more adjustments

flake.nix

@@ -311,17 +311,39 @@
     in
     rec {
 
+      # The plan
+      # Import all the host configurations as modules
+      # Setup the modules as nixosModules, homeModules, darwinModules
+      # Create nixosConfigurations using the different pkgs for each system
+      # What to do with home config?
+
+      nixosModules = import ./hosts/x86_64-linux nixpkgs // import ./hosts/aarch64-linux nixpkgs;
+
       # Contains my full system builds, including home-manager
       # nixos-rebuild switch --flake .#tempest
       nixosConfigurations =
-        builtins.mapAttrs buildNixos {
+        (builtins.mapAttrs (
-          pkgs = pkgsBySystem.x86_64-linux;
+          name: module:
-          modules = import ./hosts/x86_64-linux;
+          buildNixos {
-        }
+            pkgs = pkgsBySystem.x86_64-linux;
-        // builtins.mapAttrs buildNixos {
+            modules = [ module ];
-          pkgs = pkgsBySystem.aarch64-linux;
+          }
-          modules = import ./hosts/aarch64-linux;
+        ) nixosModules)
-        };
+        // (builtins.mapAttrs (
+          name: module:
+          buildNixos {
+            pkgs = pkgsBySystem.aarch64-linux;
+            modules = [ module ];
+          }
+        ) nixosModules);
+      # builtins.mapAttrs buildNixos {
+      #   pkgs = pkgsBySystem.x86_64-linux;
+      #   modules = import ./hosts/x86_64-linux;
+      # }
+      # // builtins.mapAttrs buildNixos {
+      #   pkgs = pkgsBySystem.aarch64-linux;
+      #   modules = import ./hosts/aarch64-linux;
+      # };
 
       # Contains my full Mac system builds, including home-manager
       # darwin-rebuild switch --flake .#lookingglass

hosts/aarch64-linux/flame/default.nix

@@ -1,121 +0,0 @@
-# The Flame
-# System configuration for an Oracle free server
-
-# How to install:
-# https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/
-# These days, probably use nixos-anywhere instead.
-
-{
-  inputs,
-  globals,
-  overlays,
-  ...
-}:
-
-inputs.nixpkgs.lib.nixosSystem rec {
-  system = "aarch64-linux";
-  specialArgs = {
-    pkgs-stable = import inputs.nixpkgs-stable { inherit system; };
-    pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
-  };
-  modules = [
-    {
-      # Hardware
-      networking.hostName = "flame";
-
-      # File systems must be declared in order to boot
-
-      # This is the root filesystem containing NixOS
-      # I forgot to set a clean label for it
-      fileSystems."/" = {
-        device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3";
-        fsType = "ext4";
-      };
-
-      # This is the boot filesystem for systemd-boot
-      fileSystems."/boot" = {
-        device = "/dev/disk/by-uuid/D5CA-237A";
-        fsType = "vfat";
-      };
-
-      # Theming
-
-      # Still require colors for programs like Neovim, K9S
-      theme = {
-        colors = (import ../../colorscheme/gruvbox-dark).dark;
-      };
-
-      # Programs and services
-      atuin.enable = true;
-      cloudflare.enable = true; # Proxy traffic with Cloudflare
-      dotfiles.enable = true; # Clone dotfiles
-      neovim.enable = true;
-      giteaRunner.enable = true;
-      services.actualbudget.enable = true;
-      services.caddy.enable = true;
-      services.grafana.enable = true;
-      services.thelounge.enable = true;
-      services.openssh.enable = true;
-      services.victoriametrics.enable = true;
-      services.influxdb2.enable = true;
-      services.gitea.enable = true;
-      services.vaultwarden.enable = true;
-      services.minecraft-server.enable = true; # Setup Minecraft server
-      services.n8n.enable = true;
-      services.ntfy-sh.enable = true;
-      services.postgresql.enable = true;
-      services.uptime-kuma.enable = true;
-      system.autoUpgrade.enable = true;
-
-      # Allows private remote access over the internet
-      cloudflareTunnel = {
-        enable = true;
-        id = "bd250ee1-ed2e-42d2-b627-039f1eb5a4d2";
-        credentialsFile = ../../private/cloudflared-flame.age;
-        ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org";
-      };
-
-      # Nextcloud backup config
-      backup.s3 = {
-        endpoint = "s3.us-west-002.backblazeb2.com";
-        bucket = "noahmasur-backup";
-        accessKeyId = "0026b0e73b2e2c80000000005";
-        resticBucket = "noahmasur-restic";
-      };
-
-      # Disable passwords, only use SSH key
-      publicKeys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
-      ];
-
-      # # Wireguard config for Transmission
-      # wireguard.enable = true;
-      # networking.wireguard.interfaces.wg0 = {
-      #
-      #   # The local IPs for this machine within the Wireguard network
-      #   # Any inbound traffic bound for these IPs should be kept on localhost
-      #   ips = [ "10.66.13.200/32" "fc00:bbbb:bbbb:bb01::3:dc7/128" ];
-      #
-      #   peers = [{
-      #
-      #     # Identity of Wireguard target peer (VPN)
-      #     publicKey = "bOOP5lIjqCdDx5t+mP/kEcSbHS4cZqE0rMlBI178lyY=";
-      #
-      #     # The public internet address of the target peer
-      #     endpoint = "86.106.143.132:51820";
-      #
-      #     # Which outgoing IP ranges should be sent through Wireguard
-      #     allowedIPs = [ "0.0.0.0/0" "::0/0" ];
-      #
-      #     # Send heartbeat signal within the network
-      #     persistentKeepalive = 25;
-      #
-      #   }];
-      #
-      # };
-
-      # # VPN port forwarding
-      # services.transmission.settings.peer-port = 57599;
-    }
-  ];
-}

