From 4d563444468308476220868d202a39904aa45f4a Mon Sep 17 00:00:00 2001
From: "Thomas A. Christensen II" <25492070+MillironX@users.noreply.github.com>
Date: Thu, 13 Nov 2025 14:36:19 -0600
Subject: [PATCH 1/2] secrets: Rekey secrets for secret purposes

---
 secrets.nix                        |   5 ++++-
 secrets/ansible-vault-password.age |  24 ++++++++++++------------
 secrets/darwin-policies-json.age   | Bin 834 -> 1214 bytes
 secrets/network-information.age    | Bin 907 -> 907 bytes
 secrets/pihole.age                 |  28 ++++++++++++++--------------
 secrets_file.enc                   |  16 +++++++---------
 secrets_odyssey.enc                |  13 ++++++++-----
 systems/darwin/corianne.nix        |   7 +++++++
 8 files changed, 52 insertions(+), 41 deletions(-)

diff --git a/secrets.nix b/secrets.nix
index 3b3ede4..c0d5047 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -8,6 +8,8 @@ let
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKaDPqRJHoqgY2pseh/mnhjaGWXprHk2s5I52LhHpHcF millironx@bosephus";
   odyssey-millironx =
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN9Aj7BtQp1Roa0tgopDrUo7g2am5WJ43lO1d1fDUz45 millironx@odyssey";
+  corianne-host =
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHKKkucebeb1GcerOZAAs5GQsgTS8kXw5W41b9Fy9+hp root@corianne.local";
   corianne-millironx =
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOgL2lO9RJBdQYANoxGyWXcNKi5/NZkRHHo/rNqaYMc/ millironx@corianne";
   harmony-millironx =
@@ -26,5 +28,6 @@ in {
     ++ [ bosephus-host ];
   "secrets/pihole.age".publicKeys = system-administrators ++ [ bosephus-host ];
   "secrets/ansible-vault-password.age".publicKeys = system-administrators;
-  "secrets/darwin-policies-json.age".publicKeys = system-administrators;
+  "secrets/darwin-policies-json.age".publicKeys = system-administrators
+    ++ [ corianne-host ];
 }
diff --git a/secrets/ansible-vault-password.age b/secrets/ansible-vault-password.age
index 99a96bc..d833716 100644
--- a/secrets/ansible-vault-password.age
+++ b/secrets/ansible-vault-password.age
@@ -1,13 +1,13 @@
 age-encryption.org/v1
--> ssh-ed25519 il3lzQ Ni2CHjeijXHfF62cUqVTm8MAOn6rRg8UrhqN6xvdkyk
-DsT0Ysx88FlCLeRzoOGctX7KqatX9/UCr5WdtdLJAf4
--> ssh-ed25519 1g/xww jRn91F29sISMyi41anAlzVCzt1t1DnUqxtryqkTQPlM
-cysgZLQR0YhiJYXBl59DjKbm+N8FnjA46wkQtnAzBFA
--> ssh-ed25519 +kBihw t6wlSnDKGgSzGhNJnryXVbDR40DATaV3fHovtI/u7zo
-zOyCZtzfLKeer9K6SMpfTxn6El4HB7gQFQqLOxIYB5U
--> ssh-ed25519 dbKeHw cn+8WTwis58bYm2pfEra6LeLvzEZ8GhZrOEeN+kkhCM
-fnlUAj8JtG8+r7Cj8xYUgF+JM6Pwqawn4sGI1LOeN78
