working on home-manager migration

This commit is contained in:
Ingolf Wagner 2023-12-22 20:28:52 +01:00
parent 45a4de7b78
commit ab7d500fab
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
22 changed files with 470 additions and 574 deletions

View file

@ -1,3 +1,4 @@
{ lib, ... }:
{
imports = [
./gui
@ -8,4 +9,12 @@
./terminal
./yubikey.nix
];
# some system stuff
# -----------------
time.timeZone = lib.mkDefault "Europe/Berlin";
#time.timeZone = lib.mkDefault "Pacific/Auckland";
#time.timeZone = lib.mkDefault "Asia/Singapore";
#time.timeZone = lib.mkDefault "Asia/Makassar";
}

View file

@ -15,6 +15,8 @@ with types;
./hosts.nix
./wifi.nix
#./avahi.nix
./syncthing.nix
./nginx.nix
];
config = mkIf config.components.network.enable { };

View file

@ -1,5 +1,5 @@
{
#networking.extraHosts = ''
# 144.76.13.147 robi
#'';
networking.extraHosts = ''
144.76.13.147 robi
'';
}

View file

@ -0,0 +1,260 @@
{ config, lib, pkgs, ... }:
with lib;
{
options.components.network.nginx.enable = mkOption {
type = lib.types.bool;
default = config.components.network.enable;
};
config = mkIf (config.components.network.nginx.enable) {
security.acme.defaults.email = "contact@ingolf-wagner.de";
security.acme.acceptTerms = true;
services.nginx = {
# Use recommended settings
recommendedGzipSettings = lib.mkDefault true;
recommendedOptimisation = lib.mkDefault true;
recommendedProxySettings = lib.mkDefault true;
recommendedTlsSettings = lib.mkDefault true;
# for loki logging
commonHttpConfig = ''
log_format logfmt escape=json 'timestamp=$time_iso8601 '
'facility=nginx '
'src_addr=$remote_addr '
'body_bytes_sent=$body_bytes_sent '
'request_time=$request_time '
'response_status=$status '
'request="$request" '
'request_method="$request_method" '
'host="$host" '
'upstream_cache_status="$upstream_cache_status" '
'upstream_addr="$upstream_addr" '
'http_x_forwarded_for="$http_x_forwarded_for" '
'http_referrer="$http_referer" '
'http_user_agent="$http_user_agent"';
# log to local journald
access_log syslog:server=unix:/dev/log logfmt;
'';
};
services.nginx.package = pkgs.nginxMainline;
services.nginx.virtualHosts."${config.networking.hostName}.private" = {
default = true;
locations."/" = {
root = pkgs.landingpage.override {
jsonConfig = [
{ title = "System Links"; }
{
text = "Syncthings";
items = map
({ name, host ? "${name}.private", ... }: {
label = name;
href = "http://${host}:8384/";
image = "https://media.giphy.com/media/JoyU4vuzwj6ZA7Ging/giphy.gif";
})
(lib.flatten (lib.mapAttrsToList (name: { ... }: { inherit name; })
config.services.tinc.networks."private".hostSettings));
}
{
text = "robi";
items = [
{
label = "Jellyfin";
href = "http://flix.ingolf-wagner.de/";
image = "https://media.giphy.com/media/fyLi0OuWysotq/giphy.gif";
}
{
label = "netdata";
href = "http://robi.private:19999/";
image = "https://media.giphy.com/media/BkjdN6MQCDPaw/giphy.gif";
}
{
label = "logs";
href = "http://grafana.robi.private/explore";
image = "https://raw.githubusercontent.com/cncf/landscape/master/hosted_logos/grafana-loki.svg";
}
{
label = "grafana";
href = "http://grafana.robi.private/";
image = "https://www.vectorlogo.zone/logos/grafana/grafana-icon.svg";
}
{
label = "prometheus";
href = "http://prometheus.robi.private/";
image = "https://www.vectorlogo.zone/logos/prometheusio/prometheusio-icon.svg";
}
];
}
{
text = "chungus";
items = [
{
label = "HomeAssistant";
href = "http://chungus.private:8123/";
image = "https://media.giphy.com/media/fyLi0OuWysotq/giphy.gif";
}
{
label = "Zigbee2Mqtt";
