init repo

update nvidia driver, install ghostty and other things

before refactor the arch of configuration.

move some nixos configuration to ./nixos/modules and ./nixos/configurations. try to find a good arch to conbine home-manager and nixos modules.

fix callPackage firefox-addons missing key immersive-translate.

wrap niri and spotx overlays into overlay.modifications.

build a brandnew architecture for configurations.

change the import method of homeManagerModules."${unixName}" to use outputs.

add ghostty overlay to replace ghostty.

add nix config in home/modules/nix.nix when not nixos

fix call nixpkgs.foldr. modify to call nixpkgs.lib.foldr.

modify firefox config, to use flake packages as extension

modify i18n config, to use flake packages as addons

remove ssh private key and add it to sops.

update partial flake inputs

update partial flake inputs, add some package to user config

move helix as home module, provide option youthlic.programs.helix.

change fcitx5 config to pkg, use rime-ice default config.

move spotify installation to default.nix neither spotify.nix

change gpg encrypt key

add gpg option to home-manager module

add fd as user level package

remove gpg option in system level

add git option

update flake inputs, and install all gpg pinentry

add gh to git module

change shell config to module, and ghostty also.

change gpg pinentry from pinentry-all to pinentry-qt.

change gh config, use ssh as git protocol

remove zed editor

move foot to module, and disable it.

add store as git credential helper

rename sops.secrets.gitea to sops.secrets.git-credential

add git delta config

move starship configuration to home/modules.

update flake inputs

add ssh config to sops encrypt file `secrets/ssh-config.yaml`

change niri to niri-unstable and update flake inputs

change encypt key from gnupg to age. And encrypt dae url

move home sops config to module

update flake inputs

add duf and doggo to home packages

nixos/configurations/Tytonidae/dae/config.dae

@@ -0,0 +1,89 @@
+include {
+  proxy.d/*.dae
+}
+
+global {
+  lan_interface: auto
+  wan_interface: auto
+
+  log_level: trace
+  allow_insecure: false
+  auto_config_kernel_parameter: true
+  dial_mode: domain
+
+  tcp_check_url: 'http://cp.cloudflare.com'
+  udp_check_dns: 'dns.google.com:53'
+  check_interval: 600s
+  check_tolerance: 50ms
+
+  tproxy_port: 12345
+}
+
+dns {
+  ipversion_prefer: 4
+
+  upstream {
+    googledns: 'tcp+udp://8.8.8.8:53'
+    alidns: 'udp://dns.alidns.com:53'
+  }
+  routing {
+    request {
+      qname(geosite: category-ads) -> reject
+      qname(geosite: category-ads-all) -> reject
+      qname(geosite: cn) -> alidns
+      fallback: googledns
+    }
+    response {
+      upstream(googledns) && ip(geoip: private) -> alidns
+      fallback: accept
+    }
+  }
+}
+
+group {
+  proxy {
+    filter: subtag(wget)
+    policy: min_moving_avg
+  }
+  us {
+    filter: subtag(wget) && name(keyword: "美国")
+    policy: min_moving_avg
+  }
+  hk {
+    filter: subtag(wget) && name(keyword: "香港")
+    policy: min_moving_avg
+  }
+}
+
+# 更多的 Routing 样例见 https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md
+routing {
+  pname(hickory-dns) && dport(53) -> must_direct
+  pname(mihomo) -> must_direct
+  pname(systemd-resolved) -> must_direct
+
+  domain(full: time.windows.com) -> must_direct
+  domain(regex: ".*wgetcloud.*v2ray.*") -> must_direct
+  domain(suffix: "hit.edu.cn") -> must_direct
+  domain(geosite: microsoft) -> proxy
+  # domain(geosite: onedrive) -> must_direct
+  domain(geosite: "category-ai-chat-!cn") -> us
+  domain(geosite: google) -> us
+  domain(geosite: google-play) -> proxy
+  domain(geosite: apple) -> us
+  domain(geosite: spotify) -> us
+  domain(geosite: tiktok) -> us
+  domain(geosite: cn) -> direct
+
+  dip(geoip:private) -> direct
+  dip(geoip:cn) -> direct
+  # dport(63434) && sip(192.168.31.170) -> hk
+  dip(223.5.5.5) -> direct
+  
+  # ban qq dns over http
+  # dip(43.136.0.0/13) -> block
+  # dip(109.244.0.0/16) -> block
+  # dip(175.27.0.0/16) -> block
+  # dip('2409:8C1E:75B0:80::/64') -> block
+
+  fallback: proxy
+}

