diff --git a/common/syncthing.nix b/common/syncthing.nix deleted file mode 100644 index 647ee15..0000000 --- a/common/syncthing.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, ... }: -let - inherit (config.networking) hostName; -in -{ - services.syncthing = { - enable = true; - systemService = true; - openDefaultPorts = true; - guiAddress = "${hostName}.tailnet.helveticanonstandard.net:4000"; - overrideDevices = false; - overrideFolders = false; - }; -} diff --git a/common/tailscale.nix b/common/tailscale.nix deleted file mode 100644 index 915d195..0000000 --- a/common/tailscale.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, ... }: -{ - services.tailscale = { - enable = true; - openFirewall = true; - useRoutingFeatures = "both"; # TODO - }; - - networking.firewall.trustedInterfaces = [ - config.services.tailscale.interfaceName - ]; -} diff --git a/common/users.nix b/common/users.nix index c20abcb..28567a3 100644 --- a/common/users.nix +++ b/common/users.nix @@ -1,29 +1,6 @@ { - inputs, - config, - ... -}: -let - inherit (config.users) mainUser; -in -{ - age.secrets."user-${mainUser}".file = inputs.self + /secrets/users/${mainUser}.age; - users = { mutableUsers = false; - - mainUser = "helvetica"; - - users = { - root.hashedPassword = "!"; - ${mainUser} = { - description = "Helvetica"; - uid = 1000; - isNormalUser = true; - hashedPasswordFile = config.age.secrets."user-${mainUser}".path; - openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users; - extraGroups = [ "wheel" ]; # TODO remove - }; - }; + users.root.hashedPassword = "!"; }; } diff --git a/flake.lock b/flake.lock index 021e004..404c1a0 100644 --- a/flake.lock +++ b/flake.lock @@ -171,22 +171,6 @@ } }, "flake-compat_8": { - "flake": false, - "locked": { - "lastModified": 1746162366, - "narHash": "sha256-5SSSZ/oQkwfcAz/o/6TlejlVGqeK08wyREBQ5qFFPhM=", - "owner": "nix-community", - "repo": "flake-compat", - "rev": "0f158086a2ecdbb138cd0429410e44994f1b7e4b", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_9": { "flake": false, "locked": { "lastModified": 1696426674, @@ -696,7 +680,7 @@ }, "hooks_6": { "inputs": { - "flake-compat": "flake-compat_9", + "flake-compat": "flake-compat_8", "gitignore": "gitignore_7", "nixpkgs": [ "xenumenu", @@ -865,27 +849,6 @@ "type": "github" } }, - "nixos-cosmic": { - "inputs": { - "flake-compat": "flake-compat_8", - "nixpkgs": "nixpkgs_9", - "nixpkgs-stable": "nixpkgs-stable_2", - "rust-overlay": "rust-overlay_2" - }, - "locked": { - "lastModified": 1751591814, - "narHash": "sha256-A4lgvuj4v+Pr8MniXz1FBG0DXOygi8tTECR+j53FMhM=", - "owner": "lilyinstarlight", - "repo": "nixos-cosmic", - "rev": "fef2d0c78c4e4d6c600a88795af193131ff51bdc", - "type": "github" - }, - "original": { - "owner": "lilyinstarlight", - "repo": "nixos-cosmic", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1745391562, @@ -1038,22 +1001,6 @@ "type": "github" } }, - "nixpkgs-stable_2": { - "locked": { - "lastModified": 1751048012, - "narHash": "sha256-MYbotu4UjWpTsq01wglhN5xDRfZYLFtNk7SBY0BcjkU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "a684c58d46ebbede49f280b653b9e56100aa3877", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_10": { "locked": { "lastModified": 1750365781, @@ -1184,11 +1131,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1751011381, - "narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=", + "lastModified": 1751984180, + "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "30e2e2857ba47844aa71991daa6ed1fc678bcbb7", + "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0", "type": "github" }, "original": { @@ -1309,11 +1256,7 @@ "myphps": "myphps", "nini": "nini", "nix-index-database": "nix-index-database", - "nixos-cosmic": "nixos-cosmic", - "nixpkgs": [ - "nixos-cosmic", - "nixpkgs" - ], + "nixpkgs": "nixpkgs_9", "treefmt": "treefmt_5", "xenumenu": "xenumenu" } @@ -1339,27 +1282,6 @@ "type": "github" } }, - "rust-overlay_2": { - "inputs": { - "nixpkgs": [ - "nixos-cosmic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1751251399, - "narHash": "sha256-y+viCuy/eKKpkX1K2gDvXIJI/yzvy6zA3HObapz9XZ0=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "b22d5ee8c60ed1291521f2dde48784edd6bf695b", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index c605177..8940943 100644 --- a/flake.nix +++ b/flake.nix @@ -15,8 +15,6 @@ agenix.url = "github:ryantm/agenix"; hardware.url = "github:NixOS/nixos-hardware"; - nixos-cosmic.url = "github:lilyinstarlight/nixos-cosmic"; - nixpkgs.follows = "nixos-cosmic/nixpkgs"; nix-index-database = { url = "github:nix-community/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/hosts/abacus/profiles.nix b/hosts/abacus/profiles.nix index 92e505a..c8eb6b6 100644 --- a/hosts/abacus/profiles.nix +++ b/hosts/abacus/profiles.nix @@ -1,3 +1,6 @@ { - profiles.server.enable = true; + profiles = { + server.enable = true; + trusted.enable = true; + }; } diff --git a/hosts/abacus/static-sites.nix b/hosts/abacus/static-sites.nix index b47d33a..bbd88f4 100644 --- a/hosts/abacus/static-sites.nix +++ b/hosts/abacus/static-sites.nix @@ -1,5 +1,4 @@ { - config, lib, ... }: @@ -25,7 +24,7 @@ lib.mkMerge ( }; systemd.tmpfiles.settings."10-static-sites".${root}.d = { - user = config.users.mainUser; + user = "helvetica"; group = "users"; mode = "0755"; }; diff --git a/hosts/abacus/users.nix b/hosts/abacus/users.nix new file mode 100644 index 0000000..cd7a56d --- /dev/null +++ b/hosts/abacus/users.nix @@ -0,0 +1,13 @@ +{ config, inputs, ... }: +{ + age.secrets.user-helvetica.file = inputs.self + /secrets/users/helvetica.age; + + users.users.helvetica = { + description = "Helvetica"; + uid = 1000; + isNormalUser = true; + hashedPasswordFile = config.age.secrets.user-helvetica.path; + openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users; + extraGroups = [ "wheel" ]; # TODO remove + }; +} diff --git a/hosts/flamingo/profiles.nix b/hosts/flamingo/profiles.nix index cf3a004..b90db95 100644 --- a/hosts/flamingo/profiles.nix +++ b/hosts/flamingo/profiles.nix @@ -6,5 +6,6 @@ gaming.enable = true; piracy.enable = true; productivity.enable = true; + trusted.enable = true; }; } diff --git a/hosts/flamingo/users.nix b/hosts/flamingo/users.nix new file mode 100644 index 0000000..cd7a56d --- /dev/null +++ b/hosts/flamingo/users.nix @@ -0,0 +1,13 @@ +{ config, inputs, ... }: +{ + age.secrets.user-helvetica.file = inputs.self + /secrets/users/helvetica.age; + + users.users.helvetica = { + description = "Helvetica"; + uid = 1000; + isNormalUser = true; + hashedPasswordFile = config.age.secrets.user-helvetica.path; + openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users; + extraGroups = [ "wheel" ]; # TODO remove + }; +} diff --git a/hosts/glacier/beets.nix b/hosts/glacier/beets.nix new file mode 100644 index 0000000..2470a61 --- /dev/null +++ b/hosts/glacier/beets.nix @@ -0,0 +1,6 @@ +{ pkgs, ... }: +{ + environment.systemPackages = [ + pkgs.beets + ]; +} diff --git a/hosts/glacier/profiles.nix b/hosts/glacier/profiles.nix index fbd110f..be95c47 100644 --- a/hosts/glacier/profiles.nix +++ b/hosts/glacier/profiles.nix @@ -6,5 +6,6 @@ gaming.enable = true; piracy.enable = true; productivity.enable = true; + trusted.enable = true; }; } diff --git a/hosts/glacier/users.nix b/hosts/glacier/users.nix index 2ad58bc..cd7a56d 100644 --- a/hosts/glacier/users.nix +++ b/hosts/glacier/users.nix @@ -1,8 +1,13 @@ +{ config, inputs, ... }: { - users.users.futura = { - description = "Futura"; - uid = 1001; + age.secrets.user-helvetica.file = inputs.self + /secrets/users/helvetica.age; + + users.users.helvetica = { + description = "Helvetica"; + uid = 1000; isNormalUser = true; - password = "futura"; + hashedPasswordFile = config.age.secrets.user-helvetica.path; + openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users; + extraGroups = [ "wheel" ]; # TODO remove }; } diff --git a/hosts/insomniac/cosmic.nix b/hosts/insomniac/autologin.nix similarity index 100% rename from hosts/insomniac/cosmic.nix rename to hosts/insomniac/autologin.nix diff --git a/hosts/insomniac/users.nix b/hosts/insomniac/users.nix index 1d93475..396510e 100644 --- a/hosts/insomniac/users.nix +++ b/hosts/insomniac/users.nix @@ -1,14 +1,14 @@ { config, - lib, ... }: -let - inherit (config.users) mainUser; -in { - users = { - mainUser = lib.mkForce "insomniac"; - users.${mainUser}.description = lib.mkForce "Insomniac"; + users.users.helvetica = { + description = "Insomniac"; + uid = 1000; + isNormalUser = true; + password = ""; + openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users; + extraGroups = [ "wheel" ]; # TODO remove }; } diff --git a/hosts/vessel/profiles.nix b/hosts/vessel/profiles.nix index 92e505a..c8eb6b6 100644 --- a/hosts/vessel/profiles.nix +++ b/hosts/vessel/profiles.nix @@ -1,3 +1,6 @@ { - profiles.server.enable = true; + profiles = { + server.enable = true; + trusted.enable = true; + }; } diff --git a/hosts/vessel/users.nix b/hosts/vessel/users.nix new file mode 100644 index 0000000..cd7a56d --- /dev/null +++ b/hosts/vessel/users.nix @@ -0,0 +1,13 @@ +{ config, inputs, ... }: +{ + age.secrets.user-helvetica.file = inputs.self + /secrets/users/helvetica.age; + + users.users.helvetica = { + description = "Helvetica"; + uid = 1000; + isNormalUser = true; + hashedPasswordFile = config.age.secrets.user-helvetica.path; + openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users; + extraGroups = [ "wheel" ]; # TODO remove + }; +} diff --git a/hosts/work/users.nix b/hosts/work/users.nix index 078acbf..8d585f2 100644 --- a/hosts/work/users.nix +++ b/hosts/work/users.nix @@ -1,14 +1,13 @@ +{ config, inputs, ... }: { - config, - lib, - ... -}: -let - inherit (config.users) mainUser; -in -{ - users = { - mainUser = lib.mkForce "lukas"; - users.${mainUser}.description = lib.mkForce "Lukas Wurzinger"; + age.secrets.user-lukas.file = inputs.self + /secrets/users/helvetica.age; + + users.users.lukas = { + description = "Lukas Wurzinger"; + uid = 1000; + isNormalUser = true; + hashedPasswordFile = config.age.secrets.user-lukas.path; + openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users; + extraGroups = [ "wheel" ]; # TODO remove }; } diff --git a/modules/main-user.nix b/modules/main-user.nix deleted file mode 100644 index 4123a80..0000000 --- a/modules/main-user.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ lib, ... }: -let - inherit (lib) types; -in -{ - options = { - users.mainUser = lib.mkOption { - type = types.passwdEntry types.str; - description = '' - The main user. - ''; - }; - }; -} diff --git a/profiles/desktop/cosmic.nix b/profiles/desktop/cosmic.nix deleted file mode 100644 index 8857cc5..0000000 --- a/profiles/desktop/cosmic.