Finalize gaming VM impermanence

2025-07-05 13:56:57 +03:00 · 2025-07-05 13:56:57 +03:00 · da8208415a
commit da8208415a
parent 964a5fd5dc
7 changed files with 109 additions and 66 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -6,6 +6,7 @@ keys:
  - &cert-store-age age1cws8uzhg9qyxpjnw9w0mvalvqu3ttnnrn5r3eeczk4wcj86vnqgslzmzjp
  - &ci age1w2e493eat3l42wj3hqg25ncrqttg52rdqc9y0z49sx86f4tqa3vsmg9zm6
  - &forgejo age1sy2jzr85s4h0ncfucfl7hrczymmf8wng4m3g6jeduqx5g893jc9qzfznr8
+  - &gaming age1n25te92l6p52zpujz72r0qqwmhx3qa2d2sw739h7sd50pj4ktums92gqzs
  - &idacloud age1ak099388vqd0hyfr6xa3jycstpnqqyqemklqufw9484l52xkxstsgl5qa2
  - &nextcloud age1mxenttus0r7uva77t36hrn02vysmde5h4lspcytcma6cjkmqlvnqsk3lj0
  - &vaultwarden age1d3dnansjhwtzj7pylk0nadg5jkqvzfe7zqs9rhx3yeerzwxyp4esxxsy7y
@ -21,12 +22,6 @@ creation_rules:
    - age:
      - *vili-bw
      - *lithium
-  - path_regex: ^secrets/users/vili.yaml$
-    key_groups:
-    - age:
-      - *vili-bw
-      - *helium
-      - *lithium
  - path_regex: ^secrets/cert.yaml$
    key_groups:
    - age:
@ -50,6 +45,11 @@ creation_rules:
    - age:
      - *vili-bw
      - *forgejo
+  - path_regex: ^secrets/gaming.yaml$
+    key_groups:
+    - age:
+      - *vili-bw
+      - *gaming
  - path_regex: ^secrets/idacloud.yaml$
    key_groups:
    - age:
--- a/hosts/gaming/configuration.nix
+++ b/hosts/gaming/configuration.nix
@ -1,4 +1,4 @@
-{ lib, ... }:
+{ ... }:
 {
  imports = [
    ../../shared/base.nix
@ -13,7 +13,4 @@

    ../../servers/gaming-server.nix
  ];
-
-  users.users.vili.hashedPasswordFile = lib.mkForce null;
-  sops.secrets = lib.mkForce { };
 }
--- a/personal/programs/moonlight.nix
+++ b/personal/programs/moonlight.nix
@ -2,6 +2,5 @@
 {
  environment.systemPackages = with pkgs; [
    moonlight-qt
-    parsec-bin
  ];
 }
--- a/secrets/gaming.yaml
+++ b/secrets/gaming.yaml
@ -0,0 +1,27 @@
+sunshine-state: ENC[AES256_GCM,data:2QiDLf7lEBL6u77FPsqy0CHQdRk+gkFb4/Agpv1yMSqicy7iy2uZ8JY41suNQ5uZlFWF7hJtvO9rCcmy5sSis0w3ZeCWYSCZXEMsqlqPo9VB32gbSBov1sdu334V9jc+sH0vuVno4NqsCKt7nvXopyB4ObaJSFX1KMluDCBvLD16S3GRAYS0xWpN/6GEk/fv2kpoiors1d7e5xQGNFlRmxbvmyAUfrBQPepy7OMhm+V/fM7I0bJJVsGoK9s3XKc0q5dm7cSmgOiCikDPMCXbEwTDl8tKwxceyaqGNrAqV9ohfK59UiWdDb7KJI6mpKr91EZhwa9gglr6EeMQw2bT0Hlz0yM2M2007mbEAKXiMVqkyCylPPGxACt3/d7HjHdJfeyywUirD+Fy9ZDWy/hxByYpA4biOyJ/tWR8filrtXdBPq