From 832f7fed95b4f979e48da4124ab2e978ff550ed0 Mon Sep 17 00:00:00 2001
From: Aly Raffauf <aly@raffauflabs.com>
Date: Thu, 22 Aug 2024 06:21:00 -0400
Subject: [PATCH] flake: onboard slateport (#94)

* initial commit

* slateport: setup k3s

* slateport: update README.md
---
 .github/workflows/nix-build.yml          |  18 +++++-
 flake.nix                                |   1 +
 hosts/slateport/README.md                |  25 ++++++++
 hosts/slateport/default.nix              |  71 +++++++++++++++++++++++
 hosts/slateport/disko.nix                |  58 ++++++++++++++++++
 hosts/slateport/home.nix                 |   9 +++
 hosts/slateport/secrets.nix              |   8 +++
 hosts/slateport/stylix.nix               |  54 +++++++++++++++++
 secrets/aly/syncthing/slateport/cert.age | Bin 0 -> 1996 bytes
 secrets/aly/syncthing/slateport/key.age  | Bin 0 -> 1490 bytes
 secrets/k3s.age                          | Bin 0 -> 1226 bytes
 secrets/secrets.nix                      |   3 +
 userModules/aly/syncthing.nix            |   3 +-
 13 files changed, 248 insertions(+), 2 deletions(-)
 create mode 100644 hosts/slateport/README.md
 create mode 100644 hosts/slateport/default.nix
 create mode 100644 hosts/slateport/disko.nix
 create mode 100644 hosts/slateport/home.nix
 create mode 100644 hosts/slateport/secrets.nix
 create mode 100644 hosts/slateport/stylix.nix
 create mode 100644 secrets/aly/syncthing/slateport/cert.age
 create mode 100644 secrets/aly/syncthing/slateport/key.age
 create mode 100644 secrets/k3s.age

diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml
index e05938dc..30c17b22 100644
--- a/.github/workflows/nix-build.yml
+++ b/.github/workflows/nix-build.yml
@@ -101,4 +101,20 @@ jobs:
           name: alyraffauf
           authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
       - name: Build rustboro
-        run: nix build --accept-flake-config .#nixosConfigurations.rustboro.config.system.build.toplevel
\ No newline at end of file
+        run: nix build --accept-flake-config .#nixosConfigurations.rustboro.config.system.build.toplevel
+  slateport-build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Free Disk Space (Ubuntu)
+        uses: jlumbroso/free-disk-space@main
+      - uses: actions/checkout@main
+        with:
+          fetch-depth: 1
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+      - uses: cachix/cachix-action@master
+        with:
+          name: alyraffauf
+          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+      - name: Build slateport
+        run: nix build --accept-flake-config .#nixosConfigurations.slateport.config.system.build.toplevel
\ No newline at end of file
diff --git a/flake.nix b/flake.nix
index 23d20f89..3d04f570 100644
--- a/flake.nix
+++ b/flake.nix
@@ -76,6 +76,7 @@
       "mauville"
       "petalburg"
       "rustboro"
+      "slateport"
     ];
   in {
     formatter = forDefaultSystems (system: self.inputs.nixpkgs.legacyPackages.${system}.alejandra);
diff --git a/hosts/slateport/README.md b/hosts/slateport/README.md
new file mode 100644
index 00000000..55b68722
--- /dev/null
+++ b/hosts/slateport/README.md
@@ -0,0 +1,25 @@
+# slateport
+
+## Overview
+
+Lenovo ThinkCentre M700.
+
+## Todo
+
+- \[ \] configure reverse proxy.
+- \[ \] upgrade SSD.
