTXRuOTdT
-            YzdPbEpHMmhzVktPVGxKcVpZYTJ3WjFhcWg4CjEvclpTYVJ6YUhKeG1VbzRYVk05
+            N3RsRFhGSzg0YXBRQ3Fhb0lSWGdXQU42QmtJCnpHVVFOQ3EvRkcveWFxTlJ1aE5v
-            RDUrcS9NbnYwRFlwSXY2UlVJNDRwcUkKLS0tIDVoaXQ0TFJONVM1WVg4VUF3dkdu
+            TkJCalROOUlXUGlTQWtMSHBFeldtT3MKLS0tIDFGbk5mcEtiYWlmU2dRbU5mQlUy
-            SVFIS2taSGV1K3o3SnpIRERaR2YrZGcKR3QRXITbg3rKZLAiZk/m9saT/46jULEo
+            Y25Yek4zZXh4eEhTRFFKL1YyV1JMWDAKq+RQgWaaHRbkCy1SRG88fq67SkZZVvWS
-            a7HnyFBYYdEcHxs1KT3FfGTRjr9vLRmU5+KNcOo1AYM9xGERmqOjrA==
+            5dQEs08WfnIucemMprC2TC0+M9ULfow8fugZfj/bg5P3qmt3W/eHlg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1epz92k2rkp43hkrg3u0jgkzhnkwx8y43kag7rvfzwl9wcddelvusyetxl7
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZVXZoaEtpZGF1OWViK1A2
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpYzdPd25RTTd6cnVISkRE
-            OWtQK0xGT3crYXZzZUhpc2hleUNmY1VKc2hBCml0RU1zL01lWWhpUmYvQmJqKzZF
+            alFNVlk1L28yZUtBbnVJZCtwbVFkMG9IZlFVCnNSMWpqS05CMWRNZzh2bjBUak1M
-            OFRMSkU5NHVSL0hiY1B3RXZvUTZtZDAKLS0tIFM2T2szQUFCR1EwS2FLSFRsTXhI
+            ZmR5a3laQTI5bFFjajg2dnd4QStPc1UKLS0tIDhiNmUyc0hYNHdIdEt0KzMrQlRx
-            dFFEcDFWT3pWR2JUNFpmTDdaZm85aE0Kh4PD2b/cMOtL5k/mBzqvympY9iD8KP28
+            aXFyc1A1Z29SRW54bnpBdW9JMVR0TWsK0bd4nTajZj0f0wEba/SJfVTNlSn7lmgp
-            jF95w5ED53hpTjYJmeTC3Buk1FcTzSitt8MT1RGI4SqlF4D/230bbg==
+            hsp/D0/s5SHeCas327RqJi/9dlyPzJdKc7x5nwLpKZqUj0IihuVBdA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1mmpdvzy6d23qyhrl55jtv3c25pus2wwfplx9tujmqps2xsreuv8qwc6gv5
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlRmNQblgyM3hqQnlTeE5h
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPOU10VnphenQ4T1orajNo
-            d2xOQ1ZUbDdGY2VJR2tvSUdBYTIvYm9zNm1NCldleVZQRHc0bktvcnAxSk5aOVI5
+            d09GSHJwWGlmWndOM2gxcHREaGZTaFFnMFQ0CldzcUZoMkVuS3RoaXJLRGRHQ3dD
-            UWpWOGdxSFN0V2g5TVRoc0xGaHhZL2MKLS0tIG0zNmRNbWp6ekxjTDZzMitJK0x0
+            WVl0L1YzYUtVdDV4Z3JRRU5wbWFIakkKLS0tIFJlclRuMEJOV2R1YTJ2VHVQdElT
-            Qnp3ckswMmdzRDhBUzVDQ0NLVkFzTUEKsUE9u8fzqEOhbIffeF1nhP2yPv21yZoN
+            QUpVcU1QYm5xbGhVSFoxY2k3NVlBMWMKRtC+z5uOAIxZLKoVNcHqrZgLbYRyHmCs
-            llKJ5FDD1/SFmRlxTLRaAOXxTFbVwwexh17i9bGAUKyywyXXijZcSQ==
+            Oqn1KZheZn7e66Vx8Yddt87DY6Gd0nUYOogZY3yoQFeTFbw1/jVxAg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1m7l4x2zdgn7akgg5mkm9quen3u9sm0785tzm7vl000anuqrwwg6s5urenn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBcm5wMERZMCtiaGpEWWxy
+            MExUZGRUU3hUcURrOWROK2FIQnZXelRlU2xBCmJHWEhqOEVGTFBNRktEUUVsRkxj
+            TjZmVHFkdTArOU1DZ0s1dVpmRkw3djQKLS0tIGxjNXB0N0kzSUZLc1RQelFJZmIy
+            RFc0Vkw2M3VkQjZMOHJDd2ZTUWh5bjQK0VcnCr0PwnVh0CWfQZTJIVsyRu1jmcuT
+            ntr2M+xj1dtbAiLUffg4T8qszb8fDMr0X6y11CJ1AZGC1Kgn8AwJiA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ktwclxa640l89le6yecm8v2z6hmwr4lusd6x9gyzamhv57887szqtqp59a
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCMUNURWlHYnExZW14d0Jv
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZL2xVWjZGZDViTHR4dEFi
-            QXIwbklNOUVUQnE4MFUwWlRxcWQ5d3BlQVJnCmUxbDVhVkJ1WWlrT05FUWF5cWQx
+            QXRaNGtsWElTYWt2K3N5WDd2QjgwQ0prRVQ4CjJ5azl0WWc3UnRDWkVVRThTWW1R
-            K0RKTnR4bmlBSSsxYnIyQmwxT1MwNmsKLS0tIGlxclVTMXlscTRNRVFsdjBUSkZF
+            TlVSUXhBM2JjVDVVNThpZjgxRlEvelkKLS0tIDRGdGFFYVlqWUxzbTR4U0ZBaGwx
-            MWhDMU54Q05EK1kyNU5pTjRWeGNtTjgKNciChLoT3SoVSSVNUqQwLxTM9HeTQeHX
+            UUVnU0x4cUFDZkRJMlJHMFc0cng1bHcKKFz0Jo5h+7bn+7x+aQ4FxkrgV1q7BZuZ
-            VUEooMETXOkdcnRVbJMz1nIO9PCqFNXK0DA75fkpBSYpAGRsVZZ2UQ==
+            qCuvYONfNW2AHZX5Lik2zmBfrze34ELBaOECcYhTVk7RfiNuyH+S0g==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2025-01-05T13:49:19Z"
     mac: ENC[AES256_GCM,data:i7t/Hb5aW0lIvPLk84geQ792uUGP25vX8FC7kK/3H19tz5i4zsIcvl1d+oB5gJ004gP5pRogcuKL1xHUUl+A0UXXNzRpxc0BBVZaxnIhjfPunORbmZeJQRP298tQpvYYqI/pGhjrlit37U9jecGf1l12Cgv97sGW42d2F+S2Soc=,iv:My21fMF3SEr6mg2+eh8KA6B8tzmQVEDy2BG3hfkafrU=,tag:xdU6j8ti8Z68rbiRxkj7Pw==,type:str]

