From caafb773acb07d36c6e8dd7aff0a3c9dd7f3af4b Mon Sep 17 00:00:00 2001
From: Lauren Lagarde <lauren@lagarde.dev>
Date: Sun, 6 Jul 2025 22:41:23 -0500
Subject: [PATCH] Mess with stronghold configuration and VM stuff

---
 flake.nix                                     |   2 +-
 nixos/disko/libvirt/uefi-zfs-base.nix         |   2 +
 secrets.tar.zst.gpg                           | Bin 6042 -> 6307 bytes
 systems/stronghold/configuration.nix          |  73 ++++++++++++++++++
 systems/vm-docker-host/vm-docker-host-zfs.nix |   2 -
 vm.sh                                         |   1 +
 6 files changed, 77 insertions(+), 3 deletions(-)
 create mode 100644 systems/stronghold/configuration.nix
 create mode 100755 vm.sh

diff --git a/flake.nix b/flake.nix
index 0d4c2e0..4a21f8a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -206,7 +206,7 @@
             networking.hostName = "stronghold";
             networking.hostId = "c581a1cd";
           }
-          ./systems/vm-docker-base.nix
+          ./systems/stronghold/configuration.nix
 
           lix-module.nixosModules.default
           home-manager.nixosModules.home-manager
diff --git a/nixos/disko/libvirt/uefi-zfs-base.nix b/nixos/disko/libvirt/uefi-zfs-base.nix
index c78602f..bd041bd 100644
--- a/nixos/disko/libvirt/uefi-zfs-base.nix
+++ b/nixos/disko/libvirt/uefi-zfs-base.nix
@@ -1,4 +1,6 @@
 { ... }: {
+  boot.supportedFilesystems = [ "zfs" ];
+
   disko.devices = {
     disk = {
       vda = {
diff --git a/secrets.tar.zst.gpg b/secrets.tar.zst.gpg
index cd61a2df4083c7c257e7a93e5dcf71ac56cd7c3a..92633c017421f1d5e53eeaeea53a664d1b6fdad9 100644
GIT binary patch
literal 6307
zcmV;U7+mLt0t^GtQPoXEkO}7j5CDKhIKbBGpf+58q*N!#OGnfn3a>;dS&-;qI5rh0
zn|!uJ&Ri|~*(0kQ;T|prOO;!TWuk5ta)l1&q|;1WkN9<`!gm&%;mg{{!zo_}$1Uhh
z$(-g!7^^QEa`(FVo^G+1yhr(brLBcBBsKaV)nA(Cs{r-f0{-b$6YOYjq*4X4Tos4{
zotnX&-}<aD95i#1S*sN7R}1UPDYpymj!a8nyr?NF)TcAAbZDrkkXDzDn|_~Rgsm6F
zN~SV^QISdVQGhzK1bbtm$FhRMUR`O?c4{Whh1c_;Ab95a`*SP^@sxl}BZ_B|7AWI<
z%#V64KZa_GhxkTS@j8HD!zM&;4XYd9j>6DmL*qif=CNHd&%*~0DzNqaZM?79(S|N(
z*ie<H)jR-G(4O?AMYW8-5b>rcYGl}jLLZ&3VrOES>PhmG?e+i1kd_}QZg#<`@BF)}
zWCZnatXR%5ePTn`srdQ$P5Zy01>3Y8c`10jVe-7~hMm({p9AO(oynID`YgRz<wRL#
z5Odfd^_a62^PKRqQ0!r>CSjA8`@kFNhI994<h`&c%Pd#bjxqz5jSERm<~Y&gV}KE<
zJHv3lDor0^LZX{ETX_Kn5(OmlKaX7qttguDo+)Y=zF)u$R_hO1e!idvmkZ8*)k^OZ
ztKlk;KORd?j}4MFdOy<Y0U{ef2e0EN-Us{zyT^$0V4Z5Qi(kZfUKIDfSLb1?$04zX
