ugit

diff --git a/apps/ssh/config b/apps/ssh/config
deleted file mode 100644
index 3335133799510523867890cd2002767d79368602..0000000000000000000000000000000000000000
--- a/apps/ssh/config
+++ /dev/null
@@ -1,41 +0,0 @@
-Host jolheiser
-	HostName jolheiser.com
-	User jolheiser
-	IdentityFile ~/.ssh/jolheiser
-	IdentitiesOnly yes
-
-Host jojodev
-	HostName jojodev.com
-	User jolheiser
-	IdentityFile ~/.ssh/jojodev
-	IdentitiesOnly yes
-
-Host git.jojodev.com
-	HostName git.jojodev.com
-	User git
-	IdentityFile ~/.ssh/github
-	IdentitiesOnly yes
-
-Host github.com
-	HostName github.com
-	User git
-	IdentityFile ~/.ssh/github
-	IdentitiesOnly yes
-
-Host gitea.com
-	HostName gitea.com
-	User git
-	IdentityFile ~/.ssh/github
-	IdentitiesOnly yes
-
-Host codeberg.org
-	HostName codeberg.org
-	User git
-	IdentityFile ~/.ssh/github
-	IdentitiesOnly yes
-
-Host ssh.dev.azure.com
-	HostName ssh.dev.azure.com
-	User git
-	IdentityFile ~/.ssh/ndlegis
-	IdentitiesOnly yes
\ No newline at end of file

diff --git a/flake.lock b/flake.lock
index 5c0bf52164a0958173b94e59af80cf21dc93c3d9..f072a80aa1c20f827885c6896d9410cd24cc5a81 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,132 @@
 {
   "nodes": {
+    "agenix": {
+      "inputs": {
+        "darwin": "darwin",
+        "nixpkgs": [
+          "ragenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1682101079,
+        "narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
+    "crane": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "flake-utils": [
+          "ragenix",
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "ragenix",
+          "nixpkgs"
+        ],
+        "rust-overlay": [
+          "ragenix",
+          "rust-overlay"
+        ]
+      },
+      "locked": {
+        "lastModified": 1681680516,
+        "narHash": "sha256-EB8Adaeg4zgcYDJn9sR6UMjN/OHdIiMMK19+3LmmXQY=",
+        "owner": "ipetkov",
+        "repo": "crane",
+        "rev": "54b63c8eae4c50172cb50b612946ff1d2bc1c75c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ipetkov",
+        "repo": "crane",
+        "type": "github"
+      }
+    },
+    "darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "ragenix",
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1673295039,
+        "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1673956053,
+        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1687709756,
+        "narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_2": {
+      "inputs": {
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1681202837,
+        "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -85,14 +212,96 @@         "repo": "nur",
         "type": "github"
       }
     },
+    "ragenix": {
       "inputs": {
+        "agenix": "agenix",
+        "crane": "crane",
+        "lastModified": 1688892808,
         "nixpkgs": [
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "rust-overlay": "rust-overlay"
+      },
+      "locked": {
+        "lastModified": 1682237245,
+        "narHash": "sha256-xbBR7LNK+d5Yi/D6FXQGc1R6u2VV2nwr/Df5iaEbOEQ=",
+        "owner": "yaxitech",
+        "repo": "ragenix",
+        "rev": "281f68c3d477904f79ff1cd5807a8c226cd80a50",
+        "type": "github"
+      },
+      "original": {
+        "owner": "yaxitech",
+        "repo": "ragenix",
+        "type": "github"
+      }
+    },
       "inputs": {
+        "nixpkgs": [
+      "inputs": {
+        "flake-utils": "flake-utils",
         "home-manager": "home-manager",
         "jolheiser-nur": "jolheiser-nur",
         "nixpkgs": "nixpkgs_2",
+        "nur": "nur",
+        "narHash": "sha256-AeWzyG37EqyHH2C1GmrV9y0ZQ4e7rAs9AUOnw8I4YUI=",
       "inputs": {
+      }
+    },
+    "rust-overlay": {
+      "inputs": {
+        "flake-utils": [
+          "ragenix",
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "ragenix",
+          "nixpkgs"
+        ]
+      },
       "locked": {
+        "lastModified": 1682129965,
+        "narHash": "sha256-1KRPIorEL6pLpJR04FwAqqnt4Tzcm4MqD84yhlD+XSk=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "2c417c0460b788328220120c698630947547ee83",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
       }
     }
   },

