server: add forgejo and postgresql

- add `.cargo/bin` to PATH

flake.lock

@@ -318,11 +318,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1751271578,
-        "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=",
+        "lastModified": 1755186698,
+        "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df",
+        "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
         "type": "github"
       },
       "original": {

hosts/thegeneralist-central/acme/default.nix

@@ -17,6 +17,9 @@ in {
         extraDomainNames = [ "*.${domain}" ];
         group = "acme";
       };
+      "git.${domain}" = {
+        group = "acme";
+      };
       "internal.${domain}" = {
         group = "acme";
       };

hosts/thegeneralist-central/archive/archivebox.nix

@@ -20,14 +20,14 @@
       };
     };
 
-    pywb = {
-      image = "docker.io/webrecorder/pywb";
-      ports = [ "127.0.0.1:8001:8001" ];
-      volumes = [
-        "/mnt/usb/services/browsertrix/webrecorder/:/"
-        "/mnt/usb/services/browsertrix/webrecorder/webarchive:/webarchive"
-      ];
-    };
+    # pywb = {
+    #   image = "docker.io/webrecorder/pywb";
+    #   ports = [ "127.0.0.1:8001:8001" ];
+    #   volumes = [
+    #     "/mnt/usb/services/browsertrix/webrecorder/:/"
+    #     "/mnt/usb/services/browsertrix/webrecorder/webarchive:/webarchive"
+    #   ];
+    # };
   };
 
   environment.systemPackages = [ pkgs.docker ];

hosts/thegeneralist-central/archive/default.nix

@@ -5,7 +5,7 @@ let
   ssl = {
     forceSSL = true;
     quic = true;
-    useACMEHost = domain;
+    useACMEHost = acmeDomain;
   };
 in
 {

hosts/thegeneralist-central/configuration.nix

@@ -5,7 +5,7 @@
 { config, pkgs, inputs, ... }:
 
 {
-  imports = [ ./hardware-configuration.nix ./site.nix ./cache ./archive ];
+  imports = [ ./hardware-configuration.nix ./site.nix ./cache ./archive ./forgejo ];
 
   age.secrets.password.file = ./password.age;
   users.users = {

hosts/thegeneralist-central/credentials_personal.age

@@ -0,0 +1,5 @@
+<EFBFBD>
+<EFBFBD>
+<EFBFBD>
+<EFBFBD>
+<EFBFBD>

hosts/thegeneralist-central/dns.nix

@@ -1,69 +1,23 @@
-{ pkgs, ... }:
+{ pkgs, lib, ... }:
 let
-  internalZoneFile = pkgs.writeText "internal.zone" ''
-    $ORIGIN internal.thegeneralist01.com.
-    @   IN SOA  ns.internal.thegeneralist01.com. thegeneralist01.proton.me. (
-          2025071801 ; serial (yyyymmddXX)
+  subdomains = [ "internal" "archive" "crawler" "r" "b" "s" "p" "q" "cloud" ];
+
+  mainZoneFile = pkgs.writeText "thegeneralist01.zone" ''
+    $ORIGIN thegeneralist01.com.
+    @   IN SOA  ns.thegeneralist01.com. thegeneralist01.proton.me. (
+          2025081501 ; serial (yyyymmddXX)
           3600       ; refresh
           600        ; retry
           86400      ; expire
           3600       ; minimum
     )
-        IN NS   ns.internal.thegeneralist01.com.
+        IN NS   ns.thegeneralist01.com.
     ns  IN A    100.86.129.23
     @   IN A    100.86.129.23
+    ${lib.concatStringsSep "\n" (lib.map (sub: "${sub} IN A 100.86.129.23") subdomains)}
   '';
 
