Move all flakes into modules/ and sep't, create deploy script for a1d2 Change-Id: Ie4d50fb8f16da193195beb139922a366b72b0b0a

commit: f68685dc7059e31dcd58135137f601cbd881c30a [log] [tgz]
author: Samuel Shuert <coded@clicks.codes> Sat Oct 28 20:07:56 2023 -0400
committer: Skyler Grey <minion@clicks.codes> Thu Nov 16 22:53:33 2023 +0000
tree: abc11f485cd945c6539adb2e8b4867b6565a4f1b
parent: 8faa2562e0499d7aa68b7a4c2c9e6ad11353567e [diff]
diff --git a/modules/a1d1/default.nix b/modules/a1d1/default.nix
new file mode 100644
index 0000000..4a4cef2
--- /dev/null
+++ b/modules/a1d1/default.nix

@@ -0,0 +1,75 @@
+{ inputs, system, pkgs, drive_paths, ... }:
+let
+  inherit (inputs) self home-manager deploy-rs nixpkgs;
+  config = (self.nixosConfigurations.clicks.extendModules { modules = [ ./hardware-configuration.nix ]; });
+  deploy = {
+    sudo = "doas -u";
+    profiles = {
+      system = {
+        user = "root";
+        path = deploy-rs.lib.x86_64-linux.activate.nixos config;
+      };
+    } // (let
+      mkServiceConfig = service: {
+        user = service;
+
+        profilePath = "/nix/var/nix/profiles/per-user/${service}/home-manager";
+        path = deploy-rs.lib.x86_64-linux.activate.home-manager
+          (home-manager.lib.homeManagerConfiguration {
+            inherit pkgs;
+            modules = [
+              {
+                home.homeDirectory = "/services/${service}";
+                home.username = service;
+                home.stateVersion = "22.11";
+                programs.home-manager.enable = true;
+              }
+              "${../../services}/${service}"
+            ];
+            extraSpecialArgs = {
+              inherit (inputs) nixpkgs-clicksforms;
+              inherit system drive_paths;
+            };
+          });
+      };
+    in nixpkgs.lib.pipe ../../services [
+      builtins.readDir
+      (nixpkgs.lib.filterAttrs (_name: value: value == "directory"))
+      builtins.attrNames
+      (map (name: {
+        inherit name;
+        value = mkServiceConfig name;
+      }))
+      builtins.listToAttrs
+    ]) // (let
+      mkBlankConfig = username: {
+        user = username;
+
+        profilePath = "/nix/var/nix/profiles/per-user/${username}/home-manager";
+        path = deploy-rs.lib.x86_64-linux.activate.home-manager
+          (home-manager.lib.homeManagerConfiguration {
+            inherit pkgs;
+            modules = [
+              {
+                home.username = username;
+                home.stateVersion = "22.11";
+                programs.home-manager.enable = true;
+              }
+              "${../../homes}/${username}"
+            ];
+          });
+      };
+    in nixpkgs.lib.pipe ../../homes [
+      builtins.readDir
+      (nixpkgs.lib.filterAttrs (_name: value: value == "directory"))
+      builtins.attrNames
+      (map (name: {
+        inherit name;
+        value = mkBlankConfig name;
+      }))
+      builtins.listToAttrs
+    ]);
+    hostname = "a1d1";
+    profilesOrder = [ "system" ];
+  };
+in { inherit deploy config; }

diff --git a/modules/a1d1/hardware-configuration.nix b/modules/a1d1/hardware-configuration.nix
new file mode 100644
index 0000000..799c353
--- /dev/null
+++ b/modules/a1d1/hardware-configuration.nix

@@ -0,0 +1,36 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+  boot.initrd.availableKernelModules =
+    [ "nvme" "xhci_pci" "ahci" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/33e79acf-16a4-4263-be79-792c9432568c";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/4EB3-743A";
+    fsType = "vfat";
+  };
+
+  swapDevices =
+    [{ device = "/dev/disk/by-uuid/3f3ddaa2-80c8-4915-83fe-fcec42bb877c"; }];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode =
+    lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

diff --git a/modules/a1d1/networking.nix b/modules/a1d1/networking.nix
new file mode 100644
index 0000000..6701cea
--- /dev/null
+++ b/modules/a1d1/networking.nix

