From 83658a0721a62905517fb3635cd0a11c1be8252d Mon Sep 17 00:00:00 2001
From: Ivan Malison <IvanMalison@gmail.com>
Date: Tue, 22 Aug 2023 17:11:37 -0600
Subject: [PATCH] [NixOS] Set up cache server

---
 nixos/cache-server.nix               |  20 ++++++++++++++++++++
 nixos/configuration.nix              |   1 +
 nixos/keys.nix                       |   8 +++++++-
 nixos/machines/ryzen-shine.nix       |   1 +
 nixos/secrets/cache-priv-key.pem.age | Bin 0 -> 2282 bytes
 nixos/secrets/cache-pub-key.pem      |   1 +
 nixos/secrets/gpg-keys.age           | Bin 5255 -> 5514 bytes
 nixos/secrets/secrets.nix            |   3 ++-
 8 files changed, 32 insertions(+), 2 deletions(-)
 create mode 100644 nixos/cache-server.nix
 create mode 100644 nixos/secrets/cache-priv-key.pem.age
 create mode 100644 nixos/secrets/cache-pub-key.pem

diff --git a/nixos/cache-server.nix b/nixos/cache-server.nix
new file mode 100644
index 00000000..6b6b4ba6
--- /dev/null
+++ b/nixos/cache-server.nix
@@ -0,0 +1,20 @@
+{ config, makeEnable, ... }:
+makeEnable config "modules.cache-server" false {
+  age.secrets."cache-priv-key.pem".file = ./secrets/cache-priv-key.pem.age;
+
+  services.nix-serve = {
+    enable = true;
+    secretKeyFile = config.age.secrets."cache-priv-key.pem".path;
+    port = 5050;
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    virtualHosts = {
+      "0.0.0.0" = {
+        locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
+      };
+    };
+  };
+}
diff --git a/nixos/configuration.nix b/nixos/configuration.nix
index 198fa725..59813ade 100644
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@@ -4,6 +4,7 @@
     ./android.nix
     ./base.nix
     ./cache.nix
+    ./cache-server.nix
     ./code.nix
     ./desktop.nix
     ./environment.nix
diff --git a/nixos/keys.nix b/nixos/keys.nix
index 9ca7f632..ba1d36bc 100644
--- a/nixos/keys.nix
+++ b/nixos/keys.nix
@@ -1,4 +1,9 @@
 rec {
+  hostKeys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG3UqIYs/NY0okKuiIO+dU2OM7A8vv3b6//GedagvLoX ryzen-shine.local"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINFbM1sL/vlDhrqPV1OMIGi4dKG0tMKhWSXx95ccbfyM biskcomp.local"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoHW29TmS5FgK12N+bCXhGWASDdmzqSEA0QxbyGaJ+j nixquick.local"
+  ];
   kanivanKeys = [
     "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUSkj7587e+MAUNyU/KRpw9Vk++53Wv5nB+0V1QgiTO3rMQe6HJt0Tm2wi/o/T8GNjueT2D69YgkqOIF1FQwsj2EFLObcMzeBgs5gTSglqggA2I91BIc1vvgjCDpogOMAzAQGlTxRnqrEXhqG0jJtw8KIzLr9WrvWLdTT4rHtWS8RoOBgkQ8oxbggZ4vtbMBIwoIAYGRr70KBRNCsLTPLa8yEf+DDQxq1entzxSjHXHgyeBSVVpPCrBVmhjandk+lIFInjvAiAE1ZkJHSRccL73ORmgb1crwH7xlD9NwBPmypowMi8UIRMKfL2lNehT0AQIlEAikUBLMDzPIPhnwLZ imalison@ivanm-dfinity-razer.local"
