temp

common/global/default.nix

@@ -56,14 +56,7 @@
 
   programs.zsh.enable = true;
 
-  security = {
+  security.auditd.enable = lib.mkDefault true;
-    auditd.enable = lib.mkDefault true;
-    sudo-rs = {
-      enable = true;
-      execWheelOnly = true;
-    };
-    sudo.enable = false;
-  };
 
   users.mutableUsers = lib.mkDefault false;
 

common/global/locale.nix

@@ -4,7 +4,8 @@
   console.keyMap = lib.mkDefault "us";
 
   i18n = {
-    defaultLocale = lib.mkDefault "en_US.UTF-8";
+    defaultLocale = lib.mkDefault "en_US.utf8";
+    supportedLocales = lib.mkDefault [ "en_US.UTF-8/UTF-8" ];
     extraLocaleSettings = lib.mkDefault {
       LC_ADDRESS = "en_US.UTF-8";
       LC_IDENTIFICATION = "en_US.UTF-8";

common/global/nix.nix

@@ -15,14 +15,17 @@ in
       ];
       trusted-substituters = [
         "https://cache.nixos.org"
+        "https://cache.tmmworkshop.com"
         "https://nix-community.cachix.org"
       ];
       substituters = [
         "https://cache.nixos.org/?priority=2&want-mass-query=true"
+        "https://cache.tmmworkshop.com/?priority=2&want-mass-query=true"
         "https://nix-community.cachix.org/?priority=10&want-mass-query=true"
       ];
       trusted-public-keys = [
         "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+        "cache.tmmworkshop.com:jHffkpgbmEdstQPoihJPYW9TQe6jnQbWR2LqkNGV3iA="
         "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
       ];
       auto-optimise-store = lib.mkDefault true;

common/optional/desktop.nix

@@ -1,7 +1,7 @@
 { pkgs, ... }:
 {
   boot = {
-    kernelPackages = pkgs.linuxPackages_6_14;
+    kernelPackages = pkgs.linuxPackages_6_13;
     zfs.package = pkgs.zfs_2_3;
   };
 

common/optional/tmmworkshop_cache.nix

@@ -1,7 +0,0 @@
-{
-  nix.settings = {
-    trusted-substituters = [ "http://cache.tmmworkshop.com" ];
-    substituters = [ "http://cache.tmmworkshop.com/?priority=1&want-mass-query=true" ];
-    trusted-public-keys = [ "cache.tmmworkshop.com:jHffkpgbmEdstQPoihJPYW9TQe6jnQbWR2LqkNGV3iA=" ];
-  };
-}