+
+## Specs
+
+| Model | Lenovo ThinkCentre M700 Tiny |
+|-------|------------------------------|
+| CPU   | Intel Core i5-6400T          |
+| RAM   | 8GB DDR4-2133Mhz             |
+| GPU   | Intel HD Graphics 530        |
+| Disks | 128GB SSD                    |
+
+## Filesystems
+
+### /
+
+Unencrypted btrfs volume.
diff --git a/hosts/slateport/default.nix b/hosts/slateport/default.nix
new file mode 100644
index 00000000..ea8a718a
--- /dev/null
+++ b/hosts/slateport/default.nix
@@ -0,0 +1,71 @@
+{
+  config,
+  lib,
+  pkgs,
+  self,
+  ...
+}: let
+  domain = "raffauflabs.com";
+in {
+  imports = [
+    ../common
+    ./disko.nix
+    ./home.nix
+    ./secrets.nix
+    ./stylix.nix
+    self.inputs.nixhw.nixosModules.common-intel-cpu
+    self.inputs.nixhw.nixosModules.common-intel-gpu
+    self.inputs.nixhw.nixosModules.common-bluetooth
+    self.inputs.nixhw.nixosModules.common-ssd
+    self.inputs.raffauflabs.nixosModules.raffauflabs
+  ];
+
+  boot = {
+    initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod"];
+
+    loader = {
+      efi.canTouchEfiVariables = true;
+      systemd-boot.enable = true;
+    };
+  };
+
+  hardware.enableAllFirmware = true;
+  networking.hostName = "slateport";
+
+  services.k3s = {
+    enable = true;
+    clusterInit = true;
+    role = "server";
+    tokenFile = config.age.secrets.k3s.path;
+  };
+
+  system.stateVersion = "24.05";
+  zramSwap.memoryPercent = 100;
+
+  ar = {
+    apps.podman.enable = true;
+
+    users.aly = {
+      enable = true;
+      password = "$y$j9T$Lit66g43.Zn60mwGig7cx1$L.aLzGvy0q.b1E40/XSIkhj2tkJbigpXFrxR/D/FVB4";
+
+      syncthing = {
+        enable = true;
+        certFile = config.age.secrets.syncthingCert.path;
+        keyFile = config.age.secrets.syncthingKey.path;
+        syncMusic = false;
+      };
+    };
+  };
+
+  raffauflabs = {
+    inherit domain;
+    enable = true;
+
+    services.ddclient = {
+      enable = true;
+      passwordFile = config.age.secrets.cloudflare.path;
+      protocol = "cloudflare";
+    };
+  };
+}
diff --git a/hosts/slateport/disko.nix b/hosts/slateport/disko.nix
new file mode 100644
index 00000000..138f9d8b
--- /dev/null
+++ b/hosts/slateport/disko.nix
@@ -0,0 +1,58 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/disk/by-diskseq/1";
+
+        content = {
+          type = "gpt";
+
+          partitions = {
+            ESP = {
+              priority = 1;