-  archiveZoneFile = pkgs.writeText "archive.zone" ''
-    $ORIGIN archive.thegeneralist01.com.
-    @   IN SOA  ns.archive.thegeneralist01.com. thegeneralist01.proton.me. (
-          2025073101 ; serial (yyyymmddXX)
-          3600       ; refresh
-          600        ; retry
-          86400      ; expire
-          3600       ; minimum
-    )
-        IN NS   ns.archive.thegeneralist01.com.
-    ns  IN A    100.86.129.23
-    @   IN A    100.86.129.23
-  '';
-
-  crawlerZoneFile = pkgs.writeText "crawler.zone" ''
-    $ORIGIN crawler.thegeneralist01.com.
-    @   IN SOA  ns.crawler.thegeneralist01.com. thegeneralist01.proton.me. (
-          2025080801 ; serial (yyyymmddXX)
-          3600       ; refresh
-          600        ; retry
-          86400      ; expire
-          3600       ; minimum
-    )
-        IN NS   ns.crawler.thegeneralist01.com.
-    ns  IN A    100.86.129.23
-    @   IN A    100.86.129.23
-  '';
-in
-{
-  services.coredns = {
-    enable = true;
-    config = ''
-      internal.thegeneralist01.com:53 {
-        file ${internalZoneFile}
-        log
-        errors
-      }
-
-      archive.thegeneralist01.com:53 {
-        file ${archiveZoneFile}
-        log
-        errors
-      }
-
-      crawler.thegeneralist01.com:53 {
-        file ${crawlerZoneFile}
-        log
-        errors
-      }
-
+  forwarderBlock = ''
     .:53 {
       forward . 100.100.100.100 45.90.28.181 45.90.30.181
       cache
@@ -71,6 +25,19 @@ in
       errors
     }
   '';
+in
+{
+  services.coredns = {
+    enable = true;
+    config = ''
+      thegeneralist01.com:53 {
+        file ${mainZoneFile}
+        log
+        errors
+      }
+
+      ${forwarderBlock}
+    '';
   };
 
   networking.firewall.allowedUDPPorts = [ 53 ];

hosts/thegeneralist-central/forgejo/default.nix

@@ -0,0 +1,94 @@
+let
+  forgejo_root_dir = "/var/lib/forgejo";
+  domain = "git.thegeneralist01.com";
+
+  forgejo_folder = folder_name: "${forgejo_root_dir}/${folder_name}";
+in
+{
+  imports = [ ../../../modules/postgresql.nix ];
+
+  services.forgejo = {
+    enable = true;
+    stateDir = forgejo_folder "state";
+
+    lfs.enable = true;
+
+    settings =
+      let
+        title = "thegeneralist01's forgejo";
+        desc = "the attic of thegeneralist01's random repositories";
+      in
+      {
+        default.APP_NAME = title;
+        "ui.meta" = {
+          AUTHOR = title;
+          DESCRIPTION = desc;
+        };
+
+        attachment.ALLOWED_TYPES = "*/*";
+        cache.ENABLED = true;
+
+        "cron.archive_cleanup" =
+          let
+            interval = "4h";
+          in
+          {
+            SCHEDULE = "@every ${interval}";
+            OLDER_THAN = interval;
+          };
+
+        packages.ENABLED = true;
+        mailer = {
+          ENABLED = false;
+
+          # PROTOCOL = "smtps";
+          # SMTP_ADDR = self.disk.mailserver.fqdn;
+          # USER = "git@${domain}";
+        };
+
+        other = {
+          SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
+          SHOW_FOOTER_VERSION = false;
+        };
+
+        repository = {
+          DEFAULT_BRANCH = "master";
+          DEFAULT_MERGE_STYLE = "rebase-merge";
+          DEFAULT_REPO_UNITS = "repo.code, repo.issues, repo.pulls";
+
+          DEFAULT_PUSH_CREATE_PRIVATE = false;
+          ENABLE_PUSH_CREATE_ORG = true;
+          ENABLE_PUSH_CREATE_USER = true;
+
+          DISABLE_STARS = true;
+        };
+
+        "repository.upload" = {
+          FILE_MAX_SIZE = 100;
+          MAX_FILES = 10;
+        };
+
+        server = {
+          ROOT_URL = "https://${domain}/";
+          DOMAIN = domain;
+          LANDING_PAGE = "/explore";
+
+          HTTP_ADDR = "127.0.0.1";
+          HTTP_PORT = 3000;
+
+          SSH_LISTEN_HOST = "0.0.0.0";
+          SSH_PORT = 2222;
+          SSH_LISTEN_PORT = 2222;
+        };
+
+        service.DISABLE_REGISTRATION = true;
+
+        session = {
+          COOKIE_SECURE = true;
+          SAME_SITE = "strict";
+        };
+      };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 2222 ];
+}

hosts/thegeneralist-central/site.nix

@@ -1,12 +1,19 @@
-{ config, pkgs, ... }: let
+{ config, pkgs, ... }:
+let
   domain = "thegeneralist01.com";
+	family_domain = builtins.getEnv "FAMILY_DOMAIN";
 
   ssl = {
     quic = true;
     useACMEHost = domain;
   };
-in {
-  imports = [ ./acme ./dns.nix ./jellyfin ];
+in
+{
+  imports = [
+    ./acme
+    ./dns.nix
+    ./jellyfin
+  ];
 