flake.lock

@@ -2,17 +2,18 @@
   "nodes": {
     "firefox-addons": {
       "inputs": {
+        "flake-utils": "flake-utils",
         "nixpkgs": [
           "nixpkgs"
         ]
       },
       "locked": {
         "dir": "pkgs/firefox-addons",
-        "lastModified": 1750219402,
+        "lastModified": 1743119709,
-        "narHash": "sha256-b3y7V7db0VwLGtpcLRmT1Aa9dpAKoHQdem55UhgB/fw=",
+        "narHash": "sha256-tlJY7MfAena/yi3lmd7y7vQGpLma4Q1BLtO4dvzF/Vs=",
         "owner": "rycee",
         "repo": "nur-expressions",
-        "rev": "a00ce73b626ed274fbfe9f51627861e140b08f6d",
+        "rev": "f8861a4b09a181dd88f6626d0202d9225ae85d65",
         "type": "gitlab"
       },
       "original": {
@@ -22,6 +23,39 @@
         "type": "gitlab"
       }
     },
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1629284811,
+        "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_2": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -29,11 +63,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1750275572,
+        "lastModified": 1743267068,
-        "narHash": "sha256-upC/GIlsIgtdtWRGd1obzdXWYQptNkfzZeyAFWgsgf0=",
+        "narHash": "sha256-G7866vbO5jgqMcYJzgbxej40O6mBGQMGt6gM0himjoA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "0f355844e54e4c70906b1ef5cc35a0047d666c04",
+        "rev": "b431496538b0e294fbe44a1441b24ae8195c63f0",
         "type": "github"
       },
       "original": {
@@ -42,13 +76,35 @@
         "type": "github"
       }
     },
+    "nix-github-actions": {
+      "inputs": {
+        "nixpkgs": [
+          "system_tools",
+          "poetry2nix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1729742964,
+        "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
+        "owner": "nix-community",
+        "repo": "nix-github-actions",
+        "rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nix-github-actions",
+        "type": "github"
+      }
+    },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1750083401,
+        "lastModified": 1743167577,
-        "narHash": "sha256-ynqbgIYrg7P1fAKYqe8I/PMiLABBcNDYG9YaAP/d/C4=",
+        "narHash": "sha256-I09SrXIO0UdyBFfh0fxDq5WnCDg8XKmZ1HQbaXzMA1k=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "61837d2a33ccc1582c5fabb7bf9130d39fee59ad",
+        "rev": "0ed819e708af17bfc4bbc63ee080ef308a24aa42",
         "type": "github"
       },
       "original": {
@@ -60,11 +116,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1750134718,
+        "lastModified": 1743095683,
-        "narHash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=",
+        "narHash": "sha256-gWd4urRoLRe8GLVC/3rYRae1h+xfQzt09xOfb0PaHSk=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "9e83b64f727c88a7711a2c463a7b16eedb69a84c",
+        "rev": "5e5402ecbcb27af32284d4a62553c019a3a49ea6",
         "type": "github"
       },
       "original": {
@@ -76,11 +132,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1750291913,
+        "lastModified": 1743293199,
-        "narHash": "sha256-JW40+zIiDS+rZavb9IYdIN40/GmErO2+0+A66rM6/b8=",
+        "narHash": "sha256-UTEKMh3sbRHVr6ZYIoM7NWQjfrjIGTVOoV2Q4LkLvSk=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "ba92ab5dc0759a8740003ca34b5c1b888f4766d4",
+        "rev": "a2cd41ef5ba904d58f230740f06567ff9506e368",
         "type": "github"
       },
       "original": {
@@ -106,53 +162,31 @@
         "type": "github"
       }
     },
-    "pyproject-build-systems": {
+    "poetry2nix": {
       "inputs": {
+        "flake-utils": [
+          "system_tools",
+          "flake-utils"
+        ],
+        "nix-github-actions": "nix-github-actions",
         "nixpkgs": [
           "system_tools",
           "nixpkgs"
         ],
-        "pyproject-nix": [
+        "systems": "systems_2",
-          "system_tools",
+        "treefmt-nix": "treefmt-nix"
-          "pyproject-nix"
-        ],
-        "uv2nix": [
-          "system_tools",
-          "uv2nix"
-        ]
       },
       "locked": {