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHEsLV27EteTsuVl1gLAZRCklpMFBMhakKbQ2+MkN5rm JuiceSSH"
@@ -20,5 +25,6 @@ rec {
   alexKeys = [
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2SQkJenAX67Ze99SKOVpKDD1XvAZnxQ8RLP0dL/Ej2 alexm@MALISONSERVER"
   ];
-  allKeys = kanivanKeys ++ deanKeys ++ alexKeys;
+  agenixKeys = hostKeys ++ kanivanKeys;
+  allKeys = kanivanKeys ++ deanKeys ++ alexKeys ++ hostKeys;
 }
diff --git a/nixos/machines/ryzen-shine.nix b/nixos/machines/ryzen-shine.nix
index 67e44c65..6f3c380a 100644
--- a/nixos/machines/ryzen-shine.nix
+++ b/nixos/machines/ryzen-shine.nix
@@ -8,6 +8,7 @@
   features.full.enable = true;
   # Needed for now because monitors have different refresh rates
   modules.xmonad.picom.vSync.enable = false;
+  modules.cache-server.enable = true;
 
   boot.loader.systemd-boot.configurationLimit = 5;
 
diff --git a/nixos/secrets/cache-priv-key.pem.age b/nixos/secrets/cache-priv-key.pem.age
new file mode 100644
index 0000000000000000000000000000000000000000..d8e3f38b790b4bef83b0a34f9712be53ead730ae
GIT binary patch
literal 2282
zcmZXUOUvvA9mb{7g9gsBxX{HYRFL#F_e_GNkV!JROzxM-1w}JSCYfY%pG+pvrB&Ru
zs2klBTh7Xbt!`R%=?74uVzFq8xKU6MS0Z{4&*r?J;K%>>f1W4G(z~>d`?<ZGn)>ri
zpFvjyxO-_e4EbG}pag-?t1#=Gj#=gGCPe2Nb%&<Di0Y8Sf|zqje+n&n%@ViH>RP!X
zP8)v!PBXTp(nQ0evp3(`fZXVT39B4_C1;)Jbx<C!?rv++<#dl0Z4x_MfeODfvD1dM
zEX0|!Y4P?=+&dMC#hI>_SE`y}nVm3;fq_!#(Sv5EU|T5QvLO+ZrSs@|-p6rNAOw}+
zM<iZ1Vh1r#(^N5>&(jKTO^(QiL&&97IoAb|oTa0?Np)CJT;6T*VdsYvW|AfhRN0;%
z(%VpX3%8i+3B2mq6iHG>Mpp=NB~rmA6gNoB!=KRlAzEdVe1lCO<hOxU1qyG=Gop)S
zlbmS<&9lN24wQ<{QsVE>WgDau8WWY1+KaXukw~EGJiavw0*p6hf6FyOK1zNel;cUt
z9p^HPM^ujNTt(XRrABOJ*0vR=*W5)Ys2sa2^HFL{A_HAO;0BY=)ulU^1P>ckquSNj
zsVwO+)Vi3cFsL2*8o89uxkGiqurN{^HSGFzfm#8{0AUVehe(kp-7axjTn65XP}_IU
z$IX&E_2CR@PLiN4jb%Ymv?{`$Z8$jariS?BrXc~zpl?Eh5A}dp;cQ`$+p`vC69S9k
z5C|pnxnI~oA32IC(j_U5<%O<&^Psa@F3IaH;8P)mOIKo{C67f<j+MDEaxY22R%%3M
zC0b18>t|M0FVQu@P>xCXoj{Q?-znEpDsvZx#OPu`1rCg(%<@Fsz(y%f8#Rxmrj$Ls
zWlS?{7}IEth87$=W9H_`Z=bYeXC6<@v^rLUN#(5-)tS~_nKU}C4bI-%whTtRXGLdz
z9eM1u;1dI^IW$1T@LJ)*=$bd#-*!qNwnoiRAggX$oY8Aq6KZu2KTRv`Sh{7aj!838
zxd<Sm*$Yv75bPh56H4L;s4yl^!Y8oHG=IIgFrc<N!Kg=)%A8peDGRAGD-@fPPlqyb
znVqYQ6c9n}`0QRw#KlLJX@!AZ1Ll(BmgPA>nU>GW1J5)dH7FZDB<M4ru#V{TyT>LI
zvmHaqli0fHGO2Pdn!k?>ZjE23+Q>Gnv*g4rc0tfCpT6z?Cc)9&Z*8teW=TNIC<!mA
zSNKwdZat-hU1FmakE^PS5kdjZl&&LmRs+T2SZv<sJJ(#`N>Wf^&;`TQH)soO^L!uO
zGl?{)4^Jy`Ey)gd7)%50rrSoJOB&0|EhVn^mj#-)vhVGV5h0Rr40r>)M>IM{*aeOw