--> ssh-ed25519 Svnssw zmDBR8TdRZ9NzNhwPYRN6c8naTxAkULyUZpKgk7Gshk
-0XCwpegEIlGXhnzLLUtmciKQiYiZRgnSOSvCcYeXXk8
---- D/lZ36n5sVste2NWfdOx8/klPh0CTmMjVQN74KIqDRY
-]%“¾ÇC}ˆNí›êOÈÓ"vÎÈ#òË±ªç×¢t­¤Ü_Q;^*!»+<+±àîŽŒÈdB×/KÒýÉ`
\ No newline at end of file
+-> ssh-ed25519 il3lzQ 8BY+QUEGqILKLs6ROw7llEOhx0GgrfFeKDcEgHePUFw
+SPiG48tkp5ewFc6/uNj+541B6YJODGmDFEbET2BfoZ0
+-> ssh-ed25519 1g/xww HyUG/jNJgHCceV/9vaaoSHc681x6Gg/uY+RIfQxIBxU
+6XVufQ4A9r8HPU9QLZ/idx3NjDf+UeKVMhtk9+Awy4E
+-> ssh-ed25519 +kBihw XjhEk6TF6M5OalqVQNpAemlmgMIJnfuH6M600DnJql0
+3zQPJZcsfnbUqRf5XWTJNbyqMb/rsSBIkS7YlYsyMcs
+-> ssh-ed25519 dbKeHw nIG5Z+XdJ3dyMxFOxyFMHw5sUkRJ2dsooJbIScNwlxM
+brJoiOSQcwgs3vNSk8eK6dzH3zfQGFNdEWj3jjMM5e0
+-> ssh-ed25519 Svnssw +VFbKj457mYT3GXQSacQ13J8MSkYe6A26ssNbqh8LAQ
+rJzIG170BcRlsLERhnfaqgRFeAL4Yw7zvtb1gGvUkCU
+--- ebIxmIBuNqNgfVWvOJc/0OpFBf3Q7pmApGgHYjrtJI8
+¹ì¤AòeO:(7_ãŽx¦‹¹0œ‘×·“°	Âj¹ f°V Û/D.8â¿€µÌ1ß ©¯[Ñq°¾f!7ht0Y
\ No newline at end of file
diff --git a/secrets/darwin-policies-json.age b/secrets/darwin-policies-json.age
index 9fa2d2bb8cc42f93a14b737c82f652ccaa1914d0..eabc269965926dde0005b303d3d4c30974d04056 100644
GIT binary patch
delta 1127
zcmZ9}`)?Bk003YZ1lb`mVqgLj8!(%!lwPmx+9mSn`fji9yX$%wq1Wr<u8-^W?s~mL
zQg93y3PE8Jj3FpuWH?kdbO=gC#{>ky0V0|*!~ju;5XO)Q#^3$^h40v;FKf3fC^v%$
z<q5?6sX|Vavo_eIjK)2Nu+!aY4aIEnAeIj1F)QKAl&pZ+WzomX243KCB!S4ZDQ5;H
z)@FkpAPw3zUJU0mkXILoQVgJ4tl+qmDo#Rry{1K>NvcbtsIW$Jc9)<|1Z8gqB9O4d
zrlFiL3Hb?<g_BeWHbx1tHS5zTAqKF?HjNuk6MnPkA+%@~w;>U?J0axsf+T`kl=76+
zY}QxQMAEO{slx;$8O6kKJ{7e%gP6UQMSV~XOXLv*4f|v-t=Cv-8Hd4?l>=J%Hb%?R
z6h=WwCtjfQR58;c;&il_cJVQ_Iw>2R<`fxeZrl3O_@~3!v?El|6|xM+M%;c-5G@&+
zklMfiBGD;t7<Woe(L-}u9AN;?;K=iA9E}wvliQRGQV^vJVj&4Ecv#Y&RLh}gAP0xy
zeywTi>G5^tl*S#>c|zG{#IL9G5u!Dg#QZsL3Zo66R-grC24dUXC~4N30Lbj)iVjQ6
zkx7%yVUx%Tu6QD6X)UG6QW!U)TsCF5M+Bq675jgHoOCK-lfs(BIVDMxti{69gjr<D
zHgB3#)0|D`mGg!GfjS|(m@vu|$^o*@kq<cFFsJjB#G;VS$!ggs;Cx9!l_oup=n!Q=
z;#rRu)d4D%N<sO}B|jm-4vey?6P8#eB)S9MfIETN8QKFHX~+UmB%x(8I-q81$AWcp
zXSmB-c0Oo6&{aFrG3Q)cIQ(p?smi4rPBg8uf@7N>?wI;Gt$i~vBHVd*O{GIPSy|b&
zY1xfObE^HP@S{U1;D@TK>TD0}0=JJ1Uf(TjyJ|nk=uh<E?IU-WZ+<bA{8y@cv3gIR
zYwSF~c6#Nl_h>4nSUBqfFtxL~{6Vm1JF~ug3_5?YZp!MRd+l`}9qyRX)l%BbTmyT@
z$~yMLn>AA!8}|+L-FL8O?tOl)Gxh7+^2VP{nc-hrn(~9xr;c5{)w=eMNt^2T)*qQB
zE$+);Lma}t7SnXv{uE~)IfDR^(?^%wd`^O2Ua@M~$iVH#Do?3u`|ehlk)b7DPea$7
zD{mOQ?wi}KzVRwKrugI5gvR-|PK>Ty*~=26Cuh}ubB#$nF`pdw%09=9@4H+;-bhqG
z0rW4-+Z{jKpV*&Sfw>md*Id5PbA9BiP;uvz_a!)ZYw47O3s-gOzFYro-`|I{ix=r1
zjoW|r%I%@mZ`_^TKS&)a%$Ypg+O7Ne_-~VIr!ODgdf<b358+Gv%y%?bH_Ysxuy1Me
z@dMMDpFSJ#)jsq5#Erc*JqzfO!wq}()HnQy9)YD{a`f`vV~qnU8JleH9K86?y1ypA
c&kE)p@kMcz3|+ev9__ANIThQsf^Yc!KdYO}W&i*H