hosts/flame/default.nix

@@ -0,0 +1,54 @@
+# The Flame
+# System configuration for an Oracle free server
+
+# How to install:
+# https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/
+# These days, probably use nixos-anywhere instead.
+
+rec {
+  # Hardware
+  networking.hostName = "flame";
+
+  nmasur.settings = {
+    username = "noah";
+    fullName = "Noah Masur";
+  };
+
+  nmasur.profiles = {
+    base.enable = true;
+    server.enable = true;
+    communications.enable = true;
+  };
+
+  home-manager.users."noah" = {
+    nmasur.settings = nmasur.settings;
+    nmasur.profiles = {
+      common.enable = true;
+      linux-base.enable = true;
+    };
+  };
+
+  # File systems must be declared in order to boot
+
+  # This is the root filesystem containing NixOS
+  # I forgot to set a clean label for it
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3";
+    fsType = "ext4";
+  };
+
+  # This is the boot filesystem for systemd-boot
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/D5CA-237A";
+    fsType = "vfat";
+  };
+
+  # Allows private remote access over the internet
+  nmasur.presets.services.cloudflared = {
+    tunnel = {
+      id = "bd250ee1-ed2e-42d2-b627-039f1eb5a4d2";
+      credentialsFile = ../../private/cloudflared-flame.age;
+      ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org";
+    };
+  };
+}

platforms/home-manager/modules/nmasur/presets/programs/aerc.nix

@@ -199,20 +199,19 @@ in
       exec = "${config.terminalLaunchCommand} aerc %u";
     };
     xsession.windowManager.i3.config.keybindings = lib.mkIf pkgs.stdenv.isLinux {
-      "${config.home-manager.users.${config.user}.xsession.windowManager.i3.config.modifier}+Shift+e" =
+      "${config.xsession.windowManager.i3.config.modifier}+Shift+e" = "exec ${
-        "exec ${
+        # Don't name the script `aerc` or it will affect grep
-          # Don't name the script `aerc` or it will affect grep
+        builtins.toString (
-          builtins.toString (
+          pkgs.writeShellScript "focus-mail.sh" ''
-            pkgs.writeShellScript "focus-mail.sh" ''
+            count=$(ps aux | grep -c aerc)
-              count=$(ps aux | grep -c aerc)
+            if [ "$count" -eq 1 ]; then
-              if [ "$count" -eq 1 ]; then
+                i3-msg "exec --no-startup-id ${config.terminal} start --class aerc -- aerc"
-                  i3-msg "exec --no-startup-id ${config.terminal} start --class aerc -- aerc"
+                sleep 0.25
-                  sleep 0.25
+            fi
-              fi
+            i3-msg "[class=aerc] focus"
-              i3-msg "[class=aerc] focus"
+          ''
-            ''
+        )
-          )
+      }";
-        }";
     };
 
     programs.fish.shellAbbrs = {

platforms/home-manager/modules/nmasur/presets/programs/firefox.nix

@@ -183,20 +183,19 @@ in
     };
 