z8~6A#lPuG<x@`{7WqTWMh;D&if++6&+lZ6PtR_Obf;U#6mmw7&?@5q2mrUP{<}~j?
zF=2N$=Ag@tkI@E5B}T!dSY_%VAOd$p_0-t*jLjUjToeTRRu;=*Q1)DSFOzU;6Cksa
zAJ4Wio5$^#DUPT5H&(qmG3SbQf-C3UK7yQcfaO_?!9X<4?HW4VXr3~&WIT|UneJpg
zPMmSQQ=HQR9cjm}_oa3(B{YN^{j}0VjFd*pn9nwQjBe)ERkHRV>b@6+<{9Z+lsw@D
z>6o?)XgyvXnuDh{+-~9*7{P??<*M2#OK1m_%=t<y=QTdMiuAO}j43hDT<K{oRgmwe
z3gju`oFCiX&aFeUF`5D<Qb*8R)^F{!tYLt3P?(F8ww<768<=fQ)$wTnZCr^|9$^q;
zDOh(Ovdk%dn&y+Ka4}a5eA_}(W^F?6fMST@WP|7KPs61Y1+TnFYIyc1H1WJs3G9Zw
z;1e5IZ#HFnEOY^?*CV>bv2}}FK~r`?J<$x^%Wn2G4Xz@JomRx6=VHE*H;|EFQFlsN
zy6Kim3q_4K0~F-?q5vnYq!}K_c8z_7^g?ens32P}Q8A^*j6)S(^JQ2E^Jv%_QKvKU
zKa*by?y^3OhIGZP#%}8F+|`%A_IwB+U`cSklAfwVzgI=PMLJ&Mv&Y+dcem1{BIBsr
zj<E9SxDR3L@k|@iqKq~OmR4wEr`+A23+GT%K-1OFeEO%~{^4_PeE&NieCy>$4|xB#
zkN))Nl^?udKl;VPFTTb-_u0QYFZ}J}@BaD6T95qx&AWfRSbdj!{|m1I|9R)ZD;4&y
zzyADVzx&bry^n_9eE$z`25)`Fe*J@YKKaL=fUkb!;V0hilCQk??1T4yExdjGs^tId
rwGR>ESIO(ZOSkBsU;o_mg8rLteCjX%e&gAPZ_Ob0@{1on^Go%=w3zG_

literal 0
HcmV?d00001

diff --git a/nixos/secrets/cache-pub-key.pem b/nixos/secrets/cache-pub-key.pem
new file mode 100644
index 00000000..474d2cda
--- /dev/null
+++ b/nixos/secrets/cache-pub-key.pem
@@ -0,0 +1 @@
+1896Folsom.duckdns.org:U2FTjvP95qwAJo0oGpvmUChJCgi5zQoG1YisoI08Qoo=
\ No newline at end of file
diff --git a/nixos/secrets/gpg-keys.age b/nixos/secrets/gpg-keys.age
index fcf32d1cc24e6a4af3a906d71de52f4042774742..b3a76249c63b32da4b41163e423b819c0f9e08ec 100644
GIT binary patch
literal 5514
zcmZXV`Bx1H*vB(c+$@=-(BzsVTy^(Np}X(<+ATGAU%LB#Z;2AgR+GlQm8EP&sF7_%
zh6*7Pi5R=Gr$XL&&w0=LgE`M1@HyYl^PKM^*Q(>yW~JR{b?PnV1dCk@c0&R2^MMYB
zE?%vIA(2olP^PsDZ8#v74Kmn43~LHh2#0G-JdTX+!3c388O<n=$k7fv$0{T+)kd?}
z0x<EhQVQP=aa*7^FI}Y-AU$3o)F2R;?Y0y>!NaG>kW42=<|bhNLzClG0xb}0cQO1d
zh|GuvNmx3K2|?koP;|W&>o6N2IH?u}Wt*@LGTjIh0sK5=CY-|M30Pp2-Xtd=1vmu}
zqY$Y;9GQg8RBF+1kxiCKQc4g%(pXfP&*%Yytxl9#BxX8YNT`4da$D2{v>DB}@)dfG
z7>f4T#Uh*zt<o5L9smXBk$JU#3YA9Xs2OmXm5swO$PTqz%fu)}2ELYRRO`?-k_q$w
z+3XHEQ0t+4Av}N^g_IdRP6<)K_dsxPDG3Lr(b#ktP7imf{Zz4^rlB$D4jn<O7x2g+
zBaY<fL#0l#U*k2JC}KVUgvYWnGudpf4hsiU$u@@9DxlMmE&*1JFr;`~HV6lYwv#+s
zhLxm3;BZ>Imm-BZ1x7!_Z)S_|fE2jLF1H9%EF>OPg`n{9a;U>X)$siaii``>sC|ro
zM+9+Eh-P03ON+1z?J$-C#Wf3%J~J%^3vg?^L>`xbWa@NY23(2sNW~DdL(k<fDM+0`
zX;yl*QiPgMV^ZlvG}^D%<N0tA3MR6+j3SDf;Q-hiQWA`XBET_TgbrqsGKg9y4ea-D
zVHh|BYfyU)T8rA{R}m#*jtV71Ll7DyRt+;z$P%1O=Jo+#WR+I|XZSN!LWCO*5$bsw
zf|B>+Zd1rK3l#?x`&4*5OU_5C*l3eNs)tIwX1_tt2O)TL49zQJL&$ap8ZI^RNC3FY
zD{^9t3=<T_@_|eowh?C1tJQG6L1a;LY*Y&tNsxPSGPmqMm&D*{^cD|L$Ch%eB$l6%
zDH5W!Fmt9$s8P|pIyO(I<B`3H6q3^7vqC*svI8I!;*c6V2F&HESt7cM>yf(=N}GV?
zrOSCH36r7JSh*G#h2XRQCtIdKN%LxfQl1`y;2NN4s#WfXu}w;vjBVryVVTAhxy<Ww
zNIiP27{^v{BoKfN<OijAjXtrE52d&$dK1CK7oovO44-Rci1b#t&W%yfWI8j>^P@?s