delta 744
zcmV~$S!mM$002;BAXuk!f)@@Po?z|TEJ+XW%F(n<o2Ic%+XNi8X_7Wg*R*NcBuu9J
zb071V69h%X0~I_!2Fef=5kdAL(|Jr0_o0IRj4=_1$9s>KKUsEi_h8VFaM(6c6ESK5
z!r~8-2tek!WC_e=eA$=@D9r)^!#*r2IPy-r8TM$p>C*`ijb{v`r6eimK}*7VWergn
zOKxJMTjK@R;o8@&>qVDX=!Ib*&<)6Lv(@T`R8+6hU_B_99G)zr1R>He?o>^8J(vOv
z(_*<s)xxB(mW3R=+ZkeN3EnPSv<H^!RgW4My)jTAK{}_aX3<HPya7B{;Pq2;>(g~s
zfSML77lZL4?1u_fR4?a2zee~pG$!^3qG>KxQ5k?jWQX9C0UY3vh%YYUxmF{Kp%}y3
zEEb8DDnh9ha+VPkO_yWTXy4Ke89^h%v0xcwz_jfH(uBYvty(@2ZGak~seDqR-I`uZ
z!4gV2q?Alry%{sENf6_S<|v*p;<^yVp^EMnsRpH+Mibzb011swE?qyEQTkO;@z;#3
zyN;_Rg~((gC@)~WaFd3#3TXN`w4dS=lFc~6d^MhrxJxA_3oD)q&B0c~E7#Oq&CABB
zUWux)X-wweK!9_&T&`{sEcyYq5si>Cl#3R;plCHwqmm@yg43@?sB#DyY)H8@8)B-C
zMEc^$*CT6g-`%=u>sTA}eD3^F_V}SoKNd-LS^nytnO0@s<s14pv$l=e`D>y)G&bMq
z69N-AAAg>I^Z@P}yLP`}9eaFd|BHc7XN>W}o!K3o!>5-hl<=i}@2xKT`oHt{@IRYZ
z9hkF=Pv<^NO`luX*fntC@b@hp+j)G5yl|Od!PSRmmt=N*6Suu%u56rYJM9k+Z<?H7
zj`mNz3~8@MXZkMuNUj@S%s%Tn+4J?`+t+`8_Lz6uS9-3VN`T7j_=-Or(6%cdQwukk
Nv)<IS=ac<@<Ub5u8EOCk

diff --git a/secrets/network-information.age b/secrets/network-information.age
index 0de69b7ec6d1ce8f3a29567c6da2e54b876b8b17..bccc46735eca12b3df54c49a87ad179ac4d521ec 100644
GIT binary patch
literal 907
zcmZY7&&%6%0LO8hGG=jyJv(?9JY*mY)^$mfrcHN{HEokNX__W&(;xEzlQvDh&CljX
zze&e-dGw-(F@^2$xPzz%VP5^Q!@yl8;sd%(!5<9aLH0Q08RA9cQPk_Rf8g`t4IkCe
zbGkbTQa=Kod)5mKbeYfOUPi*u%;{5{B=cni*o3{3kRi&H*ixO-yrR^rvUJzSK~V8^
zd|@$tXO4?$6!@Z|NI1--a}Zh3O3XIbO1gYu#o(le+vZp-P6OJS!^SAJCLPyn!h>4g
zKoba&MgVv$9Wz9|ZsHD2$-Xk6*;U*De7;6g7_AS-m57vM*UM0rj*<0Rl3Hyvib+^s
zwFr4ByS7g21K!tc2L(e7^Es-2P|I30Fd?F`#IR8+rRGwQvyG4wAjl8Gp;u754ymsw
z%#dxv>Um+;%b)|Z-^2|*Di>UJVCl7BxJ=v$J`1_!!kJWL&UMY8Uk>L_wM{i%Z$N~O
z4b4Zr<v<l{P%b(l@3J&eL#I7-EI3RW6vry2RJa8#WwOkSQS*>QMT-iWrk`z#bTV6b
zEW_9=j3~2XCM%#-lo@rft-Ex?5F&{mD^;Z+a)4qfnOw$Q0eEH8lLt;b6T_-nPtBIV
ztAUASPzndcn1NCxcy4cAfHSqscYsk|^qZXLC?kuIY@aR!oOMu}YgnZvArs9_=Zi`^
z#AawU1U1yxt1%Y~+$>hxe6zXIrYKbs>k2-~0LkH!x+uk_8U(flRB<W|-Cnmp2^U$d
zM6bGDmL*7u`~M}m9HQ6$8-j&Fl^~jCN{V!V8<wua3Pbx<l`ur2I?~O6)I=|%$miGY
z4=)srt%qN{xA(05&h86eUUeRyy|usHDclv-j_ka+1CAeB-@ST#6#e$YGn-%CzI^nb
z-M!?M%^RZ=_jcZTqc6OBn4SJ~<>GUj?{A-Sex&yvoH_sfpBMD+etvuZ&5etX+8=1g
z+8du9y{CS1a_jW=%}0M9`S$ahuU>ny|NBUC50!uU`j5}<e6vG7f9myXw-(39kJcY<
htgpRx{mzxYeqGzjT`!(vZk!mkKED0oOP3x$`4`d-Nbvvw