zAlYRM2bHapiuE-eXU2(DRuvV-hh};YQ6?((KbJ@YS6x`I+=&MO0|FS=XExCOui4%V
zN2dK}nP~tL1%b1_TzL$I{(F+lalmyWH@FeORsv-0;<hUA>ma43#0M$lDMj<lxxb-D
z{puwj%&?>L>$3)^B|}%l+#v=1^i<6=T$d%9DDOaW-D=@C5}EDi5L)9ab?O+!HpB^R
z4*9-aSh1#7xH@fLyh%G@IppbHGw~0E9}dT&+Zt665f_}g+<)4#e-2yk^@KCbnV9&#
z6dGr?ZEch$OGC3+tQfA=lhPrzVz>!&YC29u^VVc*AU*;jsG2urkw5we0F(S$Yk?zi
zbtsSNKWR^|$M&Ybp5Oz^*)OdqKW|K%`RQj|=hCj7f5c=YC8ui4dE;ia8d-Ku<U+g0
z5)`6}mcYy*!eDfntDmAm%=w9R?Gq;?K5uveE2^@LDaqYf=)3Z*m?i4_2vtMpn(<?T
z)XqzZIi*tbmk8GUgutiUk41G}Ou^}xUN3s7x?R<ejY1WyTBkp0ox>Iu{5t|x;VgVk
z$)Bd+`m<^7TP{0sIWIPtDo8_edS7|$hrl{37nATIxeNxZSU;U5qrkC~p0<Q)@#40@
zl{ivkRwin5Frf{8&N7y?IUe~n_S(5bHB2gtQY`BnH}VX(4mDCl%WGB_d}nF1rqwMa
zv|s&_qV!5JTJefSX9bUut|_m(ceuwdg!%&ZlTrM+kbPf&bc{sImeqi|`QAd79)F2Q
zB=-b|{w8w*5?93p2{ZYD$S{b<-0(LINX~6m8P?4@6k09YB=TfK1EZN}$6Kz5pbwk6
z(pG8Qzh0<73q+4<iw(Rt#!-)-*r6t*%XEb5eL#FKM_!!@Mr6hlxjG*QAsKTZUzxxg
z1v#J-#SS<B?|k(iS{0VYHYec(7rUoowO9x#7R%ytiwZvo>f&AA_$}gh{$fc%@qTf6
z0=3yVWZ1*NWUsEY;y2jCxDQ^Ah+IzYzn!~|F2K{@TfZw^h=aCDH(`S}z(rUgzp<1g
zkfutgB0owdql>u;17RZt7C(@fx35xvCaiNi)PO{^4}HsyurwiU#J$ilR_OL7<xzp<
z{&MqxveKJ#Fy+5vWMOJZTyW&h>2y*afa?9&zY<lUT0hM+hb%T-GrP5?s|)p`hu?|9
zFPU_RS7?wR>KU&AOrS;F^^D?k^-*Fna|wgJ-RrDDCdn37Bm%sE9YQC((u?5f%j%6i
z9%%k&Y89mEf-nT`*WA^uFr&2;b|{%kSO=0F;q=U2NU*jNXs%+fVGJXIzK1Z&Ej(x&
z>W(MiZ*CN{06}kRIvG5RZuMfltQ^)Y1FK=w5(#rEq4Vg^o9K6@0GP|w>wZ_5OZ|do
z93?qa%$Z&hnlLId05G{|%n@sg3!B^Uw>lWCh%xZrsn^(p8pDK9=4Z0~qXxoE9ZHyR
z2c%nVM$vSr1BFvUA#`xOCFDw-plU7vw)=bwhU5a#6!`Z}Y<kcvj}`Elnt#z)Edr*m
zVipA7zlQr1IR=S`i(krO8T%VbD=G-{hov-xx)luefifO5pH4f6qyBK%3IsaMhibvt
z%|<pINd3lovqF~%MLQNohe-P?Kz?A(C~RBp&<u;3oNEq}gp37g+zvpyldT8`hQRaj
z@v{DxV%#M=4Qhq<1G~#}T?jN~_v+wmAS>J+Ltp!HF_5(orixN(?4eILjJ((i!fmPb
zKz49pjh#C@l99AWb>Wf1S&sB|d|1}e8(&o5o-WfWUet9}#(JDT$(!;0q`3odIqn-S
zb&vNHDGYop*TP*>^-<ieBCm2Rq-+=+PZLxL^527XBq7CvpUh<_8S$wKB^G9VRu+=t
zu{_sPFw_cH(MOvHOpWKXx)anAJf^_7u>1{lRgo`JCJh#p9H%ZHMGfX6Md>Y~aJ8<y
z^jiet*QZ=4u7DA`h1|RNz#tDV-3|>$f~q!BNL8K1O@=}#^yEin;L7bHF?(jhEm~$4
z=y4$#-pi{wzwcCSLVj_Uzy$UKXan`__-T^QpR=YM_KaA7Ao_f98WD7zQt3%02ZV0o
znN?Z{{oOe|V4voc2&ztR{@Q42=)_^8d3`VChBunzdo@O-vB$q;IN+IUoufQp`RwCC
z@;Ml_wQw%$g8^mzC?%W=n;niug32|c`=CvP^60iIsSpDE^f#QZ{3ezy6UZ(}2_39n
zql`cg^S01i)6GX~Ks4r5f33xxYc&2lpTYfY`pn>U+A|ebD_p~3k-H}8gE1wr2$Fpv
z25;E0jnK^b9RT5y6<qCz#isC%Y41c#4f@7n_9mcKNbBrA13z=qmaFd89I)ci{-F#6
zAQ3fW0WCmGZ+tO(KM6|1tfDJ#111$@5_eVcd%G@?I5nX8JgLQn^dbln`>k@(tNDD_
