keep organizing into modules and profiles

12 files changed, 173 insertions, 115 deletions

diff --git a/flake/hosts.nix b/flake/hosts.nix
index ecfcca1..d855a4a 100644
--- a/flake/hosts.nix
+++ b/flake/hosts.nix
@@ -132,6 +132,7 @@ let
       inherit (conf) system hostconf;
       adminUser = {
         name = "fcuny";
+        uid = 1000;
         userinfo = {
           email = "franck@fcuny.net";
           fullName = "Franck Cuny";
@@ -156,9 +157,7 @@ let
           };
           modules =
             [
-              {
-                inherit adminUser;
-              }
+              { inherit adminUser; }
               {
                 system.configurationRevision = mkIf (self ? rev) self.rev;
                 system.nixos.versionSuffix = mkForce "git.${substring 0 11 inputs.nixpkgs.rev}";
diff --git a/machines/darwin/aarch64-darwin/hq-kwny2vh41p.nix b/machines/darwin/aarch64-darwin/hq-kwny2vh41p.nix
index 0364728..e0ebf11 100644
--- a/machines/darwin/aarch64-darwin/hq-kwny2vh41p.nix
+++ b/machines/darwin/aarch64-darwin/hq-kwny2vh41p.nix
@@ -9,7 +9,6 @@
   imports = [
     "${self}/profiles/home-manager.nix"
     "${self}/profiles/darwin.nix"
-    "${self}/profiles/nix.nix"
   ];
 
   system.primaryUser = adminUser.name;
diff --git a/machines/darwin/aarch64-darwin/mba-m2.nix b/machines/darwin/aarch64-darwin/mba-m2.nix
index 6f41583..a2c5607 100644
--- a/machines/darwin/aarch64-darwin/mba-m2.nix
+++ b/machines/darwin/aarch64-darwin/mba-m2.nix
@@ -8,7 +8,6 @@
   imports = [
     "${self}/profiles/home-manager.nix"
     "${self}/profiles/darwin.nix"
-    "${self}/profiles/nix.nix"
   ];
 
   system.primaryUser = adminUser.name;
@@ -53,7 +52,6 @@
     home.homeDirectory = "/Users/${adminUser.name}";
     home.packages = with pkgs; [
       element-desktop
-      vlc-bin
       zoom-us
     ];
     imports = [
diff --git a/machines/nixos/x86_64-linux/vm-synology.nix b/machines/nixos/x86_64-linux/vm-synology.nix
index a86e18b..39c483f 100644
--- a/machines/nixos/x86_64-linux/vm-synology.nix
+++ b/machines/nixos/x86_64-linux/vm-synology.nix
@@ -22,46 +22,24 @@
   };
 
   imports = [
-    "${self}/profiles/git-server.nix"
+    "${self}/profiles/home-manager.nix"
+    "${self}/profiles/admin-user/user.nix"
+    "${self}/profiles/admin-user/home-manager.nix"
     "${self}/profiles/hardware/synology.nix"
     "${self}/profiles/disk/vm.nix"
     "${self}/profiles/server.nix"
-    # ./backups.nix
-    # ./ingress.nix
-    # ./nginx.nix
+    "${self}/profiles/git-server.nix"
   ];
 
   # Use the systemd-boot EFI boot loader.
   boot.loader.efi.canTouchEfiVariables = true;
   networking.hostName = "vm-synology";
 
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.mutableUsers = false;
-
-  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
-  services.openssh.settings.PasswordAuthentication = true;
-  services.openssh.settings.PermitRootLogin = "no";
-
-  users.users.root.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
-  ];
-
   home-manager.users.${adminUser.name} = {
-    home.stateVersion = "25.05";
-    home.username = "${adminUser.name}";
-    home.homeDirectory = "/Users/${adminUser.name}";
     imports = [
       ../../../users/profiles/minimal.nix
     ];
-    inherit (adminUser) userinfo;
   };
 