@@ -0,0 +1 @@
+{ networking.hostName = "a1d1"; }

diff --git a/modules/a1d2/default.nix b/modules/a1d2/default.nix
new file mode 100644
index 0000000..946c02a
--- /dev/null
+++ b/modules/a1d2/default.nix

@@ -0,0 +1,75 @@
+{ inputs, system, pkgs, drive_paths, ... }:
+let
+  inherit (inputs) self home-manager deploy-rs nixpkgs;
+  config = (self.nixosConfigurations.clicks.extendModules { modules = [ ./hardware-configuration.nix ]; });
+  deploy = {
+    sudo = "doas -u";
+    profiles = {
+      system = {
+        user = "root";
+        path = deploy-rs.lib.x86_64-linux.activate.nixos config;
+      };
+    } // (let
+      mkServiceConfig = service: {
+        user = service;
+
+        profilePath = "/nix/var/nix/profiles/per-user/${service}/home-manager";
+        path = deploy-rs.lib.x86_64-linux.activate.home-manager
+          (home-manager.lib.homeManagerConfiguration {
+            inherit pkgs;
+            modules = [
+              {
+                home.homeDirectory = "/services/${service}";
+                home.username = service;
+                home.stateVersion = "22.11";
+                programs.home-manager.enable = true;
+              }
+              "${../../services}/${service}"
+            ];
+            extraSpecialArgs = {
+              inherit (inputs) nixpkgs-clicksforms;
+              inherit system drive_paths;
+            };
+          });
+      };
+    in nixpkgs.lib.pipe ../../services [
+      builtins.readDir
+      (nixpkgs.lib.filterAttrs (_name: value: value == "directory"))
+      builtins.attrNames
+      (map (name: {
+        inherit name;
+        value = mkServiceConfig name;
+      }))
+      builtins.listToAttrs
+    ]) // (let
+      mkBlankConfig = username: {
+        user = username;
+
+        profilePath = "/nix/var/nix/profiles/per-user/${username}/home-manager";
+        path = deploy-rs.lib.x86_64-linux.activate.home-manager
+          (home-manager.lib.homeManagerConfiguration {
+            inherit pkgs;
+            modules = [
+              {
+                home.username = username;
+                home.stateVersion = "22.11";
+                programs.home-manager.enable = true;
+              }
+              "${../../homes}/${username}"
+            ];
+          });
+      };
+    in nixpkgs.lib.pipe ../../homes [
+      builtins.readDir
+      (nixpkgs.lib.filterAttrs (_name: value: value == "directory"))
+      builtins.attrNames
+      (map (name: {
+        inherit name;
+        value = mkBlankConfig name;
+      }))
+      builtins.listToAttrs
+    ]);
+    hostname = "a1d2";
+    profilesOrder = [ "system" ];
+  };
+in { inherit deploy config; }

diff --git a/modules/a1d2/hardware-configuration.nix b/modules/a1d2/hardware-configuration.nix
new file mode 100644
index 0000000..e65488f
--- /dev/null
+++ b/modules/a1d2/hardware-configuration.nix

@@ -0,0 +1,42 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot.initrd.availableKernelModules =
+    [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/0456a002-1692-4ed0-a233-d6cd76c8c2dd";
+    fsType = "btrfs";
+  };
+
+  boot.initrd.luks.devices."luks-ssd0".device =
+    "/dev/disk/by-uuid/a50b2c75-dd36-4d31-924f-d4b77b94efa9";
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/9416-209A";
+    fsType = "vfat";
+  };
+
+  swapDevices =
+    [{ device = "/dev/disk/by-uuid/a1cb08ad-39b3-4a36-bf5a-fad7714a85c0"; }];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode =
+    lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

diff --git a/modules/a1d2/networking.nix b/modules/a1d2/networking.nix
new file mode 100644
index 0000000..e9ceaf5
--- /dev/null
+++ b/modules/a1d2/networking.nix