zAV+|{3u-#b&BwHgioF{(4RQuz)dx(x(7>mK1ZsrwpsOX54}q%a+@imB-y$OaI%L;8
z!|Awr-gKo2ki6R64tMi`vC6I7Ngj5Zl7m$$sG1^N5CINzt)F}bp)7IRf1o^$nt=T^
z+?;c#erzLDsJvAUD=sH0d2Qb7Skw7g9vM<`N}<W0`ukcZ2Yy+Jv32vn^hW3-p-I|v
z-n7`6CwR18Whs{R__|;fp~@8ZN;XRVNJfFPmM|z2$!0D=qUy4do`G_LvBZ=d;KP7W
zgc~DHanMB9KY6XWWGQv$7T*@+P%JC?;d>;w!L^95^~r#5hyCydF2NVmJTL0aSdj)c
zT^%E1OPgs-a0<31YHIk&89057_FoDKaZpsG+~!q34;<4|pp4&?YuKbt;W?Qq<`ss5
z9vU-kMnm+w{yBB9gYH(If;93sYnPY1Nfb<cC58@RRPgE{x#A~7j@~Qa)joXU{Ivhy
z2&tl${|CEIGk?LyCGTj^0M>C;Ps*YIYxiGi`ZwpY2A#^<Y5Z<2r0@UXRSE@ED#Ufd
z^mn)eKr51cnKF6FbwWa4U)b@k?Mjx|8=LYVDeXyj5mrPry`=yBhQl>g`nd(u-OLHY
z@w|=7Q(d0!&QK_r)Y&kw^Y|3hcCv^R;24og=?W;ZI{yGs_hHc=Yo5$bSc@8no9D=K
zi0EvbbREf{E@tandn==Aw|>ksN;c#VGXL|V<m+AXG)nFm!fUP5!6a7(|6chQC&`#`
z(|GQ(?Q(m^Q|K$GNjNC_kLn7D8%Y$ESNxBy!MTEWOx<yGM1)nX=r9s*jF5+S!?Y4J
z`z4IsfWev1I&DI`xgbxN6rtVqF`|~`$N$jc<!6(#;bD5z`~j&?QOnZ0F0M8<_h-gi
zxU+p)8FD(J!Jeul>+q<=sizOLz=+s}!u)6S-~13DjCTM{5&?kaWj<_!o<<7Q`A0<X
z%0eY7uc2rlnV%+Q7G)DoqzbF2a}^4$tIn7fGr}@mc)}y6e8xP}5_4+2CnTKNXt=zu
zQ>`jbhP!tt;ErgrGa;l#L#(0LpV!h+JDs6b&l-%g&RTp%`#5&5GI|iyE6whI>{BRe
zFHuTrNa(pjkGc<j_JC)@zvB>=T)A}`Jh8ZE`H6gbvitnSn_DWJ#Q1X*U~7jD$OgV0
zUD(xpQi_^AKtjIt028Y-v8;zMm$nOzU$U~mCrJRZ!y;V-FLBPW5KE1hT!}{OQp(xJ
zyy%Feb-nlBDXoA<fW2KOO>N*fMrUX$D(VoVjk7|RUA={a0aPjGSVHLaT527fouYZq
zf0~LVsgqch%bTve0A`&O2E99kQTPG@WB}`*EZ9dZ1Mto#n4_q%KDdnFT8gG3eRqKB
zt8C^ZXqDM5Rfd}rzY8r@#FwVuzBjG7p13{sSXqKBTXw+K!rCSO=y|=)b+Cj=j&;e`
zcq%>iH~_aOy`mc8GpUXzTre42#K90`5pMyLb%*H3ED-BIJG$SxLS?EQihV1%Ug^o;
zC`zYcpZ{JI2~+_&F&AM@-TvoBP%bg`@*79X?>}Y#Ql8sKg_si?xmPa|+dia1cLQ5H
zN4Sgo)}drvS!{jb5?_L#?%HL6#BuAm1)v)4!{pG{6Q3Jzqd0g@7$jgUGL*#k=F2HY
z`f`DE$UwP%{FbD!k~!p(oR+q4K&kgj)6R#EAaOK}^Y{)v1gdUA8QYOqZ?wVkZf%c0
zG+Q8oKpYhSkfv$wWFhFn0yqkZW#XRYO6@1Jn4JDBG08~hJVz`6p{Jm?XdYtZr4%05
zs2m~~gIRUv7pelhsBZivtDbwxKHQ?vbqsO!tG$$5C=j5RgNudojcDc*zc|)umgE3C
zT~F>~F-yS66ugJH?PkPg&0jIk$d_HEHjos85-#wsNRIkQ%S#EvN0rGe*<3z{uf~fL
z6A|(HYdmP&fGezLyDpS)y)#EpZ8;c2Jw!5k0rza)`z%|jlN#^COHDaiS|X3eBc*mD
zjUlSeXs7xZhd)opf<=iC<MV^hurIkiO1S$_E&B5ksqM=CcNTjSY0*l=H>ix*M1_Gp
zE&r>N8e(#14al@{0hO!USU7B%p><for9st}&91B)yS{g2jaEuBe6JIKhSfszoB1SB
zN?eD2zbcbBjFv4t35Ds*`wJg=1jSeO;zBN?B&#O>W+Djw7$(AUwMEw_nHV^Omc4FH
z$^TKpzpbTq|7^S4nYD*0!D>9dN~0lJ?HcD8s7M-js&DJtitiuZTa;|`p6GS8Su8_^
z#MelG)2A&;gq^(RD&=tDdKP6@z|g&MAZ{+aPL^W51sNn?3P}uB0Z@|RPm%j)z`&Z7
z9N%(A9WTH5t|AcX#x)2J5;6jj3dgS#oq#qG*PO6v7%XM&!ecXb--nWKh?UB^fE&?y
z>M(X*%on??wD-83Gc1(il{dDeU6ng3*BwS_n(Qd@E0qaeq#V@(J&W`P(nGl>J{&>!