   # Nginx
   services.nginx = {
@@ -14,7 +21,7 @@ in {
     package = pkgs.nginxQuic;
     enableQuicBPF = true;
 
-    recommendedZstdSettings       = true;
+    experimentalZstdSettings = true;
     recommendedUwsgiSettings = true;
     recommendedTlsSettings = true;
     recommendedProxySettings = true;
@@ -47,9 +54,31 @@ in {
       locations."/".return = "306 https://${domain}$request_uri";
     };
 
-    virtualHosts._ = ssl // {
-      locations."/".return = "307 https://${domain}/404";
+    virtualHosts."${family_domain}" = {
+      root = "/var/www/${family_domain}";
+      locations."/".tryFiles = "$uri $uri.html $uri/ $uri/index.html =404";
+
+      extraConfig = ''
+        if ($http_x_forwarded_proto = "http") {
+          return 301 https://${family_domain}$request_uri;
+        }
+
+        location ~* \.(html|css|js|jpg|jpeg|png|gif|svg|ico|woff2?)$ {
+          expires 1d;
+          add_header Cache-Control "public";
+        }
+
+        error_page 404 /404.html;
+      '';
     };
+
+    virtualHosts."www.${family_domain}" = {
+      locations."/".return = "306 https://${family_domain}$request_uri";
+    };
+
+    # virtualHosts._ = ssl // {
+    #   locations."/".return = "307 https://${domain}/404";
+    # };
   };
 
   # Cloudflare
@@ -57,21 +86,35 @@ in {
 
   age.secrets.cftcert.file = ./cert.pem.age;
   age.secrets.cftcredentials.file = ./credentials.age;
+  age.secrets.cftcredentials_personal.file = ./credentials_personal.age;
 
   services.cloudflared = {
     enable = true;
     certificateFile = config.age.secrets.cftcert.path;
 
-    tunnels."site" = {
+    tunnels = {
+      "site" = {
         ingress = {
           "thegeneralist01.com" = "http://localhost:80";
           "www.thegeneralist01.com" = "http://localhost:80";
           "cache.thegeneralist01.com" = "http://localhost:80";
+          "git.thegeneralist01.com" = "http://localhost:3000";
         };
         default = "http_status:404";
 
         credentialsFile = config.age.secrets.cftcredentials.path;
         certificateFile = config.age.secrets.cftcert.path;
       };
+      "personal" = {
+        ingress = {
+          "${family_domain}" = "http://localhost:80";
+          "www.${family_domain}" = "http://localhost:80";
+        };
+        default = "http_status:404";
+
+        credentialsFile = config.age.secrets.cftcredentials_personal.path;
+        certificateFile = config.age.secrets.cftcert.path;
+      };
+    };
   };
 }

lib/default.nix

@@ -1,5 +1,6 @@
 inputs: self: super:
 let
   system = import ./system.nix inputs self super;
+  option = import ./option.nix inputs self super;
 in
-system
+system // option

lib/option.nix

@@ -0,0 +1,12 @@
+_: _: super: let
+  inherit (super) mkOption;
+in {
+  mkConst = value: mkOption {
+    default  = value;
+    readOnly = true;
+  };
+
+  mkValue = default: mkOption {
+    inherit default;
+  };
+}

modules/common/neovim.nix

@@ -19,7 +19,10 @@ in {
 
       python313
       python313Packages.pip
+      uv
       python313Packages.virtualenv
+      basedpyright
+      black
 
       nodejs
       nodePackages."sass"

modules/common/nix.nix

@@ -25,7 +25,7 @@ in {
       "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
     ];
 