zUkdemfHDdiBk~f_GPjH3=Tb~yHrL~)aivNE$AC0Z&03T~&1NEyZ~_j%!fQx8w~Vc@
z(s*nN%&P?<APOT?;3SebFd?5$6Uk9{jn9EVh<>E~pGk~?K}n&AjcUA!V^Fa0KBCoV
z^+NSrzgB>AW3@~(!mQL%uo@!{U_truToeU_M6$qACq?LCq&VOPHr%V@TihPMfakEF
zkuC)bjQ>wIs0Aj4cz}41+v&5zT`0o8&S+$?&TQdgbaE*KMKzEuVjqv_G71GQ7@BVZ
zI7B`SmP*uH7-}(<t0NNa7?cMJQ}}3p1B$N~c(h6cPr#6Q8ULX%cu2hn2V{w`A}$<n
zQ5)?nt<J*}<C%DhQ!Ky;Tu`S+1=nI344M{$bn0mU2pgJ7CD6fC2n-@62yAw%PoLs*
z2$T>y5}YE$@MS^)6^qi6GBbZP2~i7>ARJIebmDzBs#8a0BO!d1RGNu^Lt$Dw4vl1(
z2~wXFWWvLA4wJ{g0tm%?6WFKH(G6A_0!8<0U3e0RN=GY@1d9*k1!LT1nVCh_>JiEx
zX;?6VYxe++6tYckweeI&mWLsAVa-I3M~{$^+z1l{Yn2<^Oq$WDmEwtd3_!)Am}nM^
z*a9=^9Bj1S<}xCMP%+QU(_+LJH537th*@s0jxKWiNYmmn;UFFmuORCQY?;E%Cqk)i
zJlCr+<M}$e3F*;^(ELo4AEKcURTzy+hXL>yN`e*5fx0*xH^gnjS=oM!R10FNsA7v7
z$rf2047UKSrb+($C!{Df#mNKOnZgtqk?SF9`5Lm+;57@tG9etS#>vzw0#)PFQnYF;
zNp17-lmH`5!l$z-Y$1jq$4i++23=`zs>vWI(IHULWH5+YLZjjZ8U=>-V>XCMjv;t}
z7`I)5bee?pe_Ph!N23jF69W!|@C-_VkD!v^@gkfDXNJ<5J_i77Gx!ApjmxW-Tbxj#
zM2&`uKsXrRK!U;yaETeBLyIABnO%)e`Cl5!Yme93)pCa#07X++BC`-rVme7evPUgY
zpmcnvT%<wjcvJ_|@3tA0a2!IXF=$e-G^ZU9A0H3oXjMpVCV|2xO5k=Rhd}ZWBr3lH
zf?!agc$FTkP;n$OiXKf@hyZKg>}9R9yLDFu;_ROdlHhhQxcbOzvl*O!d!ORQL|1c7
z^G^SUAr+mwZg|J)$IqC9W8<5E1j>h~p%CeYCycG7<gJwJF>?oiD}qBiBR0J)xjblG
z?GwMBClMAmtJBvC0+(+e?YtM5d^g^?II3px`Qu@OXD$r$b@XN|ostuzQ?{2~oLd~7
zO{toCx#IfHJEa*zrtKl0G;^M3f6ij9`4W!LX{ZW9e7eLd$&9;qHtA())5_%gkGSjB
z*K7A%o{OHftoLpym@{eXzSM#v8U5*ynDx|*N2piiw7Ns(9m)H+`}?==+V^zq5zDNB
zs6Sf|Vs$rL*c-XKPTD9XS?&!LlO6UF@ycs)kDh%WDqcM!05>^*>W(ygR<J4)b2#u*
z*oI4A=iVuwfnQ)--CtUAX2P?}tR<L*Ji4)m@+u;t&^u-q#quiZh8XqqFl&1LS=Ss{
z;KujJzrL23q21den?fh${4u!VZQL+v`p*m8lsD*zrS1Fq+@y6uileP95%hb76n=2j
zmw}s~V&6o^=1vt&u~7bc-@C6Zr0v+92^}qicxBVR(wYF5_HAch^*h7FfJUM&r8K=*
zSi3edsXVHAeu@RLV%Z|sqSphoc~AZ*cX27vNtd#v8QJ3t^A1fsa}@JkvC6O{GJ(kX
z_{!BgX<}|8PQuB4*u-wI4mEzjTwDxV)|2x=6~1g>#?FH(;gXyuzdJW~x$l%sk`09X
z;+9|k<8;lptvl%-qr!h~_^P_-i0l<Fl~i4Advz=Rr-ubw@@5s*wtf>3!bUmZ-&CHG
z@H$cNjHkn+9+WP3OLkX{t!Sk<w*<wGy|S0~B3}d<wr`F=)Knzs%DVpjScS^2eT`j>
zDxK?iXnRn9<`{MAsPyWu6Fzp1i2uWqw;nqFPTqUcpBWD@BTuw-@0-cK^f>5Z#hv4<
zV(U*GcR`y=&NUnqbgx*wb9v*=q^N?eNvKdSwmVDrqQ=jAG@<4yzHRauFf>OR+_QD{
z$am`EVO`(kegAyf-n3izP2@Ni%XW>^ubA+OOOyT5J^n6a?cwQ(z_oM6=gxfsY@_?a
z8lFVAHDC`$Cv5pGv_JP@*jHR|+mT7r6P90^C4Uy2_jD%@k^J+f<s&xibsjGaC7n07
zHzl!#cTcS>9`OviW#HKG3AavPSTuE1#>i0<^A1l-=!HIv>^fODNGO$721iy0l5Q{V
zz2@?b%M+(1#Gb$&>#2*sw}H+RuW1b&KdHzJZ3qeezSUTxTeO#qT~qtMtT8#(h?=^3
z$!{(mV?6e5OVb<r*4CUMQgyp3^WoXJS?g5Sb`}JTxvYrwy)DgZ)ef$DPMcZj*?8?)
z_UX>VSJ3iH&ux$w+%dz|Gy7YoEx~U*K*UAP3u-#ipVXFNs!wQ(y*;aDcL89<l*3n1
z0oiGvN3T6T+I#Y5!PEM;1=|j$&Yynv`udwo7k%sB8ox0tge8V_sYWFJ6`mj9zB{Av