     xsession.windowManager.i3.config.keybindings = lib.mkIf pkgs.stdenv.isLinux {
-      "${config.home-manager.users.${config.user}.xsession.windowManager.i3.config.modifier}+Shift+b" =
+      "${config.xsession.windowManager.i3.config.modifier}+Shift+b" = "exec ${
-        "exec ${
+        # Don't name the script `firefox` or it will affect grep
-          # Don't name the script `firefox` or it will affect grep
+        builtins.toString (
-          builtins.toString (
+          pkgs.writeShellScript "focus-ff.sh" ''
-            pkgs.writeShellScript "focus-ff.sh" ''
+            count=$(ps aux | grep -c firefox)
-              count=$(ps aux | grep -c firefox)
+            if [ "$count" -eq 1 ]; then
-              if [ "$count" -eq 1 ]; then
+                i3-msg "exec --no-startup-id firefox"
-                  i3-msg "exec --no-startup-id firefox"
+                sleep 0.5
-                  sleep 0.5
+            fi
-              fi
+            i3-msg "[class=firefox] focus"
-              i3-msg "[class=firefox] focus"
+          ''
-            ''
+        )
-          )
+      }";
-        }";
     };
   };
 }

platforms/home-manager/modules/nmasur/presets/programs/fish.nix

@@ -91,7 +91,6 @@ in
         scs = "systemctl status";
         sca = "systemctl cat";
         m = "make";
-        t = "trash";
 
         # Vim (overwritten by Neovim)
         v = "vim";

platforms/home-manager/modules/nmasur/presets/programs/ldapsearch.nix

@@ -25,7 +25,7 @@ let
         -B -o ldif-wrap=no \
         -E pr=5000/prompt \
         -H "${ldap_scheme}://''${LDAP_HOST}:${builtins.toString ldap_port}" \
-        -D "${pkgs.lib.toUpper magic_prefix}2\\${pkgs.lib.toLower config.user}" \
+        -D "${pkgs.lib.toUpper magic_prefix}2\\${pkgs.lib.toLower config.home.username}" \
         -w "$(${pkgs._1password-cli}/bin/op item get T2 --fields label=password --reveal)" \
         -b "dc=''${LDAP_HOST//./,dc=}" \
         -s "sub" -x "(cn=''${SEARCH_FILTER})" \

platforms/home-manager/modules/nmasur/presets/programs/nautilus.nix

@@ -18,7 +18,7 @@ in
 
     # Quick button for launching nautilus
     xsession.windowManager.i3.config.keybindings = {
-      "${config.home-manager.users.${config.user}.xsession.windowManager.i3.config.modifier}+n" =
+      "${config.xsession.windowManager.i3.config.modifier}+n" =
         "exec --no-startup-id ${pkgs.nautilus}/bin/nautilus";
     };
 

platforms/home-manager/modules/nmasur/presets/programs/nixpkgs.nix

@@ -6,6 +6,7 @@
 }:
 
 let
+  inherit (config.nmasur.settings) username;
   cfg = config.nmasur.presets.programs.nixpkgs;
 in
 
@@ -124,7 +125,7 @@ in
     # For security, only allow specific users
     settings.allowed-users = [
       "@wheel" # Anyone in the wheel group
-      config.user # The current user
+      config.home.username # The current user
     ];
 
     # Enable features in Nix commands

platforms/home-manager/modules/nmasur/presets/programs/obsidian.nix

@@ -0,0 +1,27 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  cfg = config.nmasur.presets.programs.obsidian;
+in
+{
+
+  options = {
+    nmasur.presets.programs.obsidian = {
+      enable = lib.mkEnableOption "Obsidian markdown wiki";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    unfreePackages = [ "obsidian" ];
+    home.packages = with pkgs; [ obsidian ];
+
+    # Broken on 2023-12-11
+    # https://forum.obsidian.md/t/electron-25-is-now-eol-please-upgrade-to-a-newer-version/72878/8
+    # insecurePackages = [ "electron-25.9.0" ];
+  };
+}

platforms/home-manager/modules/nmasur/presets/programs/tmux.nix

@@ -8,7 +8,7 @@
 
   options.tmux.enable = lib.mkEnableOption "Tmux terminal multiplexer";
 
-  config.home-manager.users.${config.user} = lib.mkIf config.tmux.enable {
+  config = lib.mkIf config.tmux.enable {
 
     programs.tmux = {
       enable = true;

platforms/home-manager/modules/nmasur/presets/services/hammerspoon/default.nix

@@ -28,13 +28,11 @@ in
     };
     xdg.configFile."hammerspoon/Spoons/MoveWindow.spoon".source = ./Spoons/MoveWindow.spoon;
 
