updating system_tools

.github/workflows/merge_flake_lock_update.yml

@@ -1,29 +0,0 @@
-name: merge_flake_lock_update
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: "0 2 * * 6"
-
-jobs:
-  merge:
-    runs-on: ubuntu-latest
-
-    permissions:
-      contents: write
-      pull-requests: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: merge_flake_lock_update
-        run: |
-          pr_number=$(gh pr list --state open --author RichieCahill --label flake_lock_update --json number --jq '.[0].number')
-          echo "pr_number=$pr_number" >> $GITHUB_ENV
-          if [ -n "$pr_number" ]; then
-            gh pr merge "$pr_number" --rebase
-          else
-            echo "No open PR found with label flake_lock_update"
-          fi
-        env:
-          GITHUB_TOKEN: ${{ secrets.GH_TOKEN_FOR_UPDATES }}

.github/workflows/update-flake-lock.yml

@@ -2,7 +2,7 @@ name: update-flake-lock
 on:
   workflow_dispatch:
   schedule:
-    - cron: "0 0 * * 6"
+    - cron: "0 0 * * *"
 
 jobs:
   lockfile:
@@ -20,4 +20,3 @@ jobs:
           pr-labels: |
             dependencies
             automated
-            flake_lock_update

.vscode/settings.json

@@ -274,6 +274,7 @@
     "ublock",
     "uiprotect",
     "uitour",
+    "unifi",
     "unrar",
     "unsubmitted",
     "uptimekuma",

common/global/default.nix

@@ -56,14 +56,7 @@
 
   programs.zsh.enable = true;
 
-  security = {
+  security.auditd.enable = lib.mkDefault true;
-    auditd.enable = lib.mkDefault true;
-    sudo-rs = {
-      enable = true;
-      execWheelOnly = true;
-    };
-    sudo.enable = false;
-  };
 
   users.mutableUsers = lib.mkDefault false;
 

common/global/locale.nix

@@ -4,7 +4,8 @@
   console.keyMap = lib.mkDefault "us";
 
   i18n = {
-    defaultLocale = lib.mkDefault "en_US.UTF-8";
+    defaultLocale = lib.mkDefault "en_US.utf8";
+    supportedLocales = lib.mkDefault [ "en_US.UTF-8/UTF-8" ];
     extraLocaleSettings = lib.mkDefault {
       LC_ADDRESS = "en_US.UTF-8";
       LC_IDENTIFICATION = "en_US.UTF-8";

common/global/nix.nix

@@ -15,14 +15,17 @@ in
       ];
       trusted-substituters = [
         "https://cache.nixos.org"
+        "https://cache.tmmworkshop.com"
         "https://nix-community.cachix.org"
       ];
       substituters = [
         "https://cache.nixos.org/?priority=2&want-mass-query=true"
+        "https://cache.tmmworkshop.com/?priority=2&want-mass-query=true"
         "https://nix-community.cachix.org/?priority=10&want-mass-query=true"
       ];
       trusted-public-keys = [
         "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+        "cache.tmmworkshop.com:jHffkpgbmEdstQPoihJPYW9TQe6jnQbWR2LqkNGV3iA="
         "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
       ];
       auto-optimise-store = lib.mkDefault true;

common/optional/desktop.nix

@@ -1,7 +1,7 @@
 { pkgs, ... }:
 {
   boot = {
-    kernelPackages = pkgs.linuxPackages_6_15;
+    kernelPackages = pkgs.linuxPackages_6_13;
     zfs.package = pkgs.zfs_2_3;
   };
 

common/optional/tmmworkshop_cache.nix

@@ -1,7 +0,0 @@
-{
-  nix.settings = {
-    trusted-substituters = [ "http://cache.tmmworkshop.com" ];
-    substituters = [ "http://cache.tmmworkshop.com/?priority=1&want-mass-query=true" ];
-    trusted-public-keys = [ "cache.tmmworkshop.com:jHffkpgbmEdstQPoihJPYW9TQe6jnQbWR2LqkNGV3iA=" ];
-  };
-}

common/optional/update.nix

@@ -5,7 +5,5 @@
     randomizedDelaySec = "1h";
     persistent = true;
     flake = "github:RichieCahill/dotfiles";
-    allowReboot = true;
-    dates = "Sat *-*-* 06:00:00";
   };
 }

