plasma

stuff
2025-07-14 21:23:31 +02:00 · 2025-07-14 21:23:00 +02:00 · 2025-07-14 21:18:44 +02:00
27 changed files with 162 additions and 215 deletions
--- a/common/syncthing.nix
+++ b/common/syncthing.nix
@ -1,14 +0,0 @@
 { config, ... }:
 let
  inherit (config.networking) hostName;
 in
 {
  services.syncthing = {
    enable = true;
    systemService = true;
    openDefaultPorts = true;
    guiAddress = "${hostName}.tailnet.helveticanonstandard.net:4000";
    overrideDevices = false;
    overrideFolders = false;
  };
 }
--- a/common/tailscale.nix
+++ b/common/tailscale.nix
@ -1,12 +0,0 @@
 { config, ... }:
 {
  services.tailscale = {
    enable = true;
    openFirewall = true;
    useRoutingFeatures = "both"; # TODO
  };
  networking.firewall.trustedInterfaces = [
    config.services.tailscale.interfaceName
  ];
 }
--- a/common/users.nix
+++ b/common/users.nix
@ -1,29 +1,6 @@
 {
  inputs,
  config,
  ...
 }:
 let
  inherit (config.users) mainUser;
 in
 {
  age.secrets."user-${mainUser}".file = inputs.self + /secrets/users/${mainUser}.age;
  users = {
    mutableUsers = false;
-
+    users.root.hashedPassword = "!";
    mainUser = "helvetica";
    users = {
      root.hashedPassword = "!";
      ${mainUser} = {
        description = "Helvetica";
        uid = 1000;
        isNormalUser = true;
        hashedPasswordFile = config.age.secrets."user-${mainUser}".path;
        openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
        extraGroups = [ "wheel" ]; # TODO remove
      };
    };
  };
 }
--- a/flake.lock
+++ b/flake.lock
@ -171,22 +171,6 @@
      }
    },
    "flake-compat_8": {
      "flake": false,
      "locked": {
        "lastModified": 1746162366,
        "narHash": "sha256-5SSSZ/oQkwfcAz/o/6TlejlVGqeK08wyREBQ5qFFPhM=",
        "owner": "nix-community",
        "repo": "flake-compat",
        "rev": "0f158086a2ecdbb138cd0429410e44994f1b7e4b",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-compat_9": {
      "flake": false,
      "locked": {
        "lastModified": 1696426674,
@ -696,7 +680,7 @@
    },
    "hooks_6": {
      "inputs": {
-        "flake-compat": "flake-compat_9",
+        "flake-compat": "flake-compat_8",
        "gitignore": "gitignore_7",
        "nixpkgs": [
          "xenumenu",
@ -865,27 +849,6 @@
        "type": "github"
      }
    },
    "nixos-cosmic": {
      "inputs": {
        "flake-compat": "flake-compat_8",
        "nixpkgs": "nixpkgs_9",
        "nixpkgs-stable": "nixpkgs-stable_2",
        "rust-overlay": "rust-overlay_2"
      },
      "locked": {
        "lastModified": 1751591814,
        "narHash": "sha256-A4lgvuj4v+Pr8MniXz1FBG0DXOygi8tTECR+j53FMhM=",
        "owner": "lilyinstarlight",
        "repo": "nixos-cosmic",
        "rev": "fef2d0c78c4e4d6c600a88795af193131ff51bdc",
        "type": "github"
      },
      "original": {
        "owner": "lilyinstarlight",
        "repo": "nixos-cosmic",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1745391562,
@ -1038,22 +1001,6 @@
        "type": "github"
      }
    },
    "nixpkgs-stable_2": {
      "locked": {
        "lastModified": 1751048012,
        "narHash": "sha256-MYbotu4UjWpTsq01wglhN5xDRfZYLFtNk7SBY0BcjkU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "a684c58d46ebbede49f280b653b9e56100aa3877",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-24.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_10": {
      "locked": {
        "lastModified": 1750365781,
@ -1184,11 +1131,11 @@
    },
    "nixpkgs_9": {
      "locked": {
-        "lastModified": 1751011381,
+        "lastModified": 1751984180,
-        "narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=",
+        "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "30e2e2857ba47844aa71991daa6ed1fc678bcbb7",
+        "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0",
        "type": "github"
      },
      "original": {
@ -1309,11 +1256,7 @@
        "myphps": "myphps",
        "nini": "nini",
