From 04f1bef188325e6713caa5c17d2f955fec577937 Mon Sep 17 00:00:00 2001
From: Alexander Heldt <me@alexanderheldt.se>
Date: Mon, 2 Sep 2024 20:29:48 +0200
Subject: [PATCH] sombrero: remove host `sombrero`

---
 flake.nix                                     |   9 --
 hosts/pinwheel/modules/ssh/default.nix        |  26 ----
 hosts/pinwheel/modules/syncthing/default.nix  |   9 +-
 hosts/sombrero/configuration.nix              |  79 -----------
 hosts/sombrero/hardware-configuration.nix     |  52 -------
 hosts/sombrero/home.nix                       |  25 ----
 hosts/sombrero/modules/age/default.nix        |  14 --
 hosts/sombrero/modules/boot/default.nix       |  25 ----
 .../sombrero/modules/calibre-web/default.nix  |  52 -------
 hosts/sombrero/modules/default.nix            |   8 --
 hosts/sombrero/modules/docker/default.nix     |  29 ----
 hosts/sombrero/modules/git/default.nix        |  30 ----
 hosts/sombrero/modules/git/gitconfig          |  10 --
 hosts/sombrero/modules/mullvad/default.nix    |   6 -
 hosts/sombrero/modules/network/default.nix    |  18 ---
 hosts/sombrero/modules/nginx/default.nix      |  38 -----
 hosts/sombrero/modules/plex/default.nix       |  42 ------
 .../sombrero/modules/ppp.pm-site/default.nix  |  33 -----
 hosts/sombrero/modules/restic/default.nix     |  43 ------
 hosts/sombrero/modules/ssh/default.nix        | 102 --------------
 hosts/sombrero/modules/syncthing/default.nix  | 130 ------------------
 hosts/sombrero/modules/tailscale/default.nix  |   9 --
 .../sombrero/modules/transmission/default.nix |  40 ------
 secrets/secrets.nix                           |  10 --
 .../sombrero/alex.sombrero-codeberg.org.age   | Bin 786 -> 0 bytes
 .../alex.sombrero-codeberg.org.pub.age        |   7 -
 secrets/sombrero/alex.sombrero-github.com.age | Bin 3756 -> 0 bytes
 .../sombrero/alex.sombrero-github.com.pub.age | Bin 1072 -> 0 bytes
 secrets/sombrero/syncthing-cert.age           | Bin 1116 -> 0 bytes
 secrets/sombrero/syncthing-key.age            | Bin 610 -> 0 bytes
 shared-modules/syncthing.nix                  |   1 -
 31 files changed, 4 insertions(+), 843 deletions(-)
 delete mode 100644 hosts/sombrero/configuration.nix
 delete mode 100644 hosts/sombrero/hardware-configuration.nix
 delete mode 100644 hosts/sombrero/home.nix
 delete mode 100644 hosts/sombrero/modules/age/default.nix
 delete mode 100644 hosts/sombrero/modules/boot/default.nix
 delete mode 100644 hosts/sombrero/modules/calibre-web/default.nix
 delete mode 100644 hosts/sombrero/modules/default.nix
 delete mode 100644 hosts/sombrero/modules/docker/default.nix
 delete mode 100644 hosts/sombrero/modules/git/default.nix
 delete mode 100644 hosts/sombrero/modules/git/gitconfig
 delete mode 100644 hosts/sombrero/modules/mullvad/default.nix
 delete mode 100644 hosts/sombrero/modules/network/default.nix
 delete mode 100644 hosts/sombrero/modules/nginx/default.nix
 delete mode 100644 hosts/sombrero/modules/plex/default.nix
 delete mode 100644 hosts/sombrero/modules/ppp.pm-site/default.nix
 delete mode 100644 hosts/sombrero/modules/restic/default.nix
 delete mode 100644 hosts/sombrero/modules/ssh/default.nix
 delete mode 100644 hosts/sombrero/modules/syncthing/default.nix
 delete mode 100644 hosts/sombrero/modules/tailscale/default.nix
 delete mode 100644 hosts/sombrero/modules/transmission/default.nix
 delete mode 100644 secrets/sombrero/alex.sombrero-codeberg.org.age
 delete mode 100644 secrets/sombrero/alex.sombrero-codeberg.org.pub.age
 delete mode 100644 secrets/sombrero/alex.sombrero-github.com.age
 delete mode 100644 secrets/sombrero/alex.sombrero-github.com.pub.age
 delete mode 100644 secrets/sombrero/syncthing-cert.age
 delete mode 100644 secrets/sombrero/syncthing-key.age

diff --git a/flake.nix b/flake.nix
index f845e18..c2235ef 100644
--- a/flake.nix
+++ b/flake.nix
@@ -60,15 +60,6 @@
         ];
       };
 
-      sombrero = inputs.nixpkgs.lib.nixosSystem {
-        system = "aarch64-linux";
-        specialArgs = { inherit inputs; };
-        modules = [
-          ./hosts/sombrero/configuration.nix
-          ./hosts/sombrero/home.nix
-        ];
-      };
-
       tadpole = inputs.nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
         specialArgs = { inherit inputs; };
diff --git a/hosts/pinwheel/modules/ssh/default.nix b/hosts/pinwheel/modules/ssh/default.nix
index 057b5d5..a515a46 100644
--- a/hosts/pinwheel/modules/ssh/default.nix
+++ b/hosts/pinwheel/modules/ssh/default.nix
@@ -12,20 +12,6 @@
           port = 1122;
         };
 
-        "sombrero.local" = {
-          hostname = "192.168.50.200";
-          user = "alex";
-          identityFile = "/home/alex/.ssh/alex.pinwheel-sombrero";
-          port = 1122;
-        };
-
-        "sombrero" = {
-          hostname = "sombrero.a2x.se";
-          user = "alex";
-          identityFile = "/home/alex/.ssh/alex.pinwheel-sombrero";
-          port = 1122;
-        };
-
         "andromeda" = {
           hostname = "andromeda.a2x.se";
           user = "alex";
@@ -72,18 +58,6 @@
       owner = "alex";
       group = "users";
     };
-    "alex.pinwheel-sombrero" = {
-      file = ../../../../secrets/pinwheel/alex.pinwheel-sombrero.age;
-      path = "/home/alex/.ssh/alex.pinwheel-sombrero";
-      owner = "alex";
-      group = "users";
-    };
-    "alex.pinwheel-sombrero.pub" = {
-      file = ../../../../secrets/pinwheel/alex.pinwheel-sombrero.pub.age;
-      path = "/home/alex/.ssh/alex.pinwheel-sombrero.pub";
-      owner = "alex";
-      group = "users";
-    };
 