zA390v;8|wJ!S3%P_9f=C(s>p%lVstoXUxbT@61A;vtEa8^m%&-Ab0-Lefa{FFMZO8
zTJ5;gTiaaa)vK&=Oh9!Du_!1ca_pe)PlTInh=Ts8&Ov@AB}R#EdT`sjgw?rt2?s2Q
zT^sgCsdpizzG39c<-;jCudkPs+@X;bW3&zBW1O|0tOf$vldDIvLf4M6{Hb{F1$76A
zZYG(a6uNso@(gM|cM|Uk+ClOox->|SEH8W`ZvE22z4s;($D`4E<aP%6sN`<ty_97K
z&Xqy|oUnZI9uZ!UTPb`{jvRjl!fI{f`soVPOJ{|zvK}RqhfWOd2LWz@r~I6-SOM$o
zt(l!XO_OH%&r(U1|Ig7sX~^cis>mjXa~}Q{&mpk3a<sw`Z!j}^K@u6oX0g?$C5WB~
zfT=HKFO;%fNzK&C8fh5abbh@3`mPaqyLx!=gTPZ44g4({nLX3aJeuI~Mh>m1p&RrV
zzb-OhB|Tm~G}&YX&a-WGVQ1YLDH7;}AG1y+v9=MQ#dbDId0s3)?NrFNH2rXm)4(>M
zr(~7th*a8)Z)$l;WGS0eIPwE`!<)#aknhD$rs-54_Ec$c7Z92JyItBoPBciZbQ=!X
zPkx>I5erqsKbfA<emzo48eDLO0Z)Pn`_*s6v$9AeZ=C9^l0S<`VD?;+2x)tze<a7F
zcq9QQNwv1f3rtX+vk@p_ZXM>l1VHpho*frv*Y`oU12hL@@8W|VOW}pQ$9t!@m#?o6
zJXby5Rv(F?YP<Ws6}j_6QGNQ|ia-#M*^&Td`Ck9Z@#Sgi@50g7v$Ryggjcc=e8t3w
z53VopOftp?+63`UL3C}iMIkH$%(4dEN@7J8)qPe%nYPMEanx6&<V|5DV4hDqy@0B@
zR=ra@6D)yvAqGl}5#3MhbJ8{XK>UG5w0yL&$uvqb|GA;dGq(Xx5yuo@8KwueRq$PD
z=!=6mDzXpM4V63LgfqTCBsIdTU!HANu6d+@ZIOLT{gYec#KJwHxEO?aqq?W+H;{w)
ztPoaY-?>|P?8G~ay+}l>6x&B)rT8?Kb*wrDFWZiv@-rQQe3H>TnIjA?t1SXc5j0t1
zIq;eL<Na2iMhNcrprlXI1+X6rK>wX|Ig7Ge-A&;6!olz+^=5jcc5?v-N}r`P$24&Z
z!2A@A@an~x=nMgvWm22&{BHzo<40JKvGea}x*7qse!Ni>CarSJ2NLAt<eA)yzJ-@H
z6WG+h{N!Y#g@9pr%m07^(*c(1KArS?<eLEfKP)vRo}wFh@;i4SV~6(rhfc9m!K>`$
zO+7@if~BSH6NU6L6tE1N`FxDYlxn4~yS<fE6IM#FAZbF{s&knh!&8=FJ(+^~i_@D&
zf3(5QEhPdn&2#DKA)|4#Xz`|`GV$>Cf0h6-tPRS0$@+ExJmLTMnG;}<XH52lQh}j1
z6xvs%>|=}w!y(iO{XA@7in+(mgHYfYkd$pV;h?Xn3wcnlc9@B1C^9jm_Ut>(Q?mSf
zit8o7cpVYtYiXRqV(+F&<+GXe7NPHKgV54TDNXBeL(Vy?zx`nJ#F4<(<o=RInxGYg
zMEKdTW{q-Gr6694jS0=b^+gqqUU8`e2;R|srbw1OTsiHuJ)3g4qwSJY{$Cc#(_pyU
z1HEg9HM^CvTgBR-V>Cv^Oit@V%5knAf5q1*<=(imwICSfcGg#DVF3kF#`o%-5V;$>
z%NNe!PHZ)huyJ$m19y=ClS&0x(_;`N(!w(P4fX9Hm#p&3uqGBoXsH>NwP)&iHK^u}
z@ngV!b0I{iwNv?^U67k@ly7|pY1$uF8D=q2rJg>%Ac>^&qSVKPz+7AD0OLuJZFe-R
zQfERJd<62kjGUu%ezK$F4;Ke#>kQN<K2$ncO;oVQd4JjcPYEjj?S_HKL&OUF?}AI+
zyf*Xld+90kbeNtWM-3z*y2H;OvFxlXD?>-#q*c`B<U<$>b1(a~I4a$tU3TFnvB=p7
zWaG3tyhQKmkVLj{(=MC*dcTZf6RsbJ96b<UwDYffePaD@Kq-JZkLQ55wtE__g5<l}
zP(UY1ug|hX2XsynDk$<u7)kp0L`Y%_^l0M;fFK;{@a-rZ`}GkoJbU7GA#w$mk3X2l
zcL39@Foo`WB^voIMy)*T%@XJZqR)Q7=bHuaA_uSBPvA$GbU=GlrcQo+$<f9M5s)b_
z&`Xa;Wyc|-Ucp*Y`=|+x5GJDA&`FO6=}`$t{7jl&+jbs2UF*m>@I3}%6?1UP327Ij
z<Zr36J&YR6Dn}$ffe*h&@7j?=qC78uc};`87r<3}2Ikvk&BH2P{t`X-`(dpyf8anO
z^7-#NaVWuc_rLR-4)^Vkjx=3#k5OC(iH87^(s;g}1W~cH5#LOfbH#f|>3J|A7~IA?