-    trusted-users = [ "thegeneralist" "central" "root" "@build" "@wheel" "@admin" ];
+    trusted-users = [ "thegeneralist" "central" "root" "@build" "@wheel" "@admin" "jellyfin" "git" ];
 
     builders-use-substitutes = true;
   };

modules/common/nushell/config.nu

@@ -22,7 +22,7 @@ $env.config.completions = {
     enable:      true
     max_results: 100
     completer:   {|tokens: list<string>|
-      let expanded = scope aliases | where name == $tokens.0 | get --ignore-errors expansion.0
+      let expanded = scope aliases | where name == $tokens.0 | get --optional expansion.0
 
       mut expanded_tokens = if $expanded != null and $tokens.0 != "cd" {
         $expanded | split row " " | append ($tokens | skip 1)
@@ -67,3 +67,12 @@ alias ah = cd ~/dotfiles/hosts/thegeneralist
 alias ai3 = nvim /home/thegeneralist/dotfiles/hosts/thegeneralist/dotfiles/i3/config
 # alias rb = sudo nixos-rebuild switch --flake ~/dotfiles#thegeneralist
 alias rb = nh os switch . -v -- --show-trace --verbose
+
+def greeting [] {
+  let quotes = [
+    "What is impossible for you is not impossible for me."
+  ]
+  echo ($quotes | get (random int 0..(($quotes | length) - 1)))
+}
+
+greeting

modules/common/nushell/default.nix

@@ -21,6 +21,7 @@ in {
       fzf
       gh
       fastfetch
+      carapace
     ];
 
     shellAliases = {
@@ -73,10 +74,16 @@ in {
         envFile.text = readFile ./env.nu;
         environmentVariables = config.environment.variables // homeArgs.config.home.sessionVariables;
       };
+      programs.carapace = {
+        enable = true;
+        enableZshIntegration = true;
+        enableNushellIntegration = true;
+      };
       programs.zsh = {
         enable = true;
         sessionVariables = config.environment.variables // homeArgs.config.home.sessionVariables;
       };
+      home.sessionPath = [ "/Users/thegeneralist/.cargo/bin" ];
     })
   ];
 }

modules/common/rust.nix

@@ -26,6 +26,9 @@
       nixfmt-rfc-style
 
       libiconv
+
+      clang
+      clang-analyzer
     ];
   };
 }

modules/common/tailscale.nix

@@ -1,7 +1,7 @@
 {
-  services.tailscale = {
-    enable = true;
-  };
-
-  networking.search = [ "shorthair-wall.ts.net" ];
+  # services.tailscale = {
+  #   enable = true;
+  # };
+  #
+  # networking.search = [ "shorthair-wall.ts.net" ];
 }

modules/darwin/karabiner.nix

@@ -1,18 +1,31 @@
 let
   numbers = [
-    "1" "2" "3" "4" "5" "6" "7" "8" "9" "0"
+    "1"
+    "2"
+    "3"
+    "4"
+    "5"
+    "6"
+    "7"
+    "8"
+    "9"
+    "0"
   ];
 
   number_to_symbol = num: {
     type = "basic";
     from = {
       key_code = num;
-      modifiers = { optional = [ "caps_lock" ]; };
+      modifiers = {
+        optional = [ "caps_lock" ];
       };
-    to = [{
+    };
+    to = [
+      {
         key_code = num;
         modifiers = [ "left_shift" ];
-    }];
+      }
+    ];
   };
 
   symbol_to_number = num: {
@@ -24,15 +37,19 @@ let
         optional = [ "caps_lock" ];
       };
     };
-    to = [{
+    to = [
+      {
         key_code = num;
-    }];
+      }
+    ];
   };
 
-  manipulators = builtins.concatLists (map (n: [
+  manipulators = builtins.concatLists (
+    map (n: [
       (number_to_symbol n)
       (symbol_to_number n)
-  ]) numbers);
+    ]) numbers
+  );
 
   simple_modifications = [
     {
@@ -47,32 +64,53 @@ let
 
   complex_modifications = {
     name = "Complex Modifications";
-    rules = [{
-      description = "Change numbers to symbols and vice versa";
-      manipulators = manipulators;
-    }];
+    rules = [
+      # {
+      #   description = "Change numbers to symbols and vice versa";
+      #   manipulators = manipulators;
+      # }
+      {
+        description = "Toggle Focus Mode with F6";
+        manipulators = [
+          {
+            from = {
+              "key_code" = "f6";
+            };
+            to = [ { "shell_command" = "shortcuts run 'Reduced Interruptions'"; } ];
+            type = "basic";
+          }
+        ];
+      }
+    ];
   };
 
   config = builtins.toJSON {
     global.show_in_menu_bar = false;
 