flake.lock

@@ -8,11 +8,11 @@
       },
       "locked": {
         "dir": "pkgs/firefox-addons",
-        "lastModified": 1753761817,
+        "lastModified": 1747022610,
-        "narHash": "sha256-FE908x/ihUlr5yn1f+PTMyOjcwotGUodzn7Ej6zZf5U=",
+        "narHash": "sha256-d6SvA0gTHDrOqt4tZRVD0Gm5G4w6jAFJ6lis79PjSPw=",
         "owner": "rycee",
         "repo": "nur-expressions",
-        "rev": "b657cfddb78408e9b53b4a8aaeaac71fc7ea182e",
+        "rev": "d4b3ffe3e719e42b175ccdef13598516f0a8025d",
         "type": "gitlab"
       },
       "original": {
@@ -29,11 +29,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1754085240,
+        "lastModified": 1747081732,
-        "narHash": "sha256-kVHCrTWEe8B1thAhFag1bk4QPY0ZP45V9vPbrwPHoNo=",
+        "narHash": "sha256-VnR33UmH0KzvTuVg+6oYkDVpnPuHanQisNUXytCRBPQ=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "e102920c1becb114645c6f92fe14edc0b05cc229",
+        "rev": "f0a7db5ec1d369721e770a45e4d19f8e48186a69",
         "type": "github"
       },
       "original": {
@@ -44,11 +44,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1753122741,
+        "lastModified": 1747083103,
-        "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=",
+        "narHash": "sha256-dMx20S2molwqJxbmMB4pGjNfgp5H1IOHNa1Eby6xL+0=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22",
+        "rev": "d1d68fe8b00248caaa5b3bbe4984c12b47e0867d",
         "type": "github"
       },
       "original": {
@@ -60,11 +60,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1753939845,
+        "lastModified": 1746904237,
-        "narHash": "sha256-K2ViRJfdVGE8tpJejs8Qpvvejks1+A4GQej/lBk5y7I=",
+        "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "94def634a20494ee057c76998843c015909d6311",
+        "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956",
         "type": "github"
       },
       "original": {
@@ -76,11 +76,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1754089779,
+        "lastModified": 1747094543,
-        "narHash": "sha256-bklCdnAaAerEacvmy+HkltNR9QE/M4Ygy+m0L2C6LJI=",
+        "narHash": "sha256-WJ55VutSzEjVjq9jYpUvJp6fRB8ncgVzFpWoAwfvppg=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "3683d033f7994c92834f45f166275738dcdd959d",
+        "rev": "bee20293bce36bd20f2ed6627a60db76eaa7e9b4",
         "type": "github"
       },
       "original": {
@@ -176,11 +176,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1752544651,
+        "lastModified": 1746485181,
-        "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=",
+        "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "2c8def626f54708a9c38a5861866660395bb3461",
+        "rev": "e93ee1d900ad264d65e9701a5c6f895683433386",
         "type": "github"
       },
       "original": {
@@ -199,11 +199,11 @@
         "uv2nix": "uv2nix"
       },
       "locked": {
-        "lastModified": 1753716864,
+        "lastModified": 1747501237,
-        "narHash": "sha256-5G32jskzdJ3u87vnW02kJxUaudvbGN4CeBz751J4+JE=",
+        "narHash": "sha256-woyaUwmZurfNTXBEFM6M7ueSd/Udixs+4DUInhL835c=",
         "owner": "RichieCahill",
         "repo": "system_tools",
-        "rev": "86e4b9ca02db37612d1e8a381c14045de39c7ca9",
+        "rev": "68ab5d1c17ac3fe2487f73dbbb4848bd2291139e",
         "type": "github"
       },
       "original": {

flake.nix

@@ -4,10 +4,12 @@
   nixConfig = {
     extra-substituters = [
       "https://cache.nixos.org/?priority=2&want-mass-query=true"
+      "https://cache.tmmworkshop.com/?priority=2&want-mass-query=true"
       "https://nix-community.cachix.org/?priority=10&want-mass-query=true"
     ];
     extra-trusted-public-keys = [
       "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" # cspell:disable-line
+      "cache.tmmworkshop.com:jHffkpgbmEdstQPoihJPYW9TQe6jnQbWR2LqkNGV3iA=" # cspell:disable-line
       "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" # cspell:disable-line
       "cache-nix-dot:Od9KN34LXc6Lu7y1ozzV1kIXZa8coClozgth/SYE7dU=" # cspell:disable-line
     ];

systems/jeeves/default.nix

@@ -1,20 +1,19 @@
 {
   imports = [
     ../../users/richie
-    ../../users/math
     ../../common/global
     ../../common/optional/docker.nix
     ../../common/optional/ssh_decrypt.nix
     ../../common/optional/syncthing_base.nix
-    ../../common/optional/update.nix
     ../../common/optional/zerotier.nix
     ./docker
-    ./services
     ./hardware.nix
     ./networking.nix
     ./nvidia.nix
     ./programs.nix
     ./runners
+    ./services
+    ./services_accounts.nix
     ./syncthing.nix
   ];
 