zZCrLY&1zY2%;ZpXii616>6rmxVi-rvw7x1wfcvMY3l$AY$SRO-K&m4W)U_BG&yF8B
z;SHX8n`vdyM{Ifz7wwS6%*>p3fPC=SKY%qC5@nNaOZm08jkX-+(9YZJ6DWL!*8L&1
ze4DvVIBDP34x*3r%ZjY&nu3cs&eW3c$x^<nMZFgy>1ZH-rXLr>@}RPQ_ygfoKo0fu
z8a+Bi%)3LWe$Wa(LEBRlSIejvJq#&^;gg(7>+}<|dJDqmAO8b50+HKI2$c2v{5P)t
ZQxxf$tX|w;rQ}}i6@)!Q);w!FPX+#%K9~Ri

literal 6042
zcmV;L7iH*$0t^GtQPoXEkO}7j5B(kwS36wsI?o$wr}y{p%!CY2bc^;8eaTYQjpaVJ
zm~PBQyDIr^Oudy!Yx;H-WB@u};cm183t2-B_ydgp3^zJXlfw3KK>Ca4Z<r)~CW0eo
z?^5wuy}^XbHI2|tF7hWwEIJ_~VSqFe)@PZNhKJb*`+&X5F^WS=z@bQ<2pRz{l@_0-
z7G{W66ZZNh2~a+{EPtH}lcZ<vei6TNFOo<iFvA0o)(EBcn~$Q4CBEMMlOez;8KnaC
z;gUI9du-N>XJ{mhX*3|&nTOqvJuv6hSlQ?>W6$ls6jmc+l?8o#Va3MfKCMG;3(Nrd
zX~mlnV8Lf;->2{H8wR%nA{h4DxA{(YhEi*2H8++FdGIYd#P~G<0~gU{n}S=dyVvKX
z*kc>UgkJHbZkoJsFLL4{k>w$jA`6=&YI5wiXOkTI(m{Cz!A5Ru_*E)}F(|2UdQn2}
zuCO14jAzrvgHBHlK?8<!Rrte&<u6+m@38ReS38yscrNZ-{T}Vz?6XHNu=3?jn_7>c
zlDsK0#E{JKz9t4jo_<wPD23mM2;vY3?rs07GTe8XEr+e*qYA{I;K%u7g*$UfteN)%
z!9owTrhhS9r?-9J6rTBhFu?4}K2CYja(rn9BwoT#c6D7hKkhxMc$OyD3goN)7`iih
zSFuX-qdCRGNu;|%R1(ta0a{(BnI?^<d;`DVE%-u*=W2cGcT9@GcPK^Lg#{|W3n#ly
z{;d~c+H2$An3iDF1xNV{m;CwssNrRIpYSVa`p8%`0PgprRpE8!S9vE5bLkQ4mh`}A
zXpfN%Hf)_0wqvq9r~z7ZFNkMM=ny=8aX+|$4Auijj<WQhoTQGdKl@pUtZU@yXCr{b
zr3;G<8OqOXkc6Q(A25tC6gwA!McZ>M(Mb*U9%bPn3CGE&Q4sg|Ud6hWbpc4Qd)dtY
z3Gsm?QnTgnQSJ5(7Jai%949aUPW$MyQq`o43(2&Egbl(2`Z*b8TBZ6S6{akGO1fDc
znhB=nYN>d_KDhVGUp;o2swNE+sN-;afzPy;L>COMLEMvH=g<*K{ih!HlTGNu8Az=X
z4~+ROoxHYwbOcgAQw0XxGcs3BRqAKbGy29);FDrkO#E9HG68}1nt-s6$alU3_TOZB
z5aJm<shj~`2Zml7jL)7;bGNBGRWE%iSD>5yx_N~>#T{6iv{{jL6RC=2kix9Ww_0!*
zEx}q(75H<|V8uYu)x0>i4bqOdnHg{yz<{sy)J`>Ut(_sEQ{3CE9Ft*)>3I&T+dtDA
zXh%|%j6E3WCRzwq!vdEzX8{u=pAo@-mQn^e1Q|T7S5xj6j_1U_2W}E3C18(LqLH*i
ztUviijJ8Tq<mDwh)kyPz-=0~ZSehm|bG*X<6p>Gf51i2?_I%zz+Ou6(vtm(lqu0k`
z325Au|F5L_=+p1_$bNaO4-Tk^9tYSyT_T=?ank+~H+MDOM5Fv6OtcmbE?ba$(&CL<
z(l2^cw3DI--Fp{t(-?HiF-C>lyBS08N1;ykR5k-IykQPod4pnM>6U5rNf-q<A`~{X
zg$N-Tf?jCp!8TAD99wj+t+JC8V_;AhUKwl}DFcS4QI&(O+4NhEeqUM*B2n0snx-a=
zN7ELI+h^o>BK(=@*O_d?M?orBxsvjB2ldW@^FZTzpF?q*sp3n|<AcE0cE6CkOr56z
z`95=RYKBymLS~AJ%y9lv_2G`Iw7Wc7?24{|%jl8V!WmGqV_zfoH(;6{%CD9vV#60s
z{diKD9@nEa&>m>3Soy!5))s_>pD5s>X88PbR(SV3fC`e!VdzC3czoERHBkg-TBuuH
z7c81Z{S>iI<RLXtc;nYwX5M()fUO5GU?!bWQH<Uouo@Ez;u0?3WHo`?F{d*g;5cw1
z1Cz{jyncGr@p)gW6rGa^^CCe&nZ3zw#qpBq4-(x6&hf4_2WOlv&v401Cexk|8*FV<
zv$ZM*FXd$0x8IB$L#exBTXewqUUtHKBbo}TOI!JBNxy9u?F_Gg3W2lW5^+5Z<TyH`
z>fYPJ`O8h@Tog&t(u+vq@8!E`In}Xi_hEW78X$e~T7Es|RbeyaJnae!vm1bz@B?9%
zibayUN#TE(PQnU01m8O8U=8^ZUky7TlZPjmY1z0D!sTGBfK&|{YAUC<CZ*n`Ebj(_
zS5RRd3f5LH#f2Jntk_{;|Gc@@9V%%4y_!%<DD<)@Kx75DJ0gv8QW^NXK9B$VwUw)j
zyCoh2rMVDtjT~&2Iy$#cd%i&gp+D<DwgI&ytyp8h&CUpeogd><@I<Y2a70;fyVe3<
zrr9)DT?ynpN0Qmm5`eurmzl=p4Zk1}jRHae;ued)q1+j>4QccW+M~$R`yW2586Q}~
zZk_$*xqwBl@XPAvo{&W`rkEXo{dI#pSEW}mX8w}BqE8v)#&)}n*xooSIk`TqCHO8-
z8rzy&rz*vvL*)H9$;%p^@qH=-0As!SnHffQQ$rS<HiK0FVuU7G1}B-@L@?<9#~Z3v
zEJ48y^a&BYMwrf0EISD?AFO$4V|9&98&khdaCDq!bF{4yKJCvc$)~?LD)=D(=?!Le
