57 changed files with 146 additions and 530 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1 @@
 variables/secrets/** filter=git-crypt diff=git-crypt
--- a/flake.lock
+++ b/flake.lock
@ -1,29 +1,8 @@
 {
  "nodes": {
    "agenix": {
      "inputs": {
        "darwin": "darwin",
        "home-manager": "home-manager",
        "nixpkgs": "nixpkgs",
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1723293904,
        "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
        "owner": "ryantm",
        "repo": "agenix",
        "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
        "type": "github"
      },
      "original": {
        "owner": "ryantm",
        "repo": "agenix",
        "type": "github"
      }
    },
    "blender-bin": {
      "inputs": {
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs"
      },
      "locked": {
        "lastModified": 1727370305,
@ -57,7 +36,7 @@
    "chaotic": {
      "inputs": {
        "flake-schemas": "flake-schemas",
-        "home-manager": "home-manager_2",
+        "home-manager": "home-manager",
        "jovian": "jovian",
        "nixpkgs": [
          "unstable"
@ -99,28 +78,6 @@
        "type": "github"
      }
    },
    "darwin": {
      "inputs": {
        "nixpkgs": [
          "agenix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1700795494,
        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
        "owner": "lnl7",
        "repo": "nix-darwin",
        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
        "type": "github"
      },
      "original": {
        "owner": "lnl7",
        "ref": "master",
        "repo": "nix-darwin",
        "type": "github"
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
@ -206,7 +163,7 @@
    },
    "flake-utils": {
      "inputs": {
-        "systems": "systems_2"
+        "systems": "systems"
      },
      "locked": {
        "lastModified": 1710146030,
@ -224,7 +181,7 @@
    },
    "flake-utils_2": {
      "inputs": {
-        "systems": "systems_4"
+        "systems": "systems_3"
      },
      "locked": {
        "lastModified": 1681202837,
@ -279,27 +236,6 @@
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
          "agenix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1703113217,
        "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "home-manager_2": {
      "inputs": {
        "nixpkgs": [
          "chaotic",
@ -320,7 +256,7 @@
        "type": "github"
      }
    },
-    "home-manager_3": {
+    "home-manager_2": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
@ -394,7 +330,7 @@
      "inputs": {
        "blobs": "blobs",
        "flake-compat": "flake-compat_2",
-        "nixpkgs": "nixpkgs_3",
+        "nixpkgs": "nixpkgs_2",
        "nixpkgs-24_05": "nixpkgs-24_05",
        "utils": "utils"
      },
@ -417,7 +353,7 @@
      "inputs": {
        "flake-compat": "flake-compat_3",
        "flake-utils": "flake-utils_2",
-        "nixpkgs": "nixpkgs_4"
+        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
        "lastModified": 1729993975,
@ -458,18 +394,16 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1703013332,
+        "lastModified": 1722221733,
        "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
+        "rev": "12bf09802d77264e441f48e25459c10c93eada2e",
        "type": "github"
      },
      "original": {
-        "owner": "NixOS",
+        "id": "nixpkgs",
-        "ref": "nixos-unstable",
+        "ref": "nixos-24.05",
-        "repo": "nixpkgs",
+        "type": "indirect"
        "type": "github"
      }
    },
    "nixpkgs-24_05": {
@ -504,20 +438,6 @@
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1722221733,
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "12bf09802d77264e441f48e25459c10c93eada2e",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
        "ref": "nixos-24.05",
        "type": "indirect"
      }
    },
    "nixpkgs_3": {
      "locked": {
        "lastModified": 1717602782,
        "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=",
@ -532,7 +452,7 @@
        "type": "indirect"
      }
    },
-    "nixpkgs_4": {
+    "nixpkgs_3": {
      "locked": {
        "lastModified": 1715266358,
        "narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=",
@ -548,7 +468,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_5": {
+    "nixpkgs_4": {
      "locked": {
        "lastModified": 1729973466,
        "narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=",
@ -607,15 +527,14 @@
    },
    "root": {
      "inputs": {
        "agenix": "agenix",
        "blender-bin": "blender-bin",
        "chaotic": "chaotic",
        "hardware": "hardware",
-        "home-manager": "home-manager_3",
+        "home-manager": "home-manager_2",
        "lanzaboote": "lanzaboote",
        "mailserver": "mailserver",
        "minecraft": "minecraft",
-        "nixpkgs": "nixpkgs_5",
+        "nixpkgs": "nixpkgs_4",
        "nur": "nur",
        "unstable": "unstable"
      }
@ -690,21 +609,6 @@
        "type": "github"
      }
    },
    "systems_4": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "unstable": {
      "locked": {
        "lastModified": 1729880355,
@ -722,7 +626,7 @@
    },
    "utils": {
      "inputs": {
-        "systems": "systems_3"
+        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1709126324,
--- a/flake.nix
+++ b/flake.nix
@ -24,8 +24,6 @@
    mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
    minecraft.url = "github:Infinidoge/nix-minecraft";
    agenix.url = "github:ryantm/agenix";
  };
  outputs = {
@ -39,7 +37,6 @@
    lanzaboote,
    mailserver,
    minecraft,
    agenix,
    ...
