plasma

stuff
2025-07-14 21:23:31 +02:00 · 2025-07-14 21:23:00 +02:00 · 2025-07-14 21:18:44 +02:00
27 changed files with 162 additions and 215 deletions
--- a/common/syncthing.nix
+++ b/common/syncthing.nix
@ -1,14 +0,0 @@
-{ config, ... }:
-let
-  inherit (config.networking) hostName;
-in
-{
-  services.syncthing = {
-    enable = true;
-    systemService = true;
-    openDefaultPorts = true;
-    guiAddress = "${hostName}.tailnet.helveticanonstandard.net:4000";
-    overrideDevices = false;
-    overrideFolders = false;
-  };
-}
--- a/common/tailscale.nix
+++ b/common/tailscale.nix
@ -1,12 +0,0 @@
-{ config, ... }:
-{
-  services.tailscale = {
-    enable = true;
-    openFirewall = true;
-    useRoutingFeatures = "both"; # TODO
-  };
-
-  networking.firewall.trustedInterfaces = [
-    config.services.tailscale.interfaceName
-  ];
-}
--- a/common/users.nix
+++ b/common/users.nix
@ -1,29 +1,6 @@
 {
-  inputs,
-  config,
-  ...
-}:
-let
-  inherit (config.users) mainUser;
-in
-{
-  age.secrets."user-${mainUser}".file = inputs.self + /secrets/users/${mainUser}.age;
-
  users = {
    mutableUsers = false;
-
-    mainUser = "helvetica";
-
-    users = {
-      root.hashedPassword = "!";
-      ${mainUser} = {
-        description = "Helvetica";
-        uid = 1000;
-        isNormalUser = true;
-        hashedPasswordFile = config.age.secrets."user-${mainUser}".path;
-        openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
-        extraGroups = [ "wheel" ]; # TODO remove
-      };
-    };
+    users.root.hashedPassword = "!";
  };
 }
--- a/flake.lock
+++ b/flake.lock
@ -171,22 +171,6 @@
      }
    },
    "flake-compat_8": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1746162366,
-        "narHash": "sha256-5SSSZ/oQkwfcAz/o/6TlejlVGqeK08wyREBQ5qFFPhM=",
-        "owner": "nix-community",
-        "repo": "flake-compat",
-        "rev": "0f158086a2ecdbb138cd0429410e44994f1b7e4b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
-    "flake-compat_9": {
      "flake": false,
      "locked": {
        "lastModified": 1696426674,
@ -696,7 +680,7 @@
    },
    "hooks_6": {
      "inputs": {
-        "flake-compat": "flake-compat_9",
+        "flake-compat": "flake-compat_8",
        "gitignore": "gitignore_7",
        "nixpkgs": [
          "xenumenu",
@ -865,27 +849,6 @@
        "type": "github"
      }
    },
-    "nixos-cosmic": {
-      "inputs": {
-        "flake-compat": "flake-compat_8",
-        "nixpkgs": "nixpkgs_9",
-        "nixpkgs-stable": "nixpkgs-stable_2",
-        "rust-overlay": "rust-overlay_2"
-      },
-      "locked": {
-        "lastModified": 1751591814,
-        "narHash": "sha256-A4lgvuj4v+Pr8MniXz1FBG0DXOygi8tTECR+j53FMhM=",
-        "owner": "lilyinstarlight",
-        "repo": "nixos-cosmic",
-        "rev": "fef2d0c78c4e4d6c600a88795af193131ff51bdc",
-        "type": "github"
-      },
-      "original": {
-        "owner": "lilyinstarlight",
-        "repo": "nixos-cosmic",
-        "type": "github"
-      }
-    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1745391562,
@ -1038,22 +1001,6 @@
        "type": "github"
      }
    },
-    "nixpkgs-stable_2": {
-      "locked": {
-        "lastModified": 1751048012,
-        "narHash": "sha256-MYbotu4UjWpTsq01wglhN5xDRfZYLFtNk7SBY0BcjkU=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "a684c58d46ebbede49f280b653b9e56100aa3877",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-24.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
    "nixpkgs_10": {
      "locked": {
        "lastModified": 1750365781,
@ -1184,11 +1131,11 @@
    },
    "nixpkgs_9": {
      "locked": {
-        "lastModified": 1751011381,
-        "narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=",
+        "lastModified": 1751984180,
+        "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "30e2e2857ba47844aa71991daa6ed1fc678bcbb7",
+        "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0",
        "type": "github"
      },
      "original": {
@ -1309,11 +1256,7 @@
        "myphps": "myphps",
        "nini": "nini",
