Mirror — primary at git.dannydannydanny.me
9921a7f9f1
Stage 4b of the clan migration. Declares a clan.inventory.instances.zerotier
instance with sunken-ship as controller and phantom-ship as peer (controller
is also listed as a peer so it joins its own network). Generates the network
ID, controller identity, and per-peer identities via `clan vars generate`;
all secrets are SOPS-encrypted to the user's age key and the per-machine
age keys.
- nixos/sops/ — clan-managed SOPS state (user + per-machine age keys).
- nixos/vars/ — shared + per-machine zerotier vars; *-identity-secret
files are SOPS-encrypted, *.value files are plain public data.
- clan.core.networking.{targetHost,buildHost} = "danny@<host>" on both
servers so `clan machines update` knows where to push and build.
- mac gets `zerotier-one` installed as a homebrew cask; authorization
on the controller happens manually by node-ID in a follow-up step.
Known rough edges (to chase in later stages):
- zerotier-inventory-autoaccept.service races zerotierone.service on
first activation (connection refused against the local API). Retrying
the unit succeeds; clan upstream bug.
- Deployment must go through `clan machines update`, not plain
nixos-rebuild, or the per-host SOPS age key isn't uploaded and
zerotier-one can't decrypt its identity.
|
||
|---|---|---|
| assets | ||
| bashscripts | ||
| docs | ||
| nixos | ||
| raycast-scripts | ||
| scripts | ||
| .editorconfig | ||
| .gitignore | ||
| AGENTS.md | ||
| CLAUDE.md | ||
| firefox-scrolling.md | ||
| LICENSE | ||
| README.md | ||
| server-quickstart.md | ||
| TODO.md | ||
dotfiles
Extension of dannydannydanny/methodology.
Roadmap
- firefox-scrolling via terminal
- Server: server-quickstart; NixOS flake and bootstrap nixos/readme.md. SSH and secrets: docs/ssh-and-secrets.md. New server install (USB, LUKS, WiFi): docs/server-installer-usb.md.
- nvim checkhealth; tmux setup; fonts / nerdfonts; HN: home server
Windows
- System sounds: None. Language/keyboard: en_US.
- Powertoys — remap CAPS to L-CTRL.
- Alacritty — config:
%AppData%/alacritty/alacritty.yml.
WSL
nix-shell -p gh git
gh auth login
gh repo clone dannydannydanny/dotfiles && cd dotfiles
# git checkout <branch> # if needed
sudo nixos-rebuild switch --flake ~/dotfiles/nixos#wsl
Clone via SSH
One key per purpose; see AGENTS.md and docs/ssh-and-secrets.md. Otherwise clone with HTTPS.
ssh-keygen -q -t ed25519 -N '' -f ~/.ssh/id_ed25519_github <<<y
cat ~/.ssh/id_ed25519_github.pub # add at https://github.com/settings/ssh/new
eval $(ssh-agent -s) # fish: eval (ssh-agent -c)
ssh-add ~/.ssh/id_ed25519_github
git clone git@github.com:DannyDannyDanny/dotfiles.git && cd dotfiles
git config user.name "DannyDannyDanny"
git config user.email "dth@taiga.ai"
Apply machine config from nixos/ (see CLAUDE.md for macOS rebuild commands or nixos/readme.md for NixOS).