nixos/machines/nyarlathotep/backupKey.secrets.yaml

@@ -8,38 +8,47 @@ sops:
         - recipient: age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwU20wVE1YVEtYYnl6OGNu
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZV0pVY2FUV25sNUFTU0J1
-            NzZkNmxDQTNzTXFNdDFTM3RuZWdPWlhLSWdnCjhSVTNjUzE2bGF1KzhpT0dLSXZN
+            amxNYnJ2ZHd0c2psZC90aFVDWGVlUWZVSG44Cmk1VUZiWGR0SnFxdGlQUEUvLzIv
-            Wk9BODZGOUR6d0dzQ2FFQ01tTS85bEUKLS0tIEVYYU5jTDBVZkRkZTFUUTJmTGZL
+            Mkt3dTNQbTREblJEMFRNY3FNUDdrOTAKLS0tIG9UTTMzRUhLbU1SQjhsTmhmT2dz
-            eUJUMGpjSE40SXZ1SXhKQnRJN0p3OHcK+VCaqOcWZcLA4NW2G6xRGqZE4pMet5GF
+            aGVJM1hvbmNjWkpGMnFkc20wRlBkV28KBANy0/l04snTsNHWDnxEOObMVsLzNmYx
-            68v9wJvY765fZbBMo1GS9ImxOrXSxqqXPI7XMbFnUskNthd6y1y5QQ==
+            gs3yXgXGAHFWKLGvrwXPo3qRsW63hFt9Ujtd1YnjMLobisbi6KyMlg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1epz92k2rkp43hkrg3u0jgkzhnkwx8y43kag7rvfzwl9wcddelvusyetxl7
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOK3MzU2s2QXpOblNSRUJ2
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoZEhvWXdNQkpEaWd3clk2
-            Y1RPM1p0Ky9xZUtJVVdEWksyenVKTG0vekNvCk9JZkFHeFhhM0piNVJtV1JqcHV3
+            RTNkSHZEZ2hjNy9ZWnRFUHJQcURhVWVWc0RjCktWZFJScU5vZmlZSEU3dkFPYlc1
-            WVR4Q2Jkd1hxN1N4TUxoL2lnSEMrMDQKLS0tIEVjTUZNd09FQVpxTXo5SXVoenJv
+            VFI1Qk1rdWJwNG5JVk5XQmJCZk12WWcKLS0tIEtqYWplZ3cwT0JnYzJHUGpFYmhX
-            UVpqSW9BN3k5Ti9HRWlZQjdCVjBZK2sKv4EDhNZp8i6X3kh9ZHprazDUyeMwxeZv
+            UVJSWHAyUE9iUnB6NVdQN0ljQlkvdlUKFHT3cOT3qQ0LG2H0ve0yY+KYr1y+Flir
-            +2cPHo8n2onlYBayDvjWrh0RhId2s8WOC592GMoyVx4U1YY/qxTJFw==
+            LFOfTga5xhp1P436tmpJgLHz+XiGh9Y+tjw+F5Rga6WWDAONPSaf7A==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1mmpdvzy6d23qyhrl55jtv3c25pus2wwfplx9tujmqps2xsreuv8qwc6gv5
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRTVMZWllUVhMM3FiRjR5
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3Q2d5VkpkN2FwUVhjaTFL
-            dFRuRVZ5b2dxNWxQYTFXOXJvZDZLcFlXQkg0Cjc5ZUphdmlybEgyYWc0dWhzdUhn
+            dXZ5QWdCanJ3c1ZsNjZoZzNTNWJoeVlFUzJrCk4vQ2tEUWJXYllNdTF5dC9wazNC
-            ekg5bnZKYks3c1JBRXpLeWtyUWt6M1kKLS0tIEN1dHN5TXU2azgxZ1MzeFEwVmM5
+            T3dsbGRRN2tlMmpSVzZsbkZoSlJ4RW8KLS0tIEUwdEw2S01JUVVRWmgzbnJZcjBm
-            MHZ5SmxhcjZHMzllN0phby9McjcyeWsKSljECJAJ6A59UJFR4uzZU2o6cmAOhB8+
+            M1BKdUJEbllIRHFEcFFOd1NZV3hENmcKcefMMU+/yirj/fGLBoYDJpU9Mjdt20m0
-            jIfZYIVoKt1GSp6vPBg7XejkeZ/e1FlREWEZ+9NxNwG1G+2fps68AA==
+            +ZQHIrFTlucKrRu4acI5/6aFZOGElRZMPx8aH1eMOPsubIdzAqnQzg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1m7l4x2zdgn7akgg5mkm9quen3u9sm0785tzm7vl000anuqrwwg6s5urenn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDcm9GSjdKU09Cc1VocEFF
+            R1l6Ykxpa2dQSWFoT042QllyUFAvOW5Wem44CnpzM1QwRzQ4SklOTXA0QXpDSEQy
+            S0JPbmFESGI5TTA1eDc1SUhMYUk4clkKLS0tIGNEalN2bURhbzlVWFdCMmRLdC9y
+            VnBRZzdBYkIwdzJObGZyVnRLZ0x3M3cKYA8mXXkJ3ddD5feXkFYGY+vHsfexLKSD
+            TFrz4O/ttG6zjKo3cfC+0ngVWaMgEb7K5LVK5A9wUu709+mGARUdQQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ktwclxa640l89le6yecm8v2z6hmwr4lusd6x9gyzamhv57887szqtqp59a
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKeWhCR3RqVHVLTnl2akox
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvVU9ka2JjVFJzR3o0bE95
-            Yk9tTXNnM3B6aUlLSFVyM3JCLzh5cVRkcVZnCk95b3FPVzNGZHo3Ty92WE0wMWFK
+            dVBkTDZxQlR0d2o5VDNCMC8vVmlvZDMrd3pBCitSYnAxbTh3eTZYTE5WNWZ3ZG5v
-            Vmk2ZHllVG03aXNFZDlta1BWcFNOeVkKLS0tIDFsRWJmOEZ0ZGN3THF6U0ZqUEFG
+            WUs0em9QWllvSkNLVkxmK3hXb3hOcWcKLS0tIGkvTStodnBYTHE4am1mNzhnTWx3
-            cC9ZVEFxUUJIWXRvS05PdXI1MzJob28KoehQSuQwkbOQyYMLj0wnHKo2fsqF8IA1
+            aTl4TVRMcy96aUpwNkJDQzRTc29FYW8Kz4Rx+5TqSWgP5J4L22qzMXT2pvUxEe2N
-            m1MhZbCeBti8dYshRc6C7ktYHQgZ011+Iu1v7eZD33wLvNPf7CUxlg==
+            c0BRgL1aN8koscQxmuB5lYiKhWtuiCfCMysnCX79C/pLVcbSRm+FUQ==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2024-11-23T09:05:51Z"
     mac: ENC[AES256_GCM,data:yYBzhvg1g9GQk+Os6wkzNE3FyXIp7N2AnxuzPfexoA0aWXhYD2zQ7ylTiRGZLkbSODezXT0pD9sjYFN8yTXuY5HMIlCYSCPQGIUblZKRqB0EES3JyhQ4bULCMO7pXrsIuAICzoWM9vn7RQ9cVbL3N2rocYiSURhsGuMA47d3QFk=,iv:xS/am6/hLq2sQGB+vMzS6ZqmFr1ZOIDj1l6b56nVMhE=,tag:erNYX6U4/uSlSUBpN7kKiA==,type:str]

nixos/machines/nyarlathotep/configuration.nix

@@ -4,7 +4,6 @@
     ../../modules/mail.nix
     ../../roles
     ../../roles/vm.nix
-    ../../modules/vmNetwork.nix
   ];
 
   # System configuration here
@@ -40,7 +39,6 @@
   };
 
   networking.hostName = "nyarlathotep";
-  vmNetwork.ipv4 = "192.168.0.17";
   system.stateVersion = "24.05";
 