@@ -0,0 +1 @@
+{ networking.hostName = "a1d2"; }

diff --git a/modules/common/boot.nix b/modules/common/boot.nix
new file mode 100644
index 0000000..26ca4c2
--- /dev/null
+++ b/modules/common/boot.nix

@@ -0,0 +1 @@
+{ boot.loader.systemd-boot.enable = true; }

diff --git a/modules/cache.nix b/modules/common/cache.nix
similarity index 100%
rename from modules/cache.nix
rename to modules/common/cache.nix


diff --git a/modules/clamav.nix b/modules/common/clamav.nix
similarity index 100%
rename from modules/clamav.nix
rename to modules/common/clamav.nix


diff --git a/modules/cloudflare-ddns.nix b/modules/common/cloudflare-ddns.nix
similarity index 88%
rename from modules/cloudflare-ddns.nix
rename to modules/common/cloudflare-ddns.nix
index 35cbf13..a1ebb61 100644
--- a/modules/cloudflare-ddns.nix
+++ b/modules/common/cloudflare-ddns.nix

@@ -12,7 +12,7 @@
     mode = "0600";
     owner = config.users.users.root.name;
     group = config.users.users.root.group;
-    sopsFile = ../secrets/cloudflare-ddns.env.bin;
+    sopsFile = ../../secrets/cloudflare-ddns.env.bin;
     format = "binary";
   };
 }

diff --git a/modules/dmarc.nix b/modules/common/dmarc.nix
similarity index 96%
rename from modules/dmarc.nix
rename to modules/common/dmarc.nix
index 69e3313..3266214 100644
--- a/modules/dmarc.nix
+++ b/modules/common/dmarc.nix

@@ -13,7 +13,7 @@
         mode = "0400";
         owner = config.users.users.parsedmarc.name;
         group = config.users.users.parsedmarc.group;
-        sopsFile = ../secrets/dmarc.json;
+        sopsFile = ../../secrets/dmarc.json;
         format = "json";
       };
     }))

diff --git a/modules/dnsmasq.nix b/modules/common/dnsmasq.nix
similarity index 100%
rename from modules/dnsmasq.nix
rename to modules/common/dnsmasq.nix


diff --git a/modules/doas.nix b/modules/common/doas.nix
similarity index 100%
rename from modules/doas.nix
rename to modules/common/doas.nix


diff --git a/modules/docker.nix b/modules/common/docker.nix
similarity index 100%
rename from modules/docker.nix
rename to modules/common/docker.nix


diff --git a/modules/drivePaths.nix b/modules/common/drivePaths.nix
similarity index 68%
rename from modules/drivePaths.nix
rename to modules/common/drivePaths.nix
index 49df2ce..2f99b4d 100644
--- a/modules/drivePaths.nix
+++ b/modules/common/drivePaths.nix

@@ -1,4 +1,7 @@
-{ drive_paths, lib, ... }: {
+{ drive_paths, lib, ... }:
+if drive_paths == null
+then {}
+else {
   fileSystems = lib.mapAttrs' (name: value: {
     name = value.path;
     value.device = "/dev/disk/by-uuid/${value.uuid}";

diff --git a/modules/ecryptfs.nix b/modules/common/ecryptfs.nix
similarity index 100%
rename from modules/ecryptfs.nix
rename to modules/common/ecryptfs.nix


diff --git a/modules/fail2ban.nix b/modules/common/fail2ban.nix
similarity index 100%
rename from modules/fail2ban.nix
rename to modules/common/fail2ban.nix


diff --git a/modules/gerrit.nix b/modules/common/gerrit.nix
similarity index 97%
rename from modules/gerrit.nix
rename to modules/common/gerrit.nix
index 0937773..d7a780e 100644
--- a/modules/gerrit.nix
+++ b/modules/common/gerrit.nix