        "nix-index-database": "nix-index-database",
-        "nixos-cosmic": "nixos-cosmic",
-        "nixpkgs": [
-          "nixos-cosmic",
-          "nixpkgs"
-        ],
+        "nixpkgs": "nixpkgs_9",
        "treefmt": "treefmt_5",
        "xenumenu": "xenumenu"
      }
@ -1339,27 +1282,6 @@
        "type": "github"
      }
    },
-    "rust-overlay_2": {
-      "inputs": {
-        "nixpkgs": [
-          "nixos-cosmic",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1751251399,
-        "narHash": "sha256-y+viCuy/eKKpkX1K2gDvXIJI/yzvy6zA3HObapz9XZ0=",
-        "owner": "oxalica",
-        "repo": "rust-overlay",
-        "rev": "b22d5ee8c60ed1291521f2dde48784edd6bf695b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "oxalica",
-        "repo": "rust-overlay",
-        "type": "github"
-      }
-    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
--- a/flake.nix
+++ b/flake.nix
@ -15,8 +15,6 @@

    agenix.url = "github:ryantm/agenix";
    hardware.url = "github:NixOS/nixos-hardware";
-    nixos-cosmic.url = "github:lilyinstarlight/nixos-cosmic";
-    nixpkgs.follows = "nixos-cosmic/nixpkgs";
    nix-index-database = {
      url = "github:nix-community/nix-index-database";
      inputs.nixpkgs.follows = "nixpkgs";
--- a/hosts/abacus/profiles.nix
+++ b/hosts/abacus/profiles.nix
@ -1,3 +1,6 @@
 {
-  profiles.server.enable = true;
+  profiles = {
+    server.enable = true;
+    trusted.enable = true;
+  };
 }
--- a/hosts/abacus/static-sites.nix
+++ b/hosts/abacus/static-sites.nix
@ -1,5 +1,4 @@
 {
-  config,
  lib,
  ...
 }:
@ -25,7 +24,7 @@ lib.mkMerge (
      };

      systemd.tmpfiles.settings."10-static-sites".${root}.d = {
-        user = config.users.mainUser;
+        user = "helvetica";
        group = "users";
        mode = "0755";
      };
--- a/hosts/abacus/users.nix
+++ b/hosts/abacus/users.nix
@ -0,0 +1,13 @@
+{ config, inputs, ... }:
+{
+  age.secrets.user-helvetica.file = inputs.self + /secrets/users/helvetica.age;
+
+  users.users.helvetica = {
+    description = "Helvetica";
+    uid = 1000;
+    isNormalUser = true;
+    hashedPasswordFile = config.age.secrets.user-helvetica.path;
+    openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
+    extraGroups = [ "wheel" ]; # TODO remove
+  };
+}
--- a/hosts/flamingo/profiles.nix
+++ b/hosts/flamingo/profiles.nix
@ -6,5 +6,6 @@
    gaming.enable = true;
    piracy.enable = true;
    productivity.enable = true;
+    trusted.enable = true;
  };
 }
--- a/hosts/flamingo/users.nix
+++ b/hosts/flamingo/users.nix
@ -0,0 +1,13 @@
+{ config, inputs, ... }:
+{
+  age.secrets.user-helvetica.file = inputs.self + /secrets/users/helvetica.age;
+
+  users.users.helvetica = {
+    description = "Helvetica";
+    uid = 1000;
+    isNormalUser = true;
+    hashedPasswordFile = config.age.secrets.user-helvetica.path;
+    openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
+    extraGroups = [ "wheel" ]; # TODO remove
+  };
+}
--- a/hosts/glacier/beets.nix
+++ b/hosts/glacier/beets.nix
@ -0,0 +1,6 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = [
+    pkgs.beets
+  ];
+}
--- a/hosts/glacier/profiles.nix
+++ b/hosts/glacier/profiles.nix
@ -6,5 +6,6 @@
    gaming.enable = true;
    piracy.enable = true;
    productivity.enable = true;
+    trusted.enable = true;
  };
 }
--- a/hosts/glacier/users.nix
+++ b/hosts/glacier/users.nix
@ -1,8 +1,13 @@
+{ config, inputs, ... }:
 {
-  users.users.futura = {
-    description = "Futura";
-    uid = 1001;
+  age.secrets.user-helvetica.file = inputs.self + /secrets/users/helvetica.age;
+
+  users.users.helvetica = {
+    description = "Helvetica";
+    uid = 1000;
    isNormalUser = true;
-    password = "futura";
+    hashedPasswordFile = config.age.secrets.user-helvetica.path;
+    openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
+    extraGroups = [ "wheel" ]; # TODO remove
  };
 }
--- a/hosts/insomniac/autologin.nix
+++ b/hosts/insomniac/autologin.nix
--- a/hosts/insomniac/users.nix
+++ b/hosts/insomniac/users.nix
@ -1,14 +1,14 @@
 {
  config,
-  lib,
  ...