   sops.secrets = let

nixos/machines/nyarlathotep/dkimKeys.secrets.yaml

@@ -9,29 +9,47 @@ sops:
         - recipient: age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6VnhvWHdsZWNHemlueFo4
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJekVDYzVJaHFlYlNadWdQ
-            L0xCTGp4NlRuU3YwRWJiSHFBbmtURTNMQkVRCnlSbFc0Q2xINjRvU2tQeStQc1U5
+            cDlueWRlZWcyTlB4bVA4dElZWFVpZUF0SHpvCmJCb1F4VkJvV2lPdmJMS3J0eHBn
-            VElxcTVuNm9MUm01RkpGYytrYWg0czgKLS0tIHZqUWhkMGRNNjJvUTQrOHBpZXVS
+            RFVyWUdQQUtONjAvZVJSUmZpcnFMUWsKLS0tIExuOUtCTC9Xb3g2YU1kVUdZcDB3
-            NlpjeDQxbVZIRHFCcmNtT1JSVHp1K2sKSNcC0fcOar/KKzs1twaozB8wfdFT9OdB
+            RE14Ri9yMVExNDJyek9JWVBqZ0sxZzAK3HkF0UMZqsrbtyjXO7i94sgsyJDHRIw5
-            4quV/ycNpJpfs6+2r0RTLBxYFyusybu1swosAni+PJsRXS82+PTXHQ==
+            Qgupvo8KZKPRgCUiyqoyva8VXPMemaMnfzPb9Pt/0nnMaU33SFiV/w==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1epz92k2rkp43hkrg3u0jgkzhnkwx8y43kag7rvfzwl9wcddelvusyetxl7
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsUTUzYzZuMkYvcTlrUmRK
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMSGhxN1ZId0lFbDYyYVJn
-            aStnak5IWitFUSt0eVBQOHIzcTlrMFRFTjA4CmlYUTdobXFUK2tYMWtFekNqNnhp
+            USt1eUhsaFk4d0IvQVZDYUM0SFBuNmZkNXowCkxySWdpKzJZR0pLMHkrSWdVVkRx
-            R2RRRFdHc1p6bFVjYU9lbTRBeEM3Y2sKLS0tIHdsRW1wR25pVkZIYU1yMm9sQXpr
+            c0w3WTIxOUNpUFh6YWtJdVhxU0tFK1kKLS0tIEZLVy9obEgrWXd4Q1hmR2lhVHJ1
-            NFhiN0pyaHVWT1h5eVFXMWZDb0sxUGMKIVkYYheD8F9aaAyCA+m9ZGlV8vKbAW4r
+            dzdqeERoRktBQWZuZ3RhbkFYVnVIZ0kK062yYrrdVo9SOuyY8LgfUl3lwBC2S3M+
-            H6FUe+ats30abxoYfHZfMJv17BxJtpodksSxWjnPYm0dfRf/EF/vSQ==
+            oa/osBnxzY6Wcp6j9/Yf5/pwXLdHHhkOdgS7K16Woe32t6//boG/9A==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1mmpdvzy6d23qyhrl55jtv3c25pus2wwfplx9tujmqps2xsreuv8qwc6gv5
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUOVlzM1BZSzNQM2hLUWxL
+            cHNtY2syUlozZ016YjFBcmxSS0FLajNxT0NJCnQyQkxXY1pWOWJmSmtoWUNFeFlk
+            QXFnb05UYjhrclJWb2tmWTM3dFFSSk0KLS0tIEluWGhZdVFkOS9nbUc3bjBidzVV
+            YlJucVlacmk3WHF2Q0Y3V202Skh1VWsKVuOTu7m9aTlXtLZTSW+WRm2Y7XkeLZfD
+            IozmAev+C1qf5KHoSL2mlhpzWFge0rZJpAPMxbSykGaOuPW1wXEPGw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1m7l4x2zdgn7akgg5mkm9quen3u9sm0785tzm7vl000anuqrwwg6s5urenn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzN2c5YUpNTnIyWVRLR2lP
+            dzhuUHFxVDBIUHh3M1l3TlVmV3VNR1ZyWUhjClE0STBSYUtTUVRkbmNMRVhpS0U1
+            dHRXRm1CbGhqZ1cwcWt0L1NSSGx3RWcKLS0tIFBFbDZmWDVFc3lrSi9Kb1Z1cURI
+            d3hmZXUyTUxQRjlMVWhPTjliM0FMQ0EKkKAwVQUpLXly+lYNTgqFWc8uYv288nHv
+            Wnvdx2S/6CkdzKfcrSdb75hm3+sWlrYkD8bSWRneBKytVawhMZOThg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ktwclxa640l89le6yecm8v2z6hmwr4lusd6x9gyzamhv57887szqtqp59a
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvU3NzY0Uxc0NhY2xJZyti
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0SzlST1h5bzhMOTJ5OWZq
-            TCtTS1crV3hzMXZNV3k4cm0zUFNuY2tBL0dNCnNpYytoaUI1eERhdG1PUlZ2eE5C
+            cXJJbTRjQTFDLzZvemt2WUFEcGtCbytJckZnCktsK0NXejgwbWtETnduUXJ3alNm
-            R2UrVlBwcXR2L1VNR3RJL1lEQmlTSDgKLS0tIFJyLzhZeG5zejFmL2VkYy8xVEM1
+            QjFVZDJ5UXovTllkZTVDY1NRK2Y1TzgKLS0tIGxWYjBqNkZRYXpja1Y5UzBNWEhk
-            U3QwOXlRdU8yd3ozL2hUVzRXNGE0bDQKT7SLAqICsbFmRUF+3s2avpBt0dLUbHLX
+            cGdtejVQQ2hsbWNlTkMzVWdKVm0wYU0KVPSnMAsMt5QlArKokgmHbRp/+UcFnWzi
-            AgQzx5v6GpMMNwCkCrOnpFX6al7zkRSYHe7hbn03BBORz9mPHek5ew==
+            PWA1Ypkz8SrHtZA9XNeXeav2uRHFVHn7gYuSi9aGojfYJmwQTtbrRg==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2025-03-02T07:58:00Z"
     mac: ENC[AES256_GCM,data:OvERjDFfHTJbTfwq9BmXBQy6pjeyIhao6zP4we0KeYL3skbw4+aaMixjUFzjauby0C7nJjEPBSk6pwK3lN+rScS5g7J8tTNtmhfEDQbfsS5zNDKzIQjYxbUbDr2cTPWwCA73gRGMwLbyNvdfuEp46jNV8OJ8km/y2nyG9lDcBb4=,iv:0RSU2MdZWiYEapwXGzevP9/vc/Sk1MS6a0MnCRQyIs8=,tag:vvngXS2IRzH999yzo4JyFQ==,type:str]

