From 46d6c129c175d4c359b7af9fa68bb50d47f9956e Mon Sep 17 00:00:00 2001 From: Madeleine Sydney Date: Sat, 18 Jan 2025 14:33:34 -0700 Subject: [PATCH] wip: Add host deertopia --- README.org | 30 +++++++++++- hosts/deertopia/configuration.nix | 21 +++++++-- hosts/deertopia/disko-config.nix | 0 hosts/deertopia/hardware-configuration.nix | 0 hosts/deertopia/services.nix | 11 +++-- hosts/deertopia/services/git-annex.nix | 36 +++++++++++++++ hosts/deertopia/services/nextcloud.nix | 27 +++++++++-- hosts/deertopia/services/nginx.nix | 46 +++++++++++++++++++ hosts/deertopia/services/seafile.nix | 29 ++++++++++++ hosts/deertopia/services/tinydns.nix | 21 +++++++++ hosts/nixos-testbed/configuration.nix | 8 +++- lib/syd-search.el | 0 modules/home/glab.nix | 0 modules/home/mpd.nix | 0 modules/nixos/defaults.nix | 0 modules/nixos/defaults/documentation.nix | 0 modules/nixos/defaults/nixpkgs.nix | 0 modules/nixos/dropbox.nix | 0 modules/nixos/hosts.nix | 0 modules/nixos/impermanence/rollback.nix | 0 modules/nixos/sops.nix | 1 + modules/nixos/tailscale.nix | 0 outputs/homeConfigurations.nix | 0 outputs/nixosConfigurations.nix | 0 public-keys/crumb-at-guix-rebound.pub | 1 + scripts/sydnix-cli/.envrc | 0 scripts/sydnix-cli/.gitignore | 0 scripts/sydnix-cli/.projectile | 0 scripts/sydnix-cli/deps-lock.json | 0 scripts/sydnix-cli/deps.edn | 0 scripts/sydnix-cli/flake.lock | 0 scripts/sydnix-cli/flake.nix | 0 scripts/sydnix-cli/src/asciidoc/render.clj | 0 scripts/sydnix-cli/src/asciidoc/types.clj | 0 .../sydnix-cli/src/sydnix_cli/cli_table.clj | 0 .../src/sydnix_cli/commands/deps-lock.json | 0 .../src/sydnix_cli/commands/help.clj | 0 .../src/sydnix_cli/commands/rebuild.clj | 0 .../src/sydnix_cli/commands/status.clj | 0 .../src/sydnix_cli/commands/util.clj | 0 .../src/sydnix_cli/commands/util/mangen.clj | 0 scripts/sydnix-cli/src/sydnix_cli/mangen.clj | 0 scripts/sydnix-cli/src/sydnix_cli/prelude.clj | 0 secrets.yaml | 18 ++++---- users/crumb/files.nix | 0 users/crumb/programs/age.nix | 0 users/crumb/programs/bash.nix | 0 users/crumb/programs/emacs.nix | 0 users/crumb/programs/emacs/early-init.el | 0 users/crumb/programs/emacs/init-straight.el | 0 users/crumb/programs/emacs/init.el | 0 users/crumb/programs/emacs/lib/syd-buffers.el | 0 .../crumb/programs/emacs/lib/syd-constants.el | 0 users/crumb/programs/emacs/lib/syd-file.el | 0 users/crumb/programs/emacs/lib/syd-prelude.el | 0 users/crumb/programs/emacs/lib/syd-window.el | 0 users/crumb/programs/emacs/modules/syd-age.el | 0 .../programs/emacs/modules/syd-autosave.el | 0 .../programs/emacs/modules/syd-completion.el | 0 .../programs/emacs/modules/syd-custom.el | 0 .../emacs/modules/syd-display-startup-time.el | 0 .../crumb/programs/emacs/modules/syd-evil.el | 0 .../programs/emacs/modules/syd-general.el | 0 .../programs/emacs/modules/syd-keybinds.el | 0 users/crumb/programs/emacs/modules/syd-org.el | 0 .../programs/emacs/modules/syd-projects.el | 0 .../programs/emacs/modules/syd-scratch.el | 0 .../programs/emacs/modules/syd-smartparens.el | 0 users/crumb/programs/emacs/modules/syd-ui.el | 0 .../programs/emacs/modules/syd-use-package.el | 0 users/crumb/programs/git.nix | 0 users/crumb/programs/mpd.nix | 0 users/escort/default.nix | 21 +++++++++ users/{arisu => lain}/default.nix | 6 ++- 74 files changed, 250 insertions(+), 26 deletions(-) mode change 100644 => 100755 hosts/deertopia/configuration.nix mode change 100644 => 100755 hosts/deertopia/disko-config.nix mode change 100644 => 100755 