systems/jeeves/docker/great_cloud_of_witnesses.nix

@@ -1,61 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-
-let
-  vars = import ../vars.nix;
-in
-{
-
-  # environment.systemPackages = with pkgs; [ php.withExtensions ({ all, ... }: [ all.pdo_pgsql ]) ];
-
-  services.httpd = {
-    enable = true;
-    adminAddr = "webmaster@localhost";
-
-    enablePHP = true;
-    phpPackage = pkgs.php.withExtensions (
-      { enabled, all }:
-      enabled
-      ++ [
-        all.pdo
-        all.pdo_pgsql
-      ]
-    );
-    extraModules = [ "rewrite" ];
-    virtualHosts.great_cloud_of_witnesses = {
-      hostName = "localhost";
-      listen = [
-        {
-          ip = "*";
-          port = 8092;
-        }
-
-      ];
-      documentRoot = "${vars.services}/great_cloud_of_witnesses";
-      extraConfig = ''
-        <Directory "${vars.services}/great_cloud_of_witnesses">
-          AllowOverride All
-          Require all granted
-        </Directory>
-      '';
-    };
-  };
-
-  sops.secrets.gcw_password = {
-    sopsFile = ../../../users/secrets.yaml;
-    neededForUsers = true;
-  };
-
-  users = {
-    users.gcw = {
-      isSystemUser = true;
-      hashedPasswordFile = config.sops.secrets.gcw_password.path;
-      group = "gcw";
-    };
-    groups.gcw = { };
-  };
-}

systems/jeeves/networking.nix

@@ -11,8 +11,8 @@
     networks = {
       "10-1GB_Primary" = {
         matchConfig.Name = "enp98s0f0";
-        address = [ "192.168.99.14/24" ];
+        address = [ "192.168.95.14/24" ];
-        routes = [ { Gateway = "192.168.99.1"; } ];
+        routes = [ { Gateway = "192.168.95.1"; } ];
         linkConfig.RequiredForOnline = "routable";
       };
       "10-1GB_Secondary" = {

systems/jeeves/runners/nix_builder.nix

@@ -64,7 +64,7 @@ in
             Host jeeves
               Port 629
               User github-runners
-              HostName 192.168.99.14
+              HostName 192.168.95.14
               IdentityFile ${vars.secrets}/services/github-runners/id_ed25519_github-runners
               StrictHostKeyChecking no
               UserKnownHostsFile /dev/null

systems/jeeves/services/haproxy.cfg

@@ -31,7 +31,7 @@ frontend ContentSwitching
   acl host_homeassistant  hdr(host) -i homeassistant.tmmworkshop.com
   acl host_jellyfin  hdr(host) -i jellyfin.tmmworkshop.com
   acl host_share  hdr(host) -i share.tmmworkshop.com
-  acl host_gcw  hdr(host) -i gcw.tmmworkshop.com
+  acl host_uptime_kuma  hdr(host) -i uptimekuma-jeeves.tmmworkshop.com
 
   use_backend audiobookshelf_nodes if host_audiobookshelf
   use_backend cache_nodes  if host_cache
@@ -39,7 +39,7 @@ frontend ContentSwitching
   use_backend homeassistant_nodes  if host_homeassistant
   use_backend jellyfin if host_jellyfin
   use_backend share_nodes  if host_share
-  use_backend gcw_nodes  if host_gcw
+  use_backend uptime_kuma_nodes  if host_uptime_kuma
 
 backend audiobookshelf_nodes
   mode http
@@ -68,6 +68,6 @@ backend share_nodes
   mode http
   server server 127.0.0.1:8091
 
-backend gcw_nodes
+backend uptime_kuma_nodes
   mode http
-  server server 127.0.0.1:8092
+  server server 127.0.0.1:3001

systems/jeeves/services/home_assistant.nix

@@ -19,7 +19,7 @@ in
         http = {
           server_port = 8123;
           server_host = [
-            "192.168.99.14"
+            "192.168.95.14"
             "192.168.90.40"
             "127.0.0.1"
           ];
@@ -72,6 +72,7 @@ in
           rokuecp
           uiprotect
           wakeonlan
+          wyoming
         ];
       extraComponents = [ "isal" ];
     };
@@ -80,5 +81,23 @@ in
       openFirewall = true;
       address = "192.168.90.40";
     };
+    wyoming = {
+      faster-whisper.servers.main = {
+        enable = true;
+        uri = "tcp://0.0.0.0:10300";
+        model = "medium.en";
+        language = "en";
+        device = "cuda";
+      };
+      piper.servers.main = {
+        enable = true;
+        uri = "tcp://0.0.0.0:10200";
+        voice = "en_GB-alba-medium";
+      };
+      openwakeword = {
+        enable = true;
+        uri = "tcp://0.0.0.0:10400";
+      };
+    };
   };
 }

