From 6add0cd5e552d89cf7d38d860810b0ec334f1a2e Mon Sep 17 00:00:00 2001
From: Zuckerberg <zuckerberg@neet.dev>
Date: Wed, 19 Apr 2023 18:04:32 -0600
Subject: [PATCH] add secrets

---
 common/network/hosts.nix                 | 9 +++++++++
 common/ssh.nix                           | 4 ++++
 machines/phil/hardware-configuration.nix | 3 +++
 3 files changed, 16 insertions(+)

diff --git a/common/network/hosts.nix b/common/network/hosts.nix
index c291298..cef02fb 100644
--- a/common/network/hosts.nix
+++ b/common/network/hosts.nix
@@ -6,6 +6,7 @@ let
   # hostnames that resolve on clearnet for LUKS unlocking
   unlock-clearnet-hosts = {
     ponyo = "unlock.ponyo.neet.dev";
+    phil = "unlock.phil.neet.dev";
     s0 = "s0";
   };
 
@@ -27,6 +28,14 @@ in
       hostNames = [ unlock-clearnet-hosts.ponyo unlock-onion-hosts.ponyo ];
       publicKey = system.ponyo-unlock;
     };
+    phil = {
+      hostNames = [ "phil" "phil.neet.dev" ];
+      publicKey = system.phil;
+    };
+    phil-unlock = {
+      hostNames = [ unlock-clearnet-hosts.phil ];
+      publicKey = system.phil-unlock;
+    };
     router = {
       hostNames = [ "router" "192.168.1.228" ];
       publicKey = system.router;
diff --git a/common/ssh.nix b/common/ssh.nix
index 8e24dc7..cbf0833 100644
--- a/common/ssh.nix
+++ b/common/ssh.nix
@@ -9,6 +9,8 @@ rec {
     ponyo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBBlTAIp38RhErU1wNNV5MBeb+WGH0mhF/dxh5RsAXN";
     ponyo-unlock = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9LQuuImgWlkjDhEEIbM1wOd+HqRv1RxvYZuLXPSdRi";
     ray = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQM8hwKRgl8cZj7UVYATSLYu4LhG7I0WFJ9m2iWowiB";
+    phil = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBlOs6mTZCSJL/XM6NysHN0ZNQAyj2GEwBV2Ze6NxRmr";
+    phil-unlock = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqy9X/m67oXJBX+OMdIqpiLONYc5aQ2nHeEPAaj/vgN";
     router = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFr2IHmWFlaLaLp5dGoSmFEYKA/eg2SwGXAogaOmLsHL";
     router-unlock = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOw5dTPmtKqiPBH6VKyz5MYBubn8leAh5Eaw7s/O85c";
     s0 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwiXcUFtAvZCayhu4+AIcF+Ktrdgv9ee/mXSIhJbp4q";
@@ -22,6 +24,7 @@ rec {
   # groups
   systems = with system; [
     ponyo
+    phil
     ray
     router
     s0
@@ -31,6 +34,7 @@ rec {
   ];
   servers = with system; [
     ponyo
+    phil
     router
     s0
   ];
diff --git a/machines/phil/hardware-configuration.nix b/machines/phil/hardware-configuration.nix
index 4c8deba..d87751e 100644
--- a/machines/phil/hardware-configuration.nix
+++ b/machines/phil/hardware-configuration.nix
@@ -11,6 +11,9 @@
 
   boot.loader.systemd-boot.enable = true;
 
+  remoteLuksUnlock.enable = true;
+  remoteLuksUnlock.enableTorUnlock = false;
+
   boot.initrd.availableKernelModules = [ "xhci_pci" ];
   boot.initrd.kernelModules = [ "dm-snapshot" ];
   boot.kernelModules = [ ];