-    home.activation.reloadHammerspoon =
+    home.activation.reloadHammerspoon = config.lib.dag.entryAfter [ "writeBoundary" ] ''
-      config.home-manager.users.${config.user}.lib.dag.entryAfter [ "writeBoundary" ]
+      $DRY_RUN_CMD /Applications/Hammerspoon.app/Contents/Frameworks/hs/hs -c "hs.reload()"
-        ''
+      $DRY_RUN_CMD sleep 1
-          $DRY_RUN_CMD /Applications/Hammerspoon.app/Contents/Frameworks/hs/hs -c "hs.reload()"
+      $DRY_RUN_CMD /Applications/Hammerspoon.app/Contents/Frameworks/hs/hs -c "hs.console.clearConsole()"
-          $DRY_RUN_CMD sleep 1
+    '';
-          $DRY_RUN_CMD /Applications/Hammerspoon.app/Contents/Frameworks/hs/hs -c "hs.console.clearConsole()"
-        '';
   };
 
 }

platforms/home-manager/modules/nmasur/presets/services/mbsync.nix

@@ -4,119 +4,120 @@
   lib,
   ...
 }:
+
+let
+  inherit (config.nmasur.settings) fullName;
+  cfg = config.nmasur.presets.services.mbsync;
+in
+
 {
 
-  options = {
+  options.nmasur.preset.services.mbsync = {
-    mail.enable = lib.mkEnableOption "Mail service.";
+    enable = lib.mkEnableOption "Mail service.";
-    mail.user = lib.mkOption {
+    user = lib.mkOption {
       type = lib.types.str;
       description = "User name for the email address.";
-      default = config.user;
     };
-    mail.server = lib.mkOption {
+    server = lib.mkOption {
-      type = lib.types.nullOr lib.types.str;
+      type = lib.types.str;
       description = "Server name for the email address.";
     };
-    mail.imapHost = lib.mkOption {
+    imapHost = lib.mkOption {
-      type = lib.types.nullOr lib.types.str;
+      type = lib.types.str;
       description = "Server host for IMAP (reading mail).";
     };
-    mail.smtpHost = lib.mkOption {
+    smtpHost = lib.mkOption {
-      type = lib.types.nullOr lib.types.str;
+      type = lib.types.str;
       description = "Server host for SMTP (sending mail).";
     };
   };
 
-  config = lib.mkIf config.mail.enable {
+  config = lib.mkIf cfg.enable {
 
-    home-manager.users.${config.user} = {
+    programs.mbsync = {
-      programs.mbsync = {
+      enable = true;
-        enable = true;
+    };
-      };
 
-      # Automatically check for mail and keep files synced locally
+    # Automatically check for mail and keep files synced locally
-      services.mbsync = lib.mkIf pkgs.stdenv.isLinux {
+    services.mbsync = lib.mkIf pkgs.stdenv.isLinux {
-        enable = true;
+      enable = true;
-        frequency = "*:0/5";
+      frequency = "*:0/5";
-        postExec = "${lib.getExe pkgs.notmuch} new";
+      postExec = "${lib.getExe pkgs.notmuch} new";
-      };
+    };
 
-      # Used to watch for new mail and trigger sync
+    # Used to watch for new mail and trigger sync
-      services.imapnotify.enable = pkgs.stdenv.isLinux;
+    services.imapnotify.enable = pkgs.stdenv.isLinux;
 
-      # Allows sending email from CLI/sendmail
+    # Allows sending email from CLI/sendmail
-      programs.msmtp.enable = true;
+    programs.msmtp.enable = true;
 
-      accounts.email = {
+    accounts.email = {
 
-        # Where email files are stored
+      # Where email files are stored
-        maildirBasePath = "${config.home.homeDirectory}/mail";
+      maildirBasePath = "${config.home.homeDirectory}/mail";
 
-        accounts = {
+      accounts = {
-          home =
+        home =
-            let
+          let
-              address = "${config.mail.user}@${config.mail.server}";
+            address = "${cfg.user}@${cfg.server}";
-            in
+          in
-            {
+          {
-              userName = address;
+            userName = address;
-              realName = config.fullName;
+            realName = fullName;
-              primary = true;
+            primary = true;
-              inherit address;
+            inherit address;
-              aliases = map (user: "${user}@${config.mail.server}") [
+            aliases = map (user: "${user}@${cfg.server}") [
-                "me"
+              "me"
-                "hey"
+              "hey"
-                "admin"
+              "admin"
-              ];
+            ];
 