nixos/machines/nyarlathotep/koma.aliases.secrets.yaml

@@ -8,38 +8,47 @@ sops:
         - recipient: age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLYmxCQk5RdGxjb3YraVhS
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtamVaWThoN0ZpbUpQRDJw
-            NGozeUtNZjBISFArMk9iT013azZUdUtkMVg0ClJ2dFpsUTRoWmlaQjFTOFBuUnJ0
+            bGpBemtNb3AraVBzSmowY1NhUlp3UFI5WFdRCmpPNGtFUSszWXZsdzhVc3dNK1JX
-            dEZhSTd2c0JRdjJDdTRacXRMNk5rWGMKLS0tIDQ5eDk5NWdiQ29Qd21jcXE0SWFI
+            ZDRITHVYaWp0Rm9xRkh4N21acWlQazQKLS0tIFF6S0d4czY4a3VsTkUyOFIvbTdu
-            Yms3dVFmT1NBbEZVNENraDVzcmdCYkUKXUpP2S1BNrZNVJWpHOeRljieo0WnGsfF
+            YXVTZzlFMThxRzE4Vkt5a3Ywb0dzV0EK8jYbkEosl+jhUB9HooENR7afTYEjf6FM
-            DKsc+3Xa2T31ISsErnM2nC+ie3Xwhd/W+kzvWaIpZDw+jYHreVTM9g==
+            ntxN8+Ik0ui66nZjQV7p8B8bEa2VObWp3QkkJMHu2RzsfcvybyV8bw==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1epz92k2rkp43hkrg3u0jgkzhnkwx8y43kag7rvfzwl9wcddelvusyetxl7
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyVGN4bW1FMGI5elpkWHNK
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArNW16QTFva3R3a0VseWFB
-            TXVEOFh1bWVyemxzS0VOdmNVZFp4TSt1d0JzCi9ZQ1ZJd0FoTGdWSlEvTVh4VmVU
+            QXRaQzFFRmE5RDhsZThpeTNoMW9YeWN6bDJZCjRaOWZTVCtsMWVYTWlUWlpQcldI
-            MHNDVk9oYlpVWlBvTktJbWRJVXFvSXcKLS0tIEMvTCtmdldOYk0wTlUxSXZqVGRn
+            YjFTNHdVT3hrbm44eW1JdjVMdmg2UEEKLS0tIGJRTFkrZlpPZlJSZXhTckxDNDV0
-            V0NZYmQrZzQ4c2t1OFBKazY1dnJmU2cKHDw0nsK2EODeR6/ouZXAgxIXTf55iI87
+            elRuK3pxRWVJU0YrY0tQbDFtVDF0ZXMKVjD832/sHWsq8wVNdCG32aOxURoC/GMI
-            mvN255aANofIKW8/by2mECU7fRRkI1gZn3lp7vy8iUPb0979A795Vg==
+            RaBkivFaY5VH62wBiGxysVR0wAzhomxotaXBQb1oOd17V3vzzqgbKg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1mmpdvzy6d23qyhrl55jtv3c25pus2wwfplx9tujmqps2xsreuv8qwc6gv5
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArUW4xTi9pL1IydVIyL1dj
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqWnhTM3RpUFNyY1ozK2ZB
-            SmJGYVhaM0swZVRSNncwdjY2ZlJkeUpCRFZJCk1jU0NnbFBNdzBTVzY5OE5MbE42
+            ZVBaYkQyN1QwdHgwUmRXYWpvV1BFOU11bTE0ClYxWFJCVFQ2MS8raUFuL0dmVXNB
-            OGtTTy8zcTlkZlcwY1lpSDBQNEluZUEKLS0tIFVTWHZCZ0gxM0x0N2FPeHNuU0VO
+            UXJwbzZLV0FEVkpHdmM4OHNHWnVQakEKLS0tIEdJczRjU2x2NmltbDFPanNreFZz
-            U1JReVBqMDdrTlJ6NWhsUWpqUU5RREkKjEBva2DIWC8b7FdE/78zWeBCjHqBXY0S
+            UVByUUtOZUpFQ2lZL0FRMmZ3OHdNV1UKpCl7y66hRcrfXEbzdWmmqGalmLF3mtpb
-            c2gEh8aHDoI7MRndSqoye6SLmqZsF5SDAcPT8BJs9OnXjB4V8t+iQQ==
+            I2SBDnFrDXwGzvEm4ws/kmUtgwgs1d3xlHfLpLlzEXr5yv2V9o2weA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1m7l4x2zdgn7akgg5mkm9quen3u9sm0785tzm7vl000anuqrwwg6s5urenn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDZmRpZWZCSlFRblpKSDN5
+            Qyt1aHVITE1MY2lqQkdjU0k3WTFkRjhpcWxrCloxcnpXMDViQ0g2SXJKYnRIMDkx
+            dXJjTnRaVmx2bmkwRzV4UUMrOGljYTAKLS0tIEZibUJGQTdadUhhZ3FlUy82ZVAz
+            NVJKdU52TEFqdzN3aytDSXZOWTZadncKSpoePt377xcWNOQDY0vC5NTAi4eez4aB
+            FHEcwI3IVEaqBT5BX+JpZY+JWNDwmZWPS9oxyvAmMXa9XRtzbYElHA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ktwclxa640l89le6yecm8v2z6hmwr4lusd6x9gyzamhv57887szqtqp59a
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwdWNRN2dRSHV1a01pK0FG
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyeHdkYnAweWQrbEJHYlJs
-            MjR4MnEwTmhQQ1dKQUNoRnFvT1ZnRGh6UVZRCjJsdDg1QkVyMjB3SHVlNnBITDFB
+            ZXJndlhJenVkRnF6N2w5ck01TUxPN21GVFdjCmlhVXE2VFJyY1hIT3BPOW91YWk4
-            V3d4VUVhNFVieHpTUkwrKyt0Wm1uNzQKLS0tIHRpZWZaenZWc0RPUDF4WFUzTWlQ
+            Sy9CdHhCeXJIRHpvZ3drZlJOY2xYOWsKLS0tIEFYWFZ5UlFNMlRxSGVIcjNrejJ6
-            cEdrMFEyL1doTjA4Kzh5cDFvbGxFUTAKplJpFXx3UJ102IBvvaTyNPbZ6t7MM1kr
+            RWJIQ3dON3lqQWdtdjdXWVZwZlAyS1kKuP3J9QpVen82D/BRksJyk8TQtsWp85yQ
-            ORpuT7HHgMSfT+5EDEbUGjyGbxJIZu8R+bv56kW0nJpXHXUPdLqQ/g==
+            3wvod1vT5Sg4wW7ELejgXJG7M0UI++47z99/LF9vZ8xU84ameGDNlg==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2025-02-25T17:41:29Z"
     mac: ENC[AES256_GCM,data:lZ9AXtJzVuc8Jg9L0aGhS18cs8pTjOG/xNP2tG25/7/PEdEV1SNwbxubGQOFAHrNbiDbmJMKJq96mhV8e3tHszlrzQnU1uyu9MrWiAYwV3CjmwSqC4J9ezSm/AY9e9+OWKn6sb4RVsz9A7aDGUhhoZMycnPNRKlpTuzdTIJK98o=,iv:LxSsZoHkJ2HFXBLWkw+SUb/LYW2ciE1DtzpoV4YLOwQ=,tag:QeYmreRGZk4PqlLWJLLD8g==,type:str]