-        "lastModified": 1744599653,
+        "lastModified": 1736884309,
-        "narHash": "sha256-nysSwVVjG4hKoOjhjvE6U5lIKA8sEr1d1QzEfZsannU=",
+        "narHash": "sha256-eiCqmKl0BIRiYk5/ZhZozwn4/7Km9CWTbc15Cv+VX5k=",
-        "owner": "pyproject-nix",
+        "owner": "nix-community",
-        "repo": "build-system-pkgs",
+        "repo": "poetry2nix",
-        "rev": "7dba6dbc73120e15b558754c26024f6c93015dd7",
+        "rev": "75d0515332b7ca269f6d7abfd2c44c47a7cbca7b",
         "type": "github"
       },
       "original": {
-        "owner": "pyproject-nix",
+        "owner": "nix-community",
-        "repo": "build-system-pkgs",
+        "repo": "poetry2nix",
-        "type": "github"
-      }
-    },
-    "pyproject-nix": {
-      "inputs": {
-        "nixpkgs": [
-          "system_tools",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1746540146,
-        "narHash": "sha256-QxdHGNpbicIrw5t6U3x+ZxeY/7IEJ6lYbvsjXmcxFIM=",
-        "owner": "pyproject-nix",
-        "repo": "pyproject.nix",
-        "rev": "e09c10c24ebb955125fda449939bfba664c467fd",
-        "type": "github"
-      },
-      "original": {
-        "owner": "pyproject-nix",
-        "repo": "pyproject.nix",
         "type": "github"
       }
     },
@@ -166,7 +200,7 @@
         "nixpkgs-stable": "nixpkgs-stable",
         "sops-nix": "sops-nix",
         "system_tools": "system_tools",
-        "systems": "systems"
+        "systems": "systems_3"
       }
     },
     "sops-nix": {
@@ -176,11 +210,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1750119275,
+        "lastModified": 1742700801,
-        "narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=",
+        "narHash": "sha256-ZGlpUDsuBdeZeTNgoMv+aw0ByXT2J3wkYw9kJwkAS4M=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2",
+        "rev": "67566fe68a8bed2a7b1175fdfb0697ed22ae8852",
         "type": "github"
       },
       "original": {
@@ -191,19 +225,18 @@
     },
     "system_tools": {
       "inputs": {
+        "flake-utils": "flake-utils_2",
         "nixpkgs": [
           "nixpkgs"
         ],
-        "pyproject-build-systems": "pyproject-build-systems",
+        "poetry2nix": "poetry2nix"
-        "pyproject-nix": "pyproject-nix",
-        "uv2nix": "uv2nix"
       },
       "locked": {
-        "lastModified": 1747501237,
+        "lastModified": 1741571944,
-        "narHash": "sha256-woyaUwmZurfNTXBEFM6M7ueSd/Udixs+4DUInhL835c=",
+        "narHash": "sha256-PM7dz99nb6dDiw/3naRGB/dUl5U7dJVspR9uevhW3xo=",
         "owner": "RichieCahill",
         "repo": "system_tools",
-        "rev": "68ab5d1c17ac3fe2487f73dbbb4848bd2291139e",
+        "rev": "c9979e045bca52ec85a0dc560b238f3e5ae2f01c",
         "type": "github"
       },
       "original": {
@@ -213,6 +246,36 @@
       }
     },
     "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_3": {
       "locked": {
         "lastModified": 1689347949,
         "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@@ -227,28 +290,25 @@
         "type": "github"
       }
     },
-    "uv2nix": {
+    "treefmt-nix": {
       "inputs": {
         "nixpkgs": [
           "system_tools",
+          "poetry2nix",
           "nixpkgs"
-        ],
-        "pyproject-nix": [
-          "system_tools",
-          "pyproject-nix"
         ]
       },
       "locked": {
-        "lastModified": 1747441483,
+        "lastModified": 1730120726,
-        "narHash": "sha256-W8BFXk5R0TuJcjIhcGoMpSOaIufGXpizK0pm+uTqynA=",
+        "narHash": "sha256-LqHYIxMrl/1p3/kvm2ir925tZ8DkI0KA10djk8wecSk=",
-        "owner": "pyproject-nix",
+        "owner": "numtide",
-        "repo": "uv2nix",
+        "repo": "treefmt-nix",
-        "rev": "582024dc64663e9f88d467c2f7f7b20d278349de",
+        "rev": "9ef337e492a5555d8e17a51c911ff1f02635be15",
         "type": "github"
       },
       "original": {
-        "owner": "pyproject-nix",
+        "owner": "numtide",
-        "repo": "uv2nix",
+        "repo": "treefmt-nix",
         "type": "github"
       }
     }

