From a85f1018767626a47c83e93df1ab0c4ef758bfde Mon Sep 17 00:00:00 2001
From: Lukas Wurzinger <lukas@wrz.one>
Date: Tue, 1 Apr 2025 19:12:52 +0000
Subject: [PATCH] stuff

---
 README.md                          |   3 ++-
 common/users.nix                   |   4 ++--
 hosts/headful/work/users.nix       |  12 ++++++++++++
 hosts/headless/abacus/domains.nix  |  14 --------------
 hosts/headless/abacus/miniflux.nix |  30 -----------------------------
 hosts/headless/vessel/storage.nix  |   8 ++++----
 secrets/miniflux.age               |  12 ------------
 secrets/secrets.nix                |   2 +-
 secrets/user-helvetica.age         | Bin 0 -> 1088 bytes
 9 files changed, 21 insertions(+), 64 deletions(-)
 create mode 100644 hosts/headful/work/users.nix
 delete mode 100644 hosts/headless/abacus/domains.nix
 delete mode 100644 hosts/headless/abacus/miniflux.nix
 delete mode 100644 secrets/miniflux.age
 create mode 100644 secrets/user-helvetica.age

diff --git a/README.md b/README.md
index eabc71a..9f8cc50 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,8 @@ This is my cobbled together NixOS configuration. There are many like it, but thi
 ## port allocation
 
 * 80X0: public HTTP services that are proxied through nginx
-* 40X0: private HTTP services that are accessible via tailscale
+* 40X0: syncthing instances (4000 being the system instance, subsequent ones are for individual users)
+* 60X0: private HTTP services that are accessible via tailscale
 * 20XX: Administrative stuff, like prometheus etc.
 
 * 8000: vaultwarden
diff --git a/common/users.nix b/common/users.nix
index eec3d31..5ba4530 100644
--- a/common/users.nix
+++ b/common/users.nix
@@ -10,12 +10,12 @@ in {
   users = {
     mutableUsers = false;
 
-    mainUser = "lukas";
+    mainUser = "helvetica";
 
     users = {
       root.hashedPassword = "!";
       ${mainUser} = {
-        description = "Lukas Wurzinger";
+        description = "Helvetica";
         uid = 1000;
         isNormalUser = true;
         hashedPasswordFile = config.age.secrets."user-${mainUser}".path;
diff --git a/hosts/headful/work/users.nix b/hosts/headful/work/users.nix
new file mode 100644
index 0000000..87c3ee3
--- /dev/null
+++ b/hosts/headful/work/users.nix
@@ -0,0 +1,12 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (config.users) mainUser;
+in {
+  users = {
+    mainUser = lib.mkForce "lukas";
+    users.${mainUser}.description = lib.mkForce "Lukas Wurzinger";
+  };
+}
diff --git a/hosts/headless/abacus/domains.nix b/hosts/headless/abacus/domains.nix
deleted file mode 100644
index 89658b5..0000000
--- a/hosts/headless/abacus/domains.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{lib, ...}: let
-  inherit (lib) types;
-in {
-  options.networking.domains = lib.mkOption {
-    description = "Domains.";
-    type = types.attrsOf types.str;
-    default = {};
-  };
-
-  config.networking.domains = {
-    wrz = "wrz.one";
-    helvetica = "helveticanonstandard.net";
-  };
-}
diff --git a/hosts/headless/abacus/miniflux.nix b/hosts/headless/abacus/miniflux.nix
deleted file mode 100644
index 6534c59..0000000
--- a/hosts/headless/abacus/miniflux.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-# TODO: is this bloat
-{
-  config,
-  lib,
-  ...
-}: let
-  inherit (config.networking) domain;
-  virtualHostName = "flux.${domain}";
-in {
-  age.secrets = lib.mkSecrets {miniflux = {};};
-
-  services.miniflux = {
-    enable = true;
-    createDatabaseLocally = true;
-    adminCredentialsFile = config.age.secrets.miniflux.path;
-    config = {
-      LISTEN_ADDR = "localhost:8030";
-      BASE_URL = "https://${virtualHostName}";
-      CREATE_ADMIN = 1;
-      WEBAUTHN = 1;
-    };
-  };
-
-  services.nginx.virtualHosts.${virtualHostName} = {
-    enableACME = true;
-    forceSSL = true;
-
-    locations."/".proxyPass = "http://${config.services.miniflux.config.LISTEN_ADDR}";
-  };
-}
diff --git a/hosts/headless/vessel/storage.nix b/hosts/headless/vessel/storage.nix
index 63332ad..e899606 100644
--- a/hosts/headless/vessel/storage.nix
+++ b/hosts/headless/vessel/storage.nix
@@ -1,25 +1,25 @@
 {
   systemd.tmpfiles.settings = {
     "10-safe"."/srv/safe".d = {
-      user = "lukas";
+      user = "helvetica";
       group = "users";
       mode = "0755";
     };
 
     "10-storage"."/srv/storage".d = {
-      user = "lukas";
+      user = "helvetica";
       group = "users";
       mode = "0755";
     };
 
     "10-music"."/srv/music".d = {
-      user = "lukas";
+      user = "helvetica";
       group = "users";
       mode = "0755";
     };
 