  }:
  let
@ -53,7 +50,6 @@
          lanzaboote
          mailserver
          minecraft
 	  agenix
          ;
      };
    };
--- a/hosts/bomberman/system/default.nix
+++ b/hosts/bomberman/system/default.nix
@ -1,4 +1,4 @@
-{ config, agenix, ... }:
+{ config, ... }:
 {
  imports = [
    ./hardware
@ -21,13 +21,6 @@
    # Misc
    ../../../overlays
    ../../../variables
    # Secrets
    ../../../variables/secrets/common
    ../../../variables/secrets/server
    # Imports
    agenix.nixosModules.default
  ];
  networking.hostName = "bomberman";
--- a/hosts/cyberspark/system/default.nix
+++ b/hosts/cyberspark/system/default.nix
@ -1,4 +1,4 @@
-{ agenix, ... }:
+{ ... }:
 {
  imports = [
    ./hardware
@ -19,13 +19,6 @@
    # Misc
    ../../../overlays
    ../../../variables
    # Secrets
    ../../../variables/secrets/common
    ../../../variables/secrets/server
    # Imports
    agenix.nixosModules.default
  ];
  networking.hostName = "cyberspark";
--- a/hosts/detritus/system/default.nix
+++ b/hosts/detritus/system/default.nix
@ -1,4 +1,4 @@
-{ agenix, ... }:
+{ ... }:
 {
  imports = [
    ./hardware
@ -20,13 +20,6 @@
    # Extras
    ../../../overlays
    ../../../variables
    # Secrets
    ../../../variables/secrets/common
    ../../../variables/secrets/pc
    # Imports
    agenix.nixosModules.default
  ];
  networking.hostName = "detritus";
--- a/hosts/firefly/system/default.nix
+++ b/hosts/firefly/system/default.nix
@ -1,4 +1,4 @@
-{ pkgs, agenix, chaotic, ... }:
+{ chaotic, pkgs, ... }:
 {
  imports = [
    ./hardware
@ -24,12 +24,7 @@
    ../../../overlays
    ../../../variables
    # Secrets
    ../../../variables/secrets/common
    ../../../variables/secrets/pc
    # Imports
    agenix.nixosModules.default
    chaotic.homeManagerModules.default
  ];
--- a/hosts/lacros/system/default.nix
+++ b/hosts/lacros/system/default.nix
@ -1,4 +1,4 @@
-{ config, lib, agenix, ... }:
+{ config, lib, ... }:
 {
  imports = [
    ./hardware
@ -21,13 +21,6 @@
    # Extras
    ../../../overlays
    ../../../variables
    # Secrets
    ../../../variables/secrets/common
    ../../../variables/secrets/pc
    # Imports
    agenix.nixosModules.default
  ];
  services.keyd.keyboards.default.settings.main = {
--- a/hosts/redmond/system/default.nix
+++ b/hosts/redmond/system/default.nix
@ -1,4 +1,4 @@
-{ config, agenix, ... }:
+{ config, ... }:
 {
  imports = [
    ./hardware
@ -21,13 +21,6 @@
    # Extras
    ../../../overlays
    ../../../variables
    # Secrets
    ../../../variables/secrets/common
    ../../../variables/secrets/pc
    # Imports
    agenix.nixosModules.default
  ];
  networking.hostName = "redmond";
--- a/hosts/shuttle/system/default.nix
+++ b/hosts/shuttle/system/default.nix
@ -1,4 +1,4 @@
-{ config, lib, agenix, hardware, ... }:
+{ config, lib, hardware, ... }:
 {
  imports = [
    ./hardware
@ -22,13 +22,7 @@
    ../../../overlays
    ../../../variables
    # Secrets
    ../../../variables/secrets/common
    ../../../variables/secrets/pc
    # Imports
    agenix.nixosModules.default
    hardware.nixosModules.pine64-pinebook-pro
  ];
--- a/hosts/treefruit/system/default.nix
+++ b/hosts/treefruit/system/default.nix
@ -1,4 +1,4 @@
-{ config, lib, agenix, hardware, ... }:
+{ config, lib, hardware, ... }:
 {
  imports = [
    ./hardware
@ -22,12 +22,7 @@
    ../../../overlays
    ../../../variables
    # Secrets
    ../../../variables/secrets/common
    ../../../variables/secrets/pc
    # Imports
    agenix.nixosModules.default
    hardware.nixosModules.apple-macbook-pro-14-1
  ];
--- a/local.key.asc
+++ b/local.key.asc
@ -0,0 +1,9 @@
 -----BEGIN PGP MESSAGE-----
 jA0ECQMIFZHLadz4mp//0r0BjVmDdxrt6Nz93QEoc32Gjs1AjGN7B1hkVNT+wvMe
 dZbkk6QM13UIq7pf5VglpK7pKzqAb5/AHhxvsnjdHNgbcorkehFV0i1sKxCQDuJd
 q4BGTSqg+FIaVGwXUz7OO1iosVpA6jLCNw/g1Os+jhrbMjIvhpQvtZkNbimqC7ut
 mK1Qcp4D16ai+0rTBFeMddrreO7UnJPK+z386wEH0Ik341xWJvDvxyiLUJKun5lT
 D7X7ATtX2tmLE69EN7M=
 =3RYs
 -----END PGP MESSAGE-----
--- a/modules/system/accounts/users/jimbo/default.nix
+++ b/modules/system/accounts/users/jimbo/default.nix
@ -3,7 +3,7 @@
  users.users = {
    jimbo = {
      description = "Jimbo";
-      hashedPasswordFile = config.age.secrets.jimboAccPass.path;
+      hashedPassword = config.secrets.jimboAccPass;
      isNormalUser = true;
      openssh.authorizedKeys.keys = [
        (builtins.readFile ../../../../../hosts/firefly/id_ed25519.pub)
@ -17,7 +17,7 @@
        (builtins.readFile ../../../../../hosts/cyberspark/id_ed25519.pub)
        (builtins.readFile ../../../../../hosts/bomberman/id_ed25519.pub)
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9"
      ];
      extraGroups = [
        "wheel"
--- a/modules/system/devices/networking/firewall/server/default.nix