hosts/deertopia/hardware-configuration.nix mode change 100644 => 100755 hosts/deertopia/services.nix create mode 100755 hosts/deertopia/services/git-annex.nix mode change 100644 => 100755 hosts/deertopia/services/nextcloud.nix create mode 100644 hosts/deertopia/services/nginx.nix create mode 100755 hosts/deertopia/services/seafile.nix create mode 100755 hosts/deertopia/services/tinydns.nix mode change 100644 => 100755 lib/syd-search.el mode change 100644 => 100755 modules/home/glab.nix mode change 100644 => 100755 modules/home/mpd.nix mode change 100644 => 100755 modules/nixos/defaults.nix mode change 100644 => 100755 modules/nixos/defaults/documentation.nix mode change 100644 => 100755 modules/nixos/defaults/nixpkgs.nix mode change 100644 => 100755 modules/nixos/dropbox.nix mode change 100644 => 100755 modules/nixos/hosts.nix mode change 100644 => 100755 modules/nixos/impermanence/rollback.nix mode change 100644 => 100755 modules/nixos/tailscale.nix mode change 100644 => 100755 outputs/homeConfigurations.nix mode change 100644 => 100755 outputs/nixosConfigurations.nix create mode 100644 public-keys/crumb-at-guix-rebound.pub mode change 100644 => 100755 scripts/sydnix-cli/.envrc mode change 100644 => 100755 scripts/sydnix-cli/.gitignore mode change 100644 => 100755 scripts/sydnix-cli/.projectile mode change 100644 => 100755 scripts/sydnix-cli/deps-lock.json mode change 100644 => 100755 scripts/sydnix-cli/deps.edn mode change 100644 => 100755 scripts/sydnix-cli/flake.lock mode change 100644 => 100755 scripts/sydnix-cli/flake.nix mode change 100644 => 100755 scripts/sydnix-cli/src/asciidoc/render.clj mode change 100644 => 100755 scripts/sydnix-cli/src/asciidoc/types.clj mode change 100644 => 100755 scripts/sydnix-cli/src/sydnix_cli/cli_table.clj mode change 100644 => 100755 scripts/sydnix-cli/src/sydnix_cli/commands/deps-lock.json mode change 100644 => 100755 scripts/sydnix-cli/src/sydnix_cli/commands/help.clj mode change 100644 => 100755 scripts/sydnix-cli/src/sydnix_cli/commands/rebuild.clj mode change 100644 => 100755 scripts/sydnix-cli/src/sydnix_cli/commands/status.clj mode change 100644 => 100755 scripts/sydnix-cli/src/sydnix_cli/commands/util.clj mode change 100644 => 100755 scripts/sydnix-cli/src/sydnix_cli/commands/util/mangen.clj mode change 100644 => 100755 scripts/sydnix-cli/src/sydnix_cli/mangen.clj mode change 100644 => 100755 scripts/sydnix-cli/src/sydnix_cli/prelude.clj mode change 100644 => 100755 users/crumb/files.nix mode change 100644 => 100755 users/crumb/programs/age.nix mode change 100644 => 100755 users/crumb/programs/bash.nix mode change 100644 => 100755 users/crumb/programs/emacs.nix mode change 100644 => 100755 users/crumb/programs/emacs/early-init.el mode change 100644 => 100755 users/crumb/programs/emacs/init-straight.el mode change 100644 => 100755 users/crumb/programs/emacs/init.el mode change 100644 => 100755 users/crumb/programs/emacs/lib/syd-buffers.el mode change 100644 => 100755 users/crumb/programs/emacs/lib/syd-constants.el mode change 100644 => 100755 users/crumb/programs/emacs/lib/syd-file.el mode change 100644 => 100755 users/crumb/programs/emacs/lib/syd-prelude.el mode change 100644 => 100755 users/crumb/programs/emacs/lib/syd-window.el mode change 100644 => 100755 users/crumb/programs/emacs/modules/syd-age.el mode change 100644 => 100755 users/crumb/programs/emacs/modules/syd-autosave.el mode change 100644 => 100755 users/crumb/programs/emacs/modules/syd-completion.el mode change 100644 => 100755 