     "alex.pinwheel-github.com" = {
       file = ../../../../secrets/pinwheel/alex.pinwheel-github.com.age;
diff --git a/hosts/pinwheel/modules/syncthing/default.nix b/hosts/pinwheel/modules/syncthing/default.nix
index 020e21c..9473512 100644
--- a/hosts/pinwheel/modules/syncthing/default.nix
+++ b/hosts/pinwheel/modules/syncthing/default.nix
@@ -16,13 +16,12 @@
       devices = {
         phone.id = config.lib.syncthing.phone;
         backwards.id = config.lib.syncthing.backwards;
-        sombrero.id = config.lib.syncthing.sombrero;
       };
 
       folders = {
         org = {
           path = "/home/alex/sync/org";
-          devices = [ "sombrero" "phone" "backwards" ];
+          devices = [ "phone" "backwards" ];
           versioning = {
             type = "staggered";
             params = {
@@ -33,7 +32,7 @@
 
         personal = {
           path = "/home/alex/sync/personal";
-          devices = [ "sombrero" "backwards" ];
+          devices = [ "backwards" ];
           versioning = {
             type = "staggered";
             params = {
@@ -44,7 +43,7 @@
 
         work = {
           path = "/home/alex/sync/work";
-          devices = [ "sombrero" "backwards" ];
+          devices = [ "backwards" ];
           versioning = {
             type = "staggered";
             params = {
@@ -55,7 +54,7 @@
 