nixos/configurations/Tytonidae/dae/default.nix

@@ -0,0 +1,119 @@
+{
+  pkgs,
+  config,
+  rootPath,
+  ...
+}:
+{
+  services.dae = {
+    enable = true;
+    openFirewall = {
+      enable = true;
+      port = 12345;
+    };
+    disableTxChecksumIpGeneric = false;
+    config = builtins.readFile ./config.dae;
+  };
+  sops.secrets.url = {
+    mode = "0444";
+    sopsFile = rootPath + "/secrets/general.yaml";
+  };
+  systemd.services =
+    let
+      new_proxy = "/etc/dae/proxy.d.new";
+      head = "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36";
+      update = ''
+        num=0
+        check=1
+        urls="$(${pkgs.coreutils}/bin/cat ${config.sops.secrets.url.path})"
+        mkdir -p ${new_proxy}
+        for url in "''${urls}"; do
+          txt=${new_proxy}/''${num}.txt
+          config="${new_proxy}/''${num}.dae"
+          ${pkgs.curl}/bin/curl -H "${head}" "''${url}" > "''${txt}"
+          ${pkgs.coreutils}/bin/echo "" > ''${config}
+          ${pkgs.coreutils}/bin/echo 'subscription {' >> ''${config}
+          ${pkgs.coreutils}/bin/echo \ \ wget:\ \"file\://proxy.d/''${num}.txt\" >> ''${config}
+          ${pkgs.coreutils}/bin/echo } >> ''${config}
+          if [[ ! -s ''${txt} ]]; then
+            check=0
+          fi
+          ${pkgs.coreutils}/bin/chmod 0640 ''${txt}
+          ${pkgs.coreutils}/bin/chmod 0640 ''${config}
+          link=$((link+1))
+
+          if [[ ''${check} -eq 0 ]]; then
+            exit -1
+          fi
+        done
+        ${pkgs.coreutils}/bin/rm -r /etc/dae/proxy.d
+        ${pkgs.coreutils}/bin/mv ${new_proxy} /etc/dae/proxy.d
+      '';
+    in
+    {
+      "update-dae-subscription-immediate" = {
+        after = [ "network-online.target" ];
+        wants = [ "network-online.target" ];
+        before = [ "dae.service" ];
+        serviceConfig = {
+          Type = "oneshot";
+          User = "root";
+          ExecStart =
+            let
+              script = pkgs.writeTextFile {
+                name = "update-dae-subscription-immediate";
+                executable = true;
+                destination = "/bin/script";
+                text = ''
+                  ${pkgs.coreutils}/bin/mkdir -p /etc/proxy.d
+                  if [ -z "$(ls -A /etc/dae/proxy.d 2>/dev/null)" ]; then
+                    ${pkgs.coreutils}/bin/echo "No subscription file found in /etc/dae/proxy.d. Update now..."
+                    ${update}
+                  else
+                    ${pkgs.coreutils}/bin/echo "Found existing subscription files. Skipping immediate update."
+                  fi
+                '';
+              };
+            in
+            [
+              "${pkgs.bash}/bin/bash ${script}/bin/script"
+            ];
+        };
+        wantedBy = [ "multi-user.target" ];
+      };
+
+      # "update-dae-subscription-weekly" = {
+      #   after = [ "network-online.target" ];
+      #   wants = [ "network-online.target" ];
+      #   wantedBy = [ "multi-user.target" ];
+      #   serviceConfig = {
+      #     Type = "oneshot";
+      #     ExecStart =
+      #       let
+      #         script = pkgs.writeTextFile {
+      #           name = "update-dae-subscription-weekly";
+      #           executable = true;
+      #           destination = "/bin/script";
+      #           text = ''
+      #             ${pkgs.coreutils}/bin/echo "Force subscription update..."
+      #             ${pkgs.coreutils}/bin/mkdir -p /etc/proxy.d
+      #             ${update}
+      #           '';
+      #         };
+      #       in
+      #       [
+      #         "${pkgs.bash}/bin/bash ${script}/bin/script"
+      #       ];
+      #   };
+      # };
+    };
+
+  # systemd.timers."dae-update" = {
+  #   wantedBy = [ "timers.target" ];
+  #   timerConfig = {
+  #     OnCalendar = "weekly";
+  #     Unit = "dae-update.service";
+  #     Persistent = true;
+  #   };
+  # };
+}

