stuff

2025-07-14 21:18:44 +02:00 · 2025-07-14 21:18:44 +02:00 · 79792e5a76
commit 79792e5a76
parent 3f6dafe073
24 changed files with 143 additions and 101 deletions
--- a/common/syncthing.nix
+++ b/common/syncthing.nix
@ -1,14 +0,0 @@
-{ config, ... }:
-let
-  inherit (config.networking) hostName;
-in
-{
-  services.syncthing = {
-    enable = true;
-    systemService = true;
-    openDefaultPorts = true;
-    guiAddress = "${hostName}.tailnet.helveticanonstandard.net:4000";
-    overrideDevices = false;
-    overrideFolders = false;
-  };
-}
--- a/common/tailscale.nix
+++ b/common/tailscale.nix
@ -1,12 +0,0 @@
-{ config, ... }:
-{
-  services.tailscale = {
-    enable = true;
-    openFirewall = true;
-    useRoutingFeatures = "both"; # TODO
-  };
-
-  networking.firewall.trustedInterfaces = [
-    config.services.tailscale.interfaceName
-  ];
-}
--- a/common/users.nix
+++ b/common/users.nix
@ -1,29 +1,6 @@
 {
-  inputs,
-  config,
-  ...
-}:
-let
-  inherit (config.users) mainUser;
-in
-{
-  age.secrets."user-${mainUser}".file = inputs.self + /secrets/users/${mainUser}.age;
-
  users = {
    mutableUsers = false;
-
-    mainUser = "helvetica";
-
-    users = {
-      root.hashedPassword = "!";
-      ${mainUser} = {
-        description = "Helvetica";
-        uid = 1000;
-        isNormalUser = true;
-        hashedPasswordFile = config.age.secrets."user-${mainUser}".path;
-        openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
-        extraGroups = [ "wheel" ]; # TODO remove
-      };
-    };
+    users.root.hashedPassword = "!";
  };
 }
--- a/hosts/abacus/profiles.nix
+++ b/hosts/abacus/profiles.nix
@ -1,3 +1,6 @@
 {
-  profiles.server.enable = true;
+  profiles = {
+    server.enable = true;
+    trusted.enable = true;
+  };
 }
--- a/hosts/abacus/static-sites.nix
+++ b/hosts/abacus/static-sites.nix
@ -1,5 +1,4 @@
 {
-  config,
  lib,
  ...
 }:
@ -25,7 +24,7 @@ lib.mkMerge (
      };

      systemd.tmpfiles.settings."10-static-sites".${root}.d = {
-        user = config.users.mainUser;
+        user = "helvetica";
        group = "users";
        mode = "0755";
      };
--- a/hosts/abacus/users.nix
+++ b/hosts/abacus/users.nix
@ -0,0 +1,13 @@
+{ config, inputs, ... }:
+{
+  age.secrets.user-helvetica.file = inputs.self + /secrets/users/helvetica.age;
+
+  users.users.helvetica = {
+    description = "Helvetica";
+    uid = 1000;
+    isNormalUser = true;
+    hashedPasswordFile = config.age.secrets.user-helvetica.path;
+    openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
+    extraGroups = [ "wheel" ]; # TODO remove
+  };
+}
--- a/hosts/flamingo/profiles.nix
+++ b/hosts/flamingo/profiles.nix
@ -6,5 +6,6 @@
    gaming.enable = true;
    piracy.enable = true;
    productivity.enable = true;
+    trusted.enable = true;
  };
 }
--- a/hosts/flamingo/users.nix
+++ b/hosts/flamingo/users.nix
@ -0,0 +1,13 @@
+{ config, inputs, ... }:
+{
+  age.secrets.user-helvetica.file = inputs.self + /secrets/users/helvetica.age;
+
+  users.users.helvetica = {
+    description = "Helvetica";
+    uid = 1000;
+    isNormalUser = true;
+    hashedPasswordFile = config.age.secrets.user-helvetica.path;
+    openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