href = "http://chungus.private:9666/";
image = "https://media.giphy.com/media/fyLi0OuWysotq/giphy.gif";
}
{
label = "Tdarr";
href = "http://tdarr.chungus.private/";
image = "https://media.giphy.com/media/fyLi0OuWysotq/giphy.gif";
}
{
label = "Jellyfin";
href = "http://chungus:8096/";
image = "https://media.giphy.com/media/fyLi0OuWysotq/giphy.gif";
}
{
label = "netdata";
href = "http://chungus.private:19999/";
image = "https://media.giphy.com/media/BkjdN6MQCDPaw/giphy.gif";
}
{
label = "logs";
href = "http://grafana.chungus.private/explore";
image = "https://raw.githubusercontent.com/cncf/landscape/master/hosted_logos/grafana-loki.svg";
}
{
label = "grafana";
href = "http://grafana.chungus.private/";
image = "https://www.vectorlogo.zone/logos/grafana/grafana-icon.svg";
}
{
label = "prometheus";
href = "http://prometheus.chungus.private/";
image = "https://www.vectorlogo.zone/logos/prometheusio/prometheusio-icon.svg";
}
];
}
{
text = "pepe";
items = [
{
label = "netdata";
href = "http://pepe.private:19999/";
image = "https://media.giphy.com/media/BkjdN6MQCDPaw/giphy.gif";
}
{
label = "logs";
href = "http://grafana.pepe.private/explore";
image = "https://raw.githubusercontent.com/cncf/landscape/master/hosted_logos/grafana-loki.svg";
}
{
label = "grafana";
href = "http://grafana.pepe.private/";
image = "https://www.vectorlogo.zone/logos/grafana/grafana-icon.svg";
}
{
label = "prometheus";
href = "http://prometheus.pepe.private/";
image = "https://www.vectorlogo.zone/logos/prometheusio/prometheusio-icon.svg";
}
];
}
{
title = "Various Links";
items = [
{
label = "NeverSSL";
href = "https://oldslowfreshlight.neverssl.com/";
image = "https://media.giphy.com/media/fyLi0OuWysotq/giphy.gif";
}
{
label = "Hetzner Cloud";
href = "https://console.hetzner.cloud/projects";
image =
"https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif";
}
{
label = "Pass the Popcorn";
href = "https://passthepopcorn.me/";
image =
"https://media.giphy.com/media/NipFetnQOuKhW/giphy.gif";
}
{
label = "redacted";
href = "https://redacted.ch/";
image =
"https://media.giphy.com/media/ku5EcFe4PNGWA/giphy.gif";
}
{
label = "Cups";
href = "http://localhost:631/";
image =
"https://media.giphy.com/media/7hU7x4GPurk2c/giphy.gif";
}
];
}
{
text = "NixOS Links";
items = [
{
label = "NixOS Manual";
href = "https://nixos.org/nixos/manual/";
image =
"https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
}
{
label = "Nixpkgs Manual";
href = "https://nixos.org/nixpkgs/manual/";
image =
"https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
}
{
label = "NixOS Reference";
href =
"https://storage.googleapis.com/files.tazj.in/nixdoc/manual.html#sec-functions-library";
image =
"https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
}
{
label = "Nix Packages";
href = "https://nixos.org/nixos/packages.html";
image =
"https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif";
}
{
label = "NixOS Language specific helpers";
href =
"https://nixos.wiki/wiki/Language-specific_package_helpers";
image =
"https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
}
{
label = "NixOS Weekly";
href = "https://weekly.nixos.org/";
image =
"https://media.giphy.com/media/lXiRLb0xFzmreM8k8/giphy.gif";
}
{
label = "NixOS Security";
href = "https://broken.sh/";
image =
"https://media.giphy.com/media/BqILAHjH1Ttm0/giphy.gif";
}
{
label = "NixOS RFCs";
href = "https://github.com/NixOS/rfcs/";
image =
"https://media.giphy.com/media/Uq9bGjGKg08M0/giphy.gif";
}
];
}
{ urlEncode = true; }
];
};
};
};
};
}