nixos/configurations/Tytonidae/default.nix

@@ -0,0 +1,80 @@
+{ pkgs, inputs, ... }:
+{
+  imports =
+    (with inputs; [
+      nixos-hardware.nixosModules.asus-fx506hm
+    ])
+    ++ [
+      ./i18n.nix
+      ./gui.nix
+      ./users
+      ./openssh.nix
+      ./kvm.nix
+      ./dae
+      ./nh.nix
+      ./steam.nix
+
+      # Include the hardware related config
+      ./hardware-configuration.nix
+      ./networking.nix
+    ];
+
+  youthlic.home-manager = {
+    enable = true;
+    unixName = "david";
+    hostName = "Tytonidae";
+  };
+
+  programs.gnupg.agent = {
+    enable = true;
+  };
+
+  networking.hostName = "Tytonidae";
+
+  time.timeZone = "Asia/Shanghai";
+
+  services.printing.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    nix-output-monitor
+    wget
+    git
+    vim
+    helix
+    nixd
+    nixfmt-rfc-style
+
+    element-desktop
+    discord-ptb
+    asusctl
+    vlc
+    btop
+    handbrake
+    wechat-uos
+    nvtopPackages.full
+    spotify
+  ];
+
+  environment.variables.EDITOR = "hx";
+
+  nixpkgs = {
+    config = {
+      allowUnfree = true;
+    };
+  };
+
+  boot = {
+    kernelPackages = pkgs.linuxPackages_zen;
+    loader.systemd-boot.enable = true;
+    loader.efi.canTouchEfiVariables = true;
+  };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+
+  system.stateVersion = "24.11"; # Did you read the comment?
+}

nixos/configurations/Tytonidae/gui.nix

@@ -0,0 +1,72 @@
+{ pkgs, ... }:
+{
+  # Enable the X11 windowing system.
+  # You can disable this if you're only using the Wayland session.
+  services.xserver = {
+    display = 0;
+    enable = true;
+  };
+  # Enable the KDE Plasma Desktop Environment.
+  # services.displayManager.sddm.enable = true;
+  # services.desktopManager.plasma6.enable = true;
+  services.desktopManager.cosmic.enable = true;
+  services.displayManager.cosmic-greeter.enable = true;
+  programs.niri = {
+    enable = true;
+    package = pkgs.niri-unstable;
+  };
+
+  # Configure keymap in X11
+  services.xserver.xkb = {
+    layout = "cn";
+    variant = "";
+  };
+
+  environment.systemPackages = with pkgs; [
+    fontconfig
+  ];
+  programs.firefox.enable = true;
+  programs.localsend.enable = true;
+
+  fonts = {
+    enableDefaultPackages = false;
+    packages = with pkgs; [
+      nerd-fonts.fira-code
+      noto-fonts
+      noto-fonts-cjk-sans
+      noto-fonts-cjk-serif
+      noto-fonts-emoji
+      lxgw-wenkai
+    ];
+    fontconfig.defaultFonts = pkgs.lib.mkForce {
+      serif = [
+        "LXGW WenKai"
+        "Noto Serif CJK SC"
+        "Noto Serif"
+      ];
+      sansSerif = [
+        "Noto Serif CJK SC"
+        "Noto Serif"
+      ];
+      monospace = [
+        "FiraCode Nerd Font"
+      ];
+      emoji = [ "Noto Color Emoji" ];
+    };
+  };
+
+  services.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    # If you want to use JACK applications, uncomment this
+    #jack.enable = true;
+
+    # use the example session manager (no others are packaged yet so this is enabled by default,
+    # no need to redefine it in your config for now)
+    #media-session.enable = true;
+  };
+}

nixos/configurations/Tytonidae/hardware-configuration.nix

@@ -0,0 +1,58 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "thunderbolt"
+    "nvme"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/b638dbc9-8945-482d-9d10-193271d3df98";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/A779-6930";
+    fsType = "vfat";
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/7f7e95f2-8f2a-4998-bd71-01466e8ecc98"; }
+  ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno2.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s13f0u1u1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