         books = {
           path = "/home/alex/sync/books";
-          devices = [ "sombrero" "backwards" ];
+          devices = [ "backwards" ];
           versioning = {
             type = "staggered";
             params = {
diff --git a/hosts/sombrero/configuration.nix b/hosts/sombrero/configuration.nix
deleted file mode 100644
index c8fab2d..0000000
--- a/hosts/sombrero/configuration.nix
+++ /dev/null
@@ -1,79 +0,0 @@
-{ pkgs, ... }:
-{
-  imports =
-    [
-      ../../config-manager/default.nix
-      ../../shared-modules/syncthing.nix
-      ./hardware-configuration.nix
-      ./modules
-    ];
-
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
-
-  nixpkgs.config.allowUnfree = true;
-
-  environment.variables.EDITOR = "vim";
-
-  hardware.enableRedistributableFirmware = true;
-
-  # Set your time zone.
-  time.timeZone = "Europe/Stockholm";
-
-  # Select internationalisation properties.
-  # i18n.defaultLocale = "en_US.UTF-8";
-  # console = {
-  #   font = "Lat2-Terminus16";
-  #   keyMap = "us";
-  #   useXkbConfig = true; # use xkbOptions in tty.
-  # };
-
-  users = {
-    mutableUsers = false;
-
-    users.root = {
-      hashedPassword = "$6$3mkwaUWd8NA6XuEb$x80tETKGz6FEG.kej3v5Vh6hRNoC6bikhXogTP.zZwYtISA46JaN3RMK3ckbqt8Aj52d3krSLOfBaAR1qzuJ2/";
-    };
-
-    users."alex" = {
-      isNormalUser = true;
-      hashedPassword = "$6$3mkwaUWd8NA6XuEb$x80tETKGz6FEG.kej3v5Vh6hRNoC6bikhXogTP.zZwYtISA46JaN3RMK3ckbqt8Aj52d3krSLOfBaAR1qzuJ2/";
-      extraGroups = [ "wheel" ];
-    };
-  };
-
-  environment.systemPackages = with pkgs; [
-    gnumake
-    mkpasswd
-    vim
-  ];
-
-  config-manager = {
-    flakePath = "/home/alex/config";
-  };
-
-  mod = {
-    git.enable = true;
-    ssh.enable = true;
-    docker.enable = true;
-    nginx.enable = true;
-    syncthing.enable = true;
-    plex.enable = true;
-    calibre-web.enable = true;
-    transmission.enable = true;
-    restic.enable = true;
-    pppdotpm-site.enable = false;
-  };
-
-  # Copy the NixOS configuration file and link it from the resulting system
-  # (/run/current-system/configuration.nix). This is useful in case you
-  # accidentally delete configuration.nix.
-  # system.copySystemConfiguration = true;
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "22.11"; # Did you read the comment?
-}
diff --git a/hosts/sombrero/hardware-configuration.nix b/hosts/sombrero/hardware-configuration.nix
deleted file mode 100644
index 3439430..0000000
--- a/hosts/sombrero/hardware-configuration.nix
+++ /dev/null
@@ -1,52 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ lib, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" "usb_storage" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/15329cb1-655e-475d-96f0-bfb8ccd05167";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/AD29-0697";
-      fsType = "vfat";
-    };
-
-  fileSystems."/home/alex/media" =
-    { device = "/dev/disk/by-uuid/ad4acc0f-172c-40f8-8473-777c957e8764";
-      fsType = "ext4";
-      options = [ "nofail" ];
-    };
-
-  fileSystems."/home/alex/backup" =
-    { device = "/dev/disk/by-uuid/34601701-65e6-4b2c-ac4d-8bef3dfd743f";
-      fsType = "ext4";
-      options = [ "nofail" ];
-    };
-
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/98c46b15-7efe-43fd-8812-7e2c01f5a40a"; }
-    ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
-  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
-}
diff --git a/hosts/sombrero/home.nix b/hosts/sombrero/home.nix
deleted file mode 100644
index 94a9b6d..0000000
--- a/hosts/sombrero/home.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ inputs, pkgs, ... }:
-{
-  imports = [ inputs.home-manager.nixosModules.home-manager ];
-
-  config = {
-    home-manager = {
-      useGlobalPkgs = true;
-      useUserPackages = true;
-
-      users.alex = {
-        programs.home-manager.enable = true;
-
-        home.username = "alex";
-        home.homeDirectory = "/home/alex";
-
-        home.packages = [
-          pkgs.unar
-        ];
-
-        home.stateVersion = "22.11";
-      };
-    };
-  };
-
-}
diff --git a/hosts/sombrero/modules/age/default.nix b/hosts/sombrero/modules/age/default.nix
deleted file mode 100644
index 4576422..0000000
--- a/hosts/sombrero/modules/age/default.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ inputs, pkgs, ... }:
-{
-  imports = [ inputs.agenix.nixosModules.default ];
-
-  config = {
-    age = {
-      identityPaths = [ "/etc/ssh/sombrero" ];
-    };
-
-    environment.systemPackages = [
-      inputs.agenix.packages."${pkgs.system}".default
-    ];
-  };
-}
diff --git a/hosts/sombrero/modules/boot/default.nix b/hosts/sombrero/modules/boot/default.nix
deleted file mode 100644
index 0122e75..0000000
--- a/hosts/sombrero/modules/boot/default.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ pkgs, ... }: {
-  boot = {
-    loader = {
-      grub.enable = false;
-      efi.canTouchEfiVariables = true;
-
-      raspberryPi = {
-        enable = true;
-        version = 4;
-      };
-    };
-
-    tmp = {
-      useTmpfs = true;
-    };
-
-    kernelPackages = pkgs.linuxPackages_rpi4;
-    kernelParams = [
-      "8250.nr_uarts=1"
-      "console=ttyAMA0,115200"
-      "console=tty1"
-      "cma=128M"
-    ];
-  };
-}
diff --git a/hosts/sombrero/modules/calibre-web/default.nix b/hosts/sombrero/modules/calibre-web/default.nix
deleted file mode 100644
index 32ac39a..0000000
--- a/hosts/sombrero/modules/calibre-web/default.nix
+++ /dev/null
@@ -1,52 +0,0 @@
-{ lib, config, ... }:
-let
-  enabled = config.mod.calibre-web.enable;
-  nginxEnabled = config.mod.nginx.enable;
-in
-{
-  options = {
-    mod.calibre-web = {
-      enable = lib.mkEnableOption "add calibre-web module";
-    };
-  };
-
-  config = lib.mkIf (enabled && nginxEnabled) {
-    services = {
-      calibre-web = {
-        enable = true;
-
-        user = "alex";
-        group = "users";
-
-        listen = {
-          ip = "127.0.0.1";
-          port = 8083;
-        };
-
-        options = {
-          calibreLibrary = "/home/alex/backup/books";
-          enableBookUploading = true;
-        };
-      };
-    };
-
-    networking = {
-      firewall = {
-        allowedTCPPorts = [ 8083 ];
-      };
-    };
-
-    services = {
-      nginx = {
-        virtualHosts."books.sombrero.a2x.se" = {
-          forceSSL = true;
-          enableACME = true;
-
-          locations."/" = {
-            proxyPass = "http://127.0.0.1:8083";
-          };
-        };
-      };
-    };
-  };
-}
diff --git a/hosts/sombrero/modules/default.nix b/hosts/sombrero/modules/default.nix
deleted file mode 100644
index 4f74ef5..0000000
--- a/hosts/sombrero/modules/default.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ lib, ... }:
-let
-  toModulePath = dir: _: ./. + "/${dir}";
-  filterDirs = dirs: lib.attrsets.filterAttrs (_: type: type == "directory") dirs;
-in
-{
-  imports = lib.mapAttrsToList toModulePath (filterDirs (builtins.readDir ./.));
-}
diff --git a/hosts/sombrero/modules/docker/default.nix b/hosts/sombrero/modules/docker/default.nix
deleted file mode 100644
index 177add8..0000000
--- a/hosts/sombrero/modules/docker/default.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{ pkgs, lib, config, ... }:
-let
-  enabled = config.mod.docker.enable;
-in
-{
-  options = {
-    mod.docker = {
-      enable = lib.mkEnableOption "enable docker module";
-    };
-  };
-
-  config = lib.mkIf enabled {
-    virtualisation = {
-      docker = {
-        enable = true;
-      };
-
-      oci-containers = {
-        backend = "docker";
-      };
-    };
-
-    users.users.alex.extraGroups = [ "docker" ];
-
-    home-manager.users.alex = {
-      home.packages = [ pkgs.docker-compose ];
-    };
-  };
-}
diff --git a/hosts/sombrero/modules/git/default.nix b/hosts/sombrero/modules/git/default.nix
deleted file mode 100644
index b50b146..0000000
--- a/hosts/sombrero/modules/git/default.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ pkgs, lib, config, ... }:
-let
-  enabled = config.mod.git.enable;
-in
-{
-  options = {
-    mod.git = {
-      enable = lib.mkEnableOption "enable git module";
-    };
-  };
-
-  config = lib.mkIf enabled {
-    home-manager.users.alex = {
-      programs.git = {
-        enable = true;
-
-        includes = [
-          { path = ./gitconfig; }
-        ];
-      };
-
-      home.packages = [ pkgs.tig ];
-
-      home.file.".tigrc".text = ''
-        set main-view-line-number = yes
-        set main-view-line-number-interval = 1
-      '';
-    };
-  };
-}
diff --git a/hosts/sombrero/modules/git/gitconfig b/hosts/sombrero/modules/git/gitconfig
deleted file mode 100644
index 9e0f5d1..0000000
--- a/hosts/sombrero/modules/git/gitconfig
+++ /dev/null
@@ -1,10 +0,0 @@
-[user]
-    name = Alexander Heldt
-    email = me@alexanderheldt.se
-
-[url "git@github.com:"]
-    insteadOf = https://github.com/
-
-[url "git@codeberg.org:"]
-    insteadOf = https://codeberg.org/
-
diff --git a/hosts/sombrero/modules/mullvad/default.nix b/hosts/sombrero/modules/mullvad/default.nix
deleted file mode 100644
index 3f630df..0000000
--- a/hosts/sombrero/modules/mullvad/default.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{ ... }:
-{
-  services.mullvad-vpn = {
-    enable = true;
-  };
-}
diff --git a/hosts/sombrero/modules/network/default.nix b/hosts/sombrero/modules/network/default.nix
deleted file mode 100644
index 95af1e9..0000000
--- a/hosts/sombrero/modules/network/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-  networking = {
-    hostName = "sombrero";
-
-    defaultGateway = "192.168.50.1";
-    nameservers = [ "8.8.8.8" ];
-    interfaces = {
-      eth0 = {
-        ipv4 = {
-          addresses = [{
-            address = "192.168.50.200";
-            prefixLength = 24;
-          }];
-        };
-      };
-    };
-  };
-}
diff --git a/hosts/sombrero/modules/nginx/default.nix b/hosts/sombrero/modules/nginx/default.nix
deleted file mode 100644
index ed90b6f..0000000
--- a/hosts/sombrero/modules/nginx/default.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{ lib, config, ... }:
-let
-  enabled = config.mod.nginx.enable;
-in
-{
-  options = {
-    mod.nginx = {
-      enable = lib.mkEnableOption "add nginx module";
-    };
-  };
-
-  config = lib.mkIf enabled {
-    security = {
-      acme = {
-        acceptTerms = true;
-
-        defaults = {
-          email = "p@ppp.pm";
-        };
-      };
-    };
-
-    services = {
-      nginx = {
-        enable = true;
-
-        recommendedProxySettings = true;
-        recommendedTlsSettings = true;
-      };
-    };
-
-    networking = {
-      firewall = {
-        allowedTCPPorts = [ 80 443 ];
-      };
-    };
-  };
-}
diff --git a/hosts/sombrero/modules/plex/default.nix b/hosts/sombrero/modules/plex/default.nix
deleted file mode 100644
index 01c9aba..0000000
--- a/hosts/sombrero/modules/plex/default.nix
+++ /dev/null
@@ -1,42 +0,0 @@
-{ lib, config, ... }:
-let
-  enable = config.mod.plex.enable;
-  dockerEnabled = config.mod.docker.enable;
-in
-{
-  options = {
-    mod.plex = {
-      enable = lib.mkEnableOption "enable plex module";
-    };
-  };
-
-  config = lib.mkIf (enable && dockerEnabled) {
-    virtualisation = {
-      oci-containers.containers = {
-        plex = {
-          image = "linuxserver/plex";
-          autoStart = true;
-
-          environment = {
-            TZ = "Europe/Stockholm";
-            VERSION = "latest";
-          };
-
-          extraOptions = [ "--network=host" ];
-
-          volumes = [
-            "/home/alex/media/plex/db:/config"
-            "/home/alex/media/movies:/movies"
-            "/home/alex/media/tv:/tv"
-          ];
-        };
-      };
-    };
-
-    networking = {
-      firewall = {
-        allowedTCPPorts = [ 32400 ];
-      };
-    };
-  };
-}
diff --git a/hosts/sombrero/modules/ppp.pm-site/default.nix b/hosts/sombrero/modules/ppp.pm-site/default.nix
deleted file mode 100644
index 06d889d..0000000
--- a/hosts/sombrero/modules/ppp.pm-site/default.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ inputs, lib, config, ... }:
-let
-  enabled = config.mod.pppdotpm-site.enable;
-
-  nginxEnabled = config.mod.nginx.enable;
-in
-{
-  imports = [ inputs.pppdotpm-site.nixosModules.default ];
-
-  options = {
-    mod.pppdotpm-site = {
-      enable = lib.mkEnableOption "enable ppp.pm site";
-    };
-  };
-
-  config = lib.mkIf (enabled && nginxEnabled) {
-    security.acme = {
-      certs = {
-        "ppp.pm" = {
-          webroot = "/var/lib/acme/acme-challenge/";
-          email = "p@ppp.pm";
-          group = "nginx";
-        };
-      };
-    };
-
-    services.pppdotpm-site = {
-      enable = true;
-      domain = "ppp.pm";
-      useACMEHost = "ppp.pm";
-    };
-  };
-}
diff --git a/hosts/sombrero/modules/restic/default.nix b/hosts/sombrero/modules/restic/default.nix
deleted file mode 100644
index 752992d..0000000
--- a/hosts/sombrero/modules/restic/default.nix
+++ /dev/null
@@ -1,43 +0,0 @@
-{ pkgs, lib, config, ... }:
-let
-  enabled = config.mod.restic.enable;
-in
-{
-  options = {
-    mod.restic = {
-      enable = lib.mkEnableOption "enable restic module";
-    };
-  };
-
-  config = lib.mkIf enabled {
-    services = {
-      restic.backups = {
-        "sync" = {
-          initialize = true;
-
-          user = "alex";
-
-          passwordFile = "/home/alex/backup/restic/password.file";
-          environmentFile = "/home/alex/backup/restic/aws.env";
-          repository = "s3:https://s3.eu-north-1.amazonaws.com/restic-sync-backup";
-
-          paths = ["/home/alex/backup/sync"];
-
-          timerConfig = {
-            OnCalendar = "daily";
-            Persistent = true;
-          };
-
-          pruneOpts = [
-            "--keep-daily 2"
-            "--keep-weekly 7"
-            "--keep-yearly 12"
-          ];
-        };
-      };
-    };
-
-    environment.systemPackages = [ pkgs.restic ];
-  };
-}
-
diff --git a/hosts/sombrero/modules/ssh/default.nix b/hosts/sombrero/modules/ssh/default.nix
deleted file mode 100644
index 5e348e2..0000000
--- a/hosts/sombrero/modules/ssh/default.nix
+++ /dev/null
@@ -1,102 +0,0 @@
-{ pkgs, lib, config, ... }:
-let
-  enabled = config.mod.ssh.enable;
-
-  authorizedKeysPath = "/home/alex/.ssh/authorized-keys";
-in
-{
-  options = {
-    mod.ssh = {
-      enable = lib.mkEnableOption "enable ssh module";
-    };
-  };
-
-  config = lib.mkIf enabled {
-    home-manager.users.alex = {
-      programs.ssh = {
-        enable = true;
-
-        matchBlocks = {
-          "codeberg.org" = {
-            hostname = "codeberg.org";
-            identityFile = "/home/alex/.ssh/alex.sombrero-codeberg.org";
-          };
-
-          "github.com" = {
-            hostname = "github.com";
-            identityFile = "/home/alex/.ssh/alex.sombrero-github.com";
-          };
-        };
-      };
-    };
-
-    environment.etc."ssh/authorized_keys_command" = {
-      mode = "0755";
-      text = ''
-        #!${pkgs.bash}/bin/bash
-        for file in ${authorizedKeysPath}/*; do
-          ${pkgs.coreutils}/bin/cat "$file"
-        done
-      '';
-    };
-
-    services = {
-      openssh = {
-        enable = true;
-        ports = [ 1122 ];
-
-        hostKeys = [{
-          path = "/etc/ssh/sombrero";
-          type = "ed25519";
-        }];
-
-        settings = {
-          PasswordAuthentication = false;
-          KbdInteractiveAuthentication = false;
-        };
-
-        authorizedKeysCommand = "/etc/ssh/authorized_keys_command";
-        authorizedKeysCommandUser = "root";
-      };
-    };
-
-    networking = {
-      firewall = {
-        allowedTCPPorts = [ 1122 ];
-      };
-    };
-
-    age.secrets = {
-      "alex.pinwheel-sombrero.pub" = {
-        file = ../../../../secrets/pinwheel/alex.pinwheel-sombrero.pub.age;
-        path = "${authorizedKeysPath}/alex.pinwheel-sombrero.pub";
-      };
-
-      "alex.sombrero-codeberg.org" = {
-        file = ../../../../secrets/sombrero/alex.sombrero-codeberg.org.age;
-        path = "/home/alex/.ssh/alex.sombrero-codeberg.org";
-        owner = "alex";
-        group = "users";
-      };
-      "alex.sombrero-codeberg.org.pub" = {
-        file = ../../../../secrets/sombrero/alex.sombrero-codeberg.org.pub.age;
-        path = "/home/alex/.ssh/alex.sombrero-codeberg.org.pub";
-        owner = "alex";
-        group = "users";
-      };
-
-      "alex.sombrero-github.com" = {
-        file = ../../../../secrets/sombrero/alex.sombrero-github.com.age;
-        path = "/home/alex/.ssh/alex.sombrero-github.com";
-        owner = "alex";
-        group = "users";
-      };
-      "alex.sombrero-github.com.pub" = {
-        file = ../../../../secrets/sombrero/alex.sombrero-github.com.pub.age;
-        path = "/home/alex/.ssh/alex.sombrero-github.com.pub";
-        owner = "alex";
-        group = "users";
-      };
-    };
-  };
-}
diff --git a/hosts/sombrero/modules/syncthing/default.nix b/hosts/sombrero/modules/syncthing/default.nix
deleted file mode 100644
index c095864..0000000
--- a/hosts/sombrero/modules/syncthing/default.nix
+++ /dev/null
@@ -1,130 +0,0 @@
-{ pkgs, lib, config, ... }:
-let
-  enabled = config.mod.syncthing.enable;
-  nginxEnabled = config.mod.nginx.enable;
-in
-{
-  options = {
-    mod.syncthing = {
-      enable = lib.mkEnableOption "add syncthing module";
-    };
-  };
-
-  config = lib.mkIf (enabled && nginxEnabled) {
-    networking = {
-      firewall = {
-        allowedTCPPorts = [ 8384 ];
-      };
-    };
-
-    services = {
-      syncthing = {
-        enable = true;
-        openDefaultPorts = true;
-
-        user = "alex";
-        group = "users";
-
-        dataDir = "/home/alex/backup/sync";
-
-        cert = config.age.secrets.syncthing-cert.path;
-        key = config.age.secrets.syncthing-key.path;
-
-        guiAddress = "0.0.0.0:8384";
-
-        settings = {
-          gui = {
-            user = "syncthing";
-            password = "$2a$12$J/h/JOUiW24ZXsLYLEl2kOZUS1LftxANi0OlZxLy8Dst3/jpBd0v2";
-            insecureSkipHostcheck = false;
-          };
-
-          devices = {
-            phone.id = config.lib.syncthing.phone;
-            pinwheel.id = config.lib.syncthing.pinwheel;
-          };
-
-          folders = {
-            "org" = {
-              path = "/home/alex/backup/sync/org";
-              devices = [ "phone" "pinwheel" ];
-              versioning = {
-                type = "staggered";
-                params = {
-                  maxAge = "2592000"; # 30 days
-                };
-              };
-            };
-
-            "phone-gps" = {
-              path = "/home/alex/backup/sync/gps";
-              devices = [ "phone" ];
-              versioning = {
-                type = "staggered";
-                params = {
-                  maxAge = "2592000"; # 30 days
-                };
-              };
-            };
-
-            "personal" = {
-              path = "/home/alex/backup/sync/personal";
-              devices = [ "pinwheel" ];
-              versioning = {
-                type = "staggered";
-                params = {
-                  maxAge = "2592000"; # 30 days
-                };
-              };
-            };
-
-            "work" = {
-              path = "/home/alex/backup/sync/work";
-              devices = [ "pinwheel" ];
-              versioning = {
-                type = "staggered";
-                params = {
-                  maxAge = "2592000"; # 30 days
-                };
-              };
-            };
-
-            "books" = {
-              path = "/home/alex/backup/books";
-              devices = [ "pinwheel" ];
-              versioning = {
-                type = "staggered";
-                params = {
-                  maxAge = "2592000"; # 30 days
-                };
-              };
-            };
-
-            "audiobooks" = {
-              path = "/home/alex/media/sync/audiobooks";
-              devices = [ "phone" ];
-            };
-          };
-        };
-      };
-
-      nginx = {
-        virtualHosts."syncthing.sombrero.a2x.se" = {
-          forceSSL = true;
-          enableACME = true;
-
-          locations."/" = {
-            proxyPass = "http://0.0.0.0:8384";
-          };
-        };
-      };
-    };
-
-    age = {
-      secrets = {
-        "syncthing-cert".file = ../../../../secrets/sombrero/syncthing-cert.age;
-        "syncthing-key".file = ../../../../secrets/sombrero/syncthing-key.age;
-      };
-    };
-  };
-}
diff --git a/hosts/sombrero/modules/tailscale/default.nix b/hosts/sombrero/modules/tailscale/default.nix
deleted file mode 100644
index cc37916..0000000
--- a/hosts/sombrero/modules/tailscale/default.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ ... }:
-{
-  services.tailscale.enable = true;
-
-  networking.firewall = {
-    checkReversePath = "loose";
-    allowedUDPPorts = [ 41641 ];
-  };
-}
diff --git a/hosts/sombrero/modules/transmission/default.nix b/hosts/sombrero/modules/transmission/default.nix
deleted file mode 100644
index 40990b6..0000000
--- a/hosts/sombrero/modules/transmission/default.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ pkgs, lib, config, ... }:
-let
-  enabled = config.mod.transmission.enable;
-in
-{
-  options = {
-    mod.transmission = {
-      enable = lib.mkEnableOption "enable transmission module";
-    };
-  };
-
-  config = lib.mkIf enabled {
-    services = {
-      transmission = {
-        enable = true;
-        package = pkgs.transmission_4;
-        openFirewall = true;
-        openRPCPort = true;
-        settings.rpc-port = 9191;
-        settings.rpc-bind-address = "0.0.0.0";
-
-        user = "alex";
-        group = "users";
-
-        home = "/home/alex/media/ts-home";
-        downloadDirPermissions = "775";
-
-        settings = {
-          incomplete-dir-enabled = false;
-          download-dir = "/home/alex/media";
-
-          rpc-authentication-required = true;
-          rpc-whitelist-enabled = false;
-          rpc-username = "transmission";
-          rpc-password = "{55d884e4042db67313da49e05d7089a368eb64b3Br.3X.Xi";
-        };
-      };
-    };
-  };
-}
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 036658c..443d17d 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -2,7 +2,6 @@ let
   # see `modules/age/default.nix` where these are defined
   pinwheel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMoI7Q4zT2AGXU+i8fLmzcNLdfMkEnfHYh4PmaEmo2QW root@pinwheel";
   backwards = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBcTK3CUtTsgavuLlbfOqCbHYLtUrIKqnSqYmtzGCZnv root.backwards";
-  sombrero = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO/NltCo1L+X1OIBfIKzfrbxLpCOerQ4vTIs+QPTXkf/ root@sombrero";
   tadpole = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDbyj/vYafqpJH33jFz5HV+gwCiEIJTpxKrEFrBWx73A root@tadpole";
   alex = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTgiHYcdhS87pPnduLunZVEgLVj4EtbG9XVSZP1l5s5 alex";
 in {
@@ -12,8 +11,6 @@ in {
   "pinwheel/mullvad-account-history.age".publicKeys = [ pinwheel alex ];
   "pinwheel/alex.pinwheel-backwards.age".publicKeys = [ pinwheel alex ];
   "pinwheel/alex.pinwheel-backwards.pub.age".publicKeys = [ pinwheel backwards alex ];
-  "pinwheel/alex.pinwheel-sombrero.age".publicKeys = [ pinwheel alex ];
-  "pinwheel/alex.pinwheel-sombrero.pub.age".publicKeys = [ pinwheel sombrero alex ];
   "pinwheel/alex.pinwheel-tadpole.age".publicKeys = [ pinwheel alex ];
   "pinwheel/alex.pinwheel-tadpole.pub.age".publicKeys = [ pinwheel tadpole alex ];
   "pinwheel/alex.pinwheel-github.com.age".publicKeys = [ pinwheel alex ];
@@ -42,13 +39,6 @@ in {
   "backwards/alex.backwards-codeberg.org.pub.age".publicKeys = [ backwards alex ];
   "backwards/wpa_supplicant.conf.age".publicKeys = [ backwards alex ];
 