users/crumb/programs/emacs/modules/syd-custom.el mode change 100644 => 100755 users/crumb/programs/emacs/modules/syd-display-startup-time.el mode change 100644 => 100755 users/crumb/programs/emacs/modules/syd-evil.el mode change 100644 => 100755 users/crumb/programs/emacs/modules/syd-general.el mode change 100644 => 100755 users/crumb/programs/emacs/modules/syd-keybinds.el mode change 100644 => 100755 users/crumb/programs/emacs/modules/syd-org.el mode change 100644 => 100755 users/crumb/programs/emacs/modules/syd-projects.el mode change 100644 => 100755 users/crumb/programs/emacs/modules/syd-scratch.el mode change 100644 => 100755 users/crumb/programs/emacs/modules/syd-smartparens.el mode change 100644 => 100755 users/crumb/programs/emacs/modules/syd-ui.el mode change 100644 => 100755 users/crumb/programs/emacs/modules/syd-use-package.el mode change 100644 => 100755 users/crumb/programs/git.nix mode change 100644 => 100755 users/crumb/programs/mpd.nix create mode 100755 users/escort/default.nix rename users/{arisu => lain}/default.nix (74%) mode change 100644 => 100755 diff --git a/README.org b/README.org index cb57609..23872ce 100755 --- a/README.org +++ b/README.org @@ -17,8 +17,8 @@ A second try at NixOS, now that I have a better idea of what I'm doing. The effo In order of descending preference, user programs should be configured by... -1. Wrappers, with config files optionally living somewhere under =/persist/dots=. -2. home-manager's modules. +1. home-manager's modules. +2. Wrappers, with config files optionally living somewhere under =/persist/dots=. 3. ~home.file~ and similar. 4. Mutable symlinks using ~home.file~ and ~mkOutOfStoreSymlink~. @@ -133,6 +133,32 @@ As with the rest of the config, these are largely adapted from Doom's ([cite:@li - ~«NAME»-h~ :: Procedure defined specifically to be added to a hook. +* Hosts + +** nixos-testbed + +Configuration for the VM I'm currently using as a testbed, before moving to my real desktop. + +** deertopia + +My home server. + +* Users + +** crumb + +Me }:). My primary user for programming and playing TF2. + +** lain + +A bit on the nose for a transfemme into computers, but my chosen name is also Madeleine. + +Used as a server admin account with little configuration. + +** escort + +Another low-config user for "escorting" people to system services that require a user, e.g. logging in for file-sharing. + * ~sydnix-cli~ sydnix-cli is a command-line utility written in Clojure wrapping various sydnix-related scripts. diff --git a/hosts/deertopia/configuration.nix b/hosts/deertopia/configuration.nix old mode 100644 new mode 100755 index b3660a7..16a3c1a --- a/hosts/deertopia/configuration.nix +++ b/hosts/deertopia/configuration.nix @@ -10,7 +10,8 @@ filesystemType = "btrfs"; users.users = [ - "arisu" + "lain" + "escort" ]; impermanence = { @@ -31,6 +32,11 @@ subvolume = "rootfs"; }; }; + + sops = { + enable = true; + keyFile = "/persist/vault/root/deertopia-key"; + }; }; boot.loader = { @@ -54,11 +60,20 @@ environment.systemPackages = with pkgs; [ neovim git + sshfs # sydnix-cli.packages.x86_64-linux.default ]; - services.openssh.enable = true; - services.openssh.settings.PermitRootLogin = "yes"; + services.openssh = { + enable = true; + settings = { + PermitRootLogin = "yes"; + X11Forwarding = true; + # This server is connected to the internet! Port 22 is open!! + # Aagghhhh!!! Stay safe! + PasswordAuthentication = false; + }; + }; # TODO: Move to defaults. users.mutableUsers = false; diff --git a/hosts/deertopia/disko-config.nix b/hosts/deertopia/disko-config.nix old mode 100644 new mode 100755 diff --git a/hosts/deertopia/hardware-configuration.nix b/hosts/deertopia/hardware-configuration.nix old mode 100644 new mode 100755 diff --git a/hosts/deertopia/services.nix b/hosts/deertopia/services.nix old mode 100644 new mode 100755 index e62e53a..f301f34 --- a/hosts/deertopia/services.nix +++ b/hosts/deertopia/services.nix @@ -1,7 +1,10 @@ -{ utils, ... }: +{ config, lib, pkgs, ... }: { - imports = - map (x: ./services/${x}) - (utils.listNixFilesInDirectory ./services); + imports = [ + # ./services/seafile.nix + # ./services/tinydns.nix + ./services/git-annex.nix + ./services/nginx.nix + ]; } diff --git a/hosts/deertopia/services/git-annex.nix b/hosts/deertopia/services/git-annex.nix new file mode 100755 index 0000000..c85b6fe --- /dev/null +++ b/hosts/deertopia/services/git-annex.nix @@ -0,0 +1,36 @@ +{ config, lib, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + git-annex + git + rsync + ]; + + # Our files managed by git-annex actually live on a WebDAV server that is + # declared by the following section. + services.nginx = { + # Nginx's WebDAV support is in a separate module we must import. + additionalModules = [ pkgs.nginxModules.dav ]; + + virtualHosts."dav.deertopia.net" = { + addSSL = true; + enableACME = true; + locations."/".extraConfig = '' + alias /persist/web/webdav; + client_body_temp_path /tmp/nginx/webdav; + dav_methods PUT DELETE MKCOL COPY MOVE; + dav_ext_methods PROPFIND OPTIONS; + create_full_put_path on + + auth_basic "Restricted Access"; + auth_basic_user_file /etc/nginx/webdav.passwd; + + # Deny all access unless authenticated + satisfy all; + allow all; # This allows all authenticated users + deny all; # This denies all other users + ''; + }; + }; +} diff --git a/hosts/deertopia/services/nextcloud.nix b/hosts/deertopia/services/nextcloud.nix old mode 100644 new mode 100755 index 75fd450..6870119 --- a/hosts/deertopia/services/nextcloud.nix +++ b/hosts/deertopia/services/nextcloud.nix @@ -1,11 +1,28 @@ { config, lib, pkgs, ... }: { - sydnix.sops = { - enable = true; - keyFile = "/persist/vault/root/deertopia-key"; + sydnix = { + sops.secrets = { + nextcloud-admin = { + owner = "nextcloud"; + group = "nextcloud"; + }; + }; + + impermanence.directories = [ "/var/lib/nextcloud" ]; }; - # services.nextcloud = { - # }; + # Setting `services.nextcloud.hostName` automatically sets up a Nginx server + # (on port 80) hosting the Nextcloud services. + networking.firewall.allowedTCPPorts = [ 80 ]; + + services.nextcloud = { + enable = true; + hostName = "cloud.internal.deertopia.net"; + package = pkgs.nextcloud30; + config = { + adminpassFile = "/run/secrets/nextcloud-admin"; + dbtype = "sqlite"; + }; + }; } diff --git a/hosts/deertopia/services/nginx.nix b/hosts/deertopia/services/nginx.nix new file mode 100644 index 0000000..ceb684b --- /dev/null +++ b/hosts/deertopia/services/nginx.nix @@ -0,0 +1,46 @@ +{ config, lib, pkgs, ... }: + +let + deertopiaRoot = { + directory = "/persist/deertopia.net/"; + group = "nginx"; + user = "nginx"; + }; +in +{ + services.nginx.enable = true; + + networking.firewall.allowedTCPPorts = [ + 80 # HTTP + 443 # HTTPS + ]; + + # With this section, virtual hosts declared through the Nginx NixOS module + # will automatically request ACME SSL certificates and configure systemd + # timers to renew the certificate if required. See the article on the NixOS + # wiki, from which I've nabbed the following snippet: + # https://nixos.wiki/wiki/Nginx#Let.27s_Encrypt_certificates + security.acme = { + acceptTerms = true; + defaults.email = "lomiskiam@gmail.com"; + }; + + services.nginx.virtualHosts."deertopia.net" = { + root = "${deertopiaRoot.directory}/www"; + + # addSSL = true; + forceSSL = true; + enableACME = true; + + locations."