stuff

2025-07-14 21:18:44 +02:00 · 2025-07-14 21:18:44 +02:00 · 79792e5a76
commit 79792e5a76
parent 3f6dafe073
24 changed files with 143 additions and 101 deletions
--- a/common/syncthing.nix
+++ b/common/syncthing.nix
@ -1,14 +0,0 @@
 { config, ... }:
 let
  inherit (config.networking) hostName;
 in
 {
  services.syncthing = {
    enable = true;
    systemService = true;
    openDefaultPorts = true;
    guiAddress = "${hostName}.tailnet.helveticanonstandard.net:4000";
    overrideDevices = false;
    overrideFolders = false;
  };
 }
--- a/common/tailscale.nix
+++ b/common/tailscale.nix
@ -1,12 +0,0 @@
 { config, ... }:
 {
  services.tailscale = {
    enable = true;
    openFirewall = true;
    useRoutingFeatures = "both"; # TODO
  };
  networking.firewall.trustedInterfaces = [
    config.services.tailscale.interfaceName
  ];
 }
--- a/common/users.nix
+++ b/common/users.nix
@ -1,29 +1,6 @@
 {
  inputs,
  config,
  ...
 }:
 let
  inherit (config.users) mainUser;
 in
 {
  age.secrets."user-${mainUser}".file = inputs.self + /secrets/users/${mainUser}.age;
  users = {
    mutableUsers = false;
-
+    users.root.hashedPassword = "!";
    mainUser = "helvetica";
    users = {
      root.hashedPassword = "!";
      ${mainUser} = {
        description = "Helvetica";
        uid = 1000;
        isNormalUser = true;
        hashedPasswordFile = config.age.secrets."user-${mainUser}".path;
        openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
        extraGroups = [ "wheel" ]; # TODO remove
      };
    };
  };
 }
--- a/hosts/abacus/profiles.nix
+++ b/hosts/abacus/profiles.nix
@ -1,3 +1,6 @@
 {
-  profiles.server.enable = true;
+  profiles = {
    server.enable = true;
    trusted.enable = true;
  };
 }
--- a/hosts/abacus/static-sites.nix
+++ b/hosts/abacus/static-sites.nix
@ -1,5 +1,4 @@
 {
  config,
  lib,
  ...
 }:
@ -25,7 +24,7 @@ lib.mkMerge (
      };
      systemd.tmpfiles.settings."10-static-sites".${root}.d = {
-        user = config.users.mainUser;
+        user = "helvetica";
        group = "users";
        mode = "0755";
      };
--- a/hosts/abacus/users.nix
+++ b/hosts/abacus/users.nix
@ -0,0 +1,13 @@
 { config, inputs, ... }:
 {
  age.secrets.user-helvetica.file = inputs.self + /secrets/users/helvetica.age;
  users.users.helvetica = {
    description = "Helvetica";
    uid = 1000;
    isNormalUser = true;
    hashedPasswordFile = config.age.secrets.user-helvetica.path;
    openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
    extraGroups = [ "wheel" ]; # TODO remove
  };
 }
--- a/hosts/flamingo/profiles.nix
+++ b/hosts/flamingo/profiles.nix
@ -6,5 +6,6 @@
    gaming.enable = true;
    piracy.enable = true;
    productivity.enable = true;
    trusted.enable = true;
  };
 }
--- a/hosts/flamingo/users.nix
+++ b/hosts/flamingo/users.nix
@ -0,0 +1,13 @@
 { config, inputs, ... }:
 {
  age.secrets.user-helvetica.file = inputs.self + /secrets/users/helvetica.age;
  users.users.helvetica = {
    description = "Helvetica";
    uid = 1000;
    isNormalUser = true;
    hashedPasswordFile = config.age.secrets.user-helvetica.path;
    openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
    extraGroups = [ "wheel" ]; # TODO remove
  };
 }
--- a/hosts/glacier/beets.nix
+++ b/hosts/glacier/beets.nix
@ -0,0 +1,6 @@
 { pkgs, ... }:
 {
  environment.systemPackages = [
    pkgs.beets
  ];
 }
--- a/hosts/glacier/profiles.nix
+++ b/hosts/glacier/profiles.nix
@ -6,5 +6,6 @@
    gaming.enable = true;
    piracy.enable = true;
    productivity.enable = true;
    trusted.enable = true;
  };
 }
--- a/hosts/glacier/users.nix
+++ b/hosts/glacier/users.nix
@ -1,8 +1,13 @@
 { config, inputs, ... }:
 {
-  users.users.futura = {
+  age.secrets.user-helvetica.file = inputs.self + /secrets/users/helvetica.age;
-    description = "Futura";
+
-    uid = 1001;
+  users.users.helvetica = {
    description = "Helvetica";
    uid = 1000;
    isNormalUser = true;
-    password = "futura";
+    hashedPasswordFile = config.age.secrets.user-helvetica.path;
    openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
    extraGroups = [ "wheel" ]; # TODO remove
  };
 }
--- a/hosts/insomniac/autologin.nix
+++ b/hosts/insomniac/autologin.nix
--- a/hosts/insomniac/users.nix
+++ b/hosts/insomniac/users.nix
@ -1,14 +1,14 @@
 {
  config,
  lib,
  ...