z#2t(H+-7HDX&l&}*6Q>I@Wh>DKD_O#Q+ew&j{{Urfl|CW{pZZHxi|a+@~Ltra=Fre
zRkBzzd}JQU$6{ibk%KyzOu4Y^FursoK`{daqTD;sA(c<-!M`ry=dbYvM?|vSoXg#7
zHEj^&hW+@$=N-Ru;;}z7hCNo0{;}G@k!T?ich(hFW?wlr)?qruLEj$eiM^~Tuicbm
z{HosRvf-R1d~r?15s+UQ?|fw8!NyXBC(7$Fv9Rui)J5?Vqc*ph7%ur3%S30&+7>xf
z=TD~Up9|KpZ%ym?q?&biLd9;H{(QAP;E+*YuwC8YG61_JagZm`^u(Aqjw$@kRo8r2
z@<uL{=?!5pzwbcix#$f$i)@bUr2-xFIHyf~(^%U<rIHNAIG^|^WnV$z5P@!_B%&=u
zN6RQ&AYm>ecl4)Re#XB%vaH7o=SaezKnPd6vO@8H0dXdz0Y{=X0s;a=9Fo<ev%FR4
z>h$x76rI+E9EFH-yF)#{GA(?i)^Uki#Et7YOW;Db)Jns1E__Kx@tMw}G!y&L`ncxi
zgx)m<YBMr?`H^)#`4n{eGo2T29bK;cHC~2YV!`?g0<37LQ^LvL=57^m(7*w`A8V3+
z5zF!n<Y_o<-xdx#aEmPORN_G#ZNmFW;x`~8o#c9gqx<)4_L`=WSF3;Fe<0@zKAIOU
zN0pn?7_1n?d{W$USIT1oSyhT8fJO)n7G9o)yUOYx0%M-;C4IxF=Rb?&KF@3+^4OHf
zVt&T66E{qhfF*HMAIaoJ5Byv9;RF(%wvFo?78#UhOoKDg8R|DH67DQ&qxED*n-m_z
zZ&(eAkfWQQ85Y#7B;j%VxWN26KXqP&DsyglDa}9ag@SvR>RVuxr^_a$%Bqi@<Kd{g
z=eZg1gQmEZ!~ABvr5J*iUzz{3B4UwqA$lNz8wC-z*)&F{yHu@OL=VM!nV=;roEm@4
z&={`y=hrK#yeWvTWwUyDlS1Z61I0+@+%kA51~f)`{N}B=CL!&y@UKPPYp9B>Lzi@l
zb1F(_ylzLaI5`MG&l2!E2;;kK%kS|9GGtJ>_Af%8p5P*pZh^34=1TQW&!TTtYXlCG
zw7Prcz<QCl!WJJ;TK1KOS_Yw6q7(D$UYB`n3?mnR57HOj9%9Cgr<)|)j``V-)@Y+%
zlyI$T9bhN<rk+AyN?lCSHgxA&b9z0{Ehh@=p6%;UwpCI}iZU&972vmLz=b<kMnt_C
zu+WH_D~5VZI}=pS630P(?vt8|Fuq#NgDY;#-N01K<s<a1bTvg<;h+d$)?|{bqmz}c
z2q$aqJSgLsYQrrM&t?HvEiqOxAr+>5CcD-h1YLS0eN}vt=P9sGE@v!zr@}kKUSN_T
z*b|2XlZDIgG|`=_vnr#rPmXX#Tg-Z8hy1EnQ<39U24!egYfoaguhu}T#exMbZIn6`
zRcornxzf|vO4pj{@yP3Aa-HErn(1^y)6F`&xu*f&Q?2ra#O7I!TO738y3q>EWl*vV
z#_%@2c$pskV1(?e1hkD{OM)G5fA3bOyw%C<!We!?WHOv0Q2sn*q~=1E+Eq~tuSg*u
zluq>BaZWsq2=lrV`1IUuR2B6gt|#dOn&g`LHUMZz$6c=hQ|1Vai#1AR<mz0;cmTdz
z_<z5(^b_sI!+zcz@ACs}{z<<^Ht#OTx}`B`D|p%62F>)<HMg;ermYLyK-kV*^+mm>
z?-POJ#J$^_{6}c!{@AegX!v!9ic)IfUs2)j#-VW5x`$5qK2Xr0M67ODYF>S&%<Ao_
zTO-%O8Nb%GD%>#Lo9PYv4-0!}<UI!8I-lNc%%fo8dYr}Zrjd0%d+YH7m3Br#j<NEa
z75=><9&T#`QGnoVI{#NP=LDw<jGN!bK)wL@j_j&KCE(DOMePt~3%XMI;Q6fpa(Sv#
z;UFvOEd+Wo)p6q-9)4&1AxoMvgK8rdx+9Mmj*9j3FuXsBxE)2T5WeLELnVV*?X#`(
z=OIhbAcg`S;+t<quT18Zo?RjDDDyR7_Bd>dmw|GHunpd~srX9ZN#Q--Elggvbk-zP
zJ=z4@61TWQrsO16*%EKz2jqD%|4TUnoyBc8g?V%$nBihmJpGPY1xf7=S!Vq?wpMiG
z2uXnPC|mGC^X`Q8<c*n)*_!NvYvt<_E^eV*l`i^Y)-Ri9&=*$gd~RRofUXMpv;eB$
z5%u36oa~t}#)jFA9K3-1z2ZKL`3MxTu2mVCxorZ?Lcgv-A>%;I2@}v4ETC4q3v~Ha
zso-2BK!!X3)*yRRPlhbs{)La_ZfsK;u*I7-n^mWzrUqhX9GJm=V*DDq<g`?@bFTV>
zn=6vPa+D^Wg#I1{t`LZ$)PdkIPDn#Esy9V5chR8R_w`AOZxg1@C_!${-)|OJBfCR%
z`1ghhMK$^5W4<*VgX}Lq)US&>*@S(-2WvkP5?rgb0jYCB_I?5Ew+wC5U-4jiZ3B+r
zjI+AvmV(USvn9lVXK4j>!PN>==0A;opms%c_OX=`oZX3!RfDb%L2-JA_HG$u_)d`T
zUdz>68u?kHphcUQyjiIs;tWJ<!317861*nRf!kFDrP5!<4>e8%r&`Gj11@6^sU4Yz
z2!v{@2epI<u;@^i|CT|H!f{r#Eo<Pu%T9%C<kp%M1NX`!Mn++Qg;hp7Y>Aj6$U&*=
z39ftN%(Ln)U%$CYXhn=9cVNvejpS>m<(k^oUn%{3I{<q(hwNiW;gFoK=vUftfuxgx
zPEY;8`V#5F$h94Fi_=INAKtzfVGMl^b8zQZ@><~Ulhcql%sw1M=iR>iz4!rHVa={i
z-$j4{*_vDx+C(IeJ2NtJ1D|~51|A@`<z7QPM1B1@s0C%3hO8+LbNehNj3wMQ^8?4Q