/" = { + index = "index.html"; + }; + }; + + system.activationScripts.initialiseDeertopiaRoot.text = '' + mkdir -p "${deertopiaRoot.directory}" + chown -R "${deertopiaRoot.user}:${deertopiaRoot.user}" \ + "${deertopiaRoot.directory}" + chmod -R 775 "${deertopiaRoot.directory}" + ''; +} diff --git a/hosts/deertopia/services/seafile.nix b/hosts/deertopia/services/seafile.nix new file mode 100755 index 0000000..614fcea --- /dev/null +++ b/hosts/deertopia/services/seafile.nix @@ -0,0 +1,29 @@ +{ config, lib, pkgs, ... }: + +{ + sydnix.impermanence = { + directories = [ + "/var/lib/seafile" + ]; + }; + + services.seafile = { + enable = true; + + adminEmail = "lomiskiam@gmail.com"; + initialAdminPassword = "password123"; + + ccnetSettings.General.SERVICE_URL = "http://files.deertopia.net"; + + seafileSettings = { + fileserver = { + host = "ipv4:127.0.0.1"; + port = 8082; + }; + }; + }; + + services.nginx.virtualHosts."files.deertopia.net" = { + + }; +} diff --git a/hosts/deertopia/services/tinydns.nix b/hosts/deertopia/services/tinydns.nix new file mode 100755 index 0000000..7cf9045 --- /dev/null +++ b/hosts/deertopia/services/tinydns.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: + +{ + services.tinydns = { + enable = true; + data = '' + .internal.deertopia.net:192.168.68.79:dns:86400 + =*.internal.deertopia.net:192.168.68.79:86400 + =internal.deertopia.net:192.168.68.79:86400 + + # Redirect everything else to the router's nameservers. + &.::192.168.68.1:86400 + ''; + }; + + networking.firewall.allowedUDPPorts = [ + 53 + ]; + + networking.nameservers = [ "192.168.68.79" ]; +} diff --git a/hosts/nixos-testbed/configuration.nix b/hosts/nixos-testbed/configuration.nix index d971b42..1646ef6 100755 --- a/hosts/nixos-testbed/configuration.nix +++ b/hosts/nixos-testbed/configuration.nix @@ -73,11 +73,15 @@ environment.systemPackages = with pkgs; [ neovim git + git-annex sydnix-cli.packages.x86_64-linux.default ]; - services.openssh.enable = true; - services.openssh.settings.PermitRootLogin = "yes"; + services.openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + settings.X11Forwarding = true; + }; # TODO: Move to defaults. users.mutableUsers = false; diff --git a/lib/syd-search.el b/lib/syd-search.el old mode 100644 new mode 100755 diff --git a/modules/home/glab.nix b/modules/home/glab.nix old mode 100644 new mode 100755 diff --git a/modules/home/mpd.nix b/modules/home/mpd.nix old mode 100644 new mode 100755 diff --git a/modules/nixos/defaults.nix b/modules/nixos/defaults.nix old mode 100644 new mode 100755 diff --git a/modules/nixos/defaults/documentation.nix b/modules/nixos/defaults/documentation.nix old mode 100644 new mode 100755 diff --git a/modules/nixos/defaults/nixpkgs.nix b/modules/nixos/defaults/nixpkgs.nix old mode 100644 new mode 100755 diff --git a/modules/nixos/dropbox.nix b/modules/nixos/dropbox.nix old mode 100644 new mode 100755 diff --git a/modules/nixos/hosts.nix b/modules/nixos/hosts.nix old mode 100644 new mode 100755 diff --git a/modules/nixos/impermanence/rollback.nix b/modules/nixos/impermanence/rollback.nix old mode 100644 new mode 100755 