2MXkl+shUaeDozfvmOrg0lJetEh+cK28WDwixU/NtvNdAAveSbv4JIHCdYx2yj4FXe9pLcGg8XAg/QM2EGKVQBsNUTXotUD1iHUtERiT6mtDGpjHryQZjkblsYAVWkyBhexcyyUwnkFR5ED7BFns8dn+SwCwQsLZN/KwqHDqQN4Wr/Qlh4i2K0/5T31cYwjY9wdlr8eXCiae7ukdihVxEKWLnJY5v9VZeMg4MIAJ7dMjUE9hrQbNVbTWMFJP5lQE6ouV9vERmAUVsCAYKIpiwVX6qQ7zFs4kSMyae3qWWB/YoTS0ut/KyVd/abD9zlMXdZfc2B3cSrIB/lYV1S3G0ii7/7eV5t1uBUysb86f82uNRkaqN7wRcVQcYojoFMG+IuflKRxpSQtNgD714gUu8Tghs4XTfSKH8xXVQntpVjb1fWEndfVX15slljLzwniZAuQKptzKVpc7DGw9gBGwowG9J8qeJtOeCnfawj0eQpEeF3iAxYwvFBjKmtYBLa591yDsFz+J5FS4DUceFXVJlKNEXCpAK3bqwEst1vaia8pN9FRkK65xUeYsp28PjQJJZXdrSgVGmZf9mK+tQ1a8ppP5P8cUV8ngS9aOGzORLCKZ3CglAR/xvxgJySUHVRy5ddRI8CmXStHLN4Cham9XuZImj3y5Wb5Apn8IkAgSM8LRDbsSKnREhfx6Y/vF02vTstJ4B5FsVcDrGhWwfwlI+xuemyNngeRbnTCBOMXuu8Q6V6ioIBGXj4QDWfKzcn+ozsHjwygb1egZQwiNYj2ZtKGEGuyo2G9uHP0V03LPntv3VpRP57sLcOKgywD5tyqtCxyXWgX/tGKfJbzgwchjE2yi+7ggweQUOQBCF9/fgWm1MW+57Y/5wLgNQfNWf1biWIsMom7on+8Xi7ASuukbZnyfVMIPKziAZzgatcZMvOxb3Ac7SfzFYdicRB3oeeUGRSekcLe/moB7xgD5hIzFUZhF4J0DY9Jo3/Zhs9APHjlNO2VnXhEDvxgD8005CNPi2mGpNiifB0fquNjnZWGJy+7R1Hnu7Eh+KBZSgc0PmZD6nQ/4QLdtxltiZYDBFkoUKLoujRc1sXesKLqzOfsSFwJF+EuJkytNFIdRvakV9yUCzBDMMV6L8J0hiPtg4bQyCWBYZz4x4GnmNaQ0YweLhkKa1h3eOw9nqp0jbQ2v6O4iDlcyr2PrbEA6CXdQoL610RRC2rxdnAzz0cgcJbaDMUI7vWcTILhZSNGXG0AT7hE2mLyfY1U7gk6MdkDVPUuNOrsrwdZZrWzkxIYDv0IBDV07JxkZBivanA07LxwlFiFebCYVJsSpLjz4NMYf1IJV33bMkN3tBtvfIJq3lfFqEHbcNmQk2r0t/Bnof2ImRg2BRdaf6LWdOw2enPsXXJV4Dt/1YvJJTr6qnYGQ2fXBwf/1uPK4ko7fwz1sp47ZsjmrhQjEyrMT2tFBkIKSOaE2Z9i5iJt7e3WTmv0mk5DcUO/pH9xFIhFT00DhaGG9XdgYnRtxt4/M/CSaK0aKhGgJiWOzFtWjnQbyMOFS6hyI0YP1R0W9PQuD4h2AOOlznOfkp5C5mPZKOJ1DB/WhDF8pcTG0clWy56ksnQQoXZMGWLi4FWOGO1dktu4+8uAtzwlilrZdgUsQA6m5Yd8I70ErDPQRcX8i9KU6S6vPsJqttSXla5pi+WmxkDuJzpj7VcAOpTbqxI/RbJPj147mes90duj7/Q4P+yYo5gLGYPVkZOuw50RRMV5bye2FH8JlVkKfyffYpHKNsCEtwfqMVHzo+BFlvV0dukt/HEmQhjW6rpkUN2Rh6uvDdk/UNNJs5WvvQ6dx9QDTd/EpcdpIMYjxgdaII+HBJPfMP3breYHYy/COMKhQCN6mZYWqGKmmid99IcT7+mjvJcNqV0NQcnQ7rIlvNTGZToyGcCuVwXlwr+a0B9epN8AUA6UvyyBoAbKtdU23bsRiCkFl1LCZKApVGjKsKW14y1omYB0ASDTtqn2COHfIQeDHfBrr4EFmaHArKd7rHh3Si/uACNmGfdHUpdaCu0PR/qSbbfFrPyd/wgsRQY3wfIUorMQVUdfhx2j2N5znjiAkSGVTVXcbPkIziipLeuBbY6xe/yvPKv09m0TjDipaQyomVMaLQ7CAZa3S9Ll/57Fu9RmFaIPx7XeWDKIfk7Q7nEUWPtX2/Mdc7WucMUi/jmFC8LX1XqDEFpSEIHIyahpY7HD+oPMd4XFHf9tiYLAyhy4KvyODbYgc7pjWo6conhSDdWBT8doOD0tnXEYwcy0rNPTb3sh0l24IKBlVGq0sDisZhW9fTlDjiHiG3ZFUiX7KzmMDmngcyjzMOs/o+rSZrogCn6V0abX6rOQ9eaansPofgfD4eCSiVtkHfLTn+EDZG829UhzmZSfs4VWCOuc0COPNdbXebUW0P3hJzMXj/80Z8u4JPohP2KLMD1VTjlaZB/LSIviUM/aTOaIw1+PmBaQ4SBDsaukUfFLqPuQ6YDJUWn6N5t2ir0TEDWF78my9KPeBaymH/oqTYwuHpl6r+7P8oXHV4V6hp1tTr00oeIpgqOjauyHysIU/weu9MHZHwdTw48LpeYYPJlcag+VG72212wmOBI4CuRr+hMyXR9/44NpMeJNEka7gD+0kx/p5IePfRAXN/Ox+7XQOn40LYmhL9cqmXrW2zi5Tn1FWF/x+1AluNwWrUI6j1JmoZ7nL/ErViWH97/w0ThX4Bkb/ESIbXtIv6e+XeJY6e+f5kLNmojFrclOOldS9NQMdDcM3MI1sAMS0w01MkqVLWy0J0iUzrkucAa9bPBz2phUAL6Q4LNfCsPNk/V+t1j/TgojeEn1i3xV3iYn3FogNZ7++i30abfFUXd5k2qKJ18a8kmF0bJd5MKJZmwc/UueUfDa7RKUGvtPdIAN9251+M3XbuDq8evn4s/6MP55vzdGey6CY+HL8ebdM/z8t6xRCaxZKDorbdLoCTYAq3/OjRl3rM7VGD1UWm+iKVr1BthS+2LP5OeTM5McYhM9SKHyhtROT4uSdDHlUBqFZ6aaSitEGgOTqQbDCgpsBJznQJR6yGREcdM,iv:6Zg5Mvxx+aAzphTnBKKcO0fEaUd5tPCtBjI3+VxWmzo=,tag:d414uFwsD+VyVkXi0wkrgg==,type:str]
+sunshine-cakey: ENC[AES256_GCM,data:I8dak9ee7tNPYFU0izubtDd6dUg6ozqJFlkDcPrTKHAMfcb6Roy87m69T++6MzfGnMqGvRWlN6G6q5hdh0xk0HBS4TpApdiDj+B+OlMSAUAmaIF+SqM9Vo23Wi6QuMHS0VOFH4cSdabhcSMwIr2b1NLqA+sAHD7t9gxPFDDgjPSw/0Lepw9P2SY21MEWuQkwovvrHwvTw7GKmUHukDjH35bbGx4qRo7cNv71Xl1CkthMRq0gAmbWB9fnTQaaC9ImRBHFy6ZhLQpi0yiG3M+z0aDx779IojIG0E+BGEUKYD9RhdljYa9jlcruETZEExx6v2D6JscR+/8i5OJdqdPasA3lrOKQqZTdzoXoCzrNS7Mwpp2aNeyKlsNCJ2iXLvN70wZBf/y5C7lEoNEQS1xBMiIyNLAunZVR6oS5/AvQNvugbqlL9hr8yvj1U5SoBulhZor+s/0ss4Dbg2vCowCeAVveB4L1a8cC5Wh+JxmWiG0z2eveCchyNI255P6qdhduULmblPCcLupbJkWNFL2RQRl4WTdQtQ15KisD0/xle1Vu0OncgqYO3uCOsfy60ayuUDUWn+wNGH61sTRY98SPXawaDCGKkyE6vJluUVIzGokWBM5BYzdF4Zii/N4/ehxPXnKE69LcBOrvXKCvd0igC1wteJJlGAQmjjQdL36+sm0M+9G1QY/b0e1Dto4bpdwZKTYba6kaL8LT2FGO7WgCy/WPiEm8z2/0P4pRdYXtKU8BprPj5jN+qaqlWF5c4ZbLndBAAFZYLmEe1j2z4wmS8/g2EM6jHMWRePLYdB022F2uMTJizX2baFO68UnAO7YJGE43TI3D8XLTsPbhmfrKjbmMT5lRa1bRBpyMWFAOqGQYhX0DXNLAOMVjrqsKaLgKZxXTtuHEYXZLPKehQoJWSpm+9a8jtoLdyC85n0YTMAHv3r34xlqDOvNdrTSyJD7rRqsn6uVd1cPo+/hRZ0QEiGU43ALZf78pV7xNVZ3cOiUQi0Tbwuiz/gPcaJGeiNVC8oCGcJVPFre8lGOx+xUmLNPz0s+oDIVurPqoTd1EykzI99OtKyYInkx7qMeJ7Sb8cnYAnBDKSSdD0DsP6xGrssEVp/TxBR9Y97ZCnUoOEswIK/KHwIrwNKsU7WlbKCTvgc8tZUfUhgnRHzn/KCbZ1GEUrqmRq4BDnzLvNtKBhqQnR9MbOiFMuXNF2lUovwS5T56vuhnV9110qoXx4ynhj4B/QlGWpw2slTC7JiyMIxuBmZmETWainuD8dlO2riPx0D93pL8/skmWTVXMTIMFQdJGJePPf+k1y4Q0a72lxEnQOIWXVZDJUq93TQKnmJFM/Fjkydgf3ouqvDZ+H/S/lQHMHQeF0i/NebgUZXxflKWQpbTuw2i4ggkPoZY8ZLkV7VjYiOnDbtLqN3V8f4viCbSqlQauES9M1Dny8IL3jl5I0DJf7MOP/oKwGHcgWo0QHLGfX/qEdwxGlT8ctobDCsMdiKmQAo9Oq8EMH6CF+Y/cdnzTJQgdqu+qLlWQoZBhBz0MegYI07niBmcHUKK4CGEcVr1ZgrfTMuaL5Z3LJ3CZxbWPaddaFk1408cGTr7/h6cyc8d7jFU0sNgzL65kIBGZilwOECXBLthP2g+HmNkChqGwKOCM9f9jLTM29NS1+SjMZkaVpzsbbswqVhT/YcOrWvxPaQCZkSzDu5hl+FE/UJEv8aR14EUMWtZpFFpbWAwpUbPeVojA6IvSkHafy9lZBPXfPG+9B578tnDJnagHF8+QGzmyOKJvrRgEPvLTByemJqwgzxBg9KuUBSy7jXxjsMp3zhH1O2/aozyMMf1J3nxDxgIudMWYvoz0Sx69VABmMDzXYoc5y1y2cyq4UbE5cS6DRQcKCEeKmx4MYX+0Hl4eWcdHjmHePgB5LIJapoBtun/4o9w7d7d3SOQ/IUgaoQhijZ3UqK7oXPDEl/mEJ21GgV0vmtN33J71NWOt1M9MnGXOnme5wQ68e81bfRWBTJLeRZJtLGIZK/GmAwElc83EW66gIOv94y9NaHNvQKPkuBscjP1bYepcQnnj0K4vo3UNpLMChyuMx7b3mPWTeg3zgTfRv84mjtc7nrqQF9xPPVUolrxldAUgV4Iu9NDQqIRox99lKYEEHTzDX8ATbp+KJazA5lPYtVwZdYOJ1rmJlEn0ezzppOtnv9bW2sUfYDH8pOgzHgwleei3kuUu0x1U/5ujMCO/cm+ajOAZteH3F3FsAzNqiF2kBTp6ZuKWmWF5K9Y1,iv:4vTey4Dw05LWusi9xyWo/nb9O4yWdvn3qlYbfSbn8f4=,tag:kMVj6iqDAXhiRfuHNNCULQ==,type:str]
+sunshine-cacert: ENC[AES256_GCM,data:jSCBbWzUs+Euck/ybsSxeqUCbi5rLBipKSjPKXzFjJZ3QvHJMqQ05ienYoZUMvXN3cqdjtPyUGsfu++J25ztAkzVIi5EKOg++SCWkAjriIlPlgfKNuUxihrmshaj/BZg5/TBBa/kzBw9G/CEQ2kbL8QbzVxcx7bTFj/hj8F6UpsPKQcq5+VcbrGfj5SueF5kstl1PrLB8WciN02LtCbSYz3K6YwZNJJgpIHEEa2H+xcdBjajpxHzwshJpWGK8Ob8p8vRtSDesXffrN0nffe6b8X11x6SsOHtWX/Wrh4IKsgZd63R2rEYN/nDdaNsPTinT3vfPh7JRar6IbHVp5qAo2aywI1pEQy9leDqSO0V4/y+udsBbUiOoSW2e9Do1O+49PUroYhRS1eAHEGLHiApg1dleuXclhKv1VLumLNj4MCiTwomPbj9PXLMswZkJ3Nlk5QwHH3eUMx18zRplUsgA69jscOLeupDe1jKUx8OKOAiBEUEBoGSG8Yv8GrSL7fdLx63OFa0wDmE3lNWWIAuTDCe/y6qbfLYcE9IVt2Pm0ADjuN2kxkgTM6n/YdCrVMrot14QxI2cCBcsOYQOVSWNEQ0gTmMdNiDPUiImFbTJ7oo3KhMsvF9gbDma//9apk5+YP2JQCqbwBl6ZxuDY32Yzu7TADSpHK3Ib9YsI9/7bf47jIFxVKGIaxTPrXxfzoTaE3hK61YQyDRPCBSvgg8PAZRWZG1eKSwIZMq5MqC3rJz52XifbfQ3bTIpQX3J2bZ/T24Ic7GiIkk6EgBFlAiMUzm2YSC/DqCxg7G3eimNiv24XJD0QIHpRHJrAfgVOInfgbqE1q1Ay3zpNRLlNi9uinIQ4gwgi8AsgWK050kYAk2KeIa4LMlvI8Di/vFHzHnDIPjjBFjPAwMGLIq+xRoYjqI7nZz1U2yaEAxauir0/m5Lxg8RgptCqArD047TeHgYZGSYQodJ+Xere+4abc70bxHVaG+ehG94PS4vy7rNg5DgV5Xz0XaSRLBevjYgMoDR1D/LHjGKve/cL9dQxrBkMG2+JrXw8C7fIOHgVA/Uj22FAvRwtJZubRtG4158TsAM+2O7qK/HVg/fUFNZ9ONA69pD3e4mNGBY0fDko3npME7VmFi9KN9tHWgcD1+sMfxavQvnizJquv5zfg4qW00WukmmjKBiWQUyb+RNfJBwuL8NPmCANRDLnOELqoI1iFMovZM6ERNR7CFyrTxi0WF5lLvDBiKSidI1TWre8YvZ/cHf62xvC139LPszNJRSlHisSHy7UwjnR6wFmsrkE3G4XOJYlk7Dra2uruDA5BZQV4EpftWh5BJOD3xHYghhAoyKq++/iYHTN9ubrDEcNewOg+4hogTqtkIXQc8LMO9,iv:Kku8jh+M3J/3IMFCA+Zw6fqfNlAJ2uPQsRR3WjmGdvQ=,tag:apNqFguaLQWpM4CZD2r5Lw==,type:str]