nixos/configurations/Tytonidae/i18n.nix

@@ -0,0 +1,43 @@
+{
+  pkgs,
+  outputs,
+  ...
+}:
+{
+  i18n = {
+    defaultLocale = "C.UTF-8";
+    extraLocaleSettings = {
+      LC_ADDRESS = "zh_CN.UTF-8";
+      LC_IDENTIFICATION = "zh_CN.UTF-8";
+      LC_MEASUREMENT = "zh_CN.UTF-8";
+      LC_MONETARY = "zh_CN.UTF-8";
+      LC_NAME = "zh_CN.UTF-8";
+      LC_NUMERIC = "zh_CN.UTF-8";
+      LC_PAPER = "zh_CN.UTF-8";
+      LC_TELEPHONE = "zh_CN.UTF-8";
+      LC_TIME = "zh_CN.UTF-8";
+    };
+    inputMethod = {
+      enable = true;
+      type = "fcitx5";
+      fcitx5 = {
+        addons = with pkgs; [
+          libsForQt5.fcitx5-qt
+          fcitx5-gtk
+          fcitx5-configtool
+          fcitx5-chinese-addons
+          (fcitx5-rime.override {
+            rimeDataPkgs = (
+              with (outputs.packages."${pkgs.system}");
+              [
+                rime-ice
+              ]
+            );
+          })
+        ];
+        waylandFrontend = true;
+      };
+    };
+  };
+
+}

nixos/configurations/Tytonidae/kvm.nix

@@ -0,0 +1,9 @@
+{ ... }:
+{
+  programs.virt-manager.enable = true;
+  virtualisation = {
+    libvirtd.enable = true;
+    spiceUSBRedirection.enable = true;
+  };
+
+}

nixos/configurations/Tytonidae/networking.nix

@@ -0,0 +1,36 @@
+{ ... }:
+{
+  systemd.network = {
+    enable = true;
+    wait-online.enable = false;
+    networks = {
+      "eno2" = {
+        matchConfig.Name = "eno2";
+        networkConfig = {
+          DHCP = "yes";
+          IPv6AcceptRA = true;
+        };
+      };
+    };
+  };
+
+  networking = {
+    networkmanager.enable = false;
+    useNetworkd = true;
+    useDHCP = false;
+
+    wireless.iwd = {
+      enable = true;
+      settings = {
+        General = {
+          EnableNetworkConfiguration = true;
+        };
+        Network = {
+          EnableIPv6 = true;
+          NameResolvingService = "systemd";
+        };
+      };
+    };
+    firewall.enable = false;
+  };
+}

nixos/configurations/Tytonidae/nh.nix

@@ -0,0 +1,11 @@
+{
+  ...
+}:
+{
+  programs.nh = {
+    enable = true;
+    clean.enable = true;
+    clean.extraArgs = "--keep-since 4d --keep 3";
+    flake = ./..;
+  };
+}

nixos/configurations/Tytonidae/openssh.nix

@@ -0,0 +1,37 @@
+{ ... }:
+{
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+      X11Forwarding = true;
+      PermitRootLogin = "no";
+      LogLevel = "VERBOSE";
+      Macs = [
+        "hmac-sha2-512-etm@openssh.com"
+        "hmac-sha2-256-etm@openssh.com"
+        "umac-128-etm@openssh.com"
+        "hmac-sha2-512"
+        "hmac-sha2-256"
+        "umac-128@openssh.com"
+      ];
+      Ciphers = [
+        "chacha20-poly1305@openssh.com"
+        "aes256-gcm@openssh.com"
+        "aes128-gcm@openssh.com"
+        "aes256-ctr"
+        "aes192-ctr"
+        "aes128-ctr"
+      ];
+      KexAlgorithms = [
+        "curve25519-sha256@libssh.org"
+        "ecdh-sha2-nistp521"
+        "ecdh-sha2-nistp384"
+        "ecdh-sha2-nistp256"
+        "diffie-hellman-group-exchange-sha256"
+      ];
+    };
+    ports = [ 3022 ];
+  };
+}

nixos/configurations/Tytonidae/steam.nix

@@ -0,0 +1,12 @@
+{ ... }:
+{
+  config = {
+    hardware.graphics.enable32Bit = true;
+    programs.steam = {
+      enable = true;
+      remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
+      dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
+      localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
+    };
+  };
+}

nixos/configurations/Tytonidae/users/david.nix

@@ -0,0 +1,18 @@
+{ pkgs, ... }:
+{
+  users.users.david = {
+    isNormalUser = true;
+    description = "david";
+    extraGroups = [
+      "networkmanager"
+      "libvirtd"
+      "wheel"
+    ];
+  };
+
+  programs.fish.enable = true;
+  users.users.david.shell = pkgs.fish;
+  users.users.david.openssh.authorizedKeys.keyFiles = [
+    ./tytonidae.pub
+  ];
+}

