new control groups

derek user
webref migrated to module
2026-01-16 09:53:02 -06:00 · 2026-01-16 09:53:02 -06:00 · 2026-01-16 09:53:02 -06:00
7 changed files with 57 additions and 23 deletions
--- a/config/base.nix
+++ b/config/base.nix
@@ -66,6 +66,8 @@
    groups = {
      users.gid = 100;
      piracy.gid = 985;
+      core.gid = 1251;
+      glue.gid = 6969;
    };
  };
  nixpkgs.config = {
--- a/config/derek.nix
+++ b/config/derek.nix
@@ -0,0 +1,47 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  sops.secrets = lib.mkIf config.my.secureHost {
+    derek-password.neededForUsers = true;
+  };
+  services = {
+    tailscale.enable = true;
+    sunshine = {
+      enable = true;
+      autoStart = true;
+      capSysAdmin = true;
+      openFirewall = true;
+
+    };
+  };
+  users.users.bearded_dragonn = {
+    isNormalUser = true;
+    createHome = true;
+    hashedPasswordFile = config.sops.secrets.derek-password.path;
+    packages = builtins.attrValues {
+      inherit (pkgs)
+        davinci-resolve
+        shotcut
+        pitivi
+        bottles
+        vscode
+        nextcloud-client
+        firefox
+        warp
+        ;
+      inherit (pkgs.kdePackages)
+        kdenlive
+        ;
+    };
+    extraGroups = [
+      "audio"
+      "video"
+      "input"
+      "games"
+    ];
+  };
+}
--- a/config/jawz.nix
+++ b/config/jawz.nix
@@ -61,6 +61,8 @@ in
      "scanner"
      "lp"
      "piracy"
+      "core"
+      "glue"
      "kavita"
      "video"
      "docker"
--- a/hosts/workstation/configuration.nix
+++ b/hosts/workstation/configuration.nix
@@ -22,6 +22,7 @@ in
    ../../config/base.nix
    ../../config/stylix.nix
    ../../environments/gnome.nix
+    ../../config/derek.nix
  ];
  my = import ./toggles.nix { inherit inputs; } // {
    nix.cores = 8;
@@ -143,27 +144,7 @@ in
      acceleration = "cuda";
      models = "/srv/ai/ollama";
    };
-    postgresql = {
-      enable = true;
-      package = pkgs.postgresql_17;
-      enableTCPIP = true;
-      authentication = pkgs.lib.mkOverride 10 ''
-        local   all    all                                 trust
-        host    all    all    ${config.my.localhost}/32    trust
-        host    all    all    ::1/128                      trust
-      '';
-      ensureDatabases = [ "webref" ];
-      ensureUsers = [
-        {
-          name = "webref";
-          ensureDBOwnership = true;
-        }
-      ];
-    };
  };
-  programs.virt-manager.enable = true;
-  users.groups.libvirtd.members = [ "jawz" ];
-  virtualisation.libvirtd.enable = true;
  systemd.services.minio-init = {
    description = "Initialize MinIO buckets";
    after = [ "minio.service" ];
--- a/modules/servers/postgres.nix