+    extraGroups = [ "wheel" ]; # TODO remove
+  };
+}
--- a/hosts/glacier/beets.nix
+++ b/hosts/glacier/beets.nix
@ -0,0 +1,6 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = [
+    pkgs.beets
+  ];
+}
--- a/hosts/glacier/profiles.nix
+++ b/hosts/glacier/profiles.nix
@ -6,5 +6,6 @@
    gaming.enable = true;
    piracy.enable = true;
    productivity.enable = true;
+    trusted.enable = true;
  };
 }
--- a/hosts/glacier/users.nix
+++ b/hosts/glacier/users.nix
@ -1,8 +1,13 @@
+{ config, inputs, ... }:
 {
-  users.users.futura = {
-    description = "Futura";
-    uid = 1001;
+  age.secrets.user-helvetica.file = inputs.self + /secrets/users/helvetica.age;
+
+  users.users.helvetica = {
+    description = "Helvetica";
+    uid = 1000;
    isNormalUser = true;
-    password = "futura";
+    hashedPasswordFile = config.age.secrets.user-helvetica.path;
+    openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
+    extraGroups = [ "wheel" ]; # TODO remove
  };
 }
--- a/hosts/insomniac/autologin.nix
+++ b/hosts/insomniac/autologin.nix
--- a/hosts/insomniac/users.nix
+++ b/hosts/insomniac/users.nix
@ -1,14 +1,14 @@
 {
  config,
-  lib,
  ...
 }:
-let
-  inherit (config.users) mainUser;
-in
 {
-  users = {
-    mainUser = lib.mkForce "insomniac";
-    users.${mainUser}.description = lib.mkForce "Insomniac";
+  users.users.helvetica = {
+    description = "Insomniac";
+    uid = 1000;
+    isNormalUser = true;
+    password = "";
+    openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
+    extraGroups = [ "wheel" ]; # TODO remove
  };
 }
--- a/hosts/vessel/profiles.nix
+++ b/hosts/vessel/profiles.nix
@ -1,3 +1,6 @@
 {
-  profiles.server.enable = true;
+  profiles = {
+    server.enable = true;
+    trusted.enable = true;
+  };
 }
--- a/hosts/vessel/users.nix
+++ b/hosts/vessel/users.nix
@ -0,0 +1,13 @@
+{ config, inputs, ... }:
+{
+  age.secrets.user-helvetica.file = inputs.self + /secrets/users/helvetica.age;
+
+  users.users.helvetica = {
+    description = "Helvetica";
+    uid = 1000;
+    isNormalUser = true;
+    hashedPasswordFile = config.age.secrets.user-helvetica.path;
+    openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
+    extraGroups = [ "wheel" ]; # TODO remove
+  };
+}
--- a/hosts/work/users.nix
+++ b/hosts/work/users.nix
@ -1,14 +1,13 @@
+{ config, inputs, ... }:
 {
-  config,
-  lib,
-  ...
-}:
-let
-  inherit (config.users) mainUser;
-in
-{
-  users = {
-    mainUser = lib.mkForce "lukas";
-    users.${mainUser}.description = lib.mkForce "Lukas Wurzinger";
+  age.secrets.user-lukas.file = inputs.self + /secrets/users/helvetica.age;
+
+  users.users.lukas = {
+    description = "Lukas Wurzinger";
+    uid = 1000;
+    isNormalUser = true;
+    hashedPasswordFile = config.age.secrets.user-lukas.path;
+    openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
+    extraGroups = [ "wheel" ]; # TODO remove
  };
 }
--- a/modules/main-user.nix
+++ b/modules/main-user.nix
@ -1,14 +0,0 @@
-{ lib, ... }:
-let
-  inherit (lib) types;
-in
-{
-  options = {
-    users.mainUser = lib.mkOption {
-      type = types.passwdEntry types.str;
-      description = ''
-        The main user.