     "10-compmusic"."/srv/compmusic".d = {
-      user = "lukas";
+      user = "helvetica";
       group = "users";
       mode = "0755";
     };
diff --git a/secrets/miniflux.age b/secrets/miniflux.age
deleted file mode 100644
index 143a74b..0000000
--- a/secrets/miniflux.age
+++ /dev/null
@@ -1,12 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 SFHVrw VwrDNh+GCy0DmrV3OMYiRbqgGydHmTFAOcZBuan2Vzw
-115sdrY2HJ20N54ri9My0xQ8FKtrtVM6Sqj6WhBhRWY
--> ssh-ed25519 S+dwQQ PHAJ+oJTHvPS6mXgh05Jvp1d/xWrQhPQUtbjjOPSmxg
-M8Va3tfzOvxKhazTh3ER4nxj/yeg5zsAa3LM83Ig5nc
--> ssh-ed25519 bPbvlw 66Z61RSBu1Nq357Za3ulTQElX/u0lYlH+4URmTvIZnk
-gdD4V3XpBSJitOIb/FW3bz/L5tQoEvVjqRdTfpUaYjA
--> ssh-ed25519 ffmsLw 7ViNJzo8R91nAvFLDK7E9uvWZuh06haGYcbTF3gqeys
-j0fqQN7qs1Zish6QIp29NM47CEKasROpzHIClTZ2I/E
---- 0DnbkClnlbP1rTM9/o5MYyI6eq8oPT7r+VlORLtcQtw
-»YLÏŸÎüˆi‚P1p†’¸JP#]©2—ÑÀƒT•¨ca¿b
-ðêïA³ûR¯×8Ç8‰îßáá	Þð‚¡ºñŠmè¸-Æu^æóÊsc¨‡¡v
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index a50f702..adda8aa 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -2,7 +2,7 @@ let
   pubkeys = import ../pubkeys.nix;
   inherit (pubkeys) users hosts;
 in {
-  "user-lukas.age".publicKeys = (builtins.attrValues users) ++ (builtins.attrValues (builtins.removeAttrs hosts ["insomniac"]));
+  "user-helvetica.age".publicKeys = (builtins.attrValues users) ++ (builtins.attrValues (builtins.removeAttrs hosts ["insomniac"]));
   "user-insomniac.age".publicKeys = (builtins.attrValues users) ++ [hosts.insomniac];
 
   "miniflux.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
diff --git a/secrets/user-helvetica.age b/secrets/user-helvetica.age
new file mode 100644
index 0000000000000000000000000000000000000000..d500ab67bb571b48e647d1999b7bbc9cd3e2679a
GIT binary patch
literal 1088
zcmZY7%j??&0Kjo~n?W5iM4d8n&{M5>Cyfj-Nt-5Z(lkxeB$dIMchlz4Jb%gb;6c3z
zBItRDAc80H;K2<94<f>Z9}ES(2~)f&gZbFO-?{z;pYP$j3B10SIC-0u+cbGG%>$@L
zfd0#1QG|WZMF|3-L5&wyc>@akc;R|8*XCt(m(+>bFa<+lG^$pP#QSbE>=fHe+_J#|
zl4>ypYrPJ|R*`JBRk9&Ya&x<*_7&VvVdt}ss%is&m;O)dxs9rVW7h30tX6JJZ8j2C
z(@C7iGs5=7O~-YO8QFCpn>E6E5e{IL!ml!QG7t<)Y%FU_c(4o0My-dUnK?|Z3i&Wv
z5Wb5aYxdl(_YLUck_81pW+Zw(-EjKQJ+w}b8SlnB0bK_L0ZX;6GLphLfKnq76dl%3
z6{p+fiZK`7bWWvYD;hn^=CMwm@o8I>(MUhmd_OLv1}u$E$;L5UNftLAiXJM)YFbTK
zmN#ZL6Gt$NF{B^}#kU1Oi%G>z2W3&q)45SHrYwx+f}<d^1+^(LV<n1DrG0C#;<4tU
z{<LU7#Lh{z5q&sAGd#&?WG1(gZ8Vij7m%kT+#Ct98WOn10$^Vvcf295m?$!11m11n
zB|$gYs4boK5Nf+>Snn04SJc6=rfVd#WI!&&dGqWC6Yn*ue_~e^V%EAQ!07O>V9CQ~
zXAA}l$M)3`z(Au(m^x5EL~-5~#fiaF{9*4<_#|9=P`g;dJ>zT~O>2%dEr!oJz+fIT
zJip!=Gg+rMDT<er6RYAN<pax}8f&5UF)!-K0t<kmqB?8@2PYj=<@?aIX+ie0BBJ>1
z2wqZXN6cpP<v~M4^;ok5zRgt7klCKom>3Q-218pGjBa<b-p$48uv)p04rkU}C=T^F
z)B%zv{i&uc4TTDwR?1t>E89ts%N<Lv7kom6tj2mu1?3jd@Ap9xv-4!VcUEcUxEeBV
zhJJep<V{aDCR3B+>Pa(5VMq^M5x`%Fu2Sz^yY<e+pDurGX?LG|`tY0l{`qHLuim};
z<#l!AqqjeP#=H30{kN}EKbjA{_S_Ra`mgi(>8F?9aEapFgI6zn@zqloZvD|+x%BM~
z?)LN5?7Q&hz2b*c(7yE8qxastL;p^HbN}<d|Mbt9FTL{p&-`g{?P~GCTfaQ~;PKN(
SfE)R*|CFD6bmhZ;Z~h07f^rA|

literal 0
HcmV?d00001