+++ b/modules/system/devices/networking/firewall/server/default.nix
@ -9,7 +9,7 @@
      allowPing = false;
      extraInputRules = ''
        ip saddr { ${config.ips.localSpan}.0/24, ${config.ips.wgSpan}.0/24 } tcp dport 2049 accept comment "Accept NFS"
-        ip saddr ${config.ips.pc} tcp dport { 1935, 1945 } accept comment "Accept RTMP"
+        ip saddr { ${config.ips.pc}, ${config.secrets.lunaIP}, ${config.secrets.cornIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP"
      '';
    };
@ -34,8 +34,8 @@
              udp dport { 7790, 7791, 7792 } dnat to ${config.ips.hx} comment "Deus Ex"
-              ip saddr ${builtins.readFile config.age.secrets.cornIP.path} tcp dport { 9943, 9944 } dnat to ${config.ips.vm} comment "VM ALVR TCP"
+              ip saddr ${config.secrets.cornIP} tcp dport { 9943, 9944 } dnat to ${config.ips.vm} comment "VM ALVR TCP"
-              ip saddr ${builtins.readFile config.age.secrets.cornIP.path} udp dport { 9943, 9944 } dnat to ${config.ips.vm} comment "VM ALVR UDP"
+              ip saddr ${config.secrets.cornIP} udp dport { 9943, 9944 } dnat to ${config.ips.vm} comment "VM ALVR UDP"
            }
            chain POSTROUTING {
--- a/modules/system/devices/networking/wireguard/pc/default.nix
+++ b/modules/system/devices/networking/wireguard/pc/default.nix
@ -8,12 +8,12 @@
    "${config.ips.wgInt}" = {
      # Define IP of client in per device config
      listenPort = 51820;
-      privateKeyFile = config.age.secrets.wgClientPriv.path;
+      privateKey = config.secrets.wgClientPriv;
      peers = [
        {
-          publicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0=";
+          publicKey = config.secrets.wgServerPub;
          allowedIPs = [ "${config.ips.wgSpan}.0/24" ];
-          endpoint = "sv.${config.domains.jim1}:51820";
+          endpoint = "sv.${config.secrets.jimDomain}:51820";
          persistentKeepalive = 25;
        }
      ];
--- a/modules/system/devices/networking/wireguard/server/default.nix
+++ b/modules/system/devices/networking/wireguard/server/default.nix
@ -15,16 +15,16 @@
      "${config.ips.wgInt}" = {
        ips = [ "${config.ips.wgSpan}.1/24" ];
        listenPort = 51820;
-        privateKeyFile = config.age.secrets.wgServerPriv.path;
+        privateKey = config.secrets.wgServerPriv;
        peers = [
          { # General Nix
            publicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0=";
            allowedIPs = [ "${config.ips.wgSpan}.16/28" ];
          }
          { # Jimbo Pixel 9
-            publicKey = "dPCtjm67adMZCnyL1O2L+uUOk0RbjA9T/tht1r+qcE4=";
+            publicKey = config.secrets.wgPixel9Pub;
            allowedIPs = [ "${config.ips.wgSpan}.2/32" ];
          }
          { # General Nix
            publicKey = config.secrets.wgClientPub;
            allowedIPs = [ "${config.ips.wgSpan}.16/28" ];
          }
        ];
      };
    };
--- a/modules/system/programs/agenix/default.nix
+++ b/modules/system/programs/agenix/default.nix
@ -1,7 +0,0 @@
 { ... }:
 {
  programs.appimage = {
    enable = true;
    binfmt = true;
  };
 }
--- a/modules/system/services/server/ddclient/default.nix
+++ b/modules/system/services/server/ddclient/default.nix
@ -6,7 +6,7 @@
    use = "web, web=https://ipinfo.io/ip";
    zone = "${config.domains.jim1}";
    username = "token";
-    passwordFile = config.age.secrets.cloudflareKey.path;
+    passwordFile = "${pkgs.writeText "cloudflareapikey" config.secrets.flareApiKey}";
    domains = [
      "${config.domains.jim1}"
      "*.${config.domains.jim1}"
--- a/modules/system/services/server/fileserver/public/nextcloud/default.nix
+++ b/modules/system/services/server/fileserver/public/nextcloud/default.nix
@ -1,9 +1,5 @@
 { pkgs, config, ... }:
 {
  imports = [
    ./nginx
  ];
  services = {
    nextcloud = {
      enable = true;
@ -24,7 +20,7 @@
        mail_from_address = "noreply";
        mail_smtpauth = "true";
        mail_smtpname = "noreply@${config.domains.jim1}";
-        mail_smtppassword = "${builtins.readFile config.age.secrets.noreplyMailPass.path}";
+        mail_smtppassword = config.secrets.noreplyPassword;
        mail_smtpmode = "smtp";
        mail_smtpport = 587;
      };
--- a/modules/system/services/server/fileserver/public/nextcloud/nginx/default.nix
+++ b/modules/system/services/server/fileserver/public/nextcloud/nginx/default.nix
@ -1,18 +0,0 @@
 { pkgs, config, ... }:
 {
  services.nginx.virtualHosts."cloud.${config.domains.jim1}" =  {
    enableACME = true;
    addSSL = true;
    locations."/" = {
      proxyWebsockets = true;
      extraConfig = "
       location /.well-known/carddav {
          return 301 $scheme://$host/remote.php/dav;
        }
        location /.well-known/caldav {
