From 5707be0b1147e6e80641f6ccd3526edf4888ae19 Mon Sep 17 00:00:00 2001
From: Patrick <patrick@failmail.dev>
Date: Sun, 25 Aug 2024 15:56:17 +0200
Subject: [PATCH] feat: run octoprint on testienix

---
 README.md                                     |   4 +-
 config/basic/default.nix                      |   1 +
 hosts/elisabeth/guests.nix                    |   2 +-
 hosts/octoprint/default.nix                   |  15 ----
 hosts/octoprint/fs.nix                        |  10 ---
 hosts/octoprint/net.nix                       |  31 -------
 hosts/octoprint/secrets/host.pub              |   1 -
 hosts/octoprint/secrets/secrets.nix.age       | Bin 852 -> 0 bytes
 hosts/patricknix/default.nix                  |   2 -
 hosts/testienix/default.nix                   |  28 ++++++
 hosts/testienix/fs.nix                        |  83 ++++++++++++++++++
 hosts/testienix/net.nix                       |  18 ++++
 .../generated/initrd_host_ed25519_key.age     | Bin 0 -> 1211 bytes
 hosts/testienix/secrets/host.pub              |   1 +
 hosts/testienix/secrets/secrets.nix.age       | Bin 0 -> 901 bytes
 .../wireguard/elisabeth/keys/testienix.age    | Bin 0 -> 697 bytes
 .../wireguard/elisabeth/keys/testienix.pub    |   1 +
 .../elisabeth/psks/elisabeth+testienix.age    |  15 ++++
 users/patrick/ssh.nix                         |   5 ++
 19 files changed, 155 insertions(+), 62 deletions(-)
 delete mode 100644 hosts/octoprint/default.nix
 delete mode 100644 hosts/octoprint/fs.nix
 delete mode 100644 hosts/octoprint/net.nix
 delete mode 100644 hosts/octoprint/secrets/host.pub
 delete mode 100644 hosts/octoprint/secrets/secrets.nix.age
 create mode 100644 hosts/testienix/default.nix
 create mode 100644 hosts/testienix/fs.nix
 create mode 100644 hosts/testienix/net.nix
 create mode 100644 hosts/testienix/secrets/generated/initrd_host_ed25519_key.age
 create mode 100644 hosts/testienix/secrets/host.pub
 create mode 100644 hosts/testienix/secrets/secrets.nix.age
 create mode 100644 secrets/wireguard/elisabeth/keys/testienix.age
 create mode 100644 secrets/wireguard/elisabeth/keys/testienix.pub
 create mode 100644 secrets/wireguard/elisabeth/psks/elisabeth+testienix.age

diff --git a/README.md b/README.md
index 2a45db3..41ddb84 100644
--- a/README.md
+++ b/README.md
@@ -82,9 +82,9 @@ These are notable external flakes which this config depend upon
     - This might take multiple minutes(~10)
     - Alternatively boot an official nixos image connect with password
 3. Copy ISO to usb using dd
-3. After booting copy the installer to the live system using `nix copy --to <target> .#packages.<target-system>.installer-package.<target>`
+3. After booting copy the installer to the live system using `nix copy --to <target> .#nodes.<target-system>.config.system.build.installFromLive`
