From 7c1625d3651d3bdb6ae05a45b8b0395538910cce Mon Sep 17 00:00:00 2001
From: Filippo Berto <berto.f@protonmail.com>
Date: Wed, 1 Oct 2025 15:49:39 +0200
Subject: [PATCH] Secrets

---
 flake.nix                                | 22 +++++++++----------
 instances/sif/hardware-configuration.nix | 27 +++++++++++++-----------
 secrets/secrets.nix                      |  9 +++++---
 3 files changed, 32 insertions(+), 26 deletions(-)

diff --git a/flake.nix b/flake.nix
index 8617231..5aad99e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -260,18 +260,18 @@
             ];
           };
 
-          # sif = inputs.nixpkgs-u.lib.nixosSystem {
-          #   system = "x86_64-linux";
-          #   modules = [
-          #     inputs.nixos-hardware.nixosModules.common-cpu-intel
-          #     inputs.nixos-hardware.nixosModules.common-pc-ssd
-          #     self.nixosModules.mainModules
-          #     ./instances/sif/hardware-configuration.nix
-          #     ./instances/sif/configuration.nix
+          sif = inputs.nixpkgs-u.lib.nixosSystem {
+            system = "x86_64-linux";
+            modules = [
+              inputs.nixos-hardware.nixosModules.common-cpu-intel
+              inputs.nixos-hardware.nixosModules.common-pc-ssd
+              self.nixosModules.mainModules
+              ./instances/sif/hardware-configuration.nix
+              ./instances/sif/configuration.nix
 
-          #     { home-manager.users.bertof = import ./instances/sif/hm.nix; }
-          #   ];
-          # };
+              { home-manager.users.bertof = import ./instances/sif/hm.nix; }
+            ];
+          };
 
           odin = inputs.nixpkgs-u.lib.nixosSystem {
             system = "x86_64-linux";
diff --git a/instances/sif/hardware-configuration.nix b/instances/sif/hardware-configuration.nix
index 2676bd6..5d81ecf 100644
--- a/instances/sif/hardware-configuration.nix
+++ b/instances/sif/hardware-configuration.nix
@@ -26,25 +26,28 @@
     extraModulePackages = [ ];
   };
   fileSystems = {
-    "/" = {
-      device = "/dev/disk/by-uuid/80a5d8d9-c083-43cf-b7f9-8afdbc26628e";
+  "/" =
+    { device = "/dev/disk/by-uuid/c3e09b0e-d2bc-4e28-a96e-5de7f4c10539";
       fsType = "btrfs";
       options = [ "subvol=@root" ];
     };
-    "/nix" = {
-      device = "/dev/disk/by-uuid/80a5d8d9-c083-43cf-b7f9-8afdbc26628e";
-      fsType = "btrfs";
-      options = [ "subvol=@nix" ];
-    };
-    "/home" = {
-      device = "/dev/disk/by-uuid/80a5d8d9-c083-43cf-b7f9-8afdbc26628e";
+
+  "/home" =
+    { device = "/dev/disk/by-uuid/c3e09b0e-d2bc-4e28-a96e-5de7f4c10539";
       fsType = "btrfs";
       options = [ "subvol=@home" ];
     };
-    "/boot" = {
-      device = "/dev/disk/by-uuid/5BD2-463F";
+
+  "/nix" =
+    { device = "/dev/disk/by-uuid/c3e09b0e-d2bc-4e28-a96e-5de7f4c10539";
+      fsType = "btrfs";
+      options = [ "subvol=@nix" ];
+    };
+
+  "/boot" =
+    { device = "/dev/disk/by-uuid/2E59-DAA6";
       fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" "noatime" ];
+      options = [ "fmask=0022" "dmask=0022" ];
     };
   };
 
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index a8f4d7d..a871cda 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,10 +1,11 @@
 let
-  bertof_odin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC3W3Btk1qtLHU69aFwseDuKU6PJMA+NxVXJXiRNhDce bertof@odin";
+  # bertof_odin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC3W3Btk1qtLHU69aFwseDuKU6PJMA+NxVXJXiRNhDce bertof@odin";
   bertof_thor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKT+D5QE4TkgoKw5IvSYpvnvIIRM87RBePHce1Aaz3xJ bertof@thor";
+  bertof_sif = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK+e756v7ZKk4c0/juDhKtqnYumEWXNnrMRXi3oQQJQA bertof@sif";
 
   devUsers = [
     bertof_thor
-    bertof_odin
+    bertof_sif
   ];
 
   baldur = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZKc/X9TsoN3UbEJUa0PIx96RGYoDEzDlZPZb0ctwTN";
@@ -13,6 +14,7 @@ let
   loki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICeomEH/27XFlOjQ/GTO2mo8qPMHTbzLIsX0dloxXfhb";
   odin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP8bfOYmFN+KRjnAOdt9IazGeaRKm5tvGyblHD7MUhtr";
   thor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJbMiGx/QZ/RKgad3UNyEzgLfqRU0zBo8n0AU3s244Zw";
+  sif = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINohU3qJcAdtx0jbqttqepXDeV+fTBlrTizeMmUwhVsP root@sif";
 
   systems = [
     baldur
@@ -20,6 +22,7 @@ let
     heimdall
     loki
     odin
+    sif
     thor
   ];
 in
@@ -39,7 +42,7 @@ in
   "spotify_password.age".publicKeys = devUsers ++ systems;
   "thor_wg_priv.age".publicKeys = devUsers ++ [ thor ];
   "wg_psk.age".publicKeys = devUsers ++ systems;
-  "rclone_bertof.age".publicKeys = devUsers ++ [ thor odin heimdall baldur ];
+  "rclone_bertof.age".publicKeys = devUsers ++ [ baldur heimdall odin sif thor ];
   "rclone_tiziano.age".publicKeys = devUsers ++ [ odin ];
   "ollama.age".publicKeys = devUsers ++ [ thor ];
   "heimdall-gitlab-runner-nix.age".publicKeys = devUsers ++ [ heimdall ];