feat: opencode

hosts/box/configuration.nix

@@ -91,7 +91,16 @@
 
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;
-  networking.firewall.allowedTCPPorts = [ 22 ];
+  networking.firewall.allowedTCPPorts = [
+    22    # SSH
+    5003  # opencode-manager backend
+    5173  # opencode-manager frontend
+    5551  # opencode server
+  ];
+  networking.firewall.allowedTCPPortRanges = [{
+    from = 7000;
+    to = 9000;
+  }]; # opencode-manager: ports for testing user changes
 
   programs.gnupg.agent.enable = true;
   programs.gnupg.agent.pinentryPackage = pkgs.pinentry-curses;

hosts/box/default.nix

@@ -66,6 +66,10 @@
   age.secrets.box-wg.file = "${self}/secrets/box-wg.age";
   age.secrets.box-wg.owner = "anish";
   age.secrets.borg-key.file = "${self}/secrets/borg-key.age";
+  age.secrets.github-token.file = "${self}/secrets/github-token.age";
+  age.secrets.github-token.owner = "anish";
+  age.secrets.anthropicToken.file = "${self}/secrets/anthropicToken.age";
+  age.secrets.anthropicToken.owner = "anish";
   mossnet.wg = {
     enable = true;
     ips = [ "10.0.69.4/24" ];

hosts/curve/default.nix

@@ -85,6 +85,10 @@
 
   age.secrets.curve-wg.file = "${self}/secrets/curve-wg.age";
   age.secrets.curve-wg.owner = "anish";
+  age.secrets.github-token.file = "${self}/secrets/github-token.age";
+  age.secrets.github-token.owner = "anish";
+  age.secrets.anthropicToken.file = "${self}/secrets/anthropicToken.age";
+  age.secrets.anthropicToken.owner = "anish";
   mossnet.wg = {
     enable = true;
     ips = [ "10.0.69.2/24" ];

hosts/darwin/default.nix

@@ -1,4 +1,4 @@
-{ self, pkgs, config, ... }:
+{ self, pkgs, config, inputs, ... }:
 
 {
   imports = [
@@ -22,6 +22,10 @@
   age.identityPaths = [ "/Users/anishlakhwara/.ssh/id_ed25519" ];
   age.secrets.work-wg.file = "${self}/secrets/work-wg.age";
   age.secrets.work-wg.owner = "anishlakhwara";
+  age.secrets.github-token.file = "${self}/secrets/github-token.age";
+  age.secrets.github-token.owner = "anishlakhwara";
+  age.secrets.anthropicToken.file = "${self}/secrets/anthropicToken.age";
+  age.secrets.anthropicToken.owner = "anishlakhwara";
   networking.wg-quick.interfaces = {
     wg0 = {
       address = [ "10.0.69.7/24" ];