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: -let - cfg = config.profiles.desktop; -in -{ - imports = [ - inputs.nixos-cosmic.nixosModules.default - ]; - - config = lib.mkIf cfg.enable { - - nix.settings = { - substituters = [ "https://cosmic.cachix.org" ]; - trusted-public-keys = [ "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE=" ]; - }; - - services = { - desktopManager.cosmic.enable = true; - displayManager.cosmic-greeter.enable = true; - }; - - environment.sessionVariables.COSMIC_DATA_CONTROL_ENABLED = 1; - }; -} diff --git a/profiles/desktop/mpv.nix b/profiles/desktop/mpv.nix new file mode 100644 index 0000000..4589648 --- /dev/null +++ b/profiles/desktop/mpv.nix @@ -0,0 +1,6 @@ +{ inputs, pkgs, ... }: +{ + environment.systemPackages = [ + inputs.mympv.packages.${pkgs.system}.default + ]; +} diff --git a/profiles/desktop/plasma.nix b/profiles/desktop/plasma.nix new file mode 100644 index 0000000..3012563 --- /dev/null +++ b/profiles/desktop/plasma.nix @@ -0,0 +1,20 @@ +{ + config, + lib, + ... +}: +let + cfg = config.profiles.desktop; +in +{ + config = lib.mkIf cfg.enable { + services = { + displayManager.sddm = { + enable = true; + wayland.enable = true; + }; + + desktopManager.plasma6.enable = true; + }; + }; +} diff --git a/profiles/trusted/default.nix b/profiles/trusted/default.nix new file mode 100644 index 0000000..6dabd50 --- /dev/null +++ b/profiles/trusted/default.nix @@ -0,0 +1,6 @@ +{ lib, ... }: +{ + options.profiles.trusted = { + enable = lib.mkEnableOption "trusted"; + }; +} diff --git a/profiles/trusted/syncthing.nix b/profiles/trusted/syncthing.nix new file mode 100644 index 0000000..680bde8 --- /dev/null +++ b/profiles/trusted/syncthing.nix @@ -0,0 +1,21 @@ +{ + config, + lib, + ... +}: +let + cfg = config.profiles.trusted; + inherit (config.networking) hostName; +in +{ + config = lib.mkIf cfg.enable { + services.syncthing = { + enable = true; + systemService = true; + openDefaultPorts = true; + guiAddress = "${hostName}.tailnet.helveticanonstandard.net:4000"; + overrideDevices = false; + overrideFolders = false; + }; + }; +} diff --git a/profiles/trusted/tailscale.nix b/profiles/trusted/tailscale.nix new file mode 100644 index 0000000..2d3cba9 --- /dev/null +++ b/profiles/trusted/tailscale.nix @@ -0,0 +1,21 @@ +{ + config, + lib, + ... +}: +let + cfg = config.profiles.trusted; +in +{ + config = lib.mkIf cfg.enable { + services.tailscale = { + enable = true; + openFirewall = true; + useRoutingFeatures = "both"; # TODO + }; + + networking.firewall.trustedInterfaces = [ + config.services.tailscale.interfaceName + ]; + }; +} diff --git a/secrets/users/insomniac.age b/secrets/users/insomniac.age deleted file mode 100644 index 17877c2..0000000 --- a/secrets/users/insomniac.age +++ /dev/null @@ -1,11 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 SFHVrw VvRWN857MXOUqUqMIAv3OCgUp7zIJgOmCDhibsfR4BM -pOwTtL357S/fuJK2n5RAKBBcCcL+tnMqt/n7o5BX/nI --> ssh-ed25519 S+dwQQ h5Hf+yOK61iARFKtI3BvGfUuesU7JfBG73xg2OfNO3w -9a/WN5wQZ4T7ar9GD5iCjw1E9k8FafdcQCt78f3PmzE --> ssh-ed25519 bPbvlw eeS4sFLhm/5pyPvc4A23iZY7Yx6Rr1DeZve3NmjaDyM -ZFQZDhcqMjWrncTFS/URGcOXdK/xMpbprpetdsE7gI0 --> ssh-ed25519 8l76Rg rZlqjtuvCJthjPQ+uF7SBlz6gSioCXdmUO330IuheD0 -p85nindSGaWqthF7y/t7jLpkA1tlOIunuJcB1Jsjk00 ---- BTcCQGFBm3QhL0W+aW8Z+w85VVtcmezgBVafqt5DS5c -lK ?tglaCKͰϜjZN@nXY}T xFs< O vs6~Is}7sÞZC@ \ No newline at end of file diff --git a/secrets/users/lukas.age b/secrets/users/lukas.age deleted file mode 100644 index d500ab6..0000000 Binary files a/secrets/users/lukas.age and /dev/null differ