-              # Options for contact completion
+            # Options for contact completion
-              alot = { };
+            alot = { };
 
-              imap = {
+            imap = {
-                host = config.mail.imapHost;
+              host = cfg.imapHost;
-                port = 993;
+              port = 993;
-                tls.enable = true;
+              tls.enable = true;
-              };
+            };
 
-              # Watch for mail and run notifications or sync
+            # Watch for mail and run notifications or sync
-              imapnotify = {
+            imapnotify = {
-                enable = true;
+              enable = true;
-                boxes = [ "Inbox" ];
+              boxes = [ "Inbox" ];
-                onNotify = "${pkgs.isync}/bin/mbsync -a";
+              onNotify = "${pkgs.isync}/bin/mbsync -a";
-                onNotifyPost =
+              onNotifyPost = lib.mkIf config.services.dunst.enable "${lib.getExe pkgs.libnotify} 'New mail arrived'";
-                  lib.mkIf config.home-manager.users.${config.user}.services.dunst.enable
+            };
-                    "${lib.getExe pkgs.libnotify} 'New mail arrived'";
-              };
 
-              # Name of the directory in maildir for this account
+            # Name of the directory in maildir for this account
-              maildir = {
+            maildir = {
-                path = "main";
+              path = "main";
-              };
+            };
 
-              # Bi-directional syncing options for local files
+            # Bi-directional syncing options for local files
-              mbsync = {
+            mbsync = {
-                enable = true;
+              enable = true;
-                create = "both";
+              create = "both";
-                expunge = "both";
+              expunge = "both";
-                remove = "both";
+              remove = "both";
-                patterns = [ "*" ];
+              patterns = [ "*" ];
-                extraConfig.channel = {
+              extraConfig.channel = {
-                  CopyArrivalDate = "yes"; # Sync time of original message
+                CopyArrivalDate = "yes"; # Sync time of original message
-                };
-              };
-
-              # Enable indexing
-              notmuch.enable = true;
-
-              # Used to login and send and receive emails
-              passwordCommand = "${pkgs.age}/bin/age --decrypt --identity ~/.ssh/id_ed25519 ${pkgs.writeText "mailpass.age" (builtins.readFile ../../../private/mailpass.age)}";
-
-              smtp = {
-                host = config.mail.smtpHost;
-                port = 465;
-                tls.enable = true;
               };
             };
-        };
+
+            # Enable indexing
+            notmuch.enable = true;
+
+            # Used to login and send and receive emails
+            passwordCommand = "${lib.getExe pkgs.age} --decrypt --identity ~/.ssh/id_ed25519 ${pkgs.writeText "mailpass.age" (builtins.readFile ../../../private/mailpass.age)}";
+
+            smtp = {
+              host = cfg.smtpHost;
+              port = 465;
+              tls.enable = true;
+            };
+          };
       };
     };
   };

platforms/home-manager/modules/nmasur/profiles/linux-base.nix

@@ -35,9 +35,14 @@ in
       };
     };
 
-    programs.fish.shellAliases = {
+    programs.fish = {
-      # Move files to XDG trash on the commandline
+      shellAliases = {
-      trash = lib.mkDefault "${pkgs.trash-cli}/bin/trash-put";
+        # Move files to XDG trash on the commandline
+        trash = lib.mkDefault "${pkgs.trash-cli}/bin/trash-put";
+      };
+      shellAbbrs = {
+        t = "trash";
+      };
     };
   };
 }

platforms/home-manager/modules/nmasur/profiles/power-user.nix

@@ -21,8 +21,8 @@ in
       pkgs.jo # JSON output
       pkgs.osc # Clipboard over SSH
       pkgs.qrencode # Generate qr codes
-      # pkgs.ren # Rename files
+      pkgs.ren # Rename files
-      # pkgs.rep # Replace text in files
+      pkgs.rep # Replace text in files
       pkgs.spacer # Output lines in terminal
       pkgs.tealdeer # Cheatsheets
       pkgs.vimv-rs # Batch rename files