        "nix-index-database": "nix-index-database",
-        "nixos-cosmic": "nixos-cosmic",
+        "nixpkgs": "nixpkgs_9",
        "nixpkgs": [
          "nixos-cosmic",
          "nixpkgs"
        ],
        "treefmt": "treefmt_5",
        "xenumenu": "xenumenu"
      }
@ -1339,27 +1282,6 @@
        "type": "github"
      }
    },
    "rust-overlay_2": {
      "inputs": {
        "nixpkgs": [
          "nixos-cosmic",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1751251399,
        "narHash": "sha256-y+viCuy/eKKpkX1K2gDvXIJI/yzvy6zA3HObapz9XZ0=",
        "owner": "oxalica",
        "repo": "rust-overlay",
        "rev": "b22d5ee8c60ed1291521f2dde48784edd6bf695b",
        "type": "github"
      },
      "original": {
        "owner": "oxalica",
        "repo": "rust-overlay",
        "type": "github"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
--- a/flake.nix
+++ b/flake.nix
@ -15,8 +15,6 @@
    agenix.url = "github:ryantm/agenix";
    hardware.url = "github:NixOS/nixos-hardware";
    nixos-cosmic.url = "github:lilyinstarlight/nixos-cosmic";
    nixpkgs.follows = "nixos-cosmic/nixpkgs";
    nix-index-database = {
      url = "github:nix-community/nix-index-database";
      inputs.nixpkgs.follows = "nixpkgs";
--- a/hosts/abacus/profiles.nix
+++ b/hosts/abacus/profiles.nix
@ -1,3 +1,6 @@
 {
-  profiles.server.enable = true;
+  profiles = {
    server.enable = true;
    trusted.enable = true;
  };
 }
--- a/hosts/abacus/static-sites.nix
+++ b/hosts/abacus/static-sites.nix
@ -1,5 +1,4 @@
 {
  config,
  lib,
  ...
 }:
@ -25,7 +24,7 @@ lib.mkMerge (
      };
      systemd.tmpfiles.settings."10-static-sites".${root}.d = {
-        user = config.users.mainUser;
+        user = "helvetica";
        group = "users";
        mode = "0755";
      };
--- a/hosts/abacus/users.nix
+++ b/hosts/abacus/users.nix
@ -0,0 +1,13 @@
 { config, inputs, ... }:
 {
  age.secrets.user-helvetica.file = inputs.self + /secrets/users/helvetica.age;
  users.users.helvetica = {
    description = "Helvetica";
    uid = 1000;
    isNormalUser = true;
    hashedPasswordFile = config.age.secrets.user-helvetica.path;
    openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
    extraGroups = [ "wheel" ]; # TODO remove
  };
 }
--- a/hosts/flamingo/profiles.nix
+++ b/hosts/flamingo/profiles.nix
@ -6,5 +6,6 @@
    gaming.enable = true;
    piracy.enable = true;
    productivity.enable = true;
    trusted.enable = true;
  };
 }
--- a/hosts/flamingo/users.nix
+++ b/hosts/flamingo/users.nix
@ -0,0 +1,13 @@
 { config, inputs, ... }:
 {
  age.secrets.user-helvetica.file = inputs.self + /secrets/users/helvetica.age;
  users.users.helvetica = {
    description = "Helvetica";
    uid = 1000;
    isNormalUser = true;
    hashedPasswordFile = config.age.secrets.user-helvetica.path;
    openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
    extraGroups = [ "wheel" ]; # TODO remove
  };
 }
--- a/hosts/glacier/beets.nix
+++ b/hosts/glacier/beets.nix
@ -0,0 +1,6 @@
 { pkgs, ... }:
 {
  environment.systemPackages = [
    pkgs.beets
  ];
 }
--- a/hosts/glacier/profiles.nix
+++ b/hosts/glacier/profiles.nix
@ -6,5 +6,6 @@
    gaming.enable = true;
    piracy.enable = true;
    productivity.enable = true;
    trusted.enable = true;
  };
 }
--- a/hosts/glacier/users.nix
+++ b/hosts/glacier/users.nix
@ -1,8 +1,13 @@
 { config, inputs, ... }:
 {
-  users.users.futura = {
+  age.secrets.user-helvetica.file = inputs.self + /secrets/users/helvetica.age;
-    description = "Futura";
+
-    uid = 1001;
+  users.users.helvetica = {
    description = "Helvetica";
    uid = 1000;
    isNormalUser = true;
-    password = "futura";
+    hashedPasswordFile = config.age.secrets.user-helvetica.path;
    openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
    extraGroups = [ "wheel" ]; # TODO remove
  };
 }
--- a/hosts/insomniac/autologin.nix
+++ b/hosts/insomniac/autologin.nix
--- a/hosts/insomniac/users.nix
+++ b/hosts/insomniac/users.nix
@ -1,14 +1,14 @@
 {
  config,
  lib,
  ...