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
   system.stateVersion = "23.11"; # Did you read the comment?
 }
diff --git a/profiles/admin-user/home-manager.nix b/profiles/admin-user/home-manager.nix
new file mode 100644
index 0000000..7a9ae43
--- /dev/null
+++ b/profiles/admin-user/home-manager.nix
@@ -0,0 +1,12 @@
+{
+  adminUser,
+  ...
+}:
+{
+  home-manager = {
+    users.${adminUser.name} = {
+      home.username = "${adminUser.name}";
+      inherit (adminUser) userinfo;
+    };
+  };
+}
diff --git a/profiles/admin-user/user.nix b/profiles/admin-user/user.nix
new file mode 100644
index 0000000..e05ae6d
--- /dev/null
+++ b/profiles/admin-user/user.nix
@@ -0,0 +1,22 @@
+{
+  adminUser,
+  pkgs,
+  ...
+}:
+{
+  nix.settings.trusted-users = [ adminUser.name ];
+  users = {
+    users.${adminUser.name} = {
+      inherit (adminUser) uid;
+      shell = pkgs.fish;
+      isNormalUser = true;
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
+      ];
+      extraGroups = [
+        "wheel"
+        "docker"
+      ];
+    };
+  };
+}
diff --git a/profiles/darwin.nix b/profiles/darwin.nix
index e355b72..0ff8cc0 100644
--- a/profiles/darwin.nix
+++ b/profiles/darwin.nix
@@ -1,4 +1,9 @@
-{ ... }:
+{
+  adminUser,
+  pkgs,
+  lib,
+  ...
+}:
 {
   system.defaults = {
     dock = {
@@ -43,4 +48,49 @@
 
   # Touch ID for sudo auth
   security.pam.services.sudo_local.touchIdAuth = true;
+
+  nix = {
+    extraOptions = ''
+      tarball-ttl = 900
+    '';
+    gc = {
+      automatic = true;
+      options = "--delete-older-than 7d";
+      interval = {
+        Weekday = 0;
+        Hour = 0;
+        Minute = 0;
+      };
+    };
+    optimise = {
+      automatic = true;
+      interval = {
+        Weekday = 0;
+        Hour = 0;
+        Minute = 0;
+      };
+    };
+    package = pkgs.nixVersions.stable;
+    settings = {
+      trusted-substituters = [
+        "https://cachix.cachix.org"
+        "https://nixpkgs.cachix.org"
+        "https://nix-community.cachix.org"
+      ];
+      trusted-public-keys = [
+        "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
+        "nixpkgs.cachix.org-1:q91R6hxbwFvDqTSDKwDAV4T5PxqXGxswD8vhONFMeOE="
+        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      ];
+      trusted-users = [
+        "@admin"
+        adminUser.name
+      ];
+      experimental-features = lib.mkDefault [
+        "nix-command"
+        "flakes"
+      ];
+    };
+  };
 }
diff --git a/profiles/default.nix b/profiles/default.nix
new file mode 100644
index 0000000..58c22eb
--- /dev/null
+++ b/profiles/default.nix
@@ -0,0 +1,74 @@
+{ pkgs, lib, ... }:
+{
+  nix = {
+    extraOptions = ''
+      tarball-ttl = 900
+    '';
+    gc = {
+      automatic = true;
+      options = "--delete-older-than 7d";
+      dates = "weekly";
+    };
+    package = pkgs.nixVersions.stable;
+    settings = {
+      trusted-substituters = [
+        "https://cachix.cachix.org"
+        "https://nixpkgs.cachix.org"
+        "https://nix-community.cachix.org"
+      ];
+      trusted-public-keys = [
+        "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
+        "nixpkgs.cachix.org-1:q91R6hxbwFvDqTSDKwDAV4T5PxqXGxswD8vhONFMeOE="
+        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      ];
+      trusted-users = [ "root" ];
+      experimental-features = lib.mkDefault [
+        "nix-command"
+        "flakes"
+      ];
+    };
+  };
+
+  time.timeZone = "America/Los_Angeles";
+
+  # Select internationalisation properties.
+  i18n = {
+    defaultLocale = "en_US.UTF-8";
+  };
+
+  ## only allow declarative user management
+  users.mutableUsers = false;
+
+  services.openssh.enable = true;
+  services.openssh.settings.PasswordAuthentication = false;
+  services.openssh.settings.PermitRootLogin = "no";
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
+  ];
+
+  networking.firewall.allowedTCPPorts = [ 22 ];
+
+  programs.fish.enable = true;
+  security.sudo.wheelNeedsPassword = false;
+
+  environment.systemPackages = with pkgs; [
+    curl
+    fd
+    fish
+    git
+    htop
+    jq
+    mtr
+    pciutils
+    powertop
+    ripgrep
+    tcpdump
+    traceroute
+    vim
+  ];
+
+  ## disable that slow "building man-cache" step
+  documentation.man.generateCaches = lib.mkForce false;
+}
diff --git a/profiles/nix.nix b/profiles/nix.nix
deleted file mode 100644
index acfe151..0000000
--- a/profiles/nix.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-{ lib, pkgs, ... }:
-{
-  nix = {
-    extraOptions = ''
-      tarball-ttl = 900
-    '';
-    gc = {
-      automatic = true;
-      options = "--delete-older-than 7d";
-      interval = {
-        Weekday = 0;
-        Hour = 0;
-        Minute = 0;
-      };
-    };
-    optimise = {
-      automatic = true;
-      interval = {
-        Weekday = 0;
-        Hour = 0;
-        Minute = 0;
-      };
-    };
-    package = pkgs.nixVersions.stable;
-    settings = {
-      trusted-substituters = [
-        "https://cachix.cachix.org"
-        "https://nixpkgs.cachix.org"
-        "https://nix-community.cachix.org"
-      ];
-      trusted-public-keys = [
-        "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
-        "nixpkgs.cachix.org-1:q91R6hxbwFvDqTSDKwDAV4T5PxqXGxswD8vhONFMeOE="
-        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
-        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-      ];
-      trusted-users = [
-        "@admin"
-        "fcuny"
-      ];
-      experimental-features = lib.mkDefault [
-        "nix-command"
-        "flakes"
-      ];
-    };
-  };
-}
diff --git a/profiles/server.nix b/profiles/server.nix
index 1588314..3bcd529 100644
--- a/profiles/server.nix
+++ b/profiles/server.nix
@@ -7,41 +7,15 @@
 {
 