systems/jeeves/services/nix_serve.nix

@@ -1,10 +1,8 @@
-{ pkgs, ... }:
 let
   vars = import ../vars.nix;
 in
 {
   services.nix-serve = {
-    package = pkgs.nix-serve-ng;
     enable = true;
     secretKeyFile = "${vars.secrets}/services/nix-cache/cache-priv-key.pem";
     openFirewall = true;

systems/jeeves/services/postgress.nix

@@ -21,33 +21,20 @@ in
 
       local all  richie   trust
       host  all  richie   127.0.0.1/32    trust
-      host  all  richie   ::1/128         trust
+      host  all  richie   ::1/128         trust 
       host  all  richie   192.168.90.1/24 trust
-      host  all  richie   192.168.99.1/24 trust
+      host  all  richie   192.168.95.1/24 trust
 
 
       #type database DBuser origin-address auth-method
-      local hass     hass     trust
+      local hass     hass      trust
 
       # ipv4
-      host  hass     hass     192.168.90.1/24 trust
+      host  hass     hass       192.168.90.1/24 trust
-      host  hass     hass     127.0.0.1/32 trust
+      host  hass     hass       127.0.0.1/32 trust
 
       # ipv6
       host hass      hass     ::1/128         trust
-
-      # megan
-      host  megan    megan    192.168.90.1/24 trust
-      host  megan    megan    127.0.0.1/32 trust
-
-      host  gcw      megan    192.168.90.1/24 trust
-      host  gcw      megan    127.0.0.1/32 trust
-
-      # gcw
-      local gcw      gcw      trust
-      host  gcw      gcw      192.168.90.1/24 trust
-      host  gcw      gcw      127.0.0.1/32 trust
-
     '';
 
     identMap = ''
@@ -90,31 +77,9 @@ in
           replication = true;
         };
       }
-      {
-        name = "megan";
-        ensureDBOwnership = true;
-        ensureClauses = {
-          login = true;
-          createrole = true;
-          createdb = true;
-          replication = true;
-        };
-      }
-      {
-        name = "gcw";
-        ensureDBOwnership = true;
-        ensureClauses = {
-          login = true;
-          createrole = true;
-          createdb = true;
-          replication = true;
-        };
-      }
     ];
     ensureDatabases = [
-      "gcw"
       "hass"
-      "megan"
       "mxr_dev"
       "mxr_prod"
       "richie"

systems/jeeves/services/samba.nix

@@ -0,0 +1,34 @@
+{
+  services = {
+    samba = {
+      enable = true;
+      openFirewall = true;
+      settings = {
+        global = {
+          "workgroup" = "WORKGROUP";
+          "server string" = "smbnix";
+          "netbios name" = "smbnix";
+          "security" = "user";
+          "hosts allow" = "192.168.95. 127.0.0.1 localhost";
+          "hosts deny" = "0.0.0.0/0";
+          "guest account" = "nobody";
+          "map to guest" = "bad user";
+        };
+        "unifi" = {
+          "path" = "/zfs/storage/main/unifi";
+          "browseable" = "yes";
+          "read only" = "no";
+          "guest ok" = "no";
+          "create mask" = "0644";
+          "directory mask" = "0755";
+          "force user" = "unifi";
+          "force group" = "unifi";
+        };
+      };
+    };
+    samba-wsdd = {
+      enable = true;
+      openFirewall = true;
+    };
+  };
+}

systems/jeeves/services/transmission.nix

@@ -12,7 +12,7 @@ in
     openRPCPort = true;
     downloadDirPermissions = "770";
     settings = {
-      bind-address-ipv4 = "192.168.99.14";
+      bind-address-ipv4 = "192.168.95.14";
       cache-size-mb = 0;
       download-dir = "${vars.transmission}/complete";
       download-queue-enabled = false;