+sops:
+    age:
+        - recipient: age1pvkuvcc38pke3euzsjzpgp6s6v3jykug2e69rplytdy7gxntm5jsraxhvp
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2cVc1b2xCL3R4SjdwZnhN
+            MG5QTzgvbmMwQnV2d3ZyaU5qOVFXS0pqL21JCnN2VWg1aFI5dXFIRHpZVGFKenpE
+            RUJja09odmhmeVp3aHlqTUgwd0xZamsKLS0tIE9aekVBRjhLZzVJU1NTVU4xVEV5
+            U2c0YzlXdlFiNDFyYXlac3g4UnRMajQKtFu3UUQmJ4ky9hqMTQ8kpHfnpn8k73d5
+            nCZxzBBmkoELHo+IQgZ671UJVHyU9YlZBdnby7Yv0HJklgu/ClByVg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1n25te92l6p52zpujz72r0qqwmhx3qa2d2sw739h7sd50pj4ktums92gqzs
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxdityNVhTdkVZZVk2MS82
+            ckRmREhlU0Z3b0lJcExYSExuS3dqSWJ3YkNVClNGeDdncmZNSHIrd3U3Y3drOEFv
+            d1RCaW8ycGUrR0xEQ3h0VVFjU1RId00KLS0tIHRpTEU0cG8xSEJ0M2Q5a2tBNU9P
+            azE5WmsxcEdKNzBmN3lEOC9LZnlIaEUKvTOnDeKmteqGhDzLhXyxVzkP9qBHSJnQ
+            2I7Tu77qBvjtcD7G7r+ldVT9KGdWiwdQQeH9PCqN+WxYXtZ2rRWqPg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-07-04T21:45:11Z"
+    mac: ENC[AES256_GCM,data:gwP9rbeYB/Q3mYhrcq9mh+Q/2IRDvXcbRtNmVbQnBdV6HAVMFDh2yUQ5GU7vUYUfGx9M+Iu8gG/DSyLet3c2pi1fEeWDCTTU46GOkn5DL4PYmHwf4Mqhq+Tq7ag/Cwlz7EKKu67sJAqfm2EX+8xE4Nyxxs4SWrnpEceuk/FU85U=,iv:zAYbkoByoPYlROlzPpiOYkf7nAkt8dFbdqWbedBDIzs=,tag:7D7CHx9CXHzmX/cFcZTlKQ==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.10.2
--- a/secrets/users/vili.yaml
+++ b/secrets/users/vili.yaml
@ -1,34 +0,0 @@
-vili-password: ENC[AES256_GCM,data:SG0UVgXOrbLJZ8dj1NeuBL0QulIeZRfoD5o/QF57avce7nxlU1RLnQfZe9fsW9IqnfiAQkYNcQ3B/m36VBy87DJosRVT0dcizg==,iv:536A1+NVuvg18uh+7oEEUYJ8PM+g62boNCKCUpg0GJo=,tag:J9YL+fdK4gE7g58nSgBRcw==,type:str]
-sops:
-    age:
-        - recipient: age1pvkuvcc38pke3euzsjzpgp6s6v3jykug2e69rplytdy7gxntm5jsraxhvp
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2eUJjQWtrcGxEWnFZamRx
-            QTFhOTdmaGt3cEhSYThFMjlrbkV2WTdwcFdjCkJpdmNtUkRsM1pGQ000V0N4d0Nk
-            d0lLWmdWTytKTWtKbFNNYmpvSXRsd3MKLS0tIGY0MEI3TWlKZFkwQy9RUmNrSkVJ
-            MUVDUmladjJrZVZXS2MvKzJGUTZscVUKk510+IUsO4yq7ZH8aOvl+C0WzlYRGdzv
-            TzKXvPAZHI8BL+YMAjNj1gFNo9NK7jkklP8/0w7+ThrpHu6/IKzKZA==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1xp02dggk2e6csvxg2q5nfts4tjhd05vthrcvvk2l67m3tgs3vugqshg24q