 }:
 let
  inherit (config.users) mainUser;
 in
 {
-  users = {
+  users.users.helvetica = {
-    mainUser = lib.mkForce "insomniac";
+    description = "Insomniac";
-    users.${mainUser}.description = lib.mkForce "Insomniac";
+    uid = 1000;
    isNormalUser = true;
    password = "";
    openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
    extraGroups = [ "wheel" ]; # TODO remove
  };
 }
--- a/hosts/vessel/profiles.nix
+++ b/hosts/vessel/profiles.nix
@ -1,3 +1,6 @@
 {
-  profiles.server.enable = true;
+  profiles = {
    server.enable = true;
    trusted.enable = true;
  };
 }
--- a/hosts/vessel/users.nix
+++ b/hosts/vessel/users.nix
@ -0,0 +1,13 @@
 { config, inputs, ... }:
 {
  age.secrets.user-helvetica.file = inputs.self + /secrets/users/helvetica.age;
  users.users.helvetica = {
    description = "Helvetica";
    uid = 1000;
    isNormalUser = true;
    hashedPasswordFile = config.age.secrets.user-helvetica.path;
    openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
    extraGroups = [ "wheel" ]; # TODO remove
  };
 }
--- a/hosts/work/users.nix
+++ b/hosts/work/users.nix
@ -1,14 +1,13 @@
 { config, inputs, ... }:
 {
-  config,
+  age.secrets.user-lukas.file = inputs.self + /secrets/users/helvetica.age;
-  lib,
+
-  ...
+  users.users.lukas = {
-}:
+    description = "Lukas Wurzinger";
-let
+    uid = 1000;
-  inherit (config.users) mainUser;
+    isNormalUser = true;
-in
+    hashedPasswordFile = config.age.secrets.user-lukas.path;
-{
+    openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
-  users = {
+    extraGroups = [ "wheel" ]; # TODO remove
    mainUser = lib.mkForce "lukas";
    users.${mainUser}.description = lib.mkForce "Lukas Wurzinger";
  };
 }
--- a/modules/main-user.nix
+++ b/modules/main-user.nix
@ -1,14 +0,0 @@
 { lib, ... }:
 let
  inherit (lib) types;
 in
 {
  options = {
    users.mainUser = lib.mkOption {
      type = types.passwdEntry types.str;
      description = ''
        The main user.
      '';
    };
  };
 }
--- a/profiles/desktop/cosmic.nix
+++ b/profiles/desktop/cosmic.nix
@ -2,6 +2,7 @@
  config,
  lib,
  inputs,
  pkgs,
  ...
 }:
 let
@ -24,6 +25,11 @@ in
      displayManager.cosmic-greeter.enable = true;
    };
    environment.cosmic.excludePackages = [
      pkgs.cosmic-edit
      pkgs.cosmic-player
    ];
    environment.sessionVariables.COSMIC_DATA_CONTROL_ENABLED = 1;
  };
 }
--- a/profiles/desktop/mpv.nix
+++ b/profiles/desktop/mpv.nix
@ -0,0 +1,6 @@
 { inputs, pkgs, ... }:
 {
  environment.systemPackages = [
    inputs.mympv.packages.${pkgs.system}.default
  ];
 }
--- a/profiles/trusted/default.nix
+++ b/profiles/trusted/default.nix
@ -0,0 +1,6 @@
 { lib, ... }:
 {
  options.profiles.trusted = {
    enable = lib.mkEnableOption "trusted";
  };
 }
--- a/profiles/trusted/syncthing.nix
+++ b/profiles/trusted/syncthing.nix
@ -0,0 +1,21 @@
 {
  config,
  lib,
  ...
 }:
 let
  cfg = config.profiles.trusted;
  inherit (config.networking) hostName;
 in
 {
  config = lib.mkIf cfg.enable {
    services.syncthing = {
      enable = true;
      systemService = true;
      openDefaultPorts = true;
      guiAddress = "${hostName}.tailnet.helveticanonstandard.net:4000";
      overrideDevices = false;
      overrideFolders = false;
    };
  };
 }
--- a/profiles/trusted/tailscale.nix
+++ b/profiles/trusted/tailscale.nix
@ -0,0 +1,21 @@
 {
  config,
  lib,
  ...
 }:
 let
  cfg = config.profiles.trusted;
 in
 {
  config = lib.mkIf cfg.enable {
    services.tailscale = {
      enable = true;
      openFirewall = true;
      useRoutingFeatures = "both"; # TODO
    };
    networking.firewall.trustedInterfaces = [
      config.services.tailscale.interfaceName
    ];
  };
 }
--- a/secrets/users/insomniac.age
+++ b/secrets/users/insomniac.age
@ -1,11 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 SFHVrw VvRWN857MXOUqUqMIAv3OCgUp7zIJgOmCDhibsfR4BM
 pOwTtL357S/fuJK2n5RAKBBcCcL+tnMqt/n7o5BX/nI
 -> ssh-ed25519 S+dwQQ h5Hf+yOK61iARFKtI3BvGfUuesU7JfBG73xg2OfNO3w
 9a/WN5wQZ4T7ar9GD5iCjw1E9k8FafdcQCt78f3PmzE
 -> ssh-ed25519 bPbvlw eeS4sFLhm/5pyPvc4A23iZY7Yx6Rr1DeZve3NmjaDyM
 ZFQZDhcqMjWrncTFS/URGcOXdK/xMpbprpetdsE7gI0
 -> ssh-ed25519 8l76Rg rZlqjtuvCJthjPQ+uF7SBlz6gSioCXdmUO330IuheD0
 p85nindSGaWqthF7y/t7jLpkA1tlOIunuJcB1Jsjk00
 --- BTcCQGFBm3QhL0W+aW8Z+w85VVtcmezgBVafqt5DS5c
 ¸lK?tÉgl <6C>áaÈCÄKßÍ°Ó¡èÏœÖj€ZN¨‡@n§´«×XæYÕ}ù“TÎÝ
×Ø°äx·F–á£s<	O«Ñù™övs6ï~IÃü së}7sÃžÃãZ‘C@
--- a/secrets/users/lukas.age
+++ b/secrets/users/lukas.age