@@ -127,14 +127,14 @@
       mode = "0400";
       owner = config.users.users.root.name;
       group = config.users.users.root.group;
-      sopsFile = ../secrets/gerrit.json;
+      sopsFile = ../../secrets/gerrit.json;
       format = "json";
     };
     gerrit_oauth_client_secret = {
       mode = "0400";
       owner = config.users.users.root.name;
       group = config.users.users.root.group;
-      sopsFile = ../secrets/gerrit.json;
+      sopsFile = ../../secrets/gerrit.json;
       format = "json";
     };
   };

diff --git a/modules/git.nix b/modules/common/git.nix
similarity index 100%
rename from modules/git.nix
rename to modules/common/git.nix


diff --git a/modules/grafana.nix b/modules/common/grafana.nix
similarity index 98%
rename from modules/grafana.nix
rename to modules/common/grafana.nix
index 948d29a..f6ca62a 100644
--- a/modules/grafana.nix
+++ b/modules/common/grafana.nix

@@ -53,7 +53,7 @@
     mode = "0600";
     owner = config.users.users.root.name;
     group = config.users.users.root.group;
-    sopsFile = ../secrets/grafana.json;
+    sopsFile = ../../secrets/grafana.json;
     format = "json";
   };
 } (let isDerived = base != null;

diff --git a/modules/home-manager-users.nix b/modules/common/home-manager-users.nix
similarity index 81%
rename from modules/home-manager-users.nix
rename to modules/common/home-manager-users.nix
index 3ca8e1b..fe1c15d 100644
--- a/modules/home-manager-users.nix
+++ b/modules/common/home-manager-users.nix

@@ -10,12 +10,12 @@
       home = "/services/${username}";
       group = "clicks";
       shell = pkgs.bashInteractive;
-    } // (if builtins.pathExists "${../services}/${username}/system.nix" then
-      import "${../services}/${username}/system.nix"
+    } // (if builtins.pathExists "${../../services}/${username}/system.nix" then
+      import "${../../services}/${username}/system.nix"
     else
       { });
 in {
-  users.users = lib.pipe ../services [
+  users.users = lib.pipe ../../services [
     builtins.readDir
     (lib.filterAttrs (_name: value: value == "directory"))
     builtins.attrNames

diff --git a/modules/keycloak.nix b/modules/common/keycloak.nix
similarity index 100%
rename from modules/keycloak.nix
rename to modules/common/keycloak.nix


diff --git a/modules/kitty.nix b/modules/common/kitty.nix
similarity index 100%
rename from modules/kitty.nix
rename to modules/common/kitty.nix


diff --git a/modules/loginctl-linger.nix b/modules/common/loginctl-linger.nix
similarity index 100%
rename from modules/loginctl-linger.nix
rename to modules/common/loginctl-linger.nix


diff --git a/modules/matrix.nix b/modules/common/matrix.nix
similarity index 96%
rename from modules/matrix.nix
rename to modules/common/matrix.nix
index 2618fde..c71ba37 100644
--- a/modules/matrix.nix
+++ b/modules/common/matrix.nix

@@ -116,21 +116,21 @@
     #  mode = "0440";
     #  owner = "turnserver";
     #  group = "matrix-synapse";
-    #  sopsFile = ../secrets/matrix.json;
+    #  sopsFile = ../../secrets/matrix.json;
     #  format = "json";
     #};
     registration_shared_secret = {
       mode = "0400";
       owner = config.users.users.root.name;
       group = config.users.users.root.group;
-      sopsFile = ../secrets/matrix.json;
+      sopsFile = ../../secrets/matrix.json;
       format = "json";
     };
     matrix_private_key = {
       mode = "0600";
       owner = config.users.users.matrix-synapse.name;
       group = config.users.users.matrix-synapse.group;
-      sopsFile = ../secrets/matrix_private_key.pem;
+      sopsFile = ../../secrets/matrix_private_key.pem;
       format = "binary";
       path = config.services.matrix-synapse.settings.signing_key_path;
     };
@@ -138,7 +138,7 @@
       mode = "0600";
       owner = config.users.users.mjolnir.name;
       group = config.users.users.mjolnir.group;
-      sopsFile = ../secrets/matrix.json;
+      sopsFile = ../../secrets/matrix.json;
       format = "json";
     };
   };

diff --git a/modules/mongodb.nix b/modules/common/mongodb.nix
similarity index 73%
rename from modules/mongodb.nix
rename to modules/common/mongodb.nix
index 81473a2..0c4ebc5 100644
--- a/modules/mongodb.nix
+++ b/modules/common/mongodb.nix