-    profiles = [{
+    profiles = [
+      {
         name = "default";
         selected = true;
         virtual_hid_keyboard.keyboard_type_v2 = "ansi";
         inherit simple_modifications;
         inherit complex_modifications;
 
-      devices = [{
+        devices = [
+          {
             identifiers.is_keyboard = true;
-      }];
-    }];
+          }
+        ];
+      }
+    ];
   };
-in {
-  home-manager.sharedModules = [{
+in
+{
+  home-manager.sharedModules = [
+    {
       home.file.".config/karabiner/karabiner.json" = {
         force = true;
         text = config;
       };
-  }];
+    }
+  ];
 }

modules/darwin/packages.nix

@@ -1,5 +1,5 @@
 { pkgs, ... }: {
   homebrew.enable = true;
-  homebrew.casks = [ "ungoogled-chromium" ];
+  homebrew.casks = [ "google-chrome" ];
   environment.systemPackages = [ pkgs.iina ];
 }

modules/dotfiles/nvim/lua/thegeneralist/lazy/autopairs.lua

@@ -0,0 +1,7 @@
+return {
+  "windwp/nvim-autopairs",
+  event = "InsertEnter",
+  config = true,
+  -- use opts = {} for passing setup options
+  -- this is equivalent to setup({}) function
+}

modules/dotfiles/nvim/lua/thegeneralist/lazy/blink.lua

@@ -16,7 +16,9 @@ return {
       -- C-k: Toggle signature help (if signature.enabled = true)
       --
       -- See :h blink-cmp-config-keymap for defining your own keymap
-			keymap = { preset = "default" },
+      keymap = {
+        preset = "default",
+      },
 
       appearance = {
         nerd_font_variant = "mono",

modules/dotfiles/nvim/lua/thegeneralist/lazy/init.lua

@@ -62,6 +62,11 @@ return {
 			-- set <leader>cpd and <leader>cpe to disable/enable copilot
 			vim.keymap.set("n", "<leader>cpe", "<cmd>Copilot enable<CR>")
 			vim.keymap.set("n", "<leader>cpd", "<cmd>Copilot disable<CR>")
+			vim.keymap.set("i", "<C-J>", 'copilot#Accept("\\<CR>")', {
+				expr = true,
+				replace_keycodes = false,
+			})
+			vim.g.copilot_no_tab_map = true
 		end,
 	},
 	-- {

modules/dotfiles/nvim/lua/thegeneralist/lazy/lsp.lua

@@ -36,6 +36,8 @@ return {
 
       local capabilities = require("blink.cmp").get_lsp_capabilities()
       vim.lsp.enable("nixd")
+      vim.lsp.enable("clangd")
+      vim.lsp.enable("basedpyright")
       require("mason-lspconfig").setup({
         automatic_enable = true,
         ensure_installed = {
@@ -43,7 +45,6 @@ return {
           "ts_ls",
           "cssls",
           "tailwindcss",
-					"pyright",
         },
         handlers = {
           function(server_name) -- default handler (optional)

modules/dotfiles/nvim/lua/thegeneralist/lazy/markdown.lua

@@ -1,9 +1,9 @@
 return {
-  -- "iamcco/markdown-preview.nvim",
-  -- cmd = { "MarkdownPreviewToggle", "MarkdownPreview", "MarkdownPreviewStop" },
-  -- build = "cd app && yarn install",
-  -- init = function()
-  --   vim.g.mkdp_filetypes = { "markdown" }
-  -- end,
-  -- ft = { "markdown" },
+  "iamcco/markdown-preview.nvim",
+  cmd = { "MarkdownPreviewToggle", "MarkdownPreview", "MarkdownPreviewStop" },
+  build = "cd app && yarn install",
+  init = function()
+    vim.g.mkdp_filetypes = { "markdown" }
+  end,
+  ft = { "markdown" },
 }