-  "sombrero/syncthing-cert.age".publicKeys = [ sombrero alex ];
-  "sombrero/syncthing-key.age".publicKeys = [ sombrero alex ];
-  "sombrero/alex.sombrero-github.com.age".publicKeys = [ sombrero alex ];
-  "sombrero/alex.sombrero-github.com.pub.age".publicKeys = [ sombrero alex ];
-  "sombrero/alex.sombrero-codeberg.org.age".publicKeys = [ sombrero alex ];
-  "sombrero/alex.sombrero-codeberg.org.pub.age".publicKeys = [ sombrero alex ];
-
   "tadpole/root.tadpole.age".publicKeys = [ tadpole alex ];
   "tadpole/root.tadpole.pub.age".publicKeys = [ tadpole alex ];
   "tadpole/alex.tadpole-codeberg.org.age".publicKeys = [ tadpole alex ];
diff --git a/secrets/sombrero/alex.sombrero-codeberg.org.age b/secrets/sombrero/alex.sombrero-codeberg.org.age
deleted file mode 100644
index c48a4e95eece48417265fc512482d9c51c0757f5..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 786
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlt%%CWbyV>2E-A|n
zbar<uvoNvr^b1SQHutH@&9Cq<3J#A-%reO-u<&y)@X`)-OXl*bvdF7S^a}9zi7Gcr
z2@VSJ_p<Z~iwa9F%Lxoh&q>NKcd1Nr%k&L2_C&W$JKrzSBTykEDYz=hJUuF>ygWS0
zG_%0cBE{4w$}1|_HB39iE7Hp?+rXgQBgZE{-GIw7GsMd!$tcCbG{?&`E8n!l#UMN=
z-^eG+B{?H7D5N;RTsz0pGQc<8%#ll1S63lFy*$Xr#WJEY%*@%<s4TtGF<(C_+%n0~
zP2a+!IJnfYB*?@~+c-ERGM$U{wnOB-klvT`eNCr)xpid6yLT6|oILIx>DPLlz>v|(
z<k+t^WBJx46VGL;Mo&Ajo&6e<`iVD_0)yt3$}kzMT(zZXOU(tQ{hz<&ajDH&s*<hP
z)L!~CFH1)^wqwra<<}Iy9u>8XZcDuX+Uw`kj_@rP*Pm6ZSx}n);?tLi{@+P)tIA&N
z_f*XFx3K4&8MEzk>fzK+mW`V|#9sZ<Gn=!{{?E?Hnt=7PPo>?KT1Y)<ORn3uK!0-_
zQ!?AONuJRj6Aom4a`G%IiLP2!JoTiWfqwQJ+XoWdv7(P|AAQWjy<E;RdK!0maK)8v
zI<61)tG-!f{C9m~jLxkcouT`UcPC7@eARsQ%hq+-FaPteu)BF>=JWYH1|e$Jn;zbf
zJ@Wt3-`mljJf91#RgroeZ4;*bE&gtk_^~;rYH^}@0WuTjOzE+dlDW;`_3ZEc<MzHU
z^O?fJ3jeQsoSdn;rbIsTuXMzL67Pj2a=A`cCGuOm3_HK%zb|<$!J!qUdCBJExgDN$
z-a29e8qSRm<FpRyo|syr9I&0S)ydOY)AYGj_^V%La+;e&eUh?|oe0=F{l}@@q3U<m
zv2VY(qE{z3*kqBKbpprKRe3_(3m&hz{^9UDqukrIjH<upX1edOd91l-XKBYm5$`R*
ZrfIwSuikxVP+>HyX3|${kp*FF$^i57PLu!u

