dannydannydanny/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
dotfiles/vars/per-machine/phantom-ship/data-mesher-node-identity/identity.cert/secret
DannyDannyDanny 6846faa5f1 feat(clan): data-mesher + dm-pull-deploy wiring 🌊 
Stage 4e-a of the clan migration. Set up signed-file gossip
(data-mesher, experimental, clan-core) and pull-based NixOS deploy
(dm-pull-deploy, experimental, clan-community) across both servers.

- sunken-ship is the data-mesher bootstrap node + dm-pull-deploy push
  role; phantom-ship joins via /dns/sunken-ship.clan/tcp/7946/... — the
  hostname resolves via /etc/hosts (clanHostsModule) to sunken-ship's
  ZT IPv6 since we don't run a DNS server for the clan domain.
- Both machines run the dm-pull-deploy default role with
  action="switch": they watch /var/lib/data-mesher/files/home/
  dm_pull_deploy/target and nixos-rebuild switch against the pushed
  git+…?rev=…&narHash=… flake ref on each change.
- Signing keys (shared + per-host status) generated via clan vars
  generate, ran on sunken-ship because data-mesher isn't packaged for
  aarch64-darwin.

The legacy dotfiles-rebuild timer stays installed as a fallback until
dm-pull-deploy is proven; a smart push timer on sunken-ship (calls
dm-send-deploy only when origin/main moves) comes next.
2026-04-20 11:38:01 +02:00

18 lines
1.8 KiB
Text
Raw Blame History

{
"data": "ENC[AES256_GCM,data:zBvALOnnz8ubaEU5degFP9ySosybyXIMrDcWT5TuckgSiWZDlzZuRQyDIdSm+NglxV7+tIPf1W2CA28QWSm41y6ThFmmJEdXYRENbvpIX/LmAy8rTidVcmxjSt1nQR58PaG46YW6ODgeOyP0JZmieOdTzXrIZnfkugE+vvh8ZQKJqOqVeHCczqhHjNxghQyH1O3YKRhiNFftA4n6HJKCEbkMAz9rblQfZDXllt+dtdM+FpnAxQ2PD2lYiU+N2Z3F1SdgKWeIquQkqlxcYClWI5lVLjbwa8HpcVgP0PVHGAQu12Wk2brjYoJ/L3yq,iv:ZMZYHbjauV7RlclQdMEsgrcIoOVQGOESwWc9eleA8kI=,tag:K4rdm+/R/WrOtHJJIYVQHA==,type:str]",
"sops": {
"age": [
{
"recipient": "age18gtjh28qxeltg2r2tzxwl096crkqkqk8tjhersyf7mzdsddady7qs34x0m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyMFJHRXFiT1Y5RHVMRGV0\nSFBXYlorU2Nud25VNXhvcGpSUnRnNjZGVWk0CktreG9MaFBMai9FTWRYS3k0ekJt\neGlPem55RWNiTllpZjY3K1RMR05rTmcKLS0tIEhaMkVQaVpHTEs4dFFkOFhHY0Vq\nZTI1ZGlFS09LRWRxTlVaWFRKOG5UZlkKso5iv/TYlIkcXE0U9PQ7J0MpCJ5N+Bdx\nrClL1wZSsi1wlAWTxHqP5MvZjXT1EZb6jG5LOSHljUHxBCkPFWXQ+g==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1g6y8gvcampqj5y3yzdajke2h5n7k6ckdg6a424cghy5325px7cmqjmmd28",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcHoxZUtHN3c5YU1YUks3\ndkZMTHJSWE02cU9XODRSRVdIK3MveUx4UFhrCm91RTlYRWtSY0RKUnBGUCtwZjJK\nbjZ3eE5vV3Y1WGpzWHJ1K3duWFVlZVkKLS0tIG1hcnlic050SFN4U0NYM2xYd0xX\ndGRVU2pMRlc4NGxjdlRsUW04a01LWXMKZZQCsP6fafmBN7aoyuMp6L0F8umVoZrG\nwsi+ZpANujBIPbq4Fpzqti8zit2aFfrc3k8xkP2GW0VmHC+m8AfAwg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-04-20T09:37:04Z",
"mac": "ENC[AES256_GCM,data:DxmbajDV37PDo3T8CLrFn5zEfCtjGzERZg1wpmIkUA4jDev+FJAXRQudxyeTAc+z6POKzsq8QT6W40C/1Nq9i2J0Ihjfkd0dVerZoYTwJ/h6+shyy37TxZBC89LqGL5gz9tzHh1xN4EO3/ioUipsBRORqyb0HOoAkJYLAahr8UM=,iv:knW5/8lyM4/LAV3p9b3p4nWJDblUKI7dqd3zyIIJ7qw=,tag:LJSUVZ6A3WUs1+9JT2ogdw==,type:str]",
"version": "3.12.2"
}
}
Reference in a new issue View git blame Copy permalink