flake.nix

@@ -4,10 +4,12 @@
   nixConfig = {
     extra-substituters = [
       "https://cache.nixos.org/?priority=2&want-mass-query=true"
+      "https://cache.tmmworkshop.com/?priority=2&want-mass-query=true"
       "https://nix-community.cachix.org/?priority=10&want-mass-query=true"
     ];
     extra-trusted-public-keys = [
       "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" # cspell:disable-line
+      "cache.tmmworkshop.com:jHffkpgbmEdstQPoihJPYW9TQe6jnQbWR2LqkNGV3iA=" # cspell:disable-line
       "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" # cspell:disable-line
       "cache-nix-dot:Od9KN34LXc6Lu7y1ozzV1kIXZa8coClozgth/SYE7dU=" # cspell:disable-line
     ];

systems/jeeves/docker/great_cloud_of_witnesses.nix

@@ -1,61 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-
-let
-  vars = import ../vars.nix;
-in
-{
-
-  # environment.systemPackages = with pkgs; [ php.withExtensions ({ all, ... }: [ all.pdo_pgsql ]) ];
-
-  services.httpd = {
-    enable = true;
-    adminAddr = "webmaster@localhost";
-
-    enablePHP = true;
-    phpPackage = pkgs.php.withExtensions (
-      { enabled, all }:
-      enabled
-      ++ [
-        all.pdo
-        all.pdo_pgsql
-      ]
-    );
-    extraModules = [ "rewrite" ];
-    virtualHosts.great_cloud_of_witnesses = {
-      hostName = "localhost";
-      listen = [
-        {
-          ip = "*";
-          port = 8092;
-        }
-
-      ];
-      documentRoot = "${vars.services}/great_cloud_of_witnesses";
-      extraConfig = ''
-        <Directory "${vars.services}/great_cloud_of_witnesses">
-          AllowOverride All
-          Require all granted
-        </Directory>
-      '';
-    };
-  };
-
-  sops.secrets.gcw_password = {
-    sopsFile = ../../../users/secrets.yaml;
-    neededForUsers = true;
-  };
-
-  users = {
-    users.gcw = {
-      isSystemUser = true;
-      hashedPasswordFile = config.sops.secrets.gcw_password.path;
-      group = "gcw";
-    };
-    groups.gcw = { };
-  };
-}

systems/jeeves/networking.nix

@@ -11,8 +11,8 @@
     networks = {
       "10-1GB_Primary" = {
         matchConfig.Name = "enp98s0f0";
-        address = [ "192.168.99.14/24" ];
+        address = [ "192.168.95.14/24" ];
-        routes = [ { Gateway = "192.168.99.1"; } ];
+        routes = [ { Gateway = "192.168.95.1"; } ];
         linkConfig.RequiredForOnline = "routable";
       };
       "10-1GB_Secondary" = {

systems/jeeves/runners/nix_builder.nix

@@ -64,7 +64,7 @@ in
             Host jeeves
               Port 629
               User github-runners
-              HostName 192.168.99.14
+              HostName 192.168.95.14
               IdentityFile ${vars.secrets}/services/github-runners/id_ed25519_github-runners
               StrictHostKeyChecking no
               UserKnownHostsFile /dev/null

systems/jeeves/services/acme.nix

@@ -0,0 +1,22 @@
+{ config, ... }:
+let
+  vars = import ../vars.nix;
+in
+{
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = "themadmaker2@protonmail.com";
+      dnsResolver = "1.1.1.1:53";
+      extraLegoFlags = [
+        "--dns-timeout=300"
+      ];
+    };
+    certs."tmmworkshop.com" = {
+      dnsProvider = "cloudflare";
+      environmentFile = "${vars.secrets}/services/acme/cloudflare.txt";
+      email = "themadmaker2@protonmail.com";
+      group = config.services.haproxy.group;
+    };
+  };
+}

systems/jeeves/services/haproxy.cfg

@@ -22,24 +22,25 @@ defaults
 #Application Setup
 frontend ContentSwitching
   bind *:80 v4v6
-  bind *:443 v4v6 ssl crt /zfs/storage/secrets/docker/cloudflare.pem
+  bind *:443 v4v6 ssl crt /var/lib/acme/tmmworkshop.com/full.pem
   mode  http
   # tmmworkshop.com
+  acl host_tmmworkshop  hdr(host) -i tmmworkshop.com
+  acl host_tmmworkshop  hdr(host) -i www.tmmworkshop.com
   acl host_audiobookshelf  hdr(host) -i audiobookshelf.tmmworkshop.com
   acl host_cache  hdr(host) -i cache.tmmworkshop.com
   acl host_filebrowser  hdr(host) -i filebrowser.tmmworkshop.com
   acl host_homeassistant  hdr(host) -i homeassistant.tmmworkshop.com
   acl host_jellyfin  hdr(host) -i jellyfin.tmmworkshop.com
   acl host_share  hdr(host) -i share.tmmworkshop.com
-  acl host_gcw  hdr(host) -i gcw.tmmworkshop.com
 
+  use_backend tmmworkshop_nodes if host_tmmworkshop
   use_backend audiobookshelf_nodes if host_audiobookshelf
   use_backend cache_nodes  if host_cache
   use_backend filebrowser_nodes  if host_filebrowser
   use_backend homeassistant_nodes  if host_homeassistant
   use_backend jellyfin if host_jellyfin
   use_backend share_nodes  if host_share
-  use_backend gcw_nodes  if host_gcw
 
 backend audiobookshelf_nodes
   mode http
@@ -68,6 +69,6 @@ backend share_nodes
   mode http
   server server 127.0.0.1:8091
 