diff --git a/secrets/sombrero/alex.sombrero-codeberg.org.pub.age b/secrets/sombrero/alex.sombrero-codeberg.org.pub.age
deleted file mode 100644
index ef4d102..0000000
--- a/secrets/sombrero/alex.sombrero-codeberg.org.pub.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 MxZlmA NNDIdpcC5ad2zy6SNwiLbowPBahLGKnv/W6LI4rp0Bk
-78Alin5dlkRgliZkL7iLSY6MRtdZPjgtz+Z70CA+aQ8
--> ssh-ed25519 +oNaHQ i5i36kNiCMMsePFyaLHOvzMPee5RuE+yHtlh7bHq0no
-B4fpYax3fzgOUGYwL4E0V9cqyvDbF5iYo/haUyR34gw
---- jBxmbEHiLGLglJDbeYDbfDrgc2DPsVIoISNj7stw8pc
-MJ��|.�T�j����� w9v�����kuY0B櫼D-�O�
-]�D�y]a�j�(�(�G�y	���Š� �W8���-i����/��=i}D=ȟ���,U��z���ݲ'�P�Yo��7��sei;
\ No newline at end of file
diff --git a/secrets/sombrero/alex.sombrero-github.com.age b/secrets/sombrero/alex.sombrero-github.com.age
deleted file mode 100644
index 011dd74aba3cc1ef6177781785493e92c7a4eac2..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 3756
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlt%%CWbyTP{@D9o@
zEOd-8Om~UQHLURS3P}u3%y2agaI3UPvj|KK5AiRv3@P%;^W+LKG)UDB$;r*naQ3Y9
z)pj*>jVjR3)He$VPAv>dH+3v@4GPRnvkY)eE=IRaJKrzSBT&J|DK9iE+s`!3+|<`H
z!q>AnD#_BYGSA=4xX2@|s4B|R(KjML$um49$CE21)jzS!C#t;4(5KR~!m`vbx6&so
z(a_r?(8VdKG{~UDJhjv$EYmT=B9u#4S689R&DFfJFe|GtFeJ;=GR4~@(ZtnE-$UED
zSlc2nAfmj;H7zn!-_W<v!jUW1ro1BHqTJRDt|Kp=)gR|c^#0`gQHA@Q@3q4F>lAJ(
zU%xbweUhT;7TNU^ibT%3U7fJwX5X=m<$X%i7JF~{yoQU9eQ{`5s@2L6m&@uoyaz8P
zEZ4M>U;cHn;r#!BSwF2>l&*VkNy`^Z`Ks%;RCV3yfBbbe36s7*-?(bii3dx?ziiC1
z-YuN0+*T={IPYTV={s-z4_ArnY`$^J?lS+8h*?!z^d8IXdA=$wzVYqbGt6J#U7qSB
zawanI{b%c`D{6Q77R#J%6#pN=6y2m<E^4E<Q1RBJedo^QieH%CFLXwC=EE5hYah%h
zn5k)ex8r_M`>&_RC(fALHvfH2$cYa^t{F)Qty4}s60(a*eyRTFZ|LJ=u}?~(WK!2&
zY*=P|?udv#>*0<i{?qgxU)E2$$Mfqj?{>LeuP^+ZWya&e*?BW<^ZN%2|5_jCDCApV
z^ju=W!Phr*FaBk+;XC^5guB7gQkNMFp4BtNw*1?EQ2Xh$zm84HKG~6RtY@w${WW|M
z%;=uB(9bCOSDnf>)ul`J?_xT?t5+)fw(G@ZS@un}vTdu>-xd2+&wrFUGn-54qVjWB
z#WTNsH|@I>ZF~6b|AXNZUFDvAva|ddG40T%xi=O6Z2r5{uA@{Y;*aINRE19+Y1!rZ
z#q9O$+N{@ZXl!1%=@LV&*q`j_1;764@T6QjEFH&Pqulgmr6ONq{-*n@GJJLA*q+*#
zxwEZF7w&fNsOn3W7WlHb#Wl83=iB4cPeU)QJjUw0aMn#BH?wVQIl9Td(}J3>Pgr?B
zLgci^ZP$|SSyL=ueGX2p*RXQf&+HSq|IX?&HP5da*z2-<HF>hFUhKaA?q?Iae>|H}
zsV39CHg;76Q_XWlrg=X;$GI{^e!Fn!ljQHow->xwy_)-XOV;B>Mn1Dcx>Jjc=eF3r
zxV`<=-InX`PQ97FJ~=LX<2DzYPWfxGcLY>o^G?`zyxn#8Z_~2?w?o&~yO*pw|LKTe
z8UNOwmrYMxvOMm$>>ux`Pi%K1I~m#Cw+qHRdYEI>e;}cr?SGKzqTJ|fg_pfNe!h1&
zdd{P!_QCep1-e^`-)byYJLi4r@w?Zb{W~mro11QCtv*>(y5`_T@swxB@AE8YiTETK
z{4QcjSca+B6(QfRGectMB?ZhmTwvTKeeKxnW32pB6H?y=EMb25`TvjKbLCGhm=v?B
zmg#EOgBeHvE407x)^s|Or%<xqL~)}^;PoFXa+me&eW)HdJ8Od{|L*?2=Bv?xzmtzH
zSnL0rU0da9N-FE)Gsb(SZx#4qfB*Uk-Cox%2_2>}PlP>wWN!IpY`w~|S0rkc$tGQW
zX6_mxWyATGjTUHj{khk@^nJ^lvcIdR{^<Y7{9?xX+17`xKid8a|CX}o@T_Z$+=?1P
z*{Y|{^m6PlZ9R~t*P7`q?YUc{W~#KStw5Kx_2lBO6PoIFOl4B>cUqUP>7?PM-n#bW
zL>t@Lr>>RVxxzYgEwk0z_2q>-PhGARF8KJb-?X9h@u`N`9b2|qH*D~Eu2S&+9Z!Jf
zMW@L7pHkRPx24_mUt)Fk)3G_{4|6ZM?<!UxXD5G{af<2fCAzDE?mT<T^~BQuQA&=)
z>Z%1BPX^DJDz9+<(6>E*W+yL}uQ-?)D*Lcxz0Bh(K0Cvw7rL@%HYp!J`NJ=jrLr~p
zYj@MByin_8-+Qs!H(9gHDKq8294UC<&6A)li|5SpS^6yIy`G2Q!aLgk!}(uXrHaH(
zjk@+PXS0RjA^Cd|zb2nn4@?n%lyYNcZlANY(*nlpvEM^)`^#HiTYbo?kL6rhx@l_H
zPsil2$XDwtZI^^xm~YTCwRmlPQ+J=d_>=FRd)C!N{QLJ?xWP8_-g&P}g=r#lwlNx9
zYLotG6&4k>KH}4Q&hHIe?~Hitug<^HetGiYgA?l?Tt2%vd@qm9oZXx9vbVkJUnrK9
z;OOHTvhlUc`cRt<jJKAZObK7CxNfB%r_=srf)Y2qOiX>wNk4r4ZNu%e)qPunAG(Vt
z{bsuI(n?X~Q18ym-)wfUNCftl<#jIDxY#J`oT^!<d`iCbpEa?^EW4(fO<8uPFKx}_
z2?~22U6;GBTF1w35@p5KSF_2`-%ikA%DOW%lyr8<$bV?w%U-9ve8$Rz%}#$qmvzkh
z{4wfi>6Jn??u(x3LFNBb3%@2_VagIeuT(nc3~Ouo2C+BO{3^XZSSy?rzaP^&Gtxsg
zbft*ht{t}|uPJv$95G#yb@t>mA&ZIGE3PcAo2kQJvH04$m~HnGC)~L*`Rq2+>l*w{
zLhfgNtn*Vh)+$w48FHvMV72Wo_B}h+&f>FjTK1tgF=X+l=@};T_3k~Hyy@gRW=$Wr
zD5<CO!mH2tS3J2W_Acsf>2`Lt370+#HJ)D)9vXUcNmM9r)6K-?tPOH3W-)s2%_XIm
zU)MI#`&!puHO*+wR%NwYoIjU!9xj|4ywvl9jgTdix%k|F@AyuNTQ8kevMpfu+T^Sh
z4OX`k^OkrCF=>C~c{KT8U!-;4vBeWM#A@tc!J+B8F~=pyab=Q>dXa+kw*Us^q_<n+
zWA#5utv;1M_iAa$t?MVsj%u{b4!>UdXQBR{^QR=ewGZX*yVv}mX~+FHN0Yy#UQ^2y
zc~#xY%X{AQ^M~sh3QwJHv%R<O+kWc$V?D0^Jo`VHi-n9%v)guTVZQh1;;#GGHgjZ#
z#%J-iocYBhloXO^nshKr#naf}g}LoUp*d+^4p*Ij?p<3oWy0Uw^)gH4zh6E2V&P<#
zhYz-WSY+nj@4(@xweHZgj>SjPU)vvcTHIb^6mt7x=*B}?<}*0#zKU!yTXS#i?~8L4
z(z|yBX(z6o6}w`epH}1BdzW_GcWd^BnRSYKgcTceT2EMaO?crqc01pX_Osrb2i~tz
zs^C0yLT660^%-rx-)kB^xW3CP{AriIp><B?$x!vbg&V|G&p&G2z^{-gciVHv99DTd
zH|5eLD`($(C20M{e4W6a!u?W=j!zE6yp&OP2{07s{qH34#8F=0t?#{Usuv!m`{ii2
z&v=(S(Z#Moz|6Gb<DxaeS4$UgrHOD9X!d-1@$UQ1+BUA(iMzYPjL+SFo_6!$(#@~^
zZ|$4(*QuswtE->1pX$|^%vr+1Ji+Q+nm;G+=Qy;ebdTY@f|b=9a`=PZ7S60Za_Z52
zmg&v&8AA=PYu(!<o%XuFvv=Do|7q{L>-bMc9euMRC1~EFHB6hMr#RW(;1w}*^(eaK
z{O4Pg>!nL2n>Tc*COkekC+0-=tz+wToJ{QmCxtCPB;UL{aI=1$>ZB<TI&y96KJVN&
z%{#Wex$u9l0K?25N8dOn-Z2cC_U_iZA8LVbe<hr#c;#!kXOgADYFD=C<0lu^wp_Vw
zc>lNF(s`GYj~`qcwPv@G0P}O3@@t=X9~Mr2vXEWOAo{u?`>WWHGO5*a$>+T;ZAv&Z
zWv>F4j>EQh6Ej4wt^O0SAY!*df1Xo)(1SX)qbyFw`=9BrvM^nE&6)RW+wLZRcdwhh
zhR*7jr%fvQ*SYXLo94B1Qxd;j`8)M(z?Rd3yXJmUc`?z3VZQdkYbO?zCdcZ3)RgtQ
zm}vON{ag2;tAAG=?yT4#aI?5?(pG5&k@Dw1({~!woc$c*HSN%*SGVSdg<Bq+?|OSS
zi|L)0EL;EQFADki`=C^v*+LeZ)w9Dk%|53Vt@^msVe^4Io{=|xn4Y;>{{CBTVYk^y
z+s&c99w)x-U^A(CaC*lLlVU;bXB_z@FP=KG)~uRaV;B}OyY;a9ymOl@wcmy2&5fMp
zYNyUOxtOK&(NjsudjTJ;PF@u4ys`h#!YMb*cn)u#I`6>J{^?4ZhAxJJMq70s?fRm}
zW^J!@k9Prc?&M2{Hzije`T6-(uJGh^!Lp43%!!E?BP8xD@q4s%-nF2XJzWv`cEX%}
zQ`XKGn?Lts(yasExdr#^PrUimx2mBqByO2_$eQ<OSG~FLtNiAP&^2db*Xag|D^L69
z>&_s&p*dgZ(DL<D4ezub`qO7|_}DTB#+r_#WXYH%_fOVLpTF$?y%ML-jC=<p{e1<G
zv)YLqlWnNHzu|Onn?o;`1^0!>2~Fp;jc;nKOP#0v-|*8knQ|Emu6DK6VS5=SFfE>@
z5pi$g+!xuOBX|5u@GbGY#?>Ivd{JoA{R`@$AGmV358vfYxbb*dRY9d(vqChF=Lys6
zmzti>|DWEWU~Z_C`2O&#<)ZJVrv6Zvahm`5;#rR!_FdP`EIxSjNLHNqaz1Cb^z|)!
z`ovWvR(=Y2#TUWo8m0BweskPfg+~ugot_-Pq#voWQd#H8s$3((%9D*E4bg6sw;G+c
zIlrc0<r9vTFJ=f9_uH!nZwhC&7gg=~68U|;-rqm^uFF`wQ~oX37@{LD_~_RGGnbe(
z&z`q%t#{A&Z8NsmB*g4}`kKMEUHvEKJI*P3q;OFG+W);zE9acjSjCtBplacf>47SL
z)V*AGnm##VpI?)1f9Z9&RGU_4tJfo&7ePH;p1q0{&+U%R&Yhs@7Tr`H|24bWIp@0c
zUGZJzmCw#kWsY1K)cCJ%S?~Ef8M{Bdc*=3+QH6)|B{|K4w;ul=_qBg{<?^6suF~o7
z*h#wQ89a5Tcw`)n4GGvj>yyQ;34L4BU&j`03{f&Sij&{tezD;*@9P<_qjvq%_<2uz
zLI~@%4GS_IUmPy-lrm*o-6vF+dMkOc$Gq3`I90okdOnibdxOhdtT^e#yT0p3=PdcB
t$Fug|%15P74zifmZ-1-4ch4>{wGRzmKbC9!dGK+mQM#_K@we9Al>kCfGU5OL