+              name = "ESP";
+              start = "1M";
+              end = "1024M";
+              type = "EF00";
+
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+
+            root = {
+              size = "100%";
+              content = {
+                type = "btrfs";
+                extraArgs = ["-f"]; # Override existing partition
+                # Subvolumes must set a mountpoint in order to be mounted,
+                # unless their parent is mounted
+                subvolumes = {
+                  # Subvolume name is different from mountpoint
+                  "/rootfs" = {
+                    mountpoint = "/";
+                  };
+                  # Subvolume name is the same as the mountpoint
+                  "/home" = {
+                    mountOptions = ["compress=zstd"];
+                    mountpoint = "/home";
+                  };
+                  # Parent is not mounted so the mountpoint must be set
+                  "/nix" = {
+                    mountOptions = ["compress=zstd" "noatime"];
+                    mountpoint = "/nix";
+                  };
+                };
+
+                mountpoint = "/partition-root";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/hosts/slateport/home.nix b/hosts/slateport/home.nix
new file mode 100644
index 00000000..1331eaa5
--- /dev/null
+++ b/hosts/slateport/home.nix
@@ -0,0 +1,9 @@
+{
+  home-manager = {
+    sharedModules = [
+      {
+        xdg.userDirs.music = "/mnt/Media/Music";
+      }
+    ];
+  };
+}
diff --git a/hosts/slateport/secrets.nix b/hosts/slateport/secrets.nix
new file mode 100644
index 00000000..33f9348c
--- /dev/null
+++ b/hosts/slateport/secrets.nix
@@ -0,0 +1,8 @@
+{
+  age.secrets = {
+    cloudflare.file = ../../secrets/cloudflare.age;
+    k3s.file = ../../secrets/k3s.age;
+    syncthingCert.file = ../../secrets/aly/syncthing/slateport/cert.age;
+    syncthingKey.file = ../../secrets/aly/syncthing/slateport/key.age;
+  };
+}
diff --git a/hosts/slateport/stylix.nix b/hosts/slateport/stylix.nix
new file mode 100644
index 00000000..f76dbe12
--- /dev/null
+++ b/hosts/slateport/stylix.nix
@@ -0,0 +1,54 @@
+{pkgs, ...}: {
+  stylix = {
+    enable = true;
+    base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-hard.yaml";
+
+    image = let
+      wallpapers = builtins.fetchGit {
+        url = "https://github.com/alyraffauf/wallpapers.git";
+        rev = "ff956327520f2ecdd0f8b1cdab4420bef4095d38";