 }:
 let
  inherit (config.users) mainUser;
 in
 {
-  users = {
+  users.users.helvetica = {
-    mainUser = lib.mkForce "insomniac";
+    description = "Insomniac";
-    users.${mainUser}.description = lib.mkForce "Insomniac";
+    uid = 1000;
    isNormalUser = true;
    password = "";
    openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
    extraGroups = [ "wheel" ]; # TODO remove
  };
 }
--- a/hosts/vessel/profiles.nix
+++ b/hosts/vessel/profiles.nix
@ -1,3 +1,6 @@
 {
-  profiles.server.enable = true;
+  profiles = {
    server.enable = true;
    trusted.enable = true;
  };
 }
--- a/hosts/vessel/users.nix
+++ b/hosts/vessel/users.nix
@ -0,0 +1,13 @@
 { config, inputs, ... }:
 {
  age.secrets.user-helvetica.file = inputs.self + /secrets/users/helvetica.age;
  users.users.helvetica = {
    description = "Helvetica";
    uid = 1000;
    isNormalUser = true;
    hashedPasswordFile = config.age.secrets.user-helvetica.path;
    openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
    extraGroups = [ "wheel" ]; # TODO remove
  };
 }
--- a/hosts/work/users.nix
+++ b/hosts/work/users.nix
@ -1,14 +1,13 @@
 { config, inputs, ... }:
 {
-  config,
+  age.secrets.user-lukas.file = inputs.self + /secrets/users/helvetica.age;
-  lib,
+
-  ...
+  users.users.lukas = {
-}:
+    description = "Lukas Wurzinger";
-let
+    uid = 1000;
-  inherit (config.users) mainUser;
+    isNormalUser = true;
-in
+    hashedPasswordFile = config.age.secrets.user-lukas.path;
-{
+    openssh.authorizedKeys.keys = builtins.attrValues config.pubkeys.users;
-  users = {
+    extraGroups = [ "wheel" ]; # TODO remove
    mainUser = lib.mkForce "lukas";
    users.${mainUser}.description = lib.mkForce "Lukas Wurzinger";
  };
 }
--- a/modules/main-user.nix
+++ b/modules/main-user.nix
@ -1,14 +0,0 @@
 { lib, ... }:
 let
  inherit (lib) types;
 in
 {
  options = {
    users.mainUser = lib.mkOption {
      type = types.passwdEntry types.str;
      description = ''
        The main user.
      '';
    };
  };
 }
--- a/profiles/desktop/cosmic.nix
+++ b/profiles/desktop/cosmic.nix
@ -1,29 +0,0 @@
 {
  config,
  lib,
  inputs,
  ...