 4. Run the installer script from the nix store of the live system
-    - you can get the path using `nix path-info .#packages.<target-system>.installer-package.<target>`
+    - you can get the path using `nix path-info .#nodes.<target-system>.config.system.build.installFromLive`
 4. Export all zpools and reboot into system
 6. Retrieve hostkeys using `ssh-keyscan <host> | grep -o 'ssh-ed25519.*' > host/<target>/secrets/host.pub`
 5. Deploy system
diff --git a/config/basic/default.nix b/config/basic/default.nix
index b56d230..b68000f 100644
--- a/config/basic/default.nix
+++ b/config/basic/default.nix
@@ -2,6 +2,7 @@
 {
   imports = [
     ./boot.nix
+    ./generate-installer-package.nix
     ./home-manager.nix
     ./impermanence.nix
     ./inputrc.nix
diff --git a/hosts/elisabeth/guests.nix b/hosts/elisabeth/guests.nix
index 3e96c12..9a7688d 100644
--- a/hosts/elisabeth/guests.nix
+++ b/hosts/elisabeth/guests.nix
@@ -38,7 +38,7 @@ let
   ipOf =
     hostName:
     if hostName == "octoprint" then
-      nodes.patricknix.config.wireguard.elisabeth.ipv4
+      nodes.testienix.config.wireguard.elisabeth.ipv4
     else
       nodes."elisabeth-${hostName}".config.wireguard.elisabeth.ipv4;
 in
diff --git a/hosts/octoprint/default.nix b/hosts/octoprint/default.nix
deleted file mode 100644
index 4f7477e..0000000
--- a/hosts/octoprint/default.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ inputs, lib, ... }:
-{
-  imports = [
-    ../../config/basic
-    ../../config/services/octoprint.nix
-
-    inputs.nixos-hardware.nixosModules.raspberry-pi-3
-    ./fs.nix
-    ./net.nix
-  ];
-  nixpkgs.hostPlatform = "aarch64-linux";
-  boot.loader.generic-extlinux-compatible.enable = true;
-  boot.loader.systemd-boot.enable = lib.mkForce false;
-  hardware.enableRedistributableFirmware = true;
-}
diff --git a/hosts/octoprint/fs.nix b/hosts/octoprint/fs.nix
deleted file mode 100644
index 2b8a58e..0000000
--- a/hosts/octoprint/fs.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ lib, ... }:
-{
-  fileSystems = lib.mkForce {
-    "/" = {
-      device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
-      fsType = "ext4";
-    };
-  };
-  environment.persistence = lib.mkForce { };
-}
diff --git a/hosts/octoprint/net.nix b/hosts/octoprint/net.nix
deleted file mode 100644
index 5a77ad4..0000000
--- a/hosts/octoprint/net.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{ config, ... }:
-{
-  networking = {
-    inherit (config.secrets.secrets.local.networking) hostId;
-    wireless.iwd = {
-      enable = true;
-    };
-  };
-  systemd.network.networks = {
-    "01-lan1" = {
-      DHCP = "yes";