-      '';
-    };
-  };
-}
--- a/profiles/desktop/cosmic.nix
+++ b/profiles/desktop/cosmic.nix
@ -2,6 +2,7 @@
  config,
  lib,
  inputs,
+  pkgs,
  ...
 }:
 let
@ -24,6 +25,11 @@ in
      displayManager.cosmic-greeter.enable = true;
    };

+    environment.cosmic.excludePackages = [
+      pkgs.cosmic-edit
+      pkgs.cosmic-player
+    ];
+
    environment.sessionVariables.COSMIC_DATA_CONTROL_ENABLED = 1;
  };
 }
--- a/profiles/desktop/mpv.nix
+++ b/profiles/desktop/mpv.nix
@ -0,0 +1,6 @@
+{ inputs, pkgs, ... }:
+{
+  environment.systemPackages = [
+    inputs.mympv.packages.${pkgs.system}.default
+  ];
+}
--- a/profiles/trusted/default.nix
+++ b/profiles/trusted/default.nix
@ -0,0 +1,6 @@
+{ lib, ... }:
+{
+  options.profiles.trusted = {
+    enable = lib.mkEnableOption "trusted";
+  };
+}
--- a/profiles/trusted/syncthing.nix
+++ b/profiles/trusted/syncthing.nix
@ -0,0 +1,21 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  cfg = config.profiles.trusted;
+  inherit (config.networking) hostName;
+in
+{
+  config = lib.mkIf cfg.enable {
+    services.syncthing = {
+      enable = true;
+      systemService = true;
+      openDefaultPorts = true;
+      guiAddress = "${hostName}.tailnet.helveticanonstandard.net:4000";
+      overrideDevices = false;
+      overrideFolders = false;
+    };
+  };
+}
--- a/profiles/trusted/tailscale.nix
+++ b/profiles/trusted/tailscale.nix
@ -0,0 +1,21 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  cfg = config.profiles.trusted;
+in
+{
+  config = lib.mkIf cfg.enable {
+    services.tailscale = {
+      enable = true;
+      openFirewall = true;
+      useRoutingFeatures = "both"; # TODO
+    };
+
+    networking.firewall.trustedInterfaces = [
+      config.services.tailscale.interfaceName
+    ];
+  };
+}
--- a/secrets/users/insomniac.age
+++ b/secrets/users/insomniac.age
@ -1,11 +0,0 @@
-age-encryption.org/v1
-> ssh-ed25519 SFHVrw VvRWN857MXOUqUqMIAv3OCgUp7zIJgOmCDhibsfR4BM
-pOwTtL357S/fuJK2n5RAKBBcCcL+tnMqt/n7o5BX/nI
-> ssh-ed25519 S+dwQQ h5Hf+yOK61iARFKtI3BvGfUuesU7JfBG73xg2OfNO3w
-9a/WN5wQZ4T7ar9GD5iCjw1E9k8FafdcQCt78f3PmzE
-> ssh-ed25519 bPbvlw eeS4sFLhm/5pyPvc4A23iZY7Yx6Rr1DeZve3NmjaDyM
-ZFQZDhcqMjWrncTFS/URGcOXdK/xMpbprpetdsE7gI0
-> ssh-ed25519 8l76Rg rZlqjtuvCJthjPQ+uF7SBlz6gSioCXdmUO330IuheD0
-p85nindSGaWqthF7y/t7jLpkA1tlOIunuJcB1Jsjk00
--- BTcCQGFBm3QhL0W+aW8Z+w85VVtcmezgBVafqt5DS5c
-¸lK?tÉgl <6C>áaÈCÄKßÍ°Ó¡èÏœÖj€ZN¨‡@n§´«×XæYÕ}ù“TÎÝ
×Ø°äx·F–á£s<	O«Ñù™övs6ï~IÃü së}7sÃžÃãZ‘C@
--- a/secrets/users/lukas.age
+++ b/secrets/users/lukas.age