 }:
-let
-  inherit (config.users) mainUser;
-in
 {
-  users = {
-    mainUser = lib.mkForce "insomniac";
-    users.${mainUser}.description = lib.mkForce "Insomniac";
+  users.users.helvetica = {
+    description = "Insomniac";
+    uid = 1000;
+    isNormalUser = true;
+    password = "";
+    openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
+    extraGroups = [ "wheel" ]; # TODO remove
  };
 }
--- a/hosts/vessel/profiles.nix
+++ b/hosts/vessel/profiles.nix
@ -1,3 +1,6 @@
 {
-  profiles.server.enable = true;
+  profiles = {
+    server.enable = true;
+    trusted.enable = true;
+  };
 }
--- a/hosts/vessel/users.nix
+++ b/hosts/vessel/users.nix
@ -0,0 +1,13 @@
+{ config, inputs, ... }:
+{
+  age.secrets.user-helvetica.file = inputs.self + /secrets/users/helvetica.age;
+
+  users.users.helvetica = {
+    description = "Helvetica";
+    uid = 1000;
+    isNormalUser = true;
+    hashedPasswordFile = config.age.secrets.user-helvetica.path;
+    openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
+    extraGroups = [ "wheel" ]; # TODO remove
+  };
+}
--- a/hosts/work/users.nix
+++ b/hosts/work/users.nix
@ -1,14 +1,13 @@
+{ config, inputs, ... }:
 {
-  config,
-  lib,
-  ...
-}:
-let
-  inherit (config.users) mainUser;
-in
-{
-  users = {
-    mainUser = lib.mkForce "lukas";
-    users.${mainUser}.description = lib.mkForce "Lukas Wurzinger";
+  age.secrets.user-lukas.file = inputs.self + /secrets/users/helvetica.age;
+
+  users.users.lukas = {
+    description = "Lukas Wurzinger";
+    uid = 1000;
+    isNormalUser = true;
+    hashedPasswordFile = config.age.secrets.user-lukas.path;
+    openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
+    extraGroups = [ "wheel" ]; # TODO remove
  };
 }
--- a/modules/main-user.nix
+++ b/modules/main-user.nix
@ -1,14 +0,0 @@
-{ lib, ... }:
-let
-  inherit (lib) types;
-in
-{
-  options = {
-    users.mainUser = lib.mkOption {
-      type = types.passwdEntry types.str;
-      description = ''
-        The main user.
-      '';
-    };
-  };
-}
--- a/profiles/desktop/cosmic.nix
+++ b/profiles/desktop/cosmic.nix
@ -1,29 +0,0 @@
-{
-  config,
-  lib,
-  inputs,
-  ...