-      matchConfig.MACAddress = config.secrets.secrets.local.networking.interfaces.lan01.mac;
-      networkConfig = {
-        IPv6PrivacyExtensions = "yes";
-        MulticastDNS = true;
-      };
-      dhcpV4Config.RouteMetric = 10;
-      dhcpV6Config.RouteMetric = 10;
-    };
-    "01-wlan1" = {
-      DHCP = "yes";
-      matchConfig.MACAddress = config.secrets.secrets.local.networking.interfaces.wlan01.mac;
-      networkConfig = {
-        IPv6PrivacyExtensions = "yes";
-        MulticastDNS = true;
-      };
-      dhcpV4Config.RouteMetric = 40;
-      dhcpV6Config.RouteMetric = 40;
-    };
-  };
-}
diff --git a/hosts/octoprint/secrets/host.pub b/hosts/octoprint/secrets/host.pub
deleted file mode 100644
index 3128d72..0000000
--- a/hosts/octoprint/secrets/host.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8G75cwqCVwCTW3b3T2RctfGmNHRuLM8fkFcKCoKvnG
diff --git a/hosts/octoprint/secrets/secrets.nix.age b/hosts/octoprint/secrets/secrets.nix.age
deleted file mode 100644
index 423c6a799b5e720ff1d79350a107e8ddcec3d2fd..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 852
zcmY+<-HX!(008h4Jsd$N_b?_*T;S$phMF{OzL3+UA4xybHfi(KD!8Uelcq`Y)g*1X
zV-I^1+#V)lY@mDD+aAVXFxbn@v7sCsi0*^E-T5Hs%RuKLP8l2Q;r@ajzrJZ?jL9IJ
z`_qv(IqQWcoMeH_c~C_$EK7mHe2x%pCMw6cYKZN&ZhL8SLW*>$0Vj-~wX1AfwxzDm
z<N<Vyb#RMd?Q*M-)os4q;5b^z@krRVIK_@qugJE<tk$N-{|f#n$@nOSgFVI^Ra1~2
zr-dGomn9sgR7DSFu{KxybcBd(Kkb_c1`#EsV^Hl{CkG%omb23l%2;FqSsl6FumT2|
zBBYs%Sc4s_J-*}Oo{A*heU>T;V~GZ7Pag9sB}K55ROVT<9tFMTKttr%i99!k$b16Z
zoal&^kOpAL>*qs)=`@UJD7MV*yiZ_RH}pAaK7<5}jAwj((x3u~-e>*)a$&W|<6*Jx
z#|c{?gc-*v6D~;tH&W4<_H}cp2N6<%90sVtk`E8`;<Oe@Wi*F5vuZ1c*5-L_0oi8g
zaLRNHkD8{R3i~W9arvnL(hH}i4=k>#n^1(IqU{+DO5{>_s3du>+SICC?0Ufvw}T=;
z5&^_#E1pstI;D|D8ZjFP6>CW8R0os%u+9jYOY-EH|Ib=qRNh{@fK4-IX!Iik3{@X2
zUUb;{JL{)FWdg~oC4j9|kbrI!Azlf+sw>-eQjN<J4rDSJ&=R#Kp^nHnn6)9dXZr<R
z!09l6F<F5EdpZ~_!ca<D*o+1~SVm9moCB^N_-e0t{Z;F`H#ZL*JGImN>&5lkziq_t
zcj?UP?$YwoH{EZKZmvA}{m0X*2gPI3`WH)g?)}oa^2+y@wMU1sKVN>bar2{<bAQ}@
zdQ02d{rhL-@Ya#n+%ts_sg?83z^~s*Pp)pPZI^bpUE<o*xN?8H(cAp=2auG(wVgAY
z1Nz2K4?n*3=;*uG-g|K4{>_7*FJIz+-8->%`DJ10;p-=R3rstG_ukbfZydk#<>Q?L
N&$rI*<vyb>`~w+)EJgqT

diff --git a/hosts/patricknix/default.nix b/hosts/patricknix/default.nix
index c21b84c..0aea02d 100644
--- a/hosts/patricknix/default.nix
+++ b/hosts/patricknix/default.nix
@@ -18,8 +18,6 @@
     ../../config/hardware/prime-offload.nix
     ../../config/hardware/yubikey.nix
 
-    ../../config/services/octoprint.nix
-
     ../../config/optional/dev.nix
     ../../config/optional/graphical.nix
     ../../config/optional/printing.nix
diff --git a/hosts/testienix/default.nix b/hosts/testienix/default.nix
new file mode 100644
index 0000000..844cae9
--- /dev/null
+++ b/hosts/testienix/default.nix
@@ -0,0 +1,28 @@
+{
+  inputs,
+  lib,
+  minimal,
+  ...
