feat: update flakes

flake.nix

@@ -43,25 +43,6 @@
       };
     };
 
-    packages.aarch64-darwin = {
-      setup-vm = let
-        pkgs = import nixpkgs { system = "aarch64-darwin"; };
-        script-name = "setup-vm";
-        src = builtins.readFile ./nixos/proxmox/setup-vm.sh;
-        script = (pkgs.writeScriptBin script-name src).overrideAttrs(old: {
-          buildCommand = "${old.buildCommand}\n patchShebangs $out";
-        });
-        buildInputs = with pkgs; [ 
-          gum 
-          agenix.packages.aarch64-darwin.default
-        ];
-      in pkgs.symlinkJoin {
-          name = script-name;
-          paths = [ script ] ++ buildInputs;
-          nativeBuildInputs = with pkgs; [makeWrapper];
-          postBuild = "wrapProgram $out/bin/${script-name} --prefix PATH : $out/bin";
-        };
-    };
   } // flake-utils.lib.eachDefaultSystem (system:
       let pkgs = import nixpkgs {
         inherit system;

nixos/flake.nix

@@ -27,6 +27,26 @@
   }: {
     formatter.aarch64-darwin = nixpkgs.legacyPackages.aarch64-darwin.alejandra;
     formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;
+    packages.aarch64-darwin = {
+      setup-vm = let
+        pkgs = import nixpkgs {system = "aarch64-darwin";};
+        script-name = "setup-vm";
+        src = builtins.readFile ./proxmox/setup-vm.sh;
+        script = (pkgs.writeScriptBin script-name src).overrideAttrs (old: {
+          buildCommand = "${old.buildCommand}\n patchShebangs $out";
+        });
+        buildInputs = with pkgs; [
+          gum
+          agenix.packages.aarch64-darwin.default
+        ];
+      in
+        pkgs.symlinkJoin {
+          name = script-name;
+          paths = [script] ++ buildInputs;
+          nativeBuildInputs = with pkgs; [makeWrapper];
+          postBuild = "wrapProgram $out/bin/${script-name} --prefix PATH : $out/bin";
+        };
+    };
     nixosConfigurations = let
       nodes = import ./server/nodes.nix;
     in
@@ -37,6 +57,7 @@
               hostname = name;
               private-ip = data.private-ip;
               server-addr = (import ./server/nodes.nix).premhome-gc1.zt-ip;
+              role = data.role;
             };
           };
           modules = [

nixos/proxmox/create-vm.sh

@@ -42,7 +42,7 @@ function main() {
     --name "${NAME}" \
     --net0 "virtio,bridge=vmbr0" \
     --ostype "l26" \
-    --scsi0 "${STORAGE}:50,iothread=on" \
+    --scsi0 "${STORAGE}:200,iothread=on" \
     --onboot "1" \
     --pool "premhome-cluster" \
     --scsihw "virtio-scsi-single"

nixos/proxmox/setup-vm.sh

@@ -37,7 +37,7 @@ function main() {
   chmod 600 "${KEY_PATH}"
 
   # Append public key to the secrets file and rekey agenix
-  pushd "./nixos/secrets"
+  pushd "./secrets"
   LINE="  ${MACHINE_NAME} = \"$(cat "${KEY_PATH}".pub)\";"
   echo "appending to file ${PWD}./keys.nix"
   sed -i -e "\$i${LINE}" "./keys.nix"