platforms/home-manager/modules/nmasur/profiles/work.nix

@@ -58,6 +58,7 @@ in
         k9s.enable = lib.mkDefault true;
         kubectl.enable = lib.mkDefault true;
         ldapsearch.enable = lib.mkDefault true;
+        obsidian.enable = lib.mkDefault true;
         ripgrep.enable = lib.mkDefault true;
         starship.enable = lib.mkDefault true;
         terraform.enable = lib.mkDefault true;

platforms/home-manager/theme.nix

@@ -6,7 +6,7 @@
     name = lib.mkOption {
       type = lib.types.nullOr lib.types.str;
       description = "Color palette name (fallback when individual colors aren't specified)";
-      default = null;
+      default = "gruvbox";
     };
     colors = lib.mkOption {
       type = lib.types.attrs;

platforms/nix-darwin/modules/nmasur/presets/services/user.nix

@@ -5,6 +5,7 @@
 }:
 
 let
+  inherit (config.nmasur.settings) username;
   cfg = config.nmasur.presets.services.user;
 in
 
@@ -13,14 +14,14 @@ in
   options.nmasur.presets.services.user.enable = lib.mkEnableOption "macoS user settings";
 
   config = lib.mkIf cfg.enable {
-    users.users."${config.user}" = {
+    users.users."${username}" = {
       # macOS user
-      home = config.home-manager.users.${config.user}.home.homeDirectory;
+      home = config.home-manager.users.${username}.home.homeDirectory;
       uid = 502;
       # shell = pkgs.fish; # Default shell
     };
     # This might fix the shell issues
-    users.knownUsers = [ config.user ];
+    users.knownUsers = [ username ];
 
   };
 }

platforms/nixos/modules/nmasur/presets/services/calibre-web.nix

@@ -13,7 +13,7 @@
 
 let
 
-  inherit (config.nmasur.settings) hostnames;
+  inherit (config.nmasur.settings) hostnames username;
   cfg = config.nmasur.presets.services.calibre-web;
   libraryPath = "/data/books";
 in
@@ -58,7 +58,7 @@ in
     services.cloudflare-dyndns.domains = [ hostnames.books ];
 
     # Grant user access to Calibre directories
-    users.users.${config.user}.extraGroups = [ "calibre-web" ];
+    users.users.${username}.extraGroups = [ "calibre-web" ];
 
     # Run a backup on a schedule
     systemd.timers.calibre-backup = {

platforms/nixos/modules/nmasur/presets/services/cloudflared.nix

@@ -25,6 +25,7 @@
 # Set ca = "<public key>"
 
 let
+  inherit (config.nmasur.settings) username;
   cfg = config.nmasur.presets.services.cloudflared;
 in
 
@@ -74,7 +75,7 @@ in
       # Must match the username portion of the email address in Cloudflare
       # Access
       "ssh/authorized_principals".text = ''
-        ${config.user}
+        ${username}
       '';
     };
 
@@ -82,7 +83,7 @@ in
     services.openssh.extraConfig = ''
       PubkeyAuthentication yes
       TrustedUserCAKeys /etc/ssh/ca.pub
-      Match User '${config.user}'
+      Match User '${username}'
         AuthorizedPrincipalsFile /etc/ssh/authorized_principals
         # if there is no existing AuthenticationMethods
         AuthenticationMethods publickey

platforms/nixos/modules/nmasur/presets/services/gitea.nix

@@ -6,7 +6,7 @@
 }:
 
 let
-  inherit (config.nmasur.settings) hostnames;
+  inherit (config.nmasur.settings) hostnames username;
   cfg = config.nmasur.presets.services.gitea;
   giteaPath = "/var/lib/gitea"; # Default service directory
 in
@@ -59,7 +59,7 @@ in
       extraConfig = null;
     };
 
-    users.users.${config.user}.extraGroups = [ "gitea" ];
+    users.users.${username}.extraGroups = [ "gitea" ];
 
     caddy.routes = [
       # Prevent public access to Prometheus metrics.