systems/jeeves/services_accounts.nix

@@ -0,0 +1,22 @@
+{
+  config,
+  ...
+}:
+{
+
+  sops.secrets.unifi_password = {
+    sopsFile = ../../users/secrets.yaml;
+    neededForUsers = true;
+  };
+
+  users = {
+
+    users.unifi = {
+      isSystemUser = true;
+      group = "unifi";
+      extraGroups = [ "samba" ];
+      hashedPasswordFile = "${config.sops.secrets.unifi_password.path}";
+    };
+    groups.unifi = { };
+  };
+}

systems/jeeves/syncthing.nix

@@ -23,10 +23,7 @@ in
           path = vars.notes;
           devices = [
             "rhapsody-in-green"
-            {
+            "davids-server"
-              name = "davids-server";
-              encryptionPasswordFile = "${vars.secrets}/services/syncthing/davids-server";
-            }
           ];
           fsWatcherEnabled = true;
         };
@@ -70,20 +67,14 @@ in
           path = "/home/richie/vault";
           devices = [
             "rhapsody-in-green"
-            {
+            "davids-server"
-              name = "davids-server";
-              encryptionPasswordFile = "${vars.secrets}/services/syncthing/davids-server";
-            }
           ];
           fsWatcherEnabled = true;
         };
         "backup" = {
           path = "${vars.syncthing}/backup";
           devices = [
-            {
+            "davids-server"
-              name = "davids-server";
-              encryptionPasswordFile = "${vars.secrets}/services/syncthing/davids-server";
-            }
           ];
           fsWatcherEnabled = true;
         };

users/math/default.nix

@@ -1,52 +0,0 @@
-{
-  pkgs,
-  config,
-  ...
-}:
-let
-  ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
-in
-{
-
-  sops.secrets.math_password = {
-    sopsFile = ../secrets.yaml;
-    neededForUsers = true;
-  };
-
-  users = {
-    users.math = {
-      isNormalUser = true;
-
-      hashedPasswordFile = "${config.sops.secrets.math_password.path}";
-
-      shell = pkgs.zsh;
-      group = "math";
-      openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEa0Jjp5qEvrYXQbN2EV+1+9ZwtXQfIpjklsceZRZJdl matthew.michal11@gmail.com" # cspell:disable-line
-      ];
-      extraGroups = [
-        "audio"
-        "video"
-        "wheel"
-        "users"
-      ]
-      ++ ifTheyExist [
-        "dialout"
-        "docker"
-        "hass"
-        "libvirtd"
-        "networkmanager"
-        "plugdev"
-        "scanner"
-        "transmission"
-        "uaccess"
-        "wireshark"
-      ];
-      uid = 1003;
-    };
-
-    groups.math.gid = 1003;
-  };
-
-  home-manager.users.math = import ./systems/${config.networking.hostName}.nix;
-}

users/math/home/cli/default.nix

@@ -1,9 +0,0 @@
-{
-  imports = [
-    ./direnv.nix
-    ./git.nix
-    ./zsh.nix
-  ];
-
-  programs.starship.enable = true;
-}

users/math/home/cli/direnv.nix

@@ -1,8 +0,0 @@
-{
-
-  programs.direnv = {
-    enable = true;
-    enableZshIntegration = true;
-    nix-direnv.enable = true;
-  };
-}

users/math/home/cli/git.nix

@@ -1,12 +0,0 @@
-{
-  programs.git = {
-    enable = true;
-    userEmail = "Richie@tmmworkshop.com";
-    userName = "Richie Cahill";
-    extraConfig = {
-      pull.rebase = true;
-      color.ui = true;
-    };
-    lfs.enable = true;
-  };
-}

users/math/home/cli/zsh.nix

@@ -1,28 +0,0 @@
-{
-  programs.zsh = {
-    enable = true;
-    syntaxHighlighting.enable = true;
-    history.size = 10000;
-    oh-my-zsh = {
-      enable = true;
-      plugins = [
-        "git"
-        "docker"
-        "docker-compose"
-        "colored-man-pages"
-        "rust"
-        "systemd"
-        "tmux"
-        "ufw"
-        "z"
-      ];
-    };
-    shellAliases = {
-      "lrt" = "eza --icons -lsnew";
-      "ls" = "eza";
-      "ll" = "eza --long --group";
-      "la" = "eza --all";
-
-    };
-  };
-}

users/math/home/global.nix

@@ -1,22 +0,0 @@
-{ config, ... }:
-{
-  imports = [
-    ./cli
-    ./programs.nix
-    ./ssh_config.nix
-  ];
-
-  programs = {
-    home-manager.enable = true;
-    git.enable = true;
-  };
-
-  home = {
-    username = "math";
-    homeDirectory = "/home/${config.home.username}";
-    stateVersion = "24.05";
-    sessionVariables = {
-      FLAKE = "$HOME/dotfiles";
-    };
-  };
-}