nixos/configurations/Tytonidae/users/default.nix

@@ -0,0 +1,6 @@
+{ ... }:
+{
+  imports = [
+    ./david.nix
+  ];
+}

nixos/configurations/Tytonidae/users/tytonidae.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETMs9b4xfFRsgPZUzrVce3J27p0LBKLfZwhNMen0Da9 david@nixos

nixos/modules/default.nix

@@ -0,0 +1,30 @@
+{
+  inputs,
+  outputs,
+  pkgs,
+  ...
+}:
+{
+  imports =
+    (with inputs; [
+      niri-flake.nixosModules.niri
+      nixos-cosmic.nixosModules.default
+      home-manager.nixosModules.home-manager
+      dae.nixosModules.dae
+      sops-nix.nixosModules.sops
+    ])
+    ++ [
+      ./nix.nix
+      ./home.nix
+      ./sops.nix
+    ];
+
+  config = {
+    nixpkgs = {
+      overlays = with outputs.overlays; [
+        modifications
+        additions
+      ];
+    };
+  };
+}

nixos/modules/home.nix

@@ -0,0 +1,68 @@
+{
+  inputs,
+  outputs,
+  lib,
+  config,
+  pkgs,
+  rootPath,
+  ...
+}:
+{
+  options.youthlic.home-manager = {
+    enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = ''
+        whether enable home-manager or not
+      '';
+    };
+    unixName = lib.mkOption {
+      type = lib.types.str;
+      default = "david";
+      example = "youthlic";
+      description = ''
+        unix name of home-manager user
+      '';
+    };
+    hostName = lib.mkOption {
+      type = lib.types.str;
+      example = "Tytonidae";
+      description = ''
+        host name of home-manager user
+      '';
+    };
+  };
+  config =
+    let
+      cfg = config.youthlic.home-manager;
+      unixName = cfg.unixName;
+      hostName = cfg.hostName;
+    in
+    lib.mkIf cfg.enable {
+      home-manager = {
+        useGlobalPkgs = true;
+        useUserPackages = true;
+        users."${cfg.unixName}" = (
+          { ... }:
+          {
+            imports = [
+              outputs.homeManagerModules."${unixName}"
+              (rootPath + "/home/${unixName}/configurations/${hostName}")
+            ];
+
+            config = {
+              youthlic.nixos.enable = true;
+            };
+          }
+        );
+        extraSpecialArgs = {
+          inherit outputs inputs rootPath;
+          inherit (cfg) unixName hostName;
+          inherit (pkgs) system;
+        };
+        backupFileExtension = "backup";
+        sharedModules = [ outputs.homeManagerModules.default ];
+      };
+    };
+}

nixos/modules/nix.nix

@@ -0,0 +1,45 @@
+{
+  inputs,
+  outputs,
+  pkgs,
+  lib,
+  ...
+}:
+{
+  config = {
+    nix = {
+      nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
+      settings = {
+        inherit (outputs.nix.settings) substituters;
+        trusted-users = [
+          "root"
+          "@wheel"
+        ];
+        trusted-public-keys = [
+          "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
+          "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+        ];
+        auto-optimise-store = lib.mkDefault true;
+        experimental-features = [
+          "nix-command"
+          "flakes"
+        ];
+        warn-dirty = false;
+        system-features = [
+          "kvm"
+          "big-parallel"
+        ];
+        use-xdg-base-directories = true;
+        builders-use-substitutes = true;
+      };
+      package = pkgs.nix;
+      registry.sys = lib.mkDefault {
+        from = {
+          type = "indirect";
+          id = "sys";
+        };
+        flake = inputs.nixpkgs;
+      };
+    };
+  };
+}

nixos/modules/sops.nix

@@ -0,0 +1,20 @@
+{
+  rootPath,
+  config,
+  ...
+}:
+{
+  config = {
+    sops.defaultSopsFile = rootPath + "/secrets/general.yaml";
+    sops.age =
+      let
+        unixName = config.youthlic.home-manager.unixName;
+        cfg = config.users.users."${unixName}";
+      in
+      {
+        keyFile = "${cfg.home}/.config/sops/age/keys.txt";
+        sshKeyPaths = [ ];
+        generateKey = false;
+      };
+  };
+}