change pub key management again, centralize users, start to modularize lenovo conf

2025-12-31 02:28:00 +01:00
parent 42a93f042e
commit 4b8882d82d
9 changed files with 114 additions and 82 deletions
--- a/machines/lenovo/configuration.nix
+++ b/machines/lenovo/configuration.nix
@@ -1,11 +1,14 @@
 {
  config,
  lib,
-  pkgs,
  modulesPath,
  machine,
  ...
 }: {
+  imports = [
+    ./impermanence.nix
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
  age.secrets = {
    secret0.file = ../../secrets/secret0.age;
    secret1.file = ../../secrets/secret1.age;
@@ -14,48 +17,6 @@
    efi.canTouchEfiVariables = true;
    systemd-boot.enable = true;
  };
-  environment.persistence."/nix/persist" = {
-    enable = true;
-    hideMounts = true;
-    directories = [
-      "/var/log"
-      "/var/lib/bluetooth"
-      "/var/lib/nixos"
-      "/var/lib/systemd/coredump"
-      "/etc/NetworkManager/system-connections"
-      "/etc/ssh"
-    ];
-    files = [
-      "/etc/machine-id"
-      "/etc/ly/save.txt"
-    ];
-    users."andromeda" = {
-      directories = [
-        ".backups"
-        ".local/share/Anki2"
-        ".local/share/chat.fluffy.fluffychat"
-        ".local/share/zoxide"
-        ".ssh"
-        "conf"
-        "Downloads"
-        "pp"
-      ];
-      files = [
-        ".bash_history"
-        ".brush_history"
-      ];
-    };
-    users."mtgmonkey" = {
-      directories = [
-        ".local/share/zoxide"
-        ".ssh"
-      ];
-      files = [
-        ".bash_history"
-        ".brush_history"
-      ];
-    };
-  };
  hardware.bluetooth = {
    enable = true;
    powerOnBoot = true;
@@ -95,28 +56,6 @@
  };
  system.stateVersion = "26.05";
  time.timeZone = "Europe/Berlin";
-  users.users."andromeda" = {
-    isNormalUser = true;
-    description = "andromeda";
-    hashedPasswordFile = builtins.toString config.age.secrets.secret0.path;
-    extraGroups = [
-      "networkmanager"
-      "wheel"
-    ];
-  };
-  users.users."mtgmonkey" = {
-    isNormalUser = true;
-    description = "mtgmonkey";
-    hashedPasswordFile = builtins.toString config.age.secrets.secret1.path;
-    extraGroups = [
-      "networkmanager"
-      "wheel"
-    ];
-  };
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
-
  boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "sdhci_pci"];
  boot.initrd.kernelModules = [];
  boot.kernelModules = ["kvm-intel"];