diff --git a/flake.nix b/flake.nix
index 9a7841c08ed9dc35942d1469c3116e8690da3661..bebc642c47448a99a06625fa0b07fe452bb46513 100644
--- a/flake.nix
+++ b/flake.nix
@@ -5,6 +5,9 @@   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
     home-manager.url = "github:nix-community/home-manager";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
+    ragenix.url = "github:yaxitech/ragenix";
+    ragenix.inputs.nixpkgs.follows = "nixpkgs";
+    flake-utils.url = "github:numtide/flake-utils";
 
     nur.url = "github:nix-community/nur";
     jolheiser-nur.url = "git+https://git.jojodev.com/jolheiser/nur";
@@ -16,6 +19,7 @@   outputs = {
     self,
     nixpkgs,
     home-manager,
+    ragenix,
     jolheiser-nur,
     ...
   } @ inputs: let
@@ -43,52 +47,75 @@           extraSpecialArgs = {
             flakePath = "/home/${username}/.config/nixpkgs";
           };
         };
-  description = "jolheiser's nixos config";
+        age.secrets = {
+          ssh-config = {
+            file = ./secrets/shared/ssh-config.age;
+    home-manager.url = "github:nix-community/home-manager";
     home-manager.url = "github:nix-community/home-manager";
   inputs = {
+{
   description = "jolheiser's nixos config";
+    nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
+      };
   inputs = {
+  description = "jolheiser's nixos config";
+  in
+    {
+      nixosConfigurations = {
+        "chai" = nixpkgs.lib.nixosSystem {
+          system = "x86_64-linux";
+          modules = [
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
 
-  inputs = {
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
   inputs = {
-  inputs = {
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
     nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
-  inputs = {
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
     home-manager.url = "github:nix-community/home-manager";
-  inputs = {
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
-  inputs = {
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
     nur.url = "github:nix-community/nur";
-  inputs = {
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
     jolheiser-nur.url = "git+https://git.jojodev.com/jolheiser/nur";
-    nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
+    nur.url = "github:nix-community/nur";
+          ];
+  description = "jolheiser's nixos config";
     nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
+        "matcha" = nixpkgs.lib.nixosSystem {
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
 {
-    nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
   description = "jolheiser's nixos config";
-    nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
 
-    nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
   inputs = {
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
     nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
+            ./machines/matcha
+            (commonConfig {username = "jolheiser";})
+          ];
+  description = "jolheiser's nixos config";
     nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
       };
+    }
+    nur.url = "github:nix-community/nur";
     nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
-    home-manager.url = "github:nix-community/home-manager";
-  inputs = {
+    nur.url = "github:nix-community/nur";
     home-manager.url = "github:nix-community/home-manager";
-  inputs = {
+    nur.url = "github:nix-community/nur";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
-  inputs = {
+    nur.url = "github:nix-community/nur";
     nur.url = "github:nix-community/nur";
-  inputs = {
+    nur.url = "github:nix-community/nur";
     jolheiser-nur.url = "git+https://git.jojodev.com/jolheiser/nur";
-          ./machines/matcha
+          just
-    nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
+    jolheiser-nur.url = "git+https://git.jojodev.com/jolheiser/nur";
 {
         ];
       };
+  inputs = {
   description = "jolheiser's nixos config";
-    home-manager.inputs.nixpkgs.follows = "nixpkgs";
-  };
 }

diff --git a/machines/chai/default.nix b/machines/chai/default.nix
index 0a3f5dad12923c5c1aeb5b1237d15d518ee9b66a..0864d6458ec23f57798c8190919eef17e94c16ce 100644
--- a/machines/chai/default.nix
+++ b/machines/chai/default.nix
@@ -44,10 +44,13 @@     shell = pkgs.nushell;
   };
 
   environment.systemPackages = with pkgs; [
-    globalprotect-openconnect
+    gp-saml-gui
+    openconnect
     jetbrains.pycharm-professional
     jetbrains.idea-ultimate
 in {
+    kernelParams = ["quiet" "splash"];
+  imports = [./hardware.nix ../common];
     kernelParams = ["quiet" "splash"];
     teams-for-linux
     xorg.xauth