+}:
+{
+  imports = [
+    inputs.nixos-hardware.nixosModules.common-pc
+    inputs.nixos-hardware.nixosModules.common-pc-ssd
+
+    ../../config/basic
+    ../../config/optional/initrd-ssh.nix
+
+    ../../config/hardware/physical.nix
+    ../../config/optional/zfs.nix
+
+    ../../config/services/octoprint.nix
+
+    ./net.nix
+    ./fs.nix
+  ] ++ lib.lists.optionals (!minimal) [ ];
+  services.xserver.xkb = {
+    layout = "de";
+  };
+  services.thermald.enable = lib.mkForce false;
+  nixpkgs.hostPlatform = "x86_64-linux";
+}
diff --git a/hosts/testienix/fs.nix b/hosts/testienix/fs.nix
new file mode 100644
index 0000000..22f8e4e
--- /dev/null
+++ b/hosts/testienix/fs.nix
@@ -0,0 +1,83 @@
+{ config, lib, ... }:
+{
+  disko.devices = {
+    disk = {
+      internal-hdd = {
+        type = "disk";
+        device = "/dev/disk/by-id/${config.secrets.secrets.local.disko.internal-hdd}";
+        content = with lib.disko.gpt; {
+          type = "gpt";
+          partitions = {
+            boot = partEfi "1G";
+            swap = partSwap "16G";
+            rpool = lib.attrsets.recursiveUpdate (partLuksZfs "rpool" "rpool" "100%") {
+              content.extraFormatArgs = [ "--pbkdf pbkdf2" ];
+            };
+          };
+        };
+      };
+    };
+
+    zpool = with lib.disko.zfs; {
+      rpool = mkZpool { datasets = impermanenceZfsDatasets; };
+    };
+  };
+
+  services.zrepl = {
+    enable = true;
+    settings = {
+      global = {
+        logging = [
+          {
+            type = "syslog";
+            level = "info";
+            format = "human";
+          }
+        ];
+        # TODO Monitoring
+      };
+      jobs = [
+        #{
+        #  type = "push";
+        #  name = "push-to-remote";
+        #}
+        {
+          type = "snap";
+          name = "mach-schnipp-schusss";
+          filesystems = {
+            "rpool/local/state<" = true;
+            "rpool/safe<" = true;
+          };
+          snapshotting = {
+            type = "periodic";
+            prefix = "zrepl-";
+            interval = "10m";
+            timestamp_format = "iso-8601";
+          };
+          pruning = {
+            keep = [
+              {
+                type = "regex";
+                regex = "^zrepl-.*$";
+                negate = true;
+              }
+              {
+                type = "grid";
+                grid = lib.concatStringsSep " | " [