nixos/machines/nyarlathotep/mathechor.aliases.secrets.yaml

@@ -8,38 +8,47 @@ sops:
         - recipient: age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnamd0eEV5ci93VE0wYUFk
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZc2dLY1c3bnlkYmVtTVBh
-            WjFKdHlvdUUzcVZKOXZqWjlibFlWbzNyY0EwCkdibGxsU2I4YlhkTXRtRXpQY3RK
+            MGs0Uzc1a1kzR2hEYTJvckV4eGN1eHRNNFZvClVmL3E4ZmhXQStUamhjU0dtRGZK
-            V0E5SEZaMVJHOE1xTW5ubzdvZEJvM2cKLS0tIFlhekt6b0loZFkreFRVQ3gxVHhp
+            VHVnL2RuS1puMEo4b3RxWHN1MWpCYTgKLS0tIE83VzFBUCtDZzBjT3ZDQ2hjcWpq
-            MFZ5YjRlTTBuUU8zS09wU2pVakpXc3MKVg6OF8lgYRzlCgQs0/YADdQkKeXITevl
+            cmxZSDVQZ09ZaTF1eDdva044VFZJTGMKVWfLUnzuacKEApElMrf1zFNUh+g9d5Ub
-            LnA7J6/rCLt04YXlsp2GzvFJpXTdSVU9E7MV+bNS8e2ilgpFiBpZHg==
+            u5ZM9ykLVZrY6XYr+cP+OlDfdOW6+DcDqeCu+wpUoj7NqJYIGTRTjA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1epz92k2rkp43hkrg3u0jgkzhnkwx8y43kag7rvfzwl9wcddelvusyetxl7
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWUkVPMkd2UWJha2RuSm5B
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuSmtOOGtaY0hJY1REaXdq
-            UlNGNnNiSituMldmYUhyT2RqSU9XZThySFQ4CjE4eHFIdTJEenVGeHJDaG9LY3N1
+            NWIyWTJ0V2NLMFhscStURFFJVVQ1bFVvS3o0Cm1hK0o4WmFkcmxiaGpnb2xyclpx
-            WTNmVWNTcnlFZkptTGsvdzBLeWNqdkkKLS0tIEhFTUYxdW9ERkpoUGdVYVg2ZGFv
+            RnRIZEVUcHc2cmgxTkk4MEVMNHVtajAKLS0tIFduNitLVHhRYkJIWkNpRWRlaVE1
-            a3BWVThndTcySTNWclZ2bDZqUkhMSjAKcwml/zw7suq80SiC2ll1g6TZ0Z+lYA8w
+            bExKVWZDSjdOK0U1L2ttUXRyL2U5MFkKFXFLOQ/6wyWyI/XEkgWOE5IQ9KzkpBUl
-            cKrVjXRbF8hZJUafcqnkeX2UlAWEriRfSFRksWlJvU3bKpXcpr+eGw==
+            yACV70Wl4kGNs8U3PIPf3UD+M4WwbKGcZS3cLTmXlijbh6bCoJdC2A==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1mmpdvzy6d23qyhrl55jtv3c25pus2wwfplx9tujmqps2xsreuv8qwc6gv5
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUTGhoZmhBcHZMOUxhSEhR
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOZTNXdi9GYTNZV1JZSWp0
-            TXYyd043S2ZVWlA4d3dxTjEydXQrR1BHQVNRCkZab01nWlVtUyt5ZkxQeGw4UEd4
+            ck11Qmpzbkl3TmZHTXdKT3Z1cEkvQVg2NjJrCnRPVm5yTFBWb3Q5QWljWm9Eam4z
-            c2RwY0IxVkRweXhoazZEU3hqRkEzdG8KLS0tIGhLQ0ZXaDdTVHNpcjNYWVZBL3ky
+            dUR1bmY4WUl1SVQ2S1lJK1JsL01sVmcKLS0tIEUzY1p3WmVIOHpvUnE3TkVnN1lw
-            Z3cwSEo4OWpxUEthMUs5RkdSRjM4eTgK2H3gbR7LFy4H93MGVeuYT1KyIfJVT7Vv
+            anNNNFg0TU9hRDZCM3VWelZYRlIybU0KymqMqMpBX2yYvjEc1AnbhDqhxWSp18zs
-            vVj+uj0iWvEhj7KRGzai8KenwqyQh8bjLdV05HvV+EBNNRpIvukmEA==
+            YQCL8kXndPzpKnPrmPFrTMEVjjoMsQWdYl6NydkVyi4eqnzoEUPfnQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1m7l4x2zdgn7akgg5mkm9quen3u9sm0785tzm7vl000anuqrwwg6s5urenn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4anlTZVBTT1U2RVJ0SXBT
+            cEh3SVd6cGk3OGxoaFJCTldkb3UzMFZvdXdzClpzRTl2RFNvWlhBMEhUU0pvd3Y2
+            WEpIZmVGa1FpbmJxR1dWaGNkRTBhQk0KLS0tIGJZb3dJbDE5YWxhUzFzZEtVR1Ur
+            TjJERlNCbU4vOVkxQWxUQWhCVE1mRkUKlM45rlmhxlwnxmJTyT7Ee+zZx+DBgYIt
+            gj2OsZqRMSbY+zsKm/fvihb7iQm6hN9NSNjP+raCeS+w3RGi0Q1Fvg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ktwclxa640l89le6yecm8v2z6hmwr4lusd6x9gyzamhv57887szqtqp59a
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTVQyRDdGQ0E1VkNBZTNZ
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3VDhFZmpzOWhyNkdKL0RZ
-            cWVsYjN5MVlKcmR4c1VOVnp6UGdDNENEdng0CkVVZ2orOTgwMC8xeE90Q1d5bkNP
+            MHd6cUk1aVF4NEsyQ2N3REJ6TzdtdzhmdXdRClZYKzB1T1pHei9ydWpLbndCd3Bl
-            OUh6L0FzZ2pzclF4TVpwUHIyRWNYRzgKLS0tIFZLVU9wRFl1bW44d25zRmRqRHJQ
+            cFcxWFVIQ3Y0ZUhwaW5jbVlCNTZoeGMKLS0tIDhIeTRvUzF0WEh0d2VZdStWV2wx
-            Z1I2c3h3TVIyeTNYSzhGbkV3TVZ6dWsKdxp5Lqlkk3Awa/G9OwaCyHBM4OHxu0Gb
+            anpiQjlYYnVKVUJHNkFwK2htTDg1TDgKd6cVLn+S6og9RPr0mzNzVZlYFuLukfae
-            cmzw0frdL7+EUiLzxoi7okXhMluj9R3G/lQicDq0+5tCjDRPkuOHcg==
+            YD/4tkL5SKLEYWXO1FgnoO2G5/hC4Z8i4sLpKsV45iWm+AQZk9zWvg==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2024-11-23T09:05:51Z"
     mac: ENC[AES256_GCM,data:Xnulo0681LtgH9SZt9DL3nd9bSDH+TCQDvbKdggVBJ66rxBiKmlbu5MAblAWqxbdZ6EelldaVeX9OaL2rYJoYbTWxzw2iuPieldp3Ah3PsTI2C8W+UD9KVHcB+3AMOmVmJZzFlZvTwyfPfZRNNb0HAijkN97P3fP0r1Iqf3YjiI=,iv:vhu38HM4e+PyyChXvI87LWSGtKQQiXUr4MKrI7kotzk=,tag:eNuQD74kUO+duqEXNbLJBw==,type:str]

nixos/machines/nyarlathotep/stalwartAdmin.secrets.yaml

@@ -8,38 +8,47 @@ sops:
         - recipient: age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTDh1UjRDemo1TjE2VzBy
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwQ2RyL243Q0Z4U0ltWHhY
-            Zkh3NTBVVmhVL0oycHJCRXVnR0hnSWJTakhnCnNza2o2NTFHTGd3WjliUlp3M1BR
+            UmtxWUEwekdHanVNQk5CczhvVCtJTklYM1VvCk9kcWxmdjhoakpHRGFnVWtvak92
-            VVltaldhcjRUSXdtWTd0RHBoNS9UM2MKLS0tIEJTOWpxRURGcStmbUs2TzBSN1FC
+            Snl6eWN6aTRIRS9RZFZCOXNxMFJ5WE0KLS0tIDlHUGhoQ0hlRWNkSElsei9WQk82
-            YVArVzdqODYvRTkyVFRVSERiU0pFMUEKxiFM8xnNtQvAPeuSd/rAhRveqS8dlp7Z
+            dmtWZEJaSXBOVERMeDFTSmdycWtSb3MKlJXD4NDOQJlnlmroVvpnUjFZ1TtUQZhi
-            N6q3vXaL72Fb3KOMKN47OXE1Fevra5IyB51Fc3NDX2VQ/H5dg7xN+w==
+            tRsCWvuF+HIfp42wlxsQG34T5ql5ngleLvAvwksKYTugLzD36BRDQg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1epz92k2rkp43hkrg3u0jgkzhnkwx8y43kag7rvfzwl9wcddelvusyetxl7
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGYU50QytQQ3hVNUg1cFp2
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqN2hpeCtBemdrdmpQMGM5
-            V3lQUWJJczlzTG8zc1BoRnZEYTFMS2NYeUZJCjRPRXRnMDB2ZGx5ZGFpTHB3Zjgz
+            ZXFSTTROZ25QMThDeFhRZllXdEY5bWVaSEFjCmFFbFZJbHNabzBrdEg3azNtSTh6
-            Qk9XNzN5ZjRpWFdKdndEd1oxcTRUYXMKLS0tIDBZYzc3SDdHVXVHMUNkV1RaZ2tz
+            WW1GekpVSzgvUTRSVTM3MHhoRCtCcXcKLS0tIFdwMDFBb3VyTmVrbFBOU3QwbEF6
-            NU9JWWtxdXhPZTlQODFZM1FpbW1mbjgKJzsaoeNZSumYRWUbxEgdgtNZ/ykVr/Pp
+            ZTBsVWlaNVZqWk82Njh3ZEo4bjF1V1kKFi97lFr4i4vZGhRf7a8gUZoQar2BmOO3
-            ujlm5Te21pQ4Xna5yyTPdVecPPGFmIuF70F0VjwCdgESV/KbeYj32w==
+            XkLhtoPLQnSZJDYgH/mfHtdLUoI7OSKA0HtJpST/WGYXhkT+pdSCNQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1mmpdvzy6d23qyhrl55jtv3c25pus2wwfplx9tujmqps2xsreuv8qwc6gv5
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoZENYOGx0dW53b0pFSUZk
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuaTIxd2VxM0NzbXRtdlVl
-            YytGRDNyRmJWOUh3L083TkdNQ1FOTUhSSUZzCkIrbk5uNGlSdXRQM1pyYmhZZHJK
+            WmZHaDFTbnQzZTFpNnE1Z2RYRmVjZGRyNTI0CjVERGVTR29IcDl1Q3VxUVlZY2lX
-            SnIxZ05oT2xSUXdjQmFMeFVqMzluam8KLS0tIE1EbFg2ODBveGNzMWZlaHZwcXpn
+            NWZXZkRmSzNPWEFJS2o5QVpvQWZmQkEKLS0tIElwR3lDR21URHJCQUdnVmlCQUpK
-            UWNKREJ6STc0RHR4K0hIbkw5UG5vczgKhcGeG1kYK3KLAid9oQzPuJml3PEQaYwf
+            RnY5TGV0R2x0emJjcGNGRWsranUyRXMKPfgDEKkyX+IerMp2LGgbVQgLiMy3FrJ0
-            Zc9PmY7aA6Gww9RY3aUGneLSUrpcdJRY7bDsYDbwve+CNO1Ln/+oPA==
+            lzRTIynAl6xDd8Ux7yHrOxmLdLo1ocADc9nvHEOFjVmhojeLlyRr6Q==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1m7l4x2zdgn7akgg5mkm9quen3u9sm0785tzm7vl000anuqrwwg6s5urenn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRDJ0TVA5cVdYVSsyT05O
+            OWRwdUEwSmZSOGVjN0UvLy9td0NSMkk5KzNBCllMYWlBU1Z2ODZ1YkpTZmYvUXMx
+            NGtZMWZLdGlISFBkWTBTNTNRdDZxNGcKLS0tIHpYMEFnMFY2TE41TC94RlJuUWJB
+            M3g0WlJSM0RhWHpJUk9jZnZzajJKcDQKADZakgsCYlv6WiBPQ/HFBADk7UG4/NFE
+            TWWlsjfIT4mTytnr0CYWgBLYV/XoUlQD/V+ta5n6kr2DNZGHVJ7fNQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1ktwclxa640l89le6yecm8v2z6hmwr4lusd6x9gyzamhv57887szqtqp59a
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBd3FTMnEzU0xuVnZtSUd1
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByS0NucitnNVFDZXNGR1Zu
-            dU1YVjVZU2dST09EZDdiMHoxZ0RXTUU3RlJNClU5UXRPRXIrdkZzRkxtK2RUSTEr
+            Sm5qTk9PR0ZVcTJMclVjQmJod0J5K3hZcmtvCi9tY1YyQkttc3hUZytkNVRDdTlK
-            UEltNTlnWVRzOFIra01PNk9keW1YU3MKLS0tIFl3Z2szLzREN3ZBeW5pUUE1VmRh
+            VVp6VUQ3TUE4QSsyd3VBZlBqdnhBamMKLS0tIGo3Uk5CZFhMTDlUSWJqallidVph
-            YytJNUt5NWRncmJua3o1NzdtK3JnekUKHgzr7iAqCfPT+oi0I3yn7CrhRLSXsKv2
+            VlVrUUFFVnF1eFlUb2h1MkJqM0I0NzQKVi6jGebwn2AFkTVLF9OkdWJ3wWmNgKpI
-            TfXTa4G88ume9S/awMF+iZigX5ubGHVOeuvOwuPY+EdIDY4E3RSfgw==
+            IuJramt9a9I72F+laUpjtX4hwwlRLIU/GicUux3/y8j7GjwkoxdMNQ==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2024-11-23T11:43:23Z"
     mac: ENC[AES256_GCM,data:GZ1Q67n43WU3fDQd6SGsD2EZgoaq1mzh5biy42cx6FQWlveK5lhb0F2HUuWWv5zSHKpslEPD6odvkQmMNCRY8NsvT3+KBAnHHU0aHzM9AEV27cDL4x6oBvO52EMxsNCMm+fXPD1CubQxfbfvx/aIuqb1sovgKGgwf4u6yqIrHJ0=,iv:ExX+ySMXhF/c1w2IP7y8mdlcy8W9Zxiy6X67b2f4AeY=,tag:shxQJdaW3HsG6sNY+zDNCA==,type:str]