          return 301 $scheme://$host/remote.php/dav;
        }
     ";
    };
  };
 }
--- a/modules/system/services/server/fileserver/public/photoprism/default.nix
+++ b/modules/system/services/server/fileserver/public/photoprism/default.nix
@ -1,24 +1,30 @@
 { config, ... }:
 {
-  imports = [
+  services = {
-    ./nginx
+    photoprism = {
-  ];
+      enable = true;
-
+      port = 2342;
-  services.photoprism = {
+      originalsPath = "/var/lib/private/photoprism/originals";
-    enable = true;
+      address = "0.0.0.0";
-    port = 2342;
+      settings = {
-    originalsPath = "/var/lib/private/photoprism/originals";
+        PHOTOPRISM_ADMIN_USER = "jimbo";
-    address = "0.0.0.0";
+        PHOTOPRISM_ADMIN_PASSWORD = "${config.secrets.prismAdminPass}";
-    settings = {
+        PHOTOPRISM_DEFAULT_LOCALE = "en";
-      PHOTOPRISM_ADMIN_USER = "jimbo";
+        PHOTOPRISM_DATABASE_DRIVER = "mysql";
-      PHOTOPRISM_ADMIN_PASSWORD = "${builtins.readFile config.age.secrets.prismAdminPass.path}";
+        PHOTOPRISM_DATABASE_NAME = "photoprism";
-      PHOTOPRISM_DEFAULT_LOCALE = "en";
+        PHOTOPRISM_DATABASE_SERVER = "/run/mysqld/mysqld.sock";
-      PHOTOPRISM_DATABASE_DRIVER = "mysql";
+        PHOTOPRISM_DATABASE_USER = "photoprism";
-      PHOTOPRISM_DATABASE_NAME = "photoprism";
+        PHOTOPRISM_SITE_URL = "https://gallery.${config.domains.jim1}";
-      PHOTOPRISM_DATABASE_SERVER = "/run/mysqld/mysqld.sock";
+        PHOTOPRISM_SITE_TITLE = "Jimbo's PhotoPrism";
-      PHOTOPRISM_DATABASE_USER = "photoprism";
+      };
-      PHOTOPRISM_SITE_URL = "https://gallery.${config.domains.jim1}";
+    };
-      PHOTOPRISM_SITE_TITLE = "Jimbo's PhotoPrism";
+    nginx.virtualHosts."gallery.${config.domains.jim1}" =  {
      enableACME = true;
      forceSSL = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:2342";
        proxyWebsockets = true;
      };
    };
  };
 }
--- a/modules/system/services/server/fileserver/public/photoprism/nginx/default.nix
+++ b/modules/system/services/server/fileserver/public/photoprism/nginx/default.nix
@ -1,11 +0,0 @@
 { config, ... }:
 {
  services.nginx.virtualHosts."gallery.${config.domains.jim1}" =  {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://127.0.0.1:2342";
      proxyWebsockets = true;
    };
  };
 }
--- a/modules/system/services/server/forgejo/default.nix
+++ b/modules/system/services/server/forgejo/default.nix
@ -23,7 +23,7 @@
          SMTP_ADDR = "mx.${config.domains.jim1}";
          FROM = "Jimbo's Git <noreply@${config.domains.jim1}>";
          USER = "noreply@${config.domains.jim1}";
-          PASSWD = "${builtins.readFile config.age.secrets.noreplyMailPass.path}";
+          PASSWD = config.secrets.noreplyPassword;
          PROTOCOL = "smtps";
        };
        service = {
--- a/modules/system/services/server/icecast/default.nix
+++ b/modules/system/services/server/icecast/default.nix
@ -2,34 +2,64 @@
 {
  imports = [
    ./nginx
    ./liquidsoap
  ];
-  services.icecast = {
+  services = {
-    enable = true;
+    icecast = {
-    listen.port = 265;
+      enable = true;
-    hostname = "icecast.${config.domains.jim1}";
+      listen.port = 265;
-    admin = {
+      hostname = "icecast.${config.domains.jim1}";
-      user = "jimbo";
+      admin = {
-      password = "${builtins.readFile config.age.secrets.icecastAdminPass.path}";
+        user = "jimbo";
        password = "${config.secrets.castAdminPass}";
      };
      extraConf = ''
        <authentication>
          <source-password>${config.secrets.castSourcePass}</source-password>
        </authentication>
        <location>Canada</location>
        <admin>jimbo@${config.domains.jim2}</admin>
        <mount type="normal">
          <mount-name>/jimbops.opus</mount-name>
          <stream-name>JimBops Radio</stream-name>
          <stream-description>Music gathered by me, Jimbo.</stream-description>
          <stream-url>https://icecast.jimbosfiles.com/jimbops.opus</stream-url>
          <genre>Anything</genre>
          <type>application/ogg</type>
          <subtype>vorbis</subtype>
        </mount>
      '';
    };
    extraConf = ''
      <authentication>
        <source-password>"${builtins.readFile config.age.secrets.icecastSourcePass.path}"</source-password>
      </authentication>
-      <location>Canada</location>
+    # The audio stream
-      <admin>jimbo@${config.domains.jim2}</admin>
+    liquidsoap.streams = {
      jimbops = pkgs.writeText "liquidjim" ''
        settings.log.stdout.set(true)
        settings.init.allow_root.set(true)
        settings.scheduler.fast_queues.set(2)
        settings.decoder.file_extensions.mp4.set(["m4a", "m4b", "m4p", "m4v", "m4r", "3gp", "mp4"])
-      <mount type="normal">