nixos/secrets/k3s.age

@@ -1,15 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 OOT7iQ ixSK13Q0cZ/9Ja4qQgR6EG1NhVyMgnkdzCvFlps9mEg
+-> ssh-ed25519 OV7A4A 2mzVj+7svSS/ZM2y86Fg2nLTSzdNdO3sm4RLmgqCy14
-WRLpuj2dkgZ1ugTk39FBHh3QpbuJmeoHU6edtYym9iQ
+jnjkZmYcc2GQNNQ0QLz2p9x84hHZ9yl7IyMbSet0tEQ
--> ssh-ed25519 7Lat4Q KsGdrCPrPmoluHADPkW71DfkyljX+8cgRIhfQ4Yk5FQ
+-> ssh-ed25519 Gc/MTQ csWJM/Y+TTK82vsC8c2FZW4uZ54fX5sOuz6yze2q1zk
-FOjCmiG62fmjAzwGvLaQpgO2lEr+Rd0twYetW9CdEfI
+YhSxYKMkNzFZqI45gYzc33PPcgx78mRx72dJi82RqRs
--> ssh-ed25519 dPFwiQ dJn3lqlHDrFD6bbTIfboLiFYEJceLVZohGjUBKa3Nm4
+-> ssh-ed25519 0ckKSg F1Xk3UFol8gEwCFSJh8+tITJTII8IeCz4FE2S2CkKDo
-PWLa4dmU2AsBKVk/8JiQG9BGmdlxxd6PF6rxzxQrnrs
+ncJRpe0TSLuMjKt+kjU5l1PJXFNDqnW+j9GT8t6/Krw
--> ssh-ed25519 OV7A4A jQRymJHujZYp9lEaQo+yK77SDchzFKQP49uzxyCXzRA
+--- S5tfjeE9DbpxFaOcV5BELXBqaLQ4mDa+eWbw2CAyHwc
-5CJiI+AnxXzWhtYNEB47ZC9lt4TQG7vVySHnnwuT/kA
+f<><66>[<5B><><EFBFBD>8<EFBFBD>e;o<>{:<13><>,<2C>><1B><>7<EFBFBD>
--> ssh-ed25519 Gc/MTQ 6JYkL1Nbe3/M2wwSDM7rRtiJqP4BQGrOYnzeIzzYjV8
+D<EFBFBD>D<EFBFBD><EFBFBD><EFBFBD>r6m<EFBFBD>\<5C><>eDe<44>-:
-em7ZPvc1dwaZ18/j3Y1SOjgYVq6l7udHPvd0BArd74c
--> ssh-ed25519 0ckKSg CdnYg6Oh1eyAvbUDkrSHqOKUTJ128eKEfkRhY939qEA
-XS7cA9F8MRE6Soe/2hAlaxhnv+4ThmJuTtQs7pZC2WY
---- 23uZEJ1Vb+4Ya2AJWm9JScpqyRogoUNlWQHZNpo6C3g
-f3xc<78>T<EFBFBD>
	<09>[%T<><54>*=<3D>

nixos/secrets/zerotier-network.age

@@ -1,16 +1,11 @@
 age-encryption.org/v1
--> ssh-ed25519 OOT7iQ jUogNJ9uREDJZEl4G5pb/2bNjiBHIB9IABgXQfo0g1M
+-> ssh-ed25519 OV7A4A SaDleivMaeTYhlPfgWNLwyVvqi7jX7zEE8U0K1Bt4Ds
-InYXkJls2Sdd+jnQ9Z8ifoUGznwktmstsM8avHFfTuU
+jSHVPbXpgtzBlZkGO0g0ls447BtswuQ/IqW3M/FmbgQ
--> ssh-ed25519 7Lat4Q O6JMNKXRwRWjFZxJM/agtJ922KR+74u8a0WmWJdSaQM
+-> ssh-ed25519 Gc/MTQ IKbNi7Z6qDOIr47lSfom3K8hIrbf8OGQ3WxZsqtjDmU
-5tPV0awfn5djn2c50xloyDRkeu2Aon3/z+6kfoA/eHk
+zAx5wPQzMq7ziibkjw52mGFXzACmkWdguxjM0sFRQv8
--> ssh-ed25519 dPFwiQ HeOAeTzItJMkTPW2ODs/Z/E9nZycqtJnjGaKPigZ/CM
+-> ssh-ed25519 0ckKSg 2rCRoQEz6sUio3mj3MbsPNkZi09yMgXPYiJTksPROj8
-MLTkDKg0hLOfDplWb33hvGQahvEgjqy+S9w+UCKZNXU
+RwB0k/fMuDBc946fzhEZc2cxljWvJHzMHsbGtG3DXuo
--> ssh-ed25519 OV7A4A 4mxMknf9sJCZ8NiENMJqGd2lEBB7dmvzGqVLirHvWGo
+--- WgPFThzdFxwCEO5GrsjvBkBeoUYUo+sDOp/g39lG9lU
-fJ+4MY9oSFEdvjGYm2NoWviC9J4ocSUhUWuGEa71pFc
+<1C><>I<EFBFBD>B<EFBFBD><42> guo<75>
--> ssh-ed25519 Gc/MTQ pjuOkv7iMuSkrFccMGd5Usz/a0bcOJYikvHeuYg5ATA
+dSD_<EFBFBD><EFBFBD>z<EFBFBD>?<3F>[<5B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-ydWemX28ZNygAYR/MsOezz81haHj2XhvHlFcZMwsgjo
+<EFBFBD><EFBFBD><EFBFBD>.<2E><>j<EFBFBD>G<06><><EFBFBD>4
--> ssh-ed25519 0ckKSg hV+hpxVdfr2xOfNYZkbrGNMu5GOASlHDch4AYhqlWnQ
-MeZdLC12XrF9sSy1q28dpdqjYtIEKcTzJq7/vfhILf0
---- 0rgW5rFnvhi1LMOcC3vl70s9Vq9S+PQ5Pu8Apgxu0v4
-<EFBFBD>ߡ<EFBFBD><EFBFBD>P<EFBFBD>7<>-9dq<64><02><>b>?2<><32><EFBFBD>}<7D>N<EFBFBD><4E>}<7D>5<EFBFBD><35>uu\<5C>w<EFBFBD><77><0C>
-O