+                  "1x1d(keep=all)"
+                  "142x1h(keep=2)"
+                  "90x1d(keep=2)"
+                  "500x7d"
+                ];
+                regex = "^zrepl-.*$";
+              }
+            ];
+          };
+        }
+      ];
+    };
+  };
+
+  fileSystems."/state".neededForBoot = true;
+  fileSystems."/persist".neededForBoot = true;
+}
diff --git a/hosts/testienix/net.nix b/hosts/testienix/net.nix
new file mode 100644
index 0000000..9e32bdb
--- /dev/null
+++ b/hosts/testienix/net.nix
@@ -0,0 +1,18 @@
+{ config, ... }:
+{
+  networking = {
+    inherit (config.secrets.secrets.local.networking) hostId;
+  };
+  networking.nftables.firewall.zones.untrusted.interfaces = [ "lan01" ];
+  systemd.network.networks = {
+    "lan01" = {
+      address = [ "192.168.178.32/24" ];
+      gateway = [ "192.168.178.1" ];
+      matchConfig.MACAddress = config.secrets.secrets.local.networking.interfaces.lan01.mac;
+      networkConfig = {
+        IPv6PrivacyExtensions = "yes";
+        MulticastDNS = true;
+      };
+    };
+  };
+}
diff --git a/hosts/testienix/secrets/generated/initrd_host_ed25519_key.age b/hosts/testienix/secrets/generated/initrd_host_ed25519_key.age
new file mode 100644
index 0000000000000000000000000000000000000000..9b9ab489038c18aa5980114fbeec0ef374b105ed
GIT binary patch
literal 1211
zcmZwC`)?Bk0KoC_P^3g04v-1V28C#vdc9k(4-{h8YrE?`dhI=Ws}Q_vuh;A2`nc=$
zvCL^Q1ZH@QM--e92tP<LWcUCC<}U`OM5iPoi#W&21;!)dD?E+zBZ>dO_mi(6OIAsZ
zmudxF$*V8sOEO@9ChKxD55X|#Hmgb`fw?rUfThqFpQ~BYYE+3w<2jZD!o^gCWl4hf
zGG(0aFolQ`o=E7RjRy-LB_|CH$w*?W&Y_wSBMcdJBNS5i7w~fUflyEkYXO2C=9phr
z(2CjPERndwM(09KJP9Zw6g4tBCJAa%4mn8{Bi&vxC?iqLf<h*LLT_usvlT~01!UEg
z)fr#d#ZbIhg=8ZE+6rl&fH|-ORvxx^CY)hCW=}01t&v2Um&Hh%#jOBYx|GT|iGnk1
z3#8pSji~t}0G@F~In?A$SdvO8MbzU$u~wubyc@}cgFy?L3M!x*D2DN<%~x$Ni3<9^
zUv-=%L|PKrj7l*c!=8>%nSkAohRI?)fm3BtPJ0DR3!*A-;!rRtbVv;Az|kVb#VdiR
zofM>aTP1E0V>u_5&SKTpnn%pD4_UC0qx7)Z1CiB8ykzl4*etA7vQ8U?csL>B3<Prk
z$G27-y5Hl1LXjY;n8NK)B~VWzLC_+H_(0B<$d`33g`)8?WKX3H(2=UvGAXwWBpz7L
zc3I_;BxsT;6vAU1lkUiRJsjxq;!&ZNh1yvGjD--v9|Qa%mh|f7whSP~Tm_7d3Wk!U
zp@>wE)j3E;OjU#lc=c$+A(A$&t^;)dmlU@*P*Q^g#7b<sBVh@0Oh8S$=tNdS|4Yzv
zLL^i<1QhL1*+kMllhtZ9V;Ixsv}6lnjAUyZOn|hVg?$23wF_kcrvt875T!sl)LyZh
zzR2ua)Y(U$^?h=*rT@^4eY3RVub(AXT^&2=8eG`aGAO{a0-+|A9{RG<e|<;mi96FK
zKXUfQrtGc9szZ~$S>AMT$W?4yU!|m->yX1+^gFNYMi1_amO*3vu~F@-4R1Sl7N>pO
zx%<2N$d1Qhhxf|Wfd&Fu?E4zo*tEbjqqpni#At8dME_f>-dOqCsX0HN+p{6FY)AcC