View file

@ -47,31 +47,10 @@ with lib; {
# needs to be on encrypted drives
# -------------------------------
private = {
enable = lib.mkDefault false;
#watch = lib.mkDefault false;
path = lib.mkDefault "/tmp/private";
devices = [ "chungus" "pepe" "cream" "sterni" "mobi" "bobi" ];
versioning = {
type = "simple";
params.keep = "10";
};
};
art = {
enable = lib.mkDefault false;
#watch = lib.mkDefault false;
path = lib.mkDefault "/tmp/art";
devices = [ "chungus" "pepe" "cream" "sterni" "bumba" ];
versioning = {
type = "simple";
params.keep = "2";
};
};
books = {
enable = lib.mkDefault false;
#watch = lib.mkDefault false;
path = lib.mkDefault "/tmp/books";
devices = [ "chungus" "robi" ];
devices = [ "chungus" "robi" "cream" "cherry" ];
versioning = {
type = "simple";
params.keep = "2";
@ -79,9 +58,8 @@ with lib; {
};
password-store = {
enable = lib.mkDefault false;
#watch = lib.mkDefault false;
path = lib.mkDefault "/tmp/password-store";
devices = [ "chungus" "pepe" "cream" "sterni" "mobi" "bobi" "cherry" ];
devices = [ "chungus" "cream" "sterni" "mobi" "bobi" "cherry" ];
versioning = {
type = "simple";
params.keep = "10";
@ -89,64 +67,23 @@ with lib; {
};
desktop = {
enable = lib.mkDefault false;
#watch = lib.mkDefault false;
path = lib.mkDefault "/tmp/desktop";
devices = [ "chungus" "pepe" "cream" "sterni" "mobi" "bobi" "cherry" ];
devices = [ "chungus" "cream" "sterni" "mobi" "bobi" "cherry" ];
};
finance = {
enable = lib.mkDefault false;
#watch = lib.mkDefault false;
path = lib.mkDefault "/tmp/finance";
devices = [ "chungus" "pepe" "cream" "sterni" "mobi" "bobi" ];
versioning = {
type = "simple";
params.keep = "10";
};
};
fotos = {
enable = lib.mkDefault false;
#watch = lib.mkDefault false;
path = lib.mkDefault "/tmp/fotos";
devices = [ "chungus" "pepe" ];
versioning = {
type = "simple";
params.keep = "10";
};
};
# no need to be stored on encrypted drives
# ----------------------------------------
lost-fotos = {
enable = lib.mkDefault false;
#watch = lib.mkDefault false;
path = lib.mkDefault "/tmp/lost-fotos";
devices = [ "chungus" "pepe" "robi" ];
versioning = {
type = "simple";
params.keep = "10";
};
};
#media = {
# enable = lib.mkDefault false;
# watch = lib.mkDefault false;
# devices = [ "chungus" "pepe" "robi" ];
#};
music-projects = {
enable = lib.mkDefault false;
id = "acfhu-r4t4f";
path = lib.mkDefault "/tmp/lost-fotos";
#watch = lib.mkDefault false;
devices = [ "chungus" "pepe" "cream" "sterni" "robi" ];
devices = [ "chungus" "cream" "sterni" "mobi" "bobi" ];
versioning = {
type = "simple";
params.keep = "10";
};
};
# todo remove if zfs is is used
nextcloud_backup = {
enable = lib.mkDefault false;
#watch = lib.mkDefault false;
path = lib.mkDefault "/tmp/lost-fotos";
devices = [ "chungus" "pepe" "robi" ];
devices = [ "chungus" "robi" ];
versioning = {
type = "simple";
params.keep = "2";

View file

@ -23,6 +23,8 @@ with lib;
environment.systemPackages = [
pkgs.ranger # datei browser
pkgs.retry # retry command till success
pkgs.silver-searcher
pkgs.treefmt
];
};
}

View file

@ -8,6 +8,7 @@ with lib;
bind.dnsutils
nmap
hexyl
ipcalc
units
];
@ -25,7 +26,7 @@ with lib;
joplin-desktop
#yt-dlp
evince
];
})
];

View file

@ -15,6 +15,7 @@ with pkgs;
init.defaultBranch = "main";
pull.ff = "only";
};
diff-so-fancy.enable = true;
};
@ -27,13 +28,6 @@ with pkgs;
gitAndTools.gitflow
gitAndTools.gitSVN
gitAndTools.git2cl
# merge tools
meld
# activate using :
# git config --global core.pager "diff-so-fancy | less --tabs=4 -RFX"
gitAndTools.diff-so-fancy
];
}