nixos/modules/mail.nix

@@ -98,8 +98,10 @@ in {
             domains = ["fb04184.mathematik.tu-darmstadt.de" "imap.mathebau.de" "smtp.mathebau.de" "mathebau.de"];
             default = true;
           };
+          # HRZ/DFN does spam checking for us and this way we don't need to deal with their possibly broken forwarding setup.
+          spam-filter.enable = false;
+
           # Reevaluate after DKIM and DMARC deployment
-          spam.header.is-spam = "Dummyheader"; # disable moving to spam which would conflict with forwarding
           auth = {
             # TODO check if HRZ and our own VMs conform to these standards and we can validate them strictly
             dkim.verify = "relaxed";
@@ -358,7 +360,7 @@ in {
         # We don't want this in order to not need to persist borg cache and simplify new deployments.
         BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK = "yes";
       };
-      repo = "borg@192.168.1.11:nyarlathotep"; # TODO for https://gitea.mathebau.de/Fachschaft/nixConfig/issues/33
+      repo = "borg@bragi:nyarlathotep"; # TODO for https://gitea.mathebau.de/Fachschaft/nixConfig/issues/33
       startAt = "daily";
       user = "root";
       group = "root";

nixos/modules/mailman.nix

@@ -117,7 +117,7 @@ in {
         # We don't want this in order to not need to persist borg cache and simplify new deployments.
         BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK = "yes";
       };
-      repo = "borg@192.168.1.11:lobon"; # TODO for https://gitea.mathebau.de/Fachschaft/nixConfig/issues/33
+      repo = "borg@bragi:lobon"; # TODO for https://gitea.mathebau.de/Fachschaft/nixConfig/issues/33
       startAt = "daily";
       user = "root";
       group = "root";

nixos/modules/vmNetwork.nix

@@ -1,48 +0,0 @@
-{
-  lib,
-  config,
-  ...
-}: let
-  inherit
-    (lib)
-    mkOption
-    types
-    last
-    init
-    ;
-  inherit
-    (lib.strings)
-    splitString
-    concatStringsSep
-    toInt
-    ;
-  cfg = config.vmNetwork;
-in {
-  imports = [];
-
-  options.vmNetwork = {
-    ipv4 = mkOption {
-      type = types.str;
-      description = "the ipv4 adress of this machine";
-    };
-  };
-
-  config = {
-    networking = {
-      interfaces.enX0.ipv4.addresses = [
-        {
-          address = cfg.ipv4;
-          prefixLength = 16;
-        }
-      ];
-      defaultGateway = let
-        addr = splitString "." cfg.ipv4;
-        addrInit = init addr;
-        addrLastInt = builtins.toString (toInt (last addr) + 127);
-      in
-        concatStringsSep "." (addrInit ++ [addrLastInt]);
-      # https://www.hrz.tu-darmstadt.de/services/it_services/nameserver_dns/index.de.jsp
-      nameservers = ["130.83.22.63" "130.83.22.60" "130.83.56.60"];
-    };
-  };
-}

nixos/roles/admins.nix

@@ -29,6 +29,15 @@ with lib; let
         "nix.mathebau.firespike.de-1:OmST0YGbAaBjPo5xSM5Bqwk6/W5o7B5CnW/NDr0NacI="
       ];
     };
+    totallynotadolphin = {
+      hashedPassword = "$y$j9T$7DJ8VXEx1oB1holOY5U5q1$rSeGtWxDCWeOLpqmmkxYe8DCnb6uowUWafMGODTPQL.";
+      sshKeys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJRXBT1k40iWHwMVcStnV8jbpXbT3DXrwRURC+GkxEuc dolphin"
+      ];
+      nixKeys = [
+        "ocean.mathebau.de-1:G3Jz3mErIy8Mq8Ih+A5pbwDrx7vREcOpKgY8JCQ9dAk="
+      ];
+    };
   };
 