users/math/home/programs.nix

@@ -1,59 +0,0 @@
-{ pkgs, ... }:
-{
-  home.packages = with pkgs; [
-    # cli
-    bat
-    btop
-    eza
-    fd
-    ffmpegthumbnailer
-    fzf
-    git
-    gnupg
-    imagemagick
-    jq
-    ncdu
-    neofetch
-    ouch
-    p7zip
-    poppler
-    rar
-    ripgrep
-    starship
-    tmux
-    unzip
-    yazi
-    zoxide
-    # system info
-    hwloc
-    lynis
-    pciutils
-    smartmontools
-    usbutils
-    # networking
-    iperf3
-    nmap
-    wget
-    # python
-    poetry
-    python313
-    ruff
-    uv
-    # nodejs
-    nodejs
-    # Rust packages
-    trunk
-    wasm-pack
-    cargo-watch
-    cargo-generate
-    cargo-audit
-    cargo-update
-    # nix
-    nix-init
-    nix-output-monitor
-    nix-prefetch
-    nix-tree
-    nixfmt-rfc-style
-    treefmt
-  ];
-}

users/math/home/ssh_config.nix

@@ -1,5 +0,0 @@
-{
-  programs.ssh = {
-    enable = true;
-  };
-}

users/math/systems/jeeves.nix

@@ -1,5 +0,0 @@
-{
-  imports = [
-    ../home/global.nix
-  ];
-}

users/megan/default.nix

@@ -1,30 +0,0 @@
-{
-  pkgs,
-  config,
-  ...
-}:
-{
-  sops.secrets.megan_password = {
-    sopsFile = ../secrets.yaml;
-    neededForUsers = true;
-  };
-
-  users = {
-    users.megan = {
-      isNormalUser = true;
-      hashedPasswordFile = "${config.sops.secrets.megan_password.path}";
-
-      shell = pkgs.zsh;
-      group = "megan";
-      extraGroups = [
-        "audio"
-        "video"
-        "users"
-      ];
-      uid = 1101;
-    };
-
-    groups.megan.gid = 1101;
-  };
-  home-manager.users.megan = import ./systems/${config.networking.hostName}.nix;
-}

users/megan/home/cli/default.nix

@@ -1,9 +0,0 @@
-{
-  imports = [
-    ./direnv.nix
-    ./git.nix
-    ./zsh.nix
-  ];
-
-  programs.starship.enable = true;
-}

users/megan/home/cli/direnv.nix

@@ -1,8 +0,0 @@
-{
-
-  programs.direnv = {
-    enable = true;
-    enableZshIntegration = true;
-    nix-direnv.enable = true;
-  };
-}

users/megan/home/cli/git.nix

@@ -1,12 +0,0 @@
-{
-  programs.git = {
-    enable = true;
-    userEmail = "mousikos112@gmail.com";
-    userName = "megan";
-    extraConfig = {
-      pull.rebase = true;
-      color.ui = true;
-    };
-    lfs.enable = true;
-  };
-}

users/megan/home/cli/zsh.nix

@@ -1,31 +0,0 @@
-{
-  programs.zsh = {
-    enable = true;
-    syntaxHighlighting.enable = true;
-    history.size = 10000;
-    oh-my-zsh = {
-      enable = true;
-      plugins = [
-        "git"
-        "docker"
-        "docker-compose"
-        "colored-man-pages"
-        "rust"
-        "systemd"
-        "tmux"
-        "ufw"
-        "z"
-      ];
-    };
-    shellAliases = {
-      "lrt" = "eza --icons -lsnew";
-      "ls" = "eza";
-      "ll" = "eza --long --group";
-      "la" = "eza --all";
-
-      "rspace" = "'for f in *\ *; do mv \"$f\" \"\${f// /_}\"; done'";
-      "rebuild" = "sudo nixos-rebuild switch --flake /home/richie/dotfiles#$HOST";
-      "nix-test" = "nixos-rebuild test --flake /home/richie/dotfiles";
-    };
-  };
-}

users/megan/home/global.nix

@@ -1,18 +0,0 @@
-{ config, ... }:
-{
-  imports = [
-    ./cli
-    ./programs.nix
-  ];
-
-  programs = {
-    home-manager.enable = true;
-    git.enable = true;
-  };
-
-  home = {
-    username = "megan";
-    homeDirectory = "/home/${config.home.username}";
-    stateVersion = "24.05";
-  };
-}