View file

@ -16,7 +16,7 @@ let
/dev/shm/background.png && \
${pkgs.imagemagick}/bin/convert /dev/shm/background.png \
-font ${pkgs.ubuntu_font_family}/share/fonts/ubuntu/UbuntuMono-B.ttf \
-gravity Center -pointsize 30 -annotate 0 '+${osConfig.networking.hostName}' \
-gravity Center -pointsize 30 -annotate 0 '${osConfig.networking.hostName}' \
/dev/shm/background_with_text.png && \
${pkgs.feh}/bin/feh --bg-scale /dev/shm/background_with_text.png
'';
@ -126,7 +126,9 @@ in
enable = true;
};
xsession.windowManager.i3 = {
xsession = {
enable = true;
windowManager.i3 = {
enable = true;
extraConfig = ''
default_border pixel
@ -299,6 +301,7 @@ in
};
};
};
};
# notification tool
services.dunst = {

View file

@ -143,8 +143,15 @@ with lib;
unstable.mdbook
nodePackages.prettier
shfmt
black
pre-commit
nixpkgs-fmt
treefmt
] ++ (map pandocScript (lib.cartesianProductOfSets {
inputFormat = [ "man" "markdown" "mediawiki" ];
inputFormat = [ "man" "markdown" "mediawiki" "asciidoc" ];
outputFormat = [ "mediawiki" "docbook5" "html5" "man" "jira" "markdown" ];
}));

View file

@ -20,6 +20,7 @@ in
(nextcloudSync "Pictures")
(nextcloudSync "Unterlagen")
(nextcloudSync "Nähen")
(nextcloudSync "NähenTina")
(nextcloudSync "Video")
(nextcloudSync "Kunstbuch")
(nextcloudSync "AWS-SolutionArchitect-Professional")

View file

@ -5,7 +5,7 @@
# last system packages that need to be migrated to components
../../system/all/borg-jobs.nix
../../system/all/syncthing.nix
#../../system/all/syncthing.nix
../../system/server/netdata.nix
../../modules

View file

@ -3,9 +3,13 @@
imports = [
../../components
../../system/desktop
# last system packages that need to be migrated to components
../../system/all/borg-jobs.nix
#../../system/all/syncthing.nix
../../system/server/netdata.nix
../../modules
../../components
./hardware-configuration.nix

View file

@ -10,4 +10,18 @@
ed25519PrivateKeyFile = config.sops.secrets.tinc_retiolum_ed25519_key.path;
rsaPrivateKeyFile = config.sops.secrets.tinc_retiolum_rsa_key.path;
};
fileSystems."/retiolum/sicily" = {
device = "//sicily.r/tonne";
fsType = "cifs";
options = [
"guest"
"nofail"
"noauto"
"ro"
"rsize=16777216"
"cache=loose"
"x-systemd.after=network.target"
];
};
}

View file

@ -4,7 +4,7 @@
../../system/all/nginx.nix
../../system/all/borg-jobs.nix
../../system/all/defaults.nix
../../system/all/syncthing.nix
#../../system/all/syncthing.nix
../../system/server/netdata.nix
../../system/server/packages.nix

View file

@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }: {
imports = [ ../../system/all/syncthing.nix ];
#imports = [ ../../system/all/syncthing.nix ];
sops.secrets.syncthing_cert = { };
sops.secrets.syncthing_key = { };

View file

@ -4,7 +4,7 @@
../../system/all/nginx.nix
../../system/all/borg-jobs.nix
../../system/all/defaults.nix
../../system/all/syncthing.nix
#../../system/all/syncthing.nix
../../system/server/netdata.nix
../../system/server/packages.nix

View file

@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }: {
imports = [ ../../system/all/syncthing.nix ];
# imports = [ ../../system/all/syncthing.nix ];
sops.secrets.syncthing_cert = { };
sops.secrets.syncthing_key = { };