zI%n=m@5q=;)8L5LkKVD#os}iVf=N2->DrU6_s>m=*>#@H>-N=8Z;^50>UUG~m)ISv
zlD`t~<`&+r`%G?pDtx4iYoGj^^6!tDg<mf$F1p28{=xkdYO*t4BR&!28hKzycBW)<
z@XDg<EBXr7hQ@%L@Q*EjWVMXS+l0RYJ#cT_d8Ix2a>ecus(*&}oJu;Mb|Upu<t5=L
zy9)B#$xl@Bg!ZhUeDl2PZ}@XB-e6zPz|ZIW-kjd%pT+hi9CRoi$3=0o+dpo>j9&0I
zDU#1)%&k^GIuyT`DO`Jq-`z_@<Gjt~ONU1LMmGhGoO!rSQ;=w`E!Y;^*VNza3wa1_
zTRqA6*SMmXYkBVrUjBX~2PL>Oa^zX_&)ZtWj*$u5mW<tolXaW+eov0?tFO6OP_c@#
zA?@#_i#!Ek`$o+#SRjt^EiAtCrF=)k@E+)^oRpr4;}1A4*y0&o>B^?`31xf4u^p>g
z$sqF~`Y+!Ob3*DjJ&3>!MJ+$SxAN51aWP%PVRN)O+~=2`$=iRQ^zmr^x-wXLUB%tH
zl9YlKkI5!qoWHnp4o5d4H~9&JMR>fEIV@~c@%CkV_csOR-uSCJc-vjz4(X^k%;%~u
zs<gsp>tE3<NgIm>=SX*1rcW9Fl9u;avqsW!G-Jlqs??X~-|WA9VX5_YA+GscMQZn(
zV!^iuzimR5r4U*q-P1KYI*gCb-jWRS-GBaiyYT~N@y-PkR(2%Znb~{-*AgR7i2n1-
zI>~HzDD^{B#l6#L+TNnJ&JACm2dH@DTLA;N526qEOiVcPZDrlB6Yh5n=+RVWIqS&D
z@Y(_WhaS%5W6{^rTGM8CS$9mFzb${u=9s`w!Q<p2FPA*!nj@M#{Azf70i+|4zhm%=
z{z9?@7PY3m|Djn-OXO`Y>-x5QPf+Eu1wGkMSEZ=NhdfvqY3QLvBU@&vu3U}Zam2T*
zw`w5q!Kl=-fnSUNO4S_eurZ#0wqSQxQ0UX*jzhCR?;HLJmAzsIwRB#IdH?lz&&N~X
zb3v1oVg4EWS59mG(6ZY)R>mLuEJu_Tvab4I(dlQgduAlZdF|5=WMqpQ7r&yu-4zWA
zYbMwW;q!p8V;T1Q0|T+t%Yfa>Z<Sq*^aX?+YxEu6czXAr^2+W7U%elXD7;pF=A)CB
z@<Sj0To_lR{uX1_!Ex7u-VB_3PVfJWqj0#D5w%$@w++{ePOrGStFC|K7D#zkPj}fb
zjYH7NW@!wazw_iP`=%g8L8LPWzk+x1=<H-%#q`5hCXn7v$bPXm(7ow=V$Ictf(O_G
zqm65O6aM+--QDr&smF@7)2~)>Ym1+R6m6^fo_0qq1TL~p=?^m&yxVXT-FtIqK-GP4
zCor`CdW5yJ&-%2e%X6;rb(6$Zxu#BY>sBWg)Q6*o$T~mW7_+fcNABB1t-haS=f3>&
zW!rs|FD87j%L*pIpYY4!75$$tz8e^dk6nTM#8mEx%G)yY`k}>sR`l$javJ&~OWIXU
z9Bfh4#1&lo5?G5bCUdI#(UGuw_M5pG+oYkX)`DyNeIL)BA?)K0lT*&B07J;JRnyWM
zZuRUce|7u2{&be%aiHa!yl}$c$?BGksh6XVdZ8^{qbJ|#BZT8uM9kXhZ`$~Lbl%Ry
zqZj8-ew+i|fZya>dWG3qQkzhb)OYFDp5xqiGcCK9{6qO-eLe2hEXrz*&I8Ige-#zQ
zdbeOl`0Ua^9h=UR(b_N3c<;A1uThc~m(~n6!d`S)E`GXyXB4XR7vh>V#Rm+{-b^R+
z$f=-^Pm_v<vzn7H=2vLHs065_pT7K2#h+E(p`7zF1i2jDSq29l>CE`_v65Z)p^vKp
zF5Wlx?^W}U?(6Gcbt}EMmU^L?e-|X_^9Cif?k2z7F@NSX5cYPc%=L9qUsl_u&+ALS
z`%cy4rTh!Wud_`a$=p{5<eyeG%+HK9wNG7Z&=*A9-kcj79VewWN0zbT<<j-t*^~Bk
z3W~|bF}zdl^$kM{lx1H#_tfrcTT;EPVHyGuejv?x`0a4aqAzpQB~_!7ORsF{{`iPl
zIU)^ysC`|-Let-;-v|8LUjq8}@vxhK{fhwQobxlwBSM#yciaTB7Q=HxrY?Hh-s9Sr
z>79L}!q8GbC8^nUBzDlAA$+l(HC=r<6j;yiiW?dhg2Q}KU3n6qH?B$>Lkw@S?*)c$
zdosq_F=xd2(!Hgwye&J7kKz++>Jyb&b#-I1Z6(vQdzbxj(syB3W?T8I#b>@=Zaxsy
z5y4*GDE36pRDIuufSzd4ohO|u=pMB@q^k8yN<M1G@|j1vF2mk}xZ5bX$PW=`$LzXx
zBK4cIgd<9<s~svCO3h4^yj0i4?oTO?C^Ldh;p{hk^II+%wqp2IGl=&bR~tFqGh($*
zT0`1u8_O2dry>q2Im`5fsT&J&3CT4~r2F3f#4F}0E%{BW^t0EWIkhebJG*q|m}1qi
z({G&3Ez8zVYPg>seyECG`T)MYusPzfDSXTuP|Uhi?S>iax}Ikw{Tk)Efr?nVE-3fx
z>(|eE1DZgarJK+6|720QwM#R{U%{s(Mfb#{U6n@jv7<%v3Zzq)z8=%L(p_8m<d+kX
zcYj-?3~B6$4z$Nd)tpvU@Pl{p&XP8~3w_d**AjPUFeD<ZK>7EY@h5hTx^P$onS9n!