@@ -1,4 +1,9 @@
-{ config, pkgs, ... }: {
+{ config, nixpkgs-mongodb, system, ... }: let
+  pkgs = import nixpkgs-mongodb {
+    config.allowUnfree = true;
+    inherit system;
+  };
+in {
   environment.systemPackages = [ pkgs.mongosh pkgs.mongodb-tools ];
   services.mongodb.enable = true;
   services.mongodb.enableAuth = true;

diff --git a/modules/networking.nix b/modules/common/networking.nix
similarity index 72%
rename from modules/networking.nix
rename to modules/common/networking.nix
index 8e97045..e546db9 100644
--- a/modules/networking.nix
+++ b/modules/common/networking.nix

@@ -1,4 +1,7 @@
 {
+  networking.firewall.allowedTCPPorts =
+    [ 80 443 25 465 587 110 995 143 993 29418 ];
+
   networking.hosts = {
     "127.0.0.1" = [ "standard" ];
     "127.0.0.2" = [ "clicks" ];

diff --git a/modules/nextcloud.nix b/modules/common/nextcloud.nix
similarity index 98%
rename from modules/nextcloud.nix
rename to modules/common/nextcloud.nix
index d0bd88a..93e2828 100644
--- a/modules/nextcloud.nix
+++ b/modules/common/nextcloud.nix

@@ -101,7 +101,7 @@
     mode = "0600";
     owner = config.users.users.nextcloud.name;
     group = config.users.users.nextcloud.group;
-    sopsFile = ../secrets/nextcloud.json;
+    sopsFile = ../../secrets/nextcloud.json;
     format = "json";
   };
 }

diff --git a/modules/nginx-routes.nix b/modules/common/nginx-routes.nix
similarity index 100%
rename from modules/nginx-routes.nix
rename to modules/common/nginx-routes.nix


diff --git a/modules/nginx.nix b/modules/common/nginx.nix
similarity index 98%
rename from modules/nginx.nix
rename to modules/common/nginx.nix
index 7515dcb..6bd95e3 100644
--- a/modules/nginx.nix
+++ b/modules/common/nginx.nix

@@ -183,7 +183,7 @@
       mode = "0660";
       owner = config.users.users.nginx.name;
       group = config.users.users.acme.group;
-      sopsFile = ../secrets/cloudflare-cert.env.bin;
+      sopsFile = ../../secrets/cloudflare-cert.env.bin;
       format = "binary";
     };
 

diff --git a/modules/nginx/coded.codes/.well-known/matrix b/modules/common/nginx/coded.codes/.well-known/matrix
similarity index 100%
rename from modules/nginx/coded.codes/.well-known/matrix
rename to modules/common/nginx/coded.codes/.well-known/matrix


diff --git a/modules/node.nix b/modules/common/node.nix
similarity index 100%
rename from modules/node.nix
rename to modules/common/node.nix


diff --git a/modules/postgres.nix b/modules/common/postgres.nix
similarity index 98%
rename from modules/postgres.nix
rename to modules/common/postgres.nix
index 05dc882..397a377 100644
--- a/modules/postgres.nix
+++ b/modules/common/postgres.nix

@@ -106,7 +106,7 @@
         owner = config.services.postgresql.superUser;
         group =
           config.users.users.${config.services.postgresql.superUser}.group;
-        sopsFile = ../secrets/postgres.json;
+        sopsFile = ../../secrets/postgres.json;
         format = "json";
       };
     }))

diff --git a/modules/privatebin.nix b/modules/common/privatebin.nix
similarity index 93%
rename from modules/privatebin.nix
rename to modules/common/privatebin.nix
index 839f132..eece255 100644
--- a/modules/privatebin.nix
+++ b/modules/common/privatebin.nix