+        # Define the source with random playlist
-        <mount-name>/jimbops.opus</mount-name>
+        jimbops = mksafe(playlist(mode='randomize', reload=1, reload_mode="rounds", "/export/JimboNFS/Music/"))
-        <stream-name>JimBops Radio</stream-name>
+        
-        <stream-description>Music gathered by me, Jimbo.</stream-description>
+        # Ensure the stream never stops
-        <stream-url>https://icecast.jimbosfiles.com/jimbops.opus</stream-url>
+        jimbops_fallback = fallback([jimbops, jimbops])
-        <genre>Anything</genre>
+        
-        <type>application/ogg</type>
+        # Output configuration to Icecast
-        <subtype>vorbis</subtype>
+        output.icecast(
-      </mount>
+	  %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)),
-    '';
+          host="127.0.0.1",
          port=265,
          password="${config.secrets.castSourcePass}",
          public=true,
          icy_metadata=["artist", "title"],
          mount="jimbops.opus",
 	  encoding = "UTF-8",
          jimbops_fallback
        )
      '';
    };
  };
 }
--- a/modules/system/services/server/icecast/liquidsoap/default.nix
+++ b/modules/system/services/server/icecast/liquidsoap/default.nix
@ -1,30 +0,0 @@
 { pkgs, config, ... }:
 {
  services.liquidsoap.streams = {
    jimbops = pkgs.writeText "liquidjim" ''
      settings.log.stdout.set(true)
      settings.init.allow_root.set(true)
      settings.scheduler.fast_queues.set(2)
      settings.decoder.file_extensions.mp4.set(["m4a", "m4b", "m4p", "m4v", "m4r", "3gp", "mp4"])
      # Define the source with random playlist
      jimbops = mksafe(playlist(mode='randomize', reload=1, reload_mode="rounds", "/export/JimboNFS/Music/Synced"))
      # Ensure the stream never stops
      jimbops_fallback = fallback([jimbops, jimbops])
      # Output configuration to Icecast
      output.icecast(
        %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)),
        host="127.0.0.1",
        port=265,
        password="${builtins.readFile config.age.secrets.icecastSourcePass.path}",
        public=true,
        icy_metadata=["artist", "title"],
        mount="jimbops.opus",
        encoding = "UTF-8",
        jimbops_fallback
      )
    '';
  };
 }
--- a/modules/system/services/server/mailserver/simplenix/default.nix
+++ b/modules/system/services/server/mailserver/simplenix/default.nix
@ -28,11 +28,11 @@
    # A list of accounts, passwords generated with nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
    loginAccounts = {
      "noreply@${config.domains.jim1}" = {
-        hashedPasswordFile = config.age.secrets.noreplyMailHash.path;
+        hashedPasswordFile = pkgs.writeText "noreply" config.secrets.noreplyMailHash;
        sendOnly = true;
      };    
      "jimbo@${config.domains.jim2}" = {
-        hashedPasswordFile = config.age.secrets.jimboMailHash.path;
+        hashedPasswordFile = pkgs.writeText "jimbo" config.secrets.jimboMailHash;
        aliases = [
 	  "jimbo@${config.domains.jim1}"
 	  "james@${config.domains.jim1}"
@ -42,13 +42,13 @@
        ];
      };
      "luna@${config.domains.luna}" = {
-        hashedPasswordFile = config.age.secrets.lunaMailHash.path;
+        hashedPasswordFile = pkgs.writeText "luna" config.secrets.lunaMailHash;
      };
      "corn@${config.domains.corn}" = {
-        hashedPasswordFile = config.age.secrets.cornMailHash.path;
+        hashedPasswordFile = pkgs.writeText "corn" config.secrets.cornMailHash;
      };
      "tiny@${config.domains.corn}" = {
-        hashedPasswordFile = config.age.secrets.tinyMailHash.path;
+        hashedPasswordFile = pkgs.writeText "tiny" config.secrets.tinyMailHash;
      };
    };
  };
--- a/modules/system/services/server/social/lemmy/default.nix
+++ b/modules/system/services/server/social/lemmy/default.nix
@ -14,7 +14,7 @@
        smtp_server = "mx.${config.domains.jim1}:587";
        smtp_login = "noreply@${config.domains.jim1}";
        smtp_from_address = "Jimbo's Lemmy <noreply@${config.domains.jim1}>";
-        smtp_password = "${builtins.readFile config.age.secrets.noreplyMailPass.path}";
+        smtp_password = config.secrets.noreplyPassword;
        tls_type = "starttls";
      };
    };
--- a/modules/system/services/server/social/mastodon/default.nix
+++ b/modules/system/services/server/social/mastodon/default.nix
@ -12,7 +12,7 @@
      authenticate = true;
      fromAddress = "Jimbo's Mastodon <noreply@${config.domains.jim1}>";
      user = "noreply@${config.domains.jim1}";
-      passwordFile = config.age.secrets.noreplyMailPass.path;
+      passwordFile = pkgs.writeText "smtp_pass.txt" config.secrets.noreplyPassword;
    };
  };
 }
--- a/modules/system/services/server/social/matrix/synapse/default.nix