+        ref = "master";
+      };
+    in "${wallpapers}/wallhaven-mp886k.jpg";
+
+    imageScalingMode = "fill";
+    polarity = "dark";
+
+    cursor = {
+      name = "Bibata-Modern-Classic";
+      package = pkgs.bibata-cursors;
+      size = 24;
+    };
+
+    fonts = {
+      monospace = {
+        name = "UbuntuSansMono Nerd Font";
+        package = pkgs.nerdfonts.override {fonts = ["UbuntuSans"];};
+      };
+
+      sansSerif = {
+        name = "UbuntuSans Nerd Font";
+        package = pkgs.nerdfonts.override {fonts = ["UbuntuSans"];};
+      };
+
+      serif = {
+        name = "Vegur";
+        package = pkgs.vegur;
+      };
+
+      sizes = {
+        applications = 12;
+        desktop = 11;
+        popups = 12;
+        terminal = 13;
+      };
+    };
+
+    opacity = {
+      applications = 1.0;
+      desktop = 0.8;
+      terminal = 0.8;
+      popups = 0.8;
+    };
+  };
+}
diff --git a/secrets/aly/syncthing/slateport/cert.age b/secrets/aly/syncthing/slateport/cert.age
new file mode 100644
index 0000000000000000000000000000000000000000..27e65676bd8ef1456cb86c9fb61d1f32f0df51a3
GIT binary patch
literal 1996
zcmZY7d34i;0mpGz$tWfvtfMJV2<GU3xWSfus<cTgOO_=cv3$sufNZuUU-B(GmIMrF
zxC$j5qbabG0$m5MKw+eXK+6r?x(yiREDTmkN@0a=9Hrs$D2%_;KYxFH-tWC{D8|)u
znMgs(6%*Oalx!iUZUq$e4N5_X*K;hW*8`AJ#5vkUDqXE<3dD<1H?NkVIE@HtG!yd>
zfj~-P1e55n+wG{t2mM--RtR8R#EJyq59$&@r?)`x5iaCug^{e*ftA%z0#oHtO^~;N
z{=QmF70Lx;N*&@b0-QgUD-r>!T*~4o9?O7Skd#e=Di`-M2`-*S3=}Op6**d~RZAWx
zq_P)N9B*u;Bnv@D6S!nTtyno=!y*J|;kaZ{(^nIjP+4bIrbuhJIS<+rf?Bj`K?53*
z%Z5@&ECBYr3&1eB<T4aIDAO#{iWnH8nM4#Y(EzB0qcBl6xwK)y3b|ws)7zUP;jl>S
zWxSdF$v3Q!!oy}|lnLeXA`s4)?0Ex16)_vaW(bu#PGX>BG}z-=6_|hngrL<ZBH=7Z
zdK11_5N0(-eTXTG-Y}K-mYfuuv)~MF6T=}yU{zUX-)~+YsrQ(bR)>q%#&rgO%I7SE
zFJEkKjsR&HrwlMog;Nw0qG*7(sbH;Bk)mBmoY86B)>w)yrQ&HB1{ojM8io*?V3xF6
zTxEt!@p#eA_ti3mjASY+!zqo1juOtKMqdB~885?bcc4%%>6{jAI%{xe*aTxhGs%3S
ztN<ecK||TNu$-j`I;OQ!dXeD)5%z){=<ya~ac|0!X{8e^-B*hkQFV+|#u8Q%fef(P
zmUQLhG-WT7CKY5;+q_YiE<wWn)|i>fsW>-<DgX&k$yu{E;fcCRW`y>WJ|CNEmBgTx
zayrp)GYpbJf@Q;?uCIp2;`Y=NjWr}vbe;<Yz<4QLHWt)L1c&sJ*@=iq5qI-iM;R}Y
z#ggBtzyx>37>P2TCxd4J#_!P)TmUkV1&3e8f_6wS!1{=*=#a?18jud^bY-OpB6JW5
z7znxm*$XfQguOwdK=CQmBt2=(3#&OlLz^8wkDvepm@gU48dWr*QrogPWJ*I|!UGkX
zu?(u0r92ijJ19>x>HA3~);PuGNhORr)FCV2B{LSl6xOLic8e#A@Oo8*gaQZ>$zc><
zvM0+<E2_vw@_`I%!hK*NL}`mm)~3OXvYFGSMZ%3{y@jBO=dmPfRN;#H`g$c5gppi{
zv!RkeQZ^oR+4-oHFp>I<i(&MLP7=Lt(VsAQ)U;xDi^;#SzqujbZ5rQcnM7Xvyu5<l
