From b6808dc418842ca4a76c6512f2a30bf3793adcba Mon Sep 17 00:00:00 2001
From: sstent <stuart.stent@gmail.com>
Date: Thu, 23 Feb 2023 23:39:30 +0000
Subject: [PATCH 1/3] sync

---
 .sops.yaml              |  4 +++-
 flake.lock              | 35 ++++++++++++++++++++++++++++++++++-
 hosts/wsl2/secrets.yaml | 39 ++++++++++++++++++++++++---------------
 outputs.nix             |  2 +-
 shell.nix               |  6 ------
 5 files changed, 62 insertions(+), 24 deletions(-)

diff --git a/.sops.yaml b/.sops.yaml
index 81a83ae..ab88950 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -2,10 +2,12 @@ keys:
   - &adminkey age1jvqe2j70h97844nkz34z9k4epx3uahx50cx75ss8mty2dnxlrf7qqv9a0g
   - &STUPC_WSL_UBUNTU_2204 age1jvf8rd8krchw3ph0w2let8clvyuzcdhq2ug6sm7tx86refc2z5vq4w6lxr
   - &STUPC_WSL_NIXOS age1e0g0rrfdmp5f8f4xgkyp8zgxw2v5t3ldlm2t822xekdz0z6qj49q6aesuw
+  - &GO3_WSL_NIXOS age187fdx6pc2559tjh03jrcwp6yj8whd70h666g8a0ptyr0z49tfcsssdx6au
 creation_rules:
   - path_regex: secrets.yaml$
     key_groups:
     - age:
       - *adminkey
       - *STUPC_WSL_UBUNTU_2204
-      - *STUPC_WSL_NIXOS
\ No newline at end of file
+      - *STUPC_WSL_NIXOS
+      - *GO3_WSL_NIXOS
\ No newline at end of file
diff --git a/flake.lock b/flake.lock
index b148107..e468564 100644
--- a/flake.lock
+++ b/flake.lock
@@ -295,6 +295,20 @@
         "type": "github"
       }
     },
+    "nixpkgs_4": {
+      "locked": {
+        "lastModified": 1672441588,
+        "narHash": "sha256-jx5kxOyeObnVD44HRebKYL3cjWrcKhhcDmEYm0/naDY=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "6a0d2701705c3cf6f42c15aa92b7885f1f8a477f",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "type": "indirect"
+      }
+    },
     "root": {
       "inputs": {
         "deploy": "deploy",
@@ -305,7 +319,8 @@
         "nixos-hardware": "nixos-hardware",
         "nixos-wsl": "nixos-wsl",
         "nixpkgs": "nixpkgs_2",
-        "sops-nix": "sops-nix"
+        "sops-nix": "sops-nix",
+        "vscode-server": "vscode-server"
       }
     },
     "sops-nix": {
@@ -356,6 +371,24 @@
         "repo": "flake-utils",
         "type": "github"
       }
+    },
+    "vscode-server": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_4"
+      },
+      "locked": {
+        "lastModified": 1676501444,
+        "narHash": "sha256-H+uQetkzd5GIga56HmCDwl5eihdQgeN2jVdNrkXzDyo=",
+        "owner": "msteen",
+        "repo": "nixos-vscode-server",
+        "rev": "57f1716bc625d2892579294cc207956679e3d94c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "msteen",
+        "repo": "nixos-vscode-server",
+        "type": "github"
+      }
     }
   },
   "root": "root",
diff --git a/hosts/wsl2/secrets.yaml b/hosts/wsl2/secrets.yaml
index bbd3fff..c9dd1f5 100644
--- a/hosts/wsl2/secrets.yaml
+++ b/hosts/wsl2/secrets.yaml
@@ -17,29 +17,38 @@ sops:
         - recipient: age1jvqe2j70h97844nkz34z9k4epx3uahx50cx75ss8mty2dnxlrf7qqv9a0g
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIZ3pIMFREMVYrUFRDWHZC
-            a2Fkc2hESllPWjVVejNEWlMrR0hON1NSclhZCjRmOWNsTHBIUFdVSFlLMzhGbXJj
-            ZHBDVmVIWnd6YWc4VzBOK013TXNtbVEKLS0tIEZacjBaS3pzemZubXBscXdKbWVO
-            R2licUlGUmoxRmlsUTVKRytHZVNlejgKerHAPjXKYvX8aNDH87s6IX25XtdI6wlI
-            mnrQJc++j6UxQ+d01g8MijCGATuj3dh92dbU3RtXuL66SBYGoTsqDA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0N0lGdFlhWUpJM1VDanUr
+            WW9nR0dMVHkzZkJnak5PV1pYWm5UclFOTW1FCndUQmdMeTRUVnFJZk5XUTFDOUY3
+            MkRNZ3ZTK1c2T2Eyb0p0TlhwRDNsKzAKLS0tIGQzZ3RieVIzdnRLbjZFZTdnVS9I