modules/dotfiles/nvim/lua/thegeneralist/lazy/nullls.lua

@@ -18,27 +18,26 @@ return {
       ensure_installed = {
         "stylua",
         "jq",
-				"mypy",
-				"ruff",
+        "basedpyright",
         "black",
       },
       handlers = {
-				["mypy"] = function(source_name, methods)
-					local options = {
-						extra_args = function()
-							local command = "which python"
-							local handle = io.popen(command)
-              local python_path = ""
-              if handle then
-                python_path = handle:read("*a")
-                python_path = string.gsub(python_path, "\n", "")
-                handle:close()
-              end
-							return { "--python-executable", python_path }
-						end,
-					}
-					null_ls.register(null_ls.builtins.diagnostics.mypy.with(options))
-				end,
+        -- ["mypy"] = function(source_name, methods)
+        --   local options = {
+        --     extra_args = function()
+        --       local command = "which python"
+        --       local handle = io.popen(command)
+        --       local python_path = ""
+        --       if handle then
+        --         python_path = handle:read("*a")
+        --         python_path = string.gsub(python_path, "\n", "")
+        --         handle:close()
+        --       end
+        --       return { "--python-executable", python_path }
+        --     end,
+        --   }
+        --   null_ls.register(null_ls.builtins.diagnostics.mypy.with(options))
+        -- end,
         --[[ ["ruff"] = function(source_name, methods)
           null_ls.register(null_ls.builtins.diagnostics.ruff)
           --require('mason-null-ls').default_setup(source_name, methods) -- to maintain default behavior

modules/dotfiles/nvim/lua/thegeneralist/remap.lua

@@ -77,6 +77,7 @@ vim.keymap.set("v", "<", "<gv")
 vim.keymap.set("v", ">", ">gv")
 
 -- Indent with tab
+vim.keymap.set("i", "<Tab>", "<Tab>")
 vim.keymap.set("v", "<Tab>", ">gv")
 vim.keymap.set("v", "<S-Tab>", "<gv")
 

modules/postgresql.nix

@@ -0,0 +1,44 @@
+# stolen from https://github.com/RGBCube/ncc/blob/94c349aa767f04f40ff4165c70c15ed3c3996f82/modules/postgresql.nix
+{ config, lib, pkgs, ... }: let
+  inherit (lib) flip mkForce mkOverride mkValue;
+in {
+  config.environment.systemPackages = [
+    config.services.postgresql.package
+  ];
+
+  options.services.postgresql.ensure = mkValue [];
+
+  config.services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_17;
+
+    enableJIT   = true;
+    enableTCPIP = true;
+
+    settings.listen_addresses = mkForce "::";
+    authentication            = mkOverride 10 /* ini */ ''
+      #     DATABASE USER        AUTHENTICATION
+      local all      all         peer
+
+      #     DATABASE USER ADDRESS AUTHENTICATION
+      host  all      all  ::/0    md5
+    '';
+
+    ensure = [ "postgres" "root" ];
+
+    initdbArgs      = [ "--locale=C" "--encoding=UTF8" ];
+    ensureDatabases = config.services.postgresql.ensure;
+
+    ensureUsers = flip map config.services.postgresql.ensure (name: {
+      inherit name;
+
+      ensureDBOwnership = true;
+
+      ensureClauses = {
+        login       = true;
+        superuser   = name == "postgres" || name == "root";
+      };
+    });
+  };
+}
+

secrets.nix

@@ -7,6 +7,7 @@ in {
   "hosts/thegeneralist-central/acme/acmeEnvironment.age".publicKeys = [ thegeneralist ];
   "hosts/thegeneralist-central/cert.pem.age".publicKeys = [ thegeneralist ];
   "hosts/thegeneralist-central/credentials.age".publicKeys = [ thegeneralist ];
+  "hosts/thegeneralist-central/credentials_personal.age".publicKeys = [ thegeneralist ];
   "hosts/thegeneralist-central/cache/key.age".publicKeys = [ thegeneralist ];
   "hosts/thegeneralist-central/password.age".publicKeys = [ thegeneralist ];