ze|S(s<?-GvOWxbEYu?r)^Y;z9G!|+<c<t~X<CTT;?1>}q%wP!e+KkJtO|{M;q3M&`
zM$TV1=u~k^0M(exc++26+Tlq%U$Asv3MdcGZNKllv3y$7m;e0`?7jTd;ME6=-f5)`
z*rfIH!uZL#Gt*VGY;Qr6A8ZWrcNe_;zof7Co5!y_{N1)6Zn#=nhKMuwEgCm_>kR9P
z)5Ynbs?9Tlhk>=9*cvSlcHKMT!|yD*zJXXaf7#pq_<y)RJL*;)tgaBxHqo=1;DIwH
zP58NH`#-WDwj8S3IlfM_o_X5$%8S-HpRB04ckF0|a?GFjvBlq4y*lywT5{qN^Dll@
zbNl0D`T6u#C^Y1)+nrS_Bk0LBJr@^H*Ml!?ZC`r*@U*WE)t%=C-FLs3AFo<bdrum@
zC)Gqg-EU|kvV7{O#W%-x4W6|2M!#tt?YI8bugbIN)$U}W@gvN4rSjbYSB}jxo?Q%8
z{C(uJZ@0Dm^3A&V{hobi-Z?OIm@Dz}=bb;Mk1f%!eT{nVrHPq!ZH4a)?zH*SYum?~
z=i1OSA5_0~c3@A_s%p>l!Y*Mj`{vp16Z<w@98q(1mqHi%Y)9`K-MYY-_0r0khUW|r
z`^+8Xv-QQurQalbgqsb=uI?DPymwe&H@5KpqFWb62itCc*>d6Luqj*KZ94k6qJ2)+
z@lmzo%8^gGuDxS*4WH$<ba88kF4(k28ueGMba2dtZ8H7cpmhVsFuQt3<=<cGZOoWY
z2o)XY_7D8S^SAa5*=RX4dFWOAgN|RF0R|6weEi$aansw^6;5^6e$VR`?PP&vV%LDV
z;L4HfsyjO#SpA(>_pYdxYrd#leE0O%cP`40Hh;6c^O57>ywU?|&&N%3`J7nM-ZAoF
z*ZH0sz76W_m#H6Tiv2fVXw=_ZaC%lPWBf{iH1uCeeZBi=|EJbe*HwH!eRtSET>f`u
z3%&pKbNeT6JN4TPa<}pe{hngy{_~S->-u%PB;Fi8V)Y%<oM+yjH?^hx=EGxq5C3{|
z&4h;46Gl9GbZ^A!Rmc=<c2DbjAH6<h{qX9OkH4L@apB%Ja6t9B%6L6G^`Ao<&MN*^
VKm3Sx)Q<i?R2>?9^vZ$E{{f-K{D%Ml

literal 0
HcmV?d00001

diff --git a/secrets/aly/syncthing/slateport/key.age b/secrets/aly/syncthing/slateport/key.age
new file mode 100644
index 0000000000000000000000000000000000000000..942e8b402d9a47d538623ac5d6fa95d75964a9bc
GIT binary patch
literal 1490
zcmZY7`LELi00(e1Cg?OO-pS*cMU;rkdp*|f;2ELowywL|b=^9_*mXU&UTeE{?bPss
zydNY+AtWZ^4@LzQqY)vBa;OOegP;f+2)85>f8ZyBfI<lJ^ZW}w`5wG1PKkzK2mL|U
zG^R~k20SP<^<3C-lqs<TqbQUN`=rQ~sc^Id$Ko{_DGO%M5+zzlG_e?+)XP*?DN1Hf
z=o*YEkaV_ThUj867VB0;f9RMwbtqUloEzbOM(UEiMzWSC(zvg-9nRq8aZQf!{iYly
zOH@+E@BvGih|<gPVhRCdhop2Jmzcc3u}H^=q(O|xP@$Hb%%zZiuAWVJ`B6$QkYv|%
zS!6_(Xow+H6oXPptBDGhIj;FFeu!XUKcClqr3?5d;Nmqu)skCgPU;phvSa`jIVymL
z9RsXX1foJ59vGyTjmrs!^YOk^@LZx??+g;UCbe5#A`Zxj3=#}HkQ~<tTO-?8*mE^c
z<q)#T7c(XZnY7nTf*q^Rj?@v6V**?jz+{nVdJQ!MLW)KPsMaZ)7GmOVf=jo^NUw~v
zkW}1q5Z!RKI;LmZ9yqSm7z(AaFrdW!W~M4NN{NcyB^!Rp0W(B&h_J(grMRxhl2TCa
zL~YCo1s=qJcq&_AW8ko(@V@6Z3u<4ZBvy`gT??=CXrrxU!D?w-Gi)PB48uj;cXffm
z10AX&PNm^9Tw5K`JgnIf90R?G##Ln+)w_NoB<Ltk4bput;{ynT+LZ`XMIgy_8cZiq
zPGyr-8unX$k~9+Inh?(bG8HZ}b)&?HCJ=X35=MY{)g*H`J5(eyUuhV;ndwIRNvDkA
z^^jKr0X_v&!6+lfj7*+tw!KCo!}30st@<T~CwML3486fS;~FU|1&s>VZ`C+tOKb(s
zr#hHo%a$GicwUie0teNMTpl)AyJE;aNC@SNDPWk*B8o&n1)_t|6&8frYQ^ZGQJEtt
zuP5k&E0-gK|7C;pCV~vZdL-Tl9M`P6M7+&*dT@G_%(r4vKUee20Zb%yfyQG6zT=yr
zA*E&lxQehXnPs>FST>OaY_tn_y`iCMSFEvqHWM2{w#bcV%POpBQDJ!yb)#Z!ScsR!