@@ -31,8 +31,7 @@
       nginx.forceSSL = lib.mkForce true;
 
       expire_options = {
-        "5min" =
-          300; # looks bonkers, but I'm trying to keep the list ordered while also keeping the privatebin label formatter happy
+        "5min" = 300;
         "10min" = 600;
         "1hour" = 3600;
         "1day" = 86400;

diff --git a/modules/scalpel.nix b/modules/common/scalpel.nix
similarity index 100%
rename from modules/scalpel.nix
rename to modules/common/scalpel.nix


diff --git a/modules/common/shell.nix b/modules/common/shell.nix
new file mode 100644
index 0000000..18889bd
--- /dev/null
+++ b/modules/common/shell.nix

@@ -0,0 +1,4 @@
+{ pkgs, ... }: {
+  programs.zsh.enable = true;
+  environment.systemPackages = with pkgs; [ vim wget ];
+}

diff --git a/modules/ssh.nix b/modules/common/ssh.nix
similarity index 100%
rename from modules/ssh.nix
rename to modules/common/ssh.nix


diff --git a/modules/static-ip.nix b/modules/common/static-ip.nix
similarity index 100%
rename from modules/static-ip.nix
rename to modules/common/static-ip.nix


diff --git a/modules/syncthing.nix b/modules/common/syncthing.nix
similarity index 100%
rename from modules/syncthing.nix
rename to modules/common/syncthing.nix


diff --git a/modules/tesseract.nix b/modules/common/tesseract.nix
similarity index 100%
rename from modules/tesseract.nix
rename to modules/common/tesseract.nix


diff --git a/modules/common/users.nix b/modules/common/users.nix
new file mode 100644
index 0000000..58dc7d3
--- /dev/null
+++ b/modules/common/users.nix

@@ -0,0 +1,48 @@
+{ pkgs, ... }: {
+  users.users.minion = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+
+    openssh.authorizedKeys.keys = [
+      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIteIdlZv52nUDxW2SUsoJ2NZi/w9j1NZwuHanQ/o/DuAAAAHnNzaDpjb2xsYWJvcmFfeXViaWtleV9yZXNpZGVudA== collabora_yubikey_resident"
+      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJRzQbQjXFpHKtt8lpNKmoNx57+EJ/z3wnKOn3/LjM6cAAAAFXNzaDppeXViaWtleV9yZXNpZGVudA== iyubikey_resident"
+      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOhzJ0p9bFRSURUjV05rrt5jCbxPXke7juNbEC9ZJXS/AAAAGXNzaDp0aW55X3l1YmlrZXlfcmVzaWRlbnQ= tiny_yubikey_resident"
+    ];
+  };
+  users.users.coded = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    shell = pkgs.zsh;
+
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCZGErwcw5YUlJS9tAfIYOSqkiuDRZZRTJjMlrDaAiNwTjqUML/Lrcau/1KA6a0+sXCM8DhQ1e0qhh2Qxmh/kxZWO6XMVK2EB7ELPNojqFI16T8Bbhq2t7yVAqbPUhXLQ4xKGvWMCPWOCo/dY72P9yu7kkMV0kTW3nq25+8nvqIvvuQOlOUx1uyR7qEfO706O86wjVTIuwfZKyzMDIC909vyg0xS+SfFlD7MkBuGzevQnOAV3U6tyafg6XW4PaJuDLyGXwpKz6asY08F7gRL/7/GhlMB09nfFfT4sZggmqPdGAtxwsFuwHPjNSlktHz5nlHtpS0LjefR9mWiGIhw5Hw1z33lxP0rfmiEU9J7kFcXv9B8QAWFwWfNEZfeqB7h7DJruo+QRStGeDz4SwRG3GR+DB4iNJLt7n0ALkVFJpOpskeo8TV4+Fwok+hYs2GsvdEmh9Cj7dC/9CyRhJeam9iLIi/iVGZhXEE3tIiqEktZPjiK7JwQyr97zhGJ7Rj4oE= samue@SamuelDesktop"
+      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIH+TJRuMpDPgh6Wp2h+E+O/WoyEAVyWo6SN8oxm2JZNVAAAABHNzaDo= samue@SamuelDesktop"
+      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAILrwKN4dJQ0BiLmjsA/66QHhu06+JyokWtHkLcjhWU79AAAABHNzaDo= coded-sk-resident-1"
+    ];
+  };
+  users.users.pineafan = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    shell = pkgs.zsh;
+
+    openssh.authorizedKeys.keys = [
+      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFXa8ow7H8XpTrwYI+oSgLFfb6YNZanwv/QCKvEKiERSAAAABHNzaDo= pineapplefan@Pineapplefan"
+      "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAJNFMUYiEepGrIAbUM+Hlw/OuGWc8CNQsYlJ7519RVmeu+/vqEQbhchySTelibD19YqsZ7ICfYxAeQzOqHdXfs="
+    ];
+  };
+  users.users.nucleus = {
+    isSystemUser = true;
+    createHome = true;
+    home = "/services/nucleus";
+    group = "clicks";
+    shell = pkgs.bashInteractive;
+  };
+  users.users.websites = {
+    isSystemUser = true;
+    createHome = true;
+    home = "/services/websites";
+    group = "clicks";
+    shell = pkgs.bashInteractive;
+  };
+  users.groups.clicks = { };
+}