View file

@ -7,21 +7,12 @@
./defaults.nix
# needed
#<home-manager/nixos>
# cross-compiling
#<cleverca22/qemu.nix>
./grub.nix
#./networking-qos.nix
./nginx-landingpage.nix
./nginx.nix
./packages.nix
./borg-jobs.nix
./borg-scripts.nix
./syncthing.nix
./on-failure.nix
];

View file

@ -1,14 +1,9 @@
{ config, pkgs, lib, ... }: {
imports = [
../all
#./packages.nix
#./yubikey.nix
];
#components.network.sshd.onlyTincAccess = lib.mkDefault true;
backup.dirs = [
"${config.users.users.mainUser.home}/.config/noti"
"${config.users.users.mainUser.home}/.password-store"

View file

@ -1,313 +0,0 @@
{ pkgs, config, lib, ... }:
with lib;
let
library = import ../../library { inherit pkgs lib; };
allLicenses =
let
licenses = builtins.map
(license: "echo '${license.shortName} : ${license.fullName}'")
(builtins.attrValues pkgs.lib.licenses);
in
pkgs.writers.writeBashBin "all-licenses"
(lib.concatStringsSep "\n" licenses);
#joplin = pkgs.joplin-desktop;
joplin = pkgs.unstable.joplin-desktop;
#joplin = pkgs.writers.writeBashBin "joplin" ''
# if [[ ! -x "$HOME/programs/Joplin.AppImage" ]]
# then
# echo "$HOME/programs/Joplin.AppImage does not exist or is not executable";
# exit 1
# fi
# exec ${pkgs.appimage-run}/bin/appimage-run "$HOME/programs/Joplin.AppImage"
#'';
parseUrl = pkgs.writers.writeBashBin "parseUrl" ''
echo "$@" | \
${pkgs.jq}/bin/jq --raw-input --raw-output '
def parseURL: capture( "^((?<scheme>[^:/?#]+):)?(//(?<authority>(?<domain>[^/?#:]*)(:(?<port>[0-9]*))?))?((?<path>[^?#]*)\\?)?((?<query>([^#]*)))?(#(?<fragment>(.*)))?");
parseURL
'
'';
parseAndCopyLink = pkgs.writers.writeBashBin "parseAndCopyLink" ''
${parseUrl}/bin/parseUrl "$@" | \
${pkgs.jq}/bin/jq --raw-output '"\(.scheme)://\(.domain)\(.path)"' | \
${pkgs.xclip}/bin/xclip
'';
replaceLinks = pkgs.writers.writeBashBin "replace-link-with-content" # sh
''
if [ ! -L "$1" ]
then
echo "$1 does not exist or is not a file"
exit 1
fi
cp -rL "$1" "$1.backup"
unlink "$1"
mv "$1.backup" "$1"
'';
connectToSpeaker = name: id:
pkgs.writeShellScriptBin "connect-to-speaker-${name}" # sh
''
# hacky script because I have problems with
# automatically connecting to trusted bluetooth devices.
echo "Connect to Speaker ${name}"
bluetoothctl <<EOF
power on
agent on
scan on
connect ${id}
EOF
'';
disconnectToSpeaker = name: id:
pkgs.writeShellScriptBin "disconnect-from-speaker-${name}" # sh
''
# hacky script because I have problems with
# automatically connecting to trusted bluetooth devices.
echo "Disconnect from Speaker ${name}"
bluetoothctl <<EOF
disconnect ${id}
scan off
agent off
power off
EOF
'';
borrow = pkgs.writers.writeDashBin "borrow" # sh
''
TERM=xterm-mono ${pkgs.hledger-ui}/bin/hledger-ui --file ~/finance/.hledger-borrow "$@"
'';
bank-report = pkgs.writers.writeDashBin "bank-report" # sh
''
${pkgs.hledger}/bin/hledger --file ~/finance/hledger/all.journal balance -M -B date:$(date +%Y-%m -d 'last year')..
${pkgs.hledger}/bin/hledger --file ~/finance/hledger/all.journal balance -M -B date:$(date +%Y-%m -d 'last year').. --depth 1
'';
bank = pkgs.writers.writeDashBin "bank" # sh
''
${pkgs.hledger-ui}/bin/hledger-ui --color=never --file ~/finance/hledger/all.journal