z{!E129Qu8B%NlKZ?r{5k{MfrWa}Twe+r0Aj>1D;<ry8Cd`*CF5lGS^+$0m*&$>H-k
zIxfwhv1`5K`d<LK=%&4nY`M3e8ex6?OLw0JpLy=@xeH!;V&VC1li$ahKbvBVZQ4I$
z*n2d3;7UXLAMixad)MjiBwWtV@sEukSPNe~KJ(Ue$Hm5;zF+2cUfXKByye8U)6$Ak
z=WxC@#{bi>@CaY;dUVCc+qomnrGigzZvD1*$iMy4M?Ew7#-^7~VfQc4`0C4x2d0e-
zj+{a+e?Q)|_Vc8Vn>yY-<()}XSMyeLdCj@`1I!0cZ=U!3t3MgPQgilRnKfSNJ9PKY
z3(beRdt1&d*)Xy6!%LH1NZreOilY~f=KZs~_l>Un4gGZB%^xlfcHUjOr__TlBIjc6
P;d%NzCf{{){?vZ~MuySS

literal 0
HcmV?d00001

diff --git a/hosts/testienix/secrets/host.pub b/hosts/testienix/secrets/host.pub
new file mode 100644
index 0000000..15c505b
--- /dev/null
+++ b/hosts/testienix/secrets/host.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXcDQbZKe8mcPj7ZqAcNrbVbXCW4po+A004yMjauQjD
diff --git a/hosts/testienix/secrets/secrets.nix.age b/hosts/testienix/secrets/secrets.nix.age
new file mode 100644
index 0000000000000000000000000000000000000000..efe7e8882488d8060c49d13f35405b26b5df7974
GIT binary patch
literal 901
zcmY+?ONiWb00wZ2sF1RHX;muH*jhYH$4N5(WHLy_OrDe3%uF7Wok<1F=J8J^^GGt;
zWM<G?rFsyd2T$rn&>}s_YF$)ZsM7j4^-xL+wFkAfDlB-AT12bhVQ=5<$M^Bs&?|cr
zCtbu@IGsE_O<^U+k@B->pCC!Rj!G<F2}FNVFIsMvvBXrfG7po6{Dhj4(P%0)#k`LP
zbRMaQZpvPk$Z~s)1DTEaKnparQ>l&ehJ$gzGFXk;j!)#n8vm~lhj}?BND8$C7&Z%(
znLvdbb9Lxh4rS}a95!m%($TRbF&W`*qAl881>~$07KoGqVT~Tm<X*213NNe;_(69>
zBo<t_>t-Tbxz}PQU3WQGcUgTyjd~2qY_tr1D1bSQ3%wS!6IRQ@?hKO!W<(~D2<N3@
z-G-K|8Ws|1Hb-lOzUYPvNuyZUWMH>8vz?G%l(_bI&5{j?<J&n#@3Q{yHFjX&b^H?F
z%mqFZR(;G&h35JUq%yhDuJg5a5iiH}xiZlZb{t@$)-q+oaMtmK>%}6~21>5CbxChR
zz9I@U&U91>gS#v;A9phqWrhnC&nZkNU4n88fv+om!6^oAHyYDcSdw7h?8Ox|XxTV2
z0{y810?;RQqg4wga+q(VIzgF(q0%()!Ve3sM{y)0{I}t}_8fS!3{%gZd1xs`kD`sr
zQ;2WRVj#p_CSv&_w#+<B<0{|_(dpECbalxxCO!c3oQI=nKfL>af|dAUqc@-|Um?>0
zVh5r=q|=}xlB})MEl?E~u2x-=yn>X=WfTJgX)y9_Iq7ST24_~I?!zTxxP6jKqA0Y5
zwI#EZoCyR-fnU6O%Bp;1%kL@=zxPAuBysZEANO2Y2~S<!e{}oEt*;)c$;own>zOl~
zD_dvY+;@CCI(^{V6E9Ua|J)<J^Wn}7(;V%4b@<6EzWdwx(~tg595}Z33HFy4AHQ{T
zW%bafpQj&heJ!16UV;bDy?*%Yk+U}s{Rlqm-2Th^K>p(QW8d7_dEvs(*ME9r&v*0l
zJKGPwZQlFk@%HzR{rboQZyk*D+xKr?eyw`>8kMBaYjFQz=g#~0U7)-hFQ5AdB2z&t

literal 0
HcmV?d00001

diff --git a/secrets/wireguard/elisabeth/keys/testienix.age b/secrets/wireguard/elisabeth/keys/testienix.age
new file mode 100644
index 0000000000000000000000000000000000000000..9f26b6305f66780905de5b47d5bfe5f9512c1024
GIT binary patch
literal 697
zcmY+<yNlCs003Y&F{2_lIP?zWz*5tsc{C0OF-@CC^K8?m!NDYLe@WV2a(Oks;^r(W
zZla5WxTz@O;H-n-;Gp0nIEW~MijIfe;BbGz$LE4sW47m~Fv-Js??Rjcw8W6cZq3F?