literal 907
zcmZY4&8yo4003}hw+K!_dB_m5gD8ZWHffsV;2X(nzMH1$N16l`(|k8=(llw3<}mOy
za3b<<o9@Xj;@CkZ%2Yh4Fkvw9;y^{m4l*~9p&)`E@bvur3x518-)*?Dz22_!Fo~Z{
z);?UcfW|JEWkJJr5DaUPV7NdRwF>$*mQU<<Mu$Nb%nflK@hv^qP^w+aP`+9&$hy$g
zbv|Tdz#_CD9tJ|cDaQH~$0n#b=?|<(9XoTi4<W-WP}ZYZ-j@DRt>wd2S%Ut05(o~u
z9E5TOL#Yq<ePm<ksw)j<Eal*(P;Kx@Cru*(s9c{_@NLLgI3g4yq0(&yU91UXXgV&F
zENn^?$&Ni(PN}0B6#dsJL7auigdVZsMl^I3Pmz}2nZ}+n)@)WBhl^NV2lJjT&3Oip
z*cqkRF#>U!J6)2=Y#NSD#8kK4I+Rx`=XNQ>Bnny6|95j{lFOH17v*D$qieLy>xu3J
z&=AHE7#`rraO^L85}W&o8<Oo>%>ZpLii3W|CndwIe3ta8f>$c7O-8zvIa0E+N<Yw@
zrpOsbZ=)j4vJ#YY#vaA9X2c~F>r_q=BLVIUthcbUnj!o$sZ|nNz}eOS_8bx8y9BN<
zaMz^xHe+*GyYl@0sOu;-o}*DpxSS_jTyj*K&ze+E1(&iz;l1&k8+lB*rA5yr$|*^0
zD7qCGZIg9bJf($x!D~%Gh0HwNE6^0}SUi-X>&|R!leljbEYlh`vm`bmbTqa-yA3oN
z4Um@*L?euu+Klwg+)Jya*c;QS3tNJSNz!JE5fNm~3ISn&M>p?XetADX{?g9fQ!f_Z
zJpXq7<mn-F4Ak5&p7{IDyNBm$rTG2)!Gk*|KJZRY4in(umeTm^vi`>XSHAx_FR#)k
zy;GOeiyh)Qlsc0<_BH*PaN@@shX+FZ>QmpEAK!ey`z1arvnSKzZ<XKOxbXQqlYjQE
z{CfV%Gp{}T$qToy|8eQs{uz!jU;pXLgQpi~&)tiz-ud(Ko7V0l`#-$Dd*RsT!;j1)
Sy^dUbXy^V{Z~nGQKK&OoUPAf+