 }:
 let
  cfg = config.profiles.desktop;
 in
 {
  imports = [
    inputs.nixos-cosmic.nixosModules.default
  ];
  config = lib.mkIf cfg.enable {
    nix.settings = {
      substituters = [ "https://cosmic.cachix.org" ];
      trusted-public-keys = [ "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE=" ];
    };
    services = {
      desktopManager.cosmic.enable = true;
      displayManager.cosmic-greeter.enable = true;
    };
    environment.sessionVariables.COSMIC_DATA_CONTROL_ENABLED = 1;
  };
 }
--- a/profiles/desktop/mpv.nix
+++ b/profiles/desktop/mpv.nix
@ -0,0 +1,6 @@
 { inputs, pkgs, ... }:
 {
  environment.systemPackages = [
    inputs.mympv.packages.${pkgs.system}.default
  ];
 }
--- a/profiles/desktop/plasma.nix
+++ b/profiles/desktop/plasma.nix
@ -0,0 +1,20 @@
 {
  config,
  lib,
  ...
 }:
 let
  cfg = config.profiles.desktop;
 in
 {
  config = lib.mkIf cfg.enable {
    services = {
      displayManager.sddm = {
        enable = true;
        wayland.enable = true;
      };
      desktopManager.plasma6.enable = true;
    };
  };
 }
--- a/profiles/trusted/default.nix
+++ b/profiles/trusted/default.nix
@ -0,0 +1,6 @@
 { lib, ... }:
 {
  options.profiles.trusted = {
    enable = lib.mkEnableOption "trusted";
  };
 }
--- a/profiles/trusted/syncthing.nix
+++ b/profiles/trusted/syncthing.nix
@ -0,0 +1,21 @@
 {
  config,
  lib,
  ...
 }:
 let
  cfg = config.profiles.trusted;
  inherit (config.networking) hostName;
 in
 {
  config = lib.mkIf cfg.enable {
    services.syncthing = {
      enable = true;
      systemService = true;
      openDefaultPorts = true;
      guiAddress = "${hostName}.tailnet.helveticanonstandard.net:4000";
      overrideDevices = false;
      overrideFolders = false;
    };
  };
 }
--- a/profiles/trusted/tailscale.nix
+++ b/profiles/trusted/tailscale.nix
@ -0,0 +1,21 @@
 {
  config,
  lib,
  ...
 }:
 let
  cfg = config.profiles.trusted;
 in
 {
  config = lib.mkIf cfg.enable {
    services.tailscale = {
      enable = true;
      openFirewall = true;
      useRoutingFeatures = "both"; # TODO
    };
    networking.firewall.trustedInterfaces = [
      config.services.tailscale.interfaceName
    ];
  };
 }
--- a/secrets/users/insomniac.age
+++ b/secrets/users/insomniac.age
@ -1,11 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 SFHVrw VvRWN857MXOUqUqMIAv3OCgUp7zIJgOmCDhibsfR4BM
 pOwTtL357S/fuJK2n5RAKBBcCcL+tnMqt/n7o5BX/nI
 -> ssh-ed25519 S+dwQQ h5Hf+yOK61iARFKtI3BvGfUuesU7JfBG73xg2OfNO3w
 9a/WN5wQZ4T7ar9GD5iCjw1E9k8FafdcQCt78f3PmzE
 -> ssh-ed25519 bPbvlw eeS4sFLhm/5pyPvc4A23iZY7Yx6Rr1DeZve3NmjaDyM
 ZFQZDhcqMjWrncTFS/URGcOXdK/xMpbprpetdsE7gI0
 -> ssh-ed25519 8l76Rg rZlqjtuvCJthjPQ+uF7SBlz6gSioCXdmUO330IuheD0
 p85nindSGaWqthF7y/t7jLpkA1tlOIunuJcB1Jsjk00
 --- BTcCQGFBm3QhL0W+aW8Z+w85VVtcmezgBVafqt5DS5c
 ¸lK?tÉgl <6C>áaÈCÄKßÍ°Ó¡èÏœÖj€ZN¨‡@n§´«×XæYÕ}ù“TÎÝ
×Ø°äx·F–á£s<	O«Ñù™övs6ï~IÃü së}7sÃžÃãZ‘C@
--- a/secrets/users/lukas.age
+++ b/secrets/users/lukas.age
Author	SHA1	Message	Date
Lukas Wurzinger	584f07421b	plasma	2025-07-14 21:23:31 +02:00
Lukas Wurzinger	dd9ad1ca6f	plasma	2025-07-14 21:23:00 +02:00
Lukas Wurzinger	79792e5a76	stuff	2025-07-14 21:18:44 +02:00