Make fortress actually work in production

flake.nix

@@ -182,7 +182,9 @@
 
             home-manager.users."lauren_lagarde" = {
               home.stateVersion = "24.11";
-              imports = self.homeManagerModules."lauren_lagarde";
+              imports = self.homeManagerModules."lauren_lagarde" ++ [
+                ./secrets/mlaga97.nix
+              ];
             };
 
             time.timeZone = "America/Chicago";
@@ -209,7 +211,9 @@
 
             home-manager.users."lauren_lagarde" = {
               home.stateVersion = "24.11";
-              imports = self.homeManagerModules."lauren_lagarde";
+              imports = self.homeManagerModules."lauren_lagarde" ++ [
+                ./secrets/mlaga97.nix
+              ];
             };
 
             time.timeZone = "America/Chicago";
@@ -235,7 +239,9 @@
 
             home-manager.users."lauren_lagarde" = {
               home.stateVersion = "25.05";
-              imports = self.homeManagerModules."lauren_lagarde";
+              imports = self.homeManagerModules."lauren_lagarde" ++ [
+                ./secrets/mlaga97.nix
+              ];
             };
 
             time.timeZone = "America/Chicago";

systems/fortress/configuration.nix

@@ -1,6 +1,15 @@
-{ config, pkgs, inputs, ... }: {
+# To recover/repeat this monstrosity:
+# - Comment out the digital-ocean-image.nix import
+# - Build qcow2 image with `nixos-rebuild build-image --image-variant digital-ocean --flake ".#fortress"`
+# - Convert image output from .qcow2.gz to .img.zst
+# - Pipe the .img.zst over ssh into dd on the "Recovery ISO" environment of the droplet
+# - Resize the partition and reboot
+# - ????
+# - Profit
+{ lib, config, pkgs, inputs, ... }: {
   imports = [
-    #"${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-image.nix"
+    # NOTE: This has to be uncommented to rebuild on a live system, but commented for build-image to work.
+    "${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-image.nix"
 
     # Core Features
     ../../nixos/features/base.nix
@@ -10,20 +19,29 @@
     # Core Tweaks
     ../../nixos/tweaks/zram.nix
     ../../nixos/tweaks/enable_flakes.nix
+    ../../nixos/tweaks/systemd-resolved_nonsense.nix
 
     # Users
     ../../users/lauren_lagarde/lauren_lagarde.nix
 
     # Additional Software
-    ../../nixos/features/virtualization/dockge.nix
+    ../../nixos/tweaks/disable_firewall.nix
+    #../../nixos/features/virtualization/dockge.nix
     ../../nixos/features/virtualization/docker.nix
   ];
 
-  users.users.root.openssh.authorizedKeys.keys = [
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCl881A1gvgCx+4ECrmJnO2QCTiqjaOLfAegKAAkvWNFKL0rDfsj8tZULUcyn87HYsRrdmqCOQ62GOjQyK803azq7QTxwY4vjczkJxico4LnIToTobcz+JkgF6Rf/h74bs9dHk4ZU853FRBz3wi/14rI10Iwckt37B1ayJacpELuzFobKYip2FjiL1vNH3tiAFR131z+YBByvNX+uJYEhpsI0xry9zbsSUWUq5/YFpmjezblzYRokfsReYiKJeQBeROSeRC/xFBSnikECSylNI4sw5VIpGXFIxL5xhss+s+3dnb+LFQ+zInOYxkVRydYc/In9Wz6Tu7v07K8bjvE7nQwHenoGtRW590Xu0rJApS+k8Cu16sCO2QFj/aI+gCrhU0ymM0aicr0hFAME6Y7j9HcR6PxYxnXZjI7cfqhO5TG8jot25SPzJcvH3EV5oPKtAkw9XA+8+nAI9czFlUgHnuMJAqw1IGOD3qozwqZ5yn1+kG7FZJRpvaPc5pK2HtqaAKJmnRuVaWcFuNALh86gr7Qn8IEp8Q+YyKmDqrMZ4KLJUMnVqn4y0HVS1eB5nVujaJZUGJWA4q3og0FE/2kH74WEp2ZtuJAoEPcgfZ6Ns7BmmXIZU7qu4kQoQ73b3mn6hCi5xlQ/sClzwHYkRPo4tST64ED/UIRPCYe1byNUWSww== lauren@lagarde.dev"
-  ];
+  ##############################################################################
+  ##############################################################################
+  ##############################################################################
+  # System-specific Tweaks
+
+  services.smartd.enable = lib.mkForce false;
+
+  ##############################################################################
+  ##############################################################################
+  ##############################################################################
+  # Networking
   
-  networking.useNetworkd = true;
   networking.nameservers = [
     "67.207.67.3"
     "67.207.67.2"
@@ -31,8 +49,11 @@
     "2001:4860:4860::8888"
   ];
 
+  networking.useNetworkd = true;
   systemd.network = {
     enable = true;
+
+    # Public IP
     networks."30-ens3" = {
       matchConfig.PermanentMACAddress = "c2:6c:55:d5:99:6a";
       address = [
@@ -42,12 +63,23 @@
       ];
       routes = [
         { Gateway = "68.183.48.1"; }
+        {
+          Destination = "2604:a880:800:10::1";
+          Scope = "link";
+          Metric = 100;
+        }
+        {
+          Gateway = "2604:a880:800:10::1";
+          GatewayOnLink = true;
+          Metric = 100;
+        }
       ];
     };
-  };
 
-  swapDevices = [{
-    device = "/swap/swap0";
-    size = 2048;
-  }];
+    # Private IP
+    networks."30-ens4" = {
+      matchConfig.PermanentMACAddress = "5a:b1:f4:39:a2:87";
+      address = [ "10.132.86.139/16" ];
+    };
+  };
 }