diff --git a/secrets/pihole.age b/secrets/pihole.age
index babead9..dfe146e 100644
--- a/secrets/pihole.age
+++ b/secrets/pihole.age
@@ -1,15 +1,15 @@
 age-encryption.org/v1
--> ssh-ed25519 il3lzQ Q+/uqZhUWs5pb5T1ocD+/qTSo4DJbd/W1exruQ34zAE
-8HFRvEblGVrkoVaqAl/Af6wrDn6A+3unZIMBipEkwgA
--> ssh-ed25519 1g/xww PqXxTvLaF6ZlcVov81VrVH130jFh2iGmHPRtBYV4ME4
-1VBknQzaNZyoz2wvgKX+IZGaOEnJ1xGvxPYxq10ar/U
--> ssh-ed25519 +kBihw QXNxY9OQeIM98OqmHoa/S2kMZqSX+ndgxGyCJpHJ+gg
-b3DmfUswyPQ09sp57v3QMNEF/Ka3w9Qj2s1kGUSinmQ
--> ssh-ed25519 dbKeHw 5GzjKgjUX5e6Net7voWBykC17zRcdSFDFbDsSwp5FAU
-GwTEg3YR9HdcQHPg+XjP2Lg1BpcWA4VunbZSBdxVaYU
--> ssh-ed25519 Svnssw imRjD5CJu/jOac3t/APHbYBnsyJVQdebR6K52A6GdwM
-n+Q9kEEkYRBuEzWlSwbjJNsjF8uKloeUEWYxHa29B4U
--> ssh-ed25519 jb0ALQ 4qbGIofHcyhJVfL24peGqqzg0tFdxbWBHJFenwehIAI
-Ta3ye4quyHvvE+2CGZwYvQMwWfdrLIdqADLvJYhllPY
---- 3hbht7PYqFafVmcQWQwv3q2gUXM8HXajtmAaMnrh59s
-+óX9ð¾84R2ƒª,òôˆ±¨(#42ì#*,	bùôŒç¦½Hã_z…œ…¨Í}ß… ®ë›xñ‚7Aœ!)ê)vÊžÂ¨¨•W-÷¿eX-G‡<´¸@~â¢èEÜk¬?kG‘lQK¬4c&*JöÂå9V_Ä0ÕöÂµzÓ+É°Â¯CÞÑžÀQ°ò«ÃGô§XÁ˜k¡g*£æð-Àjƒö¼‚l½ú3¿‰1ÏJš´üM·OE†[=S
\ No newline at end of file
+-> ssh-ed25519 il3lzQ QKUv2QtA6XAVZMc/RET+iJp/IgChWjPnttkT00YNkgo
+8wS1EJ6+H+1++dyzEGoq7B7JT7G4wg/NDSNRxDPoRdQ
+-> ssh-ed25519 1g/xww I/jn9oDI27fOq7Pf4aMIe10IJUiLz45KQfxbwoV2Yl8
+guK9G+fDLoVxO21YvDeZa14H0gOpm5ma3s+1r7VF77U
+-> ssh-ed25519 +kBihw 6uyyp7Jg70FDmlC8Sos+GY/PKPS3QQKR0p1ofODQmC4
+aQDzLv9H54Ucsa3tiVHWhxkV1F83fwNTXIt8k4V5ngs
+-> ssh-ed25519 dbKeHw CPQh63MLby86GqOiZv8sxD6qMezQj17fCPLjigCMG0A
+OgcvqThhfSUelRy2WZ5eALyJ8uQft8gYdbMuySUi+Ko
+-> ssh-ed25519 Svnssw VAK1KKUe7aMf/Rj5r5KnjeobG1JZQXKzNWXjuXpgRyc
+Udegl2sZBsVUhN+XwlfSbC1HrKu05uZolm8dsQberuU
+-> ssh-ed25519 jb0ALQ M6bx55Kzp4VtQUTq6vkg31JXfew8E+QqHAuXVjFLrxw
+wmoYs4tGa56+GuY4r0RtTfXpxW9XTqC2YJlmGsVEHIY
+--- wzjCBOS1iGnQe8ZPgaKTs7PZvI0TnRZd11eL7yoaWL0
+Áœ$ÇØ€ìr¨—zäG¤MÅ}(^M„¢Ø*ýüóµlQÌ¢*˜U€-f—±ÀØ7‡C—c/“9~ç»:$ZS²½R¤É@ë]htC7y1gÊaîCÐÖM¸˜÷”òíô!ÝÚ*1ËB‡{þí> º®‹o¿â”BN¼&§€ƒ¤ ø¼Ã®±W_és7&ú±:ÑLKæé¯µOfäÞåï×­Nû1!Vt;QÃÙBg…†ƒRêÏy1çjÿ(hvÃ
\ No newline at end of file
diff --git a/secrets_file.enc b/secrets_file.enc
index 20df784..33fcb27 100644
--- a/secrets_file.enc
+++ b/secrets_file.enc
@@ -1,10 +1,8 @@
 $ANSIBLE_VAULT;1.1;AES256
-65366137313461383534313965646333656565353061336361363661613033393264353661346337
-3838653162383134393463323631613439373663396363380a633339396236363962313333343465
-31623961393532666136616438633734366261353866383264323730383432326635626637343739
-3235313062623637380a386235316437396534353261383832643165316565386263396664363962
-62393364333335373631356161373263313930343565626433383539373030363662353630633933
-63336333613965653635313637336437653139616564313861336332323739653865383531356233
-31373530343766343131346663656566363038643230343462336332323135323337353539303763
-33366638393064323431323636346161343936643062323861313766613264336465326132333631
-33306666383561653965303539313366653030663330393363363565333439383133
+33613635643765623937663135313833396162343134383466343966333964386364356134663264
+3137633339396462633431316634623834646437646162360a626564313831373761636161656232
+35316566336232666336646231356665366633303530623961666465366163306166623336656364
+3835353035333031620a633332376237336530343134623832363534383761616564616138363766
+30306361383462353361636161636335313461313835663362393839623735313738316465656537
+66396635323432376530346532353238346139376261366237343763373535623364633731323830
+333730373965613131336166626230333263
diff --git a/secrets_odyssey.enc b/secrets_odyssey.enc
index fba7129..a7a96da 100644
--- a/secrets_odyssey.enc
+++ b/secrets_odyssey.enc
@@ -1,6 +1,9 @@
 $ANSIBLE_VAULT;1.1;AES256
-30343638643335363463653231623566623961613534323261393639623865633964653634333562
-3838613035393661656362383736313561366466396439390a383162366362643364636335613664
-39646137666437353762363764373562393736626530333336626261366232383063633732623238
-6531633638366335640a363461383535646663316533386137323966326237373836363561323462
-66646635383137333834363165666365366235333734646364616637383363666239
+61363033383536303833366237323662663236313163663033306138383162383062643830616466
+6531636430613462646161343939343363663533373737340a613433363666353432383463356439
+33656266633131336565613433653062656563656637656464346232656238646339303961373265
+6639643637303433380a393163366331373964353261383662656664643031626432366231346332
+34303964346137616233343930333331306363326332383465653163386539306430303965316437
+30343333373565623431653436653832356366343937653136346535316166383262623730343831
+62376532346237323465653261316339353034323633623632313630666531373839633665333637
+34356162356565396564
diff --git a/systems/darwin/corianne.nix b/systems/darwin/corianne.nix
index db34258..66a74b8 100644
--- a/systems/darwin/corianne.nix
+++ b/systems/darwin/corianne.nix
@@ -15,6 +15,8 @@ in {
     rig-install
   ];
 