+++ b/modules/system/services/server/social/matrix/synapse/default.nix
@ -26,7 +26,7 @@
        notif_from = "Jimbo's Matrix <noreply@${config.domains.jim1}>";
        smtp_host = "mx.${config.domains.jim1}";
        smtp_user = "noreply@${config.domains.jim1}";
-        smtp_pass = "${builtins.readFile config.age.secrets.noreplyMailPass.path}";
+        smtp_pass = config.secrets.noreplyPassword;
        enable_tls = true;
        smtp_port = 587;
        require_transport_security = true;
--- a/modules/system/services/server/social/matrix/synapse/slidingsync/default.nix
+++ b/modules/system/services/server/social/matrix/synapse/slidingsync/default.nix
@ -7,7 +7,7 @@
      SYNCV3_BINDADDR = "0.0.0.0:8009";
    };
    environmentFile = "${pkgs.writeText "matrixsecret" ''
-      SYNCV3_SECRET="${builtins.readFile config.age.secrets.matrixSecret.path}"
+      SYNCV3_SECRET=${config.secrets.matrixSecret}
    ''}";
  };
 }
--- a/modules/system/services/server/social/pixelfed/default.nix
+++ b/modules/system/services/server/social/pixelfed/default.nix
@ -3,7 +3,7 @@
  services.pixelfed = {
    enable = true;
    domain = "pics.${config.domains.jim1}";
-    secretFile = config.age.secrets.pixelfedKey.path;
+    secretFile = pkgs.writeText "appkey" config.secrets.pixelfedKey;
    settings = {
      APP_NAME = ''"Jimbo's Pixelfed"'';
      INSTANCE_DESCRIPTION = ''"The Jimbosfiles Pixelfed Instance"'';
@ -22,7 +22,7 @@
      MAIL_HOST = "mx.${config.domains.jim1}";
      MAIL_PORT = 587;
      MAIL_USERNAME = "noreply@${config.domains.jim1}";
-      MAIL_PASSWORD = "${builtins.readFile config.age.secrets.noreplyMailPass.path}";
+      MAIL_PASSWORD = "${config.secrets.noreplyPassword}";
    };
    nginx = {
      enableACME = true;
--- a/modules/system/services/server/transmission/default.nix
+++ b/modules/system/services/server/transmission/default.nix
@ -6,7 +6,7 @@
  services.transmission = {
    enable = true;
-    credentialsFile = config.age.secrets.transmissionPass.path;
+    credentialsFile = pkgs.writeText "credentials" config.secrets.transmissionCredFile;
    openPeerPorts = true;
    settings = {
      rpc-authentication-required = true;
--- a/variables/default.nix
+++ b/variables/default.nix
@ -5,6 +5,7 @@
    ./domains
    ./ips
    ./look
    ./secrets
    ./workspaces
  ];
 }
--- a/variables/secrets/agenix/cloudflareKey.age
+++ b/variables/secrets/agenix/cloudflareKey.age
@ -1,7 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 e3smYA khyW35trVIvCZHYB5J5vAdzNParttdbTb+Ycl6SaW2s
 0W7fSM1qoI2BbnbOuN9OHk3hcXwWZ2cgi6sme0TBx9Y
 -> ssh-ed25519 JvNkLw wdflnJ12VIbRRNbEGFW0LE6WaB/D5/G2pTEs3AGhgQU
 N6KU0GMf1wIGRBJLVU5e1WcLvUEWk63Lr3GzpaojNgs
 --- 6u2vl9lBq+MGbFb39wRyoeMyBOxCPGyO0iXeV0wwaJw
@oŒ³¬µYÙ¾bëIw8ÜŠÔ³?-
Ÿ‰}½R›T¼ô/ŸÈZ3ÎÓøÑ¸kZR=Ë®º¢Ú+z†*XøÀ¸f0Ób
--- a/variables/secrets/agenix/cornIP.age
+++ b/variables/secrets/agenix/cornIP.age
@ -1,7 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 e3smYA CDmBLx1/+kPZXI3LqmJvAQOXskG/t40avr+hiqyQzhA
 Q/5PDnyjxUQbCxHjluTETYTAi/zO7G0NvfSF3XEYinA
 -> ssh-ed25519 JvNkLw V5FGN/1W9CEf3RT/nsnGiiJdOTsvDexEef+72f+Z0Ug
 u1hSg+t4qO/N1Sw4t85/9qGt2TqlPDmujZoGOyMgUxY
 --- 9NdLKkW30o1WRVCA0dI0vU1kNnvO2uEC36rOIbJ0wlI
 ì¥ÙFè£SRR}–Æ<þ"w«{Ÿ°p@·I¿vJ|vÉ}œç1ü«Û
--- a/variables/secrets/agenix/cornMailHash.age
+++ b/variables/secrets/agenix/cornMailHash.age
--- a/variables/secrets/agenix/icecastAdminPass.age
+++ b/variables/secrets/agenix/icecastAdminPass.age
@ -1,8 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 e3smYA fPD79NPMvwiL+hHk82IieajJa9yvH649bDMGmYREExM
 Ju4a1ciZS7J/OSW9puFKnLX/oXjkOg+PwJoEjRLKlYA
 -> ssh-ed25519 JvNkLw Pd7sCRAL6tmDvqEmuEcu0ciduOWqgD4/Ov3EwEneWxc
 9/w5dGjJOMeT624ppz8UPX74McDNuOrr1siu5DR8S/g
 --- b/FkQytFLY9xK+oyqe1Cw60y24oL9Z9w7F1OusI52o0
 D+ÀvÝ	¨†rhÉê|
 «vkò(”ëyâw+ÁBSÝžý<C5BE>„²L«ˆkAF3¾‚yúÞ$T›l±p$ù
--- a/variables/secrets/agenix/icecastSourcePass.age
+++ b/variables/secrets/agenix/icecastSourcePass.age
@ -1,7 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 e3smYA PBcCxs6ilNvC/GpVaduXRioMk/XaZtvwkTtBhILLhH0
 k7LzI2vYBumEKSQ4D08nNv254ffhsJv5bp491ViWN3o
 -> ssh-ed25519 JvNkLw M3al6LP872JEtRZABFRUDAq2lVsGjjRueDSchC0s1ms
 01N62bVOVqq5YHQSsBO0bCcaBgN155AZ05vp+19Hrvc
 --- CVPFAJml7cINyE9tisp0eHsZgCSfHbMVpQV49knXiRs
 zHRðîÅöÐZÏßóÕœ73õÙÑ4Ž‚&ìu	5r÷Þ>}jhÛ=Ak=C’kº³B¬iæÚl(`+ß,
--- a/variables/secrets/agenix/jimboAccPass.age
+++ b/variables/secrets/agenix/jimboAccPass.age
--- a/variables/secrets/agenix/jimboMailHash.age
+++ b/variables/secrets/agenix/jimboMailHash.age
@ -1,7 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 e3smYA nIhCitDd4goQvfnvggVnnP4bPrnxgEMVhwJNPd3hZnw
 hCLbjL4kL+f1TobXASLRAPsHweXy+6vBvpUyP7RnURw
 -> ssh-ed25519 JvNkLw HFjvkJMgtN6ul3N4bIfNwWC6PeNFgeNHILSpDzbF/ig