diff --git a/secrets/sombrero/alex.sombrero-github.com.pub.age b/secrets/sombrero/alex.sombrero-github.com.pub.age
deleted file mode 100644
index 77b967c0f8f2c96b356c6b9401404bce73a5d878..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1072
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlt%%CWbyP_6E7mX1
z4l#~2NHq$zj4<&s&^E3#_3<vQ(5^BKGEA|EitsRV_w!2$O6T%Usi@5LGL1?sGVwR`
zHZ2ayDJwLs^v}spaSnFLb<c6G@T&Bx$}>z14n?<3JKrzSBTykMwYVa~yUHjiGa%h0
z(<C6++a;&UJ+Q#FEYY((H>f<v)Z8-5prSk?ESt;KOy560+|W-utUR>REZEyLFD*DJ
z!`RzVJJR1X&_CHcqtvOiBrB!JGM!6TS6891BE>&7%ctDK%pf^0-_krIBflU#H6YwK
zr`**kGSni^)zZi;)Z57-F_7zwaV;-jZS9T8%ihlRywi5-HpAM5>y@rd`Sv$JIp~be
z{fa&8mY>%g4qjDx{Z!P%%-{NtcrV}EFw5k}!N5Zs_FSk?zxjW&L5+ZO?D~Sc*S~&G
zSva%r%Cn6xLOvzF%oAF2$gl8h&&#dlH3wOp_eIp3T@W(OSyO7zEc5A^|I8Eng<0<I
zy_a>k-rv1*%l)LPJ+`$qOY`sSxp9iOceCR1AFAr|)=Mn^1aNI<nKF<6=IQB$Jb!Oq
zDR?IKQ%&>hT|ZmPwin{n*`nb$Zd54ll38!CPi)~zmbJd;wlQ<JJUco21;38o4~ERJ
zC-w7Le+&6L-8#{1r+2Zv&g{dFE&S^?8UCGr?G=mN#hSajcXXfc|0BBmNTNgBH^aAk
z>#{_0`j*xFEV(&z$8ix^r<du5%a-~`uV8EPo$-D-i^Nr~=s!WGtk+wV4*m7M_}1-3
z*&7|h`9f3Yte8H{uT{czAM^d6-BbM!FU?OZJ;&_(fW_p3xK{b5>Dj7>#QRc>Uq8(K
z)9GNm!q;Hp;?gNe_fM&O*!S}-^T}vFhW)pvTRqxrvF6qv6V>%<mr|l;_D!=oxbb;r
z<;53vxoSa1)8Cr!R9pN)Zf>bzWHZOy-M=e#EZ_Siz$R_Z0!6Rw6P*=p<u7}@Tk7Dm
z%y(zczv&K-GDU8se2A0qoPVS+!%12twPQ=~%tnhl`&txa1cPqu43N-!DH_rmtW^5^
zmC)2_KLfWk{yn}#zvuXO=}v{S?SU^gs@ZA!ii;^_a~9r9nR$8b){FbhOq%LD^ZPnI
z-uF-VX?ZKG-j_4r{m0G6nLh<}tchC@erOSw)Y7%zByujz=h(ifpjQ3n4?(?@6Hbm(
zYt!{>XBtYBo_og{uii54vqSg)n?48M82f#R;cF{e=5YU{X<gz4Ih}O{yrKzC%iIoh
ze4p&9_%(-@W$WC@hx-0pI<ax5wOjbXy00wXIXd2TZqt&KD!SNxI3QPbpK`X^4Tm+`
z{^s`{<ySA${<Xn&>c!+<R(|`!#|M%`&(+A@U7u|~?R@a09}NY2H%A)8E_m$Tv_~^M
RGSyM`XZnFQ=IinG-2lGM>puVh

