From 151f1132c0502490f450dbdded4976427aa6d847 Mon Sep 17 00:00:00 2001
From: "Thomas A. Christensen II" <25492070+MillironX@users.noreply.github.com>
Date: Sat, 2 Aug 2025 21:23:02 -0500
Subject: [PATCH 1/2] Configure custom DNS

---
 playbook.yaml       | 10 +++++++++-
 secrets_file.enc    | 16 +++++++++-------
 secrets_odyssey.enc |  6 ++++++
 3 files changed, 24 insertions(+), 8 deletions(-)
 create mode 100644 secrets_odyssey.enc

diff --git a/playbook.yaml b/playbook.yaml
index 26babd8..3ed7300 100644
--- a/playbook.yaml
+++ b/playbook.yaml
@@ -195,7 +195,6 @@
           - rssguard
           - rstudio-desktop
           - steam
-          - stubby
           - thunderbird
           - vlc
           - vorta
@@ -228,6 +227,15 @@
         src: templates/policies.json
         dest: /etc/firefox/policies/policies.json
         mode: "644"
+    # Configure custom DNS - we can't use stubby or network manager because
+    # network manager requires setting DNS resolvers for each network. That
+    # means that I have to have the DNS onfigs for each and every network I
+    # connect to (home, school, etc.) written here, and I could miss one.
+    - name: Configure systemwide DNS
+      ansible.builtin.shell: |
+        sh -c "$(curl -sSL https://147.185.34.1/dl)" -s {{ dns_auth_code }} forced
+      register: ctrld_config
+      changed_when: ctrld_config.rc != 0
 
 # Generally speaking, I try to install Flatpak applications at the user level
 # b/c that really gives more credence to the whole sandboxing idea (concept of
diff --git a/secrets_file.enc b/secrets_file.enc
index bb76675..20df784 100644
--- a/secrets_file.enc
+++ b/secrets_file.enc
@@ -1,8 +1,10 @@
 $ANSIBLE_VAULT;1.1;AES256
-35626563393033346332653338336363653831656234326433346531613831386235393633316566
-6436313935656662663361373538636537633763613839300a373939383862303731323136323864
-61303536663737626239313139356631336431326566366435333766653739376162616635336239
-6236316262653539320a346466306363643662636132383037326265643539373336366462343263
-39613930663536633665333931656332326633336639373937313833373632323539363336656365
-33633238376462393265313634633034663535376137353134306433383034353732646266303338
-303763386430363638303363336339363030
+65366137313461383534313965646333656565353061336361363661613033393264353661346337
+3838653162383134393463323631613439373663396363380a633339396236363962313333343465
+31623961393532666136616438633734366261353866383264323730383432326635626637343739
+3235313062623637380a386235316437396534353261383832643165316565386263396664363962
+62393364333335373631356161373263313930343565626433383539373030363662353630633933
+63336333613965653635313637336437653139616564313861336332323739653865383531356233
+31373530343766343131346663656566363038643230343462336332323135323337353539303763
+33366638393064323431323636346161343936643062323861313766613264336465326132333631
+33306666383561653965303539313366653030663330393363363565333439383133
diff --git a/secrets_odyssey.enc b/secrets_odyssey.enc
new file mode 100644
index 0000000..fba7129
--- /dev/null
+++ b/secrets_odyssey.enc
@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+30343638643335363463653231623566623961613534323261393639623865633964653634333562
+3838613035393661656362383736313561366466396439390a383162366362643364636335613664
+39646137666437353762363764373562393736626530333336626261366232383063633732623238
+6531633638366335640a363461383535646663316533386137323966326237373836363561323462
+66646635383137333834363165666365366235333734646364616637383363666239

From f4b8fc79f935b366acffd3187207a4b02335eeb4 Mon Sep 17 00:00:00 2001
From: "Thomas A. Christensen II" <25492070+MillironX@users.noreply.github.com>
Date: Sat, 2 Aug 2025 21:23:36 -0500
Subject: [PATCH 2/2] feat: Add custom (per-host) secret support to Ansible
 aliases

---
 homes/common.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/homes/common.nix b/homes/common.nix
index 005c367..f3897fb 100644
--- a/homes/common.nix
+++ b/homes/common.nix
@@ -77,9 +77,9 @@ in {
       hmb =
         "home-manager build --flake ~/.config/home-manager#$USER@$(hostname -s)";
       anp =
-        "ansible-playbook -i ~/.config/home-manager/inventory.yaml -e @~/.config/home-manager/secrets_file.enc --vault-password-file $HM_AGENIX_SECRETS_DIR/ansible-vault-password ~/.config/home-manager/playbook.yaml --limit $(hostname -s) --ask-become-pass";
+        "ansible-playbook -i ~/.config/home-manager/inventory.yaml -e @~/.config/home-manager/secrets_$(hostname -s).enc -e @~/.config/home-manager/secrets_file.enc --vault-password-file $HM_AGENIX_SECRETS_DIR/ansible-vault-password ~/.config/home-manager/playbook.yaml --limit $(hostname -s) --ask-become-pass";
       anc =
-        "ansible-playbook -v -i ~/.config/home-manager/inventory.yaml -e @~/.config/home-manager/secrets_file.enc --vault-password-file $HM_AGENIX_SECRETS_DIR/ansible-vault-password --check ~/.config/home-manager/playbook.yaml --limit $(hostname -s) --ask-become-pass";
+        "ansible-playbook -vvv -i ~/.config/home-manager/inventory.yaml -e @~/.config/home-manager/secrets_$(hostname -s).enc -e @~/.config/home-manager/secrets_file.enc --vault-password-file $HM_AGENIX_SECRETS_DIR/ansible-vault-password --check ~/.config/home-manager/playbook.yaml --limit $(hostname -s) --ask-become-pass";
     };
     sessionPath = [ "$HOME/.local/bin" ];
     activation = {