+            VU5RSkJjWmZpb0xnR1k2QVc4eVdvRHMKLdAHlt8kukrq2C5yKhQFH0vhOh1cCXS2
+            PpdfBCQn2pt5NHn2xfBMbZKcykbP3PNfWiiLWphuqo5jq0zKcTrMqA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1jvf8rd8krchw3ph0w2let8clvyuzcdhq2ug6sm7tx86refc2z5vq4w6lxr
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaNm16TmN0bHRTK2gzOTN2
-            dm5oRmZpdFg4RGZSeDlXUHBzeVFET2lYcUJNCnlweER4WmhDbVVRSXNiL2M5d3pi
-            REJpTjE2Z3E1azI4eXBQMlgwajNDSWcKLS0tIFN3NXFnc3BnVDVpdFdOUmRlRE0z
-            cWx0RW9nZzR2SWxsQitsOC9TWXF1b2MKAjhh/efzeQ8dyXEgiSWNYtrZVpyRUFO4
-            0O42tC/d/64iE3RVEN3+spkod4iMT0WAD3riCvPJMbtYnBb827ehYA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5MUU4MkdFVXZEUWxNZ3d5
+            YVlPMTVXU0RhVmcvbG5DRlExU0hUWmtIZmo4ClJpNUlNRHNCWng2azFvQ1lBY2FZ
+            OWpZcGw4eVVmVzBwUHFQbVAxR3VLTE0KLS0tIEliS2xTZTZGRk1mVVpLMTJxc0xP
+            enlzeGN3R3p2Njk2b04rbTlJM3pwMnMKH5IO+BNDBm2cv5aujiHzrwnlMCD3mztz
+            qKSnjnhiWufT+0Ry/jmCtnpTPM0efE7dj02I3yHLBQOjLMMgA3gwyQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1e0g0rrfdmp5f8f4xgkyp8zgxw2v5t3ldlm2t822xekdz0z6qj49q6aesuw
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1UlBrVTJNV0JQOWlGZGRG
-            VWtQcHhNZFZyRURiV1NqdGNiRmhnR0JyaERrCnRpbEs0UlNrVkhuTXFiMEh0ZFhZ
-            emJ4NDFhRzJUM0xqOGNFUytTS2VWYW8KLS0tIEI0NXFwZnhjV0dKbUdUNG8xWmow
-            a2xBNkVCNFRqbSswK09nMUNpMld2Y0EKoITJ8ZDf+RbFLhtrrz00wRqdh/gw+z7+
-            RWPAlEzcuTLw4qyLTymCtyStUMTC29O+y5kz4dcyOLUyu5qAG4IEPg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUUVoY2o0Z2x1TkRLN3hI
+            WTRvdTluL2FGM3poUEhJN1JWMm1mcXM1UzJJCmpOZ1BHVTZ0b0VSK0NpaTI3bWto
+            WnpZdHVyY2diQ01sTEJJVlR2Y3VveVkKLS0tIEVoeTJpS1BOTWtQVnkxdW13Zlln
+            WlduRzlRcnFyRWFLZzU5MWFiR1FrODQKo1hsxCwzcuX9JHEE0+VUFq57t8uYY2qs
+            V6v6/BtMwOSQJRCR4hfOsb37f5GRjcB8ePIuT4xV7+NyZ6SQn6AiLQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age187fdx6pc2559tjh03jrcwp6yj8whd70h666g8a0ptyr0z49tfcsssdx6au
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByRGlJRU03SXEvbFdkbGNu
+            U0VteElBVTRyL1dSMzN1eTk4U3VtdkIrVTFvCmIxYkE3TXlCdVRvZG16QXZ4R2lJ
+            eWJYSjBEUTBtRTNxK3NFaElWUVk4N3cKLS0tIGIxb0JWT2xTMWFrVnZGV2Q3Vjl6
+            ekIrNmxVTndjRzFYbmNzcnpiMytNRVkKcUCt552xTRH7GP+X8zcv+WcKFcHJe/1G
+            WRQWzG3jNnjmLIGM4NwCFgUYnjHsxo8P+2KcWFZan4mnLRIq/aSwfw==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2023-02-22T20:23:22Z"
     mac: ENC[AES256_GCM,data:4UNFXIZMpz2B+6L36p+6EIq6qrk3O2jhoqKiRdWHtEPS19DLcStvbG43JZSbQDt8JdUnZ3+vtx22wnCjxZ2sR1gMqEZZIieMuP4zqzdRjbnlaLs8PSvGIvQD66xcF4isJWuP9VhTM99DvlgZnlIRWb45HLhsL4w7bIo5f1vtuzo=,iv:MYgAL+fbYOlbqWUpFUvQcX2AMHrXsCBuSu2ImBv+sPQ=,tag:HSSrxA9mpeLOdcPS1LwemQ==,type:str]
diff --git a/outputs.nix b/outputs.nix
index eed669c..9641c93 100644
--- a/outputs.nix
+++ b/outputs.nix
@@ -13,7 +13,7 @@
   in
   {
     devShell = pkgs.callPackage ./shell.nix {
-      inherit (sops-nix.packages."${pkgs.system}") sops-import-keys-hook ssh-to-pgp sops-init-gpg-key;
+      inherit (sops-nix.packages."${pkgs.system}");
       inherit (deploy.packages."${pkgs.system}") deploy-rs;
       inherit pkgs;
     };
diff --git a/shell.nix b/shell.nix
index d159778..90bd695 100644
--- a/shell.nix
+++ b/shell.nix
@@ -1,7 +1,4 @@
 { mkShell
-, sops-import-keys-hook
-, ssh-to-pgp
-, sops-init-gpg-key
 , sops
 , deploy-rs
 , nixpkgs-fmt
@@ -15,9 +12,6 @@ mkShell {
     python3.pkgs.invoke
     pkgs.ssh-to-age
     pkgs.age
-    ssh-to-pgp
-    sops-import-keys-hook
-    sops-init-gpg-key
     sops
     deploy-rs
     nixpkgs-fmt