zQ&o8Va_n|pIlQZu-;xUS9szO$USt&KYXMl*3(!aFNTvb*G5^?yQs@s~A>Bm;j^`wr
zw6??w6ENG>uKD%pQhKh58*kJlOh7M7eJ;kh=!gJ|G!9Y@?{B;5;rmX9yg_|~MuwWc
zn9QuTEV>NMrp0a8;6w@Kd2_RR1HN<fn2-CEwq@!Y6xW81`F87B;9K7cl5DuWAg{H=
z)ZfYzKjL9V1)+WlIzGDXO|fj}ELMKNf@_H3>V2h1im8L5{FK1yD@8Vr_m;F`pHC-L
zcH~vhW;4gq?VW@w0^@v3elLA->vr3m(3ccRf8N<@Rxr7)du}P3+4l$QCM)1ckj#F6
zt?JRX2tM1`rxfwC6O@K;M`&F?eX`$SqMF8XfJU~GPe%i3Wp)R|>vhWw6dvg2yg4&Q
zPifm~Y*9*&$v%74FvP&x45UaR9tO5hUIiK)EhOHRM{w2?)0ul%I$X<wsNHjqU(b=?
zaeu#ga7J&dT_kANMwPp2WbYk1`AkD4Z=gFliH2p_COSCyhzd+)S8QPk3;RTkaxiI%
zjYQ8VX3@%HVsruXo@vvntsW`#aG%>|ILWbwauCZ>$yn7xn3Li`3}q9b#=QA8r)sVi
zw?<!#o~x`fF^OD)82&~tGt;w&RS)#mL63|V-)xM>WhrNhoH!aJNe1ocaT=j~&*Qcw
z0L290fmiVC$HtUCFp4@`=D*Nj;bF605ve!NCs>YvxHUGBT2MoOcnFq8x{;iT@D_@@
zqXA9ers>|XqtCAm^9Ke>Z+b?Xh66PLBQx!>B0js_+HA6KVmI^SCQXotpW_aAHVYI)
zF)(}_fO#(WNRPwmcTkE4eC^f0Ax;_YDJ<_(HT5@usN$5qOjMt|zHM=8Hn52~Mi-fL
z72I~3SeOeeKXL+QAMEy?j#xjqC_79YdlF&RAFz(`|6-;K0f~eh>SO}*t#QL&5lYrO
z0Ej5|wQ=&yDle0P)Kv(?c5d{Sz$M|OGyOxM(FHh7q#J6_6~z>()Ant}Tk>)KD>5me
z>|TR_996-t<rwyjTkIp=-TI@P1SzeBS2s2;-R*0g@*7-Card|Q(+YV}LMflztnB@$
z4jp<ms+8OV^?mqNsvOF#xbp}JMWvG7Yu2wX5J&#VxKU_}zAyJOV0K<Dk<Q``3!~)x
zwn>=BDR9Tv$XDjYE{3V{B}V{(mYGSHk@)%bLa&(=p?yWv;|+(`<%hkCl89J#Z!u@A
z;Eee$aib{J*OUi*wQNI8fkCBzFH{T_##;~+i+uo_G>!N~cHhM_#X79f;fAoi%X46+
z)BL4PB#UGpuDfaTJg;2rHh(15U}1jiTq>sUL!-t2rZVb2s!j@wzN`sY@_PRS;||xK
z#>xN}WMDmt#256~^i=XqHN6il73lKq%hr{1ipaNocj-R1lIDk2aONb>R)^Xu<iBDs
zzNzQesDHFW98Ct(5g|{s!Mf^nR$=p*{HO$olODz_4}7iD=e@d8HAQsr`Fl)^4oj?+
zg|k|33JXadZUWus?{h>QH*YmV&Ta|~NqPwMT2njXx%#O)7BUTrY;2x#S7$I0ssQKl
z%!Yo%5DO$_2%?NwwfE21qmLK$fhg>}m;G@2O49`K1E4L&H?mYx0xC1<=QAYC?p9A-
z7(wc(ALGh4QZElJU+gZ~gH7@K9q&Gp3O{M2#`7df1I?dXTXtW?_DHgH#=rJslnZta
zpK!24%`JD9Fd0(0RSR~Vb}vMxG<MTC??-I@1pLPvOn!k~T8I3t@jQ0%U`L1_G4i<y
zX`T0Sgy0r%**KNV*;4IE>*kR63R7O*WI9TmdvU}il1>k`JQug^`}_u@??|TfHdn{=
zk_dY6>n7?NP*A92LpS`;V1?Cq&4>B12r&NxUA^{s2p16|E8$|<mBC~L!=@Fb_)Iy1
zd`5Z`)dWvcV8orB^v;t19gku_r0)5y&F#RVlF!Y$KsM$tgZSUtI!&j*#D6P!vhor^
z*&-5x`sriTN`VgsxfwwfpO#(gH2Z`K;$8w|qnE3Hv~%n?iy~iUt6c+{xm;mmgwob8
z(Ynu+w<u)f|M8!b1~4vdvF>sT^xc?WV{Wbrrpa5t7Ldtct1^%NOT=)cVXuDg(XUe>
zXyM@G@~xmZ4vmr@w3pYakJmtYT0omB!C3}^of#Y4&$}~%whWhREvF>4pDU~B2s(wm
z(cE3FVGavh4-*3qv|fI&%&ki@#N6+1gN(|P+5Xaw;+No^k=6qp0$X6a*V|K;jL*hx
z9$A@LJpOO%4WM%m+<RVrpdO@>VqQG!%ejYPJg)y)4@`2%o$p{IX{X`;jo(v~GM?<|
znk-nPcH>&~OI|rkpJ2a${rxD>Bt|bQWv-I9s)tgy7V67@1w8NL!#u8G6o(q2Q+~BP
zfJ~8-S7lIp_c?#ee{WKg!v(Jk&pu@sq$AXEO?IXkX+14?rd;0tzW%}xx&W)LudFf(
U&hXf%$Ocu-8hTG2sKdM0T#Z%4cmMzZ

diff --git a/systems/stronghold/configuration.nix b/systems/stronghold/configuration.nix
new file mode 100644
index 0000000..fe588c4
--- /dev/null
+++ b/systems/stronghold/configuration.nix
@@ -0,0 +1,73 @@
+{ pkgs, ... }: {
+  imports = [
+    # Core Features
+    ../../nixos/features/base.nix
+    ../../nixos/features/tui-apps.nix
+    ../../nixos/features/openssh-server.nix
+
+    # Core Tweaks