zpNEPuzpWnH^Hh}h^Zns-$e_EEsiXP?!yXcTPigq|3P|72YW2}x482|wwwYYql=u4d
zLZC!pnzQEyaU)$+AxdBDEm}B#GNX*c?0yoy?Afb%`-2rSW!HrIz=XkoEl)vvNuokZ
zmL&3X-;{T4xp?f~>FbR~?af}nDO=m}xfiHc0>d6up9woQzc|S8CNyf^LD|@~?BvaV
z?!GNi%JXkBn>(ut^;lF+LtvHRa<5YZU$(h&aN!2bY1|ys&=y)(!Jjws(!&z7qLk;b
zI5GNe#L=M}59c*}&&3|7F-{&yI6rrN>aiC9++Gwl{}4HOka=MYs5Sx89E&~Lz++?g
a%4-VOAEE?S8dkXr<WYN4=Dx0aPWm6Cn>+{r

literal 5255
zcmZvb`CAMM!@o&crmUr7E7Oiqvu}iEnx&a$-)AJ6eV=LenMfra*`<WaT8?B(**caa
zp*To79a<!kvKAuS`&{4a`~GsC_b<4w`~F;?6qO=cVU$_iW}C)jj4@eMU<VWsy%cD*
zs-rE|6rjpUbwStwjv-N^6+nq5q79s=&~t?nKAZ2<@U<|631zV+(9~+C!y%3b3sRvp
z2191T>TOP0A`FoT!z1GbL;%DfV!0>;Q@mZM)w5A%1lFRE(S=BZNot~+5qfbd#Rj)H
ztrCw;s!~$eFp`WLPbN^sP>Bi5AQ%ArM4SyrVz6;K8XN?77|krGT#bWj?PLka%2l$d
z930MyBC|~<6q3bDfzZG@L!yjl<Dj9bd?6eS@DLJE@I)w)%z$GELLL=mcZ=g~^b`~e
z>%t*$Mh?njR=A{Mi3NdnkQpu#%c`(@kOmeLX@z2#WPnUV5(%6LHIgG$G35|EhAQHi
z!6b$mgBK=PonSqUl7c0g^h~J~#-ONDnGTN%qE*omESZRsh{pp=5)z3dF=@39CP62H
z8SNw!S)}^k+6p-giG*T-ViLuafCCb(BoP^Iaj<a$yiDbSF{F4i%S|AlO(Z$ph*HRf
zPC3rNAQ?3>0FSRwklaq9&TYoRC2*!7g`6rem<U!U%!*S9L3W&*X-nlxIUMJ|X^Cv5
z#^eMloft8N?y^~FZ~>Z`qLA{~9;3#LbLkuuB~Hi?LJ435SZ9+G`2a4|q-Sx#NJ|2i
zW(K9;3>Jr0rAASNQU=%#gG)&^5}I$YBx0=ef75ha8O5anq7`m(s+r6rm^d`K&@R@y
z6e&!U91B(n`BVp-1A}m=8k2ypBq9KI93hpjVUURe5ex}4^Y|ilyh})vVufUw5$r)3
z$xxWqAWIav{;OnyM+EgafiMjc<%WUv4zY=*AWJbK1rZG~DDiG5hsmT!2#iE1Ly;gb
z!U#kF0Sz}%aZm%vWks3e6O?YWH6F>Lb1`Uvlx#3lutu|iC3HbKV*bC~{(nh>g+~%`
zg+ex7BU2M-7P?-mrKK7?FtD4bN6Lg0G(%vKYG^Kq7$9_rv}^*}!W2ST3W^9y<ih1p
ztWXZ+B4J3OOu|QTZ3eg-<+T5o8`K07L7YIFgKrW^X)>Hy4reR4C;^&Bu*xNDS|Snz
zrSLFF57y$+>DU$(1b~sj2vk>s5=s;qKwLi6MEuXLIz10Vq$Ge;P=r;bP7%5^CcW_g
za6@YNIAAJ8B!uy#Vg!<B<&Zg&1RDy*v9lE_E{vyj>Wl)Mf({W%`5c1^fV1)v{__PY
zKhc4pY87k&!=l!6@dP$Oz(VU~G^hy1M93g~3rzR#k`M(K3Bmz&NU%l$k*jG|ty~rl
zC7_WB4x0gDVuN@rng}bxm=O$KJVXM95&=jvf|Ur@%JmM3#q6<=Xk>Ie-$*0UNJ=Pz
zZgml03M~sIR~x9rf77sF1k2(Cia=TlNdkrQWE7Q72bT+Y3>!y51(C%GB!~v5M!}E*
z4U8g2lAQn$PEAF~;A9?}NHqx69)t;FQ{b!?ib=t9)A@83%q}oUkYt=q{BN2Hr-Oso
zKn=!eq%l=sg@9&5!;mID#K9*JFme*aWuYVNJOmz2BWQ35c%BTPL}1Az6OE{#A%tA3
z9?Ic*xF`l!<dAC-Jh4KFh1dyb71)i$|5r&7N<p@<ff6@ass*u4MxBV2iX^DmBA6Yo
zg9@1JRI>o<l4~GX5mX?epy7OgN=#5OJe*V%5l&9DLlc-Dnkf-Wa(nb3E!V{*K^00J
z&4~b65R`wrK@2IFcqdQ+r9m`Uk4NWX8kI)4oGh|pQ;}qv)-4n(Bubk>N+hLPG+LBE
z2LO@qNUB8YBARp@I|q)Du|+bOnnouZU`B;b#^WMT@m8de;*|eCH+WhU$r-J(C{nBn
zAbSZgi4II%0LKF9u=!Ls8(^eDU{rxxiKjSqN(K>$gUeIQo_IRSfRrLod>7Gf65?@g
z1QB9o8HE;>+yNIGEm{uGjiNi`Pz?Ygu!#s{7cNDPz{*JK6cU)_LPMZr8Qh^w#K*@w
z{`14=Xdr~o5cBXTcY+irr;|-AqF$n8+f=dyoB&3Kr^*FVBZi@~OAH(_pgSY0HKp_E
zZN!|It0%@LX5f>=i{`f}oXsg?+mrYIey$;6f@@1LWj_aJtZVsM+0fLm^vB@`Z(j=M
zg|xj6c;6E~rXldcWO$l(h>`VVsUV~W`M&qv%lz=Qt_`c#&Q<gjFxyUUZI~B+<6U|E
zx{*`KA)4FKzAjnq*5RBhhGCg~;9=w@Lcq+sK7@Q6_eQWd*YtP&$Qso9n$~Q;{qLVH
z&9C^-`eA4Ywf61k;f8hrMAB%vVBLNY|Ft=P(zcb~cFmi*OZ+UnEmis?H+0Sq394j8
zDQwTWMMowzBJ-!79d*V&FJ;Qmm$l!Vr@I$+cUGU9SFqq&UEY`j@#Qm@#>8$XteU5&
zJwrXexorJ3a4jrxa_Hzw%3FP{1#0e~7U^mqs2lTvJ#<gfU@bmQihA@q7X2=#YU9JJ
z!j(nAL{Kpy_H)}v*AHCk%vqZ{j#f?fd7Gz;G3?8`k>QnA!-XtPnCm&=xVlpmfSEJz
za^!<ZnRev!(2FbeFB{KJHhC7w8|Ea<_%-cR<P6g4F2sTZ`)4m*I_~W+qNzV`Sn=Da
zWo5f@lBSQ4jgWVV*LXR+jN)SLqIFKSWQ8#2xuW@0emzXMA@1w#_S<*wZ=F|>{p(Z3
zsOd+*GhZ%!d#0|16CAs@ZD-|aW)u0)&U-(eR|F+RGu3NgAxhvtLXzv+yqx`+M|0h!