platforms/nixos/modules/nmasur/presets/services/litestream.nix

@@ -14,17 +14,17 @@ in
       endpoint = lib.mkOption {
         type = lib.types.nullOr lib.types.str;
         description = "S3 endpoint for Litestream backups";
-        # default = null;
+        default = "s3.us-west-002.backblazeb2.com";
       };
       bucket = lib.mkOption {
         type = lib.types.nullOr lib.types.str;
         description = "S3 bucket for Litestream backups";
-        # default = null;
+        default = "noahmasur-backup";
       };
       accessKeyId = lib.mkOption {
         type = lib.types.nullOr lib.types.str;
         description = "S3 access key ID for Litestream backups";
-        # default = null;
+        default = "0026b0e73b2e2c80000000005";
       };
       accessKeySecret = lib.mkOption {
         type = lib.types.nullOr lib.types.path;

platforms/nixos/modules/nmasur/presets/services/nextcloud.nix

@@ -6,7 +6,7 @@
 }:
 
 let
-  inherit (config.nmasur.settings) hostnames;
+  inherit (config.nmasur.settings) hostnames username;
   cfg = config.nmasur.presets.services.nextcloud;
 in
 {
@@ -212,7 +212,7 @@ in
     };
 
     # Grant user access to Nextcloud directories
-    users.users.${config.user}.extraGroups = [ "nextcloud" ];
+    users.users.${username}.extraGroups = [ "nextcloud" ];
 
     # Open to groups, allowing for backups
     systemd.services.phpfpm-nextcloud.serviceConfig.StateDirectoryMode = lib.mkForce "0770";

platforms/nixos/modules/nmasur/presets/services/nix-autoupgrade.nix

@@ -6,6 +6,7 @@
 }:
 
 let
+  inherit (config.nmasur.settings) username;
   cfg = config.nmasur.presets.services.nix-autoupgrade;
 in
 
@@ -54,7 +55,7 @@ in
           systemctl status $SERVICE_ID >> $TEMPFILE
           set -e
           ${lib.getExe pkgs.msmtp} \
-              --file=${config.home-manager.users.${config.user}.xdg.configDir}/msmtp/config \
+              --file=${config.home-manager.users.${username}.xdg.configDir}/msmtp/config \
               --account=system \
               ${address} < $TEMPFILE
         '';

platforms/nixos/modules/nmasur/presets/services/notes-git-sync.nix

@@ -6,6 +6,7 @@
 }:
 
 let
+  inherit (config.nmasur.settings) username;
   cfg = config.nmasur.presets.services.notes-git-sync;
 in
 
@@ -27,7 +28,7 @@ in
         Type = "oneshot";
         ExecStartPre = "${lib.getExe pkgs.git} -C /data/git/notes reset --hard master";
         ExecStart = "${lib.getExe pkgs.git} -C /data/git/notes pull";
-        WorkingDirectory = config.home-manager.users.${config.user}.home.homeDirectory;
+        WorkingDirectory = config.home-manager.users.${username}.home.homeDirectory;
         Environment = "PATH=${pkgs.openssh}/bin";
       };
     };

platforms/nixos/modules/nmasur/presets/services/openssh.nix

@@ -7,6 +7,7 @@
 }:
 
 let
+  inherit (config.nmasur.settings) username;
   cfg = config.nmasur.presets.services.openssh;
 in
 {
@@ -16,7 +17,9 @@ in
     publicKeys = lib.mkOption {
       type = lib.types.nullOr (lib.types.listOf lib.types.str);
       description = "Public SSH keys authorized for this system.";
-      default = null;
+      default = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
+      ];
     };
     # permitRootLogin = lib.mkOption {
     #   type = lib.types.str;
@@ -38,7 +41,7 @@ in
       };
     };
 
-    users.users.${config.user}.openssh.authorizedKeys.keys = lib.mkIf (
+    users.users.${username}.openssh.authorizedKeys.keys = lib.mkIf (
       cfg.publicKeys != null
     ) cfg.publicKeys;
 

platforms/nixos/modules/nmasur/presets/services/paperless.nix

@@ -3,7 +3,7 @@
 { config, lib, ... }:
 
 let
-  inherit (config.nmasur.settings) hostnames;
+  inherit (config.nmasur.settings) hostnames username;
   cfg = config.nmasur.presets.services.paperless;
 in
 {
@@ -28,7 +28,7 @@ in
 