 Z5EdHAr46sF4bSR5S4HmQZz/hHX84qxnxYRr7cO7dog
 --- F7kG/ZHu+w9Gnnp8Nw6g49+LI4/2tvt8BKXO/mzQcWY
 éN,Œi¼l±²ÐZã1Ë¾g`ž§Úe<‚›×d+Yr[
4ÃŒo>ŒãÞßL…%eÅ-ëò%£æ?Gø±£Å4ÈºdšK3e<>ìñ>ŒÎd›}t²*±)“$Fî¨z
--- a/variables/secrets/agenix/lunaMailHash.age
+++ b/variables/secrets/agenix/lunaMailHash.age
@ -1,7 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 e3smYA 4s2R+OGOvJpMnquk2lWYOwLM4lyfyjKKfBMAR/DQWUM
 l/ZbXrLnMy76ReqFdgbXb4UyGmPTf1zK5yHccFabTqs
 -> ssh-ed25519 JvNkLw gNXQz/QABqMnaHrgSqqzhxZ73TSpzBXkPRyuvWjVN18
 XVx2GT7wrE4yclT8Ana9fBMT1dd1eMCVAZB8e8ibX74
 --- Y9piO/cFEvSLbO4ZaRrNLP7R9Ep5pRAfP/fUSgTqrRs
 é¤7B¾û©Gi8êÄe'ËãÌ‹Úœ)“‚6ÏàÜ¸°´+j<>¾b]»
Tbâ0ÉÞÊ•£ AØVÍ¡)Xùw‹Ê=<3D>æSgËv^û[/å Åš’a8Ê¡gïÁã<C381>
--- a/variables/secrets/agenix/matrixSecret.age
+++ b/variables/secrets/agenix/matrixSecret.age
--- a/variables/secrets/agenix/noreplyMailHash.age
+++ b/variables/secrets/agenix/noreplyMailHash.age
@ -1,7 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 e3smYA 83WwnK1TjVZv5/YQfvHBZk6nZIGA+m1U078+Y+MKUGw
 Oq7LOdyHnUdYb6P/9PI/D2q9XrEaYTBNPfaAS3xK9jw
 -> ssh-ed25519 JvNkLw b/lUmtQXSBYgMc6YHHD7vwBdAHnLcv/WRdZudxmhrzw
 1rxu0ZZ5lqPUd7acjPv8z0cxJOPSgVp9PaC5w25MRoE
 --- RVHHph3SEe1dlHCHDVnjmnuBEqNeQXuXA82TAikh1AQ
 / ïÆød~šwöÈÙÃg~¾8"Zw<5A>äÓWèlVŸ+ø´êŽ¨3(Kg³%ö?#õ‡QÁ<51>Ñ$¤=H	GªH:(|_ä¨s7¨L0Ù¤èÛ(›¡_{ßúqv&
--- a/variables/secrets/agenix/noreplyMailPass.age
+++ b/variables/secrets/agenix/noreplyMailPass.age
@ -1,7 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 e3smYA 8Hp6x3Kv9dAdm8xoYfg2J2EVrZcUMZth2Db+OCOHrW0
 byOSmkKkT2204RfTNVAzv70ojTmU2nhsDRYCl6dGpuw
 -> ssh-ed25519 JvNkLw oTZ7j76JP6WjEUMFqXTY4SaELWIT7CgrToebhuoLUAA
 0SY4EH9UpxRAWDEHVoGcIux//t6K6CrW/Y/jp+T1xHE
 --- 7YjhlVqRia++HUg7tRcGjMGMvAY3b26ygh5DgGjTR/w
 eÃ©=¾_`RUNØjÀVH¬ó‹äU¡„‚š›Çg¿nÝÛû‹k“M÷Æ„)J¨‚ S@iv
--- a/variables/secrets/agenix/pixelfedKey.age
+++ b/variables/secrets/agenix/pixelfedKey.age
@ -1,7 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 e3smYA NdClQEJBUiVogrX42OHzaM1Mb4rUS0MKfUvYoG4Y7Rk
 LY1AQc18I2jYRBGDD27M6OBVswYbdozYl0EIQ+R7r6E
 -> ssh-ed25519 JvNkLw xVrNR1PmTJZqmZEUeb1pF9rAaeIz6ZTB6PeSNk6yA2Q
 cbMa7O7HlGNa6//6D1Mk/2g0nIJlAzi04fR8CfgFX/g
 --- +KZYx3ghNsfMKJf+UiHrzWwDJnUXJ0bas3bVtN23Vm4
 U(•Ë‘šƒ·Ù©ŽzZjVÿœM~2^
æM;lIšuÙÿÏÎ¨šÍü\7ñeBŒªæ–[ÇR¹nî®…î5Š8Ú?¦(°7RÄj
--- a/variables/secrets/agenix/prismAdminPass.age
+++ b/variables/secrets/agenix/prismAdminPass.age
@ -1,7 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 e3smYA vRsXOqDJKLJnJ1PDFKUmW1x4GSj5ATHsNpondJgb6lY
 l6hkimymlfKDo5GEXcqtWaUAPN0nNwZP/SBJ7Pqq4aA
 -> ssh-ed25519 JvNkLw CmwQ9XCLaBqRTrUxkUsVb/j0anoA20DJAfyjhWhbuW8
 u4C+LxF9hLBUdMBmBexk9jbNrFM7c9kjg5jxh45ARco
 --- z7DgZANbdh8CM7HWb4mNnLNnkDFIpPrR60rf5vTtTZc
 ùy'pMéI›æ6Ü‡Ê£9ÎfÂ:V ÃèIMV>9ÚýÏøX;}”ŒÝ¹õ“ Kã—ÓÕê†Ô"
--- a/variables/secrets/agenix/secrets.nix
+++ b/variables/secrets/agenix/secrets.nix
@ -1,44 +0,0 @@
 let
  pcs = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL5gkx+aHESLl7w2LOR/LgzhC/WnXv/mz499LADnZ8/Q"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnWS8gkno+ZIDNDfvux7eXWhtfnz4fqpf6PNLyrITOW"
    (builtins.readFile ../../../hosts/shuttle/id_ed25519.pub)
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF7Pnts6n70XTNp6qHxQg5KID6LcUEsz48gOMgPoBe/t"
    (builtins.readFile ../../../hosts/redmond/id_ed25519.pub)
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM9HJATd+rgl0GD4/lZeidqIpQkZ6ED+03MkSKAlaDDv"
  ];
  servers = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwQhs/J6d2U8ZhwdGEV6Cj59u0Wpi4Bek98R2t1PyJf"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEqszkKZQ2GsvTM0R7DSUEehm4G12K6OsZrcRE0vysJ3"
  ];
 in
 {
  # User passwords 'mkpasswd -m sha-512'
  "jimboAccPass.age".publicKeys = pcs ++ servers;
  # Wireguard
  "wgServerPriv.age".publicKeys = servers;
  "wgClientPriv.age".publicKeys = pcs;
  # Passwords and keys
  "matrixSecret.age".publicKeys = servers;
  "pixelfedKey.age".publicKeys = servers;
  "prismAdminPass.age".publicKeys = servers;
  "icecastAdminPass.age".publicKeys = servers;
  "icecastSourcePass.age".publicKeys = servers;
  "cloudflareKey.age".publicKeys = servers;
  "transmissionPass.age".publicKeys = servers;
  # Email, 'mkpasswd -m bcrypt'
  "noreplyMailPass.age".publicKeys = servers;
  "noreplyMailHash.age".publicKeys = servers;
  "jimboMailHash.age".publicKeys = servers;
  "lunaMailHash.age".publicKeys = servers;
  "cornMailHash.age".publicKeys = servers;
  "tinyMailHash.age".publicKeys = servers;
  # IPs
  "cornIP.age".publicKeys = servers;
 }
--- a/variables/secrets/agenix/tinyMailHash.age
+++ b/variables/secrets/agenix/tinyMailHash.age
@ -1,7 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 e3smYA 1Jq7nzdZPvhw6McGTrOOZOtQ/LjOpdXTfxPHwxvoW1k
 PmyyuWtzXOAVsZoZzx+s3s9PuN86b/NZx/SLO9Cu+iw
 -> ssh-ed25519 JvNkLw 6C5UjHQPGJuwn63IOX5YmIuHwGU3n/Cs9BPqzgzykmw