   mkAdmin = name: {

nixos/roles/hostmap.nix

@@ -0,0 +1,57 @@
+# This data is taken from /etc/hosts from azatoth
+{
+  bragi = {
+    ipv4 = "192.168.1.11";
+  };
+  tsathoggua = {
+    ipv4 = "192.168.0.13";
+  };
+  nyogtha = {
+    ipv4 = "192.168.0.14";
+  };
+  hastur = {
+    ipv4 = "192.168.0.15";
+  };
+  cthulhu = {
+    ipv4 = "192.168.0.16";
+  };
+  nyarlathotep = {
+    ipv4 = "192.168.0.17";
+  };
+  nodens = {
+    ipv4 = "192.168.0.18";
+  };
+  uvhash = {
+    ipv4 = "192.168.0.19";
+  };
+  aphoom-zhah = {
+    ipv4 = "192.168.0.20";
+  };
+  dagon = {
+    ipv4 = "192.168.0.21";
+  };
+  lobon = {
+    ipv4 = "192.168.0.22";
+  };
+  yibb-tstll = {
+    ipv4 = "192.168.0.23";
+  };
+  eihort = {
+    ipv4 = "192.168.0.24";
+  };
+  ghatanothoa = {
+    ipv4 = "192.168.0.25";
+  };
+  toth = {
+    ipv4 = "192.168.0.26";
+  };
+  ithaqua = {
+    ipv4 = "192.168.0.27";
+  };
+  cthugha = {
+    ipv4 = "192.168.0.30";
+  };
+  sanctamariamaterdei = {
+    ipv4 = "192.168.0.92";
+  };
+}

nixos/roles/vm.nix

@@ -1,5 +1,6 @@
 {modulesPath, ...}: {
   imports = [
     (modulesPath + "/virtualisation/xen-domU.nix")
+    ./vmNetwork.nix
   ];
 }

nixos/roles/vmNetwork.nix

@@ -0,0 +1,46 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib) mapAttrsToList;
+  inherit (lib.attrsets) foldAttrs concatMapAttrs;
+  inherit (lib.asserts) assertMsg;
+  inherit (lib.lists) filter last init;
+  inherit (lib.strings) splitString toInt concatStringsSep;
+  inherit (builtins) elem toString;
+  hostmap = import ./hostmap.nix;
+  myhostName = config.networking.hostName;
+  # To turn the hostmap around suitable for networking.hosts the following simple code almost works
+  # concatMapAttrs (hostname: ipData: { ${ipData.ipv4} = [hostname]; }) hostmap
+  # but breaks as soon as we want to map two different names to the same ip.
+  # So the code looks uglier than one would expect.
+  globalhosts = foldAttrs (a: b: a ++ b) [] (mapAttrsToList (hostname: ipData: {${ipData.ipv4} = [hostname];}) hostmap);
+  # We replace our own ip with 127.0.0.1 in /etc/hosts
+  myhosts = concatMapAttrs (ip: hosts:
+    if (elem myhostName hosts)
+    # nixos maps the hostname to the loopback 127.0.0.2 by default, so we exclude it here.
+    # there is also a default localhost to 127.0.0.1 in place
+    then {"127.0.0.1" = filter (x: x != myhostName) hosts;}
+    else {${ip} = hosts;})
+  globalhosts;
+  myIp = assert (assertMsg (hostmap ? ${myhostName}.ipv4) "${myhostName} has no ip configured in nixos/roles/hostmap.nix"); hostmap.${myhostName}.ipv4;
+in {
+  networking = {
+    hosts = myhosts;
+    interfaces.enX0.ipv4.addresses = [
+      {
+        address = myIp;
+        prefixLength = 16;
+      }
+    ];
+    defaultGateway = let
+      addr = splitString "." myIp;
+      addrInit = init addr;
+      addrLastInt = toString (toInt (last addr) + 127);
+    in
+      concatStringsSep "." (addrInit ++ [addrLastInt]);
+    # https://www.hrz.tu-darmstadt.de/services/it_services/nameserver_dns/index.de.jsp
+    nameservers = ["130.83.22.63" "130.83.22.60" "130.83.56.60"];
+  };
+}

packages/alias-to-sieve/Cargo.lock

@@ -85,9 +85,9 @@ dependencies = [
 
 [[package]]
 name = "fqdn"
-version = "0.4.5"
+version = "0.4.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3e7cf4b6cb33615d9adab21d74fd820753c532ef7c15ff556e382abde22e4023"
+checksum = "c0f5d7f7b3eed2f771fc7f6fcb651f9560d7b0c483d75876082acb4649d266b3"
 
 [[package]]
 name = "generic-array"
@@ -101,15 +101,15 @@ dependencies = [
 
 [[package]]
 name = "libc"
-version = "0.2.170"
+version = "0.2.171"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "875b3680cb2f8f71bdcf9a30f38d48282f5d3c95cbf9b3fa57269bb5d5c06828"
+checksum = "c19937216e9d3aa9956d9bb8dfc0b0c8beb6058fc4f7a4dc4d850edf86a237d6"
 
 [[package]]
 name = "log"
-version = "0.4.26"
+version = "0.4.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "30bde2b3dc3671ae49d8e2e9f044c7c005836e7a023ee57cffa25ab82764bb9e"
+checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94"
 
 [[package]]
 name = "memchr"
@@ -119,15 +119,15 @@ checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3"
 
 [[package]]
 name = "once_cell"
-version = "1.20.3"
+version = "1.21.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "945462a4b81e43c4e3ba96bd7b49d834c6f61198356aa858733bc4acf3cbe62e"
+checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d"
 
 [[package]]
 name = "pest"
-version = "2.7.15"
+version = "2.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b7cafe60d6cf8e62e1b9b2ea516a089c008945bb5a275416789e7db0bc199dc"
+checksum = "198db74531d58c70a361c42201efde7e2591e976d518caf7662a47dc5720e7b6"
 dependencies = [
  "memchr",
  "thiserror",
@@ -136,9 +136,9 @@ dependencies = [
 
 [[package]]
 name = "pest_derive"
-version = "2.7.15"
+version = "2.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "816518421cfc6887a0d62bf441b6ffb4536fcc926395a69e1a85852d4363f57e"
+checksum = "d725d9cfd79e87dccc9341a2ef39d1b6f6353d68c4b33c177febbe1a402c97c5"
 dependencies = [
  "pest",
  "pest_generator",
@@ -146,9 +146,9 @@ dependencies = [
 
 [[package]]
 name = "pest_generator"
-version = "2.7.15"
+version = "2.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7d1396fd3a870fc7838768d171b4616d5c91f6cc25e377b673d714567d99377b"
+checksum = "db7d01726be8ab66ab32f9df467ae8b1148906685bbe75c82d1e65d7f5b3f841"
 dependencies = [
  "pest",
  "pest_meta",
@@ -159,9 +159,9 @@ dependencies = [
 
 [[package]]
 name = "pest_meta"
-version = "2.7.15"
+version = "2.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e1e58089ea25d717bfd31fb534e4f3afcc2cc569c70de3e239778991ea3b7dea"
+checksum = "7f9f832470494906d1fca5329f8ab5791cc60beb230c74815dff541cbd2b5ca0"
 dependencies = [
  "once_cell",
  "pest",
@@ -170,9 +170,9 @@ dependencies = [
 
 [[package]]
 name = "proc-macro2"
-version = "1.0.93"
+version = "1.0.94"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "60946a68e5f9d28b0dc1c21bb8a97ee7d018a8b322fa57838ba31cc878e22d99"
+checksum = "a31971752e70b8b2686d7e46ec17fb38dad4051d94024c88df49b667caea9c84"
 dependencies = [
  "unicode-ident",
 ]
@@ -188,18 +188,18 @@ dependencies = [
 
 [[package]]
 name = "quote"
-version = "1.0.38"
+version = "1.0.40"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0e4dccaaaf89514f546c693ddc140f729f958c247918a13380cccc6078391acc"
+checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d"
 dependencies = [
  "proc-macro2",
 ]
 
 [[package]]
 name = "rustversion"
-version = "1.0.19"
+version = "1.0.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f7c45b9784283f1b2e7fb61b42047c2fd678ef0960d4f6f1eba131594cc369d4"
+checksum = "eded382c5f5f786b989652c49544c4877d9f015cc22e145a5ea8ea66c2921cd2"
 
 [[package]]
 name = "sha2"
@@ -214,9 +214,9 @@ dependencies = [
 
 [[package]]
 name = "syn"
-version = "2.0.98"
+version = "2.0.100"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "36147f1a48ae0ec2b5b3bc5b537d267457555a10dc06f3dbc8cb11ba3006d3b1"
+checksum = "b09a44accad81e1ba1cd74a32461ba89dee89095ba17b32f5d03683b1b1fc2a0"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -225,18 +225,18 @@ dependencies = [
 