     # Allow Nextcloud and user to see files
     users.users.nextcloud.extraGroups = lib.mkIf config.services.nextcloud.enable [ "paperless" ];
-    users.users.${config.user}.extraGroups = [ "paperless" ];
+    users.users.${username}.extraGroups = [ "paperless" ];
 
     caddy.routes = [
       {

platforms/nixos/modules/nmasur/presets/services/postgresql.nix

@@ -6,6 +6,7 @@
 }:
 
 let
+  inherit (config.nmasur.settings) username;
   cfg = config.nmasur.presets.services.postgresql;
 in
 {
@@ -23,7 +24,7 @@ in
     identMap = ''
       root      postgres          postgres
       root      root              postgres
-      admin     ${config.user}    admin
+      admin     ${username}    admin
     '';
     ensureUsers = [
       {

platforms/nixos/modules/nmasur/presets/services/restic.nix

@@ -21,7 +21,7 @@ in
       bucket = lib.mkOption {
         type = lib.types.nullOr lib.types.str;
         description = "S3 bucket for Restic backups";
-        default = null;
+        default = "noahmasur-restic";
       };
       accessKeySecretPair = lib.mkOption {
         type = lib.types.nullOr lib.types.path;

platforms/nixos/modules/nmasur/presets/services/transmission.nix

@@ -9,7 +9,7 @@
 }:
 
 let
-  inherit (config.nmasur.settings) hostnames;
+  inherit (config.nmasur.settings) hostnames username;
   cfg = config.nmasur.presets.services.transmission;
 in
 {
@@ -34,7 +34,7 @@ in
           rpc-authentication-required = true;
           rpc-port = 9091;
           rpc-bind-address = "0.0.0.0";
-          rpc-username = config.user;
+          rpc-username = username;
           # This is a salted hash of the real password
           # https://github.com/tomwijnroks/transmission-pwgen
           rpc-password = "{c4c5145f6e18bcd3c7429214a832440a45285ce26jDOBGVW";

platforms/nixos/modules/nmasur/profiles/base.nix

@@ -6,6 +6,7 @@
 }:
 
 let
+  inherit (config.nmasur.settings) username;
   cfg = config.nmasur.profiles.base;
 in
 
@@ -19,7 +20,7 @@ in
     users.mutableUsers = lib.mkDefault false;
 
     # Define a user account. Don't forget to set a password with ‘passwd’.
-    users.users.${config.user} = {
+    users.users.${username} = {
 
       # Create a home directory for human user
       isNormalUser = lib.mkDefault true;

platforms/nixos/modules/nmasur/profiles/gui.nix

@@ -6,6 +6,7 @@
 }:
 
 let
+  inherit (config.nmasur.settings) username;
   cfg = config.nmasur.profiles.gui;
 in
 
@@ -53,7 +54,7 @@ in
     hardware.i2c.enable = lib.mkDefault true;
 
     # Grant main user access to external monitors
-    users.users.${config.user}.extraGroups = lib.mkDefault [ "i2c" ];
+    users.users.${username}.extraGroups = lib.mkDefault [ "i2c" ];
 
     services.xserver.displayManager = {
 

platforms/nixos/modules/nmasur/profiles/shared-media.nix

@@ -5,6 +5,7 @@
 }:
 
 let
+  inherit (config.nmasur.settings) username;
   cfg = config.nmasur.profiles.shared-media;
 in
 
@@ -18,7 +19,7 @@ in
     users.groups.shared = { };
 
     # Give the human user access to the shared group
-    users.users.${config.user}.extraGroups = [ config.users.groups.shared.name ];
+    users.users.${username}.extraGroups = [ config.users.groups.shared.name ];
 
   };
 }

platforms/nixos/modules/nmasur/settings.nix

@@ -10,7 +10,7 @@
       type = lib.types.str;
       description = "Human readable name of the user";
     };
-    options.hostnames = lib.mkOption {
+    hostnames = lib.mkOption {
       type = lib.types.attrsOf lib.types.str;
       description = "Map of service names to FQDNs";
       default = { };

platforms/nixos/modules/services/filebrowser.nix

@@ -5,7 +5,7 @@
   ...
 }:
 let
-  inherit (config.nmasur.settings) hostnames;
+  inherit (config.nmasur.settings) hostnames username;
   cfg = config.services.filebrowser;
 
   dataDir = "/var/lib/filebrowser";
@@ -18,7 +18,7 @@ let
     database = "${dataDir}/filebrowser.db";
     root = "";
     "auth.method" = "json";
-    username = config.user;
+    username = username;
     # Generate password: htpasswd -nBC 10 "" | tr -d ':\n'
     password = "$2y$10$ze1cMob0k6pnXRjLowYfZOVZWg4G.dsPtH3TohbUeEbI0sdkG9.za";
   };

platforms/nixos/modules/services/identity.nix

@@ -9,6 +9,7 @@ in
     enable = lib.mkEnableOption "Wait for identity file oneshot";
     identityFile = lib.mkOption {
       type = lib.types.path;
+      default = config.identityFile;
     };
   };