 xE9TsPfuRH4Xvd2uyhDyuJY9ajNq9FbYmCTWzTddFE8
 --- G9oWTI+bBQf/Bn95G3C4CEV2bAO/S4fZGyGYnaDaEEM
 °ë3FQÅÂ,<ÈHª<48>$}rkÔ¸•6:i‘øi©²4¡áT0’Z1ØCÝw¨<77> 4G8ëgð-iž‹eYß2?‘<>;ÖK®©JO<4A>ç¹d|ò»3ÞOI+Ëw)
--- a/variables/secrets/agenix/transmissionPass.age
+++ b/variables/secrets/agenix/transmissionPass.age
@ -1,8 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 e3smYA DjFkxMzBbXups07bIJzK4ODIsAk/bfP8DEV2mFgQEkI
 6i2ofona2MwxuCKozsX48X8Ea+Yd/kaIJCJEYdXSvj8
 -> ssh-ed25519 JvNkLw NmD7NAzm67c5Ads+nA8n7aNeWBhSppmTG+iTMdQ/4Wc
 1XV+cdFOhGkhM9iz6eK2unElDCMz63SCDkG0thN150E
 --- OXUzxk3bvjEQpdIQNbf4oPrPUbY7KQBs9K8QdMvpRhU
 	=ûý¬$j7äóï¨GgI¬Ç_5—4Ýcª…€Âû4Zcy¿mF"y¶%Kž!~âc|ÙufÝXøŽ„$GþÖv¡
 Â+î‰‹ÊÖ¼íÏUƒJÐPÅæ7…½‹ëä- %í©ˆ‚s
--- a/variables/secrets/agenix/wgClientPriv.age
+++ b/variables/secrets/agenix/wgClientPriv.age
@ -1,16 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 /ZcDag zl9Hh/03ChyHbNPUg5Ggn7LWvG2QVQmigSdBiAHdrxw
 i9LUKzWmkdBn0VD5tq7lNg2GPVbvV1LMHOqDeBijS/I
 -> ssh-ed25519 GKCTHQ wShLKgnCwo3+jmjqDX1u4bAbTP3AJVSm4P0SrVsSsUI
 ufAyoYVnzNka44tww/6Miqk+9LwqwLT8GP2m8VLHpxY
 -> ssh-ed25519 BctzVQ sIlr4byLpFH9Qo96gxOKqhhXp8A0wP5WPjMJXTFeYFE
 HSX5mL4+PeSvXX+LwxC3WvSw1EfZFCWazwq4QSKOcYY
 -> ssh-ed25519 ft2jqg Y0SiMwU2T2WhwD8EBLQNHhbWp3ltYKZOgpSwyMbDtF0
 Yjfu+/CtJ+ybyoq+pueoY5Np/SiD7lJHJoBLmTnsAUI
 -> ssh-ed25519 m6WZAA 01h6eDQ6lrpZnaof4DbxMEde8aDEbDkIV86I2cyzQGc
 dv401nIANBXWzEA2/MgMZpbagAys5nJPxJqdbv98v10
 -> ssh-ed25519 ZUFK4A J0C4YC9eXtMh/wnUY/OfNlyhIi6oMltBWkaMP2ECT3k
 a4SL4cbI3oJpmILt1vN2E7yy8PBhvk88pYuhsHRx9b4
 --- 1uXOqr769IAt4zPnAWiy6r1oh9bf/MKwZUJn0Mfzb/I
 ’|S÷¥à4èŽcií<
 ë¸ƒ<15>€å>§vÄ@ÁÿŠ´~Ä,+<2B>£×w[Y>¯,’—Qf›ó»RÀ/²±e|
OñLËøç¼\+¡q
--- a/variables/secrets/agenix/wgClientPub.age
+++ b/variables/secrets/agenix/wgClientPub.age
@ -1,7 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 e3smYA mRlVqaa50qM+f9Nhoy4wRumpweW/YnTXm1Q4T//ELVI
 EmH08n178gsOdur6TwLnwx+YAYfq1zesGrI3/tQut70
 -> ssh-ed25519 JvNkLw r7bS24QCTg+QN8mDEc+fBkH5G19eYYaHQzNZLekM3U8
 +imhQJJdwJmEIDABvkazDT/khxmADfmuDaz6zi4SxJw
 --- ZDa/qnfp6naVMNo+xCNQgeVT4te78T6dkYPUVTacvpc
 Æ™Ù”ï%ý•Ÿ^Z€æ¾©`E²´ý~Ü-Ê!FÊÒŠ¯œ¤¿ fÇ€ïšØÍ ¾Iu<49>hó²Æ9¶CZ\…^œ»ë|Ñ¶OñOD*èak.[
--- a/variables/secrets/agenix/wgServerPriv.age
+++ b/variables/secrets/agenix/wgServerPriv.age
--- a/variables/secrets/agenix/wgServerPub.age
+++ b/variables/secrets/agenix/wgServerPub.age
@ -1,16 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 /ZcDag 7KYEycha4k8XapsUdObvvuDRJ0NFhuQD9mIStgcGUmU
 CVBQlNhrviAUVZbLQdFwTgX/kw28P4kic1hbfGTNGHs
 -> ssh-ed25519 GKCTHQ ZFT60A8kpAGl97DOHvEDpe50eLlL4POSuGD+Rjjma2w
 VMG0fmwRecJTRnKo6DIrAiXheHPonDeX1upsehtf9y4
 -> ssh-ed25519 BctzVQ WlxIEZPFAKi1nD2wxyZ0i2uuMOqFQStDaA/qPsRabHc
 rkU3dmMyMQXbDfrmUimCVSFRWTtgfsq6GlCOzzE5q4U
 -> ssh-ed25519 ft2jqg EnTAY36wZTE5CYMS/O9KZB7QL2r444F2a+KZ70CEJXc
 U54qJTJMNFd70qPO/YRcB/I+LqiFYnv7qJ3DujH6xwk
 -> ssh-ed25519 m6WZAA t11cOv2J2xPYCiFuwS/WAAR9sq/K9Yj6+I8eRyQM6g4
 o3382vvwCnrIWyXFFaNDnFtEpbYJ7k6myfrM+aoyUnU
 -> ssh-ed25519 ZUFK4A SBejT9+GAMNaps+Q7Bupo0FehBAsRDAGz5nimJ6QvxA
 WqZvPqm1+TgKK8Mrbh9w9I4RUyyy5l36AKGPeQXaBlo
 --- wekIr1ZsI+b61xeK+ueUfs9e+D2wF0ewltiHJWaLKzA
 äïA^uJ+¹Ž-èPëõÝ/³eÖå¨
 Ÿ|éË/œŽ<1C>ÃK'"87ËýtÔnä¢â9|“â½VKwÖ¦Ä‹j–jð´ŠZ·á¼W¥²ñR
--- a/variables/secrets/common/default.nix
+++ b/variables/secrets/common/default.nix
@ -1,7 +0,0 @@
 { ... }:
 {
  age.secrets = {
    # User passwords
    jimboAccPass.file = ../agenix/jimboAccPass.age;
  };
 }
--- a/variables/secrets/default.nix
+++ b/variables/secrets/default.nix
--- a/variables/secrets/pc/default.nix
+++ b/variables/secrets/pc/default.nix
@ -1,7 +0,0 @@
 { ... }:
 {
  age.secrets = {
    # Wireguard
    wgClientPriv.file = ../agenix/wgClientPriv.age;
  };
 }
--- a/variables/secrets/server/default.nix
+++ b/variables/secrets/server/default.nix
@ -1,27 +0,0 @@
 { ... }:
 {
  age.secrets = {
    # Wireguard
    wgServerPriv.file = ../agenix/wgServerPriv.age;
    # Passwords and keys
    matrixSecret.file = ../agenix/matrixSecret.age;
    pixelfedKey.file = ../agenix/pixelfedKey.age;
    prismAdminPass.file = ../agenix/prismAdminPass.age;
    icecastAdminPass.file = ../agenix/icecastAdminPass.age;
    icecastSourcePass.file = ../agenix/icecastSourcePass.age;
    cloudflareKey.file = ../agenix/cloudflareKey.age;
    transmissionPass.file = ../agenix/transmissionPass.age;
    # Email
    noreplyMailPass.file = ../agenix/noreplyMailPass.age;
    noreplyMailHash.file = ../agenix/noreplyMailHash.age;
    jimboMailHash.file = ../agenix/jimboMailHash.age;
    lunaMailHash.file = ../agenix/lunaMailHash.age;
    cornMailHash.file = ../agenix/cornMailHash.age;
    tinyMailHash.file = ../agenix/tinyMailHash.age;
    # IPs
    cornIP.file = ../agenix/cornIP.age;
  };
 }
		`@ -0,0 +1 @@`
							`variables/secrets/** filter=git-crypt diff=git-crypt`