 [[package]]
 name = "thiserror"
-version = "2.0.11"
+version = "2.0.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d452f284b73e6d76dd36758a0c8684b1d5be31f92b89d07fd5822175732206fc"
+checksum = "567b8a2dae586314f7be2a752ec7474332959c6460e02bde30d702a66d488708"
 dependencies = [
  "thiserror-impl",
 ]
 
 [[package]]
 name = "thiserror-impl"
-version = "2.0.11"
+version = "2.0.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "26afc1baea8a989337eeb52b6e72a039780ce45c3edfcc9c5b9d112feeb173c2"
+checksum = "7f7cf42b4507d8ea322120659672cf1b9dbb93f8f2d4ecfd6e51350ff5b17a1d"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -257,9 +257,9 @@ checksum = "2896d95c02a80c6d6a5d6e953d479f5ddf2dfdb6a244441010e373ac0fb88971"
 
 [[package]]
 name = "unicode-ident"
-version = "1.0.17"
+version = "1.0.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "00e2473a93778eb0bad35909dff6a10d28e63f792f16ed15e404fca9d5eeedbe"
+checksum = "5a5f39404a5da50712a4c1eecf25e90dd62b613502b7e925fd4e4d19b5c96512"
 
 [[package]]
 name = "version_check"

packages/alias-to-sieve/src/lib.rs

@@ -12,29 +12,59 @@ pub struct AliasFile {
     pub default_domain: FQDN,
 }
 
-#[derive(PartialEq, Eq, Clone)]
+#[derive(PartialEq, Eq, Clone, Debug)]
-pub struct OrdEmailAddress(EmailAddress);
+pub struct AliasEmailAddress(EmailAddress);
 
-impl PartialOrd for OrdEmailAddress {
+impl AliasEmailAddress {
+    /// Create an `AliasEmailAddress` from some alias entry.
+    /// Return parameter for complete mail addresses and append the default domain for local parts.
+    pub fn new(
+        alias_entry: &str,
+        default_domain: &FQDN,
+    ) -> Result<AliasEmailAddress, Box<dyn Error>> {
+        let mut addr = alias_entry.trim().to_string();
+        addr = addr.replace(',', "");
+
+        // The domain already fails on instantiation of the FQDN type if it contains an apostrophe.
+        if addr.contains('\'') {
+            return Err(format!(
+                "Mailaddress {addr} contains an apostrophe which breaks the script generation."
+            )
+            .into());
+        }
+
+        if addr.contains('@') {
+            return Ok(AliasEmailAddress(
+                EmailAddress::parse(&addr, None).ok_or::<Box<dyn Error>>(
+                    String::from("Mailaddress {addr} not parsable.").into(),
+                )?,
+            ));
+        }
+        let unsortable_mail = EmailAddress::new(&addr, &default_domain.to_string(), None)?;
+        Ok(AliasEmailAddress(unsortable_mail))
+    }
+}
+
+impl PartialOrd for AliasEmailAddress {
     fn partial_cmp(&self, other: &Self) -> Option<Ordering> {
         Some(self.0.to_string().cmp(&other.0.to_string()))
     }
 }
 
-impl Ord for OrdEmailAddress {
+impl Ord for AliasEmailAddress {
     fn cmp(&self, other: &Self) -> Ordering {
         self.0.to_string().cmp(&other.0.to_string())
     }
 }
 
-pub type AliasMap = BTreeMap<OrdEmailAddress, Vec<OrdEmailAddress>>;
+pub type AliasMap = BTreeMap<AliasEmailAddress, Vec<AliasEmailAddress>>;
 
 /// Read a virtual alias file <https://www.postfix.org/virtual.5.html>
 /// and convert it to a map of destination addresses to a list of their final forwarding addresses.
 pub fn parse_alias_to_map(alias_files: Vec<AliasFile>) -> Result<AliasMap, Box<dyn Error>> {
     // File must exist in the current path
     let mut redirect_map: AliasMap = AliasMap::new();
-    let mut destinations: Vec<OrdEmailAddress> = Vec::new();
+    let mut destinations: Vec<AliasEmailAddress> = Vec::new();
 
     // Extract all pairs (destination to redirect addresses) from the alias files
     for alias_file in alias_files {
@@ -48,20 +78,23 @@ pub fn parse_alias_to_map(alias_files: Vec<AliasFile>) -> Result<AliasMap, Box<d
                 continue;
             }
 
-            let redirects: Vec<OrdEmailAddress> = line
+            let redirects: Vec<AliasEmailAddress> = line
                 .split_at(line.find(char::is_whitespace).unwrap_or(0))
                 .1
                 .split(' ')
                 .filter(|address| !address.trim().to_string().replace(',', "").is_empty())
-                .map(|addr| to_mailaddress(addr, &alias_file.default_domain))
+                .map(|addr| AliasEmailAddress::new(addr, &alias_file.default_domain))
                 .collect::<Result<Vec<_>, _>>()?;
 
             if redirects.is_empty() {
                 continue;
             }
-            destinations.push(to_mailaddress(destination, &alias_file.default_domain)?);
+            destinations.push(AliasEmailAddress::new(
+                destination,
+                &alias_file.default_domain,
+            )?);
             redirect_map.insert(
-                to_mailaddress(destination, &alias_file.default_domain)?,
+                AliasEmailAddress::new(destination, &alias_file.default_domain)?,
                 redirects,
             );
         }
@@ -95,29 +128,11 @@ pub fn parse_alias_to_map(alias_files: Vec<AliasFile>) -> Result<AliasMap, Box<d
         }
     }
     if iterations == max_iterations {
-        return Err(String::from("Possibly infinite recursion detected in parse_alias_map. Did not terminate after {max_iterations} rounds.").into());
+        return Err(format!("Possibly infinite recursion detected in parse_alias_map. Did not terminate after {max_iterations} rounds.").into());
     }
     Ok(redirect_map)
 }
 
-/// Create an `OrdEmailAddress` from some alias entry.
-/// Return parameter for complete mail addresses and append the default domain for local parts.
-fn to_mailaddress(
-    alias_entry: &str,
-    default_domain: &FQDN,
-) -> Result<OrdEmailAddress, Box<dyn Error>> {
-    let mut addr = alias_entry.trim().to_string();
-    addr = addr.replace(',', "");
-    if addr.contains('@') {
-        return Ok(OrdEmailAddress(
-            EmailAddress::parse(&addr, None)
-                .ok_or::<Box<dyn Error>>(String::from("Mailaddress {addr} not parsable.").into())?,
-        ));
-    }
-    let unsortable_mail = EmailAddress::new(&addr, &default_domain.to_string(), None)?;
-    Ok(OrdEmailAddress(unsortable_mail))
-}
-
 // The output is wrapped in a Result to allow matching on errors.
 // Returns an Iterator to the Reader of the lines of the file.
 pub fn read_lines<P>(filename: P) -> io::Result<io::Lines<io::BufReader<File>>>
@@ -190,6 +205,23 @@ mod tests {
         assert!(result.is_err());
     }
 
+    #[test]
+    fn apostrophe_destination_detection() {
+        let result = parse_alias_to_map(vec![AliasFile {
+            content: read_lines("testdata/apostrophe_destination.aliases").unwrap(),
+            default_domain: FQDN::from_str("example.com").unwrap(),
+        }]);
+        assert!(result.is_err());
+    }
+    #[test]
+    fn apostrophe_redirect_detection() {
+        let result = parse_alias_to_map(vec![AliasFile {
+            content: read_lines("testdata/apostrophe_redirect.aliases").unwrap(),
+            default_domain: FQDN::from_str("example.com").unwrap(),
+        }]);
+        assert!(result.is_err());
+    }
+
     #[test]
     fn basic_parsing() {
         let result = parse_alias_to_map(vec![AliasFile {

packages/alias-to-sieve/testdata/apostrophe_destination.aliases

@@ -0,0 +1,2 @@
+# Apostrophes are not allowed
+'orga me@example.com

packages/alias-to-sieve/testdata/apostrophe_redirect.aliases

@@ -0,0 +1,2 @@
+# Apostrophes are not allowed
+orga me@e'xample.com