'';
bank-old = year:
pkgs.writers.writeDashBin "bank-${year}" # sh
''
TERM=xterm-mono ${pkgs.hledger-ui}/bin/hledger-ui --color=never --file ~/finance/hledger/${year}.journal "$@"
'';
irc = pkgs.writers.writeDashBin "irc" # sh
''
${pkgs.mosh}/bin/mosh workhorse.private -- sudo -u weechat -- screen -rd
'';
insertCopyq = pkgs.writers.writeDashBin "insertCopyq" # sh
''
${pkgs.copyq}/bin/copyq read 0 | ${pkgs.xdotool}/bin/xdotool type -f -
'';
isoToUtf8 = pkgs.writers.writeBashBin "iso-to-utf8" ''
input="$1"
TMP=$(mktemp)
${pkgs.glibc.bin}/bin/iconv -f ISO-8859-1 "$input" -t UTF-8 -o "$TMP"
mv "$TMP" "$input"
'';
in
{
# gnupg setup
#programs.gnupg.agent.enable = true;
#programs.gnupg.agent.enableSSHSupport = true;
#programs.gnupg.agent.enableExtraSocket = true;
environment.systemPackages = with pkgs;
[
uget
joplin
(library.desktopFile joplin { longName = "Joplin"; })
zim
#antimony
#(library.desktopFile antimony { longName = "CAD Software"; command = "antimony"; })
parted
insertCopyq
(library.desktopFile insertCopyq {
longName = "type what is on top of the copyq";
command = "insertCopyq";
})
isoToUtf8
hledger
hledger-ui
borrow
bank
bank-report
(bank-old "2021")
(bank-old "2020")
irc
man-pages
emo
(library.desktopFile emo {
longName = "Emoji Inserter";
command = "emoticons";
})
bat
zlib # ???
cabal-install
ghc
cabal2nix
psmisc # contains killall
pmount
nix-prefetch-scripts
ipcalc
nmap
libreoffice
hunspell
hunspellDicts.de-de
hunspellDicts.en-us
aspell
aspellDicts.de
aspellDicts.en
aspellDicts.es
translate-shell
borgbackup
gpa
gnupg
sshuttle
sshfs
mosh
dosfstools
copyq
# radio-dj
cups
xfe # filemanager
evince
nsxiv
(library.desktopFile sxiv {
longName = "Image Viewer";
command = "sxiv";
})
calibre
transmission-remote-gtk
mpv
# cantata
ncmpcpp
# dino # jabber client
nixos-generators
shellcheck
bind.dnsutils
usbutils
hexyl
testssl
trash-cli
nixpkgs-review
units
hub # for github
(writeShellScriptBin "ingdiba-security" ''
first=$1
second=$2
if [[ $# -ne 2 ]]
then
echo "need 2 arguments"
exit 1
fi
pass bank/ingdiba/security_key | cut -c$first,$second
'')
(writeShellScriptBin "ingdiba-tans" ''
first=$1
if [[ $# -ne 1 ]]
then
echo "need 1 arguments"
exit 1
fi
pass bank/ingdiba/tans-01 | cut -f$first -d '
'
'')
nix-index
ffmpeg
(writeShellScriptBin "shrink-exports"
(fileContents ../../assets/shrink_exports))
(writeShellScriptBin "music-making"
(fileContents ../../assets/music-making.sh))
replaceLinks
youtube-dl
# temperature
s-tui
(pkgs.writers.writeDashBin "temperature" ''
${pkgs.s-tui}/bin/s-tui
'')
powertop
(pkgs.writers.writeBashBin "youtube-download-music" ''
${pkgs.youtube-dl}/bin/youtube-dl \
--extract-audio \
--audio-format vorbis \
--audio-quality 0 \
"$@"
'')
allLicenses
dogdns
memo
nixfmt
dateutils
parseUrl
parseAndCopyLink
# needed for pycairo (in venv)
pkgconf
cairo
wireshark
];
}

View file

@ -1,11 +0,0 @@
{ config, lib, pkgs, ... }: {
programs.custom.zsh.mainUser = config.users.users.mainUser.name;
system.custom.mainUser = {
enable = true;
userName = lib.mkDefault "palo";
authorizedKeyFiles =
config.users.users.root.openssh.authorizedKeys.keyFiles;
};
}