z5npdtZL{tNwxZ9KH<XnVMnB%y`bblq(_+5{ogdM*i{RmvrA%4j%sF|$r?x`#w_ny>
zXch%}W8LkQXWqV)53SrDR=l$Bef)DiHSLrkdTnTQ-NES4(BrEa&%%h%`D)iCL1p}|
z2`6&j?pf87ll>W*OuFc!AM4(DbK_uGyX%PWAK{zRS;K*4?uY72=h;un19soFF`nGk
zbsP#jTs<{?!iZnUw8>-g=U-#o>AkZl>=<iO;OJi)LrOoCe8dHgJ-Ed^ar;WIOax+a
z_VM-LW3{c!>hWF|s`@WLkM!YQN7OEe3f<Iq4jr|p>`Ng6bLk{22<jiht->ZR8^@te
z6gQk;?QYySYTnh?XL768<i7!*OzM3wIs9kzm6EG9iBCGJVP2zWzwfGgy8U!z>u+fT
z`Su$t=Eq{Mx}z4YjQSfj;@_@Z^@BGZ`|ZrY%QfA@$)2h@+MzqUUVTch;eGszn`KjN
z&Hxvzd3mIJr*9;lVBNR&gm>~k8_E7Rp)ICGU!V)VWPD8$-}*kwbU5+C%Sn!DQI~%%
zzWSt{oKf-Y)~ARp;IAS5ytBMa{DPw$tLc}zjU1_v-+$>^+WEyFe(IO`y+DdhlFs%+
z^q^0b>sBqVFLA8@r?TlIJv3=+DHMO|U`WF&Q{QO+)#)YhJ70V<`j<zg#veY(4+TVI
zBC}=$vN8C$O6Bq~y}|(gc~bS1!?M9WvkMnCk45=yE_~fH>5fvF#Sv86zD7Nwo%6oN
zzF*#WV14+XFTA_Uxj%?GS-^h4j32|cA04BTn)hVpeh)qaj!jN_ydp5VaN8r^u}3!(
zo__(D*48f>+eaT>Ui<ASd(VVlhwn}w6VZFF=Hb(UZUg8kH>`!QxP)BYkvVbP*-3ri
zuqA|m?cwt~KD_!|S|JXI&ihss92mB>w(icPfC-Fc->91S@!>65<E{ixfA{?%AftU-
z(RN_7ETmTz+hkpqQqfyz1_0O_U}GQbohE3E2WmGzY-{L$ck~aargD9FiEqLYO2NAO
zzn)FqFltiB?zXV!DC2~#9X~IhxIFI2s}1V!TRN`Bv&tfKA*WU>Sn?=~AD123>^Bcl
zQ(?K7Mv4f|UHm#1rdq$L_V%v!MSqC%h&Ns#Is(GC86Pg%208ZP;W$XpfzBNtuXr`0
zfqlnrnKFdk`v#B2G>{s9d~=@rFu}}8pKet)?cE9S2b^)p8-I4spXn2~us`rJRl<3Z
zuxV+BGw%zo4(}J)RrqIES<bLtbb0o()siW8Y51uiTFuiS#*Jwg{yBbl>)30MC0;WN
zs;;!RZjcuC%?<HQI*IT4QqgewAPB<zedo-qnL+T&pVzizGFC3XKN!I`kAvsUntW=m
zsps>_xWdwNuZfzAY0>@#UrMTb*2LC~`r``Re;oSFQJUA|h_|{(#3#-`{OImg{z;<g
z+ne($Sf?dxqrYD<VbU|lkHEmMPoFF(eeyKGpQScjpCYXc3wg7<BY1lg1_B2ZpO_B2
zzbgoLI`#M0`dGhi&z@<$d7GS^!OBh=Y2fxr{P9OC29ub&(8x8;{zFKXTJWe{Hi~eT
zpB@6vOCN0U8~#xJYezQt+_T~DcURw>wM>ED(I>s%Ci9IS8+W&MEUC1?e@EBO-KUim
zQF|-jJ349JJ8CZ+rtGinNLxjezdj6jSx~9yp8tU2tVp2%uH=-}cm7j<uV?n;0%`5r
z`)6b8le=?hi~VXlYEY4WPtN-}uX4(}-ueK1o6`KwoQ+YOn?JBdwx!R&&GM!_O+pbi
z(|S&h(?3{bq8}mDj+@&$w5BvWZgFYtbkh2|*?{9o%VTD&M)bNK^sRs4Y^AE(d^!1o
z)e|>st`9_!<P7t%eqz}D?)(o^sx>|zV!Hz-zk5-4=1^)(aVh0Iyynl-`v`ZAS6y!+
zryOs;Z~wXFzIP_MV#t6gl&iijUAQ0sb>t}SO_KQ7#~pulu2q)wIBTfDzDHN<Pu{xO
zm^JFk<gfW=JNR$^=Ou?jXWVSk_1@}w@A~kW+c|y6Mn+u24jj0C$md7dtsU;)zn-Fb
zd4&YenYU`Q*JMqyJU4I1{-b-w_$xEOMS)$Qx_CjkXyucNRIcv#*+ON}R?Y=#XHA{w