+  age.secrets.firefox-policy.file = ./../../secrets/darwin-policies-json.age;
+
   # Use a custom configuration.nix location.
   # $ darwin-rebuild switch -I darwin-config=$HOME/.config/nixpkgs/darwin/configuration.nix
   environment.darwinConfig = "$HOME/.config/home-manager/configuration.nix";
@@ -130,6 +132,11 @@ in {
                     --user=${config.system.primaryUser} \
                     --set-home \
                     _rig-install ${r-version}
+
+      echo "Applying custom defaults..."
+      /usr/bin/defaults import \
+            /Library/Preferences/org.mozilla.firefox \
+            ${config.age.secrets.firefox-policy.path}
   '';
 
   nix.settings.experimental-features = [ "nix-command" "flakes" ];

From 71a086d07e3372078a739ed80cba6cb5b4ac6e15 Mon Sep 17 00:00:00 2001
From: "Thomas A. Christensen II" <25492070+MillironX@users.noreply.github.com>
Date: Thu, 13 Nov 2025 14:36:53 -0600
Subject: [PATCH 2/2] dock (corianne): Remove unavailable Chromium PWAs

---
 systems/darwin/corianne.nix | 2 --
 1 file changed, 2 deletions(-)

diff --git a/systems/darwin/corianne.nix b/systems/darwin/corianne.nix
index 66a74b8..582ffdf 100644
--- a/systems/darwin/corianne.nix
+++ b/systems/darwin/corianne.nix
@@ -76,8 +76,6 @@ in {
       (sysApp "Logseq")
       (sysApp "Zed")
       (sysApp "Steam")
-      (chromeApp "Instinct Dashboard")
-      (chromeApp "Carestream")
     ];
     show-process-indicators = true;
     show-recents = false;