-backend gcw_nodes
+backend tmmworkshop_nodes
   mode http
-  server server 127.0.0.1:8092
+  server server 127.0.0.1:8080

systems/jeeves/services/home_assistant.nix

@@ -19,7 +19,7 @@ in
         http = {
           server_port = 8123;
           server_host = [
-            "192.168.99.14"
+            "192.168.95.14"
             "192.168.90.40"
             "127.0.0.1"
           ];
@@ -72,6 +72,7 @@ in
           rokuecp
           uiprotect
           wakeonlan
+          wyoming
         ];
       extraComponents = [ "isal" ];
     };
@@ -80,5 +81,23 @@ in
       openFirewall = true;
       address = "192.168.90.40";
     };
+    wyoming = {
+      faster-whisper.servers.main = {
+        enable = true;
+        uri = "tcp://0.0.0.0:10300";
+        model = "medium.en";
+        language = "en";
+        device = "cuda";
+      };
+      piper.servers.main = {
+        enable = true;
+        uri = "tcp://0.0.0.0:10200";
+        voice = "en_GB-alba-medium";
+      };
+      openwakeword = {
+        enable = true;
+        uri = "tcp://0.0.0.0:10400";
+      };
+    };
   };
 }

systems/jeeves/services/postgress.nix

@@ -21,33 +21,20 @@ in
 
       local all  richie   trust
       host  all  richie   127.0.0.1/32    trust
-      host  all  richie   ::1/128         trust
+      host  all  richie   ::1/128         trust 
       host  all  richie   192.168.90.1/24 trust
-      host  all  richie   192.168.99.1/24 trust
+      host  all  richie   192.168.95.1/24 trust
 
 
       #type database DBuser origin-address auth-method
-      local hass     hass     trust
+      local hass     hass      trust
 
       # ipv4
-      host  hass     hass     192.168.90.1/24 trust
+      host  hass     hass       192.168.90.1/24 trust
-      host  hass     hass     127.0.0.1/32 trust
+      host  hass     hass       127.0.0.1/32 trust
 
       # ipv6
       host hass      hass     ::1/128         trust
-
-      # megan
-      host  megan    megan    192.168.90.1/24 trust
-      host  megan    megan    127.0.0.1/32 trust
-
-      host  gcw      megan    192.168.90.1/24 trust
-      host  gcw      megan    127.0.0.1/32 trust
-
-      # gcw
-      local gcw      gcw      trust
-      host  gcw      gcw      192.168.90.1/24 trust
-      host  gcw      gcw      127.0.0.1/32 trust
-
     '';
 
     identMap = ''
@@ -90,31 +77,9 @@ in
           replication = true;
         };
       }
-      {
-        name = "megan";
-        ensureDBOwnership = true;
-        ensureClauses = {
-          login = true;
-          createrole = true;
-          createdb = true;
-          replication = true;
-        };
-      }
-      {
-        name = "gcw";
-        ensureDBOwnership = true;
-        ensureClauses = {
-          login = true;
-          createrole = true;
-          createdb = true;
-          replication = true;
-        };
-      }
     ];
     ensureDatabases = [
-      "gcw"
       "hass"
-      "megan"
       "mxr_dev"
       "mxr_prod"
       "richie"

systems/jeeves/services/transmission.nix

@@ -12,7 +12,7 @@ in
     openRPCPort = true;
     downloadDirPermissions = "770";
     settings = {
-      bind-address-ipv4 = "192.168.99.14";
+      bind-address-ipv4 = "192.168.95.14";
       cache-size-mb = 0;
       download-dir = "${vars.transmission}/complete";
       download-queue-enabled = false;

users/megan/default.nix

@@ -1,30 +0,0 @@
-{
-  pkgs,
-  config,
-  ...
-}:
-{
-  sops.secrets.megan_password = {
-    sopsFile = ../secrets.yaml;
-    neededForUsers = true;
-  };
-
-  users = {
-    users.megan = {
-      isNormalUser = true;
-      hashedPasswordFile = "${config.sops.secrets.megan_password.path}";
-
-      shell = pkgs.zsh;
-      group = "megan";
-      extraGroups = [
-        "audio"
-        "video"
-        "users"
-      ];
-      uid = 1101;
-    };
-
-    groups.megan.gid = 1101;
-  };
-  home-manager.users.megan = import ./systems/${config.networking.hostName}.nix;
-}