+++ b/modules/servers/postgres.nix
@@ -41,6 +41,7 @@ let
    "gitea"
    "atticd"
    "keycloak"
+    "webref"
  ];
 in
 {
--- a/modules/servers/stash.nix
+++ b/modules/servers/stash.nix
@@ -37,7 +37,7 @@ in
    };
    services.stash = {
      inherit (cfg) enable;
-      group = "piracy";
+      group = "glue";
      mutableSettings = true;
      username = "Suing8150";
      passwordFile = config.sops.secrets."stash/password".path;
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -1,4 +1,5 @@
 jawz-password: ENC[AES256_GCM,data:j5qya2z9bDESQopcBpLBktyBvIuplbq3Ql4TovdAF1BIJHcf4CAjFuCStW0axFEOST6bgJwhcZZvK4rWUyoS47eaFDp2lkiQnQ==,iv:GNEA8v0NR+PGe4yvlm4V6tTJD5NmlswRPH7JnQJUyLk=,tag:dpxDK88cAJSk+XdFF2mDww==,type:str]
+derek-password: ENC[AES256_GCM,data:gMX5fWnfYYUOArD6YJeyTgSHqE2KFKvTU2zNqr4YkEZx443zGYajRcuE4QRx1HXY71r/sipWpIURntBQrCksDy4rEtpKuHMeQdTfZWp5dSZU7oHcLr9MEr86kgMArFpaIELdNNprbS7Tqw==,iv:6kWIXFMNiH3Z2tAPVtylWYF+v8qeKVzk37fIpBQ486E=,tag:Akik/1gUm1R4zcGdSLWKag==,type:str]
 smtp-password: ENC[AES256_GCM,data:Reb6wDlZivAn5DVI2swNfQ==,iv:ZT4QvFXYmgFl1Ut07Yic1qnA8JvapSTfKw2DPCoQMEU=,tag:A5jIqUrmUwROS/LKbsahsQ==,type:str]
 nextcloud-adminpass: ENC[AES256_GCM,data:g0bnifEbMykPBVwMF14EhT/RWGsnEzJ6sXXmxSJ6kIVDeRr8XVRbFzusxlxAOOlseVwPT6e4Ad8=,iv:Gy0LwUNCw8gnqlwk91qguSEeufIJDtaqNNLX1vZp7vA=,tag:y8H42B1rue0X7/4nG/Whsw==,type:str]
 firefly-iii-keyfile: ENC[AES256_GCM,data:HTifd3/5apa9f0RiOh33aRRoVkRskgo/2FV9S01wQSEmKFLg2M9gNNFm6gv2/WCQvNc1,iv:4yLIQQkfqhLixQtAOsbQePNlKOrU2p6Dqw9aLPDoJrM=,tag:uSbAMCy4FWRMU+QhExAE2w==,type:str]
@@ -51,7 +52,7 @@ sops:
            RmRyZldlMjUwMEdUUEpDS2JSa2tDTTAKp/pT+0cNnCuKVL+Z0fEMiw1PL9PB/nSM
            QWVTo0Mt8Y6X0Xt0EAi9G5AYxADZ/mmEWPxB7RFgVAiMKtor5Gy1zw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-12-26T08:13:55Z"
-    mac: ENC[AES256_GCM,data:hZoOrRraR1qg/w6dEseP1sbJxxLBtWIw+hTV6TUQHlA9vCfrLEDlAlMZBNoTx1ijHz0Q22sV39j3ON+PBqfRRqxWr7nynYDZ7zk9rtVlW4xPTqIBusU+lHTFC7MSMfPn7bhTQ0h3QPHtTF778WIbgNYjEIXda4rlmrnc0bLdFA8=,iv:2a1M8KUtEj0rMuJsyu3WyEYdzeKw+VkDDZFsyU00XuM=,tag:vXw2+za466Olq05HJPOYdQ==,type:str]
+    lastmodified: "2026-01-16T15:38:39Z"
+    mac: ENC[AES256_GCM,data:4xaoGvLq1UIdozNqQ7v+pORVPDCk+FZRsCRvZ3C5AZOwSaM+UfDYZcI32AI0K80yFyhVIrrjqylykvXghbpQGAju3mv7+7Tbn5p2gqXrB/m1FuyVe/ftw7SSn8FTGL14cdHuPPkQTvV/u7z1IfX4YAOEGqtWiEfOe4YoWT3xc3A=,iv:dygbKjQ0ljgBPyk2aEIa/Mpbs/At+UzuhYy8Sndx/nk=,tag:jYbROlRxeDxqF1YqrBGL8A==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.11.0
Author	SHA1	Message	Date
Danilo Reyes	597f9ee5b8	new control groups	2026-01-16 09:53:02 -06:00
Danilo Reyes	d4c7ea8742	derek user	2026-01-16 09:53:02 -06:00
Danilo Reyes	f630e1483b	webref migrated to module	2026-01-16 09:53:02 -06:00