diff --git a/common/syncthing.nix b/common/syncthing.nix deleted file mode 100644 index 647ee15..0000000 --- a/common/syncthing.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, ... }: -let - inherit (config.networking) hostName; -in -{ - services.syncthing = { - enable = true; - systemService = true; - openDefaultPorts = true; - guiAddress = "${hostName}.tailnet.helveticanonstandard.net:4000"; - overrideDevices = false; - overrideFolders = false; - }; -} diff --git a/common/tailscale.nix b/common/tailscale.nix deleted file mode 100644 index 915d195..0000000 --- a/common/tailscale.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, ... }: -{ - services.tailscale = { - enable = true; - openFirewall = true; - useRoutingFeatures = "both"; # TODO - }; - - networking.firewall.trustedInterfaces = [ - config.services.tailscale.interfaceName - ]; -} diff --git a/common/users.nix b/common/users.nix index c20abcb..28567a3 100644 --- a/common/users.nix +++ b/common/users.nix @@ -1,29 +1,6 @@ { - inputs, - config, - ... -}: -let - inherit (config.users) mainUser; -in -{ - age.secrets."user-${mainUser}".file = inputs.self + /secrets/users/${mainUser}.age; - users = { mutableUsers = false; - - mainUser = "helvetica"; - - users = { - root.hashedPassword = "!"; - ${mainUser} = { - description = "Helvetica"; - uid = 1000; - isNormalUser = true; - hashedPasswordFile = config.age.secrets."user-${mainUser}".path; - openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users; - extraGroups = [ "wheel" ]; # TODO remove - }; - }; + users.root.hashedPassword = "!"; }; } diff --git a/hosts/abacus/profiles.nix b/hosts/abacus/profiles.nix index 92e505a..c8eb6b6 100644 --- a/hosts/abacus/profiles.nix +++ b/hosts/abacus/profiles.nix @@ -1,3 +1,6 @@ { - profiles.server.enable = true; + profiles = { + server.enable = true; + trusted.enable = true; + }; } diff --git a/hosts/abacus/static-sites.nix b/hosts/abacus/static-sites.nix index b47d33a..bbd88f4 100644 --- a/hosts/abacus/static-sites.nix +++ b/hosts/abacus/static-sites.nix @@ -1,5 +1,4 @@ { - config, lib, ... }: @@ -25,7 +24,7 @@ lib.mkMerge ( }; systemd.tmpfiles.settings."10-static-sites".${root}.d = { - user = config.users.mainUser; + user = "helvetica"; group = "users"; mode = "0755"; }; diff --git a/hosts/abacus/users.nix b/hosts/abacus/users.nix new file mode 100644 index 0000000..cd7a56d --- /dev/null +++ b/hosts/abacus/users.nix @@ -0,0 +1,13 @@ +{ config, inputs, ... }: +{ + age.secrets.user-helvetica.file = inputs.self + /secrets/users/helvetica.age; + + users.users.helvetica = { + description = "Helvetica"; + uid = 1000; + isNormalUser = true; + hashedPasswordFile = config.age.secrets.user-helvetica.path; + openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users; + extraGroups = [ "wheel" ]; # TODO remove + }; +} diff --git a/hosts/flamingo/profiles.nix b/hosts/flamingo/profiles.nix index cf3a004..b90db95 100644 --- a/hosts/flamingo/profiles.nix +++ b/hosts/flamingo/profiles.nix @@ -6,5 +6,6 @@ gaming.enable = true; piracy.enable = true; productivity.enable = true; + trusted.enable = true; }; } diff --git a/hosts/flamingo/users.nix b/hosts/flamingo/users.nix new file mode 100644 index 0000000..cd7a56d --- /dev/null +++ b/hosts/flamingo/users.nix @@ -0,0 +1,13 @@ +{ config, inputs, ... }: +{ + age.secrets.user-helvetica.file = inputs.self + /secrets/users/helvetica.age; + + users.users.helvetica = { + description = "Helvetica"; + uid = 1000; + isNormalUser = true; + hashedPasswordFile = config.age.secrets.user-helvetica.path; + openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users; + extraGroups = [ "wheel" ]; # TODO remove + }; +} diff --git a/hosts/glacier/beets.nix b/hosts/glacier/beets.nix new file mode 100644 index 0000000..2470a61 --- /dev/null +++ b/hosts/glacier/beets.nix @@ -0,0 +1,6 @@ +{ pkgs, ... }: +{ + environment.systemPackages = [ + pkgs.beets + ]; +} diff --git a/hosts/glacier/profiles.nix b/hosts/glacier/profiles.nix index fbd110f..be95c47 100644 --- a/hosts/glacier/profiles.nix +++ b/hosts/glacier/profiles.nix @@ -6,5 +6,6 @@ gaming.enable = true; piracy.enable = true; productivity.enable = true; + trusted.enable = true; }; } diff --git a/hosts/glacier/users.nix b/hosts/glacier/users.nix index 2ad58bc..cd7a56d 100644 --- a/hosts/glacier/users.nix +++ b/hosts/glacier/users.nix @@ -1,8 +1,13 @@ +{ config, inputs, ... }: { - users.users.futura = { - description = "Futura"; - uid = 1001; + age.secrets.user-helvetica.file = inputs.self + /secrets/users/helvetica.age; + + users.users.helvetica = { + description = "Helvetica"; + uid = 1000; isNormalUser = true; - password = "futura"; + hashedPasswordFile = config.age.secrets.user-helvetica.path; + openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users; + extraGroups = [ "wheel" ]; # TODO remove }; } diff --git a/hosts/insomniac/cosmic.nix b/hosts/insomniac/autologin.nix similarity index 100% rename from hosts/insomniac/cosmic.nix rename to hosts/insomniac/autologin.nix diff --git a/hosts/insomniac/users.nix b/hosts/insomniac/users.nix index 1d93475..396510e 100644 --- a/hosts/insomniac/users.nix +++ b/hosts/insomniac/users.nix @@ -1,14 +1,14 @@ { config, - lib, ... }: -let - inherit (config.users) mainUser; -in { - users = { - mainUser = lib.mkForce "insomniac"; - users.${mainUser}.description = lib.mkForce "Insomniac"; + users.users.helvetica = { + description = "Insomniac"; + uid = 1000; + isNormalUser = true; + password = ""; + openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users; + extraGroups = [ "wheel" ]; # TODO remove }; } diff --git a/hosts/vessel/profiles.nix b/hosts/vessel/profiles.nix index 92e505a..c8eb6b6 100644 --- a/hosts/vessel/profiles.nix +++ b/hosts/vessel/profiles.nix @@ -1,3 +1,6 @@ { - profiles.server.enable = true; + profiles = { + server.enable = true; + trusted.enable = true; + }; } diff --git a/hosts/vessel/users.nix b/hosts/vessel/users.nix new file mode 100644 index 0000000..cd7a56d --- /dev/null +++ b/hosts/vessel/users.nix @@ -0,0 +1,13 @@ +{ config, inputs, ... }: +{ + age.secrets.user-helvetica.file = inputs.self + /secrets/users/helvetica.age; + + users.users.helvetica = { + description = "Helvetica"; + uid = 1000; + isNormalUser = true; + hashedPasswordFile = config.age.secrets.user-helvetica.path; + openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users; + extraGroups = [ "wheel" ]; # TODO remove + }; +} diff --git a/hosts/work/users.nix b/hosts/work/users.nix index 078acbf..8d585f2 100644 --- a/hosts/work/users.nix +++ b/hosts/work/users.nix @@ -1,14 +1,13 @@ +{ config, inputs, ... }: { - config, - lib, - ... -}: -let - inherit (config.users) mainUser; -in -{ - users = { - mainUser = lib.mkForce "lukas"; - users.${mainUser}.description = lib.mkForce "Lukas Wurzinger"; + age.secrets.user-lukas.file = inputs.self + /secrets/users/helvetica.age; + + users.users.lukas = { + description = "Lukas Wurzinger"; + uid = 1000; + isNormalUser = true; + hashedPasswordFile = config.age.secrets.user-lukas.path; + openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users; + extraGroups = [ "wheel" ]; # TODO remove }; } diff --git a/modules/main-user.nix b/modules/main-user.nix deleted file mode 100644 index 4123a80..0000000 --- a/modules/main-user.