users/megan/home/cli/default.nix

@@ -1,9 +0,0 @@
-{
-  imports = [
-    ./direnv.nix
-    ./git.nix
-    ./zsh.nix
-  ];
-
-  programs.starship.enable = true;
-}

users/megan/home/cli/direnv.nix

@@ -1,8 +0,0 @@
-{
-
-  programs.direnv = {
-    enable = true;
-    enableZshIntegration = true;
-    nix-direnv.enable = true;
-  };
-}

users/megan/home/cli/git.nix

@@ -1,12 +0,0 @@
-{
-  programs.git = {
-    enable = true;
-    userEmail = "mousikos112@gmail.com";
-    userName = "megan";
-    extraConfig = {
-      pull.rebase = true;
-      color.ui = true;
-    };
-    lfs.enable = true;
-  };
-}

users/megan/home/cli/zsh.nix

@@ -1,31 +0,0 @@
-{
-  programs.zsh = {
-    enable = true;
-    syntaxHighlighting.enable = true;
-    history.size = 10000;
-    oh-my-zsh = {
-      enable = true;
-      plugins = [
-        "git"
-        "docker"
-        "docker-compose"
-        "colored-man-pages"
-        "rust"
-        "systemd"
-        "tmux"
-        "ufw"
-        "z"
-      ];
-    };
-    shellAliases = {
-      "lrt" = "eza --icons -lsnew";
-      "ls" = "eza";
-      "ll" = "eza --long --group";
-      "la" = "eza --all";
-
-      "rspace" = "'for f in *\ *; do mv \"$f\" \"\${f// /_}\"; done'";
-      "rebuild" = "sudo nixos-rebuild switch --flake /home/richie/dotfiles#$HOST";
-      "nix-test" = "nixos-rebuild test --flake /home/richie/dotfiles";
-    };
-  };
-}

users/megan/home/global.nix

@@ -1,18 +0,0 @@
-{ config, ... }:
-{
-  imports = [
-    ./cli
-    ./programs.nix
-  ];
-
-  programs = {
-    home-manager.enable = true;
-    git.enable = true;
-  };
-
-  home = {
-    username = "megan";
-    homeDirectory = "/home/${config.home.username}";
-    stateVersion = "24.05";
-  };
-}

users/megan/home/programs.nix

@@ -1,42 +0,0 @@
-{ pkgs, ... }:
-{
-  home.packages = with pkgs; [
-    # cli
-    bat
-    btop
-    eza
-    fd
-    ffmpegthumbnailer
-    fzf
-    git
-    gnupg
-    imagemagick
-    jq
-    ncdu
-    neofetch
-    ouch
-    p7zip
-    poppler
-    rar
-    ripgrep
-    starship
-    tmux
-    unzip
-    yazi
-    zoxide
-    # system info
-    hwloc
-    lynis
-    pciutils
-    smartmontools
-    usbutils
-    # networking
-    iperf3
-    nmap
-    wget
-    # python
-    poetry
-    python313
-    ruff
-  ];
-}

users/megan/systems/jeeves.nix

@@ -1,5 +0,0 @@
-{
-  imports = [
-    ../home/global.nix
-  ];
-}

users/richie/home/cli/zsh.nix

@@ -23,9 +23,9 @@
       "ll" = "eza --long --group";
       "la" = "eza --all";
 
-      "rebuild" = "sudo nixos-rebuild switch --flake $HOME/dotfiles#$HOST";
+      "rspace" = "'for f in *\ *; do mv \"$f\" \"\${f// /_}\"; done'";
-      "rebuild_backup" =
+      "rebuild" = "sudo nixos-rebuild switch --flake /home/richie/dotfiles#$HOST";
-        "sudo nixos-rebuild switch --flake $HOME/dotfiles#$HOST --option substituters 'https://nix-community.cachix.org' --option trusted-public-keys 'cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY='";
+      "nix-test" = "nixos-rebuild test --flake /home/richie/dotfiles";
     };
   };
 }