+    ../../nixos/tweaks/zram.nix
+    ../../nixos/tweaks/enable_flakes.nix
+    ../../nixos/tweaks/disable_nixos_user.nix
+    ../../nixos/tweaks/systemd-resolved_nonsense.nix
+
+    # Lauren Base
+    ../../users/lauren_lagarde/lauren_lagarde.nix
+
+    # Dotspace
+    ../../secrets/dotspace.nix
+    ../../nixos/features/stronghold-binary-cache.nix
+
+    # Docker Host Stuff
+    ../../nixos/tweaks/disable_firewall.nix
+    ../../nixos/features/virtualization/docker.nix
+    ../../nixos/features/virtualization/dockge.nix
+
+    # UEFI SSH ZFS
+    #../../nixos/tweaks/zfs.nix
+    #../../nixos/features/initrd-ssh.nix
+    #../../nixos/features/virtualization/libvirt-guest-uefi.nix
+
+    #../../nixos/disko/libvirt/uefi-zfs-base.nix
+    #../../nixos/disko/libvirt/zfs-encrypted.nix
+  ];
+
+  ##############################################################################
+  ##############################################################################
+  ##############################################################################
+  # Networking
+
+  # To generate keys:
+  # sudo mkdir -p /root/wireguard && wg genkey | sudo tee /root/wireguard/dotspace.priv | wg pubkey
+  networking.wireguard.enable = true;
+  networking.wireguard.interfaces."wg.dotspace" = {
+    ips = [ "10.13.13.2" ];
+    listenPort = 51820;
+    privateKeyFile = "/root/wireguard/dotspace.priv";
+  };
+
+  systemd.network = {
+    networks = {
+      "90-tinc-dotspace" = {
+        matchConfig.Name = "tinc.dotspace";
+        address = [ "10.86.84.3/32" ];
+        routes = [ { Destination = "10.86.84.0/24"; } ];
+      };
+    };
+  };
+
+  # To Generate Keys:
+  # sudo tinc -b -n dotspace generate-ed25519-keys; cat /etc/tinc/dotspace/hosts/$(hostname) | grep "^Ed"
+  services.tinc.networks.dotspace = {
+    name = "stronghold";
+    ed25519PrivateKeyFile = "/etc/tinc/dotspace/ed25519_key.priv";
+
+    chroot = false;
+    settings.ConnectTo = [ "fortress" "citadel" ];
+  };
+
+  ##############################################################################
+  ##############################################################################
+  ##############################################################################
+  # Services
+}
diff --git a/systems/vm-docker-host/vm-docker-host-zfs.nix b/systems/vm-docker-host/vm-docker-host-zfs.nix
index 20df804..957ecc5 100644
--- a/systems/vm-docker-host/vm-docker-host-zfs.nix
+++ b/systems/vm-docker-host/vm-docker-host-zfs.nix
@@ -14,6 +14,4 @@
     ../../disko/libvirt/zfs-mirror.nix
     ../../disko/libvirt/zfs-encrypted.nix
   ];
-
-  boot.supportedFilesystems = [ "zfs" ];
 }
diff --git a/vm.sh b/vm.sh
new file mode 100755
index 0000000..343b3c0
--- /dev/null
+++ b/vm.sh
@@ -0,0 +1 @@
+nixos-rebuild build-vm --flake ".#$1" && "./result/bin/run-$1-vm" #-nographic