users/megan/home/programs.nix

@@ -1,42 +0,0 @@
-{ pkgs, ... }:
-{
-  home.packages = with pkgs; [
-    # cli
-    bat
-    btop
-    eza
-    fd
-    ffmpegthumbnailer
-    fzf
-    git
-    gnupg
-    imagemagick
-    jq
-    ncdu
-    neofetch
-    ouch
-    p7zip
-    poppler
-    rar
-    ripgrep
-    starship
-    tmux
-    unzip
-    yazi
-    zoxide
-    # system info
-    hwloc
-    lynis
-    pciutils
-    smartmontools
-    usbutils
-    # networking
-    iperf3
-    nmap
-    wget
-    # python
-    poetry
-    python313
-    ruff
-  ];
-}

users/megan/systems/jeeves.nix

@@ -1,5 +0,0 @@
-{
-  imports = [
-    ../home/global.nix
-  ];
-}

users/richie/default.nix

@@ -24,24 +24,25 @@ in
       openssh.authorizedKeys.keys = [
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYZFsc9CSH03ZUP7y81AHwSyjLwFmcshVFCyxDcYhBT rhapsody-in-green" # cspell:disable-line
       ];
-      extraGroups = [
+      extraGroups =
-        "audio"
+        [
-        "video"
+          "audio"
-        "wheel"
+          "video"
-        "users"
+          "wheel"
-      ]
+          "users"
-      ++ ifTheyExist [
+        ]
-        "dialout"
+        ++ ifTheyExist [
-        "docker"
+          "dialout"
-        "hass"
+          "docker"
-        "libvirtd"
+          "hass"
-        "networkmanager"
+          "libvirtd"
-        "plugdev"
+          "networkmanager"
-        "scanner"
+          "plugdev"
-        "transmission"
+          "scanner"
-        "uaccess"
+          "transmission"
-        "wireshark"
+          "uaccess"
-      ];
+          "wireshark"
+        ];
       uid = 1000;
     };
 

users/richie/home/cli/zsh.nix

@@ -23,9 +23,9 @@
       "ll" = "eza --long --group";
       "la" = "eza --all";
 
-      "rebuild" = "sudo nixos-rebuild switch --flake $HOME/dotfiles#$HOST";
+      "rspace" = "'for f in *\ *; do mv \"$f\" \"\${f// /_}\"; done'";
-      "rebuild_backup" =
+      "rebuild" = "sudo nixos-rebuild switch --flake /home/richie/dotfiles#$HOST";
-        "sudo nixos-rebuild switch --flake $HOME/dotfiles#$HOST --option substituters 'https://nix-community.cachix.org' --option trusted-public-keys 'cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY='";
+      "nix-test" = "nixos-rebuild test --flake /home/richie/dotfiles";
     };
   };
 }

users/richie/home/gui/default.nix

@@ -13,6 +13,7 @@
     gimp
     gparted
     jetbrains.datagrip
+    ladybird
     mediainfo
     nemo
     nemo-fileroller
@@ -26,9 +27,5 @@
     util-linux
     vlc
     zoom-us
-    # games
-    dwarf-fortress
-    tower-pixel-dungeon
-    endless-sky
   ];
 }

users/richie/home/gui/vscode/settings.json

@@ -53,7 +53,6 @@
   "[nix]": { "editor.defaultFormatter": "jnoortheen.nix-ide" },
   "[python]": { "editor.defaultFormatter": "charliermarsh.ruff" },
   "[yaml]": { "editor.defaultFormatter": "redhat.vscode-yaml" },
-  "[javascriptreact]": { "editor.defaultFormatter": "esbenp.prettier-vscode" },
 
   // spell check
   "cSpell.enabled": true,

users/richie/home/programs.nix

@@ -38,9 +38,6 @@
     poetry
     python313
     ruff
-    uv
-    # nodejs
-    nodejs
     # Rust packages
     trunk
     wasm-pack

users/richie/home/ssh_config.nix

@@ -11,7 +11,7 @@
         dynamicForwards = [ { port = 9050; } ];
       };
       unlock-jeeves = {
-        hostname = "192.168.99.14";
+        hostname = "192.168.95.14";
         user = "root";
         identityFile = "~/.ssh/id_ed25519";
         port = 2222;