diff --git a/secrets/sombrero/syncthing-cert.age b/secrets/sombrero/syncthing-cert.age
deleted file mode 100644
index 3b7ec64a48c619940e72fb941ab94e8b38f148db..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1116
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlt%%CWbyV;S^EF9H
zjLgc8EcA8q3N$auOf^n2^z|)Bi^vNr&I$>3G^liRv+xNsvfwf*GfNE2DmT<lD)%(@
zGz<>)_4O*&H>pgr$jx^0h)gw2vaG1^OZAFy%tp6OJKrzSBTymFr6SDDqCCYSuh`Vt
zy|OSQugt3|)gvj%!qUB>AS)%@Dcd>A)7_&qIFQS<+%v=|#oRs7OW&v>EITsWFEGff
zOh3}H#IU>~BQVoAG{D!wFwr<9(Sl1?S69K)*~7okv^3n@ATcDnC?vluBsthMGQTRn
zAloe{wZy10(YGSQCn_y8CzLBpeaB1DW$KBoTi-Rm*ZkIg=6BevDNYUDGvA%7)VqC`
z^Qg)5G~Qk1>+Us7-pl-HEo-Dop1)lO<Fl&6r5v$rIre?dmnU!9WN2brGj*zN<-sh^
zyEci*nhByyqs2YeG0$&Xc>nLqMZtWY`}mz+Z%;PnG>kXd{dne=$*#@0XA~cO+x_qP
zk}DBHn##YgKW66R;$G0S@Q$YD;(se^z6Y#cqT;+NtVQ@;Z8OIUQ-`Ho7Zql<@l4--
zWE0<1`;%qqh5pAml=p1Db9t9hiXL-y!GUx8gqx2}>N|Gr{z}JrD);WMwkWy6TDtRx
z<db_(Z{}O)^@g0DaLj+^f=9y5SN{KV|B>t1tufzpOBLrK+0~^Uvsj+ieAuIAweePL
z$lnw}lPM2p=62q)(QNmQ+YqokwdwuT4Zjvx`8!oBHthY;z+nGUZ~Od^Ik(bHgdhCh
ztIm8>I9_2r3*%hVqN=$wHz%`1^d!yF@SLK2ZLh*?g=Aip*H*@%Gxx3bYcXtiFCToN
zSY_@N?%9m$O&>NWe-+<-L+`9~P$SoJjR!*db30dER}|9we~k0nsn&HfRln5rW$ag<
zB{sEr`RqI0L2qrBU2%7v8r8CV_E$x3;n&;bZ~5#kRbqMP+TT8Z<%X*7Jij<z^)8>d
z=%mS&>CZY(8SXj!EsEEh^GeU+<%-vhO!ek|-k>v~Oy>aym&Fs7wW^}*W&u2TYtH)4
zo?#SSvid0R?&~W~%UOmmjs9`a=50WdbJ)*yR~IzMH~Y`Z?fUR=!<qXhHTvVN7u;CI
zuyi_?dRz7XldDQkuE{TQT2fiw*X}2~_I!Mt=rK)K*XjOlhr?cOJ$izrm#g35PS=7(
zzcVNLbNkG{8qUjcs%UG&_ed|dXcoE6zc)x-Ui_5(c55$BxM@b*G7GK5ycrg%Pt<OH
zIIuib=}qRTu)5{XoAR?{3eKKx`B?h@x~hPnu;0(<iTqRAC-s+v8qDj`THLX9F4yTd
zOF7SFgn5<EcHNTk&i9*D;J?Skdlt<-(HZmX^6K{iC3T%FFQO-Q9Oy9%*tGT9{@u4K
zcytw&)KouwKB>{rCw)Of;32D{qtY9})D_D&D#ST7pW0ftHtTL)@xkwHsV0YCOuFl{
Lgk!TCN6mHs-iY_z