zK7DI+W0bB7oW*ctmZ*CLdlYZCV<QSyu@Gta0FNcLYDtQu^QdTy1`$^2s6k>NmemSP
zM4@bo=Li71^^&Qnuvc>fo=!E;fWU?P0LDg~tB8EpRQebP!hDsadYPnOBN-~Rc>X6R
z&SQHg9?IW*U}nY6-8a5{<-Rbw^z80?wb!$6FTCw7YT30jOE)E**oM&7$w_L4m^|26
z^X}!Z&M&3Tt~j~9eQ@3v))SRr>&9y9u4C}zkHdYNKU%#8zOa&eX5qGNtG+%nb9}L;
zZb^rJJ-O@EIrrS=JK7s}{~oqxA3qX4K2@0R|Kdo0$S-`{idy*tdmG}G>F+PFg{|#9
zOFo>v|HON*J^kg~6N_FxmHqsY(+e&xj7(Dp4AokH_}@kQ&d#G}?d#ad1*b1Oy7s3j
zsc8pq&c&YGdFs;-R?Tdv&NcS!`0Qc(&ZGCx=ayfRN)yP{f1*FXKe7JM?R(mnFYUbX
z=izm=jo%%)zH9E<rd1dBlgrUXkKu2;_|)?_c=MazoWJ%TTWzm<=~-a@l6MZRyfX8H
ZbckNNLpyq9`o`3QSHZuxFPmkV;(uIO6eR!v

literal 0
HcmV?d00001

diff --git a/secrets/k3s.age b/secrets/k3s.age
new file mode 100644
index 0000000000000000000000000000000000000000..7abde606eaa5684e19eca8e59ce95f533009e9b9
GIT binary patch
literal 1226
zcmZA0JMXJx0Dy7bOcMte7jqH@H}V%Kx3ZW31<JkL$|cdHP@t5;OQBqsvpSsV#N;@*
zy6NC|Ffk75Zgey*x|nF<qMo^*;I}-_F;Ab;I%((TUV!=o(B{a1t)4!Fy6*gxp4KFZ
zG0-HZp<zMTp}!VYYsp(P+)41jrnwKt;;cC15O52+uQu&D5@E6KR*ce2>IozS4>OnI
zP$F<U&&yuBM_!?iJuayWusN!vh5S*=;bRlz&?o`4j)ASsQ@@V6%Y;<j{mN~dL|7+s
z$zB-$7Rkbl@X5-rb{DyEo9ZUQeQTurbdRn#%HMdRAgQda?~i**8IIg-eAK4sI1(&W
z(Z1BA0Ql_L1Wuepw}#D|=DyfswhIGN8V0>#k?QUUD|1e_<*n{n9M~6=m(ix=GMFFT
zpv!i(1vEuNvyCWEIs2$d?NyFh=r*lg`p|JVTV)EPZ~4PS&HD|Jga!!9^RZu8>q2%0
zJL{|Ly1VmYd{WDkOx>M;o_#FFcPgkN9BV_t%p8+d{Dcg<N6m39(q<u~E6(18Uyfn4
zKd{m`28p}L7CO$`AnfZ%>9rP%gaSd))vzY;_!Lq@?t2(*Z6&>~$H*sq67ILHe{sqS
zKwZhmsq#^)+j`!NP(t(^#T03QyTnjOy2%V-r&c#NGbLjg7ZzDU-gM)W7p^>>mD7Hb
z@5mrzBdPI<<pSD+B`v@WD{b}w0FigI1{WT+gcgw8f;x%nH{|GX*C_>^urX20QNhAS
zof{V=dcF6@q*uiXtIL(NZOC!m?+1F(Nxe_CO%+W?p^pe-Y}7KK$WuwiE~+p3qbBEP
z^=d)*2HkT5rJQa6Fh_uhYtyW77LnKfBB9F}BZrxrgy~@EubZU!v(a7<1Tm6Aumnym
zT9vUJ!Q`2?TJr>Zwo}QhN$XL=s(>Iy=*qcw?Mm;RILMPkF>o8!@r@XzUa3!Qib-~V
zlCG^6i0q14v%Dh$(#UL>9zEYRRez5FD`fP0wuH7@XzSoM^e2IM)Wq{4y;)E{fuYu7
zxAMKAjVOX=>SLxzE^l8FRzL@)EwsW{J8;ccv?mCt=?Uc-X&ZAQ*Ccb8xA>08kyERn
z6Hjhk#?skVeSP=S6O_B|&YwXFGle4_jz&r;vKTe0!qSeL?-VJ<Dr%>gk!`JBzW>92
ze?EId`@H=5k551T``fR+{vP}Nvv=Nm_0ik^{&jlulP_L;^Yq&<Uq1geeE#E46aQ`}
Mz3RSu>z`-;1MLHpi~s-t

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index f0344638..1db4a3d9 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -31,8 +31,11 @@ in {