zL+InSuUjU2j5inRbDwzfvjc+Hu6`PSdKErrD=3WDWt|x6hqP6)8Xk?=J3Tvb{!m!t
zzS!J?;1fIe&5uj>x2UFkO)sxGaij9<d3%eYcu(&l|3EIg06DNMF8iSOsgYNpbpkwh
z@YnK#D?eRy9M$SP?_PVsOD-}y$;n#@%cz5iZEBzKe_?RGmy=H%x)r(U@KI>?psR;J
zQ1W)&;J}zDBC;iuXxq7L-P|$w#V06*#{`r3B2RJDrZvA>FJ_efZC94RAss%8sQtKN
z?oi&v^;w>SBA<NQpJi_vK?l85yUGSwU(Via%~{XEni5lrMuL_)1iG5Aj<mDo0N(@a
zNY^+0$cr_9#?`fds>{L{*BOggmuD@%D)O9Juq4&5cdGY24dK-%zw-`8ptvd25WEVc
znY5|Bb#qqwMEH!|bMiIizsM`kdMvFYt0Q4uGt}MlWZw;Ua?i{xw+oGBo1bwP_DtZZ
zis8{k&0lf{a@K7q@%9?TjL9pgpB?x94XesKD*DRc!MnxZ8ylT{H$QbiWXpeconDmy
zO<P<@AU5*+d(!+GIdNmKf#CCV!)QZv`%mLmQnM$b2e7YZ;q`@;i*lBHo;q2xi`Jl2
z!~8B*KCs%Kcl*>+A{(3D0Faw&-p1BhcU<~*IY#p8{Kj6R_uGs~nWbU^Y&B$g-d%Wc
zcYFQ8IjH24Dc2|Z3vyF^f2$gq__;qEu>W(j>>>SQin@hVcL30y49i?@K3ennTg1CK
zZybdDF@x~l#wBDAn<mgAJ^foSe^&d(z25E~dt|OQqDsHvTJ!_e?+^Z>Xt&3Thnw2m
zVSu9jRB~rxrxLE~**LhuyMG~hh9GWc<-j_G;q3X6Q%7%juQiVfS|ipC7Zlc4hjA+>
z{hbR4Ss!w6ynFQucJscarZ~u`nWux;rH017?HT*iEGkvU*v7kt&L->xFHo^hf!)6K
zR(a5>tr3r-mn;PLpBR~%VJ$qGp0^ex12U>&g5q}9R6oxhS-6y8-4-$lk|=E`xm**|
zT|DI$Gp1M8r4`l*>WcCUftP-}2ar;X<6|+~6y#gX%m<l%+m7XoZxIys#|M@d+(IUU
zo_c>R-Nu@6xZ%qDbY%a#!LD8NyW?2-+2jmdTd^dl5--gzSl6Y5Eo=!ZiSyrk&fBtn
z>PFb;Y_C(6+sBr?NUyvcG-M5?ra-Kd6j{Eg$2zjb{~LDT{7lkZUz-`r&0Rh+bMe$`
zmy0+F&76v9ja?7xN^%#z9F2z5uL^E?x3UD896&65Hq|uPJG#rKXu`W;+K=Ej?E>G&
zXJ0;TY#9By<LBxL?#vh&$Zh(YT?U@9m)!kwfsfbwBa7#6o)dI%r*gy#sHvu#+H1$;
z$36SA_ua~R=34RG!Rkx?8ON3kTsLSIw4X`8;Yv6(l=aV=+2c<xO3ge6L3@gB+(@h3
z$F1B@w6C)w0I3Cye4%X5w4h&ZJJd{|{t@nk+2CLG!Q*}%CbOrwzaN+=sjZJXQ#UGQ
z1}*S`fB2nQISKdDZ$G*5=_)@!)DyE9aYDc55cI(F1X0ldeafx8Sw36cS^eM0cY`7)
zm?j@@7#h=6CZPS$-`h5>F@Dpg7to0CU)v}(UmmZom=${qTj5)Da<4|U4>D%s;)Bzx
za2@yPm+jVV?-RqWf6PnIETo4zf}1R>YGE&A7~>_{Ut2;^QxI2`sPLE*PVS@s0hRFC
Ab^rhX

diff --git a/nixos/secrets/secrets.nix b/nixos/secrets/secrets.nix
index fc7386c0..e4a449e0 100644
--- a/nixos/secrets/secrets.nix
+++ b/nixos/secrets/secrets.nix
@@ -1,5 +1,6 @@
 let keys = (import ../keys.nix);
 in
 {
-  "gpg-keys.age".publicKeys = keys.kanivanKeys;
+  "gpg-keys.age".publicKeys = keys.agenixKeys;
+  "cache-priv-key.pem.age".publicKeys = keys.agenixKeys;
 }