diff --git a/modules/nixos/sops.nix b/modules/nixos/sops.nix index 6c6e19c..8821bd0 100755 --- a/modules/nixos/sops.nix +++ b/modules/nixos/sops.nix @@ -14,6 +14,7 @@ in { }; secrets = mkOption { description = "Secrets passed directly to sops-nix."; + default = {}; }; package = mkOption { description = "Sops CLI package. If null, nothing will be installed."; diff --git a/modules/nixos/tailscale.nix b/modules/nixos/tailscale.nix old mode 100644 new mode 100755 diff --git a/outputs/homeConfigurations.nix b/outputs/homeConfigurations.nix old mode 100644 new mode 100755 diff --git a/outputs/nixosConfigurations.nix b/outputs/nixosConfigurations.nix old mode 100644 new mode 100755 diff --git a/public-keys/crumb-at-guix-rebound.pub b/public-keys/crumb-at-guix-rebound.pub new file mode 100644 index 0000000..9006f55 --- /dev/null +++ b/public-keys/crumb-at-guix-rebound.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKja46XYT+AOxcpp0r8YX+qu6uUEvtiPBhqzfskEYnlt crumb@guix-rebound diff --git a/scripts/sydnix-cli/.envrc b/scripts/sydnix-cli/.envrc old mode 100644 new mode 100755 diff --git a/scripts/sydnix-cli/.gitignore b/scripts/sydnix-cli/.gitignore old mode 100644 new mode 100755 diff --git a/scripts/sydnix-cli/.projectile b/scripts/sydnix-cli/.projectile old mode 100644 new mode 100755 diff --git a/scripts/sydnix-cli/deps-lock.json b/scripts/sydnix-cli/deps-lock.json old mode 100644 new mode 100755 diff --git a/scripts/sydnix-cli/deps.edn b/scripts/sydnix-cli/deps.edn old mode 100644 new mode 100755 diff --git a/scripts/sydnix-cli/flake.lock b/scripts/sydnix-cli/flake.lock old mode 100644 new mode 100755 diff --git a/scripts/sydnix-cli/flake.nix b/scripts/sydnix-cli/flake.nix old mode 100644 new mode 100755 diff --git a/scripts/sydnix-cli/src/asciidoc/render.clj b/scripts/sydnix-cli/src/asciidoc/render.clj old mode 100644 new mode 100755 diff --git a/scripts/sydnix-cli/src/asciidoc/types.clj b/scripts/sydnix-cli/src/asciidoc/types.clj old mode 100644 new mode 100755 diff --git a/scripts/sydnix-cli/src/sydnix_cli/cli_table.clj b/scripts/sydnix-cli/src/sydnix_cli/cli_table.clj old mode 100644 new mode 100755 diff --git a/scripts/sydnix-cli/src/sydnix_cli/commands/deps-lock.json b/scripts/sydnix-cli/src/sydnix_cli/commands/deps-lock.json old mode 100644 new mode 100755 diff --git a/scripts/sydnix-cli/src/sydnix_cli/commands/help.clj b/scripts/sydnix-cli/src/sydnix_cli/commands/help.clj old mode 100644 new mode 100755 diff --git a/scripts/sydnix-cli/src/sydnix_cli/commands/rebuild.clj b/scripts/sydnix-cli/src/sydnix_cli/commands/rebuild.clj old mode 100644 new mode 100755 diff --git a/scripts/sydnix-cli/src/sydnix_cli/commands/status.clj b/scripts/sydnix-cli/src/sydnix_cli/commands/status.clj old mode 100644 new mode 100755 diff --git a/scripts/sydnix-cli/src/sydnix_cli/commands/util.clj b/scripts/sydnix-cli/src/sydnix_cli/commands/util.clj old mode 100644 new mode 100755 diff --git a/scripts/sydnix-cli/src/sydnix_cli/commands/util/mangen.clj b/scripts/sydnix-cli/src/sydnix_cli/commands/util/mangen.clj old mode 100644 new mode 100755 diff --git a/scripts/sydnix-cli/src/sydnix_cli/mangen.clj b/scripts/sydnix-cli/src/sydnix_cli/mangen.clj old mode 100644 new mode 100755 diff --git a/scripts/sydnix-cli/src/sydnix_cli/prelude.clj b/scripts/sydnix-cli/src/sydnix_cli/prelude.clj old mode 100644 new mode 100755 diff --git a/secrets.yaml b/secrets.yaml index 16dcd9b..f906568 100755 --- a/secrets.yaml +++ b/secrets.yaml @@ -1,21 +1,21 @@ -example-key: ENC[AES256_GCM,data:ddKerh17p/+kDzSlSQ==,iv:62BgArZBCfcxL/qeVRluaSbY5y1GHtuiAbqXRB3NuG4=,tag:chcteZECw/SHFQctM+swVA==,type:str] +nextcloud-admin: ENC[AES256_GCM,data:MfHTZw5Co7DdY6uYT7e4ydoVPg==,iv:KqK/UaDpiEM5MnR86peGZ4iLfhC5JK4IOdI2T7RDZNg=,tag:Tpx2FdYavXud4OLcT7drTQ==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: - - recipient: age1qayk0d0f765v57pedm7mtau6qkmv8rh6jtaqm40g5g9armaty4jqc0v0y2 + - recipient: age10fqh0td67alzpyjyhdex5ncj9thvaty506r0t63vs2nz4ldafgaqadl8mg enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzSU40YUdJbEh6b01FdHYv - SjhKNFhwTmtiRVVKTC80T3ZjZnI4LzZIY2tBCms3S1lJcHo4M242ZmZBNTQrbmxa - YUxJb085Q2JWc2JNVkNrSU5SQktwbjQKLS0tIEd6aEo2NlNnVjJYZ3FISGVYZGNm - VFh1RFYvMUNnY1QveXF6TkVSMGpOTlUK9HrBWz8BzbA+HJ8XLFc5ji9QDKw1TuGx - pcDUwNy8DdSBhEtYQ7DxQ2U379IRQY1CN5qL3SdZnicg3zMhV5TWSA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3V2VVcGl5WlJTKzZpRG9p + WitQdXNpZGUzUkwxdzRrUzIwZm5ZK0g2WFdnCmxQdU5vaVc0elZpN3lQbDZ2Uldn + R0xHMTFKeDJVUUxKcUkxN2Uva0UwcGMKLS0tIDNJRzBUbTFPaXJHWGdvdHYyYnlS + aXZvL3RJRUtkOXR5OTFxcC9saXhGYVUKymDTIoxeHgJiM0rly5Zbp8kYoIUmmsWL + CMfXunhtA+u/vjDUHjyj41TTFbZMVl8FUzqMYoMxhIH6dQw8u1HKBA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-29T07:21:13Z" - mac: ENC[AES256_GCM,data:4SO/ho4QYlwwFthsbBhHTsOIwKwq0xPHUaabt+OZbTzETSg9UDTiLi8LZci+CUh9mKDwwh1CKJxIsl4MiOei+pLU0PB9uaudb9n68pPjeIxzJYKjjXwXzpfXipiAYcpSJJybmbJoivHncJoOuerBMmOlZ1HmHK9pcE2aJmGaBDY=,iv:HJF6A4bOJnXpMctHCTV1Cw7T8DAq4AXuBdqJzGo4vVI=,tag:2zD++PfLS6/4sp2SeBZLiw==,type:str] + lastmodified: "2025-01-18T16:35:24Z" + mac: ENC[AES256_GCM,data:1oYl56zjPnzzX9pBMDwbnoZFiu+k9OXlz9bEnTXl6Flr7+D3sZZIo5I6IidvRdMU8kHBOA87pascTqhFd/LUkU3HOpF0CgQUxjwcKIbSZ2OEp/xKCh9C9trDXUh62eZrcgrjT5ST2r8uNcicKWKZVQxAa0S2AKd+5apUAvSouAE=,iv:X7EhB8l230wZviAw1lpj1G8KAhhcDvuoA+prbpLENUQ=,tag:uA0997qvRb8DZqBs5a32hg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1 diff --git a/users/crumb/files.nix b/users/crumb/files.nix old mode 100644 new mode 100755 diff --git a/users/crumb/programs/age.nix b/users/crumb/programs/age.nix old mode 100644 new mode 100755 diff --git a/users/crumb/programs/bash.nix b/users/crumb/programs/bash.nix old mode 100644 new mode 100755 diff --git a/users/crumb/programs/emacs.nix b/users/crumb/programs/emacs.nix old mode 100644 new mode 100755 diff --git a/users/crumb/programs/emacs/early-init.el b/users/crumb/programs/emacs/early-init.el old mode 100644 new mode 100755 diff --git a/users/crumb/programs/emacs/init-straight.el b/users/crumb/programs/emacs/init-straight.el old mode 100644 new mode 100755 diff --git a/users/crumb/programs/emacs/init.el b/users/crumb/programs/emacs/init.el old mode 100644 new mode 100755 diff --git a/users/crumb/programs/emacs/lib/syd-buffers.el b/users/crumb/programs/emacs/lib/syd-buffers.el old mode 100644 new mode 100755 diff --git a/users/crumb/programs/emacs/lib/syd-constants.el b/users/crumb/programs/emacs/lib/syd-constants.el old mode 100644 new mode 100755 diff --git a/users/crumb/programs/emacs/lib/syd-file.el b/users/crumb/programs/emacs/lib/syd-file.el old mode 100644 new mode 100755 diff --git a/users/crumb/programs/emacs/lib/syd-prelude.el b/users/crumb/programs/emacs/lib/syd-prelude.el old mode 100644 new mode 100755 diff --git a/users/crumb/programs/emacs/lib/syd-window.el b/users/crumb/programs/emacs/lib/syd-window.el old mode 100644 new mode 100755 diff --git a/users/crumb/programs/emacs/modules/syd-age.el b/users/crumb/programs/emacs/modules/syd-age.el old mode 100644 new