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ lib, ... }: -let - inherit (lib) types; -in -{ - options = { - users.mainUser = lib.mkOption { - type = types.passwdEntry types.str; - description = '' - The main user. - ''; - }; - }; -} diff --git a/profiles/desktop/cosmic.nix b/profiles/desktop/cosmic.nix index 8857cc5..4e7335b 100644 --- a/profiles/desktop/cosmic.nix +++ b/profiles/desktop/cosmic.nix @@ -2,6 +2,7 @@ config, lib, inputs, + pkgs, ... }: let @@ -24,6 +25,11 @@ in displayManager.cosmic-greeter.enable = true; }; + environment.cosmic.excludePackages = [ + pkgs.cosmic-edit + pkgs.cosmic-player + ]; + environment.sessionVariables.COSMIC_DATA_CONTROL_ENABLED = 1; }; } diff --git a/profiles/desktop/mpv.nix b/profiles/desktop/mpv.nix new file mode 100644 index 0000000..4589648 --- /dev/null +++ b/profiles/desktop/mpv.nix @@ -0,0 +1,6 @@ +{ inputs, pkgs, ... }: +{ + environment.systemPackages = [ + inputs.mympv.packages.${pkgs.system}.default + ]; +} diff --git a/profiles/trusted/default.nix b/profiles/trusted/default.nix new file mode 100644 index 0000000..6dabd50 --- /dev/null +++ b/profiles/trusted/default.nix @@ -0,0 +1,6 @@ +{ lib, ... }: +{ + options.profiles.trusted = { + enable = lib.mkEnableOption "trusted"; + }; +} diff --git a/profiles/trusted/syncthing.nix b/profiles/trusted/syncthing.nix new file mode 100644 index 0000000..680bde8 --- /dev/null +++ b/profiles/trusted/syncthing.nix @@ -0,0 +1,21 @@ +{ + config, + lib, + ... +}: +let + cfg = config.profiles.trusted; + inherit (config.networking) hostName; +in +{ + config = lib.mkIf cfg.enable { + services.syncthing = { + enable = true; + systemService = true; + openDefaultPorts = true; + guiAddress = "${hostName}.tailnet.helveticanonstandard.net:4000"; + overrideDevices = false; + overrideFolders = false; + }; + }; +} diff --git a/profiles/trusted/tailscale.nix b/profiles/trusted/tailscale.nix new file mode 100644 index 0000000..2d3cba9 --- /dev/null +++ b/profiles/trusted/tailscale.nix @@ -0,0 +1,21 @@ +{ + config, + lib, + ... +}: +let + cfg = config.profiles.trusted; +in +{ + config = lib.mkIf cfg.enable { + services.tailscale = { + enable = true; + openFirewall = true; + useRoutingFeatures = "both"; # TODO + }; + + networking.firewall.trustedInterfaces = [ + config.services.tailscale.interfaceName + ]; + }; +} diff --git a/secrets/users/insomniac.age b/secrets/users/insomniac.age deleted file mode 100644 index 17877c2..0000000 --- a/secrets/users/insomniac.age +++ /dev/null @@ -1,11 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 SFHVrw VvRWN857MXOUqUqMIAv3OCgUp7zIJgOmCDhibsfR4BM -pOwTtL357S/fuJK2n5RAKBBcCcL+tnMqt/n7o5BX/nI --> ssh-ed25519 S+dwQQ h5Hf+yOK61iARFKtI3BvGfUuesU7JfBG73xg2OfNO3w -9a/WN5wQZ4T7ar9GD5iCjw1E9k8FafdcQCt78f3PmzE --> ssh-ed25519 bPbvlw eeS4sFLhm/5pyPvc4A23iZY7Yx6Rr1DeZve3NmjaDyM -ZFQZDhcqMjWrncTFS/URGcOXdK/xMpbprpetdsE7gI0 --> ssh-ed25519 8l76Rg rZlqjtuvCJthjPQ+uF7SBlz6gSioCXdmUO330IuheD0 -p85nindSGaWqthF7y/t7jLpkA1tlOIunuJcB1Jsjk00 ---- BTcCQGFBm3QhL0W+aW8Z+w85VVtcmezgBVafqt5DS5c -lK ?tglaCKͰϜjZN@nXY}T xFs< O vs6~Is}7sÞZC@ \ No newline at end of file diff --git a/secrets/users/lukas.age b/secrets/users/lukas.age deleted file mode 100644 index d500ab6..0000000 Binary files a/secrets/users/lukas.age and /dev/null differ