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaRGNBY2RHb1RCdTNRZjhL
-            UnlodVBYWHFjUFowK1dNWEdXWkZJN0luUFhnCitSa05TSEY2NW9MM3dIQmRpOG9p
-            OVovcGxXT3UzMStXQ1FkNGJRTEZnaEUKLS0tIGcxYlFhRlR1Y1ZnOWlIMlh4bmwy
-            dUlnN2RKRmxQamxjV0VoTFA5V1NEMUEKctraZulYSWKoUAy/47uq5s24obqQHvNZ
-            dxGaVmjZpPmNyUw7UcamRTdbdPHi4u2F5VmEPBK9YroDWryrL4k73A==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1yrfr0q72nqa842t0mzckeemfww28qzcd3wqmrd8mvzwvgpzssvlq9ruzlk
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKQVFab0lTalV5MFI2dUY2
-            a0h2SlBLTWhXVGtPY01LMTloRUtUNytrVFdJCnVjQnphYzRSQ1p1WjB2dS90c29J
-            bFZkNnF6a2xiWlhTdHA1K0xKbGFNb0UKLS0tIGFlWHlSaUkrMXh1RjNaMzNUYm9F
-            U1VaZERTNndxc1hVbm04eDVzdW9Wa28KqO3N6dMLny3liCEc5Rh3+jjw56ghajTj
-            u5n33jEko8u+Li9v7nHAVqdzw9WDrPdwJz00xc4tGYewRHW+s16qxg==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-06-21T12:17:55Z"
-    mac: ENC[AES256_GCM,data:iHPaSftY2MFHgg+426dlTtTPWbL3AO84ND1CHViJ81bUm9CYTKlLGU23ocKVJRzPy85BhOGh2R4uURP1dvQ3BiFWGK3B2t8xtg1vTz5jSgQkvWr5RRiDLOvHWb4cT4O5cI8MHkLtYAl1ungdZj+uCIIw9unzDD+HpjlOlCaf8C0=,iv:HFZfxCBQEB0G7oalRkNFykeJ3+9xssUJN5oB/j1Z3xI=,tag:PabtyU0ZvSRWlmz7y35uMA==,type:str]
-    unencrypted_suffix: _unencrypted
-    version: 3.10.2
--- a/servers/gaming-server.nix
+++ b/servers/gaming-server.nix
@ -1,33 +1,56 @@
-{ pkgs, ... }:
+{ config, pkgs, ... }:
 {
-  systemd.tmpfiles.settings."vili-home"."/home/vili".d = {
-    user = "vili";
-    group = "users";
-    mode = "0700";
+  systemd.tmpfiles.settings."vili-home" = {
+    "/home/vili".d = {
+      user = "vili";
+      group = "users";
+      mode = "0700";
+    };
+    "/home/vili/.local".d = {
+      user = "vili";
+      group = "users";
+      mode = "0755";
+    };
+    "/home/vili/.local/share".d = {
+      user = "vili";
+      group = "users";
+      mode = "0755";
+    };
  };
  environment.persistence."/persist" = {
    users.vili = {
      directories = [
        {
-          directory = ".parsec";
-          mode = "0755";
+          directory = ".cache";
+          mode = "u=rwx,g=rx,o=rx";
        }
        {
-          directory = ".parsec-persistent";
-          mode = "0755";
-        }
-        {
-          directory = ".config/sunshine";
-          mode = "0755";
+          directory = ".local/share/feral-interactive";