-}:
-let
-  cfg = config.profiles.desktop;
-in
-{
-  imports = [
-    inputs.nixos-cosmic.nixosModules.default
-  ];
-
-  config = lib.mkIf cfg.enable {
-
-    nix.settings = {
-      substituters = [ "https://cosmic.cachix.org" ];
-      trusted-public-keys = [ "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE=" ];
-    };
-
-    services = {
-      desktopManager.cosmic.enable = true;
-      displayManager.cosmic-greeter.enable = true;
-    };
-
-    environment.sessionVariables.COSMIC_DATA_CONTROL_ENABLED = 1;
-  };
-}
--- a/profiles/desktop/mpv.nix
+++ b/profiles/desktop/mpv.nix
@ -0,0 +1,6 @@
+{ inputs, pkgs, ... }:
+{
+  environment.systemPackages = [
+    inputs.mympv.packages.${pkgs.system}.default
+  ];
+}
--- a/profiles/desktop/plasma.nix
+++ b/profiles/desktop/plasma.nix
@ -0,0 +1,20 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  cfg = config.profiles.desktop;
+in
+{
+  config = lib.mkIf cfg.enable {
+    services = {
+      displayManager.sddm = {
+        enable = true;
+        wayland.enable = true;
+      };
+
+      desktopManager.plasma6.enable = true;
+    };
+  };
+}
--- a/profiles/trusted/default.nix
+++ b/profiles/trusted/default.nix
@ -0,0 +1,6 @@
+{ lib, ... }:
+{
+  options.profiles.trusted = {
+    enable = lib.mkEnableOption "trusted";
+  };
+}
--- a/profiles/trusted/syncthing.nix
+++ b/profiles/trusted/syncthing.nix
@ -0,0 +1,21 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  cfg = config.profiles.trusted;
+  inherit (config.networking) hostName;
+in
+{
+  config = lib.mkIf cfg.enable {
+    services.syncthing = {
+      enable = true;
+      systemService = true;
+      openDefaultPorts = true;
+      guiAddress = "${hostName}.tailnet.helveticanonstandard.net:4000";
+      overrideDevices = false;
+      overrideFolders = false;
+    };
+  };
+}
--- a/profiles/trusted/tailscale.nix
+++ b/profiles/trusted/tailscale.nix
@ -0,0 +1,21 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  cfg = config.profiles.trusted;
+in
+{
+  config = lib.mkIf cfg.enable {
+    services.tailscale = {
+      enable = true;
+      openFirewall = true;
+      useRoutingFeatures = "both"; # TODO
+    };
+
+    networking.firewall.trustedInterfaces = [
+      config.services.tailscale.interfaceName
+    ];
+  };
+}
--- a/secrets/users/insomniac.age
+++ b/secrets/users/insomniac.age
@ -1,11 +0,0 @@
-age-encryption.org/v1
-> ssh-ed25519 SFHVrw VvRWN857MXOUqUqMIAv3OCgUp7zIJgOmCDhibsfR4BM
-pOwTtL357S/fuJK2n5RAKBBcCcL+tnMqt/n7o5BX/nI
-> ssh-ed25519 S+dwQQ h5Hf+yOK61iARFKtI3BvGfUuesU7JfBG73xg2OfNO3w
-9a/WN5wQZ4T7ar9GD5iCjw1E9k8FafdcQCt78f3PmzE
-> ssh-ed25519 bPbvlw eeS4sFLhm/5pyPvc4A23iZY7Yx6Rr1DeZve3NmjaDyM
-ZFQZDhcqMjWrncTFS/URGcOXdK/xMpbprpetdsE7gI0
-> ssh-ed25519 8l76Rg rZlqjtuvCJthjPQ+uF7SBlz6gSioCXdmUO330IuheD0
-p85nindSGaWqthF7y/t7jLpkA1tlOIunuJcB1Jsjk00
--- BTcCQGFBm3QhL0W+aW8Z+w85VVtcmezgBVafqt5DS5c
-¸lK?tÉgl <6C>áaÈCÄKßÍ°Ó¡èÏœÖj€ZN¨‡@n§´«×XæYÕ}ù“TÎÝ
×Ø°äx·F–á£s<	O«Ñù™övs6ï~IÃü së}7sÃžÃãZ‘C@
--- a/secrets/users/lukas.age
+++ b/secrets/users/lukas.age
Author	SHA1	Message	Date
Lukas Wurzinger	584f07421b	plasma	2025-07-14 21:23:31 +02:00
Lukas Wurzinger	dd9ad1ca6f	plasma	2025-07-14 21:23:00 +02:00
Lukas Wurzinger	79792e5a76	stuff	2025-07-14 21:18:44 +02:00