diff --git a/modules/vaultwarden.nix b/modules/common/vaultwarden.nix
similarity index 97%
rename from modules/vaultwarden.nix
rename to modules/common/vaultwarden.nix
index edca467..40047dd 100644
--- a/modules/vaultwarden.nix
+++ b/modules/common/vaultwarden.nix

@@ -1,5 +1,7 @@
 { base, pkgs, drive_paths, lib, config, ... }:
-lib.recursiveUpdate {
+if drive_paths == null
+then {}
+else lib.recursiveUpdate {
   environment.systemPackages = with pkgs; [ vaultwarden ];
 
   services.vaultwarden.enable = true;
@@ -17,7 +19,7 @@
         mode = "0400";
         owner = config.users.users.root.name;
         group = config.users.users.root.group;
-        sopsFile = ../secrets/vaultwarden.json;
+        sopsFile = ../../secrets/vaultwarden.json;
         format = "json";
       };
     }))

diff --git a/modules/samba.nix b/modules/samba.nix
deleted file mode 100644
index cd710c3..0000000
--- a/modules/samba.nix
+++ /dev/null

@@ -1,29 +0,0 @@
-{ lib, config, pkgs, ... }: {
-  services.samba = {
-    enable = true;
-    shares = {
-      HDD = {
-        path = "/services/kavita/Kavita/drive1";
-        browseable = "yes";
-        "guest ok" = "no";
-        comment =
-          "Jellyfin, torrents & tempfiles. Use for large amounts of data that don't necessarily need to be accessed at top speed";
-      };
-      SSD = {
-        path = "/services/kavita/Kavita/drive2";
-        browseable = "yes";
-        "guest ok" = "no";
-        comment = "Manga & LNs. Use for smaller, faster storage";
-      };
-    };
-  };
-
-  fileSystems = {
-    "/services/kavita/Kavita/drive1".device =
-      "/dev/disk/by-uuid/dda57e4d-81b7-4f52-b3ac-f14544b3aaf4";
-    "/services/kavita/Kavita/drive2".device =
-      "/dev/disk/by-uuid/24d30ffe-91ed-4e41-b40d-f42b02e144a9";
-  };
-
-  networking.firewall.allowedTCPPorts = [ 139 445 ];
-}
commit	f68685dc7059e31dcd58135137f601cbd881c30a	[log] [tgz]
author	Samuel Shuert <coded@clicks.codes>	Sat Oct 28 20:07:56 2023 -0400
committer	Skyler Grey <minion@clicks.codes>	Thu Nov 16 22:53:33 2023 +0000
tree	abc11f485cd945c6539adb2e8b4867b6565a4f1b
parent	8faa2562e0499d7aa68b7a4c2c9e6ad11353567e [diff]