   "aly/syncthing/petalburg/key.age".publicKeys = keys;
   "aly/syncthing/rustboro/cert.age".publicKeys = keys;
   "aly/syncthing/rustboro/key.age".publicKeys = keys;
+  "aly/syncthing/slateport/cert.age".publicKeys = keys;
+  "aly/syncthing/slateport/key.age".publicKeys = keys;
   "aly/transmissionRemote.age".publicKeys = keys;
   "cloudflare.age".publicKeys = keys;
+  "k3s.age".publicKeys = keys;
   "lastFM/apiKey.age".publicKeys = keys;
   "lastFM/secret.age".publicKeys = keys;
   "spotify/clientId.age".publicKeys = keys;
diff --git a/userModules/aly/syncthing.nix b/userModules/aly/syncthing.nix
index 8bb03aea..5fb31a3e 100644
--- a/userModules/aly/syncthing.nix
+++ b/userModules/aly/syncthing.nix
@@ -28,10 +28,11 @@ in {
           "gsgmba" = {id = "V2YCZSL-XY7H72L-FGJFWP2-JNYX72O-OJ5V2HY-V4SSSJM-77A7E3Z-7EJFAAV";}; # Work Macbook Air
           "iphone12" = {id = "SBQNUXS-H4XDJ3E-RBHJPT5-45WDJJA-2U43M4P-23XGUJ7-E3CNNKZ-BXSGIA3";}; # iPhone 12 Pro Max
           "lavaridge" = {id = "TMMSCVA-MDJTDPC-PC47NUA-2VPLAIB-6S6MEU7-KALIGUJ-AWDUOUU-XD73MAY";}; # Framework 13 AMD
-          "mauville" = {id = "52MTCMC-PKEWSAU-HADMTZU-DY5EKFO-B323P7V-OBXLNTQ-EJY7F7Y-EUWFBQX";}; # Desktop/Homelab
+          "mauville" = {id = "52MTCMC-PKEWSAU-HADMTZU-DY5EKFO-B323P7V-OBXLNTQ-EJY7F7Y-EUWFBQX";}; # Desktop/homelab b
           "mossdeep" = {id = "XRIGHMT-54OGBWP-UAAGAJS-LGTRHA2-EMKOMEB-EJEWKZN-GJFK6FO-3O6KQQ4";}; # Steam Deck OLED
           "petalburg" = {id = "ECTD3LW-YZTJIXX-HLQYXT7-UGZSGST-3DDKF72-DJPMDHE-SUYDWIT-ASTKTAE";}; # Yoga 9i
           "rustboro" = {id = "7CXGPQN-7DYDYJN-DKELOR3-RD4HZUW-SSUDGLZ-WVXYFUT-DPT2MGD-6PO5BQF";}; # Thinkpad t440p
+          "slateport" = {id = "MDJFDUG-UJAXQXI-AMEF2AR-PBMD5QK-Z5ZG6AA-RCJCU3M-GZHQQEA-X2JGOAK";}; # homelab a
           "wallace" = {id = "X55NQL2-H3TEJ5U-EXZPBKQ-LI6BMB4-W2ULDIJ-YNIHJHB-4ISCOJB-UHNLYAX";}; # Samsung a35
           "winona" = {id = "IGAW5SS-WY2QN6J-5TF74YZ-6XPNPTC-RCH3HIT-ZZQKCAI-6L54IS2-SNRIMA2";}; # Pixel Tablet
         };