wip: refactor: crumb -> msyds

users/msyds/default.nix

@@ -1,70 +1,45 @@
 {
   systemConfiguration = { config, ... }: {
     isNormalUser = true;
-
-    # Unfortunately must be hard-coded so we can attribute it to the
-    # corresponding LDAP user.
-    uid = 1006;
-
     # TODO: Don't hard-code `persist`.  Use
     # config.sydnix.impermanence.persistGroupName.
-    extraGroups = [
-      # Admin account.
-      "wheel"
-      # Default permissions to modify /persist.
-      "persist"
-      # Can modify the files served by Nginx.
-      "nginx"
-      # Can modify Deertopia's git-annex repos.
-      "annex"
-      # Can modify Deertopia's Jellyfin libraries.
-      "jellyfin"
-      # Can access slskd's downloads.
-      "slskd"
-      # Can access Nixarr's media.
-      "media"
-      "www"
-    ];
-
+    extraGroups = [ "wheel" "persist" "input" ];
     initialHashedPassword =
-      "$y$j9T$aEFDDwdTZbAc6VQRXrkBJ0$K8wxTGTWDihyX1wxJ.ZMH//wmQFfrGGUkLkxIU0Lyq8";
+      "$y$j9T$4pyDiPlhnN4UarQoY7Sn70$URZQKPJ3yU4WoQFHRhzm4uF3bM4U7OVYem3oPioykMC";
 
     openssh.authorizedKeys.keyFiles = [
-      ../../public-keys/ssh/crumb-at-guix-rebound.pub
-      ../../public-keys/ssh/crumb-at-nixos-testbed.pub
-      ../../public-keys/ssh/termux.pub
     ];
   };
 
   homeConfiguration = { config, lib, pkgs, ... }: {
     home.file.".ssh/id_ed25519".source =
       config.lib.file.mkOutOfStoreSymlink
-        "/persist/private-keys/ssh/lain-at-deertopia";
+        "/persist/private-keys/ssh/crumb-at-nixos-testbed";
 
     home.file.".ssh/id_ed25519.pub".source =
-      ../../public-keys/ssh/lain-at-deertopia.pub;
+      ../../public-keys/ssh/crumb-at-nixos-testbed.pub;
 
-    programs.bash.enable = true;
+    # A few settings without a home:
+    xdg.enable = true;
+    home.preferXdgDirectories = true;
 
-    home.sessionVariables = {
-      "EDITOR" = "nvim";
-      "VISUAL" = "nvim";
-    };
+    home.packages = [];
 
-    home.packages = [
-      pkgs.btop
-    ];
+    fonts.fontconfig.enable = true;
 
     sydnix = {
-      impermanence = {
-        enable = true;
-        directories = [
-          ".ssh"
-          "public"
-        ];
+      xdg.enable = true;
+      # Personal configurations.
+      users.crumb = {
+        bash.enable = true;
+        direnv.enable = true;
+        git.enable = true;
+        nvim.enable = true;
+        readline.enable = true;
+      };
+      users.msyds = {
+        emacs.enable = true;
       };
-      users.crumb.git.enable = true;
-      users.crumb.nvim.enable = true;
     };
 
     # Don't touch!

users/msyds/files.nix

@@ -1,9 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let mutableSymlink = config.lib.file.mkOutOfStoreSymlink;
-in {
-  home.file.".ssh/id_ed25519".source =
-    mutableSymlink "/persist/private-keys/ssh/lain-at-deertopia";
-  home.file.".ssh/id_ed25519.pub".source =
-    ../../public-keys/ssh/lain-at-deertopia.pub;
-}

users/msyds/secrets.yaml

@@ -0,0 +1,24 @@
+lastfm-password: ENC[AES256_GCM,data:gLcWwEFLhlVdMWez5Kaja17WFUA=,iv:KT9JO0823dn6qHnK2uOacMxHf4f776/soXFUVjUi1UA=,tag:n77bHc97yoKJPYvTCWhEuQ==,type:str]
+librefm-password: ENC[AES256_GCM,data:0gDlWC/2CxryI6jH5RuJ,iv:8QVnhLko3H/IupQrNknxTR8NewfTP+DJyzvHk9Hzr48=,tag:Ku02Jp7p5G5qkO41Y3EFwA==,type:str]
+github-oauth: ENC[AES256_GCM,data:t3FKFYu8edeBipC55nrG0lt1SCY8q1N5dZmvsCg7GLlVl4oDXW8FyQ==,iv:aewQ63H6c5wAw+YQRKbDT18Q05hSFsrdQBSYOUeVNeY=,tag:m1oCnSmLt+0rfcfSO4sOkQ==,type:str]
+gitlab-oauth: ENC[AES256_GCM,data:1THznoGRZmq7BkisZoGa0ZiPG7aSmkV06SY=,iv:Gq6UPHBBrnpkiAo4CZipc89kJ9mfJrwIp9NmUmjtKBo=,tag:UhvgCQlnkTEQ4hEbCTM6ow==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1qayk0d0f765v57pedm7mtau6qkmv8rh6jtaqm40g5g9armaty4jqc0v0y2
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2NE5mTER1OXpadmNzaXV6
+            b3RSbS9yWTN0NWR4Z2xBRnRSanQxYXdRT2drClVrSk1raXE4ZUVIVmxoMzJWU1Rj
+            VmxzdnVSUVEvQk1JcFo4Qjh6YWhiME0KLS0tIHh1OCtzSUZpWWhrbXB4SlA4RVBs
+            VVBqSEM2bVFBU0M5YzZBQWIwUmVXUXMKvWb57Rc+rO5M8Pf7lvbSjuZB4FrHgT3A
+            uBQHH3wpv0BVVzL8tucPnwNxDnwpWvFxxwNVy/rtfs6y6HPu6fuOsA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-01-04T06:44:34Z"
+    mac: ENC[AES256_GCM,data:6zIMlRUHqX0yWVX8CWo69QtutuYshHuNGJ3N+PTpwe6qawwrAAEOMK9Xg4PDu7GZDRWu89UBq3SLOB9DpzOzj1sNoQeokNBvO2AyY+3iBcwBgzX8GeN/A7VK/HPv7g6CuEwnwjvhZLYH74UzmzfXraxMMdx0wldoQE7HD8Ya49M=,iv:QpRtoBUEAyLjeoj4+xtfEibMZj0vhfcMZON3q7LBMBQ=,tag:Dd+Lomo+rg6/fgBRudtIUg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.1