   imports = [
-    ./nix.nix
+    ./default.nix
   ];
 
-  time.timeZone = "America/Los_Angeles";
-
-  # Don't require password for sudo
-  security.sudo.wheelNeedsPassword = false;
-
   # Virtualization settings
   virtualisation.docker.enable = true;
 
-  # Select internationalisation properties.
-  i18n = {
-    defaultLocale = "en_US.UTF-8";
-  };
-
   boot.loader.systemd-boot.enable = true;
   boot.kernelPackages = pkgs.linuxPackages_latest;
 
-  environment.systemPackages = with pkgs; [
-    curl
-    fd
-    fish
-    git
-    htop
-    jq
-    mtr
-    pciutils
-    powertop
-    ripgrep
-    tcpdump
-    traceroute
-    vim
-  ];
-
   boot.kernel.sysctl = {
     "net.ipv4.tcp_fastopen" = 3;
     "net.ipv4.tcp_tw_reuse" = 1;
@@ -56,10 +30,6 @@
     useNetworkd = lib.mkDefault true;
   };
 
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
   networking.useDHCP = lib.mkDefault true;
 
   # Default to systemd-networkd usage.
@@ -79,7 +49,4 @@
     "8.8.8.8#dns.google"
     "1.0.0.1#cloudflare-dns.com"
   ];
-
-  ## disable that slow "building man-cache" step
-  documentation.man.generateCaches = lib.mkForce false;
 }
diff --git a/users/profiles/media.nix b/users/profiles/media.nix
index f0919a3..265eb89 100644
--- a/users/profiles/media.nix
+++ b/users/profiles/media.nix
@@ -1,8 +1,10 @@
 { pkgs, ... }:
 {
   home.packages = with pkgs; [
-    mpv
     ffmpeg
+    mpv
     transmission_4
+    vlc-bin
+    yt-dlp
   ];
 }
diff --git a/users/profiles/minimal.nix b/users/profiles/minimal.nix
index aaffdbd..ed67195 100644
--- a/users/profiles/minimal.nix
+++ b/users/profiles/minimal.nix
@@ -1,6 +1,10 @@
 { pkgs, ... }:
 {
+
+  imports = [ ./bat.nix ];
   home.packages = with pkgs; [
     htop
   ];
+
+  home.stateVersion = "25.05";
 }