z5@Tv+kD2-&O@@(yrnn&1I})A-rKqv0L;K?}#Z*&oXHXA(B=$@T%W)Hp1L(yQz$Lme
zp|Dmi(nOg<lU{ah-Vv%|v^W%!uxunaN!6S#2*q`crQ9)?mRjz`ay5oQ9TeGY+G>W{
zprFTnF%mbyXs!p!#EX$d5NUg>aJ7UMgQ_~S7zHI|nq8n|6h~KXfjbd13}vShk68B5
zSXgY0B{Vb{K(<|URH14Ib}%G!9#=VM?4q*MOZtY*^)$b#8y3P%2twq?gk=qEcfPh4
zKp?SLsw@%(5)frRuZo1nB`;NuSpQ$Ry;=8gY~E6hRjfz?VOx5;fD}YCtLoUEw2u?G
zAoU@YA)CA#&60|dRZF2ddK0RYvS}$OFROfnvJe7;f&&{B#G@~=T<N({V*?j$vz1MR
zaUDuv)RF5P*|{|FTLWXU21Yzrlq9xHZewH!AO=lGnlaqG7fdaGRD?9Dk*#hY+w_Qx
z1D56PFDE%{_W8rtZoD+Fp5HPWAf36{3_%)=Monvbx;*D1Uae!}DrG9%9ceZ#CO~ko
z!LUBciD6Z#5#@`BxgFj4@%q8eG`nuyzV)&HxO~<k-tKN8ymIm9yU!mkf4cT&=jGzq
sjk5=TUL8EYw{IN(e(vOnyWhTSKPkSRKK1+QufO*nzQ1zDzxn9JKg^r##{d8T

literal 0
HcmV?d00001

diff --git a/secrets/wireguard/elisabeth/keys/testienix.pub b/secrets/wireguard/elisabeth/keys/testienix.pub
new file mode 100644
index 0000000..849a828
--- /dev/null
+++ b/secrets/wireguard/elisabeth/keys/testienix.pub
@@ -0,0 +1 @@
+YFUko5BLbPFUxgMBOdRmuaP3W8MyKqcbKfGs+kJsaHQ=
diff --git a/secrets/wireguard/elisabeth/psks/elisabeth+testienix.age b/secrets/wireguard/elisabeth/psks/elisabeth+testienix.age
new file mode 100644
index 0000000..92ddab4
--- /dev/null
+++ b/secrets/wireguard/elisabeth/psks/elisabeth+testienix.age
@@ -0,0 +1,15 @@
+age-encryption.org/v1
+-> X25519 GQbCMDf/v7ZWCbkWrxPHb3eRRhBu3OgoUVM5Wcd2YWg
+Ktg5wWDrv9xGlz2RxkbaLM1JnzncvFiDKNU7Q/ALkPg
+-> piv-p256 ZFgiIw A6/M1WnmlEwOkaL4Gof2DJQ1ED88c14rHjoKFMBZ+nXM
+XI9XhL0lE01DBbR8bNCaTEqDEAYzaswFucfY97HsWEA
+-> piv-p256 XTQkUA A+dXpvz/ARcQj/RrRjgm7L4K1Jg1P/mnlL4M0nYWrTid
+XoxIGKavpr13hvz7RimZlj5Ah9jqAKIph1Gh2RGMha0
+-> piv-p256 ZFgiIw AipDvQ/vmWF820Swf/UYPGcQdI5SOHDmrBRRQuPysnJ0
+AoQ/EEvxmtDptmqQP2AZ4i5ExLsWzrXXvvVcIKZlP50
+-> piv-p256 5vmPtQ AvMIvmMcOwkzIiWvGLVs1x3zU+CDntwP88lxqNhNGgAR
+3S9QPobzy1KFKLk3GaCxDdNIChph3lG45DdLG1d4KZ4
+-> MO-grease A~ wj@o(6
+JpQ
+--- wg4II0uOKrdUdzbRGlhxu6nQ9W2Cdj29nmBVc0nNRvI
+�6A�6�ʏS	��h�t^WSM����E�E`䠨$=72�:����!����c�|P�I�K�R������hDA$�
\ No newline at end of file
diff --git a/users/patrick/ssh.nix b/users/patrick/ssh.nix
index aec31d6..0ef1821 100644
--- a/users/patrick/ssh.nix
+++ b/users/patrick/ssh.nix
@@ -24,6 +24,11 @@
           user = "root";
         };
 
+        "testienix" = {
+          hostname = "testienix.local";
+          user = "root";
+        };
+
         "patricknix" = {
           hostname = "patricknix.local";
           user = "root";