stuff

2025-04-01 19:12:52 +00:00 · 2025-04-01 19:12:52 +00:00 · a85f101876
parent 4c7342110c
commit a85f101876
9 changed files with 21 additions and 64 deletions
--- a/README.md
+++ b/README.md
@ -16,7 +16,8 @@ This is my cobbled together NixOS configuration. There are many like it, but thi
 ## port allocation

 * 80X0: public HTTP services that are proxied through nginx
-* 40X0: private HTTP services that are accessible via tailscale
+* 40X0: syncthing instances (4000 being the system instance, subsequent ones are for individual users)
+* 60X0: private HTTP services that are accessible via tailscale
 * 20XX: Administrative stuff, like prometheus etc.

 * 8000: vaultwarden
--- a/common/users.nix
+++ b/common/users.nix
@ -10,12 +10,12 @@ in {
  users = {
    mutableUsers = false;

-    mainUser = "lukas";
+    mainUser = "helvetica";

    users = {
      root.hashedPassword = "!";
      ${mainUser} = {
-        description = "Lukas Wurzinger";
+        description = "Helvetica";
        uid = 1000;
        isNormalUser = true;
        hashedPasswordFile = config.age.secrets."user-${mainUser}".path;
--- a/hosts/headful/work/users.nix
+++ b/hosts/headful/work/users.nix
@ -0,0 +1,12 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (config.users) mainUser;
+in {
+  users = {
+    mainUser = lib.mkForce "lukas";
+    users.${mainUser}.description = lib.mkForce "Lukas Wurzinger";
+  };
+}
--- a/hosts/headless/abacus/domains.nix
+++ b/hosts/headless/abacus/domains.nix
@ -1,14 +0,0 @@
-{lib, ...}: let
-  inherit (lib) types;
-in {
-  options.networking.domains = lib.mkOption {
-    description = "Domains.";
-    type = types.attrsOf types.str;
-    default = {};
-  };
-
-  config.networking.domains = {
-    wrz = "wrz.one";
-    helvetica = "helveticanonstandard.net";
-  };
-}
--- a/hosts/headless/abacus/miniflux.nix
+++ b/hosts/headless/abacus/miniflux.nix
@ -1,30 +0,0 @@
-# TODO: is this bloat
-{
-  config,
-  lib,
-  ...
-}: let
-  inherit (config.networking) domain;
-  virtualHostName = "flux.${domain}";
-in {
-  age.secrets = lib.mkSecrets {miniflux = {};};
-
-  services.miniflux = {
-    enable = true;
-    createDatabaseLocally = true;
-    adminCredentialsFile = config.age.secrets.miniflux.path;
-    config = {
-      LISTEN_ADDR = "localhost:8030";
-      BASE_URL = "https://${virtualHostName}";
-      CREATE_ADMIN = 1;
-      WEBAUTHN = 1;
-    };
-  };
-
-  services.nginx.virtualHosts.${virtualHostName} = {
-    enableACME = true;
-    forceSSL = true;
-
-    locations."/".proxyPass = "http://${config.services.miniflux.config.LISTEN_ADDR}";
-  };
-}
--- a/hosts/headless/vessel/storage.nix
+++ b/hosts/headless/vessel/storage.nix
@ -1,25 +1,25 @@
 {
  systemd.tmpfiles.settings = {
    "10-safe"."/srv/safe".d = {
-      user = "lukas";
+      user = "helvetica";
      group = "users";
      mode = "0755";
    };

    "10-storage"."/srv/storage".d = {
-      user = "lukas";
+      user = "helvetica";
      group = "users";
      mode = "0755";
    };

    "10-music"."/srv/music".d = {
-      user = "lukas";
+      user = "helvetica";
      group = "users";
      mode = "0755";
    };

    "10-compmusic"."/srv/compmusic".d = {
-      user = "lukas";
+      user = "helvetica";
      group = "users";
      mode = "0755";
    };
--- a/secrets/miniflux.age
+++ b/secrets/miniflux.age
@ -1,12 +0,0 @@
-age-encryption.org/v1
-> ssh-ed25519 SFHVrw VwrDNh+GCy0DmrV3OMYiRbqgGydHmTFAOcZBuan2Vzw
-115sdrY2HJ20N54ri9My0xQ8FKtrtVM6Sqj6WhBhRWY
-> ssh-ed25519 S+dwQQ PHAJ+oJTHvPS6mXgh05Jvp1d/xWrQhPQUtbjjOPSmxg
-M8Va3tfzOvxKhazTh3ER4nxj/yeg5zsAa3LM83Ig5nc
-> ssh-ed25519 bPbvlw 66Z61RSBu1Nq357Za3ulTQElX/u0lYlH+4URmTvIZnk
-gdD4V3XpBSJitOIb/FW3bz/L5tQoEvVjqRdTfpUaYjA
-> ssh-ed25519 ffmsLw 7ViNJzo8R91nAvFLDK7E9uvWZuh06haGYcbTF3gqeys
-j0fqQN7qs1Zish6QIp29NM47CEKasROpzHIClTZ2I/E
--- 0DnbkClnlbP1rTM9/o5MYyI6eq8oPT7r+VlORLtcQtw
-»YLÏŸÎüˆi‚P1p†’¸JP
#]©2—ÑÀƒT•¨ca¿b
-ðêïA³ûR¯×8Ç8‰<EFBFBD>î<EFBFBD>ßáá	Þð‚¡<C2A1>ºñŠm<C5A0>è¸-Æu^æóÊsc¨‡¡v
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -2,7 +2,7 @@ let
  pubkeys = import ../pubkeys.nix;
  inherit (pubkeys) users hosts;
 in {
-  "user-lukas.age".publicKeys = (builtins.attrValues users) ++ (builtins.attrValues (builtins.removeAttrs hosts ["insomniac"]));
+  "user-helvetica.age".publicKeys = (builtins.attrValues users) ++ (builtins.attrValues (builtins.removeAttrs hosts ["insomniac"]));
  "user-insomniac.age".publicKeys = (builtins.attrValues users) ++ [hosts.insomniac];

  "miniflux.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
--- a/secrets/user-helvetica.age
+++ b/secrets/user-helvetica.age