users/secrets.yaml

@@ -1,8 +1,6 @@
 richie_password: ENC[AES256_GCM,data:DMi3M8aqrQ60APIofr8wJMh+VZ14hLRxz6jWZgzswr0pV/QVSX53ShBFr90ruO3mucOLYv0l+bI31covfqMAhXWBJp9wUgtC2Q==,iv:qgtn30hZfIL4dBnQSLkjbo7zPJA4m9TR0f52sTFc0v4=,tag:ydLbcGyXjv0fE+4b5ECX5w==,type:str]
 gaming_password: ENC[AES256_GCM,data:i692UsQaCOjE4V1y9d8yYDlK+TRMIprCHJkhl1UBZRMqe9a2LTUtmbbn/xlCYQd2tADJvn+dkx1jLfV4CqaqWOj5YSUFfpgsEw==,iv:3Y7hXQcmpzNN7hF+BDvO52uFB4o5D0dHvxemJ0ZoSIM=,tag:zzLGNDVAMCs2GPMqXp2BtQ==,type:str]
-megan_password: ENC[AES256_GCM,data:Udrs9OWFI2TDM1yxRwfy7uiONh1G3Mr9HabwpmRykp1Xw9KK+q245nxN7QQbR0AiTCyyyivhn6GB2+DvBBY/6UrN5iGs+LaXgg==,iv:n02HzE8jvWM5xDfaPB9BHxtfoAZQ/Tk80XuySY2NyoU=,tag:L9wPVy7zt6mp09qWhzdLpg==,type:str]
+unifi_password: ENC[AES256_GCM,data:mFEaXMiVoZtHn3R9fBSpdqUC1DJ1g5jkdQVeQVrCZ+KtFOSGlZRIGI7SiItVZnaQBKFhOecJoXbu0ZQHCyCK0dUImUkBnqZ+4g==,iv:Gzyx5OAKTpXuOCmZnj/lA/o9rl6XDyHdL8YL7x8sGCk=,tag:zwwQgNXEoJUPv7XkRB07gA==,type:str]
-gcw_password: ENC[AES256_GCM,data:T5CliWyyw4igunGRokOW7dNTOQ7DbOhM4gLa8YN4gbVLEVU7n3jxAVF9Uy9zM7LBBqdLvyXnqGzC1HBSBmE+pKBV7YIN3aQkng==,iv:SLq4aeLHdwfq0+A4N6UO4Dz7oBoC0ZDKBr74hheHQFw=,tag:4a71PZcyzoWjOmYEPx07ag==,type:str]
-math_password: ENC[AES256_GCM,data:ykiSr3iBHrShJarEQSJ/zuXbCPcbW2oUpaAjblu1V15ufFKVSMZM94LlpMiCYtN9cYBLs98hcMeajJbvgbwT5emPHthy9+TJDw==,iv:1TJEUo0ishqFAZiUE1473yR3RT6Gbtqt4zM+C1a1KEk=,tag:pR6jyIj+bu3XaSx5yIHSmA==,type:str]
 sops:
     age:
         - recipient: age1u8zj599elqqvcmhxn8zuwrufsz8w8w366d3ayrljjejljt2q45kq8mxw9c
@@ -50,7 +48,7 @@ sops:
             UzQzWEFtSDJwR201cmZoeXh5T0RmSk0KWLOpw5cWbtnfVP/ISa7n1vZchoD+nxmn
             7yr7igpEIro0Sd238KinOQYswVaT0NHB9p1dSW/mN+aGQliSNLzkDQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-08-07T01:48:02Z"
+    lastmodified: "2025-05-13T23:15:05Z"
-    mac: ENC[AES256_GCM,data:AyOAAIk07NArsiU9JaZPdLPXfWg43ajRe0iIvZQnu2AnznZ8DSgpPfznH4wT8HbxLMNDCJ7t3JGXVu7foxBwDF5GOuNq7o0X5NM4752CxyjdGP8zPDcw9TSiQ4MAn9FEjpRxFv34MDhmNdlBKelhIL2NLrGgdNhhKwayzWOReVM=,iv:5BrpLcpk8Mh3hmVeXksfHzkpNFGUTzPQIcb8A7GGAJY=,tag:3J/JJfYntUhkwIdwVpzUug==,type:str]
+    mac: ENC[AES256_GCM,data:MRYYpSCaSkZhF1ew6hmzTfwWNSzaRrhrcaUiXSvfftzTjbHD+k7P1/jpcwA7iK8haXlqiH4YtanQmzY0t/Ygmh1T2GQebvotzLIF0pJ7Bi8yLfWpt0vYrR15oHBIiyM4/ito8dkff+abjMYQuARxAfr6Iq9JyJWQbvM9coehYkE=,iv:0pX2+jBKh14Bm3L4PgtA8H+P1mPyW9u3PAYe8m4wpHk=,tag:EtY1EckmbtPje9BiAO6BoQ==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2