From 1514034f5b2ef881eb022cde0c594f1a1184616d Mon Sep 17 00:00:00 2001
From: sstent <stuart.stent@gmail.com>
Date: Thu, 23 Feb 2023 23:41:30 +0000
Subject: [PATCH 2/3] sync

---
 README.md | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index 9481874..beda7a1 100644
--- a/README.md
+++ b/README.md
@@ -1,19 +1,19 @@
 # vmimages
 based on https://samleathers.com/posts/2022-02-11-my-new-network-and-sops.html
 
-
-Create new SSH HOST KEYS
+## Create new SSH HOST KEYS
 
 sudo ssh-keygen -q -N "" -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key
 sudo ssh-keygen -q -N "" -t ed25519 -f /etc/ssh/ssh_host_ed25519_key
 
-Local
-nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
+## Local
+`nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'`
+or in nix develop
+`cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'`
+
+## Add key to .sops.yaml
+
+## rekey a file
+`sops updatekeys hosts/wsl2/secrets.yaml`
 
 
-
-
-TODO
-
-swtich to ed25519
-ssh-to-age? https://github.com/Mic92/ssh-to-age
\ No newline at end of file

From 754dc9e2ba14911f8b56baaf7cf57fdcef0de501 Mon Sep 17 00:00:00 2001
From: sstent <stuart.stent@gmail.com>
Date: Fri, 24 Feb 2023 15:47:11 +0000
Subject: [PATCH 3/3] sync

---
 modules/home-manager/sstent.nix | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/modules/home-manager/sstent.nix b/modules/home-manager/sstent.nix
index f8ec7f5..4ce1724 100644
--- a/modules/home-manager/sstent.nix
+++ b/modules/home-manager/sstent.nix
@@ -115,8 +115,11 @@ programs = {
  };
 };
 
+  systemd.user = lib.mkIf config.wsl.enable {
 
-  systemd.user.services.ssh-proxy = lib.mkIf config.wsl.enable {
+  startServices = true;
+
+  services.ssh-proxy = lib.mkIf config.wsl.enable {
     Unit = { Description = "WSL Proxy"; };
     Service = {
       ExecStart = "${pkgs.writeShellScript "start-proxy" ''
@@ -127,7 +130,7 @@ programs = {
     };
     #Install = { WantedBy = [ "default.target" ]; };
   };
-
+};
 
  }; ### endf home-manager