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 0000000000000000000000000000000000000000..b950f3e65125ad4709786c6def2c6df48958db9c
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,7 @@
+let
+  jolheiser = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrPUqk9v7FE7OgMDaOMdlnItiXSDkmS+eU94RzQFiMS nix"];
+  matcha = [];
+  chai = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7PS9SJ+OVrUku9dPUQZigioy+r3VlFHVntsa/F7AdM root@chai"];
+in {
+  "shared/ssh-config.age".publicKeys = jolheiser ++ matcha ++ chai;
+}

diff --git a/secrets/shared/ssh-config.age b/secrets/shared/ssh-config.age
new file mode 100644
index 0000000000000000000000000000000000000000..b2a8fa6d5227090b508eb30663b2c936ffdaff92
--- /dev/null
+++ b/secrets/shared/ssh-config.age
@@ -0,0 +1,29 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEU4ajYvZyAxYys2
+eHYraFR1Y2lGVlBZcklSN1lMYzF3b2xFRXdSaTgyQjFET3BXTFdvClR6cGVDQ1do
+ckFObWFCRVJXSllJaFZDcU5VYWg2b1QxanFrK2l1YmhNNzgKLT4gc3NoLWVkMjU1
+MTkgam8xTVBBIFRaUDd5alpxcDVwcVdTb1hOS3hxM2JSb2ppM3dVRGpPK0FUcGx0
+ZU9LbkUKS2ZSaXpueHRBN2JVZWdJNnZ3VlpsWEhEVWFFZ0ZFTi80Q1h6YVB5Rkp6
+OAotPiBBcjBcZWgmIS1ncmVhc2Ugd0k9YXRFIFxEVDNmQ1J5IGw9KkQ2IFZvK2Be
+bHsyCms5d1R1Tm0rT1pRdVBXZmhCaktKQXJFQTl3Q01US296bm53Tm45Z0UvS28x
+OGNZVHJQMm5XRy84Wm9HRHViWlEKRXNtNFc0Ri9EMHpzakFrTzUvRWIwcEVlM09E
+Z1VkNW81a0VhdmZEYk8vOHJRSG1OUTVET0h3Ci0tLSB6RnpoZmw3cUMyK0tSQkV4
+QnFCaXhOdEszSVRFdGJCV0hYS0hENytLT1NBCpap2Ueg9XZJh1ile34NxIu+7tAD
+ACP2mrbLJk8SrJ+QJVtcfeHGTad5CwzoT/9SiZufDhSNLTCrCu8TT4ngCHuMOF1x
+qVdmBrSacQ8VgVqovkFP9Sj5DZZsXj1XxJfQG5IDRwSK9d6+h4opHCsSHAJ19syg
+zu/l7385EGc7+xlSt1Ifdc2HPV8Yk1ozGDTgVmsnvHSgXXkKgyGbjlHLvkrnqJJS
+GMXl24N/X075L+hok62y1pzD2YxHWIOnIAs9SHwrKBXReWc4TymBHIYJQv8mSbDS
+rDT8QXyKns8b4Zu9SWbWoiAcNzwF4BxUV5qM7PPzVZOlK65tiSSEB4f1Zh+1gL6V
+UQqFw6RP10dAqopngNOKNP1WgQkb+Stjs8aplzCf3KBurdn63wcW2D7Z+hQouYE8
+CHMTFB5piAZ9qCWnydACF6/apOT7G7BCK9D8WhXH8mXYl+tlkA6rf4a4KOKuxJR/
+vrtSy3wCir8V4ICCdadxgWicZ+hzp9YP2nAgQxmGUT+SF+eRIDsBSueaz1py3fM1
+THsHGIt0sLJTWWKT6u8agwPpmpNrjDCCdN6wUHW8nCJ4xjXmcQyGwx0IGovLxi+g
+6mhhPrg62p9vroCGEIzhkuWNK10SCSVs4WlNRMH0BH/DgFoNkM70rbT6tf2gDKtG
+74+9mp5SntGQMuOL5nndscwD6G524fh5mcHFVaAdMvfTnFX6/7+iAI4/URVYrxyj
+gEV9YjQrmj7Ync6jv7nKHmgQMesmRLf7lxXswb7AZ281wk5hmT+uv626sLqU9q+9
+z270Jy/7QV3jQk+dS3Y5RgflAzNI8eXmMA0SEojzydWbGT5oFbrY9/DofILQs8Qw
+cPQcXtUSW0hRQjBCQPuFvwde7pY3gjfpwVeof/9hcc6usVWoT4PoPAYKr+0tRuPo
+syI/Aamn1SO04n6RW51y4wbcOVrofs63pkAjwk9DAmHwO8Qe9ALTFd+n9K/bknMa
+HYh+8v3yVa+xfR/9XizRgRpE6eghNGBW30ywPAkGryKchlri6lenfBhcmRwGI4b4
+mc27ZS79Rn3rjTPKXtIgCEoOQYOmGZW38PELS0LWi7h53iXr7W9apQh/
+-----END AGE ENCRYPTED FILE-----

Home