diff --git a/secrets/sombrero/syncthing-key.age b/secrets/sombrero/syncthing-key.age
deleted file mode 100644
index 879ae40b80601f54c8d2e5a36190ede46eb25809..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 610
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlt%%CWbyTR-HqDMK
z_Du3OGAnl}E3U{k4DhimcgYXUGYPK@u{6r{cd2kK3h*?_v*0RrD>4c#2ysgF$*}Ov
zH1#s@%CT@W_6o5G3W_xH&owu5^GNgX%n1uDa74FFJKrzSBTym2&pj{HInpoNpddfd
z#Yx+@A~ns;B00y)pfWkoCD9<T%*Qp^(xaj>(}JtqC{;h-z%1N2G|0fh$s;h$$-^Yn
z!c#lUxiF=~IZ8h)rzk2vz|uK4Gnq?QS69I&&(zE-JjW$1G^#4qFvmC`!?fHmr7)_<
z(a77R$i2+e)x*uhu*}@oGmtCJNOhC5>@(v7taCS;y=qBc+>k8#+G>GBT<RP*^|QXc
zlX|n&%WSn$zV47KYEgb#)a;jW<7nRB8L!NQR~m%4+ldz_Optv)n?IyF<?6+yd;L8m
znf^(|PpjAz$fZ8}{VFbr6Sp!F%)0KIZuXa*U!8w9H%{Yy`7X7TFRl?i`+4gxS<H9+
z+Uct~w;=0<v@+wpTJ@gk_k!>0*4F>ObiB3y-|v;{MLQzZ|LM1OiPkgJ*RllMjT8>D
zU~?|kJ^amQ@qxAcGheIwF4fXHag@z2X{o2Pl*hzb{hF+u3$<-$#|Qf__Ty1|q|GG!
z)#>xa@_CD0Pakt;2+I7v-|BvM@TPtjt9yQ8%U|UkJnymC>hjFbKYsj);I%Cc>*W3+
ucB|`q3|Hy;V>K<&Pi9#MPtjOyqQKeyURCMw<Hvk_X4|^icEt(n)dB#I5$*s0

diff --git a/shared-modules/syncthing.nix b/shared-modules/syncthing.nix
index d3ca1b7..ecfe21b 100644
--- a/shared-modules/syncthing.nix
+++ b/shared-modules/syncthing.nix
@@ -2,7 +2,6 @@
   lib = {
     syncthing = {
       phone = "HCL2CKI-SA3NWOT-PMJZNFP-I7QETYE-JOKZHXN-TSI74FV-ZA6RDO2-QQMXPAP";
-      sombrero = "DIKHOMV-QGZV3DR-FXQZH45-I5J5R4R-JJZS5BA-XNNW5C7-QSSU3XV-KVC4MAQ";
       pinwheel = "AKS5L2A-NFCG5GV-3U5SSSZ-PLOX6BQ-ZL5ALXI-D7OK4KE-R2JPWRJ-B6AQJQ7";
       backwards = "XRSQ4NZ-LHCZS6H-R3A75S5-W4FH7F4-3DGA5X2-SOPYWOP-A2WRKGC-IPXH4AM";
     };