users/richie/home/ssh_config.nix

@@ -11,7 +11,7 @@
         dynamicForwards = [ { port = 9050; } ];
       };
       unlock-jeeves = {
-        hostname = "192.168.99.14";
+        hostname = "192.168.95.14";
         user = "root";
         identityFile = "~/.ssh/id_ed25519";
         port = 2222;

users/secrets.yaml

@@ -1,8 +1,10 @@
 richie_password: ENC[AES256_GCM,data:DMi3M8aqrQ60APIofr8wJMh+VZ14hLRxz6jWZgzswr0pV/QVSX53ShBFr90ruO3mucOLYv0l+bI31covfqMAhXWBJp9wUgtC2Q==,iv:qgtn30hZfIL4dBnQSLkjbo7zPJA4m9TR0f52sTFc0v4=,tag:ydLbcGyXjv0fE+4b5ECX5w==,type:str]
 gaming_password: ENC[AES256_GCM,data:i692UsQaCOjE4V1y9d8yYDlK+TRMIprCHJkhl1UBZRMqe9a2LTUtmbbn/xlCYQd2tADJvn+dkx1jLfV4CqaqWOj5YSUFfpgsEw==,iv:3Y7hXQcmpzNN7hF+BDvO52uFB4o5D0dHvxemJ0ZoSIM=,tag:zzLGNDVAMCs2GPMqXp2BtQ==,type:str]
-megan_password: ENC[AES256_GCM,data:Udrs9OWFI2TDM1yxRwfy7uiONh1G3Mr9HabwpmRykp1Xw9KK+q245nxN7QQbR0AiTCyyyivhn6GB2+DvBBY/6UrN5iGs+LaXgg==,iv:n02HzE8jvWM5xDfaPB9BHxtfoAZQ/Tk80XuySY2NyoU=,tag:L9wPVy7zt6mp09qWhzdLpg==,type:str]
-gcw_password: ENC[AES256_GCM,data:T5CliWyyw4igunGRokOW7dNTOQ7DbOhM4gLa8YN4gbVLEVU7n3jxAVF9Uy9zM7LBBqdLvyXnqGzC1HBSBmE+pKBV7YIN3aQkng==,iv:SLq4aeLHdwfq0+A4N6UO4Dz7oBoC0ZDKBr74hheHQFw=,tag:4a71PZcyzoWjOmYEPx07ag==,type:str]
 sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
     age:
         - recipient: age1u8zj599elqqvcmhxn8zuwrufsz8w8w366d3ayrljjejljt2q45kq8mxw9c
           enc: |
@@ -49,7 +51,8 @@ sops:
             UzQzWEFtSDJwR201cmZoeXh5T0RmSk0KWLOpw5cWbtnfVP/ISa7n1vZchoD+nxmn
             7yr7igpEIro0Sd238KinOQYswVaT0NHB9p1dSW/mN+aGQliSNLzkDQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-06-05T00:52:15Z"
+    lastmodified: "2025-01-07T20:13:43Z"
-    mac: ENC[AES256_GCM,data:FVj9SmI6uq5ujIX3NwFSLcappRIX0K1U/GXks4Wj0gJH//Tqo5Ur07+WdE5JNmHdS1gXW34RhzFmEbQ9KR2OoP8cfTG+a7qCftzEQbV5aBBEMxstsl48TLtRTwRuSrEnVOHh/0EfFOkXTUO/rVS4jDmd57eAB6OBJQePQk+P+0Q=,iv:P1aeFC+6xG4Koph0Dynwek/861OsH1asui3qtpu1JUI=,tag:1RYayU758c+yAULOgQuWgw==,type:str]
+    mac: ENC[AES256_GCM,data:Q5fmv+MRVYGUQ4j+28CcGWHmgT1178N+haVS9xa0c99OKuPZdfSndAG0QVDhh/jYq+7zXs6zzLtBjB+egkoDfxJXfJOmg3E46UMO3vDHaEcIZD16ZbWJaz4Z/+yabqhDURKtgfGiu4xPv3OtGbwcP5kud17WcHNfY/LT+Y+LSD8=,iv:y3K3kCroIh+RTplUe4tM8B9rbLgIHCbE6FJawngam8Q=,tag:2VTIWlLp4cOwm18BfIlz5g==,type:str]
+    pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.10.2
+    version: 3.9.2