+          mode = "u=rwx,g=rx,o=rx";
        }
        ".local/share/Steam"
+        {
+          directory = ".local/share/vulkan";
+          mode = "u=rwx,g=rx,o=rx";
+        }
      ];
    };
  };

-  environment.systemPackages = with pkgs; [
-    parsec-bin
-  ];
+  sops.secrets = {
+    sunshine-state = {
+      sopsFile = ../secrets/gaming.yaml;
+      owner = config.users.users."vili".name;
+    };
+    sunshine-cakey = {
+      sopsFile = ../secrets/gaming.yaml;
+      owner = config.users.users."vili".name;
+    };
+    sunshine-cacert = {
+      sopsFile = ../secrets/gaming.yaml;
+      owner = config.users.users."vili".name;
+    };
+  };

  programs.steam = {
    enable = true;
@ -38,6 +61,25 @@
    enable = true;
    autoStart = true;
    openFirewall = true;
+    settings = {
+      sunshine_name = "NixOS";
+      address_family = "both";
+      credentials_file = config.sops.secrets.sunshine-state.path;
+      pkey = config.sops.secrets.sunshine-cakey.path;
+      cert = config.sops.secrets.sunshine-cacert.path;
+      file_state = config.sops.secrets.sunshine-state.path;
+    };
+    applications = {
+      env = {
+        PATH = "$(PATH):$(HOME)/.local/bin";
+      };
+      apps = [
+        {
+          name = "Desktop";
+          image-path = "desktop.png";
+        }
+      ];
+    };
  };

 }
--- a/shared/users/vili.nix
+++ b/shared/users/vili.nix
@ -1,9 +1,17 @@
 { config, lib, ... }:
 {
-  sops.secrets.vili-password = {
-    sopsFile = ../../secrets/${config.networking.hostName}/vili.yaml;
-    neededForUsers = true;
-  };
+  sops.secrets =
+    lib.mkIf
+      (builtins.elem config.networking.hostName [
+        "helium"
+        "lithium"
+      ])
+      {
+        vili-password = {
+          sopsFile = ../../secrets/${config.networking.hostName}/vili.yaml;
+          neededForUsers = true;
+        };
+      };

  users.users.vili = {
    isNormalUser = true;
@ -16,7 +24,11 @@
      "audio"
    ];
    openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
-    hashedPasswordFile = lib.mkDefault config.sops.secrets.vili-password.path;
+    hashedPasswordFile =
+      if builtins.hasAttr "vili-password" config.sops.secrets then
+        config.sops.secrets.vili-password.path
+      else
+        null;
  };

  users.groups.vili.gid = 1000;