mode 100755 diff --git a/users/crumb/programs/emacs/modules/syd-autosave.el b/users/crumb/programs/emacs/modules/syd-autosave.el old mode 100644 new mode 100755 diff --git a/users/crumb/programs/emacs/modules/syd-completion.el b/users/crumb/programs/emacs/modules/syd-completion.el old mode 100644 new mode 100755 diff --git a/users/crumb/programs/emacs/modules/syd-custom.el b/users/crumb/programs/emacs/modules/syd-custom.el old mode 100644 new mode 100755 diff --git a/users/crumb/programs/emacs/modules/syd-display-startup-time.el b/users/crumb/programs/emacs/modules/syd-display-startup-time.el old mode 100644 new mode 100755 diff --git a/users/crumb/programs/emacs/modules/syd-evil.el b/users/crumb/programs/emacs/modules/syd-evil.el old mode 100644 new mode 100755 diff --git a/users/crumb/programs/emacs/modules/syd-general.el b/users/crumb/programs/emacs/modules/syd-general.el old mode 100644 new mode 100755 diff --git a/users/crumb/programs/emacs/modules/syd-keybinds.el b/users/crumb/programs/emacs/modules/syd-keybinds.el old mode 100644 new mode 100755 diff --git a/users/crumb/programs/emacs/modules/syd-org.el b/users/crumb/programs/emacs/modules/syd-org.el old mode 100644 new mode 100755 diff --git a/users/crumb/programs/emacs/modules/syd-projects.el b/users/crumb/programs/emacs/modules/syd-projects.el old mode 100644 new mode 100755 diff --git a/users/crumb/programs/emacs/modules/syd-scratch.el b/users/crumb/programs/emacs/modules/syd-scratch.el old mode 100644 new mode 100755 diff --git a/users/crumb/programs/emacs/modules/syd-smartparens.el b/users/crumb/programs/emacs/modules/syd-smartparens.el old mode 100644 new mode 100755 diff --git a/users/crumb/programs/emacs/modules/syd-ui.el b/users/crumb/programs/emacs/modules/syd-ui.el old mode 100644 new mode 100755 diff --git a/users/crumb/programs/emacs/modules/syd-use-package.el b/users/crumb/programs/emacs/modules/syd-use-package.el old mode 100644 new mode 100755 diff --git a/users/crumb/programs/git.nix b/users/crumb/programs/git.nix old mode 100644 new mode 100755 diff --git a/users/crumb/programs/mpd.nix b/users/crumb/programs/mpd.nix old mode 100644 new mode 100755 diff --git a/users/escort/default.nix b/users/escort/default.nix new file mode 100755 index 0000000..54b575e --- /dev/null +++ b/users/escort/default.nix @@ -0,0 +1,21 @@ +{ + systemConfiguration = { config, ... }: { + isNormalUser = true; + # TODO: Don't hard-code `persist`. Use + # config.sydnix.impermanence.persistGroupName. + extraGroups = [ ]; + initialHashedPassword = + "$y$j9T$uU64mjI.5Y1JICkKAaIgl0$kkO089hyDp3akSj7ReIKqFthA4T/d1w/nF40a5Tujt1"; + }; + + homeConfiguration = { config, lib, pkgs, ... }: { + imports = [ + ]; + + sydnix = { + }; + + # Don't touch! + home.stateVersion = "18.09"; + }; +} diff --git a/users/arisu/default.nix b/users/lain/default.nix old mode 100644 new mode 100755 similarity index 74% rename from users/arisu/default.nix rename to users/lain/default.nix index fc6874a..b40ee7c --- a/users/arisu/default.nix +++ b/users/lain/default.nix @@ -3,9 +3,13 @@ isNormalUser = true; # TODO: Don't hard-code `persist`. Use # config.sydnix.impermanence.persistGroupName. - extraGroups = [ "wheel" "persist" ]; + extraGroups = [ "wheel" "persist" "nginx" ]; initialHashedPassword = "$y$j9T$aEFDDwdTZbAc6VQRXrkBJ0$K8wxTGTWDihyX1wxJ.ZMH//wmQFfrGGUkLkxIU0Lyq8"; + + openssh.authorizedKeys.keyFiles = [ + ../../public-keys/crumb-at-guix-rebound.pub + ]; }; homeConfiguration = { config, lib, pkgs, ... }: {